From taz at taz-mania.com Thu Jun 1 00:01:20 2006 From: taz at taz-mania.com (Dennis Willson) Date: Thu Jun 1 00:01:26 2006 Subject: Another call for improvements In-Reply-To: <447D97C7.2080805@enitech.com.au> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D8FC3.5040005@elirion.net> <447D59A5.B662.0038.0@tac.esi.net> <447D97C7.2080805@enitech.com.au> Message-ID: <447E2040.4090009@taz-mania.com> Can't you use mailwatch? Pete Russell wrote: > > Love to see a tool that really easily allows us exchange/outlook users > to provide a service to end users to be able to forward spam that does > get through to a SPAM or NOT SPAM mailbox that is auto sa-learned -- ---------------------------------- Dennis Willson mailto:taz@taz-mania.com http://www.taz-mania.com Owner / Operator, Kepnet Internet Services -------------- next part -------------- A non-text attachment was scrubbed... Name: taz.vcf Type: text/x-vcard Size: 219 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060531/19d60d01/taz.vcf From lshaw at emitinc.com Thu Jun 1 00:02:07 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Thu Jun 1 00:02:15 2006 Subject: Question about whitelisting a domain In-Reply-To: <1149115016.447e1a88c7c0d@webmail.northcarolina.edu> References: <1149115016.447e1a88c7c0d@webmail.northcarolina.edu> Message-ID: On Wed, 31 May 2006, jchezny@northcarolina.edu wrote: > Can any one help me determine why one domain out of twelve is not whitelisted; > even though this domain is listed in the 'Whitelist for Mailwatch'? Perhaps there is something different about it compared to the other 11 of them... :-) - Logan From Jeff.Mills at versacold.com.au Thu Jun 1 00:13:07 2006 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Thu Jun 1 00:13:12 2006 Subject: Another call for improvements Message-ID: <197F21E06E4D2A478519EA9078D6AA1C01B0AF11@poclexch.AU.POCOLD.POCL> I have created a public Folder on the exchange box for spam where users have access to drop emails, but not view the contents of the folder. I then run a script every hour where my MailScanner box connects to the public folder and learns from the mail in there. Once a week I run a script to clear the contents of the folder. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Dennis > Willson > Sent: Thursday, 1 June 2006 9:01 AM > To: MailScanner discussion > Subject: Re: Another call for improvements > > > Can't you use mailwatch? > > Pete Russell wrote: > > > > > Love to see a tool that really easily allows us > exchange/outlook users > > to provide a service to end users to be able to forward > spam that does > > get through to a SPAM or NOT SPAM mailbox that is auto sa-learned > > > -- > > ---------------------------------- > Dennis Willson > mailto:taz@taz-mania.com > http://www.taz-mania.com > > Owner / Operator, Kepnet Internet Services > > > > *** "This company is now part of the Versacold Holdings Corp. and is no longer owned by or affiliated with the P&O Group" *** Please update your address books: Was: firstname.lastname@pocold.com.au Now: firstname.lastname@versacold.com.au ************** www.versacold.com ************** From taz at taz-mania.com Thu Jun 1 00:18:15 2006 From: taz at taz-mania.com (Dennis Willson) Date: Thu Jun 1 00:18:18 2006 Subject: Another call for improvements In-Reply-To: <447E2040.4090009@taz-mania.com> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D8FC3.5040005@elirion.net> <447D59A5.B662.0038.0@tac.esi.net> <447D97C7.2080805@enitech.com.au> <447E2040.4090009@taz-mania.com> Message-ID: <447E2437.7040108@taz-mania.com> I would like the configuration file to be put into a database (optionally). If there's an option in the config file that is the name of the file that does database accesses for the configuration information then it ignores the rest of the file and begins to call that function to get the configuration information. This would make keeping multiple copies of MailScanner correctly sync'ed up much easier and allow an extension of MailWatch to make configuration changes. ---------------------------------- Dennis Willson mailto:taz@taz-mania.com http://www.taz-mania.com Owner / Operator, Kepnet Internet Services -------------- next part -------------- A non-text attachment was scrubbed... Name: taz.vcf Type: text/x-vcard Size: 219 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060531/8d7007e7/taz.vcf From mauriciopcavalcanti at hotmail.com Thu Jun 1 00:45:55 2006 From: mauriciopcavalcanti at hotmail.com (Mauricio) Date: Thu Jun 1 00:46:56 2006 Subject: Best way to test links? In-Reply-To: <200605022346.k42NkYgd011027@bkserver.blacknight.ie> Message-ID: Hi, I have a phishing problem that is getting me crazy. I send a HTML e-mail with a link to http://localhost/eicar.com or another link with virus (.cmd or .pif). I?m running apache in MS and put eicar in apache root directory. I?ve tested all links with wget in MS server and I get all of them. I tried to use MS with clamav with feature ?mail-follow-urls? but my message is still passing thought MS. What it?s wrong? What is the best way to test links inside html file? Thanks in advance, Mauricio. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060531/d6c4b109/attachment.html From gmane at tippingmar.com Thu Jun 1 01:18:00 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Thu Jun 1 01:18:15 2006 Subject: Another call for improvements In-Reply-To: <447CB0F3.5070401@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > Any of you got any features which you really need? > I don't guarantee to implement them, or even consider them :-) > > Is there currently a way to have the installation scripts create a log file so we can see what happened if things don't work out? Mark Nienberg From mikej at rogers.com Thu Jun 1 02:03:45 2006 From: mikej at rogers.com (Mike Jakubik) Date: Thu Jun 1 02:03:41 2006 Subject: Deleting blacklisted items (instead of storing) In-Reply-To: <447E1DD2.7070703@blacknight.ie> References: <447E1B54.3090600@rogers.com> <447E1DD2.7070703@blacknight.ie> Message-ID: <447E3CF1.5080000@rogers.com> Michele Neylon:: Blacknight.ie wrote: > Mike Jakubik wrote: > >> I have my lows scoring spam set to store, and high to delete. Whenever a >> message is received that is blacklisted it is stored. Is there any way >> to setup MS to delete blacklisted items? >> >> > What do you mean by blacklisted? Your personal blacklist or listed in a > DNSBL? > > The MS blacklist, is there any other kind? From alden at engineno9inc.com Thu Jun 1 04:23:06 2006 From: alden at engineno9inc.com (Alden Levy) Date: Thu Jun 1 04:23:14 2006 Subject: Use TNEF Contents problem Message-ID: <001701c6852a$b32e3b70$6c00a8c0@AldenLap> Nope. Haven't had a chance, yet. As luck would have it, my host's name servers were down for hours yesterday, so I had to deal with that. If anyone else has tried, please let me know. Thanks, Alden From: Julian Field ecs.soton.ac.uk> Subject: Re: Use TNEF Contents problem Newsgroups: gmane.mail.virus.mailscanner Date: 2006-05-30 20:36:19 GMT Have you tried TNEF Contents = add ? It's quite possible that Outlook-only features may be mis-rendered by Outlook when the Outlook features are replaced. This may be a good reason to change the default to TNEF Contents = add What does anyone else think of this setting? Alden Levy wrote: > MS version 4.54.6, FC2 > > I just found out that if you set Use TNEF Contents = replace, instead of = > no, vCards will not be properly rendered by Outlook. > > This may be known by many of you, but I just wanted to highlight it for > those of us who didn't. > > Regards, > Alden > > Alden Levy > Engine No. 9, Inc. > 130 W. 57th Street, Suite 2F > New York, NY 10019 > (212) 981-1122 > (212) 504-9598 fax > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From brad at beckenhauer.com Thu Jun 1 05:56:16 2006 From: brad at beckenhauer.com (Brad Beckenhauer) Date: Thu Jun 1 05:56:51 2006 Subject: Another call for improvements References: UID63431-1101139125 Message-ID: <20060531T235616Z_A9B700000000@beckenhauer.com> Requests/ideas: 1) Add Variables for the default filetype and filename conf files in MailScanner.conf. This allows for easier concatenation of multiple rulesets in the rules directory. Example: mailscanner.conf: # Set location of the default filetype rules %def-ft-rules% = %etc-dir%/filetype.rules.conf # Set location of the default filename rules %def-fn-rules% = %etc-dir%/filename.rules.conf This allows the following to be used: rules/filename.rules: FromOrTo: *@domain1.tld %rules-dir%/sites/domain1.tld/filename.rules.conf %def-fn-rules% FromOrTo: *@domain2.tld %rules-dir%/sites/domain2.tld/filename.rules.conf %def-fn-rules% FromOrTo: default %def-fn-rules% # Default filename ruleset rules/filetype.rules: FromOrTo: *@domain1.tld %rules-dir%/sites/domain1.tld/filetype.rules.conf %def-ft-rules% FromOrTo: *@domain2.tld %rules-dir%/sites/domain2.tld/filetype.rules.conf %def-ft-rules% FromOrTo: default %def-ft-rules% # Default filetype ruleset 2) review MailScanner.conf. There are several options that do not state what the available valid options. Obviously this does not apply to all options. example: # valid options: [yes], [no] or [filename of a ruleset] Content Modify Subject = yes 3) See http://www.archlinux.org/~simo/archstats/ This is a volunteer program with anonymous system information. It would be interesting to have MailScanner collect similiar info. MS could even collect information as to what percentage of the user base is using the defaults settings for an given option. example... Whats's the min/max/average and mode of the "Required SpamAssassin Score". >>> Julian Field 5/30/2006 3:54:11 PM >>> Any of you got any features which you really need? I don't guarantee to implement them, or even consider them :-) Anything you don't like, anything you particularly like (gratitude is always welcome :-) I'm a right sucker for it :-) At the moment there aren't any features people want, other than a 200% speed improvement which I've done my best for in the past. Don't ignore anything you have asked for in the past, consider them forgotten :-( Regards, Jules. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- Skipped content of type multipart/related From strydom.dave at gmail.com Thu Jun 1 06:04:15 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Thu Jun 1 06:04:17 2006 Subject: Another call for improvements In-Reply-To: <447E2437.7040108@taz-mania.com> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D8FC3.5040005@elirion.net> <447D59A5.B662.0038.0@tac.esi.net> <447D97C7.2080805@enitech.com.au> <447E2040.4090009@taz-mania.com> <447E2437.7040108@taz-mania.com> Message-ID: On 6/1/06, Dennis Willson wrote: > > I would like the configuration file to be put into a database > (optionally). If there's an option in the config file that is the name > of the file that does database accesses for the configuration > information then it ignores the rest of the file and begins to call that > function to get the configuration information. This would make keeping > multiple copies of MailScanner correctly sync'ed up much easier and > allow an extension of MailWatch to make configuration changes. > > ---------------------------------- > Dennis Willson > mailto:taz@taz-mania.com > http://www.taz-mania.com > > Owner / Operator, Kepnet Internet Services Although this may seem like a good idea, my only concern about something like this is that the chance of a mysql server crashing compared to a txt file crashing is hugly different. Also, is it not quicker to read from a txt file, than it would be to do sql queries? Dave From assooy at yahoo.com Thu Jun 1 07:07:31 2006 From: assooy at yahoo.com (ius) Date: Thu Jun 1 06:58:59 2006 Subject: quick rules question In-Reply-To: References: <1964AAFBC212F742958F9275BF63DBB03B14A2@winchester.andrewscompanies.com> <447B9A53.5050701@yahoo.com> Message-ID: <447E8423.40700@yahoo.com> Bahadir Kiziltan wrote: > What MTA do you use? In Postfix, I've managed to reject all mails from > a list by using "List-id" pattern shown in mail header. > > For Postfix, just add the following line to "header_checks" file and > restart the postfix... > > /^List-Id: $/ REJECT > > On 5/30/06, ius wrote: >> sandrews@andrewscompanies.com wrote: >> > Why not mailscanner's blacklist? >> > >> > -----Original Message----- >> > From: mailscanner-bounces@lists.mailscanner.info >> > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> Julian >> > Field >> > Sent: Monday, May 29, 2006 5:35 AM >> > To: MailScanner discussion >> > Subject: Re: quick rules question >> > >> > You should do that in your MTA. In sendmail it's the "access" >> database. >> > >> > ius wrote: >> > >> >> Dear experts, >> >> >> >> Quick question. I like to block a miling list from yahoo, for example >> >> : davincicrap@yahoogroups.com. How can i do that in MailScanner >> rules? >> >> >> >> >> >> Thanks a lot >> >> ius >> >> >> >> >> > >> > -- >> > Julian Field >> > www.MailScanner.info >> > Buy the MailScanner book at www.MailScanner.info/store Professional >> > Support Services at www.MailScanner.biz MailScanner thanks transtec >> > Computers for their support >> > >> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> > >> > >> > -- >> > This message has been scanned for viruses and dangerous content by >> > MailScanner, and is believed to be clean. >> > MailScanner thanks transtec Computers for their support. >> > >> > -- >> > MailScanner mailing list >> > mailscanner@lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> > >> > >> > -- >> > MailScanner mailing list >> > mailscanner@lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> > >> > >> > >> > >> yes .. I already do that. But i like to block the spesific yahoogroups >> name, not the user names. >> This is my rules : >> >> FromOrTo: >> *plucky=anything.com@returns.groups.yahoo.com yes >> FromOrTo: >> *bugsbunny=anything.com@returns.groups.yahoo.com yes >> FromOrTo: default no >> >> It blocks only users that joined any miling list in yahoogroups. Any >> other suggestions ? >> >> >> Thanks >> ius >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> I'm using sendmail. Thanks ius -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From res at ausics.net Thu Jun 1 07:55:10 2006 From: res at ausics.net (Res) Date: Thu Jun 1 07:55:20 2006 Subject: Another call for improvements In-Reply-To: <447D8FFA.9060507@elirion.net> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D8FFA.9060507@elirion.net> Message-ID: On Wed, 31 May 2006, Richard Siddall wrote: > Res wrote: >> Qmail Hash Directory Number = 23 > > I still haven't figured out why the Qmail code can't automatically > determine the number of hash directories. no need its been implimented so you dont need to change it :) all qmail testing ive done ive also use qmail settings on sendmail server to ensure it wont break or complian about anything > > Regards, > > Richard Siddall > > -- Cheers Res From res at ausics.net Thu Jun 1 08:14:40 2006 From: res at ausics.net (Res) Date: Thu Jun 1 08:14:47 2006 Subject: Another call for improvements In-Reply-To: <447DD429.2070906@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> <004201c68437$261f6fe0$010a000a@dorfam.ca> <447DD429.2070906@ecs.soton.ac.uk> Message-ID: On Wed, 31 May 2006, Julian Field wrote: >> > This is why I use syslog. You can configure different log levels with > /etc/syslog.conf. If you just log warn and above, you will only get error > messages and other warnings. Speaking of syslog... Is there any way we can have MailScanner continue to run if syslog barfs? rather than it just dying, I know its handy to know when syslog dies etc etc, but thats no good to anyone if it dies at 10pm and is not found until the hords of no mail complaints come in at 8am, leaving a nice queue of messages to process, thats cool if you get 100 messages overnight, but when you do 300-500 a minute, well, you do the maths on how large that queue will be by the time we find out :) -- Cheers Res From shuttlebox at gmail.com Thu Jun 1 08:23:31 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Jun 1 08:23:36 2006 Subject: Deleting blacklisted items (instead of storing) In-Reply-To: <447E1B54.3090600@rogers.com> References: <447E1B54.3090600@rogers.com> Message-ID: <625385e30606010023r40b23463j9dd04d60b89feffb@mail.gmail.com> On 6/1/06, Mike Jakubik wrote: > I have my lows scoring spam set to store, and high to delete. Whenever a > message is received that is blacklisted it is stored. Is there any way > to setup MS to delete blacklisted items? # Setting this to yes means that spam found in the blacklist is treated # as "High Scoring Spam" in the "Spam Actions" section below. Setting it # to no means that it will be treated as "normal" spam. # This can also be the filename of a ruleset. Definite Spam Is High Scoring = yes -- /peter From MailScanner at ecs.soton.ac.uk Thu Jun 1 08:47:06 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 1 08:47:21 2006 Subject: Another call for improvements In-Reply-To: <447DFDAF.5020405@nkpanama.com> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D8530.8040105@trayerproducts.com> <447DD3D3.90002@ecs.soton.ac.uk> <447DE844.2000803@nkpanama.com> <447DF336.2030106@ecs.soton.ac.uk> <447DF7B8.6040500@nkpanama.com> <447DFAB3.8060306@ecs.soton.ac.uk> <447DFDAF.5020405@nkpanama.com> Message-ID: <82B7D3C0-9551-44D7-9D8E-172BA3355C83@ecs.soton.ac.uk> On 31 May 2006, at 21:33, Alex Neuman van der Hans wrote: > Julian Field wrote: >> >> >> Alex Neuman van der Hans wrote: >>> Julian Field wrote: >>>>>> >>>>> Hold on... so spam isn't archived by the "archive mail" >>>>> function? I thought it was by design that "archive mail" went >>>>> before everything else, and so spam gets archived with it. Is >>>>> it different now? >>>> It gets archived into a "spam" subdirectory. Look. >>>> >>> >>> Ok, so to recap, if I have, for example: >>> >>> Archive Mail = %rules-dir%/archive.rules >>> >>> archive.rules: >>> >>> FromOrTo: default no >>> From: alex@nkpanama.com /home/backup/mail/outgoing/alex >>> To: alex@nkpanama.com /home/backup/mail/incoming/alex >>> >>> Spam Actions = attachment deliver header "X-Spam-Status: yes" >>> High Scoring Spam Actions = delete # no need to set header "X- >>> Spam-Status: yes" >>> Non Spam Actions = deliver header "X-Spam-Status: no" >>> >>> Where would the spam go? To the quarantine in a spam folder? >> Should do, yes. >> > What if I *don't* want to archive spam? Would I have to set up a > cron job to delete it? Yes. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu Jun 1 08:48:28 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 1 08:48:44 2006 Subject: Another call for improvements In-Reply-To: References: <200605312002.k4VK2mFc014583@bkserver.blacknight.ie> Message-ID: <14EA07C3-829C-4020-B79D-BA39EC521F54@ecs.soton.ac.uk> On 31 May 2006, at 21:34, Richard Westlake wrote: > Julian > Many thank for all the work you put into an excellent product. > > You asked for suggestions so here is mine. > > It would be useful if the init script you distribute could look in > a standard place for local customisations. I get the settings from /etc/sysconfig/MailScanner which is the standard place to fetch settings for an init.d script. I don't see why you should need to edit the init.d script at all. > This would save me merging my changes with your script when I > upgrade. I customised the scripts to start and stop extra services, > add additional command line arguments, change the behaviour of > existing command line arguments and perform some other site > specific actions. > The local customisation are in an extra file MailScanner.local > which the main script sources, however I still need to add the > hooks into your script when I upgrade. > > If you want I could send you my scripts, which show the hooks in > the main file and how the local customisations work. > > All the best, and thanks again for all your work > > > > Richard Westlake > > School of Crystallography, Birkbeck College, Malet Street, London > WC1E 7HX > Tel: 020-7631-6859 > ---------------------------------------------------------------------- > Truth endures but spelling changes -- Anon. > ---------------------------------------------------------------------- > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu Jun 1 08:49:27 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 1 08:50:00 2006 Subject: Deleting blacklisted items (instead of storing) In-Reply-To: <447E1B54.3090600@rogers.com> References: <447E1B54.3090600@rogers.com> Message-ID: <382EDB54-8953-47EB-9FE8-336870097CB0@ecs.soton.ac.uk> Look up Definite Spam Is High-Scoring = yes On 31 May 2006, at 23:40, Mike Jakubik wrote: > I have my lows scoring spam set to store, and high to delete. > Whenever a message is received that is blacklisted it is stored. Is > there any way to setup MS to delete blacklisted items? > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From dhawal at netmagicsolutions.com Thu Jun 1 09:11:31 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Jun 1 09:11:52 2006 Subject: Another call for improvements In-Reply-To: <447CB0F3.5070401@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: <447EA133.50508@netmagicsolutions.com> Julian Field wrote: > Any of you got any features which you really need? > I don't guarantee to implement them, or even consider them :-) > > Anything you don't like, anything you particularly like (gratitude is > always welcome :-) I'm a right sucker for it :-) > > At the moment there aren't any features people want, other than a 200% > speed improvement which I've done my best for in the past. > > Don't ignore anything you have asked for in the past, consider them > forgotten :-( Julian, 1. How about 'postconf -n' like support for mailscanner to see changed parameters in MailScanner.conf as compared to the default values? troubleshooting and problem reporting would be much easier this way. The current 'MaiScanner -v' doesn't do this.. If you have a postfix based server, try a 'postconf -n' or 'postfinger' to see the output. 2. This is more for the beta list.. but testers need to come up with a test framework for testing new releases. Typically the test framework ought to test: HAM, Eicar, GTUBE, Webbugs, Phishing, etc. possibly a web-based test OR a 'telnet rt.njabl.org 2500' like test where you submit your IP and test things. thanks, - dhawal > Regards, > Jules. From Jan-Peter.Koopmann at seceidos.de Thu Jun 1 10:56:56 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Thu Jun 1 10:57:06 2006 Subject: Another call for improvements In-Reply-To: <447D97C7.2080805@enitech.com.au> Message-ID: On Wednesday, May 31, 2006 3:19 PM Pete Russell wrote: > Love to see a tool that really easily allows us exchange/outlook > users to provide a service to end users to be able to forward spam > that does get through to a SPAM or NOT SPAM mailbox that is auto > sa-learned Archive all incoming mails for a few days, pull the SPAM/NOSPAM public folders via IMAP, use a little script that identifies the message-ID of the pulled mails, see if you have the original mail in the archive. If you do, feed this to sa-learn if you do not then use the pulled mail. Works like a charm. Regards, JP From maillists at conactive.com Thu Jun 1 11:43:45 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jun 1 11:43:57 2006 Subject: Another call for improvements In-Reply-To: <447DD429.2070906@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> <004201c68437$261f6fe0$010a000a@dorfam.ca> <447DD429.2070906@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Wed, 31 May 2006 18:36:41 +0100: > This is why I use syslog. You can configure different log levels with > /etc/syslog.conf. If you just log warn and above, you will only get > error messages and other warnings. Ah, I didn't think about this. This is great, thanks! I have logging now off on one machine. Still, though, it's a bit of a yes/no game. It would be nice to have some influence on the detail logging when logging more than warnings. F.i. *one* line of logging with the most interesting data instead of being so verbose as we are now. This would be helpful for those who want to scan their logs with logwatch or other automated tools. F.i. normal operation like "read x entries from whitelist" or "logged sf534ggd to MailSQL logging child" isn't sooo interesting. But the amount of messages going thru MS or one wants just to see that everything is well by getting continous output of "processed x messages" or so. But one doesn't need all the full logging that is now there. However, at the moment it's all or nothing isn't it? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Thu Jun 1 11:43:45 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jun 1 11:43:57 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: Dave Strydom wrote on Wed, 31 May 2006 20:27:17 +0200: > MailScanner to have the ability to take advantage of the Spamassassin > Spamcop Plugin. I'm not using that plugin, so I may be wrong, but I think this is already possible with SA. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Thu Jun 1 11:43:45 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jun 1 11:44:02 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: References: Message-ID: Philip Hachey wrote on Wed, 31 May 2006 12:10:57 -0400: > It's inconsistent and I'm not sure what to do about it. Have there been > changes in the 0.88.2 code to freshclam? I'm considering rebuilding > ClamAV to see if that increases stability. I don't know about the freshclam coming with Jules' package, but usually you have to configure freshclam.conf before it does something. Did you try running freshclam directly? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From miguelk at konsultex.com.br Thu Jun 1 13:06:01 2006 From: miguelk at konsultex.com.br (Miguel Koren OBrien de Lacy) Date: Thu Jun 1 13:06:29 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: References: Message-ID: <20060601115944.M91769@konsultex.com.br> I noticed this problem last week on 2 out of 4 servers and decided to delete the virus signature files and run freshcalm manually. When I did that I found that access to the mirrors was excruciatingly slow. In fact I never did get to rebuild my files. So I looked around in freshclam.conf and uncommented this line: DatabaseMirror db.US.clamav.net which according to the comments in the file should be uncommented anyway. I don't remeber what it had in its commented form. I tried putting BR in there (would be correct for my case) and it did not work. I then tried US and evereything works fine. Miguel -- Konsultex Informatica (http://www.konsultex.com.br) ---------- Original Message ----------- From: "Kai Schaetzl" To: mailscanner@lists.mailscanner.info Sent: Thu, 01 Jun 2006 12:43:45 +0200 Subject: Re: [Clamav-users] Problem with internal logger > Philip Hachey wrote on Wed, 31 May 2006 12:10:57 -0400: > > > It's inconsistent and I'm not sure what to do about it. Have there been > > changes in the 0.88.2 code to freshclam? I'm considering rebuilding > > ClamAV to see if that increases stability. > > I don't know about the freshclam coming with Jules' package, but usually > you have to configure freshclam.conf before it does something. Did you try > running freshclam directly? > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Esta mensagem foi verificada pelo sistema de antiv?rus e > acredita-se estar livre de perigo. ------- End of Original Message ------- -- Esta mensagem foi verificada pelo sistema de antiv?rus e acredita-se estar livre de perigo. From wolf at zim.goe.net Thu Jun 1 13:28:31 2006 From: wolf at zim.goe.net (Wolf) Date: Thu Jun 1 13:30:01 2006 Subject: Mail stuck in incoming queue of MailScanner Message-ID: <637e55b80606010528s4be695d3wd47a413d1999bc18@mail.gmail.com> Hi List. I had a good running setup with UUCP-Postfix-MailScanner-Cyrus on Debian unstable. >From one day to the next the mails got stuck in the incoming queue of MS. Incoming Work Dir = /var/spool/MailScanner/incoming It started suddenly with this enty im the logs: ... May 29 15:21:08 bio postfix: Process did not exit cleanly, returned 255 with signal 0 There isnt even a process named postfix! Postfixes processes got other names like master... I already searched for this error-message but didnt find a satisfying answer. Any Ideas? MS restartet right after the postfix-message: May 29 15:21:08 bio MailScanner[8876]: MailScanner E-Mail Virus Scanner version 4.46.2 starting... And it checks the same 5 mails again. May 29 15:21:08 bio MailScanner[8876]: MailScanner E-Mail Virus Scanner version 4.46.2 starting... May 29 15:21:10 bio MailScanner[8876]: Read 676 hostnames from the phishing whitelist May 29 15:21:11 bio MailScanner[8876]: Enabling SpamAssassin auto-whitelist functionality... May 29 15:21:12 bio MailScanner[8876]: Using locktype = flock May 29 15:21:12 bio MailScanner[8876]: New Batch: Scanning 5 messages, 130613 bytes May 29 15:21:12 bio MailScanner[8876]: MCP Checks completed at 130613 bytes per second May 29 15:21:12 bio MailScanner[8876]: Spam Checks: Starting May 29 15:21:14 bio MailScanner[8876]: Spam Checks completed at 65306 bytes per second May 29 15:21:14 bio MailScanner[8876]: Virus and Content Scanning: Starting .... May 29 15:21:14 bio MailScanner[8876]: Filename Checks: Allowing 144A676998.4C336 msg-8876-7.txt May 29 15:21:14 bio MailScanner[8876]: Filename Checks: Allowing 144A676998.4C336 PM-DAS-UNGASS.pdf (no rule matched) .. May 29 15:21:14 bio MailScanner[8876]: tag found in message CF3267699E.00C19 from laxxxxxxxn@laxxxxxxxxxxx.de May 29 15:21:14 bio MailScanner[8876]: Virus Scanning completed at 130613 bytes per second May 29 15:21:16 bio CRON[5953]: (pam_unix) session closed for user root May 29 15:21:19 bio postfix: Process did not exit cleanly, returned 255 with signal 0 This will go ad infinitum. Incoming queue is filling up. Workaround was to bypass MailScanner in main.cf (of Postfix) So ist there a mail that MS cant scan and causes this error? -- Wolf Hees http://alphawolf.blogg.de From Denis.Beauchemin at USherbrooke.ca Thu Jun 1 13:48:47 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jun 1 13:49:30 2006 Subject: Listserv whitelisting: Reply-to header field? In-Reply-To: References: Message-ID: <447EE22F.9070204@USherbrooke.ca> Brett Charbeneau a ?crit : > > Can anyone please offer me some tips on this? I've scoured the > list archives and docs and have come up empty-handed. > > SPECIFICS: > Debian 3.1, kernel 2.6.8, > Sendmail 8.13.4, MailScanner 4.41.3-2, SpamAssassin 3.0.3-2 (deb > packages) > > Several of my users subscribe to a listserv that consistently gets > marked as SPAM and I'm having a hard time figuring out how to > whitelist these messages. > The listserv creates headers that shows posts as coming from the > poster, not the listserv server. This makes filtering on the "From:" > field ineffective. > I tried to enter a rule in my > > /etc/MailScanner/rules/spam.whitelist.rules > > file to filter on the "Reply-To:" field like this: > > Reply-To: OCLC-Cataloging yes > > but this isn't working either. I supply a sample of the header > from this list below. > > > > > Date: Tue, 16 May 2006 16:20:36 -0500 > Reply-To: OCLC-Cataloging > Sender: OCLC-Cataloging > From: "Library Cataloger" > Subject: {Spam?} Re: [OCLC-CAT] simplify MARC records? > To: OCLC-CAT@OCLC.ORG > Precedence: list > > Brett, Look in your maillog for the envelope sender. It may well be quite different from the From: in the message itself. You need to work with the envelope sender and not the message sender. Use the following option to get it in the message headers of every email processed my MS: Add Envelope From Header = yes When you have the envelope sender, use that value (maybe with wildcards) in your whitelist rule. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060601/137413f3/smime.bin From Denis.Beauchemin at USherbrooke.ca Thu Jun 1 13:52:03 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jun 1 13:52:20 2006 Subject: Best way to test links? In-Reply-To: References: Message-ID: <447EE2F3.2090004@USherbrooke.ca> Mauricio a ?crit : > > Hi, > > I have a phishing problem that is getting me crazy. > > I send a HTML e-mail with a link to http://localhost/eicar.com or > another link with virus (.cmd or .pif). I?m running apache in MS and > put eicar in apache root directory. I?ve tested all links with wget in > MS server and I get all of them. > > I tried to use MS with clamav with feature ?mail-follow-urls? but my > message is still passing thought MS. > > What it?s wrong? > > What is the best way to test links inside html file? > > Thanks in advance, > > Mauricio. > Mauricio, MailScanner can't help you out with this. What you're trying to protect your users from is not phishing. You need a good antivirus on your user's computers to protect them from the type of malware you are describing. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060601/a2c50285/smime.bin From strydom.dave at gmail.com Thu Jun 1 13:35:30 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Thu Jun 1 14:00:53 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: On 6/1/06, Kai Schaetzl wrote: > Dave Strydom wrote on Wed, 31 May 2006 20:27:17 +0200: > > > MailScanner to have the ability to take advantage of the Spamassassin > > Spamcop Plugin. > > I'm not using that plugin, so I may be wrong, but I think this is already > possible with SA. > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > In the /etc/spamassassin/v310.pre # SpamCop - perform SpamCop message reporting # loadplugin Mail::SpamAssassin::Plugin::SpamCop Or maybe if mailscanner could have the ability to invoke the reporting. Dave From steve.swaney at fsl.com Thu Jun 1 14:02:17 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jun 1 14:02:21 2006 Subject: Mail stuck in incoming queue of MailScanner In-Reply-To: <637e55b80606010528s4be695d3wd47a413d1999bc18@mail.gmail.com> Message-ID: <008501c6857b$9c58e160$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Wolf > Sent: Thursday, June 01, 2006 8:29 AM > To: mailscanner@lists.mailscanner.info > Subject: Mail stuck in incoming queue of MailScanner > > Hi List. > > I had a good running setup with UUCP-Postfix-MailScanner-Cyrus on > Debian unstable. > >From one day to the next the mails got stuck in the incoming queue of MS. > > Incoming Work Dir = /var/spool/MailScanner/incoming > > It started suddenly with this enty im the logs: > ... > May 29 15:21:08 bio postfix: Process did not exit cleanly, returned > 255 with signal 0 > > There isnt even a process named postfix! Postfixes processes got other > names like master... > > I already searched for this error-message but didnt find a satisfying > answer. Any Ideas? > > MS restartet right after the postfix-message: > > May 29 15:21:08 bio MailScanner[8876]: MailScanner E-Mail Virus > Scanner version 4.46.2 starting... > > And it checks the same 5 mails again. > > May 29 15:21:08 bio MailScanner[8876]: MailScanner E-Mail Virus > Scanner version 4.46.2 starting... > May 29 15:21:10 bio MailScanner[8876]: Read 676 hostnames from the > phishing whitelist > May 29 15:21:11 bio MailScanner[8876]: Enabling SpamAssassin > auto-whitelist functionality... > May 29 15:21:12 bio MailScanner[8876]: Using locktype = flock > May 29 15:21:12 bio MailScanner[8876]: New Batch: Scanning 5 messages, > 130613 bytes > May 29 15:21:12 bio MailScanner[8876]: MCP Checks completed at 130613 > bytes per second > May 29 15:21:12 bio MailScanner[8876]: Spam Checks: Starting > May 29 15:21:14 bio MailScanner[8876]: Spam Checks completed at 65306 > bytes per second > May 29 15:21:14 bio MailScanner[8876]: Virus and Content Scanning: > Starting > .... > May 29 15:21:14 bio MailScanner[8876]: Filename Checks: Allowing > 144A676998.4C336 msg-8876-7.txt > May 29 15:21:14 bio MailScanner[8876]: Filename Checks: Allowing > 144A676998.4C336 PM-DAS-UNGASS.pdf (no rule matched) > .. > May 29 15:21:14 bio MailScanner[8876]: tag found in message > CF3267699E.00C19 from laxxxxxxxn@laxxxxxxxxxxx.de > May 29 15:21:14 bio MailScanner[8876]: Virus Scanning completed at > 130613 bytes per second > May 29 15:21:16 bio CRON[5953]: (pam_unix) session closed for user root > May 29 15:21:19 bio postfix: Process did not exit cleanly, returned > 255 with signal 0 > > This will go ad infinitum. Incoming queue is filling up. > > Workaround was to bypass MailScanner in main.cf (of Postfix) > > So ist there a mail that MS cant scan and causes this error? > -- > Wolf Hees This is a known problem with older versions of MailScanner and Postfix. You're running version 4.46.2. Simply upgrade to the latest stable version and the problem should be resolved. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From MailScanner at ecs.soton.ac.uk Thu Jun 1 14:04:52 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 1 14:05:19 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: References: Message-ID: On 1 Jun 2006, at 11:43, Kai Schaetzl wrote: > Philip Hachey wrote on Wed, 31 May 2006 12:10:57 -0400: > >> It's inconsistent and I'm not sure what to do about it. Have >> there been >> changes in the 0.88.2 code to freshclam? I'm considering rebuilding >> ClamAV to see if that increases stability. > > I don't know about the freshclam coming with Jules' package, but > usually > you have to configure freshclam.conf before it does something. Did > you try > running freshclam directly? My easy-to-install ClamAV+SA package configures freshclam.conf and spamd.conf for you, by commenting out the "Example" lines. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From maillists at conactive.com Thu Jun 1 14:31:23 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jun 1 14:31:38 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: <20060601115944.M91769@konsultex.com.br> References: <20060601115944.M91769@konsultex.com.br> Message-ID: Miguel Koren OBrien de Lacy wrote on Thu, 1 Jun 2006 09:06:01 -0300: > which according to the comments in the file should be uncommented anyway. I don't > remeber what it had in its commented form. I tried putting BR in there (would be > correct for my case) and it did not work. I then tried US and evereything works fine. Well, if there's no "br" than you cannot use it. I followed your link to the database mirror and this finally leads to http://www.clamav.net/mirrors.html There you can check which regions are available. You could try ar or ec. In general you *will* see mirrors timing out about once a day or so. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From glenn.steen at gmail.com Thu Jun 1 15:06:13 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jun 1 15:06:19 2006 Subject: Another call for improvements In-Reply-To: <447D95AA.2020705@enitech.com.au> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D95AA.2020705@enitech.com.au> Message-ID: <223f97700606010706n593c7b55n5e1e4f084a656ab9@mail.gmail.com> On 31/05/06, Pete Russell wrote: > 1. I would REALLY love to see a solution to postfix limitation/inability > to split inbound messages into individual queues files. This is REALLY > starting to drive us nuts. Pete, If it is really driving you mad, then do us a favour(:-).... Set up a dual postfix+HOLD&MS, and document it:-). What I'm talking about is this: The reason Postfix+HOLD&MS can't split the mails/recipient is that the actual splitting is done too late (at delivery via smtp/lmtp/pipe), after MS is done, so it wouldn't benefit us. The somewhat ugly solution is to add in a "front side" postfix, that does the usual stuff (header checks and all, but not the HOLD thing) and splits the messages/recipient, then hands them on to the second (or "backside":-) postfix (via a transport map or similar) that do the HOLD etc. Not pretty, but at least remotely feasible:-). So far I've not seen this as a big enough problem to actually do this myself... If i ever get a slow moment, I'll do it myself;-). > 2. I cant do regexp - i want to try and learn but my brain cant do it :( > I would love to see an easy way to block an email by subject or sender, > or body or URI content - i guess his isnt really a MailScanner task, an > MailWatch one? > Postfix header/body checks... But then, these have some fairly obvious limitations, as being line-oriented and ... needing some form of REs to be really useful:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From maillists at conactive.com Thu Jun 1 16:30:35 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jun 1 16:30:26 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: References: Message-ID: Julian Field wrote on Thu, 1 Jun 2006 14:04:52 +0100: > My easy-to-install ClamAV+SA package configures freshclam.conf and > spamd.conf for you, by commenting out the "Example" lines. and then sets the mirror to US ? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Thu Jun 1 16:30:35 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jun 1 16:30:27 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: Dave Strydom wrote on Thu, 1 Jun 2006 14:35:30 +0200: > Or maybe if mailscanner could have the ability to invoke the reporting. isn't that automatically done when auto-learning spam? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mauriciopcavalcanti at hotmail.com Thu Jun 1 16:34:40 2006 From: mauriciopcavalcanti at hotmail.com (Mauricio) Date: Thu Jun 1 16:35:31 2006 Subject: RES: Best way to test links? In-Reply-To: <447EE2F3.2090004@USherbrooke.ca> Message-ID: Hi, I change the default in clamav-wrapper to: ScanOptions="--mail-follow-urls". In clamscan manual they say that this feature opens the HTML file, follow URLs, download and scan them. So, if I send an e-mail to MS server (HTML attach) with a link to http://localhost/eicar.com (and I can manually follow this link and get eicar using wget in MS server), I think that clamav will make what it says. Anyone uses this clamscan feature or another AV/program that blocks this kind of message? Thanks in advance, Mauricio From mikej at rogers.com Thu Jun 1 16:52:37 2006 From: mikej at rogers.com (Mike Jakubik) Date: Thu Jun 1 16:52:28 2006 Subject: Deleting blacklisted items (instead of storing) In-Reply-To: <625385e30606010023r40b23463j9dd04d60b89feffb@mail.gmail.com> References: <447E1B54.3090600@rogers.com> <625385e30606010023r40b23463j9dd04d60b89feffb@mail.gmail.com> Message-ID: <447F0D45.5000704@rogers.com> shuttlebox wrote: > On 6/1/06, Mike Jakubik wrote: >> I have my lows scoring spam set to store, and high to delete. Whenever a >> message is received that is blacklisted it is stored. Is there any way >> to setup MS to delete blacklisted items? > > # Setting this to yes means that spam found in the blacklist is treated > # as "High Scoring Spam" in the "Spam Actions" section below. Setting it > # to no means that it will be treated as "normal" spam. > # This can also be the filename of a ruleset. > Definite Spam Is High Scoring = yes > Excellent, thanks! From Q.G.Campbell at newcastle.ac.uk Thu Jun 1 17:00:16 2006 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Thu Jun 1 17:00:24 2006 Subject: MCP-Checker (MCP timed out) - what is ahppening? Message-ID: <4165CF7A7F12DE4B96622CCBB905864707194DAC@largo.campus.ncl.ac.uk> I am seeing for one sender the following record in the logs: Jun 1 10:13:57 cheviot1 MailScanner[425]: Message k519DcIG001362 from 195.33.10 4.10 (xxx.yyy@intl.pepsico.com) to newcastle.ac.uk is MCP, MCP-Checker (MCP timed out) The mail is disappearing. What might be the cause? Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ Any opinion expressed above is mine and not that of Newcastle University. From MailScanner at ecs.soton.ac.uk Thu Jun 1 17:01:53 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 1 17:02:15 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: References: Message-ID: <65C0B9C2-50A0-47C4-830D-2F43B1D3CB1D@ecs.soton.ac.uk> On 1 Jun 2006, at 16:30, Kai Schaetzl wrote: > Julian Field wrote on Thu, 1 Jun 2006 14:04:52 +0100: > >> My easy-to-install ClamAV+SA package configures freshclam.conf and >> spamd.conf for you, by commenting out the "Example" lines. > > and then sets the mirror to US ? No, as I don't know what country you might be in. It just gets it working for you, saving new users a nasty catch which will confuse them entirely. Doing things like this annoys me, as they don't produce a nice error message telling the user what they need to do to alleviate the problem. It's a case of "Switch this option on to make anything work, default is off". I know I do it myself, but I do at least generate a polite error message which tells the user they need to set their company name in MailScanner.conf. I am considering removing it from MailScanner. If the %org-name% has not been configured, then I just use the domain name by using Sys::Hostname::Long which is already needed by SpamAssassin so most people have it installed already. I replace the hostname with www to get the website address, and put the same in % org-long-name% as %org-name%. Does that sound rather better than the current "I'm not going to start" behaviour. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From ka at pacific.net Thu Jun 1 17:05:31 2006 From: ka at pacific.net (Ken A) Date: Thu Jun 1 17:05:31 2006 Subject: RES: Best way to test links? In-Reply-To: References: Message-ID: <447F104B.10908@pacific.net> Mauricio wrote: > Hi, > I change the default in clamav-wrapper to: > > ScanOptions="--mail-follow-urls". > > In clamscan manual they say that this feature opens the HTML file, follow > URLs, download and scan them. > > So, if I send an e-mail to MS server (HTML attach) with a link to > http://localhost/eicar.com (and I can manually follow this link and get > eicar using wget in MS server), I think that clamav will make what it says. > > Anyone uses this clamscan feature or another AV/program that blocks this > kind of message? If clamscan determined that the url is 'clean' - it can be 'dirty' the next minute, so what's the point? Don't trust urls in email, period. Ken > > Thanks in advance, > Mauricio From JeremyBlonde at grant.k12.ca.us Thu Jun 1 17:07:59 2006 From: JeremyBlonde at grant.k12.ca.us (Jeremy Blonde) Date: Thu Jun 1 17:07:12 2006 Subject: MCP-Checker (MCP timed out) - what is ahppening? Message-ID: I ran into this same problem. I had to delete my existing mcp rule file and re-create it. Apparently, I had added a typo somewhere. Jeremy Blonde Instructional Technology - Server Support Grant Joint Union School District -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Quentin Campbell Sent: Thursday, June 01, 2006 9:00 AM To: mailscanner@lists.mailscanner.info Subject: MCP-Checker (MCP timed out) - what is ahppening? I am seeing for one sender the following record in the logs: Jun 1 10:13:57 cheviot1 MailScanner[425]: Message k519DcIG001362 from 195.33.10 4.10 (xxx.yyy@intl.pepsico.com) to newcastle.ac.uk is MCP, MCP-Checker (MCP timed out) The mail is disappearing. What might be the cause? Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ Any opinion expressed above is mine and not that of Newcastle University. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From alex at nkpanama.com Thu Jun 1 17:14:13 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jun 1 17:14:52 2006 Subject: Use TNEF Contents problem In-Reply-To: <001701c6852a$b32e3b70$6c00a8c0@AldenLap> References: <001701c6852a$b32e3b70$6c00a8c0@AldenLap> Message-ID: <447F1255.1050403@nkpanama.com> Alden Levy wrote: > It's quite possible that Outlook-only features may be mis-rendered by > Outlook when the Outlook features are replaced. > > This may be a good reason to change the default to > TNEF Contents = add > > What does anyone else think of this setting? > I think it should remain in "replace" instead of "add" because "add" uses up more storage (and probably more processing time) - perhaps a commented entry right above stating, for Outlook/MS Exchange admins, that they should consider using "add" - and maybe a comment or two about fixing all the things that are broken in Exchange to begin with ;-) From alex at nkpanama.com Thu Jun 1 17:16:37 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jun 1 17:16:59 2006 Subject: RES: Best way to test links? In-Reply-To: References: Message-ID: <447F12E5.6060805@nkpanama.com> You should consider using squidclamav in your gateway as well. I think clam has this turned off for a very valid reason. What happens if I send you three or four e-mails with the addresses for, say, a CentOS DVD iso? Per hour? Mauricio wrote: > Hi, > I change the default in clamav-wrapper to: > > ScanOptions="--mail-follow-urls". > > In clamscan manual they say that this feature opens the HTML file, follow > URLs, download and scan them. > > So, if I send an e-mail to MS server (HTML attach) with a link to > http://localhost/eicar.com (and I can manually follow this link and get > eicar using wget in MS server), I think that clamav will make what it says. > > Anyone uses this clamscan feature or another AV/program that blocks this > kind of message? > > Thanks in advance, > Mauricio > From jchezny at northcarolina.edu Thu Jun 1 17:32:05 2006 From: jchezny at northcarolina.edu (jchezny@northcarolina.edu) Date: Thu Jun 1 17:32:12 2006 Subject: Question about whitelisting a domain In-Reply-To: References: <1149115016.447e1a88c7c0d@webmail.northcarolina.edu> Message-ID: <1149179525.447f168506374@webmail.northcarolina.edu> I've tried listing via IP and FQDN. Your thoughts? Quoting Logan Shaw : > On Wed, 31 May 2006, jchezny@northcarolina.edu wrote: > > Can any one help me determine why one domain out of twelve is not > whitelisted; > > even though this domain is listed in the 'Whitelist for Mailwatch'? > > Perhaps there is something different about it compared to the > other 11 of them... :-) > > - Logan > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ---------------------------------------------------------------- This message was sent with UNC-GA Webmail http://webmail.northcarolina.edu From MailScanner at ecs.soton.ac.uk Thu Jun 1 17:43:59 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 1 17:44:19 2006 Subject: RES: Best way to test links? In-Reply-To: <447F104B.10908@pacific.net> References: <447F104B.10908@pacific.net> Message-ID: <447F194F.1020408@ecs.soton.ac.uk> Ken A wrote: > If clamscan determined that the url is 'clean' - it can be 'dirty' the > next minute, so what's the point? Don't trust urls in email, period. > Ken This is the same reason I don't trust mail with external bodies. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From strydom.dave at gmail.com Thu Jun 1 18:17:42 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Thu Jun 1 18:17:46 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: On 6/1/06, Kai Schaetzl wrote: > isn't that automatically done when auto-learning spam? > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com Nope, that updates the bayes db on your machine, what I want is MailScanner to take say any message which scores over 25, and use the spamassassin spamcop plugin to report the message to www.spamcop.net, this will list the server which sent out the mail on a RBL. Dave From chris at tac.esi.net Thu Jun 1 18:56:31 2006 From: chris at tac.esi.net (Chris Hammond) Date: Thu Jun 1 18:56:42 2006 Subject: Another call for improvements In-Reply-To: <197F21E06E4D2A478519EA9078D6AA1C01B0AF11@poclexch.AU.POCOLD.POCL> References: <197F21E06E4D2A478519EA9078D6AA1C01B0AF11@poclexch.AU.POCOLD.POCL> Message-ID: <447EF221.B662.0038.0@tac.esi.net> Jeff, is this a script that can and/or willing to share? I wouldn't even know where to start to do something like this. Thanks Chris >>> "Jeff Mills" 05/31/06 7:13 PM >>> I have created a public Folder on the exchange box for spam where users have access to drop emails, but not view the contents of the folder. I then run a script every hour where my MailScanner box connects to the public folder and learns from the mail in there. Once a week I run a script to clear the contents of the folder. > ----- Original Message----- > From: mailscanner- bounces@lists.mailscanner.info > [mailto:mailscanner- bounces@lists.mailscanner.info]On Behalf Of Dennis > Willson > Sent: Thursday, 1 June 2006 9:01 AM > To: MailScanner discussion > Subject: Re: Another call for improvements > > > Can't you use mailwatch? > > Pete Russell wrote: > > > > > Love to see a tool that really easily allows us > exchange/outlook users > > to provide a service to end users to be able to forward > spam that does > > get through to a SPAM or NOT SPAM mailbox that is auto sa- learned > > > -- > > ---------------------------------- > Dennis Willson > mailto:taz@taz- mania.com > http://www.taz- mania.com > > Owner / Operator, Kepnet Internet Services > > > > *** "This company is now part of the Versacold Holdings Corp. and is no longer owned by or affiliated with the P&O Group" *** Please update your address books: Was: firstname.lastname@pocold.com.au Now: firstname.lastname@versacold.com.au ************** www.versacold.com ************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From taz at taz-mania.com Thu Jun 1 19:14:04 2006 From: taz at taz-mania.com (Dennis Willson) Date: Thu Jun 1 19:14:12 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D8FC3.5040005@elirion.net> <447D59A5.B662.0038.0@tac.esi.net> <447D97C7.2080805@enitech.com.au> <447E2040.4090009@taz-mania.com> <447E2437.7040108@taz-mania.com> Message-ID: <447F2E6C.2030203@taz-mania.com> Dave Strydom wrote: > On 6/1/06, Dennis Willson wrote: > >> >> I would like the configuration file to be put into a database >> (optionally). If there's an option in the config file that is the name >> of the file that does database accesses for the configuration >> information then it ignores the rest of the file and begins to call that >> function to get the configuration information. This would make keeping >> multiple copies of MailScanner correctly sync'ed up much easier and >> allow an extension of MailWatch to make configuration changes. >> >> ---------------------------------- >> Dennis Willson >> mailto:taz@taz-mania.com >> http://www.taz-mania.com >> >> Owner / Operator, Kepnet Internet Services > > > Although this may seem like a good idea, my only concern about > something like this is that the chance of a mysql server crashing > compared to a txt file crashing is hugly different. > > Also, is it not quicker to read from a txt file, than it would be to > do sql queries? > > Dave Each of my MailScanner installations has its own MySQL server with circular replication so a MySQL crash will at most only bring down one of the MailScanner installations. However I assume (I may be wrong here, Julian would have to say for sure) but that the config file is only read in on startup and the variables stored in memory. If MailScanner read the txt config files over and over every time it needed some variable that would be much slower than using SQL. Besides, I only mean for this to be an option, my suggestion is that it can do either txt files or database. -- ---------------------------------- Dennis Willson mailto:taz@taz-mania.com http://www.taz-mania.com Owner / Operator, Kepnet Internet Services -------------- next part -------------- A non-text attachment was scrubbed... Name: taz.vcf Type: text/x-vcard Size: 219 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060601/a3b28611/taz.vcf From maillists at conactive.com Thu Jun 1 19:31:20 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jun 1 19:31:32 2006 Subject: Question about whitelisting a domain In-Reply-To: <1149179525.447f168506374@webmail.northcarolina.edu> References: <1149115016.447e1a88c7c0d@webmail.northcarolina.edu> <1149179525.447f168506374@webmail.northcarolina.edu> Message-ID: wrote on Thu, 1 Jun 2006 12:32:05 -0400: > I've tried listing via IP and FQDN. Your thoughts? Fog, fog, fog, their is so much fog ... Why don't you give examples of what you did and where you picked up what it should match? Either you did it the wrong way or you are matching the wrong data. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From anders.andersson at ltkalmar.se Thu Jun 1 19:45:40 2006 From: anders.andersson at ltkalmar.se (Anders Andersson, IT) Date: Thu Jun 1 19:46:32 2006 Subject: Another call for improvements Message-ID: <5EBABD62DC5AC048AD8AEC3312E02D4CCD315F@exchange03.lkl.ltkalmar.se> Could this be what your looking for? Found it in an old thread named "spam/notspam w/sa-learn" /Anders > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Chris Hammond > Sent: Thursday, June 01, 2006 7:57 PM > To: MailScanner discussion > Subject: RE: Another call for improvements > > Jeff, is this a script that can and/or willing to share? I > wouldn't even know where to start to do something like this. > > Thanks > Chris > > >>> "Jeff Mills" 05/31/06 7:13 PM >>> > I have created a public Folder on the exchange box for spam > where users have access to drop emails, but not view the > contents of the folder. > I then run a script every hour where my MailScanner box > connects to the public folder and learns from the mail in there. > Once a week I run a script to clear the contents of the folder. > > > > ----- Original Message----- > > From: mailscanner- bounces@lists.mailscanner.info > > [mailto:mailscanner- bounces@lists.mailscanner.info]On Behalf Of > Dennis > > Willson > > Sent: Thursday, 1 June 2006 9:01 AM > > To: MailScanner discussion > > Subject: Re: Another call for improvements > > > > > > Can't you use mailwatch? > > > > Pete Russell wrote: > > > > > > > > Love to see a tool that really easily allows us > > exchange/outlook users > > > to provide a service to end users to be able to forward > > spam that does > > > get through to a SPAM or NOT SPAM mailbox that is auto sa- learned > > > > > > -- > > > > ---------------------------------- > > Dennis Willson > > mailto:taz@taz- mania.com > > http://www.taz- mania.com > > > > Owner / Operator, Kepnet Internet Services > > > > > > > > > > > > *** "This company is now part of the Versacold Holdings Corp. > and is no longer owned by or affiliated with the P&O Group" *** > > Please update your address books: > Was: firstname.lastname@pocold.com.au > Now: firstname.lastname@versacold.com.au > > ************** www.versacold.com ************** > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- A non-text attachment was scrubbed... Name: GetSpam&Ham.pl Type: application/octet-stream Size: 1977 bytes Desc: GetSpam&Ham.pl Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060601/917ebae1/GetSpamHam.obj From wolf at zim.goe.net Thu Jun 1 20:05:44 2006 From: wolf at zim.goe.net (Wolf) Date: Thu Jun 1 20:05:46 2006 Subject: Mail stuck in incoming queue of MailScanner In-Reply-To: <008501c6857b$9c58e160$2901010a@office.fsl> References: <637e55b80606010528s4be695d3wd47a413d1999bc18@mail.gmail.com> <008501c6857b$9c58e160$2901010a@office.fsl> Message-ID: <637e55b80606011205r460a1cd7s94ebfcbb31af2906@mail.gmail.com> Thank you. Problem solved. > This is a known problem with older versions of MailScanner and Postfix. > You're running version 4.46.2. Simply upgrade to the latest stable version > and the problem should be resolved. The only thing I didnt understand is why it happend so sudden. -- Wolf Hees http://alphawolf.blogg.de From brett at wrl.org Thu Jun 1 20:20:42 2006 From: brett at wrl.org (Brett Charbeneau) Date: Thu Jun 1 20:22:19 2006 Subject: Listserv whitelisting: Reply-to header field? Message-ID: > > Can anyone please offer me some tips on this? I've scoured the list > > archives and docs and have come up empty-handed. > > What about the listserv IP? Thanks for the reply, Michele! Not sure I'm following you here. Would I enter the listserv server's IP in the /etc/MailScanner/rules/spam.whitelist.rules file? After a "From:" statement? -- ******************************************************************** Brett Charbeneau Network Administrator Williamsburg Regional Library 7770 Croaker Road Williamsburg, VA 23188-7064 (757)259-4044 www.wrl.org (757)259-4079 (fax) brett@wrl.org ******************************************************************** From brett at wrl.org Thu Jun 1 20:41:55 2006 From: brett at wrl.org (Brett Charbeneau) Date: Thu Jun 1 20:42:47 2006 Subject: Listserv whitelisting: Reply-to header field? Message-ID: > Look in your maillog for the envelope sender. It may well be quite > different from the From: in the message itself. You need to work with > the envelope sender and not the message sender. Use the following > option to get it in the message headers of every email processed my MS: > Add Envelope From Header = yes > > When you have the envelope sender, use that value (maybe with wildcards) > in your whitelist rule. I appreciate the reply, Denis! I actually have that directive in my MailScanner.conf file already, but haven't looked at the envelope sender field. Interesting. Would I list this as a simple "From:" statement in my /etc/MailScanner/rules/spam.whitelist.rules file? -- ******************************************************************** Brett Charbeneau Network Administrator Williamsburg Regional Library 7770 Croaker Road Williamsburg, VA 23188-7064 (757)259-4044 www.wrl.org (757)259-4079 (fax) brett@wrl.org ******************************************************************** From dave.list at pixelhammer.com Thu Jun 1 21:47:12 2006 From: dave.list at pixelhammer.com (DAve) Date: Thu Jun 1 21:47:25 2006 Subject: MailScanner version Message-ID: <447F5250.1060007@pixelhammer.com> Hello all, I'm about to hit the switch on my upgrade of MailScanner plus addition of MailWatch and I was curious as just how bad is version 4.53.8? The change log doesn't look like anything Julian fixed since would be a problem for me. I know I could install the latest source, and I normally only build my own source but.... I've been trying to use the ports system on FreeBSD with my MailScanner machines, half as an experiment and half "what do we do if DAve gets hit by a truck" preparedness ;^). The most current port is 4.53.8. We run ClamAv and BitDefender, should we use 4.53.8 or not? I hate to wait too long, this weekend is a perfect time to do the push for me. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From james at grayonline.id.au Thu Jun 1 22:06:59 2006 From: james at grayonline.id.au (James Gray) Date: Thu Jun 1 23:29:09 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: <200606020707.07543.james@grayonline.id.au> On Thu, 1 Jun 2006 10:18 am, Mark Nienberg wrote: > Julian Field wrote: > > Any of you got any features which you really need? > > I don't guarantee to implement them, or even consider them :-) > > Is there currently a way to have the installation scripts create a log > file so we can see what happened if things don't work out? ./install.sh 2>&1 | tee ms-install.log ....usually works for me. I guess you could build that into the install script by looking for a "-L logfile.txt" when the installer is called or something: install(){ # # The full installation process # } if [ $LOGOPT == "YES" ]; then install | tee $LOGFILE else install fi Not pretty shell script, but it's 7am, I've been up since 3am and haven't had any coffee... ;) Cheers, James -- It's not the men in my life, but the life in my men that counts. -- Mae West -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060602/260c3861/attachment.bin From wintermutecx at gmail.com Fri Jun 2 00:01:20 2006 From: wintermutecx at gmail.com (Dave) Date: Fri Jun 2 00:01:23 2006 Subject: recover user mail Message-ID: We recently had a user that lost all their mail. I have incoming Mailscanner archives for 30 days. Has anyone seen or written a script that greps the archives and can copy out the q and d files that has that persons email address within the message? He mainly wants to get some recent contacts and the body of a few messages. I'll start on something tomorrow, but don't want to reinvent the wheel :) From x72m35 at gmail.com Fri Jun 2 05:18:23 2006 From: x72m35 at gmail.com (Lasantha Marian) Date: Fri Jun 2 05:18:59 2006 Subject: Can the order of Spam, MCP, Arichiving processing be determined Message-ID: <447FBC0F.5080709@gmail.com> Hi Everyone ! MailScanner has been a one of the best FOSS tools that I have used and I have deployed at six locations in three countries. It has always served my requirements beyond expectations. Mostly my setups are Postfix/DBMail/MailScanner/SpamAssassin/AVG/ClamAV/F-Prot/F-Secure with one new deployment having Exim as MTA. I am extremely thankful to the wonderful people who are involved the development of MailScnner (this my first time on this list). The Problem (may be a feature request) is that the Archive feature of the MailScanner processes messages before processing Spam and MCP. Which results in having Spam and MCP positive messages being archived. The need is to get the archiving messages which are Spam and MCP negatives only. Unfortunately for me I could not find a way to achieve this. Is there a possibility to decide in which order the processing of Spam, MCP and Archiving can be done (For Spam and MCP the option "First Check = spam" fills the same kind of need) ? If not available is there a possibility to introduce a configuration option to decide the order of processing ? The setup where I have this problem is having Exim/DBMail/MailScanner/SpamAssassin/AVG/ClamAV/F-Prot/F-Secure running on DELL PowerEdge Server with Intel Pentium 3 1.33 GHz x 2 with 2GB Memory. Thank you very much in advance. Best regards, Lasantha. From gobinathlk at yahoo.com Fri Jun 2 08:38:31 2006 From: gobinathlk at yahoo.com (gobinath thangavel) Date: Fri Jun 2 08:38:34 2006 Subject: user wise attachment blocking (filename) In-Reply-To: Message-ID: <20060602073831.82403.qmail@web51110.mail.yahoo.com> Dear all, Can any one help on this i want to block custom attachment for particular users. how can i do it with MailScanner. thank you gobinath __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060602/8eb94dd3/attachment.html From a.peacock at chime.ucl.ac.uk Fri Jun 2 08:39:12 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Jun 2 08:39:28 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: <65C0B9C2-50A0-47C4-830D-2F43B1D3CB1D@ecs.soton.ac.uk> References: <65C0B9C2-50A0-47C4-830D-2F43B1D3CB1D@ecs.soton.ac.uk> Message-ID: <447FEB20.80800@chime.ucl.ac.uk> Hi Julian, Julian Field wrote: > > On 1 Jun 2006, at 16:30, Kai Schaetzl wrote: > >> Julian Field wrote on Thu, 1 Jun 2006 14:04:52 +0100: >> >>> My easy-to-install ClamAV+SA package configures freshclam.conf and >>> spamd.conf for you, by commenting out the "Example" lines. >> >> and then sets the mirror to US ? > > No, as I don't know what country you might be in. It just gets it > working for you, saving new users a nasty catch which will confuse them > entirely. Doing things like this annoys me, as they don't produce a nice > error message telling the user what they need to do to alleviate the > problem. It's a case of "Switch this option on to make anything work, > default is off". I know I do it myself, but I do at least generate a > polite error message which tells the user they need to set their company > name in MailScanner.conf. > > I am considering removing it from MailScanner. > If the %org-name% has not been configured, then I just use the domain > name by using Sys::Hostname::Long which is already needed by > SpamAssassin so most people have it installed already. I replace the > hostname with www to get the website address, and put the same in > %org-long-name% as %org-name%. > > Does that sound rather better than the current "I'm not going to start" > behaviour. I wouldn't really be in favour of this. A side-effect of the current behaviour is that it forces the person installing the system to at least open and look at the config file first. I don't think anyone should be installing something as important as mailscanner without at least understanding what the default options are doing. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The problem with defending the purity of the English language is that English is about as pure as a cribhouse whore. We don't just borrow words; on occasion, English has pursued other languages down alleyways to beat them unconscious and rifle their pockets for new vocabulary." -- James D. Nicoll From MailScanner at ecs.soton.ac.uk Fri Jun 2 08:46:02 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 2 08:46:25 2006 Subject: MailScanner version In-Reply-To: <447F5250.1060007@pixelhammer.com> References: <447F5250.1060007@pixelhammer.com> Message-ID: On 1 Jun 2006, at 21:47, DAve wrote: > Hello all, > > I'm about to hit the switch on my upgrade of MailScanner plus > addition of MailWatch and I was curious as just how bad is version > 4.53.8? The change log doesn't look like anything Julian fixed > since would be a problem for me. There was a nasty problem in the phishing net, that was the biggest problem. I would definitely go for 4.54. > I know I could install the latest source, and I normally only build > my own source but.... It's written in perl, there *is* only source. > I've been trying to use the ports system on FreeBSD with my > MailScanner machines, half as an experiment and half "what do we do > if DAve gets hit by a truck" preparedness ;^). > > The most current port is 4.53.8. We run ClamAv and BitDefender, > should we use 4.53.8 or not? I hate to wait too long, this weekend > is a perfect time to do the push for me. I would not go for 4.53, personally. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Fri Jun 2 08:49:45 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 2 08:50:02 2006 Subject: Can the order of Spam, MCP, Arichiving processing be determined In-Reply-To: <447FBC0F.5080709@gmail.com> References: <447FBC0F.5080709@gmail.com> Message-ID: <8FB03548-4E28-4B9C-8BD9-47A9DF1C32E7@ecs.soton.ac.uk> On 2 Jun 2006, at 05:18, Lasantha Marian wrote: > Hi Everyone ! > > MailScanner has been a one of the best FOSS tools that I have used > and I > have deployed at six locations in three countries. It has always > served > my requirements beyond expectations. Mostly my setups are > Postfix/DBMail/MailScanner/SpamAssassin/AVG/ClamAV/F-Prot/F-Secure > with > one new deployment having Exim as MTA. I am extremely thankful to the > wonderful people who are involved the development of MailScnner > (this my > first time on this list). Gratitude gratefully received! > > The Problem (may be a feature request) is that the Archive feature of > the MailScanner processes messages before processing Spam and MCP. > Which > results in having Spam and MCP positive messages being archived. The > need is to get the archiving messages which are Spam and MCP negatives > only. Unfortunately for me I could not find a way to achieve this. The spam gets archived into a spam subdirectory of the day's quarantine. Just delete the archived spam directory every night. > Is there a possibility to decide in which order the processing of > Spam, > MCP and Archiving can be done (For Spam and MCP the option "First > Check > = spam" fills the same kind of need) ? If not available is there a > possibility to introduce a configuration option to decide the order of > processing ? The data put into the archive is _always_ the contents of the message as received by MailScanner, and I have no intention of changing that. You can stop viruses going into the archive, but that is all. I want the archive as a way of looking at original messages if something went wrong. Having mangled messages in the archive would destroy the point. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Fri Jun 2 08:50:59 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 2 08:52:10 2006 Subject: user wise attachment blocking (filename) In-Reply-To: <20060602073831.82403.qmail@web51110.mail.yahoo.com> References: <20060602073831.82403.qmail@web51110.mail.yahoo.com> Message-ID: <2C1F33C5-9CEA-4B2F-8306-6AF431A13734@ecs.soton.ac.uk> Start here: http://wiki.mailscanner.info/doku.php? id=documentation:configuration:rulesets:overloading On 2 Jun 2006, at 08:38, gobinath thangavel wrote: > Dear all, > Can any one help on this > i want to block custom attachment for particular users. how can i > do it with MailScanner. > > thank you -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060602/54ef8113/attachment.html From Q.G.Campbell at newcastle.ac.uk Fri Jun 2 08:54:11 2006 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Fri Jun 2 08:54:15 2006 Subject: MCP-Checker (MCP timed out) - what is happening? Message-ID: <4165CF7A7F12DE4B96622CCBB905864707194DDA@largo.campus.ncl.ac.uk> Jeremy Have run 'spamassassin --siteconfigpath=/etc/MailScanner/mcp --lint' and this shows no problems. In my case I have more than one *.cf file in ~/mcp. I have found 59 instances of this problem occurring over the last 8 weeks. That is a tiny number compared to the 1,000,000 or so messages we receive per day so the problem seems to arise out of a very special set of circumstances. Not just mail from 'intl.pepsico.com' is involved although that site accounts for a significant proportion of the 59 cases. At least two different people sending mail from that site have beem affected. A full extract of log records for one such instance is: Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: from=, size=2953, class=0, nrcpts=1, msgid=<933D22EF8B0CA249BC3C5056C06FCE2201FCBB9D@pepwmu00262.cww.pep.pvt> , proto=ESMTP, daemon=MTA, relay=pepwmz00096.pbsg.com [195.33.104.10] Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: Milter add: header: Received-SPF: none (cheviot2.ncl.ac.uk: domain of xxx.yyy@intl.pepsico.com does not designate permitted sender hosts) Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: to=, delay=00:00:00, mailer=esmtp, pri=32953, stat=queued Jun 1 10:12:39 cheviot2 MailScanner[22318]: Message k519CLJN025995 from 195.33.104.10 (xxx.yyy@intl.pepsico.com) to newcastle.ac.uk is MCP, MCP-Checker (MCP timed out) Jun 1 10:12:39 cheviot2 MailScanner[22318]: MCP Actions: message k519CLJN025995 actions are deliver At this point the message disappears from the queue. It is not delivered and the log records above confirm this. I am running with MailScanner-4.51.6-1 and SpamAssassin 3.1.1. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ Any opinion expressed above is mine and not that of Newcastle University. >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >Of Jeremy Blonde >Sent: 01 June 2006 17:08 >To: MailScanner discussion >Subject: RE: MCP-Checker (MCP timed out) - what is ahppening? > >I ran into this same problem. I had to delete my existing mcp >rule file >and re-create it. Apparently, I had added a typo somewhere. > > >Jeremy Blonde >Instructional Technology - Server Support >Grant Joint Union School District > > >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >Of Quentin >Campbell >Sent: Thursday, June 01, 2006 9:00 AM >To: mailscanner@lists.mailscanner.info >Subject: MCP-Checker (MCP timed out) - what is ahppening? > >I am seeing for one sender the following record in the logs: > >Jun 1 10:13:57 cheviot1 MailScanner[425]: Message k519DcIG001362 from >195.33.10 4.10 (xxx.yyy@intl.pepsico.com) to newcastle.ac.uk is MCP, >MCP-Checker (MCP timed out) > >The mail is disappearing. What might be the cause? > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >--------------------------------------------------------------- >--------- >Any opinion expressed above is mine and not that of Newcastle >University. >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > From x72m35 at gmail.com Fri Jun 2 09:17:13 2006 From: x72m35 at gmail.com (Lasantha Marian) Date: Fri Jun 2 09:17:53 2006 Subject: Can the order of Spam, MCP, Arichiving processing be determined In-Reply-To: <8FB03548-4E28-4B9C-8BD9-47A9DF1C32E7@ecs.soton.ac.uk> References: <447FBC0F.5080709@gmail.com> <8FB03548-4E28-4B9C-8BD9-47A9DF1C32E7@ecs.soton.ac.uk> Message-ID: <447FF409.8050903@gmail.com> Dear Julian, -------- Original Message -------- From: Julian Field Date: 02/06/2006 01:19 p > > On 2 Jun 2006, at 05:18, Lasantha Marian wrote: > >> Hi Everyone ! >> >> MailScanner has been a one of the best FOSS tools that I have used and I >> have deployed at six locations in three countries. It has always served >> my requirements beyond expectations. Mostly my setups are >> Postfix/DBMail/MailScanner/SpamAssassin/AVG/ClamAV/F-Prot/F-Secure with >> one new deployment having Exim as MTA. I am extremely thankful to the >> wonderful people who are involved the development of MailScnner (this my >> first time on this list). > > Gratitude gratefully received! Appreciate your prompt reply. > >> >> The Problem (may be a feature request) is that the Archive feature of >> the MailScanner processes messages before processing Spam and MCP. Which >> results in having Spam and MCP positive messages being archived. The >> need is to get the archiving messages which are Spam and MCP negatives >> only. Unfortunately for me I could not find a way to achieve this. > > The spam gets archived into a spam subdirectory of the day's > quarantine. Just delete the archived spam directory every night. I use "Archive Mail" option with rule set and forwarding to a selected account. That is the reason why I am searching the capability to control at which point the archiving should happen. > >> Is there a possibility to decide in which order the processing of Spam, >> MCP and Archiving can be done (For Spam and MCP the option "First Check >> = spam" fills the same kind of need) ? If not available is there a >> possibility to introduce a configuration option to decide the order of >> processing ? > > The data put into the archive is _always_ the contents of the message > as received by MailScanner, and I have no intention of changing that. > You can stop viruses going into the archive, but that is all. I want > the archive as a way of looking at original messages if something went > wrong. Having mangled messages in the archive would destroy the point. I honor your stance on this. But if I were to make the change for my self in my installations, what modules should I be looking. > > --Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Thanks and regards, Lasantha. From glenn.steen at gmail.com Fri Jun 2 09:31:52 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 2 09:31:56 2006 Subject: Listserv whitelisting: Reply-to header field? In-Reply-To: References: Message-ID: <223f97700606020131i7f56f83fla463f714152deaec@mail.gmail.com> On 01/06/06, Brett Charbeneau wrote: > > > Can anyone please offer me some tips on this? I've scoured the list > > > archives and docs and have come up empty-handed. > > > > What about the listserv IP? > > Thanks for the reply, Michele! > Not sure I'm following you here. Would I enter the listserv server's IP > in the > > /etc/MailScanner/rules/spam.whitelist.rules > > file? After a "From:" statement? > Yes. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Jun 2 09:33:16 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 2 09:33:18 2006 Subject: Listserv whitelisting: Reply-to header field? In-Reply-To: References: Message-ID: <223f97700606020133nbabf0e2i93d61ab9886c03df@mail.gmail.com> On 01/06/06, Brett Charbeneau wrote: > > Look in your maillog for the envelope sender. It may well be quite > > different from the From: in the message itself. You need to work with > > the envelope sender and not the message sender. Use the following > > option to get it in the message headers of every email processed my MS: > > Add Envelope From Header = yes > > > > When you have the envelope sender, use that value (maybe with wildcards) > > in your whitelist rule. > > I appreciate the reply, Denis! > I actually have that directive in my MailScanner.conf file already, but > haven't looked at the envelope sender field. Interesting. > Would I list this as a simple "From:" statement in my > > /etc/MailScanner/rules/spam.whitelist.rules > > file? Yes again. Either the sending server IP address or the envelope sender (as read from the logs) would do. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From brian.okeeffe at kepak.com Fri Jun 2 09:55:15 2006 From: brian.okeeffe at kepak.com (Brian O'Keeffe) Date: Fri Jun 2 09:55:30 2006 Subject: recover user mail In-Reply-To: Message-ID: This may help but you will need to tweak it a little, this searches the archive for any mails to, from or cc'd to your input user and outputs to an imap folder. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave Sent: 02 June 2006 00:01 To: mailscanner@lists.mailscanner.info Subject: recover user mail We recently had a user that lost all their mail. I have incoming Mailscanner archives for 30 days. Has anyone seen or written a script that greps the archives and can copy out the q and d files that has that persons email address within the message? He mainly wants to get some recent contacts and the body of a few messages. I'll start on something tomorrow, but don't want to reinvent the wheel :) -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.7.4/351 - Release Date: 29/05/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.7.4/351 - Release Date: 29/05/2006 -------------- next part -------------- A non-text attachment was scrubbed... Name: rebuild.sh Type: application/octet-stream Size: 1762 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060602/1fc0ec9a/rebuild.obj From MailScanner at ecs.soton.ac.uk Fri Jun 2 09:55:28 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 2 09:55:50 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: <447FEB20.80800@chime.ucl.ac.uk> References: <65C0B9C2-50A0-47C4-830D-2F43B1D3CB1D@ecs.soton.ac.uk> <447FEB20.80800@chime.ucl.ac.uk> Message-ID: On 2 Jun 2006, at 08:39, Anthony Peacock wrote: > Hi Julian, > > Julian Field wrote: >> On 1 Jun 2006, at 16:30, Kai Schaetzl wrote: >>> Julian Field wrote on Thu, 1 Jun 2006 14:04:52 +0100: >>> >>>> My easy-to-install ClamAV+SA package configures freshclam.conf and >>>> spamd.conf for you, by commenting out the "Example" lines. >>> >>> and then sets the mirror to US ? >> No, as I don't know what country you might be in. It just gets it >> working for you, saving new users a nasty catch which will confuse >> them entirely. Doing things like this annoys me, as they don't >> produce a nice error message telling the user what they need to do >> to alleviate the problem. It's a case of "Switch this option on to >> make anything work, default is off". I know I do it myself, but I >> do at least generate a polite error message which tells the user >> they need to set their company name in MailScanner.conf. >> I am considering removing it from MailScanner. >> If the %org-name% has not been configured, then I just use the >> domain name by using Sys::Hostname::Long which is already needed >> by SpamAssassin so most people have it installed already. I >> replace the hostname with www to get the website address, and put >> the same in %org-long-name% as %org-name%. >> Does that sound rather better than the current "I'm not going to >> start" behaviour. > > I wouldn't really be in favour of this. > > A side-effect of the current behaviour is that it forces the person > installing the system to at least open and look at the config file > first. > > I don't think anyone should be installing something as important as > mailscanner without at least understanding what the default options > are doing. But I really hate all those systems which are "broken by default". Very often after installing something I want to try starting it up to see if it runs at all or whether I still have stuff left to install such as other Perl modules in MailScanner's case. The fact that "service MailScanner start" doesn't work until I start wading into config files, of which I know neither the name nor the location, really annoys me with other systems. So I don't want to inflict the same annoyance on other people. I want the system to be intelligent and make up sensible settings for me until I find where the config files are and how to edit them. Always imagine yourself as a complete newbie installing it for the first time, only half knowing what you are doing with a command-line at all having been brought up on Windows systems. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From joost at waversveld.nl Fri Jun 2 10:00:17 2006 From: joost at waversveld.nl (Joost Waversveld) Date: Fri Jun 2 10:00:31 2006 Subject: Another call for improvements In-Reply-To: <447CB0F3.5070401@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: <447FFE21.50305@waversveld.nl> In sendmail you have the ability to show where sendmail will send the email to by doing an sendmail -bv info@domain.tld. Sendmail then just tells you what he should do, where he will deliver the email. Is it possible to create something similar for MailScanner? By MailScanner I think of the settings for spam scanning, virus scanning, etc. For example, I do an: MailScanner -bv info@domain.tld and I get as output: Low Scoring Spam: 6 High Scoring Spam: 10 Non-Spam-Action: deliver Spam-Action: delete Scan Virus: no etc... (every settings you can alter with an ruleset?) So you can easily check the settings for the email address just entered? Sometimes it's difficult to see what specific settings there are for an emailaddress :D Regards, Joost Waversveld Julian Field wrote: > Any of you got any features which you really need? > I don't guarantee to implement them, or even consider them :-) > > Anything you don't like, anything you particularly like (gratitude is > always welcome :-) I'm a right sucker for it :-) > > At the moment there aren't any features people want, other than a 200% > speed improvement which I've done my best for in the past. > > Don't ignore anything you have asked for in the past, consider them > forgotten :-( > > Regards, > Jules. > From MailScanner at ecs.soton.ac.uk Fri Jun 2 10:02:19 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 2 10:02:35 2006 Subject: Can the order of Spam, MCP, Arichiving processing be determined In-Reply-To: <447FF409.8050903@gmail.com> References: <447FBC0F.5080709@gmail.com> <8FB03548-4E28-4B9C-8BD9-47A9DF1C32E7@ecs.soton.ac.uk> <447FF409.8050903@gmail.com> Message-ID: On 2 Jun 2006, at 09:17, Lasantha Marian wrote: > Dear Julian, > > -------- Original Message -------- > From: Julian Field > Date: 02/06/2006 01:19 p >> >> On 2 Jun 2006, at 05:18, Lasantha Marian wrote: >> >>> Hi Everyone ! >>> >>> MailScanner has been a one of the best FOSS tools that I have >>> used and I >>> have deployed at six locations in three countries. It has always >>> served >>> my requirements beyond expectations. Mostly my setups are >>> Postfix/DBMail/MailScanner/SpamAssassin/AVG/ClamAV/F-Prot/F- >>> Secure with >>> one new deployment having Exim as MTA. I am extremely thankful to >>> the >>> wonderful people who are involved the development of MailScnner >>> (this my >>> first time on this list). >> >> Gratitude gratefully received! > Appreciate your prompt reply. >> >>> >>> The Problem (may be a feature request) is that the Archive >>> feature of >>> the MailScanner processes messages before processing Spam and >>> MCP. Which >>> results in having Spam and MCP positive messages being archived. The >>> need is to get the archiving messages which are Spam and MCP >>> negatives >>> only. Unfortunately for me I could not find a way to achieve this. >> >> The spam gets archived into a spam subdirectory of the day's >> quarantine. Just delete the archived spam directory every night. > I use "Archive Mail" option with rule set and forwarding to a > selected account. That is the reason why I am searching the > capability to control at which point the archiving should happen. >> >>> Is there a possibility to decide in which order the processing of >>> Spam, >>> MCP and Archiving can be done (For Spam and MCP the option "First >>> Check >>> = spam" fills the same kind of need) ? If not available is there a >>> possibility to introduce a configuration option to decide the >>> order of >>> processing ? >> >> The data put into the archive is _always_ the contents of the >> message as received by MailScanner, and I have no intention of >> changing that. You can stop viruses going into the archive, but >> that is all. I want the archive as a way of looking at original >> messages if something went wrong. Having mangled messages in the >> archive would destroy the point. > I honor your stance on this. > > But if I were to make the change for my self in my installations, > what modules should I be looking. It's in /usr/sbin/MailScanner. That calls MessageBatch.pm which calls Message.pm. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Fri Jun 2 10:02:40 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 2 10:02:42 2006 Subject: Can the order of Spam, MCP, Arichiving processing be determined In-Reply-To: <447FF409.8050903@gmail.com> References: <447FBC0F.5080709@gmail.com> <8FB03548-4E28-4B9C-8BD9-47A9DF1C32E7@ecs.soton.ac.uk> <447FF409.8050903@gmail.com> Message-ID: <223f97700606020202jb6b6934y22707a535320d0e@mail.gmail.com> On 02/06/06, Lasantha Marian wrote: (snip) > >> The Problem (may be a feature request) is that the Archive feature of > >> the MailScanner processes messages before processing Spam and MCP. Which > >> results in having Spam and MCP positive messages being archived. The > >> need is to get the archiving messages which are Spam and MCP negatives > >> only. Unfortunately for me I could not find a way to achieve this. > > > > The spam gets archived into a spam subdirectory of the day's > > quarantine. Just delete the archived spam directory every night. > I use "Archive Mail" option with rule set and forwarding to a selected > account. That is the reason why I am searching the capability to > control at which point the archiving should happen. If you want to have the cookie _and_ eat it.... Why not use what is already there? Just add the forward to your Non Spam Actions... Of course, these mails will not be in "untouched" condition, but that wouldn't be such a big deal. You could have that _and_ the archive mail->disk feature, and just keep the on-disk archive for a short-ish period;). (snip) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From x72m35 at gmail.com Fri Jun 2 10:29:51 2006 From: x72m35 at gmail.com (Lasantha Marian) Date: Fri Jun 2 10:30:36 2006 Subject: Can the order of Spam, MCP, Arichiving processing be determined In-Reply-To: <223f97700606020202jb6b6934y22707a535320d0e@mail.gmail.com> References: <447FBC0F.5080709@gmail.com> <8FB03548-4E28-4B9C-8BD9-47A9DF1C32E7@ecs.soton.ac.uk> <447FF409.8050903@gmail.com> <223f97700606020202jb6b6934y22707a535320d0e@mail.gmail.com> Message-ID: <4480050F.3020406@gmail.com> Dear Glenn, Thank you very much. You gave me an extremely good alternative work on. Wonderful thing about MailScanner which I have noticed in documentation and which I have not yet thoroughly used is using rules for most of the configuration options. I think I should be using more rules. Best regards, Lasantha. -------- Original Message -------- From: Glenn Steen Date: 02/06/2006 02:32 p > On 02/06/06, Lasantha Marian wrote: > (snip) >> >> The Problem (may be a feature request) is that the Archive feature of >> >> the MailScanner processes messages before processing Spam and MCP. >> Which >> >> results in having Spam and MCP positive messages being archived. The >> >> need is to get the archiving messages which are Spam and MCP >> negatives >> >> only. Unfortunately for me I could not find a way to achieve this. >> > >> > The spam gets archived into a spam subdirectory of the day's >> > quarantine. Just delete the archived spam directory every night. >> I use "Archive Mail" option with rule set and forwarding to a selected >> account. That is the reason why I am searching the capability to >> control at which point the archiving should happen. > > If you want to have the cookie _and_ eat it.... Why not use what is > already there? Just add the forward to your Non Spam Actions... Of > course, these mails will not be in "untouched" condition, but that > wouldn't be such a big deal. You could have that _and_ the archive > mail->disk feature, and just keep the on-disk archive for a short-ish > period;). > > (snip) > From a.peacock at chime.ucl.ac.uk Fri Jun 2 11:11:36 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Jun 2 11:11:46 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: References: <65C0B9C2-50A0-47C4-830D-2F43B1D3CB1D@ecs.soton.ac.uk> <447FEB20.80800@chime.ucl.ac.uk> Message-ID: <44800ED8.4080704@chime.ucl.ac.uk> Hi Julian, Julian Field wrote: > > On 2 Jun 2006, at 08:39, Anthony Peacock wrote: > >> Hi Julian, >> >> Julian Field wrote: >>> On 1 Jun 2006, at 16:30, Kai Schaetzl wrote: >>>> Julian Field wrote on Thu, 1 Jun 2006 14:04:52 +0100: >>>> >>>>> My easy-to-install ClamAV+SA package configures freshclam.conf and >>>>> spamd.conf for you, by commenting out the "Example" lines. >>>> >>>> and then sets the mirror to US ? >>> No, as I don't know what country you might be in. It just gets it >>> working for you, saving new users a nasty catch which will confuse >>> them entirely. Doing things like this annoys me, as they don't >>> produce a nice error message telling the user what they need to do to >>> alleviate the problem. It's a case of "Switch this option on to make >>> anything work, default is off". I know I do it myself, but I do at >>> least generate a polite error message which tells the user they need >>> to set their company name in MailScanner.conf. >>> I am considering removing it from MailScanner. >>> If the %org-name% has not been configured, then I just use the domain >>> name by using Sys::Hostname::Long which is already needed by >>> SpamAssassin so most people have it installed already. I replace the >>> hostname with www to get the website address, and put the same in >>> %org-long-name% as %org-name%. >>> Does that sound rather better than the current "I'm not going to >>> start" behaviour. >> >> I wouldn't really be in favour of this. >> >> A side-effect of the current behaviour is that it forces the person >> installing the system to at least open and look at the config file first. >> >> I don't think anyone should be installing something as important as >> mailscanner without at least understanding what the default options >> are doing. > > But I really hate all those systems which are "broken by default". Very > often after installing something I want to try starting it up to see if > it runs at all or whether I still have stuff left to install such as > other Perl modules in MailScanner's case. The fact that "service > MailScanner start" doesn't work until I start wading into config files, > of which I know neither the name nor the location, really annoys me with > other systems. > > So I don't want to inflict the same annoyance on other people. I agree with you on those systems that just don't work or give uninformative errors. I fully understand your wish to make this as easy as possible for people with minimal experience. And if that makes the difference between completely insecure servers and servers secured by a default MailScanner configuration then I completely support that. Helping people who don't know what they are doing to setup a secure server will make all of our lives easier. Where we disagree is how much of this should be exposed to the person installing the system. We have had similar discussion to this in the past. I respect your view (I just have a slightly different take on it), and really appreciate the work you have put into making a great tool. > I want the system to be intelligent and make up sensible settings for me > until I find where the config files are and how to edit them. I think that picking sensible defaults is a good idea. I haven't used your install script, so I don't know if it requires any user interaction, but one way of picking sensible defaults, and exposing the fact that there is a config file and it should be checked could be to have a call & response section at the start of the install script. Work out the defaults as you suggest above and present these so that pressing return uses them. Much like the build process for Perl (but not as long winded). Something like: >install.sh MailScanner needs some basic information to run. Please supply the following values, press enter to accept the default. You can change these and other important configuration details after installation by editing the configuration file at /opt/MailScanner/etc/MailScanner.conf. Organisation name [CHIME]: Long Organisation name [CHIME]: Web address [www.chime.ucl.ac.uk]: > Always imagine yourself as a complete newbie installing it for the first > time, only half knowing what you are doing with a command-line at all > having been brought up on Windows systems. One of the legacies of Windows will be a generation of people who think being a system administrator only involves running setup.exe and clicking 'next' in the installation wizard. My gripe is not about making life easier for people or about picking sensible defaults it is about somehow making them aware that more thought should be put into setting up a system at the same time. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The problem with defending the purity of the English language is that English is about as pure as a cribhouse whore. We don't just borrow words; on occasion, English has pursued other languages down alleyways to beat them unconscious and rifle their pockets for new vocabulary." -- James D. Nicoll From MailScanner at ecs.soton.ac.uk Fri Jun 2 14:16:20 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 2 14:16:49 2006 Subject: World Tour, was Re: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <4473268E.B662.0038.0@tac.esi.net> References: X <4473268E.B662.0038.0@tac.esi.net> Message-ID: I have set up a page on the wiki devoted to a possible World Tour so I can come and meet some of you and say Hi, possibly involving a couple of nights on your sofa to see the city/town/village/country you live in. Please could you add some details of where you are (Google Earth links might be an idea), when are the best times of year, and stuff like that. Your name would be really useful too! There is a "World Tour" section at the bottom of the front page of wiki.mailscanner.info. There are a few suggested sections in it but feel free to do your own thing, just don't delete any real content. Thanks folks! Jules. On 23 May 2006, at 20:13, Chris Hammond wrote: > > >>>> MailScanner@ecs.soton.ac.uk 05/23/06 2:55 pm >>> > >>> Well as much as I am proud to be a Hoosier, (I actually consider >>> myself a Texan, spent 16 years there in the USAF, married, both sons >>> born there) you only have three weeks! > >> I have been to DC and NY before, so don't need to stop there for >> long, >> if at all, just to say hello. I might go to DC this summer for a few >> days anyway (Steve ---- you up for that?) > > If you do, come south a little and we can feed you plenty of > seafood and > beer. :) > >>> You should see DC, New York, and the Pacific Northwest >>> (Seattle/Alaska). A whirlwind "MailScanner World Tour" should see >>> the >>> sights first. Indiana can only offer home town hospitality, good >>> cookin', and friendly people. If you come, we would love to have >>> you. > >> That's great, thanks! I might be able to stretch it a bit, or else I >> will have to splite it into 2 trips (or is that 3 now, including S.A. >> and New Zealand?) > > Get that donation site setup. I'm sure you could get enough to > offset the > cost of the trip and maybe pay and extra couple of week of salary > to give > you more time to take things in. > >> A U.S. only tour sounds increasingly likely here. I could do >> Alaska and >> Canada in a separate trip. (My G*d, this is turning into a set of >> trips, >> we're up to 3 now!) > > If it keeps going like this, you may just want to move to the US > for 6 months, > then Canada for a few, then....... > >>> Do it on a motorcycle, you would never be the same ;^) >> Probably spread all over the road like tomato paste :- ) > > Naa, stay away from the motorcycles. We would all go insane and > kill ourselves > if we didn't have you around to help us keep our spam under > control. :) > > Chris > -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From Q.G.Campbell at newcastle.ac.uk Fri Jun 2 14:22:13 2006 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Fri Jun 2 14:22:30 2006 Subject: MCP-Checker (MCP timed out) - Answer: MCP spamassassin timing out Message-ID: <4165CF7A7F12DE4B96622CCBB90586470730CB57@largo.campus.ncl.ac.uk> Have identified the cause and found a work around but am worried that a simple message could give rise to this problem. Am getting the MCP checker "timed out" message because the invocation of 'spamassassin' that is run for MCP processing is timing out for the messages in question. It will do this even if I have an _empty_ 'mcp' subdirectory! I note from MailScanner.conf in 4.51.6-1 that the timeout values for the MCP and non-MCP invocations of 'spamassassin' are different. For the former it is only 10 seconds while for the latter it is 75 seconds! That explains why I only see the probem when the MCP check is done. The default values set by Julian are: SpamAssassin Timeout = 75 MCP SpamAssassin Timeout = 10 The work around was to change in MailScanner.conf the 'MCP SpamAssassin Timeout' value from 10 to 75 (seconds). Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ Any opinion expressed above is mine and not that of Newcastle University. >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >Of Quentin Campbell >Sent: 02 June 2006 08:54 >To: MailScanner discussion >Subject: RE: MCP-Checker (MCP timed out) - what is happening? > >Jeremy > >Have run 'spamassassin --siteconfigpath=/etc/MailScanner/mcp >--lint' and >this shows no problems. In my case I have more than one *.cf file in >~/mcp. > >I have found 59 instances of this problem occurring over the last 8 >weeks. That is a tiny number compared to the 1,000,000 or so >messages we >receive per day so the problem seems to arise out of a very special set >of circumstances. > >Not just mail from 'intl.pepsico.com' is involved although that site >accounts for a significant proportion of the 59 cases. At least two >different people sending mail from that site have beem affected. > >A full extract of log records for one such instance is: > >Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: >from=, size=2953, class=0, nrcpts=1, >msgid=<933D22EF8B0CA249BC3C5056C06FCE2201FCBB9D@pepwmu00262.cww >.pep.pvt> >, proto=ESMTP, daemon=MTA, relay=pepwmz00096.pbsg.com [195.33.104.10] > >Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: Milter add: >header: Received-SPF: none (cheviot2.ncl.ac.uk: domain of >xxx.yyy@intl.pepsico.com does not designate permitted sender hosts) > >Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: >to=, delay=00:00:00, mailer=esmtp, pri=32953, >stat=queued > >Jun 1 10:12:39 cheviot2 MailScanner[22318]: Message >k519CLJN025995 from >195.33.104.10 (xxx.yyy@intl.pepsico.com) to newcastle.ac.uk is MCP, >MCP-Checker (MCP timed out) > >Jun 1 10:12:39 cheviot2 MailScanner[22318]: MCP Actions: message >k519CLJN025995 actions are deliver > >At this point the message disappears from the queue. It is not >delivered >and the log records above confirm this. > >I am running with MailScanner-4.51.6-1 and SpamAssassin 3.1.1. > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >--------------------------------------------------------------- >--------- >Any opinion expressed above is mine and not that of Newcastle >University. > > >>-----Original Message----- >>From: mailscanner-bounces@lists.mailscanner.info >>[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>Of Jeremy Blonde >>Sent: 01 June 2006 17:08 >>To: MailScanner discussion >>Subject: RE: MCP-Checker (MCP timed out) - what is ahppening? >> >>I ran into this same problem. I had to delete my existing mcp >>rule file >>and re-create it. Apparently, I had added a typo somewhere. >> >> >>Jeremy Blonde >>Instructional Technology - Server Support >>Grant Joint Union School District >> >> >>-----Original Message----- >>From: mailscanner-bounces@lists.mailscanner.info >>[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>Of Quentin >>Campbell >>Sent: Thursday, June 01, 2006 9:00 AM >>To: mailscanner@lists.mailscanner.info >>Subject: MCP-Checker (MCP timed out) - what is ahppening? >> >>I am seeing for one sender the following record in the logs: >> >>Jun 1 10:13:57 cheviot1 MailScanner[425]: Message k519DcIG001362 from >>195.33.10 4.10 (xxx.yyy@intl.pepsico.com) to newcastle.ac.uk is MCP, >>MCP-Checker (MCP timed out) >> >>The mail is disappearing. What might be the cause? >> >>Quentin >>--- >>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>--------------------------------------------------------------- >>--------- >>Any opinion expressed above is mine and not that of Newcastle >>University. >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! >> >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > From Q.G.Campbell at newcastle.ac.uk Fri Jun 2 14:39:22 2006 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Fri Jun 2 14:39:26 2006 Subject: MCP-Checker (MCP timed out) - More details of the cause Message-ID: <4165CF7A7F12DE4B96622CCBB90586470730CB63@largo.campus.ncl.ac.uk> The delay in 'spamassassin' for the particular site is apparently caused while SA tries to do a DNS PTR lookup for the IP addresses in the 'Received:" lines. It seems that the NS for the site is very slow to respond: ... [19506] dbg: dns: looking up PTR record for '165.198.2.156' [19506] dbg: dns: PTR for '165.198.2.156': '' [19506] dbg: received-header: parsed as [ ip=165.198.2.156 rdns= helo=pepwmr00040.cww.pep.pvt by=pepwmz00096.pbsg.com ident= envfrom= intl=0 id= auth= ] [19506] dbg: received-header: relay 165.198.2.156 trusted? no internal? no [19506] dbg: dns: looking up PTR record for '165.198.2.160' [19506] dbg: dns: PTR for '165.198.2.160': '' [19506] dbg: received-header: parsed as [ ip=165.198.2.160 rdns= helo=pepwmr00029.cww.pep.pvt by=pepwmr00040.cww.pep.pvt ident= envfrom= intl=0 id= auth= ] [19506] dbg: received-header: relay 165.198.2.160 trusted? no internal? no [19506] dbg: dns: looking up PTR record for '165.198.22.184' [19506] dbg: dns: PTR for '165.198.22.184': '' [19506] dbg: received-header: parsed as [ ip=165.198.22.184 rdns= helo=pepwmu00265.cww.pep.pvt by=pepwmr00029.cww.pep.pvt ident= envfrom= intl=0 id= auth= ] [19506] dbg: received-header: relay 165.198.22.184 trusted? no internal? no [19506] dbg: dns: looking up PTR record for '165.198.218.84' [19506] dbg: dns: PTR for '165.198.218.84': '' [19506] dbg: received-header: parsed as [ ip=165.198.218.84 rdns= helo=pepwmu00262.cww.pep.pvt by=pepwmu00265.cww.pep.pvt ident= envfrom= intl=0 id= auth= ] [19506] dbg: received-header: relay 165.198.218.84 trusted? no internal? no ... However it is not clear why this slows down the invocation of SA for MCP checks since the 'Received:' header lines should not be part of what is scanned at that point. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ Any opinion expressed above is mine and not that of Newcastle University. >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >Of Quentin Campbell >Sent: 02 June 2006 14:22 >To: MailScanner discussion >Subject: RE: MCP-Checker (MCP timed out) - Answer: MCP >spamassassin timingout > >Have identified the cause and found a work around but am worried that a >simple message could give rise to this problem. > >Am getting the MCP checker "timed out" message because the >invocation of >'spamassassin' that is run for MCP processing is timing out for the >messages in question. It will do this even if I have an _empty_ 'mcp' >subdirectory! > >I note from MailScanner.conf in 4.51.6-1 that the timeout >values for the >MCP and non-MCP invocations of 'spamassassin' are different. For the >former it is only 10 seconds while for the latter it is 75 >seconds! That >explains why I only see the probem when the MCP check is done. The >default values set by Julian are: > >SpamAssassin Timeout = 75 >MCP SpamAssassin Timeout = 10 > >The work around was to change in MailScanner.conf the 'MCP SpamAssassin >Timeout' value from 10 to 75 (seconds). > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >--------------------------------------------------------------- >--------- >Any opinion expressed above is mine and not that of Newcastle >University. > > >>-----Original Message----- >>From: mailscanner-bounces@lists.mailscanner.info >>[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>Of Quentin Campbell >>Sent: 02 June 2006 08:54 >>To: MailScanner discussion >>Subject: RE: MCP-Checker (MCP timed out) - what is happening? >> >>Jeremy >> >>Have run 'spamassassin --siteconfigpath=/etc/MailScanner/mcp >>--lint' and >>this shows no problems. In my case I have more than one *.cf file in >>~/mcp. >> >>I have found 59 instances of this problem occurring over the last 8 >>weeks. That is a tiny number compared to the 1,000,000 or so >>messages we >>receive per day so the problem seems to arise out of a very >special set >>of circumstances. >> >>Not just mail from 'intl.pepsico.com' is involved although that site >>accounts for a significant proportion of the 59 cases. At least two >>different people sending mail from that site have beem affected. >> >>A full extract of log records for one such instance is: >> >>Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: >>from=, size=2953, class=0, nrcpts=1, >>msgid=<933D22EF8B0CA249BC3C5056C06FCE2201FCBB9D@pepwmu00262.cww >>.pep.pvt> >>, proto=ESMTP, daemon=MTA, relay=pepwmz00096.pbsg.com [195.33.104.10] >> >>Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: Milter add: >>header: Received-SPF: none (cheviot2.ncl.ac.uk: domain of >>xxx.yyy@intl.pepsico.com does not designate permitted sender hosts) >> >>Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: >>to=, delay=00:00:00, mailer=esmtp, pri=32953, >>stat=queued >> >>Jun 1 10:12:39 cheviot2 MailScanner[22318]: Message >>k519CLJN025995 from >>195.33.104.10 (xxx.yyy@intl.pepsico.com) to newcastle.ac.uk is MCP, >>MCP-Checker (MCP timed out) >> >>Jun 1 10:12:39 cheviot2 MailScanner[22318]: MCP Actions: message >>k519CLJN025995 actions are deliver >> >>At this point the message disappears from the queue. It is not >>delivered >>and the log records above confirm this. >> >>I am running with MailScanner-4.51.6-1 and SpamAssassin 3.1.1. >> >>Quentin >>--- >>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>--------------------------------------------------------------- >>--------- >>Any opinion expressed above is mine and not that of Newcastle >>University. >> >> >>>-----Original Message----- >>>From: mailscanner-bounces@lists.mailscanner.info >>>[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>Of Jeremy Blonde >>>Sent: 01 June 2006 17:08 >>>To: MailScanner discussion >>>Subject: RE: MCP-Checker (MCP timed out) - what is ahppening? >>> >>>I ran into this same problem. I had to delete my existing mcp >>>rule file >>>and re-create it. Apparently, I had added a typo somewhere. >>> >>> >>>Jeremy Blonde >>>Instructional Technology - Server Support >>>Grant Joint Union School District >>> >>> >>>-----Original Message----- >>>From: mailscanner-bounces@lists.mailscanner.info >>>[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>Of Quentin >>>Campbell >>>Sent: Thursday, June 01, 2006 9:00 AM >>>To: mailscanner@lists.mailscanner.info >>>Subject: MCP-Checker (MCP timed out) - what is ahppening? >>> >>>I am seeing for one sender the following record in the logs: >>> >>>Jun 1 10:13:57 cheviot1 MailScanner[425]: Message >k519DcIG001362 from >>>195.33.10 4.10 (xxx.yyy@intl.pepsico.com) to newcastle.ac.uk is MCP, >>>MCP-Checker (MCP timed out) >>> >>>The mail is disappearing. What might be the cause? >>> >>>Quentin >>>--- >>>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>> University of Newcastle, >>> Newcastle upon Tyne, >>>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>--------------------------------------------------------------- >>>--------- >>>Any opinion expressed above is mine and not that of Newcastle >>>University. >>>-- >>>MailScanner mailing list >>>mailscanner@lists.mailscanner.info >>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>>Before posting, read http://wiki.mailscanner.info/posting >>> >>>Support MailScanner development - buy the book off the website! >>>-- >>>MailScanner mailing list >>>mailscanner@lists.mailscanner.info >>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>>Before posting, read http://wiki.mailscanner.info/posting >>> >>>Support MailScanner development - buy the book off the website! >>> >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! >> >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > From Mailscanner at mailing.kaufland-informationssysteme.com Fri Jun 2 14:53:31 2006 From: Mailscanner at mailing.kaufland-informationssysteme.com (Matthias Sutter) Date: Fri Jun 2 14:53:35 2006 Subject: Many [MailScanner] Message-ID: <448042DB.7080209@mailing.kaufland-informationssysteme.com> Hi all, can somebody explain me why I have some "[MailScanner] ". I use MailScanner-4.54.6-1 on a Suse Linux 10.1. Thanks Matthias exim 10972 0.0 0.0 13148 848 ? Ss Jun01 0:04 /opt/exim/bin/exim -C /opt/exim/configure.in -bd exim 8659 0.0 0.0 13156 528 ? S 15:49 0:00 \_ /opt/exim/bin/exim -C /opt/exim/configure.in -bd exim 8660 0.0 0.0 13156 528 ? S 15:49 0:00 \_ /opt/exim/bin/exim -C /opt/exim/configure.in -bd exim 8661 0.0 0.0 13156 528 ? S 15:49 0:00 \_ /opt/exim/bin/exim -C /opt/exim/configure.in -bd exim 10992 0.0 0.9 57800 29516 ? Ss Jun01 0:00 MailScanner: starting child exim 18355 0.2 2.0 98388 63572 ? S 14:17 0:13 \_ MailScanner: waiting for messages exim 8308 0.0 0.0 0 0 ? Z 15:47 0:00 | \_ [MailScanner] exim 18397 0.1 2.0 97328 62572 ? S 14:17 0:08 \_ MailScanner: waiting for messages exim 8438 0.0 0.0 0 0 ? Z 15:48 0:00 | \_ [MailScanner] exim 18431 0.2 2.0 97828 63072 ? S 14:17 0:15 \_ MailScanner: waiting for messages exim 8127 0.0 0.0 0 0 ? Z 15:47 0:00 | \_ [MailScanner] exim 18449 0.2 2.0 97608 62852 ? S 14:18 0:12 \_ MailScanner: waiting for messages exim 8360 0.0 0.0 0 0 ? Z 15:47 0:00 | \_ [MailScanner] exim 18481 0.2 2.0 97224 62384 ? S 14:18 0:13 \_ MailScanner: waiting for messages exim 8536 0.0 0.0 0 0 ? Z 15:49 0:00 | \_ [MailScanner] exim 18843 0.1 2.0 97312 62556 ? S 14:19 0:10 \_ MailScanner: virus scanning exim 8666 22.0 0.3 16400 10156 ? Rs 15:49 0:00 | \_ /usr/local/Sophos/bin/sweep -sc -f -all -rec ss -archive -cab -loopback --no-follow- exim 18954 0.2 2.0 97636 62880 ? S 14:20 0:12 \_ MailScanner: waiting for messages exim 8642 0.2 0.0 0 0 ? Z 15:49 0:00 | \_ [MailScanner] exim 19046 0.2 2.0 97324 62568 ? S 14:20 0:12 \_ MailScanner: waiting for messages exim 8628 0.1 0.0 0 0 ? Z 15:49 0:00 | \_ [MailScanner] exim 19225 0.2 2.0 97384 62628 ? S 14:21 0:10 \_ MailScanner: waiting for messages exim 8651 0.2 0.0 0 0 ? Z 15:49 0:00 | \_ [MailScanner] exim 19355 0.1 2.0 97292 62428 ? S 14:22 0:09 \_ MailScanner: waiting for messages exim 8605 0.0 0.0 0 0 ? Z 15:49 0:00 \_ [MailScanner] exim 19364 0.0 1.0 67544 32952 ? S 14:22 0:01 MailWatch SQL root 8106 0.0 0.0 11864 1724 ? Ss 15:47 0:00 /opt/exim/bin/exim -C /opt/exim/configure.out -Mc 1Fm9zT-00026j-CS exim 8107 0.0 0.0 12932 1336 ? S 15:47 0:00 \_ /opt/exim/bin/exim -C /opt/exim/configure.out -Mc 1Fm9zT-00026j-CS root 8656 0.0 0.0 11860 1724 ? Ss 15:49 0:00 /opt/exim/bin/exim -C /opt/exim/configure.out -Mc 1FmA1v-0002Fb-0Z exim 8657 0.0 0.0 12928 1384 ? S 15:49 0:00 \_ /opt/exim/bin/exim -C /opt/exim/configure.out -Mc 1FmA1v-0002Fb-0Z From MailScanner at ecs.soton.ac.uk Fri Jun 2 15:19:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 2 15:21:26 2006 Subject: MCP-Checker (MCP timed out) - Answer: MCP spamassassin timing out In-Reply-To: <4165CF7A7F12DE4B96622CCBB90586470730CB57@largo.campus.ncl.ac.uk> References: <4165CF7A7F12DE4B96622CCBB90586470730CB57@largo.campus.ncl.ac.uk> Message-ID: <3CD8AF69-7F86-41CE-A69B-C2C911D5E9FB@ecs.soton.ac.uk> On 2 Jun 2006, at 14:22, Quentin Campbell wrote: > Have identified the cause and found a work around but am worried > that a > simple message could give rise to this problem. > > Am getting the MCP checker "timed out" message because the > invocation of > 'spamassassin' that is run for MCP processing is timing out for the > messages in question. It will do this even if I have an _empty_ 'mcp' > subdirectory! > > I note from MailScanner.conf in 4.51.6-1 that the timeout values > for the > MCP and non-MCP invocations of 'spamassassin' are different. For the > former it is only 10 seconds while for the latter it is 75 seconds! > That > explains why I only see the probem when the MCP check is done. The > default values set by Julian are: > > SpamAssassin Timeout = 75 > MCP SpamAssassin Timeout = 10 > > The work around was to change in MailScanner.conf the 'MCP > SpamAssassin > Timeout' value from 10 to 75 (seconds). The reason the timeout is much smaller is that it is not doing any network-based checks, just a very small selection of SpamAssassin rules. So it shouldn't take anything like as long as the SpamAssassin call for identifying spam. If it is taking 75 seconds to check a message against about 10 rules and nothing else, then there is a problem somewhere. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From Q.G.Campbell at newcastle.ac.uk Fri Jun 2 15:55:19 2006 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Fri Jun 2 15:55:25 2006 Subject: MCP-Checker (MCP timed out) - More details of the cause Message-ID: <4165CF7A7F12DE4B96622CCBB90586470730CBCB@largo.campus.ncl.ac.uk> Re. my message below the output I provided is a result of running 'spamassassin -t ...' on a sample message which includes the Received: headers. When they are removed then 'spamassassin' runs very quickly. The inference that I draw from this is that when the message is being run through the production MailScanner set up here, some DNS checks are being carried out during MCP processing. The DNS delays are most likely being caused by the same IP addresses that appear in the Received: headers. Unlikely I know but it is the only explanation I can find. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ Any opinion expressed above is mine and not that of Newcastle University. >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >Of Quentin Campbell >Sent: 02 June 2006 14:39 >To: MailScanner discussion >Subject: RE: MCP-Checker (MCP timed out) - More details of the cause > >The delay in 'spamassassin' for the particular site is >apparently caused >while SA tries to do a DNS PTR lookup for the IP addresses in the >'Received:" lines. It seems that the NS for the site is very slow to >respond: > >... >[19506] dbg: dns: looking up PTR record for '165.198.2.156' >[19506] dbg: dns: PTR for '165.198.2.156': '' >[19506] dbg: received-header: parsed as [ ip=165.198.2.156 rdns= >helo=pepwmr00040.cww.pep.pvt by=pepwmz00096.pbsg.com ident= envfrom= >intl=0 id= auth= ] >[19506] dbg: received-header: relay 165.198.2.156 trusted? no internal? >no >[19506] dbg: dns: looking up PTR record for '165.198.2.160' >[19506] dbg: dns: PTR for '165.198.2.160': '' >[19506] dbg: received-header: parsed as [ ip=165.198.2.160 rdns= >helo=pepwmr00029.cww.pep.pvt by=pepwmr00040.cww.pep.pvt ident= envfrom= >intl=0 id= auth= ] >[19506] dbg: received-header: relay 165.198.2.160 trusted? no internal? >no >[19506] dbg: dns: looking up PTR record for '165.198.22.184' >[19506] dbg: dns: PTR for '165.198.22.184': '' >[19506] dbg: received-header: parsed as [ ip=165.198.22.184 rdns= >helo=pepwmu00265.cww.pep.pvt by=pepwmr00029.cww.pep.pvt ident= envfrom= >intl=0 id= auth= ] >[19506] dbg: received-header: relay 165.198.22.184 trusted? no >internal? >no >[19506] dbg: dns: looking up PTR record for '165.198.218.84' >[19506] dbg: dns: PTR for '165.198.218.84': '' >[19506] dbg: received-header: parsed as [ ip=165.198.218.84 rdns= >helo=pepwmu00262.cww.pep.pvt by=pepwmu00265.cww.pep.pvt ident= envfrom= >intl=0 id= auth= ] >[19506] dbg: received-header: relay 165.198.218.84 trusted? no >internal? >no >... > >However it is not clear why this slows down the invocation of >SA for MCP >checks since the 'Received:' header lines should not be part of what is >scanned at that point. > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >--------------------------------------------------------------- >--------- >Any opinion expressed above is mine and not that of Newcastle >University. > > >>-----Original Message----- >>From: mailscanner-bounces@lists.mailscanner.info >>[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>Of Quentin Campbell >>Sent: 02 June 2006 14:22 >>To: MailScanner discussion >>Subject: RE: MCP-Checker (MCP timed out) - Answer: MCP >>spamassassin timingout >> >>Have identified the cause and found a work around but am >worried that a >>simple message could give rise to this problem. >> >>Am getting the MCP checker "timed out" message because the >>invocation of >>'spamassassin' that is run for MCP processing is timing out for the >>messages in question. It will do this even if I have an _empty_ 'mcp' >>subdirectory! >> >>I note from MailScanner.conf in 4.51.6-1 that the timeout >>values for the >>MCP and non-MCP invocations of 'spamassassin' are different. For the >>former it is only 10 seconds while for the latter it is 75 >>seconds! That >>explains why I only see the probem when the MCP check is done. The >>default values set by Julian are: >> >>SpamAssassin Timeout = 75 >>MCP SpamAssassin Timeout = 10 >> >>The work around was to change in MailScanner.conf the 'MCP >SpamAssassin >>Timeout' value from 10 to 75 (seconds). >> >>Quentin >>--- >>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>--------------------------------------------------------------- >>--------- >>Any opinion expressed above is mine and not that of Newcastle >>University. >> >> >>>-----Original Message----- >>>From: mailscanner-bounces@lists.mailscanner.info >>>[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>Of Quentin Campbell >>>Sent: 02 June 2006 08:54 >>>To: MailScanner discussion >>>Subject: RE: MCP-Checker (MCP timed out) - what is happening? >>> >>>Jeremy >>> >>>Have run 'spamassassin --siteconfigpath=/etc/MailScanner/mcp >>>--lint' and >>>this shows no problems. In my case I have more than one *.cf file in >>>~/mcp. >>> >>>I have found 59 instances of this problem occurring over the last 8 >>>weeks. That is a tiny number compared to the 1,000,000 or so >>>messages we >>>receive per day so the problem seems to arise out of a very >>special set >>>of circumstances. >>> >>>Not just mail from 'intl.pepsico.com' is involved although that site >>>accounts for a significant proportion of the 59 cases. At least two >>>different people sending mail from that site have beem affected. >>> >>>A full extract of log records for one such instance is: >>> >>>Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: >>>from=, size=2953, class=0, nrcpts=1, >>>msgid=<933D22EF8B0CA249BC3C5056C06FCE2201FCBB9D@pepwmu00262.cww >>>.pep.pvt> >>>, proto=ESMTP, daemon=MTA, relay=pepwmz00096.pbsg.com [195.33.104.10] >>> >>>Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: Milter add: >>>header: Received-SPF: none (cheviot2.ncl.ac.uk: domain of >>>xxx.yyy@intl.pepsico.com does not designate permitted sender hosts) >>> >>>Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: >>>to=, delay=00:00:00, mailer=esmtp, >pri=32953, >>>stat=queued >>> >>>Jun 1 10:12:39 cheviot2 MailScanner[22318]: Message >>>k519CLJN025995 from >>>195.33.104.10 (xxx.yyy@intl.pepsico.com) to newcastle.ac.uk is MCP, >>>MCP-Checker (MCP timed out) >>> >>>Jun 1 10:12:39 cheviot2 MailScanner[22318]: MCP Actions: message >>>k519CLJN025995 actions are deliver >>> >>>At this point the message disappears from the queue. It is not >>>delivered >>>and the log records above confirm this. >>> >>>I am running with MailScanner-4.51.6-1 and SpamAssassin 3.1.1. >>> >>>Quentin >>>--- >>>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>> University of Newcastle, >>> Newcastle upon Tyne, >>>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>--------------------------------------------------------------- >>>--------- >>>Any opinion expressed above is mine and not that of Newcastle >>>University. >>> >>> >>>>-----Original Message----- >>>>From: mailscanner-bounces@lists.mailscanner.info >>>>[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>>Of Jeremy Blonde >>>>Sent: 01 June 2006 17:08 >>>>To: MailScanner discussion >>>>Subject: RE: MCP-Checker (MCP timed out) - what is ahppening? >>>> >>>>I ran into this same problem. I had to delete my existing mcp >>>>rule file >>>>and re-create it. Apparently, I had added a typo somewhere. >>>> >>>> >>>>Jeremy Blonde >>>>Instructional Technology - Server Support >>>>Grant Joint Union School District >>>> >>>> >>>>-----Original Message----- >>>>From: mailscanner-bounces@lists.mailscanner.info >>>>[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>>Of Quentin >>>>Campbell >>>>Sent: Thursday, June 01, 2006 9:00 AM >>>>To: mailscanner@lists.mailscanner.info >>>>Subject: MCP-Checker (MCP timed out) - what is ahppening? >>>> >>>>I am seeing for one sender the following record in the logs: >>>> >>>>Jun 1 10:13:57 cheviot1 MailScanner[425]: Message >>k519DcIG001362 from >>>>195.33.10 4.10 (xxx.yyy@intl.pepsico.com) to newcastle.ac.uk is MCP, >>>>MCP-Checker (MCP timed out) >>>> >>>>The mail is disappearing. What might be the cause? >>>> >>>>Quentin >>>>--- >>>>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>>> University of Newcastle, >>>> Newcastle upon Tyne, >>>>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>>--------------------------------------------------------------- >>>>--------- >>>>Any opinion expressed above is mine and not that of Newcastle >>>>University. >>>>-- >>>>MailScanner mailing list >>>>mailscanner@lists.mailscanner.info >>>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>>Before posting, read http://wiki.mailscanner.info/posting >>>> >>>>Support MailScanner development - buy the book off the website! >>>>-- >>>>MailScanner mailing list >>>>mailscanner@lists.mailscanner.info >>>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>>Before posting, read http://wiki.mailscanner.info/posting >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>-- >>>MailScanner mailing list >>>mailscanner@lists.mailscanner.info >>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>>Before posting, read http://wiki.mailscanner.info/posting >>> >>>Support MailScanner development - buy the book off the website! >>> >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! >> >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > From Kevin_Miller at ci.juneau.ak.us Fri Jun 2 16:24:17 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Jun 2 16:24:27 2006 Subject: [Clamav-users] Problem with internal logger Message-ID: Anthony Peacock wrote: > Hi Julian, > > Julian Field wrote: >> >> On 1 Jun 2006, at 16:30, Kai Schaetzl wrote: >> >>> Julian Field wrote on Thu, 1 Jun 2006 14:04:52 +0100: >>> >>>> My easy-to-install ClamAV+SA package configures freshclam.conf and >>>> spamd.conf for you, by commenting out the "Example" lines. >>> >>> and then sets the mirror to US ? >> >> No, as I don't know what country you might be in. It just gets it >> working for you, saving new users a nasty catch which will confuse >> them entirely. Doing things like this annoys me, as they don't >> produce a nice error message telling the user what they need to do >> to alleviate the problem. It's a case of "Switch this option on to >> make anything work, default is off". I know I do it myself, but I do >> at least generate a polite error message which tells the user they >> need to set their company name in MailScanner.conf. >> >> I am considering removing it from MailScanner. >> If the %org-name% has not been configured, then I just use the domain >> name by using Sys::Hostname::Long which is already needed by >> SpamAssassin so most people have it installed already. I replace the >> hostname with www to get the website address, and put the same in >> %org-long-name% as %org-name%. >> >> Does that sound rather better than the current "I'm not going to >> start" behaviour. > > I wouldn't really be in favour of this. > > A side-effect of the current behaviour is that it forces the person > installing the system to at least open and look at the config file > first. > > I don't think anyone should be installing something as important as > mailscanner without at least understanding what the default options > are doing. I think it's a good idea. Only thing I'd do differently is to use the hostname instead of www + domain-name. That would keep it shorter (I like concise), and the comments mention that periods sometimes hose the Symantic virus scanner or something to that effect. Don't use Symantic so didn't pay too close attention. Maybe I'm just being grumpy, but I think anybody installing something like MailScanner w/o looking at the docs deserves what they get! Just my inflation adjusted, subject to federal, state and local taxes, $.02 worth... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From MailScanner at ecs.soton.ac.uk Fri Jun 2 16:41:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 2 16:42:15 2006 Subject: Many [MailScanner] In-Reply-To: <448042DB.7080209@mailing.kaufland-informationssysteme.com> References: <448042DB.7080209@mailing.kaufland-informationssysteme.com> Message-ID: Are the same ones there all the time, or do the process ids (the number in the 2nd column) keep changing pretty frequently? If they keep changing, don't worry, this is an intentional design decision. It is faster to reap lots of zombies at once than it is to reap them all one at a time. Makes quite a big speed difference, despite looking a little ugly. On 2 Jun 2006, at 14:53, Matthias Sutter wrote: > Hi all, > > can somebody explain me why I have some "[MailScanner] ". > I use MailScanner-4.54.6-1 on a Suse Linux 10.1. > > Thanks > Matthias > > exim 10972 0.0 0.0 13148 848 ? Ss Jun01 0:04 / > opt/exim/bin/exim -C /opt/exim/configure.in -bd > exim 8659 0.0 0.0 13156 528 ? S 15:49 0:00 > \_ /opt/exim/bin/exim -C /opt/exim/configure.in -bd > exim 8660 0.0 0.0 13156 528 ? S 15:49 0:00 > \_ /opt/exim/bin/exim -C /opt/exim/configure.in -bd > exim 8661 0.0 0.0 13156 528 ? S 15:49 0:00 > \_ /opt/exim/bin/exim -C /opt/exim/configure.in -bd > exim 10992 0.0 0.9 57800 29516 ? Ss Jun01 0:00 > MailScanner: starting child > exim 18355 0.2 2.0 98388 63572 ? S 14:17 0:13 > \_ MailScanner: waiting for messages > exim 8308 0.0 0.0 0 0 ? Z 15:47 0:00 > | \_ [MailScanner] > exim 18397 0.1 2.0 97328 62572 ? S 14:17 0:08 > \_ MailScanner: waiting for messages > exim 8438 0.0 0.0 0 0 ? Z 15:48 0:00 > | \_ [MailScanner] > exim 18431 0.2 2.0 97828 63072 ? S 14:17 0:15 > \_ MailScanner: waiting for messages > exim 8127 0.0 0.0 0 0 ? Z 15:47 0:00 > | \_ [MailScanner] > exim 18449 0.2 2.0 97608 62852 ? S 14:18 0:12 > \_ MailScanner: waiting for messages > exim 8360 0.0 0.0 0 0 ? Z 15:47 0:00 > | \_ [MailScanner] > exim 18481 0.2 2.0 97224 62384 ? S 14:18 0:13 > \_ MailScanner: waiting for messages > exim 8536 0.0 0.0 0 0 ? Z 15:49 0:00 > | \_ [MailScanner] > exim 18843 0.1 2.0 97312 62556 ? S 14:19 0:10 > \_ MailScanner: virus scanning > exim 8666 22.0 0.3 16400 10156 ? Rs 15:49 0:00 > | \_ /usr/local/Sophos/bin/sweep -sc -f -all -rec ss -archive - > cab -loopback --no-follow- > exim 18954 0.2 2.0 97636 62880 ? S 14:20 0:12 > \_ MailScanner: waiting for messages > exim 8642 0.2 0.0 0 0 ? Z 15:49 0:00 > | \_ [MailScanner] > exim 19046 0.2 2.0 97324 62568 ? S 14:20 0:12 > \_ MailScanner: waiting for messages > exim 8628 0.1 0.0 0 0 ? Z 15:49 0:00 > | \_ [MailScanner] > exim 19225 0.2 2.0 97384 62628 ? S 14:21 0:10 > \_ MailScanner: waiting for messages > exim 8651 0.2 0.0 0 0 ? Z 15:49 0:00 > | \_ [MailScanner] > exim 19355 0.1 2.0 97292 62428 ? S 14:22 0:09 > \_ MailScanner: waiting for messages > exim 8605 0.0 0.0 0 0 ? Z 15:49 > 0:00 \_ [MailScanner] > exim 19364 0.0 1.0 67544 32952 ? S 14:22 0:01 > MailWatch SQL > root 8106 0.0 0.0 11864 1724 ? Ss 15:47 0:00 / > opt/exim/bin/exim -C /opt/exim/configure.out -Mc 1Fm9zT-00026j-CS > exim 8107 0.0 0.0 12932 1336 ? S 15:47 0:00 > \_ /opt/exim/bin/exim -C /opt/exim/configure.out -Mc 1Fm9zT-00026j-CS > root 8656 0.0 0.0 11860 1724 ? Ss 15:49 0:00 / > opt/exim/bin/exim -C /opt/exim/configure.out -Mc 1FmA1v-0002Fb-0Z > exim 8657 0.0 0.0 12928 1384 ? S 15:49 0:00 > \_ /opt/exim/bin/exim -C /opt/exim/configure.out -Mc 1FmA1v-0002Fb-0Z > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Fri Jun 2 16:44:50 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 2 16:45:06 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: References: Message-ID: On 2 Jun 2006, at 16:24, Kevin Miller wrote: > Anthony Peacock wrote: >> Hi Julian, >> >> Julian Field wrote: >>> >>> On 1 Jun 2006, at 16:30, Kai Schaetzl wrote: >>> >>>> Julian Field wrote on Thu, 1 Jun 2006 14:04:52 +0100: >>>> >>>>> My easy-to-install ClamAV+SA package configures freshclam.conf and >>>>> spamd.conf for you, by commenting out the "Example" lines. >>>> >>>> and then sets the mirror to US ? >>> >>> No, as I don't know what country you might be in. It just gets it >>> working for you, saving new users a nasty catch which will confuse >>> them entirely. Doing things like this annoys me, as they don't >>> produce a nice error message telling the user what they need to do >>> to alleviate the problem. It's a case of "Switch this option on to >>> make anything work, default is off". I know I do it myself, but I do >>> at least generate a polite error message which tells the user they >>> need to set their company name in MailScanner.conf. >>> >>> I am considering removing it from MailScanner. >>> If the %org-name% has not been configured, then I just use the >>> domain >>> name by using Sys::Hostname::Long which is already needed by >>> SpamAssassin so most people have it installed already. I replace the >>> hostname with www to get the website address, and put the same in >>> %org-long-name% as %org-name%. >>> >>> Does that sound rather better than the current "I'm not going to >>> start" behaviour. >> >> I wouldn't really be in favour of this. >> >> A side-effect of the current behaviour is that it forces the person >> installing the system to at least open and look at the config file >> first. >> >> I don't think anyone should be installing something as important as >> mailscanner without at least understanding what the default options >> are doing. > > I think it's a good idea. Only thing I'd do differently is to use the > hostname instead of www + domain-name. That would keep it shorter (I > like concise), and the comments mention that periods sometimes hose > the > Symantic virus scanner or something to that effect. Don't use > Symantic > so didn't pay too close attention. The %web-site% is only ever used in the message body, not in a header. But you are right about the other ones having dots in them which might confuse Symantec's scanner. I will just change the dots to dashes or underscores. Thanks for pointing that out, it hadn't occurred to me. > > Maybe I'm just being grumpy, but I think anybody installing something > like MailScanner w/o looking at the docs deserves what they get! That's very easy for an experienced user to say :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Fri Jun 2 16:45:34 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 2 16:45:48 2006 Subject: MCP-Checker (MCP timed out) - More details of the cause In-Reply-To: <4165CF7A7F12DE4B96622CCBB90586470730CBCB@largo.campus.ncl.ac.uk> References: <4165CF7A7F12DE4B96622CCBB90586470730CBCB@largo.campus.ncl.ac.uk> Message-ID: Should I therefore increase the default MCP timeout to 75 seconds? On 2 Jun 2006, at 15:55, Quentin Campbell wrote: > Re. my message below the output I provided is a result of running > 'spamassassin -t ...' on a sample message which includes the Received: > headers. When they are removed then 'spamassassin' runs very quickly. > > The inference that I draw from this is that when the message is being > run through the production MailScanner set up here, some DNS checks > are > being carried out during MCP processing. The DNS delays are most > likely > being caused by the same IP addresses that appear in the Received: > headers. Unlikely I know but it is the only explanation I can find. > > Quentin > --- > PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, > FAX: +44 191 222 8765 United Kingdom, NE1 7RU. > ---------------------------------------------------------------------- > -- > Any opinion expressed above is mine and not that of Newcastle > University. > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Quentin Campbell >> Sent: 02 June 2006 14:39 >> To: MailScanner discussion >> Subject: RE: MCP-Checker (MCP timed out) - More details of the cause >> >> The delay in 'spamassassin' for the particular site is >> apparently caused >> while SA tries to do a DNS PTR lookup for the IP addresses in the >> 'Received:" lines. It seems that the NS for the site is very slow to >> respond: >> >> ... >> [19506] dbg: dns: looking up PTR record for '165.198.2.156' >> [19506] dbg: dns: PTR for '165.198.2.156': '' >> [19506] dbg: received-header: parsed as [ ip=165.198.2.156 rdns= >> helo=pepwmr00040.cww.pep.pvt by=pepwmz00096.pbsg.com ident= envfrom= >> intl=0 id= auth= ] >> [19506] dbg: received-header: relay 165.198.2.156 trusted? no >> internal? >> no >> [19506] dbg: dns: looking up PTR record for '165.198.2.160' >> [19506] dbg: dns: PTR for '165.198.2.160': '' >> [19506] dbg: received-header: parsed as [ ip=165.198.2.160 rdns= >> helo=pepwmr00029.cww.pep.pvt by=pepwmr00040.cww.pep.pvt ident= >> envfrom= >> intl=0 id= auth= ] >> [19506] dbg: received-header: relay 165.198.2.160 trusted? no >> internal? >> no >> [19506] dbg: dns: looking up PTR record for '165.198.22.184' >> [19506] dbg: dns: PTR for '165.198.22.184': '' >> [19506] dbg: received-header: parsed as [ ip=165.198.22.184 rdns= >> helo=pepwmu00265.cww.pep.pvt by=pepwmr00029.cww.pep.pvt ident= >> envfrom= >> intl=0 id= auth= ] >> [19506] dbg: received-header: relay 165.198.22.184 trusted? no >> internal? >> no >> [19506] dbg: dns: looking up PTR record for '165.198.218.84' >> [19506] dbg: dns: PTR for '165.198.218.84': '' >> [19506] dbg: received-header: parsed as [ ip=165.198.218.84 rdns= >> helo=pepwmu00262.cww.pep.pvt by=pepwmu00265.cww.pep.pvt ident= >> envfrom= >> intl=0 id= auth= ] >> [19506] dbg: received-header: relay 165.198.218.84 trusted? no >> internal? >> no >> ... >> >> However it is not clear why this slows down the invocation of >> SA for MCP >> checks since the 'Received:' header lines should not be part of >> what is >> scanned at that point. >> >> Quentin >> --- >> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >> --------------------------------------------------------------- >> --------- >> Any opinion expressed above is mine and not that of Newcastle >> University. >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>> Of Quentin Campbell >>> Sent: 02 June 2006 14:22 >>> To: MailScanner discussion >>> Subject: RE: MCP-Checker (MCP timed out) - Answer: MCP >>> spamassassin timingout >>> >>> Have identified the cause and found a work around but am >> worried that a >>> simple message could give rise to this problem. >>> >>> Am getting the MCP checker "timed out" message because the >>> invocation of >>> 'spamassassin' that is run for MCP processing is timing out for the >>> messages in question. It will do this even if I have an _empty_ >>> 'mcp' >>> subdirectory! >>> >>> I note from MailScanner.conf in 4.51.6-1 that the timeout >>> values for the >>> MCP and non-MCP invocations of 'spamassassin' are different. For the >>> former it is only 10 seconds while for the latter it is 75 >>> seconds! That >>> explains why I only see the probem when the MCP check is done. The >>> default values set by Julian are: >>> >>> SpamAssassin Timeout = 75 >>> MCP SpamAssassin Timeout = 10 >>> >>> The work around was to change in MailScanner.conf the 'MCP >> SpamAssassin >>> Timeout' value from 10 to 75 (seconds). >>> >>> Quentin >>> --- >>> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>> University of Newcastle, >>> Newcastle upon Tyne, >>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>> --------------------------------------------------------------- >>> --------- >>> Any opinion expressed above is mine and not that of Newcastle >>> University. >>> >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>> Of Quentin Campbell >>>> Sent: 02 June 2006 08:54 >>>> To: MailScanner discussion >>>> Subject: RE: MCP-Checker (MCP timed out) - what is happening? >>>> >>>> Jeremy >>>> >>>> Have run 'spamassassin --siteconfigpath=/etc/MailScanner/mcp >>>> --lint' and >>>> this shows no problems. In my case I have more than one *.cf >>>> file in >>>> ~/mcp. >>>> >>>> I have found 59 instances of this problem occurring over the last 8 >>>> weeks. That is a tiny number compared to the 1,000,000 or so >>>> messages we >>>> receive per day so the problem seems to arise out of a very >>> special set >>>> of circumstances. >>>> >>>> Not just mail from 'intl.pepsico.com' is involved although that >>>> site >>>> accounts for a significant proportion of the 59 cases. At least two >>>> different people sending mail from that site have beem affected. >>>> >>>> A full extract of log records for one such instance is: >>>> >>>> Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: >>>> from=, size=2953, class=0, nrcpts=1, >>>> msgid=<933D22EF8B0CA249BC3C5056C06FCE2201FCBB9D@pepwmu00262.cww >>>> .pep.pvt> >>>> , proto=ESMTP, daemon=MTA, relay=pepwmz00096.pbsg.com >>>> [195.33.104.10] >>>> >>>> Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: Milter >>>> add: >>>> header: Received-SPF: none (cheviot2.ncl.ac.uk: domain of >>>> xxx.yyy@intl.pepsico.com does not designate permitted sender hosts) >>>> >>>> Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: >>>> to=, delay=00:00:00, mailer=esmtp, >> pri=32953, >>>> stat=queued >>>> >>>> Jun 1 10:12:39 cheviot2 MailScanner[22318]: Message >>>> k519CLJN025995 from >>>> 195.33.104.10 (xxx.yyy@intl.pepsico.com) to newcastle.ac.uk is MCP, >>>> MCP-Checker (MCP timed out) >>>> >>>> Jun 1 10:12:39 cheviot2 MailScanner[22318]: MCP Actions: message >>>> k519CLJN025995 actions are deliver >>>> >>>> At this point the message disappears from the queue. It is not >>>> delivered >>>> and the log records above confirm this. >>>> >>>> I am running with MailScanner-4.51.6-1 and SpamAssassin 3.1.1. >>>> >>>> Quentin >>>> --- >>>> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>>> University of Newcastle, >>>> Newcastle upon Tyne, >>>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>> --------------------------------------------------------------- >>>> --------- >>>> Any opinion expressed above is mine and not that of Newcastle >>>> University. >>>> >>>> >>>>> -----Original Message----- >>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>>> Of Jeremy Blonde >>>>> Sent: 01 June 2006 17:08 >>>>> To: MailScanner discussion >>>>> Subject: RE: MCP-Checker (MCP timed out) - what is ahppening? >>>>> >>>>> I ran into this same problem. I had to delete my existing mcp >>>>> rule file >>>>> and re-create it. Apparently, I had added a typo somewhere. >>>>> >>>>> >>>>> Jeremy Blonde >>>>> Instructional Technology - Server Support >>>>> Grant Joint Union School District >>>>> >>>>> >>>>> -----Original Message----- >>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>>> Of Quentin >>>>> Campbell >>>>> Sent: Thursday, June 01, 2006 9:00 AM >>>>> To: mailscanner@lists.mailscanner.info >>>>> Subject: MCP-Checker (MCP timed out) - what is ahppening? >>>>> >>>>> I am seeing for one sender the following record in the logs: >>>>> >>>>> Jun 1 10:13:57 cheviot1 MailScanner[425]: Message >>> k519DcIG001362 from >>>>> 195.33.10 4.10 (xxx.yyy@intl.pepsico.com) to newcastle.ac.uk is >>>>> MCP, >>>>> MCP-Checker (MCP timed out) >>>>> >>>>> The mail is disappearing. What might be the cause? >>>>> >>>>> Quentin >>>>> --- >>>>> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>>>> University of Newcastle, >>>>> Newcastle upon Tyne, >>>>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>>> --------------------------------------------------------------- >>>>> --------- >>>>> Any opinion expressed above is mine and not that of Newcastle >>>>> University. >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From a.peacock at chime.ucl.ac.uk Fri Jun 2 16:50:48 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Jun 2 16:51:04 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: References: Message-ID: <44805E58.4060904@chime.ucl.ac.uk> Hi Kevin, Kevin Miller wrote: > Anthony Peacock wrote: >> Hi Julian, >> >> Julian Field wrote: >>> On 1 Jun 2006, at 16:30, Kai Schaetzl wrote: >>> >>>> Julian Field wrote on Thu, 1 Jun 2006 14:04:52 +0100: >>>> >>>>> My easy-to-install ClamAV+SA package configures freshclam.conf and >>>>> spamd.conf for you, by commenting out the "Example" lines. >>>> and then sets the mirror to US ? >>> No, as I don't know what country you might be in. It just gets it >>> working for you, saving new users a nasty catch which will confuse >>> them entirely. Doing things like this annoys me, as they don't >>> produce a nice error message telling the user what they need to do >>> to alleviate the problem. It's a case of "Switch this option on to >>> make anything work, default is off". I know I do it myself, but I do >>> at least generate a polite error message which tells the user they >>> need to set their company name in MailScanner.conf. >>> >>> I am considering removing it from MailScanner. >>> If the %org-name% has not been configured, then I just use the domain >>> name by using Sys::Hostname::Long which is already needed by >>> SpamAssassin so most people have it installed already. I replace the >>> hostname with www to get the website address, and put the same in >>> %org-long-name% as %org-name%. >>> >>> Does that sound rather better than the current "I'm not going to >>> start" behaviour. >> I wouldn't really be in favour of this. >> >> A side-effect of the current behaviour is that it forces the person >> installing the system to at least open and look at the config file >> first. >> >> I don't think anyone should be installing something as important as >> mailscanner without at least understanding what the default options >> are doing. > > I think it's a good idea. Only thing I'd do differently is to use the > hostname instead of www + domain-name. That would keep it shorter (I > like concise), and the comments mention that periods sometimes hose the > Symantic virus scanner or something to that effect. Don't use Symantic > so didn't pay too close attention. > > Maybe I'm just being grumpy, but I think anybody installing something > like MailScanner w/o looking at the docs deserves what they get! I guess I am sitting somewhere in the middle here... :-) I like the current behaviour because it forces the person installing the software to look into the config file before the software will even run. I think the install script that Julian has created is great in that it removes most of the complications of getting a secure mail server up and running. The downside (as I see it) is that it is possible for someone to get a secure mail server up and running without really understanding what is going on. In my opinion that is dangerous. I really am trying not to sound like a grumpy old man here, but I do feel that running an internet connected mail server is something that should be done by a person with a basic understanding of what is going on. Anyway, I am not really arguing against Julian's suggestion as if you accept Julian's reason for maintaining the install script, this is the logical next step. Hopefully most people who hit a problem get caught here or on the wiki anyway. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The problem with defending the purity of the English language is that English is about as pure as a cribhouse whore. We don't just borrow words; on occasion, English has pursued other languages down alleyways to beat them unconscious and rifle their pockets for new vocabulary." -- James D. Nicoll From MailScanner at ecs.soton.ac.uk Fri Jun 2 16:51:15 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 2 16:51:33 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: References: Message-ID: <91040E12-89EE-4468-8669-97CC3C36C699@ecs.soton.ac.uk> On 2 Jun 2006, at 16:24, Kevin Miller wrote: > Anthony Peacock wrote: >> Hi Julian, >> >> Julian Field wrote: >>> >>> On 1 Jun 2006, at 16:30, Kai Schaetzl wrote: >>> >>>> Julian Field wrote on Thu, 1 Jun 2006 14:04:52 +0100: >>>> >>>>> My easy-to-install ClamAV+SA package configures freshclam.conf and >>>>> spamd.conf for you, by commenting out the "Example" lines. >>>> >>>> and then sets the mirror to US ? >>> >>> No, as I don't know what country you might be in. It just gets it >>> working for you, saving new users a nasty catch which will confuse >>> them entirely. Doing things like this annoys me, as they don't >>> produce a nice error message telling the user what they need to do >>> to alleviate the problem. It's a case of "Switch this option on to >>> make anything work, default is off". I know I do it myself, but I do >>> at least generate a polite error message which tells the user they >>> need to set their company name in MailScanner.conf. >>> >>> I am considering removing it from MailScanner. >>> If the %org-name% has not been configured, then I just use the >>> domain >>> name by using Sys::Hostname::Long which is already needed by >>> SpamAssassin so most people have it installed already. I replace the >>> hostname with www to get the website address, and put the same in >>> %org-long-name% as %org-name%. >>> >>> Does that sound rather better than the current "I'm not going to >>> start" behaviour. >> >> I wouldn't really be in favour of this. >> >> A side-effect of the current behaviour is that it forces the person >> installing the system to at least open and look at the config file >> first. >> >> I don't think anyone should be installing something as important as >> mailscanner without at least understanding what the default options >> are doing. > > I think it's a good idea. Only thing I'd do differently is to use the > hostname instead of www + domain-name. That would keep it shorter (I > like concise), and the comments mention that periods sometimes hose > the > Symantic virus scanner or something to that effect. Don't use > Symantic > so didn't pay too close attention. At line 285 in /usr/sbin/MailScanner, change that chunk of code to this: # Set them all to be something sensible my $domain_name = hostname_long; $domain_name =~ s/^[^.]+\.//; my $header_domain = $domain_name; $header_domain =~ tr/./_/; # So as not to kill Symantec's broken scanner MailScanner::Config::SetPercent('org-name', $header_domain); MailScanner::Config::SetPercent('org-long-name', $domain_name); MailScanner::Config::SetPercent('web-site', 'www.' . $domain_name); -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Fri Jun 2 17:11:07 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 2 17:11:40 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: <44805E58.4060904@chime.ucl.ac.uk> References: <44805E58.4060904@chime.ucl.ac.uk> Message-ID: On 2 Jun 2006, at 16:50, Anthony Peacock wrote: > I really am trying not to sound like a grumpy old man here, but I > do feel that running an internet connected mail server is something > that should be done by a person with a basic understanding of what > is going on. This is one of the few subjects which will get me ranting. So don't get me started :-) My position is that we all have to start learning somewhere. We also have a duty to get more people running software that protects themselves and everyone else from the hazards of spam, viruses, etc. I also feel strongly that we should encourage newbies to stick with it, by producing software that is as easy as possible to get going as possible. Most newcomers to Unix/Linux/whatever are very wary as they are on new ground, and have the assumption that it is all so much harder than Windows. Try getting a company to install their very first Unix box when all they have ever used is Windows. There is good money to be made here doing system management for them as they admit that they don't know what they are doing and everything is going to break leaving their company with no electronic communication at all. Many companies who suffer a complete failure of their email system for any length of time do not recover. This stuff costs people real money, their jobs, everything. If we don't put lots of effort into making their life as easy as possible, they will never even start learning: they will stick with what they are used to. Why do you think so many people have used Microsoft's SQL Server instead of DB2 or Oracle for small company systems? It's partly because you can put the CD in the drive, click on the setup icon and end up with a working database system. The last time I used DB2 or Oracle, there were fundamental bugs in their install scripts that meant that it all just broke outside of the USA. I know which one I would go for: the one that works out of the box. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Fri Jun 2 17:11:36 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 2 17:11:51 2006 Subject: World Tour, was Re: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <4473268E.B662.0038.0@tac.esi.net> References: X <4473268E.B662.0038.0@tac.esi.net> Message-ID: I have set up a page on the wiki devoted to a possible World Tour so I can come and meet some of you and say Hi, possibly involving a couple of nights on your sofa to see the city/town/village/country you live in. Please could you add some details of where you are (Google Earth links might be an idea), when are the best times of year, and stuff like that. Your name would be really useful too! There is a "World Tour" section at the bottom of the front page of wiki.mailscanner.info. There are a few suggested sections in it but feel free to do your own thing, just don't delete anything that is real content. Thanks folks! Jules. On 23 May 2006, at 20:13, Chris Hammond wrote: > > >>>> MailScanner@ecs.soton.ac.uk 05/23/06 2:55 pm >>> > >>> Well as much as I am proud to be a Hoosier, (I actually consider >>> myself a Texan, spent 16 years there in the USAF, married, both sons >>> born there) you only have three weeks! > >> I have been to DC and NY before, so don't need to stop there for >> long, >> if at all, just to say hello. I might go to DC this summer for a few >> days anyway (Steve ---- you up for that?) > > If you do, come south a little and we can feed you plenty of > seafood and > beer. :) > >>> You should see DC, New York, and the Pacific Northwest >>> (Seattle/Alaska). A whirlwind "MailScanner World Tour" should see >>> the >>> sights first. Indiana can only offer home town hospitality, good >>> cookin', and friendly people. If you come, we would love to have >>> you. > >> That's great, thanks! I might be able to stretch it a bit, or else I >> will have to splite it into 2 trips (or is that 3 now, including S.A. >> and New Zealand?) > > Get that donation site setup. I'm sure you could get enough to > offset the > cost of the trip and maybe pay and extra couple of week of salary > to give > you more time to take things in. > >> A U.S. only tour sounds increasingly likely here. I could do >> Alaska and >> Canada in a separate trip. (My G*d, this is turning into a set of >> trips, >> we're up to 3 now!) > > If it keeps going like this, you may just want to move to the US > for 6 months, > then Canada for a few, then....... > >>> Do it on a motorcycle, you would never be the same ;^) >> Probably spread all over the road like tomato paste :- ) > > Naa, stay away from the motorcycles. We would all go insane and > kill ourselves > if we didn't have you around to help us keep our spam under > control. :) > > Chris > -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From Kevin_Miller at ci.juneau.ak.us Fri Jun 2 17:34:10 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Jun 2 17:34:18 2006 Subject: [Clamav-users] Problem with internal logger Message-ID: Julian Field wrote: >> Maybe I'm just being grumpy, but I think anybody installing something >> like MailScanner w/o looking at the docs deserves what they get! > > That's very easy for an experienced user to say :-) True. I'm *very* experienced at shooting myself in the foot! :-) ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From campbell at cnpapers.com Fri Jun 2 17:35:41 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Jun 2 17:35:59 2006 Subject: [Clamav-users] Problem with internal logger References: <44805E58.4060904@chime.ucl.ac.uk> Message-ID: <005801c68662$964e7900$0705000a@DDF5DW71> ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Friday, June 02, 2006 12:11 PM Subject: Re: [Clamav-users] Problem with internal logger > On 2 Jun 2006, at 16:50, Anthony Peacock wrote: >> I really am trying not to sound like a grumpy old man here, but I do >> feel that running an internet connected mail server is something that >> should be done by a person with a basic understanding of what is going >> on. > > This is one of the few subjects which will get me ranting. So don't get > me started :-) Sounds like that came too late. And now .... > > > My position is that we all have to start learning somewhere. We also have > a duty to get more people running software that protects themselves and > everyone else from the hazards of spam, viruses, etc. I also feel > strongly that we should encourage newbies to stick with it, by producing > software that is as easy as possible to get going as possible. Most > newcomers to Unix/Linux/whatever are very wary as they are on new ground, > and have the assumption that it is all so much harder than Windows. > > Try getting a company to install their very first Unix box when all they > have ever used is Windows. There is good money to be made here doing > system management for them as they admit that they don't know what they > are doing and everything is going to break leaving their company with no > electronic communication at all. Many companies who suffer a complete > failure of their email system for any length of time do not recover. This > stuff costs people real money, their jobs, everything. If we don't put > lots of effort into making their life as easy as possible, they will > never even start learning: they will stick with what they are used to. > > Why do you think so many people have used Microsoft's SQL Server instead > of DB2 or Oracle for small company systems? It's partly because you can > put the CD in the drive, click on the setup icon and end up with a > working database system. The last time I used DB2 or Oracle, there were > fundamental bugs in their install scripts that meant that it all just > broke outside of the USA. I know which one I would go for: the one that > works out of the box. > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > I agree, to some extent, with everything Julian said above. But my reasons are also a little selfish. I have too many tasks to perform, and sometimes cannot take time to RTFM or study the config options to learn what they really mean or do. Having something that works 'out-of-the-box' is really nice. Otherwise, it may never get installed. But at this point, after installing the OOTB app, I would be an untrained admin, so I would worry alittle about problems that might show up. But then, I have a working config file to refer to. Sometimes having very good examples makes me understand better than the FM could ever do. I am just suggesting that, just like in learning a programming language, referring to something that already works can become one of the best tutorials available. I seem to recall trying to figure out the clam conf file a while back before it was done for me, and some of the simplest options weren't simple to understand. (What is that saying about me?) Steve > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From dave.list at pixelhammer.com Fri Jun 2 17:49:46 2006 From: dave.list at pixelhammer.com (DAve) Date: Fri Jun 2 17:49:55 2006 Subject: MailScanner version In-Reply-To: References: <447F5250.1060007@pixelhammer.com> Message-ID: <44806C2A.4000106@pixelhammer.com> Julian Field wrote: > > On 1 Jun 2006, at 21:47, DAve wrote: > >> Hello all, >> >> I'm about to hit the switch on my upgrade of MailScanner plus addition >> of MailWatch and I was curious as just how bad is version 4.53.8? The >> change log doesn't look like anything Julian fixed since would be a >> problem for me. > > There was a nasty problem in the phishing net, that was the biggest > problem. I would definitely go for 4.54. > >> I know I could install the latest source, and I normally only build my >> own source but.... > > It's written in perl, there *is* only source. You and I know that, but if I get it by a truck... "portupgrade -bcDivR mailscanner" just might save the day ;^) > >> I've been trying to use the ports system on FreeBSD with my >> MailScanner machines, half as an experiment and half "what do we do if >> DAve gets hit by a truck" preparedness ;^). >> >> The most current port is 4.53.8. We run ClamAv and BitDefender, should >> we use 4.53.8 or not? I hate to wait too long, this weekend is a >> perfect time to do the push for me. > > I would not go for 4.53, personally. > I didn't think so. Well I *hate* to sound like I'm whining but here goes. Jan, any timeframe on a new FreeBSD port of MailScanner? Looking at the install I would think I could almost edit the Makefile and do a "make makesum" and get it to install 4.54.6-1. Thanks, DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From dyioulos at firstbhph.com Fri Jun 2 18:09:25 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Fri Jun 2 18:09:31 2006 Subject: The book Message-ID: <200606021309.25456.dyioulos@firstbhph.com> Hi, Julian. I think I read that you'll be updating the MailScanner book. When do you expect it to be available? Thanks. Dimitri PS - Hopefully to be one of the proud sponsors of the MailScanner World Tour. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at yeticomputers.com Fri Jun 2 18:18:04 2006 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Fri Jun 2 18:19:16 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: <448072CC.3070007@yeticomputers.com> I think it would be terribly irresponsible to automatically report programmatically detected spam, no matter what the score is. I've had some very high scoring false positives. Even a tiny chance of getting someone improperly listed in an RBL without human intervention is too much to risk for what would probably be very little gain, anyway. More harm than good to do this, I think. Rick Dave Strydom wrote: > On 6/1/06, Kai Schaetzl wrote: >> isn't that automatically done when auto-learning spam? >> >> Kai >> >> -- >> Kai Sch?tzl, Berlin, Germany >> Get your web at Conactive Internet Services: http://www.conactive.com > > Nope, that updates the bayes db on your machine, what I want is > MailScanner to take say any message which scores over 25, and use the > spamassassin spamcop plugin to report the message to www.spamcop.net, > this will list the server which sent out the mail on a RBL. > > Dave From edwardbruce at sbcglobal.net Fri Jun 2 19:08:40 2006 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Fri Jun 2 19:08:48 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: References: <44805E58.4060904@chime.ucl.ac.uk> Message-ID: <44807EA8.6010203@sbcglobal.net> Julian Field wrote: > > > Why do you think so many people have used Microsoft's SQL Server > instead of DB2 or Oracle for small company systems? It's partly > because you can put the CD in the drive, click on the setup icon and > end up with a working database system. The last time I used DB2 or > Oracle, there were fundamental bugs in their install scripts that > meant that it all just broke outside of the USA. I know which one I > would go for: the one that works out of the box. > Well I would argue that sometimes it only appears to work out of the box ;-) . At our company I've decided to require FQDN before I will accept emails. I don't mind holding the hand of the poor office manager at a doctors office to get them configured. Its all the tech companies that I have to keep helping. The one that pissed me off the most is a consulting firm we hired to help us configure Windows Sharepoint that had their Exchange server misconfigured. I'm still thinking of submitting a 2 hour consult bill to them :-) From uxbod at splatnix.net Fri Jun 2 23:11:03 2006 From: uxbod at splatnix.net (uxbod) Date: Fri Jun 2 22:14:13 2006 Subject: Kaspersky Message-ID: <9670b85b6957a77b5b92dc44d2bb2e40@localhost> Which version works with MailScanner? Is it the file server or the workstation ? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Jun 3 10:51:54 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 3 10:52:11 2006 Subject: The book In-Reply-To: <200606021309.25456.dyioulos@firstbhph.com> References: <200606021309.25456.dyioulos@firstbhph.com> Message-ID: <44815BBA.5080306@ecs.soton.ac.uk> Dimitri Yioulos wrote: > Hi, Julian. > > I think I read that you'll be updating the MailScanner book. > When do you expect it to be available? > I intend doing the update in August, I'll post on the mailing lists when I release the new version of the book. > PS - Hopefully to be one of the proud sponsors of the MailScanner > World Tour. > Wonderful! Please can you add your details (when/where/who/etc) to the wiki "World Tour" page for me? Thanks! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Sat Jun 3 10:55:52 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Jun 3 10:55:55 2006 Subject: Kaspersky In-Reply-To: <9670b85b6957a77b5b92dc44d2bb2e40@localhost> References: <9670b85b6957a77b5b92dc44d2bb2e40@localhost> Message-ID: <223f97700606030255s311f917epb10d4c9d6fcd13c6@mail.gmail.com> On 03/06/06, uxbod wrote: > Which version works with MailScanner? Is it the file server or the workstation ? > Not that I run it, but http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:kaspersky:install might be a hint:-). Also look at http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:kaspersky:mailscanner_configuration ... seems to be useful info. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From uxbod at splatnix.net Sat Jun 3 13:18:02 2006 From: uxbod at splatnix.net (uxbod) Date: Sat Jun 3 12:21:17 2006 Subject: Kaspersky In-Reply-To: <223f97700606030255s311f917epb10d4c9d6fcd13c6@mail.gmail.com> References: <223f97700606030255s311f917epb10d4c9d6fcd13c6@mail.gmail.com> Message-ID: WiKi slaps uxbod around the head with a wet fish ! Thanks Glenn. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Jun 3 20:37:43 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 3 20:37:54 2006 Subject: Wikipedia Message-ID: <4481E507.2060908@ecs.soton.ac.uk> Anyone fancy expanding on the Wikipedia article about MailScanner please? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From uxbod at splatnix.net Sat Jun 3 22:07:32 2006 From: uxbod at splatnix.net (uxbod) Date: Sat Jun 3 21:10:40 2006 Subject: Wikipedia In-Reply-To: <4481E507.2060908@ecs.soton.ac.uk> References: <4481E507.2060908@ecs.soton.ac.uk> Message-ID: <68c8efbdce8653229b805de4a7e7c9de@localhost> Maybe worth mentioning its commercial appliance especially as so many companies use it ;) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From res at ausics.net Sun Jun 4 04:01:09 2006 From: res at ausics.net (Res) Date: Sun Jun 4 04:01:18 2006 Subject: MailScanner goes byebyes Message-ID: Hey all, Anyone seen before and bene able to produce a cure for why if tehre is a large queue MailScanner stops processing mail, it runs fine use --lint no errors, run in debug nothing happens I have to continuellay HUP the damned thing for it to process, once with starts its 10 kiddies thatsa the end of it until I hup it again -- Cheers Res From lhaig at haigmail.com Sun Jun 4 09:20:41 2006 From: lhaig at haigmail.com (Lance Haig) Date: Sun Jun 4 09:20:47 2006 Subject: wiki password Message-ID: <448297D9.3010908@haigmail.com> I can't seem to login to the wiki Can someone change it for me please uname = lhaig From lhaig at haigmail.com Sun Jun 4 09:22:47 2006 From: lhaig at haigmail.com (Lance Haig) Date: Sun Jun 4 09:22:51 2006 Subject: Instructions for FreeBSD Message-ID: <44829857.90201@haigmail.com> Has anyone got some documentation on how to install MailScanner on FreeBSD. I would appreciate it as I will be using FreeBSD for the first time and would appreciate some help. I have looked on the wiki but can see or find documentation. Thanks Lance From cpedaschus at gmx.de Sun Jun 4 10:15:37 2006 From: cpedaschus at gmx.de (Christian Pedaschus) Date: Sun Jun 4 10:15:59 2006 Subject: Instructions for FreeBSD In-Reply-To: <44829857.90201@haigmail.com> References: <44829857.90201@haigmail.com> Message-ID: <4482A4B9.9010305@gmx.de> Lance Haig wrote: > Has anyone got some documentation on how to install MailScanner on > FreeBSD. > > > I would appreciate it as I will be using FreeBSD for the first time > and would appreciate some help. > > I have looked on the wiki but can see or find documentation. > > Thanks > > Lance I'm using it on OpenBSD and there's nothing special (i can remember ;) ) , just follow the default install and you're fine. My only showstopper was, that OBSD mounts /var as nosuid, but that was qmail specific. Greets, Chris From chrisgreen at hotmail.com Sun Jun 4 11:21:48 2006 From: chrisgreen at hotmail.com (Chris Green) Date: Sun Jun 4 11:21:55 2006 Subject: Body text garbled UTF-8/BASE64 combination Message-ID: Hi there, I have been experiencing a strange issue with either Mailscanner or Postfix which I am stuck with. I have built a machine as per the instructions at www.piratefish.org - essentially a Debian Sarge box with MailScanner, Postfix, SpamAssassin and ClamAV. Instructions have been followed verbatim. The vast majority of email is relayed with no issues at all, 90% of spam is canned and not a virus in sight. However, three times in the past three weeks we have received an email where the body text is completely garbled. This is probably 0.01% of incoming traffic. I have posted an example pic at http://www.is-dept.com/download/garble.jpg - it's impossible to explain! mail.err and mail.warn are both clean and neither of them indicates that the corrupted messages are any different to others that are delivered without an issue. The only pattern we have identified so far is that each affected message is encoded using UTF-8/BASE64 - but I can offer no evidence that this is unique amongst all mail being received. I am in Hong Kong, so it is possible that locales are something to do with this issue. The only thing we have done so far is to run dpkg-reconfigure locales and add in Asian language locales and corresponding UTF-8 locales for all languages that the system is configured for. However, the problem continues. If anyone can suggest things that we could do to find out what the problem is we would be grateful. Chris From lhaig at haigmail.com Sun Jun 4 13:41:03 2006 From: lhaig at haigmail.com (Lance Haig) Date: Sun Jun 4 13:41:06 2006 Subject: Instructions for FreeBSD In-Reply-To: <4482A4B9.9010305@gmx.de> References: <44829857.90201@haigmail.com> <4482A4B9.9010305@gmx.de> Message-ID: <4482D4DF.3090102@haigmail.com> Was that the tar install? Anything you need to do before installing MS? Lance Christian Pedaschus wrote: > Lance Haig wrote: > > >> Has anyone got some documentation on how to install MailScanner on >> FreeBSD. >> >> >> I would appreciate it as I will be using FreeBSD for the first time >> and would appreciate some help. >> >> I have looked on the wiki but can see or find documentation. >> >> Thanks >> >> Lance >> > > > I'm using it on OpenBSD and there's nothing special (i can remember ;) ) > , just follow the default install and you're fine. > > My only showstopper was, that OBSD mounts /var as nosuid, but that was > qmail specific. > > Greets, Chris > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060604/959ea4db/attachment.html From lhaig at haigmail.com Sun Jun 4 13:43:54 2006 From: lhaig at haigmail.com (Lance Haig) Date: Sun Jun 4 13:43:58 2006 Subject: Instructions for FreeBSD In-Reply-To: <4482A4B9.9010305@gmx.de> References: <44829857.90201@haigmail.com> <4482A4B9.9010305@gmx.de> Message-ID: <4482D58A.7030402@haigmail.com> I just found the ports instructions :-) I am blind Lance Christian Pedaschus wrote: > Lance Haig wrote: > > >> Has anyone got some documentation on how to install MailScanner on >> FreeBSD. >> >> >> I would appreciate it as I will be using FreeBSD for the first time >> and would appreciate some help. >> >> I have looked on the wiki but can see or find documentation. >> >> Thanks >> >> Lance >> > > > I'm using it on OpenBSD and there's nothing special (i can remember ;) ) > , just follow the default install and you're fine. > > My only showstopper was, that OBSD mounts /var as nosuid, but that was > qmail specific. > > Greets, Chris > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060604/5b18ddee/attachment.html From MailScanner at ecs.soton.ac.uk Sun Jun 4 14:53:15 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jun 4 14:53:33 2006 Subject: Body text garbled UTF-8/BASE64 combination In-Reply-To: References: Message-ID: <4482E5CB.7090101@ecs.soton.ac.uk> Chris Green wrote: > Hi there, > > I have been experiencing a strange issue with either Mailscanner or > Postfix which I am stuck with. I have built a machine as per the > instructions at www.piratefish.org - essentially a Debian Sarge box > with MailScanner, Postfix, SpamAssassin and ClamAV. Instructions have > been followed verbatim. The vast majority of email is relayed with no > issues at all, 90% of spam is canned Only 90%? You should be able to do a lot better than that. I usually manage 98% with no reported false positives. And I have 2000 very fussy users who would scream at me if they discovered any messages went missing. Make sure you are using at least DCC, Razor, SURBL and rules_du_jour in addition to plain SpamAssassin. I don't like their recommendations very much: using all that lot in "Spam List" is a sure way to get a very slow server. Stick with the recommended default values for this, all the others are checked much better by SpamAssassin anyway. Their whole setup is a pretty simple, slightly naive, setup. If you must use Debian then fine, but make sure you have all the extra plugins to SpamAssassin not only installed but also correctly configured. Out-of-the-box, SpamAssassin won't use DCC, Razor, SURBL and so on without being told to, and that requires edits to a fairly well-hidden configuration file. The easy-to-install ClamAV and SpamAssassin package on the MailScanner web site does this lot for you, for example. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Sun Jun 4 15:08:49 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Jun 4 15:08:53 2006 Subject: Body text garbled UTF-8/BASE64 combination In-Reply-To: References: Message-ID: <223f97700606040708l1eb4ca42lf67cace8ad99e52e@mail.gmail.com> On 04/06/06, Chris Green wrote: > Hi there, > > I have been experiencing a strange issue with either Mailscanner or Postfix > which I am stuck with. I have built a machine as per the instructions at > www.piratefish.org - essentially a Debian Sarge box with MailScanner, > Postfix, SpamAssassin and ClamAV. Instructions have been followed verbatim. > The vast majority of email is relayed with no issues at all, 90% of spam is > canned and not a virus in sight. However, three times in the past three > weeks we have received an email where the body text is completely garbled. > This is probably 0.01% of incoming traffic. > > I have posted an example pic at http://www.is-dept.com/download/garble.jpg - > it's impossible to explain! > > mail.err and mail.warn are both clean and neither of them indicates that the > corrupted messages are any different to others that are delivered without an > issue. The only pattern we have identified so far is that each affected > message is encoded using UTF-8/BASE64 - but I can offer no evidence that > this is unique amongst all mail being received. > > I am in Hong Kong, so it is possible that locales are something to do with > this issue. The only thing we have done so far is to run dpkg-reconfigure > locales and add in Asian language locales and corresponding UTF-8 locales > for all languages that the system is configured for. However, the problem > continues. If anyone can suggest things that we could do to find out what > the problem is we would be grateful. > > Chris What version of MailScanner and Postfix are that? (I didn't want to register to get at the real info:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mikej at rogers.com Sun Jun 4 17:38:02 2006 From: mikej at rogers.com (Mike Jakubik) Date: Sun Jun 4 17:37:45 2006 Subject: Instructions for FreeBSD In-Reply-To: <44829857.90201@haigmail.com> References: <44829857.90201@haigmail.com> Message-ID: <44830C6A.7070202@rogers.com> Lance Haig wrote: > Has anyone got some documentation on how to install MailScanner on > FreeBSD. > > > I would appreciate it as I will be using FreeBSD for the first time > and would appreciate some help. > > I have looked on the wiki but can see or find documentation. Just like any other application in FreeBSD, use the ports. cd /usr/ports/mail/mailscanner & make install From james at grayonline.id.au Sun Jun 4 21:43:39 2006 From: james at grayonline.id.au (James Gray) Date: Sun Jun 4 23:22:20 2006 Subject: MailScanner goes byebyes In-Reply-To: References: Message-ID: <200606050643.51121.james@grayonline.id.au> On Sun, 4 Jun 2006 01:01 pm, Res wrote: > Hey all, > Anyone seen before and bene able to produce a cure for why if tehre is a > large queue MailScanner stops processing mail, it runs fine use --lint no > errors, run in debug nothing happens > I have to continuellay HUP the damned thing for it to process, once with > starts its 10 kiddies thatsa the end of it until I hup it again Wow, 10 children - I hope you have at least 2 REAL CPU's/cores (not some wanky Intel "Hyperthread" thing that just /says/ it's got 2 CPU's/cores...but it's not really) and a *LOT* of RAM (2GB territory on a dedicated server, double that if this box is sharing with other things). Are you sure you're not hitting some resource limit? On my systems I have a restrictive default config for all accounts that don't have a login (eg, postfix, bind, etc) which bit me on the butt when MailScanner needed more file handles than I was allowing it and resulted in the sort of "hang" you describe above when the mail queues got big. Once I upped the file handles limit everything was peachy again. There were plenty of messages in the logs (/var/log/messages and /var/log/kernel.log on Linux) which gave me the necessary clue. HTH, James -- Success is getting what you want; happiness is wanting what you get. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060605/87c02535/attachment.bin From rich at mail.wvnet.edu Mon Jun 5 00:35:44 2006 From: rich at mail.wvnet.edu (Richard Lynch) Date: Mon Jun 5 00:37:05 2006 Subject: Redirecting SMTP connections Message-ID: <44836E50.4080101@mail.wvnet.edu> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060604/1b039ced/smime.bin From james at grayonline.id.au Mon Jun 5 01:10:25 2006 From: james at grayonline.id.au (James Gray) Date: Mon Jun 5 01:10:42 2006 Subject: Redirecting SMTP connections In-Reply-To: <44836E50.4080101@mail.wvnet.edu> References: <44836E50.4080101@mail.wvnet.edu> Message-ID: <200606051010.25878.james@grayonline.id.au> On Mon, 5 Jun 2006 09:35 am, Richard Lynch wrote: > This may be a little off topic but it is related to the setup of a > MailScanner gateway. > > I have a customer who needs to be able to send and receive encrypted > messages to some of their clients. This is a medical center and I'm > sure some of this is related to HIPPA regulations. They are doing this > using server to server encryption (MS Exchange). I'm uncertain what > product they are using to provide this functionality but my > understanding is that the mail will be encrypted between MS Ex servers > using STARTTLS. Currently we are filtering all of their internet mail > using MailScanner on a server with their MX DNS entry pointing to our > server. > > They have asked me to redirect certain connections based on the incoming > IP address directly to their server which will comply with this > protocol. I don't really know how to achieve this. I think it may be > possible using the redirect function in iptables. Basically, I want to > take incoming connections to our server and, based on the IP address, > redirect it to their server to handle the encrypted message exchange. > > Has anyone ever done anything like this and know how to do it? I hope > I've been clear on what I'm trying to do. Any help is much appreciated. You mention iptables so I assume this is a Linux box. You need to create a destination NAT (DNAT) rule to rewrite the destination address if the source address (and maybe source/destination ports too) match appropriate values. Then once the DNAT is created, you need to ADD a rule to the FORWARD chain that ALLOWS packets from the original source to the NEW DESTINATION (again, possibly matching other connection details). Depending on the encryption scheme they are using this may break the end-to-end security and cause the connection to barf (ipsec springs to mind) but TLS should be ok with DNAT - I've done this sort of thing before with TLS+DNAT on Linux routers. Google is your friend. Cheers, James -- We are what we pretend to be. -- Kurt Vonnegut, Jr. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060605/78a11269/attachment.bin From maillists at conactive.com Mon Jun 5 01:17:11 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Jun 5 01:17:21 2006 Subject: Redirecting SMTP connections In-Reply-To: <44836E50.4080101@mail.wvnet.edu> References: <44836E50.4080101@mail.wvnet.edu> Message-ID: Richard Lynch wrote on Sun, 04 Jun 2006 19:35:44 -0400: > They have asked me to redirect certain connections based on the incoming > IP address directly to their server which will comply with this > protocol. I don't really know how to achieve this. Me, too ;-) I don't think you can "redirect" this. There is an easy solution, though. They just need to communicate with a different hostname (domain or subdomain) that they MX to their own server. They could just call it "hippa.domain.com", which makes it quite clear to everyone they hand that address out what it is good for. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From jm153 at tmp.com.br Mon Jun 5 03:25:01 2006 From: jm153 at tmp.com.br (Durval Menezes) Date: Mon Jun 5 03:25:12 2006 Subject: Invalid 'Return-Path:' header being inserted by MailScanner? Message-ID: <20060604232501.A31944@tmp.com.br> Hello folks, I've been experimenting with MailScanner's quarantine for spam messages ('Spam Actions = store') and found that it inserts the following header as the first line of every quarantined email file: Return-Path: <<81>g> (The <81> is actually a binary 0x81 character). Tried updating from MailScanner 4.48.4 to the latest version (4.54.6), but the above problem persists; searched both Google and this mailing list's archive to no avail. Have anyone here seen anything like it? Thanks in advance. Best Regards, -- Durval Menezes (durval AT tmp DOT com DOT br, http://www.tmp.com.br/) From chrisgreen at hotmail.com Mon Jun 5 03:59:41 2006 From: chrisgreen at hotmail.com (Chris Green) Date: Mon Jun 5 03:59:46 2006 Subject: Body text garbled UTF-8/BASE64 combination In-Reply-To: <4482E5CB.7090101@ecs.soton.ac.uk> Message-ID: Julian Field wrote: >Chris Green wrote: >>Hi there, >> >>I have been experiencing a strange issue with either Mailscanner or >>Postfix which I am stuck with. I have built a machine as per the >>instructions at www.piratefish.org - essentially a Debian Sarge box with >>MailScanner, Postfix, SpamAssassin and ClamAV. Instructions have been >>followed verbatim. The vast majority of email is relayed with no issues at >>all, 90% of spam is canned >Only 90%? You should be able to do a lot better than that. I usually manage >98% with no reported false positives. And I have 2000 very fussy users who >would scream at me if they discovered any messages went missing. Make sure >you are using at least DCC, Razor, SURBL and rules_du_jour in addition to >plain SpamAssassin. > >I don't like their recommendations very much: using all that lot in "Spam >List" is a sure way to get a very slow server. Stick with the recommended >default values for this, all the others are checked much better by >SpamAssassin anyway. > >Their whole setup is a pretty simple, slightly naive, setup. If you must >use Debian then fine, but make sure you have all the extra plugins to >SpamAssassin not only installed but also correctly configured. >Out-of-the-box, SpamAssassin won't use DCC, Razor, SURBL and so on without >being told to, and that requires edits to a fairly well-hidden >configuration file. The easy-to-install ClamAV and SpamAssassin package on >the MailScanner web site does this lot for you, for example. > The 90% figure is more down to our lack of bravado when configuring this product which is still very new to us. When looking at what actually gets through to the mailboxes (ie not counting those in the quarantine area) it's much more like the 98% you cite above :-) However, the point is that the vast majority of mail gets through and three (known to be ham) mails have got screwed up. I will build another box using the packages you describe and see how we get on. It should quickly become clear whether the introduction of DCC, Razor, SURBL and rules_du_jour resolve this issue, I'll keep you posted. I appreciate your feedback very much and love the product despite this small issue. I am determined to get this working. Thanks Julian. From chrisgreen at hotmail.com Mon Jun 5 04:28:59 2006 From: chrisgreen at hotmail.com (Chris Green) Date: Mon Jun 5 04:29:13 2006 Subject: Body text garbled UTF-8/BASE64 combination In-Reply-To: <223f97700606040708l1eb4ca42lf67cace8ad99e52e@mail.gmail.com> Message-ID: Glenn Steen wrote: > >On 04/06/06, Chris Green wrote: >>Hi there, >> >>I have been experiencing a strange issue with either Mailscanner or >>Postfix >>which I am stuck with. I have built a machine as per the instructions at >>www.piratefish.org - essentially a Debian Sarge box with MailScanner, >>Postfix, SpamAssassin and ClamAV. Instructions have been followed >>verbatim. >>The vast majority of email is relayed with no issues at all, 90% of spam >>is >>canned and not a virus in sight. However, three times in the past three >>weeks we have received an email where the body text is completely garbled. >>This is probably 0.01% of incoming traffic. >> >>I have posted an example pic at http://www.is-dept.com/download/garble.jpg >>- >>it's impossible to explain! >> >>mail.err and mail.warn are both clean and neither of them indicates that >>the >>corrupted messages are any different to others that are delivered without >>an >>issue. The only pattern we have identified so far is that each affected >>message is encoded using UTF-8/BASE64 - but I can offer no evidence that >>this is unique amongst all mail being received. >> >>I am in Hong Kong, so it is possible that locales are something to do with >>this issue. The only thing we have done so far is to run dpkg-reconfigure >>locales and add in Asian language locales and corresponding UTF-8 locales >>for all languages that the system is configured for. However, the problem >>continues. If anyone can suggest things that we could do to find out what >>the problem is we would be grateful. >> >>Chris >What version of MailScanner and Postfix are that? (I didn't want to >register to get at the real info:-) > The box is currently running the Debian builds of MailScanner (v 4.41.3-2) and Postfix (v 2.1.5-9) Registration for the instructions to build a Fish must be a new 'feature'...... From Q.G.Campbell at newcastle.ac.uk Mon Jun 5 08:30:32 2006 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Mon Jun 5 08:30:39 2006 Subject: MCP-Checker (MCP timed out) - More details of the cause Message-ID: <4165CF7A7F12DE4B96622CCBB90586470730CC40@largo.campus.ncl.ac.uk> >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >Of Julian Field >Sent: 02 June 2006 16:46 >To: MailScanner discussion >Subject: Re: MCP-Checker (MCP timed out) - More details of the cause > >Should I therefore increase the default MCP timeout to 75 seconds? > Julian 1. I will first confirm that increasing the MCP-check timout fixes the problem and lets mail from the 'slow' sites get through. 2. If increasing the timeout fixes the problem then I would like to know why the MCP-checker is doing DNS lookups. Once I have permission I will forward you a short message that can apparently reproduces this problem. Will try to get back to you on these points ASAP. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ Any opinion expressed above is mine and not that of Newcastle University. From res at ausics.net Mon Jun 5 09:00:32 2006 From: res at ausics.net (Res) Date: Mon Jun 5 09:00:42 2006 Subject: MailScanner goes byebyes In-Reply-To: <200606050643.51121.james@grayonline.id.au> References: <200606050643.51121.james@grayonline.id.au> Message-ID: Hi James, On Mon, 5 Jun 2006, James Gray wrote: > Wow, 10 children - I hope you have at least 2 REAL CPU's/cores (not some wanky yes, DL380 :) > and a *LOT* of RAM (2GB territory on a dedicated server, double Yep :) > that if this box is sharing with other things). Are you sure you're not > hitting some resource limit? > This only happens on one of the several mail servers, doesnt seem to be an issue on any of the others and only some of the time. > MailScanner needed more file handles than I was allowing it and resulted in > the sort of "hang" you describe above when the mail queues got big. Once I > upped the file handles limit everything was peachy again. There were plenty > of messages in the logs (/var/log/messages and /var/log/kernel.log on Linux) > which gave me the necessary clue. Mine get none, the usual child starting blah blah, found and processed X number of messages and thats it.. So I guess its a case of the childs starts, processes its first batch then ninite we go :( -- Cheers Res From a.peacock at chime.ucl.ac.uk Mon Jun 5 09:16:20 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Mon Jun 5 09:16:29 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: References: <44805E58.4060904@chime.ucl.ac.uk> Message-ID: <4483E854.50907@chime.ucl.ac.uk> Hi Julian, Julian Field wrote: > On 2 Jun 2006, at 16:50, Anthony Peacock wrote: >> I really am trying not to sound like a grumpy old man here, but I do >> feel that running an internet connected mail server is something that >> should be done by a person with a basic understanding of what is going >> on. > > This is one of the few subjects which will get me ranting. So don't get > me started :-) Damn! I was trying to pick my words carefully so I didn't hit your rant buttons :-) Don't get me wrong, I agree with your general view point. And I think that the work you have done to make it easy for someone to install a secure mail server is to be applauded. I think my position is only slightly different from yours. Where we appear to differ is about 'exposing' the complexity. As well as agreeing with your position below I think we have a duty to educate. Yes we all had to start somewhere, and we have all made mistakes along the way, I was very lucky to work with some very bright and experienced people in the early days of my career who helped my education a lot. I think that hiding the complexity too much can be a disservice to some people as they could easily think that there is no more to understand. My initial comments at the start of this thread where purely that I thought making someone look in the config file before running the system was a good thing, as it forced them to at least understand that there was a config file there. Anyway, I don't want to look like I am opposing your view, when I think we are actually only debating a small detail. > > > My position is that we all have to start learning somewhere. We also > have a duty to get more people running software that protects themselves > and everyone else from the hazards of spam, viruses, etc. I also feel > strongly that we should encourage newbies to stick with it, by producing > software that is as easy as possible to get going as possible. Most > newcomers to Unix/Linux/whatever are very wary as they are on new > ground, and have the assumption that it is all so much harder than Windows. > > Try getting a company to install their very first Unix box when all they > have ever used is Windows. There is good money to be made here doing > system management for them as they admit that they don't know what they > are doing and everything is going to break leaving their company with no > electronic communication at all. Many companies who suffer a complete > failure of their email system for any length of time do not recover. > This stuff costs people real money, their jobs, everything. If we don't > put lots of effort into making their life as easy as possible, they will > never even start learning: they will stick with what they are used to. > > Why do you think so many people have used Microsoft's SQL Server instead > of DB2 or Oracle for small company systems? It's partly because you can > put the CD in the drive, click on the setup icon and end up with a > working database system. The last time I used DB2 or Oracle, there were > fundamental bugs in their install scripts that meant that it all just > broke outside of the USA. I know which one I would go for: the one that > works out of the box. > > > --Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The problem with defending the purity of the English language is that English is about as pure as a cribhouse whore. We don't just borrow words; on occasion, English has pursued other languages down alleyways to beat them unconscious and rifle their pockets for new vocabulary." -- James D. Nicoll From febrianto at sioenasia.com Mon Jun 5 09:53:49 2006 From: febrianto at sioenasia.com (Budi Febrianto) Date: Mon Jun 5 09:50:03 2006 Subject: How to block emails from some of yahoogroups but not all Message-ID: Dear All, Just join this group, and the two emails from mailscanner.info (confirm and welcome) tagged as spam :). Have manually added mailscanner.info as whitelist. :). Lot's of my users join the yahoogroups. It's not a problem, but... my management want me to block emails from yahoogroups that contains that are not allowed, like porn. So I like to block emails from abc of yahoogroups. I tried to simply blacklist emails from abc@yahoogroups.com, but it didn't work. Should I put it in SA as new rules? Any examples? Best Regards From glenn.steen at gmail.com Mon Jun 5 09:50:09 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 5 09:50:13 2006 Subject: Body text garbled UTF-8/BASE64 combination In-Reply-To: References: <223f97700606040708l1eb4ca42lf67cace8ad99e52e@mail.gmail.com> Message-ID: <223f97700606050150r2a18ab5bn9245f03fd78db6e7@mail.gmail.com> On 05/06/06, Chris Green wrote: > Glenn Steen wrote: > > > >On 04/06/06, Chris Green wrote: > >>Hi there, > >> > >>I have been experiencing a strange issue with either Mailscanner or > >>Postfix > >>which I am stuck with. I have built a machine as per the instructions at > >>www.piratefish.org - essentially a Debian Sarge box with MailScanner, > >>Postfix, SpamAssassin and ClamAV. Instructions have been followed > >>verbatim. > >>The vast majority of email is relayed with no issues at all, 90% of spam > >>is > >>canned and not a virus in sight. However, three times in the past three > >>weeks we have received an email where the body text is completely garbled. > >>This is probably 0.01% of incoming traffic. > >> > >>I have posted an example pic at http://www.is-dept.com/download/garble.jpg > >>- > >>it's impossible to explain! > >> > >>mail.err and mail.warn are both clean and neither of them indicates that > >>the > >>corrupted messages are any different to others that are delivered without > >>an > >>issue. The only pattern we have identified so far is that each affected > >>message is encoded using UTF-8/BASE64 - but I can offer no evidence that > >>this is unique amongst all mail being received. > >> > >>I am in Hong Kong, so it is possible that locales are something to do with > >>this issue. The only thing we have done so far is to run dpkg-reconfigure > >>locales and add in Asian language locales and corresponding UTF-8 locales > >>for all languages that the system is configured for. However, the problem > >>continues. If anyone can suggest things that we could do to find out what > >>the problem is we would be grateful. > >> > >>Chris > >What version of MailScanner and Postfix are that? (I didn't want to > >register to get at the real info:-) > > > The box is currently running the Debian builds of MailScanner (v 4.41.3-2) > and Postfix (v 2.1.5-9) The Postfix version is OK, but you really should go for the latest stable 4.54 version... And throw in Jules Clam+SA package too. My memory isn't what it used to be, but... IIRC that version is susceptible to random (but rather seldom happening) corruption of stray PF files, which Jules has fixed... The 4.5X series has not shown this behaviour (none observed.... used to have the very few corruptions while running 4.[34]X (no, I don't remember exactly when it was fixed:-)). So, to get a plan of action... Use apt-get to uninstall mailscanner, spamassassin and clamav, download the relevant packages from www.mailscanner.info, unpack them and run install.sh (look at the maq/wiki docs for more details, tips and instructions: http://wiki.mailscanner.info). Also, with that new a MailScanner, I'm not sure the webmin module for MailScanner will be much use... Just edit MailScanner.conf directly, it is very well commented. > > Registration for the instructions to build a Fish must be a new > 'feature'...... > Seems like. Judging from what you told me off-list (thanks for that!), he/they are pretty in love with apt-get (easy to fall in love with:-)... Which is OK. But for this type of system, I think you are better off using the latest and greatest, which pretty much precludes use of the somewhat dated Debian packages... I can tell you that the situation isn't much better with most any Debian based system (Ubuntu 6.06 carries version 4.46., which is, relatively speaking, pretty old:). Jules does an admirable job of keeping on top of things (both for SA+Clamav and ... well anything spam/virus-related) so ... Upgrade ASAP! -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martinh at solid-state-logic.com Mon Jun 5 10:34:02 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Jun 5 10:34:14 2006 Subject: Instructions for FreeBSD In-Reply-To: <44829857.90201@haigmail.com> Message-ID: <081f01c68883$2e50d320$3004010a@martinhlaptop> Lance Depends on whether you want to install via ports or via the generic Unix .tar.gz . I use the tar.gz but then I help out with the beta a lot and therefore can't wait for JP to update the ports. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Lance Haig > Sent: 04 June 2006 09:23 > To: MailScanner discussion > Subject: Instructions for FreeBSD > > Has anyone got some documentation on how to install MailScanner on > FreeBSD. > > > I would appreciate it as I will be using FreeBSD for the first time and > would appreciate some help. > > I have looked on the wiki but can see or find documentation. > > Thanks > > Lance > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From lhaig at haigmail.com Mon Jun 5 10:44:07 2006 From: lhaig at haigmail.com (Lance Haig) Date: Mon Jun 5 10:44:12 2006 Subject: Instructions for FreeBSD In-Reply-To: <081f01c68883$2e50d320$3004010a@martinhlaptop> References: <081f01c68883$2e50d320$3004010a@martinhlaptop> Message-ID: <4483FCE7.6000205@haigmail.com> Hi martin, I want to use the tar as I also am on the beta list Lance Martin Hepworth wrote: > Lance > > Depends on whether you want to install via ports or via the generic Unix > .tar.gz . > > I use the tar.gz but then I help out with the beta a lot and therefore can't > wait for JP to update the ports. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Lance Haig >> Sent: 04 June 2006 09:23 >> To: MailScanner discussion >> Subject: Instructions for FreeBSD >> >> Has anyone got some documentation on how to install MailScanner on >> FreeBSD. >> >> >> I would appreciate it as I will be using FreeBSD for the first time and >> would appreciate some help. >> >> I have looked on the wiki but can see or find documentation. >> >> Thanks >> >> Lance >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- *Lance Haig* Director *Work:* 07967967108 *Mobile:* 07967967108 *Email:* lhaig@haigmail.com *http://www.linkedin.com/in/lancehaig * * * *HaigMail dot Com* See who we know in common Want a signature like this? -------------- next part -------------- Skipped content of type multipart/related From martinh at solid-state-logic.com Mon Jun 5 10:49:01 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Jun 5 10:49:23 2006 Subject: Instructions for FreeBSD In-Reply-To: <4483FCE7.6000205@haigmail.com> Message-ID: <086801c68885$47be9ca0$3004010a@martinhlaptop> Lance Then download the tar.gz, unzip/untar it and run the ./install.sh script. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Lance Haig > Sent: 05 June 2006 10:44 > To: MailScanner discussion > Subject: Re: Instructions for FreeBSD > > Hi martin, > > I want to use the tar as I also am on the beta list > > Lance > > Martin Hepworth wrote: > > Lance > > Depends on whether you want to install via ports or via the generic > Unix > .tar.gz . > > I use the tar.gz but then I help out with the beta a lot and > therefore can't > wait for JP to update the ports. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Lance Haig > Sent: 04 June 2006 09:23 > To: MailScanner discussion > Subject: Instructions for FreeBSD > > Has anyone got some documentation on how to install > MailScanner on > FreeBSD. > > > I would appreciate it as I will be using FreeBSD for the first > time and > would appreciate some help. > > I have looked on the wiki but can see or find documentation. > > Thanks > > Lance > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > > > > > ******************************************************************** > ** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please > notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ******************************************************************** > ** > > > > > -- > > Lance Haig > Director > > Work: 07967967108 > Mobile: 07967967108 > Email: lhaig@haigmail.com > > http://www.linkedin.com/in/lancehaig > > HaigMail dot Com > > See who we know in common > Want a signature like this? ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From lhaig at haigmail.com Mon Jun 5 11:16:48 2006 From: lhaig at haigmail.com (Lance Haig) Date: Mon Jun 5 11:16:53 2006 Subject: Instructions for FreeBSD In-Reply-To: <086801c68885$47be9ca0$3004010a@martinhlaptop> References: <086801c68885$47be9ca0$3004010a@martinhlaptop> Message-ID: <44840490.9080600@haigmail.com> Martin, Apologies for the "dumb" question Do I need to install the other apps as I would do on a Suse box? DCC Razor etc... Spamassassin Thanks Lance Martin Hepworth wrote: > Lance > > Then download the tar.gz, unzip/untar it and run the ./install.sh script. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Lance Haig >> Sent: 05 June 2006 10:44 >> To: MailScanner discussion >> Subject: Re: Instructions for FreeBSD >> >> Hi martin, >> >> I want to use the tar as I also am on the beta list >> >> Lance >> >> Martin Hepworth wrote: >> >> Lance >> >> Depends on whether you want to install via ports or via the generic >> Unix >> .tar.gz . >> >> I use the tar.gz but then I help out with the beta a lot and >> therefore can't >> wait for JP to update the ports. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Lance Haig >> Sent: 04 June 2006 09:23 >> To: MailScanner discussion >> Subject: Instructions for FreeBSD >> >> Has anyone got some documentation on how to install >> MailScanner on >> FreeBSD. >> >> >> I would appreciate it as I will be using FreeBSD for the >> > first > >> time and >> would appreciate some help. >> >> I have looked on the wiki but can see or find documentation. >> >> Thanks >> >> Lance >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the >> website! >> >> >> >> >> ******************************************************************** >> ** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please >> notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ******************************************************************** >> ** >> >> >> >> >> -- >> >> Lance Haig >> Director >> >> Work: 07967967108 >> Mobile: 07967967108 >> Email: lhaig@haigmail.com >> >> http://www.linkedin.com/in/lancehaig >> >> HaigMail dot Com >> >> See who we know in common >> Want a signature like this? >> > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- *Lance Haig* Director *Work:* 07967967108 *Mobile:* 07967967108 *Email:* lhaig@haigmail.com *http://www.linkedin.com/in/lancehaig * * * *HaigMail dot Com* See who we know in common Want a signature like this? -------------- next part -------------- Skipped content of type multipart/related From chrisgreen at hotmail.com Mon Jun 5 11:35:49 2006 From: chrisgreen at hotmail.com (Chris Green) Date: Mon Jun 5 11:35:57 2006 Subject: Body text garbled UTF-8/BASE64 combination In-Reply-To: <223f97700606050150r2a18ab5bn9245f03fd78db6e7@mail.gmail.com> Message-ID: Glenn Steen wrote: > >On 05/06/06, Chris Green wrote: >>Glenn Steen wrote: >> > >> >On 04/06/06, Chris Green wrote: >> >>Hi there, >> >> >> >>I have been experiencing a strange issue with either Mailscanner or >> >>Postfix >> >>which I am stuck with. I have built a machine as per the instructions >>at >> >>www.piratefish.org - essentially a Debian Sarge box with MailScanner, >> >>Postfix, SpamAssassin and ClamAV. Instructions have been followed >> >>verbatim. >> >>The vast majority of email is relayed with no issues at all, 90% of >>spam >> >>is >> >>canned and not a virus in sight. However, three times in the past three >> >>weeks we have received an email where the body text is completely >>garbled. >> >>This is probably 0.01% of incoming traffic. >> >> >> >>I have posted an example pic at >>http://www.is-dept.com/download/garble.jpg >> >>- >> >>it's impossible to explain! >> >> >> >>mail.err and mail.warn are both clean and neither of them indicates >>that >> >>the >> >>corrupted messages are any different to others that are delivered >>without >> >>an >> >>issue. The only pattern we have identified so far is that each affected >> >>message is encoded using UTF-8/BASE64 - but I can offer no evidence >>that >> >>this is unique amongst all mail being received. >> >> >> >>I am in Hong Kong, so it is possible that locales are something to do >>with >> >>this issue. The only thing we have done so far is to run >>dpkg-reconfigure >> >>locales and add in Asian language locales and corresponding UTF-8 >>locales >> >>for all languages that the system is configured for. However, the >>problem >> >>continues. If anyone can suggest things that we could do to find out >>what >> >>the problem is we would be grateful. >> >> >> >>Chris >> >What version of MailScanner and Postfix are that? (I didn't want to >> >register to get at the real info:-) >> > >>The box is currently running the Debian builds of MailScanner (v 4.41.3-2) >>and Postfix (v 2.1.5-9) > >The Postfix version is OK, but you really should go for the latest >stable 4.54 version... And throw in Jules Clam+SA package too. My >memory isn't what it used to be, but... IIRC that version is >susceptible to random (but rather seldom happening) corruption of >stray PF files, which Jules has fixed... The 4.5X series has not shown >this behaviour (none observed.... used to have the very few >corruptions while running 4.[34]X (no, I don't remember exactly when >it was fixed:-)). >So, to get a plan of action... Use apt-get to uninstall mailscanner, >spamassassin and clamav, download the relevant packages from >www.mailscanner.info, unpack them and run install.sh (look at the >maq/wiki docs for more details, tips and instructions: >http://wiki.mailscanner.info). >Also, with that new a MailScanner, I'm not sure the webmin module for >MailScanner will be much use... Just edit MailScanner.conf directly, >it is very well commented. > Wise words I'm sure. Now I've got a taste of what this type of system can do I'm less concerned about my chances of configuring everything manually and ending up with a box that actually works! So I have already built another box to test it all on, and 4.54 is downloaded and ready to go. Slight glitch with the build-essential package not being on that machine but huge progress already. In for a penny, in for a pound! > >> >>Registration for the instructions to build a Fish must be a new >>'feature'...... >> >Seems like. >Judging from what you told me off-list (thanks for that!), he/they are >pretty in love with apt-get (easy to fall in love with:-)... Which is >OK. But for this type of system, I think you are better off using the >latest and greatest, which pretty much precludes use of the somewhat >dated Debian packages... I can tell you that the situation isn't much >better with most any Debian based system (Ubuntu 6.06 carries version >4.46., which is, relatively speaking, pretty >old:). > >Jules does an admirable job of keeping on top of things (both for >SA+Clamav and ... well anything spam/virus-related) so ... Upgrade >ASAP! > One of the reasons I started using Debian was because of it's reputation with stability. It follows that some packages are going to be well out of date. I totally agree with you about using the latest and greatest here though - so compiling from source is where I'm headed. Thanks for your comments and help, I'm only six months into Linux and it REALLY helps getting a leg up every now and again. I've left a beer for you in your local bar - just go up to the barman and ask for it :-) From glenn.steen at gmail.com Mon Jun 5 11:38:45 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 5 11:38:48 2006 Subject: How to block emails from some of yahoogroups but not all In-Reply-To: References: Message-ID: <223f97700606050338o6946927aw4ad1a4c56a21691f@mail.gmail.com> On 05/06/06, Budi Febrianto wrote: > > Dear All, > > Just join this group, and the two emails from mailscanner.info (confirm and > welcome) tagged as spam :). Have manually added mailscanner.info as > whitelist. :). > > Lot's of my users join the yahoogroups. It's not a problem, but... my > management want me to block emails from yahoogroups that contains that are > not allowed, like porn. > > So I like to block emails from abc of yahoogroups. > I tried to simply blacklist emails from abc@yahoogroups.com, but it didn't > work. Should I put it in SA as new rules? Any examples? > > Best Regards > Budi, look at the thread "Listserv whitelisting: Reply-to header field? " ... You get the idea:-). Hmmm, gmane seem to be down, so you'll have to rely on http://lists.mailscanner.info/pipermail/mailscanner/2006-June/thread.html ... whioch doesn't seem to thread that well... Oh well. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martinh at solid-state-logic.com Mon Jun 5 11:43:15 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Jun 5 11:43:25 2006 Subject: Instructions for FreeBSD In-Reply-To: <44840490.9080600@haigmail.com> Message-ID: <090701c6888c$d995a5e0$3004010a@martinhlaptop> Lance Yes - best way I found is to install spamassassin via CPAN (drops things into non-freebsd specific locations), DCC from source (the port seemed to be broke when I tried it). I don't run razor here so I can't guide you on this one. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Lance Haig > Sent: 05 June 2006 11:17 > To: MailScanner discussion > Subject: Re: Instructions for FreeBSD > > Martin, > > Apologies for the "dumb" question > > Do I need to install the other apps as I would do on a Suse box? > DCC Razor etc... Spamassassin > > Thanks > > Lance > > > Martin Hepworth wrote: > > Lance > > Then download the tar.gz, unzip/untar it and run the ./install.sh > script. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Lance Haig > Sent: 05 June 2006 10:44 > To: MailScanner discussion > Subject: Re: Instructions for FreeBSD > > Hi martin, > > I want to use the tar as I also am on the beta list > > Lance > > Martin Hepworth wrote: > > Lance > > Depends on whether you want to install via ports or via > the generic > Unix > .tar.gz . > > I use the tar.gz but then I help out with the beta a lot > and > therefore can't > wait for JP to update the ports. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Lance > Haig > Sent: 04 June 2006 09:23 > To: MailScanner discussion > Subject: Instructions for FreeBSD > > Has anyone got some documentation on how to > install > MailScanner on > FreeBSD. > > > I would appreciate it as I will be using FreeBSD > for the > > > first > > > time and > would appreciate some help. > > I have looked on the wiki but can see or find > documentation. > > Thanks > > Lance > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read > http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off > the > website! > > > > > > ******************************************************************** > ** > > This email and any files transmitted with it are > confidential and > intended solely for the use of the individual or entity > to whom they > are addressed. If you have received this email in error > please > notify > the system manager. > > This footnote confirms that this email message has been > swept > for the presence of computer viruses and is believed to > be clean. > > > ******************************************************************** > ** > > > > > -- > > Lance Haig > Director > > Work: 07967967108 > Mobile: 07967967108 > Email: lhaig@haigmail.com > > http://www.linkedin.com/in/lancehaig > > HaigMail dot Com > > > See who we know in common > > > Want a signature like this? > > > > > > > ******************************************************************** > ** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please > notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ******************************************************************** > ** > > > > > -- > > Lance Haig > Director > > Work: 07967967108 > Mobile: 07967967108 > Email: lhaig@haigmail.com > > http://www.linkedin.com/in/lancehaig > > HaigMail dot Com > > See who we know in common > Want a signature like this? ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Mon Jun 5 12:06:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 5 12:06:49 2006 Subject: Instructions for FreeBSD In-Reply-To: <090701c6888c$d995a5e0$3004010a@martinhlaptop> References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> Message-ID: Is my ClamAV+SA package useless on FreeBSD? If so, why, and is there anything easy I could do to fix it? It's just that it does all sorts of other tweaks and settings for you, as well as just build and install the packages. I guess I could just document all the tweaks it does on the wiki. Is that actually the best solution? On 5 Jun 2006, at 11:43, Martin Hepworth wrote: > Lance > > Yes - best way I found is to install spamassassin via CPAN (drops > things > into non-freebsd specific locations), DCC from source (the port > seemed to be > broke when I tried it). I don't run razor here so I can't guide you > on this > one. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Lance Haig >> Sent: 05 June 2006 11:17 >> To: MailScanner discussion >> Subject: Re: Instructions for FreeBSD >> >> Martin, >> >> Apologies for the "dumb" question >> >> Do I need to install the other apps as I would do on a Suse box? >> DCC Razor etc... Spamassassin >> >> Thanks >> >> Lance >> >> >> Martin Hepworth wrote: >> >> Lance >> >> Then download the tar.gz, unzip/untar it and run the ./install.sh >> script. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Lance Haig >> Sent: 05 June 2006 10:44 >> To: MailScanner discussion >> Subject: Re: Instructions for FreeBSD >> >> Hi martin, >> >> I want to use the tar as I also am on the beta list >> >> Lance >> >> Martin Hepworth wrote: >> >> Lance >> >> Depends on whether you want to install via ports or > via >> the generic >> Unix >> .tar.gz . >> >> I use the tar.gz but then I help out with the beta a > lot >> and >> therefore can't >> wait for JP to update the ports. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> >> -----Original Message----- >> From: > mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of > Lance >> Haig >> Sent: 04 June 2006 09:23 >> To: MailScanner discussion >> Subject: Instructions for FreeBSD >> >> Has anyone got some documentation on how to >> install >> MailScanner on >> FreeBSD. >> >> >> I would appreciate it as I will be using > FreeBSD >> for the >> >> >> first >> >> >> time and >> would appreciate some help. >> >> I have looked on the wiki but can see or > find >> documentation. >> >> Thanks >> >> Lance >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read >> http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the > book off >> the >> website! >> >> >> >> >> >> ******************************************************************** >> ** >> >> This email and any files transmitted with it are >> confidential and >> intended solely for the use of the individual or > entity >> to whom they >> are addressed. If you have received this email in > error >> please >> notify >> the system manager. >> >> This footnote confirms that this email message has > been >> swept >> for the presence of computer viruses and is believed > to >> be clean. >> >> >> ******************************************************************** >> ** >> >> >> >> >> -- >> >> Lance Haig >> Director >> >> Work: 07967967108 >> Mobile: 07967967108 >> Email: lhaig@haigmail.com >> >> http://www.linkedin.com/in/lancehaig >> >> HaigMail dot Com >> >> >> See who we know in common >> >> >> Want a signature like this? >> >> >> >> >> >> >> ******************************************************************** >> ** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please >> notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ******************************************************************** >> ** >> >> >> >> >> -- >> >> Lance Haig >> Director >> >> Work: 07967967108 >> Mobile: 07967967108 >> Email: lhaig@haigmail.com >> >> http://www.linkedin.com/in/lancehaig >> >> HaigMail dot Com >> >> See who we know in common >> Want a signature like this? > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From lhaig at haigmail.com Mon Jun 5 12:20:06 2006 From: lhaig at haigmail.com (Lance Haig) Date: Mon Jun 5 12:20:15 2006 Subject: Instructions for FreeBSD In-Reply-To: References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> Message-ID: <44841366.9090805@haigmail.com> Hi Julian, I will try it today. I was just concerned as I am not fluent in FreeBSD and the server I am using is a mare to get to if I "break" it. I will let you know Thanks Lance Julian Field wrote: > Is my ClamAV+SA package useless on FreeBSD? > If so, why, and is there anything easy I could do to fix it? > It's just that it does all sorts of other tweaks and settings for you, > as well as just build and install the packages. > > I guess I could just document all the tweaks it does on the wiki. Is > that actually the best solution? > > On 5 Jun 2006, at 11:43, Martin Hepworth wrote: > >> Lance >> >> Yes - best way I found is to install spamassassin via CPAN (drops things >> into non-freebsd specific locations), DCC from source (the port >> seemed to be >> broke when I tried it). I don't run razor here so I can't guide you >> on this >> one. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Lance Haig >>> Sent: 05 June 2006 11:17 >>> To: MailScanner discussion >>> Subject: Re: Instructions for FreeBSD >>> >>> Martin, >>> >>> Apologies for the "dumb" question >>> >>> Do I need to install the other apps as I would do on a Suse box? >>> DCC Razor etc... Spamassassin >>> >>> Thanks >>> >>> Lance >>> >>> >>> Martin Hepworth wrote: >>> >>> Lance >>> >>> Then download the tar.gz, unzip/untar it and run the ./install.sh >>> script. >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Lance Haig >>> Sent: 05 June 2006 10:44 >>> To: MailScanner discussion >>> Subject: Re: Instructions for FreeBSD >>> >>> Hi martin, >>> >>> I want to use the tar as I also am on the beta list >>> >>> Lance >>> >>> Martin Hepworth wrote: >>> >>> Lance >>> >>> Depends on whether you want to install via ports or >> via >>> the generic >>> Unix >>> .tar.gz . >>> >>> I use the tar.gz but then I help out with the beta a >> lot >>> and >>> therefore can't >>> wait for JP to update the ports. >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> >>> -----Original Message----- >>> From: >> mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of >> Lance >>> Haig >>> Sent: 04 June 2006 09:23 >>> To: MailScanner discussion >>> Subject: Instructions for FreeBSD >>> >>> Has anyone got some documentation on how to >>> install >>> MailScanner on >>> FreeBSD. >>> >>> >>> I would appreciate it as I will be using >> FreeBSD >>> for the >>> >>> >>> first >>> >>> >>> time and >>> would appreciate some help. >>> >>> I have looked on the wiki but can see or >> find >>> documentation. >>> >>> Thanks >>> >>> Lance >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read >>> http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the >> book off >>> the >>> website! >>> >>> >>> >>> >>> >>> ******************************************************************** >>> >>> ** >>> >>> This email and any files transmitted with it are >>> confidential and >>> intended solely for the use of the individual or >> entity >>> to whom they >>> are addressed. If you have received this email in >> error >>> please >>> notify >>> the system manager. >>> >>> This footnote confirms that this email message has >> been >>> swept >>> for the presence of computer viruses and is believed >> to >>> be clean. >>> >>> >>> ******************************************************************** >>> >>> ** >>> >>> >>> >>> >>> -- >>> >>> Lance Haig >>> Director >>> >>> Work: 07967967108 >>> Mobile: 07967967108 >>> Email: lhaig@haigmail.com >>> >>> http://www.linkedin.com/in/lancehaig >>> >>> HaigMail dot Com >>> >>> >>> See who we know in common >>> >>> >>> Want a signature like this? >>> >>> >>> >>> >>> >>> >>> ******************************************************************** >>> >>> ** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom >>> they >>> are addressed. If you have received this email in error please >>> notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ******************************************************************** >>> >>> ** >>> >>> >>> >>> >>> -- >>> >>> Lance Haig >>> Director >>> >>> Work: 07967967108 >>> Mobile: 07967967108 >>> Email: lhaig@haigmail.com >>> >>> http://www.linkedin.com/in/lancehaig >>> >>> HaigMail dot Com >>> >>> See who we know in common >>> Want a signature like this? >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > --Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > --This message has been scanned for viruses and > dangerous content by Red Armour MailScanner, and is > believed to be clean. http://www.redarmour.co.uk > > > -- *Lance Haig* Director *Work:* 07967967108 *Mobile:* 07967967108 *Email:* lhaig@haigmail.com *http://www.linkedin.com/in/lancehaig * * * *HaigMail dot Com* See who we know in common Want a signature like this? -------------- next part -------------- Skipped content of type multipart/related From glenn.steen at gmail.com Mon Jun 5 12:20:39 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 5 12:20:43 2006 Subject: Body text garbled UTF-8/BASE64 combination In-Reply-To: References: <223f97700606050150r2a18ab5bn9245f03fd78db6e7@mail.gmail.com> Message-ID: <223f97700606050420l6499c71erb89e7ee1a07a7c18@mail.gmail.com> On 05/06/06, Chris Green wrote: (snip) > One of the reasons I started using Debian was because of it's reputation > with stability. It follows that some packages are going to be well out of > date. I totally agree with you about using the latest and greatest here > though - so compiling from source is where I'm headed. Depending on which release of Debian you look at, it can be well more than mouldy versions... "Prehistoric" comes to mind:-). That said, it does have stability, true. But so do many other distros too, and without sticking to outdated releases... Oh well, "Holy wars have started over less"...:-). > Thanks for your comments and help, I'm only six months into Linux and it > REALLY helps getting a leg up every now and again. I've left a beer for you > in your local bar - just go up to the barman and ask for it :-) > We've all been "new to Linux" at one point in time or other, and most have good enough memories to remember what it was like (well, I came from Unix to linux, sort of, and have never really left Unix.... And it was rather early... was it version 0.96? Not that good memopry after all:-)... The crowd here is generally a helpfull bunch, so ... Don't hesitate to ask if you find another "stumbling block"! -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Jun 5 12:24:15 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 5 12:24:17 2006 Subject: Body text garbled UTF-8/BASE64 combination In-Reply-To: <223f97700606050420l6499c71erb89e7ee1a07a7c18@mail.gmail.com> References: <223f97700606050150r2a18ab5bn9245f03fd78db6e7@mail.gmail.com> <223f97700606050420l6499c71erb89e7ee1a07a7c18@mail.gmail.com> Message-ID: <223f97700606050424r7e46c4a0gf80f2a4398192c4@mail.gmail.com> On 05/06/06, Glenn Steen wrote: > On 05/06/06, Chris Green wrote: > (snip) > > One of the reasons I started using Debian was because of it's reputation > > with stability. It follows that some packages are going to be well out of > > date. I totally agree with you about using the latest and greatest here > > though - so compiling from source is where I'm headed. > > Depending on which release of Debian you look at, it can be well more > than mouldy versions... "Prehistoric" comes to mind:-). That said, it > does have stability, true. > But so do many other distros too, and without sticking to outdated > releases... Oh well, "Holy wars have started over less"...:-). > > > Thanks for your comments and help, I'm only six months into Linux and it > > REALLY helps getting a leg up every now and again. I've left a beer for you > > in your local bar - just go up to the barman and ask for it :-) > > > We've all been "new to Linux" at one point in time or other, and most > have good enough memories to remember what it was like (well, I came > from Unix to linux, sort of, and have never really left Unix.... And > it was rather early... was it version 0.96? Not that good memopry > after all:-)... The crowd here is generally a helpfull bunch, so ... > Don't hesitate to ask if you find another "stumbling block"! Oh, and thanks for the beer... It fit nicely with lunch:-):-) (This "replying to oneself" is a thing you need practice a bit... Since you are using Postfix, it is mandatory... Don't ask why, none will be able to give a coherent answer:-):-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martinh at solid-state-logic.com Mon Jun 5 12:27:41 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Jun 5 12:28:18 2006 Subject: Instructions for FreeBSD In-Reply-To: Message-ID: <091d01c68893$107aa140$3004010a@martinhlaptop> Jules FreeBSD doesn't do rpm..... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 05 June 2006 12:07 > To: MailScanner discussion > Subject: Re: Instructions for FreeBSD > > Is my ClamAV+SA package useless on FreeBSD? > If so, why, and is there anything easy I could do to fix it? > It's just that it does all sorts of other tweaks and settings for > you, as well as just build and install the packages. > > I guess I could just document all the tweaks it does on the wiki. Is > that actually the best solution? > > On 5 Jun 2006, at 11:43, Martin Hepworth wrote: > > > Lance > > > > Yes - best way I found is to install spamassassin via CPAN (drops > > things > > into non-freebsd specific locations), DCC from source (the port > > seemed to be > > broke when I tried it). I don't run razor here so I can't guide you > > on this > > one. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Lance Haig > >> Sent: 05 June 2006 11:17 > >> To: MailScanner discussion > >> Subject: Re: Instructions for FreeBSD > >> > >> Martin, > >> > >> Apologies for the "dumb" question > >> > >> Do I need to install the other apps as I would do on a Suse box? > >> DCC Razor etc... Spamassassin > >> > >> Thanks > >> > >> Lance > >> > >> > >> Martin Hepworth wrote: > >> > >> Lance > >> > >> Then download the tar.gz, unzip/untar it and run the ./install.sh > >> script. > >> > >> -- > >> Martin Hepworth > >> Snr Systems Administrator > >> Solid State Logic > >> Tel: +44 (0)1865 842300 > >> > >> > >> > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Lance Haig > >> Sent: 05 June 2006 10:44 > >> To: MailScanner discussion > >> Subject: Re: Instructions for FreeBSD > >> > >> Hi martin, > >> > >> I want to use the tar as I also am on the beta list > >> > >> Lance > >> > >> Martin Hepworth wrote: > >> > >> Lance > >> > >> Depends on whether you want to install via ports or > > via > >> the generic > >> Unix > >> .tar.gz . > >> > >> I use the tar.gz but then I help out with the beta a > > lot > >> and > >> therefore can't > >> wait for JP to update the ports. > >> > >> -- > >> Martin Hepworth > >> Snr Systems Administrator > >> Solid State Logic > >> Tel: +44 (0)1865 842300 > >> > >> > >> > >> -----Original Message----- > >> From: > > mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of > > Lance > >> Haig > >> Sent: 04 June 2006 09:23 > >> To: MailScanner discussion > >> Subject: Instructions for FreeBSD > >> > >> Has anyone got some documentation on how to > >> install > >> MailScanner on > >> FreeBSD. > >> > >> > >> I would appreciate it as I will be using > > FreeBSD > >> for the > >> > >> > >> first > >> > >> > >> time and > >> would appreciate some help. > >> > >> I have looked on the wiki but can see or > > find > >> documentation. > >> > >> Thanks > >> > >> Lance > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read > >> http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the > > book off > >> the > >> website! > >> > >> > >> > >> > >> > >> ******************************************************************** > >> ** > >> > >> This email and any files transmitted with it are > >> confidential and > >> intended solely for the use of the individual or > > entity > >> to whom they > >> are addressed. If you have received this email in > > error > >> please > >> notify > >> the system manager. > >> > >> This footnote confirms that this email message has > > been > >> swept > >> for the presence of computer viruses and is believed > > to > >> be clean. > >> > >> > >> ******************************************************************** > >> ** > >> > >> > >> > >> > >> -- > >> > >> Lance Haig > >> Director > >> > >> Work: 07967967108 > >> Mobile: 07967967108 > >> Email: lhaig@haigmail.com > >> > >> http://www.linkedin.com/in/lancehaig > >> > >> HaigMail dot Com > >> > >> > >> See who we know in common > >> > >> > >> Want a signature like this? > >> > >> > >> > >> > >> > >> > >> ******************************************************************** > >> ** > >> > >> This email and any files transmitted with it are confidential and > >> intended solely for the use of the individual or entity to whom they > >> are addressed. If you have received this email in error please > >> notify > >> the system manager. > >> > >> This footnote confirms that this email message has been swept > >> for the presence of computer viruses and is believed to be clean. > >> > >> ******************************************************************** > >> ** > >> > >> > >> > >> > >> -- > >> > >> Lance Haig > >> Director > >> > >> Work: 07967967108 > >> Mobile: 07967967108 > >> Email: lhaig@haigmail.com > >> > >> http://www.linkedin.com/in/lancehaig > >> > >> HaigMail dot Com > >> > >> See who we know in common > >> Want a signature like this? > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From dave.list at pixelhammer.com Mon Jun 5 12:33:30 2006 From: dave.list at pixelhammer.com (DAve) Date: Mon Jun 5 12:33:56 2006 Subject: Instructions for FreeBSD In-Reply-To: References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> Message-ID: <4484168A.6000709@pixelhammer.com> Julian Field wrote: > Is my ClamAV+SA package useless on FreeBSD? Not at all. > If so, why, and is there anything easy I could do to fix it? > It's just that it does all sorts of other tweaks and settings for you, > as well as just build and install the packages. The issue it not whether your package works but whether your package installs in the same manner as other FreeBSD software. I use non FreeBSD installs all the time, you will find most FreeBSD admins have no problem with non FreeBSD installs. > > I guess I could just document all the tweaks it does on the wiki. Is > that actually the best solution? You could simply make your installer script FreeBSD aware and everything would be fine. Jan would be the man to talk to, as he maintains the FreeBSD port he already knows what needs to be where for a FreeBSD system. For the record, I only use the port because I wanted to try and maintain a FreeBSD box via the portupgrade system (somewhat like YUM or apget). Otherwise I would have no problem using your installer. Also for the record, I'm not impressed and will be converting back to installing via tarball after the next OS upgrade. The ports system isn't really any better than RPMs, YUM, apget, etc. This weekend I upgraded MailScanner and SpamAssassin on two servers and ended up deep inside of dependancy hell. A tarball install would have been faster. Note, upgrading from 4.38 to 4.54.6 showed a marked speed improvement. My processing speed jumped up in MailScanner-mrtg on the minute I restarted MailScanner, literaly, it is 10x faster. Thanks! DAve > > On 5 Jun 2006, at 11:43, Martin Hepworth wrote: > >> Lance >> >> Yes - best way I found is to install spamassassin via CPAN (drops things >> into non-freebsd specific locations), DCC from source (the port seemed >> to be >> broke when I tried it). I don't run razor here so I can't guide you on >> this >> one. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Lance Haig >>> Sent: 05 June 2006 11:17 >>> To: MailScanner discussion >>> Subject: Re: Instructions for FreeBSD >>> >>> Martin, >>> >>> Apologies for the "dumb" question >>> >>> Do I need to install the other apps as I would do on a Suse box? >>> DCC Razor etc... Spamassassin >>> >>> Thanks >>> >>> Lance >>> >>> >>> Martin Hepworth wrote: >>> >>> Lance >>> >>> Then download the tar.gz, unzip/untar it and run the ./install.sh >>> script. >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Lance Haig >>> Sent: 05 June 2006 10:44 >>> To: MailScanner discussion >>> Subject: Re: Instructions for FreeBSD >>> >>> Hi martin, >>> >>> I want to use the tar as I also am on the beta list >>> >>> Lance >>> >>> Martin Hepworth wrote: >>> >>> Lance >>> >>> Depends on whether you want to install via ports or >> via >>> the generic >>> Unix >>> .tar.gz . >>> >>> I use the tar.gz but then I help out with the beta a >> lot >>> and >>> therefore can't >>> wait for JP to update the ports. >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> >>> -----Original Message----- >>> From: >> mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of >> Lance >>> Haig >>> Sent: 04 June 2006 09:23 >>> To: MailScanner discussion >>> Subject: Instructions for FreeBSD >>> >>> Has anyone got some documentation on how to >>> install >>> MailScanner on >>> FreeBSD. >>> >>> >>> I would appreciate it as I will be using >> FreeBSD >>> for the >>> >>> >>> first >>> >>> >>> time and >>> would appreciate some help. >>> >>> I have looked on the wiki but can see or >> find >>> documentation. >>> >>> Thanks >>> >>> Lance >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read >>> http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the >> book off >>> the >>> website! >>> >>> >>> >>> >>> >>> ******************************************************************** >>> ** >>> >>> This email and any files transmitted with it are >>> confidential and >>> intended solely for the use of the individual or >> entity >>> to whom they >>> are addressed. If you have received this email in >> error >>> please >>> notify >>> the system manager. >>> >>> This footnote confirms that this email message has >> been >>> swept >>> for the presence of computer viruses and is believed >> to >>> be clean. >>> >>> >>> ******************************************************************** >>> ** >>> >>> >>> >>> >>> -- >>> >>> Lance Haig >>> Director >>> >>> Work: 07967967108 >>> Mobile: 07967967108 >>> Email: lhaig@haigmail.com >>> >>> http://www.linkedin.com/in/lancehaig >>> >>> HaigMail dot Com >>> >>> >>> See who we know in common >>> >>> >>> Want a signature like this? >>> >>> >>> >>> >>> >>> >>> ******************************************************************** >>> ** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please >>> notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ******************************************************************** >>> ** >>> >>> >>> >>> >>> -- >>> >>> Lance Haig >>> Director >>> >>> Work: 07967967108 >>> Mobile: 07967967108 >>> Email: lhaig@haigmail.com >>> >>> http://www.linkedin.com/in/lancehaig >>> >>> HaigMail dot Com >>> >>> See who we know in common >>> Want a signature like this? >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > --Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From grover1711 at gmail.com Mon Jun 5 12:41:10 2006 From: grover1711 at gmail.com (ankush grover) Date: Mon Jun 5 12:41:12 2006 Subject: PerMsgStatus.pm patch failed with SpamAssassin 3.001001 on FC3 with MailScanner 4.44 Message-ID: <5f638b360606050441r413833d1u313be9a584afab42@mail.gmail.com> hey friends, I am running MailScanner 4.44.4 on FC3 with postfix 2.1.5. I am trying to configure MCP checks . I am following the settings from the below url: http://www.mailscanner.info/install/mcp/ find /usr/lib -name SpamAssassin -print returns 3 directories /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Mail/SpamAssassin /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin 1 & 3 directory both contains below files Conf.pm, Message.pm and PerMsgStatus.pm. SpamAssassin Version is 3.001001 When I tried to patch the 1st directory patch < PerMsgStatus.pm.patch.3.0.0 patching file PerMsgStatus.pm Hunk #1 FAILED at 157. 1 out of 1 hunk FAILED -- saving rejects to file PerMsgStatus.pm.rej other 2 patches worked without any problem. Which directory should I patch 1 or 3 and why the patch for PerMsgStatus is failing ? Please let me know if you need any further inputs. Thanks & Regards Ankush Grover From glenn.steen at gmail.com Mon Jun 5 14:04:34 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 5 14:04:40 2006 Subject: PerMsgStatus.pm patch failed with SpamAssassin 3.001001 on FC3 with MailScanner 4.44 In-Reply-To: <5f638b360606050441r413833d1u313be9a584afab42@mail.gmail.com> References: <5f638b360606050441r413833d1u313be9a584afab42@mail.gmail.com> Message-ID: <223f97700606050604s3baa2d09s58ae9bb5d8b5a2ba@mail.gmail.com> On 05/06/06, ankush grover wrote: (snip)> > SpamAssassin Version is 3.001001 > > When I tried to patch the 1st directory > patch < PerMsgStatus.pm.patch.3.0.0 > patching file PerMsgStatus.pm > Hunk #1 FAILED at 157. > 1 out of 1 hunk FAILED -- saving rejects to file PerMsgStatus.pm.rej > > other 2 patches worked without any problem. If I read this right (which I'm pretty certain I do:-), you are using the wrong set of patches. You should use the ones for 3.1.1, not the ones for 3.0.0 ... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Mon Jun 5 15:11:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 5 15:12:10 2006 Subject: Instructions for FreeBSD In-Reply-To: <4484168A.6000709@pixelhammer.com> References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> <4484168A.6000709@pixelhammer.com> Message-ID: On 5 Jun 2006, at 12:33, DAve wrote: > Julian Field wrote: >> Is my ClamAV+SA package useless on FreeBSD? > > Not at all. > >> If so, why, and is there anything easy I could do to fix it? >> It's just that it does all sorts of other tweaks and settings for >> you, as well as just build and install the packages. > > The issue it not whether your package works but whether your > package installs in the same manner as other FreeBSD software. I > use non FreeBSD installs all the time, you will find most FreeBSD > admins have no problem with non FreeBSD installs. > >> I guess I could just document all the tweaks it does on the wiki. >> Is that actually the best solution? > > You could simply make your installer script FreeBSD aware and > everything would be fine. Jan would be the man to talk to, as he > maintains the FreeBSD port he already knows what needs to be where > for a FreeBSD system. Okay, I will contact Jan-Peter, and find out what should be where. > Note, upgrading from 4.38 to 4.54.6 showed a marked speed > improvement. My processing speed jumped up in MailScanner-mrtg on > the minute I restarted MailScanner, literaly, it is 10x faster. > Thanks! The speed improvements all came together at version 4.50. I should have done a version number jump then and gone to version 5.00, but at the time I didn't think it was right. The speedup was pretty big! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From danc at bluestarshows.com Mon Jun 5 15:24:26 2006 From: danc at bluestarshows.com (Dan Carl) Date: Mon Jun 5 15:27:02 2006 Subject: post-install spamassassin debug yields nothing Message-ID: <032d01c688ab$c0321290$0200000a@danc3> First of all I've been a happy Mailscanner user for several years now thanks for the great software. I started getting more spam so I decided to upgrade to: MailScanner Version Number = 4.54.6 SpamAssassin version 3.1.2 The upgrade seemed to go fine but now when I issue the command: spamassassin -D -lint -p /etc/MailScanner/spam.assassin.prefs.conf Nothing happens, I have to ctrl C to get back to a prompt. If I issue the command: spamassassin -D it gets a far as here [32085] dbg: dns: Net::DNS version: 0.57 and stops If I run analyze_SpamAssassin_cache --------- TOTALS --------- Total records: 286 First seen (oldest): 77768 sec First seen (newest): 6 sec Last seen (oldest): 14958 sec Last seen (newest): 6 sec Cache Hit Rate 10% Been through logs, google, wiki Can anyone help? System Info: P3-550, 640MB RAM, Fedora Core 3, 3000messages/day Razor, Pyzor, DCC From campbell at cnpapers.com Mon Jun 5 15:49:49 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Jun 5 15:50:04 2006 Subject: bdc and clamscan always high on top Message-ID: <000f01c688af$4bfd3ea0$0705000a@DDF5DW71> I'm not sure if this is normal, but bdc and clamscan always seems to be on the top of top's list now. They usually state something around 20% CPU for each of the most active processes for both. My load average is around 5-6, and swapping is minimal, although memory usage is almost 100%. I know more RAM would help, but .... My main concern is using Mailwatch, where it really takes time to load all but the "Recent messages" page. I thought this might be MySQL related, but this doesn't show as a problem anywhere. The machine does keep up. I get around 40K messages per day. Would lowering or raising the Max Children benefit this condition, in anyone's opinion? I can see advantages in both lowering and raising it from 5. This is a hyperthreaded machine, showing two CPUs on top. Due to the recent discussion about Clam config files, I thought I might ask - is there something to speed up the Clam and Bitdefender stuff other than the Clam module? Does it sound like the number of messages being scanned is too high per process? This is not the latest Clam, but the prior release, and the free Bitdefender for Linux. Steve Campbell campbell@cnpapers.com Charleston Newspapers From MailScanner at ecs.soton.ac.uk Mon Jun 5 15:54:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 5 15:55:14 2006 Subject: Installing ClamAV & SpamAssassin by hand Message-ID: Folks, On 5 Jun 2006, at 12:33, DAve wrote: > Julian Field wrote: >> Is my ClamAV+SA package useless on FreeBSD? >> I guess I could just document all the tweaks it does on the wiki. >> Is that actually the best solution? I have just written out the process on the Wiki. The page is at http://wiki.mailscanner.info/doku.php?id=documentation:clamav_sa It shows all the gory details, including all the steps you would have to take if you insist (or for a good reason) on doing it by hand rather than using my package. There's quite a lot of it, and it took a few revisions to get right :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From gborders at jlewiscooper.com Mon Jun 5 16:40:37 2006 From: gborders at jlewiscooper.com (Greg Borders) Date: Mon Jun 5 16:41:02 2006 Subject: post-install spamassassin debug yields nothing In-Reply-To: <032d01c688ab$c0321290$0200000a@danc3> References: <032d01c688ab$c0321290$0200000a@danc3> Message-ID: <44845075.7010608@jlewiscooper.com> Dan Carl wrote: > First of all I've been a happy Mailscanner user for several years now thanks > for the great software. > I started getting more spam so I decided to upgrade to: > MailScanner Version Number = 4.54.6 > SpamAssassin version 3.1.2 > > The upgrade seemed to go fine but now when I issue the command: > spamassassin -D -lint -p /etc/MailScanner/spam.assassin.prefs.conf > Nothing happens, I have to ctrl C to get back to a prompt. > It takes a --lint to do the diagnosis. Without the double dash, SA thinks it's -l, which isn't a proper command, and leave you hung inside SA. Try again with double dash. And IIRC, you don't need the -p switch anymore, the symlink instlled by latest versions will find the proper conf file. spamassassin -D --lint Good luck! Greg Borders Sys. Admin. JLC Co. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Mon Jun 5 16:41:22 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Jun 5 16:41:33 2006 Subject: post-install spamassassin debug yields nothing In-Reply-To: <032d01c688ab$c0321290$0200000a@danc3> References: <032d01c688ab$c0321290$0200000a@danc3> Message-ID: <448450A2.2090601@evi-inc.com> Dan Carl wrote: > First of all I've been a happy Mailscanner user for several years now thanks > for the great software. > I started getting more spam so I decided to upgrade to: > MailScanner Version Number = 4.54.6 > SpamAssassin version 3.1.2 > > The upgrade seemed to go fine but now when I issue the command: > spamassassin -D -lint -p /etc/MailScanner/spam.assassin.prefs.conf You need two -'s in front of lint. Try: spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf > Nothing happens, I have to ctrl C to get back to a prompt. Yes, because SA didn't recognize your lint parameter, so it's waiting for mail input. From martinh at solid-state-logic.com Mon Jun 5 16:46:29 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Jun 5 16:46:38 2006 Subject: Installing ClamAV & SpamAssassin by hand In-Reply-To: Message-ID: <093a01c688b7$36509040$3004010a@martinhlaptop> Jules Talks about ClamAV, but not much about spamassassin (apart from the perl modules). For Spamassassin I always use CPAN which installs all the prerequites as well.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 05 June 2006 15:55 > To: MailScanner mailing list > Subject: Installing ClamAV & SpamAssassin by hand > > Folks, > > On 5 Jun 2006, at 12:33, DAve wrote: > > Julian Field wrote: > >> Is my ClamAV+SA package useless on FreeBSD? > >> I guess I could just document all the tweaks it does on the wiki. > >> Is that actually the best solution? > > I have just written out the process on the Wiki. The page is at > > http://wiki.mailscanner.info/doku.php?id=documentation:clamav_sa > > It shows all the gory details, including all the steps you would have > to take if you insist (or for a good reason) on doing it by hand > rather than using my package. > > There's quite a lot of it, and it took a few revisions to get right :-) > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Mon Jun 5 16:48:10 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Jun 5 16:48:24 2006 Subject: bdc and clamscan always high on top In-Reply-To: <000f01c688af$4bfd3ea0$0705000a@DDF5DW71> Message-ID: <093b01c688b7$727a53d0$3004010a@martinhlaptop> Steve How many of these 40k emails are for valid users???? I presume you're cleaning the Mailwatch DB out on a daily basis to remove old data??? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Steve Campbell > Sent: 05 June 2006 15:50 > To: MailScanner mailing list > Subject: bdc and clamscan always high on top > > I'm not sure if this is normal, but bdc and clamscan always seems to be on > the top of top's list now. They usually state something around 20% CPU for > each of the most active processes for both. My load average is around 5-6, > and swapping is minimal, although memory usage is almost 100%. I know more > RAM would help, but .... > > My main concern is using Mailwatch, where it really takes time to load all > but the "Recent messages" page. I thought this might be MySQL related, but > this doesn't show as a problem anywhere. The machine does keep up. I get > around 40K messages per day. > > Would lowering or raising the Max Children benefit this condition, in > anyone's opinion? I can see advantages in both lowering and raising it > from > 5. This is a hyperthreaded machine, showing two CPUs on top. > > Due to the recent discussion about Clam config files, I thought I might > ask - is there something to speed up the Clam and Bitdefender stuff other > than the Clam module? Does it sound like the number of messages being > scanned is too high per process? > > This is not the latest Clam, but the prior release, and the free > Bitdefender > for Linux. > > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From maillists at conactive.com Mon Jun 5 16:52:44 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Jun 5 16:52:44 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: <65C0B9C2-50A0-47C4-830D-2F43B1D3CB1D@ecs.soton.ac.uk> References: <65C0B9C2-50A0-47C4-830D-2F43B1D3CB1D@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Thu, 1 Jun 2006 17:01:53 +0100: > No, as I don't know what country you might be in. It just gets it > working for you, saving new users a nasty catch which will confuse > them entirely. Doing things like this annoys me, as they don't > produce a nice error message telling the user what they need to do to > alleviate the problem. I think it'd be good to alert the user to edit freshclam.conf and add a local database mirror from the list at http://www.clamav.net/mirrors.html Otherwise you make all of them query the fallback round-robin mirror which puts unnecessary extra load on it. You still can be sure that many new users won't do that unless you force them to do it. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon Jun 5 16:52:44 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Jun 5 16:52:45 2006 Subject: Another call for improvements In-Reply-To: <448072CC.3070007@yeticomputers.com> References: <447CB0F3.5070401@ecs.soton.ac.uk> <448072CC.3070007@yeticomputers.com> Message-ID: Rick Chadderdon wrote on Fri, 02 Jun 2006 13:18:04 -0400: > I think it would be terribly irresponsible to automatically report > programmatically detected spam, no matter what the score is. I agree. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon Jun 5 16:52:44 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Jun 5 16:52:48 2006 Subject: post-install spamassassin debug yields nothing In-Reply-To: <032d01c688ab$c0321290$0200000a@danc3> References: <032d01c688ab$c0321290$0200000a@danc3> Message-ID: Dan Carl wrote on Mon, 5 Jun 2006 09:24:26 -0500: > The upgrade seemed to go fine but now when I issue the command: > spamassassin -D -lint -p /etc/MailScanner/spam.assassin.prefs.conf Newer MailScanner puts a symlink to the prefs file in /etc/mail/spamassassin, so you should be fine with doing spamassassin -D --lint > Nothing happens, I have to ctrl C to get back to a prompt. > If I issue the command: > spamassassin -D This won't do anything unless you pipe or read a message to it. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mikej at rogers.com Mon Jun 5 17:01:11 2006 From: mikej at rogers.com (Mike Jakubik) Date: Mon Jun 5 17:01:07 2006 Subject: Instructions for FreeBSD In-Reply-To: <44841366.9090805@haigmail.com> References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> <44841366.9090805@haigmail.com> Message-ID: <44845547.1050400@rogers.com> Lance Haig wrote: > Hi Julian, > > I will try it today. > > I was just concerned as I am not fluent in FreeBSD and the server I am > using is a mare to get to if I "break" it. > > I will let you know In which case your are much much better off sticking to the ports, instead of manually installing stuff. From mikej at rogers.com Mon Jun 5 17:07:12 2006 From: mikej at rogers.com (Mike Jakubik) Date: Mon Jun 5 17:07:05 2006 Subject: Instructions for FreeBSD In-Reply-To: References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> Message-ID: <448456B0.1070600@rogers.com> Julian Field wrote: > Is my ClamAV+SA package useless on FreeBSD? > If so, why, and is there anything easy I could do to fix it? Not sure about that, but its much easier and properly organized (obedience of hier) to use the ports on FreeBSD. Jan-Peter is doing a good job at maintaining the port. When you install the MS port, an option menu lets you select things like ClamAV, Razor, and SA as a dependency. It is then very easy to keep things up to date with the portupgrade script. > It's just that it does all sorts of other tweaks and settings for you, > as well as just build and install the packages. > > I guess I could just document all the tweaks it does on the wiki. Is > that actually the best solution? That sounds like a good idea. From danc at bluestarshows.com Mon Jun 5 17:06:43 2006 From: danc at bluestarshows.com (Dan Carl) Date: Mon Jun 5 17:09:12 2006 Subject: SOLVED post-install spamassassin debug yields nothing References: <032d01c688ab$c0321290$0200000a@danc3> <44845075.7010608@jlewiscooper.com> Message-ID: <035801c688ba$0a21f510$0200000a@danc3> Thanks for the help. In the post install wiki it shows only one dash. ----- Original Message ----- From: "Greg Borders" To: "MailScanner discussion" Sent: Monday, June 05, 2006 10:40 AM Subject: Re: post-install spamassassin debug yields nothing > > > Dan Carl wrote: > > First of all I've been a happy Mailscanner user for several years now thanks > > for the great software. > > I started getting more spam so I decided to upgrade to: > > MailScanner Version Number = 4.54.6 > > SpamAssassin version 3.1.2 > > > > The upgrade seemed to go fine but now when I issue the command: > > spamassassin -D -lint -p /etc/MailScanner/spam.assassin.prefs.conf > > Nothing happens, I have to ctrl C to get back to a prompt. > > > > It takes a --lint to do the diagnosis. Without the double dash, SA > thinks it's -l, which isn't a proper command, and leave you hung inside > SA. Try again with double dash. And IIRC, you don't need the -p switch > anymore, the symlink instlled by latest versions will find the proper > conf file. > > spamassassin -D --lint > > Good luck! > Greg Borders > Sys. Admin. > JLC Co. > > > > > > > -- > This transmission may contain information that is privileged, confidential > and/or exempt from disclosure under applicable law. If you are not the > intended recipient, you are hereby notified that any disclosure, copying, > distribution, or use of the information contained herein (including any > reliance thereon) is STRICTLY PROHIBITED. If you received this transmission > in error, please immediately contact the sender and destroy the material in > its entirety, whether in electronic or hard copy format. Thank you. > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mikej at rogers.com Mon Jun 5 17:10:39 2006 From: mikej at rogers.com (Mike Jakubik) Date: Mon Jun 5 17:10:32 2006 Subject: Instructions for FreeBSD In-Reply-To: <4484168A.6000709@pixelhammer.com> References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> <4484168A.6000709@pixelhammer.com> Message-ID: <4484577F.6040404@rogers.com> DAve wrote: > Julian Field wrote: > >> If so, why, and is there anything easy I could do to fix it? >> It's just that it does all sorts of other tweaks and settings for >> you, as well as just build and install the packages. > > The issue it not whether your package works but whether your package > installs in the same manner as other FreeBSD software. I use non > FreeBSD installs all the time, you will find most FreeBSD admins have > no problem with non FreeBSD installs. Having used FreeBSD since 2.x days, i would have to disagree with you. I dislike installing anything from source, as it usually creates a mess, and is harder to do maintenance on, things such as portaudit do not work, etc, etc... From mikej at rogers.com Mon Jun 5 17:11:42 2006 From: mikej at rogers.com (Mike Jakubik) Date: Mon Jun 5 17:11:38 2006 Subject: Instructions for FreeBSD In-Reply-To: <091d01c68893$107aa140$3004010a@martinhlaptop> References: <091d01c68893$107aa140$3004010a@martinhlaptop> Message-ID: <448457BE.4030706@rogers.com> Martin Hepworth wrote: > Jules > > FreeBSD doesn't do rpm..... > Not natively, but there is an rpm port. Still, better off not using it. From mikej at rogers.com Mon Jun 5 17:13:13 2006 From: mikej at rogers.com (Mike Jakubik) Date: Mon Jun 5 17:13:08 2006 Subject: Instructions for FreeBSD In-Reply-To: References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> <4484168A.6000709@pixelhammer.com> Message-ID: <44845819.9080903@rogers.com> Julian Field wrote: > > Okay, I will contact Jan-Peter, and find out what should be where. I believe the best way would be to submit patches to the port with the required changes, is that a possibility? From mikej at rogers.com Mon Jun 5 17:24:12 2006 From: mikej at rogers.com (Mike Jakubik) Date: Mon Jun 5 17:24:06 2006 Subject: Instructions for FreeBSD In-Reply-To: References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> <4484168A.6000709@pixelhammer.com> Message-ID: <44845AAC.9050506@rogers.com> Julian Field wrote: > > On 5 Jun 2006, at 12:33, DAve wrote: >> You could simply make your installer script FreeBSD aware and >> everything would be fine. Jan would be the man to talk to, as he >> maintains the FreeBSD port he already knows what needs to be where >> for a FreeBSD system. > > Okay, I will contact Jan-Peter, and find out what should be where. Also forgot to mention, if you put the files according to hier ( http://www.freebsd.org/cgi/man.cgi?query=hier ), you may cause a problem by conflicting with the port based counterparts. Therefore you should put the files in their own dirs. But again, i think the best solution is to patch the port accordingly. From prandal at herefordshire.gov.uk Mon Jun 5 17:36:01 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Jun 5 17:36:15 2006 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available! Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580D2114CD@isabella.herefordshire.gov.uk> FYI The files aren't on all mirrors yet, but can definitely be found at http://www.eu.apache.org/dist/spamassassin/ Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK -----Original Message----- From: Theo Van Dinter [mailto:felicity@apache.org] Sent: 05 June 2006 17:13 To: Spamassassin Users List; Spamassassin Devel List; Spamassassin Announcements List Subject: ANNOUNCE: Apache SpamAssassin 3.1.3 available! Apache SpamAssassin 3.1.3 is now available! This is a maintainance release of the 3.1.x branch. Downloads are available from: http://spamassassin.apache.org/downloads.cgi?update=200606050750 The release file will also be available via CPAN in the near future. md5sum of archive files: 5f049f0b9fc63585a85593a3c68409bb Mail-SpamAssassin-3.1.3.tar.bz2 32ad78f3cdaddb02cdf0f55572604d07 Mail-SpamAssassin-3.1.3.tar.gz 6cb6fc27c4466091b2bc4e04af8c39bf Mail-SpamAssassin-3.1.3.zip sha1sum of archive files: e1f4489ec8805985e0ca79765bde586bf0286725 Mail-SpamAssassin-3.1.3.tar.bz2 ed9e18fae6db86d0b77ce48d8262194e06df9ef8 Mail-SpamAssassin-3.1.3.tar.gz 090dfd3eaa0481789fbf94f67bcf9c2dd6387959 Mail-SpamAssassin-3.1.3.zip The release files also have a .asc accompanying them. The file serves as an external GPG signature for the given release file. The signing key is available via the wwwkeys.pgp.net key server, as well as http://spamassassin.apache.org/released/GPG-SIGNING-KEY The key information is: pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B 3.1.3 fixes a remote code execution vulnerability if spamd is run with the "--vpopmail" and "-P" options. If either/both of those options are not used, there is no vulnerability. There was also a fix for the userstate directory and prefs file not being created. Changelog: - bug 4926: given a certain set of parameters to spamd and a specially formatted input message, users could cause spamd to execute arbitrary commands as the spamd user - bug 4932: the userstate dir and userprefs file would not be created under certain conditions. From campbell at cnpapers.com Mon Jun 5 17:39:03 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Jun 5 17:39:28 2006 Subject: bdc and clamscan always high on top References: <093b01c688b7$727a53d0$3004010a@martinhlaptop> Message-ID: <001001c688be$8e51d810$0705000a@DDF5DW71> ----- Original Message ----- From: "Martin Hepworth" To: "'MailScanner discussion'" Sent: Monday, June 05, 2006 11:48 AM Subject: RE: bdc and clamscan always high on top > Steve > > How many of these 40k emails are for valid users???? Not very many. Sendmail kicks most of them out. I guess a milter (ahead, or something) would work here. But the problem is not really how many, but is the bdc/clamscan high CPU normal? > > I presume you're cleaning the Mailwatch DB out on a daily basis to remove > old data??? Yes, there are about 392K rows in the DB. I keep nine days work. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 Thanks for the interest and questions. Steve > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Steve Campbell >> Sent: 05 June 2006 15:50 >> To: MailScanner mailing list >> Subject: bdc and clamscan always high on top >> >> I'm not sure if this is normal, but bdc and clamscan always seems to be >> on >> the top of top's list now. They usually state something around 20% CPU >> for >> each of the most active processes for both. My load average is around >> 5-6, >> and swapping is minimal, although memory usage is almost 100%. I know >> more >> RAM would help, but .... >> >> My main concern is using Mailwatch, where it really takes time to load >> all >> but the "Recent messages" page. I thought this might be MySQL related, >> but >> this doesn't show as a problem anywhere. The machine does keep up. I get >> around 40K messages per day. >> >> Would lowering or raising the Max Children benefit this condition, in >> anyone's opinion? I can see advantages in both lowering and raising it >> from >> 5. This is a hyperthreaded machine, showing two CPUs on top. >> >> Due to the recent discussion about Clam config files, I thought I might >> ask - is there something to speed up the Clam and Bitdefender stuff >> other >> than the Clam module? Does it sound like the number of messages being >> scanned is too high per process? >> >> This is not the latest Clam, but the prior release, and the free >> Bitdefender >> for Linux. >> >> >> Steve Campbell >> campbell@cnpapers.com >> Charleston Newspapers >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ugob at camo-route.com Mon Jun 5 18:06:32 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Mon Jun 5 18:06:52 2006 Subject: SOLVED post-install spamassassin debug yields nothing In-Reply-To: <035801c688ba$0a21f510$0200000a@danc3> References: <032d01c688ab$c0321290$0200000a@danc3> <44845075.7010608@jlewiscooper.com> <035801c688ba$0a21f510$0200000a@danc3> Message-ID: Dan Carl wrote: > Thanks for the help. > In the post install wiki it shows only one dash. > ----- Original Message ----- > From: "Greg Borders" > To: "MailScanner discussion" > Sent: Monday, June 05, 2006 10:40 AM > Subject: Re: post-install spamassassin debug yields nothing > > >> >> Dan Carl wrote: >>> First of all I've been a happy Mailscanner user for several years now > thanks >>> for the great software. >>> I started getting more spam so I decided to upgrade to: >>> MailScanner Version Number = 4.54.6 >>> SpamAssassin version 3.1.2 >>> >>> The upgrade seemed to go fine but now when I issue the command: >>> spamassassin -D -lint -p /etc/MailScanner/spam.assassin.prefs.conf >>> Nothing happens, I have to ctrl C to get back to a prompt. >>> >> It takes a --lint to do the diagnosis. Without the double dash, SA >> thinks it's -l, which isn't a proper command, and leave you hung inside >> SA. Try again with double dash. And IIRC, you don't need the -p switch >> anymore, the symlink instlled by latest versions will find the proper >> conf file. >> >> spamassassin -D --lint The wiki changes -- into '-' unless we use tags, so please use tags as much as possible. From dave.list at pixelhammer.com Mon Jun 5 18:22:33 2006 From: dave.list at pixelhammer.com (DAve) Date: Mon Jun 5 18:22:54 2006 Subject: Instructions for FreeBSD In-Reply-To: <4484577F.6040404@rogers.com> References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> <4484168A.6000709@pixelhammer.com> <4484577F.6040404@rogers.com> Message-ID: <44846859.70906@pixelhammer.com> Mike Jakubik wrote: > DAve wrote: >> Julian Field wrote: >> >>> If so, why, and is there anything easy I could do to fix it? >>> It's just that it does all sorts of other tweaks and settings for >>> you, as well as just build and install the packages. >> >> The issue it not whether your package works but whether your package >> installs in the same manner as other FreeBSD software. I use non >> FreeBSD installs all the time, you will find most FreeBSD admins have >> no problem with non FreeBSD installs. > > Having used FreeBSD since 2.x days, i would have to disagree with you. I > dislike installing anything from source, as it usually creates a mess, > and is harder to do maintenance on, things such as portaudit do not > work, etc, etc... > I can only go back to 3.1, still have a passle of 3.5 CDs though ;^) I made the same argument from your side of the fence for quite a while, then I had to maintain a RedHat machine and a Debian machine. My attitude changed significantly. Packages/RPMs/Ports/whatever of any flavor are the Devils right hand IMO. I am using them now on the MailScanner servers only as a Disaster Recovery method. If I meet a disaster, someone could manage a security upgrade during my funeral. I have servers that clients "need" PHP4, but another client "must have" PHP5. Do you add a new web server for a single hosting account? Add a third for the client who needs Apache 2.x? Turn away clients? Ports will not let you install conflicts. Worse is when sales brings in a new client with an existing site and all it's dependencies. Were it my own server, maybe I would agree with you, but having a NOC filled with web servers running different OSs at different versions, I prefer source. Granted source removes the ability to use the ports tools, but it also removes their limitations. This would be a religious discussion I think. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From MailScanner at ecs.soton.ac.uk Mon Jun 5 19:09:12 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 5 19:09:27 2006 Subject: Installing ClamAV & SpamAssassin by hand In-Reply-To: <093a01c688b7$36509040$3004010a@martinhlaptop> References: <093a01c688b7$36509040$3004010a@martinhlaptop> Message-ID: <44847348.2080300@ecs.soton.ac.uk> But there are all the loadplugin lines in init.pre which are essential. I have moved the 3rd heading so all the SpamAssassin edits are in the SpamAssassin section. Go and look at http://wiki.mailscanner.info/doku.php?id=documentation:clamav_sa again and you will see the new version. Martin Hepworth wrote: > Jules > > Talks about ClamAV, but not much about spamassassin (apart from the perl > modules). For Spamassassin I always use CPAN which installs all the > prerequites as well.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Julian Field >> Sent: 05 June 2006 15:55 >> To: MailScanner mailing list >> Subject: Installing ClamAV & SpamAssassin by hand >> >> Folks, >> >> On 5 Jun 2006, at 12:33, DAve wrote: >> >>> Julian Field wrote: >>> >>>> Is my ClamAV+SA package useless on FreeBSD? >>>> I guess I could just document all the tweaks it does on the wiki. >>>> Is that actually the best solution? >>>> >> I have just written out the process on the Wiki. The page is at >> >> http://wiki.mailscanner.info/doku.php?id=documentation:clamav_sa >> >> It shows all the gory details, including all the steps you would have >> to take if you insist (or for a good reason) on doing it by hand >> rather than using my package. >> >> There's quite a lot of it, and it took a few revisions to get right :-) >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From pravin.rane at gmail.com Mon Jun 5 19:15:09 2006 From: pravin.rane at gmail.com (Pravin Rane) Date: Mon Jun 5 19:15:10 2006 Subject: Qmail repeated Message-ID In-Reply-To: <223f97700604241021o1e40ab61t25f6aa2935b5558d@mail.gmail.com> References: <13c021a90604180805r675617c1gab6add71196ae6c6@mail.gmail.com> <223f97700604241021o1e40ab61t25f6aa2935b5558d@mail.gmail.com> Message-ID: <13c021a90606051115o1f649b20gf8ba5d36cd6ca280@mail.gmail.com> Hey, Problem solved :)) Solution (Patch) at below link http://wiki.mailscanner.info/doku.php?id=documentation:related_software:patches:qmail_unique_id_patch&do=index On 4/24/06, Glenn Steen wrote: > > On 18/04/06, Pravin Rane wrote: > > Hi > > > > This is my first posting to Mailscannner list. > > > > I am using Qmail + MailScanner + Mailwatch + ClamAV + Spamassassin. > > > > My problem is I am getting same messae-Ids for mulitple mails in > Mailwatch > > interface. After searching in Mailwatch FAQ I found the author pointed > to > > counsult with Mailscanner's Author since all this information its > getting > > from MailScanner. > > > > Is there any work-arround (Patch) to get unique message-ids?. Since > qmail > > uses same message-ids to different messages if it does not find that > inode > > no. in queue. > > > > > > > > Regards > > > > Pravin Rane > > > (Sorry for the late reply.... I've been in the mountains (Skiing... > downhill.... formerly broken leg smarting as h*ll, but still.... > Wonderful!:-)) > > This is pretty much the same problem Postfix used to have, and the > solution would be the same. I suggest you contact the maintainers of > the Qmail port (Openprotect, is it?) and suggest they do a similar fix > as Jules did for Postfix. > In the meantime, you can ... alleviate ... the problem by configuring > your system so that it is sure to have a high degree of i-node > consumption (pretty much everything on one partition/filesystem). Will > not cure it completely, but might at least make it not that frequent. > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Regards Pravin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060605/32841b03/attachment.html From mikej at rogers.com Mon Jun 5 19:17:33 2006 From: mikej at rogers.com (Mike Jakubik) Date: Mon Jun 5 19:17:25 2006 Subject: Instructions for FreeBSD In-Reply-To: <44846859.70906@pixelhammer.com> References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> <4484168A.6000709@pixelhammer.com> <4484577F.6040404@rogers.com> <44846859.70906@pixelhammer.com> Message-ID: <4484753D.7090507@rogers.com> DAve wrote: > Mike Jakubik wrote: >> DAve wrote: >>> >>> The issue it not whether your package works but whether your package >>> installs in the same manner as other FreeBSD software. I use non >>> FreeBSD installs all the time, you will find most FreeBSD admins >>> have no problem with non FreeBSD installs. >> >> Having used FreeBSD since 2.x days, i would have to disagree with >> you. I dislike installing anything from source, as it usually creates >> a mess, and is harder to do maintenance on, things such as portaudit >> do not work, etc, etc... >> > > I can only go back to 3.1, still have a passle of 3.5 CDs though ;^) I > made the same argument from your side of the fence for quite a while, > then I had to maintain a RedHat machine and a Debian machine. My > attitude changed significantly. Packages/RPMs/Ports/whatever of any > flavor are the Devils right hand IMO. I am using them now on the > MailScanner servers only as a Disaster Recovery method. If I meet a > disaster, someone could manage a security upgrade during my funeral. > > I have servers that clients "need" PHP4, but another client "must > have" PHP5. Do you add a new web server for a single hosting account? > Add a third for the client who needs Apache 2.x? Turn away clients? > Ports will not let you install conflicts. Worse is when sales brings > in a new client with an existing site and all it's dependencies. > > Were it my own server, maybe I would agree with you, but having a NOC > filled with web servers running different OSs at different versions, I > prefer source. Granted source removes the ability to use the ports > tools, but it also removes their limitations. > > This would be a religious discussion I think. Of course everyone uses what works for them, however you're presenting a specific situation in which you need to install conflicting software, this would create a problem for any packaging system. Although some ports support different versions of the same application, such as apache. However i don't see how that problem applies to MS. From MailScanner at ecs.soton.ac.uk Mon Jun 5 19:51:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 5 19:51:47 2006 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available! In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580D2114CD@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580D2114CD@isabella.herefordshire.gov.uk> Message-ID: <44847D29.5060703@ecs.soton.ac.uk> Thanks for that. I have just updated the ClamAV + SpamAssassin package to contain the new 3.1.3 release of SpamAssassin. Randal, Phil wrote: > FYI > > The files aren't on all mirrors yet, but can definitely be found at > > http://www.eu.apache.org/dist/spamassassin/ > > Cheers, > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > -----Original Message----- > From: Theo Van Dinter [mailto:felicity@apache.org] > Sent: 05 June 2006 17:13 > To: Spamassassin Users List; Spamassassin Devel List; Spamassassin > Announcements List > Subject: ANNOUNCE: Apache SpamAssassin 3.1.3 available! > > Apache SpamAssassin 3.1.3 is now available! This is a maintainance > release of the 3.1.x branch. > > Downloads are available from: > http://spamassassin.apache.org/downloads.cgi?update=200606050750 > > The release file will also be available via CPAN in the near future. > > md5sum of archive files: > 5f049f0b9fc63585a85593a3c68409bb Mail-SpamAssassin-3.1.3.tar.bz2 > 32ad78f3cdaddb02cdf0f55572604d07 Mail-SpamAssassin-3.1.3.tar.gz > 6cb6fc27c4466091b2bc4e04af8c39bf Mail-SpamAssassin-3.1.3.zip > > sha1sum of archive files: > e1f4489ec8805985e0ca79765bde586bf0286725 > Mail-SpamAssassin-3.1.3.tar.bz2 > ed9e18fae6db86d0b77ce48d8262194e06df9ef8 > Mail-SpamAssassin-3.1.3.tar.gz > 090dfd3eaa0481789fbf94f67bcf9c2dd6387959 Mail-SpamAssassin-3.1.3.zip > > > The release files also have a .asc accompanying them. The file serves > as an external GPG signature for the given release file. The signing > key is available via the wwwkeys.pgp.net key server, as well as > http://spamassassin.apache.org/released/GPG-SIGNING-KEY > > The key information is: > > pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key > > Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F > A05B > > 3.1.3 fixes a remote code execution vulnerability if spamd is run with > the > "--vpopmail" and "-P" options. If either/both of those options are not > used, there is no vulnerability. There was also a fix for the userstate > directory and prefs file not being created. > > Changelog: > > - bug 4926: given a certain set of parameters to spamd and a specially > formatted input message, users could cause spamd to execute arbitrary > commands as the spamd user > - bug 4932: the userstate dir and userprefs file would not be created > under certain conditions. > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From sandrews at andrewscompanies.com Mon Jun 5 20:09:39 2006 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Mon Jun 5 20:09:43 2006 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available! Message-ID: <1964AAFBC212F742958F9275BF63DBB03B1544@winchester.andrewscompanies.com> The default config of mailscanner doesn't run with these switches, does it? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Monday, June 05, 2006 2:51 PM To: MailScanner discussion Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available! Thanks for that. I have just updated the ClamAV + SpamAssassin package to contain the new 3.1.3 release of SpamAssassin. Randal, Phil wrote: > FYI > > The files aren't on all mirrors yet, but can definitely be found at > > http://www.eu.apache.org/dist/spamassassin/ > > Cheers, > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > -----Original Message----- > From: Theo Van Dinter [mailto:felicity@apache.org] > Sent: 05 June 2006 17:13 > To: Spamassassin Users List; Spamassassin Devel List; Spamassassin > Announcements List > Subject: ANNOUNCE: Apache SpamAssassin 3.1.3 available! > > Apache SpamAssassin 3.1.3 is now available! This is a maintainance > release of the 3.1.x branch. > > Downloads are available from: > http://spamassassin.apache.org/downloads.cgi?update=200606050750 > > The release file will also be available via CPAN in the near future. > > md5sum of archive files: > 5f049f0b9fc63585a85593a3c68409bb Mail-SpamAssassin-3.1.3.tar.bz2 > 32ad78f3cdaddb02cdf0f55572604d07 Mail-SpamAssassin-3.1.3.tar.gz > 6cb6fc27c4466091b2bc4e04af8c39bf Mail-SpamAssassin-3.1.3.zip > > sha1sum of archive files: > e1f4489ec8805985e0ca79765bde586bf0286725 > Mail-SpamAssassin-3.1.3.tar.bz2 > ed9e18fae6db86d0b77ce48d8262194e06df9ef8 > Mail-SpamAssassin-3.1.3.tar.gz > 090dfd3eaa0481789fbf94f67bcf9c2dd6387959 > Mail-SpamAssassin-3.1.3.zip > > > The release files also have a .asc accompanying them. The file serves > as an external GPG signature for the given release file. The signing > key is available via the wwwkeys.pgp.net key server, as well as > http://spamassassin.apache.org/released/GPG-SIGNING-KEY > > The key information is: > > pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key > > Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F > A05B > > 3.1.3 fixes a remote code execution vulnerability if spamd is run with > the "--vpopmail" and "-P" options. If either/both of those options > are not used, there is no vulnerability. There was also a fix for the > userstate directory and prefs file not being created. > > Changelog: > > - bug 4926: given a certain set of parameters to spamd and a specially > formatted input message, users could cause spamd to execute arbitrary > commands as the spamd user > - bug 4932: the userstate dir and userprefs file would not be created > under certain conditions. > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 5 20:16:48 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 5 20:17:02 2006 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available! In-Reply-To: <1964AAFBC212F742958F9275BF63DBB03B1544@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB03B1544@winchester.andrewscompanies.com> Message-ID: <44848320.8080509@ecs.soton.ac.uk> MailScanner doesn't use spamd at all, so is not vulnerable anyway. It talks straight to the Perl library of SpamAssassin, there is nothing to get in the way. sandrews@andrewscompanies.com wrote: > The default config of mailscanner doesn't run with these switches, does > it? > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Monday, June 05, 2006 2:51 PM > To: MailScanner discussion > Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available! > > Thanks for that. I have just updated the ClamAV + SpamAssassin package > to contain the new 3.1.3 release of SpamAssassin. > > Randal, Phil wrote: > >> FYI >> >> The files aren't on all mirrors yet, but can definitely be found at >> >> http://www.eu.apache.org/dist/spamassassin/ >> >> Cheers, >> >> Phil >> >> -- >> Phil Randal >> Network Engineer >> Herefordshire Council >> Hereford, UK >> >> -----Original Message----- >> From: Theo Van Dinter [mailto:felicity@apache.org] >> Sent: 05 June 2006 17:13 >> To: Spamassassin Users List; Spamassassin Devel List; Spamassassin >> Announcements List >> Subject: ANNOUNCE: Apache SpamAssassin 3.1.3 available! >> >> Apache SpamAssassin 3.1.3 is now available! This is a maintainance >> release of the 3.1.x branch. >> >> Downloads are available from: >> http://spamassassin.apache.org/downloads.cgi?update=200606050750 >> >> The release file will also be available via CPAN in the near future. >> >> md5sum of archive files: >> 5f049f0b9fc63585a85593a3c68409bb Mail-SpamAssassin-3.1.3.tar.bz2 >> 32ad78f3cdaddb02cdf0f55572604d07 Mail-SpamAssassin-3.1.3.tar.gz >> 6cb6fc27c4466091b2bc4e04af8c39bf Mail-SpamAssassin-3.1.3.zip >> >> sha1sum of archive files: >> e1f4489ec8805985e0ca79765bde586bf0286725 >> Mail-SpamAssassin-3.1.3.tar.bz2 >> ed9e18fae6db86d0b77ce48d8262194e06df9ef8 >> Mail-SpamAssassin-3.1.3.tar.gz >> 090dfd3eaa0481789fbf94f67bcf9c2dd6387959 >> Mail-SpamAssassin-3.1.3.zip >> >> >> The release files also have a .asc accompanying them. The file serves >> > > >> as an external GPG signature for the given release file. The signing >> key is available via the wwwkeys.pgp.net key server, as well as >> http://spamassassin.apache.org/released/GPG-SIGNING-KEY >> >> The key information is: >> >> pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key >> >> Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F >> A05B >> >> 3.1.3 fixes a remote code execution vulnerability if spamd is run with >> > > >> the "--vpopmail" and "-P" options. If either/both of those options >> are not used, there is no vulnerability. There was also a fix for the >> > > >> userstate directory and prefs file not being created. >> >> Changelog: >> >> - bug 4926: given a certain set of parameters to spamd and a specially >> formatted input message, users could cause spamd to execute >> > arbitrary > >> commands as the spamd user >> - bug 4932: the userstate dir and userprefs file would not be created >> under certain conditions. >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store Professional > Support Services at www.MailScanner.biz MailScanner thanks transtec > Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Mon Jun 5 20:19:02 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 5 20:19:05 2006 Subject: bdc and clamscan always high on top In-Reply-To: <001001c688be$8e51d810$0705000a@DDF5DW71> References: <093b01c688b7$727a53d0$3004010a@martinhlaptop> <001001c688be$8e51d810$0705000a@DDF5DW71> Message-ID: <223f97700606051219n6293d6ean74912095e5d1fdc6@mail.gmail.com> On 05/06/06, Steve Campbell wrote: > > ----- Original Message ----- > From: "Martin Hepworth" > To: "'MailScanner discussion'" > Sent: Monday, June 05, 2006 11:48 AM > Subject: RE: bdc and clamscan always high on top > > > > Steve > > > > How many of these 40k emails are for valid users???? > > Not very many. Sendmail kicks most of them out. I guess a milter (ahead, or > something) would work here. But the problem is not really how many, but is > the bdc/clamscan high CPU normal? You are not the first to report that BDC is a bit heavy on the CPU.... and if you run both as command-line tools (as if you have any choice with BDC:-), and have a fair amount of incoming traffic, then the fork/exec/read virus defs/etc overhead will begin to tell. If you don't already, run clamavmodule instead of clamav... Will likely solve it for clamav, at least. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From arturs at netvision.net.il Mon Jun 5 21:20:11 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Mon Jun 5 20:21:46 2006 Subject: Mailscanner stopped, sendmail running... Message-ID: <000001c688dd$72d269a0$3701a8c0@lapxp> Hi, OS=CentOS 4.3 Sendmail=8.13.1 MailScanner=4.53.8 I issued 'service MailScanner stop' several times and still had sendmail running. Isn't sendmail controlled by MailScanner? Then why it didn't stopped it? Best, -- Arthur Sherman +972-52-4878851 CPTeam From mkettler at evi-inc.com Mon Jun 5 20:30:14 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Jun 5 20:30:36 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <000001c688dd$72d269a0$3701a8c0@lapxp> References: <000001c688dd$72d269a0$3701a8c0@lapxp> Message-ID: <44848646.1050400@evi-inc.com> Arthur Sherman wrote: > Hi, > > OS=CentOS 4.3 > Sendmail=8.13.1 > MailScanner=4.53.8 > > I issued 'service MailScanner stop' several times and still had sendmail > running. > > Isn't sendmail controlled by MailScanner? > Then why it didn't stopped it? Which sendmail was still running? The main listener? The main queue runner? Or a child of one or the other that was servicing a current transaction? AFAIK stopping MailScanner won't force-kill children that are currently connected and performing network transactions. Those will continue to run until their current transaction completes and then exit. (Of course, take that with a grain of salt, but every time I've seen this occur before, it was a child that was in the process of receiving mail from or delivering mail to a remote site.) From glenn.steen at gmail.com Mon Jun 5 20:31:48 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 5 20:31:55 2006 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available! In-Reply-To: <1964AAFBC212F742958F9275BF63DBB03B1544@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB03B1544@winchester.andrewscompanies.com> Message-ID: <223f97700606051231p6f2c8729ufa1e2b8bca6c2957@mail.gmail.com> On 05/06/06, sandrews@andrewscompanies.com wrote: > The default config of mailscanner doesn't run with these switches, does > it? > As if it even needs spamd running....:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dave.list at pixelhammer.com Mon Jun 5 20:37:47 2006 From: dave.list at pixelhammer.com (DAve) Date: Mon Jun 5 20:38:08 2006 Subject: Instructions for FreeBSD In-Reply-To: <4484753D.7090507@rogers.com> References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> <4484168A.6000709@pixelhammer.com> <4484577F.6040404@rogers.com> <44846859.70906@pixelhammer.com> <4484753D.7090507@rogers.com> Message-ID: <4484880B.9090702@pixelhammer.com> Mike Jakubik wrote: > DAve wrote: >> This would be a religious discussion I think. > > Of course everyone uses what works for them, however you're presenting a > specific situation in which you need to install conflicting software, > this would create a problem for any packaging system. Although some > ports support different versions of the same application, such as > apache. However i don't see how that problem applies to MS. > Your question, your answer ;^) Mike Jakubik wrote: > Also forgot to mention, if you put the files according to hier ( > http://www.freebsd.org/cgi/man.cgi?query=hier ), you may cause a problem > by conflicting with the port based counterparts. Therefore you should > put the files in their own dirs. But again, i think the best solution is > to patch the port accordingly. > If the port currently works, and Julian's tarball currently works, what is there to patch? Now if there needs to be an alternative to the FreeBSD port for those who dislike dealing with tarballs, that only requires an installer script that doesn't stomp on a prior installed port. Jan, as the maintainer of the port, would be the man to consult. None of this requires the port to be patched. It only requires a FreeBSD specific install, whether that be instructions on the Wiki or a shell script. But as I told Julian earlier, there is nothing wrong with the package. Admins who dislike looking at source can use the port, others have the source available. Just my thoughts. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From mrm at medicine.wisc.edu Mon Jun 5 20:43:19 2006 From: mrm at medicine.wisc.edu (Michael Masse) Date: Mon Jun 5 20:43:52 2006 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available! Message-ID: What's the best way to upgrade? Run the new ClamAV + SA + MS package to update a system with this previously installed?? or is there a better way to update. MS is already at the latest version by the way. Mike >>> MailScanner@ecs.soton.ac.uk 6/5/2006 1:51:21 PM >>> Thanks for that. I have just updated the ClamAV + SpamAssassin package to contain the new 3.1.3 release of SpamAssassin. Randal, Phil wrote: > FYI > > The files aren't on all mirrors yet, but can definitely be found at > > http://www.eu.apache.org/dist/spamassassin/ > > Cheers, > > Phil Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 5 20:49:58 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 5 20:50:13 2006 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available! In-Reply-To: References: Message-ID: <44848AE6.2070906@ecs.soton.ac.uk> Just install the new package over the top of the previous one. Michael Masse wrote: > What's the best way to upgrade? Run the new ClamAV + SA + MS package > to update a system with this previously installed?? or is there a > better way to update. MS is already at the latest version by the > way. > > Mike > > >>>> MailScanner@ecs.soton.ac.uk 6/5/2006 1:51:21 PM >>> >>>> > Thanks for that. I have just updated the ClamAV + SpamAssassin package > > to contain the new 3.1.3 release of SpamAssassin. > > Randal, Phil wrote: > >> FYI >> >> The files aren't on all mirrors yet, but can definitely be found at >> >> http://www.eu.apache.org/dist/spamassassin/ >> >> Cheers, >> >> Phil >> > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From campbell at cnpapers.com Mon Jun 5 21:28:00 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Jun 5 21:28:15 2006 Subject: bdc and clamscan always high on top References: <093b01c688b7$727a53d0$3004010a@martinhlaptop><001001c688be$8e51d810$0705000a@DDF5DW71> <223f97700606051219n6293d6ean74912095e5d1fdc6@mail.gmail.com> Message-ID: <001a01c688de$89ebb140$0705000a@DDF5DW71> Thanks, Glenn Steve ----- Original Message ----- From: "Glenn Steen" To: "MailScanner discussion" Sent: Monday, June 05, 2006 3:19 PM Subject: Re: bdc and clamscan always high on top > On 05/06/06, Steve Campbell wrote: >> >> ----- Original Message ----- >> From: "Martin Hepworth" >> To: "'MailScanner discussion'" >> Sent: Monday, June 05, 2006 11:48 AM >> Subject: RE: bdc and clamscan always high on top >> >> >> > Steve >> > >> > How many of these 40k emails are for valid users???? >> >> Not very many. Sendmail kicks most of them out. I guess a milter (ahead, >> or >> something) would work here. But the problem is not really how many, but >> is >> the bdc/clamscan high CPU normal? > > You are not the first to report that BDC is a bit heavy on the CPU.... > and if you run both as command-line tools (as if you have any choice > with BDC:-), and have a fair amount of incoming traffic, then the > fork/exec/read virus defs/etc overhead will begin to tell. If you > don't already, run clamavmodule instead of clamav... Will likely solve > it for clamav, at least. > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From maillists at conactive.com Mon Jun 5 21:31:20 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Jun 5 21:31:37 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <000001c688dd$72d269a0$3701a8c0@lapxp> References: <000001c688dd$72d269a0$3701a8c0@lapxp> Message-ID: Arthur Sherman wrote on Mon, 05 Jun 2006 22:20:11 +0200: > I issued 'service MailScanner stop' several times and still had sendmail > running. What kind of processes? kill the sendmail (killall sendmail) and restart MailScanner. Then stop it again. Is it better now? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From campbell at cnpapers.com Mon Jun 5 21:43:39 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Jun 5 21:43:47 2006 Subject: Mailscanner stopped, sendmail running... References: <000001c688dd$72d269a0$3701a8c0@lapxp> Message-ID: <002201c688e0$b9a555b0$0705000a@DDF5DW71> ----- Original Message ----- From: "Kai Schaetzl" To: Sent: Monday, June 05, 2006 4:31 PM Subject: Re: Mailscanner stopped, sendmail running... > Arthur Sherman wrote on Mon, 05 Jun 2006 22:20:11 +0200: > >> I issued 'service MailScanner stop' several times and still had sendmail >> running. > > What kind of processes? kill the sendmail (killall sendmail) and restart > MailScanner. Then stop it again. Is it better now? By doing the killall sendmail, you are probably going to get some unmatched data files in your queues. But this is the way I do it, and most of the processes left running before the killall are probably useless anyway. I just have to remember to go back and wipe them out. Steve > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mikej at rogers.com Mon Jun 5 22:07:01 2006 From: mikej at rogers.com (Mike Jakubik) Date: Mon Jun 5 22:06:55 2006 Subject: Instructions for FreeBSD In-Reply-To: <4484880B.9090702@pixelhammer.com> References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> <4484168A.6000709@pixelhammer.com> <4484577F.6040404@rogers.com> <44846859.70906@pixelhammer.com> <4484753D.7090507@rogers.com> <4484880B.9090702@pixelhammer.com> Message-ID: <44849CF5.8020209@rogers.com> DAve wrote: > If the port currently works, and Julian's tarball currently works, > what is there to patch? "other tweaks and settings" From ka at pacific.net Mon Jun 5 23:43:30 2006 From: ka at pacific.net (Ken A) Date: Mon Jun 5 23:43:33 2006 Subject: http://mailscanner.info/store not found Message-ID: <4484B392.9060801@pacific.net> Seems to be a broken link on the home page. Ken From pete at enitech.com.au Tue Jun 6 01:54:17 2006 From: pete at enitech.com.au (Peter Russell) Date: Tue Jun 6 01:54:30 2006 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available! In-Reply-To: <44848AE6.2070906@ecs.soton.ac.uk> References: <44848AE6.2070906@ecs.soton.ac.uk> Message-ID: <4484D239.8050707@enitech.com.au> Will it play nicely with MS 4.52.2 ? Julian Field wrote: > Just install the new package over the top of the previous one. > > Michael Masse wrote: >> What's the best way to upgrade? Run the new ClamAV + SA + MS package >> to update a system with this previously installed?? or is there a >> better way to update. MS is already at the latest version by the >> way. >> >> Mike >> >> >>>>> MailScanner@ecs.soton.ac.uk 6/5/2006 1:51:21 PM >>> >>>>> >> Thanks for that. I have just updated the ClamAV + SpamAssassin package >> >> to contain the new 3.1.3 release of SpamAssassin. >> >> Randal, Phil wrote: >> >>> FYI >>> >>> The files aren't on all mirrors yet, but can definitely be found at >>> >>> http://www.eu.apache.org/dist/spamassassin/ >>> Cheers, >>> >>> Phil >>> >> Support MailScanner development - buy the book off the website! > From michele at blacknight.ie Tue Jun 6 02:22:08 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Tue Jun 6 02:22:10 2006 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available! In-Reply-To: <4484D239.8050707@enitech.com.au> References: <44848AE6.2070906@ecs.soton.ac.uk> <4484D239.8050707@enitech.com.au> Message-ID: <4484D8C0.5060607@blacknight.ie> Peter Russell wrote: > Will it play nicely with MS 4.52.2 ? Why wouldn't it? It's a minor update / bugfix -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From dave.list at pixelhammer.com Tue Jun 6 03:43:55 2006 From: dave.list at pixelhammer.com (DAve) Date: Tue Jun 6 03:44:19 2006 Subject: Instructions for FreeBSD In-Reply-To: <44849CF5.8020209@rogers.com> References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> <4484168A.6000709@pixelhammer.com> <4484577F.6040404@rogers.com> <44846859.70906@pixelhammer.com> <4484753D.7090507@rogers.com> <4484880B.9090702@pixelhammer.com> <44849CF5.8020209@rogers.com> Message-ID: <4484EBEB.6090906@pixelhammer.com> Mike Jakubik wrote: > DAve wrote: >> If the port currently works, and Julian's tarball currently works, >> what is there to patch? > > "other tweaks and settings" > I'm sure whatever Julian decides will be good. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From febrianto at sioenasia.com Tue Jun 6 05:35:33 2006 From: febrianto at sioenasia.com (Budi Febrianto) Date: Tue Jun 6 05:31:39 2006 Subject: How to block emails from some of yahoogroups but not all In-Reply-To: <223f97700606050338o6946927aw4ad1a4c56a21691f@mail.gmail.com> Message-ID: mailscanner-bounces@lists.mailscanner.info wrote on 06/05/2006 05:38:45 PM: > On 05/06/06, Budi Febrianto wrote: > > > > Dear All, > > > > Just join this group, and the two emails from mailscanner.info (confirm and > > welcome) tagged as spam :). Have manually added mailscanner.info as > > whitelist. :). > > > > Lot's of my users join the yahoogroups. It's not a problem, but... my > > management want me to block emails from yahoogroups that contains that are > > not allowed, like porn. > > > > So I like to block emails from abc of yahoogroups. > > I tried to simply blacklist emails from abc@yahoogroups.com, but it didn't > > work. Should I put it in SA as new rules? Any examples? > > > > Best Regards > > > Budi, look at the thread "Listserv whitelisting: Reply-to header > field? " ... You get the idea:-). > > Hmmm, gmane seem to be down, so you'll have to rely on > http://lists.mailscanner.info/pipermail/mailscanner/2006-June/thread.html > ... whioch doesn't seem to thread that well... Oh well. > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > Dear Glenn, Thanks for the reply. I check the MailScanner.conf and found out that Add Envelope From Header allready set to yes. ===MailScanner.conf=== Add Envelope From Header = yes Add Envelope To Header = no Envelope From Header = X-%org-name%-MailScanner-From: === But I don't see any header in my emails with the tag like X-myorgname-MailScanner-From:, is that a problem? I tried added To:, From: and even Reply-To: in spam.whitelist.rules, nothing is work. (before doing it in spam.blacklist.rules... better try it in whitelist first) Am I missing something? Best Regards From grover1711 at gmail.com Tue Jun 6 07:09:41 2006 From: grover1711 at gmail.com (ankush grover) Date: Tue Jun 6 07:09:45 2006 Subject: PerMsgStatus.pm patch failed with SpamAssassin 3.001001 on FC3 with MailScanner 4.44 In-Reply-To: <223f97700606050604s3baa2d09s58ae9bb5d8b5a2ba@mail.gmail.com> References: <5f638b360606050441r413833d1u313be9a584afab42@mail.gmail.com> <223f97700606050604s3baa2d09s58ae9bb5d8b5a2ba@mail.gmail.com> Message-ID: <5f638b360606052309m46b61607ua89ba4c80fbd14e0@mail.gmail.com> On 6/5/06, Glenn Steen wrote: > On 05/06/06, ankush grover wrote: > (snip)> > > SpamAssassin Version is 3.001001 > > If I read this right (which I'm pretty certain I do:-), you are using > the wrong set of patches. > You should use the ones for 3.1.1, not the ones for 3.0.0 ... hey, But the version of the spamassassin is 3.001001 not 3.1.1 or does 3.001001 means 3.1.1 Thanks & Regards Ankush Grover From arturs at netvision.net.il Tue Jun 6 08:45:32 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Tue Jun 6 07:47:08 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <44848646.1050400@evi-inc.com> Message-ID: <002401c6893d$30b7cc80$3701a8c0@lapxp> > Which sendmail was still running? The main listener? The main > queue runner? Or a > child of one or the other that was servicing a current transaction? > > AFAIK stopping MailScanner won't force-kill children that are > currently > connected and performing network transactions. Those will > continue to run until > their current transaction completes and then exit. > > (Of course, take that with a grain of salt, but every time > I've seen this occur > before, it was a child that was in the process of receiving > mail from or > delivering mail to a remote site.) AFAIK, those were childs. Btw, is it possible to make MailScanner wait for childs to exit before it reports successful service shutdown? Thank you for your help. Best, -- Arthur Sherman +972-52-4878851 CPTeam From Jan-Peter.Koopmann at seceidos.de Tue Jun 6 07:52:30 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Tue Jun 6 07:52:39 2006 Subject: Instructions for FreeBSD In-Reply-To: Message-ID: On Monday, June 05, 2006 4:12 PM Julian Field wrote: >> You could simply make your installer script FreeBSD aware and >> everything would be fine. Jan would be the man to talk to, as he >> maintains the FreeBSD port he already knows what needs to be where >> for a FreeBSD system. > > Okay, I will contact Jan-Peter, and find out what should be where. :-) Let's start with this: Please do not remove files from your download site without telling me: => MailScanner-install-4.53.8-1.tar.gz doesn't seem to exist in /usr/ports/distfiles/. => Attempting to fetch from http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/. fetch: http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/MailScanner-install-4.53.8-1.tar.gz: Moved Temporarily => Attempting to fetch from ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/. fetch: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/MailScanner-install-4.53.8-1.tar.gz: File unavailable (e.g., file not found, no access) => Couldn't fetch it - please try to retrieve this => port manually into /usr/ports/distfiles/ and try again. *** Error code 1 This is the reason the port currently is not working for anybody. If you still want to have that flexibility I would have to cache the files on our server. I have no problem with that but would like to have your permission first. The port system is totally different from rpm or Linux based installs. It contains so much magic. Starting from automatically handling the install points, rc.d scripts (including variable replacement), maintaining a database, automatically installing and maintaining the relationships to other packages, patching the system to be FreeBSD conform... My port changes quite a lot of little things in MailScanner to make it FreeBSD conform. I strongly doubt that a few tweaks in your install script would suffice. For starters: I strongly advise against using SpamAssassin/ClamAV etc. from CPAN or your install script in FreeBSD. There are excellent ports for all those dependencies (DCC, razor etc.). A new clamav version only requires a portupgrade clamav and that's it. If you are installing things to different locations (which you should in order to not interfere with the ports system) you will have to take care of the updates yourself. I don't even know where to continue. I know my time is quite limited which is why it takes me several days to update the port once Julian has released a new version but I am afraid that's the way it is and is not going to chance soon. On the other hand if there are very critical patches that should be in the system the port sometimes was a lot faster than Julian. If there is a very serious change that people need in the port please contact me immediatly and I will try to get it done ASAP. As for the beta: Since I am on the beta list as well I hope I will find time to produce a few beta ports myself. If that is not sufficient (which I understand) then those people would have to use the tarball. Again: I strongly advise only to use the MailScanner component without installing ClamAV etc. from the tarball. If you do not know your way around FreeBSD and those components 100% the chance of messing up your system is quite high. :-) Kind regards, JP From Jan-Peter.Koopmann at seceidos.de Tue Jun 6 07:58:12 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Tue Jun 6 07:58:25 2006 Subject: Instructions for FreeBSD In-Reply-To: Message-ID: Let me add two things. :-) First of all I just realized that http://www.sng.ecs.soton.ac.uk/mailscanner/files does not contain the files anymore. Just changed that in the ports. Second: The part that is holding me up most is maintaining the man pages. In a new version I have to locate the new options, see where in MailScanner.config they are (since this is not documented in the changelog), put this in an acceptable format and then patch the port and send the updated manpages to Julian. If the tarball already contained current manpages, the FreeBSD port would only take a few minutes to build... Mit freundlichen Gr??en Jan-Peter Koopmann Dipl.-Wirtschaftsinformatiker Gesch?ftsf?hrer -- Seceidos GmbH&Co. KG | Tel: +49 6151 66843-43 Robert-Bosch-Str. 7 | Fax: +49 6151 66843-52 64293 Darmstadt / Germany | IAX: guest@voip.seceidos.de/43 http://www.seceidos.de | SIP: 43@voip.seceidos.de From Jan-Peter.Koopmann at seceidos.de Tue Jun 6 08:06:45 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Tue Jun 6 08:07:07 2006 Subject: FreeBSD 4.56.4 Message-ID: FYI: I just released a quickshot of the 4.56.4 port. I hope it will be committed today. Kind regards, JP From michele at blacknight.ie Tue Jun 6 08:31:16 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Tue Jun 6 08:31:19 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <002201c688e0$b9a555b0$0705000a@DDF5DW71> References: <000001c688dd$72d269a0$3701a8c0@lapxp> <002201c688e0$b9a555b0$0705000a@DDF5DW71> Message-ID: <44852F44.8070106@blacknight.ie> I have to ask.... How long has this been installed? Have you removed / replaced the sendmail init script? -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From res at ausics.net Tue Jun 6 08:46:17 2006 From: res at ausics.net (Res) Date: Tue Jun 6 08:46:25 2006 Subject: MailScanner goes byebyes In-Reply-To: <44840428.65ED.00A2.0@plattesheriff.org> References: <200606050643.51121.james@grayonline.id.au> <44840428.65ED.00A2.0@plattesheriff.org> Message-ID: On Mon, 5 Jun 2006, Rob Poe wrote: >> Mine get none, the usual child starting blah blah, found and processed >> X number of messages and thats it.. >> So I guess its a case of the childs starts, processes its first batch then >> ninite we go :( > > What version of MailScanner are you running. What MTA? Linux Distro? > latest stable MS, linux, slackware, qmail we have 3 other qmail boxes that are as hard of working as this one, we have several sendmail box's that work as hard and even harder, this only happens on one of them. I can not no master how hard i try, make it replicate to any of the others, and it runs the same kernel as most of the others. -- Cheers Res From lhaig at haigmail.com Tue Jun 6 08:51:20 2006 From: lhaig at haigmail.com (Lance Haig) Date: Tue Jun 6 08:51:27 2006 Subject: Instructions for FreeBSD In-Reply-To: References: Message-ID: <448533F8.4050900@haigmail.com> Jan-Peter, if I may ask what would the install order be to have a installed version of MS SA Clamav Bitdefender and the other tools. is there a place on the wiki? I would love to help out if I can. Thanks Lance Koopmann, Jan-Peter wrote: > Let me add two things. :-) > > First of all I just realized that http://www.sng.ecs.soton.ac.uk/mailscanner/files does not contain the files anymore. Just changed that in the ports. > > Second: The part that is holding me up most is maintaining the man pages. In a new version I have to locate the new options, see where in MailScanner.config they are (since this is not documented in the changelog), put this in an acceptable format and then patch the port and send the updated manpages to Julian. If the tarball already contained current manpages, the FreeBSD port would only take a few minutes to build... > > > > Mit freundlichen Gr??en > > Jan-Peter Koopmann > Dipl.-Wirtschaftsinformatiker > Gesch?ftsf?hrer > > -- *Lance Haig* Director *Work:* 07967967108 *Mobile:* 07967967108 *Email:* lhaig@haigmail.com *http://www.linkedin.com/in/lancehaig * * * *HaigMail dot Com* See who we know in common Want a signature like this? -------------- next part -------------- Skipped content of type multipart/related From prakash.kannan at in.ness.com Tue Jun 6 09:02:41 2006 From: prakash.kannan at in.ness.com (Prakash) Date: Tue Jun 6 09:13:07 2006 Subject: sendmail Message-ID: Hi All, How to change the ip address of new smtp server in sendmail. Basically we had changed our exchange server ip address and need to modify in the sendmail server. Thanks Regards, Prakash Disclaimer This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom it is addressed. If you have received this communication in error, please immediately notify the MailAdmin@in.ness.com and destroy the original message. The recipient should check this email and any attachments for the presence of viruses. Ness has taken every reasonable precaution to minimize this risk, and accepts no liability for any damage caused by any virus transmitted in this email. Ness reserves the rights to monitor and review the content of all messages sent to or from this E-mail address, and store them on the Ness E-mail system. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060606/deab4161/attachment.html From MailScanner at ecs.soton.ac.uk Tue Jun 6 09:16:16 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 6 09:16:38 2006 Subject: http://mailscanner.info/store not found In-Reply-To: <4484B392.9060801@pacific.net> References: <4484B392.9060801@pacific.net> Message-ID: Fixed. On 5 Jun 2006, at 23:43, Ken A wrote: > Seems to be a broken link on the home page. > Ken > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue Jun 6 09:40:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 6 09:40:53 2006 Subject: MailScanner ANNOUNCE: New Web Site Message-ID: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> I am please to announce the arrival of the new MailScanner website at www.mailscanner.info This has been professionally designed and I hope you will agree that it is a much-needed step up from my previous amateur effort which has done us less for the 6 years or so. It is still a light design, and will hopefully load quickly. It loads in about 0.6 seconds from here :-) Here's to wishing this site well on its way, and I look forward to see if it lasts as well as my amateur version! Regards, Jules. P.S. All reports of broken links to me directly, not the mailing list please. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue Jun 6 09:41:52 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 6 09:42:07 2006 Subject: Instructions for FreeBSD In-Reply-To: <4484EBEB.6090906@pixelhammer.com> References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> <4484168A.6000709@pixelhammer.com> <4484577F.6040404@rogers.com> <44846859.70906@pixelhammer.com> <4484753D.7090507@rogers.com> <4484880B.9090702@pixelhammer.com> <44849CF5.8020209@rogers.com> <4484EBEB.6090906@pixelhammer.com> Message-ID: On 6 Jun 2006, at 03:43, DAve wrote: > Mike Jakubik wrote: >> DAve wrote: >>> If the port currently works, and Julian's tarball currently >>> works, what is there to patch? >> "other tweaks and settings" > > I'm sure whatever Julian decides will be good. I have documented the clamav_sa script actions on the wiki. Now you can more easily do it all by hand if you need to. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From shuttlebox at gmail.com Tue Jun 6 09:42:11 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Jun 6 09:42:13 2006 Subject: sendmail In-Reply-To: References: Message-ID: <625385e30606060142m6a4a6359o3a9f6f3ec0cfa5dd@mail.gmail.com> On 6/6/06, Prakash wrote: > > How to change the ip address of new smtp server in sendmail. > > > > Basically we had changed our exchange server ip address and need to modify > in the sendmail server. > Have a look in /etc/mail/mailertable. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060606/5ba8a966/attachment.html From MailScanner at ecs.soton.ac.uk Tue Jun 6 09:42:59 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 6 09:43:12 2006 Subject: PerMsgStatus.pm patch failed with SpamAssassin 3.001001 on FC3 with MailScanner 4.44 In-Reply-To: <5f638b360606052309m46b61607ua89ba4c80fbd14e0@mail.gmail.com> References: <5f638b360606050441r413833d1u313be9a584afab42@mail.gmail.com> <223f97700606050604s3baa2d09s58ae9bb5d8b5a2ba@mail.gmail.com> <5f638b360606052309m46b61607ua89ba4c80fbd14e0@mail.gmail.com> Message-ID: <4AA99AF9-C270-455C-8DBE-DB94FB3CAE59@ecs.soton.ac.uk> On 6 Jun 2006, at 07:09, ankush grover wrote: > On 6/5/06, Glenn Steen wrote: >> On 05/06/06, ankush grover wrote: >> (snip)> >> > SpamAssassin Version is 3.001001 > >> >> If I read this right (which I'm pretty certain I do:-), you are using >> the wrong set of patches. >> You should use the ones for 3.1.1, not the ones for 3.0.0 ... > > > hey, > > But the version of the spamassassin is 3.001001 not 3.1.1 or does > 3.001001 means 3.1.1 3.001001 means 3.1.1. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue Jun 6 09:48:17 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 6 09:48:30 2006 Subject: sendmail In-Reply-To: References: Message-ID: <4B4A1862-ABAD-4E60-AFA1-ED4C8AEFCE82@ecs.soton.ac.uk> Look for the IP address in all the files in /etc/mail and change them. It's probably only 1 or 2 files. After editing them, type "make" and restart sendmail to be sure. On 6 Jun 2006, at 09:02, Prakash wrote: > Hi All, > > > > How to change the ip address of new smtp server in sendmail. > > > > Basically we had changed our exchange server ip address and need to > modify in the sendmail server. > > > > > > Thanks Regards, > > Prakash > > > > Disclaimer > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom it > is addressed. If you have received this communication in error, > please immediately notify the MailAdmin@in.ness.com and destroy the > original message. The recipient should check this email and any > attachments for the presence of viruses. Ness has taken every > reasonable precaution to minimize this risk, and accepts no > liability for any damage caused by any virus transmitted in this > email. Ness reserves the rights to monitor and review the content > of all messages sent to or from this E-mail address, and store them > on the Ness E-mail system. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060606/17434884/attachment.html From arturs at netvision.net.il Tue Jun 6 10:58:22 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Tue Jun 6 09:59:59 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: Message-ID: <004201c6894f$bf544330$3701a8c0@lapxp> > What kind of processes? kill the sendmail (killall sendmail) > and restart > MailScanner. Then stop it again. Is it better now? Same. As has been previously saind in the list, these were (AFAIK) childs that didn't exit. If MailScanner would wait for them to exit (and report this when stopping) that would be great. Best, -- Arthur Sherman +972-52-4878851 CPTeam From joost at waversveld.nl Tue Jun 6 10:03:05 2006 From: joost at waversveld.nl (Joost Waversveld) Date: Tue Jun 6 10:03:11 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> Message-ID: <448544C9.3070200@waversveld.nl> Looks very good... Good job, Julian ;-) Julian Field wrote: > I am please to announce the arrival of the new MailScanner website at > > www.mailscanner.info > > This has been professionally designed and I hope you will agree that it > is a much-needed step up from my previous amateur effort which has done > us less for the 6 years or so. > > It is still a light design, and will hopefully load quickly. It loads in > about 0.6 seconds from here :-) > > Here's to wishing this site well on its way, and I look forward to see > if it lasts as well as my amateur version! > > Regards, > Jules. > > > P.S. All reports of broken links to me directly, not the mailing list > please. > --Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From arturs at netvision.net.il Tue Jun 6 11:25:57 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Tue Jun 6 10:27:34 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <44852F44.8070106@blacknight.ie> Message-ID: <005401c68953$99b625e0$3701a8c0@lapxp> > I have to ask.... > > How long has this been installed? > > Have you removed / replaced the sendmail init script? Not long, about a month. Installed from yum, so I had not to manually replace the script, as I did on Cobalt RaQ. It just turned sendmail off in chkconfig. Best, -- Arthur Sherman +972-52-4878851 CPTeam From Jan-Peter.Koopmann at seceidos.de Tue Jun 6 10:35:12 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Tue Jun 6 10:35:23 2006 Subject: Instructions for FreeBSD In-Reply-To: <448533F8.4050900@haigmail.com> Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 5925 bytes Desc: hmail1.jpg Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060606/dbc25452/attachment.jpe From Jan-Peter.Koopmann at seceidos.de Tue Jun 6 10:35:59 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Tue Jun 6 10:36:15 2006 Subject: Instructions for FreeBSD In-Reply-To: <44849CF5.8020209@rogers.com> Message-ID: On Monday, June 05, 2006 11:07 PM Mike Jakubik wrote: > DAve wrote: >> If the port currently works, and Julian's tarball currently works, >> what is there to patch? > > "other tweaks and settings" Like what? From glenn.steen at gmail.com Tue Jun 6 10:37:01 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 6 10:37:03 2006 Subject: How to block emails from some of yahoogroups but not all In-Reply-To: References: <223f97700606050338o6946927aw4ad1a4c56a21691f@mail.gmail.com> Message-ID: <223f97700606060237v2a57be0as7fdecc5d97c16132@mail.gmail.com> On 06/06/06, Budi Febrianto wrote: > > > mailscanner-bounces@lists.mailscanner.info wrote on 06/05/2006 05:38:45 PM: > > > On 05/06/06, Budi Febrianto wrote: > > > > > > Dear All, > > > > > > Just join this group, and the two emails from mailscanner.info (confirm > and > > > welcome) tagged as spam :). Have manually added mailscanner.info as > > > whitelist. :). > > > > > > Lot's of my users join the yahoogroups. It's not a problem, but... my > > > management want me to block emails from yahoogroups that contains that > are > > > not allowed, like porn. > > > > > > So I like to block emails from abc of yahoogroups. > > > I tried to simply blacklist emails from abc@yahoogroups.com, but it > didn't > > > work. Should I put it in SA as new rules? Any examples? > > > > > > Best Regards > > > > > Budi, look at the thread "Listserv whitelisting: Reply-to header > > field? " ... You get the idea:-). > > > > Hmmm, gmane seem to be down, so you'll have to rely on > > http://lists.mailscanner.info/pipermail/mailscanner/2006-June/thread.html > > ... whioch doesn't seem to thread that well... Oh well. > > > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > Dear Glenn, > Thanks for the reply. > I check the MailScanner.conf and found out that Add Envelope From > Header allready set to yes. > > ===MailScanner.conf=== > Add Envelope From Header = yes > Add Envelope To Header = no > Envelope From Header = X-%org-name%-MailScanner-From: > === > > But I don't see any header in my emails with the tag like > X-myorgname-MailScanner-From:, is that a problem? > > I tried added To:, From: and even Reply-To: in spam.whitelist.rules, > nothing is work. (before doing it in spam.blacklist.rules... better try it > in whitelist first) > > Am I missing something? > You can see the envelope sender in your MTAs logfile. The headers are often "forged" on "legitimate" lists too, so are no help at all. In that log you'll see the actual sending servers IP address too. If you run MailWatch (which I think you do), the envelope sender and IP is very prominently visible... And you can also easily see if the headers differ from what is actually used (in the details page). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Jun 6 10:43:53 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 6 10:43:55 2006 Subject: MailScanner goes byebyes In-Reply-To: References: <200606050643.51121.james@grayonline.id.au> <44840428.65ED.00A2.0@plattesheriff.org> Message-ID: <223f97700606060243w2932b5c0xf326c33f41ce40f@mail.gmail.com> On 06/06/06, Res wrote: > On Mon, 5 Jun 2006, Rob Poe wrote: > > >> Mine get none, the usual child starting blah blah, found and processed > >> X number of messages and thats it.. > >> So I guess its a case of the childs starts, processes its first batch then > >> ninite we go :( > > > > What version of MailScanner are you running. What MTA? Linux Distro? > > > > latest stable MS, linux, slackware, qmail > we have 3 other qmail boxes that are as hard of working as this one, we > have several sendmail box's that work as hard and even harder, this only > happens on one of them. I can not no master how hard i try, make it > replicate to any of the others, and it runs the same kernel as most of the > others. > > > -- > Cheers > Res Well, *something* must differ... Perl modules? Some basic kernel settings (if you set 'em via sysconf/proc)? You're a smart person Res, you'll figure it out... If you have a very many hosts, this could be the statistically probable HW strangeness kicking in:-):-) Do you see anything strange in the resource consumption when it hangs? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From michele at blacknight.ie Tue Jun 6 11:02:01 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight Solutions) Date: Tue Jun 6 11:02:13 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> Message-ID: <029d01c68950$42d74130$88c5c657@arthur> Julian Field <> said on 06 June 2006 09:41: > I am please to announce the arrival of the new MailScanner website at > > www.mailscanner.info > > This has been professionally designed and I hope you will agree that > it is a much-needed step up from my previous amateur effort which has > done us less for the 6 years or so. > > It is still a light design, and will hopefully load quickly. It loads > in about 0.6 seconds from here :-) > > Here's to wishing this site well on its way, and I look forward to > see if it lasts as well as my amateur version! > > Regards, > Jules. > Nice, but why does the "contact us" link go straight to a mailto? One of my pethates are "mailto" links hiding under "contact us" type links From lhaig at haigmail.com Tue Jun 6 11:11:25 2006 From: lhaig at haigmail.com (Lance Haig) Date: Tue Jun 6 11:11:31 2006 Subject: Instructions for FreeBSD In-Reply-To: References: Message-ID: <448554CD.3020708@haigmail.com> Thanks, I will wait for the new one to be released and then try installing it. I had quite a bit of trouble the last time I tried the normal and the devel versions Lance Koopmann, Jan-Peter wrote: > > On Dienstag, 6. Juni 2006 9:51 Lance Haig wrote: > > > if I may ask what would the install order be to have a installed > > version of MS SA Clamav Bitdefender and the other tools. is there a > > place on the wiki? > > Using ports? Install MailScanner using the port and tell it to install > SpamAssassin, ClamAV and Bitdefender along with it. That's it. The > rest should be done automatically. After that you need to configure > MailScanner and SpamAssassin to your likings. > > > I would love to help out if I can. > > We first need to straighten out the process of releasing new versions > with Julian. :-) > > > Kind regards, > JP > > > -- > This message has been scanned for viruses and > dangerous content by *Red Armour MailScanner* > , and is > believed to be clean. > -- *Lance Haig* Director *Work:* 07967967108 *Mobile:* 07967967108 *Email:* lhaig@haigmail.com *http://www.linkedin.com/in/lancehaig * * * *HaigMail dot Com* See who we know in common Want a signature like this? -------------- next part -------------- Skipped content of type multipart/related From fajarep at simplimobile.com Tue Jun 6 11:11:31 2006 From: fajarep at simplimobile.com (Fajar) Date: Tue Jun 6 11:11:38 2006 Subject: MailScanner ANNOUNCE: New Web Site References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> Message-ID: <008801c68951$95f908c0$8001a8c0@Fajar> it's rather slow here, but looks like professional site now :) i hope because the site looks cool, mailscanner won't be paid license :) keep your good work cheers ----- Original Message ----- From: "Julian Field" To: "MailScanner mailing list" ; "MailScanner Beta-testers" ; "MailScanner-Announce mailing list list" Sent: Tuesday, June 06, 2006 3:40 PM Subject: MailScanner ANNOUNCE: New Web Site >I am please to announce the arrival of the new MailScanner website at > > www.mailscanner.info > > This has been professionally designed and I hope you will agree that it > is a much-needed step up from my previous amateur effort which has done > us less for the 6 years or so. > > It is still a light design, and will hopefully load quickly. It loads in > about 0.6 seconds from here :-) > > Here's to wishing this site well on its way, and I look forward to see if > it lasts as well as my amateur version! > > Regards, > Jules. > > > P.S. All reports of broken links to me directly, not the mailing list > please. > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at seceidos.de Tue Jun 6 11:14:46 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Tue Jun 6 11:14:56 2006 Subject: FreeBSD 4.56.4 In-Reply-To: Message-ID: On Tuesday, June 06, 2006 9:07 AM Koopmann, Jan-Peter wrote: > FYI: I just released a quickshot of the 4.56.4 port. I hope it will > be committed today. It has just been committed... From maillists at conactive.com Tue Jun 6 11:31:18 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jun 6 11:31:31 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <004201c6894f$bf544330$3701a8c0@lapxp> References: <004201c6894f$bf544330$3701a8c0@lapxp> Message-ID: Arthur Sherman wrote on Tue, 06 Jun 2006 11:58:22 +0200: > As has been previously saind in the list, these were (AFAIK) childs that > didn't exit. "children that didn't exist" is something that doesn't exist. "ps ax|grep send" will tell you more. > If MailScanner would wait for them to exit (and report this when stopping) > that would be great. It doesn't make sense to kill these, if these *were* children handling a connection. You only want to shutdown the queueing processes. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Tue Jun 6 11:31:18 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jun 6 11:31:32 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <002401c6893d$30b7cc80$3701a8c0@lapxp> References: <002401c6893d$30b7cc80$3701a8c0@lapxp> Message-ID: Arthur Sherman wrote on Tue, 06 Jun 2006 09:45:32 +0200: > Btw, is it possible to make MailScanner wait for childs to exit before it > reports successful service shutdown? Don't know, but remember that childs can sit there *very* long. (hours) Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From adrik at salesmanager.nl Tue Jun 6 11:43:26 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Tue Jun 6 11:43:28 2006 Subject: FreeBSD 4.56.4 Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Koopmann, Jan-Peter > Sent: dinsdag 6 juni 2006 12:15 > To: MailScanner discussion > Subject: RE: FreeBSD 4.56.4 > > On Tuesday, June 06, 2006 9:07 AM Koopmann, Jan-Peter wrote: > > > FYI: I just released a quickshot of the 4.56.4 port. I hope > it will be > > committed today. > > It has just been committed... > Jan Peter, Thanks. Adri. From edwardbruce at sbcglobal.net Tue Jun 6 13:02:28 2006 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Tue Jun 6 13:02:32 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> Message-ID: <44856ED4.6050309@sbcglobal.net> Nice clean look and loads fast here in Michigan. From danc at bluestarshows.com Tue Jun 6 14:59:15 2006 From: danc at bluestarshows.com (Dan Carl) Date: Tue Jun 6 15:01:40 2006 Subject: Expired records from the SpamAssassin cache Message-ID: <044001c68971$65fdcf00$0200000a@danc3> Since a recent upgrade I am getting log entires like this: Expired 1 records from the SpamAssassin cache : 80 Time(s) Can some explain what they are? If my memory serves me right I this happened on a previous version and I fixed it by adding this cronjob. 30 0 * * * /usr/bin/sa-learn --force-expire Do I still need to do this? Thanks, ps New Website looks very professional! From martinh at solid-state-logic.com Tue Jun 6 15:45:15 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Jun 6 15:45:30 2006 Subject: Expired records from the SpamAssassin cache In-Reply-To: <044001c68971$65fdcf00$0200000a@danc3> Message-ID: <001c01c68977$d49cfed0$3004010a@martinhlaptop> Dan No - this a a newish feature where MS keeps its own cache of recent spam hashes. Its a lot quicker to look in this system than replay the entire message through SA. If it finds a hit it gets marked as spam, if not it proceeds to run SA. MS keeps this info for about 1 hour (varies) and the expires you are seeing are 'old' records being deleted from MS cache. Given most people get more spam than ham now-adays this technique can dramtically increase speed of processing (anywhere up to 10x). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Dan Carl > Sent: 06 June 2006 14:59 > To: mailscanner@lists.mailscanner.info > Subject: Expired records from the SpamAssassin cache > > Since a recent upgrade I am getting log entires like this: > Expired 1 records from the SpamAssassin cache : 80 Time(s) > > Can some explain what they are? > > If my memory serves me right I this happened on a previous version and > I fixed it by adding this cronjob. > 30 0 * * * /usr/bin/sa-learn --force-expire > Do I still need to do this? > Thanks, > ps > New Website looks very professional! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From cpedaschus at gmx.de Tue Jun 6 15:51:41 2006 From: cpedaschus at gmx.de (Christian Pedaschus) Date: Tue Jun 6 15:52:40 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <44856ED4.6050309@sbcglobal.net> References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> <44856ED4.6050309@sbcglobal.net> Message-ID: <4485967D.3080902@gmx.de> Ed Bruce wrote: >Nice clean look and loads fast here in Michigan. > > Fully agreed and loads fast in Germany too :) From MailScanner at ecs.soton.ac.uk Tue Jun 6 16:38:57 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 6 16:39:18 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <4485967D.3080902@gmx.de> References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> <44856ED4.6050309@sbcglobal.net> <4485967D.3080902@gmx.de> Message-ID: On 6 Jun 2006, at 15:51, Christian Pedaschus wrote: > Ed Bruce wrote: > >> Nice clean look and loads fast here in Michigan. >> >> > Fully agreed and loads fast in Germany too :) That's great news, thanks. Have you bought the book yet? If you want reviews, ask anyone on the list who has a copy. Cheers, Jules. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From cparker at swatgear.com Tue Jun 6 17:03:42 2006 From: cparker at swatgear.com (Chris W. Parker) Date: Tue Jun 6 17:04:01 2006 Subject: MailScanner ANNOUNCE: New Web Site Message-ID: <97FD54B5E57A1842AA1A4B232E4761172C4E15@ati-ex-02.ati.local> Julian Field on Tuesday, June 06, 2006 1:41 AM said: > It is still a light design, and will hopefully load quickly. It loads > in about 0.6 seconds from here :-) Looks to be a lot heavier than your original version, especially with all those tables in there. :P It's weird to see a new design after all these years. Chris. From Jan-Peter.Koopmann at seceidos.de Tue Jun 6 17:08:55 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Tue Jun 6 17:09:07 2006 Subject: Instructions for FreeBSD In-Reply-To: <448554CD.3020708@haigmail.com> Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 5925 bytes Desc: hmail1.jpg Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060606/e8100836/attachment.jpe From cpedaschus at gmx.de Tue Jun 6 17:17:07 2006 From: cpedaschus at gmx.de (Christian Pedaschus) Date: Tue Jun 6 17:18:06 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> <44856ED4.6050309@sbcglobal.net> <4485967D.3080902@gmx.de> Message-ID: <4485AA83.2080103@gmx.de> Julian Field wrote: > That's great news, thanks. > > Have you bought the book yet? If you want reviews, ask anyone on the > list who has a copy. > > Cheers, > Jules. > OK, convinced (because you're a kind and helpful guy ;) ) Ordered it 5min ago on Amazon.de, takes 4-6 weeks to deliver (O_o) and costs 46 Euro (~60$) without shipping. Greets, Chris *Offene Bestellungen* *Bestellungsdatum:* 6. Juni 2006 *Bestellnummer:* 303-9394601-7927413 *Empf?nger:* CHRISTIAN PEDASCHUS Bestellung ansehen oder ?ndern *Noch nicht versandte Artikel:* Lieferung voraussichtlich: 6. Juli 2006 - 22. Juli 2006 * 1 Exemplar(e) von: Mailscanner: User Guide and Training Manual From maillists at conactive.com Tue Jun 6 17:19:09 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jun 6 17:19:21 2006 Subject: Expired records from the SpamAssassin cache In-Reply-To: <044001c68971$65fdcf00$0200000a@danc3> References: <044001c68971$65fdcf00$0200000a@danc3> Message-ID: Dan Carl wrote on Tue, 6 Jun 2006 08:59:15 -0500: > Since a recent upgrade I am getting log entires like this: > Expired 1 records from the SpamAssassin cache : 80 Time(s) It occurred 80 times during that day that only a single record was expired. This is an aggregated figure. (Unfortunately, logwatch cannot aggregate different counts :-( It does *not* mean it expired the same record 80 times ;-) If that was your concern. This is normal operation and has nothing to do with bayes, it's MS-only. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mikej at rogers.com Tue Jun 6 17:25:15 2006 From: mikej at rogers.com (Mike Jakubik) Date: Tue Jun 6 17:25:06 2006 Subject: Instructions for FreeBSD In-Reply-To: References: Message-ID: <4485AC6B.6040703@rogers.com> Koopmann, Jan-Peter wrote: > On Monday, June 05, 2006 11:07 PM Mike Jakubik wrote: > > >> DAve wrote: >> >>> If the port currently works, and Julian's tarball currently works, >>> what is there to patch? >>> >> "other tweaks and settings" >> > > Like what? > > No idea, ask Julian :) He says that they are documented on his Wiki now. "I have documented the clamav_sa script actions on the wiki. Now you can more easily do it all by hand if you need to." From jstevens at athensdistributing.com Tue Jun 6 17:31:09 2006 From: jstevens at athensdistributing.com (James R. Stevens) Date: Tue Jun 6 17:31:16 2006 Subject: MailScanner ANNOUNCE: New Web Site Message-ID: <1A65E6BAEADF9B4F865314484A13ECF10F8E3C@atlas.athensdistributing.com> I was looking at ordering a Shirt or two.. To bad no Hot models wearing the spagetti T-s on the new site..:-) -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Christian Pedaschus Sent: Tuesday, June 06, 2006 11:17 AM To: MailScanner discussion Subject: Re: MailScanner ANNOUNCE: New Web Site Julian Field wrote: > That's great news, thanks. > > Have you bought the book yet? If you want reviews, ask anyone on the > list who has a copy. > > Cheers, > Jules. > OK, convinced (because you're a kind and helpful guy ;) ) Ordered it 5min ago on Amazon.de, takes 4-6 weeks to deliver (O_o) and costs 46 Euro (~60$) without shipping. Greets, Chris *Offene Bestellungen* *Bestellungsdatum:* 6. Juni 2006 *Bestellnummer:* 303-9394601-7927413 *Empf?nger:* CHRISTIAN PEDASCHUS Bestellung ansehen oder ?ndern *Noch nicht versandte Artikel:* Lieferung voraussichtlich: 6. Juli 2006 - 22. Juli 2006 * 1 Exemplar(e) von: Mailscanner: User Guide and Training Manual -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. From TGFurnish at herffjones.com Tue Jun 6 17:41:21 2006 From: TGFurnish at herffjones.com (Furnish, Trever G) Date: Tue Jun 6 17:41:56 2006 Subject: MailScanner goes byebyes Message-ID: <57573D714A832C43B9D80EAFBDA48D0351B593@inex3.herffjones.hj-int> You might consider waiting till you believe all the mailscanner children have stopped processing messages, then attach to one of the children (not the parents) with strace -p to see what's doing. The output's not likely to lead you to any particular spot in the code, but at least you should see each child periodically wake up and read the incoming queue directory for files. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Res Sent: Saturday, June 03, 2006 11:01 PM To: mailscanner@lists.mailscanner.info Subject: MailScanner goes byebyes Hey all, Anyone seen before and bene able to produce a cure for why if tehre is a large queue MailScanner stops processing mail, it runs fine use --lint no errors, run in debug nothing happens I have to continuellay HUP the damned thing for it to process, once with starts its 10 kiddies thatsa the end of it until I hup it again From iarteaga at cwpanama.net Tue Jun 6 17:44:35 2006 From: iarteaga at cwpanama.net (Ivan Arteaga) Date: Tue Jun 6 17:44:56 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> Message-ID: Hi, I really want to congratulate you all the MS team for your great job and your new excellent web site. It loads faster and it's more user friendly ( my personal point of view ) Furthermore, I fixed a couple of nightmares with the list help, not to mentioned the great tool MS itself is... --Ivan. PS. Keep it free!! ( I already bought the book btw ) "In 1968 it took the computing-Power of 2 C-64 to fly a rocket to the moon. Now, it takes the Power of a Pentium 4 to run Windows XP... Something must have gone wrong." -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Tuesday, June 06, 2006 3:41 AM To: MailScanner mailing list; MailScanner Beta-testers; MailScanner-Announce mailing list list Subject: MailScanner ANNOUNCE: New Web Site I am please to announce the arrival of the new MailScanner website at www.mailscanner.info This has been professionally designed and I hope you will agree that it is a much-needed step up from my previous amateur effort which has done us less for the 6 years or so. It is still a light design, and will hopefully load quickly. It loads in about 0.6 seconds from here :-) Here's to wishing this site well on its way, and I look forward to see if it lasts as well as my amateur version! Regards, Jules. P.S. All reports of broken links to me directly, not the mailing list please. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From gmane at tippingmar.com Tue Jun 6 18:56:49 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Tue Jun 6 18:57:40 2006 Subject: sophos v5 updating Message-ID: I'm installing a new MailScanner server from scratch, so I have the opportunity to use sophos 5 instead of sophos 4 if I want to. I've read the wiki and I have the latest MailScanner so I can use MailScanner's sophos installation script. On the Sophos download website I see that v5 download file is 50Mb, while v4 is only 12Mb. I suppose that is because v5 has on-access scanning capability, that we will turn off anyway for use with MailScanner. If I use v5 will I have to download a 50Mb engine update every month? Although I have sophos EM library running for my windows workstations, I'd prefer the mail server to update itself rather than relying on a windows machine. What is everyone else doing? Thanks, Mark From MailScanner at ecs.soton.ac.uk Tue Jun 6 20:26:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 6 20:27:17 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <4485AA83.2080103@gmx.de> References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> <44856ED4.6050309@sbcglobal.net> <4485967D.3080902@gmx.de> <4485AA83.2080103@gmx.de> Message-ID: <4485D6FF.7060303@ecs.soton.ac.uk> Christian Pedaschus wrote: > Julian Field wrote: > > >> That's great news, thanks. >> >> Have you bought the book yet? If you want reviews, ask anyone on the >> list who has a copy. >> >> Cheers, >> Jules. >> >> > OK, convinced (because you're a kind and helpful guy ;) ) > Ordered it 5min ago on Amazon.de, takes 4-6 weeks to deliver (O_o) and > costs 46 Euro (~60$) without shipping. > > You should have ordered it from the web site. It would have cost you $40 and you would have had it in 2 weeks. I strongly advise you cancel your Amazon order and click on the pretty picture in the MailScanner web site, which will take you direct to the publishers. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue Jun 6 20:29:48 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 6 20:30:00 2006 Subject: Instructions for FreeBSD In-Reply-To: <4485AC6B.6040703@rogers.com> References: <4485AC6B.6040703@rogers.com> Message-ID: <4485D7AC.5040108@ecs.soton.ac.uk> Mike Jakubik wrote: > Koopmann, Jan-Peter wrote: >> On Monday, June 05, 2006 11:07 PM Mike Jakubik wrote: >> >> >>> DAve wrote: >>> >>>> If the port currently works, and Julian's tarball currently works, >>>> what is there to patch? >>>> >>> "other tweaks and settings" >>> >> >> Like what? >> >> > > No idea, ask Julian :) He says that they are documented on his Wiki > now. "I have documented the clamav_sa script actions on the wiki. Now > you can more easily do it all by hand if you need to." > http://www.mailscanner.info/wiki/doku.php?id=documentation:clamav_sa -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From cpedaschus at gmx.de Tue Jun 6 20:38:03 2006 From: cpedaschus at gmx.de (Christian Pedaschus) Date: Tue Jun 6 20:39:05 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <4485D6FF.7060303@ecs.soton.ac.uk> References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> <44856ED4.6050309@sbcglobal.net> <4485967D.3080902@gmx.de> <4485AA83.2080103@gmx.de> <4485D6FF.7060303@ecs.soton.ac.uk> Message-ID: <4485D99B.7010006@gmx.de> Julian Field wrote: > > > Christian Pedaschus wrote: > >> Julian Field wrote: >> >> >> >>> That's great news, thanks. >>> >>> Have you bought the book yet? If you want reviews, ask anyone on the >>> list who has a copy. >>> >>> Cheers, >>> Jules. >>> >>> >> >> OK, convinced (because you're a kind and helpful guy ;) ) >> Ordered it 5min ago on Amazon.de, takes 4-6 weeks to deliver (O_o) and >> costs 46 Euro (~60$) without shipping. >> >> > > You should have ordered it from the web site. It would have cost you > $40 and you would have had it in 2 weeks. I strongly advise you cancel > your Amazon order and click on the pretty picture in the MailScanner > web site, which will take you direct to the publishers. > not an option, as i don't own a credit card (yes, such ppl really exist ;) ) From cpedaschus at gmx.de Tue Jun 6 20:41:26 2006 From: cpedaschus at gmx.de (Christian Pedaschus) Date: Tue Jun 6 20:42:29 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <4485D6FF.7060303@ecs.soton.ac.uk> References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> <44856ED4.6050309@sbcglobal.net> <4485967D.3080902@gmx.de> <4485AA83.2080103@gmx.de> <4485D6FF.7060303@ecs.soton.ac.uk> Message-ID: <4485DA66.90207@gmx.de> Julian Field wrote: > > > Christian Pedaschus wrote: > >> Julian Field wrote: >> >> >> >>> That's great news, thanks. >>> >>> Have you bought the book yet? If you want reviews, ask anyone on the >>> list who has a copy. >>> >>> Cheers, >>> Jules. >>> >>> >> >> OK, convinced (because you're a kind and helpful guy ;) ) >> Ordered it 5min ago on Amazon.de, takes 4-6 weeks to deliver (O_o) and >> costs 46 Euro (~60$) without shipping. >> >> > > You should have ordered it from the web site. It would have cost you > $40 and you would have had it in 2 weeks. I strongly advise you cancel > your Amazon order and click on the pretty picture in the MailScanner > web site, which will take you direct to the publishers. > and i'm not in hurry, have lots of stuff to read and i don't really care for the 20 extra bucks, was more 'an informative side-note for you' :) From mikej at rogers.com Tue Jun 6 20:43:44 2006 From: mikej at rogers.com (Mike Jakubik) Date: Tue Jun 6 20:43:34 2006 Subject: Instructions for FreeBSD In-Reply-To: <4485D7AC.5040108@ecs.soton.ac.uk> References: <4485AC6B.6040703@rogers.com> <4485D7AC.5040108@ecs.soton.ac.uk> Message-ID: <4485DAF0.3040109@rogers.com> Julian Field wrote: > > > Mike Jakubik wrote: >> Koopmann, Jan-Peter wrote: >> No idea, ask Julian :) He says that they are documented on his Wiki >> now. "I have documented the clamav_sa script actions on the wiki. Now >> you can more easily do it all by hand if you need to." >> > http://www.mailscanner.info/wiki/doku.php?id=documentation:clamav_sa > Ok, i guess the context of the original message got somehow lost. I don't see how any of this applies to FreeBSD, as its all already handled nicely by the ports... From james at grayonline.id.au Tue Jun 6 21:33:39 2006 From: james at grayonline.id.au (James Gray) Date: Tue Jun 6 21:34:14 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> Message-ID: <200606070633.44037.james@grayonline.id.au> On Tue, 6 Jun 2006 06:40 pm, Julian Field wrote: > I am please to announce the arrival of the new MailScanner website at > > www.mailscanner.info > > This has been professionally designed and I hope you will agree that > it is a much-needed step up from my previous amateur effort which has > done us less for the 6 years or so. Indeed. The new look is slick, professional and intuitive. Not that dissimilar to MailScanner itself really ;) > It is still a light design, and will hopefully load quickly. It loads > in about 0.6 seconds from here :-) 1-2 seconds here including DNS overhead. Congratulations on the new site. It's fantastic! Cheers, James -- BOFH excuse #12: dry joints on cable plug -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060607/13140197/attachment.bin From michele at blacknight.ie Tue Jun 6 21:36:00 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Tue Jun 6 21:36:02 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <4485D6FF.7060303@ecs.soton.ac.uk> References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> <44856ED4.6050309@sbcglobal.net> <4485967D.3080902@gmx.de> <4485AA83.2080103@gmx.de> <4485D6FF.7060303@ecs.soton.ac.uk> Message-ID: <4485E730.5040301@blacknight.ie> Who did the new site? A few people have been asking me -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From shrek-m at gmx.de Tue Jun 6 21:36:40 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Tue Jun 6 21:36:48 2006 Subject: sophos v5 updating In-Reply-To: References: Message-ID: <4485E758.2020004@gmx.de> Mark Nienberg schrieb: > On the Sophos download website I see that v5 download file is 50Mb, > while v4 is only 12Mb. I suppose that is because v5 has on-access > scanning capability, and a gui (sav-web), ... > If I use v5 will I have to download a 50Mb engine update every month? no. sophos v5 has its own update mechanism. see "roots crontab" or "/usr/lib/MailScanner/sophos-autoupdate" `/opt/sophos-av/bin/savupdate` # du -sh /opt/sophos-av/update/ 29M /opt/sophos-av/update/ fc3 -> fc4 update (amd) after several kernel updates == installed once a few months ago, no problems, sav 5.x is up2date fc5 (amd64) after several kernel updates == installed once a few months ago, no problems, sav 5.x is up2date > Although I have sophos EM library running for my windows workstations, the same here. > I'd prefer the mail server to update itself rather than relying on a > windows machine. just my thoughts. > What is everyone else doing? - em library (primary); http://es-web.sophos.com/ (secondary) win clients - sophos v5 update - http://es-web.sophos.com/ (primary) linux servers, sav 5.x mobile clients (win, mac, linux), sav 4.x/5.x workgroups without windows-server/em-library -- shrek-m From naolson at gmail.com Tue Jun 6 21:49:51 2006 From: naolson at gmail.com (Nathan Olson) Date: Tue Jun 6 21:49:53 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <4485E730.5040301@blacknight.ie> References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> <44856ED4.6050309@sbcglobal.net> <4485967D.3080902@gmx.de> <4485AA83.2080103@gmx.de> <4485D6FF.7060303@ecs.soton.ac.uk> <4485E730.5040301@blacknight.ie> Message-ID: <8f54b4330606061349h444ffe1cn923dbfb6a30e916f@mail.gmail.com> Firefox 1.0.8 on RHEL 4 WS. The whole page shimmies to the left when you click on Documentation. Nate From naolson at gmail.com Tue Jun 6 21:50:21 2006 From: naolson at gmail.com (Nathan Olson) Date: Tue Jun 6 21:50:22 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <8f54b4330606061349h444ffe1cn923dbfb6a30e916f@mail.gmail.com> References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> <44856ED4.6050309@sbcglobal.net> <4485967D.3080902@gmx.de> <4485AA83.2080103@gmx.de> <4485D6FF.7060303@ecs.soton.ac.uk> <4485E730.5040301@blacknight.ie> <8f54b4330606061349h444ffe1cn923dbfb6a30e916f@mail.gmail.com> Message-ID: <8f54b4330606061350t582e469pa1e055ac9f8a7c8c@mail.gmail.com> Whoops. To the *right*, that is. Nate From res at ausics.net Tue Jun 6 21:56:04 2006 From: res at ausics.net (Res) Date: Tue Jun 6 21:56:15 2006 Subject: MailScanner goes byebyes In-Reply-To: <57573D714A832C43B9D80EAFBDA48D0351B593@inex3.herffjones.hj-int> References: <57573D714A832C43B9D80EAFBDA48D0351B593@inex3.herffjones.hj-int> Message-ID: On Tue, 6 Jun 2006, Furnish, Trever G wrote: > > You might consider waiting till you believe all the mailscanner children > have stopped processing messages, then attach to one of the children > (not the parents) with strace -p to see what's doing. The output's not That was one of the first things I did, and the last output from memory was an "unlink", hasnt done it for 2 days now, but it can go for a few days before happening, then happen constantly for hours, there was no set pattern. > likely to lead you to any particular spot in the code, but at least you > should see each child periodically wake up and read the incoming queue > directory for files. > Thats just it, no, it was like it was totaly asleep -- Regards Res From naolson at gmail.com Tue Jun 6 21:59:23 2006 From: naolson at gmail.com (Nathan Olson) Date: Tue Jun 6 21:59:24 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <4485E730.5040301@blacknight.ie> References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> <44856ED4.6050309@sbcglobal.net> <4485967D.3080902@gmx.de> <4485AA83.2080103@gmx.de> <4485D6FF.7060303@ecs.soton.ac.uk> <4485E730.5040301@blacknight.ie> Message-ID: <8f54b4330606061359h1357f098s206e0adf1ad0f7f6@mail.gmail.com> The title of the page never changes. It's also kind of odd that the MailScanner logo isn't a link back to the home page. Nate From MailScanner at ecs.soton.ac.uk Tue Jun 6 22:04:58 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 6 22:05:08 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <4485E730.5040301@blacknight.ie> References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> <44856ED4.6050309@sbcglobal.net> <4485967D.3080902@gmx.de> <4485AA83.2080103@gmx.de> <4485D6FF.7060303@ecs.soton.ac.uk> <4485E730.5040301@blacknight.ie> Message-ID: <4485EDFA.20607@ecs.soton.ac.uk> Vince Dimanno did all the hard work for us. Please tell him I sent you :-) Michele Neylon :: Blacknight.ie wrote: > Who did the new site? > > A few people have been asking me > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From TGFurnish at herffjones.com Tue Jun 6 21:50:15 2006 From: TGFurnish at herffjones.com (Furnish, Trever G) Date: Tue Jun 6 22:39:35 2006 Subject: Handling spam in DSNs from other sites? Message-ID: <57573D714A832C43B9D80EAFBDA48D0351B5A0@inex3.herffjones.hj-int> I have a feeling I'm missing an obvious answer, but what does everyone suggest for handling DSNs from other sites (not mine) that include spam in the message? The mua's don't care that this is a DSN, they still happily display the spam, and I seem to be getting a *lot* more of these lately. It's been a long day and I'm a bit drugged up with cold medicine at the moment, so if I'm not making my question clear, perhaps this will help? I'm refering to the type of messages that would get me listed here if I were to simply reject them: http://www.rfc-ignorant.org/policy-dsn.php ...and which can contain message parts that include spam. What's the best way to deal with these messages? Hope that they still get tagged as spam and don't treat them specially? Is there some other option? Hmmm...maybe there's a DNSBL for "domains that include too much message body in DSNs"... Thanks in advance for all suggestions. -- Trever Furnish, tgfurnish at herffjones dot com From TGFurnish at herffjones.com Tue Jun 6 22:33:15 2006 From: TGFurnish at herffjones.com (Furnish, Trever G) Date: Tue Jun 6 22:39:37 2006 Subject: MailScanner goes byebyes Message-ID: <57573D714A832C43B9D80EAFBDA48D0351B5A1@inex3.herffjones.hj-int> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Res > Sent: Tuesday, June 06, 2006 4:56 PM > To: MailScanner discussion > Subject: RE: MailScanner goes byebyes > > On Tue, 6 Jun 2006, Furnish, Trever G wrote: > > > > > You might consider waiting till you believe all the mailscanner > > children have stopped processing messages, then attach to > one of the > > children (not the parents) with strace -p to see what's doing. The > > output's not > > That was one of the first things I did, and the last output > from memory was an "unlink", hasnt done it for 2 days now, > but it can go for a few days before happening, then happen > constantly for hours, there was no set pattern. > > > > likely to lead you to any particular spot in the code, but at least > > you should see each child periodically wake up and read the > incoming > > queue directory for files. > > > > Thats just it, no, it was like it was totaly asleep Hmmm... Not to sound too alarming, but that sounds odd enough that I'd be making sure I had recent backups of whatever's important on the system, then start looking for other signs of oddness or hardware/kernel problems. Are the processes ending up in uninterruptible sleep state? Is the process cputime increasing (ps -eo pid,user,cputime,cmd on linux -- geeze I hate that manual page!). From steve.swaney at fsl.com Tue Jun 6 22:45:20 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Tue Jun 6 22:45:25 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <8f54b4330606061349h444ffe1cn923dbfb6a30e916f@mail.gmail.com> Message-ID: <200501c689b2$826af730$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Nathan Olson > Sent: Tuesday, June 06, 2006 4:50 PM > To: MailScanner discussion > Subject: Re: MailScanner ANNOUNCE: New Web Site > > Firefox 1.0.8 on RHEL 4 WS. The whole page shimmies to the left when > you click on Documentation. > > Nate > Firefox 1.0.8 on RHEL 4 WS: Similar setup here and all pages work perfectly. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From glenn.steen at gmail.com Tue Jun 6 23:02:22 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 6 23:02:25 2006 Subject: Handling spam in DSNs from other sites? In-Reply-To: <57573D714A832C43B9D80EAFBDA48D0351B5A0@inex3.herffjones.hj-int> References: <57573D714A832C43B9D80EAFBDA48D0351B5A0@inex3.herffjones.hj-int> Message-ID: <223f97700606061502t1bf4a135tc22a32c0f437f886@mail.gmail.com> On 06/06/06, Furnish, Trever G wrote: > I have a feeling I'm missing an obvious answer, but what does everyone > suggest for handling DSNs from other sites (not mine) that include spam > in the message? The mua's don't care that this is a DSN, they still > happily display the spam, and I seem to be getting a *lot* more of these > lately. > > It's been a long day and I'm a bit drugged up with cold medicine at the > moment, so if I'm not making my question clear, perhaps this will help? > I'm refering to the type of messages that would get me listed here if I > were to simply reject them: > > http://www.rfc-ignorant.org/policy-dsn.php > > ...and which can contain message parts that include spam. What's the > best way to deal with these messages? Hope that they still get tagged > as spam and don't treat them specially? Is there some other option? > Hmmm...maybe there's a DNSBL for "domains that include too much message > body in DSNs"... > > Thanks in advance for all suggestions. > I'm sure others have other views, but ... why treat them any different than any other mail? scan them, tag them, drop them....:-). If they are legitimate, they will pass MS/SA/AVs anyway. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From TGFurnish at herffjones.com Tue Jun 6 23:42:25 2006 From: TGFurnish at herffjones.com (Furnish, Trever G) Date: Wed Jun 7 01:02:34 2006 Subject: Handling spam in DSNs from other sites? Message-ID: <57573D714A832C43B9D80EAFBDA48D0351B5A3@inex3.herffjones.hj-int> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Glenn Steen > Sent: Tuesday, June 06, 2006 6:02 PM > To: MailScanner discussion > Subject: Re: Handling spam in DSNs from other sites? > > On 06/06/06, Furnish, Trever G wrote: > > I have a feeling I'm missing an obvious answer, but what > does everyone > > suggest for handling DSNs from other sites (not mine) that include > > spam in the message? > Glenn Steen wrote: > I'm sure others have other views, but ... why treat them any > different than any other mail? scan them, tag them, drop them....:-). > If they are legitimate, they will pass MS/SA/AVs anyway. > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se Thanks. However, in many cases these are actually getting through. Since the ip address of the sending server isn't the spammer and isn't in the RBLs those checks aren't as helpful as they would've been for the original message. I tend to think these aren't being sent by a spammer who's identified a particular server with the specific intention of using the DSN for delivery, but rather just by a worm that's using my domain addresses as the faked sender address. If a specific server had been targeted, it'd probably end up in a DNSBL. SPF would help with the original message, but of course it does nothing to help with the bounce. From gmane at tippingmar.com Wed Jun 7 01:10:14 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Wed Jun 7 01:11:46 2006 Subject: flock, posix comments in MailScanner.conf Message-ID: I think the comments in MailScanner.conf re flock/posix are wrong: # How to lock spool files. # Don't set this unless you *know* you need to. # For sendmail, it defaults to "posix". # For sendmail 8.12 and older, you will probably need to # change it to flock, particularly on Linux systems. # For Exim, it defaults to "posix". # No other type is implemented. Lock Type = But on my fresh install on Fedora Core 5 I see in maillog: Jun 6 17:01:06 tesla MailScanner[24648]: MailScanner E-Mail Virus Scanner version 4.54.6 starting... Jun 6 17:01:06 tesla MailScanner[24648]: Read 746 hostnames from the phishing whitelist Jun 6 17:01:06 tesla MailScanner[24648]: Using SpamAssassin results cache Jun 6 17:01:06 tesla MailScanner[24648]: Connected to SpamAssassin cache database Jun 6 17:01:07 tesla MailScanner[24648]: I have found clamavmodule scanners installed, and will use them all by default. Jun 6 17:01:08 tesla MailScanner[24648]: Using locktype = flock even though I am using sendmail. It is v8.13 so I will set Lock Type = posix manually. Mark Nienberg From gmane at tippingmar.com Wed Jun 7 01:11:51 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Wed Jun 7 01:15:16 2006 Subject: sophos v5 updating In-Reply-To: <4485E758.2020004@gmx.de> References: <4485E758.2020004@gmx.de> Message-ID: shrek-m@gmx.de wrote: > Mark Nienberg schrieb: >> On the Sophos download website I see that v5 download file is 50Mb, >> while v4 is only 12Mb. I suppose that is because v5 has on-access >> scanning capability, > > and a gui (sav-web), ... > >> If I use v5 will I have to download a 50Mb engine update every month? > > no. > sophos v5 has its own update mechanism. > see "roots crontab" or "/usr/lib/MailScanner/sophos-autoupdate" > `/opt/sophos-av/bin/savupdate` > > # du -sh /opt/sophos-av/update/ > 29M /opt/sophos-av/update/ OK, I'll push on with it then. Thanks for the info. Mark From Jan-Peter.Koopmann at seceidos.de Wed Jun 7 07:00:16 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Wed Jun 7 07:00:33 2006 Subject: Instructions for FreeBSD In-Reply-To: <4485DAF0.3040109@rogers.com> Message-ID: On Tuesday, June 06, 2006 9:44 PM Mike Jakubik wrote: > Ok, i guess the context of the original message got somehow lost. I > don't see how any of this applies to FreeBSD, as its all already > handled nicely by the ports... Same here. Well without the tweaking of the config files of course (loadplugin etc.) but this should be done manually IMHO. If you patch this globally (would not know where exactly btw.) this could break installations on boxes with more than MailScanner on it. Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060607/7518276b/smime.bin From prakash.kannan at in.ness.com Wed Jun 7 06:51:16 2006 From: prakash.kannan at in.ness.com (Prakash) Date: Wed Jun 7 07:05:30 2006 Subject: sendmail In-Reply-To: Message-ID: Hi All, Can some one please send me the installation and configuration guide for sendmail for Solaris? Some pdfs/books on sendmail. Thanks Regards, Prakash _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Prakash Sent: Tuesday, June 06, 2006 1:33 PM To: mailscanner@lists.mailscanner.info Subject: sendmail Hi All, How to change the ip address of new smtp server in sendmail. Basically we had changed our exchange server ip address and need to modify in the sendmail server. Thanks Regards, Prakash Disclaimer This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom it is addressed. If you have received this communication in error, please immediately notify the MailAdmin@in.ness.com and destroy the original message. The recipient should check this email and any attachments for the presence of viruses. Ness has taken every reasonable precaution to minimize this risk, and accepts no liability for any damage caused by any virus transmitted in this email. Ness reserves the rights to monitor and review the content of all messages sent to or from this E-mail address, and store them on the Ness E-mail system. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060607/98af75fe/attachment.html From arturs at netvision.net.il Wed Jun 7 09:30:30 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Wed Jun 7 08:32:07 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: Message-ID: <00e101c68a0c$a33a1090$3701a8c0@lapxp> > Don't know, but remember that childs can sit there *very* > long. (hours) Then I prefer them killed. Best, -- Arthur Sherman +972-52-4878851 CPTeam From arturs at netvision.net.il Wed Jun 7 09:30:30 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Wed Jun 7 08:32:08 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: Message-ID: <00e201c68a0c$a38ff8c0$3701a8c0@lapxp> > It doesn't make sense to kill these, if these *were* children > handling a > connection. You only want to shutdown the queueing processes. Right. But I'd like to be notified that they still are and when they finished. You see, this could sound minor, but I had a hell of hour trying to understand why, or why, clamav-milter didn't work after successful installation and sendmail restarted (to remind you, sendmail is controlled by MailScanner, so basically, MailScanner restarted). I documented to myself to check for existance of sendmail childs next time I built a mailer, although it would be nice if MailScanner could hadnle such things itself - would be neater... Best, -- Arthur Sherman +972-52-4878851 CPTeam From smf at f2s.com Wed Jun 7 08:33:34 2006 From: smf at f2s.com (Steve Freegard) Date: Wed Jun 7 08:33:39 2006 Subject: Handling spam in DSNs from other sites? In-Reply-To: <57573D714A832C43B9D80EAFBDA48D0351B5A3@inex3.herffjones.hj-int> References: <57573D714A832C43B9D80EAFBDA48D0351B5A3@inex3.herffjones.hj-int> Message-ID: <4486814E.7020503@f2s.com> Hi Trever, Furnish, Trever G wrote: > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Glenn Steen >> Sent: Tuesday, June 06, 2006 6:02 PM >> To: MailScanner discussion >> Subject: Re: Handling spam in DSNs from other sites? >> >> On 06/06/06, Furnish, Trever G wrote: >>> I have a feeling I'm missing an obvious answer, but what >> does everyone >>> suggest for handling DSNs from other sites (not mine) that include >>> spam in the message? > >> Glenn Steen wrote: >> I'm sure others have other views, but ... why treat them any >> different than any other mail? scan them, tag them, drop them....:-). >> If they are legitimate, they will pass MS/SA/AVs anyway. >> -- >> -- Glenn >> email: glenn < dot > steen < at > gmail < dot > com >> work: glenn < dot > steen < at > ap1 < dot > se > > Thanks. However, in many cases these are actually getting through. > Since the ip address of the sending server isn't the spammer and isn't > in the RBLs those checks aren't as helpful as they would've been for the > original message. > > I tend to think these aren't being sent by a spammer who's identified a > particular server with the specific intention of using the DSN for > delivery, but rather just by a worm that's using my domain addresses as > the faked sender address. If a specific server had been targeted, it'd > probably end up in a DNSBL. SPF would help with the original message, > but of course it does nothing to help with the bounce. I've been experimenting with some stuff to address this. The problem being that the DSN is being sent to you for a message that never originated at your site. After some investigation I found out that someone else had come up with a clever solution to this: using SRS (part of SPF) to re-write all the envelopes of messages sent from out from your domains (and re-writing all inbound returns) with SRS (which contains a hashed-secret which would be impossible for the spammer to guess). Then you use a milter that rejects any DSNs that are not SRS signed or that are SRS signed and do not have a valid signature. Here's my results so far - this shows all MTA level rejections on my test box: date | greet_p | rbl | relay | uribl | 8bit | dsn_no_srs ------------+---------+-------+-------+-------+------+------------ 2006-06-07 | 135 | 2168 | 263 | 467 | 101 | 82 2006-06-06 | 1389 | 25462 | 1061 | 4456 | 2214 | 1001 2006-06-05 | 1728 | 23948 | 93 | 5111 | 1591 | 1129 There are several down-sides, SRS is 'frowned' upon by some as it has the potential to break the RFCs that state that the local-part field size should be 64 bytes although it does state that an implementation can pick a larger value (also VERP has been doing this for years without issue). The other down-side is that to implement this I had to re-compile Sendmail with -DSOCKETMAP and hack the .cf file as the provided m4 HACK provided didn't work for me (it put the changes in the wrong place). I've also never tried this on a production system. See http://srs-socketmap.info/sendmailsrs.htm for the gory details... Exim users have it slightly better than the Sendmail crowd - see http://srs.mirtol.com/exim.php for details. Before anyone asks -- I couldn't find an implementation for Postfix. Cheers, Steve. From arturs at netvision.net.il Wed Jun 7 10:13:26 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Wed Jun 7 09:15:03 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? Message-ID: <00e601c68a12$a25ce840$3701a8c0@lapxp> Suddenly got confused... Who should do RBL checks: MailScanner or SpamAssassin? spam.assassin.prefs.conf says I am better uncomment skip_rbl_checks and let MailScanner do it. But then I will actually disable Razor and DCC checks, won't i? Enabling in both seems unwise and not recommended. Please your advice. Best, -- Arthur Sherman +972-52-4878851 CPTeam From MailScanner at ecs.soton.ac.uk Wed Jun 7 09:32:14 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 7 09:32:30 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <00e601c68a12$a25ce840$3701a8c0@lapxp> References: <00e601c68a12$a25ce840$3701a8c0@lapxp> Message-ID: On 7 Jun 2006, at 10:13, Arthur Sherman wrote: > > Suddenly got confused... > > Who should do RBL checks: MailScanner or SpamAssassin? Personally I would probably advise you to do it in SpamAssassin as it scores each one very well. > spam.assassin.prefs.conf says I am better uncomment skip_rbl_checks > and let > MailScanner do it. > But then I will actually disable Razor and DCC checks, won't i? Shouldn't disable anything except RBL checks just as the name says. > > Enabling in both seems unwise and not recommended. > > Please your advice. > > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From martinh at solid-state-logic.com Wed Jun 7 09:40:11 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 7 09:40:16 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <200501c689b2$826af730$2901010a@office.fsl> Message-ID: <00fd01c68a0d$fd68a760$3004010a@martinhlaptop> Same effect here - seems the resize on the page causes the effect. (main page on the documentation fits in my screen, others need a vertical scrollbar...) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Stephen Swaney > Sent: 06 June 2006 22:45 > To: 'MailScanner discussion' > Subject: RE: MailScanner ANNOUNCE: New Web Site > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Nathan Olson > > Sent: Tuesday, June 06, 2006 4:50 PM > > To: MailScanner discussion > > Subject: Re: MailScanner ANNOUNCE: New Web Site > > > > Firefox 1.0.8 on RHEL 4 WS. The whole page shimmies to the left when > > you click on Documentation. > > > > Nate > > > Firefox 1.0.8 on RHEL 4 WS: > > Similar setup here and all pages work perfectly. > > Steve > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Wed Jun 7 09:42:51 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 7 09:42:58 2006 Subject: sendmail In-Reply-To: Message-ID: <010701c68a0e$5c7a6c20$3004010a@martinhlaptop> Prakesh Have a look on sun.com (http://www.sun.com/bigadmin/home/index.html) for solaris specific stuff (it's still the default MTA anyway). General book it the O'rielly "bat" book on Sendmail. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Prakash > Sent: 07 June 2006 06:51 > To: 'MailScanner discussion' > Subject: RE: sendmail > > Hi All, > > > > Can some one please send me the installation and configuration guide for > sendmail for Solaris? > > Some pdfs/books on sendmail. > > > > Thanks Regards, > > Prakash > > > > > > > > > > > > ________________________________ > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Prakash > Sent: Tuesday, June 06, 2006 1:33 PM > To: mailscanner@lists.mailscanner.info > Subject: sendmail > > > > Hi All, > > > > How to change the ip address of new smtp server in sendmail. > > > > Basically we had changed our exchange server ip address and need to modify > in the sendmail server. > > > > > > Thanks Regards, > > Prakash > > > > Disclaimer > > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom it is addressed. If > you have received this communication in error, please immediately notify > the MailAdmin@in.ness.com and destroy the original message. The recipient > should check this email and any attachments for the presence of viruses. > Ness has taken every reasonable precaution to minimize this risk, and > accepts no liability for any damage caused by any virus transmitted in > this email. Ness reserves the rights to monitor and review the content of > all messages sent to or from this E-mail address, and store them on the > Ness E-mail system. > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Wed Jun 7 09:45:25 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 7 09:45:31 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <00e601c68a12$a25ce840$3701a8c0@lapxp> Message-ID: <010801c68a0e$b89d2740$3004010a@martinhlaptop> Arthur Best to do it SA, then it adds to the scores. I turn most of them off by giving a zero score in my spam.assassin.prefs.conf, only keeping a couple RBLs to reduce DNS lookup time and false positives. AS Jules says the other network tests (DCC etc) are switchable individually as these aren't RBLs! -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Arthur Sherman > Sent: 07 June 2006 10:13 > To: 'MailScanner discussion' > Subject: Who does RBL checks - MailScanner or SpamAssassin? > > > Suddenly got confused... > > Who should do RBL checks: MailScanner or SpamAssassin? > > spam.assassin.prefs.conf says I am better uncomment skip_rbl_checks and > let > MailScanner do it. > But then I will actually disable Razor and DCC checks, won't i? > > Enabling in both seems unwise and not recommended. > > Please your advice. > > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From nauman at worldcall.net.pk Wed Jun 7 09:47:02 2006 From: nauman at worldcall.net.pk (Muhammad Nauman) Date: Wed Jun 7 09:47:09 2006 Subject: Mailscanner stopped, sendmail running... References: <00e101c68a0c$a33a1090$3701a8c0@lapxp> Message-ID: <021d01c68a0e$f44d7510$23c051cb@noc> I m Having the same problem as well infact my MailScanner is using too many MEMORY i just installed 1 GB Ram last night and its utilizing it too . i have set my MAILSCANNER.conf to creat 5 child process for MailScanner but this is now getting hard to control - the server is relaying almost 60,000 to 80,000 mails daily. Can Any one help me fine tune the server. >> Don't know, but remember that childs can sit there *very* >> long. (hours) > Arthur Sherman Thanks and regards, M.Nauman Habib Network Engineer ICT Department WorldCALL Multimedia Pvt Ltd 16-S Gulberg II Lahore, Pakistan Off: 92 (42) 5877051-55 Cell : 0321-4311830 -- This message has been scanned for viruses and dangerous content by WorldCall Scanner, and is believed to be clean. From martinh at solid-state-logic.com Wed Jun 7 10:09:32 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 7 10:09:42 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <021d01c68a0e$f44d7510$23c051cb@noc> Message-ID: <014501c68a12$171563c0$3004010a@martinhlaptop> Have you read the documentation on tuning? http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips use of memory isn't a problem (*nix will use spare memory as filesystem cache so when all the memory's used its not a bad sign). What is a bad sign is high levels of swapping. 80k messages isn't high. How many CPUs have you got are any of these HT or dual core? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Muhammad Nauman > Sent: 07 June 2006 09:47 > To: MailScanner discussion > Subject: Re: Mailscanner stopped, sendmail running... > > I m Having the same problem as well > > infact my MailScanner is using too many MEMORY > > i just installed 1 GB Ram last night and its utilizing it too . > > i have set my MAILSCANNER.conf to creat 5 child process for MailScanner > > but this is now getting hard to control - the server is relaying almost > 60,000 to 80,000 mails daily. > > Can Any one help me fine tune the server. > > > > >> Don't know, but remember that childs can sit there *very* > >> long. (hours) > > Arthur Sherman > > > Thanks and regards, > M.Nauman Habib > Network Engineer > ICT Department > WorldCALL Multimedia Pvt Ltd > 16-S Gulberg II Lahore, Pakistan > Off: 92 (42) 5877051-55 > Cell : 0321-4311830 > > > -- > This message has been scanned for viruses and > dangerous content by WorldCall Scanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From arturs at netvision.net.il Wed Jun 7 11:08:50 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Wed Jun 7 10:10:27 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <010801c68a0e$b89d2740$3004010a@martinhlaptop> Message-ID: <00ec01c68a1a$5fc533e0$3701a8c0@lapxp> Hi, > I turn most of them off by giving a zero score in my > spam.assassin.prefs.conf, only keeping a couple RBLs to > reduce DNS lookup > time and false positives. Could you post which ones? Btw, thank you, guys, for your prompt help. Best, -- Arthur Sherman +972-52-4878851 CPTeam From arturs at netvision.net.il Wed Jun 7 11:14:15 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Wed Jun 7 10:15:52 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: Message-ID: <00ed01c68a1b$21ac06f0$3701a8c0@lapxp> Hi Julian, > Personally I would probably advise you to do it in > SpamAssassin as it > scores each one very well. Then I should set 'Spam List =' to empty in MailScanner.conf, right? Best, -- Arthur Sherman +972-52-4878851 CPTeam From martinh at solid-state-logic.com Wed Jun 7 10:23:30 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 7 10:23:37 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <00ec01c68a1a$5fc533e0$3701a8c0@lapxp> Message-ID: <014601c68a14$0a437590$3004010a@martinhlaptop> Arthur Here's my extract.. #score __RCVD_IN_SBL_XBL 0.0 score RCVD_IN_SBL 0.0 score RCVD_IN_XBL 0.0 score __RCVD_IN_NJABL 0.0 score RCVD_IN_NJABL_DUL 0.0 score RCVD_IN_NJABL_MULTI 0.0 score RCVD_IN_NJABL_PROXY 0.0 score RCVD_IN_NJABL_RELAY 0.0 score RCVD_IN_NJABL_SPAM 0.0 score RCVD_IN_NJABL_CGI 0.0 #score __RCVD_IN_SORBS 0.0 score RCVD_IN_SORBS_HTTP 0.0 score RCVD_IN_SORBS_MISC 0.0 score RCVD_IN_SORBS_SMTP 0.0 score RCVD_IN_SORBS_SOCKS 0.0 score RCVD_IN_SORBS_WEB 0.0 score RCVD_IN_SORBS_BLOCK 0.0 score RCVD_IN_SORBS_ZOMBIE 0.0 score RCVD_IN_SORBS_DUL 0.0 score __RFC_IGNORANT_ENVFROM 0.0 score DNS_FROM_RFC_DSN 0.0 score DNS_FROM_RFC_POST 0.0 score DNS_FROM_RFC_ABUSE 0.0 score DNS_FROM_RFC_WHOIS 0.0 score DNS_FROM_RFC_BOGUSMX 0.0 score RCVD_IN_DSBL 0.0 score DNS_FROM_AHBL_RHSBL 0.0 #score HABEAS_INFRINGER 0.0 #score HABEAS_USER 0.0 score RCVD_IN_BSP_TRUSTED 0.0 score RCVD_IN_BSP_OTHER 0.0 #score __SENDERBASE 0.0 #score SB_NEW_BULK 0.0 #score SB_NSP_VOLUME_SPIKE 0.0 #core RCVD_IN_RSL 0.0 score RCVD_IN_MAPS_RBL 0.0 score RCVD_IN_MAPS_DUL 0.0 score RCVD_IN_MAPS_RSS 0.0 score RCVD_IN_SORBS_MISC 0.0 score RCVD_IN_SORBS_SMTP 0.0 score RCVD_IN_SORBS_SOCKS 0.0 score RCVD_IN_SORBS_WEB 0.0 score RCVD_IN_SORBS_BLOCK 0.0 score RCVD_IN_SORBS_ZOMBIE 0.0 score RCVD_IN_SORBS_DUL 0.0 score __RFC_IGNORANT_ENVFROM 0.0 score DNS_FROM_RFC_DSN 0.0 score DNS_FROM_RFC_POST 0.0 score DNS_FROM_RFC_ABUSE 0.0 score DNS_FROM_RFC_WHOIS 0.0 score DNS_FROM_RFC_BOGUSMX 0.0 score RCVD_IN_DSBL 0.0 score DNS_FROM_AHBL_RHSBL 0.0 #score HABEAS_INFRINGER 0.0 #score HABEAS_USER 0.0 score RCVD_IN_BSP_TRUSTED 0.0 score RCVD_IN_BSP_OTHER 0.0 #score __SENDERBASE 0.0 #score SB_NEW_BULK 0.0 #score SB_NSP_VOLUME_SPIKE 0.0 #core RCVD_IN_RSL 0.0 score RCVD_IN_MAPS_RBL 0.0 score RCVD_IN_MAPS_DUL 0.0 score RCVD_IN_MAPS_RSS 0.0 score RCVD_IN_MAPS_NML 0.0 score RCVD_IN_BL_SPAMCOP_NET 4 Note I bump the score for spamcop as well.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Arthur Sherman > Sent: 07 June 2006 11:09 > To: 'MailScanner discussion' > Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? > > Hi, > > > I turn most of them off by giving a zero score in my > > spam.assassin.prefs.conf, only keeping a couple RBLs to > > reduce DNS lookup > > time and false positives. > > Could you post which ones? > > Btw, thank you, guys, for your prompt help. > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From arturs at netvision.net.il Wed Jun 7 11:30:11 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Wed Jun 7 10:31:48 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <014601c68a14$0a437590$3004010a@martinhlaptop> Message-ID: <00ef01c68a1d$5b2d06c0$3701a8c0@lapxp> > Arthur > > Here's my extract.. > > #score __RCVD_IN_SBL_XBL 0.0 > score RCVD_IN_SBL 0.0 > score RCVD_IN_XBL 0.0 > score __RCVD_IN_NJABL 0.0 > score RCVD_IN_NJABL_DUL 0.0 > score RCVD_IN_NJABL_MULTI 0.0 > score RCVD_IN_NJABL_PROXY 0.0 > score RCVD_IN_NJABL_RELAY 0.0 > score RCVD_IN_NJABL_SPAM 0.0 > score RCVD_IN_NJABL_CGI 0.0 > #score __RCVD_IN_SORBS 0.0 > score RCVD_IN_SORBS_HTTP 0.0 > score RCVD_IN_SORBS_MISC 0.0 > score RCVD_IN_SORBS_SMTP 0.0 > score RCVD_IN_SORBS_SOCKS 0.0 > score RCVD_IN_SORBS_WEB 0.0 > score RCVD_IN_SORBS_BLOCK 0.0 > score RCVD_IN_SORBS_ZOMBIE 0.0 > score RCVD_IN_SORBS_DUL 0.0 > score __RFC_IGNORANT_ENVFROM 0.0 > score DNS_FROM_RFC_DSN 0.0 > score DNS_FROM_RFC_POST 0.0 > score DNS_FROM_RFC_ABUSE 0.0 > score DNS_FROM_RFC_WHOIS 0.0 > score DNS_FROM_RFC_BOGUSMX 0.0 > score RCVD_IN_DSBL 0.0 > score DNS_FROM_AHBL_RHSBL 0.0 > #score HABEAS_INFRINGER 0.0 > #score HABEAS_USER 0.0 > score RCVD_IN_BSP_TRUSTED 0.0 > score RCVD_IN_BSP_OTHER 0.0 > #score __SENDERBASE 0.0 > #score SB_NEW_BULK 0.0 > #score SB_NSP_VOLUME_SPIKE 0.0 > #core RCVD_IN_RSL 0.0 > score RCVD_IN_MAPS_RBL 0.0 > score RCVD_IN_MAPS_DUL 0.0 > score RCVD_IN_MAPS_RSS 0.0 > score RCVD_IN_SORBS_MISC 0.0 > score RCVD_IN_SORBS_SMTP 0.0 > score RCVD_IN_SORBS_SOCKS 0.0 > score RCVD_IN_SORBS_WEB 0.0 > score RCVD_IN_SORBS_BLOCK 0.0 > score RCVD_IN_SORBS_ZOMBIE 0.0 > score RCVD_IN_SORBS_DUL 0.0 > score __RFC_IGNORANT_ENVFROM 0.0 > score DNS_FROM_RFC_DSN 0.0 > score DNS_FROM_RFC_POST 0.0 > score DNS_FROM_RFC_ABUSE 0.0 > score DNS_FROM_RFC_WHOIS 0.0 > score DNS_FROM_RFC_BOGUSMX 0.0 > score RCVD_IN_DSBL 0.0 > score DNS_FROM_AHBL_RHSBL 0.0 > #score HABEAS_INFRINGER 0.0 > #score HABEAS_USER 0.0 > score RCVD_IN_BSP_TRUSTED 0.0 > score RCVD_IN_BSP_OTHER 0.0 > #score __SENDERBASE 0.0 > #score SB_NEW_BULK 0.0 > #score SB_NSP_VOLUME_SPIKE 0.0 > #core RCVD_IN_RSL 0.0 > score RCVD_IN_MAPS_RBL 0.0 > score RCVD_IN_MAPS_DUL 0.0 > score RCVD_IN_MAPS_RSS 0.0 > score RCVD_IN_MAPS_NML 0.0 > score RCVD_IN_BL_SPAMCOP_NET 4 > > Note I bump the score for spamcop as well.... Thank you, Martin. Are those all free services? Best, -- Arthur Sherman +972-52-4878851 CPTeam From martinh at solid-state-logic.com Wed Jun 7 10:34:18 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 7 10:34:32 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <00ed01c68a1b$21ac06f0$3701a8c0@lapxp> Message-ID: <014701c68a15$8c7baea0$3004010a@martinhlaptop> Arthur Correct -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Arthur Sherman > Sent: 07 June 2006 11:14 > To: 'MailScanner discussion' > Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? > > Hi Julian, > > > Personally I would probably advise you to do it in > > SpamAssassin as it > > scores each one very well. > > Then I should set 'Spam List =' to empty in MailScanner.conf, right? > > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From res at ausics.net Wed Jun 7 10:41:47 2006 From: res at ausics.net (Res) Date: Wed Jun 7 10:41:53 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <00e601c68a12$a25ce840$3701a8c0@lapxp> References: <00e601c68a12$a25ce840$3701a8c0@lapxp> Message-ID: On Wed, 7 Jun 2006, Arthur Sherman wrote: > > Suddenly got confused... > > Who should do RBL checks: MailScanner or SpamAssassin? Neither, the MTA should do it. > > spam.assassin.prefs.conf says I am better uncomment skip_rbl_checks and let > MailScanner do it. > But then I will actually disable Razor and DCC checks, won't i? > > Enabling in both seems unwise and not recommended. > > Please your advice. > > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > > -- Cheers Res From martinh at solid-state-logic.com Wed Jun 7 10:47:26 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 7 10:47:38 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: Message-ID: <014c01c68a17$6242be60$3004010a@martinhlaptop> Res Yes that's another option, but I find this type of blacklist give too many false positives. I prefer to get SA to do it, and merely add to the spam score. My MTA rejects unknown email addresses (which gives another risk, but I find it less risky the the RBL route), and I drop over 2/3s of my traffice that way. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Res > Sent: 07 June 2006 10:42 > To: MailScanner discussion > Subject: Re: Who does RBL checks - MailScanner or SpamAssassin? > > On Wed, 7 Jun 2006, Arthur Sherman wrote: > > > > > Suddenly got confused... > > > > Who should do RBL checks: MailScanner or SpamAssassin? > > Neither, the MTA should do it. > > > > > spam.assassin.prefs.conf says I am better uncomment skip_rbl_checks and > let > > MailScanner do it. > > But then I will actually disable Razor and DCC checks, won't i? > > > > Enabling in both seems unwise and not recommended. > > > > Please your advice. > > > > > > Best, > > > > -- > > Arthur Sherman > > > > +972-52-4878851 > > CPTeam > > > > > > -- > Cheers > Res > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From res at ausics.net Wed Jun 7 10:48:46 2006 From: res at ausics.net (Res) Date: Wed Jun 7 10:48:52 2006 Subject: MailScanner goes byebyes In-Reply-To: <57573D714A832C43B9D80EAFBDA48D0351B5A1@inex3.herffjones.hj-int> References: <57573D714A832C43B9D80EAFBDA48D0351B5A1@inex3.herffjones.hj-int> Message-ID: On Tue, 6 Jun 2006, Furnish, Trever G wrote: > Hmmm... Not to sound too alarming, but that sounds odd enough that I'd > be making sure I had recent backups of whatever's important on the all servers in the data center are backed up nightly so no problem with that. > system, then start looking for other signs of oddness or hardware/kernel > problems. Are the processes ending up in uninterruptible sleep state? > Is the process cputime increasing (ps -eo pid,user,cputime,cmd on linux > -- geeze I hate that manual page!). > nothing else is out of place, thats whats so crazy. 3 days now since last time, i guess murphy law wil come into play and it'll screw up on saturday :) -- Cheers Res From res at ausics.net Wed Jun 7 10:55:59 2006 From: res at ausics.net (Res) Date: Wed Jun 7 10:56:03 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <014c01c68a17$6242be60$3004010a@martinhlaptop> References: <014c01c68a17$6242be60$3004010a@martinhlaptop> Message-ID: Hi Martin, On Wed, 7 Jun 2006, Martin Hepworth wrote: > Res > > Yes that's another option, but I find this type of blacklist give too many > false positives. I prefer to get SA to do it, and merely add to the spam > score. Ever tried running S.A on servers that do serious work, and want your mail out of the queue and delivered the same week ? :) (I do run SA on the machines that can handle it though, but thats like 2 out of many) I use SORBS, spamhaus and spamcop, I trust them pretty much, SORBS can be an issue with hotmail at times, when it gets to level 2 complaint level we remove SORBS until its cleared up. I rather not waste any more resources on privacy invading dweebs than I have to, hence why I prefere MTA. > -- Cheers Res From dhawal at netmagicsolutions.com Wed Jun 7 11:23:32 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Jun 7 11:23:43 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: <014c01c68a17$6242be60$3004010a@martinhlaptop> Message-ID: <4486A924.5090502@netmagicsolutions.com> Res wrote: > Hi Martin, > > On Wed, 7 Jun 2006, Martin Hepworth wrote: > >> Res >> >> Yes that's another option, but I find this type of blacklist give too >> many >> false positives. I prefer to get SA to do it, and merely add to the spam >> score. > > Ever tried running S.A on servers that do serious work, and want your > mail out of the queue and delivered the same week ? :) > (I do run SA on the machines that can handle it though, but thats like 2 > out of many) Most of us run servers that pretty much do serious work ;-).. to each his/her way. You can use RBLs at: MTA: Very effective, but prone to false positives.. at times RBLs get over enthusiastic causing collateral damage. Point in case SORBS blocking hotmail and spamcop blocking yahoo/gmail MailScanner: Haven't tried this one. SpamAssassin: Best way to use RBLs as per my POV.. the bad part being that mails originating from ROKSO (spamhaus) are accepted and then tagged. I use it at: 1. The MTA level (spamhaus+spamcop+dsbl) and am quite aware of the FPs but that is something we (me and my customers) are ready to live with. 2. A ton others are used at the SA level as Martin hinted. 3. We also run a few RBLs of our own to take care of my country specific abusers. - dhawal > I use SORBS, spamhaus and spamcop, I trust them pretty much, SORBS can > be an issue with hotmail at times, when it gets to level 2 complaint > level we remove SORBS until its cleared up. I rather not waste any more > resources on privacy invading dweebs than I have to, hence why I prefere > MTA. From Howard at harper-adams.ac.uk Wed Jun 7 11:43:42 2006 From: Howard at harper-adams.ac.uk (Howard Robinson) Date: Wed Jun 7 11:44:34 2006 Subject: caused an error: The main body of virus data is out of date(542) Message-ID: Dear list members I have had all email marked as a virus with the above message. I had a trawl and sure enough I had forgotten to update Sophos. I have done this and mail is now going in and out again. I had to be today when I had doctors appointment so was late in!!! Any way is there a quick method of releasing all the blocked emails from quarantine or do I have to do each one separately? I want to resubmit them ideally so that 'real' viruses are still caught? Any help appreciated. Regards Howard Robinson, (Senior Technical Development Officer), Harper Adams University College, Edgmond, Newport, Shropshire , TF10 8NB. Tel. Direct 01952 815253 Tel. Switch Board 01952 820280 Fax 01952 814783 Email hrobinson@harper-adams.ac.uk Web www.harper-adams.ac.uk From shuttlebox at gmail.com Wed Jun 7 12:53:25 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Jun 7 12:53:28 2006 Subject: sendmail In-Reply-To: References: Message-ID: <625385e30606070453l477c06d3i36db51459cfe26b7@mail.gmail.com> On 6/7/06, Prakash wrote: > > Can some one please send me the installation and configuration guide for > sendmail for Solaris? > > Some pdfs/books on sendmail. > This guy has a lot of good stuff on his site. http://www.brandonhutchinson.com This link might be what you're looking for: http://www.brandonhutchinson.com/Configuring_the_Solaris-supplied_version_of_Sendmail.html -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060607/c9af73af/attachment.html From lhaig at haigmail.com Wed Jun 7 13:01:11 2006 From: lhaig at haigmail.com (Lance Haig) Date: Wed Jun 7 13:01:34 2006 Subject: Instructions for FreeBSD In-Reply-To: References: Message-ID: <4486C007.6010004@haigmail.com> Please excuse me being vague, I will try the new port and let you know. Thanks Lance Koopmann, Jan-Peter wrote: > > On Dienstag, 6. Juni 2006 12:11 Lance Haig wrote: > > > I will wait for the new one to be released and then try installing it. > > Should be there already. > > > I had quite a bit of trouble the last time I tried the normal and the > > devel versions > > What kind of trouble? > > Kind regards, > JP > > > -- > This message has been scanned for viruses and > dangerous content by *Red Armour MailScanner* > , and is > believed to be clean. > -- *Lance Haig* Director *Work:* 07967967108 *Mobile:* 07967967108 *Email:* lhaig@haigmail.com *http://www.linkedin.com/in/lancehaig * * * *HaigMail dot Com* See who we know in common Want a signature like this? -------------- next part -------------- Skipped content of type multipart/related From nirnimesh at students.iiit.ac.in Wed Jun 7 14:41:02 2006 From: nirnimesh at students.iiit.ac.in (Nirnimesh) Date: Wed Jun 7 14:41:15 2006 Subject: virus checker failed with real error Message-ID: <4486D76E.109@students.iiit.ac.in> I'm using MailScanner-4.54.6-1 with clamav-0.88.2. When the virus checks is enabled, I get the following error in the maillog. MailScanner[2895]: Commercial virus checker failed with real error: syslog: expecting argument $format at /usr/lib/MailScanner/MailScanner/Log.pm line 143 Please Help -- Nirnimesh From martinh at solid-state-logic.com Wed Jun 7 14:46:01 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 7 14:46:08 2006 Subject: caused an error: The main body of virus data is out ofdate(542) In-Reply-To: Message-ID: <01aa01c68a38$b6b8bdc0$3004010a@martinhlaptop> Howard How are the quarantine files storesd? If they are MTA mail queue format it's easy enough to copy them back into the incoming MTA queue directory (not sure if will work happily with qmail or postfix though as the filename are based on the inode number).. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Howard Robinson > Sent: 07 June 2006 11:44 > To: mailscanner@lists.mailscanner.info > Subject: caused an error: The main body of virus data is out ofdate(542) > > Dear list members > I have had all email marked as a virus with the above message. > I had a trawl and sure enough I had forgotten to update Sophos. > I have done this and mail is now going in and out again. > I had to be today when I had doctors appointment so was late in!!! > Any way is there a quick method of releasing all the blocked emails from > quarantine or do I have to do each one separately? > I want to resubmit them ideally so that 'real' viruses are still caught? > > Any help appreciated. > > > > Regards > > Howard Robinson, > (Senior Technical Development Officer), > Harper Adams University College, > Edgmond, > Newport, > Shropshire , > TF10 8NB. > > Tel. Direct 01952 815253 > Tel. Switch Board 01952 820280 > Fax 01952 814783 > Email hrobinson@harper-adams.ac.uk > Web www.harper-adams.ac.uk > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Wed Jun 7 14:55:01 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 7 14:55:07 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: Message-ID: <01ab01c68a39$f8d67110$3004010a@martinhlaptop> Res Nope - my SA/MS machine is a gateway machine and dedicated to the task - if that machine gets compromised (hey its connected to the internet) I don't loose anything else. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Res > Sent: 07 June 2006 10:56 > To: MailScanner discussion > Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? > > Hi Martin, > > On Wed, 7 Jun 2006, Martin Hepworth wrote: > > > Res > > > > Yes that's another option, but I find this type of blacklist give too > many > > false positives. I prefer to get SA to do it, and merely add to the spam > > score. > > Ever tried running S.A on servers that do serious work, and want your mail > out of the queue and delivered the same week ? :) > (I do run SA on the machines that can handle it though, but thats like 2 > out of many) > > I use SORBS, spamhaus and spamcop, I trust them pretty much, SORBS can be > an issue with hotmail at times, when it gets to level 2 complaint level we > remove SORBS until its cleared up. I rather not waste any more resources > on privacy invading dweebs than I have to, hence why I prefere MTA. > > > > > -- > Cheers > Res > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From Howard at harper-adams.ac.uk Wed Jun 7 15:18:23 2006 From: Howard at harper-adams.ac.uk (Howard Robinson) Date: Wed Jun 7 15:19:16 2006 Subject: caused an error: The main body of virus data is out ofdate(542) Message-ID: Hi Martin I have dfk* and qfk* files in each directory for each message in quarantine - some 24K messages! Looking at the sendmail /var/spool/mqueue it has these both dfk and qfk files but I would like to have these rescanned so is it just a case of coping them to mqueue.in instead? If so I'll have a go at a script to do this. Thanks >>> martinh@solid-state-logic.com 07/06/2006 14:46:01 >>> Howard How are the quarantine files storesd? If they are MTA mail queue format it's easy enough to copy them back into the incoming MTA queue directory (not sure if will work happily with qmail or postfix though as the filename are based on the inode number).. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Howard Robinson > Sent: 07 June 2006 11:44 > To: mailscanner@lists.mailscanner.info > Subject: caused an error: The main body of virus data is out ofdate(542) > > Dear list members > I have had all email marked as a virus with the above message. > I had a trawl and sure enough I had forgotten to update Sophos. > I have done this and mail is now going in and out again. > I had to be today when I had doctors appointment so was late in!!! > Any way is there a quick method of releasing all the blocked emails from > quarantine or do I have to do each one separately? > I want to resubmit them ideally so that 'real' viruses are still caught? > > Any help appreciated. > > > > Regards > > Howard Robinson, > (Senior Technical Development Officer), > Harper Adams University College, > Edgmond, > Newport, > Shropshire , > TF10 8NB. > > Tel. Direct 01952 815253 > Tel. Switch Board 01952 820280 > Fax 01952 814783 > Email hrobinson@harper-adams.ac.uk > Web www.harper-adams.ac.uk > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From martinh at solid-state-logic.com Wed Jun 7 15:36:44 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 7 15:36:53 2006 Subject: caused an error: The main body of virus data is out ofdate(542) In-Reply-To: Message-ID: <01b901c68a3f$cc97c8f0$3004010a@martinhlaptop> Howard Yesy just copy them back to the mqueue.in dir.....(make sure ownership is ok, and of course it may take a little while to process 24k messages ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Howard Robinson > Sent: 07 June 2006 15:18 > To: mailscanner@lists.mailscanner.info > Subject: RE: caused an error: The main body of virus data is out > ofdate(542) > > > Hi Martin > I have dfk* and qfk* files in each directory for each message in > quarantine - some 24K messages! > Looking at the sendmail /var/spool/mqueue it has these both dfk and qfk > files but I would like to have these rescanned so is it just a case of > coping them to mqueue.in instead? > If so I'll have a go at a script to do this. > Thanks > > > >>> martinh@solid-state-logic.com 07/06/2006 14:46:01 >>> > Howard > > How are the quarantine files storesd? If they are MTA mail queue format > it's > easy enough to copy them back into the incoming MTA queue directory (not > sure if will work happily with qmail or postfix though as the filename are > based on the inode number).. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Howard Robinson > > Sent: 07 June 2006 11:44 > > To: mailscanner@lists.mailscanner.info > > Subject: caused an error: The main body of virus data is out ofdate(542) > > > > Dear list members > > I have had all email marked as a virus with the above message. > > I had a trawl and sure enough I had forgotten to update Sophos. > > I have done this and mail is now going in and out again. > > I had to be today when I had doctors appointment so was late in!!! > > Any way is there a quick method of releasing all the blocked emails from > > quarantine or do I have to do each one separately? > > I want to resubmit them ideally so that 'real' viruses are still caught? > > > > Any help appreciated. > > > > > > > > Regards > > > > Howard Robinson, > > (Senior Technical Development Officer), > > Harper Adams University College, > > Edgmond, > > Newport, > > Shropshire , > > TF10 8NB. > > > > Tel. Direct 01952 815253 > > Tel. Switch Board 01952 820280 > > Fax 01952 814783 > > Email hrobinson@harper-adams.ac.uk > > Web www.harper-adams.ac.uk > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From ugob at camo-route.com Wed Jun 7 15:43:09 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Wed Jun 7 15:43:58 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <00e601c68a12$a25ce840$3701a8c0@lapxp> References: <00e601c68a12$a25ce840$3701a8c0@lapxp> Message-ID: Arthur Sherman wrote: > Suddenly got confused... > > Who should do RBL checks: MailScanner or SpamAssassin? > > spam.assassin.prefs.conf says I am better uncomment skip_rbl_checks and let > MailScanner do it. > But then I will actually disable Razor and DCC checks, won't i? > > Enabling in both seems unwise and not recommended. > > Please your advice. > http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:rbls:all:recommendations > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > From prakash.kannan at in.ness.com Wed Jun 7 15:54:48 2006 From: prakash.kannan at in.ness.com (Prakash) Date: Wed Jun 7 16:05:15 2006 Subject: sendmail In-Reply-To: <625385e30606070453l477c06d3i36db51459cfe26b7@mail.gmail.com> Message-ID: Thank you peter will get back to you if i face some problem _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shuttlebox Sent: Wednesday, June 07, 2006 5:23 PM To: MailScanner discussion Subject: Re: sendmail On 6/7/06, Prakash wrote: Can some one please send me the installation and configuration guide for sendmail for Solaris? Some pdfs/books on sendmail. This guy has a lot of good stuff on his site. http://www.brandonhutchinson.com This link might be what you're looking for: http://www.brandonhutchinson.com/Configuring_the_Solaris-supplied_version_of _Sendmail.html -- /peter Disclaimer This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom it is addressed. If you have received this communication in error, please immediately notify the MailAdmin@in.ness.com and destroy the original message. The recipient should check this email and any attachments for the presence of viruses. Ness has taken every reasonable precaution to minimize this risk, and accepts no liability for any damage caused by any virus transmitted in this email. Ness reserves the rights to monitor and review the content of all messages sent to or from this E-mail address, and store them on the Ness E-mail system. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060607/877aec66/attachment.html From lshaw at emitinc.com Wed Jun 7 16:14:40 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Wed Jun 7 16:14:49 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: <00e601c68a12$a25ce840$3701a8c0@lapxp> Message-ID: On Wed, 7 Jun 2006, Res wrote: > On Wed, 7 Jun 2006, Arthur Sherman wrote: >> Who should do RBL checks: MailScanner or SpamAssassin? > Neither, the MTA should do it. That depends on your policy on what you do with spam. Do you tag it, or do you delete it? At my site, we have basically a no-delete policy; spams are tagged and passed through. This approach gives the users more work (have to set up a filter) but more control. Therefore, in our case, it does little good to filter anything at the MTA level. We're not going to reject it at that point, so the spam will have to go through all the stages (local delivery, POP3 download, etc.) so it saves no work and just adds complication. If you are going to reject it, though, things are different. So in general, if you reject messages, you probably want to do so as early as possible. But if you tag them only, it doesn't really matter much when you do it. The one complication here is that with a tag-only delivery policy, there still is one reason it'd be nice if the MTA could know if the message is spam: it would be helpful to avoid sending bounce messages against undeliverable messages if the messages are spam. They are usually from forged e-mail addresses anyway, so the bounces do no good and just end up wasting resources. - Logan From stork at openenterprise.ca Wed Jun 7 16:38:22 2006 From: stork at openenterprise.ca (Johnny Stork) Date: Wed Jun 7 16:38:52 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <014701c68a15$8c7baea0$3004010a@martinhlaptop> Message-ID: Sorry of this may have been covered elsewhere. I have been following this thread and agree with the logic so would like to try the changes, remove RBL checking from MailScanner and enable in SA. Could someoen pelase list what I change/comment-out in mailscanner.conf, and what I need to add/edit in spam.assassing.prefs.conf...there are bits and peices in this thread, but I want to ensure I have everything. So far I think I have: MailScanner.conf: Change the following.... # This is the list of spam blacklists (RBLs) which you are using. # See the "Spam List Definitions" file for more information about what # you can put here. # This can also be the filename of a ruleset. Spam List = ORDB-RBL SBL+XBL SPAMHAUS NJABL BLITZED CBL DSBL UCEL1 to .... # This is the list of spam blacklists (RBLs) which you are using. # See the "Spam List Definitions" file for more information about what # you can put here. # This can also be the filename of a ruleset. # Spam List = ORDB-RBL SBL+XBL SPAMHAUS NJABL BLITZED CBL DSBL UCEL1 spam.assassin.prefs.conf: Change the following.... #score RCVD_IN_BL_SPAMCOP_NET 4 # These next 3 will cost you money, see mailscanner.conf. #score RCVD_IN_RBL 10 #score RCVD_IN_RSS 1 #score RCVD_IN_DUL 1 to .... #score __RCVD_IN_SBL_XBL 0.0 score RCVD_IN_SBL 0.0 score RCVD_IN_XBL 0.0 score __RCVD_IN_NJABL 0.0 score RCVD_IN_NJABL_DUL 0.0 score RCVD_IN_NJABL_MULTI 0.0 score RCVD_IN_NJABL_PROXY 0.0 score RCVD_IN_NJABL_RELAY 0.0 score RCVD_IN_NJABL_SPAM 0.0 score RCVD_IN_NJABL_CGI 0.0 #score __RCVD_IN_SORBS 0.0 score RCVD_IN_SORBS_HTTP 0.0 score RCVD_IN_SORBS_MISC 0.0 score RCVD_IN_SORBS_SMTP 0.0 score RCVD_IN_SORBS_SOCKS 0.0 score RCVD_IN_SORBS_WEB 0.0 score RCVD_IN_SORBS_BLOCK 0.0 score RCVD_IN_SORBS_ZOMBIE 0.0 score RCVD_IN_SORBS_DUL 0.0 score __RFC_IGNORANT_ENVFROM 0.0 score DNS_FROM_RFC_DSN 0.0 score DNS_FROM_RFC_POST 0.0 score DNS_FROM_RFC_ABUSE 0.0 score DNS_FROM_RFC_WHOIS 0.0 score DNS_FROM_RFC_BOGUSMX 0.0 score RCVD_IN_DSBL 0.0 score DNS_FROM_AHBL_RHSBL 0.0 #score HABEAS_INFRINGER 0.0 #score HABEAS_USER 0.0 score RCVD_IN_BSP_TRUSTED 0.0 score RCVD_IN_BSP_OTHER 0.0 #score __SENDERBASE 0.0 #score SB_NEW_BULK 0.0 #score SB_NSP_VOLUME_SPIKE 0.0 #core RCVD_IN_RSL 0.0 score RCVD_IN_MAPS_RBL 0.0 score RCVD_IN_MAPS_DUL 0.0 score RCVD_IN_MAPS_RSS 0.0 score RCVD_IN_SORBS_MISC 0.0 score RCVD_IN_SORBS_SMTP 0.0 score RCVD_IN_SORBS_SOCKS 0.0 score RCVD_IN_SORBS_WEB 0.0 score RCVD_IN_SORBS_BLOCK 0.0 score RCVD_IN_SORBS_ZOMBIE 0.0 score RCVD_IN_SORBS_DUL 0.0 score __RFC_IGNORANT_ENVFROM 0.0 score DNS_FROM_RFC_DSN 0.0 score DNS_FROM_RFC_POST 0.0 score DNS_FROM_RFC_ABUSE 0.0 score DNS_FROM_RFC_WHOIS 0.0 score DNS_FROM_RFC_BOGUSMX 0.0 score RCVD_IN_DSBL 0.0 score DNS_FROM_AHBL_RHSBL 0.0 #score HABEAS_INFRINGER 0.0 #score HABEAS_USER 0.0 score RCVD_IN_BSP_TRUSTED 0.0 score RCVD_IN_BSP_OTHER 0.0 #score __SENDERBASE 0.0 #score SB_NEW_BULK 0.0 #score SB_NSP_VOLUME_SPIKE 0.0 #core RCVD_IN_RSL 0.0 score RCVD_IN_MAPS_RBL 0.0 score RCVD_IN_MAPS_DUL 0.0 score RCVD_IN_MAPS_RSS 0.0 score RCVD_IN_MAPS_NML 0.0 score RCVD_IN_BL_SPAMCOP_NET 4 -----Original Message----- From: Martin Hepworth [mailto:martinh@solid-state-logic.com] Sent: Wednesday, June 07, 2006 2:34 AM To: 'MailScanner discussion' Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? Arthur Correct -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Arthur Sherman > Sent: 07 June 2006 11:14 > To: 'MailScanner discussion' > Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? > > Hi Julian, > > > Personally I would probably advise you to do it in > > SpamAssassin as it > > scores each one very well. > > Then I should set 'Spam List =' to empty in MailScanner.conf, right? > > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Wed Jun 7 16:39:12 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 7 16:39:53 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <010801c68a0e$b89d2740$3004010a@martinhlaptop> References: <00e601c68a12$a25ce840$3701a8c0@lapxp> <010801c68a0e$b89d2740$3004010a@martinhlaptop> Message-ID: Martin Hepworth spake the following on 6/7/2006 1:45 AM: > Arthur > > Best to do it SA, then it adds to the scores. > > I turn most of them off by giving a zero score in my > spam.assassin.prefs.conf, only keeping a couple RBLs to reduce DNS lookup > time and false positives. > > AS Jules says the other network tests (DCC etc) are switchable individually > as these aren't RBLs! > Does setting a zero score actually stop the RBL test, or just ignore the score? I haven't spent enough time on the spamassassin list or in the docs yet to know for sure. I already have nightmares about being buried in man pages! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From martinh at solid-state-logic.com Wed Jun 7 16:43:31 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 7 16:43:43 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: Message-ID: <021201c68a49$20c64bf0$3004010a@martinhlaptop> Johnny Close..in MailScanner.conf.. # This is the list of spam blacklists (RBLs) which you are using. # See the "Spam List Definitions" file for more information about what # you can put here. # This can also be the filename of a ruleset. Spam List = -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Johnny Stork > Sent: 07 June 2006 16:38 > To: mailscanner > Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? > > Sorry of this may have been covered elsewhere. I have been following this > thread and agree with the logic so would like to try the changes, remove > RBL checking from MailScanner and enable in SA. Could someoen pelase list > what I change/comment-out in mailscanner.conf, and what I need to add/edit > in spam.assassing.prefs.conf...there are bits and peices in this thread, > but I want to ensure I have everything. So far I think I have: > > MailScanner.conf: > > Change the following.... > > # This is the list of spam blacklists (RBLs) which you are using. > # See the "Spam List Definitions" file for more information about what > # you can put here. > # This can also be the filename of a ruleset. > Spam List = ORDB-RBL SBL+XBL SPAMHAUS NJABL BLITZED CBL DSBL UCEL1 > > to .... > > # This is the list of spam blacklists (RBLs) which you are using. > # See the "Spam List Definitions" file for more information about what > # you can put here. > # This can also be the filename of a ruleset. > # Spam List = ORDB-RBL SBL+XBL SPAMHAUS NJABL BLITZED CBL DSBL UCEL1 > > spam.assassin.prefs.conf: > > Change the following.... > > #score RCVD_IN_BL_SPAMCOP_NET 4 > # These next 3 will cost you money, see mailscanner.conf. > #score RCVD_IN_RBL 10 > #score RCVD_IN_RSS 1 > #score RCVD_IN_DUL 1 > > to .... > > > #score __RCVD_IN_SBL_XBL 0.0 > score RCVD_IN_SBL 0.0 > score RCVD_IN_XBL 0.0 > score __RCVD_IN_NJABL 0.0 > score RCVD_IN_NJABL_DUL 0.0 > score RCVD_IN_NJABL_MULTI 0.0 > score RCVD_IN_NJABL_PROXY 0.0 > score RCVD_IN_NJABL_RELAY 0.0 > score RCVD_IN_NJABL_SPAM 0.0 > score RCVD_IN_NJABL_CGI 0.0 > #score __RCVD_IN_SORBS 0.0 > score RCVD_IN_SORBS_HTTP 0.0 > score RCVD_IN_SORBS_MISC 0.0 > score RCVD_IN_SORBS_SMTP 0.0 > score RCVD_IN_SORBS_SOCKS 0.0 > score RCVD_IN_SORBS_WEB 0.0 > score RCVD_IN_SORBS_BLOCK 0.0 > score RCVD_IN_SORBS_ZOMBIE 0.0 > score RCVD_IN_SORBS_DUL 0.0 > score __RFC_IGNORANT_ENVFROM 0.0 > score DNS_FROM_RFC_DSN 0.0 > score DNS_FROM_RFC_POST 0.0 > score DNS_FROM_RFC_ABUSE 0.0 > score DNS_FROM_RFC_WHOIS 0.0 > score DNS_FROM_RFC_BOGUSMX 0.0 > score RCVD_IN_DSBL 0.0 > score DNS_FROM_AHBL_RHSBL 0.0 > #score HABEAS_INFRINGER 0.0 > #score HABEAS_USER 0.0 > score RCVD_IN_BSP_TRUSTED 0.0 > score RCVD_IN_BSP_OTHER 0.0 > #score __SENDERBASE 0.0 > #score SB_NEW_BULK 0.0 > #score SB_NSP_VOLUME_SPIKE 0.0 > #core RCVD_IN_RSL 0.0 > score RCVD_IN_MAPS_RBL 0.0 > score RCVD_IN_MAPS_DUL 0.0 > score RCVD_IN_MAPS_RSS 0.0 > score RCVD_IN_SORBS_MISC 0.0 > score RCVD_IN_SORBS_SMTP 0.0 > score RCVD_IN_SORBS_SOCKS 0.0 > score RCVD_IN_SORBS_WEB 0.0 > score RCVD_IN_SORBS_BLOCK 0.0 > score RCVD_IN_SORBS_ZOMBIE 0.0 > score RCVD_IN_SORBS_DUL 0.0 > score __RFC_IGNORANT_ENVFROM 0.0 > score DNS_FROM_RFC_DSN 0.0 > score DNS_FROM_RFC_POST 0.0 > score DNS_FROM_RFC_ABUSE 0.0 > score DNS_FROM_RFC_WHOIS 0.0 > score DNS_FROM_RFC_BOGUSMX 0.0 > score RCVD_IN_DSBL 0.0 > score DNS_FROM_AHBL_RHSBL 0.0 > #score HABEAS_INFRINGER 0.0 > #score HABEAS_USER 0.0 > score RCVD_IN_BSP_TRUSTED 0.0 > score RCVD_IN_BSP_OTHER 0.0 > #score __SENDERBASE 0.0 > #score SB_NEW_BULK 0.0 > #score SB_NSP_VOLUME_SPIKE 0.0 > #core RCVD_IN_RSL 0.0 > score RCVD_IN_MAPS_RBL 0.0 > score RCVD_IN_MAPS_DUL 0.0 > score RCVD_IN_MAPS_RSS 0.0 > score RCVD_IN_MAPS_NML 0.0 > score RCVD_IN_BL_SPAMCOP_NET 4 > > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Wed Jun 7 16:50:17 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 7 16:50:29 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: Message-ID: <021301c68a4a$130a1a40$3004010a@martinhlaptop> Scott Is actually disables the rule (ie doesn't run it). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Scott Silva > Sent: 07 June 2006 16:39 > To: mailscanner@lists.mailscanner.info > Subject: Re: Who does RBL checks - MailScanner or SpamAssassin? > > Martin Hepworth spake the following on 6/7/2006 1:45 AM: > > Arthur > > > > Best to do it SA, then it adds to the scores. > > > > I turn most of them off by giving a zero score in my > > spam.assassin.prefs.conf, only keeping a couple RBLs to reduce DNS > lookup > > time and false positives. > > > > AS Jules says the other network tests (DCC etc) are switchable > individually > > as these aren't RBLs! > > > Does setting a zero score actually stop the RBL test, or just ignore the > score? I haven't spent enough time on the spamassassin list or in the docs > yet > to know for sure. I already have nightmares about being buried in man > pages! > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From dhawal at netmagicsolutions.com Wed Jun 7 16:51:24 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Jun 7 16:51:36 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: <00e601c68a12$a25ce840$3701a8c0@lapxp> <010801c68a0e$b89d2740$3004010a@martinhlaptop> Message-ID: <4486F5FC.8080502@netmagicsolutions.com> Scott Silva wrote: > Martin Hepworth spake the following on 6/7/2006 1:45 AM: >> Arthur >> >> Best to do it SA, then it adds to the scores. >> >> I turn most of them off by giving a zero score in my >> spam.assassin.prefs.conf, only keeping a couple RBLs to reduce DNS lookup >> time and false positives. >> >> AS Jules says the other network tests (DCC etc) are switchable individually >> as these aren't RBLs! >> > Does setting a zero score actually stop the RBL test, or just ignore the > score? I haven't spent enough time on the spamassassin list or in the docs yet > to know for sure. I already have nightmares about being buried in man pages! A score of '0' will disable the rule.. there is also some place in the man pages a way to use rules for testing without affecting the final score (add 0.01 IIRC).. something like T_RULENAME.. Any rule starting with a __ is a meta and doesn't require a score. - dhawal From t.d.lee at durham.ac.uk Wed Jun 7 16:52:24 2006 From: t.d.lee at durham.ac.uk (David Lee) Date: Wed Jun 7 16:53:11 2006 Subject: lock type Message-ID: Just done a fresh installation of Fedora Core 5, and installed MS (4.54.6) onto it. FC5 includes sendmail version 8.13.6 . I'm leaving the MailScanner.conf 'Lock Type' blank. (Correct?) The comment there says: # How to lock spool files. # Don't set this unless you *know* you need to. # For sendmail, it defaults to "posix". # For sendmail 8.12 and older, you will probably need to change it to flock, # particularly on Linux systems. # For Exim, it defaults to "posix". # No other type is implemented. Lock Type = so I would expect it to use "posix". (Correct?) But watching /var/log/maillog I see: ... MailScanner[10490]: Using locktype = flock Am I misunderstanding something, or is something, somewhere not defaulting correctly? [[[ Background: >From my years of using MS, I'm aware that the issue of "Lock Type" comes up on this list from time to time, but what I've encountered seems peculiar. 1. This machine is just about to enter service as a main SMTP submission host that will be very busy, so we need to have the correct setting. 2. A very similar machine is being tested with Mailman and we've seen some peculiar things happening when it used an MS.conf containing an explicit 'Lock Type = posix' (its MS.conf had been rather too blindly copied from an earlier machine). ]]] -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : Durham University : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From dhawal at netmagicsolutions.com Wed Jun 7 16:53:01 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Jun 7 16:53:16 2006 Subject: virus checker failed with real error In-Reply-To: <4486D76E.109@students.iiit.ac.in> References: <4486D76E.109@students.iiit.ac.in> Message-ID: <4486F65D.2090006@netmagicsolutions.com> Nirnimesh wrote: > I'm using MailScanner-4.54.6-1 with clamav-0.88.2. When the virus checks > is enabled, I get the following error in the maillog. > > MailScanner[2895]: Commercial virus checker failed with real error: > syslog: expecting argument $format at > /usr/lib/MailScanner/MailScanner/Log.pm line 143 > > > Please Help What does running in debug mode tell you? Try 'MailScanner --debug' for more details. - dhawal From dhawal at netmagicsolutions.com Wed Jun 7 16:57:25 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Jun 7 16:57:31 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: Message-ID: <4486F765.7010401@netmagicsolutions.com> Johnny Stork wrote: > Sorry of this may have been covered elsewhere. I have been following this thread and agree with the logic so would like to try the changes, remove RBL checking from MailScanner and enable in SA. Could someoen pelase list what I change/comment-out in mailscanner.conf, and what I need to add/edit in spam.assassing.prefs.conf...there are bits and peices in this thread, but I want to ensure I have everything. So far I think I have: {snip} > #score RCVD_IN_RSS 1 This was removed from SA some versions back, IIRC.. You do not need to change the default score (unless you know what you are doing). Also i wouldn't advise scoring a '0' for most RBL rules since they scan more than the last received IP/HOP (unlike RBLs which will only check the last received IP.. read the man pages for more details). - dhawal > #score __RCVD_IN_SBL_XBL 0.0 > score RCVD_IN_SBL 0.0 > score RCVD_IN_XBL 0.0 > score __RCVD_IN_NJABL 0.0 > score RCVD_IN_NJABL_DUL 0.0 > score RCVD_IN_NJABL_MULTI 0.0 > score RCVD_IN_NJABL_PROXY 0.0 > score RCVD_IN_NJABL_RELAY 0.0 > score RCVD_IN_NJABL_SPAM 0.0 > score RCVD_IN_NJABL_CGI 0.0 > #score __RCVD_IN_SORBS 0.0 > score RCVD_IN_SORBS_HTTP 0.0 > score RCVD_IN_SORBS_MISC 0.0 > score RCVD_IN_SORBS_SMTP 0.0 > score RCVD_IN_SORBS_SOCKS 0.0 > score RCVD_IN_SORBS_WEB 0.0 > score RCVD_IN_SORBS_BLOCK 0.0 > score RCVD_IN_SORBS_ZOMBIE 0.0 > score RCVD_IN_SORBS_DUL 0.0 > score __RFC_IGNORANT_ENVFROM 0.0 > score DNS_FROM_RFC_DSN 0.0 > score DNS_FROM_RFC_POST 0.0 > score DNS_FROM_RFC_ABUSE 0.0 > score DNS_FROM_RFC_WHOIS 0.0 > score DNS_FROM_RFC_BOGUSMX 0.0 > score RCVD_IN_DSBL 0.0 > score DNS_FROM_AHBL_RHSBL 0.0 > #score HABEAS_INFRINGER 0.0 > #score HABEAS_USER 0.0 > score RCVD_IN_BSP_TRUSTED 0.0 > score RCVD_IN_BSP_OTHER 0.0 > #score __SENDERBASE 0.0 > #score SB_NEW_BULK 0.0 > #score SB_NSP_VOLUME_SPIKE 0.0 > #core RCVD_IN_RSL 0.0 > score RCVD_IN_MAPS_RBL 0.0 > score RCVD_IN_MAPS_DUL 0.0 > score RCVD_IN_MAPS_RSS 0.0 > score RCVD_IN_SORBS_MISC 0.0 > score RCVD_IN_SORBS_SMTP 0.0 > score RCVD_IN_SORBS_SOCKS 0.0 > score RCVD_IN_SORBS_WEB 0.0 > score RCVD_IN_SORBS_BLOCK 0.0 > score RCVD_IN_SORBS_ZOMBIE 0.0 > score RCVD_IN_SORBS_DUL 0.0 > score __RFC_IGNORANT_ENVFROM 0.0 > score DNS_FROM_RFC_DSN 0.0 > score DNS_FROM_RFC_POST 0.0 > score DNS_FROM_RFC_ABUSE 0.0 > score DNS_FROM_RFC_WHOIS 0.0 > score DNS_FROM_RFC_BOGUSMX 0.0 > score RCVD_IN_DSBL 0.0 > score DNS_FROM_AHBL_RHSBL 0.0 > #score HABEAS_INFRINGER 0.0 > #score HABEAS_USER 0.0 > score RCVD_IN_BSP_TRUSTED 0.0 > score RCVD_IN_BSP_OTHER 0.0 > #score __SENDERBASE 0.0 > #score SB_NEW_BULK 0.0 > #score SB_NSP_VOLUME_SPIKE 0.0 > #core RCVD_IN_RSL 0.0 > score RCVD_IN_MAPS_RBL 0.0 > score RCVD_IN_MAPS_DUL 0.0 > score RCVD_IN_MAPS_RSS 0.0 > score RCVD_IN_MAPS_NML 0.0 > score RCVD_IN_BL_SPAMCOP_NET 4 From KGoods at AIAInsurance.com Wed Jun 7 17:00:34 2006 From: KGoods at AIAInsurance.com (Ken Goods) Date: Wed Jun 7 17:05:56 2006 Subject: lock type Message-ID: <13C0059880FDD3118DC600508B6D4A6D013D89F0@aiainsurance.com> David Lee wrote: > Just done a fresh installation of Fedora Core 5, and installed MS > (4.54.6) onto it. FC5 includes sendmail version 8.13.6 . > > I'm leaving the MailScanner.conf 'Lock Type' blank. (Correct?) The > comment there says: > # How to lock spool files. > # Don't set this unless you *know* you need to. > # For sendmail, it defaults to "posix". > # For sendmail 8.12 and older, you will probably need to change it > to flock, # particularly on Linux systems. > # For Exim, it defaults to "posix". > # No other type is implemented. > Lock Type = > > so I would expect it to use "posix". (Correct?) > > But watching /var/log/maillog I see: > ... MailScanner[10490]: Using locktype = flock > > Am I misunderstanding something, or is something, somewhere not > defaulting correctly? > > [[[ > Background: > >> From my years of using MS, I'm aware that the issue of "Lock Type" >> comes > up on this list from time to time, but what I've encountered seems > peculiar. > > 1. This machine is just about to enter service as a main SMTP > submission > host that will be very busy, so we need to have the correct setting. > > 2. A very similar machine is being tested with Mailman and we've seen > some peculiar things happening when it used an MS.conf containing an > explicit 'Lock Type = posix' (its MS.conf had been rather too blindly > copied from an earlier machine). > ]]] > Same thing happened to me when I recently built a new box (Centos 4.3). I set mine to posix explicitly and everything seems to be running fine for the last couple months. HTH Ken Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. MIS Dept. 111 Main St. Lewiston, ID 83501 (208)799-9023 http://www.cropusainsurance.com kgoods@aiainsurance.com From maillists at conactive.com Wed Jun 7 17:31:15 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Jun 7 17:31:29 2006 Subject: virus checker failed with real error In-Reply-To: <4486D76E.109@students.iiit.ac.in> References: <4486D76E.109@students.iiit.ac.in> Message-ID: Nirnimesh wrote on Wed, 07 Jun 2006 19:11:02 +0530: > I'm using MailScanner-4.54.6-1 with clamav-0.88.2. When the virus checks > is enabled, I get the following error in the maillog. > > MailScanner[2895]: Commercial virus checker failed with real error: ClamAV is not a "commercial virus checker", there's something wrong in your config or the error is *not* about clamAV. Did you notice that you didn't say *anything* about your system and how you installed MS and the depending software? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Wed Jun 7 17:56:49 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 7 17:57:04 2006 Subject: sendmail In-Reply-To: <625385e30606070453l477c06d3i36db51459cfe26b7@mail.gmail.com> References: <625385e30606070453l477c06d3i36db51459cfe26b7@mail.gmail.com> Message-ID: <44870551.1030208@ecs.soton.ac.uk> Please do at least a simple Google search before posting questions here, we expect you to do some homework first. Start at www.sendmail.org and the O'Reilly sendmail book. shuttlebox wrote: > On 6/7/06, *Prakash* > wrote: > > Can some one please send me the installation and configuration > guide for sendmail for Solaris? > > Some pdfs/books on sendmail. > > > This guy has a lot of good stuff on his site. > > http://www.brandonhutchinson.com > > This link might be what you're looking for: > > http://www.brandonhutchinson.com/Configuring_the_Solaris-supplied_version_of_Sendmail.html > > -- > /peter -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed Jun 7 17:59:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 7 18:00:06 2006 Subject: virus checker failed with real error In-Reply-To: References: <4486D76E.109@students.iiit.ac.in> Message-ID: <4487060B.3090402@ecs.soton.ac.uk> Kai Schaetzl wrote: > Nirnimesh wrote on Wed, 07 Jun 2006 19:11:02 +0530: > > >> I'm using MailScanner-4.54.6-1 with clamav-0.88.2. When the virus checks >> is enabled, I get the following error in the maillog. >> >> MailScanner[2895]: Commercial virus checker failed with real error: >> > > ClamAV is not a "commercial virus checker", there's something wrong in As far as the error messages are confirmed, it is. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed Jun 7 18:06:44 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 7 18:06:54 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: <00e601c68a12$a25ce840$3701a8c0@lapxp> <010801c68a0e$b89d2740$3004010a@martinhlaptop> Message-ID: <448707A4.1000900@ecs.soton.ac.uk> Scott Silva wrote: > Does setting a zero score actually stop the RBL test, or just ignore the > score? > It disables the test. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From michele at blacknight.ie Wed Jun 7 18:50:57 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Wed Jun 7 18:50:59 2006 Subject: Vispan exim support Message-ID: <44871201.7050708@blacknight.ie> Has anyone successfully got Vispan (http://www.while.org.uk/mailstats/) working with exim? Alternatively, does anyone know of a stats package that plays nice with MS and exim? TIA M -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From Kevin_Miller at ci.juneau.ak.us Wed Jun 7 20:02:37 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Jun 7 20:02:42 2006 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available! Message-ID: Julian Field wrote: > Thanks for that. I have just updated the ClamAV + SpamAssassin package > to contain the new 3.1.3 release of SpamAssassin. Quick question: if one has installed ClamAV & SpamAssassin previously by hand, is there any reason not to run your package on top of those installs to bring things up to date? (Assuming stock installs - no funny paths, etc.) And conversely, if we install your package, is there any potential damage by running a future release of either SA or ClamAV by hand on top of it? Thanks... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From maillists at conactive.com Wed Jun 7 20:31:21 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Jun 7 20:31:36 2006 Subject: virus checker failed with real error In-Reply-To: <4487060B.3090402@ecs.soton.ac.uk> References: <4486D76E.109@students.iiit.ac.in> <4487060B.3090402@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Wed, 07 Jun 2006 17:59:55 +0100: > > ClamAV is not a "commercial virus checker", there's something wrong in > As far as the error messages are confirmed, it is. So, that's your standard error message then? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Wed Jun 7 20:34:33 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 7 20:34:48 2006 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available! In-Reply-To: References: Message-ID: <44872A49.103@ecs.soton.ac.uk> Kevin Miller wrote: > Julian Field wrote: > >> Thanks for that. I have just updated the ClamAV + SpamAssassin package >> to contain the new 3.1.3 release of SpamAssassin. >> > > Quick question: if one has installed ClamAV & SpamAssassin previously > by hand, is there any reason not to run your package on top of those > installs to bring things up to date? (Assuming stock installs - no > funny paths, etc.) > My package will install ClamAV under /usr/local, which is where it installs by default from source. So if that is where your ClamAV is installed, just go ahead and install it over the top. If it isn't where it is installed, either delete the RPM (if that's how you installed it) or delete the clamscan, freshclam, clamd files (/usr/bin?) and the libclam files which may be in /usr/lib. Then install my package. > And conversely, if we install your package, is there any potential > damage by running a future release of either SA or ClamAV by hand on top > of it? > Worth trying to delete as much as possible of one installation before trying another, if they are installing into different places. The ClamAV installation in my package is pretty much the same as a manual installation. The SpamAssassin installation in my package is pretty much the same as a CPAN installation.. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From sailer at bnl.gov Wed Jun 7 20:35:05 2006 From: sailer at bnl.gov (Tim Sailer) Date: Wed Jun 7 20:35:32 2006 Subject: Vispan exim support In-Reply-To: <44871201.7050708@blacknight.ie> References: <44871201.7050708@blacknight.ie> Message-ID: <20060607193505.GG4716@bnl.gov> On Wed, Jun 07, 2006 at 06:50:57PM +0100, Michele Neylon :: Blacknight.ie wrote: > Has anyone successfully got Vispan (http://www.while.org.uk/mailstats/) > working with exim? I've hacked it a bit to work with Exim. http://www2.buoy.com/vispan message delay and rejected don't currently work, but the rest does. Tim -- Tim Sailer Information and Special Technologies Program Northeast Regional Counterintelligence Office Brookhaven National Laboratory (631) 344-3001 From MailScanner at ecs.soton.ac.uk Wed Jun 7 20:47:09 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 7 20:47:19 2006 Subject: virus checker failed with real error In-Reply-To: References: <4486D76E.109@students.iiit.ac.in> <4487060B.3090402@ecs.soton.ac.uk> Message-ID: <44872D3D.3020005@ecs.soton.ac.uk> Kai Schaetzl wrote: > Julian Field wrote on Wed, 07 Jun 2006 17:59:55 +0100: > >>> ClamAV is not a "commercial virus checker", there's something wrong in >>> >> As far as the error messages are confirmed, it is. >> > So, that's your standard error message then? > Yes, it is. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From kte at nexis.be Wed Jun 7 20:48:26 2006 From: kte at nexis.be (kte@nexis.be) Date: Wed Jun 7 20:51:13 2006 Subject: OS problem Centosx64 on BL25P Message-ID: Jun 2 03:18:40 testserver Losing some ticks... checking if CPU frequency changed. Jun 2 03:18:40 testserver warning: many lost ticks. Jun 2 03:18:40 testserver Your time source seems to be instable or some driver is hogging interupts I have an HP BL25P server with 4 GB ram a dual core AMD processor an CentOS4.3 64 bit installed and I get alot of these messages. I have installed the the PSP 7.51. Anyone any ideas? Thanks Koen -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060607/99e06273/attachment.html From michele at blacknight.ie Wed Jun 7 21:00:05 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Wed Jun 7 21:00:47 2006 Subject: Vispan exim support In-Reply-To: <20060607193505.GG4716@bnl.gov> References: <44871201.7050708@blacknight.ie> <20060607193505.GG4716@bnl.gov> Message-ID: <44873045.10300@blacknight.ie> Tim Sailer wrote: > On Wed, Jun 07, 2006 at 06:50:57PM +0100, Michele Neylon :: Blacknight.ie wrote: >> Has anyone successfully got Vispan (http://www.while.org.uk/mailstats/) >> working with exim? > > I've hacked it a bit to work with Exim. > > http://www2.buoy.com/vispan > > message delay and rejected don't currently work, but the rest does. > > Tim > OOooooh Nice :) I'm primarily interested in the statistics, so if you could share your hacks / changes it would be appreciated M -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From shuttlebox at gmail.com Wed Jun 7 21:12:24 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Jun 7 21:12:27 2006 Subject: Vispan exim support In-Reply-To: <20060607193505.GG4716@bnl.gov> References: <44871201.7050708@blacknight.ie> <20060607193505.GG4716@bnl.gov> Message-ID: <625385e30606071312v196679c7i20e8cd8277e70447@mail.gmail.com> On 6/7/06, Tim Sailer wrote: > On Wed, Jun 07, 2006 at 06:50:57PM +0100, Michele Neylon :: Blacknight.ie wrote: > > Has anyone successfully got Vispan (http://www.while.org.uk/mailstats/) > > working with exim? > > I've hacked it a bit to work with Exim. > > http://www2.buoy.com/vispan > > message delay and rejected don't currently work, but the rest does. Have you sent that to David? I'm sure he would like to incorporate it into Vispan. -- /peter From sailer at bnl.gov Wed Jun 7 21:19:22 2006 From: sailer at bnl.gov (Tim Sailer) Date: Wed Jun 7 21:19:55 2006 Subject: Vispan exim support In-Reply-To: <44873045.10300@blacknight.ie> References: <44871201.7050708@blacknight.ie> <20060607193505.GG4716@bnl.gov> <44873045.10300@blacknight.ie> Message-ID: <20060607201922.GN4716@bnl.gov> On Wed, Jun 07, 2006 at 09:00:05PM +0100, Michele Neylon :: Blacknight.ie wrote: > Tim Sailer wrote: > > On Wed, Jun 07, 2006 at 06:50:57PM +0100, Michele Neylon :: Blacknight.ie wrote: > >> Has anyone successfully got Vispan (http://www.while.org.uk/mailstats/) > >> working with exim? > > > > I've hacked it a bit to work with Exim. > > > > http://www2.buoy.com/vispan > > > > message delay and rejected don't currently work, but the rest does. > > > > Tim > > > OOooooh Nice :) > > I'm primarily interested in the statistics, so if you could share your > hacks / changes it would be appreciated It's been a real long while since I touched it. Let me see if I can get the changes out into diffs. If not, I'll just bundle up what I have and make it availble for disection. Tim -- Tim Sailer Information and Special Technologies Program Northeast Regional Counterintelligence Office Brookhaven National Laboratory (631) 344-3001 From sailer at bnl.gov Wed Jun 7 21:46:07 2006 From: sailer at bnl.gov (Tim Sailer) Date: Wed Jun 7 21:46:36 2006 Subject: Vispan exim support In-Reply-To: <625385e30606071312v196679c7i20e8cd8277e70447@mail.gmail.com> References: <44871201.7050708@blacknight.ie> <20060607193505.GG4716@bnl.gov> <625385e30606071312v196679c7i20e8cd8277e70447@mail.gmail.com> Message-ID: <20060607204607.GA7216@bnl.gov> On Wed, Jun 07, 2006 at 10:12:24PM +0200, shuttlebox wrote: > On 6/7/06, Tim Sailer wrote: > >On Wed, Jun 07, 2006 at 06:50:57PM +0100, Michele Neylon :: Blacknight.ie > >wrote: > >> Has anyone successfully got Vispan (http://www.while.org.uk/mailstats/) > >> working with exim? > > > >I've hacked it a bit to work with Exim. > > > >http://www2.buoy.com/vispan > > > >message delay and rejected don't currently work, but the rest does. > > Have you sent that to David? I'm sure he would like to incorporate it > into Vispan. Nope, but I just offered it. I didn't think it was under active development anymore. I'll have to see if I can get it working with the new code. Tim -- Tim Sailer Information and Special Technologies Program Northeast Regional Counterintelligence Office Brookhaven National Laboratory (631) 344-3001 From michele at blacknight.ie Wed Jun 7 22:29:39 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Wed Jun 7 22:29:41 2006 Subject: Vispan exim support In-Reply-To: <20060607201922.GN4716@bnl.gov> References: <44871201.7050708@blacknight.ie> <20060607193505.GG4716@bnl.gov> <44873045.10300@blacknight.ie> <20060607201922.GN4716@bnl.gov> Message-ID: <44874543.3060703@blacknight.ie> Tim Sailer wrote: > It's been a real long while since I touched it. Let me see if I can > get the changes out into diffs. If not, I'll just bundle up what I have > and make it availble for disection. > > Tim > Cool :) -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From michele at blacknight.ie Wed Jun 7 22:30:22 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Wed Jun 7 22:30:40 2006 Subject: Vispan exim support In-Reply-To: <20060607204607.GA7216@bnl.gov> References: <44871201.7050708@blacknight.ie> <20060607193505.GG4716@bnl.gov> <625385e30606071312v196679c7i20e8cd8277e70447@mail.gmail.com> <20060607204607.GA7216@bnl.gov> Message-ID: <4487456E.70809@blacknight.ie> Tim Sailer wrote: n. > > Nope, but I just offered it. I didn't think it was under active > development anymore. I'll have to see if I can get it working with the > new code. Looks like there was a new release this week... -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From wintermutecx at gmail.com Wed Jun 7 22:55:40 2006 From: wintermutecx at gmail.com (Dave) Date: Wed Jun 7 22:55:43 2006 Subject: recover user mail In-Reply-To: References: Message-ID: Thanks, that worked :) From michele at blacknight.ie Wed Jun 7 23:48:18 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Wed Jun 7 23:48:19 2006 Subject: phish bypassing MS Message-ID: <448757B2.70105@blacknight.ie> A "nice" Barclays phish got through this evening. Possibly due to the structure of the link: Resolves to Korea, so I can't see much point in contacting them about it... (I did contact Barclays who unlike some banks actually have a mechanism for reporting phishing) M -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From maillists at conactive.com Thu Jun 8 01:31:14 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jun 8 01:31:30 2006 Subject: OS problem Centosx64 on BL25P In-Reply-To: References: Message-ID: wrote on Wed, 7 Jun 2006 21:48:26 +0200: > Anyone any ideas? Are you sure you got the right list? It's got not even remotely to do with mail. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From sailer at bnl.gov Thu Jun 8 03:37:51 2006 From: sailer at bnl.gov (Tim Sailer) Date: Thu Jun 8 03:38:22 2006 Subject: Vispan exim support In-Reply-To: <44873045.10300@blacknight.ie> References: <44871201.7050708@blacknight.ie> <20060607193505.GG4716@bnl.gov> <44873045.10300@blacknight.ie> Message-ID: <20060608023751.GA22945@bnl.gov> On Wed, Jun 07, 2006 at 09:00:05PM +0100, Michele Neylon :: Blacknight.ie wrote: > Tim Sailer wrote: > > On Wed, Jun 07, 2006 at 06:50:57PM +0100, Michele Neylon :: Blacknight.ie wrote: > >> Has anyone successfully got Vispan (http://www.while.org.uk/mailstats/) > >> working with exim? > > > > I've hacked it a bit to work with Exim. > > > > http://www2.buoy.com/vispan > > > > message delay and rejected don't currently work, but the rest does. > > > > Tim > > > OOooooh Nice :) > > I'm primarily interested in the statistics, so if you could share your > hacks / changes it would be appreciated quickly looking at the code, I created Exim.pm, made changes to Vispan.conf, added the module to /usr/local/bin/Vispan http://www.buoy.com/~tps/vispan-2.0.2-tps.tar.gz is the tarball from 'locate Vispan' Tim -- Tim Sailer Information and Special Technologies Program Northeast Regional Counterintelligence Office Brookhaven National Laboratory (631) 344-3001 From nauman at worldcall.net.pk Thu Jun 8 06:59:13 2006 From: nauman at worldcall.net.pk (Muhammad Nauman) Date: Thu Jun 8 06:59:17 2006 Subject: Mailscanner stopped, sendmail running... References: <014501c68a12$171563c0$3004010a@martinhlaptop> Message-ID: <01c601c68ac0$ab4c5c20$23c051cb@noc> my systems TOP states : top - 10:49:49 up 15:30, 4 users, load average: 1.97, 2.28, 2.89 Tasks: 163 total, 3 running, 159 sleeping, 0 stopped, 1 zombie Cpu(s): 12.4% us, 5.2% sy, 0.0% ni, 73.9% id, 8.2% wa, 0.0% hi, 0.3% si Mem: 2074908k total, 1978684k used, 96224k free, 142460k buffers Swap: 2096472k total, 176k used, 2096296k free, 1159100k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 21894 root 16 0 59844 54m 3444 R 6.5 2.7 0:00.20 MailScanner 16415 root 15 0 60348 54m 3428 S 0.7 2.7 2:34.72 MailScanner 15394 root 16 0 57872 52m 3428 S 0.3 2.6 2:27.27 MailScanner Its almost utilizing the complete MEM and there are some MailScanners process which are even 2:34 min LONG . [root@machine]# less /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 15 model : 4 model name : Intel(R) Pentium(R) 4 CPU 3.00GHz stepping : 1 cpu MHz : 2994.204 cache size : 1024 KB How much RAM should i use for ramdisk (tmpfs) - can i work without it ? i m currently having 7 child processes of MailScanner .in its conf file > Have you read the documentation on tuning? > > http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips > > use of memory isn't a problem (*nix will use spare memory as filesystem > cache so when all the memory's used its not a bad sign). What is a bad > sign > is high levels of swapping. > > 80k messages isn't high. >> >> >> Don't know, but remember that childs can sit there *very* >> >> long. (hours) >> > Arthur Sherman Thanks and regards, M.Nauman Habib Network Engineer ICT Department WorldCALL Multimedia Pvt Ltd 16-S Gulberg II Lahore, Pakistan Off: 92 (42) 5877051-55 Cell : 0321-4311830 From MailScanner at ecs.soton.ac.uk Thu Jun 8 08:29:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 8 08:30:15 2006 Subject: phish bypassing MS In-Reply-To: <448757B2.70105@blacknight.ie> References: <448757B2.70105@blacknight.ie> Message-ID: <9642E40B-C91A-4FC7-8D06-313E9C901BCC@ecs.soton.ac.uk> It was an image, not text. I can't trap those, sorry. Doing so would require OCR. On 7 Jun 2006, at 23:48, Michele Neylon :: Blacknight.ie wrote: > A "nice" Barclays phish got through this evening. Possibly due to the > structure of the link: > > > www.barclays.com.brc1.jsp.brcontrol.kileof.biz/r1/b= > /> > > > Resolves to Korea, so I can't see much point in contacting them > about it... > > (I did contact Barclays who unlike some banks actually have a > mechanism > for reporting phishing) > > M > -- > Mr Michele Neylon > Blacknight Solutions > Quality Business Hosting & Colocation > http://www.blacknight.ie/ > Tel. 1850 927 280 > Intl. +353 (0) 59 9183072 > Direct Dial: +353 (0)59 9183090 > Fax. +353 (0) 59 9164239 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu Jun 8 08:32:41 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 8 08:33:04 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <01c601c68ac0$ab4c5c20$23c051cb@noc> References: <014501c68a12$171563c0$3004010a@martinhlaptop> <01c601c68ac0$ab4c5c20$23c051cb@noc> Message-ID: <04B2AE58-3635-4162-9415-2AB8736F428D@ecs.soton.ac.uk> On 8 Jun 2006, at 06:59, Muhammad Nauman wrote: > How much RAM should i use for ramdisk (tmpfs) - can i work without > it ? > i m currently having 7 child processes of MailScanner .in its conf > file Read up about tmpfs, you don't tell it how much memory to use, it takes it out of your virtual memory and so will use the amount it needs. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From res at ausics.net Thu Jun 8 08:56:58 2006 From: res at ausics.net (Res) Date: Thu Jun 8 08:57:04 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <4486A924.5090502@netmagicsolutions.com> References: <014c01c68a17$6242be60$3004010a@martinhlaptop> <4486A924.5090502@netmagicsolutions.com> Message-ID: On Wed, 7 Jun 2006, Dhawal Doshy wrote: >> >> Ever tried running S.A on servers that do serious work, and want your mail >> out of the queue and delivered the same week ? :) >> (I do run SA on the machines that can handle it though, but thats like 2 >> out of many) > > Most of us run servers that pretty much do serious work ;-).. to each his/her > way. You can use RBLs at: > > SpamAssassin: Best way to use RBLs as per my POV.. the bad part being that > mails originating from ROKSO (spamhaus) are accepted and then tagged. I'd like to know how your customers get mail so fast, at a constant rate avg of 500 messages per minute, SA can not hope to keep up, after 5 mins the queue was at about 1900 *to be* processed, where MailScanner with anti virus and content checking and all that stuff on it usually keeps up fine anbd people get mail seconds later, SA was tunned to best performance by recommendations, and otehr recommendations that it should be used on high end networks (i know why) if I left that wretched load of crap on, my customers would get mail a week later and some probably months later and id be replaced pretty quickly :) But like I said, on some of our smaller more dedicated mail servers we do use it, because on those that do 50 msgs a minute SA can keep up. -- Cheers Res From res at ausics.net Thu Jun 8 08:59:12 2006 From: res at ausics.net (Res) Date: Thu Jun 8 08:59:18 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <01ab01c68a39$f8d67110$3004010a@martinhlaptop> References: <01ab01c68a39$f8d67110$3004010a@martinhlaptop> Message-ID: On Wed, 7 Jun 2006, Martin Hepworth wrote: > Res > > Nope - my SA/MS machine is a gateway machine and dedicated to the task - if > that machine gets compromised (hey its connected to the internet) I don't > loose anything else. your lucky :) But if you use raid 5 or 10 you shouldnt (you would be unlucky to) lose much if anything > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Res >> Sent: 07 June 2006 10:56 >> To: MailScanner discussion >> Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? >> >> Hi Martin, >> >> On Wed, 7 Jun 2006, Martin Hepworth wrote: >> >>> Res >>> >>> Yes that's another option, but I find this type of blacklist give too >> many >>> false positives. I prefer to get SA to do it, and merely add to the spam >>> score. >> >> Ever tried running S.A on servers that do serious work, and want your mail >> out of the queue and delivered the same week ? :) >> (I do run SA on the machines that can handle it though, but thats like 2 >> out of many) >> >> I use SORBS, spamhaus and spamcop, I trust them pretty much, SORBS can be >> an issue with hotmail at times, when it gets to level 2 complaint level we >> remove SORBS until its cleared up. I rather not waste any more resources >> on privacy invading dweebs than I have to, hence why I prefere MTA. >> >>> >> >> -- >> Cheers >> Res >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- Cheers Res From martinh at solid-state-logic.com Thu Jun 8 09:00:00 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jun 8 09:00:07 2006 Subject: Vispan exim support In-Reply-To: <20060607201922.GN4716@bnl.gov> Message-ID: <00a701c68ad1$8a6b17b0$3004010a@martinhlaptop> Tim I'll double Michele's "oooooo nice.." Couple of things I note- according to the config page youre still running SA 3.0.3. There's a nasty DOS vulnerability in that, may I suggest you upgrade to 3.0.6 (if not 3.1.3). Also as you're quite being in MS versions as well you may find 4.54 is quite a lot faster than your 4.41 version. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Tim Sailer > Sent: 07 June 2006 21:19 > To: MailScanner discussion > Subject: Re: Vispan exim support > > On Wed, Jun 07, 2006 at 09:00:05PM +0100, Michele Neylon :: Blacknight.ie > wrote: > > Tim Sailer wrote: > > > On Wed, Jun 07, 2006 at 06:50:57PM +0100, Michele Neylon :: > Blacknight.ie wrote: > > >> Has anyone successfully got Vispan > (http://www.while.org.uk/mailstats/) > > >> working with exim? > > > > > > I've hacked it a bit to work with Exim. > > > > > > http://www2.buoy.com/vispan > > > > > > message delay and rejected don't currently work, but the rest does. > > > > > > Tim > > > > > OOooooh Nice :) > > > > I'm primarily interested in the statistics, so if you could share your > > hacks / changes it would be appreciated > > It's been a real long while since I touched it. Let me see if I can > get the changes out into diffs. If not, I'll just bundle up what I have > and make it availble for disection. > > Tim > > -- > Tim Sailer > Information and Special Technologies Program > Northeast Regional Counterintelligence Office > Brookhaven National Laboratory (631) 344-3001 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From res at ausics.net Thu Jun 8 09:03:36 2006 From: res at ausics.net (Res) Date: Thu Jun 8 09:03:41 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: <00e601c68a12$a25ce840$3701a8c0@lapxp> Message-ID: On Wed, 7 Jun 2006, Logan Shaw wrote: > On Wed, 7 Jun 2006, Res wrote: >> On Wed, 7 Jun 2006, Arthur Sherman wrote: > >>> Who should do RBL checks: MailScanner or SpamAssassin? > >> Neither, the MTA should do it. > > That depends on your policy on what you do with spam. Do you > tag it, or do you delete it? At my site, we have basically > a no-delete policy; spams are tagged and passed through. > This approach gives the users more work (have to set up a > filter) but more control. I'd rather prevent the known spammers connecting, we also use DUL lists as well, apart from SORBS listing hotmail, Ive never in many many many years had a single problem, most users are glad to be protected (as best we can) from scum. On the smaller use machines where we use MS with SA, we have low scoring of 3 tag, and high scoring of 12 delete it. -- Cheers Res From martinh at solid-state-logic.com Thu Jun 8 09:05:56 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jun 8 09:06:03 2006 Subject: phish bypassing MS In-Reply-To: <9642E40B-C91A-4FC7-8D06-313E9C901BCC@ecs.soton.ac.uk> Message-ID: <00a801c68ad2$5ef249e0$3004010a@martinhlaptop> Michele What URI-RBL's are you using in the SA setup? I think the latest SA (3.1.3) has the URI-black in there as well which I find very usefule. I find that 88_FVGT_uri.cf from http://www.rulesemporium.com/other-rules.htm (and Freds other rules) help a lot on this kind of thing too - assuming the clamav phishing stuff doesn't catch them, which isn't as good as it used to be..) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 08 June 2006 08:30 > To: MailScanner discussion > Subject: Re: phish bypassing MS > > It was an image, not text. I can't trap those, sorry. > Doing so would require OCR. > > On 7 Jun 2006, at 23:48, Michele Neylon :: Blacknight.ie wrote: > > > A "nice" Barclays phish got through this evening. Possibly due to the > > structure of the link: > > > > > > > www.barclays.com.brc1.jsp.brcontrol.kileof.biz/r1/b= > > /> > > > > > > Resolves to Korea, so I can't see much point in contacting them > > about it... > > > > (I did contact Barclays who unlike some banks actually have a > > mechanism > > for reporting phishing) > > > > M > > -- > > Mr Michele Neylon > > Blacknight Solutions > > Quality Business Hosting & Colocation > > http://www.blacknight.ie/ > > Tel. 1850 927 280 > > Intl. +353 (0) 59 9183072 > > Direct Dial: +353 (0)59 9183090 > > Fax. +353 (0) 59 9164239 > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From arturs at netvision.net.il Thu Jun 8 10:07:27 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Thu Jun 8 09:09:11 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <014501c68a12$171563c0$3004010a@martinhlaptop> Message-ID: <003e01c68ada$f71cc800$3701a8c0@lapxp> > Have you read the documentation on tuning? > > http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips Most links to instructions are broken... Best, -- Arthur Sherman +972-52-4878851 CPTeam From martinh at solid-state-logic.com Thu Jun 8 09:25:58 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jun 8 09:26:06 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: Message-ID: <00b201c68ad5$2b948a60$3004010a@martinhlaptop> Res Wow 43 Million messages a day.. I think the most any has had is about 2 million messages out of a single machine (dunno if anyone has done any laod tests with the recent faster code). I think the best way to handle this would be to handle some sort of cluster with a mysql based bayes engine and using DNS to load balance. Also I dunno if anyone's tested the new spam cache code using shared (NFS) files for this or they would recommend keeping one per local system. Maybe one of the Steves or Jules can comment on clusters better.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Res > Sent: 08 June 2006 08:57 > To: MailScanner discussion > Subject: Re: Who does RBL checks - MailScanner or SpamAssassin? > > On Wed, 7 Jun 2006, Dhawal Doshy wrote: > >> > >> Ever tried running S.A on servers that do serious work, and want your > mail > >> out of the queue and delivered the same week ? :) > >> (I do run SA on the machines that can handle it though, but thats like > 2 > >> out of many) > > > > Most of us run servers that pretty much do serious work ;-).. to each > his/her > > way. You can use RBLs at: > > > > SpamAssassin: Best way to use RBLs as per my POV.. the bad part being > that > > mails originating from ROKSO (spamhaus) are accepted and then tagged. > > > I'd like to know how your customers get mail so fast, at a constant rate > avg of 500 messages per minute, SA can not hope to keep up, after 5 mins > the queue was at about 1900 *to be* processed, where MailScanner with anti > virus and content checking and all that stuff on it usually keeps up > fine anbd people get mail seconds later, SA was tunned to best > performance by recommendations, and otehr recommendations that it should > be used on high end networks (i know why) if I left that wretched load of > crap on, my customers would get mail a week later and some probably months > later and id be > replaced pretty quickly :) > > But like I said, on some of our smaller more dedicated mail servers we do > use it, because on those that do 50 msgs a minute SA can keep up. > > -- > Cheers > Res > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Thu Jun 8 09:28:03 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jun 8 09:28:11 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: Message-ID: <00b301c68ad5$75ce9da0$3004010a@martinhlaptop> Res RAID won't help when you're system's compromised and that is used as a jumping station to your other systems.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Res > Sent: 08 June 2006 08:59 > To: MailScanner discussion > Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? > > On Wed, 7 Jun 2006, Martin Hepworth wrote: > > > Res > > > > Nope - my SA/MS machine is a gateway machine and dedicated to the task - > if > > that machine gets compromised (hey its connected to the internet) I > don't > > loose anything else. > > your lucky :) > But if you use raid 5 or 10 you shouldnt (you would be unlucky to) lose > much if anything > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Res > >> Sent: 07 June 2006 10:56 > >> To: MailScanner discussion > >> Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? > >> > >> Hi Martin, > >> > >> On Wed, 7 Jun 2006, Martin Hepworth wrote: > >> > >>> Res > >>> > >>> Yes that's another option, but I find this type of blacklist give too > >> many > >>> false positives. I prefer to get SA to do it, and merely add to the > spam > >>> score. > >> > >> Ever tried running S.A on servers that do serious work, and want your > mail > >> out of the queue and delivered the same week ? :) > >> (I do run SA on the machines that can handle it though, but thats like > 2 > >> out of many) > >> > >> I use SORBS, spamhaus and spamcop, I trust them pretty much, SORBS can > be > >> an issue with hotmail at times, when it gets to level 2 complaint level > we > >> remove SORBS until its cleared up. I rather not waste any more > resources > >> on privacy invading dweebs than I have to, hence why I prefere MTA. > >> > >>> > >> > >> -- > >> Cheers > >> Res > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > > > -- > Cheers > Res > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Thu Jun 8 09:29:03 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jun 8 09:29:12 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: Message-ID: <00b401c68ad5$99a28570$3004010a@martinhlaptop> Res Hmm I use 5 as low scoring and 10 as delete....get very few 5-10 false positives... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Res > Sent: 08 June 2006 09:04 > To: MailScanner discussion > Subject: Re: Who does RBL checks - MailScanner or SpamAssassin? > > On Wed, 7 Jun 2006, Logan Shaw wrote: > > > On Wed, 7 Jun 2006, Res wrote: > >> On Wed, 7 Jun 2006, Arthur Sherman wrote: > > > >>> Who should do RBL checks: MailScanner or SpamAssassin? > > > >> Neither, the MTA should do it. > > > > That depends on your policy on what you do with spam. Do you > > tag it, or do you delete it? At my site, we have basically > > a no-delete policy; spams are tagged and passed through. > > This approach gives the users more work (have to set up a > > filter) but more control. > > > I'd rather prevent the known spammers connecting, we also use DUL lists as > well, apart from SORBS listing hotmail, Ive never in many many many years > had a single problem, most users are glad to be protected (as best we can) > from scum. > > On the smaller use machines where we use MS with SA, we have low scoring > of 3 tag, and high scoring of 12 delete it. > > > -- > Cheers > Res > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From febrianto at sioenasia.com Thu Jun 8 09:51:12 2006 From: febrianto at sioenasia.com (Budi Febrianto) Date: Thu Jun 8 09:45:35 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <4486F765.7010401@netmagicsolutions.com> Message-ID: Dumb question: I changed the configuration in MailScanner.conf from Spam List = SBL+XBL # You can un-comment this to enable them To Spam List = # SBL+XBL # You can un-comment this to enable them And in spam.assassin.pref.conf from #score RCVD_IN_BL_SPAMCOP_NET 4 # These next 3 will cost you money, see mailscanner.conf. #score RCVD_IN_RBL 10 #score RCVD_IN_RSS 1 #score RCVD_IN_DUL 1 To score __RCVD_IN_SBL_XBL 4 #score RCVD_IN_BL_SPAMCOP_NET 4 # These next 3 will cost you money, see mailscanner.conf. #score RCVD_IN_RBL 10 #score RCVD_IN_RSS 1 #score RCVD_IN_DUL 1 Do the spamassassin --lint result OK. Then do MailScanner reload. Now, how do I know if the RBL works in SA? Because in the log (I use mailwatch), I don't see any tag in spam report. I can see the pyzor_check score. I use SA 3.1.0 and MailScanner 4.52.2 Thanks mailscanner-bounces@lists.mailscanner.info wrote on 06/07/2006 10:57:25 PM: > Johnny Stork wrote: > > Sorry of this may have been covered elsewhere. I have been > following this thread and agree with the logic so would like to try > the changes, remove RBL checking from MailScanner and enable in SA. > Could someoen pelase list what I change/comment-out in mailscanner. > conf, and what I need to add/edit in spam.assassing.prefs.conf... > there are bits and peices in this thread, but I want to ensure I > have everything. So far I think I have: > > {snip} > > > #score RCVD_IN_RSS 1 > > This was removed from SA some versions back, IIRC.. > > You do not need to change the default score (unless you know what you > are doing). Also i wouldn't advise scoring a '0' for most RBL rules > since they scan more than the last received IP/HOP (unlike RBLs which > will only check the last received IP.. read the man pages for more details). > > - dhawal > > > #score __RCVD_IN_SBL_XBL 0.0 > > score RCVD_IN_SBL 0.0 > > score RCVD_IN_XBL 0.0 > > score __RCVD_IN_NJABL 0.0 > > score RCVD_IN_NJABL_DUL 0.0 > > score RCVD_IN_NJABL_MULTI 0.0 > > score RCVD_IN_NJABL_PROXY 0.0 > > score RCVD_IN_NJABL_RELAY 0.0 > > score RCVD_IN_NJABL_SPAM 0.0 > > score RCVD_IN_NJABL_CGI 0.0 > > #score __RCVD_IN_SORBS 0.0 > > score RCVD_IN_SORBS_HTTP 0.0 > > score RCVD_IN_SORBS_MISC 0.0 > > score RCVD_IN_SORBS_SMTP 0.0 > > score RCVD_IN_SORBS_SOCKS 0.0 > > score RCVD_IN_SORBS_WEB 0.0 > > score RCVD_IN_SORBS_BLOCK 0.0 > > score RCVD_IN_SORBS_ZOMBIE 0.0 > > score RCVD_IN_SORBS_DUL 0.0 > > score __RFC_IGNORANT_ENVFROM 0.0 > > score DNS_FROM_RFC_DSN 0.0 > > score DNS_FROM_RFC_POST 0.0 > > score DNS_FROM_RFC_ABUSE 0.0 > > score DNS_FROM_RFC_WHOIS 0.0 > > score DNS_FROM_RFC_BOGUSMX 0.0 > > score RCVD_IN_DSBL 0.0 > > score DNS_FROM_AHBL_RHSBL 0.0 > > #score HABEAS_INFRINGER 0.0 > > #score HABEAS_USER 0.0 > > score RCVD_IN_BSP_TRUSTED 0.0 > > score RCVD_IN_BSP_OTHER 0.0 > > #score __SENDERBASE 0.0 > > #score SB_NEW_BULK 0.0 > > #score SB_NSP_VOLUME_SPIKE 0.0 > > #core RCVD_IN_RSL 0.0 > > score RCVD_IN_MAPS_RBL 0.0 > > score RCVD_IN_MAPS_DUL 0.0 > > score RCVD_IN_MAPS_RSS 0.0 > > score RCVD_IN_SORBS_MISC 0.0 > > score RCVD_IN_SORBS_SMTP 0.0 > > score RCVD_IN_SORBS_SOCKS 0.0 > > score RCVD_IN_SORBS_WEB 0.0 > > score RCVD_IN_SORBS_BLOCK 0.0 > > score RCVD_IN_SORBS_ZOMBIE 0.0 > > score RCVD_IN_SORBS_DUL 0.0 > > score __RFC_IGNORANT_ENVFROM 0.0 > > score DNS_FROM_RFC_DSN 0.0 > > score DNS_FROM_RFC_POST 0.0 > > score DNS_FROM_RFC_ABUSE 0.0 > > score DNS_FROM_RFC_WHOIS 0.0 > > score DNS_FROM_RFC_BOGUSMX 0.0 > > score RCVD_IN_DSBL 0.0 > > score DNS_FROM_AHBL_RHSBL 0.0 > > #score HABEAS_INFRINGER 0.0 > > #score HABEAS_USER 0.0 > > score RCVD_IN_BSP_TRUSTED 0.0 > > score RCVD_IN_BSP_OTHER 0.0 > > #score __SENDERBASE 0.0 > > #score SB_NEW_BULK 0.0 > > #score SB_NSP_VOLUME_SPIKE 0.0 > > #core RCVD_IN_RSL 0.0 > > score RCVD_IN_MAPS_RBL 0.0 > > score RCVD_IN_MAPS_DUL 0.0 > > score RCVD_IN_MAPS_RSS 0.0 > > score RCVD_IN_MAPS_NML 0.0 > > score RCVD_IN_BL_SPAMCOP_NET 4 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > From arturs at netvision.net.il Thu Jun 8 10:56:52 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Thu Jun 8 09:58:38 2006 Subject: lock type In-Reply-To: Message-ID: <004501c68ae1$de9d18f0$3701a8c0@lapxp> > I'm leaving the MailScanner.conf 'Lock Type' blank. (Correct?) The > comment there says: > # How to lock spool files. > # Don't set this unless you *know* you need to. > # For sendmail, it defaults to "posix". > # For sendmail 8.12 and older, you will probably need to > change it to flock, > # particularly on Linux systems. > # For Exim, it defaults to "posix". > # No other type is implemented. > Lock Type = > > so I would expect it to use "posix". (Correct?) > > But watching /var/log/maillog I see: > ... MailScanner[10490]: Using locktype = flock Just leave it blank. In a case of sendmail flock type will be used. Best, -- Arthur Sherman +972-52-4878851 CPTeam From martinh at solid-state-logic.com Thu Jun 8 09:59:20 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jun 8 09:59:39 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: Message-ID: <00d801c68ad9$d621bf30$3004010a@martinhlaptop> Hi Do a a "spamassassin -D --lint" and see if the tests being called. It could be the DNS module or something isn't installed properly.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Budi Febrianto > Sent: 08 June 2006 09:51 > To: MailScanner discussion > Subject: Re: Who does RBL checks - MailScanner or SpamAssassin? > > > Dumb question: > I changed the configuration in MailScanner.conf > from > Spam List = SBL+XBL # You can un-comment this to enable them > > To > Spam List = # SBL+XBL # You can un-comment this to enable them > > And in spam.assassin.pref.conf > from > #score RCVD_IN_BL_SPAMCOP_NET 4 > # These next 3 will cost you money, see mailscanner.conf. > #score RCVD_IN_RBL 10 > #score RCVD_IN_RSS 1 > #score RCVD_IN_DUL 1 > > To > score __RCVD_IN_SBL_XBL 4 > #score RCVD_IN_BL_SPAMCOP_NET 4 > # These next 3 will cost you money, see mailscanner.conf. > #score RCVD_IN_RBL 10 > #score RCVD_IN_RSS 1 > #score RCVD_IN_DUL 1 > > Do the spamassassin --lint result OK. > Then do MailScanner reload. > Now, how do I know if the RBL works in SA? Because in the log (I use > mailwatch), I don't see any tag in spam report. I can see the pyzor_check > score. > > I use SA 3.1.0 and MailScanner 4.52.2 > > Thanks > > mailscanner-bounces@lists.mailscanner.info wrote on 06/07/2006 10:57:25 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From dhawal at netmagicsolutions.com Thu Jun 8 10:08:25 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Jun 8 10:08:34 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: <014c01c68a17$6242be60$3004010a@martinhlaptop> <4486A924.5090502@netmagicsolutions.com> Message-ID: <4487E909.5030308@netmagicsolutions.com> Res wrote: > On Wed, 7 Jun 2006, Dhawal Doshy wrote: >>> >>> Ever tried running S.A on servers that do serious work, and want your >>> mail out of the queue and delivered the same week ? :) >>> (I do run SA on the machines that can handle it though, but thats >>> like 2 out of many) >> >> Most of us run servers that pretty much do serious work ;-).. to each >> his/her way. You can use RBLs at: >> >> SpamAssassin: Best way to use RBLs as per my POV.. the bad part being >> that mails originating from ROKSO (spamhaus) are accepted and then >> tagged. > > > I'd like to know how your customers get mail so fast, at a constant rate > avg of 500 messages per minute, SA can not hope to keep up, after 5 mins > the queue was at about 1900 *to be* processed, where MailScanner with > anti virus and content checking and all that stuff on it usually keeps > up fine anbd people get mail seconds later, SA was tunned to best > performance by recommendations, and otehr recommendations that it should > be used on high end networks (i know why) if I left that wretched load > of crap on, my customers would get mail a week later and some probably > months later and id be replaced pretty quickly :) > > But like I said, on some of our smaller more dedicated mail servers we > do use it, because on those that do 50 msgs a minute SA can keep up. I do about sustained 12 mails per second for a couple of hours in a day which equals (12*60*60*2 = 86400) and about the twice that throughout the day totaling about 225000 mails per day between 2 servers.. no bad i guess. Both servers are fully loaded MailScanner/Postfix/SA/DCC/Pyzor and add BAYES/MailWatch (on a separate server), 3 antivirus engines and SARE to the list. This is not counting mails rejected at the RBL level. Average mail delivery time is 10-15 seconds to the delivery servers. And i haven't done any advanced tuning (save using TMPFS) on these servers. Of course it helps to have Dual Processors and 3 GB RAM with SCSI Disks (Dell PE1850). I understand people on this list process a lot more mails with a similar setup. - dhawal From t.d.lee at durham.ac.uk Thu Jun 8 10:21:06 2006 From: t.d.lee at durham.ac.uk (David Lee) Date: Thu Jun 8 10:21:37 2006 Subject: lock type In-Reply-To: <004501c68ae1$de9d18f0$3701a8c0@lapxp> References: <004501c68ae1$de9d18f0$3701a8c0@lapxp> Message-ID: On Thu, 8 Jun 2006, Arthur Sherman wrote: > [David Lee had written:] > > I'm leaving the MailScanner.conf 'Lock Type' blank. (Correct?) The > > comment there says: > > # How to lock spool files. > > # Don't set this unless you *know* you need to. > > # For sendmail, it defaults to "posix". > > # For sendmail 8.12 and older, you will probably need to > > change it to flock, > > # particularly on Linux systems. > > # For Exim, it defaults to "posix". > > # No other type is implemented. > > Lock Type = > > > > so I would expect it to use "posix". (Correct?) > > > > But watching /var/log/maillog I see: > > ... MailScanner[10490]: Using locktype = flock > > Just leave it blank. > > In a case of sendmail flock type will be used. But that's incorrect, isn't it? Could you check the reasoning below? o Given: This system is FC5 with sendmail 8.13.6. (MS 4.54.6). o MailScanner.conf has: MTA = sendmail Lock Type = o Therefore, according to the comments, this should result in "posix". o "posix" is, indeed, the desired and expected outcome for this system (isn't it?). o BUT "maillog" is reporting ... MailScanner[26259]: Using locktype = flock The comments say I should end up with "posix". Maillog says I'm getting "flock". So something somewhere (possibly including my understanding!) is incorrect. Help! -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : Durham University : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From glenn.steen at gmail.com Thu Jun 8 10:34:12 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jun 8 10:34:16 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <003e01c68ada$f71cc800$3701a8c0@lapxp> References: <014501c68a12$171563c0$3004010a@martinhlaptop> <003e01c68ada$f71cc800$3701a8c0@lapxp> Message-ID: <223f97700606080234y4843664am633622be35a83100@mail.gmail.com> On 08/06/06, Arthur Sherman wrote: > > Have you read the documentation on tuning? > > > > http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips > > Most links to instructions are broken... > Yep, this is because the old faq-o-matic is gone... Probably went out the window when Jules updated to the new website. Unfortunately not all the relavant info has been moved to the wiki (much because it wasn't that easy to corroborate (to check if some details are correct, some because it contains a few gems and some crud that simply don't apply anymore... etc). Even more unfortunate is that we still have (especially in the MAQ) quite a few references to it. For some we already have equivalent docs in the wiki though (like DCC: http://wiki.mailscanner.info/doku.php?id=&idx=documentation:anti_spam:spamassassin:plugins:dcc), so it moght be just a need for a minor overhaul for these. Jules, Ugo ... we need to adress this. Will see what I can do. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From arturs at netvision.net.il Thu Jun 8 11:33:40 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Thu Jun 8 10:35:31 2006 Subject: lock type In-Reply-To: Message-ID: <005201c68ae7$022e6030$3701a8c0@lapxp> > But that's incorrect, isn't it? Could you check the reasoning below? > > o Given: This system is FC5 with sendmail 8.13.6. (MS 4.54.6). > > o MailScanner.conf has: > MTA = sendmail > Lock Type = > > o Therefore, according to the comments, this should result > in "posix". > > o "posix" is, indeed, the desired and expected outcome for > this system > (isn't it?). > > o BUT "maillog" is reporting > ... MailScanner[26259]: Using locktype = flock > > > The comments say I should end up with "posix". Maillog says > I'm getting > "flock". So something somewhere (possibly including my > understanding!) is > incorrect. As far as I remember, in older versions this was flock... It could be a mistype in conf - however, flock rulez. Best, -- Arthur Sherman +972-52-4878851 CPTeam From glenn.steen at gmail.com Thu Jun 8 10:36:40 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jun 8 10:36:44 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <223f97700606080234y4843664am633622be35a83100@mail.gmail.com> References: <014501c68a12$171563c0$3004010a@martinhlaptop> <003e01c68ada$f71cc800$3701a8c0@lapxp> <223f97700606080234y4843664am633622be35a83100@mail.gmail.com> Message-ID: <223f97700606080236j52469112hfb9df335a9ac7758@mail.gmail.com> On 08/06/06, Glenn Steen wrote: (snip) > ... (to check if some details are correct, some ... Accidental "send" there. That should've read: > ... (to check if some details are correct, one needs to have the system/HW to test on:-) some ... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From febrianto at sioenasia.com Thu Jun 8 11:23:28 2006 From: febrianto at sioenasia.com (Budi Febrianto) Date: Thu Jun 8 11:17:28 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <00d801c68ad9$d621bf30$3004010a@martinhlaptop> Message-ID: Martin, Is there any specifi string that i have to look for? to find out if the rbl works in SA or not? mailscanner-bounces@lists.mailscanner.info wrote on 06/08/2006 03:59:20 PM: > Hi > > Do a a "spamassassin -D --lint" and see if the tests being called. > > It could be the DNS module or something isn't installed properly.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Budi Febrianto > > Sent: 08 June 2006 09:51 > > To: MailScanner discussion > > Subject: Re: Who does RBL checks - MailScanner or SpamAssassin? > > > > > > Dumb question: > > I changed the configuration in MailScanner.conf > > from > > Spam List = SBL+XBL # You can un-comment this to enable them > > > > To > > Spam List = # SBL+XBL # You can un-comment this to enable them > > > > And in spam.assassin.pref.conf > > from > > #score RCVD_IN_BL_SPAMCOP_NET 4 > > # These next 3 will cost you money, see mailscanner.conf. > > #score RCVD_IN_RBL 10 > > #score RCVD_IN_RSS 1 > > #score RCVD_IN_DUL 1 > > > > To > > score __RCVD_IN_SBL_XBL 4 > > #score RCVD_IN_BL_SPAMCOP_NET 4 > > # These next 3 will cost you money, see mailscanner.conf. > > #score RCVD_IN_RBL 10 > > #score RCVD_IN_RSS 1 > > #score RCVD_IN_DUL 1 > > > > Do the spamassassin --lint result OK. > > Then do MailScanner reload. > > Now, how do I know if the RBL works in SA? Because in the log (I use > > mailwatch), I don't see any tag in spam report. I can see the pyzor_check > > score. > > > > I use SA 3.1.0 and MailScanner 4.52.2 > > > > Thanks > > > > mailscanner-bounces@lists.mailscanner.info wrote on 06/07/2006 10:57:25 > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > From glenn.steen at gmail.com Thu Jun 8 11:21:38 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jun 8 11:21:40 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <01c601c68ac0$ab4c5c20$23c051cb@noc> References: <014501c68a12$171563c0$3004010a@martinhlaptop> <01c601c68ac0$ab4c5c20$23c051cb@noc> Message-ID: <223f97700606080321j3b11a3caka0cb92ee9b2afcce@mail.gmail.com> On 08/06/06, Muhammad Nauman wrote: > my systems TOP states : > > top - 10:49:49 up 15:30, 4 users, load average: 1.97, 2.28, 2.89 > Tasks: 163 total, 3 running, 159 sleeping, 0 stopped, 1 zombie > Cpu(s): 12.4% us, 5.2% sy, 0.0% ni, 73.9% id, 8.2% wa, 0.0% hi, 0.3% si > Mem: 2074908k total, 1978684k used, 96224k free, 142460k buffers > Swap: 2096472k total, 176k used, 2096296k free, 1159100k cached > > PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND > 21894 root 16 0 59844 54m 3444 R 6.5 2.7 0:00.20 MailScanner > 16415 root 15 0 60348 54m 3428 S 0.7 2.7 2:34.72 MailScanner > 15394 root 16 0 57872 52m 3428 S 0.3 2.6 2:27.27 MailScanner > > Its almost utilizing the complete MEM and there are some MailScanners > process which are even 2:34 min LONG . Very relative term there ... "almost"...:-). You have approximately 250 MiB available and practiacally no swap activity... Looks pretty well-balanced to me. Load seems reasonable, especially if you run sendmail. The TIME there.... How long ahd the process that took 2:34 been running? Assuming close to 4 hours on a fairly busy server, then using the CPU for well under 3 minutes total isn't much to write home about:-). What I'm saying is that performance measurements without a context and with no "baseline" to compare to, is pretty useless;). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From res at ausics.net Thu Jun 8 11:31:54 2006 From: res at ausics.net (Res) Date: Thu Jun 8 11:32:00 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <00b201c68ad5$2b948a60$3004010a@martinhlaptop> References: <00b201c68ad5$2b948a60$3004010a@martinhlaptop> Message-ID: Hi Martin, On Thu, 8 Jun 2006, Martin Hepworth wrote: > Res > > Wow 43 Million messages a day.. I think the most any has had is about 2 > million messages out of a single machine (dunno if anyone has done any laod > tests with the recent faster code). HUH wtf did you get 43m from? It's about 30k messages an hour, I know I was hopeless at maths but 30000 x 500 !=43000000 ;) > I think the best way to handle this would be to handle some sort of cluster > with a mysql based bayes engine and using DNS to load balance. So you want us to outlay 10's of thousands of dollars for no reason? it handles it nicely now, and the load rarely gets above 3 when its in peak, and all that is probably disk speed, we are fairly happy without SA thanks :) > -- Cheers Res From res at ausics.net Thu Jun 8 11:36:03 2006 From: res at ausics.net (Res) Date: Thu Jun 8 11:36:09 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <00b301c68ad5$75ce9da0$3004010a@martinhlaptop> References: <00b301c68ad5$75ce9da0$3004010a@martinhlaptop> Message-ID: On Thu, 8 Jun 2006, Martin Hepworth wrote: > Res > > RAID won't help when you're system's compromised and that is used as a > jumping station to your other systems.... Whats to compromise, sendmail or qmail, a good network should have its data centers well protectd by ACL's allowing in only what you want and to where you want. Both Sendmail and Qmail are pretty secure these days, but we regulary audit all servers, to think it will 'never' happen to you, is only being nieve and it will probably happen to that kind of person if they dont keep regular tabs on things. Only ever problem we've had is disk die on RAID. > -- Cheers Res From res at ausics.net Thu Jun 8 11:37:54 2006 From: res at ausics.net (Res) Date: Thu Jun 8 11:38:01 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <00b401c68ad5$99a28570$3004010a@martinhlaptop> References: <00b401c68ad5$99a28570$3004010a@martinhlaptop> Message-ID: On Thu, 8 Jun 2006, Martin Hepworth wrote: > Res > > Hmm I use 5 as low scoring and 10 as delete....get very few 5-10 false > positives... On a box that uses SA I'm amazed at the amount of calais and viagra crap that are marked as totaly cleam scoring a bare 0.1 etc... -- Cheers Res From res at ausics.net Thu Jun 8 11:42:30 2006 From: res at ausics.net (Res) Date: Thu Jun 8 11:42:36 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <4487E909.5030308@netmagicsolutions.com> References: <014c01c68a17$6242be60$3004010a@martinhlaptop> <4486A924.5090502@netmagicsolutions.com> <4487E909.5030308@netmagicsolutions.com> Message-ID: On Thu, 8 Jun 2006, Dhawal Doshy wrote: > Average mail delivery time is 10-15 seconds to the delivery servers. And i > haven't done any advanced tuning (save using TMPFS) on these servers. Of > course it helps to have Dual Processors and 3 GB RAM with SCSI Disks (Dell > PE1850). > Yes but you still have not said what your SA tunnings are I wasnt being a smart ass i was being genuine, but no problems I take it the way you meant it and you shall be ignored :) If anyone on this list processing the levels we do and actually is bored enough to say how they tuned SA i'd be interested in reading > > - dhawal > -- Cheers Res From martinh at solid-state-logic.com Thu Jun 8 11:42:42 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jun 8 11:42:50 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: Message-ID: <00f601c68ae8$456572c0$3004010a@martinhlaptop> Budi Should see lines like dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Budi Febrianto > Sent: 08 June 2006 11:23 > To: MailScanner discussion > Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? > > Martin, > > Is there any specifi string that i have to look for? to find out if the > rbl > works in SA or not? > > mailscanner-bounces@lists.mailscanner.info wrote on 06/08/2006 03:59:20 > PM: > > > Hi > > > > Do a a "spamassassin -D --lint" and see if the tests being called. > > > > It could be the DNS module or something isn't installed properly.. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Budi Febrianto > > > Sent: 08 June 2006 09:51 > > > To: MailScanner discussion > > > Subject: Re: Who does RBL checks - MailScanner or SpamAssassin? > > > > > > > > > Dumb question: > > > I changed the configuration in MailScanner.conf > > > from > > > Spam List = SBL+XBL # You can un-comment this to enable them > > > > > > To > > > Spam List = # SBL+XBL # You can un-comment this to enable them > > > > > > And in spam.assassin.pref.conf > > > from > > > #score RCVD_IN_BL_SPAMCOP_NET 4 > > > # These next 3 will cost you money, see mailscanner.conf. > > > #score RCVD_IN_RBL 10 > > > #score RCVD_IN_RSS 1 > > > #score RCVD_IN_DUL 1 > > > > > > To > > > score __RCVD_IN_SBL_XBL 4 > > > #score RCVD_IN_BL_SPAMCOP_NET 4 > > > # These next 3 will cost you money, see mailscanner.conf. > > > #score RCVD_IN_RBL 10 > > > #score RCVD_IN_RSS 1 > > > #score RCVD_IN_DUL 1 > > > > > > Do the spamassassin --lint result OK. > > > Then do MailScanner reload. > > > Now, how do I know if the RBL works in SA? Because in the log (I use > > > mailwatch), I don't see any tag in spam report. I can see the > pyzor_check > > > score. > > > > > > I use SA 3.1.0 and MailScanner 4.52.2 > > > > > > Thanks > > > > > > mailscanner-bounces@lists.mailscanner.info wrote on 06/07/2006 > 10:57:25 > > > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From patrick at isoc.lu Thu Jun 8 11:50:40 2006 From: patrick at isoc.lu (Patrick Vande Walle) Date: Thu Jun 8 11:50:50 2006 Subject: Archive Public Keys Message-ID: <44880100.7000202@isoc.lu> Hello Julian, I tried to implement the archiving of public keys, as explained here: http://thread.gmane.org/gmane.mail.virus.mailscanner/35920/focus=35923 Not much success up at start. No keys got saved. Apparently the two lines doing the job are commented out in /usr/lib/MailScanner/MailScanner/SweepContent.pm # Find and save all the public keys (X.509 and PGP) in each message. #ExtractPublicKeys($message, $ent) # if MailScanner::Config::Value('archivepublickeys', $message); Once In uncommented the lines, it worked like a charm. Further, when I ran upgrade_mailscanner_conf, it said: Removed old: Public Key Archive Dir = /var/spool/MailScanner/keys Removed old: Archive Public Keys = yes ... which is logical, since these two values do not appear un Mailscanner.conf.rpmnew. This is with MS version 4.54.6 So the question is: is this feature meant to remain commented out ? Thanks a lot, Patrick Vande Walle From glenn.steen at gmail.com Thu Jun 8 11:51:30 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jun 8 11:51:35 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: <00b201c68ad5$2b948a60$3004010a@martinhlaptop> Message-ID: <223f97700606080351o10700dcby205822218959b6b6@mail.gmail.com> On 08/06/06, Res wrote: > Hi Martin, > > On Thu, 8 Jun 2006, Martin Hepworth wrote: > > > Res > > > > Wow 43 Million messages a day.. I think the most any has had is about 2 > > million messages out of a single machine (dunno if anyone has done any laod > > tests with the recent faster code). > > HUH wtf did you get 43m from? It's about 30k messages an hour, > I know I was hopeless at maths but 30000 x 500 !=43000000 ;) Missread by Martin I beleive... He read "second" where you said "minute" (60*60*24*500=43.2*10^6 ... I did the same thing... sat there full of awe for a moment, considering you have several boxes doing that:-). The 720k you do per day isn't bad, though perhaps not as aweinspiring:-). > > I think the best way to handle this would be to handle some sort of cluster > > with a mysql based bayes engine and using DNS to load balance. > > So you want us to outlay 10's of thousands of dollars for no reason? > it handles it nicely now, and the load rarely gets above 3 when its in > peak, and all that is probably disk speed, we are fairly happy without SA > thanks :) I guess you have this very well covered, but... What is it that "kills you" when running SA? The DNS overhead? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From steve.swaney at fsl.com Thu Jun 8 12:01:05 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jun 8 12:01:09 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: Message-ID: <03d101c68aea$d6f55320$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Res > Sent: Thursday, June 08, 2006 6:38 AM > To: MailScanner discussion > Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? > > On Thu, 8 Jun 2006, Martin Hepworth wrote: > > > Res > > > > Hmm I use 5 as low scoring and 10 as delete....get very few 5-10 false > > positives... > > On a box that uses SA I'm amazed at the amount of calais and viagra crap > that are marked as totaly cleam scoring a bare 0.1 etc... > > > -- > Cheers > Res We run MS/SA on our own systems and a lot of others. We don't see any: > On a box that uses SA I'm amazed at the amount of calais and viagra crap > that are marked as totaly cleam scoring a bare 0.1 etc... My guess is that you're not using the SARE rule sets in combination with Rules_du_Jour. They are very effective, especially when you update them daily. My thanks to the folks who maintain the SARE rule sets; you are much appreciated :) Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From dhawal at netmagicsolutions.com Thu Jun 8 12:08:07 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Jun 8 12:08:21 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: <014c01c68a17$6242be60$3004010a@martinhlaptop> <4486A924.5090502@netmagicsolutions.com> <4487E909.5030308@netmagicsolutions.com> Message-ID: <44880517.5010201@netmagicsolutions.com> Res wrote: > On Thu, 8 Jun 2006, Dhawal Doshy wrote: > >> Average mail delivery time is 10-15 seconds to the delivery servers. >> And i haven't done any advanced tuning (save using TMPFS) on these >> servers. Of course it helps to have Dual Processors and 3 GB RAM with >> SCSI Disks (Dell PE1850). >> > > > Yes but you still have not said what your SA tunnings are None, zilch.. we do not tune SA at all (i compile rpms from the stock tar.gz distro).. moreover we add tonnes of SARE rules to it. If using a dedicated server for MySQL based Bayes is tuning, then yes we do tuning. From that POV, we use djbdns' dnscache for the local caching-nameserver, which helps Net::DNS tremendously. Also thanks to the prolocation chaps, we rsync SURBL for local use.. I have added wiki entries for both of them quite some time back. http://wiki.mailscanner.info/doku.php?id=&idx=documentation:related_software:caching_nameserver http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:bayes:sql > I wasnt being a smart ass i was being genuine, but no problems I take it > the way you meant it and you shall be ignored :) I wasn't being one either.. apologies if i did sound like one. - dhawal > If anyone on this list processing the levels we do and actually is bored > enough to say how they tuned SA i'd be interested in reading From Denis.Beauchemin at USherbrooke.ca Thu Jun 8 13:27:39 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jun 8 13:28:14 2006 Subject: lock type In-Reply-To: <005201c68ae7$022e6030$3701a8c0@lapxp> References: <005201c68ae7$022e6030$3701a8c0@lapxp> Message-ID: <448817BB.6090906@USherbrooke.ca> Arthur Sherman a ?crit : >> But that's incorrect, isn't it? Could you check the reasoning below? >> >> o Given: This system is FC5 with sendmail 8.13.6. (MS 4.54.6). >> >> o MailScanner.conf has: >> MTA = sendmail >> Lock Type = >> >> o Therefore, according to the comments, this should result >> in "posix". >> >> o "posix" is, indeed, the desired and expected outcome for >> this system >> (isn't it?). >> >> o BUT "maillog" is reporting >> ... MailScanner[26259]: Using locktype = flock >> >> >> The comments say I should end up with "posix". Maillog says >> I'm getting >> "flock". So something somewhere (possibly including my >> understanding!) is >> incorrect. >> > > As far as I remember, in older versions this was flock... > It could be a mistype in conf - however, flock rulez. > > > I don't know if leaving it blank should do the right thing, but I have it set to posix on my RHEL4 servers and it works just fine. Posix is the right setup for sendmail 8.13. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060608/f4880d62/smime.bin From maillists at conactive.com Thu Jun 8 13:31:18 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jun 8 13:31:34 2006 Subject: virus checker failed with real error In-Reply-To: <44872D3D.3020005@ecs.soton.ac.uk> References: <4486D76E.109@students.iiit.ac.in> <4487060B.3090402@ecs.soton.ac.uk> <44872D3D.3020005@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Wed, 07 Jun 2006 20:47:09 +0100: > Yes, it is. Maybe remove the "commercial" then? It'd be confusing me if I saw it in my logs. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From sailer at bnl.gov Thu Jun 8 14:01:15 2006 From: sailer at bnl.gov (Tim Sailer) Date: Thu Jun 8 14:01:47 2006 Subject: Vispan exim support In-Reply-To: <00a701c68ad1$8a6b17b0$3004010a@martinhlaptop> References: <20060607201922.GN4716@bnl.gov> <00a701c68ad1$8a6b17b0$3004010a@martinhlaptop> Message-ID: <20060608130115.GA7427@bnl.gov> On Thu, Jun 08, 2006 at 09:00:00AM +0100, Martin Hepworth wrote: > Tim > > I'll double Michele's "oooooo nice.." > > Couple of things I note- according to the config page youre still running SA > 3.0.3. There's a nasty DOS vulnerability in that, may I suggest you upgrade > to 3.0.6 (if not 3.1.3). > > Also as you're quite being in MS versions as well you may find 4.54 is quite > a lot faster than your 4.41 version. I'm running this all with Debian packages (except for Vispan). I believe the 3.0.3 deb is backported (I could be wrong). As far as speed, the current setup is working fine (this ISP is my 'other' job, the one that takes up the rest of my time). No complaints from users, and they *do* complain! :) Tim -- Tim Sailer Information and Special Technologies Program Northeast Regional Counterintelligence Office Brookhaven National Laboratory (631) 344-3001 From arturs at netvision.net.il Thu Jun 8 16:15:45 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Thu Jun 8 15:17:23 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <223f97700606080234y4843664am633622be35a83100@mail.gmail.com> Message-ID: <007b01c68b0e$6a767930$3701a8c0@lapxp> > Yep, this is because the old faq-o-matic is gone... Probably went out > the window when Jules updated to the new website. > Unfortunately not all the relavant info has been moved to the wiki > (much because it wasn't that easy to corroborate (to check if some > details are correct, some because it contains a few gems and some crud > that simply don't apply anymore... etc). Even more unfortunate is that > we still have (especially in the MAQ) quite a few references to it. > For some we already have equivalent docs in the wiki though (like DCC: > http://wiki.mailscanner.info/doku.php?id=&idx=documentation:an > ti_spam:spamassassin:plugins:dcc), > so it moght be just a need for a minor overhaul for these. > > Jules, Ugo ... we need to adress this. > Will see what I can do. Thank you. Best, -- Arthur Sherman +972-52-4878851 CPTeam From Denis.Beauchemin at USherbrooke.ca Thu Jun 8 15:43:41 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jun 8 15:44:13 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <223f97700606080321j3b11a3caka0cb92ee9b2afcce@mail.gmail.com> References: <014501c68a12$171563c0$3004010a@martinhlaptop> <01c601c68ac0$ab4c5c20$23c051cb@noc> <223f97700606080321j3b11a3caka0cb92ee9b2afcce@mail.gmail.com> Message-ID: <4488379D.9090107@USherbrooke.ca> Glenn Steen a ?crit : > On 08/06/06, Muhammad Nauman wrote: >> my systems TOP states : >> >> top - 10:49:49 up 15:30, 4 users, load average: 1.97, 2.28, 2.89 >> Tasks: 163 total, 3 running, 159 sleeping, 0 stopped, 1 zombie >> Cpu(s): 12.4% us, 5.2% sy, 0.0% ni, 73.9% id, 8.2% wa, 0.0% hi, >> 0.3% si >> Mem: 2074908k total, 1978684k used, 96224k free, 142460k buffers >> Swap: 2096472k total, 176k used, 2096296k free, 1159100k cached >> >> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND >> 21894 root 16 0 59844 54m 3444 R 6.5 2.7 0:00.20 MailScanner >> 16415 root 15 0 60348 54m 3428 S 0.7 2.7 2:34.72 MailScanner >> 15394 root 16 0 57872 52m 3428 S 0.3 2.6 2:27.27 MailScanner >> >> Its almost utilizing the complete MEM and there are some MailScanners >> process which are even 2:34 min LONG . > > Very relative term there ... "almost"...:-). > You have approximately 250 MiB available and practiacally no swap > activity... Looks pretty well-balanced to me. Load seems reasonable, > especially if you run sendmail. > The TIME there.... How long ahd the process that took 2:34 been > running? Assuming close to 4 hours on a fairly busy server, then using > the CPU for well under 3 minutes total isn't much to write home > about:-). What I'm saying is that performance measurements without a > context and with no "baseline" to compare to, is pretty useless;). > I agree with you. I don't see anything wrong with this top excerpt. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060608/1b65dcc9/smime.bin From craig at csfs.co.za Thu Jun 8 17:14:33 2006 From: craig at csfs.co.za (Craig Retief) Date: Thu Jun 8 17:14:28 2006 Subject: OT: To Hyperthread or NOT to Hyperthread Message-ID: HI All, A question maybe 4 the gurus. When running a Linux server with MailScanner, SpamAssassin, Sendmail, "the milters", razor, pyzor, dcc, bdc, clamav, etc, etc, etc. Would it be better to have the servers hyperthreading enabled or disabled? I have read articles where the general recommended consensus is that it should be disabled. Has anyone actually experienced this scenario or have some comments relating? Thanks Craig -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060608/a42c2044/attachment.html From martinh at solid-state-logic.com Thu Jun 8 17:33:51 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jun 8 17:34:03 2006 Subject: To Hyperthread or NOT to Hyperthread In-Reply-To: Message-ID: <01ee01c68b19$53528cc0$3004010a@martinhlaptop> I use my system with HT on... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Craig Retief > Sent: 08 June 2006 17:15 > To: 'MailScanner discussion' > Subject: OT: To Hyperthread or NOT to Hyperthread > > HI All, > > > > A question maybe 4 the gurus. > > > > When running a Linux server with MailScanner, SpamAssassin, Sendmail, "the > milters", razor, pyzor, dcc, bdc, clamav, etc, etc, etc. Would it be > better to have the servers hyperthreading enabled or disabled? > > > > I have read articles where the general recommended consensus is that it > should be disabled. Has anyone actually experienced this scenario or have > some comments relating? > > > > Thanks > > > > Craig ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From dhawal at netmagicsolutions.com Thu Jun 8 17:35:15 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Jun 8 17:35:27 2006 Subject: OT: To Hyperthread or NOT to Hyperthread In-Reply-To: References: Message-ID: <448851C3.1070709@netmagicsolutions.com> Craig Retief wrote: > HI All, > > A question maybe 4 the gurus? > > When running a Linux server with MailScanner, SpamAssassin, Sendmail, > ?the milters?, razor, pyzor, dcc, bdc, clamav, etc, etc, etc. Would it > be better to have the servers hyperthreading enabled or disabled? > > I have read articles where the general recommended consensus is that it > should be disabled. Has anyone actually experienced this scenario or > have some comments relating? *Disclaimer*: i am NOT (and probably never will be) a linux guru. Hyperthreading is somewhat useful if your server utilization is less than 50%.. It works by appearing to your OS that you have 2 logical CPUs per physical CPU. It is also important that the applications on your server understand and take advantage of SMP. If your server is running at more than 50% utilization.. hyperthreading is going to be bad for you.. if you are not sure, turn it off. Once you understand how hyperthreading works.. it all makes sense. Also at the end of the day understand that there is no such thing as a free lunch. The CPU manufacturers are using this as a marketing gimmick with hardly any real world increase in performance. No one is giving you 2 CPUs for the price of one ;-). With a similar setup as yours, i use hyperthreading since my CPU usage is never more than 50% (mostly RAM and I/O) with BDC being the app using 35% of it. I am taking my chances though and intend on turning it off someday.. if only i could get out of my basement.. - dhawal From MailScanner at ecs.soton.ac.uk Thu Jun 8 18:33:20 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 8 18:33:37 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <00b201c68ad5$2b948a60$3004010a@martinhlaptop> References: <00b201c68ad5$2b948a60$3004010a@martinhlaptop> Message-ID: <44885F60.1090706@ecs.soton.ac.uk> Martin Hepworth wrote: > Wow 43 Million messages a day.. I think the most any has had is about 2 > million messages out of a single machine (dunno if anyone has done any laod > tests with the recent faster code). > I am waiting for a couple of possibilities of sourcing a faster machine than my current best (dual Opteron). I'll let you know speed and capacity benchmarks if either of them ever produce anything. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu Jun 8 18:40:26 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 8 18:40:35 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <003e01c68ada$f71cc800$3701a8c0@lapxp> References: <003e01c68ada$f71cc800$3701a8c0@lapxp> Message-ID: <4488610A.8030802@ecs.soton.ac.uk> Arthur Sherman wrote: >> Have you read the documentation on tuning? >> >> http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips >> > > Most links to instructions are broken... > Please can you re-test these pages. Hopefully they all work now. Please let me know of any that are still broken. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From arturs at netvision.net.il Thu Jun 8 19:49:24 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Thu Jun 8 18:51:04 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <4488610A.8030802@ecs.soton.ac.uk> Message-ID: <00ae01c68b2c$4303c420$3701a8c0@lapxp> > >> Have you read the documentation on tuning? > >> > >> > http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips > >> > > > > Most links to instructions are broken... > > > Please can you re-test these pages. Hopefully they all work > now. Please > let me know of any that are still broken. > > -- > Julian Field Yep. They work now. Thumbs up! Best, -- Arthur Sherman +972-52-4878851 CPTeam From ssilva at sgvwater.com Thu Jun 8 19:29:38 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 8 19:30:14 2006 Subject: lock type In-Reply-To: <005201c68ae7$022e6030$3701a8c0@lapxp> References: <005201c68ae7$022e6030$3701a8c0@lapxp> Message-ID: Arthur Sherman spake the following on 6/8/2006 3:33 AM: >> But that's incorrect, isn't it? Could you check the reasoning below? >> >> o Given: This system is FC5 with sendmail 8.13.6. (MS 4.54.6). >> >> o MailScanner.conf has: >> MTA = sendmail >> Lock Type = >> >> o Therefore, according to the comments, this should result >> in "posix". >> >> o "posix" is, indeed, the desired and expected outcome for >> this system >> (isn't it?). >> >> o BUT "maillog" is reporting >> ... MailScanner[26259]: Using locktype = flock >> >> >> The comments say I should end up with "posix". Maillog says >> I'm getting >> "flock". So something somewhere (possibly including my >> understanding!) is >> incorrect. > > As far as I remember, in older versions this was flock... > It could be a mistype in conf - however, flock rulez. It doesn't "rule" on v 8.13 sendmail! It definitely "drools"! You will get inconsistent or missing queue files, and maybe even the same message trying to be delivered over and over, and sendmail will barf allover itself. In this case posix is the choice. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From glenn.steen at gmail.com Thu Jun 8 19:31:59 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jun 8 19:32:03 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <4488610A.8030802@ecs.soton.ac.uk> References: <003e01c68ada$f71cc800$3701a8c0@lapxp> <4488610A.8030802@ecs.soton.ac.uk> Message-ID: <223f97700606081131h5ef91acbv4d284c8b36e021c2@mail.gmail.com> On 08/06/06, Julian Field wrote: > > > Arthur Sherman wrote: > >> Have you read the documentation on tuning? > >> > >> http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips > >> > > > > Most links to instructions are broken... > > > Please can you re-test these pages. Hopefully they all work now. Please > let me know of any that are still broken. > Ah, it has risen from the dead:-). Still, perhaps we should aim at some creative cut'n'pasting, just to get it all into the wiki... Just so much of it ...:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ugob at camo-route.com Thu Jun 8 19:39:42 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Thu Jun 8 19:40:24 2006 Subject: OS problem Centosx64 on BL25P In-Reply-To: References: Message-ID: kte@nexis.be wrote: > > > Jun 2 03:18:40 testserver Losing some ticks... checking if CPU frequency > changed. > Jun 2 03:18:40 testserver warning: many lost ticks. > Jun 2 03:18:40 testserver Your time source seems to be instable or some > driver is hogging interupts > > I have an HP BL25P server with 4 GB ram a dual core AMD processor an > CentOS4.3 64 bit installed and I get alot of these messages. > I have installed the the PSP 7.51. Anyone any ideas? You probably have to change your time source (argument to kernel load) > > Thanks Koen > From arturs at netvision.net.il Thu Jun 8 20:55:56 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Thu Jun 8 19:57:36 2006 Subject: lock type In-Reply-To: Message-ID: <00d001c68b35$8ed04820$3701a8c0@lapxp> > It doesn't "rule" on v 8.13 sendmail! > It definitely "drools"! You will get inconsistent or missing > queue files, and > maybe even the same message trying to be delivered over and > over, and sendmail > will barf allover itself. In this case posix is the choice. All right, learned something new, thanks. I've already tested it - meanwhile it is OK. Best, -- Arthur Sherman +972-52-4878851 CPTeam From naolson at gmail.com Thu Jun 8 20:04:12 2006 From: naolson at gmail.com (Nathan Olson) Date: Thu Jun 8 20:04:14 2006 Subject: lock type In-Reply-To: <00d001c68b35$8ed04820$3701a8c0@lapxp> References: <00d001c68b35$8ed04820$3701a8c0@lapxp> Message-ID: <8f54b4330606081204t2ed5f4a9y7c34c17d93954d1b@mail.gmail.com> I could be wrong, but many of you seem to be missing his point. He's saying that the comment states the correct type will be determined automatically if it is left blank. This is not the case. Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060608/7be5f2f3/attachment.html From naolson at gmail.com Thu Jun 8 20:19:13 2006 From: naolson at gmail.com (Nathan Olson) Date: Thu Jun 8 20:19:14 2006 Subject: lock type In-Reply-To: <8f54b4330606081204t2ed5f4a9y7c34c17d93954d1b@mail.gmail.com> References: <00d001c68b35$8ed04820$3701a8c0@lapxp> <8f54b4330606081204t2ed5f4a9y7c34c17d93954d1b@mail.gmail.com> Message-ID: <8f54b4330606081219o6b794645y3817d890c984956@mail.gmail.com> Disregard my last email. Lord knows where I hit my head this morning. Nate From KGoods at AIAInsurance.com Thu Jun 8 20:26:19 2006 From: KGoods at AIAInsurance.com (Ken Goods) Date: Thu Jun 8 20:31:42 2006 Subject: lock type Message-ID: <13C0059880FDD3118DC600508B6D4A6D013D89FE@aiainsurance.com> Nathan Olson wrote: > Disregard my last email. Lord knows where I hit my head this morning. > > Nate No Nate... I think you hit the nail on the head. This is exactly what happened when I built a new box with sendmail 8.13.x on it a couple months ago. I left it blank as it said in the comments but it was getting set to flock automagically and I was having problems. I set it to posix emplicitly and all is well. I just didn't think it was serious enough to mention to Julian since it was an easy and intuitive fix. I think the OP was seeing the same thing I did and wanted clarification. Kind regards, Ken Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. From TGFurnish at herffjones.com Thu Jun 8 21:28:37 2006 From: TGFurnish at herffjones.com (Furnish, Trever G) Date: Thu Jun 8 21:30:04 2006 Subject: Handling spam in DSNs from other sites? Message-ID: <57573D714A832C43B9D80EAFBDA48D0351B5C5@inex3.herffjones.hj-int> Thanks, Steve. :) > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Steve Freegard > Sent: Wednesday, June 07, 2006 3:34 AM > To: MailScanner discussion > Subject: Re: Handling spam in DSNs from other sites? > > Hi Trever, > > Furnish, Trever G wrote: > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > >> Glenn Steen > >> Sent: Tuesday, June 06, 2006 6:02 PM > >> To: MailScanner discussion > >> Subject: Re: Handling spam in DSNs from other sites? > >> > >> On 06/06/06, Furnish, Trever G wrote: > >>> I have a feeling I'm missing an obvious answer, but what > >> does everyone > >>> suggest for handling DSNs from other sites (not mine) > that include > >>> spam in the message? > > > >> Glenn Steen wrote: > >> I'm sure others have other views, but ... why treat them any > >> different than any other mail? scan them, tag them, drop > them....:-). > >> If they are legitimate, they will pass MS/SA/AVs anyway. > >> -- > >> -- Glenn > >> email: glenn < dot > steen < at > gmail < dot > com > >> work: glenn < dot > steen < at > ap1 < dot > se > > > > Thanks. However, in many cases these are actually getting through. > > Since the ip address of the sending server isn't the > spammer and isn't > > in the RBLs those checks aren't as helpful as they would've > been for > > the original message. > > > > I tend to think these aren't being sent by a spammer who's > identified > > a particular server with the specific intention of using > the DSN for > > delivery, but rather just by a worm that's using my domain > addresses > > as the faked sender address. If a specific server had been > targeted, > > it'd probably end up in a DNSBL. SPF would help with the original > > message, but of course it does nothing to help with the bounce. > > I've been experimenting with some stuff to address this. The > problem being that the DSN is being sent to you for a message > that never originated at your site. > > After some investigation I found out that someone else had > come up with a clever solution to this: using SRS (part of > SPF) to re-write all the envelopes of messages sent from out > from your domains (and re-writing all inbound returns) with > SRS (which contains a hashed-secret which would be impossible > for the spammer to guess). Then you use a milter that > rejects any DSNs that are not SRS signed or that are SRS > signed and do not have a valid signature. > > Here's my results so far - this shows all MTA level > rejections on my test box: > > date | greet_p | rbl | relay | uribl | 8bit | dsn_no_srs > ------------+---------+-------+-------+-------+------+------------ > 2006-06-07 | 135 | 2168 | 263 | 467 | 101 | 82 > 2006-06-06 | 1389 | 25462 | 1061 | 4456 | 2214 | 1001 > 2006-06-05 | 1728 | 23948 | 93 | 5111 | 1591 | 1129 > > There are several down-sides, SRS is 'frowned' upon by some > as it has the potential to break the RFCs that state that the > local-part field size should be 64 bytes although it does > state that an implementation can pick a larger value (also > VERP has been doing this for years without issue). The other > down-side is that to implement this I had to re-compile > Sendmail with -DSOCKETMAP and hack the .cf file as the > provided m4 HACK provided didn't work for me (it put the > changes in the wrong place). I've also never tried this on a > production system. > > See http://srs-socketmap.info/sendmailsrs.htm for the gory details... > > Exim users have it slightly better than the Sendmail crowd - > see http://srs.mirtol.com/exim.php for details. > > Before anyone asks -- I couldn't find an implementation for Postfix. > > Cheers, > Steve. Very neat idea. In my case though, besides the mild scariness of SRS :), I would also have to start handling outbound mail (since I currently only handle the inbound portion of our mail), and I'd have to figure out some way to handle users who I've created SPF "exceptions" for, since those users don't currently go out through our relays. That means I'd need another server to handle the increase load from outbound messages and would need to work with remote users to have them use our relays. In my particular case, these are probably showstoppers for this approach (at least for the time being). I'm in the midst of deploying a new mailscanner (and mailwatch, of course ;) ) system, so I've got some work to do before I can even start on this problem in earnest, but maybe when I start looking more closely at the number of messages like this getting through I'll find out that just adding a bit to the spamassassin score of bounces will suit my sites, even if that's not a good generic solution. -- Trever From maillists at conactive.com Thu Jun 8 21:31:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jun 8 21:31:35 2006 Subject: lock type In-Reply-To: <8f54b4330606081219o6b794645y3817d890c984956@mail.gmail.com> References: <00d001c68b35$8ed04820$3701a8c0@lapxp> <8f54b4330606081204t2ed5f4a9y7c34c17d93954d1b@mail.gmail.com> <8f54b4330606081219o6b794645y3817d890c984956@mail.gmail.com> Message-ID: Nathan Olson wrote on Thu, 8 Jun 2006 14:19:13 -0500: > Disregard my last email. Lord knows where I hit my head this morning. Hm, I thought you were quite right. It seems he got the wrong locktype if he's using sendmail > 12. Do I need to hit something now? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From ugob at camo-route.com Thu Jun 8 22:07:30 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Thu Jun 8 22:07:52 2006 Subject: Unofficial clamav phishing sigs Message-ID: Hi, Anyone tried these ones? http://www.sanesecurity.com/clamav/ Any false positives? I asked the clamav staff about their opinion and they said that they cannot give an opinion since they don't use it. Regards, Ugo Bellavance From richard.siddall at elirion.net Thu Jun 8 22:16:55 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Thu Jun 8 22:17:24 2006 Subject: Unofficial clamav phishing sigs In-Reply-To: References: Message-ID: <448893C7.7010901@elirion.net> Ugo Bellavance wrote: > Anyone tried these ones? > http://www.sanesecurity.com/clamav/ > > Any false positives? > > I asked the clamav staff about their opinion and they said that they > cannot give an opinion since they don't use it. > Yes. Been using them for a couple of months. We're using download scripts based on the ones Phil Randal posted to this list (most recently on 5/31). We've had one known false positive. I mailed the sendmail queue files to Steve Basford and he fixed it within 24 hours. I have noticed recently that some, or all, of the e-mails flagged by the Sane Security signatures are disinfected. Since MS quarantines them, I'd much rather have them deleted and recovered from the quarantine if necessary. Regards, Richard Siddall From ugob at camo-route.com Thu Jun 8 22:19:48 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Thu Jun 8 22:20:26 2006 Subject: Unofficial clamav phishing sigs In-Reply-To: <448893C7.7010901@elirion.net> References: <448893C7.7010901@elirion.net> Message-ID: Richard Siddall wrote: > Ugo Bellavance wrote: >> Anyone tried these ones? >> http://www.sanesecurity.com/clamav/ >> >> Any false positives? >> >> I asked the clamav staff about their opinion and they said that they >> cannot give an opinion since they don't use it. >> > > Yes. Been using them for a couple of months. We're using download > scripts based on the ones Phil Randal posted to this list (most recently > on 5/31). > > We've had one known false positive. I mailed the sendmail queue files > to Steve Basford and he fixed it within 24 hours. > > I have noticed recently that some, or all, of the e-mails flagged by the > Sane Security signatures are disinfected. Since MS quarantines them, > I'd much rather have them deleted and recovered from the quarantine if > necessary. What do you mean by disinfected? > > Regards, > > Richard Siddall > From richard.siddall at elirion.net Thu Jun 8 22:30:55 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Thu Jun 8 22:31:22 2006 Subject: Unofficial clamav phishing sigs In-Reply-To: References: <448893C7.7010901@elirion.net> Message-ID: <4488970F.5050109@elirion.net> Ugo Bellavance wrote: > > What do you mean by disinfected? > I mean the recipient of the phishing e-mail gets an e-mail with the infected portion removed. Subject: Disinfected: Clalis Sale Oonline! X-Mailer: MailScanner X-Elirion-Mailscanner: Disinfected And the body is usually: 1 1 1 1 1 1 1 1 1 1 1 1 I haven't found time to debug this yet. Regards, Richard Siddall From ssilva at sgvwater.com Thu Jun 8 22:53:15 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 8 22:53:36 2006 Subject: Unofficial clamav phishing sigs In-Reply-To: <4488970F.5050109@elirion.net> References: <448893C7.7010901@elirion.net> <4488970F.5050109@elirion.net> Message-ID: Richard Siddall spake the following on 6/8/2006 2:30 PM: > Ugo Bellavance wrote: >> What do you mean by disinfected? >> > > I mean the recipient of the phishing e-mail gets an e-mail with the > infected portion removed. > > Subject: Disinfected: Clalis Sale Oonline! > X-Mailer: MailScanner > X-Elirion-Mailscanner: Disinfected > > And the body is usually: > > 1 > 1 > 1 > 1 > 1 > 1 > 1 > 1 > 1 > 1 > 1 > 1 > > I haven't found time to debug this yet. > > Regards, > > Richard Siddall > Comes from the setting in mailscanner.conf: # Do you want to deliver messages once they have been cleaned of any # viruses? # By making this a ruleset, you can re-create the "Deliver From Local" # facility of previous versions. Deliver Cleaned Messages = yes -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From maillists at conactive.com Thu Jun 8 23:31:18 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jun 8 23:31:21 2006 Subject: Unofficial clamav phishing sigs In-Reply-To: References: <448893C7.7010901@elirion.net> Message-ID: Ugo Bellavance wrote on Thu, 08 Jun 2006 14:19:48 -0700: > disinfected? disarmed? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From kte at nexis.be Thu Jun 8 23:53:23 2006 From: kte at nexis.be (kte@nexis.be) Date: Thu Jun 8 23:56:16 2006 Subject: OS problem Centosx64 on BL25P In-Reply-To: Message-ID: I have an ntp time server configured, so I don't tink it is a time problem but a CPU frequency change probelm tha is bad interpreted by the linux kernel. But I don't find any solutions. I would like to know if mailscanner will be running stable ont this? Ugo Bellavance Sent by: mailscanner-bounces@lists.mailscanner.info 08/06/2006 20:39 Please respond to MailScanner discussion To mailscanner@lists.mailscanner.info cc Subject Re: OS problem Centosx64 on BL25P kte@nexis.be wrote: > > > Jun 2 03:18:40 testserver Losing some ticks... checking if CPU frequency > changed. > Jun 2 03:18:40 testserver warning: many lost ticks. > Jun 2 03:18:40 testserver Your time source seems to be instable or some > driver is hogging interupts > > I have an HP BL25P server with 4 GB ram a dual core AMD processor an > CentOS4.3 64 bit installed and I get alot of these messages. > I have installed the the PSP 7.51. Anyone any ideas? You probably have to change your time source (argument to kernel load) > > Thanks Koen > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060609/247d5936/attachment-0001.html From ka at pacific.net Thu Jun 8 23:56:50 2006 From: ka at pacific.net (Ken A) Date: Thu Jun 8 23:56:43 2006 Subject: Unofficial clamav phishing sigs In-Reply-To: References: <448893C7.7010901@elirion.net> Message-ID: <4488AB32.80907@pacific.net> Kai Schaetzl wrote: > Ugo Bellavance wrote on Thu, 08 Jun 2006 14:19:48 -0700: > >> disinfected? > > disarmed? Removing the phishing hook? Ken > > Kai > From ugob at camo-route.com Fri Jun 9 00:22:04 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Fri Jun 9 00:22:45 2006 Subject: OS problem Centosx64 on BL25P In-Reply-To: References: Message-ID: kte@nexis.be wrote: > > I have an ntp time server configured, so I don't tink it is a time > problem but a CPU frequency change probelm tha is bad interpreted by the > linux kernel. But I don't find any solutions. I would like to know if > mailscanner will be running stable ont this? Have you tried booting with apic=off as a boot parameter? PS: please avoid top-posting and HTML in your messages. Regards, Ugo From febrianto at sioenasia.com Fri Jun 9 03:34:38 2006 From: febrianto at sioenasia.com (Budi Febrianto) Date: Fri Jun 9 03:27:41 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <00f601c68ae8$456572c0$3004010a@martinhlaptop> Message-ID: Thanks Martin. My fault: I set dns_available no in spam.assassin.pref.conf file. After I changed it into dns_available test, I see the dns: checking entry in spamassassin --lint -D. Now SA check the RBL. But, even I only enable SBL_XBL in the spam.assassin.pref.conf file, it seem that SA still checking others RBL. score __RCVD_IN_SBL_XBL 4 #score RCVD_IN_BL_SPAMCOP_NET 4 # These next 3 will cost you money, see mailscanner.conf. #score RCVD_IN_RBL 10 #score RCVD_IN_RSS 1 #score RCVD_IN_DUL 1 Spam report taken from mailwatch. 4.09 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist 3.01 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist 1.64 URIBL_SBL Contains an URL listed in the SBL blocklist Should I disable all the RBL by setting the score to 0? Best Regards mailscanner-bounces@lists.mailscanner.info wrote on 06/08/2006 05:42:42 PM: > Budi > > Should see lines like > > dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Budi Febrianto > > Sent: 08 June 2006 11:23 > > To: MailScanner discussion > > Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? > > > > Martin, > > > > Is there any specifi string that i have to look for? to find out if the > > rbl > > works in SA or not? > > > > mailscanner-bounces@lists.mailscanner.info wrote on 06/08/2006 03:59:20 > > PM: > > > > > Hi > > > > > > Do a a "spamassassin -D --lint" and see if the tests being called. > > > > > > It could be the DNS module or something isn't installed properly.. > > > > > > -- > > > Martin Hepworth > > > Snr Systems Administrator > > > Solid State Logic > > > Tel: +44 (0)1865 842300 > > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > > bounces@lists.mailscanner.info] On Behalf Of Budi Febrianto > > > > Sent: 08 June 2006 09:51 > > > > To: MailScanner discussion > > > > Subject: Re: Who does RBL checks - MailScanner or SpamAssassin? > > > > > > > > > > > > Dumb question: > > > > I changed the configuration in MailScanner.conf > > > > from > > > > Spam List = SBL+XBL # You can un-comment this to enable them > > > > > > > > To > > > > Spam List = # SBL+XBL # You can un-comment this to enable them > > > > > > > > And in spam.assassin.pref.conf > > > > from > > > > #score RCVD_IN_BL_SPAMCOP_NET 4 > > > > # These next 3 will cost you money, see mailscanner.conf. > > > > #score RCVD_IN_RBL 10 > > > > #score RCVD_IN_RSS 1 > > > > #score RCVD_IN_DUL 1 > > > > > > > > To > > > > score __RCVD_IN_SBL_XBL 4 > > > > #score RCVD_IN_BL_SPAMCOP_NET 4 > > > > # These next 3 will cost you money, see mailscanner.conf. > > > > #score RCVD_IN_RBL 10 > > > > #score RCVD_IN_RSS 1 > > > > #score RCVD_IN_DUL 1 > > > > > > > > Do the spamassassin --lint result OK. > > > > Then do MailScanner reload. > > > > Now, how do I know if the RBL works in SA? Because in the log (I use > > > > mailwatch), I don't see any tag in spam report. I can see the > > pyzor_check > > > > score. > > > > > > > > I use SA 3.1.0 and MailScanner 4.52.2 > > > > > > > > Thanks > > > > > > > > mailscanner-bounces@lists.mailscanner.info wrote on 06/07/2006 > > 10:57:25 > > > > > > > > > > > > ********************************************************************** > > > > > > This email and any files transmitted with it are confidential and > > > intended solely for the use of the individual or entity to whom they > > > are addressed. If you have received this email in error please notify > > > the system manager. > > > > > > This footnote confirms that this email message has been swept > > > for the presence of computer viruses and is believed to be clean. > > > > > > ********************************************************************** > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > > believed to be clean. > > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > From res at ausics.net Fri Jun 9 08:35:38 2006 From: res at ausics.net (Res) Date: Fri Jun 9 08:35:43 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <223f97700606080351o10700dcby205822218959b6b6@mail.gmail.com> References: <00b201c68ad5$2b948a60$3004010a@martinhlaptop> <223f97700606080351o10700dcby205822218959b6b6@mail.gmail.com> Message-ID: On Thu, 8 Jun 2006, Glenn Steen wrote: > Missread by Martin I beleive... He read "second" where you said > "minute" (60*60*24*500=43.2*10^6 ... I did the same thing... sat there > full of awe for a moment, considering you have several boxes doing > that:-). The 720k you do per day isn't bad, though perhaps not as Thats 'per machine x 2 machines'... several others do less, they do about 50-200 a minute, with a few more more dedicated boxes doing much less > I guess you have this very well covered, but... What is it that "kills > you" when running SA? The DNS overhead? SA itself, all the dns stuff is off as is a couple other things they suggested, SA was used for spam detection only, we lowered teh default MS check first.. from 30k to 10k to 5k, even at 5k it only made a minute improvement but was next to useless still, also allowing lots of spam to pass :) Laws in this country were changed recently to require network operators to do what they can and be "pro active" in stopping spam leaving their network, thats great, but only about 1% comes from our users, the rest is international where there appears no legislation to deter it. -- Cheers Res From MailScanner at ecs.soton.ac.uk Fri Jun 9 08:35:40 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 9 08:35:54 2006 Subject: "Lock Type" for sendmail Message-ID: <63C30FDC-C0A6-476F-BFF9-4BCE7EAD0F3A@ecs.soton.ac.uk> Please note that I made a slight mistake and the behaviour of the "Lock Type" setting does not match the comments above it in MailScanner.conf. For sendmail, instead of defaulting to "posix" as documented, it defaults to "flock". If you are using sendmail version 8.13 or greater, particularly if you are on Linux, then you will need to manually set this to Lock Type = posix and then restart MailScanner. Failure to set this correctly could result in delivery of more than 1 copy of each message in the queue. This error is corrected in the latest beta release. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From martinh at solid-state-logic.com Fri Jun 9 09:10:48 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Jun 9 09:10:56 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: Message-ID: <00bb01c68b9c$37571210$3004010a@martinhlaptop> Budi Ah you're confusing RBL checks with URIRBL checks. RBL checks where the message has come from (via the headers). URIRBL checks within the message body for known http: locations that hold spam info - eg all those drug adds that are just jpegs or gifs. IHMO the URIRBLs are extremely useful at blocking spam. I'd leave them on and watch the spam detection levels increase.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Budi Febrianto > Sent: 09 June 2006 03:35 > To: MailScanner discussion > Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? > > Thanks Martin. > > My fault: > I set dns_available no in spam.assassin.pref.conf file. > After I changed it into dns_available test, I see the dns: checking entry > in spamassassin --lint -D. > > Now SA check the RBL. > > But, even I only enable SBL_XBL in the spam.assassin.pref.conf file, it > seem that SA still checking others RBL. > > score __RCVD_IN_SBL_XBL 4 > #score RCVD_IN_BL_SPAMCOP_NET 4 > # These next 3 will cost you money, see mailscanner.conf. > #score RCVD_IN_RBL 10 > #score RCVD_IN_RSS 1 > #score RCVD_IN_DUL 1 > > Spam report taken from mailwatch. > 4.09 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist > 3.01 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist > 1.64 URIBL_SBL Contains an URL listed in the SBL blocklist > > Should I disable all the RBL by setting the score to 0? > > Best Regards > > > mailscanner-bounces@lists.mailscanner.info wrote on 06/08/2006 05:42:42 > PM: > > > Budi > > > > Should see lines like > > > > dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl > > > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Budi Febrianto > > > Sent: 08 June 2006 11:23 > > > To: MailScanner discussion > > > Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? > > > > > > Martin, > > > > > > Is there any specifi string that i have to look for? to find out if > the > > > rbl > > > works in SA or not? > > > > > > mailscanner-bounces@lists.mailscanner.info wrote on 06/08/2006 > 03:59:20 > > > PM: > > > > > > > Hi > > > > > > > > Do a a "spamassassin -D --lint" and see if the tests being called. > > > > > > > > It could be the DNS module or something isn't installed properly.. > > > > > > > > -- > > > > Martin Hepworth > > > > Snr Systems Administrator > > > > Solid State Logic > > > > Tel: +44 (0)1865 842300 > > > > > > > > > -----Original Message----- > > > > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > > > > bounces@lists.mailscanner.info] On Behalf Of Budi Febrianto > > > > > Sent: 08 June 2006 09:51 > > > > > To: MailScanner discussion > > > > > Subject: Re: Who does RBL checks - MailScanner or SpamAssassin? > > > > > > > > > > > > > > > Dumb question: > > > > > I changed the configuration in MailScanner.conf > > > > > from > > > > > Spam List = SBL+XBL # You can un-comment this to enable them > > > > > > > > > > To > > > > > Spam List = # SBL+XBL # You can un-comment this to enable them > > > > > > > > > > And in spam.assassin.pref.conf > > > > > from > > > > > #score RCVD_IN_BL_SPAMCOP_NET 4 > > > > > # These next 3 will cost you money, see mailscanner.conf. > > > > > #score RCVD_IN_RBL 10 > > > > > #score RCVD_IN_RSS 1 > > > > > #score RCVD_IN_DUL 1 > > > > > > > > > > To > > > > > score __RCVD_IN_SBL_XBL 4 > > > > > #score RCVD_IN_BL_SPAMCOP_NET 4 > > > > > # These next 3 will cost you money, see mailscanner.conf. > > > > > #score RCVD_IN_RBL 10 > > > > > #score RCVD_IN_RSS 1 > > > > > #score RCVD_IN_DUL 1 > > > > > > > > > > Do the spamassassin --lint result OK. > > > > > Then do MailScanner reload. > > > > > Now, how do I know if the RBL works in SA? Because in the log (I > use > > > > > mailwatch), I don't see any tag in spam report. I can see the > > > pyzor_check > > > > > score. > > > > > > > > > > I use SA 3.1.0 and MailScanner 4.52.2 > > > > > > > > > > Thanks > > > > > > > > > > mailscanner-bounces@lists.mailscanner.info wrote on 06/07/2006 > > > 10:57:25 > > > > > > > > > > > > > > > > > ********************************************************************** > > > > > > > > This email and any files transmitted with it are confidential and > > > > intended solely for the use of the individual or entity to whom they > > > > are addressed. If you have received this email in error please > notify > > > > the system manager. > > > > > > > > This footnote confirms that this email message has been swept > > > > for the presence of computer viruses and is believed to be clean. > > > > > > > > > ********************************************************************** > > > > > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > -- > > > > This message has been scanned for viruses and > > > > dangerous content by MailScanner, and is > > > > believed to be clean. > > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From t.d.lee at durham.ac.uk Fri Jun 9 09:36:59 2006 From: t.d.lee at durham.ac.uk (David Lee) Date: Fri Jun 9 09:38:04 2006 Subject: lock type In-Reply-To: <8f54b4330606081204t2ed5f4a9y7c34c17d93954d1b@mail.gmail.com> References: <00d001c68b35$8ed04820$3701a8c0@lapxp> <8f54b4330606081204t2ed5f4a9y7c34c17d93954d1b@mail.gmail.com> Message-ID: On Thu, 8 Jun 2006, Nathan Olson wrote: > I could be wrong, but many of you seem to be missing his point. He's > saying that the comment states the correct type will be determined > automatically if it is left blank. This is not the case. Exactly! The value is blank; the comment indicates that blank should result in "posix"; but the actual behaviour is "flock". Documentation and action are inconsistent. It is this inconsistency which is the primary issue that I am raising, for the benefit of other MS installers. It needs Julian to confirm that this mismatch (comment vs. action) of the default (blank) setting is real (not just my mis-reading), then to decide on the best way to resolve it. (For what it's worth, I supsect that the comment represents what is really intended and that therefore the action is a code bug.) (In my own particular case I am explicitly setting "posix" for the moment.) -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : Durham University : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From gmatt at nerc.ac.uk Fri Jun 9 09:57:35 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Fri Jun 9 09:57:43 2006 Subject: lock type In-Reply-To: References: <00d001c68b35$8ed04820$3701a8c0@lapxp> <8f54b4330606081204t2ed5f4a9y7c34c17d93954d1b@mail.gmail.com> Message-ID: <448937FF.5010200@nerc.ac.uk> David Lee wrote: > On Thu, 8 Jun 2006, Nathan Olson wrote: > > >>I could be wrong, but many of you seem to be missing his point. He's >>saying that the comment states the correct type will be determined >>automatically if it is left blank. This is not the case. > > > Exactly! The value is blank; the comment indicates that blank should > result in "posix"; but the actual behaviour is "flock". Documentation and > action are inconsistent. It is this inconsistency which is the primary > issue that I am raising, for the benefit of other MS installers. > > It needs Julian to confirm that this mismatch (comment vs. action) of the > default (blank) setting is real (not just my mis-reading), then to decide > on the best way to resolve it. (For what it's worth, I supsect that the > comment represents what is really intended and that therefore the action > is a code bug.) > > (In my own particular case I am explicitly setting "posix" for the moment.) > I can confirm the behaviour described by David. I have seen similar on CentOS4. I manually set the lock type to posix in MailScanner.conf That said, I see a small percentage of "orphaned" df files in the incoming queue. These appear to have been dealt with my MailScanner but not properly cleaned up. Every few months I run a script to clean these orphans out. CentOS v4.3 sendmail 8.13.1 (stock rpm with backport patches) MailScanner v4.50.15 GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From glenn.steen at gmail.com Fri Jun 9 10:57:26 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 9 10:57:30 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: <00b201c68ad5$2b948a60$3004010a@martinhlaptop> <223f97700606080351o10700dcby205822218959b6b6@mail.gmail.com> Message-ID: <223f97700606090257y335963e2of07157ae0084a055@mail.gmail.com> On 09/06/06, Res wrote: > On Thu, 8 Jun 2006, Glenn Steen wrote: > > > Missread by Martin I beleive... He read "second" where you said > > "minute" (60*60*24*500=43.2*10^6 ... I did the same thing... sat there > > full of awe for a moment, considering you have several boxes doing > > that:-). The 720k you do per day isn't bad, though perhaps not as > > Thats 'per machine x 2 machines'... several others do less, they do > about 50-200 a minute, with a few more more dedicated boxes doing much > less Ok, so you do perhaps 2 million/day, give or take a couple of hundred k... ... Ok, that is a bit awe-inspiring:-). > > I guess you have this very well covered, but... What is it that "kills > > you" when running SA? The DNS overhead? > > SA itself, all the dns stuff is off as is a couple other things they > suggested, SA was used for spam detection only, we lowered teh default MS > check first.. from 30k to 10k to 5k, even at 5k it only made a minute > improvement but was next to useless still, also allowing lots of spam to > pass :) How very depressing. Was it CPU-bound or IO-bound (yeah yeah, IO is CPU-bound, I know:-), mostly? And using the usual tmpfs thing for anything that needs really fast IO (I guess I haven't done the math on that one... Could ramp up to a very hefty amount of RAM, with that throughput:-)? > Laws in this country were changed recently to require netbadwork operators to > do what they can and be "pro active" in stopping spam leaving their > network, thats great, but only about 1% comes from our users, the rest is > international where there appears no legislation to deter it. > Yeah, it's always "somewhere else"... and all that is needed is a few lax admins, and next to no control... Sigh. Legislation will just solve so much (just lad ook at the mess our Swedish parliament made of "anti-piracy":-)... Still, bad rules are probably better than no rules:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Denis.Beauchemin at USherbrooke.ca Fri Jun 9 13:31:30 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Jun 9 13:31:51 2006 Subject: Unofficial clamav phishing sigs In-Reply-To: References: Message-ID: <44896A22.5000606@USherbrooke.ca> Ugo Bellavance a ?crit : > Hi, > > Anyone tried these ones? > > http://www.sanesecurity.com/clamav/ > > Any false positives? > > I asked the clamav staff about their opinion and they said that they > cannot give an opinion since they don't use it. > > Regards, > > Ugo Bellavance > > I've been using them for 2-3 weeks. They trap a lot of phishing attempts but I had 1 false positive about eBay. Overall this is a really good addition to ClamAV. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060609/3307fee3/smime.bin From prakash.kannan at in.ness.com Fri Jun 9 12:58:09 2006 From: prakash.kannan at in.ness.com (Prakash) Date: Fri Jun 9 13:36:29 2006 Subject: sendmail In-Reply-To: <44870551.1030208@ecs.soton.ac.uk> Message-ID: Thanks for your advice -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Wednesday, June 07, 2006 10:27 PM To: MailScanner discussion Subject: Re: sendmail Please do at least a simple Google search before posting questions here, we expect you to do some homework first. Start at www.sendmail.org and the O'Reilly sendmail book. shuttlebox wrote: > On 6/7/06, *Prakash* > wrote: > > Can some one please send me the installation and configuration > guide for sendmail for Solaris? > > Some pdfs/books on sendmail. > > > This guy has a lot of good stuff on his site. > > http://www.brandonhutchinson.com > > This link might be what you're looking for: > > http://www.brandonhutchinson.com/Configuring_the_Solaris-supplied_version_of _Sendmail.html > > -- > /peter -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Disclaimer This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom it is addressed. If you have received this communication in error, please immediately notify the MailAdmin@in.ness.com and destroy the original message. The recipient should check this email and any attachments for the presence of viruses. Ness has taken every reasonable precaution to minimize this risk, and accepts no liability for any damage caused by any virus transmitted in this email. Ness reserves the rights to monitor and review the content of all messages sent to or from this E-mail address, and store them on the Ness E-mail system. From dave.list at pixelhammer.com Fri Jun 9 14:49:34 2006 From: dave.list at pixelhammer.com (DAve) Date: Fri Jun 9 14:49:48 2006 Subject: MailScanner delivering Spam as attachments Message-ID: <44897C6E.6050000@pixelhammer.com> Good morning, It has been a busy week, with so much going on maybe I have just missed something simple. I have upgrade both instances of MailScanner, Clamav, SpamAssassin. I am in the process of migrating all our Spam filtering off the toasters and on to the MailScanner boxes. I want to have MailScanner only test for spam and add the requested headers, nothing more. I will have the individual toasters read the headers and deliver the message appropriately. I've changed my MailScanner.conf to read as follows for my test domain, ===MailScanner.conf Spam Modify Subject = no Spam Checks = %rules-dir%/user.filtering.rules Use SpamAssassin = yes Cache SpamAssassin Results = yes Spam Actions = %rules-dir%/user.delivery.rules High Scoring Spam Actions = %rules-dir%/highscore.delivery.rules Non Spam Actions = deliver ====user.delivery.rules To: *@pixelhammer.com.com deliver # default delivery To: default deliver attachment ====user.filtering.rules To: *@pixelhammer.com yes # Default, don't filter anything else coming through! To: default no From: default no ====highscore.delivery.rules # default delivery To: default store I think this is all correct, however, spam delivered to pixelhammer.com is still attached to a warning message. No clue what I have done wrong here. I even restarted MailScanner a couple of times, and waited overnight so it could restart itself. Hints? DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From matt at coders.co.uk Fri Jun 9 14:58:43 2006 From: matt at coders.co.uk (Matt Hampton) Date: Fri Jun 9 14:58:39 2006 Subject: MailScanner delivering Spam as attachments In-Reply-To: <44897C6E.6050000@pixelhammer.com> References: <44897C6E.6050000@pixelhammer.com> Message-ID: <44897E93.8050407@coders.co.uk> DAve wrote: > ====user.delivery.rules > To: *@pixelhammer.com.com deliver .com.com? matt From dave.list at pixelhammer.com Fri Jun 9 15:07:34 2006 From: dave.list at pixelhammer.com (DAve) Date: Fri Jun 9 15:07:47 2006 Subject: MailScanner delivering Spam as attachments In-Reply-To: <44897E93.8050407@coders.co.uk> References: <44897C6E.6050000@pixelhammer.com> <44897E93.8050407@coders.co.uk> Message-ID: <448980A6.4020205@pixelhammer.com> Matt Hampton wrote: > DAve wrote: > >> ====user.delivery.rules >> To: *@pixelhammer.com.com deliver > > .com.com? > > matt Uhhh, what can I say, it has been a very long week. Two sets of eyes are better than one. Thank you! DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From ssilva at sgvwater.com Fri Jun 9 18:16:26 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 9 18:16:36 2006 Subject: "Lock Type" for sendmail In-Reply-To: <63C30FDC-C0A6-476F-BFF9-4BCE7EAD0F3A@ecs.soton.ac.uk> References: <63C30FDC-C0A6-476F-BFF9-4BCE7EAD0F3A@ecs.soton.ac.uk> Message-ID: Julian Field spake the following on 6/9/2006 12:35 AM: > Please note that I made a slight mistake and the behaviour of the "Lock > Type" setting does not match the comments above it in MailScanner.conf. > > For sendmail, instead of defaulting to "posix" as documented, it > defaults to "flock". > > If you are using sendmail version 8.13 or greater, particularly if you > are on Linux, then you will need to manually set this to > Lock Type = posix > and then restart MailScanner. > > Failure to set this correctly could result in delivery of more than 1 > copy of each message in the queue. > > This error is corrected in the latest beta release. Just to close this issue, does the beta fix the default lock type, or is the comment just fixed? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Fri Jun 9 18:18:28 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 9 18:20:23 2006 Subject: MailScanner delivering Spam as attachments In-Reply-To: <448980A6.4020205@pixelhammer.com> References: <44897C6E.6050000@pixelhammer.com> <44897E93.8050407@coders.co.uk> <448980A6.4020205@pixelhammer.com> Message-ID: DAve spake the following on 6/9/2006 7:07 AM: > Matt Hampton wrote: >> DAve wrote: >> >>> ====user.delivery.rules >>> To: *@pixelhammer.com.com deliver >> >> .com.com? >> >> matt > > Uhhh, what can I say, it has been a very long week. Two sets of eyes are > better than one. > > Thank you! > > DAve > 2 pair of eyes beats a pair of .com's everyday! You should have gone all in! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From dnsadmin at 1bigthink.com Fri Jun 9 18:42:02 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Fri Jun 9 18:42:12 2006 Subject: OT: Request answer off-list-- Sendmail+MailScanner+Mailman configs Message-ID: <4489B2EA.7010300@1bigthink.com> Hello All, I've got a Mail server with Sendmail + MailScanner + Mailman. The mailman lists are working fine. MailScanner is working fine within the mailing lists too. It wasn't until someone tried using mail accounts on the same domain as the list server that I realized sendmail was not working properly. Sendmail is receiving mail for the accounts, but I cannot authenticate any accounts on the domain. I suspect the problem either lies in the mailertable or the sendmail.mc/sendmail.cf file. The one thing that really complicates this is SMTP-AUTH on the regular mail. I am using saslauthd with Pam. My main mail server (completely separate server) is setup this way and is functioning properly, so I mimicked configs. I am no expert at the sendmail.mc/sendmail.cf, nor the mailman mechanisms being used. I understand enough to be dangerous. Quite complex! If any one expresses an interest in helping, please take this off-list unless you think it may help the group. I might need to compose a Niki item on this, once ironed-out! Please reply to dnsadmin-at-1bigthink.com. Thanks All! Glenn Parsons From tjcruz at airc.pt Fri Jun 9 18:57:51 2006 From: tjcruz at airc.pt (Tiago J. S. Martins Cruz) Date: Fri Jun 9 18:57:59 2006 Subject: Problem with delivery of clean mail Message-ID: <20060609185751.8kwwnbxxa844gk8c@webmail.airc.pt> I'm having trouble with my MailScanner configuration and I'm hoping someone on this list could giev me a hand. The MX server for the domain I administer is based on a FC5 Linux Distribution with MailScanner+sendmail in gateway mode. In my mailscanner.conf file I have enabled the "Deliver Cleaned Messages" option but it doesn't seems to work. When a message with an infected attachment hits the system the postmaster is notified but the cleaned message (without the infected attach) is not delivered to the recipient. I saw something similar on the mailing list archives, circa 2004 but the solution that worked then was a patch to the "Message.pm" file. My maillog file doesn't shows any kind of errors - however it does have the log entries for the messages sent to the postmaster. Apart from that, no sign of any message sent to the recipients of the cleaned messages. Thanks, in advance, for any help --Tiago Cruz My configuration is as follows: i686 i386 GNU/Linux This is Fedora Core release 5 (Bordeaux) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.54.6 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.04 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.16 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.54 HTML::Parser 2.37 HTML::TokeParser 1.22 IO 1.13 IO::File 1.13 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.03 MIME::QuotedPrint 5.420 MIME::Tools 0.10 Net::CIDR 1.09 POSIX 1.78 Socket 0.13 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.814 DB_File 1.12 DBD::SQLite 1.50 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.001003 Mail::SpamAssassin 1.999001 Mail::SPF::Query 0.20 Net::CIDR::Lite 1.24 Net::IP 0.57 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.56 Test::Harness 0.62 Test::Simple 1.98 Text::Balanced 1.35 URI -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Jun 9 19:42:41 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 9 19:43:58 2006 Subject: "Lock Type" for sendmail In-Reply-To: References: <63C30FDC-C0A6-476F-BFF9-4BCE7EAD0F3A@ecs.soton.ac.uk> Message-ID: <4489C121.4050606@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > Julian Field spake the following on 6/9/2006 12:35 AM: > >> Please note that I made a slight mistake and the behaviour of the "Lock >> Type" setting does not match the comments above it in MailScanner.conf. >> >> For sendmail, instead of defaulting to "posix" as documented, it >> defaults to "flock". >> >> If you are using sendmail version 8.13 or greater, particularly if you >> are on Linux, then you will need to manually set this to >> Lock Type = posix >> and then restart MailScanner. >> >> Failure to set this correctly could result in delivery of more than 1 >> copy of each message in the queue. >> >> This error is corrected in the latest beta release. >> > Just to close this issue, does the beta fix the default lock type, or is the > comment just fixed? > The beta fixes the default lock type. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRInBMhH2WUcUFbZUEQLY5ACggljUn4PUMUyyJE2Xkq84Y6Wh74UAoNn9 ek5iLlHBg9WjZ94w61wucTNH =GnXY -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From alex at nkpanama.com Fri Jun 9 20:01:04 2006 From: alex at nkpanama.com (Alex Neuman) Date: Fri Jun 9 20:01:35 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: <00b401c68ad5$99a28570$3004010a@martinhlaptop> Message-ID: <1912CB3A-76C3-4157-A481-6AAF4DF177FC@nkpanama.com> On Jun 8, 2006, at 5:37 AM, Res wrote: > On Thu, 8 Jun 2006, Martin Hepworth wrote: > > >> Res >> >> Hmm I use 5 as low scoring and 10 as delete....get very few 5-10 >> false >> positives... >> > > On a box that uses SA I'm amazed at the amount of calais and viagra > crap that are marked as totaly cleam scoring a bare 0.1 etc... > > Probably misconfigured. Things like ALL_TRUSTED and bad AWL scores are usually the culprit. > -- > Cheers > Res > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From alex at nkpanama.com Fri Jun 9 20:11:29 2006 From: alex at nkpanama.com (Alex Neuman) Date: Fri Jun 9 20:14:07 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <44880517.5010201@netmagicsolutions.com> References: <014c01c68a17$6242be60$3004010a@martinhlaptop> <4486A924.5090502@netmagicsolutions.com> <4487E909.5030308@netmagicsolutions.com> <44880517.5010201@netmagicsolutions.com> Message-ID: On Jun 8, 2006, at 6:08 AM, Dhawal Doshy wrote: > Res wrote: > >> On Thu, 8 Jun 2006, Dhawal Doshy wrote: >> >>> Average mail delivery time is 10-15 seconds to the delivery >>> servers. And i haven't done any advanced tuning (save using >>> TMPFS) on these servers. Of course it helps to have Dual >>> Processors and 3 GB RAM with SCSI Disks (Dell PE1850). >>> >>> >> Yes but you still have not said what your SA tunnings are >> > > None, zilch.. we do not tune SA at all (i compile rpms from the > stock tar.gz distro).. moreover we add tonnes of SARE rules to it. > If using a dedicated server for MySQL based Bayes is tuning, then > yes we do tuning. From that POV, we use djbdns' dnscache for the > local caching-nameserver, which helps Net::DNS tremendously. Also > thanks to the prolocation chaps, we rsync SURBL for local use.. > Is using djbdns' dnscache better performance-wise than running Bind in caching mode? I know this probably sounds dumb but since Bind w/ caching is installed by default on most rh-based linux distros I've never bothered to do djbdns... > I have added wiki entries for both of them quite some time back. > http://wiki.mailscanner.info/doku.php? > id=&idx=documentation:related_software:caching_nameserver > http://wiki.mailscanner.info/doku.php? > id=documentation:anti_spam:spamassassin:bayes:sql > > >> I wasnt being a smart ass i was being genuine, but no problems I >> take it the way you meant it and you shall be ignored :) >> > > I wasn't being one either.. apologies if i did sound like one. > > - dhawal > > >> If anyone on this list processing the levels we do and actually is >> bored enough to say how they tuned SA i'd be interested in reading >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From dhawal at netmagicsolutions.com Fri Jun 9 21:20:53 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Jun 9 21:21:07 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: <014c01c68a17$6242be60$3004010a@martinhlaptop> <4486A924.5090502@netmagicsolutions.com> <4487E909.5030308@netmagicsolutions.com> <44880517.5010201@netmagicsolutions.com> Message-ID: <20060609202053.23443.qmail@mymail.netmagicians.com> Alex Neuman writes: >> None, zilch.. we do not tune SA at all (i compile rpms from the stock >> tar.gz distro).. moreover we add tonnes of SARE rules to it. If using a >> dedicated server for MySQL based Bayes is tuning, then yes we do tuning. >> From that POV, we use djbdns' dnscache for the local caching-nameserver, >> which helps Net::DNS tremendously. Also thanks to the prolocation chaps, >> we rsync SURBL for local use.. >> > > Is using djbdns' dnscache better performance-wise than running Bind in > caching mode? I know this probably sounds dumb but since Bind w/ caching > is installed by default on most rh-based linux distros I've never > bothered to do djbdns... i can't really say which one is better.. i seem to like dnscache's performance and can keep it on a leash (from a resource perspective, see the wiki entry). Another reason being that i come from a qmail shop and have always been comfortable with dnscache (never gave bind+caching_ns a chance except for authoritative nameservers). - dhawal From alex at nkpanama.com Sat Jun 10 00:30:09 2006 From: alex at nkpanama.com (Alex Neuman) Date: Sat Jun 10 00:30:40 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <20060609202053.23443.qmail@mymail.netmagicians.com> References: <014c01c68a17$6242be60$3004010a@martinhlaptop> <4486A924.5090502@netmagicsolutions.com> <4487E909.5030308@netmagicsolutions.com> <44880517.5010201@netmagicsolutions.com> <20060609202053.23443.qmail@mymail.netmagicians.com> Message-ID: <1259B985-D73C-4FE4-B9FC-288D69B0BEE8@nkpanama.com> Most of the servers I handle are authoritative for their domain, and do caching for whoever's behind them on a private network. I try to only do recursive lookups for localhost and 192.168.x.x addresses within private networks, and just answer for their own domains when asked by anyone outside. On Jun 9, 2006, at 3:20 PM, Dhawal Doshy wrote: > Alex Neuman writes: > >>> None, zilch.. we do not tune SA at all (i compile rpms from the >>> stock tar.gz distro).. moreover we add tonnes of SARE rules to >>> it. If using a dedicated server for MySQL based Bayes is tuning, >>> then yes we do tuning. From that POV, we use djbdns' dnscache >>> for the local caching-nameserver, which helps Net::DNS >>> tremendously. Also thanks to the prolocation chaps, we rsync >>> SURBL for local use.. >>> >> Is using djbdns' dnscache better performance-wise than running >> Bind in caching mode? I know this probably sounds dumb but since >> Bind w/ caching is installed by default on most rh-based linux >> distros I've never bothered to do djbdns... >> > > i can't really say which one is better.. i seem to like dnscache's > performance and can keep it on a leash (from a resource > perspective, see the wiki entry). Another reason being that i come > from a qmail shop and have always been comfortable with dnscache > (never gave bind+caching_ns a chance except for authoritative > nameservers). > - dhawal > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From cpedaschus at gmx.de Sat Jun 10 00:34:58 2006 From: cpedaschus at gmx.de (Christian Pedaschus) Date: Sat Jun 10 00:36:23 2006 Subject: Virtual mailuser with their own bayes db? Message-ID: <448A05A2.70100@gmx.de> Hi everybody, i'm using mailscanner-4.54.6, latest qmail-ldap and courier-imap-3.0.8 and try to get spamassassin to use a separate bayes db for every virtual mailuser instead of a global one, but can't get it to work nor did i find anything in the wiki/documentation about it (perhaps i'm blind, pls excuse if so, was a long day). i found a howto to patch spamd to get the vuser home-dir from courier, but it's not of much help because i'm no perl-developer and can't convert the needed steps to spamassassin. i looked around in Mailscanner/lib/Mailscanner/SA.pm and line 89-92 look promising, but i don't fully understand them. the sa-howto patches the getpwnam call to return the data from courier, i guess that's what i need to do here, i just don't know how or where exactly. can someone give me a hint on how to get this running? Greets, Chris ps. the mentioned spamd-patch howto: http://da.andaka.org/Doku/courier-spamassassin.html From Marc.Dufresne at parks.on.ca Sat Jun 10 01:40:27 2006 From: Marc.Dufresne at parks.on.ca (Marc Dufresne) Date: Sat Jun 10 01:40:58 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working Message-ID: I have just upgraded to FreeBSD 6.1 and Sendmail 8.13.6. The mailscanner software running on my box is mailscanner 4.52.2-1. I have tested this with the above upgrades and it still is working perfectly. I decided to update my ports tree and then updated mailscanner to version 4.54.6. Everything installed correctly, but I cannot get mailscanner to run from the command line or on boot. I have followed the instructions under /usr/local/etc/rc.d/mailscanner by adding the following lines to /etc/rc.conf mailscanner_enable="YES" mailscanner_configfile="/usr/local/etc/MailScanner/MailScanner.conf" mailscanner_pidfile="/var/run/MailScanner.pid" I have also followed the instructions in /usr/local/etc/rc.d/mta by adding the following lines to the /etc/rc.conf mta_enable="YES" mta_type="sendmail" mta_profiles="incoming outgoing submitqueue" mta_incoming_flags="-L sm-mta-in -bd -OPrivacyOptions=noetrn -OQueueDirectory$ mta_incoming_pidfile="/var/run/sendmail_in.pid" mta_incoming_configfile="/etc/mail/sendmail.cf" mta_outgoing_flags="-L sm-mta-out -q15m" mta_outgoing_pidfile="/var/run/sendmail_out.pid" mta_outgoing_configfile="/etc/mail/sendmail.cf" mta_submitqueue_flags="-L sm-msp-queue -Ac -q15m" mta_submitqueue_pidfile="/var/spool/clientmqueue/sm-client.pid" mta_submitqueue_configfile="/etc/mail/submit.cf" Mailscanner will not load!!! I have tried everything I can think of. What am I missing???? -------------- next part -------------- BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marc Dufresne TEL;WORK:613-543-3704 ORG:;Information Technology TEL;PREF;FAX:613-543-2847 EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca N:Dufresne;Marc TITLE:Corporate IT Officer END:VCARD From gmane at tippingmar.com Sat Jun 10 02:43:50 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Sat Jun 10 02:44:14 2006 Subject: Is sophos-autoupdate updating? Message-ID: In my maillog I see: Jun 9 17:07:16 tesla update.virus.scanners: Found sophos installed Jun 9 17:07:16 tesla update.virus.scanners: Running autoupdate for sophos Jun 9 17:07:17 tesla Sophos-autoupdate[1501]: Sophos V5 updated But if I try to manually update I get: [root@tesla ~]# /opt/sophos-av/bin/savupdate -v 5 Starting automatic update... Opening configuration... Configuration opened Processing package 'PACKAGE'... Connection initialized Identified item to update 'sav-linux/manifest.dat' Identified item to update 'sav-linux/manifest.spec' Identified item to update 'sav-linux/cidsync.upd' Identified item to update 'sav-linux/common/' Identified item to update 'doc/' Identified item to update 'savi/' Identified item to update 'talpa/talpa-srcpack.tar.gz' Identified item to update 'talpa/manifest.dat' Identified item to update 'talpa/cidsync.upd' Identified item to update 'sav-linux/x86/' Identified item to update 'talpa/talpa-fedora/talpa-binpack-fedora_2.6.16-1.2111_FC5.tar.gz' Replicating contents in package directory '/opt/sophos-av/update/cache/LOCAL/PACKAGE'... Reading master index 'http://es-web.sophos.com/update/savlinux/master.upd'... Downloading http://es-web.sophos.com/update/savlinux/master.upd Failed to download http://es-web.sophos.com/update/savlinux/master.upd WARNING: Failed to read file 'http://es-web.sophos.com/update/savlinux/master.upd' WARNING: Failed to read master index 'http://es-web.sophos.com/update/savlinux/master.upd' ERROR: Failed to replicate contents in package directory '/opt/sophos-av/update/cache/LOCAL/PACKAGE' ERROR: Package 'PACKAGE' processing failed Updating Sophos Anti-Virus... ERROR: Failed to update Sophos Anti-Virus FATAL: Automatic update aborted And if I manually run "/usr/lib/MailScanner/sophos-autoupdate" or "/usr/lib/MailScanner/sophos-autoupdate /opt/sophos-av" the maillog shows: Jun 9 18:39:02 tesla Sophos-autoupdate[2106]: Sophos V5 updater failed So is Sophos 5 really being updated? Thanks, Mark Nienberg From res at ausics.net Sat Jun 10 05:43:48 2006 From: res at ausics.net (Res) Date: Sat Jun 10 05:43:56 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <223f97700606090257y335963e2of07157ae0084a055@mail.gmail.com> References: <00b201c68ad5$2b948a60$3004010a@martinhlaptop> <223f97700606080351o10700dcby205822218959b6b6@mail.gmail.com> <223f97700606090257y335963e2of07157ae0084a055@mail.gmail.com> Message-ID: On Fri, 9 Jun 2006, Glenn Steen wrote: >> SA itself, all the dns stuff is off as is a couple other things they >> suggested, SA was used for spam detection only, we lowered teh default MS > > How very depressing. > Was it CPU-bound or IO-bound (yeah yeah, IO is CPU-bound, I know:-), The load only climbed to about 12, machine was still instantly responsive never went through the roof or laged at all. > mostly? And using the usual tmpfs thing for anything that needs really > fast IO (I guess I haven't done the math on that one... Could ramp up > to a very hefty amount of RAM, with that throughput:-)? Oh theres plenty pof ram dont worry abvout that :) > Yeah, it's always "somewhere else"... and all that is needed is a few about 80% comes from asian countries, the rest of the world make up the other 20%, because of large fines and risk of incarseration theres very little chance of much of the crap coming from oz, thoug IMHO the spam laws dont quite go far enough, there are a few holes we'd like closed that the govt decided was to be excluded -- Cheers Res From res at ausics.net Sat Jun 10 05:47:24 2006 From: res at ausics.net (Res) Date: Sat Jun 10 05:47:28 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working In-Reply-To: References: Message-ID: run MailScanner --lint and see what errors pop up On Fri, 9 Jun 2006, Marc Dufresne wrote: > I have just upgraded to FreeBSD 6.1 and Sendmail 8.13.6. > > The mailscanner software running on my box is mailscanner 4.52.2-1. I have tested this with the above upgrades and it still is working perfectly. > > I decided to update my ports tree and then updated mailscanner to version 4.54.6. Everything installed correctly, but I cannot get mailscanner to run from the command line or on boot. -- Cheers Res From grover1711 at gmail.com Sat Jun 10 08:29:46 2006 From: grover1711 at gmail.com (ankush grover) Date: Sat Jun 10 08:29:50 2006 Subject: content filtering with MailScanner 4.44 + postfix 2.1.5 on FC3 Message-ID: <5f638b360606100029x40a60295r4ece048ef8434e97@mail.gmail.com> hey friends, I am using MailScanner 4.44 with postfix 2.1.5 on FC3. I want to do some kind of content filtering a) Banning receiving & sending attachments for some users for example "ankush@example.com" is not allowed to send or receive any attachments. b) Banning receiving emails for some users from the all other domains except from one domain for example if there is any email for user "tom@example.com" from any other domain that mail should be dropped but this user should be able to receive mail from the example.com domain but not from anyother domain. c) People are still sending mails to the accounts of the ex employees I want to totally ban mails to those accounts both within the organisation and from outside means if the mail is for the user "john@example.com" that mail should get dropped. If anyone can give me examples for the above 3 problems of mine that will be very good and I will be very grateful to that person. Please let me know if you need any further inputs. Thanks & Regards Ankush Grover From shrek-m at gmx.de Sat Jun 10 09:34:16 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Sat Jun 10 09:34:23 2006 Subject: Is sophos-autoupdate updating? In-Reply-To: References: Message-ID: <448A8408.2080504@gmx.de> Mark Nienberg schrieb: > In my maillog I see: > > Jun 9 17:07:16 tesla update.virus.scanners: Found sophos installed > Jun 9 17:07:16 tesla update.virus.scanners: Running autoupdate for > sophos > Jun 9 17:07:17 tesla Sophos-autoupdate[1501]: Sophos V5 updated > > > But if I try to manually update I get: > > [root@tesla ~]# /opt/sophos-av/bin/savupdate -v 5 > [...] Failed to download > http://es-web.sophos.com/update/savlinux/master.upd > WARNING: Failed to read file > 'http://es-web.sophos.com/update/savlinux/master.upd' > WARNING: Failed to read master index > 'http://es-web.sophos.com/update/savlinux/master.upd' > ERROR: Failed to replicate contents in package directory > '/opt/sophos-av/update/cache/LOCAL/PACKAGE' > ERROR: Package 'PACKAGE' processing failed > Updating Sophos Anti-Virus... > ERROR: Failed to update Sophos Anti-Virus > FATAL: Automatic update aborted > > > And if I manually run "/usr/lib/MailScanner/sophos-autoupdate" or > "/usr/lib/MailScanner/sophos-autoupdate /opt/sophos-av" the maillog > shows: > > Jun 9 18:39:02 tesla Sophos-autoupdate[2106]: Sophos V5 updater failed > > > So is Sophos 5 really being updated? i doubt. with `savupdate -v5 ` i get at least 1000 lines of output default is "v2" -------- # /opt/sophos-av/bin/savupdate Downloading http://es-web.sophos.com/update/savlinux/master.upd 268 bytes downloaded in 0,702146 secs (381,687100 B/s) /opt/sophos-av/update/cache/LOCAL/PACKAGE/savi/cidsync.upd is up to date /opt/sophos-av/update/cache/LOCAL/PACKAGE/sav-linux/cidsync.upd is up to date /opt/sophos-av/update/cache/LOCAL/PACKAGE/doc/cidsync.upd is up to date Downloading http://es-web.sophos.com/update/savlinux/root.upd 342 bytes downloaded in 0,165553 secs (2,017388 KiB/s) Downloading http://es-web.sophos.com/update/savlinux/root_manifest.dat 3168 bytes downloaded in 0,255198 secs (12,122940 KiB/s) /opt/sophos-av/update/cache/LOCAL/PACKAGE/talpa/cidsync.upd is up to date Downloading http://es-web.sophos.com/update/savlinux/config/index.spec Failed to download http://es-web.sophos.com/update/savlinux/config/index.spec Downloading http://es-web.sophos.com/update/savlinux/talpa-custom/index.spec Failed to download http://es-web.sophos.com/update/savlinux/talpa-custom/index.spec Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/savi/manifest.dat in 0,121533 seconds Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/sav-linux/manifest.dat in 0,174967 seconds Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/doc/manifest.dat in 0,011526 seconds Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/root_manifest.dat in 0,031227 seconds Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/talpa/manifest.dat in 0,154930 seconds Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/root_manifest.dat in 0,010770 seconds Successfully updated Sophos Anti-Virus ----/---- -- shrek-m From lars+lister.mailscanner at adventuras.no Sat Jun 10 12:30:49 2006 From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen) Date: Sat Jun 10 12:31:08 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working In-Reply-To: References: Message-ID: <448AAD69.9010405@adventuras.no> Marc Dufresne skrev: > I have just upgraded to FreeBSD 6.1 and Sendmail 8.13.6. > > The mailscanner software running on my box is mailscanner 4.52.2-1. I have tested this with the above upgrades and it still is working perfectly. > > I decided to update my ports tree and then updated mailscanner to version 4.54.6. Everything installed correctly, but I cannot get mailscanner to run from the command line or on boot. > Any failure messages? Wild shot: You need to update mailscanner after upgrading the os because of a filename installation default. (mta or mta.sh) -- Regards from Lars > I have followed the instructions under > > /usr/local/etc/rc.d/mailscanner by adding the following lines to /etc/rc.conf > > mailscanner_enable="YES" > mailscanner_configfile="/usr/local/etc/MailScanner/MailScanner.conf" > mailscanner_pidfile="/var/run/MailScanner.pid" > > I have also followed the instructions in /usr/local/etc/rc.d/mta by adding the following lines to the /etc/rc.conf > > mta_enable="YES" > mta_type="sendmail" > mta_profiles="incoming outgoing submitqueue" > mta_incoming_flags="-L sm-mta-in -bd -OPrivacyOptions=noetrn -OQueueDirectory$ > mta_incoming_pidfile="/var/run/sendmail_in.pid" > mta_incoming_configfile="/etc/mail/sendmail.cf" > mta_outgoing_flags="-L sm-mta-out -q15m" > mta_outgoing_pidfile="/var/run/sendmail_out.pid" > mta_outgoing_configfile="/etc/mail/sendmail.cf" > mta_submitqueue_flags="-L sm-msp-queue -Ac -q15m" > mta_submitqueue_pidfile="/var/spool/clientmqueue/sm-client.pid" > mta_submitqueue_configfile="/etc/mail/submit.cf" > > Mailscanner will not load!!! I have tried everything I can think of. > > What am I missing???? > > > > ------------------------------------------------------------------------ > > BEGIN:VCARD > VERSION:2.1 > X-GWTYPE:USER > FN:Marc Dufresne > TEL;WORK:613-543-3704 > ORG:;Information Technology > TEL;PREF;FAX:613-543-2847 > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > N:Dufresne;Marc > TITLE:Corporate IT Officer > END:VCARD > > From michele at blacknight.ie Sat Jun 10 12:41:39 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Sat Jun 10 12:41:40 2006 Subject: content filtering with MailScanner 4.44 + postfix 2.1.5 on FC3 In-Reply-To: <5f638b360606100029x40a60295r4ece048ef8434e97@mail.gmail.com> References: <5f638b360606100029x40a60295r4ece048ef8434e97@mail.gmail.com> Message-ID: <448AAFF3.9040404@blacknight.ie> ankush grover wrote: > hey friends, > > I am using MailScanner 4.44 with postfix 2.1.5 on FC3. I want to do > some kind of content filtering Why are you using such old versions of everything? You really should upgrade > > a) Banning receiving & sending attachments for some users for example > "ankush@example.com" is not allowed to send or receive any > attachments. Read up on rulesets > > b) Banning receiving emails for some users from the all other domains > except from > one domain for example if there is any email for user > "tom@example.com" from > any other domain that mail should be dropped but this user should > be able to > receive mail from the example.com domain but not from anyother domain. As above > > c) People are still sending mails to the accounts of the ex employees > I want to > totally ban mails to those accounts both within the organisation and > from > outside means if the mail is for the user "john@example.com" that > mail > should get dropped. That's not a MailScanner issue really. That's more of an MTA configuration matter -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From samp at arial-concept.com Sat Jun 10 14:12:00 2006 From: samp at arial-concept.com (Sam Przyswa) Date: Sat Jun 10 14:12:14 2006 Subject: content filtering with MailScanner 4.44 + postfix 2.1.5 on FC3 In-Reply-To: <448AAFF3.9040404@blacknight.ie> References: <5f638b360606100029x40a60295r4ece048ef8434e97@mail.gmail.com> <448AAFF3.9040404@blacknight.ie> Message-ID: <448AC520.6080709@arial-concept.com> Michele Neylon :: Blacknight.ie a ?crit : >>c) People are still sending mails to the accounts of the ex employees >>I want to >> totally ban mails to those accounts both within the organisation and >>from >> outside means if the mail is for the user "john@example.com" that >>mail >> should get dropped. >> >> > > > Look http://www.postfix.org/RESTRICTION_CLASS_README.html perhaps it's not exactly your need but you have to look in this way. I hope this help. Sam. -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. From MailScanner at ecs.soton.ac.uk Sat Jun 10 15:00:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 10 15:00:44 2006 Subject: Virtual mailuser with their own bayes db? In-Reply-To: <448A05A2.70100@gmx.de> References: <448A05A2.70100@gmx.de> Message-ID: <448AD07F.7030809@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MailScanner does not use spamd/spamc at all, it talks directly to SpamAssassin's Perl library for speed and efficiency reasons. However, this does mean that you are stuck to 1 bayes db for the whole system, sorry. People such as Matt Kettler (Matt--correct me if I'm wrong) have constructed very reliable spam detection without using bayes at all, so this isn't actually a big problem. Most people run with bayes, with one bayes db shared between all their customers/users and have no problems with it at all. So that bad news is that you can't do it. The good news is that it doesn't actually matter anyway. Regards, Jules. Christian Pedaschus wrote: > Hi everybody, > > i'm using mailscanner-4.54.6, latest qmail-ldap and courier-imap-3.0.8 > and try to get spamassassin to use a separate bayes db for every virtual > mailuser instead of a global one, but can't get it to work nor did i > find anything in the wiki/documentation about it (perhaps i'm blind, pls > excuse if so, was a long day). > > i found a howto to patch spamd to get the vuser home-dir from courier, > but it's not of much help because i'm no perl-developer and can't > convert the needed steps to spamassassin. i looked around in > Mailscanner/lib/Mailscanner/SA.pm and line 89-92 look promising, but i > don't fully understand them. the sa-howto patches the getpwnam call to > return the data from courier, i guess that's what i need to do here, i > just don't know how or where exactly. > > can someone give me a hint on how to get this running? > > > Greets, Chris > > ps. the mentioned spamd-patch howto: > http://da.andaka.org/Doku/courier-spamassassin.html > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRIrQghH2WUcUFbZUEQIhIwCgpPwNnLtw7mfE62KWjXR5yM9rc2AAn0sa vNrWZJB+j+Hg6mGtxWotPPxG =3tVA -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sat Jun 10 15:04:23 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 10 15:04:30 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working In-Reply-To: References: Message-ID: <448AD167.9080609@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Also try asking Jan-Peter Koopmann as he is our head BSD wizard around here. You'll find his address from the mailing list, he's a frequent poster. But please try everything you can think of, and everything you can't, before mailing him. He is a very busy man and may well not have time to respond. Furthermore, if you get a solution from him, please post it back to the list so that it gets into the list archive, which is a valuable source of information and is useless without the solutions to posted problems. Regards, Jules. Res wrote: > > > run MailScanner --lint > and see what errors pop up > > On Fri, 9 Jun 2006, Marc Dufresne wrote: > >> I have just upgraded to FreeBSD 6.1 and Sendmail 8.13.6. >> >> The mailscanner software running on my box is mailscanner 4.52.2-1. I >> have tested this with the above upgrades and it still is working >> perfectly. >> >> I decided to update my ports tree and then updated mailscanner to >> version 4.54.6. Everything installed correctly, but I cannot get >> mailscanner to run from the command line or on boot. > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRIrRaBH2WUcUFbZUEQKE/gCfTALKytEPCAr2qQWdT4QN2ZZcqlQAn23z dhedegs5C7mQGEsAF9Nd3qRk =m/gu -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sat Jun 10 15:09:39 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 10 15:09:49 2006 Subject: Is sophos-autoupdate updating? In-Reply-To: References: Message-ID: <448AD2A3.1090409@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Nienberg wrote: > In my maillog I see: > > Jun 9 17:07:16 tesla update.virus.scanners: Found sophos installed > Jun 9 17:07:16 tesla update.virus.scanners: Running autoupdate for > sophos > Jun 9 17:07:17 tesla Sophos-autoupdate[1501]: Sophos V5 updated > > > But if I try to manually update I get: > > [root@tesla ~]# /opt/sophos-av/bin/savupdate -v 5 > Starting automatic update... > Opening configuration... > Configuration opened > Processing package 'PACKAGE'... > Connection initialized > Identified item to update 'sav-linux/manifest.dat' > Identified item to update 'sav-linux/manifest.spec' > Identified item to update 'sav-linux/cidsync.upd' > Identified item to update 'sav-linux/common/' > Identified item to update 'doc/' > Identified item to update 'savi/' > Identified item to update 'talpa/talpa-srcpack.tar.gz' > Identified item to update 'talpa/manifest.dat' > Identified item to update 'talpa/cidsync.upd' > Identified item to update 'sav-linux/x86/' > Identified item to update > 'talpa/talpa-fedora/talpa-binpack-fedora_2.6.16-1.2111_FC5.tar.gz' > Replicating contents in package directory > '/opt/sophos-av/update/cache/LOCAL/PACKAGE'... > Reading master index > 'http://es-web.sophos.com/update/savlinux/master.upd'... > Downloading http://es-web.sophos.com/update/savlinux/master.upd > Failed to download http://es-web.sophos.com/update/savlinux/master.upd > WARNING: Failed to read file > 'http://es-web.sophos.com/update/savlinux/master.upd' > WARNING: Failed to read master index > 'http://es-web.sophos.com/update/savlinux/master.upd' > ERROR: Failed to replicate contents in package directory > '/opt/sophos-av/update/cache/LOCAL/PACKAGE' > ERROR: Package 'PACKAGE' processing failed > Updating Sophos Anti-Virus... > ERROR: Failed to update Sophos Anti-Virus > FATAL: Automatic update aborted > > > And if I manually run "/usr/lib/MailScanner/sophos-autoupdate" or > "/usr/lib/MailScanner/sophos-autoupdate /opt/sophos-av" the maillog > shows: > > Jun 9 18:39:02 tesla Sophos-autoupdate[2106]: Sophos V5 updater failed > > > So is Sophos 5 really being updated? I suspect not. The second command a couple of sentences up is the correct one. You have to give the autoupdater the directory in which Sophos is installed. Check that your /etc/MailScanner/virus.scanners.conf has the correct directory for the installation of Sophos, or it might still be trying to update an old Sophos v3 or v4 installation in /usr/local/Sophos. But running the Sophos command "savupdate" really should work, start by configuring that so that it works properly. Have you given it the right Sophos username and password to get updates? The MailScanner Sophos V5 autoupdate script uses this command to do the update, so that command on its own must work first. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRIrSpBH2WUcUFbZUEQINsgCdF+T8NibZPAO48VkzXuro21wjCx0AoOge 7EHW/eDVnDIBSydjDwkZsnVt =vfHM -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From Marc.Dufresne at parks.on.ca Sat Jun 10 15:16:10 2006 From: Marc.Dufresne at parks.on.ca (Marc Dufresne) Date: Sat Jun 10 15:16:26 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working Message-ID: That's exactly whatI did. Mailscanner installed properly, I then followed the instructions at the end of the install concerning mailscanner and mta. When executing mailscanner manually from the command line /usr/local/etc/rc.d/mailscanner start It would just go back to the command line. If I ran ps -ax mailscanner wasn't running. after pulling my hair out for about two hours, I noticed the latest version of Perl was 5.8.8. I was running perl 5.8.7. So I upgrade to perl5.8.8. That went successful. Mailscanner still didn't work. So I went under /usr/ports/mail/mailscannner and ran make deinstall mailscanner-4.54.6 uninstalled successfully. Then I tried to re-install by running make make install under /usr/ports/mail/mailscannner. Now I'm getting this error: Installing for p5-Filesys-Statvfs_Df-0.68 ===> p5-Filesys-Statvfs_Df-0.68 depends on file: /usr/local/bin/perl5.8.8 - found ===> Generating temporary packing list ===> Checking if devel/p5-Filesys-Statvfs_Df already installed make: don't know how to make /usr/local/lib/perl5/5.8.7/mach/Config.pm. Stop *** Error code 2 Stop in /usr/ports/devel/p5-Filesys-Statvfs_Df. *** Error code 1 Stop in /usr/ports/mail/mailscanner. Any ideas? Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> lars+lister.mailscanner@adventuras.no 6/10/2006 7:30:49 AM >>> Marc Dufresne skrev: > I have just upgraded to FreeBSD 6.1 and Sendmail 8.13.6. > > The mailscanner software running on my box is mailscanner 4.52.2-1. I have tested this with the above upgrades and it still is working perfectly. > > I decided to update my ports tree and then updated mailscanner to version 4.54.6. Everything installed correctly, but I cannot get mailscanner to run from the command line or on boot. > Any failure messages? Wild shot: You need to update mailscanner after upgrading the os because of a filename installation default. (mta or mta.sh) -- Regards from Lars > I have followed the instructions under > > /usr/local/etc/rc.d/mailscanner by adding the following lines to /etc/rc.conf > > mailscanner_enable="YES" > mailscanner_configfile="/usr/local/etc/MailScanner/MailScanner.conf" > mailscanner_pidfile="/var/run/MailScanner.pid" > > I have also followed the instructions in /usr/local/etc/rc.d/mta by adding the following lines to the /etc/rc.conf > > mta_enable="YES" > mta_type="sendmail" > mta_profiles="incoming outgoing submitqueue" > mta_incoming_flags="-L sm-mta-in -bd -OPrivacyOptions=noetrn -OQueueDirectory$ > mta_incoming_pidfile="/var/run/sendmail_in.pid" > mta_incoming_configfile="/etc/mail/sendmail.cf" > mta_outgoing_flags="-L sm-mta-out -q15m" > mta_outgoing_pidfile="/var/run/sendmail_out.pid" > mta_outgoing_configfile="/etc/mail/sendmail.cf" > mta_submitqueue_flags="-L sm-msp-queue -Ac -q15m" > mta_submitqueue_pidfile="/var/spool/clientmqueue/sm-client.pid" > mta_submitqueue_configfile="/etc/mail/submit.cf" > > Mailscanner will not load!!! I have tried everything I can think of. > > What am I missing???? > > > > ------------------------------------------------------------------------ > > BEGIN:VCARD > VERSION:2.1 > X-GWTYPE:USER > FN:Marc Dufresne > TEL;WORK:613-543-3704 > ORG:;Information Technology > TEL;PREF;FAX:613-543-2847 > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > N:Dufresne;Marc > TITLE:Corporate IT Officer > END:VCARD > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marc Dufresne TEL;WORK:613-543-3704 ORG:;Information Technology TEL;PREF;FAX:613-543-2847 EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca N:Dufresne;Marc TITLE:Corporate IT Officer END:VCARD From Marc.Dufresne at parks.on.ca Sat Jun 10 15:18:45 2006 From: Marc.Dufresne at parks.on.ca (Marc Dufresne) Date: Sat Jun 10 15:19:05 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working Message-ID: Will do. I noticed I was still rnning perl 5.8.7 after upgrading to FreeBSD 6.1, Sendmail 8.13.6 and mailscanner-4.54.6. What I did was upgrade to perl5.8.8 hoping that would solve my problem. Still isn't working. what command under FreeBSD do you execute to ensure the latest version of Perl is linked to all services that need it? Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> MailScanner@ecs.soton.ac.uk 6/10/2006 10:04:23 AM >>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Also try asking Jan-Peter Koopmann as he is our head BSD wizard around here. You'll find his address from the mailing list, he's a frequent poster. But please try everything you can think of, and everything you can't, before mailing him. He is a very busy man and may well not have time to respond. Furthermore, if you get a solution from him, please post it back to the list so that it gets into the list archive, which is a valuable source of information and is useless without the solutions to posted problems. Regards, Jules. Res wrote: > > > run MailScanner --lint > and see what errors pop up > > On Fri, 9 Jun 2006, Marc Dufresne wrote: > >> I have just upgraded to FreeBSD 6.1 and Sendmail 8.13.6. >> >> The mailscanner software running on my box is mailscanner 4.52.2-1. I >> have tested this with the above upgrades and it still is working >> perfectly. >> >> I decided to update my ports tree and then updated mailscanner to >> version 4.54.6. Everything installed correctly, but I cannot get >> mailscanner to run from the command line or on boot. > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRIrRaBH2WUcUFbZUEQKE/gCfTALKytEPCAr2qQWdT4QN2ZZcqlQAn23z dhedegs5C7mQGEsAF9Nd3qRk =m/gu -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marc Dufresne TEL;WORK:613-543-3704 ORG:;Information Technology TEL;PREF;FAX:613-543-2847 EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca N:Dufresne;Marc TITLE:Corporate IT Officer END:VCARD From MailScanner at ecs.soton.ac.uk Sat Jun 10 15:29:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 10 15:30:08 2006 Subject: content filtering with MailScanner 4.44 + postfix 2.1.5 on FC3 In-Reply-To: <5f638b360606100029x40a60295r4ece048ef8434e97@mail.gmail.com> References: <5f638b360606100029x40a60295r4ece048ef8434e97@mail.gmail.com> Message-ID: <448AD763.7080302@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ankush grover wrote: > hey friends, > > I am using MailScanner 4.44 with postfix 2.1.5 on FC3. I want to do > some kind of content filtering You can do pretty much all of these with MailScanner "rulesets". Read up about rulesets in any and/or all of the documentation available. Please buy the book! > a) Banning receiving & sending attachments for some users for example > "ankush@example.com" is not allowed to send or receive any > attachments. In MailScanner.conf, Maximum Attachment Size = %rules-dir%/max.attach.size.rules In /etc/MailScanner/rules/max.attach.size.rules FromOrTo: ankush@example.com 0 FromOtTo: default -1 > b) Banning receiving emails for some users from the all other domains > except from > one domain for example if there is any email for user > "tom@example.com" from > any other domain that mail should be dropped but this user should > be able to > receive mail from the example.com domain but not from anyother domain. In MailScanner.conf, Is Definitely Spam = %rules-dir%/is.definitely.spam.rules Definite Spam Is High Scoring = yes High-Scoring Spam Actions = delete store In /etc/MailScanner/rules/is.definitely.spam.rules To: tom@example.com and From: *@example.com no To: tom@example.com yes FromOrTo: default no > c) People are still sending mails to the accounts of the ex employees > I want to > totally ban mails to those accounts both within the organisation > and from > outside means if the mail is for the user "john@example.com" > that mail > should get dropped. Do this in your MTA. In sendmail, for example, add this to /etc/mail/access john@example.com DISCARD then cd /etc/mail make > If anyone can give me examples for the above 3 problems of mine that > will be very good and I will be very grateful to that person. Hopefully the examples above give you a small taste of the power of rulesets. Virtually every configuration option in MailScanner can be controlled by a ruleset, and these can be built into incredibly detailed configuration systems. As long as you have less than, say, 1000 entries in a particular ruleset, they will work very fast. If you come across a requirement which cannot be expressed in a ruleset, then you can use "Custom Functions", which are Perl functions that calculate the result of the configuration option from a section of Perl code that is passed all the details about the message. There are a few examples of what can be done in Custom Functions in /usr/lib/MailScanner/MailScanner/CustomConfig.pm and in the extra examples in /usr/lib/MailScanner/MailScanner/CustomFunctions/*. These do require some basic knowledge of Perl, but you can start from one of the examples and modify it to your needs, so you don't have to start from scratch. If you want Custom Functions written by me for your particular needs, please contact me directly and we can agree a price. You get MailScanner for free, and you get all the support I can possibly offer for free on the mailing list and in personal replies to mail (I reply to *every* email I get, always). But if you want me to write code for you, I have to charge for that. I have bills to pay, like everyone else. Regards, Jules. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRIrXZBH2WUcUFbZUEQKEeACgjHCaizK+Pv5osBQQb4ubLhLEmxcAoOQP zNFkk/YJkA5VvP//EbPIFjK7 =A7J4 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From lars+lister.mailscanner at adventuras.no Sat Jun 10 15:40:01 2006 From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen) Date: Sat Jun 10 15:40:23 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working In-Reply-To: References: Message-ID: <448AD9C1.1040000@adventuras.no> Marc Dufresne skrev: > That's exactly whatI did. Mailscanner installed properly, I then > followed the instructions at the end of the install concerning > mailscanner and mta. > > When executing mailscanner manually from the command line > /usr/local/etc/rc.d/mailscanner start > > It would just go back to the command line. If I ran ps -ax mailscanner > wasn't running. > > after pulling my hair out for about two hours, I noticed the latest > version of Perl was 5.8.8. I was running perl 5.8.7. So I upgrade to > perl5.8.8. That went successful. Mailscanner still didn't work. Look for perl in /usr/ports/Updating and you will see that you need to update everything perl when updating perl itself. The easiest way is to run the perl-after-upgrade script. > > So I went under /usr/ports/mail/mailscannner and ran > > make deinstall > > mailscanner-4.54.6 uninstalled successfully. Then I tried to re-install > by running > > make > make install > under /usr/ports/mail/mailscannner. > > Now I'm getting this error: > > Installing for p5-Filesys-Statvfs_Df-0.68 > ===> p5-Filesys-Statvfs_Df-0.68 depends on file: > /usr/local/bin/perl5.8.8 - found perl5.8 > ===> Generating temporary packing list > ===> Checking if devel/p5-Filesys-Statvfs_Df already installed > make: don't know how to make /usr/local/lib/perl5/5.8.7/mach/Config.pm. perl5.7, so p5-Filesys-Statvfs_Df needs updating too. > Stop > *** Error code 2 > > Stop in /usr/ports/devel/p5-Filesys-Statvfs_Df. > *** Error code 1 > > Stop in /usr/ports/mail/mailscanner. > > Any ideas? > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > >>>> lars+lister.mailscanner@adventuras.no 6/10/2006 7:30:49 AM >>> > Marc Dufresne skrev: >> I have just upgraded to FreeBSD 6.1 and Sendmail 8.13.6. >> >> The mailscanner software running on my box is mailscanner 4.52.2-1. I > have tested this with the above upgrades and it still is working > perfectly. >> I decided to update my ports tree and then updated mailscanner to > version 4.54.6. Everything installed correctly, but I cannot get > mailscanner to run from the command line or on boot. >> > > Any failure messages? > Wild shot: You need to update mailscanner after upgrading the os > because of a filename installation default. > (mta or mta.sh) > > > > ------------------------------------------------------------------------ > > BEGIN:VCARD > VERSION:2.1 > X-GWTYPE:USER > FN:Marc Dufresne > TEL;WORK:613-543-3704 > ORG:;Information Technology > TEL;PREF;FAX:613-543-2847 > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > N:Dufresne;Marc > TITLE:Corporate IT Officer > END:VCARD > From Marc.Dufresne at parks.on.ca Sat Jun 10 15:44:04 2006 From: Marc.Dufresne at parks.on.ca (Marc Dufresne) Date: Sat Jun 10 15:44:23 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working Message-ID: I've been racking by brain trying to find that script name!! Thanks. Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> lars+lister.mailscanner@adventuras.no 6/10/2006 10:40:01 AM >>> Marc Dufresne skrev: > That's exactly whatI did. Mailscanner installed properly, I then > followed the instructions at the end of the install concerning > mailscanner and mta. > > When executing mailscanner manually from the command line > /usr/local/etc/rc.d/mailscanner start > > It would just go back to the command line. If I ran ps -ax mailscanner > wasn't running. > > after pulling my hair out for about two hours, I noticed the latest > version of Perl was 5.8.8. I was running perl 5.8.7. So I upgrade to > perl5.8.8. That went successful. Mailscanner still didn't work. Look for perl in /usr/ports/Updating and you will see that you need to update everything perl when updating perl itself. The easiest way is to run the perl-after-upgrade script. > > So I went under /usr/ports/mail/mailscannner and ran > > make deinstall > > mailscanner-4.54.6 uninstalled successfully. Then I tried to re-install > by running > > make > make install > under /usr/ports/mail/mailscannner. > > Now I'm getting this error: > > Installing for p5-Filesys-Statvfs_Df-0.68 > ===> p5-Filesys-Statvfs_Df-0.68 depends on file: > /usr/local/bin/perl5.8.8 - found perl5.8 > ===> Generating temporary packing list > ===> Checking if devel/p5-Filesys-Statvfs_Df already installed > make: don't know how to make /usr/local/lib/perl5/5.8.7/mach/Config.pm. perl5.7, so p5-Filesys-Statvfs_Df needs updating too. > Stop > *** Error code 2 > > Stop in /usr/ports/devel/p5-Filesys-Statvfs_Df. > *** Error code 1 > > Stop in /usr/ports/mail/mailscanner. > > Any ideas? > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > >>>> lars+lister.mailscanner@adventuras.no 6/10/2006 7:30:49 AM >>> > Marc Dufresne skrev: >> I have just upgraded to FreeBSD 6.1 and Sendmail 8.13.6. >> >> The mailscanner software running on my box is mailscanner 4.52.2-1. I > have tested this with the above upgrades and it still is working > perfectly. >> I decided to update my ports tree and then updated mailscanner to > version 4.54.6. Everything installed correctly, but I cannot get > mailscanner to run from the command line or on boot. >> > > Any failure messages? > Wild shot: You need to update mailscanner after upgrading the os > because of a filename installation default. > (mta or mta.sh) > > > > ------------------------------------------------------------------------ > > BEGIN:VCARD > VERSION:2.1 > X-GWTYPE:USER > FN:Marc Dufresne > TEL;WORK:613-543-3704 > ORG:;Information Technology > TEL;PREF;FAX:613-543-2847 > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > N:Dufresne;Marc > TITLE:Corporate IT Officer > END:VCARD > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marc Dufresne TEL;WORK:613-543-3704 ORG:;Information Technology TEL;PREF;FAX:613-543-2847 EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca N:Dufresne;Marc TITLE:Corporate IT Officer END:VCARD From MailScanner at ecs.soton.ac.uk Sat Jun 10 15:48:00 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 10 15:48:11 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working In-Reply-To: References: Message-ID: <448ADBA0.3010202@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marc Dufresne wrote: > That's exactly whatI did. Mailscanner installed properly, I then > followed the instructions at the end of the install concerning > mailscanner and mta. > > When executing mailscanner manually from the command line > /usr/local/etc/rc.d/mailscanner start > > It would just go back to the command line. If I ran ps -ax mailscanner > wasn't running. > Run ps ax | grep Mail and see what that says. Running the rc.d script should start it up then return to the command line. > after pulling my hair out for about two hours, I noticed the latest > version of Perl was 5.8.8. I was running perl 5.8.7. So I upgrade to > perl5.8.8. That went successful. Mailscanner still didn't work. > > So I went under /usr/ports/mail/mailscannner and ran > > make deinstall > > mailscanner-4.54.6 uninstalled successfully. Then I tried to re-install > by running > > make > make install > under /usr/ports/mail/mailscannner. > > Now I'm getting this error: > > Installing for p5-Filesys-Statvfs_Df-0.68 > ===> p5-Filesys-Statvfs_Df-0.68 depends on file: > /usr/local/bin/perl5.8.8 - found > ===> Generating temporary packing list > ===> Checking if devel/p5-Filesys-Statvfs_Df already installed > make: don't know how to make /usr/local/lib/perl5/5.8.7/mach/Config.pm. > Stop > *** Error code 2 > > Stop in /usr/ports/devel/p5-Filesys-Statvfs_Df. > *** Error code 1 > > Stop in /usr/ports/mail/mailscanner. > > Any ideas? > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > > >>>> lars+lister.mailscanner@adventuras.no 6/10/2006 7:30:49 AM >>> >>>> > Marc Dufresne skrev: > >> I have just upgraded to FreeBSD 6.1 and Sendmail 8.13.6. >> >> The mailscanner software running on my box is mailscanner 4.52.2-1. I >> > have tested this with the above upgrades and it still is working > perfectly. > >> I decided to update my ports tree and then updated mailscanner to >> > version 4.54.6. Everything installed correctly, but I cannot get > mailscanner to run from the command line or on boot. > >> >> > > Any failure messages? > Wild shot: You need to update mailscanner after upgrading the os > because of a filename installation default. > (mta or mta.sh) > > > ------------------------------------------------------------------------ > > BEGIN:VCARD > VERSION:2.1 > X-GWTYPE:USER > FN:Marc Dufresne > TEL;WORK:613-543-3704 > ORG:;Information Technology > TEL;PREF;FAX:613-543-2847 > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > N:Dufresne;Marc > TITLE:Corporate IT Officer > END:VCARD > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRIrboRH2WUcUFbZUEQIiFQCg6O1xwi/cw7+loHcFkeXCdLDklfcAn3f4 ijgS1rOa/yNRecy1ONiWNwQd =//1K -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From cpedaschus at gmx.de Sat Jun 10 15:58:43 2006 From: cpedaschus at gmx.de (Christian Pedaschus) Date: Sat Jun 10 16:00:11 2006 Subject: Virtual mailuser with their own bayes db? In-Reply-To: <448AD07F.7030809@ecs.soton.ac.uk> References: <448A05A2.70100@gmx.de> <448AD07F.7030809@ecs.soton.ac.uk> Message-ID: <448ADE23.20908@gmx.de> Thanks for the answer, Jules. I'll have a look at said solutions without bayes, because i don't like the idea of having 1 big bayes db for users across different domains (perhaps some users like a given sort of spam and learn it as ham while others learn it as spam, sounds like a bad idea) Just one more question: Could you please explain what this means, i'm curious :) # N.B. SpamAssassin will use home dir defined in ENV{HOME} # 'if $ENV{HOME} =~ /\//' # So, set ENV{HOME} to desired directory, or undef it to force it to get home # using getpwnam of $> (EUID) In bin/Mailscanner env(home) get unset, that's why this comment irritates me. Greets, Chris Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >MailScanner does not use spamd/spamc at all, it talks directly to >SpamAssassin's Perl library for speed and efficiency reasons. > >However, this does mean that you are stuck to 1 bayes db for the whole >system, sorry. People such as Matt Kettler (Matt--correct me if I'm >wrong) have constructed very reliable spam detection without using bayes >at all, so this isn't actually a big problem. Most people run with >bayes, with one bayes db shared between all their customers/users and >have no problems with it at all. > >So that bad news is that you can't do it. The good news is that it >doesn't actually matter anyway. > >Regards, >Jules. > >Christian Pedaschus wrote: > > >>Hi everybody, >> >>i'm using mailscanner-4.54.6, latest qmail-ldap and courier-imap-3.0.8 >>and try to get spamassassin to use a separate bayes db for every virtual >>mailuser instead of a global one, but can't get it to work nor did i >>find anything in the wiki/documentation about it (perhaps i'm blind, pls >>excuse if so, was a long day). >> >>i found a howto to patch spamd to get the vuser home-dir from courier, >>but it's not of much help because i'm no perl-developer and can't >>convert the needed steps to spamassassin. i looked around in >>Mailscanner/lib/Mailscanner/SA.pm and line 89-92 look promising, but i >>don't fully understand them. the sa-howto patches the getpwnam call to >>return the data from courier, i guess that's what i need to do here, i >>just don't know how or where exactly. >> >>can someone give me a hint on how to get this running? >> >> >>Greets, Chris >> >>ps. the mentioned spamd-patch howto: >>http://da.andaka.org/Doku/courier-spamassassin.html >> >> >> > >- -- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.0.6 (Build 6060) > >iQA/AwUBRIrQghH2WUcUFbZUEQIhIwCgpPwNnLtw7mfE62KWjXR5yM9rc2AAn0sa >vNrWZJB+j+Hg6mGtxWotPPxG >=3tVA >-----END PGP SIGNATURE----- > > > From MailScanner at ecs.soton.ac.uk Sat Jun 10 16:54:13 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 10 16:54:31 2006 Subject: Virtual mailuser with their own bayes db? In-Reply-To: <448ADE23.20908@gmx.de> References: <448A05A2.70100@gmx.de> <448AD07F.7030809@ecs.soton.ac.uk> <448ADE23.20908@gmx.de> Message-ID: <448AEB25.3000706@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Christian Pedaschus wrote: > Thanks for the answer, Jules. > I'll have a look at said solutions without bayes, because i don't like > the idea of having 1 big bayes db for users across different domains > (perhaps some users like a given sort of spam and learn it as ham while > others learn it as spam, sounds like a bad idea) > > > Just one more question: > Could you please explain what this means, i'm curious :) > > # N.B. SpamAssassin will use home dir defined in ENV{HOME} > # 'if $ENV{HOME} =~ /\//' > This will always be true if $ENV{HOME} is set at all. > # So, set ENV{HOME} to desired directory, or undef it to force it to get > home > # using getpwnam of $> (EUID) > > In bin/Mailscanner env(home) get unset, that's why this comment > irritates me. > I think I can remember why I delete $ENV{HOME}. It is set before the UID and EUID are changed to the "Run As User", so will always be that of root. By unsetting it, it forces SpamAssassin to use the home directory of the effective userid (i.e. the "Run As User") for its .spamassassin directory. If it were left defined, it would use the home directory of root as the location of the .spamassassin directory, which it can't actually write to once it has changed to be the "Run As User". I need to force it to use the home directory of the "Run As User" as that is the only place it can write to. So I undefine it to force it to reset it to that of the "Run As User". If I didn't do that, when running as "postfix" it would try to write to "/root/.spamassassin" which it wouldn't be able to access. By undefining it, I force it to use "/var/spool/postfix/.spamassassin" which it can access. I hope that explains why I did it this way. It is very necessary. > Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> MailScanner does not use spamd/spamc at all, it talks directly to >> SpamAssassin's Perl library for speed and efficiency reasons. >> >> However, this does mean that you are stuck to 1 bayes db for the whole >> system, sorry. People such as Matt Kettler (Matt--correct me if I'm >> wrong) have constructed very reliable spam detection without using bayes >> at all, so this isn't actually a big problem. Most people run with >> bayes, with one bayes db shared between all their customers/users and >> have no problems with it at all. >> >> So that bad news is that you can't do it. The good news is that it >> doesn't actually matter anyway. >> >> Regards, >> Jules. >> >> Christian Pedaschus wrote: >> >> >> >>> Hi everybody, >>> >>> i'm using mailscanner-4.54.6, latest qmail-ldap and courier-imap-3.0.8 >>> and try to get spamassassin to use a separate bayes db for every virtual >>> mailuser instead of a global one, but can't get it to work nor did i >>> find anything in the wiki/documentation about it (perhaps i'm blind, pls >>> excuse if so, was a long day). >>> >>> i found a howto to patch spamd to get the vuser home-dir from courier, >>> but it's not of much help because i'm no perl-developer and can't >>> convert the needed steps to spamassassin. i looked around in >>> Mailscanner/lib/Mailscanner/SA.pm and line 89-92 look promising, but i >>> don't fully understand them. the sa-howto patches the getpwnam call to >>> return the data from courier, i guess that's what i need to do here, i >>> just don't know how or where exactly. >>> >>> can someone give me a hint on how to get this running? >>> >>> >>> Greets, Chris >>> >>> ps. the mentioned spamd-patch howto: >>> http://da.andaka.org/Doku/courier-spamassassin.html >>> >>> >>> >>> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.6 (Build 6060) >> >> iQA/AwUBRIrQghH2WUcUFbZUEQIhIwCgpPwNnLtw7mfE62KWjXR5yM9rc2AAn0sa >> vNrWZJB+j+Hg6mGtxWotPPxG >> =3tVA >> -----END PGP SIGNATURE----- >> >> >> >> - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRIrrKxH2WUcUFbZUEQIAzgCgxtIUGFCPiJUqWG5oQQ7xFKkm4ukAoJg7 nyL/yWzdDZI40y/HSyOFi8fU =u9CJ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mkettler at evi-inc.com Sat Jun 10 16:56:03 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Sat Jun 10 16:56:15 2006 Subject: Virtual mailuser with their own bayes db? In-Reply-To: <448AD07F.7030809@ecs.soton.ac.uk> References: <448A05A2.70100@gmx.de> <448AD07F.7030809@ecs.soton.ac.uk> Message-ID: <448AEB93.5030804@evi-inc.com> Julian Field wrote: > MailScanner does not use spamd/spamc at all, it talks directly to > SpamAssassin's Perl library for speed and efficiency reasons. > > However, this does mean that you are stuck to 1 bayes db for the whole > system, sorry. People such as Matt Kettler (Matt--correct me if I'm > wrong) have constructed very reliable spam detection without using bayes > at all, so this isn't actually a big problem. I use bayes, quite extensively. I think bayes is one of the most powerful and useful tools in SA. However, in a corporate environment, I find that a single-site-wide bayes DB actually works better than individual bayes. Really, individual DBs is only worthwhile if your users are highly diverse, such as at an ISP. I'm also one of the proponents of the "hamtrap/spamtrap" automated training technique. a "hamtrap" is a secret, obscure email address that you subscribe to trusted email sources, (industry newsletters, etc) you then use a cron-job to process its mail with sa-learn --ham. A spamtrap is a not-so-secret email address that you seed out to the world in innocuous ways and then configure them to be trained as spam. I generally do this while posting to various technical mailing lists. Whenever an example needs an email address, I insert a bogus one at my domain. I leave the account as nonexistent for about a month, and then create an alias for it so it gets trained. From cpedaschus at gmx.de Sat Jun 10 17:03:11 2006 From: cpedaschus at gmx.de (Christian Pedaschus) Date: Sat Jun 10 17:04:40 2006 Subject: Virtual mailuser with their own bayes db? In-Reply-To: <448AEB25.3000706@ecs.soton.ac.uk> References: <448A05A2.70100@gmx.de> <448AD07F.7030809@ecs.soton.ac.uk> <448ADE23.20908@gmx.de> <448AEB25.3000706@ecs.soton.ac.uk> Message-ID: <448AED3F.8060103@gmx.de> Yes, that explains it. Thanks again. Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Christian Pedaschus wrote: > > >>Thanks for the answer, Jules. >>I'll have a look at said solutions without bayes, because i don't like >>the idea of having 1 big bayes db for users across different domains >>(perhaps some users like a given sort of spam and learn it as ham while >>others learn it as spam, sounds like a bad idea) >> >> >>Just one more question: >>Could you please explain what this means, i'm curious :) >> >># N.B. SpamAssassin will use home dir defined in ENV{HOME} >># 'if $ENV{HOME} =~ /\//' >> >> >> >This will always be true if $ENV{HOME} is set at all. > > >># So, set ENV{HOME} to desired directory, or undef it to force it to get >>home >># using getpwnam of $> (EUID) >> >>In bin/Mailscanner env(home) get unset, that's why this comment >>irritates me. >> >> >> >I think I can remember why I delete $ENV{HOME}. It is set before the UID >and EUID are changed to the "Run As User", so will always be that of >root. By unsetting it, it forces SpamAssassin to use the home directory >of the effective userid (i.e. the "Run As User") for its .spamassassin >directory. > >If it were left defined, it would use the home directory of root as the >location of the .spamassassin directory, which it can't actually write >to once it has changed to be the "Run As User". I need to force it to >use the home directory of the "Run As User" as that is the only place it >can write to. So I undefine it to force it to reset it to that of the >"Run As User". > >If I didn't do that, when running as "postfix" it would try to write to >"/root/.spamassassin" which it wouldn't be able to access. By undefining >it, I force it to use "/var/spool/postfix/.spamassassin" which it can >access. > >I hope that explains why I did it this way. >It is very necessary. > > > >>Julian Field wrote: >> >> >> >>>-----BEGIN PGP SIGNED MESSAGE----- >>>Hash: SHA1 >>> >>>MailScanner does not use spamd/spamc at all, it talks directly to >>>SpamAssassin's Perl library for speed and efficiency reasons. >>> >>>However, this does mean that you are stuck to 1 bayes db for the whole >>>system, sorry. People such as Matt Kettler (Matt--correct me if I'm >>>wrong) have constructed very reliable spam detection without using bayes >>>at all, so this isn't actually a big problem. Most people run with >>>bayes, with one bayes db shared between all their customers/users and >>>have no problems with it at all. >>> >>>So that bad news is that you can't do it. The good news is that it >>>doesn't actually matter anyway. >>> >>>Regards, >>>Jules. >>> >>>Christian Pedaschus wrote: >>> >>> >>> >>> >>> >>>>Hi everybody, >>>> >>>>i'm using mailscanner-4.54.6, latest qmail-ldap and courier-imap-3.0.8 >>>>and try to get spamassassin to use a separate bayes db for every virtual >>>>mailuser instead of a global one, but can't get it to work nor did i >>>>find anything in the wiki/documentation about it (perhaps i'm blind, pls >>>>excuse if so, was a long day). >>>> >>>>i found a howto to patch spamd to get the vuser home-dir from courier, >>>>but it's not of much help because i'm no perl-developer and can't >>>>convert the needed steps to spamassassin. i looked around in >>>>Mailscanner/lib/Mailscanner/SA.pm and line 89-92 look promising, but i >>>>don't fully understand them. the sa-howto patches the getpwnam call to >>>>return the data from courier, i guess that's what i need to do here, i >>>>just don't know how or where exactly. >>>> >>>>can someone give me a hint on how to get this running? >>>> >>>> >>>>Greets, Chris >>>> >>>>ps. the mentioned spamd-patch howto: >>>>http://da.andaka.org/Doku/courier-spamassassin.html >>>> >>>> >>>> >>>> >>>> >>>> >>>- -- >>>Julian Field >>>www.MailScanner.info >>>Buy the MailScanner book at www.MailScanner.info/store >>>Professional Support Services at www.MailScanner.biz >>>MailScanner thanks transtec Computers for their support >>> >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>>-----BEGIN PGP SIGNATURE----- >>>Version: PGP Desktop 9.0.6 (Build 6060) >>> >>>iQA/AwUBRIrQghH2WUcUFbZUEQIhIwCgpPwNnLtw7mfE62KWjXR5yM9rc2AAn0sa >>>vNrWZJB+j+Hg6mGtxWotPPxG >>>=3tVA >>>-----END PGP SIGNATURE----- >>> >>> >>> >>> >>> >>> > >- -- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.0.6 (Build 6060) > >iQA/AwUBRIrrKxH2WUcUFbZUEQIAzgCgxtIUGFCPiJUqWG5oQQ7xFKkm4ukAoJg7 >nyL/yWzdDZI40y/HSyOFi8fU >=u9CJ >-----END PGP SIGNATURE----- > > > From Marc.Dufresne at parks.on.ca Sat Jun 10 17:35:32 2006 From: Marc.Dufresne at parks.on.ca (Marc Dufresne) Date: Sat Jun 10 17:35:50 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working Message-ID: This is what I've done today to resolve my issues. p5-Filesys-Statvfs-Df error (FIXED) -Fixed by removing it from the ports tree. -Ran cvsup -g -L 2 portsupdatefile -Went to /usr/ports/devel/p5-Filesys-Statvfs-Df-0.68 ran make make install Result: Successful installation Mailscanner-4.54.6 (Reinstalled) -removed from ports tree - Ran cvsup -g -L 2 portsupdatefile - went to /usr/ports/mail/mailscanner ran make make install Result: Successful installation Perl5.8.8 went to /usr/ports/lang/perl5.8.8 ran make make install Result: I wanted to make sure perl 5.8.8 was installed corectly since I re-installed p5-Filesys-Statvfs-Df-0.68 and Mailscanenr-4.54.6. After running make then make install, It didn't re--install anything. It quickly went back to the command line. Since all of the above was OK, I then ran the script perl-after-upgrade. It fixed 172 packages. NEXT, I RAN: Ran /usr/local/sbin/MailScanner --lint This is the error I am getting: /usr/local/sbin/MailScanner --lint Could not read file /var/run/MailScanner.pid at /usr/local/lib/MailScanner/MailScanner/Config.pm line 2317 Error in line 162, file "/var/run/MailScanner.pid" for pidfile does not exist (or can not be read) at /usr/local/lib/MailScanner/MailScanner/Config.pm line 2487 Read 711 hostnames from the phishing whitelist Checking for SpamAssassin errors (if you use it)... You want to use SpamAssassin but have not installed it. at /usr/local/lib/MailScanner/MailScanner/SA.pm line 131 Please download http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz and unpack it and run ./install.sh to install it, then restart MailScanner. at /usr/local/lib/MailScanner/MailScanner/SA.pm line 132 I will run without SpamAssassin for now, you will not detect much spam until you install SpamAssassin. at /usr/local/lib/MailScanner/MailScanner/SA.pm line 133 MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamav Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> Julian Field 6/10/2006 10:45:35 AM >>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marc Dufresne wrote: > Will do. > > I noticed I was still rnning perl 5.8.7 after upgrading to FreeBSD 6.1, > Sendmail 8.13.6 and mailscanner-4.54.6. What I did was upgrade to > perl5.8.8 hoping that would solve my problem. Still isn't working. > > what command under FreeBSD do you execute to ensure the latest version > of Perl is linked to all services that need it? > Sorry, I'm not BSD expert at all, I can't help you. Sorry about that. Running perl 5.8.7 shouldn't cause any problems, I run much older versions than that myself and have no problems. It's just a matter of having the relevant versions of the MailScanner-required Perl modules installed. You can see the versions of all the Perl modules installed that MailScanner requires by running the command MailScanner --versions See what that says, and if it says anything is missing. Then you could just use CPAN or the ports system to upgrade/install the missing modules. Once MailScanner --versions works, try MailScanner --lint and check that works okay. Once that works, you should be ready to go. I hope that lot is some help to you. >>>> MailScanner@ecs.soton.ac.uk 6/10/2006 10:04:23 AM >>> >>>> > * PGP Bad Signature, Signed by a unverified key: 06/10/06 at 15:04:24 > > Also try asking Jan-Peter Koopmann as he is our head BSD wizard around > > here. You'll find his address from the mailing list, he's a frequent > poster. > > But please try everything you can think of, and everything you can't, > before mailing him. He is a very busy man and may well not have time to > > respond. > > Furthermore, if you get a solution from him, please post it back to the > > list so that it gets into the list archive, which is a valuable source > > of information and is useless without the solutions to posted > problems. > > Regards, > Jules. > > Res wrote: > >> run MailScanner --lint >> and see what errors pop up >> >> On Fri, 9 Jun 2006, Marc Dufresne wrote: >> >> >>> I have just upgraded to FreeBSD 6.1 and Sendmail 8.13.6. >>> >>> The mailscanner software running on my box is mailscanner 4.52.2-1. >>> > I > >>> have tested this with the above upgrades and it still is working >>> perfectly. >>> >>> I decided to update my ports tree and then updated mailscanner to >>> version 4.54.6. Everything installed correctly, but I cannot get >>> mailscanner to run from the command line or on boot. >>> >> > > > ------------------------------------------------------------------------ > > BEGIN:VCARD > VERSION:2.1 > X-GWTYPE:USER > FN:Marc Dufresne > TEL;WORK:613-543-3704 > ORG:;Information Technology > TEL;PREF;FAX:613-543-2847 > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > N:Dufresne;Marc > TITLE:Corporate IT Officer > END:VCARD > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRIrbERH2WUcUFbZUEQLTFQCgzCd3IBayOtCpmoqZcjTrZFVrYg8An1uw QvRYIt+2U3xhRuOupfEgylJi =cyAi -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marc Dufresne TEL;WORK:613-543-3704 ORG:;Information Technology TEL;PREF;FAX:613-543-2847 EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca N:Dufresne;Marc TITLE:Corporate IT Officer END:VCARD From lars+lister.mailscanner at adventuras.no Sat Jun 10 18:06:36 2006 From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen) Date: Sat Jun 10 18:07:00 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working In-Reply-To: References: Message-ID: <448AFC1C.6010500@adventuras.no> Marc Dufresne skrev: > This is what I've done today to resolve my issues. > > p5-Filesys-Statvfs-Df error (FIXED) > -Fixed by removing it from the ports tree. > -Ran cvsup -g -L 2 portsupdatefile > -Went to /usr/ports/devel/p5-Filesys-Statvfs-Df-0.68 > ran make > make install > > Result: Successful installation > > Mailscanner-4.54.6 (Reinstalled) > -removed from ports tree > - Ran cvsup -g -L 2 portsupdatefile > - went to /usr/ports/mail/mailscanner > Did you run 'make config' in that directory? You may have missed the options to install spamassassin and clamav. Lars > ran make > make install > > Result: Successful installation > > Perl5.8.8 > went to /usr/ports/lang/perl5.8.8 > ran make > make install > > Result: > I wanted to make sure perl 5.8.8 was installed corectly since I > re-installed p5-Filesys-Statvfs-Df-0.68 and Mailscanenr-4.54.6. After > running make then make install, It didn't re--install anything. It > quickly went back to the command line. > > Since all of the above was OK, I then ran the script > perl-after-upgrade. It fixed 172 packages. > > NEXT, I RAN: > > Ran /usr/local/sbin/MailScanner --lint > > This is the error I am getting: > > /usr/local/sbin/MailScanner --lint > Could not read file /var/run/MailScanner.pid at > /usr/local/lib/MailScanner/MailScanner/Config.pm line 2317 > Error in line 162, file "/var/run/MailScanner.pid" for pidfile does not > exist (or can not be read) at > /usr/local/lib/MailScanner/MailScanner/Config.pm line 2487 > Read 711 hostnames from the phishing whitelist > Checking for SpamAssassin errors (if you use it)... > You want to use SpamAssassin but have not installed it. at > /usr/local/lib/MailScanner/MailScanner/SA.pm line 131 > Please download > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz > and unpack it and run ./install.sh to install it, then restart > MailScanner. at /usr/local/lib/MailScanner/MailScanner/SA.pm line 132 > I will run without SpamAssassin for now, you will not detect much spam > until you install SpamAssassin. at > /usr/local/lib/MailScanner/MailScanner/SA.pm line 133 > > MailScanner.conf says "Virus Scanners = clamav" > Found these virus scanners installed: clamav > > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > > >>>> Julian Field 6/10/2006 10:45:35 AM >>>> >>>> > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Marc Dufresne wrote: > >> Will do. >> >> I noticed I was still rnning perl 5.8.7 after upgrading to FreeBSD >> > 6.1, > >> Sendmail 8.13.6 and mailscanner-4.54.6. What I did was upgrade to >> perl5.8.8 hoping that would solve my problem. Still isn't working. >> >> what command under FreeBSD do you execute to ensure the latest >> > version > >> of Perl is linked to all services that need it? >> >> > Sorry, I'm not BSD expert at all, I can't help you. Sorry about that. > Running perl 5.8.7 shouldn't cause any problems, I run much older > versions than that myself and have no problems. It's just a matter of > having the relevant versions of the MailScanner-required Perl modules > installed. > > You can see the versions of all the Perl modules installed that > MailScanner requires by running the command > MailScanner --versions > > See what that says, and if it says anything is missing. Then you could > > just use CPAN or the ports system to upgrade/install the missing > modules. > > Once MailScanner --versions works, try > MailScanner --lint > and check that works okay. Once that works, you should be ready to go. > > I hope that lot is some help to you. > >>>>> MailScanner@ecs.soton.ac.uk 6/10/2006 10:04:23 AM >>> >>>>> >>>>> >> * PGP Bad Signature, Signed by a unverified key: 06/10/06 at >> > 15:04:24 > >> Also try asking Jan-Peter Koopmann as he is our head BSD wizard >> > around > >> here. You'll find his address from the mailing list, he's a frequent >> poster. >> >> But please try everything you can think of, and everything you can't, >> > > >> before mailing him. He is a very busy man and may well not have time >> > to > >> respond. >> >> Furthermore, if you get a solution from him, please post it back to >> > the > >> list so that it gets into the list archive, which is a valuable >> > source > >> of information and is useless without the solutions to posted >> problems. >> >> Regards, >> Jules. >> >> Res wrote: >> >> >>> run MailScanner --lint >>> and see what errors pop up >>> >>> On Fri, 9 Jun 2006, Marc Dufresne wrote: >>> >>> >>> >>>> I have just upgraded to FreeBSD 6.1 and Sendmail 8.13.6. >>>> >>>> The mailscanner software running on my box is mailscanner >>>> > 4.52.2-1. > >>>> >>>> >> I >> >> >>>> have tested this with the above upgrades and it still is working >>>> perfectly. >>>> >>>> I decided to update my ports tree and then updated mailscanner to >>>> version 4.54.6. Everything installed correctly, but I cannot get >>>> mailscanner to run from the command line or on boot. >>>> >>>> >>> >>> >> >> >> > ------------------------------------------------------------------------ > >> BEGIN:VCARD >> VERSION:2.1 >> X-GWTYPE:USER >> FN:Marc Dufresne >> TEL;WORK:613-543-3704 >> ORG:;Information Technology >> TEL;PREF;FAX:613-543-2847 >> EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca >> N:Dufresne;Marc >> TITLE:Corporate IT Officer >> END:VCARD >> >> >> > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRIrbERH2WUcUFbZUEQLTFQCgzCd3IBayOtCpmoqZcjTrZFVrYg8An1uw > QvRYIt+2U3xhRuOupfEgylJi > =cyAi > -----END PGP SIGNATURE----- > > > ------------------------------------------------------------------------ > > BEGIN:VCARD > VERSION:2.1 > X-GWTYPE:USER > FN:Marc Dufresne > TEL;WORK:613-543-3704 > ORG:;Information Technology > TEL;PREF;FAX:613-543-2847 > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > N:Dufresne;Marc > TITLE:Corporate IT Officer > END:VCARD > > From Marc.Dufresne at parks.on.ca Sat Jun 10 18:38:30 2006 From: Marc.Dufresne at parks.on.ca (Marc Dufresne) Date: Sat Jun 10 18:38:53 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working Message-ID: Didn;t know I had that option. What I did was downloaded the latest install-Clam-SA.tar.gz from http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz Ran the ./install.sh --perl= adjusted path to pyzor and dcc in the mailscanner.cf, then ran /usr/local/sbin/MailScanner --lint Read 711 hostnames from the phishing whitelist Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamavmodule Looks good. Now for the moment of truth!!!! We'll let you know what happens. Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> lars+lister.mailscanner@adventuras.no 6/10/2006 1:06:36 PM >>> Marc Dufresne skrev: > This is what I've done today to resolve my issues. > > p5-Filesys-Statvfs-Df error (FIXED) > -Fixed by removing it from the ports tree. > -Ran cvsup -g -L 2 portsupdatefile > -Went to /usr/ports/devel/p5-Filesys-Statvfs-Df-0.68 > ran make > make install > > Result: Successful installation > > Mailscanner-4.54.6 (Reinstalled) > -removed from ports tree > - Ran cvsup -g -L 2 portsupdatefile > - went to /usr/ports/mail/mailscanner > Did you run 'make config' in that directory? You may have missed the options to install spamassassin and clamav. Lars > ran make > make install > > Result: Successful installation > > Perl5.8.8 > went to /usr/ports/lang/perl5.8.8 > ran make > make install > > Result: > I wanted to make sure perl 5.8.8 was installed corectly since I > re-installed p5-Filesys-Statvfs-Df-0.68 and Mailscanenr-4.54.6. After > running make then make install, It didn't re--install anything. It > quickly went back to the command line. > > Since all of the above was OK, I then ran the script > perl-after-upgrade. It fixed 172 packages. > > NEXT, I RAN: > > Ran /usr/local/sbin/MailScanner --lint > > This is the error I am getting: > > /usr/local/sbin/MailScanner --lint > Could not read file /var/run/MailScanner.pid at > /usr/local/lib/MailScanner/MailScanner/Config.pm line 2317 > Error in line 162, file "/var/run/MailScanner.pid" for pidfile does not > exist (or can not be read) at > /usr/local/lib/MailScanner/MailScanner/Config.pm line 2487 > Read 711 hostnames from the phishing whitelist > Checking for SpamAssassin errors (if you use it)... > You want to use SpamAssassin but have not installed it. at > /usr/local/lib/MailScanner/MailScanner/SA.pm line 131 > Please download > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz > and unpack it and run ./install.sh to install it, then restart > MailScanner. at /usr/local/lib/MailScanner/MailScanner/SA.pm line 132 > I will run without SpamAssassin for now, you will not detect much spam > until you install SpamAssassin. at > /usr/local/lib/MailScanner/MailScanner/SA.pm line 133 > > MailScanner.conf says "Virus Scanners = clamav" > Found these virus scanners installed: clamav > > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > > >>>> Julian Field 6/10/2006 10:45:35 AM >>>> >>>> > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Marc Dufresne wrote: > >> Will do. >> >> I noticed I was still rnning perl 5.8.7 after upgrading to FreeBSD >> > 6.1, > >> Sendmail 8.13.6 and mailscanner-4.54.6. What I did was upgrade to >> perl5.8.8 hoping that would solve my problem. Still isn't working. >> >> what command under FreeBSD do you execute to ensure the latest >> > version > >> of Perl is linked to all services that need it? >> >> > Sorry, I'm not BSD expert at all, I can't help you. Sorry about that. > Running perl 5.8.7 shouldn't cause any problems, I run much older > versions than that myself and have no problems. It's just a matter of > having the relevant versions of the MailScanner-required Perl modules > installed. > > You can see the versions of all the Perl modules installed that > MailScanner requires by running the command > MailScanner --versions > > See what that says, and if it says anything is missing. Then you could > > just use CPAN or the ports system to upgrade/install the missing > modules. > > Once MailScanner --versions works, try > MailScanner --lint > and check that works okay. Once that works, you should be ready to go. > > I hope that lot is some help to you. > >>>>> MailScanner@ecs.soton.ac.uk 6/10/2006 10:04:23 AM >>> >>>>> >>>>> >> * PGP Bad Signature, Signed by a unverified key: 06/10/06 at >> > 15:04:24 > >> Also try asking Jan-Peter Koopmann as he is our head BSD wizard >> > around > >> here. You'll find his address from the mailing list, he's a frequent >> poster. >> >> But please try everything you can think of, and everything you can't, >> > > >> before mailing him. He is a very busy man and may well not have time >> > to > >> respond. >> >> Furthermore, if you get a solution from him, please post it back to >> > the > >> list so that it gets into the list archive, which is a valuable >> > source > >> of information and is useless without the solutions to posted >> problems. >> >> Regards, >> Jules. >> >> Res wrote: >> >> >>> run MailScanner --lint >>> and see what errors pop up >>> >>> On Fri, 9 Jun 2006, Marc Dufresne wrote: >>> >>> >>> >>>> I have just upgraded to FreeBSD 6.1 and Sendmail 8.13.6. >>>> >>>> The mailscanner software running on my box is mailscanner >>>> > 4.52.2-1. > >>>> >>>> >> I >> >> >>>> have tested this with the above upgrades and it still is working >>>> perfectly. >>>> >>>> I decided to update my ports tree and then updated mailscanner to >>>> version 4.54.6. Everything installed correctly, but I cannot get >>>> mailscanner to run from the command line or on boot. >>>> >>>> >>> >>> >> >> >> > ------------------------------------------------------------------------ > >> BEGIN:VCARD >> VERSION:2.1 >> X-GWTYPE:USER >> FN:Marc Dufresne >> TEL;WORK:613-543-3704 >> ORG:;Information Technology >> TEL;PREF;FAX:613-543-2847 >> EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca >> N:Dufresne;Marc >> TITLE:Corporate IT Officer >> END:VCARD >> >> >> > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRIrbERH2WUcUFbZUEQLTFQCgzCd3IBayOtCpmoqZcjTrZFVrYg8An1uw > QvRYIt+2U3xhRuOupfEgylJi > =cyAi > -----END PGP SIGNATURE----- > > > ------------------------------------------------------------------------ > > BEGIN:VCARD > VERSION:2.1 > X-GWTYPE:USER > FN:Marc Dufresne > TEL;WORK:613-543-3704 > ORG:;Information Technology > TEL;PREF;FAX:613-543-2847 > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > N:Dufresne;Marc > TITLE:Corporate IT Officer > END:VCARD > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marc Dufresne TEL;WORK:613-543-3704 ORG:;Information Technology TEL;PREF;FAX:613-543-2847 EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca N:Dufresne;Marc TITLE:Corporate IT Officer END:VCARD From mikej at rogers.com Sat Jun 10 19:21:46 2006 From: mikej at rogers.com (Mike Jakubik) Date: Sat Jun 10 19:21:31 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working In-Reply-To: References: Message-ID: <448B0DBA.9040701@rogers.com> Marc Dufresne wrote: > That's exactly whatI did. Mailscanner installed properly, I then > followed the instructions at the end of the install concerning > mailscanner and mta. > > When executing mailscanner manually from the command line > /usr/local/etc/rc.d/mailscanner start > > It would just go back to the command line. If I ran ps -ax mailscanner > wasn't running. > > after pulling my hair out for about two hours, I noticed the latest > version of Perl was 5.8.8. I was running perl 5.8.7. So I upgrade to > perl5.8.8. That went successful. Mailscanner still didn't work. > > So I went under /usr/ports/mail/mailscannner and ran > > make deinstall > > mailscanner-4.54.6 uninstalled successfully. Then I tried to re-install > by running > > make > make install > under /usr/ports/mail/mailscannner. > > Now I'm getting this error: > > Installing for p5-Filesys-Statvfs_Df-0.68 > ===> p5-Filesys-Statvfs_Df-0.68 depends on file: > /usr/local/bin/perl5.8.8 - found > ===> Generating temporary packing list > ===> Checking if devel/p5-Filesys-Statvfs_Df already installed > make: don't know how to make /usr/local/lib/perl5/5.8.7/mach/Config.pm. > Stop > *** Error code 2 > > Stop in /usr/ports/devel/p5-Filesys-Statvfs_Df. > *** Error code 1 > > Stop in /usr/ports/mail/mailscanner. > > Any ideas? > Yes, you most likely hosed your perl installation by not properly upgrading it. Did you run the perl-after-upgrade script after updating perl? It sounds like the problem is between the keyboard and the chair. From mikej at rogers.com Sat Jun 10 19:22:37 2006 From: mikej at rogers.com (Mike Jakubik) Date: Sat Jun 10 19:22:22 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working In-Reply-To: References: Message-ID: <448B0DED.9080301@rogers.com> Marc Dufresne wrote: > I've been racking by brain trying to find that script name!! > > Thanks. > It's clearly displayed when updating the port. From mikej at rogers.com Sat Jun 10 19:25:12 2006 From: mikej at rogers.com (Mike Jakubik) Date: Sat Jun 10 19:24:56 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working In-Reply-To: References: Message-ID: <448B0E88.3000609@rogers.com> Marc Dufresne wrote: > Didn;t know I had that option. What I did was downloaded the latest > install-Clam-SA.tar.gz from > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz > Don't do that! Do not install 3rd party packages, when perfectly functioning ports exist for them. From lars+lister.mailscanner at adventuras.no Sat Jun 10 19:30:42 2006 From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen) Date: Sat Jun 10 19:30:56 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working In-Reply-To: References: Message-ID: <448B0FD2.5090901@adventuras.no> Marc Dufresne skrev: > Didn;t know I had that option. What I did was downloaded the latest > install-Clam-SA.tar.gz from > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz > > > Ran the ./install.sh --perl= > > adjusted path to pyzor and dcc in the mailscanner.cf, then ran > /usr/local/sbin/MailScanner --lint I have never used the install-Clam-SA.tar.gz, but does that not install in /opt? Are you now mixing two different installations? You may want to get rid of one of them. If you can. My experience is only with the port. Sorry. -- Lars > > Read 711 hostnames from the phishing whitelist > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > > MailScanner.conf says "Virus Scanners = clamav" > Found these virus scanners installed: clamavmodule > > Looks good. Now for the moment of truth!!!! We'll let you know what > happens. > > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > >>>> lars+lister.mailscanner@adventuras.no 6/10/2006 1:06:36 PM >>> > Marc Dufresne skrev: >> This is what I've done today to resolve my issues. >> >> p5-Filesys-Statvfs-Df error (FIXED) >> -Fixed by removing it from the ports tree. >> -Ran cvsup -g -L 2 portsupdatefile >> -Went to /usr/ports/devel/p5-Filesys-Statvfs-Df-0.68 >> ran make >> make install >> >> Result: Successful installation >> >> Mailscanner-4.54.6 (Reinstalled) >> -removed from ports tree >> - Ran cvsup -g -L 2 portsupdatefile >> - went to /usr/ports/mail/mailscanner >> > > Did you run 'make config' in that directory? > You may have missed the options to install spamassassin and clamav. > > Lars >> ran make >> make install >> >> Result: Successful installation >> >> Perl5.8.8 >> went to /usr/ports/lang/perl5.8.8 >> ran make >> make install >> >> Result: >> I wanted to make sure perl 5.8.8 was installed corectly since I >> re-installed p5-Filesys-Statvfs-Df-0.68 and Mailscanenr-4.54.6. > After >> running make then make install, It didn't re--install anything. It >> quickly went back to the command line. >> >> Since all of the above was OK, I then ran the script >> perl-after-upgrade. It fixed 172 packages. >> >> NEXT, I RAN: >> >> Ran /usr/local/sbin/MailScanner --lint >> >> This is the error I am getting: >> >> /usr/local/sbin/MailScanner --lint >> Could not read file /var/run/MailScanner.pid at >> /usr/local/lib/MailScanner/MailScanner/Config.pm line 2317 >> Error in line 162, file "/var/run/MailScanner.pid" for pidfile does > not >> exist (or can not be read) at >> /usr/local/lib/MailScanner/MailScanner/Config.pm line 2487 >> Read 711 hostnames from the phishing whitelist >> Checking for SpamAssassin errors (if you use it)... >> You want to use SpamAssassin but have not installed it. at >> /usr/local/lib/MailScanner/MailScanner/SA.pm line 131 >> Please download >> > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz > >> and unpack it and run ./install.sh to install it, then restart >> MailScanner. at /usr/local/lib/MailScanner/MailScanner/SA.pm line > 132 >> I will run without SpamAssassin for now, you will not detect much > spam >> until you install SpamAssassin. at >> /usr/local/lib/MailScanner/MailScanner/SA.pm line 133 >> >> MailScanner.conf says "Virus Scanners = clamav" >> Found these virus scanners installed: clamav >> >> >> Marc Dufresne, Corporate IT Officer >> St. Lawrence Parks Commission >> 13740 County Road 2 >> Morrisburg, ON K0C 1X0 >> >> E-mail: Marc.Dufresne@parks.on.ca >> Voice: 613-543-3704 Ext#2455 >> Fax: 613-543-2847 >> Corporate website: www.parks.on.ca >> >> >>>>> Julian Field 6/10/2006 10:45:35 AM >>>>> >>>>> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Marc Dufresne wrote: >> >>> Will do. >>> >>> I noticed I was still rnning perl 5.8.7 after upgrading to FreeBSD >>> >> 6.1, >> >>> Sendmail 8.13.6 and mailscanner-4.54.6. What I did was upgrade to >>> perl5.8.8 hoping that would solve my problem. Still isn't working. >>> >>> what command under FreeBSD do you execute to ensure the latest >>> >> version >> >>> of Perl is linked to all services that need it? >>> >>> >> Sorry, I'm not BSD expert at all, I can't help you. Sorry about that. > >> Running perl 5.8.7 shouldn't cause any problems, I run much older >> versions than that myself and have no problems. It's just a matter of > >> having the relevant versions of the MailScanner-required Perl modules > >> installed. >> >> You can see the versions of all the Perl modules installed that >> MailScanner requires by running the command >> MailScanner --versions >> >> See what that says, and if it says anything is missing. Then you > could >> just use CPAN or the ports system to upgrade/install the missing >> modules. >> >> Once MailScanner --versions works, try >> MailScanner --lint >> and check that works okay. Once that works, you should be ready to > go. >> I hope that lot is some help to you. >> >>>>>> MailScanner@ecs.soton.ac.uk 6/10/2006 10:04:23 AM >>> >>>>>> >>>>>> >>> * PGP Bad Signature, Signed by a unverified key: 06/10/06 at >>> >> 15:04:24 >> >>> Also try asking Jan-Peter Koopmann as he is our head BSD wizard >>> >> around >> >>> here. You'll find his address from the mailing list, he's a > frequent >>> poster. >>> >>> But please try everything you can think of, and everything you > can't, >>> >> >>> before mailing him. He is a very busy man and may well not have > time >>> >> to >> >>> respond. >>> >>> Furthermore, if you get a solution from him, please post it back to >>> >> the >> >>> list so that it gets into the list archive, which is a valuable >>> >> source >> >>> of information and is useless without the solutions to posted >>> problems. >>> >>> Regards, >>> Jules. >>> >>> Res wrote: >>> >>> >>>> run MailScanner --lint >>>> and see what errors pop up >>>> >>>> On Fri, 9 Jun 2006, Marc Dufresne wrote: >>>> >>>> >>>> >>>>> I have just upgraded to FreeBSD 6.1 and Sendmail 8.13.6. >>>>> >>>>> The mailscanner software running on my box is mailscanner >>>>> >> 4.52.2-1. >> >>>>> >>>>> >>> I >>> >>> >>>>> have tested this with the above upgrades and it still is working >>>>> perfectly. >>>>> >>>>> I decided to update my ports tree and then updated mailscanner to > >>>>> version 4.54.6. Everything installed correctly, but I cannot get >>>>> mailscanner to run from the command line or on boot. >>>>> >>>>> >>>> >>>> >>> >>> >>> > ------------------------------------------------------------------------ >> >>> BEGIN:VCARD >>> VERSION:2.1 >>> X-GWTYPE:USER >>> FN:Marc Dufresne >>> TEL;WORK:613-543-3704 >>> ORG:;Information Technology >>> TEL;PREF;FAX:613-543-2847 >>> EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca >>> N:Dufresne;Marc >>> TITLE:Corporate IT Officer >>> END:VCARD >>> >>> >>> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.6 (Build 6060) >> >> iQA/AwUBRIrbERH2WUcUFbZUEQLTFQCgzCd3IBayOtCpmoqZcjTrZFVrYg8An1uw >> QvRYIt+2U3xhRuOupfEgylJi >> =cyAi >> -----END PGP SIGNATURE----- >> >> >> > ------------------------------------------------------------------------ >> BEGIN:VCARD >> VERSION:2.1 >> X-GWTYPE:USER >> FN:Marc Dufresne >> TEL;WORK:613-543-3704 >> ORG:;Information Technology >> TEL;PREF;FAX:613-543-2847 >> EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca >> N:Dufresne;Marc >> TITLE:Corporate IT Officer >> END:VCARD >> >> > > > ------------------------------------------------------------------------ > > BEGIN:VCARD > VERSION:2.1 > X-GWTYPE:USER > FN:Marc Dufresne > TEL;WORK:613-543-3704 > ORG:;Information Technology > TEL;PREF;FAX:613-543-2847 > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > N:Dufresne;Marc > TITLE:Corporate IT Officer > END:VCARD > From maillists at conactive.com Sat Jun 10 19:31:15 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Jun 10 19:31:23 2006 Subject: Virtual mailuser with their own bayes db? In-Reply-To: <448ADE23.20908@gmx.de> References: <448A05A2.70100@gmx.de> <448AD07F.7030809@ecs.soton.ac.uk> <448ADE23.20908@gmx.de> Message-ID: Christian Pedaschus wrote on Sat, 10 Jun 2006 16:58:43 +0200: > I'll have a look at said solutions without bayes, because i don't like > the idea of having 1 big bayes db for users across different domains FYI: unless *all* your users get a *lot* of mail you are better off with a site-wide db. If this is not the case the user's Bayes will be quite ineffective because it gets too few spam or ham. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From gmane at tippingmar.com Sat Jun 10 19:39:36 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Sat Jun 10 19:39:38 2006 Subject: Is sophos-autoupdate updating? In-Reply-To: <448AD2A3.1090409@ecs.soton.ac.uk> References: <448AD2A3.1090409@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > I suspect not. The second command a couple of sentences up is the > correct one. You have to give the autoupdater the directory in which > Sophos is installed. Check that your > /etc/MailScanner/virus.scanners.conf has the correct directory for the > installation of Sophos, or it might still be trying to update an old > Sophos v3 or v4 installation in /usr/local/Sophos. But running the > Sophos command "savupdate" really should work, start by configuring that > so that it works properly. Have you given it the right Sophos username > and password to get updates? The MailScanner Sophos V5 autoupdate script > uses this command to do the update, so that command on its own must work > first. I agree that it is not updating. The values in virus.scanners.conf are correct. I installed using the MailScanner installation script, so that set the correct values for me. This machine has never had an older version of Sophos on it. I'll play with username and password. It may be that I am supposed to use the Sophos EM Library password instead of the regular user updating password for this. I'm not sure. The strange part is that when MailScanner runs the autoupdate it logs success, but when I run it it logs failure. Is it possible that the return code is not being passed correctly? Thanks, Mark From shrek-m at gmx.de Sat Jun 10 20:11:36 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Sat Jun 10 20:11:38 2006 Subject: Is sophos-autoupdate updating? In-Reply-To: References: <448AD2A3.1090409@ecs.soton.ac.uk> Message-ID: <448B1968.1090000@gmx.de> Mark Nienberg schrieb: > I'll play with username and password. It may be that I am supposed to > use the Sophos EM Library password instead of the regular user > updating password for this. I'm not sure. take a look on your licence. "EM Download username password" is what you need. # /opt/sophos-av/bin/savsetup Welcome to Sophos Anti-Virus interactive configuration [1] Update configuration [2] Sophos Anti-Virus GUI configuration [q] Quit What do you want to do? [1] > 1 [1] Display update configuration [2] Add new update group [3] Add package to existing update group [4] Select update group for this computer [5] Select package within current update group [6] Configure computer to update from Sophos [7] Configure computer to update from own server [q] Quit What do you want to do? [1] > 6 Username for Sophos updates? [] > [...] -- shrek-m From cpedaschus at gmx.de Sat Jun 10 20:19:28 2006 From: cpedaschus at gmx.de (Christian Pedaschus) Date: Sat Jun 10 20:20:58 2006 Subject: Virtual mailuser with their own bayes db? In-Reply-To: References: <448A05A2.70100@gmx.de> <448AD07F.7030809@ecs.soton.ac.uk> <448ADE23.20908@gmx.de> Message-ID: <448B1B40.1090008@gmx.de> Kai Schaetzl wrote: >Christian Pedaschus wrote on Sat, 10 Jun 2006 16:58:43 +0200: > > > >>I'll have a look at said solutions without bayes, because i don't like >>the idea of having 1 big bayes db for users across different domains >> >> > >FYI: unless *all* your users get a *lot* of mail you are better off with a >site-wide db. If this is not the case the user's Bayes will be quite >ineffective because it gets too few spam or ham. > >Kai > > > At least 200 spam/ham, i know, but that's no problem, most of the users have >2000 mails in their box (without all the spam). Messis everywhere (don't know howto translate messi, in german it means ppl who keep all kind of things, even if they won't ever need it again) ;) It's not so important to have a single bayes-db for every user, but at least a single bayes for every domain. The single user stuff was just my first thought because it seemed logical to use the users homedir for spamassassin. Btw. Jules, that would be my "call for improvements" :) Greets, Chris From cpedaschus at gmx.de Sat Jun 10 20:28:18 2006 From: cpedaschus at gmx.de (Christian Pedaschus) Date: Sat Jun 10 20:29:48 2006 Subject: Virtual mailuser with their own bayes db? In-Reply-To: <448B1B40.1090008@gmx.de> References: <448A05A2.70100@gmx.de> <448AD07F.7030809@ecs.soton.ac.uk> <448ADE23.20908@gmx.de> <448B1B40.1090008@gmx.de> Message-ID: <448B1D52.90808@gmx.de> Christian Pedaschus wrote: >Kai Schaetzl wrote: > > > >>Christian Pedaschus wrote on Sat, 10 Jun 2006 16:58:43 +0200: >> >> >> >> >> >>>I'll have a look at said solutions without bayes, because i don't like >>>the idea of having 1 big bayes db for users across different domains >>> >>> >>> >>> >>FYI: unless *all* your users get a *lot* of mail you are better off with a >>site-wide db. If this is not the case the user's Bayes will be quite >>ineffective because it gets too few spam or ham. >> >>Kai >> >> >> >> >> >At least 200 spam/ham, i know, but that's no problem, most of the users >have >2000 mails in their box (without all the spam). > >Messis everywhere (don't know howto translate messi, in german it means >ppl who keep all kind of things, even if they won't ever need it again) ;) > >It's not so important to have a single bayes-db for every user, but at >least a single bayes for every domain. The single user stuff was just my >first thought because it seemed logical to use the users homedir for >spamassassin. > >Btw. Jules, that would be my "call for improvements" :) > >Greets, Chris > > > forgot to add that those 2000mails per box are from a few months, busy mailers they are :) From richard.siddall at elirion.net Sat Jun 10 21:09:16 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Sat Jun 10 21:09:49 2006 Subject: Pack rats, was: Virtual mailuser with their own bayes db? In-Reply-To: <448B1B40.1090008@gmx.de> References: <448A05A2.70100@gmx.de> <448AD07F.7030809@ecs.soton.ac.uk> <448ADE23.20908@gmx.de> <448B1B40.1090008@gmx.de> Message-ID: <448B26EC.9000600@elirion.net> Christian Pedaschus wrote: > Messis everywhere (don't know howto translate messi, in german it means > ppl who keep all kind of things, even if they won't ever need it again) ;) > The closest term in American slang is "pack rat", IMHO. "The term pack rat is also used in English as slang to refer to a person who collects miscellaneous items and has trouble getting rid of them." (http://en.wikipedia.org/wiki/Pack_rat) Regards, Richard Siddall From cpedaschus at gmx.de Sat Jun 10 22:00:03 2006 From: cpedaschus at gmx.de (Christian Pedaschus) Date: Sat Jun 10 22:01:33 2006 Subject: Pack rats, was: Virtual mailuser with their own bayes db? In-Reply-To: <448B26EC.9000600@elirion.net> References: <448A05A2.70100@gmx.de> <448AD07F.7030809@ecs.soton.ac.uk> <448ADE23.20908@gmx.de> <448B1B40.1090008@gmx.de> <448B26EC.9000600@elirion.net> Message-ID: <448B32D3.9050907@gmx.de> Richard Siddall wrote: >Christian Pedaschus wrote: > > >>Messis everywhere (don't know howto translate messi, in german it means >>ppl who keep all kind of things, even if they won't ever need it again) ;) >> >> >> > >The closest term in American slang is "pack rat", IMHO. > >"The term pack rat is also used in English as slang to refer to a person >who collects miscellaneous items and has trouble getting rid of them." >(http://en.wikipedia.org/wiki/Pack_rat) > >Regards, > > Richard Siddall > > Lol, funny animals :) From res at ausics.net Sat Jun 10 23:50:05 2006 From: res at ausics.net (Res) Date: Sat Jun 10 23:50:14 2006 Subject: Another call for improvements Message-ID: Jules, How about consideration of change to the src install script like on our redhat counterpart servers, those that use /opt like slackware et al takes extra time to move shuffle and and follow the upgrade process for MS and Langs requires intervention, so my question is whats wrong with just doing it the same way as RH version where it just updates and overwrites? This saves moving our mrtg and rules files and any customized reports etc as well as stuffing around with upgrade sripts :) Its still a good idiea I think to keep it under /opt as makes easy install from backups if something goes pear shaped, rather than a symlink, make it a a true /opt/MailScanner. I have looked at it and I can see no ill effects for doing it this way, but thats me :) -- Cheers Res From shuttlebox at gmail.com Sun Jun 11 00:52:42 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Sun Jun 11 00:52:45 2006 Subject: Another call for improvements In-Reply-To: References: Message-ID: <625385e30606101652o32959014qaaee35a8507b8062@mail.gmail.com> On 6/11/06, Res wrote: > Jules, > > How about consideration of change to the src install script > like on our redhat counterpart servers, those that use /opt like slackware > et al takes extra time to move shuffle and and follow the upgrade process > for MS and Langs requires intervention, so my question is whats wrong with > just doing it the same way as RH version where it just updates and overwrites? > This saves moving our mrtg and rules files and any customized reports > etc as well as stuffing around with upgrade sripts :) > > Its still a good idiea I think to keep it under /opt as makes easy > install from backups if something goes pear shaped, rather than a > symlink, make it a a true /opt/MailScanner. > > I have looked at it and I can see no ill effects for doing it this way, > but thats me :) That's a very bad idea if you ask me. I manage both RPM and non-RPM systems running MS and I find it much easier and less risky to update the non-RPM systems due to the symlink approach. I can take all day during full production tinkering with the new system making sure every config file is the way I want it before switching the symlink. If something still goes wrong I'm back in a second to the old config. With the RPM systems everything seems easier but you still have to diff the files just the same and much worse - you have to do that while the system is offline. I would like it to stay the way it is. -- /peter From res at ausics.net Sun Jun 11 01:30:22 2006 From: res at ausics.net (Res) Date: Sun Jun 11 01:30:28 2006 Subject: Another call for improvements In-Reply-To: <625385e30606101652o32959014qaaee35a8507b8062@mail.gmail.com> References: <625385e30606101652o32959014qaaee35a8507b8062@mail.gmail.com> Message-ID: On Sun, 11 Jun 2006, shuttlebox wrote: > On 6/11/06, Res wrote: >> Jules, >> >> How about consideration of change to the src install script >> like on our redhat counterpart servers, those that use /opt like slackware >> et al takes extra time to move shuffle and and follow the upgrade process >> for MS and Langs requires intervention, so my question is whats wrong with >> just doing it the same way as RH version where it just updates and >> overwrites? >> This saves moving our mrtg and rules files and any customized reports >> etc as well as stuffing around with upgrade sripts :) >> >> Its still a good idiea I think to keep it under /opt as makes easy >> install from backups if something goes pear shaped, rather than a >> symlink, make it a a true /opt/MailScanner. >> >> I have looked at it and I can see no ill effects for doing it this way, >> but thats me :) > > That's a very bad idea if you ask me. I manage both RPM and non-RPM > systems running MS and I find it much easier and less risky to update > the non-RPM systems due to the symlink approach. I can take all day > during full production tinkering with the new system making sure every > config file is the way I want it before switching the symlink. If > something still goes wrong I'm back in a second to the old config. So you don't backup before upgrade then? I've always done so, cp -a MailScanner /opt/mailscan.old first, so my recovery is 3 seconds if I need it, but i've never had to roll back yet. > > With the RPM systems everything seems easier but you still have to > diff the files just the same and much worse - you have to do that > while the system is offline. eh? never taken it offline to do so, just service MailScanner stop/start after upgrade, and diff takes a few seconds, i've never had a corruption yet, i know i know, "yet" is a dangerous word, which is why most our units our slackware, only 2 are rpm distros > > I would like it to stay the way it is. > > OK 1 for 1 against, I'll throw into this one in as well, perhaps an install option for the upgrade over-write way so those that want to do it as it is now can ./install.sh -fast and for those that want full automation maybe, ./install.sh -fast -upgrade -- Cheers Res From grover1711 at gmail.com Sun Jun 11 07:48:53 2006 From: grover1711 at gmail.com (ankush grover) Date: Sun Jun 11 07:48:57 2006 Subject: content filtering with MailScanner 4.44 + postfix 2.1.5 on FC3 In-Reply-To: <448AD763.7080302@ecs.soton.ac.uk> References: <5f638b360606100029x40a60295r4ece048ef8434e97@mail.gmail.com> <448AD763.7080302@ecs.soton.ac.uk> Message-ID: <5f638b360606102348p4dda2acdwdbdbf3543e91fa37@mail.gmail.com> > > a) Banning receiving & sending attachments for some users for example > > "ankush@example.com" is not allowed to send or receive any > > attachments. > > In MailScanner.conf, > Maximum Attachment Size = %rules-dir%/max.attach.size.rules > > In /etc/MailScanner/rules/max.attach.size.rules > FromOrTo: ankush@example.com 0 > FromOtTo: default -1 > > > b) Banning receiving emails for some users from the all other domains > > except from > > one domain for example if there is any email for user > > "tom@example.com" from > > any other domain that mail should be dropped but this user should > > be able to > > receive mail from the example.com domain but not from anyother domain. > > In MailScanner.conf, > Is Definitely Spam = %rules-dir%/is.definitely.spam.rules > Definite Spam Is High Scoring = yes > High-Scoring Spam Actions = delete store > > In /etc/MailScanner/rules/is.definitely.spam.rules > To: tom@example.com and From: *@example.com no > To: tom@example.com yes > FromOrTo: default no > > > c) People are still sending mails to the accounts of the ex employees > > I want to > > totally ban mails to those accounts both within the organisation > > and from > > outside means if the mail is for the user "john@example.com" > > that mail > > should get dropped. > > Do this in your MTA. In sendmail, for example, add this to /etc/mail/access > john@example.com DISCARD > then > cd /etc/mail > make hey friends, Thanks to everybody for their guidance specially Mr.Julian. Thanks & Regards Ankush Grover From MailScanner at ecs.soton.ac.uk Sun Jun 11 12:29:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jun 11 12:29:33 2006 Subject: Is sophos-autoupdate updating? In-Reply-To: References: <448AD2A3.1090409@ecs.soton.ac.uk> Message-ID: <448BFE87.7090309@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Nienberg wrote: > Julian Field wrote: >> I suspect not. The second command a couple of sentences up is the >> correct one. You have to give the autoupdater the directory in which >> Sophos is installed. Check that your >> /etc/MailScanner/virus.scanners.conf has the correct directory for >> the installation of Sophos, or it might still be trying to update an >> old Sophos v3 or v4 installation in /usr/local/Sophos. But running >> the Sophos command "savupdate" really should work, start by >> configuring that so that it works properly. Have you given it the >> right Sophos username and password to get updates? The MailScanner >> Sophos V5 autoupdate script uses this command to do the update, so >> that command on its own must work first. > > Is it possible that the return code is not being passed correctly? Very :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRIv+iRH2WUcUFbZUEQKndQCfe/b9S+DDi/F3pgw5/PgR6GgMZw0AoKaC SpcH5WpUj40xFs9Gv3I4xNen =XElD -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sun Jun 11 12:41:53 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jun 11 12:42:04 2006 Subject: Another call for improvements In-Reply-To: References: <625385e30606101652o32959014qaaee35a8507b8062@mail.gmail.com> Message-ID: <448C0181.20101@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Res wrote: > > On Sun, 11 Jun 2006, shuttlebox wrote: > >> On 6/11/06, Res wrote: >>> Jules, >>> >>> How about consideration of change to the src install script >>> like on our redhat counterpart servers, those that use /opt like >>> slackware >>> et al takes extra time to move shuffle and and follow the upgrade >>> process >>> for MS and Langs requires intervention, so my question is whats >>> wrong with >>> just doing it the same way as RH version where it just updates and >>> overwrites? >>> This saves moving our mrtg and rules files and any customized reports >>> etc as well as stuffing around with upgrade sripts :) >>> >>> Its still a good idiea I think to keep it under /opt as makes easy >>> install from backups if something goes pear shaped, rather than a >>> symlink, make it a a true /opt/MailScanner. >>> >>> I have looked at it and I can see no ill effects for doing it this way, >>> but thats me :) I fundamentally am missing your point :-( What are you saying and suggesting - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRIwBghH2WUcUFbZUEQJnMQCg5vXB0Ytn+gfax6c+JOA29Ha2BpUAoLTc PW3AYuwyp/QCNYTq1mzgWvSC =LJwn -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From Marc.Dufresne at parks.on.ca Sun Jun 11 14:02:19 2006 From: Marc.Dufresne at parks.on.ca (Marc Dufresne) Date: Sun Jun 11 14:03:02 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working Message-ID: If it was a fully functioning port than why wasn't Spamassassin installed. This was the exact error message I received after I ran /usr/local/sbin/MailScanner --lint >> >> /usr/local/sbin/MailScanner --lint >> Could not read file /var/run/MailScanner.pid at >> /usr/local/lib/MailScanner/MailScanner/Config.pm line 2317 >> Error in line 162, file "/var/run/MailScanner.pid" for pidfile does > not >> exist (or can not be read) at >> /usr/local/lib/MailScanner/MailScanner/Config.pm line 2487 >> Read 711 hostnames from the phishing whitelist >> Checking for SpamAssassin errors (if you use it)... >> You want to use SpamAssassin but have not installed it. at >> /usr/local/lib/MailScanner/MailScanner/SA.pm line 131 >> Please download >> > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz > >> and unpack it and run ./install.sh to install it, then restart >> MailScanner. at /usr/local/lib/MailScanner/MailScanner/SA.pm line > 132 >> I will run without SpamAssassin for now, you will not detect much > spam >> until you install SpamAssassin. at >> /usr/local/lib/MailScanner/MailScanner/SA.pm line 133 >> >> MailScanner.conf says "Virus Scanners = clamav" >> Found these virus scanners installed: clamav It you don't want anyone to download a third party product, than the error output shouldn't instruct you to! Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> mikej@rogers.com 6/10/2006 2:25:12 PM >>> Marc Dufresne wrote: > Didn;t know I had that option. What I did was downloaded the latest > install-Clam-SA.tar.gz from > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz > Don't do that! Do not install 3rd party packages, when perfectly functioning ports exist for them. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marc Dufresne TEL;WORK:613-543-3704 ORG:;Information Technology TEL;PREF;FAX:613-543-2847 EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca N:Dufresne;Marc TITLE:Corporate IT Officer END:VCARD From Marc.Dufresne at parks.on.ca Sun Jun 11 14:04:56 2006 From: Marc.Dufresne at parks.on.ca (Marc Dufresne) Date: Sun Jun 11 14:05:21 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working Message-ID: Must have missed it. Resolved all of my issues. Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> mikej@rogers.com 6/10/2006 2:22:37 PM >>> Marc Dufresne wrote: > I've been racking by brain trying to find that script name!! > > Thanks. > It's clearly displayed when updating the port. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marc Dufresne TEL;WORK:613-543-3704 ORG:;Information Technology TEL;PREF;FAX:613-543-2847 EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca N:Dufresne;Marc TITLE:Corporate IT Officer END:VCARD From maillists at conactive.com Sun Jun 11 15:31:22 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Jun 11 15:31:31 2006 Subject: Virtual mailuser with their own bayes db? In-Reply-To: <448B1B40.1090008@gmx.de> References: <448A05A2.70100@gmx.de> <448AD07F.7030809@ecs.soton.ac.uk> <448ADE23.20908@gmx.de> <448B1B40.1090008@gmx.de> Message-ID: Christian Pedaschus wrote on Sat, 10 Jun 2006 21:19:28 +0200: > At least 200 spam/ham, i know, but that's no problem, most of the users > have >2000 mails in their box (without all the spam). I'm not so much talking of the minimum. There's a difference if you have 1 Mio Bayes tokens for each single user (site-wide) or only 10.000 for each single user. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From res at ausics.net Sun Jun 11 23:45:53 2006 From: res at ausics.net (Res) Date: Sun Jun 11 23:46:00 2006 Subject: Another call for improvements In-Reply-To: <448C0181.20101@ecs.soton.ac.uk> References: <625385e30606101652o32959014qaaee35a8507b8062@mail.gmail.com> <448C0181.20101@ecs.soton.ac.uk> Message-ID: On Sun, 11 Jun 2006, Julian Field wrote: > What are you saying and suggesting I thought it was pretty clear, shuttle understood it, no mater it seems its not going to be a popular request, so suggestion is withdrawn, Ill write my own mod script for us > > -- Cheers Res From cpedaschus at gmx.de Mon Jun 12 00:41:29 2006 From: cpedaschus at gmx.de (Christian Pedaschus) Date: Mon Jun 12 00:43:09 2006 Subject: Virtual mailuser with their own bayes db? In-Reply-To: References: <448A05A2.70100@gmx.de> <448AD07F.7030809@ecs.soton.ac.uk> <448ADE23.20908@gmx.de> <448B1B40.1090008@gmx.de> Message-ID: <448CAA29.1010308@gmx.de> Kai Schaetzl wrote: >Christian Pedaschus wrote on Sat, 10 Jun 2006 21:19:28 +0200: > > > >>At least 200 spam/ham, i know, but that's no problem, most of the users >>have >2000 mails in their box (without all the spam). >> >> > >I'm not so much talking of the minimum. There's a difference if you have 1 >Mio Bayes tokens for each single user (site-wide) or only 10.000 for each >single user. > >Kai > > > That's true, no doubt. Which brings me to the question: "does anybody know if bayes take the recipient into his calculation"? If so, it would clear all my concerns about virtual domains. I must admit i didn't enter this question in google (yet), just came home and checked my mails before going to bed ;) Greets, Chris From eneal at dfi-intl.com Mon Jun 12 04:29:05 2006 From: eneal at dfi-intl.com (Errol Neal) Date: Mon Jun 12 04:29:11 2006 Subject: MultipleQueueDir using "{todomain}" Message-ID: In CustomConfig.pm I have: Return '/var/spool/mqueue.priority' if $message->{todomain} = enhtech.com; MS didn't choke on it, however, I'm finding that that's not all that's making into this queue. What have I done incorrectly? This server is a gateway so sendmail returns mail.enhtech.com for all domains This server protects. TIA, Errol __________________________________________ Errol Uriel Neal Jr. Sr. Network Administrator DFI International, Inc. 1717 Pennsylvania Ave NW, Suite 1300 Washington, DC 20006 Tel (202)452-6955 Fax (202)452-6910 eneal@dfi-intl.com www.dfi-intl.com From goetz.reinicke at filmakademie.de Mon Jun 12 08:00:57 2006 From: goetz.reinicke at filmakademie.de (=?ISO-8859-15?Q?G=F6tz_Reinicke?=) Date: Mon Jun 12 08:01:07 2006 Subject: Lots off SPAM mail passing checks without beeinig scored high Message-ID: <448D1129.6060407@filmakademie.de> Hi, for the last few days I noticed, that I do get a lot of SPAM mails scored lower than my requierde score. E.g. a mail with the subject "Small-Cap Review" (if anybody else get this message ;-) ) The SPAM-CHECK-Header-Information is: X-Spam-Check: SpamAssassin 3.0.6 (2005-12-07) X-Spam-Status: No, score=0.8 required=3.2 tests=BAYES_05, RCVD_IN_BL_SPAMCOP_NET autolearn=no version=3.0.6 How may my mailscanner-installation catch thous SPAM mails as well? Thanks for hints and Tips! Regards G?tz Reinicke -- G?tz Reinicke IT Koordinator - IT OfficeNet Tel. +49 (0) 7141 - 969 420 Fax +49 (0) 7141 - 969 55 420 goetz.reinicke@filmakademie.de Filmakademie Baden-W?rttemberg Mathildenstr. 20 71638 Ludwigsburg www.filmakademie.de From MailScanner at ecs.soton.ac.uk Mon Jun 12 08:51:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 12 08:51:57 2006 Subject: MultipleQueueDir using "{todomain}" In-Reply-To: References: Message-ID: On 12 Jun 2006, at 04:29, Errol Neal wrote: > In CustomConfig.pm I have: > > Return '/var/spool/mqueue.priority' if $message->{todomain} = > enhtech.com; That's bad perl. What you meant was this: return '/var/spool/mqueue.priority' if ${$message->{todomain}}[0] eq 'enhtech.com'; or something similar. {todomain} is a list, so you want the first (for example) element of the list. '=' is the assignment operator. You want to do a string compare which is 'eq'. The string should of course be surrounded by ' quotes. > > MS didn't choke on it, however, I'm finding that that's not all that's > making into this queue. > What have I done incorrectly? This server is a gateway so sendmail > returns mail.enhtech.com for all domains > This server protects. > > TIA, > > Errol > > __________________________________________ > Errol Uriel Neal Jr. > Sr. Network Administrator > DFI International, Inc. > 1717 Pennsylvania Ave NW, Suite 1300 > Washington, DC 20006 > Tel (202)452-6955 > Fax (202)452-6910 > eneal@dfi-intl.com > www.dfi-intl.com > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From martinh at solid-state-logic.com Mon Jun 12 09:42:17 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Jun 12 09:42:43 2006 Subject: Lots off SPAM mail passing checks without beeinig scored high In-Reply-To: <448D1129.6060407@filmakademie.de> Message-ID: <01d001c68dfc$1e284b30$3004010a@martinhlaptop> Hi Those headers are not MS headers, but SA headers. IE MS isn't calling SA, something else is.... Anyway, you don't mention which version of SA and MS, but you'll find a lot of extra useful rules at www.rulesemporium.com along with a nice utility to keep them updated called rulesdujour. I'd also make sure you have the URI-RBL pluging installed in one of the /etc/mail/spamassassin/*.pre files.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of G?tz Reinicke > Sent: 12 June 2006 08:01 > To: mailscanner@lists.mailscanner.info > Subject: Lots off SPAM mail passing checks without beeinig scored high > > Hi, > > for the last few days I noticed, that I do get a lot of SPAM mails > scored lower than my requierde score. > > E.g. a mail with the subject "Small-Cap Review" (if anybody else get > this message ;-) ) > > The SPAM-CHECK-Header-Information is: > > X-Spam-Check: SpamAssassin 3.0.6 (2005-12-07) > > X-Spam-Status: No, score=0.8 required=3.2 tests=BAYES_05, > RCVD_IN_BL_SPAMCOP_NET autolearn=no version=3.0.6 > > How may my mailscanner-installation catch thous SPAM mails as well? > > Thanks for hints and Tips! > > Regards > > G?tz Reinicke > -- > G?tz Reinicke > IT Koordinator - IT OfficeNet > > Tel. +49 (0) 7141 - 969 420 > Fax +49 (0) 7141 - 969 55 420 > goetz.reinicke@filmakademie.de > > Filmakademie Baden-W?rttemberg > Mathildenstr. 20 > 71638 Ludwigsburg > www.filmakademie.de > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From eneal at dfi-intl.com Mon Jun 12 11:15:42 2006 From: eneal at dfi-intl.com (Errol Neal) Date: Mon Jun 12 11:17:31 2006 Subject: MultipleQueueDir using "{todomain}" Message-ID: I feel embarrased :) But better embarrassed and corrected than the alternative! Thanks for the clarification. Also, for further clarification, is {todomain} an array? What is returned? I just assumed it was a single dest domain. Errol -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Monday, June 12, 2006 3:52 AM To: MailScanner discussion Subject: Re: MultipleQueueDir using "{todomain}" On 12 Jun 2006, at 04:29, Errol Neal wrote: > In CustomConfig.pm I have: > > Return '/var/spool/mqueue.priority' if $message->{todomain} = > enhtech.com; That's bad perl. What you meant was this: return '/var/spool/mqueue.priority' if ${$message->{todomain}}[0] eq 'enhtech.com'; or something similar. {todomain} is a list, so you want the first (for example) element of the list. '=' is the assignment operator. You want to do a string compare which is 'eq'. The string should of course be surrounded by ' quotes. > > MS didn't choke on it, however, I'm finding that that's not all that's > making into this queue. > What have I done incorrectly? This server is a gateway so sendmail > returns mail.enhtech.com for all domains This server protects. > > TIA, > > Errol > > __________________________________________ > Errol Uriel Neal Jr. > Sr. Network Administrator > DFI International, Inc. > 1717 Pennsylvania Ave NW, Suite 1300 > Washington, DC 20006 > Tel (202)452-6955 > Fax (202)452-6910 > eneal@dfi-intl.com > www.dfi-intl.com > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at seceidos.de Mon Jun 12 11:19:07 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Mon Jun 12 11:19:18 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working In-Reply-To: Message-ID: On Sunday, June 11, 2006 3:02 PM Marc Dufresne wrote: > If it was a fully functioning port than why wasn't Spamassassin > installed. This was the exact error message I received after I ran There are fully functioning ports for ClamAV, Spamassassin and hopefully MailScanner as well. If you install MailScanner for the first time it will ask if you want to install SpamAssassin, ClamAV etc. with it. If you choose not to you will not be asked again (due to the port system) unless you delete a file in the ports-database. This is probably what happened to you. Even then you should be able to install the ports manually. Do _not_ use third party packages, it will definatly give you problems. > It you don't want anyone to download a third party product, than the > error output shouldn't instruct you to! What error output do you refer to? What error output told you to run install-Clam-SA? If there is such an output it comes from MailScanner directly and not from the port. Do I understand it correctly: All your problems are solved now? Kind regards, JP From Jan-Peter.Koopmann at seceidos.de Mon Jun 12 11:20:00 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Mon Jun 12 11:20:12 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working In-Reply-To: <448AD167.9080609@ecs.soton.ac.uk> Message-ID: On Saturday, June 10, 2006 4:04 PM Julian Field wrote: > But please try everything you can think of, and everything you can't, > before mailing him. He is a very busy man and may well not have time > to respond. Too kind and too true. :-) Thanks to all people helping Marc. I just saw the problem a few minutes ago and therefore did not respond earlier. Kind regards, JP From MailScanner at ecs.soton.ac.uk Mon Jun 12 11:35:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 12 11:35:29 2006 Subject: MultipleQueueDir using "{todomain}" In-Reply-To: References: Message-ID: On 12 Jun 2006, at 11:15, Errol Neal wrote: > I feel embarrased :) > But better embarrassed and corrected than the alternative! > Thanks for the clarification. > > Also, for further clarification, is {todomain} an array? Yes. > What is > returned? I just assumed it was a single dest domain. It's the list of domains of each of the recipients of the message. Remember each message has multiple recipients in MailScanner. > Errol > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Julian > Field > Sent: Monday, June 12, 2006 3:52 AM > To: MailScanner discussion > Subject: Re: MultipleQueueDir using "{todomain}" > > > On 12 Jun 2006, at 04:29, Errol Neal wrote: > >> In CustomConfig.pm I have: >> >> Return '/var/spool/mqueue.priority' if $message->{todomain} = >> enhtech.com; > > That's bad perl. > What you meant was this: > > return '/var/spool/mqueue.priority' if ${$message->{todomain}}[0] eq > 'enhtech.com'; > > or something similar. > > {todomain} is a list, so you want the first (for example) element > of the > list. > '=' is the assignment operator. You want to do a string compare > which is > 'eq'. > The string should of course be surrounded by ' quotes. > >> >> MS didn't choke on it, however, I'm finding that that's not all >> that's > >> making into this queue. >> What have I done incorrectly? This server is a gateway so sendmail >> returns mail.enhtech.com for all domains This server protects. >> >> TIA, >> >> Errol >> >> __________________________________________ >> Errol Uriel Neal Jr. >> Sr. Network Administrator >> DFI International, Inc. >> 1717 Pennsylvania Ave NW, Suite 1300 >> Washington, DC 20006 >> Tel (202)452-6955 >> Fax (202)452-6910 >> eneal@dfi-intl.com >> www.dfi-intl.com >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store PGP footprint: > EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From eneal at dfi-intl.com Mon Jun 12 13:13:45 2006 From: eneal at dfi-intl.com (Errol Neal) Date: Mon Jun 12 13:15:30 2006 Subject: MultipleQueueDir using "{todomain}" Message-ID: Thanks again for clarifying. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Monday, June 12, 2006 6:35 AM To: MailScanner discussion Subject: Re: MultipleQueueDir using "{todomain}" On 12 Jun 2006, at 11:15, Errol Neal wrote: > I feel embarrased :) > But better embarrassed and corrected than the alternative! > Thanks for the clarification. > > Also, for further clarification, is {todomain} an array? Yes. > What is > returned? I just assumed it was a single dest domain. It's the list of domains of each of the recipients of the message. Remember each message has multiple recipients in MailScanner. > Errol > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Julian Field > Sent: Monday, June 12, 2006 3:52 AM > To: MailScanner discussion > Subject: Re: MultipleQueueDir using "{todomain}" > > > On 12 Jun 2006, at 04:29, Errol Neal wrote: > >> In CustomConfig.pm I have: >> >> Return '/var/spool/mqueue.priority' if $message->{todomain} = >> enhtech.com; > > That's bad perl. > What you meant was this: > > return '/var/spool/mqueue.priority' if ${$message->{todomain}}[0] eq > 'enhtech.com'; > > or something similar. > > {todomain} is a list, so you want the first (for example) element of > the list. > '=' is the assignment operator. You want to do a string compare which > is 'eq'. > The string should of course be surrounded by ' quotes. > >> >> MS didn't choke on it, however, I'm finding that that's not all >> that's > >> making into this queue. >> What have I done incorrectly? This server is a gateway so sendmail >> returns mail.enhtech.com for all domains This server protects. >> >> TIA, >> >> Errol >> >> __________________________________________ >> Errol Uriel Neal Jr. >> Sr. Network Administrator >> DFI International, Inc. >> 1717 Pennsylvania Ave NW, Suite 1300 >> Washington, DC 20006 >> Tel (202)452-6955 >> Fax (202)452-6910 >> eneal@dfi-intl.com >> www.dfi-intl.com >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store PGP footprint: > EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From matt at coders.co.uk Mon Jun 12 14:03:17 2006 From: matt at coders.co.uk (Matt Hampton) Date: Mon Jun 12 14:03:24 2006 Subject: Possible Bug in Phishing Detection Message-ID: <448D6615.9010304@coders.co.uk> All I think I have discovered a possible bug in the Phishing net. Versions: (RPM based) This is CentOS release 4.3 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.54.6 If you send a link in the format http://www.domain.com. You get the standard warning of "MailScanner has detected a possible fraud attempt from "www.domain.com." claiming to be http://www.domain.com. Obviously this is wrong: especially when you look in the syslog and get the following: Found phishing fraud from www.domain.com. claiming to be www.domain.com in k5CCsrln020271 I haven't had a chance to look at a fix yet - I'll try when I get home from the office. regards Matt From carinus.carelse at mrc.ac.za Mon Jun 12 14:26:41 2006 From: carinus.carelse at mrc.ac.za (carinus.carelse@mrc.ac.za) Date: Mon Jun 12 14:25:43 2006 Subject: Logo to the inline.sig.html Message-ID: I wonder if it would be possible to add the log to the inlin.sig.html I have ftp'd the file off and inserted a picture but I every time I send a mail through the system it does not attach the signature it just send the email through blank. Can anone give me some advice as to what I am doing wrong. Carinus -- This e-mail and its contents are subject to the South African Medical Research Council e-mail legal notice available at http://www.mrc.ac.za/about/EmailLegalNotice.htm -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060612/17d361f6/attachment.html From MailScanner at ecs.soton.ac.uk Mon Jun 12 14:47:29 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 12 14:47:46 2006 Subject: Possible Bug in Phishing Detection In-Reply-To: <448D6615.9010304@coders.co.uk> References: <448D6615.9010304@coders.co.uk> Message-ID: <8F9819D9-C660-43EB-9F3F-2B2546F65A2C@ecs.soton.ac.uk> Dead simple fix. Add this 1 line to Message.pm: --- Message.pm.old 2006-06-06 18:03:43.000000000 +0100 +++ /Message.pm 2006-06-12 14:44:47.000000000 +0100 @@ -5734,6 +5734,7 @@ #print STDERR "Is $linkurl\n"; return ("",0) if $linkurl =~ /\@/ && $linkurl !~ /\//; # Ignore emails #$linkurl = "" if $linkurl =~ /\@/ && $linkurl !~ /\//; # Ignore emails + $linkurl =~ s/[,.]+$//; # Remove trailing dots, but also commas while at it $linkurl =~ s/^\[\d*\]//; # Remove leading [numbers] $linkurl =~ s/^blocked[:\/]+//i; # Remove "blocked::" labels $linkurl =~ s/^outbind:\/\/\d+\///i; # Remove "outbind://22/" type labels On 12 Jun 2006, at 14:03, Matt Hampton wrote: > All > > I think I have discovered a possible bug in the Phishing net. > > Versions: (RPM based) > This is CentOS release 4.3 (Final) > This is Perl version 5.008005 (5.8.5) > This is MailScanner version 4.54.6 > > > If you send a link in the format > http://www.domain.com. > > You get the standard warning of > > "MailScanner has detected a possible fraud attempt from > "www.domain.com." claiming to be http://www.domain.com. > > Obviously this is wrong: especially when you look in the syslog and > get > the following: > > Found phishing fraud from www.domain.com. claiming to be > www.domain.com > in k5CCsrln020271 > > I haven't had a chance to look at a fix yet - I'll try when I get home > from the office. > > > > regards > > Matt > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Mon Jun 12 14:55:43 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 12 14:56:00 2006 Subject: Logo to the inline.sig.html In-Reply-To: References: Message-ID: <43E44166-74B7-4906-95C7-CBDE0625FC7E@ecs.soton.ac.uk> I don't quite understand what you're getting at. However, if the message is clean it will attach inline.sig.html if it is already an HTML email and "Sign Clean Messages" is set to yes for these messages (Just set "Sign Clean Messages = yes" to do all mail). If the message is originally just a plain text message then it will attach inline.sig.txt. It does not convert plain text messages to HTML just to add the signature, it leaves them in the form it found them. On 12 Jun 2006, at 14:26, carinus.carelse@mrc.ac.za wrote: > > I wonder if it would be possible to add the log to the > inlin.sig.html I have ftp'd the file off and inserted a picture but > I every time I send a mail through the system it does not attach > the signature it just send the email through blank. > > Can anone give me some advice as to what I am doing wrong. > > Carinus > > -- > This e-mail and its contents are subject to the > South African Medical Research Council > e-mail legal notice available at http://www.mrc.ac.za/about/ > EmailLegalNotice.html > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060612/fb75d4e4/attachment.html From dickenson at cfmc.com Mon Jun 12 14:55:42 2006 From: dickenson at cfmc.com (Jim Dickenson) Date: Mon Jun 12 14:56:03 2006 Subject: OT: limit idle time in sendmail Message-ID: I have sendmail configured to limit the number of children to 150. What I am seeing is most of the children are dealing with connections that get opened but not closed. This causes sendmail to reject connections because the limit of children has been reached. Is there any option to limit how long a child will leave the connection open basically in idle state? These have been around for about an hour: root 6287 3674 0 05:54 ? 00:00:00 sendmail: server [221.233.250.108] cmd read root 6288 3674 0 05:54 ? 00:00:00 sendmail: server [59.39.215.19] cmd read root 6307 3674 0 05:54 ? 00:00:00 sendmail: server [219.131.108.243] cmd read Thanks for any ideas. -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ From campbell at cnpapers.com Mon Jun 12 15:15:28 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Jun 12 15:15:51 2006 Subject: OT: sendmail cmd read Message-ID: <000a01c68e2a$a83e3ea0$0705000a@DDF5DW71> This is OT, and may have been discussed before... but here goes anyway. Google didn't show much on this one. I am fighting a machine that has recently starting showing increased load averages. What used to stay below 5 is now climbing into the 11.+ at times, and stays around 8 for most of the day. I have considered bdc as the culprit, but really, this hasn't changed recently, as I have not really changed anything for a while. I did install a caching name server, but see little improvement. I'm not looking for additional "fixes" so much as resolving the problem of what is causing this when changes haven't been made. The load climbs when MailWatch shows 8+ MailScanner processes (I have 5 set in Mailscanner.conf) and around 50 sendmail processes. I don't think the version of Mailscanner had anything to do with this (4.52.2), and I am running this on two other servers without the problem - and clamav and bitdefender on the others also. A 'ps -ax | grep sendmail' has always shown a lot of processes to of the form: sendmail: server [IP address] cmd read These usually have common IP addresses, and I wonder, firstly, what is sendmail really doing at this point, and secondly, is there something that I can do that will make the longer-lived processes go away if these are bad connections? These sendmail processes tend to gradually climb to a level of around 40-50, and never really drop without restarting sendmail. I haven't checked to see if they are the same process IDs. I have an idea that these are uncompleteable (?) sendmail connections that are started, but not sure. I'm sure there is a setting in sendmail (8.12 for now) that might fix this (as sort of a timeout thing) , or maybe a milter, but I haven't found it yet. I would like to understand, though, what may have caused the increased load averages, other than the varying input to sendmail. I realize this could be a major factor, but don't see a lot of change in the usual crap that comes in daily. Around 40K+ messages a day with about 85-90% spam caught. This has been constant for a long time. Opinions would be greatly appreciated. Thanks! Steve Campbell campbell@cnpapers.com Charleston Newspapers From carinus.carelse at mrc.ac.za Mon Jun 12 15:17:20 2006 From: carinus.carelse at mrc.ac.za (carinus.carelse@mrc.ac.za) Date: Mon Jun 12 15:16:06 2006 Subject: Logo to the inline.sig.html In-Reply-To: <43E44166-74B7-4906-95C7-CBDE0625FC7E@ecs.soton.ac.uk> Message-ID: Is there a way to force MailScanner to only attach the html version of the signature. Whether the email is text or HTML. Carinus Julian Field Sent by: mailscanner-bounces@lists.mailscanner.info 2006/06/12 15:55 Please respond to MailScanner discussion To MailScanner discussion cc Subject Re: Logo to the inline.sig.html I don't quite understand what you're getting at. However, if the message is clean it will attach inline.sig.html if it is already an HTML email and "Sign Clean Messages" is set to yes for these messages (Just set "Sign Clean Messages = yes" to do all mail). If the message is originally just a plain text message then it will attach inline.sig.txt. It does not convert plain text messages to HTML just to add the signature, it leaves them in the form it found them. On 12 Jun 2006, at 14:26, carinus.carelse@mrc.ac.za wrote: I wonder if it would be possible to add the log to the inlin.sig.html I have ftp'd the file off and inserted a picture but I every time I send a mail through the system it does not attach the signature it just send the email through blank. Can anone give me some advice as to what I am doing wrong. Carinus -- This e-mail and its contents are subject to the South African Medical Research Council e-mail legal notice available at http://www.mrc.ac.za/about/EmailLegalNotice.html -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This e-mail and its contents are subject to the South African Medical Research Council e-mail legal notice available at http://www.mrc.ac.za/about/EmailLegalNotice.htm -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060612/09d05ef7/attachment.html From naolson at gmail.com Mon Jun 12 15:20:22 2006 From: naolson at gmail.com (Nathan Olson) Date: Mon Jun 12 15:20:26 2006 Subject: OT: limit idle time in sendmail In-Reply-To: References: Message-ID: <8f54b4330606120720g22b9b66dl6588fde3e608c947@mail.gmail.com> Peruse the options (O) that start with 'Timeout'. Nate From campbell at cnpapers.com Mon Jun 12 15:19:53 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Jun 12 15:20:51 2006 Subject: limit idle time in sendmail References: Message-ID: <003301c68e2b$462add30$0705000a@DDF5DW71> Sorry for my post just a few minutes ago. Same thing going on, but was writing mine while this came in. Everyone can just ignore mine and I'll follow this one. Amazing, how that works sometimes. Steve ----- Original Message ----- From: "Jim Dickenson" To: "MailScanner Mail List" Sent: Monday, June 12, 2006 9:55 AM Subject: OT: limit idle time in sendmail >I have sendmail configured to limit the number of children to 150. What I >am > seeing is most of the children are dealing with connections that get > opened > but not closed. This causes sendmail to reject connections because the > limit > of children has been reached. Is there any option to limit how long a > child > will leave the connection open basically in idle state? > > These have been around for about an hour: > > root 6287 3674 0 05:54 ? 00:00:00 sendmail: server > [221.233.250.108] cmd read > root 6288 3674 0 05:54 ? 00:00:00 sendmail: server > [59.39.215.19] cmd read > root 6307 3674 0 05:54 ? 00:00:00 sendmail: server > [219.131.108.243] cmd read > > Thanks for any ideas. > -- > Jim Dickenson > mailto:dickenson@cfmc.com > > CfMC > http://www.cfmc.com/ > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From maillists at conactive.com Mon Jun 12 15:31:20 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Jun 12 15:31:31 2006 Subject: Possible Bug in Phishing Detection In-Reply-To: <448D6615.9010304@coders.co.uk> References: <448D6615.9010304@coders.co.uk> Message-ID: Matt Hampton wrote on Mon, 12 Jun 2006 14:03:17 +0100: > If you send a link in the format > http://www.domain.com. Matt, do you refer to a URL with a dot at the end or to any URL where href and innertext match? BTW: domain.com exists, we shouldn#t use it for examples anymore. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From matt at coders.co.uk Mon Jun 12 15:43:28 2006 From: matt at coders.co.uk (Matt Hampton) Date: Mon Jun 12 15:43:26 2006 Subject: Possible Bug in Phishing Detection In-Reply-To: References: <448D6615.9010304@coders.co.uk> Message-ID: <448D7D90.6090106@coders.co.uk> Kai Schaetzl wrote: > Matt Hampton wrote on Mon, 12 Jun 2006 14:03:17 +0100: > >> If you send a link in the format >> http://www.domain.com. > > Matt, do you refer to a URL with a dot at the end or to any URL where href > and innertext match? The fully qualified domain (i.e. dot) > > BTW: domain.com exists, we shouldn#t use it for examples anymore. Old habits are hard to break! Most networking books refer to 111.111.111.111 and 222.222.222.222 (allocated to China) matt From MailScanner at ecs.soton.ac.uk Mon Jun 12 16:02:00 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 12 16:02:18 2006 Subject: Logo to the inline.sig.html In-Reply-To: References: Message-ID: <9050CD2C-0369-42E4-AD91-AE636F621046@ecs.soton.ac.uk> No. You would have to write this as a Custom Function with a side- effect that did this. On 12 Jun 2006, at 15:17, carinus.carelse@mrc.ac.za wrote: > > Is there a way to force MailScanner to only attach the html version > of the signature. Whether the email is text or HTML. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060612/e0dd49c9/attachment.html From ssilva at sgvwater.com Mon Jun 12 16:03:01 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jun 12 16:03:18 2006 Subject: Possible Bug in Phishing Detection In-Reply-To: References: <448D6615.9010304@coders.co.uk> Message-ID: Kai Schaetzl spake the following on 6/12/2006 7:31 AM: > Matt Hampton wrote on Mon, 12 Jun 2006 14:03:17 +0100: > >> If you send a link in the format >> http://www.domain.com. > > Matt, do you refer to a URL with a dot at the end or to any URL where href > and innertext match? > > BTW: domain.com exists, we shouldn#t use it for examples anymore. > > Kai > Maybe we should use evilbadspammer.com .. I doubt anyone would claim that one! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Mon Jun 12 16:03:40 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 12 16:03:57 2006 Subject: Possible Bug in Phishing Detection In-Reply-To: References: <448D6615.9010304@coders.co.uk> Message-ID: <92572533-3114-49D5-BD7E-590A7CA613D0@ecs.soton.ac.uk> On 12 Jun 2006, at 15:43, Matt Hampton wrote: > Matt Hampton wrote on Mon, 12 Jun 2006 14:03:17 +0100: > >> If you send a link in the format >> http://www.domain.com. > > Matt, do you refer to a URL with a dot at the end or to any URL > where href > and innertext match? > > BTW: domain.com exists, we shouldn#t use it for examples anymore. We should use example.com, which is registered by IANA for precisely this purpose. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From campbell at cnpapers.com Mon Jun 12 16:10:52 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Jun 12 16:11:33 2006 Subject: OT: limit idle time in sendmail References: <8f54b4330606120720g22b9b66dl6588fde3e608c947@mail.gmail.com> Message-ID: <002201c68e32$65427140$0705000a@DDF5DW71> ----- Original Message ----- From: "Nathan Olson" To: "MailScanner discussion" Sent: Monday, June 12, 2006 10:20 AM Subject: Re: OT: limit idle time in sendmail > Peruse the options (O) that start with 'Timeout'. I don't want to steal this thread, but I am adding just for information. I changed a bunch of the "TO_" options defaults and got the processes down to an average of 20. Load is still up, though. Maybe a restart will clear something out as my next recourse. Steve > > Nate > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From ka at pacific.net Mon Jun 12 16:51:49 2006 From: ka at pacific.net (Ken A) Date: Mon Jun 12 16:51:42 2006 Subject: OT: limit idle time in sendmail In-Reply-To: References: Message-ID: <448D8D95.4020404@pacific.net> This might help: http://www.sendmail.org/~ca/email/doc8.12/op-sh-4.html Ken Pacific.Net Jim Dickenson wrote: > I have sendmail configured to limit the number of children to 150. What I am > seeing is most of the children are dealing with connections that get opened > but not closed. This causes sendmail to reject connections because the limit > of children has been reached. Is there any option to limit how long a child > will leave the connection open basically in idle state? > > These have been around for about an hour: > > root 6287 3674 0 05:54 ? 00:00:00 sendmail: server > [221.233.250.108] cmd read > root 6288 3674 0 05:54 ? 00:00:00 sendmail: server > [59.39.215.19] cmd read > root 6307 3674 0 05:54 ? 00:00:00 sendmail: server > [219.131.108.243] cmd read > > Thanks for any ideas. From michele at blacknight.ie Mon Jun 12 17:05:38 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight Solutions) Date: Mon Jun 12 17:05:49 2006 Subject: Logo to the inline.sig.html In-Reply-To: Message-ID: <050c01c68e3a$0d1b5420$88c5c657@arthur> Why on earth would you want to add a HTML signature to a plain text mail? Are you actually trying to break people's mail? Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.ie/ http://blog.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From gmane at tippingmar.com Mon Jun 12 17:05:46 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Mon Jun 12 17:06:47 2006 Subject: Is sophos-autoupdate updating? In-Reply-To: <448B1968.1090000@gmx.de> References: <448AD2A3.1090409@ecs.soton.ac.uk> <448B1968.1090000@gmx.de> Message-ID: shrek-m@gmx.de wrote: > Mark Nienberg schrieb: >> I'll play with username and password. It may be that I am supposed to >> use the Sophos EM Library password instead of the regular user >> updating password for this. I'm not sure. > > take a look on your licence. > > "EM Download username password" > > is what you need. That fixed it. I was using the other Download password. Thanks, Mark From gmane at tippingmar.com Mon Jun 12 17:21:33 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Mon Jun 12 17:22:38 2006 Subject: Sophos.install improvements Message-ID: Julian, Can you add the following to Sophos.install for v5 installations? # prevent notifications from causing a mail loop /opt/sophos-av/bin/savconfig -u set EmailNotifier disabled # prevent autoupdates (let MailScanner do it instead) /opt/sophos-av/bin/savdctl stop sav-protect /opt/sophos-av/bin/savdctl disableOnBoot sav-protect The email that sophos sends with the on-demand scan results is in turn scanned, generating another email which is scanned, etc. If sav-protect daemon is running, it updates Sophos, but without the locking that MailScanner's update uses. Thanks, Mark Nienberg From chris at tac.esi.net Mon Jun 12 21:04:49 2006 From: chris at tac.esi.net (Chris Hammond) Date: Mon Jun 12 21:05:02 2006 Subject: MailScanner setup script Message-ID: <448D90BF.B662.0038.0@tac.esi.net> I was just wondering if anyone had looked at the script I sent to the list a couple of weeks ago. I would like to get some feedback and ideas on where it could go as a project with more knowledgeable people than I working on it. Thanks Chris From paul at tenfjord.net Mon Jun 12 21:40:04 2006 From: paul at tenfjord.net (Paul Tenfjord) Date: Mon Jun 12 21:41:49 2006 Subject: Mailscanner + Spamassassin domain Preferences Message-ID: <200606122240.04119.paul@tenfjord.net> Hi all. I am setting up a mail hub using postfix, mailscanner, clamav and spamassassing. This works very well, mailscanner is really great, the only thing left for me to do is figure out how to have user preferences (or domain settings, per user is not that important) in spamassassin. I've read about sql user preferences but that requires that SA uses spamc/spamd, which as far as I know MS does not do. I also found some posts in the archive but they are dated back to 2004 (http://lists.mailscanner.info/pipermail/mailscanner/2006-April/060055.html), maybe something has happend in this front since then. I appreciate all answers. Thanks Best regards Paul From MailScanner at ecs.soton.ac.uk Mon Jun 12 22:12:02 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 12 22:12:18 2006 Subject: Sophos.install improvements In-Reply-To: References: Message-ID: <448DD8A2.1020904@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Done. Thanks for that. Mark Nienberg wrote: > Julian, > > Can you add the following to Sophos.install for v5 installations? > > # prevent notifications from causing a mail loop > /opt/sophos-av/bin/savconfig -u set EmailNotifier disabled > > # prevent autoupdates (let MailScanner do it instead) > /opt/sophos-av/bin/savdctl stop sav-protect > /opt/sophos-av/bin/savdctl disableOnBoot sav-protect > > > The email that sophos sends with the on-demand scan results is in turn > scanned, generating another email which is scanned, etc. > > If sav-protect daemon is running, it updates Sophos, but without the > locking that MailScanner's update uses. > > > Thanks, > Mark Nienberg > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRI3YpBH2WUcUFbZUEQIsXwCeKTz8tPfYW1monTshzffXDbgJZbQAoOOq /+EWqfcYeng2+2yV0cS6LDxu =znL5 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Mon Jun 12 22:14:46 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 12 22:14:57 2006 Subject: Mailscanner + Spamassassin domain Preferences In-Reply-To: <200606122240.04119.paul@tenfjord.net> References: <200606122240.04119.paul@tenfjord.net> Message-ID: <448DD946.1010500@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Basically all the settings people ever actually need to change are controllable from MailScanner.conf. What settings are you trying to set per-domain? Paul Tenfjord wrote: > Hi all. > > I am setting up a mail hub using postfix, mailscanner, clamav and > spamassassing. This works very well, mailscanner is really great, the only > thing left for me to do is figure out how to have user preferences (or domain > settings, per user is not that important) in spamassassin. I've read about > sql user preferences but that requires that SA uses spamc/spamd, which as far > as I know MS does not do. I also found some posts in the archive but they are > dated back to 2004 > (http://lists.mailscanner.info/pipermail/mailscanner/2006-April/060055.html), > maybe something has happend in this front since then. > > I appreciate all answers. > > Thanks > > Best regards > Paul > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRI3ZRxH2WUcUFbZUEQJrVQCfVNQPSsG/sdh1cMvarb2Im6UlTcEAnjSd X7a9dZErYtFQLKcKMg7ITd/x =YlW/ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From jgames at sitp.net Mon Jun 12 22:16:15 2006 From: jgames at sitp.net (John Games) Date: Mon Jun 12 22:16:48 2006 Subject: Mailscanner + Spamassassin domain Preferences In-Reply-To: <200606122240.04119.paul@tenfjord.net> References: <200606122240.04119.paul@tenfjord.net> Message-ID: <448D934E.C8E0.00C6.0@sitp.net> Try Mailwatch Regards, John Games 806.771.2300 x101 fax 806.209.0126 jgames@sitp.net Skype: sitpinc >>> On Mon, Jun 12, 2006 at 3:40 PM, in message <200606122240.04119.paul@tenfjord.net>, Paul Tenfjord wrote: Hi all. I am setting up a mail hub using postfix, mailscanner, clamav and spamassassing. This works very well, mailscanner is really great, the only thing left for me to do is figure out how to have user preferences (or domain settings, per user is not that important) in spamassassin. I've read about sql user preferences but that requires that SA uses spamc/spamd, which as far as I know MS does not do. I also found some posts in the archive but they are dated back to 2004 (http://lists.mailscanner.info/pipermail/mailscanner/2006-April/060055.html), maybe something has happend in this front since then. I appreciate all answers. Thanks Best regards Paul -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by SelectProtect, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by SelectProtect, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060612/0ff6a277/attachment.html From michele at blacknight.ie Tue Jun 13 00:17:22 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Tue Jun 13 00:17:26 2006 Subject: MailScanner setup script In-Reply-To: <448D90BF.B662.0038.0@tac.esi.net> References: <448D90BF.B662.0038.0@tac.esi.net> Message-ID: <448DF602.9020708@blacknight.ie> Chris Hammond wrote: > I was just wondering if anyone had looked at the script I sent to the list a couple of > weeks ago. I would like to get some feedback and ideas on where it could go as a > project with more knowledgeable people than I working on it. > > Thanks > Chris > Chris Any chance of you reposting it? Or a link to it? Michele -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From chris at tac.esi.net Tue Jun 13 00:34:38 2006 From: chris at tac.esi.net (Chris Hammond) Date: Tue Jun 13 00:32:54 2006 Subject: MailScanner setup script In-Reply-To: <448DF602.9020708@blacknight.ie> References: <448D90BF.B662.0038.0@tac.esi.net> <448DF602.9020708@blacknight.ie> Message-ID: <448DC1CE.B662.0038.0@tac.esi.net> Sure, it is attached. Chris >>> "Michele Neylon :: Blacknight.ie" 06/12/06 7:17 PM >>> Chris Hammond wrote: > I was just wondering if anyone had looked at the script I sent to the list a couple of > weeks ago. I would like to get some feedback and ideas on where it could go as a > project with more knowledgeable people than I working on it. > > Thanks > Chris > Chris Any chance of you reposting it? Or a link to it? Michele -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: asinst_script.sh Type: application/x-sh Size: 37254 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060612/139edc4e/asinst_script-0001.sh From chris at tac.esi.net Tue Jun 13 01:40:55 2006 From: chris at tac.esi.net (Chris Hammond) Date: Tue Jun 13 01:38:54 2006 Subject: MailScanner setup script In-Reply-To: <448DC1CE.B662.0038.0@tac.esi.net> References: <448D90BF.B662.0038.0@tac.esi.net> <448DF602.9020708@blacknight.ie> <448DC1CE.B662.0038.0@tac.esi.net> Message-ID: <448DD157.B662.0038.0@tac.esi.net> Ok, this time tar.gz'd. Chris >>> "Chris Hammond" 06/12/06 7:34 PM >>> Sure, it is attached. Chris >>> "Michele Neylon :: Blacknight.ie" 06/12/06 7:17 PM >>> Chris Hammond wrote: > I was just wondering if anyone had looked at the script I sent to the list a couple of > weeks ago. I would like to get some feedback and ideas on where it could go as a > project with more knowledgeable people than I working on it. > > Thanks > Chris > Chris Any chance of you reposting it? Or a link to it? Michele -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: asinst_script.tar.gz Type: application/octet-stream Size: 9210 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060612/9a0a5652/asinst_script.tar.obj From carinus.carelse at mrc.ac.za Tue Jun 13 05:42:56 2006 From: carinus.carelse at mrc.ac.za (carinus.carelse@mrc.ac.za) Date: Tue Jun 13 05:41:46 2006 Subject: Logo to the inline.sig.html In-Reply-To: <050c01c68e3a$0d1b5420$88c5c657@arthur> Message-ID: No Not really. I just had a request from the management to add a logo to the signature and I thought the html sig was the best way to do it. If anyone has any other suggestions I would welcome them. Carinus "Michele Neylon :: Blacknight Solutions" Sent by: mailscanner-bounces@lists.mailscanner.info 2006/06/12 18:05 Please respond to MailScanner discussion To "'MailScanner discussion'" cc Subject RE: Logo to the inline.sig.html Why on earth would you want to add a HTML signature to a plain text mail? Are you actually trying to break people's mail? Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.ie/ http://blog.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This e-mail and its contents are subject to the South African Medical Research Council e-mail legal notice available at http://www.mrc.ac.za/about/EmailLegalNotice.htm -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060613/a81805c7/attachment.html From eneal at dfi-intl.com Tue Jun 13 05:57:50 2006 From: eneal at dfi-intl.com (Errol Neal) Date: Tue Jun 13 05:59:35 2006 Subject: Expanding MultipleQueueDir function Message-ID: I'm trying to expand the MultipleQueueDir function to make it a bit more usable for my environment. I'm almost there, but it seems like something in the code I've written isn't correct. Now mind you, I'm not a Programmer so some of it may be terribly wrong. I reused a lot of what's already in CustomConfig.pm. my ($PriorityDomainListFile) = '/etc/MailScanner/rules/prioritylist.conf'; use FileHandle; sub InitMultipleQueueDir { MailScanner::Log::InfoLog("Initialising list for domains receiving priority service"); #"from %s", $PriorityDomainListFile); my $listfile = new FileHandle; unless($listfile->open("<$PriorityDomainListFile")) { MailScanner::Log::WarnLog("Could not read list of domains for priority service " . "from %s", $PriorityDomainListFile); return; } my($fh, $line, $PriorityDomainList); $line = 0; while (<$listfile>) { $line++; chomp; #print STDERR "Line is \"$_\"\n"; s/#.*$//; # Strip comments s/\S*:\S*//g; # Strip any words with ":" in them s/^\s+//g; # Strip leading whitespace s/^(\S+)\s.*$/$1/; # Use only the 1st word s/^\*\@//; # Strip any leading "*@" they might have put in #print STDERR "Line is \"$_\"\n"; next if /^$/; # Strip blank lines $PriorityDomainList->{$listfile}{lc($_)} = 1; # Store the domains return; } $fh->close(); MailScanner::Log::InfoLog("Read %d domains from %s", $line, $PriorityDomainListFile); } sub EndMultipleQueueDir { MailScanner::Log::InfoLog("Shutting down priority domain list"); } sub MultipleQueueDir { my($message, $PriorityDomainList) = @_; #return 0 unless $message; # Sanity check the input my(@todomain, $todomain, $isspam); @todomain = @{$message->{todomain}}; $todomain = $todomain[0]; $isspam = $message->{isspam}; return '/var/spool/mqueue' unless $message; return '/var/spool/mqueue.priority' if $PriorityDomainList->{$todomain}; return '/var/spool/mqueue.spam' if $message->{$isspam}; # It is not in the list return '/var/spool/mqueue'; } Hopefully, you can get the picture of what I'm trying to do. Domains are stored in the prioritylist.conf. >From what I can tell, it's not getting beyond opening the file and reading it. Can someone help me get this working right? TIA. Errol Neal From Jan-Peter.Koopmann at seceidos.de Tue Jun 13 06:02:53 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Tue Jun 13 06:03:06 2006 Subject: Logo to the inline.sig.html In-Reply-To: Message-ID: On Dienstag, 13. Juni 2006 6:42 carinus.carelse@mrc.ac.za wrote: > No Not really. ?I just had a request from the management to add a > logo to the signature and I thought the html sig was the best way to > do it. ?If anyone has any other suggestions I would welcome them. I suggest you tell your management that there is no clean way of simply attaching a HTML signature to a plain text mail. This might (!) display correctly on some MUAs but it usually will not. And this would definatly break your CI and make a lot of people laugh about you which probably is the last thing your management would like. If management really wants to have images attached to your mails then force your MUAs to send HTML mails only and attach the signatures there. Depending on your infrastructure (Exchange? Notes?) there might be several tools that can autocreate the signatures for you (including information from your LDAP/Active Directory/whatever). Attaching a signature in MailScanner might lead to problems (digital signatures with S/MIME, PGP) and is not the best way to handle this I am afraid. Regards, JP From hden at kcbbs.gen.nz Tue Jun 13 06:29:07 2006 From: hden at kcbbs.gen.nz (Hendrik den Hartog) Date: Tue Jun 13 06:13:28 2006 Subject: Sophos SAVI In-Reply-To: References: <050c01c68e3a$0d1b5420$88c5c657@arthur> Message-ID: <20060613052907.GA1172@mew.kcbbs.gen.nz> (Excuse if this is a duplicate?) We need to rebuild our Server. Can someone please point out the path to the [new[ location of the DOCS that explain how to install/use sophos SAVI with Mailscanner. Appreciated! hden From nauman at worldcall.net.pk Tue Jun 13 06:22:40 2006 From: nauman at worldcall.net.pk (Muhammad Nauman) Date: Tue Jun 13 06:22:58 2006 Subject: Mailscanner stopped, sendmail running... References: <003e01c68ada$f71cc800$3701a8c0@lapxp><4488610A.8030802@ecs.soton.ac.uk> <223f97700606081131h5ef91acbv4d284c8b36e021c2@mail.gmail.com> Message-ID: <009c01c68ea9$65e6a770$23c051cb@noc> >> Arthur Sherman wrote: >> >> Have you read the documentation on tuning? >> >> >> >> http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips >> >> >> > >> > Most links to instructions are broken... >> > >> Please can you re-test these pages. Hopefully they all work now. Please >> let me know of any that are still broken. >> > Ah, it has risen from the dead:-). Still, perhaps we should aim at > some creative cut'n'pasting, just to get it all into the wiki... Just > so much of it ...:-) > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se I m still facing this problem - My sendmail suddenly gets stuck I have done all the optimizations possible according to my server : http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips but still i observe thing as follows: [root@server ~]# sendmail -v nauman test . nauman... Connecting to [127.0.0.1] via relay... nauman... Deferred: Connection refused by [127.0.0.1] [root@server ~]# /etc/init.d/MailScanner stop Shutting down MailScanner daemons: MailScanner: [ OK ] incoming sendmail: [ OK ] outgoing sendmail: [ OK ] [root@server ~]# /etc/init.d/MailScanner status Checking MailScanner daemons: MailScanner: [FAILED] incoming sendmail: head: cannot open `/var/run/sendmail.in.pid' for reading: No such file or directory [FAILED] outgoing sendmail: head: cannot open `/var/run/sendmail.out.pid' for reading: No such file or directory [FAILED] [root@server ~]# /etc/init.d/MailScanner stop Shutting down MailScanner daemons: MailScanner: [FAILED] incoming sendmail: [ OK ] outgoing sendmail: [ OK ] [root@server ~]# /etc/init.d/sendmail status sendmail (pid 32112 32107 32055 32013 32004 31610 31581 30306 30185 30095 30002 29917 29863 29667 29520 29461 29399 29042 28938 28918 28263 28041 27015 26655 26567 26536 26289 23442 22532 22246 22151 18507 14118) is running... [root@server ~]# /etc/init.d/sendmail stop Shutting down sendmail: [ OK ] Shutting down sm-client: [FAILED] [root@server ~]# /etc/init.d/sendmail stop Shutting down sendmail: [FAILED] and after these all - when i restart my Mailscanner - it starts working fine again - But why do i have to do all this ?? how can this be fixed one and for all ? Thanks and regards, M.Nauman Habib Network Engineer ICT Department WorldCALL Multimedia Pvt Ltd 16-S Gulberg II Lahore, Pakistan Off: 92 (42) 5877051-55 Cell : 0321-4311830 -- This message has been scanned for viruses and dangerous content by WorldCall Scanner, and is believed to be clean. From x72m35 at gmail.com Tue Jun 13 06:49:48 2006 From: x72m35 at gmail.com (Lasantha Marian) Date: Tue Jun 13 06:50:18 2006 Subject: Detailed Spam report in Bounce/Notify messages Message-ID: <448E51FC.3010306@gmail.com> Dear All, Is there a possibility to incorporate a detailed report of SpamAssassin in Bounce messages and Notify messages generated by MailScanner ? If so, how can that be done. Thanks in advanced. Lasantha. From MailScanner at ecs.soton.ac.uk Tue Jun 13 08:54:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 13 08:55:10 2006 Subject: Sophos SAVI In-Reply-To: <20060613052907.GA1172@mew.kcbbs.gen.nz> References: <050c01c68e3a$0d1b5420$88c5c657@arthur> <20060613052907.GA1172@mew.kcbbs.gen.nz> Message-ID: <53A206F2-35D0-4E3A-B927-1D8F818F69A3@ecs.soton.ac.uk> On 13 Jun 2006, at 06:29, Hendrik den Hartog wrote: > We need to rebuild our Server. Can someone please point out the > path to the [new[ location of the DOCS that explain how to install/ > use sophos SAVI with Mailscanner. Download and unpack the Sophos distribution. Then run "Sophos.install". -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From gmatt at nerc.ac.uk Tue Jun 13 09:46:33 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Tue Jun 13 09:46:51 2006 Subject: OT: sendmail cmd read In-Reply-To: <000a01c68e2a$a83e3ea0$0705000a@DDF5DW71> References: <000a01c68e2a$a83e3ea0$0705000a@DDF5DW71> Message-ID: <448E7B69.6030600@nerc.ac.uk> Steve Campbell wrote: > This is OT, and may have been discussed before... but here goes anyway. > Google didn't show much on this one. > > I am fighting a machine that has recently starting showing increased > load averages. What used to stay below 5 is now climbing into the 11.+ > at times, and stays around 8 for most of the day. I have considered bdc > as the culprit, but really, this hasn't changed recently, as I have not > really changed anything for a while. I did install a caching name > server, but see little improvement. I'm not looking for additional > "fixes" so much as resolving the problem of what is causing this when > changes haven't been made. The load climbs when MailWatch shows 8+ > MailScanner processes (I have 5 set in Mailscanner.conf) and around 50 > sendmail processes. I don't think the version of Mailscanner had > anything to do with this (4.52.2), and I am running this on two other > servers without the problem - and clamav and bitdefender on the others > also. > > A 'ps -ax | grep sendmail' has always shown a lot of processes to of the > form: > > sendmail: server [IP address] cmd read > > These usually have common IP addresses, and I wonder, firstly, what is > sendmail really doing at this point, and secondly, is there something > that I can do that will make the longer-lived processes go away if these > are bad connections? These sendmail processes tend to gradually climb to > a level of around 40-50, and never really drop without restarting > sendmail. I haven't checked to see if they are the same process IDs. I > have an idea that these are uncompleteable (?) sendmail connections that > are started, but not sure. you've pretty much identified the problem here. sendmail processes are hanging around which is reflected in the rising load average. In fact the host is probably not using many cpu cycles but there are a lot of sendmail processes in the queue. It looks like external mail hosts are connecting to your box but being really slow at communicating. This could be an attempt to slow down/stop your mail server by connecting until the max connections is reached thus stopping anyone else connecting. Stopping or restarting sendmail will not usually kill these connections, to do so, issue a "pkill sendmail" which will close them down. > > I'm sure there is a setting in sendmail (8.12 for now) that might fix > this (as sort of a timeout thing) , or maybe a milter, but I haven't > found it yet. I would like to understand, though, what may have caused > the increased load averages, other than the varying input to sendmail. I > realize this could be a major factor, but don't see a lot of change in > the usual crap that comes in daily. Around 40K+ messages a day with > about 85-90% spam caught. This has been constant for a long time. you can limit the max number of connections, rate of connection and impose limits per ip address (you'll have to check how much of this you can do with 8.12, I use 8.13). Look at: confCONNECTION_RATE_THROTTLE FEATURE(`ratecontrol', ,`terminate') FEATURE(`conncontrol', ,`terminate') a good place to read about managing this sort of thing is: http://www.technoids.org/dossed.html good luck GREG > > Opinions would be greatly appreciated. Thanks! > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From gmatt at nerc.ac.uk Tue Jun 13 09:56:01 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Tue Jun 13 09:56:09 2006 Subject: MailScanner setup script In-Reply-To: <448DC1CE.B662.0038.0@tac.esi.net> References: <448D90BF.B662.0038.0@tac.esi.net> <448DF602.9020708@blacknight.ie> <448DC1CE.B662.0038.0@tac.esi.net> Message-ID: <448E7DA1.30905@nerc.ac.uk> Chris Hammond wrote: > Sure, it is attached. > why turn off mdmonitor? all my mail relays have software raid1 mirrored disks. mdmonitor is vital! G > Chris > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From michele at blacknight.ie Tue Jun 13 10:54:30 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight Solutions) Date: Tue Jun 13 10:54:41 2006 Subject: Logo to the inline.sig.html In-Reply-To: Message-ID: <01cd01c68ecf$5e56a930$88c5c657@arthur> Koopmann, Jan-Peter <> said on 13 June 2006 06:03: > > Attaching a signature in MailScanner might lead to problems (digital > signatures with S/MIME, PGP) and is not the best way to handle this I > am afraid. Ah yes. Ye old b0rked signature issue :) Great fun when you encrypt the email and the recipient can't open it Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.ie/ http://blog.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From campbell at cnpapers.com Tue Jun 13 11:09:49 2006 From: campbell at cnpapers.com (campbell@cnpapers.com) Date: Tue Jun 13 11:10:30 2006 Subject: OT: sendmail cmd read In-Reply-To: <448E7B69.6030600@nerc.ac.uk> References: <000a01c68e2a$a83e3ea0$0705000a@DDF5DW71> <448E7B69.6030600@nerc.ac.uk> Message-ID: <1150193389.448e8eed230ed@perdition.cnpapers.net> Greg, thanks very much. See a few comments below: Quoting Greg Matthews : > Steve Campbell wrote: > > This is OT, and may have been discussed before... but here goes anyway. > > Google didn't show much on this one. > > > > I am fighting a machine that has recently starting showing increased > > load averages. What used to stay below 5 is now climbing into the 11.+ > > at times, and stays around 8 for most of the day. I have considered bdc > > as the culprit, but really, this hasn't changed recently, as I have not > > really changed anything for a while. I did install a caching name > > server, but see little improvement. I'm not looking for additional > > "fixes" so much as resolving the problem of what is causing this when > > changes haven't been made. The load climbs when MailWatch shows 8+ > > MailScanner processes (I have 5 set in Mailscanner.conf) and around 50 > > sendmail processes. I don't think the version of Mailscanner had > > anything to do with this (4.52.2), and I am running this on two other > > servers without the problem - and clamav and bitdefender on the others > > also. > > > > A 'ps -ax | grep sendmail' has always shown a lot of processes to of the > > form: > > > > sendmail: server [IP address] cmd read > > > > These usually have common IP addresses, and I wonder, firstly, what is > > sendmail really doing at this point, and secondly, is there something > > that I can do that will make the longer-lived processes go away if these > > are bad connections? These sendmail processes tend to gradually climb to > > a level of around 40-50, and never really drop without restarting > > sendmail. I haven't checked to see if they are the same process IDs. I > > have an idea that these are uncompleteable (?) sendmail connections that > > are started, but not sure. > > you've pretty much identified the problem here. sendmail processes are > hanging around which is reflected in the rising load average. In fact > the host is probably not using many cpu cycles but there are a lot of > sendmail processes in the queue. It looks like external mail hosts are > connecting to your box but being really slow at communicating. This > could be an attempt to slow down/stop your mail server by connecting > until the max connections is reached thus stopping anyone else > connecting. Stopping or restarting sendmail will not usually kill these > connections, to do so, issue a "pkill sendmail" which will close them down. Up until now, I would ususally have to "killall sendmail" to flush these. They would go on forever. > > > > > I'm sure there is a setting in sendmail (8.12 for now) that might fix > > this (as sort of a timeout thing) , or maybe a milter, but I haven't > > found it yet. I would like to understand, though, what may have caused > > the increased load averages, other than the varying input to sendmail. I > > realize this could be a major factor, but don't see a lot of change in > > the usual crap that comes in daily. Around 40K+ messages a day with > > about 85-90% spam caught. This has been constant for a long time. > > you can limit the max number of connections, rate of connection and > impose limits per ip address (you'll have to check how much of this you > can do with 8.12, I use 8.13). Look at: > confCONNECTION_RATE_THROTTLE > FEATURE(`ratecontrol', ,`terminate') > FEATURE(`conncontrol', ,`terminate') > a good place to read about managing this sort of thing is: > http://www.technoids.org/dossed.html I'll try the link, and for now, have changed a lot of the timeout values for the default sendmail.mc that RH ships. I recall ages ago, like RH 6.2, that the ident timeout used to require zeroing or sendmail would come to a real halt, but had not needed any other changes since then. This has made the average number of sendmail processes drop to about 20 or less, but the load still swings to a high 8 or 9, for what looks like no apparent reason. > > good luck Thanks for the help. Steve > > GREG > > > > > Opinions would be greatly appreciated. Thanks! > > > > Steve Campbell > > campbell@cnpapers.com > > Charleston Newspapers > > > > > > > -- > Greg Matthews 01491 692445 > Head of UNIX/Linux, iTSS Wallingford > > -- > This message (and any attachments) is for the recipient only. NERC > is subject to the Freedom of Information Act 2000 and the contents > of this email and any reply you make may be disclosed by NERC unless > it is exempt from release under the Act. Any material supplied to > NERC may be stored in an electronic records management system. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ From chris at tac.esi.net Tue Jun 13 11:54:24 2006 From: chris at tac.esi.net (Chris Hammond) Date: Tue Jun 13 11:52:21 2006 Subject: MailScanner setup script In-Reply-To: <448E7DA1.30905@nerc.ac.uk> References: <448D90BF.B662.0038.0@tac.esi.net> <448DF602.9020708@blacknight.ie> <448DC1CE.B662.0038.0@tac.esi.net> <448E7DA1.30905@nerc.ac.uk> Message-ID: <448E611F.B662.0038.0@tac.esi.net> Mine were not initially. The last two are but I never changed the script. I just turned it back on on those two machines. It is definately vital when software raid is in place, maybe a check for the presence of raid partitions would be in order. Chris >>> Greg Matthews 06/13/06 4:56 AM >>> Chris Hammond wrote: > Sure, it is attached. > why turn off mdmonitor? all my mail relays have software raid1 mirrored disks. mdmonitor is vital! G > Chris > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Tue Jun 13 11:56:12 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 13 11:56:15 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <009c01c68ea9$65e6a770$23c051cb@noc> References: <003e01c68ada$f71cc800$3701a8c0@lapxp> <4488610A.8030802@ecs.soton.ac.uk> <223f97700606081131h5ef91acbv4d284c8b36e021c2@mail.gmail.com> <009c01c68ea9$65e6a770$23c051cb@noc> Message-ID: <223f97700606130356r746a47bk16a81527243726d4@mail.gmail.com> On 13/06/06, Muhammad Nauman wrote: > >> Arthur Sherman wrote: > >> >> Have you read the documentation on tuning? > >> >> > >> >> http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips > >> >> > >> > > >> > Most links to instructions are broken... > >> > > >> Please can you re-test these pages. Hopefully they all work now. Please > >> let me know of any that are still broken. > >> > > Ah, it has risen from the dead:-). Still, perhaps we should aim at > > some creative cut'n'pasting, just to get it all into the wiki... Just > > so much of it ...:-) > > > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > > I m still facing this problem - My sendmail suddenly gets stuck > I have done all the optimizations possible according to my server : > http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips > but still i observe thing as follows: > > [root@server ~]# sendmail -v nauman > test > . > nauman... Connecting to [127.0.0.1] via relay... > nauman... Deferred: Connection refused by [127.0.0.1] > [root@server ~]# /etc/init.d/MailScanner stop > Shutting down MailScanner daemons: > MailScanner: [ OK ] > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > [root@server ~]# /etc/init.d/MailScanner status > Checking MailScanner daemons: > MailScanner: [FAILED] > incoming sendmail: head: cannot open `/var/run/sendmail.in.pid' for > reading: No such file or directory > [FAILED] > outgoing sendmail: head: cannot open `/var/run/sendmail.out.pid' > for reading: No such file or directory > [FAILED] > [root@server ~]# /etc/init.d/MailScanner stop > Shutting down MailScanner daemons: > MailScanner: [FAILED] > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > [root@server ~]# /etc/init.d/sendmail status > sendmail (pid 32112 32107 32055 32013 32004 31610 31581 30306 30185 30095 > 30002 29917 29863 29667 29520 29461 29399 29042 28938 28918 28263 28041 > 27015 26655 26567 26536 26289 23442 22532 22246 22151 18507 14118) is > running... > [root@server ~]# /etc/init.d/sendmail stop > Shutting down sendmail: [ OK ] > Shutting down sm-client: [FAILED] > [root@server ~]# /etc/init.d/sendmail stop > Shutting down sendmail: [FAILED] > > and after these all - when i restart my Mailscanner - it starts working fine > again - But why do i have to do all this ?? > > how can this be fixed one and for all ? > I'm no sendmail guru, but .... there rather recently have been a couple of similar threads, where the askers have a lot of sendmail children just sitting tehre waiting for a timeout to happen.... and by default, that timout has been so long that they actually have gotten hurt by it. "Solution" seems to be to lower the sendmail timeouts. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From maillists at conactive.com Tue Jun 13 12:31:18 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jun 13 12:32:05 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <009c01c68ea9$65e6a770$23c051cb@noc> References: <003e01c68ada$f71cc800$3701a8c0@lapxp> <4488610A.8030802@ecs.soton.ac.uk> <223f97700606081131h5ef91acbv4d284c8b36e021c2@mail.gmail.com> <009c01c68ea9$65e6a770$23c051cb@noc> Message-ID: Muhammad Nauman wrote on Tue, 13 Jun 2006 10:22:40 +0500: > I m still facing this problem - My sendmail suddenly gets stuck I think it has been said before that shutting down sendmail doesn't shut down every single client that is handling a connection. What shuts down is the master process and any client after terminating the currently handled connection. There is no "stuck", the children handle connections. You can get more information about them with ps. And this doesn't look like a MailScanner problem. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From eneal at dfi-intl.com Tue Jun 13 12:40:43 2006 From: eneal at dfi-intl.com (Errol Neal) Date: Tue Jun 13 12:42:38 2006 Subject: Help Expanding MultipleQueueDir function Message-ID: I'm trying to expand the MultipleQueueDir function to make it a bit more usable for my environment. I'm almost there, but it seems like something in the code I've written isn't correct. Now mind you, I'm not a Programmer so some of it may be terribly wrong. I reused a lot of what's already in CustomConfig.pm. my ($PriorityDomainListFile) = '/etc/MailScanner/rules/prioritylist.conf'; use FileHandle; sub InitMultipleQueueDir { MailScanner::Log::InfoLog("Initialising list for domains receiving priority service"); #"from %s", $PriorityDomainListFile); my $listfile = new FileHandle; unless($listfile->open("<$PriorityDomainListFile")) { MailScanner::Log::WarnLog("Could not read list of domains for priority service " . "from %s", $PriorityDomainListFile); return; } my($fh, $line, $PriorityDomainList); $line = 0; while (<$listfile>) { $line++; chomp; #print STDERR "Line is \"$_\"\n"; s/#.*$//; # Strip comments s/\S*:\S*//g; # Strip any words with ":" in them s/^\s+//g; # Strip leading whitespace s/^(\S+)\s.*$/$1/; # Use only the 1st word s/^\*\@//; # Strip any leading "*@" they might have put in #print STDERR "Line is \"$_\"\n"; next if /^$/; # Strip blank lines $PriorityDomainList->{$listfile}{lc($_)} = 1; # Store the domains return; } $fh->close(); MailScanner::Log::InfoLog("Read %d domains from %s", $line, $PriorityDomainListFile); } sub EndMultipleQueueDir { MailScanner::Log::InfoLog("Shutting down priority domain list"); } sub MultipleQueueDir { my($message, $PriorityDomainList) = @_; #return 0 unless $message; # Sanity check the input my(@todomain, $todomain, $isspam); @todomain = @{$message->{todomain}}; $todomain = $todomain[0]; $isspam = $message->{isspam}; return '/var/spool/mqueue' unless $message; return '/var/spool/mqueue.priority' if $PriorityDomainList->{$todomain}; return '/var/spool/mqueue.spam' if $message->{$isspam}; # It is not in the list return '/var/spool/mqueue'; } Hopefully, you can get the picture of what I'm trying to do. Domains are stored in the prioritylist.conf. >From what I can tell, it's not getting beyond opening the file and reading it. Can someone help me get this working right? TIA. Errol Neal From MailScanner at ecs.soton.ac.uk Tue Jun 13 13:41:09 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 13 13:41:20 2006 Subject: MailScanner: New website feature Message-ID: Folks, Just a quick note to let you all know about a new useful page on www.mailscanner.info. http://www.mailscanner.info/MailScanner.conf.index.html There is an indexed list of every configuration option you can set, including details about it such as whether it can take a ruleset, its default value, a detailed description of its purpose, and so on. It is kept up to date completely automatically, every time I build a new release. You can reach it from the "Documentation" link on (virtually) every page. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060613/a95c2c3f/attachment.html From alex at erus.co.uk Tue Jun 13 13:51:26 2006 From: alex at erus.co.uk (Alex Pimperton) Date: Tue Jun 13 13:52:15 2006 Subject: MailScanner: New website feature In-Reply-To: References: Message-ID: <448EB4CE.2090504@erus.co.uk> Julian Field wrote: > Folks, > > Just a quick note to let you all know about a new useful page on > www.mailscanner.info . > > http://www.mailscanner.info/MailScanner.conf.index.html > > There is an indexed list of every configuration option you can set, > including details about it such as whether it can take a ruleset, its > default value, a detailed description of its purpose, and so on. > This is excellent, thanks. Along the same lines, is it in anyway possible to have something similar for the messages mailscanner outputs to syslog with a description of how severe the error is? I'm getting a lot of false positives for logcheck/logwatch but I don't want to hack in my own regexps for fear of missing a "Mailscanner will blow up the server in 10,9,8..." sometime around 7am on a weekday. Regards, Alex -- This message has been scanned for viruses and dangerous content by the MailScanner at Placet.co.uk, and is believed to be clean. From ugob at camo-route.com Tue Jun 13 13:52:42 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Tue Jun 13 13:53:06 2006 Subject: MailScanner: New website feature In-Reply-To: References: Message-ID: Julian Field wrote: > Folks, > > Just a quick note to let you all know about a new useful page on > www.mailscanner.info . > > http://www.mailscanner.info/MailScanner.conf.index.html > > There is an indexed list of every configuration option you can set, > including details about it such as whether it can take a ruleset, its > default value, a detailed description of its purpose, and so on. > > It is kept up to date completely automatically, every time I build a new > release. > > You can reach it from the "Documentation" link on (virtually) every page. Wow, that rocks :)! From ugob at camo-route.com Tue Jun 13 14:06:09 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Tue Jun 13 14:06:52 2006 Subject: MailScanner: New website feature In-Reply-To: <448EB4CE.2090504@erus.co.uk> References: <448EB4CE.2090504@erus.co.uk> Message-ID: Alex Pimperton wrote: > Julian Field wrote: >> Folks, >> >> Just a quick note to let you all know about a new useful page on >> www.mailscanner.info . >> >> http://www.mailscanner.info/MailScanner.conf.index.html >> >> There is an indexed list of every configuration option you can set, >> including details about it such as whether it can take a ruleset, its >> default value, a detailed description of its purpose, and so on. >> > This is excellent, thanks. > > Along the same lines, is it in anyway possible to have something similar > for the messages mailscanner outputs to syslog with a description of how > severe the error is? > > I'm getting a lot of false positives for logcheck/logwatch but I don't > want to hack in my own regexps for fear of missing a "Mailscanner will > blow up the server in 10,9,8..." sometime around 7am on a weekday. For logwatch, I suggest you upgrade to the latest version and use the CVS mailscanner file. I do this with many servers and it works well. Just think of upgrading your logwatch mailscanner file when you upgrade. From Denis.Beauchemin at USherbrooke.ca Tue Jun 13 14:20:40 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Jun 13 14:21:01 2006 Subject: MailScanner: New website feature In-Reply-To: References: Message-ID: <448EBBA8.5030302@USherbrooke.ca> Julian Field a ?crit : > Folks, > > Just a quick note to let you all know about a new useful page on > www.mailscanner.info . > > http://www.mailscanner.info/MailScanner.conf.index.html > > There is an indexed list of every configuration option you can set, > including details about it such as whether it can take a ruleset, its > default value, a detailed description of its purpose, and so on. > > It is kept up to date completely automatically, every time I build a > new release. > > You can reach it from the "Documentation" link on (virtually) every page. Great! Yesterday I was looking for option header "X-Spam-Status: Yes" nd couldn't remember how to use it. I found it in 10 seconds with this new page! Thanks a lot Julian! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060613/addc0b4f/smime.bin From eneal at dfi-intl.com Tue Jun 13 14:26:18 2006 From: eneal at dfi-intl.com (Errol Neal) Date: Tue Jun 13 14:26:23 2006 Subject: Help Expanding MultipleQueueDir Message-ID: I want to apologize. I sent this message a few times thinking that it did not make it to the list, but it got caught in my Junk Mail because of the perl code. __________________________________________ Errol Uriel Neal Jr. Sr. Network Administrator DFI International, Inc. 1717 Pennsylvania Ave NW, Suite 1300 Washington, DC 20006 Tel (202)452-6955 Fax (202)452-6910 eneal@dfi-intl.com www.dfi-intl.com From richard.siddall at elirion.net Tue Jun 13 15:05:29 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Tue Jun 13 15:06:08 2006 Subject: MailScanner: New website feature In-Reply-To: References: Message-ID: <448EC629.4000808@elirion.net> Julian Field wrote: > There is an indexed list of every configuration option you can set, > including details about it such as whether it can take a ruleset, its > default value, a detailed description of its purpose, and so on. > > It is kept up to date completely automatically, every time I build a > new release. > Would it be easy to include a field in the listings to show what release an option first appeared in? Regards, Richard Siddall From marcel-ml at irc-addicts.de Tue Jun 13 15:08:34 2006 From: marcel-ml at irc-addicts.de (Marcel Blenkers) Date: Tue Jun 13 15:09:08 2006 Subject: Use Default Rules With Multiple Recipients Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there, first of all, i did saw the new Website..great stuff :) My Question is for the Option: Use Default Rules With Multiple Recipients and if i did get it right. Does this mean, if set to yes, this is what happens: Example: I have 2 Users 1 does not want his mails to be scanned, so scanning for that user is turned off via ruleset. Second User wants his mails to be scanned all the way. Email User A ab@cx.com Email User B cd@yx.com Mail comes in: To-Field: ab@cx.com, cd@yx.com does this mean, the mail will be delivered to user a without scanning and to user b with scanning?? Maybe i am wrong here.. so, that is just a question, if i understood everything correct.. :) Thanks in advance.. Marcel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEjsbleuKbXOoTCo8RAmfgAJ0UVX11r5htqTB9Lg1T0XQcoV3XCACaAk0d fPc841f42i9xvPWDuvv24N0= =Up/Z -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Tue Jun 13 15:14:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 13 15:14:25 2006 Subject: Help Expanding MultipleQueueDir function In-Reply-To: References: Message-ID: <8B92E0A6-FCEA-4CD3-BCC3-1474BA99BAFE@ecs.soton.ac.uk> On 13 Jun 2006, at 12:40, Errol Neal wrote: > I'm trying to expand the MultipleQueueDir function to make it a bit > more > usable for my environment. I'm almost there, but it seems like > something > in the code I've written isn't correct. Now mind you, I'm not a > Programmer so some of it may be terribly wrong. I reused a lot of > what's > already in CustomConfig.pm. > > my ($PriorityDomainListFile) = > '/etc/MailScanner/rules/prioritylist.conf'; > use FileHandle; > > sub InitMultipleQueueDir { > MailScanner::Log::InfoLog("Initialising list for domains receiving > priority service"); > #"from %s", $PriorityDomainListFile); > my $listfile = new FileHandle; > > unless($listfile->open("<$PriorityDomainListFile")) { > MailScanner::Log::WarnLog("Could not read list of domains for > priority service " . > "from %s", > $PriorityDomainListFile); > > return; > } > > my($fh, $line, $PriorityDomainList); my($fh, $line, %PriorityDomainList); > $line = 0; > while (<$listfile>) { > $line++; > chomp; > #print STDERR "Line is \"$_\"\n"; > s/#.*$//; # Strip comments > s/\S*:\S*//g; # Strip any words with ":" in them > s/^\s+//g; # Strip leading whitespace > s/^(\S+)\s.*$/$1/; # Use only the 1st word > s/^\*\@//; # Strip any leading "*@" they might have put in > #print STDERR "Line is \"$_\"\n"; > next if /^$/; # Strip blank lines > $PriorityDomainList->{$listfile}{lc($_)} = 1; # Store the > domains $PriorityDomainList{lc($_)} = 1; > return; > } > $fh->close(); > MailScanner::Log::InfoLog("Read %d domains from %s", $line, > $PriorityDomainListFile); > > } > > > sub EndMultipleQueueDir { > MailScanner::Log::InfoLog("Shutting down priority domain list"); > > } > > > sub MultipleQueueDir { > my($message, $PriorityDomainList) = @_; You set $PriorityDomainList elsewhere at the top of your code, so my($message) = @_; > #return 0 unless $message; # Sanity check the input return '/var/spool/mqueue' unless $message; > > my(@todomain, $todomain, $isspam); > @todomain = @{$message->{todomain}}; > $todomain = $todomain[0]; > $isspam = $message->{isspam}; > > return '/var/spool/mqueue' unless $message; If $message was undefined (or 0) then it would have bombed out by now, hence my uncommented line in my previous statement. #return '/var/spool/mqueue' unless $message; > return '/var/spool/mqueue.priority' if > $PriorityDomainList->{$todomain}; $PriorityDomainList{$todomain}; > return '/var/spool/mqueue.spam' if $message->{$isspam}; return '/var/spool/mqueue.spam' if $isspam; > # It is not in the list > return '/var/spool/mqueue'; > } > > Hopefully, you can get the picture of what I'm trying to do. > Domains are > stored in the prioritylist.conf. >> From what I can tell, it's not getting beyond opening the file and > reading it. > Can someone help me get this working right? > > TIA. > > > Errol Neal > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue Jun 13 15:23:48 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 13 15:24:01 2006 Subject: Use Default Rules With Multiple Recipients In-Reply-To: References: Message-ID: On 13 Jun 2006, at 15:08, Marcel Blenkers wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi there, > > first of all, i did saw the new Website..great stuff :) > > My Question is for the Option: > Use Default Rules With Multiple Recipients > > and if i did get it right. > > Does this mean, if set to yes, this is what happens: > > Example: > I have 2 Users > 1 does not want his mails to be scanned, so scanning for that user is > turned off via ruleset. > Second User wants his mails to be scanned all the way. > Email User A ab@cx.com > Email User B cd@yx.com > > Mail comes in: > To-Field: ab@cx.com, cd@yx.com > > does this mean, the mail will be delivered to user a without > scanning and > to user b with scanning?? No. Scan Messages is a "All Match" ruleset, so if any of the recipients want it scanned, it will be scanned. All recipients will get the scanned message. MailScanner does not divide up messages into several different messages for different recipients, there is only ever 1 message with all the recipients on it. > > Maybe i am wrong here.. > > so, that is just a question, if i understood everything correct.. :) > > Thanks in advance.. > > Marcel > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.3 (GNU/Linux) > > iD8DBQFEjsbleuKbXOoTCo8RAmfgAJ0UVX11r5htqTB9Lg1T0XQcoV3XCACaAk0d > fPc841f42i9xvPWDuvv24N0= > =Up/Z > -----END PGP SIGNATURE----- > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From paul at tenfjord.net Tue Jun 13 15:57:35 2006 From: paul at tenfjord.net (Paul Tenfjord) Date: Tue Jun 13 15:59:13 2006 Subject: Mailscanner + Spamassassin domain Preferences In-Reply-To: <448DD946.1010500@ecs.soton.ac.uk> References: <200606122240.04119.paul@tenfjord.net> <448DD946.1010500@ecs.soton.ac.uk> Message-ID: <200606131657.37960.paul@tenfjord.net> On Monday 12 June 2006 23:14, Julian Field wrote: > Basically all the settings people ever actually need to change are > controllable from MailScanner.conf. What settings are you trying to set > per-domain? > > Paul Tenfjord wrote: > > Hi all. > > > > I am setting up a mail hub using postfix, mailscanner, clamav and > > spamassassing. This works very well, mailscanner is really great, the > > only thing left for me to do is figure out how to have user preferences > > (or domain settings, per user is not that important) in spamassassin. > > I've read about sql user preferences but that requires that SA uses > > spamc/spamd, which as far as I know MS does not do. I also found some > > posts in the archive but they are dated back to 2004 > > (http://lists.mailscanner.info/pipermail/mailscanner/2006-April/060055.ht > >ml), maybe something has happend in this front since then. > > > > I appreciate all answers. > > > > Thanks > > > > Best regards > > Paul > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. Hi. Thanks for the reply. This server is replacing another mailhub, which has per domain settings. Some domain customers have requested that mail tagged as spam should be redirected to spam@theirfirm.org. This is the only setting I need to set different for each domain. Any suggestions? Thanks again. --Paul -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 191 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060613/fce84cfa/attachment.bin From matt at coders.co.uk Tue Jun 13 15:59:42 2006 From: matt at coders.co.uk (Matt Hampton) Date: Tue Jun 13 15:59:51 2006 Subject: Use Default Rules With Multiple Recipients In-Reply-To: References: Message-ID: <448ED2DE.4090006@coders.co.uk> >> No. Scan Messages is a "All Match" ruleset, so if any of the recipients >> want it scanned, it will be scanned. All recipients will get the scanned >> message. > >> MailScanner does not divide up messages into several different messages >> for different recipients, there is only ever 1 message with all the >> recipients on it. I have updated the MAQ with a specific header: Multiple Recipient Message - how to apply different rules It was hidden under the Misc questions and was Sendmail specific. It now is MTA independent of the MTA but has instructions for only Sendmail. Can some let me know which other MTA's support envelope splitting and which don't - We will probably need to move the information to a new location in the tree - under documentation:configuration:mta:Sendmail etc and leave links under the MAQ. Am I right in thinking that postfix doesn't.... matt From glenn.steen at gmail.com Tue Jun 13 16:16:43 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 13 16:16:45 2006 Subject: Mailscanner + Spamassassin domain Preferences In-Reply-To: <200606131657.37960.paul@tenfjord.net> References: <200606122240.04119.paul@tenfjord.net> <448DD946.1010500@ecs.soton.ac.uk> <200606131657.37960.paul@tenfjord.net> Message-ID: <223f97700606130816w6f0dad27uaf155a5bd662472f@mail.gmail.com> On 13/06/06, Paul Tenfjord wrote: (snip) > Hi. > > Thanks for the reply. > This server is replacing another mailhub, which has per domain settings. Some > domain customers have requested that mail tagged as spam should be redirected > to spam@theirfirm.org. This is the only setting I need to set different for > each domain. > Any suggestions? > > Thanks again. > > --Paul > Why not make a ruleset for http://www.mailscanner.info/MailScanner.conf.index.html#Spam%20Actions and perhaps also on http://www.mailscanner.info/MailScanner.conf.index.html#High%20Scoring%20Spam%20Actions ... would be the logical thing to do, IMO. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From wintermutecx at gmail.com Tue Jun 13 16:54:42 2006 From: wintermutecx at gmail.com (Dave) Date: Tue Jun 13 16:54:44 2006 Subject: force autolearn Message-ID: I've been hit with a dictionary attack for generic accounts like uucp, accounts, home, sales, etc. I have never used or plan to use these accounts. Right now I have a rule that adds 5 to the score if sent to those accounts but I would like to have them autolearned as well. From what I've read, custom rules are not used in the autolearn threshold count. Is that true? From MailScanner at ecs.soton.ac.uk Tue Jun 13 16:55:07 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 13 16:55:25 2006 Subject: Mailscanner + Spamassassin domain Preferences In-Reply-To: <200606131657.37960.paul@tenfjord.net> References: <200606122240.04119.paul@tenfjord.net> <448DD946.1010500@ecs.soton.ac.uk> <200606131657.37960.paul@tenfjord.net> Message-ID: On 13 Jun 2006, at 15:57, Paul Tenfjord wrote: > On Monday 12 June 2006 23:14, Julian Field wrote: >> Basically all the settings people ever actually need to change are >> controllable from MailScanner.conf. What settings are you trying >> to set >> per-domain? >> >> Paul Tenfjord wrote: >>> Hi all. >>> >>> I am setting up a mail hub using postfix, mailscanner, clamav and >>> spamassassing. This works very well, mailscanner is really great, >>> the >>> only thing left for me to do is figure out how to have user >>> preferences >>> (or domain settings, per user is not that important) in >>> spamassassin. >>> I've read about sql user preferences but that requires that SA uses >>> spamc/spamd, which as far as I know MS does not do. I also found >>> some >>> posts in the archive but they are dated back to 2004 >>> (http://lists.mailscanner.info/pipermail/mailscanner/2006-April/ >>> 060055.ht >>> ml), maybe something has happend in this front since then. >>> >>> I appreciate all answers. >>> >>> Thanks >>> >>> Best regards >>> Paul >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. > > > Hi. > > Thanks for the reply. > This server is replacing another mailhub, which has per domain > settings. Some > domain customers have requested that mail tagged as spam should be > redirected > to spam@theirfirm.org. This is the only setting I need to set > different for > each domain. > Any suggestions? You can do this with a ruleset attached to "Spam Actions" and "High- Scoring Spam Actions" in MailScanner.conf. Something along the lines of To: domain1.com forward spam@theirfirm.org To: domain2.com forward spam@domain2.com FromOrTo: default deliver Easy as that. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From ssilva at sgvwater.com Tue Jun 13 17:06:30 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jun 13 17:07:04 2006 Subject: MailScanner: New website feature In-Reply-To: References: Message-ID: Julian Field spake the following on 6/13/2006 5:41 AM: > Folks, > > Just a quick note to let you all know about a new useful page on > www.mailscanner.info . > > http://www.mailscanner.info/MailScanner.conf.index.html > > There is an indexed list of every configuration option you can set, > including details about it such as whether it can take a ruleset, its > default value, a detailed description of its purpose, and so on. > > It is kept up to date completely automatically, every time I build a new > release. > > You can reach it from the "Documentation" link on (virtually) every page. > You are totally awe inspiring! One more step towards World Domination!!! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Tue Jun 13 17:08:06 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jun 13 17:10:17 2006 Subject: Use Default Rules With Multiple Recipients In-Reply-To: References: Message-ID: Marcel Blenkers spake the following on 6/13/2006 7:08 AM: > Hi there, > > first of all, i did saw the new Website..great stuff :) > > My Question is for the Option: > Use Default Rules With Multiple Recipients > > and if i did get it right. > > Does this mean, if set to yes, this is what happens: > > Example: > I have 2 Users > 1 does not want his mails to be scanned, so scanning for that user is > turned off via ruleset. > Second User wants his mails to be scanned all the way. > Email User A ab@cx.com > Email User B cd@yx.com > > Mail comes in: > To-Field: ab@cx.com, cd@yx.com > > does this mean, the mail will be delivered to user a without scanning and > to user b with scanning?? > > Maybe i am wrong here.. > > so, that is just a question, if i understood everything correct.. :) > > Thanks in advance.. > > Marcel You would have to get your MTA to split the messages first if you want this functionality. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ka at pacific.net Tue Jun 13 17:18:05 2006 From: ka at pacific.net (Ken A) Date: Tue Jun 13 17:17:54 2006 Subject: MailScanner: New website feature In-Reply-To: References: Message-ID: <448EE53D.4020701@pacific.net> Scott Silva wrote: > Julian Field spake the following on 6/13/2006 5:41 AM: >> Folks, >> >> Just a quick note to let you all know about a new useful page on >> www.mailscanner.info . >> >> http://www.mailscanner.info/MailScanner.conf.index.html >> >> There is an indexed list of every configuration option you can set, >> including details about it such as whether it can take a ruleset, its >> default value, a detailed description of its purpose, and so on. >> >> It is kept up to date completely automatically, every time I build a new >> release. >> >> You can reach it from the "Documentation" link on (virtually) every page. >> > You are totally awe inspiring! > One more step towards World Domination!!! > Looks like it will make fine wallpaper too! But, how will I ever fit this on a coffee mug? Ken A Pacific.Net From martinh at solid-state-logic.com Tue Jun 13 17:26:15 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Jun 13 17:26:34 2006 Subject: force autolearn In-Reply-To: Message-ID: <016d01c68f06$18027db0$3004010a@martinhlaptop> I find it best to only accept emails for valid address on the inbound MTA. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Dave > Sent: 13 June 2006 16:55 > To: mailscanner@lists.mailscanner.info > Subject: force autolearn > > I've been hit with a dictionary attack for generic accounts like uucp, > accounts, home, sales, etc. I have never used or plan to use these > accounts. Right now I have a rule that adds 5 to the score if sent to > those accounts but I would like to have them autolearned as well. From > what I've read, custom rules are not used in the autolearn threshold > count. Is that true? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From drew at themarshalls.co.uk Tue Jun 13 17:30:56 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Tue Jun 13 17:31:06 2006 Subject: force autolearn In-Reply-To: References: Message-ID: <36002.194.70.180.170.1150216256.squirrel@webmail.r-bit.net> On Tue, June 13, 2006 16:54, Dave wrote: > I've been hit with a dictionary attack for generic accounts like uucp, > accounts, home, sales, etc. I have never used or plan to use these > accounts. Right now I have a rule that adds 5 to the score if sent to > those accounts but I would like to have them autolearned as well. From > what I've read, custom rules are not used in the autolearn threshold > count. Is that true? Why not just reject these (And all other unknown users) at your MTA? Save all the processing overhead and protect your server from a really big directory attack. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From eneal at dfi-intl.com Tue Jun 13 17:34:33 2006 From: eneal at dfi-intl.com (Errol Neal) Date: Tue Jun 13 17:34:41 2006 Subject: Help Expanding MultipleQueueDir function Message-ID: Thanks for your help Julian. This is the final result.. my ($PriorityDomainListFile) = '/etc/MailScanner/rules/prioritylist.conf'; use FileHandle; sub InitMultipleQueueDir { MailScanner::Log::InfoLog("Initialising list for domains receiving priority service"); #"from %s", $PriorityDomainListFile); my $listfile = new FileHandle; unless($listfile->open("<$PriorityDomainListFile")) { MailScanner::Log::WarnLog("Could not read list of domains for priority service " . "from %s", $PriorityDomainListFile); return; } my($fh, $line, %PriorityDomainList); $line = 0; while (<$listfile>) { $line++; chomp; #print STDERR "Line is \"$_\"\n"; s/#.*$//; # Strip comments s/\S*:\S*//g; # Strip any words with ":" in them s/^\s+//g; # Strip leading whitespace s/^(\S+)\s.*$/$1/; # Use only the 1st word s/^\*\@//; # Strip any leading "*@" they might have put in #print STDERR "Line is \"$_\"\n"; next if /^$/; # Strip blank lines #$PriorityDomainList->{$PriorityDomainListFile}{lc($_)} = 1; # Store the domains $PriorityDomainList{lc($_)} = 1; return; } $fh->close(); MailScanner::Log::InfoLog("Read %d domains from %s", $line, $PriorityDomainListFile); } sub EndMultipleQueueDir { MailScanner::Log::InfoLog("Shutting down priority domain list"); } sub MultipleQueueDir { my($message) = @_; return '/var/spool/mqueue' unless $message; # Sanity check the input my(@todomain, $todomain, $isspam); @todomain = @{$message->{todomain}}; $todomain = $todomain[0]; $isspam = $message->{isspam}; return '/var/spool/mqueue.priority' if $PriorityDomainList{$todomain}; return '/var/spool/mqueue.spam' if $isspam; # It is not in the list return '/var/spool/mqueue'; } I get an error though when starting it up. Global symbol "%PriorityDomainList" requires explicit package name at /usr/lib/MailScanner/MailScanner/CustomConfig.pm line 718. Any thoughts? From wintermutecx at gmail.com Tue Jun 13 18:12:48 2006 From: wintermutecx at gmail.com (Dave) Date: Tue Jun 13 18:12:49 2006 Subject: force autolearn In-Reply-To: <36002.194.70.180.170.1150216256.squirrel@webmail.r-bit.net> References: <36002.194.70.180.170.1150216256.squirrel@webmail.r-bit.net> Message-ID: On 6/13/06, Drew Marshall wrote: > On Tue, June 13, 2006 16:54, Dave wrote: > > I've been hit with a dictionary attack for generic accounts like uucp, > > accounts, home, sales, etc. I have never used or plan to use these > > accounts. Right now I have a rule that adds 5 to the score if sent to > > those accounts but I would like to have them autolearned as well. From > > what I've read, custom rules are not used in the autolearn threshold > > count. Is that true? > > Why not just reject these (And all other unknown users) at your MTA? Save > all the processing overhead and protect your server from a really big > directory attack. I don't deliver mail with a spam score greater then 6, nor are they rejected. Does Mailscanner check to see if it's a valid user before spam scoring? From mkettler at evi-inc.com Tue Jun 13 18:24:10 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Jun 13 18:24:20 2006 Subject: force autolearn In-Reply-To: References: Message-ID: <448EF4BA.8010704@evi-inc.com> Dave wrote: > I've been hit with a dictionary attack for generic accounts like uucp, > accounts, home, sales, etc. I have never used or plan to use these > accounts. Right now I have a rule that adds 5 to the score if sent to > those accounts but I would like to have them autolearned as well. From > what I've read, custom rules are not used in the autolearn threshold > count. Is that true? That is not true. SA does not even know the difference between a "stock" rule or a custom rule. As far as SA is concerned, a rule is a rule. The things that don't count for autolearning are: (quoted from man Mail::SpamAssassin::Conf under the definition of bayes_auto_learn) - rules with tflags set to 'learn' (the Bayesian rules) - rules with tflags set to 'userconf' (user white/black-listing rules, etc) - rules with tflags set to 'noautolearn' So unless your custom rule includes a tflags statement that adds one of those flags, it should work fine. That said, I personally alias all these accounts into a single spamtrap account, and a daily cronjob picks the mailbox up and force-feeds it to sa-learn. From MailScanner at ecs.soton.ac.uk Tue Jun 13 18:28:34 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 13 18:29:47 2006 Subject: Help Expanding MultipleQueueDir function In-Reply-To: References: Message-ID: <448EF5C2.8090604@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Errol Neal wrote: > Thanks for your help Julian. This is the final result.. > > my ($PriorityDomainListFile) = > '/etc/MailScanner/rules/prioritylist.conf'; > Add the line my %PriorityDomainList = (); > use FileHandle; > > sub InitMultipleQueueDir { > MailScanner::Log::InfoLog("Initialising list for domains receiving > priority service"); > #"from %s", $PriorityDomainListFile); > my $listfile = new FileHandle; > > unless($listfile->open("<$PriorityDomainListFile")) { > MailScanner::Log::WarnLog("Could not read list of domains for > priority service " . > "from %s", $PriorityDomainListFile); > > return; > } > > my($fh, $line, %PriorityDomainList); > Replace that with my($fh, $line); > $line = 0; > while (<$listfile>) { > $line++; > chomp; > #print STDERR "Line is \"$_\"\n"; > s/#.*$//; # Strip comments > s/\S*:\S*//g; # Strip any words with ":" in them > s/^\s+//g; # Strip leading whitespace > s/^(\S+)\s.*$/$1/; # Use only the 1st word > s/^\*\@//; # Strip any leading "*@" they might have put in > #print STDERR "Line is \"$_\"\n"; > next if /^$/; # Strip blank lines > #$PriorityDomainList->{$PriorityDomainListFile}{lc($_)} = 1; # > Store the domains > $PriorityDomainList{lc($_)} = 1; > return; > Remove that return; > } > $fh->close(); > MailScanner::Log::InfoLog("Read %d domains from %s", $line, > $PriorityDomainListFile); > > } > > > sub EndMultipleQueueDir { > MailScanner::Log::InfoLog("Shutting down priority domain list"); > > } > > > sub MultipleQueueDir { > my($message) = @_; > > return '/var/spool/mqueue' unless $message; # Sanity check the input > > my(@todomain, $todomain, $isspam); > @todomain = @{$message->{todomain}}; > $todomain = $todomain[0]; > $isspam = $message->{isspam}; > > > return '/var/spool/mqueue.priority' if $PriorityDomainList{$todomain}; > return '/var/spool/mqueue.spam' if $isspam; > > # It is not in the list > return '/var/spool/mqueue'; > } > > > I get an error though when starting it up. > > Global symbol "%PriorityDomainList" requires explicit package name at > /usr/lib/MailScanner/MailScanner/CustomConfig.pm line 718. > > Any thoughts? > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRI71wxH2WUcUFbZUEQL4/wCeNwQx6W/VW7TZcy76hXdQIe9d6oUAn2Yx tiBOZxG94TF6nLXSPEKzccDq =zaxR -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Tue Jun 13 18:34:46 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 13 18:34:48 2006 Subject: force autolearn In-Reply-To: References: <36002.194.70.180.170.1150216256.squirrel@webmail.r-bit.net> Message-ID: <223f97700606131034y28ffedb1jdfba6f573c16ba1e@mail.gmail.com> On 13/06/06, Dave wrote: > On 6/13/06, Drew Marshall wrote: > > On Tue, June 13, 2006 16:54, Dave wrote: > > > I've been hit with a dictionary attack for generic accounts like uucp, > > > accounts, home, sales, etc. I have never used or plan to use these > > > accounts. Right now I have a rule that adds 5 to the score if sent to > > > those accounts but I would like to have them autolearned as well. From > > > what I've read, custom rules are not used in the autolearn threshold > > > count. Is that true? > > > > Why not just reject these (And all other unknown users) at your MTA? Save > > all the processing overhead and protect your server from a really big > > directory attack. > > I don't deliver mail with a spam score greater then 6, nor are they > rejected. Does Mailscanner check to see if it's a valid user before > spam scoring? No, but you can teach your MTA how to do it (be it Postfix, Exim or Sendmail.... Well, the latter may need a milter to do it:)... After all, the mails are clearly not for you/your users, and (if it is a real MTA sending) it'll be safe to reject, since the sender will then generate an NDN to the sender... You have no obligation (at all) to handle these. So don't, by rejecting them. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ka at pacific.net Tue Jun 13 19:37:52 2006 From: ka at pacific.net (Ken A) Date: Tue Jun 13 19:37:43 2006 Subject: force autolearn In-Reply-To: <223f97700606131034y28ffedb1jdfba6f573c16ba1e@mail.gmail.com> References: <36002.194.70.180.170.1150216256.squirrel@webmail.r-bit.net> <223f97700606131034y28ffedb1jdfba6f573c16ba1e@mail.gmail.com> Message-ID: <448F0600.8040808@pacific.net> Glenn Steen wrote: > On 13/06/06, Dave wrote: >> On 6/13/06, Drew Marshall wrote: >> > On Tue, June 13, 2006 16:54, Dave wrote: >> > > I've been hit with a dictionary attack for generic accounts like >> uucp, >> > > accounts, home, sales, etc. I have never used or plan to use these >> > > accounts. Right now I have a rule that adds 5 to the score if sent to >> > > those accounts but I would like to have them autolearned as well. >> From >> > > what I've read, custom rules are not used in the autolearn threshold >> > > count. Is that true? >> > >> > Why not just reject these (And all other unknown users) at your MTA? >> Save >> > all the processing overhead and protect your server from a really big >> > directory attack. >> >> I don't deliver mail with a spam score greater then 6, nor are they >> rejected. Does Mailscanner check to see if it's a valid user before >> spam scoring? > No, but you can teach your MTA how to do it (be it Postfix, Exim or > Sendmail.... Well, the latter may need a milter to do it:)... The sendmail access db works too, though you have to do some scripting to generate it from your password db. Ken A Pacific.Net After > all, the mails are clearly not for you/your users, and (if it is a > real MTA sending) it'll be safe to reject, since the sender will then > generate an NDN to the sender... You have no obligation (at all) to > handle these. So don't, by rejecting them. > From arturs at netvision.net.il Tue Jun 13 22:05:37 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Tue Jun 13 21:07:23 2006 Subject: MailScanner: New website feature In-Reply-To: Message-ID: <005501c68f2d$1e988490$3701a8c0@lapxp> wonderfull ! Best, -- Arthur Sherman +972-52-4878851 CPTeam _____ From: mailscanner-announce-bounces@lists.mailscanner.info [mailto:mailscanner-announce-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Tuesday, June 13, 2006 2:41 PM To: MailScanner mailing list Cc: MailScanner-Announce mailing list list Subject: MailScanner: New website feature Folks, Just a quick note to let you all know about a new useful page on www.mailscanner.info. http://www.mailscanner.info/MailScanner.conf.index.html There is an indexed list of every configuration option you can set, including details about it such as whether it can take a ruleset, its default value, a detailed description of its purpose, and so on. It is kept up to date completely automatically, every time I build a new release. You can reach it from the "Documentation" link on (virtually) every page. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060613/93cab51c/attachment.html From wintermutecx at gmail.com Tue Jun 13 21:10:59 2006 From: wintermutecx at gmail.com (Dave) Date: Tue Jun 13 21:11:02 2006 Subject: force autolearn In-Reply-To: References: Message-ID: In the future, I'll set up the MTA to not process mail that doesn't have an end user. In the interim, is the original question possible? Force autolearn using a custom rule? From mkettler at evi-inc.com Tue Jun 13 21:26:39 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Jun 13 21:26:54 2006 Subject: force autolearn In-Reply-To: References: Message-ID: <448F1F7F.1070003@evi-inc.com> Dave wrote: > In the future, I'll set up the MTA to not process mail that doesn't > have an end user. In the interim, is the original question possible? > Force autolearn using a custom rule? As I said before, custom rules are factored into the autolearning, and are treated no differently that the rules that come with SA. However, you will need at least TWO rules to force autolearning as spam. One rule alone cannot force autolearning, no matter how high the score of that rule is. In order to learn as spam, a message must have at least 3.0 worth of points from header rules, AND 3.0 worth of points from body rules. This is a hard-coded requirement that exists regardless of what your autolearn threshold is. You also can't force autolearn to learn anything that would have scored very low on the BAYES scale to begin with. ie: regardless of score, and no matter how many rules fire, the autolearner will not learn as spam anything that would have hit BAYES_00 or BAYES_05. (note: I'm assuming SA 3.1.0 here.. the exact sets of rules that cause this exemption have changed over time because it's based on the score of the bayes rules being less than -1.0. ) In your current situation, these features might seem like a pain, but they're there for a reason. They're all there as safety nets to reduce the chance of the autolearner polluting the bayes database if one rule starts false-firing. From hden at kcbbs.gen.nz Tue Jun 13 21:53:04 2006 From: hden at kcbbs.gen.nz (Hendrik den Hartog) Date: Tue Jun 13 21:37:23 2006 Subject: Sophos SAVI In-Reply-To: <53A206F2-35D0-4E3A-B927-1D8F818F69A3@ecs.soton.ac.uk> References: <050c01c68e3a$0d1b5420$88c5c657@arthur> <20060613052907.GA1172@mew.kcbbs.gen.nz> <53A206F2-35D0-4E3A-B927-1D8F818F69A3@ecs.soton.ac.uk> Message-ID: <20060613205304.GA1431@mew.kcbbs.gen.nz> appreciate the reply, Sheeze, is that *all?*. Back in the olden days you had to add lines to the perl-SAVI configure file while installing perl-SAVI. Those were the instructions I was after /or/ have these been superceded? Thanks Cheers! Hden On Tue, Jun 13, 2006 at 08:54:55AM +0100, Julian Field wrote: > > On 13 Jun 2006, at 06:29, Hendrik den Hartog wrote: > > >We need to rebuild our Server. Can someone please point out the > >path to the [new[ location of the DOCS that explain how to install/ > >use sophos SAVI with Mailscanner. > > Download and unpack the Sophos distribution. Then run "Sophos.install". > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From Gernot.Bauer at gmx.net Tue Jun 13 22:51:43 2006 From: Gernot.Bauer at gmx.net (Gernot Bauer) Date: Tue Jun 13 22:51:45 2006 Subject: sendmail refuses to use /var/spool/mqueue.in Message-ID: <20060613215143.312170@gmx.net> Hi! I am trying to install MailScanner 4.54.6 on SuSE linux 10.1 with sendmail 8.13.6, but sendmail refuses to use the /var/spool/mqueue.in queue directory. Sendmail works fine using /var/spool/mqueue, but any attempt to point the queue directory to another location (either with -OQueueDirectory or through the config file) fails: k5DLFlrt015190: SYSERR(root): gatherq: cannot open "/var/spool/mqueue.in": Operation not permitted daemon could not open control socket /var/run/sendmail/control: Operation not permitted The directory permissions are all fine. Could this be a sendmail bug? The problem appeared when I tried to start MailScanner, after all packages installed nicely. Regards, Gernot Bauer -- Echte DSL-Flatrate dauerhaft f?r 0,- Euro*! "Feel free" mit GMX DSL! http://www.gmx.net/de/go/dsl From ugob at camo-route.com Tue Jun 13 23:44:04 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Tue Jun 13 23:44:38 2006 Subject: sendmail refuses to use /var/spool/mqueue.in In-Reply-To: <20060613215143.312170@gmx.net> References: <20060613215143.312170@gmx.net> Message-ID: Gernot Bauer wrote: > Hi! > > I am trying to install MailScanner 4.54.6 on SuSE linux 10.1 with sendmail 8.13.6, but sendmail refuses to use the /var/spool/mqueue.in queue directory. Sendmail works fine using /var/spool/mqueue, but any attempt to point the queue directory to another location (either with -OQueueDirectory or through the config file) fails: > > k5DLFlrt015190: SYSERR(root): gatherq: cannot open "/var/spool/mqueue.in": Operation not permitted > daemon could not open control socket /var/run/sendmail/control: Operation not permitted > > The directory permissions are all fine. > > Could this be a sendmail bug? > > The problem appeared when I tried to start MailScanner, after all packages installed nicely. Did you stop the original sendmail? > > Regards, > Gernot Bauer > From jrudd at ucsc.edu Wed Jun 14 03:25:50 2006 From: jrudd at ucsc.edu (John Rudd) Date: Wed Jun 14 03:26:18 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: <014c01c68a17$6242be60$3004010a@martinhlaptop> <4486A924.5090502@netmagicsolutions.com> Message-ID: > On Wed, 7 Jun 2006, Dhawal Doshy wrote: >> >> Most of us run servers that pretty much do serious work ;-).. to each >> his/her way. You can use RBLs at: >> >> SpamAssassin: Best way to use RBLs as per my POV.. the bad part being >> that mails originating from ROKSO (spamhaus) are accepted and then >> tagged. Sorry to reply to this so late, but, IMO, the best way to use RBLs is: a) do SBL and XBL at the MTA, so that you're NOT accepting ROKSO originating emails. b) use those RBLs, plus any others you want to (RFC-Ignorant, etc.) in Spam Assassin to mark messages. Step a reduces your SA load, and completely rejects messages that you can be better than 99% sure are spam. Step b lets you leverage RBLs to help tag any other possible spam sources, but without outright rejecting them. From phillip at eacsi.com Wed Jun 14 03:21:49 2006 From: phillip at eacsi.com (phillip@eacsi.com) Date: Wed Jun 14 03:28:51 2006 Subject: OUT OF OFFICE - Re: Re: Who does RBL checks - MailScanner or SpamAssassin? Message-ID: <20060614022149.24920.qmail@coruscant.stellardreams.com> I'm out of the office until Friday or Monday. Please contact support@eacsi.com for assistance. Thanks, Phillip T. George Electronic & Computer Solutions, Inc. From levin at mydream.com.hk Wed Jun 14 04:19:00 2006 From: levin at mydream.com.hk (Levin) Date: Wed Jun 14 04:18:34 2006 Subject: Startup script question Message-ID: <448F8024.7060908@mydream.com.hk> Hi, My mailbox running a sendmail MTA as a relay-only gateway, I setup a mailscanner up and run, however I found out that if it state DeliveryMode=queueonly in /etc/rc.d/init.d/MailScanner script, all incoming from from otherworld will stuck into /var/spool/mqueue.in and not go anywhere, also /var/log/maillog show the mail was queued NOT sent, so I modify it to DeliveryMode=background, it seems work... but I don't know anything wrong, would you please describe a little bit my statement? Thank you very much! Levin From KShortt at ussco.com Wed Jun 14 04:29:47 2006 From: KShortt at ussco.com (Shortt, Kevin) Date: Wed Jun 14 04:29:52 2006 Subject: Upgrade Recommendations Message-ID: <122DFF9D468A2F4DAC3405E57A39DF7805DF2C68@Fsc-Mail-2.na.ds.ussco.com> Hello Everyone, I need to upgrade my current setup. I am looking for some advice from a higher level. (at first anyway) This is what I have: O/S: RHEL 3 (all rpms below..) MailScanner-perl-MIME-Base64-3.05-5 sendmail-8.12.11-4.RHEL3.4 sendmail-cf-8.12.11-4.RHEL3.4 mailscanner-4.36.4-1 perl-MailTools-1.50-1 spamassassin-2.55-3.4 I purchase an entitlement from RH to be able easily update my server. However, RH does NOT support sendmail 8.13.x on RHEL3... NOR spamassasin 3.0.x on RHEL3 either. I am willing to upgrade both manually against RH support. My question: Which should I tackle first.?? Spamassasin...then sendmail...then MS? Any caveats that I need to be aware of?...(I know there is care from SA 2.55 to 3.0.) Is anyone else in my same position? I mean I am getting a lot spam through. Perhaps I only need to fix what I have. I would love any and all opinions on a course of action. Thank you in advance. This is great mailling list. -k From mike at vesol.com Wed Jun 14 04:52:44 2006 From: mike at vesol.com (Mike Kercher) Date: Wed Jun 14 04:53:03 2006 Subject: Upgrade Recommendations Message-ID: Why not move on up to RHEL 4? I wouldn't worry about RH supporting SA3.x personally. The benefit of spamassassin outweighs RH by a long shot. Mike > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Shortt, Kevin > Sent: Tuesday, June 13, 2006 10:30 PM > To: MailScanner discussion > Subject: Upgrade Recommendations > > > Hello Everyone, > > I need to upgrade my current setup. I am looking for some > advice from a higher level. (at first anyway) > > This is what I have: > > O/S: RHEL 3 > (all rpms below..) > MailScanner-perl-MIME-Base64-3.05-5 > sendmail-8.12.11-4.RHEL3.4 > sendmail-cf-8.12.11-4.RHEL3.4 > mailscanner-4.36.4-1 > perl-MailTools-1.50-1 > spamassassin-2.55-3.4 > > > > I purchase an entitlement from RH to be able easily update my server. > However, RH does NOT support sendmail 8.13.x on RHEL3... > NOR spamassasin 3.0.x on RHEL3 either. > > I am willing to upgrade both manually against RH support. > > > My question: > > Which should I tackle first.?? > Spamassasin...then sendmail...then MS? > Any caveats that I need to be aware of?...(I know there is > care from SA > 2.55 to 3.0.) > Is anyone else in my same position? I mean I am getting a > lot spam through. Perhaps I only need to fix what I have. > > > I would love any and all opinions on a course of action. > > > Thank you in advance. This is great mailling list. > > -k > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mikej at rogers.com Wed Jun 14 05:56:26 2006 From: mikej at rogers.com (Mike Jakubik) Date: Wed Jun 14 05:56:18 2006 Subject: Upgrade Recommendations In-Reply-To: <122DFF9D468A2F4DAC3405E57A39DF7805DF2C68@Fsc-Mail-2.na.ds.ussco.com> References: <122DFF9D468A2F4DAC3405E57A39DF7805DF2C68@Fsc-Mail-2.na.ds.ussco.com> Message-ID: <448F96FA.4070900@rogers.com> Shortt, Kevin wrote: > Hello Everyone, > > I need to upgrade my current setup. I am looking for some advice from a > higher level. (at first anyway) > > This is what I have: > > O/S: RHEL 3 > (all rpms below..) > MailScanner-perl-MIME-Base64-3.05-5 > sendmail-8.12.11-4.RHEL3.4 > sendmail-cf-8.12.11-4.RHEL3.4 > mailscanner-4.36.4-1 > perl-MailTools-1.50-1 > spamassassin-2.55-3.4 > > > > I purchase an entitlement from RH to be able easily update my server. > However, RH does NOT support sendmail 8.13.x on RHEL3... > NOR spamassasin 3.0.x on RHEL3 either. > > I am willing to upgrade both manually against RH support. > > > My question: > > Which should I tackle first.?? > Spamassasin...then sendmail...then MS? > The OS, then the application. I would recommend you try FreeBSD, updates and upgrades are always free, and the ports system does an excellent job at managing the MailScanner installation. From Gernot.Bauer at gmx.net Wed Jun 14 09:09:29 2006 From: Gernot.Bauer at gmx.net (Gernot Bauer) Date: Wed Jun 14 09:09:48 2006 Subject: sendmail refuses to use /var/spool/mqueue.in In-Reply-To: References: <20060613215143.312170@gmx.net> Message-ID: <7.0.1.0.0.20060614100714.0204e0f0@gmx.net> > > > > The problem appeared when I tried to start MailScanner, after all > packages installed nicely. > >Did you stop the original sendmail? Of course! I've been using MailScanner happily since 2002, but now I can't get it to work on this SuSE box. Looks all very strange to me. Gernot From phillip at eacsi.com Wed Jun 14 09:05:03 2006 From: phillip at eacsi.com (phillip@eacsi.com) Date: Wed Jun 14 09:12:05 2006 Subject: OUT OF OFFICE - Re: Re: sendmail refuses to use /var/spool/mqueue.in Message-ID: <20060614080503.14372.qmail@coruscant.stellardreams.com> I'm out of the office until Friday or Monday. Please contact support@eacsi.com for assistance. Thanks, Phillip T. George Electronic & Computer Solutions, Inc. From shrek-m at gmx.de Wed Jun 14 09:42:18 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Wed Jun 14 09:42:26 2006 Subject: OUT OF OFFICE - Re: Re: sendmail refuses to use /var/spool/mqueue.in In-Reply-To: <20060614080503.14372.qmail@coruscant.stellardreams.com> References: <20060614080503.14372.qmail@coruscant.stellardreams.com> Message-ID: <448FCBEA.7070809@gmx.de> phillip@eacsi.com schrieb: > I'm out of the office until Friday or Monday. Please contact support@eacsi.com for assistance. > > Thanks, > Phillip T. George > Electronic & Computer Solutions, Inc. out_of_office counter - phillip@eacsi.com 1 x Subject: OUT OF OFFICE - Re: Re: Who does RBL checks - MailScanner or SpamAssassin? 1 x Subject: OUT OF OFFICE - Re: Re: sendmail refuses to use /var/spool/mqueue.in -- shrek-m From prandal at herefordshire.gov.uk Wed Jun 14 10:10:00 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Jun 14 10:13:09 2006 Subject: Upgrade Recommendations Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580D660413@isabella.herefordshire.gov.uk> Upgrade to CentOS 4.3 - it's a community-supported RHEL 4 clone, long support lifecycle, and works a treat here. The upgrade should be pretty painless. http://wwww.centos.org Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Shortt, Kevin > Sent: 14 June 2006 04:30 > To: MailScanner discussion > Subject: Upgrade Recommendations > > > Hello Everyone, > > I need to upgrade my current setup. I am looking for some > advice from a > higher level. (at first anyway) > > This is what I have: > > O/S: RHEL 3 > (all rpms below..) > MailScanner-perl-MIME-Base64-3.05-5 > sendmail-8.12.11-4.RHEL3.4 > sendmail-cf-8.12.11-4.RHEL3.4 > mailscanner-4.36.4-1 > perl-MailTools-1.50-1 > spamassassin-2.55-3.4 > > > > I purchase an entitlement from RH to be able easily update my server. > However, RH does NOT support sendmail 8.13.x on RHEL3... > NOR spamassasin 3.0.x on RHEL3 either. > > I am willing to upgrade both manually against RH support. > > > My question: > > Which should I tackle first.?? > Spamassasin...then sendmail...then MS? > Any caveats that I need to be aware of?...(I know there is > care from SA > 2.55 to 3.0.) > Is anyone else in my same position? I mean I am getting a lot spam > through. Perhaps I only need to fix what I have. > > > I would love any and all opinions on a course of action. > > > Thank you in advance. This is great mailling list. > > -k > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From glenn.steen at gmail.com Wed Jun 14 10:17:48 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Jun 14 10:17:51 2006 Subject: OUT OF OFFICE - Re: Re: sendmail refuses to use /var/spool/mqueue.in In-Reply-To: <448FCBEA.7070809@gmx.de> References: <20060614080503.14372.qmail@coruscant.stellardreams.com> <448FCBEA.7070809@gmx.de> Message-ID: <223f97700606140217m1f7578bbr6a7b6133dbbeece9@mail.gmail.com> On 14/06/06, shrek-m@gmx.de wrote: > phillip@eacsi.com schrieb: > > I'm out of the office until Friday or Monday. Please contact support@eacsi.com for assistance. > > > > Thanks, > > Phillip T. George > > Electronic & Computer Solutions, Inc. > > out_of_office counter - phillip@eacsi.com > > 1 x > > Subject: OUT OF OFFICE - Re: Re: Who does RBL checks - MailScanner or SpamAssassin? > > 1 x > Subject: OUT OF OFFICE - Re: Re: sendmail refuses to use /var/spool/mqueue.in > > *chuckle* I usually send Jules a mail (off-list) asking him to temporarily suspend this type of ....---...:-) Going way off topic, one can wonder what they all are thinking (or not) when they set up OoO/vacation so that it can send this type of non-information outside their organization... Mailbox delegations would be the natural thing to do, not this. And why they think it OK to send such things to mailing lists... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Wed Jun 14 10:18:25 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 14 10:19:22 2006 Subject: Sophos SAVI In-Reply-To: <20060613205304.GA1431@mew.kcbbs.gen.nz> References: <050c01c68e3a$0d1b5420$88c5c657@arthur> <20060613052907.GA1172@mew.kcbbs.gen.nz> <53A206F2-35D0-4E3A-B927-1D8F818F69A3@ecs.soton.ac.uk> <20060613205304.GA1431@mew.kcbbs.gen.nz> Message-ID: <5E1CB5F5-9707-4A07-8D12-516FD685FAD5@ecs.soton.ac.uk> You will still have to install the perl-SAVI module if that's what you want to use. Do that after installing Sophos itself. I haven't tried this myself, would be interested to hear your progress. On 13 Jun 2006, at 21:53, Hendrik den Hartog wrote: > appreciate the reply, > > Sheeze, is that *all?*. Back in the olden days you had to add lines > to the > perl-SAVI configure file while installing perl-SAVI. > > Those were the instructions I was after /or/ have these been > superceded? > > Thanks > Cheers! > Hden > > > > On Tue, Jun 13, 2006 at 08:54:55AM +0100, Julian Field wrote: >> >> On 13 Jun 2006, at 06:29, Hendrik den Hartog wrote: >> >>> We need to rebuild our Server. Can someone please point out the >>> path to the [new[ location of the DOCS that explain how to install/ >>> use sophos SAVI with Mailscanner. >> >> Download and unpack the Sophos distribution. Then run >> "Sophos.install". >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From shuttlebox at gmail.com Wed Jun 14 10:23:37 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Jun 14 10:23:40 2006 Subject: Startup script question In-Reply-To: <448F8024.7060908@mydream.com.hk> References: <448F8024.7060908@mydream.com.hk> Message-ID: <625385e30606140223y1421a9b3u55f44c6764361946@mail.gmail.com> On 6/14/06, Levin wrote: > Hi, > > My mailbox running a sendmail MTA as a relay-only gateway, I setup a > mailscanner up and run, however I found out that if it state > DeliveryMode=queueonly in /etc/rc.d/init.d/MailScanner script, all > incoming from from otherworld will stuck into /var/spool/mqueue.in and > not go anywhere, also /var/log/maillog show the mail was queued NOT > sent, so I modify it to DeliveryMode=background, it seems work... but I > don't know anything wrong, would you please describe a little bit my > statement? This page describes well what needs to be done with Sendmail. http://mailscanner.info/sendmail.html The main thing is that the listening Sendmail process does not deliver, instead MailScanner intercepts the message in the incoming queue and when it has processed it it places it in the outgoing queue where the other (delivering) Sendmail process takes care of it and sends it on its way. -- /peter From levin at mydream.com.hk Wed Jun 14 11:32:53 2006 From: levin at mydream.com.hk (Levin) Date: Wed Jun 14 11:32:09 2006 Subject: Startup script question In-Reply-To: <625385e30606140223y1421a9b3u55f44c6764361946@mail.gmail.com> References: <448F8024.7060908@mydream.com.hk> <625385e30606140223y1421a9b3u55f44c6764361946@mail.gmail.com> Message-ID: <448FE5D5.8070103@mydream.com.hk> shuttlebox wrote: > On 6/14/06, Levin wrote: >> Hi, >> >> My mailbox running a sendmail MTA as a relay-only gateway, I setup a >> mailscanner up and run, however I found out that if it state >> DeliveryMode=queueonly in /etc/rc.d/init.d/MailScanner script, all >> incoming from from otherworld will stuck into /var/spool/mqueue.in and >> not go anywhere, also /var/log/maillog show the mail was queued NOT >> sent, so I modify it to DeliveryMode=background, it seems work... but I >> don't know anything wrong, would you please describe a little bit my >> statement? > > This page describes well what needs to be done with Sendmail. > > http://mailscanner.info/sendmail.html > > The main thing is that the listening Sendmail process does not > deliver, instead MailScanner intercepts the message in the incoming > queue and when it has processed it it places it in the outgoing queue > where the other (delivering) Sendmail process takes care of it and > sends it on its way. Thanks, so if the DeliveryMode=background, will MailScanner/sendmail bypassed any detection process? From gmatt at nerc.ac.uk Wed Jun 14 12:33:08 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Wed Jun 14 12:33:24 2006 Subject: MailScanner setup script In-Reply-To: <448E611F.B662.0038.0@tac.esi.net> References: <448D90BF.B662.0038.0@tac.esi.net> <448DF602.9020708@blacknight.ie> <448DC1CE.B662.0038.0@tac.esi.net> <448E7DA1.30905@nerc.ac.uk> <448E611F.B662.0038.0@tac.esi.net> Message-ID: <448FF3F4.8080504@nerc.ac.uk> Chris Hammond wrote: > Mine were not initially. The last two are but I never changed the > script. I just turned it back on on those two machines. It is > definately vital when software raid is in place, maybe a check for > the presence of raid partitions would be in order. I think you'll find that mdmonitor does nothing at all in the case of no software raid so it is safe to leave it as it is. G > > Chris > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From Peter.Bates at lshtm.ac.uk Wed Jun 14 14:18:12 2006 From: Peter.Bates at lshtm.ac.uk (Peter Bates) Date: Wed Jun 14 14:23:55 2006 Subject: SpamAssassin plugins Message-ID: <44901AA4020000760000575B@193.63.251.15> Hello all... More of an SA question, I guess, but just thought I'd ask for people's opinions. I've just upgraded to SA 3.1.3 and was then looking at init.pre, and the v310.pre and v312.pre on my system. I've enabled things like Pyzor, Razor2 and DCC (the first two as they were enabled anyway, the last because I don't mind the licence problem at the moment). The ones I'm intrigued with are: RelayCountry Hashcash The former seems to be disabled in the SA 3.1.3 distribution (presumably because of the IP::Country::Fast Perl module requirement), the latter seems enabled in the 3.1.3 distribution, but turned off on my system. Has anyone tweaked these plugins with regard to speed, and additionally, has anyone tried or is using the DomainKeys plugins? Thanks. ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 From michele at blacknight.ie Wed Jun 14 14:12:29 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight Solutions) Date: Wed Jun 14 14:46:05 2006 Subject: OT: Setting Up DNSBL using RBLDNSD Message-ID: <034601c68fb4$31602e70$88c5c657@arthur> Has anyone any tips on doing this? I do not want to mirror existing data (I already am :) ) I want to setup my own DNSBL to catch the junk that the other DNSBLS miss.. The only tutorials / guides I've found either refer explicitly to Bind or make reference to rbldns-conf, which doesn't appear to exist on Ubuntu Any tips, thoughts or even flames are welcome TIA Michele Mr Michele Neylon Blacknight Solutions http://www.blacknight.ie/ http://blog.blacknight.ie/ Intl. +353 (0) 59 9183072 UK: 0870 163 0607 From mike at tc3net.com Wed Jun 14 15:29:09 2006 From: mike at tc3net.com (Michael Baird) Date: Wed Jun 14 15:24:47 2006 Subject: mailscanner archiving Message-ID: <1150295349.30141.7.camel@mike-new2.tc3net.com> Hello, I'm wanting to start utilizing MailScanner's archiving functionality, and trying to come up with a good way to do it. I have multiple incoming mx servers, which store mail to a centralized NFS store. I wanted to have all the mailservers archive to a directory on this NFS store, which works fine, however if I have them all archive to the same directory, each sendmail is capable of generating a duplicate name and will overwrite messages archived by the other servers. My question is, is it possible or could it be made possible for MailScanner to have some control over the queue file names, like a tag on each one which is related to the specific machine, ex. qfEAxxxxxmx1 qfEAxxxxxmx2 etc. If I can already do this with MailScanner or even in sendmail that would be great as well. Regards Michael Baird From steve.swaney at fsl.com Wed Jun 14 15:39:43 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Jun 14 15:39:46 2006 Subject: mailscanner archiving In-Reply-To: <1150295349.30141.7.camel@mike-new2.tc3net.com> Message-ID: <12b001c68fc0$604957f0$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Michael Baird > Sent: Wednesday, June 14, 2006 10:29 AM > To: mailscanner@lists.mailscanner.info > Subject: mailscanner archiving > > Hello, I'm wanting to start utilizing MailScanner's archiving > functionality, and trying to come up with a good way to do it. I have > multiple incoming mx servers, which store mail to a centralized NFS > store. I wanted to have all the mailservers archive to a directory on > this NFS store, which works fine, however if I have them all archive to > the same directory, each sendmail is capable of generating a duplicate > name and will overwrite messages archived by the other servers. > > My question is, is it possible or could it be made possible for > MailScanner to have some control over the queue file names, like a tag > on each one which is related to the specific machine, ex. qfEAxxxxxmx1 > qfEAxxxxxmx2 etc. If I can already do this with MailScanner or even in > sendmail that would be great as well. I think that the chance sendmail, even on different systems, will generate duplicate message ID's is very, very small so you shouldn't have a problem. > > Regards > Michael Baird Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From ka at pacific.net Wed Jun 14 15:57:07 2006 From: ka at pacific.net (Ken A) Date: Wed Jun 14 15:57:04 2006 Subject: OT: Setting Up DNSBL using RBLDNSD In-Reply-To: <034601c68fb4$31602e70$88c5c657@arthur> References: <034601c68fb4$31602e70$88c5c657@arthur> Message-ID: <449023C3.4030602@pacific.net> look in /etc/default/rbldnsd or /etc/sysconfig/rbldnsd There's got to be a config file if you are running rbldnsd. Ken Pacific.Net Michele Neylon :: Blacknight Solutions wrote: > Has anyone any tips on doing this? > > I do not want to mirror existing data (I already am :) ) > > I want to setup my own DNSBL to catch the junk that the other DNSBLS miss.. > > The only tutorials / guides I've found either refer explicitly to Bind or > make reference to rbldns-conf, which doesn't appear to exist on Ubuntu > > Any tips, thoughts or even flames are welcome > > TIA > > Michele > > Mr Michele Neylon > Blacknight Solutions > http://www.blacknight.ie/ > http://blog.blacknight.ie/ > Intl. +353 (0) 59 9183072 > UK: 0870 163 0607 > From bpumphrey at woodmclaw.com Wed Jun 14 16:07:03 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Wed Jun 14 16:07:06 2006 Subject: OT: Setting Up DNSBL using RBLDNSD Message-ID: <04D932B0071FE34FA63EBB1977B48D1501429DB5@woodenex.woodmaclaw.local> Test Please ignore From MailScanner at ecs.soton.ac.uk Wed Jun 14 16:31:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 14 16:31:38 2006 Subject: Startup script question In-Reply-To: <448FE5D5.8070103@mydream.com.hk> References: <448F8024.7060908@mydream.com.hk> <625385e30606140223y1421a9b3u55f44c6764361946@mail.gmail.com> <448FE5D5.8070103@mydream.com.hk> Message-ID: <941D5492-FE43-443F-88A0-210F5EC6C6C4@ecs.soton.ac.uk> On 14 Jun 2006, at 11:32, Levin wrote: > shuttlebox wrote: >> On 6/14/06, Levin wrote: >>> Hi, >>> >>> My mailbox running a sendmail MTA as a relay-only gateway, I setup a >>> mailscanner up and run, however I found out that if it state >>> DeliveryMode=queueonly in /etc/rc.d/init.d/MailScanner script, all >>> incoming from from otherworld will stuck into /var/spool/ >>> mqueue.in and >>> not go anywhere, also /var/log/maillog show the mail was queued NOT >>> sent, so I modify it to DeliveryMode=background, it seems work... >>> but I >>> don't know anything wrong, would you please describe a little bit my >>> statement? >> >> This page describes well what needs to be done with Sendmail. >> >> http://mailscanner.info/sendmail.html >> >> The main thing is that the listening Sendmail process does not >> deliver, instead MailScanner intercepts the message in the incoming >> queue and when it has processed it it places it in the outgoing queue >> where the other (delivering) Sendmail process takes care of it and >> sends it on its way. > Thanks, so if the DeliveryMode=background, will MailScanner/ > sendmail bypassed any detection process? No, the default sendmail command to start the incoming sendmail process is $SENDMAIL -bd -OPrivacyOptions=noetrn \ -ODeliveryMode=queueonly \ -OQueueDirectory=$INQDIR \ -OPidFile=$INPID It's the 'DeliveryMode' setting which controls what it is going to do, as you can see above. But if you omit this setting, then MailScanner will be totally bypassed. But don't take my word as gospel! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From bpumphrey at woodmclaw.com Wed Jun 14 16:43:56 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Wed Jun 14 16:44:00 2006 Subject: Spamassassin errors all of a sudden Message-ID: <04D932B0071FE34FA63EBB1977B48D1501429DFA@woodenex.woodmaclaw.local> My Rules_De_jour pointed it out to me, that I am getting some errors. I have attached the lint test so that the formatting will look better. The only thing that I have done is changed the IP address information a few times in the last few months or so. DNS is working and it can get to the internet. I would not have thought that would have had an impact on the errors. There are some weird formatting stuff in it still thought. Noted errors are: ... well too many. There are 141 errors in there. Please take a look and see if there is something obvious that I cannot see. I got fairly familiar with the MailScanner/spamassassin system, but with my knowledge the only thing that I can think of is to upgrade but I want to wait and see if that is the best thing to do. -------------- next part -------------- debug: SpamAssassin version 3.0.6 debug: Score set 0 chosen. debug: running in taint mode? yes debug: Running in taint mode, removing unsafe env vars, and resetting PATH debug: PATH included '/usr/kerberos/sbin', keeping. debug: PATH included '/usr/kerberos/bin', keeping. debug: PATH included '/usr/local/sbin', keeping. debug: PATH included '/usr/local/bin', keeping. debug: PATH included '/sbin', keeping. debug: PATH included '/bin', keeping. debug: PATH included '/usr/sbin', keeping. debug: PATH included '/usr/bin', keeping. debug: PATH included '/usr/X11R6/bin', keeping. debug: PATH included '/root/bin', which doesn't exist, dropping. debug: Final PATH set to: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin debug: diag: module installed: DBI, version 1.50 debug: diag: module installed: DB_File, version 1.809 debug: diag: module installed: Digest::SHA1, version 2.07 debug: diag: module installed: IO::Socket::UNIX, version 1.21 debug: diag: module installed: MIME::Base64, version 3.01 debug: diag: module installed: Net::DNS, version 0.48 debug: diag: module installed: Net::LDAP, version 0.31 debug: diag: module installed: Razor2::Client::Agent, version 2.80 debug: diag: module installed: Storable, version 2.13 debug: diag: module installed: URI, version 1.30 debug: ignore: using a test message to lint rules debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre debug: config: read file /etc/mail/spamassassin/init.pre debug: using "/usr/share/spamassassin" for default rules dir debug: config: read file /usr/share/spamassassin/10_misc.cf debug: config: read file /usr/share/spamassassin/20_advance_fee.cf debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf debug: config: read file /usr/share/spamassassin/20_body_tests.cf debug: config: read file /usr/share/spamassassin/20_compensate.cf debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf debug: config: read file /usr/share/spamassassin/20_drugs.cf debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf debug: config: read file /usr/share/spamassassin/20_head_tests.cf debug: config: read file /usr/share/spamassassin/20_html_tests.cf debug: config: read file /usr/share/spamassassin/20_meta_tests.cf debug: config: read file /usr/share/spamassassin/20_net_tests.cf debug: config: read file /usr/share/spamassassin/20_phrases.cf debug: config: read file /usr/share/spamassassin/20_porn.cf debug: config: read file /usr/share/spamassassin/20_ratware.cf debug: config: read file /usr/share/spamassassin/20_uri_tests.cf debug: config: read file /usr/share/spamassassin/23_bayes.cf debug: config: read file /usr/share/spamassassin/25_accessdb.cf debug: config: read file /usr/share/spamassassin/25_antivirus.cf debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf debug: config: read file /usr/share/spamassassin/25_body_tests_pl.cf debug: config: read file /usr/share/spamassassin/25_dcc.cf debug: config: read file /usr/share/spamassassin/25_domainkeys.cf debug: config: read file /usr/share/spamassassin/25_hashcash.cf debug: config: read file /usr/share/spamassassin/25_pyzor.cf debug: config: read file /usr/share/spamassassin/25_razor2.cf debug: config: read file /usr/share/spamassassin/25_replace.cf debug: config: read file /usr/share/spamassassin/25_spf.cf debug: config: read file /usr/share/spamassassin/25_textcat.cf debug: config: read file /usr/share/spamassassin/25_uribl.cf debug: config: read file /usr/share/spamassassin/30_text_de.cf debug: config: read file /usr/share/spamassassin/30_text_fr.cf debug: config: read file /usr/share/spamassassin/30_text_it.cf debug: config: read file /usr/share/spamassassin/30_text_nl.cf debug: config: read file /usr/share/spamassassin/30_text_pl.cf debug: config: read file /usr/share/spamassassin/30_text_pt_br.cf debug: config: read file /usr/share/spamassassin/50_scores.cf debug: config: read file /usr/share/spamassassin/60_awl.cf debug: config: read file /usr/share/spamassassin/60_whitelist.cf debug: config: read file /usr/share/spamassassin/60_whitelist_spf.cf debug: config: read file /usr/share/spamassassin/60_whitelist_subject.cf debug: using "/etc/mail/spamassassin" for site rules dir debug: config: read file /etc/mail/spamassassin/70_sare_adult.cf debug: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf debug: config: read file /etc/mail/spamassassin/70_sare_evilnum2.cf debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj0.cf debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj1.cf debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj2.cf debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj3.cf debug: config: read file /etc/mail/spamassassin/70_sare_html0.cf debug: config: read file /etc/mail/spamassassin/70_sare_html1.cf debug: config: read file /etc/mail/spamassassin/70_sare_html2.cf debug: config: read file /etc/mail/spamassassin/70_sare_html3.cf debug: config: read file /etc/mail/spamassassin/70_sare_obfu.cf debug: config: read file /etc/mail/spamassassin/70_sare_oem.cf debug: config: read file /etc/mail/spamassassin/70_sare_random.cf debug: config: read file /etc/mail/spamassassin/70_sare_specific.cf debug: config: read file /etc/mail/spamassassin/70_sare_spoof.cf debug: config: read file /etc/mail/spamassassin/70_sare_stocks.cf debug: config: read file /etc/mail/spamassassin/70_sare_unsub.cf debug: config: read file /etc/mail/spamassassin/70_sare_uri0.cf debug: config: read file /etc/mail/spamassassin/70_sare_uri1.cf debug: config: read file /etc/mail/spamassassin/70_sare_uri3.cf debug: config: read file /etc/mail/spamassassin/70_sare_whitelist_rcvd.cf debug: config: read file /etc/mail/spamassassin/70_sare_whitelist_spf.cf debug: config: read file /etc/mail/spamassassin/70_sc_top200.cf debug: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf debug: config: read file /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf debug: config: read file /etc/mail/spamassassin/88_FVGT_body.cf debug: config: read file /etc/mail/spamassassin/88_FVGT_headers.cf debug: config: read file /etc/mail/spamassassin/88_FVGT_rawbody.cf debug: config: read file /etc/mail/spamassassin/88_FVGT_subject.cf debug: config: read file /etc/mail/spamassassin/88_FVGT_uri.cf debug: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf debug: config: read file /etc/mail/spamassassin/antidrug.cf debug: config: read file /etc/mail/spamassassin/backhair.cf debug: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf debug: config: read file /etc/mail/spamassassin/chickenpox.cf debug: config: read file /etc/mail/spamassassin/local.cf debug: config: read file /etc/mail/spamassassin/mangled.cf debug: config: read file /etc/mail/spamassassin/tripwire.cf debug: config: read file /etc/mail/spamassassin/weeds.cf debug: using "/root/.spamassassin" for user state dir debug: using "/etc/MailScanner/spam.assassin.conf.prefs" for user prefs file debug: config: read file /etc/MailScanner/spam.assassin.conf.prefs debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9d318cc) debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9d14cf8) debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x9d73a8c) configuration file "/usr/share/spamassassin/20_advance_fee.cf" requires version 3.001001 of SpamAssassin, but this is code version 3.000006. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 332. configuration file "/usr/share/spamassassin/20_net_tests.cf" requires version 3.001001 of SpamAssassin, but this is code version 3.000006. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 332. debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9d318cc) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9d14cf8) implements 'parse_config' config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@nytimes.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@amazon.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@*.amazon.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@amazon.co.uk config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@*.amazon.co.uk config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@ora.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@*.ora.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@bn.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@mypoints.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@*.mypoints.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@paypal.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@ebay.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@foolsubs.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@match.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@walmart.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@securityfocus.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@mediaunspun.imakenews.net config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@bdcimail.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@silicon.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@newsletter.online.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@enews.buy.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@palm.m0.net config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@handspring.4at1.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf calmt@calmt.pmail.biz config: SpamAssassin failed to parse line, skipping: whitelist_from_spf allstate@allstate.rsc01.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf Documents@compliance.advancedclearing.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@CardMemberServices.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@CardMemberServices.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf CardMemberServices@reply.bankone.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@cardmemberservices.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf BankOne@notify.bankone.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf TheFinancialTeam@BankOne.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@capitalone.bfi0.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@alerts.Chase.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@discovernetwork.bfi0.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@Equifax-mail.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@fidelity2.m0.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@e.fidelity.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf fidelityinvestments@fulfillmentconcepts.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf fnbo@ProcessRequest.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@ebusiness.orchardbank.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf feedback@shps.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf 1800USBanks@usbank-email.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf DoNotReply@cems.wamu.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf eNews@wamu.m0.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@wellsfargo.m0.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf info@govdelivery.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@insurance.ca.gov config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@newsletter.myabout.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf scomp@aol.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf auto-confirm@amazon.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf order-update@amazon.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf dailyhoroscope@astrology.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf faxwave_service@callwave.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf mycheckfree@customercenter.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf inbound@coupons.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf savedsearches@ebay.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf feedblitz@mail.feedblitz.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf support@godaddy.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf message@inbound.efax.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf message@inbound.efax.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf newsletter@codeproject.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf googlealerts-noreply@google.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf accounts-noreply@google.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf adwords-noreply@google.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf raogk@raogk.org config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@topsecretrecipes.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf weekly@astrocenter.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf billing@vonage.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf sirius@sirius.01o.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@jeld-wen.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf los_angeles_times@email.latimes.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf nytdirect@nytimes.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf eupdate@wsvn.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf bounce*@mobilizemail.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@e.alsto.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@e.ambrosiawine.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@yahoo.americangreetings.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf customer_service@AnniesAttic.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf service@barnesandnoble.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf store17@bevmo.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@crateandbarrel.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@dell.m0.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf US_DFS_BSD_AUTODOC@dell.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf dsb@dell.delivery.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf US_ACS_Team_1@dell.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@disney-direct.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@drugstore.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@email.800-flowers.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@hallmark.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@hplearningcenter.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@e.homefocuscatalog.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@thehomemarketplace.emsg.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@e.improvementscatalog.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf lillianvernon@lillianvernon.i.delivery.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@mileskimball.emsg.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf Music123@email.music123.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@nokia.bfi0.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@officedepot.rsc01.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf Itinerary@production.priceline.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf Orders@RochesterClothing.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf educationts@message.scholastic.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@e.staples-deals.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@e.staples-deals.ca config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@staples.links-info.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@target.bfi0.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf auto-acknowledge@target.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf support@reply.ticketmaster.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf support@reply.ticketmaster.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@walmart.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf reminder@mail.walgreens.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf WalgreensCustomerService@mail.walgreens.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf customerservice@mail.walgreens.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf walterdrake@s2u2.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@wdrake.emsg.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf Williams-Sonoma@service.williams-sonoma.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@about.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@apcc.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf info@cds.nl config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@digitalriver.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf reply-*@nl.internet.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf Wayport*@postsnet.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@taxact.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf VMware@vmware.rsc02.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf AAA*@ProcessRequest.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@alaskaair.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf Notifications@AlaskaAir.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@2flyawa.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf newsletter@bestwesternnews.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@choicehotels.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@coair.rsc01.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf mail@jetblueconnect.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf trueblue@jetblueconnect.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@marriott.m0.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf ebreaks@marriott.delivery.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf tcy@travelocity.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@lists.osr.com debug: using "/root/.spamassassin" for user state dir debug: bayes: 25362 tie-ing to DB file R/O /root/.spamassassin/bayes_toks debug: bayes: 25362 tie-ing to DB file R/O /root/.spamassassin/bayes_seen debug: bayes: found bayes db version 3 debug: using "/root/.spamassassin" for user state dir debug: Score set 3 chosen. debug: ---- MIME PARSER START ---- debug: main message type: text/plain debug: parsing normal part debug: added part, type: text/plain debug: ---- MIME PARSER END ---- debug: metadata: X-Spam-Relays-Trusted: debug: metadata: X-Spam-Relays-Untrusted: debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9d318cc) implements 'parsed_metadata' debug: is Net::DNS::Resolver available? yes debug: Net::DNS version: 0.48 debug: trying (3) cingular.com... debug: looking up NS for 'cingular.com' debug: NS lookup of cingular.com failed horribly => Perhaps your resolv.conf isn't pointing at a valid server? debug: All NS queries failed => DNS unavailable (set dns_available to override) debug: is DNS available? 0 debug: decoding: no encoding detected debug: Running tests for priority: 0 debug: running header regexp tests; score so far=0 debug: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9d14cf8)) debug: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x9d73a8c)) debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org debug: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9d14cf8)) debug: all '*To' addrs: debug: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x9d73a8c)) debug: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x9d73a8c)) debug: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x9d73a8c)) debug: no method found for eval test check_for_matching_env_and_hdr_from Failed to run __ENV_AND_HDR_FROM_MATCH SpamAssassin test, skipping: (Can't locate object method "check_for_matching_env_and_hdr_from" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2341. ) debug: no method found for eval test check_for_def_spf_whitelist_from Failed to run USER_IN_DEF_SPF_WL SpamAssassin test, skipping: (Can't locate object method "check_for_def_spf_whitelist_from" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2341. ) debug: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x9d73a8c)) debug: registering glue method for check_for_spf_helo_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x9d73a8c)) debug: no method found for eval test check_for_spf_whitelist_from Failed to run USER_IN_SPF_WHITELIST SpamAssassin test, skipping: (Can't locate object method "check_for_spf_whitelist_from" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2341. ) debug: running body-text per-line regexp tests; score so far=0.125 debug: running uri tests; score so far=0.125 debug: bayes corpus size: nspam = 51080, nham = 47486 debug: tokenize: header tokens for *F = "U*ignore D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org D*org" debug: tokenize: header tokens for *m = " 1150294486 lint_rules " debug: tokenize: header tokens for *RT = " " debug: tokenize: header tokens for *RU = " " debug: bayes token 'H*Ad:D*org' => 0.0095864495619069 debug: bayes: score = 0.245677505364522 debug: bayes: 25362 untie-ing debug: bayes: 25362 untie-ing db_toks debug: bayes: 25362 untie-ing db_seen debug: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9d318cc)) debug: Razor2 is available debug: entering helper-app run mode Razor-Log: Computed razorhome from env: /root/.razor Razor-Log: Found razorhome: /root/.razor Razor-Log: read_file: 15 items read from /root/.razor/razor-agent.conf Jun 14 10:14:50.177447 check[25362]: [ 2] [bootup] Logging initiated LogDebugLevel=9 to stdout Jun 14 10:14:50.177853 check[25362]: [ 5] computed razorhome=/root/.razor, conf=/root/.razor/razor-agent.conf, ident=/root/.razor/identity-foo Jun 14 10:14:50.178039 check[25362]: [ 8] Client supported_engines: 4 8 Jun 14 10:14:50.178392 check[25362]: [ 8] prep_mail done: mail 1 headers=93, mime0=1376 Jun 14 10:14:50.178666 check[25362]: [ 5] read_file: 1 items read from /root/.razor/servers.discovery.lst Jun 14 10:14:50.178935 check[25362]: [ 5] read_file: 2 items read from /root/.razor/servers.nomination.lst Jun 14 10:14:50.179228 check[25362]: [ 5] read_file: 2 items read from /root/.razor/servers.catalogue.lst Jun 14 10:14:50.179566 check[25362]: [ 9] Assigning defaults to joy.cloudmark.com Jun 14 10:14:50.179765 check[25362]: [ 9] Assigning defaults to folly.cloudmark.com Jun 14 10:14:50.179945 check[25362]: [ 9] Assigning defaults to shock.cloudmark.com Jun 14 10:14:50.180134 check[25362]: [ 9] Assigning defaults to c101.cloudmark.com Jun 14 10:14:50.180889 check[25362]: [ 5] read_file: 16 items read from /root/.razor/server.joy.cloudmark.com.conf Jun 14 10:14:50.181398 check[25362]: [ 5] read_file: 16 items read from /root/.razor/server.joy.cloudmark.com.conf Jun 14 10:14:50.181986 check[25362]: [ 5] read_file: 19 items read from /root/.razor/server.c101.cloudmark.com.conf Jun 14 10:14:50.182544 check[25362]: [ 5] read_file: 19 items read from /root/.razor/server.c101.cloudmark.com.conf Jun 14 10:14:50.183158 check[25362]: [ 5] read_file: 19 items read from /root/.razor/server.shock.cloudmark.com.conf Jun 14 10:14:50.183726 check[25362]: [ 5] read_file: 19 items read from /root/.razor/server.shock.cloudmark.com.conf Jun 14 10:14:50.184274 check[25362]: [ 5] read_file: 17 items read from /root/.razor/server.folly.cloudmark.com.conf Jun 14 10:14:50.184797 check[25362]: [ 5] read_file: 17 items read from /root/.razor/server.folly.cloudmark.com.conf Jun 14 10:14:50.184983 check[25362]: [ 5] 111503 seconds before closest server discovery Jun 14 10:14:50.185162 check[25362]: [ 6] shock.cloudmark.com is a Catalogue Server srl 5095; computed min_cf=21, Server se: C8 Jun 14 10:14:50.185354 check[25362]: [ 8] Computed supported_engines: 4 8 Jun 14 10:14:50.185506 check[25362]: [ 8] Using next closest server shock.cloudmark.com:2703, cached info srl 5095 Jun 14 10:14:50.185628 check[25362]: [ 8] mail 1 has no subject Jun 14 10:14:50.186015 check[25362]: [ 6] preproc: mail 1.0 went from 1376 bytes to 1339 Jun 14 10:14:50.186152 check[25362]: [ 6] computing sigs for mail 1.0, len 1339 Jun 14 10:14:50.187967 check[25362]: [ 6] Engine (8) didn't produce a signature for mail 1.0 Jun 14 10:14:50.188145 check[25362]: [ 6] skipping whitelist file (empty?): /root/.razor/razor-whitelist Jun 14 10:14:50.188279 check[25362]: [ 5] Connecting to shock.cloudmark.com ... Jun 14 10:14:50.974772 check[25362]: [ 8] Connection established Jun 14 10:14:50.974983 check[25362]: [ 4] shock.cloudmark.com >> 36 server greeting: sn=C&srl=5095&a=l&a=cg&ep4=7542-10Jun 14 10:14:50.975438 check[25362]: [ 4] shock.cloudmark.com << 25 Jun 14 10:14:50.975534 check[25362]: [ 6] cn=razor-agents&cv=2.80Jun 14 10:14:50.975773 check[25362]: [ 6] shock.cloudmark.com is a Catalogue Server srl 5095; computed min_cf=21, Server se: C8 Jun 14 10:14:50.975991 check[25362]: [ 8] Computed supported_engines: 4 8 Jun 14 10:14:50.976157 check[25362]: [ 8] mail 1.0 e4 sig: xFaZIZUVHk90OQfARnenjx5BZTMA Jun 14 10:14:50.976314 check[25362]: [ 5] mail 1.0 e8 got no sig Jun 14 10:14:50.976444 check[25362]: [ 8] preparing 1 queries Jun 14 10:14:50.976660 check[25362]: [ 8] sending 1 batches Jun 14 10:14:50.976822 check[25362]: [ 4] shock.cloudmark.com << 52 Jun 14 10:14:50.976909 check[25362]: [ 6] a=c&e=4&ep4=7542-10&s=xFaZIZUVHk90OQfARnenjx5BZTMAJun 14 10:14:51.654623 check[25362]: [ 4] shock.cloudmark.com >> 5 Jun 14 10:14:51.654771 check[25362]: [ 6] response to sent.2 p=0Jun 14 10:14:51.655205 check[25362]: [ 6] mail 1.0 e=4 sig=xFaZIZUVHk90OQfARnenjx5BZTMA: sig not found. Jun 14 10:14:51.655331 check[25362]: [ 7] method 4: mail 1.0: no-contention part, spam=0 Jun 14 10:14:51.655425 check[25362]: [ 7] method 4: mail 1: all non-contention parts not spam, mail not spam Jun 14 10:14:51.655523 check[25362]: [ 3] mail 1 is not known spam. Jun 14 10:14:51.655632 check[25362]: [ 5] disconnecting from server shock.cloudmark.com Jun 14 10:14:51.655799 check[25362]: [ 4] shock.cloudmark.com << 5 Jun 14 10:14:51.655885 check[25362]: [ 6] a=qdebug: Using results from Razor v2.80 debug: Found Razor2 part: part=0 engine=4 ct=0 cf=0 debug: leaving helper-app run mode debug: Razor2 results: spam? 0 highest cf score: 0 debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9d318cc) implements 'check_tick' debug: running raw-body-text per-line regexp tests; score so far=-0.971 debug: running full-text regexp tests; score so far=-0.971 debug: Razor2 is available debug: Current PATH is: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin debug: executable for pyzor was found at /usr/bin/pyzor debug: Pyzor is available: /usr/bin/pyzor debug: entering helper-app run mode debug: setuid: helper proc 25365: ruid=0 euid=0 debug: Pyzor: got response: 66.250.40.33:24441 TimeoutError: debug: leaving helper-app run mode debug: Pyzor: couldn't grok response "66.250.40.33:24441 TimeoutError: " debug: DCCifd is not available: no r/w dccifd socket found. debug: executable for dccproc was found at /usr/local/bin/dccproc debug: DCC is available: /usr/local/bin/dccproc debug: entering helper-app run mode debug: setuid: helper proc 25370: ruid=0 euid=0 debug: DCC: got response: X-DCC-EATSERVER-Metrics: WoodenMS2.woodmaclaw.local 1166; Body=72379 Fuz1=94572 Fuz2=746022 debug: leaving helper-app run mode debug: Running tests for priority: 500 debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9d318cc) implements 'check_post_dnsbl' debug: running meta tests; score so far=-0.971 debug: running header regexp tests; score so far=0.254 debug: running body-text per-line regexp tests; score so far=0.254 debug: running uri tests; score so far=0.254 debug: running raw-body-text per-line regexp tests; score so far=0.254 debug: running full-text regexp tests; score so far=0.254 debug: Running tests for priority: 1000 debug: running meta tests; score so far=0.254 debug: running header regexp tests; score so far=0.254 debug: using "/root/.spamassassin" for user state dir debug: lock: 25362 created /root/.spamassassin/auto-whitelist.lock.WoodenMS2.woodmaclaw.local.25362 debug: lock: 25362 trying to get lock on /root/.spamassassin/auto-whitelist with 0 retries debug: lock: 25362 link to /root/.spamassassin/auto-whitelist.lock: link ok debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist debug: auto-whitelist (db-based): ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 debug: AWL active, pre-score: 0.254, autolearn score: 0.254, mean: undef, IP: undef debug: DB addr list: untie-ing and unlocking. debug: DB addr list: file locked, breaking lock. debug: unlock: 25362 unlink /root/.spamassassin/auto-whitelist.lock debug: Post AWL score: 0.254 debug: running body-text per-line regexp tests; score so far=0.254 debug: running uri tests; score so far=0.254 debug: running raw-body-text per-line regexp tests; score so far=0.254 debug: running full-text regexp tests; score so far=0.254 debug: is spam? score=0.254 required=5 debug: tests=BAYES_40,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS debug: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__SARE_WHITELIST_FLAG,__UNUSABLE_MSGID lint: 142 issues detected. please rerun with debug enabled for more information. ]0;root@WoodenMS2:~[root@WoodenMS2 ~]# [root@WoodenMS2 ~]# [root@WoodenMS2 ~]# cd /usr/share/spamassassin ]0;root@WoodenMS2:/usr/share/spamassassin[root@WoodenMS2 spamassassin]# dir 10_misc.cf 20_uri_tests.cf 30_text_de.cf 20_advance_fee.cf 23_bayes.cf 30_text_fr.cf 20_anti_ratware.cf 25_accessdb.cf 30_text_it.cf 20_body_tests.cf 25_antivirus.cf 30_text_nl.cf 20_compensate.cf 25_body_tests_es.cf 30_text_pl.cf 20_dnsbl_tests.cf 25_body_tests_pl.cf 30_text_pt_br.cf 20_drugs.cf 25_dcc.cf 50_scores.cf 20_fake_helo_tests.cf 25_domainkeys.cf 60_awl.cf 20_head_tests.cf 25_hashcash.cf 60_whitelist.cf 20_html_tests.cf 25_pyzor.cf 60_whitelist_spf.cf 20_meta_tests.cf 25_razor2.cf 60_whitelist_subject.cf 20_net_tests.cf 25_replace.cf languages 20_phrases.cf 25_spf.cf sa-update-pubkey.txt 20_porn.cf 25_textcat.cf triplets.txt 20_ratware.cf 25_uribl.cf user_prefs.template ]0;root@WoodenMS2:/usr/share/spamassassin[root@WoodenMS2 spamassassin]# ls 10_misc.cf 20_uri_tests.cf 30_text_de.cf 20_advance_fee.cf 23_bayes.cf 30_text_fr.cf 20_anti_ratware.cf 25_accessdb.cf 30_text_it.cf 20_body_tests.cf 25_antivirus.cf 30_text_nl.cf 20_compensate.cf 25_body_tests_es.cf 30_text_pl.cf 20_dnsbl_tests.cf 25_body_tests_pl.cf 30_text_pt_br.cf 20_drugs.cf 25_dcc.cf 50_scores.cf 20_fake_helo_tests.cf 25_domainkeys.cf 60_awl.cf 20_head_tests.cf 25_hashcash.cf 60_whitelist.cf 20_html_tests.cf 25_pyzor.cf 60_whitelist_spf.cf 20_meta_tests.cf 25_razor2.cf 60_whitelist_subject.cf 20_net_tests.cf 25_replace.cf languages 20_phrases.cf 25_spf.cf sa-update-pubkey.txt 20_porn.cf 25_textcat.cf triplets.txt 20_ratware.cf 25_uribl.cf user_prefs.template From Olaf.Ohlenmacher at colt.net Wed Jun 14 18:26:23 2006 From: Olaf.Ohlenmacher at colt.net (Ohlenmacher, Olaf) Date: Wed Jun 14 18:25:54 2006 Subject: Infected message slipped through -- curious warning message Message-ID: <08AD7B42A2698345BA90F9E33A46F2C4EC357E@ULPGCTMVMAI003.EU.COLT> Hello, our customer reported that he received an infected email. This email was scanned from MailScanner (Version 4.52.2 on RedHat EL ES 3) with Sophos and ClamAV (Version 0.88.2). This email was infected by "Worm.SomeFool.X-msg" (identified by ClamAV). I browsed through the logs and found a warning saying "Other Checks: Found 1 problems" for the ID of this email (see below). On this i looked for this warning and see it clutering my logs. So i suspect that many other viruses were not identified and email not desinfected. I looked through Changelog and the last two months of the mailing lists postings but found nothing that seems to be appropriate. Is this failure caused by a known bug or is it caused by configuration error? Help is appreciated! Any ideas?! Regards, Olf Logs for MailScanner Batch with 2 Emails: * k5C7P8Vo007635 (unidentified Worm.SomeFool.X-msg) and * k5C7P8P0007637 (identified W32/Zafi-B) --- schnipp --- Jun 12 09:25:16 jahrverl-li01 MailScanner[32026]: Message k5C7P8Vo007635 from 193.238.104.252 (wwwrun@server27.serverflex.de) to blinker.de is spam, spamcop.n et, SpamAssassin (score=-4.199, required 6, autolearn=not spam, ALL_TRUSTED -1.80, BAYES_00 -2.60, DNS_FROM_RFC_ABUSE 0.20) Jun 12 09:25:16 jahrverl-li01 MailScanner[32026]: SpamAssassin cache hit for message k5C7P8P0007637 Jun 12 09:25:16 jahrverl-li01 MailScanner[32026]: Spam Checks: Found 1 spam messages Jun 12 09:25:16 jahrverl-li01 MailScanner[32026]: Spam Actions: message k5C7P8Vo007635 actions are deliver Jun 12 09:25:17 jahrverl-li01 MailScanner[32026]: Virus and Content Scanning: Starting Jun 12 09:25:19 jahrverl-li01 MailScanner[32026]: Virus Scanning: Sophos found 1 infections Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: /data/spool/MailScanner/incoming/32026/./k5C7P8P0007637/link.flashcard.d e.viewcard34.php.2672aB.pif: Worm.Za fi.B FOUND Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Virus Scanning: ClamAV found 1 infections Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Infected message k5C7P8P0007637 came from 195.56.241.94 Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Virus Scanning: Found 1 viruses Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Filename Checks: Possible MS-Dos program shortcut attack (k5C7P8P0007637 link.flashcard.de.viewcard34.php.26 72aB.pif)Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Other Checks: Found 1 problems Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Viruses marked as silent: Sophos: >>> Virus 'W32/Zafi-B' found in file ./k5C7P8P0007637/link.flashcard.de.vi ewcard34.php.2672aB.pif,ClamAV: link.flashcard.de.viewcard34.php.2672aB.pif contains Worm.Zafi.B Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Uninfected: Delivered 1 messages Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Silent: Delivered 1 messages containing silent viruses Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Notices: Warned about 1 messages Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Batch (2 messages) processed in 10.09 seconds --- schnapp --- ************************************************************************************* The message is intended for the named addressee only and may not be disclosed to or used by anyone else, nor may it be copied in any way. The contents of this message and its attachments are confidential and may also be subject to legal privilege. If you are not the named addressee and/or have received this message in error, please advise us by e-mailing security@colt.net and delete the message and any attachments without retaining any copies. Internet communications are not secure and COLT does not accept responsibility for this message, its contents nor responsibility for any viruses. No contracts can be created or varied on behalf of COLT Telecommunications, its subsidiaries or affiliates ("COLT") and any other party by email Communications unless expressly agreed in writing with such other party. Please note that incoming emails will be automatically scanned to eliminate potential viruses and unsolicited promotional emails. For more information refer to www.colt.net or contact us on +44(0)20 7390 3900. From martelm at quark.vsc.edu Wed Jun 14 18:25:52 2006 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Wed Jun 14 18:26:05 2006 Subject: Spamassassin errors all of a sudden In-Reply-To: <04D932B0071FE34FA63EBB1977B48D1501429DFA@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D1501429DFA@woodenex.woodmaclaw.lo cal> Message-ID: --On June 14, 2006 11:43:56 AM -0400 "Billy A. Pumphrey" wrote: > ... well too many. There are 141 errors in there. Please take a look > and see if there is something obvious that I cannot see. I got fairly > familiar with the MailScanner/spamassassin system, but with my knowledge > the only thing that I can think of is to upgrade but I want to wait and > see if that is the best thing to do. Let's start with the simple things. :) What version of SA do you _think_ you are running ? The log you posted thinks you're running 3.0.6 . --> debug: SpamAssassin version 3.0.6 Then later we see these lines, that indicate these rules are for version 3.1.0 . My guess is that you have one version of SA installed in one place and another in somewhere else. configuration file "/usr/share/spamassassin/20_advance_fee.cf" requires version 3.001001 of SpamAssassin, but this is code version 3.000006. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 332. configuration file "/usr/share/spamassassin/20_net_tests.cf" requires version 3.001001 of SpamAssassin, but this is code version 3.000006. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 332. Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 From mikej at rogers.com Wed Jun 14 18:46:34 2006 From: mikej at rogers.com (Mike Jakubik) Date: Wed Jun 14 18:46:25 2006 Subject: New Sendmail security feature Message-ID: <44904B7A.4060200@rogers.com> Gentlemen, start your patches! (better yet switch to postfix :) http://security.freebsd.org/advisories/FreeBSD-SA-06:17.sendmail.asc From ssilva at sgvwater.com Wed Jun 14 18:54:30 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 14 18:55:51 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: <014c01c68a17$6242be60$3004010a@martinhlaptop> <4486A924.5090502@netmagicsolutions.com> Message-ID: John Rudd spake the following on 6/13/2006 7:25 PM: > > >> On Wed, 7 Jun 2006, Dhawal Doshy wrote: >>> >>> Most of us run servers that pretty much do serious work ;-).. to each >>> his/her way. You can use RBLs at: >>> >>> SpamAssassin: Best way to use RBLs as per my POV.. the bad part being >>> that mails originating from ROKSO (spamhaus) are accepted and then >>> tagged. > > Sorry to reply to this so late, but, IMO, the best way to use RBLs is: > > a) do SBL and XBL at the MTA, so that you're NOT accepting ROKSO > originating emails. > > b) use those RBLs, plus any others you want to (RFC-Ignorant, etc.) in > Spam Assassin to mark messages. > > > Step a reduces your SA load, and completely rejects messages that you > can be better than 99% sure are spam. Step b lets you leverage RBLs to > help tag any other possible spam sources, but without outright rejecting > them. > > Exactly how I do it. But sbl+xbl seems to give more FP's in the eastern european and pacific rim areas. If you don't normally have contact with those regions, then this suggestion works well. I reject at least 50% of my load at the MTA. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Jun 14 19:14:33 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 14 19:15:08 2006 Subject: OUT OF OFFICE - Re: Re: sendmail refuses to use /var/spool/mqueue.in In-Reply-To: <223f97700606140217m1f7578bbr6a7b6133dbbeece9@mail.gmail.com> References: <20060614080503.14372.qmail@coruscant.stellardreams.com> <448FCBEA.7070809@gmx.de> <223f97700606140217m1f7578bbr6a7b6133dbbeece9@mail.gmail.com> Message-ID: Glenn Steen spake the following on 6/14/2006 2:17 AM: > On 14/06/06, shrek-m@gmx.de wrote: >> phillip@eacsi.com schrieb: >> > I'm out of the office until Friday or Monday. Please contact >> support@eacsi.com for assistance. >> > >> > Thanks, >> > Phillip T. George >> > Electronic & Computer Solutions, Inc. >> >> out_of_office counter - phillip@eacsi.com >> >> 1 x >> >> Subject: OUT OF OFFICE - Re: Re: Who does RBL checks - MailScanner or >> SpamAssassin? >> >> 1 x >> Subject: OUT OF OFFICE - Re: Re: sendmail refuses to use >> /var/spool/mqueue.in >> >> > > *chuckle* > I usually send Jules a mail (off-list) asking him to temporarily > suspend this type of ....---...:-) > > Going way off topic, one can wonder what they all are > thinking (or not) when they set up OoO/vacation so that it can send > this type of non-information outside their organization... Mailbox > delegations would be the natural thing to do, not this. And why they > think it OK to send such things to mailing lists... > When you are in IT, there are no vacations!!! Just a few days away from your desk. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ka at pacific.net Wed Jun 14 19:31:45 2006 From: ka at pacific.net (Ken A) Date: Wed Jun 14 19:31:41 2006 Subject: New Sendmail security feature In-Reply-To: <44904B7A.4060200@rogers.com> References: <44904B7A.4060200@rogers.com> Message-ID: <44905611.2000406@pacific.net> http://www.kb.cert.org/vuls/id/146718 "by limiting the maximum message size accepted by your server (via the sendmail MaxMessageSize option), you can eliminate the attack completely." Does anyone using sendmail NOT limit max message size you'll accept? Ken Pacific.Net Mike Jakubik wrote: > Gentlemen, start your patches! (better yet switch to postfix :) > > http://security.freebsd.org/advisories/FreeBSD-SA-06:17.sendmail.asc > > From ka at pacific.net Wed Jun 14 19:42:15 2006 From: ka at pacific.net (Ken A) Date: Wed Jun 14 19:42:04 2006 Subject: O.T. dnsbl milter users? Message-ID: <44905887.4050605@pacific.net> Anyone using this milter? http://www.five-ten-sg.com/dnsbl/ We currently use Richard Gooch's milter-dnsrbl, but it's a bit less flexible (and less complicated!) than this one looks to be. I'm curious about any experiences with this new one. Thanks, Ken A Pacific.Net From MailScanner at ecs.soton.ac.uk Wed Jun 14 19:47:06 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 14 19:47:24 2006 Subject: Infected message slipped through -- curious warning message In-Reply-To: <08AD7B42A2698345BA90F9E33A46F2C4EC357E@ULPGCTMVMAI003.EU.COLT> References: <08AD7B42A2698345BA90F9E33A46F2C4EC357E@ULPGCTMVMAI003.EU.COLT> Message-ID: <449059AA.6050306@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Please can you upgrade to the latest version and re-test. I haven't had any reports of problems from elsewhere, which points to a local problem at your site. Ohlenmacher, Olaf wrote: > Hello, > our customer reported that he received an infected email. This email was > scanned from MailScanner (Version 4.52.2 on RedHat EL ES 3) with Sophos > and ClamAV (Version 0.88.2). This email was infected by > "Worm.SomeFool.X-msg" (identified by ClamAV). I browsed through the logs > and found a warning saying "Other Checks: Found 1 problems" for the ID > of this email (see below). > > On this i looked for this warning and see it clutering my logs. So i > suspect that many other viruses were not identified and email not > desinfected. > > I looked through Changelog and the last two months of the mailing lists > postings but found nothing that seems to be appropriate. > > Is this failure caused by a known bug or is it caused by configuration > error? > > Help is appreciated! Any ideas?! > > Regards, > Olf > > Logs for MailScanner Batch with 2 Emails: > * k5C7P8Vo007635 (unidentified Worm.SomeFool.X-msg) and > * k5C7P8P0007637 (identified W32/Zafi-B) > > --- schnipp --- > Jun 12 09:25:16 jahrverl-li01 MailScanner[32026]: Message k5C7P8Vo007635 > from 193.238.104.252 (wwwrun@server27.serverflex.de) to blinker.de is > spam, spamcop.n > et, SpamAssassin (score=-4.199, required 6, autolearn=not spam, > ALL_TRUSTED -1.80, BAYES_00 -2.60, DNS_FROM_RFC_ABUSE 0.20) > Jun 12 09:25:16 jahrverl-li01 MailScanner[32026]: SpamAssassin cache hit > for message k5C7P8P0007637 > Jun 12 09:25:16 jahrverl-li01 MailScanner[32026]: Spam Checks: Found 1 > spam messages > Jun 12 09:25:16 jahrverl-li01 MailScanner[32026]: Spam Actions: message > k5C7P8Vo007635 actions are deliver > Jun 12 09:25:17 jahrverl-li01 MailScanner[32026]: Virus and Content > Scanning: Starting > Jun 12 09:25:19 jahrverl-li01 MailScanner[32026]: Virus Scanning: Sophos > found 1 infections > Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: > /data/spool/MailScanner/incoming/32026/./k5C7P8P0007637/link.flashcard.d > e.viewcard34.php.2672aB.pif: Worm.Za > fi.B FOUND > Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Virus Scanning: ClamAV > found 1 infections > Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Infected message > k5C7P8P0007637 came from 195.56.241.94 > Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Virus Scanning: Found > 1 viruses > Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Filename Checks: > Possible MS-Dos program shortcut attack (k5C7P8P0007637 > link.flashcard.de.viewcard34.php.26 > 72aB.pif)Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Other Checks: > Found 1 problems > Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Viruses marked as > silent: Sophos: >>> Virus 'W32/Zafi-B' found in file > ./k5C7P8P0007637/link.flashcard.de.vi > ewcard34.php.2672aB.pif,ClamAV: > link.flashcard.de.viewcard34.php.2672aB.pif contains Worm.Zafi.B > Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Uninfected: Delivered > 1 messages > Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Silent: Delivered 1 > messages containing silent viruses > Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Notices: Warned about > 1 messages > Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Batch (2 messages) > processed in 10.09 seconds > --- schnapp --- > > > ************************************************************************************* > The message is intended for the named addressee only and may not be disclosed to or used by anyone else, nor may it be copied in any way. > > The contents of this message and its attachments are confidential and may also be subject to legal privilege. If you are not the named addressee and/or have received this message in error, please advise us by e-mailing security@colt.net and delete the message and any attachments without retaining any copies. > > Internet communications are not secure and COLT does not accept responsibility for this message, its contents nor responsibility for any viruses. > > No contracts can be created or varied on behalf of COLT Telecommunications, its subsidiaries or affiliates ("COLT") and any other party by email Communications unless expressly agreed in writing with such other party. > > Please note that incoming emails will be automatically scanned to eliminate potential viruses and unsolicited promotional emails. For more information refer to www.colt.net or contact us on +44(0)20 7390 3900. > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRJBZsxH2WUcUFbZUEQLgBgCg+ueJ9Z3lOj3RUh4jLecVBfXDG1IAnjsN IP8sPMEjnfoMp3/x1GMpX7m9 =TjLF -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From dhawal at netmagicsolutions.com Wed Jun 14 21:14:17 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Jun 14 21:14:54 2006 Subject: OT: Setting Up DNSBL using RBLDNSD In-Reply-To: <034601c68fb4$31602e70$88c5c657@arthur> References: <034601c68fb4$31602e70$88c5c657@arthur> Message-ID: <20060614201417.9172.qmail@mymail.netmagicians.com> Michele Neylon :: Blacknight Solutions writes: > Has anyone any tips on doing this? > > I do not want to mirror existing data (I already am :) ) > > I want to setup my own DNSBL to catch the junk that the other DNSBLS miss.. > > The only tutorials / guides I've found either refer explicitly to Bind or > make reference to rbldns-conf, which doesn't appear to exist on Ubuntu > > Any tips, thoughts or even flames are welcome Michele, i use a combination of SEC (http://simple-evcorr.sf.net/), inserting IPs sending spam mails (at 3 per minute) and virus infected mails (at 2 per minute) in to a mysql database (though you could use a flat file). This is picked up by a remote machine running rbldnsd. I could send you mailscanner related SEC rules if required, though its really simple (as compared to swatch). The results vary from amazing to zilch at times, since i expire the data after an hour.. - dhawal > TIA > > Michele From arturs at netvision.net.il Wed Jun 14 22:14:14 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Wed Jun 14 21:16:02 2006 Subject: How to setup rules? Message-ID: <00cf01c68ff7$7d6a7260$3701a8c0@lapxp> Hi, I have never used MailScanner/Spamassassin rules. Could someone point me please to place where I could learn to use/implement them? I get a lot of spam ranked 1 to 3 points. Thank you. Best, -- Arthur Sherman +972-52-4878851 CPTeam From mkettler at evi-inc.com Wed Jun 14 22:06:45 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Jun 14 22:06:55 2006 Subject: How to setup rules? In-Reply-To: <00cf01c68ff7$7d6a7260$3701a8c0@lapxp> References: <00cf01c68ff7$7d6a7260$3701a8c0@lapxp> Message-ID: <44907A65.1020803@evi-inc.com> Arthur Sherman wrote: > Hi, > > I have never used MailScanner/Spamassassin rules. > > Could someone point me please to place where I could learn to use/implement > them? I can't help you much with MailScanner rules, as I personally don't use them that often. Really MailScanner rules are more for controlling who's mail gets scanned, etc. As for SpamAssassin rules, there's a fairly comprehensive guide in the wiki: http://wiki.apache.org/spamassassin/WritingRules > > I get a lot of spam ranked 1 to 3 points. SA rules are what you need. It's also worth checking some of your low-scoring spam. Make sure none of it matches ALL_TRUSTED. If *any* outside mail matches ALL_TRUSTED, read the following wiki article on setting up your trusted_networks manually. http://wiki.apache.org/spamassassin/TrustPath From michele at blacknight.ie Wed Jun 14 22:08:09 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Wed Jun 14 22:08:19 2006 Subject: How to setup rules? In-Reply-To: <00cf01c68ff7$7d6a7260$3701a8c0@lapxp> References: <00cf01c68ff7$7d6a7260$3701a8c0@lapxp> Message-ID: <44907AB9.5000205@blacknight.ie> Arthur Sherman wrote: > Hi, > > I have never used MailScanner/Spamassassin rules. > > Could someone point me please to place where I could learn to use/implement > them? > > I get a lot of spam ranked 1 to 3 points. > > Thank you. > Arthur Are you currently using the stock spam assassin rules only? If so I'd recommend you look at Rules Du Jour (http://www.exit0.us/index.php?pagename=RulesDuJour) Steve Swaney has a handy installer for MS servers: http://www.fsl.com/support/Rules_Du_Jour.tar.gz BUT I would urge you to check what the rules do before implementing them blindly :) See: http://www.rulesemporium.com/ Michele -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From res at ausics.net Wed Jun 14 22:23:58 2006 From: res at ausics.net (Res) Date: Wed Jun 14 22:24:05 2006 Subject: OT: Setting Up DNSBL using RBLDNSD In-Reply-To: <449023C3.4030602@pacific.net> References: <034601c68fb4$31602e70$88c5c657@arthur> <449023C3.4030602@pacific.net> Message-ID: On Wed, 14 Jun 2006, Ken A wrote: > There's got to be a config file if you are running rbldnsd. Its run via command arguments ours is (minus the real IP of our RBL) /usr/local/bin/rbldnsd -c 60 -b 202.x.x.x \ rbl.name:ip4set:/var/lib/rbldns/rblgen -c checks for changes to the conf file every 60 seconds so you dont have to restart it. -b is the real ip of the server rbl.name is some name you call it and the file rblgen holds the ip's of the buggers you dont want, you can do it via name based but this requirs modification to yourr mail server software to deal with it the format of the rblgen file is explained in the tarball > > Michele Neylon :: Blacknight Solutions wrote: >> Has anyone any tips on doing this? >> >> I do not want to mirror existing data (I already am :) ) >> -- Cheers Res From wintermutecx at gmail.com Wed Jun 14 22:42:20 2006 From: wintermutecx at gmail.com (Dave) Date: Wed Jun 14 22:42:22 2006 Subject: force autolearn In-Reply-To: <448F1F7F.1070003@evi-inc.com> References: <448F1F7F.1070003@evi-inc.com> Message-ID: On 6/13/06, Matt Kettler wrote: > Dave wrote: > > In the future, I'll set up the MTA to not process mail that doesn't > > have an end user. In the interim, is the original question possible? > > Force autolearn using a custom rule? > > As I said before, custom rules are factored into the autolearning, and are > treated no differently that the rules that come with SA. > > However, you will need at least TWO rules to force autolearning as spam. One > rule alone cannot force autolearning, no matter how high the score of that rule is. > > In order to learn as spam, a message must have at least 3.0 worth of points from > header rules, AND 3.0 worth of points from body rules. This is a hard-coded > requirement that exists regardless of what your autolearn threshold is. > > > You also can't force autolearn to learn anything that would have scored very low > on the BAYES scale to begin with. ie: regardless of score, and no matter how > many rules fire, the autolearner will not learn as spam anything that would have > hit BAYES_00 or BAYES_05. > > (note: I'm assuming SA 3.1.0 here.. the exact sets of rules that cause this > exemption have changed over time because it's based on the score of the bayes > rules being less than -1.0. ) > > In your current situation, these features might seem like a pain, but they're > there for a reason. They're all there as safety nets to reduce the chance of the > autolearner polluting the bayes database if one rule starts false-firing. > Thanks Matt, that clears things up. I missed your first post. I'll just leave the 5 point hearder rule for now and setup a cron job and spamtrap account later. From ian at topix.com Wed Jun 14 23:06:15 2006 From: ian at topix.com (Ian Haskin) Date: Wed Jun 14 23:06:19 2006 Subject: Problem with New Install Message-ID: <44908857.3050302@topix.com> I just finished setting up and testing a new install of Mailscanner/Postfix/ClamAV/Spamassassin on a Fedora 4 machine. The server setup was taken from: http://www.linuxhelp.ca/forums/index.php?act=ST&f=3&t=3647 I'm running into a problem where mail can be sent to a local recipient, it's scanned, but it sits in /var/spool/postfix/incoming until I '/etc/init.d/MailScanner restart' at which time the message is actually delivered to /var/spool/mail/'local_recipient' I'm at a loss why, I believe, postfix must be restarted in order to deliver the mail. Any ideas? Thanks in advance! Ian From ugob at camo-route.com Wed Jun 14 23:46:10 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Wed Jun 14 23:46:29 2006 Subject: Sendmail Vul. Message-ID: See these and upgrade accordingly: https://rhn.redhat.com/errata/RHSA-2006-0515.html http://www.sendmail.org/releases/8.13.7.html From uxbod at splatnix.net Thu Jun 15 01:22:32 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Thu Jun 15 00:23:12 2006 Subject: Blocked Virus Files Message-ID: <20060615002232.2407e153@cyborg> Hi, a supplier is trying to send me some files that include .css and .js content. The anti-virus element of MailScanner is stopping these due to the content. I have added the user to the spam whitelist, but they still get blocked. How can I allow this email through from the supplier ? Thanks, -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Jeff.Mills at versacold.com.au Thu Jun 15 00:40:54 2006 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Thu Jun 15 00:41:01 2006 Subject: Blocked Virus Files Message-ID: <197F21E06E4D2A478519EA9078D6AA1C01B0AF79@poclexch.AU.POCOLD.POCL> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of > --[UxBoD]-- > Sent: Thursday, 15 June 2006 10:23 AM > To: mailscanner@lists.mailscanner.info > Subject: Blocked Virus Files > > > Hi, > > a supplier is trying to send me some files that include .css > and .js content. The anti-virus element of MailScanner is > stopping these due to the > content. I have added the user to the spam whitelist, but > they still get blocked. How can I allow this email through > from the supplier ? > > Thanks, have a look at filename and filetype rules? *** "This company is now part of the Versacold Holdings Corp. and is no longer owned by or affiliated with the P&O Group" *** Please update your address books: Was: firstname.lastname@pocold.com.au Now: firstname.lastname@versacold.com.au ************** www.versacold.com ************** From michele at blacknight.ie Thu Jun 15 00:42:43 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Thu Jun 15 00:42:45 2006 Subject: Blocked Virus Files In-Reply-To: <20060615002232.2407e153@cyborg> References: <20060615002232.2407e153@cyborg> Message-ID: <44909EF3.2080002@blacknight.ie> --[UxBoD]-- wrote: > Hi, > > a supplier is trying to send me some files that include .css and .js content. The anti-virus element of MailScanner is stopping these due to the > content. I have added the user to the spam whitelist, but they still get blocked. How can I allow this email through from the supplier ? > > Thanks, > Get them to put the files in a zip and check the settings in your MailScanner.conf -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From taz at taz-mania.com Thu Jun 15 00:42:44 2006 From: taz at taz-mania.com (Dennis Willson) Date: Thu Jun 15 00:42:49 2006 Subject: Blocked Virus Files In-Reply-To: <20060615002232.2407e153@cyborg> References: <20060615002232.2407e153@cyborg> Message-ID: <44909EF4.2080100@taz-mania.com> I have my MailScanner set to allow these only if they're in a ZIP file. That way it's a lot more effort for a user to "accidently" execute them. But if someone really needs to send these, they can. I know that's not 100% secure, but I have to allow my users to receive them in one form or another and using a ZIP file was the least risky I could think of and still let them exchange these kind of files. --[UxBoD]-- wrote: >Hi, > >a supplier is trying to send me some files that include .css and .js content. The anti-virus element of MailScanner is stopping these due to the >content. I have added the user to the spam whitelist, but they still get blocked. How can I allow this email through from the supplier ? > >Thanks, > > > -- ---------------------------------- Dennis Willson mailto:taz@taz-mania.com http://www.taz-mania.com Owner / Operator, Kepnet Internet Services -------------- next part -------------- A non-text attachment was scrubbed... Name: taz.vcf Type: text/x-vcard Size: 219 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060614/847b8263/taz.vcf From uxbod at splatnix.net Thu Jun 15 02:53:46 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Thu Jun 15 01:54:27 2006 Subject: Blocked Virus Files In-Reply-To: <44909EF4.2080100@taz-mania.com> References: <20060615002232.2407e153@cyborg> <44909EF4.2080100@taz-mania.com> Message-ID: <20060615015346.4ae507dd@cyborg> Sorry to sound so dumb, but how did you set this up in MailScanner ? Im learning all the time, so time to get C/C out and get the book ;) Thanks, Phil On Wed, 14 Jun 2006 16:42:44 -0700 Dennis Willson wrote: > I have my MailScanner set to allow these only if they're in a ZIP file. > That way it's a lot more effort for a user to "accidently" execute them. > But if someone really needs to send these, they can. > I know that's not 100% secure, but I have to allow my users to receive > them in one form or another and using a ZIP file was the least risky I > could think of and still let them exchange these kind of files. > > --[UxBoD]-- wrote: > > >Hi, > > > >a supplier is trying to send me some files that include .css and .js content. The anti-virus element of MailScanner is stopping these due to the > >content. I have added the user to the spam whitelist, but they still get blocked. How can I allow this email through from the supplier ? > > > >Thanks, > > > > > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From michele at blacknight.ie Thu Jun 15 02:04:08 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Thu Jun 15 02:04:11 2006 Subject: Blocked Virus Files In-Reply-To: <20060615015346.4ae507dd@cyborg> References: <20060615002232.2407e153@cyborg> <44909EF4.2080100@taz-mania.com> <20060615015346.4ae507dd@cyborg> Message-ID: <4490B208.7060103@blacknight.ie> --[UxBoD]-- wrote: > Sorry to sound so dumb, but how did you set this up in MailScanner ? > > Im learning all the time, so time to get C/C out and get the book ;) > Have a look for the option related to scanning within zips... It's too late for me to check any of my own configs :) -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From uxbod at splatnix.net Thu Jun 15 03:15:04 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Thu Jun 15 02:15:39 2006 Subject: Blocked Virus Files In-Reply-To: <4490B208.7060103@blacknight.ie> References: <20060615002232.2407e153@cyborg> <44909EF4.2080100@taz-mania.com> <20060615015346.4ae507dd@cyborg> <4490B208.7060103@blacknight.ie> Message-ID: <20060615021504.0f3288cc@cyborg> No problem - thanks for the pointer ;) oops, tis late must put a clock in my office :D ! On Thu, 15 Jun 2006 02:04:08 +0100 "Michele Neylon :: Blacknight.ie" wrote: > --[UxBoD]-- wrote: > > Sorry to sound so dumb, but how did you set this up in MailScanner ? > > > > Im learning all the time, so time to get C/C out and get the book ;) > > > > Have a look for the option related to scanning within zips... It's too > late for me to check any of my own configs :) > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Thu Jun 15 10:31:16 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jun 15 10:31:33 2006 Subject: New Sendmail security feature In-Reply-To: <44905611.2000406@pacific.net> References: <44904B7A.4060200@rogers.com> <44905611.2000406@pacific.net> Message-ID: Ken A wrote on Wed, 14 Jun 2006 11:31:45 -0700: > "by limiting the maximum message size accepted by your server (via the > sendmail MaxMessageSize option), you can eliminate the attack completely." > > Does anyone using sendmail NOT limit max message size you'll accept? well, they are "vague" about the size. Even the original advisory at http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc just says "very large". What is "very large"? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From drew at themarshalls.co.uk Thu Jun 15 12:07:08 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Thu Jun 15 12:07:25 2006 Subject: Problem with New Install In-Reply-To: <44908857.3050302@topix.com> References: <44908857.3050302@topix.com> Message-ID: <39022.194.70.180.170.1150369628.squirrel@webmail.r-bit.net> On Wed, June 14, 2006 23:06, Ian Haskin wrote: > I just finished setting up and testing a new install of > Mailscanner/Postfix/ClamAV/Spamassassin on a Fedora 4 machine. > > The server setup was taken from: > http://www.linuxhelp.ca/forums/index.php?act=ST&f=3&t=3647 > > I'm running into a problem where mail can be sent to a local recipient, > it's scanned, but it sits in /var/spool/postfix/incoming until I > '/etc/init.d/MailScanner restart' at which time the message is actually > delivered to /var/spool/mail/'local_recipient' > > I'm at a loss why, I believe, postfix must be restarted in order to > deliver the mail. Any chance of a log excerpt? What do you have in MailScanner.conf regarding the delivery options, batch or queue? (You will find this towards the bottom of the file). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From glenn.steen at gmail.com Thu Jun 15 12:28:33 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jun 15 12:28:35 2006 Subject: How to split messages per recipient with postfix. Message-ID: <223f97700606150428md0208d7ma6928e38845552dc@mail.gmail.com> Behold ye unbelievers: http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:split_mails_per_recipient Please do read through this, try it out, comment and flame away:-) I finally had a few moments of time, and was anyway in the process of setting up a new testbed ... A lot of you have simply not believed me when I've said that this can easily be done with Postfix (well, "easily" might be saying to much:-), so I thought I'd spend the extra minutes on setting it up and testing it... and documenting it, as well. So Pete (Russell), no need to look further than the above link:-) BTW, Jules... This means I finally have a testbed worth its salt... Add me to your beta-testers. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From uxbod at splatnix.net Thu Jun 15 14:04:35 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Thu Jun 15 13:05:08 2006 Subject: How to split messages per recipient with postfix. In-Reply-To: <223f97700606150428md0208d7ma6928e38845552dc@mail.gmail.com> References: <223f97700606150428md0208d7ma6928e38845552dc@mail.gmail.com> Message-ID: <20060615130435.6e85426c@cyborg> Very cool, and very clear documentation aswell - well done :) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From samp at arial-concept.com Thu Jun 15 13:35:40 2006 From: samp at arial-concept.com (Sam Przyswa) Date: Thu Jun 15 13:35:55 2006 Subject: Rulesest format in smap.whitelist.rules Message-ID: <4491541C.5000203@arial-concept.com> Hi, Is it possible to use the regex format in spam.whitelist.rules as: From: smtp*.orange.fr yes to permit the smtp1.orange.fr, smtp2.orange.fr, smtpX.orange.fr etc ? Sam. -- Sam Przyswa - Chef de projet Arial Concept - Int?grateur Internet 36, rue de Turin - 75008 - Paris - France Tel: 01 40 54 86 04 - 0870 444 596 - Fax: 01 40 54 83 01 Skype ID: arial-concept Web: http://www.arial-concept.com - Email: Info@arial-concept.com -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. From drew at themarshalls.co.uk Thu Jun 15 13:37:31 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Thu Jun 15 13:37:47 2006 Subject: How to split messages per recipient with postfix. In-Reply-To: <223f97700606150428md0208d7ma6928e38845552dc@mail.gmail.com> References: <223f97700606150428md0208d7ma6928e38845552dc@mail.gmail.com> Message-ID: <39586.194.70.180.170.1150375051.squirrel@webmail.r-bit.net> On Thu, June 15, 2006 12:28, Glenn Steen wrote: > Behold ye unbelievers: > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:split_mails_per_recipient Never a disbeliever, just like you no time to do it :-) > Please do read through this, try it out, comment and flame away:-) > > I finally had a few moments of time, and was anyway in the process of > setting up a new testbed ... A lot of you have simply not believed me > when I've said that this can easily be done with Postfix (well, > "easily" might be saying to much:-), so I thought I'd spend the extra > minutes on setting it up and testing it... and documenting it, as > well. > > So Pete (Russell), no need to look further than the above link:-) > > BTW, Jules... This means I finally have a testbed worth its salt... > Add me to your beta-testers. Nice work Glenn. Good to see (IMHO) the Postfix docs still surpassing those of anyother MTA in the wiki ;-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From amoore at dekalbmemorial.com Thu Jun 15 14:07:56 2006 From: amoore at dekalbmemorial.com (Aaron K. Moore) Date: Thu Jun 15 14:08:00 2006 Subject: Setting Up DNSBL using RBLDNSD Message-ID: <60D398EB2DB948409CA1F50D8AF12257012FDF37@exch1.dekalbmemorial.local> Michele Neylon :: Blacknight Solutions wrote: > Has anyone any tips on doing this? > > I do not want to mirror existing data (I already am :) ) > > I want to setup my own DNSBL to catch the junk that the other DNSBLS > miss.. Check out these sites. www.corpit.ru is the main site for rbldnsd. I got some help off of the rbldnsd mailing list when setting it up here a week or so ago. http://www.corpit.ru/mjt/rbldnsd.html http://www.corpit.ru/mjt/rbldnsd/rbldnsd.8.html http://www.tqmcube.com/rbldnsd.php > > The only tutorials / guides I've found either refer explicitly to > Bind or make reference to rbldns-conf, which doesn't appear to exist > on Ubuntu I compiled and installed it from the source. Rbldnsd only takes it's configuration information on the command line, so you'll probably want to create your own startup script. I have some custom code that I've added to MailScanner that stores information about mail processed by MailScanner which has been classified as spam or having viruses. I then have another program that checks those log entries and generates a blacklist in rbldnsd format. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com From Denis.Beauchemin at USherbrooke.ca Thu Jun 15 14:07:39 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jun 15 14:08:25 2006 Subject: Rulesest format in smap.whitelist.rules In-Reply-To: <4491541C.5000203@arial-concept.com> References: <4491541C.5000203@arial-concept.com> Message-ID: <44915B9B.9060807@USherbrooke.ca> Sam Przyswa a ?crit : > Hi, > > Is it possible to use the regex format in spam.whitelist.rules as: > > From: smtp*.orange.fr yes > > to permit the smtp1.orange.fr, smtp2.orange.fr, smtpX.orange.fr etc ? > > Sam. > Sam, It should work just fine. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060615/780f68a6/smime.bin From samp at arial-concept.com Thu Jun 15 14:16:45 2006 From: samp at arial-concept.com (Sam Przyswa) Date: Thu Jun 15 14:16:58 2006 Subject: Rulesest format in smap.whitelist.rules In-Reply-To: <44915B9B.9060807@USherbrooke.ca> References: <4491541C.5000203@arial-concept.com> <44915B9B.9060807@USherbrooke.ca> Message-ID: <44915DBD.7080809@arial-concept.com> Denis Beauchemin a ?crit : > Sam Przyswa a ?crit : > >> Hi, >> >> Is it possible to use the regex format in spam.whitelist.rules as: >> >> From: smtp*.orange.fr yes >> >> to permit the smtp1.orange.fr, smtp2.orange.fr, smtpX.orange.fr etc ? >> >> Sam. >> > Sam, > > It should work just fine. Great ! Thanks Sam. -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. From cconn at abacom.com Thu Jun 15 14:18:20 2006 From: cconn at abacom.com (Chris Conn) Date: Thu Jun 15 14:18:26 2006 Subject: New Sendmail security feature In-Reply-To: References: <44904B7A.4060200@rogers.com> <44905611.2000406@pacific.net> Message-ID: <44915E1C.5070305@abacom.com> Changing the queue sort order to random is also listed as a workaround. Upgrading works too =) Chris Kai Schaetzl wrote: > Ken A wrote on Wed, 14 Jun 2006 11:31:45 -0700: > > >>"by limiting the maximum message size accepted by your server (via the >>sendmail MaxMessageSize option), you can eliminate the attack completely." >> >>Does anyone using sendmail NOT limit max message size you'll accept? > > > well, they are "vague" about the size. Even the original advisory at > http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc > just says "very large". What is "very large"? > > Kai > From glenn.steen at gmail.com Thu Jun 15 14:20:44 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jun 15 14:20:47 2006 Subject: How to split messages per recipient with postfix. In-Reply-To: <39586.194.70.180.170.1150375051.squirrel@webmail.r-bit.net> References: <223f97700606150428md0208d7ma6928e38845552dc@mail.gmail.com> <39586.194.70.180.170.1150375051.squirrel@webmail.r-bit.net> Message-ID: <223f97700606150620l1ba4566bn5e1a1d1a3d1df061@mail.gmail.com> On 15/06/06, Drew Marshall wrote: > On Thu, June 15, 2006 12:28, Glenn Steen wrote: > > Behold ye unbelievers: > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:split_mails_per_recipient > > Never a disbeliever, just like you no time to do it :-) :-) > > Please do read through this, try it out, comment and flame away:-) > > > > I finally had a few moments of time, and was anyway in the process of > > setting up a new testbed ... A lot of you have simply not believed me > > when I've said that this can easily be done with Postfix (well, > > "easily" might be saying to much:-), so I thought I'd spend the extra > > minutes on setting it up and testing it... and documenting it, as > > well. > > > > So Pete (Russell), no need to look further than the above link:-) > > > > BTW, Jules... This means I finally have a testbed worth its salt... > > Add me to your beta-testers. > > Nice work Glenn. Good to see (IMHO) the Postfix docs still surpassing > those of anyother MTA in the wiki ;-) > Thanks guys! I was a bit wondering about the blurb in theMAQ... AFAICR, exim is said to be able to do this, but the MAQ only detail Sendmail... and (now) Postfix... I guess Martin (or someone) has a bit of typing to do:-):-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From bpumphrey at woodmclaw.com Thu Jun 15 14:24:53 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Thu Jun 15 14:24:56 2006 Subject: Spamassassin errors all of a sudden Message-ID: <04D932B0071FE34FA63EBB1977B48D15014893DF@woodenex.woodmaclaw.local> > > --On June 14, 2006 11:43:56 AM -0400 "Billy A. Pumphrey" > wrote: > > > ... well too many. There are 141 errors in there. Please take a look > > and see if there is something obvious that I cannot see. I got fairly > > familiar with the MailScanner/spamassassin system, but with my knowledge > > the only thing that I can think of is to upgrade but I want to wait and > > see if that is the best thing to do. > > Let's start with the simple things. :) What version of SA do you _think_ > you are running ? > > The log you posted thinks you're running 3.0.6 . > > --> debug: SpamAssassin version 3.0.6 > I was assuming that would be my version. There is a directory named: /usr/share/doc/spamassassin-3.0.6 When I did a search for spamassassin I did not see any other directories other than 3.0.6 Might have Rules_du_jour updated a rule that required spamassassin 3.1? I did not change any of the rules myself and I have not seen rules_du_jour do that before. > Then later we see these lines, that indicate these rules are for version > 3.1.0 . My guess is that you have one version of SA installed in one > place > and another in somewhere else. > > configuration file "/usr/share/spamassassin/20_advance_fee.cf" requires > version 3.001001 of SpamAssassin, but this is code version 3.000006. Maybe > you need to use the -C switch, or remove the old config files? Skipping > this file at > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line > 332. > > configuration file "/usr/share/spamassassin/20_net_tests.cf" requires > version 3.001001 of SpamAssassin, but this is code version 3.000006. Maybe > you need to use the -C switch, or remove the old config files? Skipping > this file at > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line > 332. > > > > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > From bpumphrey at woodmclaw.com Thu Jun 15 14:43:05 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Thu Jun 15 14:43:11 2006 Subject: Spamassassin errors all of a sudden Message-ID: <04D932B0071FE34FA63EBB1977B48D15014893F2@woodenex.woodmaclaw.local> > > Let's start with the simple things. :) What version of SA do you _think_ > you are running ? > > The log you posted thinks you're running 3.0.6 . > > --> debug: SpamAssassin version 3.0.6 Now I have found the init.pre and the v310.pre files. So looks like it was upgraded to 310. hhmm trying to figure out what to do next. > > Then later we see these lines, that indicate these rules are for version > 3.1.0 . My guess is that you have one version of SA installed in one > place > and another in somewhere else. > > configuration file "/usr/share/spamassassin/20_advance_fee.cf" requires > version 3.001001 of SpamAssassin, but this is code version 3.000006. Maybe > you need to use the -C switch, or remove the old config files? Skipping > this file at > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line > 332. > > configuration file "/usr/share/spamassassin/20_net_tests.cf" requires > version 3.001001 of SpamAssassin, but this is code version 3.000006. Maybe > you need to use the -C switch, or remove the old config files? Skipping > this file at > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line > 332. > > > > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. From bpumphrey at woodmclaw.com Thu Jun 15 15:04:46 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Thu Jun 15 15:04:50 2006 Subject: Spamassassin errors all of a sudden Message-ID: <04D932B0071FE34FA63EBB1977B48D1501489423@woodenex.woodmaclaw.local> All might be good now. I upgraded to 3.1.3 and I don't see any problems. We'll see. bayes_ignore_header X-YOURDOMAIN-COM-MailScanner109,133%[?12l[?25h[?25 l:[?12l[?25hq[?25l[?12l[?25h![?25l[?12l[?25h [?25l[?1l>[?12l[?25h[?1049l]0;root@WoodenMS2:/et c/MailScanner [root@WoodenMS2 MailScanner]# spmsma.am.assassin. assassin -D 0--lint -p /etc/MailScanner/spam.as sassin.prefs.conf [23868] dbg: logger: adding facilities: all [23868] dbg: logger: logging level is DBG [23868] dbg: generic: SpamAssassin version 3.1.3 [23868] dbg: config: score set 0 chosen. [23868] dbg: util: running in taint mode? yes [23868] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [23868] dbg: util: PATH included '/usr/kerberos/sbin', keeping [23868] dbg: util: PATH included '/usr/kerberos/bin', keeping [23868] dbg: util: PATH included '/usr/local/sbin', keeping [23868] dbg: util: PATH included '/usr/local/bin', keeping [23868] dbg: util: PATH included '/sbin', keeping [23868] dbg: util: PATH included '/bin', keeping [23868] dbg: util: PATH included '/usr/sbin', keeping [23868] dbg: util: PATH included '/usr/bin', keeping [23868] dbg: util: PATH included '/usr/X11R6/bin', keeping [23868] dbg: util: PATH included '/root/bin', which doesn't exist, dropping [23868] dbg: util: final PATH set to: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbi n:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin [23868] dbg: message: ---- MIME PARSER START ---- [23868] dbg: message: main message type: text/plain [23868] dbg: message: parsing normal part [23868] dbg: message: added part, type: text/plain [23868] dbg: message: ---- MIME PARSER END ---- [23868] dbg: dns: is Net::DNS::Resolver available? yes [23868] dbg: dns: Net::DNS version: 0.48 [23868] dbg: diag: perl platform: 5.008005 linux [23868] dbg: diag: module installed: Digest::SHA1, version 2.10 [23868] dbg: diag: module installed: Razor2::Client::Agent, version 2.80 [23868] dbg: diag: module not installed: Net::Ident ('require' failed) [23868] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed) [23868] dbg: diag: module not installed: IO::Socket::SSL ('require' failed) [23868] dbg: diag: module installed: Time::HiRes, version 1.68 [23868] dbg: diag: module installed: DBI, version 1.50 [23868] dbg: diag: module installed: Getopt::Long, version 2.34 [23868] dbg: diag: module installed: LWP::UserAgent, version 2.031 [23868] dbg: diag: module installed: HTTP::Date, version 1.46 [23868] dbg: diag: module installed: Archive::Tar, version 1.29 [23868] dbg: diag: module installed: IO::Zlib, version 1.04 [23868] dbg: diag: module installed: DB_File, version 1.809 [23868] dbg: diag: module installed: HTML::Parser, version 3.48 [23868] dbg: diag: module installed: MIME::Base64, version 3.05 [23868] dbg: diag: module installed: Net::DNS, version 0.48 [23868] dbg: diag: module installed: Net::SMTP, version 2.29 [23868] dbg: diag: module not installed: Mail::SPF::Query ('require' failed) [23868] dbg: diag: module not installed: IP::Country::Fast ('require' failed) [23868] dbg: ignore: using a test message to lint rules [23868] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [23868] dbg: config: read file /etc/mail/spamassassin/init.pre [23868] dbg: config: read file /etc/mail/spamassassin/v310.pre [23868] dbg: config: read file /etc/mail/spamassassin/v312.pre [23868] dbg: config: using "/usr/share/spamassassin" for sys rules pre files [23868] dbg: config: using "/usr/share/spamassassin" for default rules dir [23868] dbg: config: read file /usr/share/spamassassin/10_misc.cf [23868] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf [23868] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf [23868] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf [23868] dbg: config: read file /usr/share/spamassassin/20_compensate.cf [23868] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf [23868] dbg: config: read file /usr/share/spamassassin/20_drugs.cf [23868] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf [23868] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf [23868] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf [23868] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf [23868] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf [23868] dbg: config: read file /usr/share/spamassassin/20_phrases.cf [23868] dbg: config: read file /usr/share/spamassassin/20_porn.cf [23868] dbg: config: read file /usr/share/spamassassin/20_ratware.cf [23868] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf [23868] dbg: config: read file /usr/share/spamassassin/23_bayes.cf [23868] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf [23868] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf [23868] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf [23868] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf [23868] dbg: config: read file /usr/share/spamassassin/25_dcc.cf [23868] dbg: config: read file /usr/share/spamassassin/25_dkim.cf [23868] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf [23868] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf [23868] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf [23868] dbg: config: read file /usr/share/spamassassin/25_razor2.cf [23868] dbg: config: read file /usr/share/spamassassin/25_replace.cf [23868] dbg: config: read file /usr/share/spamassassin/25_spf.cf [23868] dbg: config: read file /usr/share/spamassassin/25_textcat.cf [23868] dbg: config: read file /usr/share/spamassassin/25_uribl.cf [23868] dbg: config: read file /usr/share/spamassassin/30_text_de.cf [23868] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf [23868] dbg: config: read file /usr/share/spamassassin/30_text_it.cf [23868] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf [23868] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf [23868] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf [23868] dbg: config: read file /usr/share/spamassassin/50_scores.cf [23868] dbg: config: read file /usr/share/spamassassin/60_awl.cf [23868] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf [23868] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf [23868] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf [23868] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf [23868] dbg: config: using "/etc/mail/spamassassin" for site rules dir [23868] dbg: config: read file /etc/mail/spamassassin/70_sare_adult.cf [23868] dbg: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf [23868] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum2.cf [23868] dbg: config: read file /etc/mail/spamassassin/70_sare_genlsubj0.cf [23868] dbg: config: read file /etc/mail/spamassassin/70_sare_genlsubj1.cf [23868] dbg: config: read file /etc/mail/spamassassin/70_sare_genlsubj2.cf [23868] dbg: config: read file /etc/mail/spamassassin/70_sare_genlsubj3.cf [23868] dbg: config: read file /etc/mail/spamassassin/70_sare_html0.cf [23868] dbg: config: read file /etc/mail/spamassassin/70_sare_html1.cf [23868] dbg: config: read file /etc/mail/spamassassin/70_sare_html2.cf [23868] dbg: config: read file /etc/mail/spamassassin/70_sare_html3.cf [23868] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu.cf [23868] dbg: config: read file /etc/mail/spamassassin/70_sare_oem.cf [23868] dbg: config: read file /etc/mail/spamassassin/70_sare_random.cf [23868] dbg: config: read file /etc/mail/spamassassin/70_sare_specific.cf [23868] dbg: config: read file /etc/mail/spamassassin/70_sare_spoof.cf [23868] dbg: config: read file /etc/mail/spamassassin/70_sare_stocks.cf [23868] dbg: config: read file /etc/mail/spamassassin/70_sare_unsub.cf [23868] dbg: config: read file /etc/mail/spamassassin/70_sare_uri0.cf [23868] dbg: config: read file /etc/mail/spamassassin/70_sare_uri1.cf [23868] dbg: config: read file /etc/mail/spamassassin/70_sare_uri3.cf [23868] dbg: config: read file /etc/mail/spamassassin/70_sare_whitelist_rcvd.cf [23868] dbg: config: read file /etc/mail/spamassassin/70_sare_whitelist_spf.cf [23868] dbg: config: read file /etc/mail/spamassassin/70_sc_top200.cf [23868] dbg: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf [23868] dbg: config: read file /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf [23868] dbg: config: read file /etc/mail/spamassassin/88_FVGT_body.cf [23868] dbg: config: read file /etc/mail/spamassassin/88_FVGT_headers.cf [23868] dbg: config: read file /etc/mail/spamassassin/88_FVGT_rawbody.cf [23868] dbg: config: read file /etc/mail/spamassassin/88_FVGT_subject.cf [23868] dbg: config: read file /etc/mail/spamassassin/88_FVGT_uri.cf [23868] dbg: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf [23868] dbg: config: read file /etc/mail/spamassassin/antidrug.cf [23868] dbg: config: read file /etc/mail/spamassassin/backhair.cf [23868] dbg: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf [23868] dbg: config: read file /etc/mail/spamassassin/chickenpox.cf [23868] dbg: config: read file /etc/mail/spamassassin/local.cf [23868] dbg: config: read file /etc/mail/spamassassin/mangled.cf [23868] dbg: config: read file /etc/mail/spamassassin/tripwire.cf [23868] dbg: config: read file /etc/mail/spamassassin/weeds.cf [23868] dbg: config: using "/root/.spamassassin" for user state dir [23868] dbg: config: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file [23868] dbg: config: read file /etc/MailScanner/spam.assassin.prefs.conf [23868] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [23868] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xafc3354) [23868] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC [23868] dbg: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0xaf95840) [23868] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [23868] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0xaf718ac) [23868] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC [23868] dbg: dcc: network tests on, registering DCC [23868] dbg: plugin: registered Mail::SpamAssassin::Plugin::DCC=HASH(0xafabb74) [23868] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [23868] dbg: pyzor: network tests on, attempting Pyzor [23868] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0xafaddd0) [23868] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [23868] dbg: reporter: network tests on, attempting SpamCop [23868] dbg: plugin: registered Mail::SpamAssassin::Plugin::SpamCop=HASH(0xb0620ec) [23868] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [23868] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0xb08d9d8) [23868] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [23868] dbg: plugin: registered Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0xb0aaf70) [23868] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [23868] dbg: plugin: registered Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0xb0a1b98) [23868] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [23868] dbg: plugin: registered Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0xb0baa88) [23868] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [23868] dbg: plugin: registered Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xb028cac) [23868] dbg: config: adding redirector regex: /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i [23868] dbg: config: adding redirector regex: /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i [23868] dbg: config: adding redirector regex: /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i [23868] dbg: config: adding redirector regex: /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i [23868] dbg: config: adding redirector regex: /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i [23868] dbg: config: adding redirector regex: m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&\#])'i [23868] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i [23868] dbg: config: adding redirector regex: m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&\#])'i [23868] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?: $|[&\#])'i [23868] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]* ?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&\#])'i [23868] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]* ?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&\#])'i [23868] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(. *?)(?:$|[&\#])'i [23868] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xb028cac) implements 'finish_parsing_end' [23868] dbg: replacetags: replacing tags [23868] dbg: replacetags: done replacing tags [23868] dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_toks [23868] dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_seen [23868] dbg: bayes: found bayes db version 3 [23868] dbg: bayes: DB journal sync: last sync: 1150293548 [23868] dbg: config: score set 3 chosen. [23868] dbg: message: ---- MIME PARSER START ---- [23868] dbg: message: main message type: text/plain [23868] dbg: message: parsing normal part [23868] dbg: message: added part, type: text/plain [23868] dbg: message: ---- MIME PARSER END ---- [23868] dbg: dns: dns_available set to yes in config file, skipping test [23868] dbg: metadata: X-Spam-Relays-Trusted: [23868] dbg: metadata: X-Spam-Relays-Untrusted: [23868] dbg: metadata: X-Spam-Relays-Internal: [23868] dbg: metadata: X-Spam-Relays-External: [23868] dbg: message: no encoding detected [23868] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xafc3354) implements 'parsed_metadata' [23868] dbg: uridnsbl: domains to query: [23868] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl-lastexternal [23868] dbg: dns: checking RBL sa-accredit.habeas.com., set habeas-firsttrusted [23868] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl [23868] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-untrusted [23868] dbg: dns: checking RBL combined.njabl.org., set njabl-lastexternal [23868] dbg: dns: checking RBL combined.njabl.org., set njabl [23868] dbg: dns: checking RBL combined-HIB.dnsiplists.completewhois.com., set whois [23868] dbg: dns: checking RBL list.dsbl.org., set dsbl-lastexternal [23868] dbg: dns: checking RBL bl.spamcop.net., set spamcop [23868] dbg: dns: checking RBL sa-trusted.bondedsender.org., set bsp-firsttrusted [23868] dbg: dns: checking RBL combined-HIB.dnsiplists.completewhois.com., set whois-lastexternal [23868] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-lastexternal [23868] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs [23868] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted [23868] dbg: check: running tests for priority: 0 [23868] dbg: rules: running header regexp tests; score so far=0 [23868] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [23868] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1150378914@lint_rules> [23868] dbg: rules: " [23868] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@lint_rules>" [23868] dbg: rules: ran header rule NO_REAL_NAME ======> got hit: "ignore@compiling.spamassassin.taint.org [23868] dbg: rules: " [23868] dbg: rules: ran header rule __SARE_WHITELIST_FLAG ======> got hit: "i" [23868] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1150378914" [23868] dbg: plugin: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0xaf95840)) [23868] dbg: plugin: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0xaf718ac)) [23868] dbg: spf: no suitable relay for spf use found, skipping SPF-helo check [23868] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org [23868] dbg: plugin: registering glue method for check_subject_in_blacklist (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0xb0a1b98)) [23868] dbg: plugin: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0xaf95840)) [23868] dbg: eval: all '*To' addrs: [23868] dbg: plugin: registering glue method for check_for_spf_neutral (Mail::SpamAssassin::Plugin::SPF=HASH(0xaf718ac)) [23868] dbg: spf: no suitable relay for spf use found, skipping SPF check [23868] dbg: plugin: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0xaf718ac)) [23868] dbg: rules: ran eval rule NO_RELAYS ======> got hit [23868] dbg: plugin: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0xaf718ac)) [23868] dbg: plugin: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0xaf718ac)) [23868] dbg: plugin: registering glue method for check_for_def_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0xaf718ac)) [23868] dbg: spf: cannot get Envelope-From, cannot use SPF [23868] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender [23868] dbg: plugin: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0xaf718ac)) [23868] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit [23868] dbg: plugin: registering glue method for check_subject_in_whitelist (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0xb0a1b98)) [23868] dbg: plugin: registering glue method for check_for_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0xaf718ac)) [23868] dbg: spf: spf_whitelist_from: could not find useable envelope sender [23868] dbg: rules: running body-text per-line regexp tests; score so far=0.96 [23868] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" [23868] dbg: uri: running uri tests; score so far=0.96 [23868] dbg: bayes: DB journal sync: last sync: 1150293548 [23868] dbg: bayes: corpus size: nspam = 82819, nham = 299200 [23868] dbg: bayes: score = 0.237616923264174 [23868] dbg: bayes: DB expiry: tokens in DB: 137758, Expiry max size: 150000, Oldest atime: 1142181039, Newest atime: 1150272629, Last expire: 1142547048, Current time: 1150378917 [23868] dbg: bayes: DB journal sync: last sync: 1150293548 [23868] dbg: bayes: untie-ing [23868] dbg: bayes: untie-ing db_toks [23868] dbg: bayes: untie-ing db_seen [23868] dbg: rules: ran eval rule BAYES_40 ======> got hit [23868] dbg: plugin: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xafc3354)) [23868] dbg: rules: running raw-body-text per-line regexp tests; score so far=0.775 [23868] dbg: rules: running full-text regexp tests; score so far=0.775 [23868] dbg: plugin: registering glue method for check_pyzor (Mail::SpamAssassin::Plugin::Pyzor=HASH(0xafaddd0)) [23868] dbg: pyzor: pyzor is available: /usr/bin/pyzor [23868] dbg: info: entering helper-app run mode [23868] dbg: pyzor: opening pipe: /usr/bin/pyzor check < /tmp/.spamassassin23868HCK1MUtmp [23871] dbg: util: setuid: ruid=0 euid=0 [23868] dbg: pyzor: [23871] finished: exit=0x0100 [23868] dbg: pyzor: got response: 66.250.40.33:24441 (200, 'OK') 0 0 [23868] dbg: info: leaving helper-app run mode [23868] dbg: plugin: registering glue method for check_dcc (Mail::SpamAssassin::Plugin::DCC=HASH(0xafabb74)) [23868] dbg: dcc: dccifd is not available: no r/w dccifd socket found [23868] dbg: dcc: dccproc is available: /usr/local/bin/dccproc [23868] dbg: info: entering helper-app run mode [23868] dbg: dcc: opening pipe: /usr/local/bin/dccproc -H -x 0 < /tmp/.spamassassin23868HCK1MUtmp [23872] dbg: util: setuid: ruid=0 euid=0 [23868] dbg: dcc: got response: X-DCC-EATSERVER-Metrics: WoodenMS2.woodmaclaw.local 1166; Body=53253 Fuz1=83970 Fuz2=798117 [23868] dbg: info: leaving helper-app run mode [23868] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xafc3354) implements 'check_tick' [23868] dbg: check: running tests for priority: 500 [23868] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xafc3354) implements 'check_post_dnsbl' [23868] dbg: rules: running meta tests; score so far=0.775 [23868] dbg: rules: running header regexp tests; score so far=2.721 [23868] dbg: rules: running body-text per-line regexp tests; score so far=2.721 [23868] dbg: uri: running uri tests; score so far=2.721 [23868] dbg: rules: running raw-body-text per-line regexp tests; score so far=2.721 [23868] dbg: rules: running full-text regexp tests; score so far=2.721 [23868] dbg: check: running tests for priority: 1000 [23868] dbg: rules: running meta tests; score so far=2.721 [23868] dbg: rules: running header regexp tests; score so far=2.721 [23868] dbg: plugin: registering glue method for check_from_in_auto_whitelist (Mail::SpamAssassin::Plugin::AWL=HASH(0xb08d9d8)) [23868] dbg: rules: running body-text per-line regexp tests; score so far=2.721 [23868] dbg: uri: running uri tests; score so far=2.721 [23868] dbg: rules: running raw-body-text per-line regexp tests; score so far=2.721 [23868] dbg: rules: running full-text regexp tests; score so far=2.721 [23868] dbg: check: is spam? score=2.721 required=5 [23868] dbg: check: tests=BAYES_40,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_ NONE [23868] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,_ _SANE_MSGID,__SARE_WHITELIST_FLAG,__UNUSABLE_MSGID ]0;root@WoodenMS2:/etc/MailScanner [root@WoodenMS2 MailScanner]# From campbell at cnpapers.com Thu Jun 15 15:16:44 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jun 15 15:17:24 2006 Subject: Strange load situation Message-ID: <000901c69086$54cf5890$0705000a@DDF5DW71> I have a strange problem going on with one of my mailservers. Recently, the load average has been climbing, and I can't seem to discover why. This morning, I decided to see if my purges for the Mailwatch databases were running properly, and started a purge. The load average climbed to above 14, and sendmail stopped accepting mail. Since nothing was being accepted, I decided to stop MailScanner to lighten the load and let the purge finish. I saw something I had not seen before after doing a 'ps' - Mailscanner was finishing batches. I know this is normal, but not usually seen. It stayed down for a few minutes. After the purge finished, I restarted MS, and lo and behold, the load average is staying down around a normal 2. This is a pretty hefty server. A lot of incoming mail is queueing up, and the Mailscanner children are all handling the default 30 messages. It's not really gaining on the queued mail, but this could be current flooding, so I'm not real concerned yet. bdc and clamscan always seemed to be at the top of 'top', with MailScanner children just below, or mixed in between, but now, I don't always even see them in the top 20. Can anyone indicate they have seen similar results? I'm not real concerned yet, at least not until I see that it's not going to catch up. The purge seemed to have been working, but I thought maybe there was a little bit too much in the maillog table - turns out not so. This would almost indicate it's better to slow down my MS scan interval and let more messages per batch be scanned per child, or maybe lower my messages per batch. Steve Campbell campbell@cnpapers.com Charleston Newspapers From jethro.binks at strath.ac.uk Thu Jun 15 15:34:11 2006 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Thu Jun 15 15:34:13 2006 Subject: Strange load situation In-Reply-To: <000901c69086$54cf5890$0705000a@DDF5DW71> References: <000901c69086$54cf5890$0705000a@DDF5DW71> Message-ID: <20060615153220.M69711@defjam.cc.strath.ac.uk> On Thu, 15 Jun 2006, Steve Campbell wrote: > Can anyone indicate they have seen similar results? I'm not real > concerned yet, at least not until I see that it's not going to catch up. > The purge seemed to have been working, but I thought maybe there was a > little bit too much in the maillog table - turns out not so. This would > almost indicate it's better to slow down my MS scan interval and let > more messages per batch be scanned per child, or maybe lower my messages > per batch. When I first installed MailScanner in a large environment, I found I had to juggle the numbers relating to number of messages per batch, number of processed, and max size of batch, to reach a happy medium where it processed messages quickly to not let them build up, but without spawning so many processes that machine got bogged down switching between them. I certainly found that too many MailScanner processes was detrimental. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From bpumphrey at woodmclaw.com Thu Jun 15 15:38:03 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Thu Jun 15 15:38:06 2006 Subject: How to setup rules? Message-ID: <04D932B0071FE34FA63EBB1977B48D1501489465@woodenex.woodmaclaw.local> > It's also worth checking some of your low-scoring spam. Make sure none of > it > matches ALL_TRUSTED. If *any* outside mail matches ALL_TRUSTED, read the > following wiki article on setting up your trusted_networks manually. > > http://wiki.apache.org/spamassassin/TrustPath > -- I have not done this yet. Before I implement this, I need to make sure that I do it write. - In MailScanner's case the trusted_networks settings will go in /etc/MailScanner/spam.assassin.prefs.conf, correct? In my case I believe my settings would be: trusted_networks 10.1 (internal lan) trusted_networks 68.74.55.130 (Mx record) With this in the manual: MXes for your domain(s) and internal relays should also be specified using the internal_networks setting. When there are 'trusted' hosts that are not MXes or internal relays for your domain(s) they should only be specified in trusted_networks. Looks like instead of using trusted_networks for mx records or internal computers, internal_networks should be used. Can you help me with what is needed for my network. I only can incoming mail and my mx record is 68.74.55.130 Thank you From campbell at cnpapers.com Thu Jun 15 15:45:58 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jun 15 15:46:20 2006 Subject: Strange load situation References: <000901c69086$54cf5890$0705000a@DDF5DW71> <20060615153220.M69711@defjam.cc.strath.ac.uk> Message-ID: <004a01c6908a$6a061d30$0705000a@DDF5DW71> Thanks Jethro, ----- Original Message ----- From: "Jethro R Binks" To: "MailScanner discussion" Sent: Thursday, June 15, 2006 10:34 AM Subject: Re: Strange load situation > On Thu, 15 Jun 2006, Steve Campbell wrote: > >> Can anyone indicate they have seen similar results? I'm not real >> concerned yet, at least not until I see that it's not going to catch up. >> The purge seemed to have been working, but I thought maybe there was a >> little bit too much in the maillog table - turns out not so. This would >> almost indicate it's better to slow down my MS scan interval and let >> more messages per batch be scanned per child, or maybe lower my messages >> per batch. > > When I first installed MailScanner in a large environment, I found I had > to juggle the numbers relating to number of messages per batch, number of > processed, and max size of batch, to reach a happy medium where it > processed messages quickly to not let them build up, but without spawning > so many processes that machine got bogged down switching between them. I > certainly found that too many MailScanner processes was detrimental. Here's the thing though, the load escalation has just started occuring recently. Everything used to run smoothly. My next restep was to be a reboot, and still may be if the current situation isn't permanent. It can't hurt. > Jethro R Binks > Computing Officer, IT Services > University Of Strathclyde, Glasgow, UK > -- From ssilva at sgvwater.com Thu Jun 15 15:49:20 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 15 15:49:55 2006 Subject: Spamassassin errors all of a sudden In-Reply-To: <04D932B0071FE34FA63EBB1977B48D1501429DFA@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D1501429DFA@woodenex.woodmaclaw.local> Message-ID: Billy A. Pumphrey spake the following on 6/14/2006 8:43 AM: > My Rules_De_jour pointed it out to me, that I am getting some errors. I > have attached the lint test so that the formatting will look better. > > The only thing that I have done is changed the IP address information a > few times in the last few months or so. DNS is working and it can get > to the internet. I would not have thought that would have had an impact > on the errors. > > There are some weird formatting stuff in it still thought. > > Noted errors are: > ... well too many. There are 141 errors in there. Please take a look > and see if there is something obvious that I cannot see. I got fairly > familiar with the MailScanner/spamassassin system, but with my knowledge > the only thing that I can think of is to upgrade but I want to wait and > see if that is the best thing to do. > Are you running an RPM based system, and do you have the spamassassin rpm loaded? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ka at pacific.net Thu Jun 15 16:04:08 2006 From: ka at pacific.net (Ken A) Date: Thu Jun 15 16:03:56 2006 Subject: New Sendmail security feature In-Reply-To: References: <44904B7A.4060200@rogers.com> <44905611.2000406@pacific.net> Message-ID: <449176E8.5040007@pacific.net> Kai Schaetzl wrote: > Ken A wrote on Wed, 14 Jun 2006 11:31:45 -0700: > >> "by limiting the maximum message size accepted by your server (via the >> sendmail MaxMessageSize option), you can eliminate the attack completely." >> >> Does anyone using sendmail NOT limit max message size you'll accept? > > well, they are "vague" about the size. Even the original advisory at > http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc > just says "very large". What is "very large"? 'ulimit -a | grep stack' will tell you what "very large" is, I think. I'm just waiting for yum repositories to get the new version and it's a minor patch, so it should be no problem upgrading very soon. For now, I just put 'ulimit -s xxxxx' at the top of my /etc/init.d/MailScanner file, so the processes start with a stack size limit that is > MaxMessageSize. Ken A Pacific.Net > Kai > From sandrews at andrewscompanies.com Thu Jun 15 16:16:39 2006 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Thu Jun 15 16:16:45 2006 Subject: Sendmail Vul. HELP Message-ID: <1964AAFBC212F742958F9275BF63DBB03B1653@winchester.andrewscompanies.com> Ok, help a newbie out. My sendmail reports at 8.13.1; I yumed it and it looked like it was downloading 8.13.7; after a reboot; still shows 8.13.1. What am I missing? Thanks. Steve -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ugo Bellavance Sent: Wednesday, June 14, 2006 6:46 PM To: mailscanner@lists.mailscanner.info Subject: Sendmail Vul. See these and upgrade accordingly: https://rhn.redhat.com/errata/RHSA-2006-0515.html http://www.sendmail.org/releases/8.13.7.html -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From sandrews at andrewscompanies.com Thu Jun 15 16:22:57 2006 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Thu Jun 15 16:23:03 2006 Subject: Sendmail Vul. HELP ...nevermind Message-ID: <1964AAFBC212F742958F9275BF63DBB03B1654@winchester.andrewscompanies.com> I found I have sendmail-8.13.1-3.RHEL4.5, which IS the patched version -----Original Message----- From: Steven Andrews Sent: Thursday, June 15, 2006 11:17 AM To: 'MailScanner discussion' Subject: RE: Sendmail Vul. HELP Ok, help a newbie out. My sendmail reports at 8.13.1; I yumed it and it looked like it was downloading 8.13.7; after a reboot; still shows 8.13.1. What am I missing? Thanks. Steve -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ugo Bellavance Sent: Wednesday, June 14, 2006 6:46 PM To: mailscanner@lists.mailscanner.info Subject: Sendmail Vul. See these and upgrade accordingly: https://rhn.redhat.com/errata/RHSA-2006-0515.html http://www.sendmail.org/releases/8.13.7.html -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From alex at nkpanama.com Thu Jun 15 16:32:14 2006 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jun 15 16:32:45 2006 Subject: Sendmail Vul. HELP In-Reply-To: <1964AAFBC212F742958F9275BF63DBB03B1653@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB03B1653@winchester.andrewscompanies.com> Message-ID: <44917D7E.7030502@nkpanama.com> Could be a couple of things: 1. Patches were backported to the version you're using 2. Your config file is making sendmail say it's 8.13.1 Can you tell us what steps you took in order to verify this? sandrews@andrewscompanies.com escribi?: > Ok, help a newbie out. > > My sendmail reports at 8.13.1; I yumed it and it looked like it was > downloading 8.13.7; after a reboot; still shows 8.13.1. What am I > missing? > > Thanks. > > Steve > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ugo > Bellavance > Sent: Wednesday, June 14, 2006 6:46 PM > To: mailscanner@lists.mailscanner.info > Subject: Sendmail Vul. > > See these and upgrade accordingly: > > https://rhn.redhat.com/errata/RHSA-2006-0515.html > > http://www.sendmail.org/releases/8.13.7.html > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From alex at nkpanama.com Thu Jun 15 16:36:18 2006 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jun 15 16:36:50 2006 Subject: New Sendmail security feature In-Reply-To: <449176E8.5040007@pacific.net> References: <44904B7A.4060200@rogers.com> <44905611.2000406@pacific.net> <449176E8.5040007@pacific.net> Message-ID: <44917E72.1040002@nkpanama.com> Ken A escribi?: > > 'ulimit -a | grep stack' will tell you what "very large" is, I think. > > I'm just waiting for yum repositories to get the new version and it's > a minor patch, so it should be no problem upgrading very soon. > > For now, I just put 'ulimit -s xxxxx' at the top of my > /etc/init.d/MailScanner file, so the processes start with a stack size > limit that is > MaxMessageSize. > Regardless of the patch, this seems something good to implement. One of my boxes says: stack size (kbytes, -s) 10240 Does that mean I could be at risk if I received a message larger than 10Mb in size? From ian at topix.com Thu Jun 15 16:50:38 2006 From: ian at topix.com (Ian Haskin) Date: Thu Jun 15 16:50:43 2006 Subject: Problem with New Install In-Reply-To: <39022.194.70.180.170.1150369628.squirrel@webmail.r-bit.net> References: <44908857.3050302@topix.com> <39022.194.70.180.170.1150369628.squirrel@webmail.r-bit.net> Message-ID: <449181CE.7030202@topix.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060615/e2ac2d5e/attachment.html From prandal at herefordshire.gov.uk Thu Jun 15 16:52:23 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Jun 15 16:52:46 2006 Subject: New Sendmail security feature Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580D660704@isabella.herefordshire.gov.uk> http://www.city-fan.org/ftp/contrib/mail/ now has sendmail-8.13.7 rpms up for Redhat 9, FC1-5, RHEL 3 and 4. Enjoy. Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Mike Jakubik > Sent: 14 June 2006 18:47 > To: MailScanner discussion > Subject: New Sendmail security feature > > Gentlemen, start your patches! (better yet switch to postfix :) > > http://security.freebsd.org/advisories/FreeBSD-SA-06:17.sendmail.asc > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From sandrews at andrewscompanies.com Thu Jun 15 17:12:30 2006 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Thu Jun 15 17:12:33 2006 Subject: Sendmail Vul. HELP Message-ID: <1964AAFBC212F742958F9275BF63DBB03B1656@winchester.andrewscompanies.com> Yum info sendmail and I checked the centos-announce list and the 3.RHEL4.5 is patched for this. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Thursday, June 15, 2006 11:32 AM To: MailScanner discussion Subject: Re: Sendmail Vul. HELP Could be a couple of things: 1. Patches were backported to the version you're using 2. Your config file is making sendmail say it's 8.13.1 Can you tell us what steps you took in order to verify this? sandrews@andrewscompanies.com escribi?: > Ok, help a newbie out. > > My sendmail reports at 8.13.1; I yumed it and it looked like it was > downloading 8.13.7; after a reboot; still shows 8.13.1. What am I > missing? > > Thanks. > > Steve > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ugo > Bellavance > Sent: Wednesday, June 14, 2006 6:46 PM > To: mailscanner@lists.mailscanner.info > Subject: Sendmail Vul. > > See these and upgrade accordingly: > > https://rhn.redhat.com/errata/RHSA-2006-0515.html > > http://www.sendmail.org/releases/8.13.7.html > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ka at pacific.net Thu Jun 15 17:13:10 2006 From: ka at pacific.net (Ken A) Date: Thu Jun 15 17:12:58 2006 Subject: How to split messages per recipient with postfix. In-Reply-To: <223f97700606150620l1ba4566bn5e1a1d1a3d1df061@mail.gmail.com> References: <223f97700606150428md0208d7ma6928e38845552dc@mail.gmail.com> <39586.194.70.180.170.1150375051.squirrel@webmail.r-bit.net> <223f97700606150620l1ba4566bn5e1a1d1a3d1df061@mail.gmail.com> Message-ID: <44918716.7020605@pacific.net> Glenn Steen wrote: > On 15/06/06, Drew Marshall wrote: >> On Thu, June 15, 2006 12:28, Glenn Steen wrote: >> > Behold ye unbelievers: >> > >> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:split_mails_per_recipient >> >> >> Never a disbeliever, just like you no time to do it :-) > :-) > >> > Please do read through this, try it out, comment and flame away:-) >> > >> > I finally had a few moments of time, and was anyway in the process of >> > setting up a new testbed ... A lot of you have simply not believed me >> > when I've said that this can easily be done with Postfix (well, >> > "easily" might be saying to much:-), so I thought I'd spend the extra >> > minutes on setting it up and testing it... and documenting it, as >> > well. >> > >> > So Pete (Russell), no need to look further than the above link:-) >> > >> > BTW, Jules... This means I finally have a testbed worth its salt... >> > Add me to your beta-testers. >> >> Nice work Glenn. Good to see (IMHO) the Postfix docs still surpassing >> those of anyother MTA in the wiki ;-) >> > Thanks guys! > I was a bit wondering about the blurb in theMAQ... AFAICR, exim is > said to be able to do this, but the MAQ only detail Sendmail... and > (now) Postfix... I guess Martin (or someone) has a bit of typing to > do:-):-) > Awesome! A bit of an MTA war is a good thing for documentation it seems! Ken A Pacific.Net From gmatt at nerc.ac.uk Thu Jun 15 17:17:28 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Jun 15 17:17:37 2006 Subject: Strange load situation In-Reply-To: <004a01c6908a$6a061d30$0705000a@DDF5DW71> References: <000901c69086$54cf5890$0705000a@DDF5DW71> <20060615153220.M69711@defjam.cc.strath.ac.uk> <004a01c6908a$6a061d30$0705000a@DDF5DW71> Message-ID: <44918818.8080801@nerc.ac.uk> Steve Campbell wrote: > > Here's the thing though, the load escalation has just started occuring > recently. Everything used to run smoothly. My next restep was to be a > reboot, and still may be if the current situation isn't permanent. It > can't hurt. check the mail you are getting carefully, you may be being targetted especially if you dont reject unknown mailboxes. Have you talked to anyone offerring to sell you hosted email services recently? am I paranoid...? ;) G > > >> Jethro R Binks >> Computing Officer, IT Services >> University Of Strathclyde, Glasgow, UK >> -- > > > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From ugob at camo-route.com Thu Jun 15 17:20:14 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Thu Jun 15 17:20:40 2006 Subject: Spamcop Auto-reporting Plugin Message-ID: Hi Guys, I'm trying to activate the Spamcop auto-reporting feature in SA, but I didn't find any relevant documentation about it. Here is what I found: http://search.cpan.org/~felicity/Mail-SpamAssassin-3.1.3/lib/Mail/SpamAssassin/Plugin/SpamCop.pm I do have a spamop address for reporting, but where do we set the SA score at which I want to report? Anyone using this feature? Regards, Ugo From ian at topix.com Thu Jun 15 17:36:06 2006 From: ian at topix.com (Ian Haskin) Date: Thu Jun 15 17:36:13 2006 Subject: Problem with New Install In-Reply-To: <449181CE.7030202@topix.com> References: <44908857.3050302@topix.com> <39022.194.70.180.170.1150369628.squirrel@webmail.r-bit.net> <449181CE.7030202@topix.com> Message-ID: <44918C76.8060309@topix.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060615/f31a50ff/attachment.html From martinh at solid-state-logic.com Thu Jun 15 17:48:28 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jun 15 17:48:38 2006 Subject: Problem with New Install In-Reply-To: <44918C76.8060309@topix.com> Message-ID: <009801c6909b$87482260$3004010a@martinhlaptop> Ian I'd checkout the 'official' install guide for PF/MS in the wiki if I where you.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ian Haskin > Sent: 15 June 2006 17:36 > To: MailScanner discussion > Subject: Re: Problem with New Install > > Crap, I was too quick on that reply. The delivery was working because > MailScanner wasn't actually scanning the message.. now that it is, it's > back to it's old tricks. > > I've now tried both batch and queue delivery methods in MailScanner.conf > and that hasn't made a difference. > > I open a telnet session to the server and compose and queue a message for > user test. > > /var/log/maillog: > > Jun 15 11:19:56 mail postfix/smtpd[2814]: AEF8D1C48043: > client=CPE00119538ec34- > CM0012c90ff4f4.cpe.net.cable.rogers.com[72.60.20.161] > Jun 15 11:20:08 mail postfix/cleanup[2818]: AEF8D1C48043: message- > id=<20060615161954.AEF8D1C48043@mail.traffikedit.com> > > Jun 15 11:20:09 mail postfix/qmgr[2725]: AEF8D1C48043: > from= , size=416, nrcpt=1 (queue > active) > Jun 15 11:20:09 mail postfix/qmgr[2725]: AEF8D1C48043: > to= , orig_to=, > relay=none, delay=15, status=deferred (delivery temporarily suspended: > deferred transport) > Jun 15 11:20:09 mail MailScanner[2813]: New Batch: Scanning 1 messages, > 803 bytes > Jun 15 11:20:11 mail postfix/smtpd[2814]: disconnect from CPE00119538ec34- > CM0012c90ff4f4.cpe.net.cable.rogers.com[72.60.20.161] > Jun 15 11:20:20 mail MailScanner[2813]: Virus and Content Scanning: > Starting > Jun 15 11:20:20 mail MailScanner[2826]: Unrar command /usr/bin/unrar does > not exist or is not executable, please either install it or remove the > setting from MailScanner.conf > Jun 15 11:20:20 mail MailScanner[2813]: Requeue: AEF8D1C48043.C39BF to > 6CD701C48049 > Jun 15 11:20:20 mail MailScanner[2813]: Uninfected: Delivered 1 messages > > ls -la /var/spool/postfix/incoming/6 shows: > > -rwx------ 1 postfix postfix 1188 Jun 15 11:20 6CD701C48049 > > /etc/init.d/MailScanner restart, /var/log/maillog then reads: > > Jun 15 11:28:13 mail postfix/postfix-script: starting the Postfix mail > system > Jun 15 11:28:13 mail postfix/master[2970]: daemon started -- version > 2.2.2, configuration /etc/postfix.in > Jun 15 11:28:13 mail postfix/postfix-script: starting the Postfix mail > system > Jun 15 11:28:14 mail postfix/master[3018]: daemon started -- version > 2.2.2, configuration /etc/postfix > Jun 15 11:28:14 mail postfix/qmgr[3022]: 6CD701C48049: > from= , size=801, nrcpt=1 (queue > active) > Jun 15 11:28:14 mail postfix/local[3027]: 6CD701C48049: > to= , orig_to=, > relay=local, delay=500, status=sent (delivered to mailbox) > Jun 15 11:28:14 mail postfix/qmgr[3022]: 6CD701C48049: removed > Jun 15 11:28:15 mail MailScanner[3041]: MailScanner E-Mail Virus Scanner > version 4.55.3 starting... > Jun 15 11:28:15 mail MailScanner[3041]: Read 746 hostnames from the > phishing whitelist > Jun 15 11:28:15 mail MailScanner[3041]: Using SpamAssassin results cache > Jun 15 11:28:15 mail MailScanner[3041]: Connected to SpamAssassin cache > database > Jun 15 11:28:15 mail MailScanner[3041]: Enabling SpamAssassin auto- > whitelist functionality... > Jun 15 11:28:17 mail MailScanner[3041]: Using locktype = flock > Jun 15 11:28:26 mail MailScanner[3044]: MailScanner E-Mail Virus Scanner > version 4.55.3 starting... > Jun 15 11:28:26 mail MailScanner[3044]: Read 746 hostnames from the > phishing whitelist > Jun 15 11:28:26 mail MailScanner[3044]: Using SpamAssassin results cache > Jun 15 11:28:26 mail MailScanner[3044]: Connected to SpamAssassin cache > database > Jun 15 11:28:26 mail MailScanner[3044]: Enabling SpamAssassin auto- > whitelist functionality... > Jun 15 11:28:28 mail MailScanner[3044]: Using locktype = flock > Jun 15 11:28:37 mail MailScanner[3046]: MailScanner E-Mail Virus Scanner > version 4.55.3 starting... > Jun 15 11:28:37 mail MailScanner[3046]: Read 746 hostnames from the > phishing whitelist > Jun 15 11:28:37 mail MailScanner[3046]: Using SpamAssassin results cache > Jun 15 11:28:37 mail MailScanner[3046]: Connected to SpamAssassin cache > database > Jun 15 11:28:37 mail MailScanner[3046]: Enabling SpamAssassin auto- > whitelist functionality... > Jun 15 11:28:39 mail MailScanner[3046]: Using locktype = flock > Jun 15 11:28:48 mail MailScanner[3049]: MailScanner E-Mail Virus Scanner > version 4.55.3 starting... > Jun 15 11:28:48 mail MailScanner[3049]: Read 746 hostnames from the > phishing whitelist > Jun 15 11:28:48 mail MailScanner[3049]: Using SpamAssassin results cache > Jun 15 11:28:48 mail MailScanner[3049]: Connected to SpamAssassin cache > database > Jun 15 11:28:48 mail MailScanner[3049]: Enabling SpamAssassin auto- > whitelist functionality... > Jun 15 11:28:50 mail MailScanner[3049]: Using locktype = flock > Jun 15 11:28:59 mail MailScanner[3051]: MailScanner E-Mail Virus Scanner > version 4.55.3 starting... > Jun 15 11:28:59 mail MailScanner[3051]: Read 746 hostnames from the > phishing whitelist > Jun 15 11:28:59 mail MailScanner[3051]: Using SpamAssassin results cache > Jun 15 11:28:59 mail MailScanner[3051]: Connected to SpamAssassin cache > database > Jun 15 11:28:59 mail MailScanner[3051]: Enabling SpamAssassin auto- > whitelist functionality... > Jun 15 11:29:01 mail MailScanner[3051]: Using locktype = flock > > Why does the message only get delivered when I restart MailScanner? If I > don't /etc/init.d/MailScanner restart, the message just sits in > /var/spool/postfix/incoming > > > Ian > > > > Ian Haskin wrote: > > Genius! > > It was set to batch, and after setting it to queue the message was > delivered right away. So, if I had sent _enough_ test messages the batch > would have delivered them, but because I was only sending a couple at a > time the delivery wasn't progressing. > > Thanks very much! > > Ian Haskin > > Drew Marshall wrote: > > On Wed, June 14, 2006 23:06, Ian Haskin wrote: > > > I just finished setting up and testing a new install of > Mailscanner/Postfix/ClamAV/Spamassassin on a Fedora 4 > machine. > > The server setup was taken from: > > http://www.linuxhelp.ca/forums/index.php?act=ST&f=3&t=3647 > > I'm running into a problem where mail can be sent to a > local recipient, > it's scanned, but it sits in /var/spool/postfix/incoming > until I > '/etc/init.d/MailScanner restart' at which time the > message is actually > delivered to /var/spool/mail/'local_recipient' > > I'm at a loss why, I believe, postfix must be restarted > in order to > deliver the mail. > > > > Any chance of a log excerpt? What do you have in > MailScanner.conf > regarding the delivery options, batch or queue? (You will find > this > towards the bottom of the file). > > Drew > > > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From mkettler at evi-inc.com Thu Jun 15 18:07:58 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Jun 15 18:08:09 2006 Subject: Spamcop Auto-reporting Plugin In-Reply-To: References: Message-ID: <449193EE.7070202@evi-inc.com> Ugo Bellavance wrote: > Hi Guys, > > I'm trying to activate the Spamcop auto-reporting feature in SA, but I > didn't find any relevant documentation about it. Here is what I found: > > http://search.cpan.org/~felicity/Mail-SpamAssassin-3.1.3/lib/Mail/SpamAssassin/Plugin/SpamCop.pm > > I do have a spamop address for reporting, but where do we set the SA > score at which I want to report? > > Anyone using this feature? > It is not an auto-reporting feature. It's a reporting feature. This plugin is triggered when you use spamassassin --report. From campbell at cnpapers.com Thu Jun 15 18:16:38 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jun 15 18:17:00 2006 Subject: Strange load situation References: <000901c69086$54cf5890$0705000a@DDF5DW71> <20060615153220.M69711@defjam.cc.strath.ac.uk><004a01c6908a$6a061d30$0705000a@DDF5DW71> <44918818.8080801@nerc.ac.uk> Message-ID: <008a01c6909f$76652de0$0705000a@DDF5DW71> Greg, ----- Original Message ----- From: "Greg Matthews" To: "MailScanner discussion" Sent: Thursday, June 15, 2006 12:17 PM Subject: Re: Strange load situation > Steve Campbell wrote: >> >> Here's the thing though, the load escalation has just started occuring >> recently. Everything used to run smoothly. My next restep was to be a >> reboot, and still may be if the current situation isn't permanent. It >> can't hurt. > > check the mail you are getting carefully, you may be being targetted > especially if you dont reject unknown mailboxes. > > Have you talked to anyone offerring to sell you hosted email services > recently? am I paranoid...? ;) The load average is now back to between 4+ and 7, so I'm not sure if things are good or not yet. I'm not sure how to reject email for unknown users up front at the MTA, although sendmail reports "Unknown user" messages all day. I do not run anything like milter-ahead or milter-sender, and am not sure how to do this without one of those. This machine is also a secondary MX for a couple of other mailhubs, so it gets slammed, and without one of those milters, there's not much I can do. I am getting hit pretty hard by a .netzero.com thing. They are all being listed as spam, but it would be nice to block them up front in the access table. I just don't know if anyone receives mail from a real netzero user, and this wouldn't save a copy. They are all from varying IPs, so its hard to figure out how to do this without damage. Thanks though, Steve > > G > >> >> >>> Jethro R Binks >>> Computing Officer, IT Services >>> University Of Strathclyde, Glasgow, UK >>> -- >> >> >> > > > -- > Greg Matthews 01491 692445 > Head of UNIX/Linux, iTSS Wallingford > > -- > This message (and any attachments) is for the recipient only. NERC > is subject to the Freedom of Information Act 2000 and the contents > of this email and any reply you make may be disclosed by NERC unless > it is exempt from release under the Act. Any material supplied to > NERC may be stored in an electronic records management system. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From ugob at camo-route.com Thu Jun 15 18:48:36 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Thu Jun 15 18:49:50 2006 Subject: Spamcop Auto-reporting Plugin In-Reply-To: <449193EE.7070202@evi-inc.com> References: <449193EE.7070202@evi-inc.com> Message-ID: Matt Kettler wrote: > Ugo Bellavance wrote: >> Hi Guys, >> >> I'm trying to activate the Spamcop auto-reporting feature in SA, but I >> didn't find any relevant documentation about it. Here is what I found: >> >> http://search.cpan.org/~felicity/Mail-SpamAssassin-3.1.3/lib/Mail/SpamAssassin/Plugin/SpamCop.pm >> >> I do have a spamop address for reporting, but where do we set the SA >> score at which I want to report? >> >> Anyone using this feature? >> > > It is not an auto-reporting feature. It's a reporting feature. > > This plugin is triggered when you use spamassassin --report. > Ok, then has anyone intergrated (automated) the use of spamassassin --report with MailScanner? From Denis.Beauchemin at USherbrooke.ca Thu Jun 15 19:06:41 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jun 15 19:07:38 2006 Subject: Problem with New Install In-Reply-To: <44918C76.8060309@topix.com> References: <44908857.3050302@topix.com> <39022.194.70.180.170.1150369628.squirrel@webmail.r-bit.net> <449181CE.7030202@topix.com> <44918C76.8060309@topix.com> Message-ID: <4491A1B1.6040304@USherbrooke.ca> Ian Haskin a ?crit : > Jun 15 11:20:20 mail MailScanner[2826]: Unrar command /usr/bin/unrar > does not exist or is not executable, please either install it or > remove the setting from MailScanner.conf Ian, This may not be related to your problem but should be fixed nonetheless. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060615/8c5ccf54/smime.bin From mkettler at evi-inc.com Thu Jun 15 19:18:39 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Jun 15 19:18:48 2006 Subject: Spamcop Auto-reporting Plugin In-Reply-To: References: <449193EE.7070202@evi-inc.com> Message-ID: <4491A47F.7070702@evi-inc.com> Ugo Bellavance wrote: > Matt Kettler wrote: >> Ugo Bellavance wrote: >>> Hi Guys, >>> >>> I'm trying to activate the Spamcop auto-reporting feature in SA, but I >>> didn't find any relevant documentation about it. Here is what I found: >>> >>> http://search.cpan.org/~felicity/Mail-SpamAssassin-3.1.3/lib/Mail/SpamAssassin/Plugin/SpamCop.pm >>> >>> I do have a spamop address for reporting, but where do we set the SA >>> score at which I want to report? >>> >>> Anyone using this feature? >>> >> It is not an auto-reporting feature. It's a reporting feature. >> >> This plugin is triggered when you use spamassassin --report. >> > > Ok, then has anyone intergrated (automated) the use of spamassassin > --report with MailScanner? No, and such things are generally discouraged because it's a bad idea. SA had the feature to do auto-reporting to razor a long time ago, and it was removed at the request of cloudmark. Cloudmark has an *explicit* ban on users auto-reporting to razor based on the results of automated analysis tools like SA. The problem being that SA scores alone are not that reliable of an indicator of spam. If you autoreport to a system, be it spamcop, razor, etc, based on SA score, that system effectively becomes the equivalent of spamassassin. It will have all the same FPs, and all the same correct spam hits. From matt at coders.co.uk Thu Jun 15 19:57:35 2006 From: matt at coders.co.uk (Matt Hampton) Date: Thu Jun 15 19:57:40 2006 Subject: How to split messages per recipient with postfix. In-Reply-To: <44918716.7020605@pacific.net> References: <223f97700606150428md0208d7ma6928e38845552dc@mail.gmail.com> <39586.194.70.180.170.1150375051.squirrel@webmail.r-bit.net> <223f97700606150620l1ba4566bn5e1a1d1a3d1df061@mail.gmail.com> <44918716.7020605@pacific.net> Message-ID: <4491AD9F.2080706@coders.co.uk> Ken A wrote: > >> Thanks guys! >> I was a bit wondering about the blurb in theMAQ... AFAICR, exim is >> said to be able to do this, but the MAQ only detail Sendmail... and >> (now) Postfix... I guess Martin (or someone) has a bit of typing to >> do:-):-) >> I have been politically correct and have moved the sendmail details under the MTA tree. I have also changed to wording so that it is "documented" rather than "supported" > > Awesome! > A bit of an MTA war is a good thing for documentation it seems! Why do you think I stuck the sendmail stuff on the front page ;-) matt From glenn.steen at gmail.com Thu Jun 15 20:02:59 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jun 15 20:03:02 2006 Subject: How to split messages per recipient with postfix. In-Reply-To: <44918716.7020605@pacific.net> References: <223f97700606150428md0208d7ma6928e38845552dc@mail.gmail.com> <39586.194.70.180.170.1150375051.squirrel@webmail.r-bit.net> <223f97700606150620l1ba4566bn5e1a1d1a3d1df061@mail.gmail.com> <44918716.7020605@pacific.net> Message-ID: <223f97700606151202r27d41818t23d0d71386b9c199@mail.gmail.com> On 15/06/06, Ken A wrote: > > Glenn Steen wrote: > > On 15/06/06, Drew Marshall wrote: (snip) > >> Nice work Glenn. Good to see (IMHO) the Postfix docs still surpassing > >> those of anyother MTA in the wiki ;-) > >> > > Thanks guys! > > I was a bit wondering about the blurb in theMAQ... AFAICR, exim is > > said to be able to do this, but the MAQ only detail Sendmail... and > > (now) Postfix... I guess Martin (or someone) has a bit of typing to > > do:-):-) > > > > Awesome! > A bit of an MTA war is a good thing for documentation it seems! Just a very little bit:-)... More of a "friendly nudge";) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From drew at themarshalls.co.uk Thu Jun 15 20:06:36 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Thu Jun 15 20:07:20 2006 Subject: Problem with New Install In-Reply-To: <44918C76.8060309@topix.com> References: <44908857.3050302@topix.com> <39022.194.70.180.170.1150369628.squirrel@webmail.r-bit.net> <449181CE.7030202@topix.com> <44918C76.8060309@topix.com> Message-ID: <22A13FDB-C115-4DBC-BB39-3F14F25359CE@themarshalls.co.uk> On 15 Jun 2006, at 17:36, Ian Haskin wrote: > Crap, I was too quick on that reply. The delivery was working > because MailScanner wasn't actually scanning the message.. now that > it is, it's back to it's old tricks. > > I've now tried both batch and queue delivery methods in > MailScanner.conf and that hasn't made a difference. > > I open a telnet session to the server and compose and queue a > message for user test. > > /var/log/maillog: > > Jun 15 11:19:56 mail postfix/smtpd[2814]: AEF8D1C48043: > client=CPE00119538ec34-CM0012c90ff4f4.cpe.net.cable.rogers.com > [72.60.20.161] > Jun 15 11:20:08 mail postfix/cleanup[2818]: AEF8D1C48043: message- > id=<20060615161954.AEF8D1C48043@mail.traffikedit.com> > Jun 15 11:20:09 mail postfix/qmgr[2725]: AEF8D1C48043: > from=, size=416, nrcpt=1 (queue active) > Jun 15 11:20:09 mail postfix/qmgr[2725]: AEF8D1C48043: > to=, orig_to=, relay=none, delay=15, > status=deferred (delivery temporarily suspended: deferred transport) This smacks of the dual instance set up, which is not reliable and depreciated. > /etc/init.d/MailScanner restart, /var/log/maillog then reads: > > Jun 15 11:28:13 mail postfix/postfix-script: starting the Postfix > mail system > Jun 15 11:28:13 mail postfix/master[2970]: daemon started -- > version 2.2.2, configuration /etc/postfix.in > Jun 15 11:28:13 mail postfix/postfix-script: starting the Postfix > mail system > Jun 15 11:28:14 mail postfix/master[3018]: daemon started -- > version 2.2.2, configuration /etc/postfix And this confirms it. Have a read of the documentation, particularly in the wiki (As Martin suggested) . It's not too bad really, just a quick tweak or two for Postfix, then MailScanner will work just fine. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060615/d555c5bb/attachment.html From ian at topix.com Thu Jun 15 20:14:29 2006 From: ian at topix.com (Ian Haskin) Date: Thu Jun 15 20:15:11 2006 Subject: Problem with New Install In-Reply-To: <009801c6909b$87482260$3004010a@martinhlaptop> References: <009801c6909b$87482260$3004010a@martinhlaptop> Message-ID: <4491B195.1030009@topix.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060615/cca54a8f/attachment.html From drew at themarshalls.co.uk Thu Jun 15 21:53:31 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Thu Jun 15 21:53:42 2006 Subject: How to split messages per recipient with postfix. In-Reply-To: <223f97700606151202r27d41818t23d0d71386b9c199@mail.gmail.com> References: <223f97700606150428md0208d7ma6928e38845552dc@mail.gmail.com> <39586.194.70.180.170.1150375051.squirrel@webmail.r-bit.net> <223f97700606150620l1ba4566bn5e1a1d1a3d1df061@mail.gmail.com> <44918716.7020605@pacific.net> <223f97700606151202r27d41818t23d0d71386b9c199@mail.gmail.com> Message-ID: On 15 Jun 2006, at 20:02, Glenn Steen wrote: >> A bit of an MTA war is a good thing for documentation it seems! > > Just a very little bit:-)... More of a "friendly nudge";) But all done with a grin on this list :-) -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From glenn.steen at gmail.com Thu Jun 15 22:07:33 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jun 15 22:07:36 2006 Subject: How to split messages per recipient with postfix. In-Reply-To: <4491AD9F.2080706@coders.co.uk> References: <223f97700606150428md0208d7ma6928e38845552dc@mail.gmail.com> <39586.194.70.180.170.1150375051.squirrel@webmail.r-bit.net> <223f97700606150620l1ba4566bn5e1a1d1a3d1df061@mail.gmail.com> <44918716.7020605@pacific.net> <4491AD9F.2080706@coders.co.uk> Message-ID: <223f97700606151407i6ba9edpabc455481cd08568@mail.gmail.com> On 15/06/06, Matt Hampton wrote: > Ken A wrote: > > > >> Thanks guys! > >> I was a bit wondering about the blurb in theMAQ... AFAICR, exim is > >> said to be able to do this, but the MAQ only detail Sendmail... and > >> (now) Postfix... I guess Martin (or someone) has a bit of typing to > >> do:-):-) > >> > > I have been politically correct and have moved the sendmail details > under the MTA tree. I have also changed to wording so that it is > "documented" rather than "supported" Nice. .... Hopefully some exim admins will bite too...:-) > > > > Awesome! > > A bit of an MTA war is a good thing for documentation it seems! > > Why do you think I stuck the sendmail stuff on the front page ;-) For "inspiration"?:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From arturs at netvision.net.il Thu Jun 15 23:08:07 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Thu Jun 15 22:09:56 2006 Subject: Sa-update Message-ID: <014f01c690c8$2ee730c0$3701a8c0@lapxp> Hi, Could someone please explain to me this: --- # The rules created by the "sa-update" tool are searched for here. # This directory contains the spamassassin/3.001001/updates_spamassassin_org # directory structure beneath it. # Only un-comment this setting once you have proved that the sa-update # cron job has run successfully and has created a directory structure under # the spamassassin directory within this one and has put some *.cf files in # there. Otherwise it will ignore all your current rules! # The default location may be /var/opt on Solaris systems. SpamAssassin Local State Dir = # /var/lib --- When I run sa-update, it produces no errors. Where should sa-update create a directory structure? Is it /etc/mail/spamassassin ? Best, -- Arthur Sherman +972-52-4878851 CPTeam From MailScanner at ecs.soton.ac.uk Thu Jun 15 22:09:40 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 15 22:10:00 2006 Subject: "Contact Us" web page Message-ID: <4491CC94.7040400@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What would you like to see on a "Contact Us" web page on www.mailscanner.info? Currently it is just a mailto: link. Would you like me to replace it with a web page? If so, what would you like to see on it? About all the information I can give is an email address, hence the current link. Thoughts? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRJHMlRH2WUcUFbZUEQJ4YACg4j3Kn7W61QemcK7PhpzCy8sjJ2kAn34F DPY0NVSj2CleXWT1CexQyG0M =24Px -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From ssilva at sgvwater.com Thu Jun 15 22:18:09 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 15 22:18:39 2006 Subject: Sa-update In-Reply-To: <014f01c690c8$2ee730c0$3701a8c0@lapxp> References: <014f01c690c8$2ee730c0$3701a8c0@lapxp> Message-ID: Arthur Sherman spake the following on 6/15/2006 3:08 PM: > Hi, > > Could someone please explain to me this: > --- > # The rules created by the "sa-update" tool are searched for here. > # This directory contains the spamassassin/3.001001/updates_spamassassin_org > # directory structure beneath it. > # Only un-comment this setting once you have proved that the sa-update > # cron job has run successfully and has created a directory structure under > # the spamassassin directory within this one and has put some *.cf files in > # there. Otherwise it will ignore all your current rules! > # The default location may be /var/opt on Solaris systems. > SpamAssassin Local State Dir = # /var/lib > --- > > When I run sa-update, it produces no errors. > > Where should sa-update create a directory structure? > > Is it /etc/mail/spamassassin ? On an RedHat based install it should be under /var/lib/spamassassin There should be a directory with the equivalent of your spamassassin version (3.00010003 for 3.1.3) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From arturs at netvision.net.il Thu Jun 15 23:35:05 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Thu Jun 15 22:36:52 2006 Subject: Sa-update In-Reply-To: Message-ID: <015001c690cb$f2c8e210$3701a8c0@lapxp> > On an RedHat based install it should be under /var/lib/spamassassin > There should be a directory with the equivalent of your > spamassassin version > (3.00010003 for 3.1.3) And if I don't have it? --- [root@ns1 src]# cd /var/lib/ [root@ns1 lib]# ls -lah total 124K drwxr-xr-x 13 root root 4.0K Jun 10 01:52 . drwxr-xr-x 26 root root 4.0K Jun 15 23:39 .. drwxr-xr-x 2 root root 4.0K May 25 23:10 alternatives drwx------ 2 apache apache 4.0K Jan 5 20:34 dav drwxr-xr-x 2 root root 4.0K Mar 9 02:54 dhcp drwxr-xr-x 2 root root 4.0K Feb 22 2005 games -rw-r--r-- 1 root root 2.6K Jun 15 04:03 logrotate.status drwxr-xr-x 2 root root 4.0K May 29 04:02 misc lrwxrwxrwx 1 root root 12 May 25 23:11 mysql -> /home/mysql/ drwxr-xr-x 2 ntp ntp 4.0K May 25 23:10 ntp drwxr-xr-x 3 root root 4.0K Apr 25 17:45 php -rw------- 1 root root 512 Jun 8 12:57 random-seed drwxr-xr-x 2 rpm rpm 4.0K Jun 8 17:02 rpm drwxr-x--- 2 root slocate 4.0K Jun 15 23:31 slocate drwxr-xr-x 3 root root 4.0K Jun 10 01:52 squirrelmail -rw-r--r-- 1 root root 95 Mar 9 05:35 supportinfo drwxr-xr-x 2 webalizer root 4.0K May 29 04:02 webalizer --- How could I create it? Spamassassin was installed by yum on CentOS-4.3 Best, -- Arthur Sherman +972-52-4878851 CPTeam From MailScanner at ecs.soton.ac.uk Thu Jun 15 22:42:34 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 15 22:42:48 2006 Subject: Problem with New Install In-Reply-To: <4491B195.1030009@topix.com> References: <009801c6909b$87482260$3004010a@martinhlaptop> <4491B195.1030009@topix.com> Message-ID: <4491D44A.9010601@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 And as for the queue/batch setting. In normal operation you definitely want batch. If you choose queue then the receiving MTA instance is not told of the arrival of the message, and has to sit until its next regular queue run before it can notice the appearance of the new message. Ian Haskin wrote: > Thanks for the advice, I've re-done the config based on the one in the > wiki and it's working now. > > Ian > > Martin Hepworth wrote: >> Ian >> >> I'd checkout the 'official' install guide for PF/MS in the wiki if I where >> you.... >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info ] On Behalf Of Ian Haskin >>> Sent: 15 June 2006 17:36 >>> To: MailScanner discussion >>> Subject: Re: Problem with New Install >>> >>> Crap, I was too quick on that reply. The delivery was working because >>> MailScanner wasn't actually scanning the message.. now that it is, it's >>> back to it's old tricks. >>> >>> I've now tried both batch and queue delivery methods in MailScanner.conf >>> and that hasn't made a difference. >>> >>> I open a telnet session to the server and compose and queue a message for >>> user test. >>> >>> /var/log/maillog: >>> >>> Jun 15 11:19:56 mail postfix/smtpd[2814]: AEF8D1C48043: >>> client=CPE00119538ec34- >>> CM0012c90ff4f4.cpe.net.cable.rogers.com[72.60.20.161] >>> Jun 15 11:20:08 mail postfix/cleanup[2818]: AEF8D1C48043: message- >>> id=<20060615161954.AEF8D1C48043@mail.traffikedit.com> >>> >>> Jun 15 11:20:09 mail postfix/qmgr[2725]: AEF8D1C48043: >>> from= , size=416, nrcpt=1 (queue >>> active) >>> Jun 15 11:20:09 mail postfix/qmgr[2725]: AEF8D1C48043: >>> to= , orig_to=, >>> relay=none, delay=15, status=deferred (delivery temporarily suspended: >>> deferred transport) >>> Jun 15 11:20:09 mail MailScanner[2813]: New Batch: Scanning 1 messages, >>> 803 bytes >>> Jun 15 11:20:11 mail postfix/smtpd[2814]: disconnect from CPE00119538ec34- >>> CM0012c90ff4f4.cpe.net.cable.rogers.com[72.60.20.161] >>> Jun 15 11:20:20 mail MailScanner[2813]: Virus and Content Scanning: >>> Starting >>> Jun 15 11:20:20 mail MailScanner[2826]: Unrar command /usr/bin/unrar does >>> not exist or is not executable, please either install it or remove the >>> setting from MailScanner.conf >>> Jun 15 11:20:20 mail MailScanner[2813]: Requeue: AEF8D1C48043.C39BF to >>> 6CD701C48049 >>> Jun 15 11:20:20 mail MailScanner[2813]: Uninfected: Delivered 1 messages >>> >>> ls -la /var/spool/postfix/incoming/6 shows: >>> >>> -rwx------ 1 postfix postfix 1188 Jun 15 11:20 6CD701C48049 >>> >>> /etc/init.d/MailScanner restart, /var/log/maillog then reads: >>> >>> Jun 15 11:28:13 mail postfix/postfix-script: starting the Postfix mail >>> system >>> Jun 15 11:28:13 mail postfix/master[2970]: daemon started -- version >>> 2.2.2, configuration /etc/postfix.in >>> Jun 15 11:28:13 mail postfix/postfix-script: starting the Postfix mail >>> system >>> Jun 15 11:28:14 mail postfix/master[3018]: daemon started -- version >>> 2.2.2, configuration /etc/postfix >>> Jun 15 11:28:14 mail postfix/qmgr[3022]: 6CD701C48049: >>> from= , size=801, nrcpt=1 (queue >>> active) >>> Jun 15 11:28:14 mail postfix/local[3027]: 6CD701C48049: >>> to= , orig_to=, >>> relay=local, delay=500, status=sent (delivered to mailbox) >>> Jun 15 11:28:14 mail postfix/qmgr[3022]: 6CD701C48049: removed >>> Jun 15 11:28:15 mail MailScanner[3041]: MailScanner E-Mail Virus Scanner >>> version 4.55.3 starting... >>> Jun 15 11:28:15 mail MailScanner[3041]: Read 746 hostnames from the >>> phishing whitelist >>> Jun 15 11:28:15 mail MailScanner[3041]: Using SpamAssassin results cache >>> Jun 15 11:28:15 mail MailScanner[3041]: Connected to SpamAssassin cache >>> database >>> Jun 15 11:28:15 mail MailScanner[3041]: Enabling SpamAssassin auto- >>> whitelist functionality... >>> Jun 15 11:28:17 mail MailScanner[3041]: Using locktype = flock >>> Jun 15 11:28:26 mail MailScanner[3044]: MailScanner E-Mail Virus Scanner >>> version 4.55.3 starting... >>> Jun 15 11:28:26 mail MailScanner[3044]: Read 746 hostnames from the >>> phishing whitelist >>> Jun 15 11:28:26 mail MailScanner[3044]: Using SpamAssassin results cache >>> Jun 15 11:28:26 mail MailScanner[3044]: Connected to SpamAssassin cache >>> database >>> Jun 15 11:28:26 mail MailScanner[3044]: Enabling SpamAssassin auto- >>> whitelist functionality... >>> Jun 15 11:28:28 mail MailScanner[3044]: Using locktype = flock >>> Jun 15 11:28:37 mail MailScanner[3046]: MailScanner E-Mail Virus Scanner >>> version 4.55.3 starting... >>> Jun 15 11:28:37 mail MailScanner[3046]: Read 746 hostnames from the >>> phishing whitelist >>> Jun 15 11:28:37 mail MailScanner[3046]: Using SpamAssassin results cache >>> Jun 15 11:28:37 mail MailScanner[3046]: Connected to SpamAssassin cache >>> database >>> Jun 15 11:28:37 mail MailScanner[3046]: Enabling SpamAssassin auto- >>> whitelist functionality... >>> Jun 15 11:28:39 mail MailScanner[3046]: Using locktype = flock >>> Jun 15 11:28:48 mail MailScanner[3049]: MailScanner E-Mail Virus Scanner >>> version 4.55.3 starting... >>> Jun 15 11:28:48 mail MailScanner[3049]: Read 746 hostnames from the >>> phishing whitelist >>> Jun 15 11:28:48 mail MailScanner[3049]: Using SpamAssassin results cache >>> Jun 15 11:28:48 mail MailScanner[3049]: Connected to SpamAssassin cache >>> database >>> Jun 15 11:28:48 mail MailScanner[3049]: Enabling SpamAssassin auto- >>> whitelist functionality... >>> Jun 15 11:28:50 mail MailScanner[3049]: Using locktype = flock >>> Jun 15 11:28:59 mail MailScanner[3051]: MailScanner E-Mail Virus Scanner >>> version 4.55.3 starting... >>> Jun 15 11:28:59 mail MailScanner[3051]: Read 746 hostnames from the >>> phishing whitelist >>> Jun 15 11:28:59 mail MailScanner[3051]: Using SpamAssassin results cache >>> Jun 15 11:28:59 mail MailScanner[3051]: Connected to SpamAssassin cache >>> database >>> Jun 15 11:28:59 mail MailScanner[3051]: Enabling SpamAssassin auto- >>> whitelist functionality... >>> Jun 15 11:29:01 mail MailScanner[3051]: Using locktype = flock >>> >>> Why does the message only get delivered when I restart MailScanner? If I >>> don't /etc/init.d/MailScanner restart, the message just sits in >>> /var/spool/postfix/incoming >>> >>> >>> Ian >>> >>> >>> >>> Ian Haskin wrote: >>> >>> Genius! >>> >>> It was set to batch, and after setting it to queue the message was >>> delivered right away. So, if I had sent _enough_ test messages the batch >>> would have delivered them, but because I was only sending a couple at a >>> time the delivery wasn't progressing. >>> >>> Thanks very much! >>> >>> Ian Haskin >>> >>> Drew Marshall wrote: >>> >>> On Wed, June 14, 2006 23:06, Ian Haskin wrote: >>> >>> >>> I just finished setting up and testing a new install >>> >> of >> >>> Mailscanner/Postfix/ClamAV/Spamassassin on a Fedora >>> >> 4 >> >>> machine. >>> >>> The server setup was taken from: >>> >>> http://www.linuxhelp.ca/forums/index.php?act=ST&f=3&t=3647 >>> >>> I'm running into a problem where mail can be sent to >>> >> a >> >>> local recipient, >>> it's scanned, but it sits in >>> >> /var/spool/postfix/incoming >> >>> until I >>> '/etc/init.d/MailScanner restart' at which time the >>> message is actually >>> delivered to /var/spool/mail/'local_recipient' >>> >>> I'm at a loss why, I believe, postfix must be >>> >> restarted >> >>> in order to >>> deliver the mail. >>> >>> >>> >>> Any chance of a log excerpt? What do you have in >>> MailScanner.conf >>> regarding the delivery options, batch or queue? (You will >>> >> find >> >>> this >>> towards the bottom of the file). >>> >>> Drew >>> >>> >>> >>> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRJHUSxH2WUcUFbZUEQLDUgCbB4mU9QlSAWkszIw3AboDyllBe1oAoPBr TAJbfv4jJmmO4RnjAgRBxgJy =x2QV -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From ssilva at sgvwater.com Thu Jun 15 22:46:04 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 15 22:46:16 2006 Subject: Sa-update In-Reply-To: <015001c690cb$f2c8e210$3701a8c0@lapxp> References: <015001c690cb$f2c8e210$3701a8c0@lapxp> Message-ID: Arthur Sherman spake the following on 6/15/2006 3:35 PM: >> On an RedHat based install it should be under /var/lib/spamassassin >> There should be a directory with the equivalent of your >> spamassassin version >> (3.00010003 for 3.1.3) > > And if I don't have it? > > --- > [root@ns1 src]# cd /var/lib/ > [root@ns1 lib]# ls -lah > total 124K > drwxr-xr-x 13 root root 4.0K Jun 10 01:52 . > drwxr-xr-x 26 root root 4.0K Jun 15 23:39 .. > drwxr-xr-x 2 root root 4.0K May 25 23:10 alternatives > drwx------ 2 apache apache 4.0K Jan 5 20:34 dav > drwxr-xr-x 2 root root 4.0K Mar 9 02:54 dhcp > drwxr-xr-x 2 root root 4.0K Feb 22 2005 games > -rw-r--r-- 1 root root 2.6K Jun 15 04:03 logrotate.status > drwxr-xr-x 2 root root 4.0K May 29 04:02 misc > lrwxrwxrwx 1 root root 12 May 25 23:11 mysql -> /home/mysql/ > drwxr-xr-x 2 ntp ntp 4.0K May 25 23:10 ntp > drwxr-xr-x 3 root root 4.0K Apr 25 17:45 php > -rw------- 1 root root 512 Jun 8 12:57 random-seed > drwxr-xr-x 2 rpm rpm 4.0K Jun 8 17:02 rpm > drwxr-x--- 2 root slocate 4.0K Jun 15 23:31 slocate > drwxr-xr-x 3 root root 4.0K Jun 10 01:52 squirrelmail > -rw-r--r-- 1 root root 95 Mar 9 05:35 supportinfo > drwxr-xr-x 2 webalizer root 4.0K May 29 04:02 webalizer > --- > > How could I create it? > > Spamassassin was installed by yum on CentOS-4.3 The Centos rpm's of spamassassin are only up to version 3.06. That feature came in around 3.11. You need to use a source install, or a more up to date repo for yum if you want that feature. I would recommend you rpm -e spamassassin, and install from Julian's install-Clam-SA package. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From dyioulos at firstbhph.com Thu Jun 15 22:54:47 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Thu Jun 15 22:54:55 2006 Subject: Sa-update In-Reply-To: <015001c690cb$f2c8e210$3701a8c0@lapxp> References: <015001c690cb$f2c8e210$3701a8c0@lapxp> Message-ID: <200606151754.48141.dyioulos@firstbhph.com> On Thursday June 15 2006 6:35 pm, Arthur Sherman wrote: > > On an RedHat based install it should be under > > /var/lib/spamassassin There should be a directory with the > > equivalent of your > > spamassassin version > > (3.00010003 for 3.1.3) > > And if I don't have it? > > --- > [root@ns1 src]# cd /var/lib/ > [root@ns1 lib]# ls -lah > total 124K > drwxr-xr-x 13 root root 4.0K Jun 10 01:52 . > drwxr-xr-x 26 root root 4.0K Jun 15 23:39 .. > drwxr-xr-x 2 root root 4.0K May 25 23:10 alternatives > drwx------ 2 apache apache 4.0K Jan 5 20:34 dav > drwxr-xr-x 2 root root 4.0K Mar 9 02:54 dhcp > drwxr-xr-x 2 root root 4.0K Feb 22 2005 games > -rw-r--r-- 1 root root 2.6K Jun 15 04:03 logrotate.status > drwxr-xr-x 2 root root 4.0K May 29 04:02 misc > lrwxrwxrwx 1 root root 12 May 25 23:11 mysql -> > /home/mysql/ drwxr-xr-x 2 ntp ntp 4.0K May 25 23:10 ntp > drwxr-xr-x 3 root root 4.0K Apr 25 17:45 php > -rw------- 1 root root 512 Jun 8 12:57 random-seed > drwxr-xr-x 2 rpm rpm 4.0K Jun 8 17:02 rpm > drwxr-x--- 2 root slocate 4.0K Jun 15 23:31 slocate > drwxr-xr-x 3 root root 4.0K Jun 10 01:52 squirrelmail > -rw-r--r-- 1 root root 95 Mar 9 05:35 supportinfo > drwxr-xr-x 2 webalizer root 4.0K May 29 04:02 webalizer > --- > > How could I create it? > > Spamassassin was installed by yum on CentOS-4.3 > > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! On my CentOS 3.7 system, using the stock spamassassin installed via RPM, sa-update puts the updates in /usr/share/spamassassin also. A look in sa-update (/usr/bin/sa-update) itself shows the local rules directory as /usr/share/spamassassin. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From arturs at netvision.net.il Fri Jun 16 00:30:48 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Thu Jun 15 23:32:36 2006 Subject: Lock.pl Message-ID: <016201c690d3$bb60a490$3701a8c0@lapxp> Hi List, I upgraded to MailScaner 4.54.6. Now I see in maillog: --- Jun 16 01:08:29 ns1 MailScanner[2090]: MailScanner E-Mail Virus Scanner version 4.54.6 starting... Jun 16 01:08:29 ns1 MailScanner[2090]: Read 719 hostnames from the phishing whitelist Jun 16 01:08:30 ns1 MailScanner[2090]: Using SpamAssassin results cache Jun 16 01:08:30 ns1 MailScanner[2090]: Connected to SpamAssassin cache database Jun 16 01:08:30 ns1 MailScanner[2090]: Enabling SpamAssassin auto-whitelist functionality... Jun 16 01:08:32 ns1 MailScanner[2090]: lock.pl sees Config LockType = posix Jun 16 01:08:32 ns1 MailScanner[2090]: lock.pl sees have_module = 0 Jun 16 01:08:32 ns1 MailScanner[2090]: Using locktype = posix --- What is this lock.pl? The only file that could correspond to it is /usr/local/majordomo/shlock.pl. Also, what does it mean 'lock.pl sees have_module = 0' ? Best, -- Arthur Sherman +972-52-4878851 CPTeam From alex at nkpanama.com Thu Jun 15 23:42:18 2006 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jun 15 23:42:50 2006 Subject: Spamcop Auto-reporting Plugin In-Reply-To: <4491A47F.7070702@evi-inc.com> References: <449193EE.7070202@evi-inc.com> <4491A47F.7070702@evi-inc.com> Message-ID: <4491E24A.3000205@nkpanama.com> Matt Kettler escribi?: > No, and such things are generally discouraged because it's a bad idea. > > SA had the feature to do auto-reporting to razor a long time ago, and it was > removed at the request of cloudmark. Cloudmark has an *explicit* ban on users > auto-reporting to razor based on the results of automated analysis tools like SA. > > The problem being that SA scores alone are not that reliable of an indicator of > spam. If you autoreport to a system, be it spamcop, razor, etc, based on SA > score, that system effectively becomes the equivalent of spamassassin. It will > have all the same FPs, and all the same correct spam hits. > While I wholeheartedly agree that reporting SPAM sent to legitimate addresses using an automated tool can be abused, I believe there could be a use for autoreporting: spamtraps. Perhaps somebody here could help me out. Let's say I buy a domain (they're cheap anyways). I *know* I'm not going to receive e-mail for that domain since it's a throwaway, so I can turn it into a spamtrap (I could also use a subdomain, say, "crap.nkpanama.com", or an address on my actual domain which I *know* to be invalid... but I digress...). I could set up a "mailertable" entry that says "anything for thisdomainiscrap.com gets sent to spamtastic@local". Then the user spamtastic has a .forward file that says "forward the contents of the message to spamassassin --report". Would this be feasible? Pros & Cons? Let me know what you think. From ssilva at sgvwater.com Thu Jun 15 23:45:25 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 15 23:46:12 2006 Subject: Lock.pl In-Reply-To: <016201c690d3$bb60a490$3701a8c0@lapxp> References: <016201c690d3$bb60a490$3701a8c0@lapxp> Message-ID: Arthur Sherman spake the following on 6/15/2006 4:30 PM: > Hi List, > > I upgraded to MailScaner 4.54.6. > > Now I see in maillog: > --- > Jun 16 01:08:29 ns1 MailScanner[2090]: MailScanner E-Mail Virus Scanner > version 4.54.6 starting... > Jun 16 01:08:29 ns1 MailScanner[2090]: Read 719 hostnames from the phishing > whitelist > Jun 16 01:08:30 ns1 MailScanner[2090]: Using SpamAssassin results cache > Jun 16 01:08:30 ns1 MailScanner[2090]: Connected to SpamAssassin cache > database > Jun 16 01:08:30 ns1 MailScanner[2090]: Enabling SpamAssassin auto-whitelist > functionality... > Jun 16 01:08:32 ns1 MailScanner[2090]: lock.pl sees Config LockType = > posix > Jun 16 01:08:32 ns1 MailScanner[2090]: lock.pl sees have_module = 0 > Jun 16 01:08:32 ns1 MailScanner[2090]: Using locktype = posix > --- > > What is this lock.pl? > > The only file that could correspond to it is /usr/local/majordomo/shlock.pl. > > Also, what does it mean 'lock.pl sees have_module = 0' ? Probably some code that Julian added to make the locktype detection work. Either the code hasn't been "silenced" yet, or it is a logging option he thought necessary. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From alex at nkpanama.com Thu Jun 15 23:48:03 2006 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jun 15 23:48:26 2006 Subject: Strange load situation In-Reply-To: <008a01c6909f$76652de0$0705000a@DDF5DW71> References: <000901c69086$54cf5890$0705000a@DDF5DW71> <20060615153220.M69711@defjam.cc.strath.ac.uk><004a01c6908a$6a061d30$0705000a@DDF5DW71> <44918818.8080801@nerc.ac.uk> <008a01c6909f$76652de0$0705000a@DDF5DW71> Message-ID: <4491E3A3.3060200@nkpanama.com> Steve Campbell escribi?: > I am getting hit pretty hard by a .netzero.com thing. They are all > being listed as spam, but it would be nice to block them up front in > the access table. I just don't know if anyone receives mail from a > real netzero user, and this wouldn't save a copy. They are all from > varying IPs, so its hard to figure out how to do this without damage. If it's sendmail, you could add a tempfail message (I think) like so: netzero.com 421 Temporary error - Please call +999 999-9999 for more info or e-mail stevesgmailaddress@gmail.com for more info. Mention error code #PEBKAC when reporting. I've had to do these things sometimes in order to weed out (and whitelist) legitimate addresses from otherwise spammy domains / ips. From arturs at netvision.net.il Fri Jun 16 00:49:54 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Thu Jun 15 23:51:43 2006 Subject: Lock.pl In-Reply-To: Message-ID: <016301c690d6$66db3180$3701a8c0@lapxp> > Probably some code that Julian added to make the locktype > detection work. > Either the code hasn't been "silenced" yet, or it is a > logging option he > thought necessary. All right! Thanks. Best, -- Arthur Sherman +972-52-4878851 CPTeam From axisml at gmail.com Fri Jun 16 00:01:26 2006 From: axisml at gmail.com (Chris Stone) Date: Fri Jun 16 00:03:06 2006 Subject: "Contact Us" web page In-Reply-To: <4491CC94.7040400@ecs.soton.ac.uk> References: <4491CC94.7040400@ecs.soton.ac.uk> Message-ID: <200606151701.27004@cs.axint.net> On Thursday 15 June 2006 03:09 pm, Julian Field wrote: > What would you like to see on a "Contact Us" web page on > www.mailscanner.info? How about your home and cell numbers? ;-) From campbell at cnpapers.com Fri Jun 16 01:05:28 2006 From: campbell at cnpapers.com (campbell@cnpapers.com) Date: Fri Jun 16 01:06:29 2006 Subject: Strange load situation In-Reply-To: <4491E3A3.3060200@nkpanama.com> References: <000901c69086$54cf5890$0705000a@DDF5DW71> <20060615153220.M69711@defjam.cc.strath.ac.uk><004a01c6908a$6a061d30$0705000a@DDF5DW71> <44918818.8080801@nerc.ac.uk> <008a01c6909f$76652de0$0705000a@DDF5DW71> <4491E3A3.3060200@nkpanama.com> Message-ID: <1150416328.4491f5c8d33ae@perdition.cnpapers.net> Quoting Alex Neuman : > Steve Campbell escribi?: > > I am getting hit pretty hard by a .netzero.com thing. They are all > > being listed as spam, but it would be nice to block them up front in > > the access table. I just don't know if anyone receives mail from a > > real netzero user, and this wouldn't save a copy. They are all from > > varying IPs, so its hard to figure out how to do this without damage. > If it's sendmail, you could add a tempfail message (I think) like so: > > netzero.com 421 Temporary error - Please call +999 999-9999 for more > info or e-mail stevesgmailaddress@gmail.com for more info. Mention error > code #PEBKAC when reporting. > > I've had to do these things sometimes in order to weed out (and > whitelist) legitimate addresses from otherwise spammy domains / ips. Great idea! For now, I went ahead and discarded the domain. I checked for valid senders first that we have had, and prepended the discard with them. I figure anyone who needs email from netzero can call me. There's really a major decision to make on how to block these type of things. I wish it were easier. These netzero spams were 20% of our entire incoming total for the day before I blocked them. So I figured something drastic. Blacklisting is the usual way so I can release them later. Unfortunately, the load average is back up around 5-7. Spikes go higher. No incoming drops to 2-3. Looks like some major tuning, but this machine should handle it's load fine. Dare I ask - Does Mailscanner cause swapping?(Smily face symbol) Please don't answer that one. Thanks, Steve > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ From taz at taz-mania.com Fri Jun 16 01:24:19 2006 From: taz at taz-mania.com (Dennis Willson) Date: Fri Jun 16 01:24:23 2006 Subject: Strange load situation In-Reply-To: <1150416328.4491f5c8d33ae@perdition.cnpapers.net> References: <000901c69086$54cf5890$0705000a@DDF5DW71> <20060615153220.M69711@defjam.cc.strath.ac.uk><004a01c6908a$6a061d30$0705000a@DDF5DW71> <44918818.8080801@nerc.ac.uk> <008a01c6909f$76652de0$0705000a@DDF5DW71> <4491E3A3.3060200@nkpanama.com> <1150416328.4491f5c8d33ae@perdition.cnpapers.net> Message-ID: <4491FA33.9070002@taz-mania.com> netzero publishes SPF records. So you could filter on that if you use some form of SPF filter. Also have you tried greylistiing? Works well for me. campbell@cnpapers.com wrote: >Quoting Alex Neuman : > > > >>Steve Campbell escribi?: >> >> >>>I am getting hit pretty hard by a .netzero.com thing. They are all >>>being listed as spam, but it would be nice to block them up front in >>>the access table. I just don't know if anyone receives mail from a >>>real netzero user, and this wouldn't save a copy. They are all from >>>varying IPs, so its hard to figure out how to do this without damage. >>> >>> >>If it's sendmail, you could add a tempfail message (I think) like so: >> >>netzero.com 421 Temporary error - Please call +999 999-9999 for more >>info or e-mail stevesgmailaddress@gmail.com for more info. Mention error >>code #PEBKAC when reporting. >> >>I've had to do these things sometimes in order to weed out (and >>whitelist) legitimate addresses from otherwise spammy domains / ips. >> >> > >Great idea! > >For now, I went ahead and discarded the domain. I checked for valid senders >first that we have had, and prepended the discard with them. > >I figure anyone who needs email from netzero can call me. > >There's really a major decision to make on how to block these type of things. I >wish it were easier. These netzero spams were 20% of our entire incoming total >for the day before I blocked them. So I figured something drastic. Blacklisting >is the usual way so I can release them later. > >Unfortunately, the load average is back up around 5-7. Spikes go higher. No >incoming drops to 2-3. Looks like some major tuning, but this machine should >handle it's load fine. > >Dare I ask - Does Mailscanner cause swapping?(Smily face symbol) > >Please don't answer that one. > >Thanks, > >Steve > > >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! >> >> >> > > > > >------------------------------------------------- >This mail sent through IMP: http://horde.org/imp/ > > -- ---------------------------------- Dennis Willson mailto:taz@taz-mania.com http://www.taz-mania.com Owner / Operator, Kepnet Internet Services -------------- next part -------------- A non-text attachment was scrubbed... Name: taz.vcf Type: text/x-vcard Size: 219 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060615/478c8b07/taz.vcf From mkettler at evi-inc.com Fri Jun 16 01:50:33 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Jun 16 01:50:44 2006 Subject: Spamcop Auto-reporting Plugin In-Reply-To: <4491E24A.3000205@nkpanama.com> References: <449193EE.7070202@evi-inc.com> <4491A47F.7070702@evi-inc.com> <4491E24A.3000205@nkpanama.com> Message-ID: <44920059.9040202@evi-inc.com> Alex Neuman wrote: > Matt Kettler escribi?: >> > While I wholeheartedly agree that reporting SPAM sent to legitimate > addresses using an automated tool can be abused, I believe there could > be a use for autoreporting: spamtraps. That's quite fair. And cloudmark/razor does not discourage auto-reporting from spamtraps. They only discourage auto-reporting based on spam-analysis software like SpamAssassin scores. > > Perhaps somebody here could help me out. Let's say I buy a domain > (they're cheap anyways). I *know* I'm not going to receive e-mail for > that domain since it's a throwaway, so I can turn it into a spamtrap (I > could also use a subdomain, say, "crap.nkpanama.com", or an address on > my actual domain which I *know* to be invalid... but I digress...). > > I could set up a "mailertable" entry that says "anything for > thisdomainiscrap.com gets sent to spamtastic@local". > > Then the user spamtastic has a .forward file that says "forward the > contents of the message to spamassassin --report". > > Would this be feasible? Pros & Cons? Let me know what you think. Yes, you could do that. You could also batch it as a cronjob and feed the whole mailbox to spamassassin --report --mbox. (Note: spamassassin --mbox requires SA 3.0.x.. 2.6x only supports --mbox with sa-learn) From arturs at netvision.net.il Fri Jun 16 03:01:15 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Fri Jun 16 02:03:04 2006 Subject: How to setup rules? In-Reply-To: <44907A65.1020803@evi-inc.com> Message-ID: <016e01c690e8$bff69ae0$3701a8c0@lapxp> Thank you. Learning... Best, -- Arthur Sherman +972-52-4878851 CPTeam From chardlist at chard.net Fri Jun 16 04:58:26 2006 From: chardlist at chard.net (chardlist) Date: Fri Jun 16 04:58:39 2006 Subject: Typical Bayes Size? Message-ID: <027401c690f9$21514af0$a000a8c0@sangria> On a server that averages about 15,000 messages a day, with a mature bayes database that runs sa-learn --force-expire every night via cron, what should I expect as a typical number of tokens? The last sa-learn --force-expire reported: expired old bayes database entries in 11 seconds 1011642 entries kept, 5188 deleted token frequency: 1-occurrence tokens: 13.09% token frequency: less than 8 occurrences: 5.09% Is over 1 million tokens normal or is something fishy going on? When I lint the spamassassin config it reports: bayes: corpus size: nspam = 713810, nham = 212860 Thanks for any advice/reassurance, -Brendan From glenn.steen at gmail.com Fri Jun 16 08:45:01 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 16 08:45:05 2006 Subject: How to split messages per recipient with postfix. In-Reply-To: References: <223f97700606150428md0208d7ma6928e38845552dc@mail.gmail.com> <39586.194.70.180.170.1150375051.squirrel@webmail.r-bit.net> <223f97700606150620l1ba4566bn5e1a1d1a3d1df061@mail.gmail.com> <44918716.7020605@pacific.net> <223f97700606151202r27d41818t23d0d71386b9c199@mail.gmail.com> Message-ID: <223f97700606160045t5a5708alc3d913674af33378@mail.gmail.com> On 15/06/06, Drew Marshall wrote: > On 15 Jun 2006, at 20:02, Glenn Steen wrote: > > >> A bit of an MTA war is a good thing for documentation it seems! > > > > Just a very little bit:-)... More of a "friendly nudge";) > > But all done with a grin on this list :-) > Yeah well .... It's as with the replying to oneself thing (for postfix admins)... Sort of mandatory:-):-) BTW, we've been a bit lax in teh "reply to oneself department on this thread, haven't we.... :-D -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Jun 16 08:47:51 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 16 08:47:54 2006 Subject: How to split messages per recipient with postfix. In-Reply-To: <223f97700606160045t5a5708alc3d913674af33378@mail.gmail.com> References: <223f97700606150428md0208d7ma6928e38845552dc@mail.gmail.com> <39586.194.70.180.170.1150375051.squirrel@webmail.r-bit.net> <223f97700606150620l1ba4566bn5e1a1d1a3d1df061@mail.gmail.com> <44918716.7020605@pacific.net> <223f97700606151202r27d41818t23d0d71386b9c199@mail.gmail.com> <223f97700606160045t5a5708alc3d913674af33378@mail.gmail.com> Message-ID: <223f97700606160047k2ba9b466u228beb18c16a038b@mail.gmail.com> On 16/06/06, Glenn Steen wrote: (snip) > BTW, we've been a bit lax in teh "reply to oneself department on this > thread, haven't we.... :-D > Ah, trust "fat-finger-syndrome" to ... alleviate... that. The above should've read: > BTW, we've been a bit lax in the "reply to oneself" department on this thread, now haven't we > ... :-D ... all fixed now;-) -- -- Glenn (a.k.a. Le Grand Typo) email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From drew at themarshalls.co.uk Fri Jun 16 09:47:33 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Jun 16 09:47:53 2006 Subject: How to split messages per recipient with postfix. In-Reply-To: <223f97700606160047k2ba9b466u228beb18c16a038b@mail.gmail.com> References: <223f97700606150428md0208d7ma6928e38845552dc@mail.gmail.com> <39586.194.70.180.170.1150375051.squirrel@webmail.r-bit.net> <223f97700606150620l1ba4566bn5e1a1d1a3d1df061@mail.gmail.com> <44918716.7020605@pacific.net> <223f97700606151202r27d41818t23d0d71386b9c199@mail.gmail.com> <223f97700606160045t5a5708alc3d913674af33378@mail.gmail.com> <223f97700606160047k2ba9b466u228beb18c16a038b@mail.gmail.com> Message-ID: <41065.194.70.180.170.1150447653.squirrel@webmail.r-bit.net> On Fri, June 16, 2006 08:47, Glenn Steen wrote: > On 16/06/06, Glenn Steen wrote: > (snip) >> BTW, we've been a bit lax in teh "reply to oneself department on this >> thread, haven't we.... :-D >> > Ah, trust "fat-finger-syndrome" to ... alleviate... that. The above > should've read: >> BTW, we've been a bit lax in the "reply to oneself" department on this >> thread, now haven't we >> ... :-D > ... all fixed now;-) It's nice to see someone else who suffers 'fat-finger syndrome'. I hate to think how many applications, servers, routers (infact anything!) that has not worked properly first time due to a stupid typo in a config file :-) One day some one will manage a thought connection and remove these damn keyboards. On the other hand, with what goes through my mind... ;-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From bbbkee at gmail.com Fri Jun 16 10:40:54 2006 From: bbbkee at gmail.com (BBB Kee) Date: Fri Jun 16 10:40:57 2006 Subject: mail with a rar which have hundreds of files Message-ID: <6807f59a0606160240w56c54f82ndda2f2942bb8fad0@mail.gmail.com> Hi, I am using MailScanner 4.46.2. I only have a simple setup on MailScanner to check for virus by Sophos, no antispamming and anti-phishing function. Recently I have a new customer who at each day end send a mail which have a rar file, but the rar file have hundreds of dbf files (more than 500 files). I suppose this customer is backing up their DB each day. It seems that our MS will unrar the "member" files one by one and scan one by one. The mail processing will last around 1.5 hour each day, although the "Unrar Timeout" parameter is already set at 50 (I checked the code the timeout of SafePipe function only guard unraring one member file in the rar file, but not guard the total time of unraring of the member files) . I am no much care about this client, but when a MS process take a number of other mails to process, the others mail will also be delayed. Currently I have to stop MS, dequeue the mail manually, and start MS again....It is better to delay other mails. Is there a new version/configuration of MS that help fixing the problem, either guarding the total time to process the mail or release the lock for other mails for other MS process when time exceed, or some other methods that can help? Eric -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060616/9936abf2/attachment.html From paul.eskello at gmail.com Fri Jun 16 13:07:44 2006 From: paul.eskello at gmail.com (Paul Eskello) Date: Fri Jun 16 13:07:48 2006 Subject: filter out messages only containing gifs Message-ID: <8cdf6c720606160507k5d9fe040ra758bf80006f226a@mail.gmail.com> Hi all, is there any possibility mailscanner filters out all messages which only contains gifs / jpg's/ etc etc ? It seems this form of spam is about to stay for the upcoming months. I'd look at the config of my mailscanner 4.32.5 (yeah it's old I know) but didn't find the knobs. Is it possible in any newer version or possible to add this feature to the upcoming ? Thx. Have a great day. Paul From campbell at cnpapers.com Fri Jun 16 13:54:13 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Jun 16 13:54:30 2006 Subject: Strange load situation References: <000901c69086$54cf5890$0705000a@DDF5DW71> <20060615153220.M69711@defjam.cc.strath.ac.uk><004a01c6908a$6a061d30$0705000a@DDF5DW71> <44918818.8080801@nerc.ac.uk> <008a01c6909f$76652de0$0705000a@DDF5DW71> <4491E3A3.3060200@nkpanama.com><1150416328.4491f5c8d33ae@perdition.cnpapers.net> <4491FA33.9070002@taz-mania.com> Message-ID: <00e501c69143$f802b080$0705000a@DDF5DW71> Dennis, ----- Original Message ----- From: "Dennis Willson" To: "MailScanner discussion" Sent: Thursday, June 15, 2006 8:24 PM Subject: Re: Strange load situation > netzero publishes SPF records. So you could filter on that if you use > some form of SPF filter. Also have you tried greylistiing? Works well > for me. How did you implement the SPF filter? Is it configurable for just specific domains or all-or-nothing? What do you use for greylisting also? I know of the milters for both from Snert, but are there others? Thanks very much. Steve > > campbell@cnpapers.com wrote: > >>Quoting Alex Neuman : >> >> >> >>>Steve Campbell escribi?: >>> >>> >>>>I am getting hit pretty hard by a .netzero.com thing. They are all >>>>being listed as spam, but it would be nice to block them up front in >>>>the access table. I just don't know if anyone receives mail from a >>>>real netzero user, and this wouldn't save a copy. They are all from >>>>varying IPs, so its hard to figure out how to do this without damage. >>>> >>>> >>>If it's sendmail, you could add a tempfail message (I think) like so: >>> >>>netzero.com 421 Temporary error - Please call +999 999-9999 for more >>>info or e-mail stevesgmailaddress@gmail.com for more info. Mention error >>>code #PEBKAC when reporting. >>> >>>I've had to do these things sometimes in order to weed out (and >>>whitelist) legitimate addresses from otherwise spammy domains / ips. >>> >>> >> >>Great idea! >> >>For now, I went ahead and discarded the domain. I checked for valid >>senders >>first that we have had, and prepended the discard with them. >> >>I figure anyone who needs email from netzero can call me. >> >>There's really a major decision to make on how to block these type of >>things. I >>wish it were easier. These netzero spams were 20% of our entire incoming >>total >>for the day before I blocked them. So I figured something drastic. >>Blacklisting >>is the usual way so I can release them later. >> >>Unfortunately, the load average is back up around 5-7. Spikes go higher. >>No >>incoming drops to 2-3. Looks like some major tuning, but this machine >>should >>handle it's load fine. >> >>Dare I ask - Does Mailscanner cause swapping?(Smily face symbol) >> >>Please don't answer that one. >> >>Thanks, >> >>Steve >> >> >>>-- >>>MailScanner mailing list >>>mailscanner@lists.mailscanner.info >>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>>Before posting, read http://wiki.mailscanner.info/posting >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >> >> >> >> >>------------------------------------------------- >>This mail sent through IMP: http://horde.org/imp/ >> >> > > -- > > ---------------------------------- > Dennis Willson > mailto:taz@taz-mania.com > http://www.taz-mania.com > > Owner / Operator, Kepnet Internet Services > > > > -------------------------------------------------------------------------------- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Fri Jun 16 13:58:16 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 16 13:58:32 2006 Subject: filter out messages only containing gifs In-Reply-To: <8cdf6c720606160507k5d9fe040ra758bf80006f226a@mail.gmail.com> References: <8cdf6c720606160507k5d9fe040ra758bf80006f226a@mail.gmail.com> Message-ID: <7752A5DD-448D-4B63-9227-5EDC77CF8DDC@ecs.soton.ac.uk> You want the extra SpamAssassin rules that get picked up by rules_du_jour. Make sure your SpamAssassin is reasonably up to date then look in www.fsl.com/support. On 16 Jun 2006, at 13:07, Paul Eskello wrote: > Hi all, > > is there any possibility mailscanner filters out all messages which > only contains gifs / jpg's/ etc etc ? It seems this form of spam is > about to stay for the upcoming months. > > I'd look at the config of my mailscanner 4.32.5 (yeah it's old I know) > but didn't find the knobs. Is it possible in any newer version or > possible to add this feature to the upcoming ? > > Thx. > Have a great day. > > Paul > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From edwardbruce at sbcglobal.net Fri Jun 16 14:50:33 2006 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Fri Jun 16 14:50:37 2006 Subject: Will MS work with Postfix 2.3? In-Reply-To: <40820.194.70.180.170.1146754842.squirrel@webmail.r-bit.net> References: <44598828.6030008@rogers.com> <445A0D43.4030306@yeticomputers.com> <40820.194.70.180.170.1146754842.squirrel@webmail.r-bit.net> Message-ID: <4492B729.7070605@sbcglobal.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Drew Marshall wrote: > On Thu, May 4, 2006 15:18, Rick Chadderdon wrote: >> Mike Jakubik wrote: >> >>> I hope this gets Julian's attention, but i am curious to know whether >>> MailScanner will continue to function with the new release of Postfix >>> 2.3. >>> >> I'm using MailScanner (as of yesterday it was at 4.52.2 in FreeBSD >> ports) with postfix-2.3.20060405. I stopped updating Postfix when I >> read the recent discussions on this list about possible future breakage, >> but the version I have works flawlessly. > > Me too, although I am running the latest Postfix port on one of the mx's > just to see when/ if it does break. > > Drew > > So is the conclusion that MS works with Postfix 2.3? It looks like "bounce_template_file" will solve a problem I have and would like to use it. I am concerned about upgrading to 2.3. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEkrcppdNaP9x3McgRAs8lAJ9Ekd9l6/FhNDOHHtKjafzYsjkRSACfYQEC 5Fr4KHGgQjA99zAmnJbbk6c= =EBLE -----END PGP SIGNATURE----- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060616/11339979/attachment.html From edwardbruce at sbcglobal.net Fri Jun 16 14:54:32 2006 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Fri Jun 16 14:54:35 2006 Subject: Will MS work with Postfix 2.3? In-Reply-To: <4492B729.7070605@sbcglobal.net> References: <44598828.6030008@rogers.com> <445A0D43.4030306@yeticomputers.com> <40820.194.70.180.170.1146754842.squirrel@webmail.r-bit.net> <4492B729.7070605@sbcglobal.net> Message-ID: <4492B818.9010709@sbcglobal.net> Ok I should have checked the status of 2.3 before asking. Since only experimental and non-production releases are available I won't be trying this until its official from Julian to upgrade to 2.3. From ugob at camo-route.com Fri Jun 16 14:57:07 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Fri Jun 16 14:57:24 2006 Subject: Strange load situation In-Reply-To: <00e501c69143$f802b080$0705000a@DDF5DW71> References: <000901c69086$54cf5890$0705000a@DDF5DW71> <20060615153220.M69711@defjam.cc.strath.ac.uk><004a01c6908a$6a061d30$0705000a@DDF5DW71> <44918818.8080801@nerc.ac.uk> <008a01c6909f$76652de0$0705000a@DDF5DW71> <4491E3A3.3060200@nkpanama.com><1150416328.4491f5c8d33ae@perdition.cnpapers.net> <4491FA33.9070002@taz-mania.com> <00e501c69143$f802b080$0705000a@DDF5DW71> Message-ID: Steve Campbell wrote: > Dennis, > > ----- Original Message ----- From: "Dennis Willson" > To: "MailScanner discussion" > Sent: Thursday, June 15, 2006 8:24 PM > Subject: Re: Strange load situation > > >> netzero publishes SPF records. So you could filter on that if you use >> some form of SPF filter. Also have you tried greylistiing? Works well >> for me. > > How did you implement the SPF filter? Is it configurable for just > specific domains or all-or-nothing? I used spfmilter a while ago. I can't remember if it is configurable. You an check here http://www.city-fan.org/ftp/contrib/mail/ There is something about a patch to allow recipient whitelisting in access db. > What do you use for greylisting also? I know of the milters for both > from Snert, but are there others? I use milter-greylist and it is great... However, I am currently running into some problems to make it work with milter-sender, but this should be sorted quite fast. Regards, Ugo From lhaig at haigmail.com Fri Jun 16 15:04:59 2006 From: lhaig at haigmail.com (Lance Haig) Date: Fri Jun 16 15:05:01 2006 Subject: Lint problems Message-ID: <4492BA8B.7000405@haigmail.com> I got this when I ran the lint command mailhost:~ # MailScanner --lint Cannot open config file --lint, No such file or directory at /usr/lib/MailScanner/MailScanner/Config.pm line 597. Compilation failed in require at /usr/sbin/MailScanner line 68. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 68. Did I enter it incorrectly? Lance -- *Lance Haig* Director *Work:* 07967967108 *Mobile:* 07967967108 *Email:* lhaig@haigmail.com *http://www.linkedin.com/in/lancehaig * * * *HaigMail dot Com* See who we know in common Want a signature like this? -------------- next part -------------- Skipped content of type multipart/related From lhaig at haigmail.com Fri Jun 16 15:11:12 2006 From: lhaig at haigmail.com (Lance Haig) Date: Fri Jun 16 15:11:15 2006 Subject: Lint problems In-Reply-To: <4492BA8B.7000405@haigmail.com> References: <4492BA8B.7000405@haigmail.com> Message-ID: <4492BC00.6050400@haigmail.com> My MS seems to think it is down mailhost:~ # /etc/init.d/MailScanner status Checking for service MailScanner: dead mailhost:~ # How can I fault find this please sendmail Mailscanner -V result Running on Linux mailhost 2.6.11.4-21.11-smp #1 SMP Thu Feb 2 20:54:26 UTC 2006 i686 i686 i386 GNU/Linux This is SuSE Linux 9.3 (i586) This is Perl version 5.008006 (5.8.6) This is MailScanner version 4.54.4 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.16 File::Temp 0.78 Filesys::Df 1.35 HTML::Entities 3.54 HTML::Parser 2.37 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.03 MIME::QuotedPrint 5.420 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.65 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.810 DB_File 1.11 DBD::SQLite 1.50 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.001001 Mail::SpamAssassin 1.999001 Mail::SPF::Query 0.20 Net::CIDR::Lite 0.57 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.56 Test::Harness 0.62 Test::Simple 1.95 Text::Balanced 1.35 URI Lance Haig wrote: > I got this when I ran the lint command > > mailhost:~ # MailScanner --lint > Cannot open config file --lint, No such file or directory at > /usr/lib/MailScanner/MailScanner/Config.pm line 597. > Compilation failed in require at /usr/sbin/MailScanner line 68. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 68. > > > Did I enter it incorrectly? > > Lance > > -- > *Lance Haig* > Director > > *Work:* 07967967108 > *Mobile:* 07967967108 > *Email:* lhaig@haigmail.com > *http://www.linkedin.com/in/lancehaig > * > * * *HaigMail dot Com* * > * > > See who we know in common > Want a signature like this? > > > -- > This message has been scanned for viruses and > dangerous content by *Red Armour MailScanner* > , and is > believed to be clean. > -- *Lance Haig* Director *Work:* 07967967108 *Mobile:* 07967967108 *Email:* lhaig@haigmail.com *http://www.linkedin.com/in/lancehaig * * * *HaigMail dot Com* See who we know in common Want a signature like this? -------------- next part -------------- Skipped content of type multipart/related From shuttlebox at gmail.com Fri Jun 16 15:15:30 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Jun 16 15:15:32 2006 Subject: Lint problems In-Reply-To: <4492BA8B.7000405@haigmail.com> References: <4492BA8B.7000405@haigmail.com> Message-ID: <625385e30606160715o66d24ac9ma7a235a37309c7cc@mail.gmail.com> On 6/16/06, Lance Haig wrote: > > I got this when I ran the lint command > > mailhost:~ # MailScanner --lint > Cannot open config file --lint, No such file or directory at > /usr/lib/MailScanner/MailScanner/Config.pm line 597. > Compilation failed in require at /usr/sbin/MailScanner line 68. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 68. > What version (-v) are you running? If it's a little older you don't have lint support, it it's really old you can't use -v either. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060616/da6189b7/attachment.html From Denis.Beauchemin at USherbrooke.ca Fri Jun 16 15:17:05 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Jun 16 15:17:35 2006 Subject: Lint problems In-Reply-To: <4492BA8B.7000405@haigmail.com> References: <4492BA8B.7000405@haigmail.com> Message-ID: <4492BD61.4000207@USherbrooke.ca> Lance Haig a ?crit : > I got this when I ran the lint command > > mailhost:~ # MailScanner --lint > Cannot open config file --lint, No such file or directory at > /usr/lib/MailScanner/MailScanner/Config.pm line 597. > Compilation failed in require at /usr/sbin/MailScanner line 68. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 68. Lance, Upgrade to a more recent version.... and please drop your icons in your signature... Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060616/fe52130e/smime.bin From lhaig at haigmail.com Fri Jun 16 15:34:24 2006 From: lhaig at haigmail.com (Lance Haig) Date: Fri Jun 16 15:34:26 2006 Subject: Lint problems In-Reply-To: <625385e30606160715o66d24ac9ma7a235a37309c7cc@mail.gmail.com> References: <4492BA8B.7000405@haigmail.com> <625385e30606160715o66d24ac9ma7a235a37309c7cc@mail.gmail.com> Message-ID: <4492C170.9050702@haigmail.com> Hi Peter, This is MailScanner version 4.54.4 Thanks Lance shuttlebox wrote: > On 6/16/06, *Lance Haig* > wrote: > > I got this when I ran the lint command > > mailhost:~ # MailScanner --lint > Cannot open config file --lint, No such file or directory at > /usr/lib/MailScanner/MailScanner/Config.pm line 597. > Compilation failed in require at /usr/sbin/MailScanner line 68. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 68. > > > What version (-v) are you running? If it's a little older you don't > have lint support, it it's really old you can't use -v either. > > -- > /peter > > > -- > This message has been scanned for viruses and > dangerous content by *Red Armour MailScanner* > , and is > believed to be clean. > From lhaig at haigmail.com Fri Jun 16 15:35:09 2006 From: lhaig at haigmail.com (Lance Haig) Date: Fri Jun 16 15:35:11 2006 Subject: Lint problems In-Reply-To: <4492BD61.4000207@USherbrooke.ca> References: <4492BA8B.7000405@haigmail.com> <4492BD61.4000207@USherbrooke.ca> Message-ID: <4492C19D.80209@haigmail.com> Hi Denis, This is MailScanner version 4.54.4 And sorry about the signature Lance Denis Beauchemin wrote: > Lance Haig a ?crit : >> I got this when I ran the lint command >> >> mailhost:~ # MailScanner --lint >> Cannot open config file --lint, No such file or directory at >> /usr/lib/MailScanner/MailScanner/Config.pm line 597. >> Compilation failed in require at /usr/sbin/MailScanner line 68. >> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 68. > > Lance, > > Upgrade to a more recent version.... and please drop your icons in > your signature... > > Denis > From taz at taz-mania.com Fri Jun 16 16:01:02 2006 From: taz at taz-mania.com (Dennis Willson) Date: Fri Jun 16 15:58:49 2006 Subject: Strange load situation In-Reply-To: <00e501c69143$f802b080$0705000a@DDF5DW71> References: <000901c69086$54cf5890$0705000a@DDF5DW71> <20060615153220.M69711@defjam.cc.strath.ac.uk><004a01c6908a$6a061d30$0705000a@DDF5DW71> <44918818.8080801@nerc.ac.uk> <008a01c6909f$76652de0$0705000a@DDF5DW71> <4491E3A3.3060200@nkpanama.com><1150416328.4491f5c8d33ae@perdition.cnpapers.net> <4491FA33.9070002@taz-mania.com> <00e501c69143$f802b080$0705000a@DDF5DW71> Message-ID: <4492C7AE.50401@taz-mania.com> I use milter-greylist. It's very configurable. Dennis Steve Campbell wrote: > Dennis, > > ----- Original Message ----- From: "Dennis Willson" > To: "MailScanner discussion" > Sent: Thursday, June 15, 2006 8:24 PM > Subject: Re: Strange load situation > > >> netzero publishes SPF records. So you could filter on that if you use >> some form of SPF filter. Also have you tried greylistiing? Works well >> for me. > > How did you implement the SPF filter? Is it configurable for just > specific domains or all-or-nothing? > What do you use for greylisting also? I know of the milters for both > from Snert, but are there others? > > Thanks very much. > > Steve >> >> campbell@cnpapers.com wrote: >> >>> Quoting Alex Neuman : >>> >>> >>> >>>> Steve Campbell escribi?: >>>> >>>> >>>>> I am getting hit pretty hard by a .netzero.com thing. They are all >>>>> being listed as spam, but it would be nice to block them up front in >>>>> the access table. I just don't know if anyone receives mail from a >>>>> real netzero user, and this wouldn't save a copy. They are all from >>>>> varying IPs, so its hard to figure out how to do this without damage. >>>>> >>>>> >>>> If it's sendmail, you could add a tempfail message (I think) like so: >>>> >>>> netzero.com 421 Temporary error - Please call +999 999-9999 for more >>>> info or e-mail stevesgmailaddress@gmail.com for more info. Mention >>>> error >>>> code #PEBKAC when reporting. >>>> >>>> I've had to do these things sometimes in order to weed out (and >>>> whitelist) legitimate addresses from otherwise spammy domains / ips. >>>> >>>> >>> >>> Great idea! >>> >>> For now, I went ahead and discarded the domain. I checked for valid >>> senders >>> first that we have had, and prepended the discard with them. >>> >>> I figure anyone who needs email from netzero can call me. >>> >>> There's really a major decision to make on how to block these type >>> of things. I >>> wish it were easier. These netzero spams were 20% of our entire >>> incoming total >>> for the day before I blocked them. So I figured something drastic. >>> Blacklisting >>> is the usual way so I can release them later. >>> >>> Unfortunately, the load average is back up around 5-7. Spikes go >>> higher. No >>> incoming drops to 2-3. Looks like some major tuning, but this >>> machine should >>> handle it's load fine. >>> >>> Dare I ask - Does Mailscanner cause swapping?(Smily face symbol) >>> >>> Please don't answer that one. >>> >>> Thanks, >>> >>> Steve >>> >>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>> >>> >>> >>> >>> ------------------------------------------------- >>> This mail sent through IMP: http://horde.org/imp/ >>> >>> >> >> -- >> >> ---------------------------------- >> Dennis Willson >> mailto:taz@taz-mania.com >> http://www.taz-mania.com >> >> Owner / Operator, Kepnet Internet Services >> >> >> >> > > > -------------------------------------------------------------------------------- > > > >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > From alex at nkpanama.com Fri Jun 16 17:25:38 2006 From: alex at nkpanama.com (Alex Neuman) Date: Fri Jun 16 17:42:58 2006 Subject: mail with a rar which have hundreds of files In-Reply-To: <6807f59a0606160240w56c54f82ndda2f2942bb8fad0@mail.gmail.com> References: <6807f59a0606160240w56c54f82ndda2f2942bb8fad0@mail.gmail.com> Message-ID: <4492DB82.3090103@nkpanama.com> BBB Kee escribi?: > Hi, > > I am using MailScanner 4.46.2. I only have a simple setup on > MailScanner to check for virus by Sophos, no antispamming and > anti-phishing function. Recently I have a new customer who at each > day end send a mail which have a rar file, but the rar file have > hundreds of dbf files (more than 500 files). I suppose this customer > is backing up their DB each day. > > It seems that our MS will unrar the "member" files one by one and scan > one by one. The mail processing will last around 1.5 hour each day, > although the "Unrar Timeout" parameter is already set at 50 (I checked > the code the timeout of SafePipe function only guard unraring one > member file in the rar file, but not guard the total time of unraring > of the member files) . I am no much care about this client, but when > a MS process take a number of other mails to process, the others mail > will also be delayed. > > Currently I have to stop MS, dequeue the mail manually, and start MS > again....It is better to delay other mails. > > Is there a new version/configuration of MS that help fixing the > problem, either guarding the total time to process the mail or release > the lock for other mails for other MS process when time exceed, or > some other methods that can help? > > Eric Use a ruleset. in MailScanner.conf Maximum Archive Depth = %rules-dir%/dumbclient-stillusing-dbf-inthis-century.rules in dumbclient-stillusing-dbf-inthis-century.rules: FromOrTo: default 2 # The "actual" default From: dumbcustomer@dumbcompany.com and To: dbfreceiver@somewhereelse.com 0 That should do it, right? From alex at nkpanama.com Fri Jun 16 17:38:10 2006 From: alex at nkpanama.com (Alex Neuman) Date: Fri Jun 16 17:52:16 2006 Subject: Strange load situation In-Reply-To: <4491FA33.9070002@taz-mania.com> References: <000901c69086$54cf5890$0705000a@DDF5DW71> <20060615153220.M69711@defjam.cc.strath.ac.uk><004a01c6908a$6a061d30$0705000a@DDF5DW71> <44918818.8080801@nerc.ac.uk> <008a01c6909f$76652de0$0705000a@DDF5DW71> <4491E3A3.3060200@nkpanama.com> <1150416328.4491f5c8d33ae@perdition.cnpapers.net> <4491FA33.9070002@taz-mania.com> Message-ID: <4492DE72.3000003@nkpanama.com> Dennis Willson escribi?: > netzero publishes SPF records. So you could filter on that if you use > some form of SPF filter. Also have you tried greylistiing? Works well > for me. > True - although the problem here seems to be mail from the netzero netblock, not from the netzero domain. From alex at nkpanama.com Fri Jun 16 17:39:19 2006 From: alex at nkpanama.com (Alex Neuman) Date: Fri Jun 16 17:52:20 2006 Subject: Strange load situation In-Reply-To: <00e501c69143$f802b080$0705000a@DDF5DW71> References: <000901c69086$54cf5890$0705000a@DDF5DW71> <20060615153220.M69711@defjam.cc.strath.ac.uk><004a01c6908a$6a061d30$0705000a@DDF5DW71> <44918818.8080801@nerc.ac.uk> <008a01c6909f$76652de0$0705000a@DDF5DW71> <4491E3A3.3060200@nkpanama.com><1150416328.4491f5c8d33ae@perdition.cnpapers.net> <4491FA33.9070002@taz-mania.com> <00e501c69143$f802b080$0705000a@DDF5DW71> Message-ID: <4492DEB7.2090004@nkpanama.com> Steve Campbell escribi?: > Den > How did you implement the SPF filter? Is it configurable for just > specific domains or all-or-nothing? > What do you use for greylisting also? I know of the milters for both > from Snert, but are there others? > > Thanks very much. > > Steve I've used the milters, which I usually download from city-fan, with much success. http://www.city-fan.org/ftp/contrib/mail/ From glenn.steen at gmail.com Fri Jun 16 19:09:01 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 16 19:09:04 2006 Subject: mail with a rar which have hundreds of files In-Reply-To: <4492DB82.3090103@nkpanama.com> References: <6807f59a0606160240w56c54f82ndda2f2942bb8fad0@mail.gmail.com> <4492DB82.3090103@nkpanama.com> Message-ID: <223f97700606161109x15b75f6bk5cbbf529434dc3f7@mail.gmail.com> On 16/06/06, Alex Neuman wrote: (snip) > Maximum Archive Depth = > %rules-dir%/dumbclient-stillusing-dbf-inthis-century.rules "century" should be "millenium", otherwise a full CC:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < a t > ap1 < dot > se From rob at thehostmasters.com Fri Jun 16 19:51:35 2006 From: rob at thehostmasters.com (Rob Morin) Date: Fri Jun 16 19:51:42 2006 Subject: spam.whitelist.rules problem, not working Message-ID: <4492FDB7.7010609@thehostmasters.com> I have this in my /opt/Mailscanner/etc/rules/spam.whitelists.rules From: *@.etp.na.blackberry.net yes And it still gets marked as spam, and does not say white listed?? Here is a sample header form an email.... I can not activate my blackberrys when it is marked as spam! Any help appreciated MS 4.53 on Debian Thanks... Received: from FLEXSERV2.flex.com ([192.168.0.221]) by flexserv.flex.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 16 Jun 2006 14:48:10 -0400 X-OriginalArrivalTime: 16 Jun 2006 18:48:10.0641 (UTC) FILETIME=[6A3FE010:01C69175] Return-Path: X-Spam-Status: Yes Delivered-To: hdagesse@flextherm.com X-MailScanner-From: network@etp1001.etp.na.blackberry.net X-Original-To: hdagesse@flextherm.com X-Stewy-Dido-Internet-MailScanner: Found to be clean MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C69175.69DE1100" X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=-1.638, required 4, BAYES_00 -2.60, NO_REAL_NAME 0.96, UPPERCASE_25_50 0.00) X-Peter-Dido-ca-MailScanner-Information: Please contact the ISP for more information X-Peter-Dido-ca-MailScanner: Found to be clean X-Peter-Dido-ca-MailScanner-SpamCheck: spam, SpamAssassin (score=4.176, required 4, BAYES_40 -0.18, FM_MULTI_ODD2 1.10, FM_MULTI_ODD3 0.70, FM_MULTI_ODD4 0.70, FM_MULTI_ODD5 0.90, NO_REAL_NAME 0.96, UPPERCASE_25_50 0.00) X-Peter-Dido-ca-MailScanner-From: network@etp1001.etp.na.blackberry.net X-Peter-Dido-ca-MailScanner-SpamScore: ssss X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 Content-class: urn:content-classes:message Subject: {Spam?} RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 Date: Fri, 16 Jun 2006 14:46:55 -0400 Message-ID: <20060616184655.31FD6B2ECC48@smtprelay02.na.blackberry.net> X-MS-Has-Attach: yes X-MS-TNEF-Correlator: Thread-Topic: {Spam?} RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 Thread-Index: AcaRdWpCxAHrY0RCQkWB34+dE1xXiQ== From: To: =?iso-8859-1?Q?H=E9l=E8ne_Dagesse?= -- Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 From mike at vesol.com Fri Jun 16 19:54:27 2006 From: mike at vesol.com (Mike Kercher) Date: Fri Jun 16 19:54:46 2006 Subject: spam.whitelist.rules problem, not working In-Reply-To: <4492FDB7.7010609@thehostmasters.com> Message-ID: Did you reload MailScanner after changing the ruleset? Mike > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Rob Morin > Sent: Friday, June 16, 2006 1:52 PM > To: MailScanner discussion > Subject: spam.whitelist.rules problem, not working > > I have this in my /opt/Mailscanner/etc/rules/spam.whitelists.rules > > From: *@.etp.na.blackberry.net yes > > And it still gets marked as spam, and does not say white listed?? > > Here is a sample header form an email.... > > I can not activate my blackberrys when it is marked as spam! > > Any help appreciated > > MS 4.53 on Debian > > Thanks... > > Received: from FLEXSERV2.flex.com ([192.168.0.221]) by > flexserv.flex.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 16 Jun > 2006 14:48:10 -0400 > X-OriginalArrivalTime: 16 Jun 2006 18:48:10.0641 (UTC) > FILETIME=[6A3FE010:01C69175] > Return-Path: > X-Spam-Status: Yes > Delivered-To: hdagesse@flextherm.com > X-MailScanner-From: network@etp1001.etp.na.blackberry.net > X-Original-To: hdagesse@flextherm.com > X-Stewy-Dido-Internet-MailScanner: Found to be clean > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="----_=_NextPart_001_01C69175.69DE1100" > X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam > (whitelisted), SpamAssassin (score=-1.638, required 4, > BAYES_00 -2.60, NO_REAL_NAME 0.96, UPPERCASE_25_50 0.00) > X-Peter-Dido-ca-MailScanner-Information: Please contact the > ISP for more information > X-Peter-Dido-ca-MailScanner: Found to be clean > X-Peter-Dido-ca-MailScanner-SpamCheck: spam, SpamAssassin > (score=4.176, required 4, BAYES_40 -0.18, FM_MULTI_ODD2 1.10, > FM_MULTI_ODD3 0.70, > FM_MULTI_ODD4 0.70, FM_MULTI_ODD5 0.90, NO_REAL_NAME 0.96, > UPPERCASE_25_50 0.00) > X-Peter-Dido-ca-MailScanner-From: > network@etp1001.etp.na.blackberry.net > X-Peter-Dido-ca-MailScanner-SpamScore: ssss > X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 > Content-class: urn:content-classes:message > Subject: {Spam?} RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 > Date: Fri, 16 Jun 2006 14:46:55 -0400 > Message-ID: > <20060616184655.31FD6B2ECC48@smtprelay02.na.blackberry.net> > X-MS-Has-Attach: yes > X-MS-TNEF-Correlator: > Thread-Topic: {Spam?} RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 > Thread-Index: AcaRdWpCxAHrY0RCQkWB34+dE1xXiQ== > From: > To: =?iso-8859-1?Q?H=E9l=E8ne_Dagesse?= > > -- > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From rob at thehostmasters.com Fri Jun 16 19:59:55 2006 From: rob at thehostmasters.com (Rob Morin) Date: Fri Jun 16 19:59:58 2006 Subject: spam.whitelist.rules problem, not working In-Reply-To: References: Message-ID: <4492FFAB.70400@thehostmasters.com> Yes and restarted MS too! Here is a log exert.... Jun 16 15:01:54 peter postfix/qmgr[26291]: EF619690032: from=, size=3742, nrcpt=1 (queue active) Jun 16 15:01:57 peter MailScanner[19246]: Message A0730690036.C6B58 from 206.51.26.50 (network@etp1008.etp.na.blackberry.net) to flextherm.com is spam, SpamAssassin (score=4.176, required 4, BAYES_40 -0.18, FM_MULTI_ODD2 1.10, FM_MULTI_ODD3 0.70, FM_MULTI_ODD4 0.70, FM_MULTI_ODD5 0.90, NO_REAL_NAME 0.96, UPPERCASE_25_50 0.00) Jun 16 15:02:52 peter MailScanner[19325]: Message 9F987690025.EAF22 from 127.0.0.1 () to etp1005.etp.na.blackberry.net is spam, SpamAssassin (score=35.5, required 4, autolearn=spam, BAYES_50 0.00, NO_RELAYS -0.00, VIRUS_WARNING15 20.00, VIRUS_WARNING33 12.00, VIRUS_WARNING62 3.50) here is a sample rules file... # This is where you can build a Spam WhiteList # Addresses matching in here, with the value # "yes" will never be marked as spam. #From: 152.78. yes #From: 130.246. yes FromOrTo: default no #From: 127.0.0.1 yes #### No need to scan from Brian, as it is already scanned #From: 206.248.146.163 yes From: 64.86.63.158 yes #### From: *@appsgo.com yes FromOrTo: *@blackberry.net yes FromOrTo: network@etp1001.etp.na.blackberry.net yes FromOrTo: *@etp.na.blackberry.net yes FromOrTo: network@etp1002.etp.na.blackberry.net yes FromOrTo: network@etp1006.etp.na.blackberry.net yes FromOrTo: network@etp1003.etp.na.blackberry.net yes FromOrTo: network@etp1004.etp.na.blackberry.net yes FromOrTo: network@etp1005.etp.na.blackberry.net yes FromOrTo: network@etp1006.etp.na.blackberry.net yes FromOrTo: network@etp1007.etp.na.blackberry.net yes FromOrTo: network@etp1008.etp.na.blackberry.net yes FromOrTo: network@etp1009.etp.na.blackberry.net yes From: WebAdmin@AquaMagazine.Com yes From: labxnews@labx.com yes From: newsletter@mediastranscontinental.com yes From: joseph.magri@sympatico.ca yes From: weather@inbox.weather.com yes FromOrTo: *@moshine.cn yes FromOrTo: *@hanzulux@unitel.co.kr yes FromOrTo: *@wzhy@mail.wzptt.zj.cn yes FromOrTo: hanzulux@unitel.co.kr yes FromOrTo: wzhy@mail.wzptt.zj.cn yes FromOrTo: 1grlubao@vip.163.com yes FromOrTo: dagas@dmo.co.kr yes FromOrTo: sale3@keson.cn yes FromOrTo: sale2@keson.cn yes FromOrTo: ketan@conexmetals.com yes FromOrTo: mail@asianfasteners.com yes FromOrTo: sanjayprecision2000@yahoo.com yes FromOrTo: *@sunsilk-sofa.com yes FromOrTo: donjon68@ms32.hinet.net yes From: azeineddine@msn.com yes FromOrTo : *@lists.dido.ca yes Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Mike Kercher wrote: > Did you reload MailScanner after changing the ruleset? > > Mike > > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Rob Morin >> Sent: Friday, June 16, 2006 1:52 PM >> To: MailScanner discussion >> Subject: spam.whitelist.rules problem, not working >> >> I have this in my /opt/Mailscanner/etc/rules/spam.whitelists.rules >> >> From: *@.etp.na.blackberry.net yes >> >> And it still gets marked as spam, and does not say white listed?? >> >> Here is a sample header form an email.... >> >> I can not activate my blackberrys when it is marked as spam! >> >> Any help appreciated >> >> MS 4.53 on Debian >> >> Thanks... >> >> Received: from FLEXSERV2.flex.com ([192.168.0.221]) by >> flexserv.flex.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 16 Jun >> 2006 14:48:10 -0400 >> X-OriginalArrivalTime: 16 Jun 2006 18:48:10.0641 (UTC) >> FILETIME=[6A3FE010:01C69175] >> Return-Path: >> X-Spam-Status: Yes >> Delivered-To: hdagesse@flextherm.com >> X-MailScanner-From: network@etp1001.etp.na.blackberry.net >> X-Original-To: hdagesse@flextherm.com >> X-Stewy-Dido-Internet-MailScanner: Found to be clean >> MIME-Version: 1.0 >> Content-Type: multipart/mixed; >> boundary="----_=_NextPart_001_01C69175.69DE1100" >> X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam >> (whitelisted), SpamAssassin (score=-1.638, required 4, >> BAYES_00 -2.60, NO_REAL_NAME 0.96, UPPERCASE_25_50 0.00) >> X-Peter-Dido-ca-MailScanner-Information: Please contact the >> ISP for more information >> X-Peter-Dido-ca-MailScanner: Found to be clean >> X-Peter-Dido-ca-MailScanner-SpamCheck: spam, SpamAssassin >> (score=4.176, required 4, BAYES_40 -0.18, FM_MULTI_ODD2 1.10, >> FM_MULTI_ODD3 0.70, >> FM_MULTI_ODD4 0.70, FM_MULTI_ODD5 0.90, NO_REAL_NAME 0.96, >> UPPERCASE_25_50 0.00) >> X-Peter-Dido-ca-MailScanner-From: >> network@etp1001.etp.na.blackberry.net >> X-Peter-Dido-ca-MailScanner-SpamScore: ssss >> X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 >> Content-class: urn:content-classes:message >> Subject: {Spam?} RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 >> Date: Fri, 16 Jun 2006 14:46:55 -0400 >> Message-ID: >> <20060616184655.31FD6B2ECC48@smtprelay02.na.blackberry.net> >> X-MS-Has-Attach: yes >> X-MS-TNEF-Correlator: >> Thread-Topic: {Spam?} RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 >> Thread-Index: AcaRdWpCxAHrY0RCQkWB34+dE1xXiQ== >> From: >> To: =?iso-8859-1?Q?H=E9l=E8ne_Dagesse?= >> >> -- >> >> Rob Morin >> Dido InterNet Inc. >> Montreal, Canada >> Http://www.dido.ca >> 514-990-4444 >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From sconway at wlnet.com Fri Jun 16 20:06:11 2006 From: sconway at wlnet.com (Stephen Conway) Date: Fri Jun 16 20:06:15 2006 Subject: spam.whitelist.rules problem, not working In-Reply-To: <4492FFAB.70400@thehostmasters.com> Message-ID: <200606161906.k5GJ69600370@zuga.wlnet.com> Hello Rob: You probably need something like: *@*etp.na.blackberry.net Steve -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rob Morin Sent: Friday, June 16, 2006 3:00 PM To: MailScanner discussion Subject: Re: spam.whitelist.rules problem, not working Yes and restarted MS too! Here is a log exert.... Jun 16 15:01:54 peter postfix/qmgr[26291]: EF619690032: from=, size=3742, nrcpt=1 (queue active) Jun 16 15:01:57 peter MailScanner[19246]: Message A0730690036.C6B58 from 206.51.26.50 (network@etp1008.etp.na.blackberry.net) to flextherm.com is spam, SpamAssassin (score=4.176, required 4, BAYES_40 -0.18, FM_MULTI_ODD2 1.10, FM_MULTI_ODD3 0.70, FM_MULTI_ODD4 0.70, FM_MULTI_ODD5 0.90, NO_REAL_NAME 0.96, UPPERCASE_25_50 0.00) Jun 16 15:02:52 peter MailScanner[19325]: Message 9F987690025.EAF22 from 127.0.0.1 () to etp1005.etp.na.blackberry.net is spam, SpamAssassin (score=35.5, required 4, autolearn=spam, BAYES_50 0.00, NO_RELAYS -0.00, VIRUS_WARNING15 20.00, VIRUS_WARNING33 12.00, VIRUS_WARNING62 3.50) here is a sample rules file... # This is where you can build a Spam WhiteList # Addresses matching in here, with the value # "yes" will never be marked as spam. #From: 152.78. yes #From: 130.246. yes FromOrTo: default no #From: 127.0.0.1 yes #From: 206.248.146.163 yes From: 64.86.63.158 yes From: *@appsgo.com yes FromOrTo: *@blackberry.net yes FromOrTo: network@etp1001.etp.na.blackberry.net yes FromOrTo: *@etp.na.blackberry.net yes FromOrTo: network@etp1002.etp.na.blackberry.net yes FromOrTo: network@etp1006.etp.na.blackberry.net yes FromOrTo: network@etp1003.etp.na.blackberry.net yes FromOrTo: network@etp1004.etp.na.blackberry.net yes FromOrTo: network@etp1005.etp.na.blackberry.net yes FromOrTo: network@etp1006.etp.na.blackberry.net yes FromOrTo: network@etp1007.etp.na.blackberry.net yes FromOrTo: network@etp1008.etp.na.blackberry.net yes FromOrTo: network@etp1009.etp.na.blackberry.net yes From: WebAdmin@AquaMagazine.Com yes From: labxnews@labx.com yes From: newsletter@mediastranscontinental.com yes From: joseph.magri@sympatico.ca yes From: weather@inbox.weather.com yes FromOrTo: *@moshine.cn yes FromOrTo: *@hanzulux@unitel.co.kr yes FromOrTo: *@wzhy@mail.wzptt.zj.cn yes FromOrTo: hanzulux@unitel.co.kr yes FromOrTo: wzhy@mail.wzptt.zj.cn yes FromOrTo: 1grlubao@vip.163.com yes FromOrTo: dagas@dmo.co.kr yes FromOrTo: sale3@keson.cn yes FromOrTo: sale2@keson.cn yes FromOrTo: ketan@conexmetals.com yes FromOrTo: mail@asianfasteners.com yes FromOrTo: sanjayprecision2000@yahoo.com yes FromOrTo: *@sunsilk-sofa.com yes FromOrTo: donjon68@ms32.hinet.net yes From: azeineddine@msn.com yes FromOrTo : *@lists.dido.ca yes Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Mike Kercher wrote: > Did you reload MailScanner after changing the ruleset? > > Mike > > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rob >> Morin >> Sent: Friday, June 16, 2006 1:52 PM >> To: MailScanner discussion >> Subject: spam.whitelist.rules problem, not working >> >> I have this in my /opt/Mailscanner/etc/rules/spam.whitelists.rules >> >> From: *@.etp.na.blackberry.net yes >> >> And it still gets marked as spam, and does not say white listed?? >> >> Here is a sample header form an email.... >> >> I can not activate my blackberrys when it is marked as spam! >> >> Any help appreciated >> >> MS 4.53 on Debian >> >> Thanks... >> >> Received: from FLEXSERV2.flex.com ([192.168.0.221]) by >> flexserv.flex.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 16 Jun >> 2006 14:48:10 -0400 >> X-OriginalArrivalTime: 16 Jun 2006 18:48:10.0641 (UTC) >> FILETIME=[6A3FE010:01C69175] >> Return-Path: >> X-Spam-Status: Yes >> Delivered-To: hdagesse@flextherm.com >> X-MailScanner-From: network@etp1001.etp.na.blackberry.net >> X-Original-To: hdagesse@flextherm.com >> X-Stewy-Dido-Internet-MailScanner: Found to be clean >> MIME-Version: 1.0 >> Content-Type: multipart/mixed; >> boundary="----_=_NextPart_001_01C69175.69DE1100" >> X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam (whitelisted), >> SpamAssassin (score=-1.638, required 4, BAYES_00 -2.60, NO_REAL_NAME >> 0.96, UPPERCASE_25_50 0.00) >> X-Peter-Dido-ca-MailScanner-Information: Please contact the ISP for >> more information >> X-Peter-Dido-ca-MailScanner: Found to be clean >> X-Peter-Dido-ca-MailScanner-SpamCheck: spam, SpamAssassin >> (score=4.176, required 4, BAYES_40 -0.18, FM_MULTI_ODD2 1.10, >> FM_MULTI_ODD3 0.70, >> FM_MULTI_ODD4 0.70, FM_MULTI_ODD5 0.90, NO_REAL_NAME 0.96, >> UPPERCASE_25_50 0.00) >> X-Peter-Dido-ca-MailScanner-From: >> network@etp1001.etp.na.blackberry.net >> X-Peter-Dido-ca-MailScanner-SpamScore: ssss >> X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 >> Content-class: urn:content-classes:message >> Subject: {Spam?} RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 >> Date: Fri, 16 Jun 2006 14:46:55 -0400 >> Message-ID: >> <20060616184655.31FD6B2ECC48@smtprelay02.na.blackberry.net> >> X-MS-Has-Attach: yes >> X-MS-TNEF-Correlator: >> Thread-Topic: {Spam?} RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 >> Thread-Index: AcaRdWpCxAHrY0RCQkWB34+dE1xXiQ== >> From: >> To: =?iso-8859-1?Q?H=E9l=E8ne_Dagesse?= >> >> -- >> >> Rob Morin >> Dido InterNet Inc. >> Montreal, Canada >> Http://www.dido.ca >> 514-990-4444 >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- ShipMail Now 30% Faster From dwinkler at algorithmics.com Fri Jun 16 20:09:55 2006 From: dwinkler at algorithmics.com (Derek Winkler) Date: Fri Jun 16 20:08:04 2006 Subject: spam.whitelist.rules problem, not working Message-ID: <23675CFC52BBC44EB355406A3A8A0491693436@TORMAIL.algorithmics.com> Did you maybe forget the second * From: *@*.etp.na.blackberry.net yes -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rob Morin Sent: Friday, June 16, 2006 2:52 PM To: MailScanner discussion Subject: spam.whitelist.rules problem, not working I have this in my /opt/Mailscanner/etc/rules/spam.whitelists.rules From: *@.etp.na.blackberry.net yes And it still gets marked as spam, and does not say white listed?? Here is a sample header form an email.... I can not activate my blackberrys when it is marked as spam! Any help appreciated MS 4.53 on Debian Thanks... Received: from FLEXSERV2.flex.com ([192.168.0.221]) by flexserv.flex.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 16 Jun 2006 14:48:10 -0400 X-OriginalArrivalTime: 16 Jun 2006 18:48:10.0641 (UTC) FILETIME=[6A3FE010:01C69175] Return-Path: X-Spam-Status: Yes Delivered-To: hdagesse@flextherm.com X-MailScanner-From: network@etp1001.etp.na.blackberry.net X-Original-To: hdagesse@flextherm.com X-Stewy-Dido-Internet-MailScanner: Found to be clean MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C69175.69DE1100" X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=-1.638, required 4, BAYES_00 -2.60, NO_REAL_NAME 0.96, UPPERCASE_25_50 0.00) X-Peter-Dido-ca-MailScanner-Information: Please contact the ISP for more information X-Peter-Dido-ca-MailScanner: Found to be clean X-Peter-Dido-ca-MailScanner-SpamCheck: spam, SpamAssassin (score=4.176, required 4, BAYES_40 -0.18, FM_MULTI_ODD2 1.10, FM_MULTI_ODD3 0.70, FM_MULTI_ODD4 0.70, FM_MULTI_ODD5 0.90, NO_REAL_NAME 0.96, UPPERCASE_25_50 0.00) X-Peter-Dido-ca-MailScanner-From: network@etp1001.etp.na.blackberry.net X-Peter-Dido-ca-MailScanner-SpamScore: ssss X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 Content-class: urn:content-classes:message Subject: {Spam?} RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 Date: Fri, 16 Jun 2006 14:46:55 -0400 Message-ID: <20060616184655.31FD6B2ECC48@smtprelay02.na.blackberry.net> X-MS-Has-Attach: yes X-MS-TNEF-Correlator: Thread-Topic: {Spam?} RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 Thread-Index: AcaRdWpCxAHrY0RCQkWB34+dE1xXiQ== From: To: =?iso-8859-1?Q?H=E9l=E8ne_Dagesse?= -- Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This email and any files transmitted with it are confidential and proprietary to Algorithmics Incorporated and its affiliates ("Algorithmics"). If received in error, use is prohibited. Please destroy, and notify sender. Sender does not waive confidentiality or privilege. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. Algorithmics does not accept liability for any errors or omissions. Any commitment intended to bind Algorithmics must be reduced to writing and signed by an authorized signatory. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060616/8eb8a115/attachment.html From rob at thehostmasters.com Fri Jun 16 20:20:56 2006 From: rob at thehostmasters.com (Rob Morin) Date: Fri Jun 16 20:21:00 2006 Subject: spam.whitelist.rules problem, not working In-Reply-To: <23675CFC52BBC44EB355406A3A8A0491693436@TORMAIL.algorithmics.com> References: <23675CFC52BBC44EB355406A3A8A0491693436@TORMAIL.algorithmics.com> Message-ID: <44930498.2080609@thehostmasters.com> I did not know i had to put the second star there... however it seems to be working now.... but it also help if i am not an idiot, as i had the path wrong to the spam.whitelist.rules file! chaulk one up to being stressed out, with 10 sales guys hounding me for their blackberrys before they leave for the weekend! Sorry to be a bother guy/galss! Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Derek Winkler wrote: > > Did you maybe forget the second * > > From: *@*.etp.na.blackberry.net yes > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rob Morin > > Sent: Friday, June 16, 2006 2:52 PM > To: MailScanner discussion > Subject: spam.whitelist.rules problem, not working > > I have this in my /opt/Mailscanner/etc/rules/spam.whitelists.rules > > From: *@.etp.na.blackberry.net yes > > And it still gets marked as spam, and does not say white listed?? > > Here is a sample header form an email.... > > I can not activate my blackberrys when it is marked as spam! > > Any help appreciated > > MS 4.53 on Debian > > Thanks... > > Received: from FLEXSERV2.flex.com ([192.168.0.221]) by > flexserv.flex.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 16 Jun > 2006 14:48:10 -0400 > X-OriginalArrivalTime: 16 Jun 2006 18:48:10.0641 (UTC) > FILETIME=[6A3FE010:01C69175] > Return-Path: > X-Spam-Status: Yes > Delivered-To: hdagesse@flextherm.com > X-MailScanner-From: network@etp1001.etp.na.blackberry.net > X-Original-To: hdagesse@flextherm.com > X-Stewy-Dido-Internet-MailScanner: Found to be clean > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="----_=_NextPart_001_01C69175.69DE1100" > X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam (whitelisted), > SpamAssassin (score=-1.638, required 4, BAYES_00 -2.60, NO_REAL_NAME > 0.96, UPPERCASE_25_50 0.00) > X-Peter-Dido-ca-MailScanner-Information: Please contact the ISP for more > information > X-Peter-Dido-ca-MailScanner: Found to be clean > X-Peter-Dido-ca-MailScanner-SpamCheck: spam, SpamAssassin (score=4.176, > required 4, BAYES_40 -0.18, FM_MULTI_ODD2 1.10, FM_MULTI_ODD3 0.70, > FM_MULTI_ODD4 0.70, FM_MULTI_ODD5 0.90, NO_REAL_NAME 0.96, > UPPERCASE_25_50 0.00) > X-Peter-Dido-ca-MailScanner-From: network@etp1001.etp.na.blackberry.net > X-Peter-Dido-ca-MailScanner-SpamScore: ssss > X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 > Content-class: urn:content-classes:message > Subject: {Spam?} RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 > Date: Fri, 16 Jun 2006 14:46:55 -0400 > Message-ID: <20060616184655.31FD6B2ECC48@smtprelay02.na.blackberry.net> > X-MS-Has-Attach: yes > X-MS-TNEF-Correlator: > Thread-Topic: {Spam?} RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 > Thread-Index: AcaRdWpCxAHrY0RCQkWB34+dE1xXiQ== > From: > To: =?iso-8859-1?Q?H=E9l=E8ne_Dagesse?= > > -- > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > This email and any files transmitted with it are confidential and > proprietary to Algorithmics Incorporated and its affiliates > ("Algorithmics"). If received in error, use is prohibited. Please > destroy, and notify sender. Sender does not waive confidentiality or > privilege. Internet communications cannot be guaranteed to be timely, > secure, error or virus-free. Algorithmics does not accept liability > for any errors or omissions. Any commitment intended to bind > Algorithmics must be reduced to writing and signed by an authorized > signatory. > From campbell at cnpapers.com Fri Jun 16 20:25:22 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Jun 16 20:25:37 2006 Subject: spam.whitelist.rules problem, not working References: <4492FDB7.7010609@thehostmasters.com> Message-ID: <001701c6917a$9ca49ff0$0705000a@DDF5DW71> ----- Original Message ----- From: "Rob Morin" To: "MailScanner discussion" Sent: Friday, June 16, 2006 2:51 PM Subject: spam.whitelist.rules problem, not working >I have this in my /opt/Mailscanner/etc/rules/spam.whitelists.rules > > From: *@.etp.na.blackberry.net yes How about removing the period after the '@' Steve > > And it still gets marked as spam, and does not say white listed?? > > Here is a sample header form an email.... > > I can not activate my blackberrys when it is marked as spam! > > Any help appreciated > > MS 4.53 on Debian > > Thanks... > > Received: from FLEXSERV2.flex.com ([192.168.0.221]) by > flexserv.flex.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 16 Jun > 2006 14:48:10 -0400 > X-OriginalArrivalTime: 16 Jun 2006 18:48:10.0641 (UTC) > FILETIME=[6A3FE010:01C69175] > Return-Path: > X-Spam-Status: Yes > Delivered-To: hdagesse@flextherm.com > X-MailScanner-From: network@etp1001.etp.na.blackberry.net > X-Original-To: hdagesse@flextherm.com > X-Stewy-Dido-Internet-MailScanner: Found to be clean > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="----_=_NextPart_001_01C69175.69DE1100" > X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam (whitelisted), > SpamAssassin (score=-1.638, required 4, BAYES_00 -2.60, NO_REAL_NAME > 0.96, UPPERCASE_25_50 0.00) > X-Peter-Dido-ca-MailScanner-Information: Please contact the ISP for more > information > X-Peter-Dido-ca-MailScanner: Found to be clean > X-Peter-Dido-ca-MailScanner-SpamCheck: spam, SpamAssassin (score=4.176, > required 4, BAYES_40 -0.18, FM_MULTI_ODD2 1.10, FM_MULTI_ODD3 0.70, > FM_MULTI_ODD4 0.70, FM_MULTI_ODD5 0.90, NO_REAL_NAME 0.96, > UPPERCASE_25_50 0.00) > X-Peter-Dido-ca-MailScanner-From: network@etp1001.etp.na.blackberry.net > X-Peter-Dido-ca-MailScanner-SpamScore: ssss > X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 > Content-class: urn:content-classes:message > Subject: {Spam?} RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 > Date: Fri, 16 Jun 2006 14:46:55 -0400 > Message-ID: <20060616184655.31FD6B2ECC48@smtprelay02.na.blackberry.net> > X-MS-Has-Attach: yes > X-MS-TNEF-Correlator: > Thread-Topic: {Spam?} RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 > Thread-Index: AcaRdWpCxAHrY0RCQkWB34+dE1xXiQ== > From: > To: =?iso-8859-1?Q?H=E9l=E8ne_Dagesse?= > > -- > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From campbell at cnpapers.com Fri Jun 16 20:26:21 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Jun 16 20:26:48 2006 Subject: spam.whitelist.rules problem, not working References: <4492FDB7.7010609@thehostmasters.com> Message-ID: <001c01c6917a$bfd1c070$0705000a@DDF5DW71> Misread, - disregard my prior post. Steve ----- Original Message ----- From: "Rob Morin" To: "MailScanner discussion" Sent: Friday, June 16, 2006 2:51 PM Subject: spam.whitelist.rules problem, not working >I have this in my /opt/Mailscanner/etc/rules/spam.whitelists.rules > > From: *@.etp.na.blackberry.net yes > > And it still gets marked as spam, and does not say white listed?? > > Here is a sample header form an email.... > > I can not activate my blackberrys when it is marked as spam! > > Any help appreciated > > MS 4.53 on Debian > > Thanks... > > Received: from FLEXSERV2.flex.com ([192.168.0.221]) by > flexserv.flex.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 16 Jun > 2006 14:48:10 -0400 > X-OriginalArrivalTime: 16 Jun 2006 18:48:10.0641 (UTC) > FILETIME=[6A3FE010:01C69175] > Return-Path: > X-Spam-Status: Yes > Delivered-To: hdagesse@flextherm.com > X-MailScanner-From: network@etp1001.etp.na.blackberry.net > X-Original-To: hdagesse@flextherm.com > X-Stewy-Dido-Internet-MailScanner: Found to be clean > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="----_=_NextPart_001_01C69175.69DE1100" > X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam (whitelisted), > SpamAssassin (score=-1.638, required 4, BAYES_00 -2.60, NO_REAL_NAME > 0.96, UPPERCASE_25_50 0.00) > X-Peter-Dido-ca-MailScanner-Information: Please contact the ISP for more > information > X-Peter-Dido-ca-MailScanner: Found to be clean > X-Peter-Dido-ca-MailScanner-SpamCheck: spam, SpamAssassin (score=4.176, > required 4, BAYES_40 -0.18, FM_MULTI_ODD2 1.10, FM_MULTI_ODD3 0.70, > FM_MULTI_ODD4 0.70, FM_MULTI_ODD5 0.90, NO_REAL_NAME 0.96, > UPPERCASE_25_50 0.00) > X-Peter-Dido-ca-MailScanner-From: network@etp1001.etp.na.blackberry.net > X-Peter-Dido-ca-MailScanner-SpamScore: ssss > X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 > Content-class: urn:content-classes:message > Subject: {Spam?} RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 > Date: Fri, 16 Jun 2006 14:46:55 -0400 > Message-ID: <20060616184655.31FD6B2ECC48@smtprelay02.na.blackberry.net> > X-MS-Has-Attach: yes > X-MS-TNEF-Correlator: > Thread-Topic: {Spam?} RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 > Thread-Index: AcaRdWpCxAHrY0RCQkWB34+dE1xXiQ== > From: > To: =?iso-8859-1?Q?H=E9l=E8ne_Dagesse?= > > -- > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From campbell at cnpapers.com Fri Jun 16 20:28:35 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Jun 16 20:28:49 2006 Subject: spam.whitelist.rules problem, not working References: <4492FDB7.7010609@thehostmasters.com> Message-ID: <002b01c6917b$0f8335e0$0705000a@DDF5DW71> Trying again - ----- Original Message ----- From: "Rob Morin" To: "MailScanner discussion" Sent: Friday, June 16, 2006 2:51 PM Subject: spam.whitelist.rules problem, not working >I have this in my /opt/Mailscanner/etc/rules/spam.whitelists.rules > > From: *@.etp.na.blackberry.net yes From: *ept.na.blackberry.net yes Steve > > And it still gets marked as spam, and does not say white listed?? > > Here is a sample header form an email.... > > I can not activate my blackberrys when it is marked as spam! > > Any help appreciated > > MS 4.53 on Debian > > Thanks... > > Received: from FLEXSERV2.flex.com ([192.168.0.221]) by > flexserv.flex.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 16 Jun > 2006 14:48:10 -0400 > X-OriginalArrivalTime: 16 Jun 2006 18:48:10.0641 (UTC) > FILETIME=[6A3FE010:01C69175] > Return-Path: > X-Spam-Status: Yes > Delivered-To: hdagesse@flextherm.com > X-MailScanner-From: network@etp1001.etp.na.blackberry.net > X-Original-To: hdagesse@flextherm.com > X-Stewy-Dido-Internet-MailScanner: Found to be clean > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="----_=_NextPart_001_01C69175.69DE1100" > X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam (whitelisted), > SpamAssassin (score=-1.638, required 4, BAYES_00 -2.60, NO_REAL_NAME > 0.96, UPPERCASE_25_50 0.00) > X-Peter-Dido-ca-MailScanner-Information: Please contact the ISP for more > information > X-Peter-Dido-ca-MailScanner: Found to be clean > X-Peter-Dido-ca-MailScanner-SpamCheck: spam, SpamAssassin (score=4.176, > required 4, BAYES_40 -0.18, FM_MULTI_ODD2 1.10, FM_MULTI_ODD3 0.70, > FM_MULTI_ODD4 0.70, FM_MULTI_ODD5 0.90, NO_REAL_NAME 0.96, > UPPERCASE_25_50 0.00) > X-Peter-Dido-ca-MailScanner-From: network@etp1001.etp.na.blackberry.net > X-Peter-Dido-ca-MailScanner-SpamScore: ssss > X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 > Content-class: urn:content-classes:message > Subject: {Spam?} RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 > Date: Fri, 16 Jun 2006 14:46:55 -0400 > Message-ID: <20060616184655.31FD6B2ECC48@smtprelay02.na.blackberry.net> > X-MS-Has-Attach: yes > X-MS-TNEF-Correlator: > Thread-Topic: {Spam?} RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 > Thread-Index: AcaRdWpCxAHrY0RCQkWB34+dE1xXiQ== > From: > To: =?iso-8859-1?Q?H=E9l=E8ne_Dagesse?= > > -- > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From steve.swaney at fsl.com Fri Jun 16 20:48:28 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Fri Jun 16 20:48:33 2006 Subject: spam.whitelist.rules problem, not working In-Reply-To: <002b01c6917b$0f8335e0$0705000a@DDF5DW71> Message-ID: <032c01c6917d$d7563b10$2901010a@office.fsl> Set up a ruleset for: Scan Messages = %rules-dir%/scan.messages.rules Where /etc/MailScanner/rules/scan.messages.rules contains: To: *ept.na.blackberry.net no ToOrFrom: default yes Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Steve Campbell > Sent: Friday, June 16, 2006 3:29 PM > To: MailScanner discussion > Subject: Re: spam.whitelist.rules problem, not working > > Trying again - > ----- Original Message ----- > From: "Rob Morin" > To: "MailScanner discussion" > Sent: Friday, June 16, 2006 2:51 PM > Subject: spam.whitelist.rules problem, not working > > > >I have this in my /opt/Mailscanner/etc/rules/spam.whitelists.rules > > > > From: *@.etp.na.blackberry.net yes > > From: *ept.na.blackberry.net yes > > Steve > > > > And it still gets marked as spam, and does not say white listed?? > > > > Here is a sample header form an email.... > > > > I can not activate my blackberrys when it is marked as spam! > > > > Any help appreciated > > > > MS 4.53 on Debian > > > > Thanks... > > > > Received: from FLEXSERV2.flex.com ([192.168.0.221]) by > > flexserv.flex.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 16 Jun > > 2006 14:48:10 -0400 > > X-OriginalArrivalTime: 16 Jun 2006 18:48:10.0641 (UTC) > > FILETIME=[6A3FE010:01C69175] > > Return-Path: > > X-Spam-Status: Yes > > Delivered-To: hdagesse@flextherm.com > > X-MailScanner-From: network@etp1001.etp.na.blackberry.net > > X-Original-To: hdagesse@flextherm.com > > X-Stewy-Dido-Internet-MailScanner: Found to be clean > > MIME-Version: 1.0 > > Content-Type: multipart/mixed; > > boundary="----_=_NextPart_001_01C69175.69DE1100" > > X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam (whitelisted), > > SpamAssassin (score=-1.638, required 4, BAYES_00 -2.60, NO_REAL_NAME > > 0.96, UPPERCASE_25_50 0.00) > > X-Peter-Dido-ca-MailScanner-Information: Please contact the ISP for more > > information > > X-Peter-Dido-ca-MailScanner: Found to be clean > > X-Peter-Dido-ca-MailScanner-SpamCheck: spam, SpamAssassin (score=4.176, > > required 4, BAYES_40 -0.18, FM_MULTI_ODD2 1.10, FM_MULTI_ODD3 0.70, > > FM_MULTI_ODD4 0.70, FM_MULTI_ODD5 0.90, NO_REAL_NAME 0.96, > > UPPERCASE_25_50 0.00) > > X-Peter-Dido-ca-MailScanner-From: network@etp1001.etp.na.blackberry.net > > X-Peter-Dido-ca-MailScanner-SpamScore: ssss > > X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 > > Content-class: urn:content-classes:message > > Subject: {Spam?} RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 > > Date: Fri, 16 Jun 2006 14:46:55 -0400 > > Message-ID: <20060616184655.31FD6B2ECC48@smtprelay02.na.blackberry.net> > > X-MS-Has-Attach: yes > > X-MS-TNEF-Correlator: > > Thread-Topic: {Spam?} RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 > > Thread-Index: AcaRdWpCxAHrY0RCQkWB34+dE1xXiQ== > > From: > > To: =?iso-8859-1?Q?H=E9l=E8ne_Dagesse?= > > > > -- > > > > Rob Morin > > Dido InterNet Inc. > > Montreal, Canada > > Http://www.dido.ca > > 514-990-4444 > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mkettler at evi-inc.com Fri Jun 16 21:11:19 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Jun 16 21:11:30 2006 Subject: Typical Bayes Size? In-Reply-To: <027401c690f9$21514af0$a000a8c0@sangria> References: <027401c690f9$21514af0$a000a8c0@sangria> Message-ID: <44931067.7040000@evi-inc.com> chardlist wrote: > On a server that averages about 15,000 messages a day, with a mature bayes > database that runs sa-learn --force-expire every night via cron, what should > I expect as a typical number of tokens? > > The last sa-learn --force-expire reported: > > expired old bayes database entries in 11 seconds > 1011642 entries kept, 5188 deleted > token frequency: 1-occurrence tokens: 13.09% > token frequency: less than 8 occurrences: 5.09% > > Is over 1 million tokens normal or is something fishy going on? That seems rather large. Have you declared a bayes_expiry_max_db_size? If you don't have one declared, the default is 150k, which means that SA should be aiming for 112k tokens when it does an expire. That said, there are conditions in which SA will end up with a much larger database, but this generally only affects young databases. > > When I lint the spamassassin config it reports: > > bayes: corpus size: nspam = 713810, nham = 212860 *shrug* that part's not very useful. It's the total count of all mail ever trained. (ie: this counter never goes down due to expiry) One thing that might be useful is the output of "sa-learn --dump magic". Looking at the spread of the various atimes can be helpful. > > Thanks for any advice/reassurance, > -Brendan > From Denis.Beauchemin at USherbrooke.ca Fri Jun 16 21:17:58 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Jun 16 21:18:32 2006 Subject: Web Bug problem... Message-ID: <449311F6.8050101@USherbrooke.ca> Hello all, I have the following in MailScanner.conf (version 4.54.6): Allow WebBugs = disarm Ignored Web Bug Filenames = # If this is not specified, the the old value of "MailScannerWebBug" is used, Web Bug Replacement = http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif Now when an email with a web bug is delivered it looks like this: Web Bug from http://www.directioninformatique.com/di/image/fr/shim.gif In Thunderbird I see the ALT text which garbles the email... Is this a bug or did I misconfigure something? Thanks! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060616/0a3a70e8/smime.bin From Denis.Beauchemin at USherbrooke.ca Fri Jun 16 21:24:24 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Jun 16 21:24:55 2006 Subject: Web Bug problem... In-Reply-To: <449311F6.8050101@USherbrooke.ca> References: <449311F6.8050101@USherbrooke.ca> Message-ID: <44931378.3040006@USherbrooke.ca> Denis Beauchemin a ?crit : > Hello all, > > I have the following in MailScanner.conf (version 4.54.6): > Allow WebBugs = disarm > Ignored Web Bug Filenames = > # If this is not specified, the the old value of "MailScannerWebBug" > is used, > Web Bug Replacement = > http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif > > Now when an email with a web bug is delivered it looks like this: > > src="http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif" > width="1" height="1" alt="Web Bug from > http://www.directioninformatique.com/di/image/fr/shim.gif" /> > > > In Thunderbird I see the ALT text which garbles the email... > > Is this a bug or did I misconfigure something? > > Thanks! > > Denis > I just figured something out: if I tell Thunderbird to show remote images the display is fine. But I almost never click that button... So... could the ALT text be discarded? Thanks and a good week-end to all! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060616/8713cd24/smime.bin From res at ausics.net Fri Jun 16 22:25:15 2006 From: res at ausics.net (Res) Date: Fri Jun 16 22:25:21 2006 Subject: duplication logging Message-ID: One thing that annoys me and I'm sure others on large systems is the amount of unneccesay logging, for ANY program.. Jun 17 06:59:39 venus3 MailScanner[16663]: New Batch: Found 409 messages waiting Jun 17 06:59:39 venus3 MailScanner[16663]: New Batch: Scanning 32 messages, 17285726 bytes Jun 17 06:59:41 venus3 MailScanner[16663]: Virus and Content Scanning: Starting Jun 17 06:59:54 venus3 MailScanner[16663]: Uninfected: Delivered 32 messages Now... Virus and Content scanning starting, is another name for New Batch Scanning, I do think its overkill amnd completely (unless debugging) pointless, my question Jules is, is it really needed unless in debug mode? Secondly Julian, can you point me in the direction of where 'die' is when it cant log to syslog, because thats real pet hate that MS dies when it cant log to it for whatever reason and countless thousands of messages are in the queue to be done when we find it, most disgruntled customers who cant get mail for 6-10 hours waitihng for backlog to clear :) -- Cheers Res From naolson at gmail.com Fri Jun 16 22:42:45 2006 From: naolson at gmail.com (Nathan Olson) Date: Fri Jun 16 22:42:48 2006 Subject: duplication logging In-Reply-To: References: Message-ID: <8f54b4330606161442q74481508ocba1c6146ed2234b@mail.gmail.com> If it can't log to syslog you have bigger problems than slow mail. Why in the world syslog would not be running (or would stop running) boggles the mind. Nate From mkettler at evi-inc.com Fri Jun 16 22:54:11 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Jun 16 22:54:26 2006 Subject: duplication logging In-Reply-To: References: Message-ID: <44932883.1080501@evi-inc.com> Res wrote: > One thing that annoys me and I'm sure others on large systems is the > amount of unneccesay logging, for ANY program.. > > > Jun 17 06:59:39 venus3 MailScanner[16663]: New Batch: Found 409 > messages waiting > Jun 17 06:59:39 venus3 MailScanner[16663]: New Batch: Scanning 32 > messages, 17285726 bytes > Jun 17 06:59:41 venus3 MailScanner[16663]: Virus and Content Scanning: > Starting > Jun 17 06:59:54 venus3 MailScanner[16663]: Uninfected: Delivered 32 > messages > > > Now... Virus and Content scanning starting, is another name for New > Batch Scanning, I do think its overkill amnd completely (unless > debugging) pointless, my question Jules is, is it really needed unless > in debug mode? Personally, I think these log messages are very useful. However, I do think it would be nice if MailScanner made use of the "notice" log level. Right now, all the above messages are logged at the "info" level, which is probably appropriate. The problem is, a lot of fairly important stuff, such as infections, are also logged at "info". If these messages were logged at the "notice" level, then large-volume admins could configure their syslogger to only log notice or higher to disk and discard the info messages. It's not a perfect system, but would give people more flexibility in choosing how much logging they want to do. Some messages worth bumping from "info" to "notice" level would be: Config.pm: MailScanner::Log::InfoLog("Skipping Custom Function file %s as its name does not end in .pm or .pl", $filename); CustomConfig.pm: MailScanner::Log::InfoLog("IPBlock: Adding block for %s", $ip); CustomConfig.pm: MailScanner::Log::InfoLog("Could not open file $fn: %s", $!); Exim.pm: MailScanner::Log::InfoLog("Header ($line) too long (wanted $InHeader)". Exim.pm: or MailScanner::Log::InfoLog("Header continuation ($line) doesn't begin". Exim.pm: MailScanner::Log::InfoLog("New Batch: Found invalid queue files: %s", Lock.pm: MailScanner::Log::InfoLog("Could not open file $fn: %s", $!) Lock.pm: MailScanner::Log::InfoLog("Failed to lock $fn with unexpected error: %s", $!); MCPMessage.pm: # MailScanner::Log::InfoLog("Spam Actions: (RBL) Bounce to %s", $from) MCPMessage.pm: MailScanner::Log::InfoLog("MCP Actions: (SpamAssassin) Bounce to %s", MCPMessage.pm: # MailScanner::Log::InfoLog("Spam Actions: (RBL,SpamAssassin) Bounce to %s", MessageBatch.pm: MailScanner::Log::InfoLog("Spam Checks: Found $counter spam messages") MessageBatch.pm: MailScanner::Log::InfoLog("MCP Checks: Found $counter MCP messages") MessageBatch.pm: MailScanner::Log::InfoLog("Virus Scanning: Found %d viruses", $viruses+0) MessageBatch.pm: MailScanner::Log::InfoLog("Other Checks: Found %d problems", $others+0) MessageBatch.pm: MailScanner::Log::InfoLog("Content Checks: Found %d problems", $content+0) MessageBatch.pm: MailScanner::Log::InfoLog("Quarantining modified message for %s", $id); MessageBatch.pm: MailScanner::Log::InfoLog("Silent: Delivered %d messages containing " . MessageBatch.pm: MailScanner::Log::InfoLog("Cleaned: Delivered %d cleaned messages", MessageBatch.pm: MailScanner::Log::InfoLog("Sender Warnings: Delivered %d warnings to " . MessageBatch.pm: MailScanner::Log::InfoLog("Notices: Warned about %d messages", $counter) MessageBatch.pm: MailScanner::Log::InfoLog("Disinfection: Attempting to disinfect %d " . MessageBatch.pm: MailScanner::Log::InfoLog("Disinfection: Rescan found only %d viruses", MessageBatch.pm: MailScanner::Log::InfoLog("Saved archive copies of%s", $log) if $log; Message.pm: MailScanner::Log::InfoLog("Spam Actions: message %s actions are %s", Message.pm: MailScanner::Log::InfoLog("Spam Actions: message %s actions are %s", Message.pm: MailScanner::Log::InfoLog("Will not bounce high-scoring spam") Message.pm: MailScanner::Log::InfoLog("Spam Actions: (RBL) Bounce to %s", $from) Message.pm: MailScanner::Log::InfoLog("Spam Actions: (SpamAssassin) Bounce to %s", Message.pm: MailScanner::Log::InfoLog("Spam Actions: (RBL,SpamAssassin) Bounce to %s", Message.pm: MailScanner::Log::InfoLog("Spam Actions: Notify %s", $to) Message.pm: MailScanner::Log::InfoLog("Reject message %s from %s with report %s", Message.pm: MailScanner::Log::InfoLog("Viruses marked as silent: %s", $logstring) Message.pm: MailScanner::Log::InfoLog('Found ip-based phishing fraud from ' . Message.pm: MailScanner::Log::InfoLog('Found phishing fraud from %s ' . Postfix.pm: MailScanner::Log::InfoLog("New Batch: Found invalid queue files: %s", Qmail.pm: MailScanner::Log::InfoLog("New Batch: Found invalid queue files: %s", Quarantine.pm: MailScanner::Log::InfoLog("Saved entire message to $msgdir"); Quarantine.pm: MailScanner::Log::InfoLog("Deleted infected \"%s\"", $attachment); Quarantine.pm: MailScanner::Log::InfoLog("Saved infected \"%s\" to %s", $attachment, RBLs.pm: MailScanner::Log::InfoLog("RBL checks: %s found in %s", $message->{id}, Sendmail.pm: MailScanner::Log::InfoLog("New Batch: Found invalid queue files: %s", Sendmail.pm: MailScanner::Log::InfoLog("New Batch: Forwarding %d unscanned messages, " . Sendmail.pm: #MailScanner::Log::InfoLog("New Batch: Archived %d $ArchivedMsgs messages", Sendmail.pm: MailScanner::Log::InfoLog("Queue directory %s is nested", $dir) SweepContent.pm: MailScanner::Log::InfoLog("Attachment size check: %s > %s (%s) in %s", SweepContent.pm: MailScanner::Log::InfoLog("HTML-IFrame tag found in message %s from %s", SweepContent.pm: MailScanner::Log::InfoLog("HTML-Form tag found in message %s from %s", SweepContent.pm: MailScanner::Log::InfoLog("HTML-Script tag found in message %s from %s", SweepContent.pm: MailScanner::Log::InfoLog("HTML Img tag found in message %s from %s", SweepContent.pm: MailScanner::Log::InfoLog("HTML-Object tag found in message %s from %s", SweepOther.pm: MailScanner::Log::InfoLog("Other Checks: Found Happy virus in %s", $id); SweepOther.pm: MailScanner::Log::InfoLog("Other Checks: Found Eudora " . SweepViruses.pm: MailScanner::Log::InfoLog("Infected message %s came from %s", SweepViruses.pm: MailScanner::Log::InfoLog("%s: %s found %d infections", $logtitle, SweepViruses.pm: MailScanner::Log::InfoLog("Virus Scanning: F-Secure found virus %s", $1); SweepViruses.pm: MailScanner::Log::InfoLog("Virus Scanning: F-Secure found virus %s",$virus); SweepViruses.pm: MailScanner::Log::InfoLog("Virus Scanning: F-Prot found virus %s", $virus); SweepViruses.pm: MailScanner::Log::InfoLog("Virus Scanning: F-Prot found problem %s", SweepViruses.pm: MailScanner::Log::InfoLog("Trend found %s in %s", $virus, $trend_prevline); SweepViruses.pm: MailScanner::Log::InfoLog("Vexira: found %s in %s (%s)", $virusname, ZMailer.pm: MailScanner::Log::InfoLog("New Batch: Found invalid queue files: %s", ZMailer.pm: #MailScanner::Log::InfoLog("New Batch: Archived %d $ArchivedMsgs messages", From TGFurnish at herffjones.com Fri Jun 16 23:04:41 2006 From: TGFurnish at herffjones.com (Furnish, Trever G) Date: Fri Jun 16 23:04:45 2006 Subject: "Contact Us" web page Message-ID: <57573D714A832C43B9D80EAFBDA48D0351B62B@inex3.herffjones.hj-int> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: Thursday, June 15, 2006 5:10 PM > To: MailScanner discussion > Subject: "Contact Us" web page > > What would you like to see on a "Contact Us" web page on > www.mailscanner.info? > > Currently it is just a mailto: link. > Would you like me to replace it with a web page? > If so, what would you like to see on it? > About all the information I can give is an email address, > hence the current link. > > Thoughts? > > - -- > Julian Field Personally I have no problem with a mailto link -- but it's kind of annoying if the text of the mailto is "contact us" instead of an email address. As minor as it may seem, I'd greatly prefer a simple page that has the email address listed, even if the email address on that page is linked with a mailto. When you see a "Contact Us" link in a tab on a bar where all the other tabs take you to a web page, you expect that tab to take you to a web page as well. I never click a mailto link intentionally, and on many systems that'd kick off some convoluted and annoying wizard prompting me to configure an integrated email client. I've even had a simple click on a mailto kick off an automated microsoft outlook install - what a pain. Very tiny issue though -- I'd never mention it normally...but you did ask. :-) Hope it helps. -t. From tchamtieh at nayzak.com Fri Jun 16 23:10:33 2006 From: tchamtieh at nayzak.com (Thomas Chamtieh) Date: Fri Jun 16 23:09:59 2006 Subject: Strange HI Load Message-ID: <9EF54EC4D23F874F9034C2A245622AC503B7AA@ad.hosting.farm> Hi all, After I upgraded from 4.46 to 4.54 I started seeing hi load on 2 servers. Looking at the processes. The noticed that after a couple of hours I have 30-40 MailScanner processes in "waiting for messages" mode. I have restart every 30 mins. We process over 200K emails a day. I try as much as I can to take a lod off MailScanner, for example, I use sbl-xbl in sendmail and RBL checking in SpamAssassin, I'm not using RulesDuJour. So it shouldn't be acting that way. Your help is appreciated, I have to check on these 2 servers every 2 hours and restart the MailScanner to get ride of the hung processes. Thanks, -Thomas -- This message has been scanned for viruses and dangerous content by SpamController (www.spamcontroller.com) and is believed to be clean. -- From TGFurnish at herffjones.com Fri Jun 16 23:20:51 2006 From: TGFurnish at herffjones.com (Furnish, Trever G) Date: Fri Jun 16 23:20:55 2006 Subject: Best way to measure sendmail queue depth? Message-ID: <57573D714A832C43B9D80EAFBDA48D0351B62C@inex3.herffjones.hj-int> I've been checking sendmail inbound queue depth using a simple readdir and dividing the number of entries by two. This is checked every five minutes by Nagios with a 10-second timeout -- because of the timeout and the frequency with which I want to do the check, I can't just use, for example: mailq |head -1 ...because under heavy flow conditions the mailq command takes WAY too long to parse the entire set of queue files and generates too much load. I always realized dividing the number of files in the queue by two was only a rough guess, but I didn't realize there could be so much disparity between that number and the number of messages listed by mailq. With mailq reporting 6 messages in the inbound queue, the directory actually contains 477 files! Mailq's result seems to match the count of files starting with a lowercase "q". I also have about the same number of files starting with an uppercase "Q". The rest of the files are df files, most of them without any corresponding q file. Any idea what's going on? Previously I expected to find files that started with qf, df, xf, and tf (not Q), and to always have pairs of files. Obviously my expectation was pretty far off. :-) -- Trever From campbell at cnpapers.com Fri Jun 16 23:42:50 2006 From: campbell at cnpapers.com (campbell@cnpapers.com) Date: Fri Jun 16 23:44:57 2006 Subject: Strange HI Load In-Reply-To: <9EF54EC4D23F874F9034C2A245622AC503B7AA@ad.hosting.farm> References: <9EF54EC4D23F874F9034C2A245622AC503B7AA@ad.hosting.farm> Message-ID: <1150497770.449333eaebaa7@perdition.cnpapers.net> Quoting Thomas Chamtieh : > Hi all, > > After I upgraded from 4.46 to 4.54 I started seeing hi load on 2 > servers. Looking at the processes. The noticed that after a couple of > hours I have 30-40 MailScanner processes in "waiting for messages" mode. > I have restart every 30 mins. We process over 200K emails a day. I try > as much as I can to take a lod off MailScanner, for example, I use > sbl-xbl in sendmail and RBL checking in SpamAssassin, I'm not using > RulesDuJour. So it shouldn't be acting that way. > > Your help is appreciated, I have to check on these 2 servers every 2 > hours and restart the MailScanner to get ride of the hung processes. > > > Thanks, > > -Thomas Thomas, I don't think I'm running that version, maybe 4.52, maybe 4.54. I'm not at work now, and I forget. I can say that Mailwatch reports at least 5 MailScanner processes - more anytime there is something in the input queue. This may be subprocesses, but I have 5 children set in my config file. This doesn't seem to make much of a difference in load. What I do see, though, is, what looks like incoming sendmail connections, and as these go up with no increase in MS processes, the load does go up. When I have a quiet server with nothing in input, load is around 1.7-2.5. As soon as sendmail is triggered into doing something, the load jumps at least a point and a half. I have recently blocked at the MTA one fifth of my incoming spam, and this seems to have helped keep the LA down below 10, regardless of any huge influx of new email. I am running 8.12 sendmail, but plan on upgrading this to 8.13 next week. I have also lowered most of the sendmail timeouts to very low levels, and this help cut out the junk connections. So sendmail processes stay pretty low now all the time. But this machine used to handle 40-60 sendmail processes at a 11+ LA prior to attempting to tune/discover anything. So the sendmail processes are logarithmically responsible for LA, and not directly linear. 85% of all mail is high scoring, so is quarantined. My databases are fairly large, but not huge, and I only keep 9 days worth of Mailwatch stuff. I'm not sure how much the MySQL stuff is causing this, but things show up in Mailwatch's DBs fairly quick, so I doubt there is much caching or pending writes there. I'm still stumped, but if I find out anything and why this started out of the blue, I will post it. Hope you care to do the same. Load averages are so misleading, except when sendmail says it's time to stop accepting connections due to a high LA, that sometimes I wonder if this is all worth investigating. Whew - sure is windy here tonight. Steve > > > > -- ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ From campbell at cnpapers.com Sat Jun 17 00:01:33 2006 From: campbell at cnpapers.com (campbell@cnpapers.com) Date: Sat Jun 17 00:01:46 2006 Subject: Best way to measure sendmail queue depth? In-Reply-To: <57573D714A832C43B9D80EAFBDA48D0351B62C@inex3.herffjones.hj-int> References: <57573D714A832C43B9D80EAFBDA48D0351B62C@inex3.herffjones.hj-int> Message-ID: <1150498893.4493384dd4c8f@perdition.cnpapers.net> Quoting "Furnish, Trever G" : > I've been checking sendmail inbound queue depth using a simple readdir > and dividing the number of entries by two. This is checked every five > minutes by Nagios with a 10-second timeout -- because of the timeout and > the frequency with which I want to do the check, I can't just use, for > example: > > mailq |head -1 > > ...because under heavy flow conditions the mailq command takes WAY too > long to parse the entire set of queue files and generates too much load. > > I always realized dividing the number of files in the queue by two was > only a rough guess, but I didn't realize there could be so much > disparity between that number and the number of messages listed by > mailq. With mailq reporting 6 messages in the inbound queue, the > directory actually contains 477 files! The multitude of non-paired files are probably DATA files (df) of some incomplete connections. You can probably delete all of these, but I would check the times on them first. This is more than likely an attempt to clog up your MTA. You could use a script with 'find' telling you which ones are older than a certain time period (one day should be very safe, one hour is probably OK), and delete them. Just a simple one-liner in your cron. Other than that, I'm sure there are sendmail options that would take care of this too, but they don't jump to mind right now, probably 'timeout_' options are the easiest to do. > > Mailq's result seems to match the count of files starting with a > lowercase "q". I also have about the same number of files starting with > an uppercase "Q". The rest of the files are df files, most of them > without any corresponding q file. The 'Qf' files, I believe, are non-deliverable files, those that can't be delivered even to postmaster. They are renamed qf files. Hope this is accurate. Steve Campbell > > Any idea what's going on? Previously I expected to find files that > started with qf, df, xf, and tf (not Q), and to always have pairs of > files. Obviously my expectation was pretty far off. :-) > > -- > Trever > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ From campbell at cnpapers.com Sat Jun 17 00:19:45 2006 From: campbell at cnpapers.com (campbell@cnpapers.com) Date: Sat Jun 17 00:20:00 2006 Subject: Strange HI Load In-Reply-To: <9EF54EC4D23F874F9034C2A245622AC503B7AA@ad.hosting.farm> References: <9EF54EC4D23F874F9034C2A245622AC503B7AA@ad.hosting.farm> Message-ID: <1150499985.44933c916497b@perdition.cnpapers.net> Quoting Thomas Chamtieh : > Hi all, > > After I upgraded from 4.46 to 4.54 I started seeing hi load on 2 > servers. Looking at the processes. The noticed that after a couple of > hours I have 30-40 MailScanner processes in "waiting for messages" mode. > I have restart every 30 mins. We process over 200K emails a day. I try > as much as I can to take a lod off MailScanner, for example, I use > sbl-xbl in sendmail and RBL checking in SpamAssassin, I'm not using > RulesDuJour. So it shouldn't be acting that way. > > Your help is appreciated, I have to check on these 2 servers every 2 > hours and restart the MailScanner to get ride of the hung processes. As an afterthought, I have an almost identical server. It's message count per day is very close to the problem server. I have always had bayes expiry files on the problem server, and almost never on the proper acting one. I see where I have about 4 times the number of tokens in the Bayes database on the problem machine that I have on the proper one. The number of expired tokens on the two machines is really extraordinarily difference during an expiry. I used to run a cron job to delete the Bayes expire files just to keep the directory clean, but just turned that off in the event I was deleting real, valid files, ... so we'll see. Steve > > > Thanks, > > -Thomas > > > > -- > This message has been scanned for viruses and dangerous content by > SpamController (www.spamcontroller.com) and is believed to be clean. > -- > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ From tchamtieh at nayzak.com Sat Jun 17 01:00:28 2006 From: tchamtieh at nayzak.com (Thomas Chamtieh) Date: Sat Jun 17 01:00:00 2006 Subject: Strange HI Load Message-ID: <9EF54EC4D23F874F9034C2A245622AC503B7AD@ad.hosting.farm> Steve, Thanks for your insight. It's totally weird, I have 4 other server running the same version and all identical. These were running fine before the upgrade. When I say hi LA I'm talking about 70-85% almost killing the server. On the other 4 servers I have, the LA never goes above 1.7 and usually is about 0.4-0.7, and these server handle a lot more mail that the trouble ones. Thanks, -Thomas > > > > Hi all, > > > > After I upgraded from 4.46 to 4.54 I started seeing hi load on 2 > > servers. Looking at the processes. The noticed that after a > > couple of > > hours I have 30-40 MailScanner processes in "waiting for > > messages" mode. > > I have restart every 30 mins. We process over 200K emails a > > day. I try > > as much as I can to take a lod off MailScanner, for example, I use > > sbl-xbl in sendmail and RBL checking in SpamAssassin, I'm not using > > RulesDuJour. So it shouldn't be acting that way. > > > > Your help is appreciated, I have to check on these 2 > > servers every 2 > > hours and restart the MailScanner to get ride of the hung processes. > > As an afterthought, I have an almost identical server. It's > message count per day is very close to the problem server. I > have always had bayes expiry files on the problem server, and > almost never on the proper acting one. > > I see where I have about 4 times the number of tokens in the > Bayes database on the problem machine that I have on the > proper one. The number of expired tokens on the two machines > is really extraordinarily difference during an expiry. > > I used to run a cron job to delete the Bayes expire files > just to keep the directory clean, but just turned that off in > the event I was deleting real, valid files, ... so we'll see. > > Steve > > > > > > Thanks, > > > > -Thomas > > > From res at ausics.net Sat Jun 17 01:35:43 2006 From: res at ausics.net (Res) Date: Sat Jun 17 01:35:50 2006 Subject: duplication logging In-Reply-To: <8f54b4330606161442q74481508ocba1c6146ed2234b@mail.gmail.com> References: <8f54b4330606161442q74481508ocba1c6146ed2234b@mail.gmail.com> Message-ID: On Fri, 16 Jun 2006, Nathan Olson wrote: > If it can't log to syslog you have bigger problems than slow mail. > Why in the world syslog would not be running (or would stop running) > boggles the mind. Yes but i dont give a toss about that, my iminent concern is keeping mail flowing! > > Nate > -- Cheers Res From tchamtieh at nayzak.com Sat Jun 17 01:43:34 2006 From: tchamtieh at nayzak.com (Thomas Chamtieh) Date: Sat Jun 17 01:42:58 2006 Subject: FW: Strange HI Load Message-ID: <9EF54EC4D23F874F9034C2A245622AC503B7AE@ad.hosting.farm> Here's an output of 'ps aux' look at all these MailScanner processes!!!!: 1 ? S 0:51 init 2 ? SW 0:00 [migration/0] 3 ? SW 0:00 [migration/1] 4 ? SW 0:00 [migration/2] 5 ? SW 0:00 [migration/3] 6 ? SW 0:00 [keventd] 7 ? SWN 0:00 [ksoftirqd/0] 8 ? SWN 0:00 [ksoftirqd/1] 9 ? SWN 0:00 [ksoftirqd/2] 10 ? SWN 0:00 [ksoftirqd/3] 13 ? SW 0:01 [bdflush] 11 ? SW 48:48 [kswapd] 12 ? SW 60:09 [kscand] 14 ? SW 1:06 [kupdated] 15 ? SW 0:00 [mdrecoveryd] 23 ? SW 27:14 [kjournald] 74 ? SW 0:00 [khubd] 315 ? SW 0:00 [kjournald] 693 ? S 14:02 syslogd -m 0 697 ? S 0:00 klogd -x 707 ? S 1:14 irqbalance 715 ? S 0:00 portmap 734 ? S 0:00 rpc.statd 745 ? S 0:05 mdadm --monitor --scan -f 758 ? SL 0:02 mdmpd 769 ? S 0:11 /usr/bin/perl /usr/libexec/usermin/miniserv.pl /etc/usermin/miniserv.conf 776 ? S 0:11 /usr/bin/perl /usr/libexec/webmin/miniserv.pl /etc/webmin/miniserv.conf 1206 ? S 59:25 hpasmd 1255 ? S 9:53 cmahostd -p 15 -s OK 1256 ? S 0:29 cmathreshd -p 5 -s OK 1258 ? S 0:02 cmapeerd 1280 ? S 0:09 cmastdeqd -p 30 1298 ? S 5:59 cmaperfd -p 30 -s OK 1312 ? S 3:56 cmahealthd -p 30 -s OK -t OK -i 1430 ? S 17:13 cmaeventd 1460 ? S 18:24 cmaidad -p 15 -s OK 1482 ? S 0:04 cmafcad -p 15 -s OK 1484 ? S 0:16 cmaided -p 15 -s OK 1570 ? S 0:00 /usr/sbin/snmpd -Lsd -Lf /dev/null -p /var/run/snmpd -a 1626 ? S 117:24 /usr/sbin/named -u named 1642 ? S 0:01 /usr/sbin/sshd 1656 ? S 0:00 xinetd -stayalive -pidfile /var/run/xinetd.pid 1668 ? S 0:00 /bin/sh /usr/bin/safe_mysqld --defaults-file=/etc/my.cnf --pid-file=/var/run/mysqld/mysqld.pid 1697 ? S 102:00 /usr/libexec/mysqld --defaults-file=/etc/my.cnf --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pi 1806 ? S 0:00 gpm -t imps2 -m /dev/psaux 1994 ? S 0:19 /opt/hp/hpsmh/sbin/hpsmhd -DSSL -f /opt/hp/hpsmh/conf/smhpd.conf 2004 ? S 0:00 /opt/hp/hpsmh/sbin/hpsmhd -DSSL -f /opt/hp/hpsmh/conf/smhpd.conf 2034 ? S 0:20 /usr/sbin/httpd 2045 ? S 0:10 crond 2162 ? S 0:01 /usr/sbin/atd 2180 ? S 0:00 cmanicd 2653 ? S 0:00 /opt/hp/vcagent/bin/vcagentd 2654 ? S 0:06 /opt/hp/vcagent/bin/vcagentd 2655 ? S 0:00 /opt/hp/vcagent/bin/vcagentd 2663 tty1 S 0:00 /sbin/mingetty tty1 2664 tty2 S 0:00 /sbin/mingetty tty2 2665 tty3 S 0:00 /sbin/mingetty tty3 2666 ? S 0:00 /opt/hp/vcagent/bin/vcagentd 31538 ? S 0:00 /var/dcc/libexec/dccifd -tCMN,5, -llog -wwhiteclnt -Uuserdirs 31539 ? S 62:59 /var/dcc/libexec/dccifd -tCMN,5, -llog -wwhiteclnt -Uuserdirs 4403 ? S 0:16 cupsd 4445 ? S 0:04 /usr/sbin/httpd 4446 ? S 0:03 /usr/sbin/httpd 4447 ? S 0:04 /usr/sbin/httpd 4448 ? S 0:05 /usr/sbin/httpd 4449 ? S 0:05 /usr/sbin/httpd 4450 ? S 0:03 /usr/sbin/httpd 4451 ? S 0:03 /usr/sbin/httpd 4452 ? S 0:04 /usr/sbin/httpd 16640 ? S 0:04 /usr/sbin/httpd 31317 ? S 0:03 /usr/sbin/httpd 4838 ? S 0:02 /usr/sbin/httpd 4839 ? S 0:03 /usr/sbin/httpd 4840 ? S 0:02 /usr/sbin/httpd 4841 ? S 0:02 /usr/sbin/httpd 4842 ? S 0:02 /usr/sbin/httpd 4843 ? S 0:03 /usr/sbin/httpd 4844 ? S 0:02 /usr/sbin/httpd 21765 ? S 0:27 sendmail: accepting connections 21770 ? S 0:00 sendmail: Queue runner@00:15:00 for /var/spool/clientmqueue 21776 ? S 0:00 sendmail: Queue runner@00:15:00 for /var/spool/mqueue 21799 ? S 0:00 MailScanner: starting child 11399 ? S 0:00 MailScanner: starting child 15110 ? S 0:00 MailScanner: starting child 14531 ? S 0:00 MailScanner: starting child 16689 ? S 0:00 MailScanner: starting child 18976 ? S 0:00 MailScanner: starting child 28368 ? S 0:00 sendmail: k5GMGEj9028368 dsl5400AB1C.pool.t-online.hu [84.0.171.28]: DATA 17108 ? S 0:00 MailScanner: starting child 19020 ? S 0:00 sendmail: server 63.102.177.60.broad.hz.zj.dynamic.cndata.com [60.177.102.63] cmd read 19189 ? S 0:00 sendmail: server 63.102.177.60.broad.hz.zj.dynamic.cndata.com [60.177.102.63] cmd read 22961 ? S 0:02 MailScanner: waiting for messages 24589 ? S 0:02 MailScanner: waiting for messages 25133 ? S 0:00 sendmail: k5GNG6gE025133 cc986512-a.assen1.dr.home.nl [82.74.88.79]: data 25180 ? S 0:00 sendmail: server pc97.broad.dynamic.xm.fj.cn.cndata.com [59.57.186.97] (may be forged) cmd read 27287 ? S 0:02 MailScanner: waiting for messages 27626 ? S 0:03 MailScanner: waiting for messages 27872 ? S 0:02 MailScanner: waiting for messages 28267 ? S 0:02 MailScanner: waiting for messages 28656 ? S 0:02 MailScanner: waiting for messages 29298 ? S 0:02 MailScanner: waiting for messages 29482 ? S 0:02 MailScanner: waiting for messages 29815 ? S 0:02 MailScanner: waiting for messages 29955 ? S 0:03 MailScanner: waiting for messages 29995 ? S 0:02 MailScanner: waiting for messages 30640 ? S 0:00 sendmail: k5GNSLHT030640 [82.201.230.204]: DATA 30918 ? S 0:03 MailScanner: waiting for messages 32300 ? S 0:02 MailScanner: waiting for messages 32396 ? S 0:01 MailScanner: waiting for messages 32465 ? S 0:01 MailScanner: waiting for messages 32602 ? S 0:02 MailScanner: waiting for messages 32725 ? S 0:02 MailScanner: waiting for messages 622 ? S 0:02 MailScanner: waiting for messages 677 ? S 0:02 MailScanner: waiting for messages 778 ? S 0:02 MailScanner: waiting for messages 865 ? S 0:01 MailScanner: waiting for messages 1079 ? S 0:02 MailScanner: waiting for messages 1136 ? S 0:02 MailScanner: waiting for messages 1322 ? S 0:01 MailScanner: waiting for messages 1635 ? S 0:01 MailScanner: waiting for messages 1893 ? S 0:00 sendmail: server pc201.broad.dynamic.qz.fj.cn.cndata.com [218.85.167.201] (may be forged) cmd read 2358 ? S 0:03 MailScanner: waiting for messages 2517 ? S 0:01 MailScanner: waiting for messages 2703 ? S 0:01 MailScanner: waiting for messages 2762 ? S 0:02 MailScanner: waiting for messages 3070 ? S 0:01 MailScanner: waiting for messages 3127 ? S 0:00 sendmail: server [206.74.10.56] cmd read 3163 ? S 0:01 MailScanner: waiting for messages 3185 ? S 0:01 MailScanner: waiting for messages 3193 ? S 0:02 MailScanner: waiting for messages 3458 ? S 0:00 sendmail: server 9.167.71.218.broad.nb.zj.dynamic.cndata.com [218.71.167.9] cmd read 3459 ? S 0:00 sendmail: server 9.167.71.218.broad.nb.zj.dynamic.cndata.com [218.71.167.9] cmd read 3524 ? S 0:02 MailScanner: waiting for messages 3578 ? S 0:02 MailScanner: checking with SpamAssassin 4055 ? S 0:02 MailScanner: waiting for messages 4147 ? S 0:02 MailScanner: waiting for messages 4573 ? S 0:02 MailScanner: waiting for messages 4829 ? S 0:02 MailScanner: waiting for messages 5081 ? S 0:01 MailScanner: waiting for messages 5102 ? S 0:01 MailScanner: waiting for messages 5214 ? S 0:01 MailScanner: waiting for messages 5220 ? S 0:01 MailScanner: waiting for messages 5313 ? S 0:02 MailScanner: waiting for messages 5317 ? S 0:02 MailScanner: waiting for messages 5345 ? S 0:01 MailScanner: waiting for messages 5458 ? S 0:01 MailScanner: waiting for messages 5714 ? S 0:01 MailScanner: waiting for messages 5748 ? S 0:01 MailScanner: waiting for messages 5780 ? S 0:00 sendmail: k5GNk1Bv005780 host112170.metrored.net.mx [200.53.121.170] (may be forged): DATA 5828 ? S 0:00 sendmail: k5GNk9Yo005828 host112170.metrored.net.mx [200.53.121.170] (may be forged): DATA 5931 ? S 0:01 MailScanner: waiting for messages 5983 ? S 0:01 MailScanner: waiting for messages 6150 ? S 0:01 MailScanner: waiting for messages 6203 ? S 0:01 MailScanner: waiting for messages 6337 ? S 0:00 sendmail: server 20151226076.user.veloxzone.com.br [201.51.226.76] cmd read 6338 ? S 0:01 MailScanner: waiting for messages 6471 ? S 0:01 MailScanner: waiting for messages 6489 ? S 0:01 MailScanner: waiting for messages 6559 ? S 0:01 MailScanner: waiting for messages 7047 ? S 0:01 MailScanner: waiting for messages 7104 ? S 0:01 MailScanner: waiting for messages 7274 ? S 0:00 sendmail: server 171.57.112.125.broad.jh.zj.dynamic.cndata.com [125.112.57.171] cmd read 7321 ? S 0:00 sendmail: server pc85.broad.dynamic.qz.fj.cn.cndata.com [218.5.122.85] (may be forged) cmd read 7389 ? S 0:01 MailScanner: waiting for messages 7786 ? S 0:01 MailScanner: waiting for messages 7805 ? S 0:01 MailScanner: waiting for messages 7836 ? S 0:01 MailScanner: waiting for messages 7860 ? S 0:00 sendmail: server mx11.sac.fedex.com [199.81.193.118] cmd read 8458 ? S 0:01 MailScanner: waiting for messages 8489 ? S 0:01 MailScanner: waiting for messages 8942 ? S 0:01 MailScanner: checking with SpamAssassin 8982 ? S 0:00 sendmail: server welcome.aexp.com [193.32.34.30] cmd read 9113 ? S 0:01 MailScanner: waiting for messages 9122 ? S 0:01 MailScanner: waiting for messages 9192 ? S 0:01 MailScanner: waiting for messages 9194 ? S 0:00 MailWatch SQL 9327 ? S 0:00 sendmail: startup with 209.9.184.36 9357 ? S 0:00 sshd: root@pts/0 9361 pts/0 S 0:00 -tcsh 9425 ? S 0:00 sendmail: server pool-70-110-225-43.phil.east.verizon.net [70.110.225.43] cmd read 9426 ? S 0:00 sendmail: server pool-70-110-225-43.phil.east.verizon.net [70.110.225.43] cmd read 9441 ? S 0:00 sendmail: server 1667203209.coffeefilterdreams.com [209.203.67.16] cmd read 9449 ? S 0:00 MailScanner: checking with SpamAssassin 9454 ? S 0:00 MailScanner: checking with SpamAssassin A 'top' will give the following, I noticed that it's starting to use swap at this point: 17:04:48 up 7 days, 17:46, 1 user, load average: 3.66, 2.00, 1.38 271 processes: 269 sleeping, 2 running, 0 zombie, 0 stopped CPU states: cpu user nice system irq softirq iowait idle total 43.8% 0.0% 7.3% 0.0% 0.0% 48.7% 0.0% cpu00 31.3% 0.0% 5.8% 0.0% 0.0% 62.7% 0.0% cpu01 45.0% 0.0% 13.7% 0.0% 0.0% 41.1% 0.0% cpu02 37.2% 0.0% 1.9% 0.0% 0.0% 60.7% 0.0% cpu03 61.7% 0.0% 7.8% 0.0% 0.0% 30.3% 0.0% Mem: 3082456k av, 3017552k used, 64904k free, 0k shrd, 24568k buff 2327328k actv, 431144k in_d, 39764k in_c Swap: 4194232k av, 620560k used, 3573672k free 236836k cached PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND 13862 root 22 0 38828 30M 2528 R 16.9 1.0 0:01 3 MailScanner 13785 root 16 0 45444 39M 2568 S 2.9 1.3 0:00 2 MailScanner 13777 root 15 0 44532 25M 2340 D 1.9 0.8 0:00 2 MailScanner 13874 root 21 0 3304 3304 1884 S 1.2 0.1 0:00 3 pyzor 778 root 17 0 43452 14M 1780 S 0.7 0.4 0:02 3 MailScanner 13524 root 15 0 1276 1276 840 R 0.7 0.0 0:00 0 top 1460 root 15 0 1112 480 264 S 0.4 0.0 18:25 1 cmaidad 32300 root 15 0 42228 5268 608 S 0.4 0.1 0:02 0 MailScanner 5102 root 17 0 42804 35M 1620 S 0.4 1.1 0:02 0 MailScanner 9357 root 15 0 604 548 184 S 0.4 0.0 0:00 2 sshd 23 root 15 0 0 0 0 SW 0.2 0.0 27:16 2 kjournald 1434 root 15 0 688 424 252 S 0.2 0.0 44:11 1 hpasmd 1630 named 15 0 41872 39M 780 S 0.2 1.3 25:27 1 named 29955 root 15 0 41756 7416 608 S 0.2 0.2 0:04 0 MailScanner 1635 root 15 0 42776 13M 1684 S 0.2 0.4 0:02 2 MailScanner 3070 root 15 0 42748 36M 1776 S 0.2 1.2 0:02 1 MailScanner 4055 root 15 0 43788 36M 1680 S 0.2 1.2 0:02 2 MailScanner 9790 root 15 0 42976 37M 1816 S 0.2 1.2 0:02 2 MailScanner 12365 root 15 0 42192 41M 1448 S 0.2 1.3 0:01 2 MailScanner 12687 root 15 0 43528 42M 2692 S 0.2 1.4 0:01 2 MailScanner 1 root 22 0 500 468 440 S 0.0 0.0 0:51 2 init Thanks, -Thomas > -----Original Message----- > From: Thomas Chamtieh > Sent: Friday, June 16, 2006 5:00 PM > To: 'MailScanner discussion' > Subject: RE: Strange HI Load > > Steve, > > Thanks for your insight. It's totally weird, I have 4 other > server running the same version and all identical. These were > running fine before the upgrade. When I say hi LA I'm talking > about 70-85% almost killing the server. On the other 4 > servers I have, the LA never goes above 1.7 and usually is > about 0.4-0.7, and these server handle a lot more mail that > the trouble ones. > > Thanks, > > -Thomas > > > > > > > > Hi all, > > > > > > After I upgraded from 4.46 to 4.54 I started seeing hi load on 2 > > > servers. Looking at the processes. The noticed that after > a couple > > > of hours I have 30-40 MailScanner processes in "waiting for > > > messages" mode. > > > I have restart every 30 mins. We process over 200K emails > a day. I > > > try as much as I can to take a lod off MailScanner, for > example, I > > > use sbl-xbl in sendmail and RBL checking in SpamAssassin, I'm not > > > using RulesDuJour. So it shouldn't be acting that way. > > > > > > Your help is appreciated, I have to check on these 2 > servers every 2 > > > hours and restart the MailScanner to get ride of the hung > processes. > > > > As an afterthought, I have an almost identical server. It's message > > count per day is very close to the problem server. I have > always had > > bayes expiry files on the problem server, and almost never on the > > proper acting one. > > > > I see where I have about 4 times the number of tokens in the Bayes > > database on the problem machine that I have on the proper one. The > > number of expired tokens on the two machines is really > extraordinarily > > difference during an expiry. > > > > I used to run a cron job to delete the Bayes expire files > just to keep > > the directory clean, but just turned that off in the event I was > > deleting real, valid files, ... so we'll see. > > > > Steve > > > > > > > > > Thanks, > > > > > > -Thomas > > > > > From campbell at cnpapers.com Sat Jun 17 02:39:16 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Sat Jun 17 02:39:31 2006 Subject: Strange HI Load In-Reply-To: <9EF54EC4D23F874F9034C2A245622AC503B7AD@ad.hosting.farm> References: <9EF54EC4D23F874F9034C2A245622AC503B7AD@ad.hosting.farm> Message-ID: <1150508356.44935d44bfda1@perdition.cnpapers.net> Quoting Thomas Chamtieh : > Steve, > > Thanks for your insight. It's totally weird, I have 4 other server > running the same version and all identical. These were running fine > before the upgrade. When I say hi LA I'm talking about 70-85% almost > killing the server. On the other 4 servers I have, the LA never goes > above 1.7 and usually is about 0.4-0.7, and these server handle a lot > more mail that the trouble ones. Yeh, that's the same here. I have knocked these down to about 25K each per day now. One runs about 1.0 LA, the other shoots up to really high. The timing changes stopped the extra MS children as you showed in your last post, but the LA still doesn't go down properly. That's the main difference in config files. The good machine runs the nearly standard RH sendmail.cf, the bad one used to, but now has the timing changes. The high load necessitated the change in timing. I've tried to find something else that is causing this, but when I stop MS (along with everything else it is doing like MySQL, SA, sendmail, etc) the load drops immediately to normal. These machines were built with the exact same stuff, are identical in hardware, everything. The difference is the domains they handle. And the size of the bayes files. (Obviously the emails they handle are different). This has been a gradually increasing thing. It used to run fine, then started to climb a little, but not enough to worry about, then a little more, and again, and again, until now it sometimes hit the 12.0 mark. Then sendmail stops accepting. Really strange. Something is different about the machines, I just can't seem to pinpoint it. But I will find it. Keep me posted on anything you find! Steve > > Thanks, > > -Thomas > > > > > > > > Hi all, > > > > > > After I upgraded from 4.46 to 4.54 I started seeing hi load on 2 > > > servers. Looking at the processes. The noticed that after a > > > couple of > > > hours I have 30-40 MailScanner processes in "waiting for > > > messages" mode. > > > I have restart every 30 mins. We process over 200K emails a > > > day. I try > > > as much as I can to take a lod off MailScanner, for example, I use > > > sbl-xbl in sendmail and RBL checking in SpamAssassin, I'm not using > > > RulesDuJour. So it shouldn't be acting that way. > > > > > > Your help is appreciated, I have to check on these 2 > > > servers every 2 > > > hours and restart the MailScanner to get ride of the hung processes. > > > > As an afterthought, I have an almost identical server. It's > > message count per day is very close to the problem server. I > > have always had bayes expiry files on the problem server, and > > almost never on the proper acting one. > > > > I see where I have about 4 times the number of tokens in the > > Bayes database on the problem machine that I have on the > > proper one. The number of expired tokens on the two machines > > is really extraordinarily difference during an expiry. > > > > I used to run a cron job to delete the Bayes expire files > > just to keep the directory clean, but just turned that off in > > the event I was deleting real, valid files, ... so we'll see. > > > > Steve > > > > > > > > > Thanks, > > > > > > -Thomas > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ From steve.swaney at fsl.com Sat Jun 17 02:45:46 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Sat Jun 17 02:45:51 2006 Subject: Best way to measure sendmail queue depth? In-Reply-To: <1150498893.4493384dd4c8f@perdition.cnpapers.net> Message-ID: <01c401c691af$c106caf0$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of campbell@cnpapers.com > Sent: Friday, June 16, 2006 7:02 PM > To: MailScanner discussion > Subject: Re: Best way to measure sendmail queue depth? > > Quoting "Furnish, Trever G" : > > > I've been checking sendmail inbound queue depth using a simple readdir > > and dividing the number of entries by two. This is checked every five > > minutes by Nagios with a 10-second timeout -- because of the timeout and > > the frequency with which I want to do the check, I can't just use, for > > example: > > > > mailq |head -1 > > > > ...because under heavy flow conditions the mailq command takes WAY too > > long to parse the entire set of queue files and generates too much load. > > > > I always realized dividing the number of files in the queue by two was > > only a rough guess, but I didn't realize there could be so much > > disparity between that number and the number of messages listed by > > mailq. With mailq reporting 6 messages in the inbound queue, the > > directory actually contains 477 files! > > The multitude of non-paired files are probably DATA files (df) of some > incomplete connections. You can probably delete all of these, but I would > check > the times on them first. This is more than likely an attempt to clog up > your MTA. > > You could use a script with 'find' telling you which ones are older than a > certain time period (one day should be very safe, one hour is probably > OK), and > delete them. Just a simple one-liner in your cron. Other than that, I'm > sure > there are sendmail options that would take care of this too, but they > don't jump > to mind right now, probably 'timeout_' options are the easiest to do. > > > > Mailq's result seems to match the count of files starting with a > > lowercase "q". I also have about the same number of files starting with > > an uppercase "Q". The rest of the files are df files, most of them > > without any corresponding q file. > > The 'Qf' files, I believe, are non-deliverable files, those that can't be > delivered even to postmaster. They are renamed qf files. > > Hope this is accurate. > > Steve Campbell > > > > > Any idea what's going on? Previously I expected to find files that > > started with qf, df, xf, and tf (not Q), and to always have pairs of > > files. Obviously my expectation was pretty far off. :-) > > > > -- To find "orphaned" files from dropped or munged MTA connections (and only for sendmail systems) probably the command you want to use first is: find /var/spool/mqueue.in -mmin +120 -exec ls -l {} \; | more After examining the output and verifying that the all the files listed are more than 2 hours old, then run: find /var/spool/mqueue.in -mmin +120 -exec /bin/rm {} \; Be careful. Typos can wipe out your operating system :( If you continue to see a LOT of these orphaned files, check that: Lock Type = In MailScanner .conf is set correctly for your version of sendmail (hint search the MailScanner archives). A good weekend to all! Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From bbbkee at gmail.com Sat Jun 17 08:28:15 2006 From: bbbkee at gmail.com (BBB Kee) Date: Sat Jun 17 08:28:17 2006 Subject: mail with a rar which have hundreds of files In-Reply-To: <4492DB82.3090103@nkpanama.com> References: <6807f59a0606160240w56c54f82ndda2f2942bb8fad0@mail.gmail.com> <4492DB82.3090103@nkpanama.com> Message-ID: <6807f59a0606170028w728b0cb9ub89ea0fdacff8fa@mail.gmail.com> On 6/17/06, Alex Neuman wrote: > > BBB Kee escribi?: > > > Use a ruleset. > > in MailScanner.conf > > Maximum Archive Depth = > %rules-dir%/dumbclient-stillusing-dbf-inthis-century.rules > > in dumbclient-stillusing-dbf-inthis-century.rules: > > FromOrTo: default 2 # The "actual" default > From: dumbcustomer@dumbcompany.com and To: > dbfreceiver@somewhereelse.com 0 > > That should do it, right? > > Thanks for your suggestion, but I found their recipient is not constant, sometimes send to 2, sometimes send to 3 recipients, so I don't know how to specify the ruleset at the To: field, one recipient one line right? Moreover, by completely skipping scanning virus get me some risk....especially the sender is at China... It would be much better if the timeout is also descripting the the total time of scanning of a archive....I think it should be one or two line of code, isn't it? but just changing mime MS will make my future upgrade difficult. Eric -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060617/afe56c13/attachment.html From lhaig at haigmail.com Sat Jun 17 08:43:28 2006 From: lhaig at haigmail.com (Lance Haig) Date: Sat Jun 17 08:43:32 2006 Subject: Lint problems In-Reply-To: <4492BA8B.7000405@haigmail.com> References: <4492BA8B.7000405@haigmail.com> Message-ID: <4493B2A0.4030607@haigmail.com> I upgraded to the latest version and I am still seeing this error What else can I do to find the cause? Lance Running This is SuSE Linux 9.3 (i586) This is Perl version 5.008006 (5.8.6) This is MailScanner version 4.55.3 Lance Haig wrote: > I got this when I ran the lint command > > mailhost:~ # MailScanner --lint > Cannot open config file --lint, No such file or directory at > /usr/lib/MailScanner/MailScanner/Config.pm line 597. > Compilation failed in require at /usr/sbin/MailScanner line 68. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 68. > > > Did I enter it incorrectly? > > Lance > From glenn.steen at gmail.com Sat Jun 17 09:35:39 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Jun 17 09:35:42 2006 Subject: mail with a rar which have hundreds of files In-Reply-To: <6807f59a0606170028w728b0cb9ub89ea0fdacff8fa@mail.gmail.com> References: <6807f59a0606160240w56c54f82ndda2f2942bb8fad0@mail.gmail.com> <4492DB82.3090103@nkpanama.com> <6807f59a0606170028w728b0cb9ub89ea0fdacff8fa@mail.gmail.com> Message-ID: <223f97700606170135r694f5854m72fb3da9c1266fcb@mail.gmail.com> On 17/06/06, BBB Kee wrote: > > On 6/17/06, Alex Neuman wrote: > > BBB Kee escribi?: > > > > Use a ruleset. > > in MailScanner.conf > > Maximum Archive Depth = > %rules-dir%/dumbclient-stillusing-dbf-inthis-century.rules > > in dumbclient-stillusing-dbf-inthis-century.rules : > > FromOrTo: default 2 # The "actual" default > From: dumbcustomer@dumbcompany.com and To: > dbfreceiver@somewhereelse.com 0 > > That should do it, right? > > > > Thanks for your suggestion, but I found their recipient is not constant, > sometimes send to 2, sometimes send to 3 recipients, so I don't know how to > specify the ruleset at the To: field, one recipient one line right? Yes. Or a suitable RE/glob to catch them all on one line. One could also forgo the To: completely and make the ruleset on the sender IP address and the sender email address. > Moreover, by completely skipping scanning virus get me some > risk....especially the sender is at China... With the above you are *not* "skipping scanning virus" for anything other than archives... and (depending on your virus scanner(s)) probably not even that. Just not unpacking it for MailScanner itself to look at filenames etc. > It would be much better if the timeout is also descripting the the total > time of scanning of a archive....I think it should be one or two line of > code, isn't it? but just changing mime MS will make my future upgrade > difficult. > > Eric > That one would be for Jules:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sat Jun 17 12:00:02 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Jun 17 12:00:08 2006 Subject: FW: Strange HI Load In-Reply-To: <9EF54EC4D23F874F9034C2A245622AC503B7AE@ad.hosting.farm> References: <9EF54EC4D23F874F9034C2A245622AC503B7AE@ad.hosting.farm> Message-ID: <223f97700606170400x6d399273ibc03218219e59a44@mail.gmail.com> On 17/06/06, Thomas Chamtieh wrote: > Here's an output of 'ps aux' look at all these MailScanner > processes!!!!: > (snip) > > > A 'top' will give the following, I noticed that it's starting to use > swap at this point: > > 17:04:48 up 7 days, 17:46, 1 user, load average: 3.66, 2.00, 1.38 > 271 processes: 269 sleeping, 2 running, 0 zombie, 0 stopped > CPU states: cpu user nice system irq softirq iowait idle > total 43.8% 0.0% 7.3% 0.0% 0.0% 48.7% 0.0% > cpu00 31.3% 0.0% 5.8% 0.0% 0.0% 62.7% 0.0% > cpu01 45.0% 0.0% 13.7% 0.0% 0.0% 41.1% 0.0% > cpu02 37.2% 0.0% 1.9% 0.0% 0.0% 60.7% 0.0% > cpu03 61.7% 0.0% 7.8% 0.0% 0.0% 30.3% 0.0% > Mem: 3082456k av, 3017552k used, 64904k free, 0k shrd, 24568k > buff > 2327328k actv, 431144k in_d, 39764k in_c > Swap: 4194232k av, 620560k used, 3573672k free 236836k > cached > > PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU > COMMAND > 13862 root 22 0 38828 30M 2528 R 16.9 1.0 0:01 3 > MailScanner > 13785 root 16 0 45444 39M 2568 S 2.9 1.3 0:00 2 > MailScanner > 13777 root 15 0 44532 25M 2340 D 1.9 0.8 0:00 2 > MailScanner You have a 4 CPU machine with a load under 4 == You don't have quite a process runnable/processor. Not the problem, nor any real indicator. That it uses swap *might* be an indicator. Do the usual "vmstat 2" and look if there seem to be swap activity most all of the time... That could really hurt performance. When you stop MailScanner manually, does all the children (eventually) die? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sat Jun 17 12:06:52 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Jun 17 12:06:59 2006 Subject: Lint problems In-Reply-To: <4493B2A0.4030607@haigmail.com> References: <4492BA8B.7000405@haigmail.com> <4493B2A0.4030607@haigmail.com> Message-ID: <223f97700606170406o202d71a6jfae6651f4464df52@mail.gmail.com> On 17/06/06, Lance Haig wrote: > I upgraded to the latest version and I am still seeing this error > > What else can I do to find the cause? > > Lance > > Running > > This is SuSE Linux 9.3 (i586) > This is Perl version 5.008006 (5.8.6) > This is MailScanner version 4.55.3 > Run which MailScanner ... It almost sound like this is some leftover crud that just happen to be called instead of the one you've got installed. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Gernot.Bauer at gmx.net Sat Jun 17 13:09:16 2006 From: Gernot.Bauer at gmx.net (Gernot Bauer) Date: Sat Jun 17 13:10:24 2006 Subject: sendmail refuses to use /var/spool/mqueue.in Message-ID: <7.0.1.0.0.20060617123137.01e9f4f0@mahamudra.de> Hi! I have finally solved this problem. The reason is Novell's AppArmor, which has been introduced in SuSE 10.1. AppArmor limits the files and directories sendmail can read and write. To get MailScanner running add the lines /var/run/sendmail-out.pid rwl, /var/spool/mqueue.in rwl, /var/spool/mqueue.in/* rwl, to these files: /etc/apparmor/profiles/extras/usr.sbin.sendmail.sendmail /etc/apparmor.d/usr.sbin.sendmail then: rcapparmor reload Finally start MailScanner. Maybe it is a good idea to add this hint on the MailScanner Installation Guide page, or even include it in the SuSE MailScanner package. I suppose that more people run into this when trying to install MailScanner on SuSE 10.1 or higher. Regards, Gernot From glenn.steen at gmail.com Sat Jun 17 13:31:27 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Jun 17 13:31:30 2006 Subject: sendmail refuses to use /var/spool/mqueue.in In-Reply-To: <7.0.1.0.0.20060617123137.01e9f4f0@mahamudra.de> References: <7.0.1.0.0.20060617123137.01e9f4f0@mahamudra.de> Message-ID: <223f97700606170531u36d1c6c0le8ff2dc3266f492@mail.gmail.com> On 17/06/06, Gernot Bauer wrote: > Hi! > > I have finally solved this problem. The reason is Novell's AppArmor, > which has been introduced in SuSE 10.1. AppArmor limits the files and > directories sendmail can read and write. > > To get MailScanner running add the lines > > /var/run/sendmail-out.pid rwl, > /var/spool/mqueue.in rwl, > /var/spool/mqueue.in/* rwl, > > to these files: > /etc/apparmor/profiles/extras/usr.sbin.sendmail.sendmail > /etc/apparmor.d/usr.sbin.sendmail > > then: > > rcapparmor reload > > Finally start MailScanner. > > Maybe it is a good idea to add this hint on the MailScanner > Installation Guide page, or even include it in the SuSE MailScanner package. > I suppose that more people run into this when trying to install > MailScanner on SuSE 10.1 or higher. > > Regards, > Gernot Is this dependant on any "security level" type of thing? It is very reminiscent of the Mandriva msec settings one need fiddle when running at "elevated security levels". -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From tchamtieh at nayzak.com Sat Jun 17 19:21:31 2006 From: tchamtieh at nayzak.com (Thomas Chamtieh) Date: Sat Jun 17 19:20:58 2006 Subject: FW: Strange HI Load Message-ID: <9EF54EC4D23F874F9034C2A245622AC503B7B0@ad.hosting.farm> > > On 17/06/06, Thomas Chamtieh wrote: > > Here's an output of 'ps aux' look at all these MailScanner > > processes!!!!: > > > (snip) > > > > > > A 'top' will give the following, I noticed that it's > starting to use > > swap at this point: > > > > 17:04:48 up 7 days, 17:46, 1 user, load average: 3.66, > 2.00, 1.38 > > 271 processes: 269 sleeping, 2 running, 0 zombie, 0 stopped > > CPU states: cpu user nice system irq softirq > iowait idle > > total 43.8% 0.0% 7.3% 0.0% 0.0% > 48.7% 0.0% > > cpu00 31.3% 0.0% 5.8% 0.0% 0.0% > 62.7% 0.0% > > cpu01 45.0% 0.0% 13.7% 0.0% 0.0% > 41.1% 0.0% > > cpu02 37.2% 0.0% 1.9% 0.0% 0.0% > 60.7% 0.0% > > cpu03 61.7% 0.0% 7.8% 0.0% 0.0% > 30.3% 0.0% > > Mem: 3082456k av, 3017552k used, 64904k free, 0k > shrd, 24568k > > buff > > 2327328k actv, 431144k in_d, 39764k in_c > > Swap: 4194232k av, 620560k used, 3573672k free > 236836k > > cached > > > > PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU > > COMMAND > > 13862 root 22 0 38828 30M 2528 R 16.9 1.0 0:01 3 > > MailScanner > > 13785 root 16 0 45444 39M 2568 S 2.9 1.3 0:00 2 > > MailScanner > > 13777 root 15 0 44532 25M 2340 D 1.9 0.8 0:00 2 > > MailScanner > > You have a 4 CPU machine with a load under 4 == You don't > have quite a process runnable/processor. Not the problem, nor > any real indicator. > > That it uses swap *might* be an indicator. Do the usual > "vmstat 2" and look if there seem to be swap activity most > all of the time... That could really hurt performance. > > When you stop MailScanner manually, does all the children > (eventually) die? > > -- > -- Glenn Yes, after running `service MailScanner stop` a few time, all the MailScanner processes die. There's actually 2 CPUs, looks like for because they're multithreading. As I type this email, there are about 120 MailScanner processes running, the LA is about 74%. I'm going to try re-installing MailScanner tonight to see, maybe something went wrong with the install, although it reported no errors when I upgraded. Thanks, -Thomas From MailScanner at ecs.soton.ac.uk Sat Jun 17 19:29:51 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 17 19:30:04 2006 Subject: duplication logging In-Reply-To: <44932883.1080501@evi-inc.com> References: <44932883.1080501@evi-inc.com> Message-ID: <44944A1F.1000005@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matt, All excellent suggestions as usual. All done. Will be in the next beta which I will release shortly. Matt Kettler wrote: > Res wrote: > >> One thing that annoys me and I'm sure others on large systems is the >> amount of unneccesay logging, for ANY program.. >> >> >> Jun 17 06:59:39 venus3 MailScanner[16663]: New Batch: Found 409 >> messages waiting >> Jun 17 06:59:39 venus3 MailScanner[16663]: New Batch: Scanning 32 >> messages, 17285726 bytes >> Jun 17 06:59:41 venus3 MailScanner[16663]: Virus and Content Scanning: >> Starting >> Jun 17 06:59:54 venus3 MailScanner[16663]: Uninfected: Delivered 32 >> messages >> >> >> Now... Virus and Content scanning starting, is another name for New >> Batch Scanning, I do think its overkill amnd completely (unless >> debugging) pointless, my question Jules is, is it really needed unless >> in debug mode? >> > > Personally, I think these log messages are very useful. > > However, I do think it would be nice if MailScanner made use of the "notice" log > level. > > Right now, all the above messages are logged at the "info" level, which is > probably appropriate. > > The problem is, a lot of fairly important stuff, such as infections, are also > logged at "info". > > If these messages were logged at the "notice" level, then large-volume admins > could configure their syslogger to only log notice or higher to disk and discard > the info messages. > > It's not a perfect system, but would give people more flexibility in choosing > how much logging they want to do. > > Some messages worth bumping from "info" to "notice" level would be: > > > > Config.pm: MailScanner::Log::InfoLog("Skipping Custom Function file %s as > its name does not end in .pm or .pl", $filename); > > CustomConfig.pm: MailScanner::Log::InfoLog("IPBlock: Adding block for %s", $ip); > CustomConfig.pm: MailScanner::Log::InfoLog("Could not open file $fn: %s", $!); > > Exim.pm: MailScanner::Log::InfoLog("Header ($line) too long (wanted > $InHeader)". > Exim.pm: or MailScanner::Log::InfoLog("Header continuation ($line) > doesn't begin". > > Exim.pm: MailScanner::Log::InfoLog("New Batch: Found invalid queue files: %s", > > Lock.pm: MailScanner::Log::InfoLog("Could not open file $fn: %s", $!) > Lock.pm: MailScanner::Log::InfoLog("Failed to lock $fn with unexpected > error: %s", $!); > > MCPMessage.pm: # MailScanner::Log::InfoLog("Spam Actions: (RBL) Bounce to %s", > $from) > MCPMessage.pm: MailScanner::Log::InfoLog("MCP Actions: (SpamAssassin) Bounce > to %s", > MCPMessage.pm: # MailScanner::Log::InfoLog("Spam Actions: (RBL,SpamAssassin) > Bounce to %s", > > MessageBatch.pm: MailScanner::Log::InfoLog("Spam Checks: Found $counter spam > messages") > MessageBatch.pm: MailScanner::Log::InfoLog("MCP Checks: Found $counter MCP > messages") > MessageBatch.pm: MailScanner::Log::InfoLog("Virus Scanning: Found %d viruses", > $viruses+0) > MessageBatch.pm: MailScanner::Log::InfoLog("Other Checks: Found %d problems", > $others+0) > MessageBatch.pm: MailScanner::Log::InfoLog("Content Checks: Found %d problems", > $content+0) > MessageBatch.pm: MailScanner::Log::InfoLog("Quarantining modified message for > %s", $id); > MessageBatch.pm: MailScanner::Log::InfoLog("Silent: Delivered %d messages > containing " . > MessageBatch.pm: MailScanner::Log::InfoLog("Cleaned: Delivered %d cleaned > messages", > MessageBatch.pm: MailScanner::Log::InfoLog("Sender Warnings: Delivered %d > warnings to " . > MessageBatch.pm: MailScanner::Log::InfoLog("Notices: Warned about %d messages", > $counter) > MessageBatch.pm: MailScanner::Log::InfoLog("Disinfection: Attempting to > disinfect %d " . > MessageBatch.pm: MailScanner::Log::InfoLog("Disinfection: Rescan found only %d > viruses", > MessageBatch.pm: MailScanner::Log::InfoLog("Saved archive copies of%s", $log) > if $log; > > Message.pm: MailScanner::Log::InfoLog("Spam Actions: message %s actions are %s", > Message.pm: MailScanner::Log::InfoLog("Spam Actions: message %s actions are %s", > Message.pm: MailScanner::Log::InfoLog("Will not bounce high-scoring spam") > Message.pm: MailScanner::Log::InfoLog("Spam Actions: (RBL) Bounce to %s", $from) > Message.pm: MailScanner::Log::InfoLog("Spam Actions: (SpamAssassin) Bounce to > %s", > Message.pm: MailScanner::Log::InfoLog("Spam Actions: (RBL,SpamAssassin) > Bounce to %s", > Message.pm: MailScanner::Log::InfoLog("Spam Actions: Notify %s", $to) > Message.pm: MailScanner::Log::InfoLog("Reject message %s from %s with report %s", > Message.pm: MailScanner::Log::InfoLog("Viruses marked as silent: %s", $logstring) > Message.pm: MailScanner::Log::InfoLog('Found ip-based phishing fraud > from ' . > Message.pm: MailScanner::Log::InfoLog('Found phishing fraud from %s ' . > > Postfix.pm: MailScanner::Log::InfoLog("New Batch: Found invalid queue files: %s", > > Qmail.pm: MailScanner::Log::InfoLog("New Batch: Found invalid queue files: %s", > > Quarantine.pm: MailScanner::Log::InfoLog("Saved entire message to $msgdir"); > Quarantine.pm: MailScanner::Log::InfoLog("Deleted infected \"%s\"", > $attachment); > Quarantine.pm: MailScanner::Log::InfoLog("Saved infected \"%s\" to %s", > $attachment, > > RBLs.pm: MailScanner::Log::InfoLog("RBL checks: %s found in %s", $message->{id}, > > Sendmail.pm: MailScanner::Log::InfoLog("New Batch: Found invalid queue files: > %s", > Sendmail.pm: MailScanner::Log::InfoLog("New Batch: Forwarding %d unscanned > messages, " . > Sendmail.pm: #MailScanner::Log::InfoLog("New Batch: Archived %d $ArchivedMsgs > messages", > Sendmail.pm: MailScanner::Log::InfoLog("Queue directory %s is nested", $dir) > > SweepContent.pm: MailScanner::Log::InfoLog("Attachment size check: %s > %s > (%s) in %s", > SweepContent.pm: MailScanner::Log::InfoLog("HTML-IFrame tag found in > message %s from %s", > SweepContent.pm: MailScanner::Log::InfoLog("HTML-Form tag found in message > %s from %s", > SweepContent.pm: MailScanner::Log::InfoLog("HTML-Script tag found in > message %s from %s", > SweepContent.pm: MailScanner::Log::InfoLog("HTML Img tag found in message > %s from %s", > SweepContent.pm: MailScanner::Log::InfoLog("HTML-Object tag found in > message %s from %s", > > SweepOther.pm: MailScanner::Log::InfoLog("Other Checks: Found Happy virus > in %s", $id); > SweepOther.pm: MailScanner::Log::InfoLog("Other Checks: Found Eudora " . > > SweepViruses.pm: MailScanner::Log::InfoLog("Infected message %s came from %s", > SweepViruses.pm: MailScanner::Log::InfoLog("%s: %s found %d infections", > $logtitle, > SweepViruses.pm: MailScanner::Log::InfoLog("Virus Scanning: F-Secure found > virus %s", $1); > SweepViruses.pm: MailScanner::Log::InfoLog("Virus Scanning: F-Secure found > virus %s",$virus); > SweepViruses.pm: MailScanner::Log::InfoLog("Virus Scanning: F-Prot found > virus %s", $virus); > SweepViruses.pm: MailScanner::Log::InfoLog("Virus Scanning: F-Prot found > problem %s", > SweepViruses.pm: MailScanner::Log::InfoLog("Trend found %s in %s", $virus, > $trend_prevline); > SweepViruses.pm: MailScanner::Log::InfoLog("Vexira: found %s in %s (%s)", > $virusname, > > ZMailer.pm: MailScanner::Log::InfoLog("New Batch: Found invalid queue files: %s", > ZMailer.pm: #MailScanner::Log::InfoLog("New Batch: Archived %d $ArchivedMsgs > messages", > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRJRKIRH2WUcUFbZUEQJItwCfZGCONDDZ1q9w/h6kOvlnTrjDotIAnRtL +tMmnuxRZapvfH1/e7vadQc5 =xMAc -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From stork at openenterprise.ca Sat Jun 17 19:49:44 2006 From: stork at openenterprise.ca (Johnny Stork) Date: Sat Jun 17 19:50:11 2006 Subject: Mailscanner and scalix on the same machine? Message-ID: Has anyone had any experience running mailscanner and scalix on the same machine? Any suggestions or pointers? --------------------------------------------- Johnny Stork Open Enterprise Solutions http://www.openenterprise.ca http://www.johnnystork.ca -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060617/ce66eae3/attachment.html From glenn.steen at gmail.com Sat Jun 17 20:33:49 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Jun 17 20:33:54 2006 Subject: FW: Strange HI Load In-Reply-To: <9EF54EC4D23F874F9034C2A245622AC503B7B0@ad.hosting.farm> References: <9EF54EC4D23F874F9034C2A245622AC503B7B0@ad.hosting.farm> Message-ID: <223f97700606171233o2e8789ecu6e554e4c2d67996d@mail.gmail.com> On 17/06/06, Thomas Chamtieh wrote: (snip) > Yes, after running `service MailScanner stop` a few time, all the > MailScanner processes die. There's actually 2 CPUs, looks like for > because they're multithreading. As I type this email, there are about > 120 MailScanner processes running, the LA is about 74%. I'm going to try > re-installing MailScanner tonight to see, maybe something went wrong > with the install, although it reported no errors when I upgraded. Ht.... Why don't you turn that off? Likely don't contribute anything positive;) Further... "Load Average" is never a percentile... CPU usage might be measured like that, but not load. Load is simply the run queue size (total) + 1/process in state D. It is almost never a good indicator *by itself*, nor contribute much information... at all. Did you look at the "si/so" of the vmstat? what does it tell? What MailScanner configs have you made concerning children etc? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sat Jun 17 20:38:38 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Jun 17 20:38:41 2006 Subject: FW: Strange HI Load In-Reply-To: <223f97700606171233o2e8789ecu6e554e4c2d67996d@mail.gmail.com> References: <9EF54EC4D23F874F9034C2A245622AC503B7B0@ad.hosting.farm> <223f97700606171233o2e8789ecu6e554e4c2d67996d@mail.gmail.com> Message-ID: <223f97700606171238i200f670fy62c2e93041d4c438@mail.gmail.com> On 17/06/06, Glenn Steen wrote: > On 17/06/06, Thomas Chamtieh wrote: > (snip) > > Yes, after running `service MailScanner stop` a few time, all the > > MailScanner processes die. There's actually 2 CPUs, looks like for > > because they're multithreading. As I type this email, there are about > > 120 MailScanner processes running, the LA is about 74%. I'm going to try > > re-installing MailScanner tonight to see, maybe something went wrong > > with the install, although it reported no errors when I upgraded. > > Ht.... Why don't you turn that off? Likely don't contribute anything positive;) > Further... "Load Average" is never a percentile... CPU usage might be > measured like that, but not load. Load is simply the run queue size > (total) + 1/process in state D. ... measured as av erage over 1 5 and 15 minutes... (just for clarity:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Gernot.Bauer at gmx.net Sat Jun 17 22:10:56 2006 From: Gernot.Bauer at gmx.net (Gernot Bauer) Date: Sat Jun 17 22:11:12 2006 Subject: sendmail refuses to use /var/spool/mqueue.in In-Reply-To: <223f97700606170531u36d1c6c0le8ff2dc3266f492@mail.gmail.com > References: <7.0.1.0.0.20060617123137.01e9f4f0@mahamudra.de> <223f97700606170531u36d1c6c0le8ff2dc3266f492@mail.gmail.com> Message-ID: <7.0.1.0.0.20060617230810.020d15d0@gmx.net> > >Is this dependant on any "security level" type of thing? It is very >reminiscent of the Mandriva msec settings one need fiddle when running >at "elevated security levels". As far as I can see one can only switch AppArmor off completely, there are no security levels. So I decided to tweak it and keep it running instead. Regards, Gernot From lhaig at haigmail.com Sat Jun 17 23:28:06 2006 From: lhaig at haigmail.com (Lance Haig) Date: Sat Jun 17 23:28:10 2006 Subject: Lint problems In-Reply-To: <223f97700606170406o202d71a6jfae6651f4464df52@mail.gmail.com> References: <4492BA8B.7000405@haigmail.com> <4493B2A0.4030607@haigmail.com> <223f97700606170406o202d71a6jfae6651f4464df52@mail.gmail.com> Message-ID: <449481F6.1020800@haigmail.com> Glenn, This is what I got mailhost:~ # which MailScanner /usr/sbin/MailScanner mailhost:~ # Lance Glenn Steen wrote: > On 17/06/06, Lance Haig wrote: >> I upgraded to the latest version and I am still seeing this error >> >> What else can I do to find the cause? >> >> Lance >> >> Running >> >> This is SuSE Linux 9.3 (i586) >> This is Perl version 5.008006 (5.8.6) >> This is MailScanner version 4.55.3 >> > Run > which MailScanner > ... It almost sound like this is some leftover crud that just happen > to be called instead of the one you've got installed. From rob at robhq.com Sun Jun 18 11:08:17 2006 From: rob at robhq.com (rob freeman) Date: Sun Jun 18 10:59:25 2006 Subject: Mailscanner and scalix on the same machine? In-Reply-To: Message-ID: I run it here. Had mailscanner working first and installed scalix. Only issue I ran into was: The install was easy, but it kept fighting my MailScanner install. To get around this, I have to change the sendmail.mc file to keep sendmail from only listening on the local address of 127.0.0.1 Also have to remove any users in virrusertable. Once done, I needed to run onsendin to reconfigure sendmail to send to scalix. It restarts sendmail, so be sure to stop sendmail and then chkconfig sendmail off to keep it from starting. Next, be sure to edit the smtpd.cfg file at /var/opt/scalix/sys/smtpd.cfg. Add the line: SMTPFILTER=TRUE and save the file. Restart the scalix SMTP demon by: omoff -d0 smtpd then omon smtpd This was for CentOS 4, so depending on your OS, YMMV. _____ From: Johnny Stork [mailto:stork@openenterprise.ca] Sent: Saturday, June 17, 2006 1:50 PM To: mailscanner Subject: Mailscanner and scalix on the same machine? Has anyone had any experience running mailscanner and scalix on the same machine? Any suggestions or pointers? --------------------------------------------- Johnny Stork Open Enterprise Solutions http://www.openenterprise.ca http://www.johnnystork.ca -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060618/0b8d5615/attachment.html From MailScanner at ecs.soton.ac.uk Sun Jun 18 17:02:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jun 18 17:02:53 2006 Subject: "Contact Us" web page In-Reply-To: <57573D714A832C43B9D80EAFBDA48D0351B62B@inex3.herffjones.hj-int> References: <57573D714A832C43B9D80EAFBDA48D0351B62B@inex3.herffjones.hj-int> Message-ID: <4495791B.1090502@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Furnish, Trever G wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Julian Field >> Sent: Thursday, June 15, 2006 5:10 PM >> To: MailScanner discussion >> Subject: "Contact Us" web page >> >> What would you like to see on a "Contact Us" web page on >> www.mailscanner.info? >> >> Currently it is just a mailto: link. >> Would you like me to replace it with a web page? >> If so, what would you like to see on it? >> About all the information I can give is an email address, >> hence the current link. >> >> Thoughts? >> >> - -- >> Julian Field >> > > Personally I have no problem with a mailto link -- but it's kind of > annoying if the text of the mailto is "contact us" instead of an email > address. As minor as it may seem, I'd greatly prefer a simple page that > has the email address listed, even if the email address on that page is > linked with a mailto. > > When you see a "Contact Us" link in a tab on a bar where all the other > tabs take you to a web page, you expect that tab to take you to a web > page as well. > > I never click a mailto link intentionally, and on many systems that'd > kick off some convoluted and annoying wizard prompting me to configure > an integrated email client. I've even had a simple click on a mailto > kick off an automated microsoft outlook install - what a pain. > > Very tiny issue though -- I'd never mention it normally...but you did > ask. :-) Hope it helps. I have written a Contact Us web page, hopefully you like it. Please check it and let me know what you think. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRJV5HBH2WUcUFbZUEQINAQCg09FPZmj39G9ktQDVRsQbKWUOxekAnjvW PxWUBv5hCNs5E9MJ6D+jcqmC =6aqE -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Sun Jun 18 18:59:57 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Jun 18 19:00:01 2006 Subject: Lint problems In-Reply-To: <449481F6.1020800@haigmail.com> References: <4492BA8B.7000405@haigmail.com> <4493B2A0.4030607@haigmail.com> <223f97700606170406o202d71a6jfae6651f4464df52@mail.gmail.com> <449481F6.1020800@haigmail.com> Message-ID: <223f97700606181059jaf13d0u901967a33f799b37@mail.gmail.com> On 18/06/06, Lance Haig wrote: > Glenn, > This is what I got > > mailhost:~ # which MailScanner > /usr/sbin/MailScanner > mailhost:~ # > > > Lance > Right, and that one should have the --lint option... Hmmm. It should have the --usage option too... How about checking that? The error you quoted is analoguous with an older version, which would try to treat any unknown option like a MailScanner.conf file... Is why you got the advice to upgrade:-). There isn't an /usr/sbin/MailScanner.rpmnew, now is there? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From lhaig at haigmail.com Sun Jun 18 20:41:40 2006 From: lhaig at haigmail.com (Lance Haig) Date: Sun Jun 18 20:41:44 2006 Subject: Lint problems In-Reply-To: <223f97700606181059jaf13d0u901967a33f799b37@mail.gmail.com> References: <4492BA8B.7000405@haigmail.com> <4493B2A0.4030607@haigmail.com> <223f97700606170406o202d71a6jfae6651f4464df52@mail.gmail.com> <449481F6.1020800@haigmail.com> <223f97700606181059jaf13d0u901967a33f799b37@mail.gmail.com> Message-ID: <4495AC74.5030604@haigmail.com> Glenn, > Right, and that one should have the --lint option... Hmmm. It should > have the --usage option too... How about checking that? I just tried that and got the same error. it is strange > The error you > quoted is analoguous with an older version, which would try to treat > any unknown option like a MailScanner.conf file... Is why you got the > advice to upgrade:-). There isn't an /usr/sbin/MailScanner.rpmnew, now > is there? Nope there is nothing but old MS files Thanks Lance From glenn.steen at gmail.com Mon Jun 19 09:16:57 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 19 09:17:02 2006 Subject: Lint problems In-Reply-To: <4495AC74.5030604@haigmail.com> References: <4492BA8B.7000405@haigmail.com> <4493B2A0.4030607@haigmail.com> <223f97700606170406o202d71a6jfae6651f4464df52@mail.gmail.com> <449481F6.1020800@haigmail.com> <223f97700606181059jaf13d0u901967a33f799b37@mail.gmail.com> <4495AC74.5030604@haigmail.com> Message-ID: <223f97700606190116n970803fj2165e1e0bd86588c@mail.gmail.com> On 18/06/06, Lance Haig wrote: > Glenn, > > > > Right, and that one should have the --lint option... Hmmm. It should > > have the --usage option too... How about checking that? > I just tried that and got the same error. it is strange > > > The error you > > quoted is analoguous with an older version, which would try to treat > > any unknown option like a MailScanner.conf file... Is why you got the > > advice to upgrade:-). There isn't an /usr/sbin/MailScanner.rpmnew, now > > is there? > > Nope there is nothing but old MS files > Ok, could you do grep MailScannerVersion /usr/sbin/MailScanner | head -1 and grep -A 20 GetOptions /usr/sbin/MailScanner .... That should tell us once and for all if this is really the right script, or if something fishy is happening with your install. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From lhaig at haigmail.com Mon Jun 19 12:14:32 2006 From: lhaig at haigmail.com (Lance Haig) Date: Mon Jun 19 12:14:37 2006 Subject: Lint problems In-Reply-To: <223f97700606190116n970803fj2165e1e0bd86588c@mail.gmail.com> References: <4492BA8B.7000405@haigmail.com> <4493B2A0.4030607@haigmail.com> <223f97700606170406o202d71a6jfae6651f4464df52@mail.gmail.com> <449481F6.1020800@haigmail.com> <223f97700606181059jaf13d0u901967a33f799b37@mail.gmail.com> <4495AC74.5030604@haigmail.com> <223f97700606190116n970803fj2165e1e0bd86588c@mail.gmail.com> Message-ID: <44968718.5040109@haigmail.com> Hi Glenn, Thanks here we go Lance grep MailScannerVersion /usr/sbin/MailScanner | head -1 $MailScanner::Config::MailScannerVersion = '4.55.3' grep -A 20 GetOptions /usr/sbin/MailScanner my $result = GetOptions ("h|H|help" => \$WantHelp, "v|V|version|Version" => \$Versions, "lint" => \$WantLintOnly, "value=s" => \$WantRuleCheck, "from=s" => \$RuleCheckFrom, "to=s@" => \@RuleCheckTo, "ip=s" => \$RuleCheckIP, "virus=s" => \$RuleCheckVirus, "debug" => \$Debug, "debug-sa" => \$DebugSpamAssassin); if ($WantHelp) { print STDERR "Usage:\n"; print STDERR "MailScanner [ -h|-v|--debug|--debug-sa|--lint ] |\n"; print STDERR " [--value= --from=\n"; print STDERR " --to=, --to=, ...]\n"; print STDERR " --ip=, --virus= ]\n"; print STDERR " \n"; exit 0; } Glenn Steen wrote: > On 18/06/06, Lance Haig wrote: >> Glenn, >> >> >> > Right, and that one should have the --lint option... Hmmm. It should >> > have the --usage option too... How about checking that? >> I just tried that and got the same error. it is strange >> >> > The error you >> > quoted is analoguous with an older version, which would try to treat >> > any unknown option like a MailScanner.conf file... Is why you got the >> > advice to upgrade:-). There isn't an /usr/sbin/MailScanner.rpmnew, now >> > is there? >> >> Nope there is nothing but old MS files >> > > > and > grep -A 20 GetOptions /usr/sbin/MailScanner > .... That should tell us once and for all if this is really the right > script, or if something fishy is happening with your install. > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Jun 19 12:29:36 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 19 12:29:40 2006 Subject: Lint problems In-Reply-To: <44968718.5040109@haigmail.com> References: <4492BA8B.7000405@haigmail.com> <4493B2A0.4030607@haigmail.com> <223f97700606170406o202d71a6jfae6651f4464df52@mail.gmail.com> <449481F6.1020800@haigmail.com> <223f97700606181059jaf13d0u901967a33f799b37@mail.gmail.com> <4495AC74.5030604@haigmail.com> <223f97700606190116n970803fj2165e1e0bd86588c@mail.gmail.com> <44968718.5040109@haigmail.com> Message-ID: <223f97700606190429o64d88765i556b1db8bb4dc619@mail.gmail.com> On 19/06/06, Lance Haig wrote: > Hi Glenn, > > Thanks here we go > > Lance > > grep MailScannerVersion /usr/sbin/MailScanner | head -1 > > $MailScanner::Config::MailScannerVersion = '4.55.3' > > grep -A 20 GetOptions /usr/sbin/MailScanner > > my $result = GetOptions ("h|H|help" => \$WantHelp, > "v|V|version|Version" => \$Versions, > "lint" => \$WantLintOnly, > "value=s" => \$WantRuleCheck, > "from=s" => \$RuleCheckFrom, > "to=s@" => \@RuleCheckTo, > "ip=s" => \$RuleCheckIP, > "virus=s" => \$RuleCheckVirus, > "debug" => \$Debug, > "debug-sa" => \$DebugSpamAssassin); > > if ($WantHelp) { > print STDERR "Usage:\n"; > print STDERR "MailScanner [ -h|-v|--debug|--debug-sa|--lint ] |\n"; > print STDERR " [--value= --from=\n"; > print STDERR " --to=, --to=, > ...]\n"; > print STDERR " --ip=, --virus= > ]\n"; > print STDERR " \n"; > exit 0; > } > > Ok, so then something else is happening. Just to recap: What happens if you do /usr/sbin/MailScanner --lint /usr/sbin/MailScanner -h /usr/sbin/MailScanner -V -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From lhaig at haigmail.com Mon Jun 19 12:32:35 2006 From: lhaig at haigmail.com (Lance Haig) Date: Mon Jun 19 12:32:39 2006 Subject: SOLVED!!!!!! Re: Lint problems In-Reply-To: <223f97700606190116n970803fj2165e1e0bd86588c@mail.gmail.com> References: <4492BA8B.7000405@haigmail.com> <4493B2A0.4030607@haigmail.com> <223f97700606170406o202d71a6jfae6651f4464df52@mail.gmail.com> <449481F6.1020800@haigmail.com> <223f97700606181059jaf13d0u901967a33f799b37@mail.gmail.com> <4495AC74.5030604@haigmail.com> <223f97700606190116n970803fj2165e1e0bd86588c@mail.gmail.com> Message-ID: <44968B53.2070906@haigmail.com> Found it. The error message was giving the clue all the time. >> mailhost:~ # MailScanner --lint >> Cannot open config file --lint, No such file or directory at /usr/lib/MailScanner/MailScanner/Config.pm line 605. >> Compilation failed in require at /usr/sbin/MailScanner line 69. >> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 69. in /usr/lib/MailSanner/MailScanner There were 2 CustomConfig.pm files one CustomConfig.pm and one CustomConfig.pm.rpmnew I renamed these flies to .old and .pm respectively a everything is now working as planned. Glenn thanks for helping me with this. Thanks Lance Glenn Steen wrote: > On 18/06/06, Lance Haig wrote: >> Glenn, >> >> >> > Right, and that one should have the --lint option... Hmmm. It should >> > have the --usage option too... How about checking that? >> I just tried that and got the same error. it is strange >> >> > The error you >> > quoted is analoguous with an older version, which would try to treat >> > any unknown option like a MailScanner.conf file... Is why you got the >> > advice to upgrade:-). There isn't an /usr/sbin/MailScanner.rpmnew, now >> > is there? >> >> Nope there is nothing but old MS files >> > > Ok, could you do > grep MailScannerVersion /usr/sbin/MailScanner | head -1 > and > grep -A 20 GetOptions /usr/sbin/MailScanner > .... That should tell us once and for all if this is really the right > script, or if something fishy is happening with your install. > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se From gobinathlk at yahoo.com Mon Jun 19 12:43:47 2006 From: gobinathlk at yahoo.com (gobinath thangavel) Date: Mon Jun 19 12:43:51 2006 Subject: create customized quarantine id Message-ID: <20060619114348.57859.qmail@web51109.mail.yahoo.com> Dear all, I want to create customized quarantine folder. currently we r getting only the id, but we want local users names with the id how can we do this ? pls help on this gobinath --------------------------------- Sneak preview the all-new Yahoo.com. It's not radically different. Just radically better. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060619/b73b5abc/attachment.html From glenn.steen at gmail.com Mon Jun 19 12:58:50 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 19 12:58:54 2006 Subject: SOLVED!!!!!! Re: Lint problems In-Reply-To: <44968B53.2070906@haigmail.com> References: <4492BA8B.7000405@haigmail.com> <4493B2A0.4030607@haigmail.com> <223f97700606170406o202d71a6jfae6651f4464df52@mail.gmail.com> <449481F6.1020800@haigmail.com> <223f97700606181059jaf13d0u901967a33f799b37@mail.gmail.com> <4495AC74.5030604@haigmail.com> <223f97700606190116n970803fj2165e1e0bd86588c@mail.gmail.com> <44968B53.2070906@haigmail.com> Message-ID: <223f97700606190458m47cbe126uddec5de1812f6673@mail.gmail.com> On 19/06/06, Lance Haig wrote: > Found it. > > The error message was giving the clue all the time. > > >> mailhost:~ # MailScanner --lint > >> Cannot open config file --lint, No such file or directory at > /usr/lib/MailScanner/MailScanner/Config.pm line 605. > >> Compilation failed in require at /usr/sbin/MailScanner line 69. > >> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 69. > > in /usr/lib/MailSanner/MailScanner > > There were 2 CustomConfig.pm files > > one CustomConfig.pm and one CustomConfig.pm.rpmnew > > I renamed these flies to .old and .pm respectively a everything is now > working as planned. > > Glenn thanks for helping me with this. > Glad to have been of some kind of help:-)! -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Jun 19 13:00:36 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 19 13:00:42 2006 Subject: create customized quarantine id In-Reply-To: <20060619114348.57859.qmail@web51109.mail.yahoo.com> References: <20060619114348.57859.qmail@web51109.mail.yahoo.com> Message-ID: <223f97700606190500t61d53395pd3dcc87d741028e1@mail.gmail.com> On 19/06/06, gobinath thangavel wrote: > Dear all, > > I want to create customized quarantine folder. > currently we r getting only the id, but we want local users names with the > id > how can we do this ? > pls help on this > > gobinath > Have you looked at MailWatch? http://mailwatch.sf.net ... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Denis.Beauchemin at USherbrooke.ca Mon Jun 19 14:23:20 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Jun 19 14:23:57 2006 Subject: Web Bug problem... In-Reply-To: <44931378.3040006@USherbrooke.ca> References: <449311F6.8050101@USherbrooke.ca> <44931378.3040006@USherbrooke.ca> Message-ID: <4496A548.1050503@USherbrooke.ca> Denis Beauchemin a ?crit : > Denis Beauchemin a ?crit : >> Hello all, >> >> I have the following in MailScanner.conf (version 4.54.6): >> Allow WebBugs = disarm >> Ignored Web Bug Filenames = >> # If this is not specified, the the old value of "MailScannerWebBug" >> is used, >> Web Bug Replacement = >> http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif >> >> Now when an email with a web bug is delivered it looks like this: >> >> > src="http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif" >> width="1" height="1" alt="Web Bug from >> http://www.directioninformatique.com/di/image/fr/shim.gif" /> >> >> >> In Thunderbird I see the ALT text which garbles the email... >> >> Is this a bug or did I misconfigure something? >> >> Thanks! >> >> Denis >> > I just figured something out: if I tell Thunderbird to show remote > images the display is fine. But I almost never click that button... > > So... could the ALT text be discarded? > > Thanks and a good week-end to all! > > Denis > Julian, I commented out the following line in Message.pm to get rid of the ALT text: $output .= 'Web Bug from ' . $attr->{'src'} if $attr->{'src'}; At least the "Web Bug from" part should have been in languages.conf so people could have translated it in their own language. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060619/93d4c7f1/smime.bin From chardlist at chard.net Mon Jun 19 14:37:38 2006 From: chardlist at chard.net (chardlist) Date: Mon Jun 19 14:37:51 2006 Subject: Typical Bayes Size? In-Reply-To: <44931067.7040000@evi-inc.com> Message-ID: <00f101c693a5$894b2cd0$a000a8c0@sangria> I haven't specified a bayes_expiry_max_db_size. I run bayes through MySQL, in the bayes_seen table I have 946,511 records. In bayes_tokens there are 182,785. Really, I just want to make sure MS is running as efficiently as possible. The 182K tokens I have is seeming more in alignment with your 112K you said was closer to normal below. Any thoughts? -Brendan -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Kettler Sent: Friday, June 16, 2006 3:11 PM To: MailScanner discussion Subject: Re: Typical Bayes Size? chardlist wrote: > On a server that averages about 15,000 messages a day, with a mature bayes > database that runs sa-learn --force-expire every night via cron, what should > I expect as a typical number of tokens? > > The last sa-learn --force-expire reported: > > expired old bayes database entries in 11 seconds > 1011642 entries kept, 5188 deleted > token frequency: 1-occurrence tokens: 13.09% > token frequency: less than 8 occurrences: 5.09% > > Is over 1 million tokens normal or is something fishy going on? That seems rather large. Have you declared a bayes_expiry_max_db_size? If you don't have one declared, the default is 150k, which means that SA should be aiming for 112k tokens when it does an expire. That said, there are conditions in which SA will end up with a much larger database, but this generally only affects young databases. > > When I lint the spamassassin config it reports: > > bayes: corpus size: nspam = 713810, nham = 212860 *shrug* that part's not very useful. It's the total count of all mail ever trained. (ie: this counter never goes down due to expiry) One thing that might be useful is the output of "sa-learn --dump magic". Looking at the spread of the various atimes can be helpful. > > Thanks for any advice/reassurance, > -Brendan > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From bpumphrey at woodmclaw.com Mon Jun 19 15:04:00 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Mon Jun 19 15:04:07 2006 Subject: "Contact Us" web page Message-ID: <04D932B0071FE34FA63EBB1977B48D1501489A03@woodenex.woodmaclaw.local> I like the new web site. Looks good! From MailScanner at ecs.soton.ac.uk Mon Jun 19 15:25:33 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 19 15:25:47 2006 Subject: Web Bug problem... In-Reply-To: <4496A548.1050503@USherbrooke.ca> References: <449311F6.8050101@USherbrooke.ca> <44931378.3040006@USherbrooke.ca> <4496A548.1050503@USherbrooke.ca> Message-ID: <8B4B5E43-7C5C-4620-A21E-E0A35EC68178@ecs.soton.ac.uk> On 19 Jun 2006, at 14:23, Denis Beauchemin wrote: > Denis Beauchemin a ?crit : >> Denis Beauchemin a ?crit : >>> Hello all, >>> >>> I have the following in MailScanner.conf (version 4.54.6): >>> Allow WebBugs = disarm >>> Ignored Web Bug Filenames = >>> # If this is not specified, the the old value of >>> "MailScannerWebBug" is used, >>> Web Bug Replacement = http://www.sng.ecs.soton.ac.uk/mailscanner/ >>> images/1x1spacer.gif >>> >>> Now when an email with a web bug is delivered it looks like this: >>> >>> Web Bug from http:// >>> www.directioninformatique.com/di/image/fr/shim.gif >>> >>> >>> In Thunderbird I see the ALT text which garbles the email... >>> >>> Is this a bug or did I misconfigure something? >>> >>> Thanks! >>> >>> Denis >>> >> I just figured something out: if I tell Thunderbird to show remote >> images the display is fine. But I almost never click that button... >> >> So... could the ALT text be discarded? >> >> Thanks and a good week-end to all! >> >> Denis >> > Julian, > > I commented out the following line in Message.pm to get rid of the > ALT text: > $output .= 'Web Bug from ' . $attr->{'src'} if $attr->{'src'}; > > At least the "Web Bug from" part should have been in languages.conf > so people could have translated it in their own language. Is it generally agreed that the ALT text is a bad idea here? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From AHKAPLAN at PARTNERS.ORG Mon Jun 19 16:26:14 2006 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Mon Jun 19 16:26:19 2006 Subject: Checking Suspected E-Mails Message-ID: <9C63A4713C4E3342B90428CE44806A7302679772@PHSXMB5.partners.org> Hi there - One of users of our server received several e-mails indicating that a "Bad Filename was Detected". The e-mails in question were resumes that were sent to him from a recruiting company. The user has asked if there is a way to determine if the e-mails are truly suspect. What would be the best way to determine this? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060619/6bf40582/attachment.html From MailScanner at ecs.soton.ac.uk Mon Jun 19 16:35:45 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 19 16:36:01 2006 Subject: Checking Suspected E-Mails In-Reply-To: <9C63A4713C4E3342B90428CE44806A7302679772@PHSXMB5.partners.org> References: <9C63A4713C4E3342B90428CE44806A7302679772@PHSXMB5.partners.org> Message-ID: <145E02E8-DFE7-4EAA-BC6D-F851FB71EC89@ecs.soton.ac.uk> The useful information is in the Attachment-Warning.txt attachment that has been attached to his message, in replacement of the original file. Read *all* of it. On 19 Jun 2006, at 16:26, Kaplan, Andrew H. wrote: > Hi there ? > > > > One of users of our server received several e-mails indicating that > a ?Bad Filename was Detected?. The e-mails in question > > were resumes that were sent to him from a recruiting company. The > user has asked if there is a way to determine if the > > e-mails are truly suspect. > > > > What would be the best way to determine this? Thanks. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060619/7bd5ce4b/attachment.html From Richard.Frovarp at sendit.nodak.edu Mon Jun 19 16:40:42 2006 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Mon Jun 19 16:40:47 2006 Subject: Best way to measure sendmail queue depth? In-Reply-To: <01c401c691af$c106caf0$2901010a@office.fsl> References: <01c401c691af$c106caf0$2901010a@office.fsl> Message-ID: <4496C57A.8090003@sendit.nodak.edu> Stephen Swaney wrote: >>-----Original Message----- >>From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>bounces@lists.mailscanner.info] On Behalf Of campbell@cnpapers.com >>Sent: Friday, June 16, 2006 7:02 PM >>To: MailScanner discussion >>Subject: Re: Best way to measure sendmail queue depth? >> >>Quoting "Furnish, Trever G" : >> >> >> >>>I've been checking sendmail inbound queue depth using a simple readdir >>>and dividing the number of entries by two. This is checked every five >>>minutes by Nagios with a 10-second timeout -- because of the timeout and >>>the frequency with which I want to do the check, I can't just use, for >>>example: >>> >>> mailq |head -1 >>> >>>...because under heavy flow conditions the mailq command takes WAY too >>>long to parse the entire set of queue files and generates too much load. >>> >>>I always realized dividing the number of files in the queue by two was >>>only a rough guess, but I didn't realize there could be so much >>>disparity between that number and the number of messages listed by >>>mailq. With mailq reporting 6 messages in the inbound queue, the >>>directory actually contains 477 files! >>> >>> >>The multitude of non-paired files are probably DATA files (df) of some >>incomplete connections. You can probably delete all of these, but I would >>check >>the times on them first. This is more than likely an attempt to clog up >>your MTA. >> >>You could use a script with 'find' telling you which ones are older than a >>certain time period (one day should be very safe, one hour is probably >>OK), and >>delete them. Just a simple one-liner in your cron. Other than that, I'm >>sure >>there are sendmail options that would take care of this too, but they >>don't jump >>to mind right now, probably 'timeout_' options are the easiest to do. >> >> >>>Mailq's result seems to match the count of files starting with a >>>lowercase "q". I also have about the same number of files starting with >>>an uppercase "Q". The rest of the files are df files, most of them >>>without any corresponding q file. >>> >>> >>The 'Qf' files, I believe, are non-deliverable files, those that can't be >>delivered even to postmaster. They are renamed qf files. >> >>Hope this is accurate. >> >>Steve Campbell >> >> >> >>>Any idea what's going on? Previously I expected to find files that >>>started with qf, df, xf, and tf (not Q), and to always have pairs of >>>files. Obviously my expectation was pretty far off. :-) >>> >>>-- >>> >>> > >To find "orphaned" files from dropped or munged MTA connections (and only >for sendmail systems) probably the command you want to use first is: > > find /var/spool/mqueue.in -mmin +120 -exec ls -l {} \; | more > >After examining the output and verifying that the all the files listed are >more than 2 hours old, then run: > > find /var/spool/mqueue.in -mmin +120 -exec /bin/rm {} \; > >Be careful. Typos can wipe out your operating system :( > >If you continue to see a LOT of these orphaned files, check that: > > Lock Type = > >In MailScanner .conf is set correctly for your version of sendmail (hint >search the MailScanner archives). > >A good weekend to all! > >Steve > >Stephen Swaney >Fort Systems Ltd. >stephen.swaney@fsl.com >www.fsl.com > > > I would go for a time greater that a mere 2 hours. We have had systems trying to catch up to a spike for almost and entire day. If the check is just 120 minutes, it would help the system catch up quicker, but it would delete a lot of mail as well. We have been addressing the performance issues and will be rotating in an additional MailScanner machine before the school year starts up again, to try to alleviate such backlogs. Richard From AHKAPLAN at PARTNERS.ORG Mon Jun 19 16:48:24 2006 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Mon Jun 19 16:48:29 2006 Subject: Checking Suspected E-Mails Message-ID: <9C63A4713C4E3342B90428CE44806A7302679774@PHSXMB5.partners.org> The report that I am seeing is the following: MailScanner: Files containing CLSID's are trying to hide their real type (TIBOR_BERNER{3EDC67F9-93A4-42C3-AEC1-502D90D9A895}.html) If the resumes were sent as HTML files, it is possible they are innocuous. Still, it probably would be better to have the sender resend them in a format other than HTML. Your thoughts? ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Monday, June 19, 2006 11:36 AM To: MailScanner discussion Subject: Re: Checking Suspected E-Mails The useful information is in the Attachment-Warning.txt attachment that has been attached to his message, in replacement of the original file. Read *all* of it. On 19 Jun 2006, at 16:26, Kaplan, Andrew H. wrote: Hi there - One of users of our server received several e-mails indicating that a "Bad Filename was Detected". The e-mails in question were resumes that were sent to him from a recruiting company. The user has asked if there is a way to determine if the e-mails are truly suspect. What would be the best way to determine this? Thanks. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060619/45d8b573/attachment.html From steve.swaney at fsl.com Mon Jun 19 17:09:29 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Mon Jun 19 17:09:36 2006 Subject: Best way to measure sendmail queue depth? In-Reply-To: <4496C57A.8090003@sendit.nodak.edu> Message-ID: <0c2901c693ba$be6d6bc0$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Richard Frovarp > Sent: Monday, June 19, 2006 11:41 AM > To: MailScanner discussion > Subject: Re: Best way to measure sendmail queue depth? > > Stephen Swaney wrote: > > >>-----Original Message----- > >>From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >>bounces@lists.mailscanner.info] On Behalf Of campbell@cnpapers.com > >>Sent: Friday, June 16, 2006 7:02 PM > >>To: MailScanner discussion > >>Subject: Re: Best way to measure sendmail queue depth? > >> > >>Quoting "Furnish, Trever G" : > >> > >> > >> > >>>I've been checking sendmail inbound queue depth using a simple readdir > >>>and dividing the number of entries by two. This is checked every five > >>>minutes by Nagios with a 10-second timeout -- because of the timeout > and > >>>the frequency with which I want to do the check, I can't just use, for > >>>example: > >>> > >>> mailq |head -1 > >>> > >>>...because under heavy flow conditions the mailq command takes WAY too > >>>long to parse the entire set of queue files and generates too much > load. > >>> > >>>I always realized dividing the number of files in the queue by two was > >>>only a rough guess, but I didn't realize there could be so much > >>>disparity between that number and the number of messages listed by > >>>mailq. With mailq reporting 6 messages in the inbound queue, the > >>>directory actually contains 477 files! > >>> > >>> > >>The multitude of non-paired files are probably DATA files (df) of some > >>incomplete connections. You can probably delete all of these, but I > would > >>check > >>the times on them first. This is more than likely an attempt to clog up > >>your MTA. > >> > >>You could use a script with 'find' telling you which ones are older than > a > >>certain time period (one day should be very safe, one hour is probably > >>OK), and > >>delete them. Just a simple one-liner in your cron. Other than that, I'm > >>sure > >>there are sendmail options that would take care of this too, but they > >>don't jump > >>to mind right now, probably 'timeout_' options are the easiest to do. > >> > >> > >>>Mailq's result seems to match the count of files starting with a > >>>lowercase "q". I also have about the same number of files starting > with > >>>an uppercase "Q". The rest of the files are df files, most of them > >>>without any corresponding q file. > >>> > >>> > >>The 'Qf' files, I believe, are non-deliverable files, those that can't > be > >>delivered even to postmaster. They are renamed qf files. > >> > >>Hope this is accurate. > >> > >>Steve Campbell > >> > >> > >> > >>>Any idea what's going on? Previously I expected to find files that > >>>started with qf, df, xf, and tf (not Q), and to always have pairs of > >>>files. Obviously my expectation was pretty far off. :-) > >>> > >>>-- > >>> > >>> > > > >To find "orphaned" files from dropped or munged MTA connections (and only > >for sendmail systems) probably the command you want to use first is: > > > > find /var/spool/mqueue.in -mmin +120 -exec ls -l {} \; | more > > > >After examining the output and verifying that the all the files listed > are > >more than 2 hours old, then run: > > > > find /var/spool/mqueue.in -mmin +120 -exec /bin/rm {} \; > > > >Be careful. Typos can wipe out your operating system :( > > > >If you continue to see a LOT of these orphaned files, check that: > > > > Lock Type = > > > >In MailScanner .conf is set correctly for your version of sendmail (hint > >search the MailScanner archives). > > > >A good weekend to all! > > > >Steve > > > >Stephen Swaney > >Fort Systems Ltd. > >stephen.swaney@fsl.com > >www.fsl.com > > > > > > > I would go for a time greater that a mere 2 hours. We have had systems > trying to catch up to a spike for almost and entire day. If the check is > just 120 minutes, it would help the system catch up quicker, but it > would delete a lot of mail as well. We have been addressing the > performance issues and will be rotating in an additional MailScanner > machine before the school year starts up again, to try to alleviate such > backlogs. > Absolutely. That's why I recommend running: find /var/spool/mqueue.in -mmin +120 -exec ls -l {} \; | more Examine the output and make sure the files are all old before you blow things away :) And of course you can always increase +12 to whatever you are comfortable with. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From mailscanner at yeticomputers.com Mon Jun 19 17:20:57 2006 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Mon Jun 19 17:22:35 2006 Subject: Checking Suspected E-Mails In-Reply-To: <9C63A4713C4E3342B90428CE44806A7302679774@PHSXMB5.partners.org> References: <9C63A4713C4E3342B90428CE44806A7302679774@PHSXMB5.partners.org> Message-ID: <4496CEE9.90701@yeticomputers.com> It's not the html that's a problem there, it's the filename. I can't think of a legitimate reason that anyone would name their resume with a CLSID string in the filename, at least not any reason that doesn't assume some specialized, prearranged setup on the receiving end. In any case, the problem it described in more detail here: http://secunia.com/advisories/10736/ I've found that it's best to request that resumes be sent in plain ASCII text format. It helps me learn whether candidates can A. Follow directions. (Many can't. I still end up getting at least a quarter, and sometimes more than half of all resumes sent to me in Word, Word Perfect, HTML - you name it - formats.) B. Create a compelling resume without resorting to pretty tricks. Rick Kaplan, Andrew H. wrote: > > The report that I am seeing is the following: > > > > MailScanner: Files containing CLSID's are trying to hide their real > type (TIBOR_BERNER{3EDC67F9-93A4-42C3-AEC1-502D90D9A895}.html) > > > > If the resumes were sent as HTML files, it is possible they are > innocuous. Still, it probably would be better to have the sender > resend them in a format > > other than HTML. Your thoughts? > > > > > > > > ------------------------------------------------------------------------ > > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Julian Field > *Sent:* Monday, June 19, 2006 11:36 AM > *To:* MailScanner discussion > *Subject:* Re: Checking Suspected E-Mails > > > > The useful information is in the Attachment-Warning.txt attachment > that has been attached to his message, in replacement of the original > file. > > Read *all* of it. > > > > On 19 Jun 2006, at 16:26, Kaplan, Andrew H. wrote: > > > > Hi there -- > > > > One of users of our server received several e-mails indicating that a > "Bad Filename was Detected". The e-mails in question > > were resumes that were sent to him from a recruiting company. The user > has asked if there is a way to determine if the > > e-mails are truly suspect. > > > > What would be the best way to determine this? Thanks. > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > Julian Field > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060619/c4c1e388/attachment.html From MailScanner at ecs.soton.ac.uk Mon Jun 19 17:37:37 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 19 17:37:45 2006 Subject: Best way to measure sendmail queue depth? In-Reply-To: <0c2901c693ba$be6d6bc0$287ba8c0@office.fsl> References: <0c2901c693ba$be6d6bc0$287ba8c0@office.fsl> Message-ID: <4496D2D1.8050605@ecs.soton.ac.uk> Stephen Swaney wrote: > Absolutely. That's why I recommend running: > > find /var/spool/mqueue.in -mmin +120 -exec ls -l {} \; | more > If you are doing this frequently, or expect to get quite a lot of files listed, then this will be faster: find /var/spool/mqueue.in -mmin +120 -print | xargs ls -l | more as it will run the fewest "ls" processes possible, whereas the previous version will run 1 "ls" for each file output. Using xargs makes a huge difference when you are doing an operation on a lot of files using your "find" command. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From AHKAPLAN at PARTNERS.ORG Mon Jun 19 17:39:04 2006 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Mon Jun 19 17:39:17 2006 Subject: Checking Suspected E-Mails Message-ID: <9C63A4713C4E3342B90428CE44806A7302679776@PHSXMB5.partners.org> Thanks for the advise. I'm requesting the resumes be sent in text format. ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rick Chadderdon Sent: Monday, June 19, 2006 12:21 PM To: MailScanner discussion Subject: Re: Checking Suspected E-Mails It's not the html that's a problem there, it's the filename. I can't think of a legitimate reason that anyone would name their resume with a CLSID string in the filename, at least not any reason that doesn't assume some specialized, prearranged setup on the receiving end. In any case, the problem it described in more detail here: http://secunia.com/advisories/10736/ I've found that it's best to request that resumes be sent in plain ASCII text format. It helps me learn whether candidates can A. Follow directions. (Many can't. I still end up getting at least a quarter, and sometimes more than half of all resumes sent to me in Word, Word Perfect, HTML - you name it - formats.) B. Create a compelling resume without resorting to pretty tricks. Rick Kaplan, Andrew H. wrote: The report that I am seeing is the following: MailScanner: Files containing CLSID's are trying to hide their real type (TIBOR_BERNER{3EDC67F9-93A4-42C3-AEC1-502D90D9A895}.html) If the resumes were sent as HTML files, it is possible they are innocuous. Still, it probably would be better to have the sender resend them in a format other than HTML. Your thoughts? ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Monday, June 19, 2006 11:36 AM To: MailScanner discussion Subject: Re: Checking Suspected E-Mails The useful information is in the Attachment-Warning.txt attachment that has been attached to his message, in replacement of the original file. Read *all* of it. On 19 Jun 2006, at 16:26, Kaplan, Andrew H. wrote: Hi there - One of users of our server received several e-mails indicating that a "Bad Filename was Detected". The e-mails in question were resumes that were sent to him from a recruiting company. The user has asked if there is a way to determine if the e-mails are truly suspect. What would be the best way to determine this? Thanks. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060619/2916bf55/attachment-0001.html From mkettler at evi-inc.com Mon Jun 19 18:11:10 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Jun 19 18:11:48 2006 Subject: Checking Suspected E-Mails In-Reply-To: <9C63A4713C4E3342B90428CE44806A7302679772@PHSXMB5.partners.org> References: <9C63A4713C4E3342B90428CE44806A7302679772@PHSXMB5.partners.org> Message-ID: <4496DAAE.8060804@evi-inc.com> Kaplan, Andrew H. wrote: > Hi there ? > > > > One of users of our server received several e-mails indicating that a > ?Bad Filename was Detected?. The e-mails in question > > were resumes that were sent to him from a recruiting company. The user > has asked if there is a way to determine if the > > e-mails are truly suspect. Odds are, they're not. By default filename.rules.conf will flag damn near anything with what it thinks is a double extension. Unfortunately a large number of folks use dots instead of spaces or underscores so we get things like: Resume.Lastname.bob.doc and that gets flagged. Since our company is a three-letter acronym we also get a lot of things like: (whatever).quote.evi.doc which also gets flagged. And a lot of "converted" files get flagged: sales_data.xls.doc > > What would be the best way to determine this? Thanks. Take a loot at the filename and try to figure out which filename rule it matched out of filename.rules.conf. For what it's worth, I use a much more liberal set of rules to replace the stock double-extension rules out of filename.rules.conf. I've attached these for anyone who might like to use them... However, beware, my rules are more liberal, and you're increasing the chances of an new unknown virus getting by your system. Most of this should be common-sense and innocuous, but I suggest reading them carefully and understanding what they do before merging into your config. -------------- next part -------------- ####################################### # Exceptions to the double-extension rules: ####################################### #stock mailscanner rule: # Allow repeated file extension, e.g. blah.zip.zip allow (\.[a-z0-9]{3})\1$ #allow .com.extension, as this hides nothing # i.e. google.com.doc is OK # even if it was truncated, it would still look like an executable allow \.com\.[a-z0-9]{3}$ - - #ditto for .net and .org web-style domains allow \.net\.[a-z0-9]{3}$ - - allow \.org\.[a-z0-9]{3}$ - - # I don't know what this is, but one outside sender always does ".pro.doc" # I'm allowing it because it doesn't obscure the extension as a well-known # "safe" extension type allow \.pro\.[a-z0-9]{3}$ - - # allow document format conversions. .wps.doc, .wps.rtf, etc # in these cases the first extension is of the same threat class as the last extension. # Unless denied outright above, these are no more threatening when doubled. # note - absolute allow on .txt avoids the need for .doc.txt, etc. allow \.wps\.doc$ - - allow \.wps\.rtf$ - - allow \.xls\.doc$ - - allow \.ppt\.doc$ - - allow \.doc\.w[a-z0-9]{2}$ - - allow \.doc\.xls$ - - allow \.mpg\.avi - - allow \.mpeg\.avi - - allow \.avi\.mpg - - #image conversions don't need to be listed, I have absolute # allows on .jpg, .gif, .png, etc that would take precedence #dbase files renamed mdb are ok allow \.db.\.mdb$ - - #allow 4 letter extensions with equivalent 3 letter ie: file.html.htm # note: any 3.4 variants are redundant in my case because of the modified double-extension rule allow \.html\.htm$ - - allow \.icon\.ico$ - - allow \.conf\.cfg$ - - allow \.mpeg\.mpg$ - - allow \.mpg\.mpe$ - - allow \.mpeg\.mpe$ - - # allow "test.sp1.exe" and the like allow \.sp[0-9]\.[a-z]{3}$ - - # Deny most other double file extensions. This catches any hidden filenames. #MEK - made this a bit less generic. Second extension now must be # all alpha instead of alphanumeric # And only certain 4-char extensions are checked for hiding. #3.3 extension hiding deny \.[a-z][a-z0-9]{2}\s*\.[a-z]{3}$ Found possible filename hiding Attempt to hide real filename extension # look for 3 character extension hiding behind innocuous 4-character extension. (selective 4.3) deny \.text\s*\.[a-z]{3}$ Found possible filename hiding Attempt to hide real filename extension deny \.jpeg\s*\.[a-z]{3}$ Found possible filename hiding Attempt to hide real filename extension deny \.mpeg\s*\.[a-z]{3}$ Found possible filename hiding Attempt to hide real filename extension deny \.pict\s*\.[a-z]{3}$ Found possible filename hiding Attempt to hide real filename extension deny \.jiff\s*\.[a-z]{3}$ Found possible filename hiding Attempt to hide real filename extension deny \.html\s*\.[a-z]{3}$ Found possible filename hiding Attempt to hide real filename extension deny \.tiff\s*\.[a-z]{3}$ Found possible filename hiding Attempt to hide real filename extension deny \.vrml\s*\.[a-z]{3}$ Found possible filename hiding Attempt to hide real filename extension deny \.conf\s*\.[a-z]{3}$ Found possible filename hiding Attempt to hide real filename extension deny \.diff\s*\.[a-z]{3}$ Found possible filename hiding Attempt to hide real filename extension deny \.java\s*\.[a-z]{3}$ Found possible filename hiding Attempt to hide real filename extension deny \.cert\s*\.[a-z]{3}$ Found possible filename hiding Attempt to hide real filename extension deny \.icon\s*\.[a-z]{3}$ Found possible filename hiding Attempt to hide real filename extension From AHKAPLAN at PARTNERS.ORG Mon Jun 19 18:21:04 2006 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Mon Jun 19 18:21:18 2006 Subject: Checking Suspected E-Mails Message-ID: <9C63A4713C4E3342B90428CE44806A7302679777@PHSXMB5.partners.org> Hi there -- I sent a request to the user receiving the resumes to have the send resubmit them in plain text format. That should, hopefully, take care of the issue. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Kettler Sent: Monday, June 19, 2006 1:11 PM To: MailScanner discussion Subject: Re: Checking Suspected E-Mails Kaplan, Andrew H. wrote: > Hi there - > > > > One of users of our server received several e-mails indicating that a > "Bad Filename was Detected". The e-mails in question > > were resumes that were sent to him from a recruiting company. The user > has asked if there is a way to determine if the > > e-mails are truly suspect. Odds are, they're not. By default filename.rules.conf will flag damn near anything with what it thinks is a double extension. Unfortunately a large number of folks use dots instead of spaces or underscores so we get things like: Resume.Lastname.bob.doc and that gets flagged. Since our company is a three-letter acronym we also get a lot of things like: (whatever).quote.evi.doc which also gets flagged. And a lot of "converted" files get flagged: sales_data.xls.doc > > What would be the best way to determine this? Thanks. Take a loot at the filename and try to figure out which filename rule it matched out of filename.rules.conf. For what it's worth, I use a much more liberal set of rules to replace the stock double-extension rules out of filename.rules.conf. I've attached these for anyone who might like to use them... However, beware, my rules are more liberal, and you're increasing the chances of an new unknown virus getting by your system. Most of this should be common-sense and innocuous, but I suggest reading them carefully and understanding what they do before merging into your config. From mkettler at evi-inc.com Mon Jun 19 18:37:14 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Jun 19 18:37:23 2006 Subject: Checking Suspected E-Mails In-Reply-To: <9C63A4713C4E3342B90428CE44806A7302679777@PHSXMB5.partners.org> References: <9C63A4713C4E3342B90428CE44806A7302679777@PHSXMB5.partners.org> Message-ID: <4496E0CA.80308@evi-inc.com> Kaplan, Andrew H. wrote: > Hi there -- > > I sent a request to the user receiving the resumes to have the send resubmit > them in plain text format. That should, hopefully, take care of the issue. Yes, but you might not want to do that if the person you're recruiting (the sender) is technical. I know I for one would have a negative impression of the technical capacity of the company if I received such a request if the original was truly innocuous and not anything a reasonable person would consider questionable. I know my own angles on such things are harsher than most, but do consider the kind of impression you're creating with such things. In this case, you may not want to hire someone so opinionated, so that might be perfectly fine. I'm simply advising that the "resend as text please" may create a negative impression you might not wish to convey to potential customers, partners or recruits. Be aware of it, consider it, and establish your policies accordingly. From lars+lister.mailscanner at adventuras.no Mon Jun 19 18:44:51 2006 From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen) Date: Mon Jun 19 18:45:11 2006 Subject: Best way to measure sendmail queue depth? In-Reply-To: <4496D2D1.8050605@ecs.soton.ac.uk> References: <0c2901c693ba$be6d6bc0$287ba8c0@office.fsl> <4496D2D1.8050605@ecs.soton.ac.uk> Message-ID: <4496E293.10901@adventuras.no> Julian Field skrev: > > > Stephen Swaney wrote: >> Absolutely. That's why I recommend running: >> >> find /var/spool/mqueue.in -mmin +120 -exec ls -l {} \; | more >> > If you are doing this frequently, or expect to get quite a lot of > files listed, then this will be faster: > find /var/spool/mqueue.in -mmin +120 -print | xargs ls -l | more > as it will run the fewest "ls" processes possible, whereas the > previous version will run 1 "ls" for each file output. > > Using xargs makes a huge difference when you are doing an operation on > a lot of files using your "find" command. Be careful with what you wish for when using xargs. Some versions of xargs want to run once with empty argument if there is no match. If you do rm-rf thing with a path first then...pfft, rm that path. If your version of xargs has a '--no-run-if-empty' -option, that option should be used. It is not polite to ask how I know all this. -- Regards from Lars From uxbod at splatnix.net Mon Jun 19 19:54:32 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Mon Jun 19 18:54:59 2006 Subject: OffTopic: HoneyPot Message-ID: <20060619185432.2efda7ce@cyborg> Hi All, i have now registered a few domains to provide honeypot addresses. What tactics do you use for getting these email addresses around ? Thanks, -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dhawal at netmagicsolutions.com Mon Jun 19 19:02:12 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Mon Jun 19 19:02:22 2006 Subject: OffTopic: HoneyPot In-Reply-To: <20060619185432.2efda7ce@cyborg> References: <20060619185432.2efda7ce@cyborg> Message-ID: <4496E6A4.2040401@netmagicsolutions.com> --[UxBoD]-- wrote: > Hi All, > > i have now registered a few domains to provide honeypot addresses. What tactics do you use for getting these email addresses around ? > > Thanks, > Use the URLs in your signature.. when posting to mailing lists ;-) - dhawal From naolson at gmail.com Mon Jun 19 19:23:45 2006 From: naolson at gmail.com (Nathan Olson) Date: Mon Jun 19 19:23:52 2006 Subject: OffTopic: HoneyPot In-Reply-To: <20060619185432.2efda7ce@cyborg> References: <20060619185432.2efda7ce@cyborg> Message-ID: <8f54b4330606191123i2302990dqceaffbb61497cec6@mail.gmail.com> Just breathe. Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060619/14f0052c/attachment.html From dyioulos at firstbhph.com Mon Jun 19 20:01:16 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Mon Jun 19 20:01:26 2006 Subject: Spamassassin false negatives Message-ID: <200606191501.17573.dyioulos@firstbhph.com> Hello all. I'm not sure if this is the 100% correct place to ask (if not, apologoes), but: I recently upgraded to MS 4.54.6-1 running on a CentOS 3.7 box. I'm also running sendmail-8.12.11-4.RHEL3.6 and SA 3.0.4-1. Up until recently, my setup was catching every piece of spam entering our system. But lately (not sure exactly when this started), I'm getting a faair number of false negatives. Curiously, most of the rule hits now are bayes, DCC, pyzor, razor and rbl. That isn't bad, of course, but I would think, based on the content of the spam, that I'd be hitting a lot more rules (I have several SARE rulesets installed). Really, I haven't changed my MS configuration much, and am puzzled as to why more rules aren't being hit. Your insights would be appreciated. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From christian at columbiafuels.com Mon Jun 19 20:06:19 2006 From: christian at columbiafuels.com (Christian Rasmussen) Date: Mon Jun 19 20:06:19 2006 Subject: Whitelisted when it shouldn't be Message-ID: <2023D81BC0235143A46589958FF543F502F5D7F8@bigbird.columbiafuels.com> I'm running version 4.54.6/Sendmail on FC3 I'm seeing entries in my maillog showing whitelisted messages a couple of times a day from domains/IPs that I haven't whitelisted. Aside from the MailScanner/rules/spam.whitelist.rules (or any other file in that tree) is there anywhere else that MailScanner would get the idea that the message should be whitelisted? Everything else appears to be working just fine and the ones that are actually whitelisted do appear in the same manner. I can't find anyone else posting to the list with the same issue (no hits in the wiki either) Jun 19 05:59:36 mx1 sendmail[10599]: k5JCxNGc010599: from=, size=2448, class=0, nrcpts=1, msgid=, proto=SM TP, daemon=MTA, relay=cei175.neoplus.adsl.tpnet.pl [83.30.184.175] Jun 19 05:59:36 mx1 sendmail[10599]: k5JCxNGc010599: to=, delay=00:00:04, mailer=relay, pri=32448, stat=queued Jun 19 05:59:38 mx1 MailScanner[6417]: New Batch: Found 2 messages waiting Jun 19 05:59:38 mx1 MailScanner[6417]: New Batch: Scanning 1 messages, 3003 bytes Jun 19 05:59:38 mx1 MailScanner[6417]: MCP Checks: Starting Jun 19 05:59:38 mx1 MailScanner[6417]: Spam Checks: Starting Jun 19 05:59:38 mx1 MailScanner[6417]: Expired 3 records from the SpamAssassin cache Jun 19 05:59:38 mx1 MailScanner[6417]: Message k5JCxNGc010599 from 83.30.184.175 (pqwpzr@schwarb.com) is whitelisted Any ideas/thoughts/pointers appreciated. Thanks, -Christian From taz at taz-mania.com Mon Jun 19 20:13:08 2006 From: taz at taz-mania.com (Dennis Willson) Date: Mon Jun 19 20:13:31 2006 Subject: OffTopic: HoneyPot In-Reply-To: <20060619185432.2efda7ce@cyborg> References: <20060619185432.2efda7ce@cyborg> Message-ID: <4496F744.9030508@taz-mania.com> Put email addresses using these domains in: 1. signatures of emails to mailing lists. 2. in webpages (you can make them invisible by making the foreground and background colors the same) 3. postings to usenet groups 4. contacts for domain registrations 5. use them on "remove me" pages for Spam you get just to name a few... --[UxBoD]-- wrote: >Hi All, > >i have now registered a few domains to provide honeypot addresses. What tactics do you use for getting these email addresses around ? > >Thanks, > > > -- ---------------------------------- Dennis Willson mailto:taz@taz-mania.com http://www.taz-mania.com Owner / Operator, Kepnet Internet Services -------------- next part -------------- A non-text attachment was scrubbed... Name: taz.vcf Type: text/x-vcard Size: 219 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060619/9da647ec/taz.vcf From mike at vesol.com Mon Jun 19 20:20:25 2006 From: mike at vesol.com (Mike Kercher) Date: Mon Jun 19 20:20:41 2006 Subject: OffTopic: HoneyPot In-Reply-To: <20060619185432.2efda7ce@cyborg> Message-ID: mailscanner-bounces@lists.mailscanner.info <> scribbled on : > Hi All, > > i have now registered a few domains to provide honeypot > addresses. What tactics do you use for getting these email > addresses around ? > > Thanks, > > -- > This message has been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. http://www.google.com/search?hl=en&q=Free+Ipod+Nano&btnG=Google+Search Sign up for a few of these gems and you WILL get spammed :) Mike From mkettler at evi-inc.com Mon Jun 19 20:32:37 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Jun 19 20:32:47 2006 Subject: Whitelisted when it shouldn't be In-Reply-To: <2023D81BC0235143A46589958FF543F502F5D7F8@bigbird.columbiafuels.com> References: <2023D81BC0235143A46589958FF543F502F5D7F8@bigbird.columbiafuels.com> Message-ID: <4496FBD5.5060105@evi-inc.com> Christian Rasmussen wrote: > I'm running version 4.54.6/Sendmail on FC3 > > I'm seeing entries in my maillog showing whitelisted messages a couple > of times a day from domains/IPs that I haven't whitelisted. Aside from > the MailScanner/rules/spam.whitelist.rules (or any other file in that > tree) is there anywhere else that MailScanner would get the idea that > the message should be whitelisted? Everything else appears to be working > just fine and the ones that are actually whitelisted do appear in the > same manner. > > > Any ideas/thoughts/pointers appreciated. > AFAIK, there's no other files that will cause this... That said, first check your "Is Definitely Not Spam" setting in MailScanner.conf. It should point to your spam.whitelist.rules like so: Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules If it's not set that way, check the file it is set to. While you're at it, make sure rules-dir is set to the correct directory. Something like this should be in your MailScanner.conf: %rules-dir% = /etc/MailScanner/rules After verifying MailScanner.conf is sane, I'd suggest running the following greps in your rules directory: #checking from= grep -i schwarb.com * grep -i pqwpzr * # checking: to= grep -i ensure * grep -i ONE_OF_MY_DOMAINS * # checking: relay=cei175.neoplus.adsl.tpnet.pl [83.30.184.175] grep -i neoplus * grep -i adsl * grep -i tpnet * grep -i "83\.30\.184\." * It's possible a From or To: rule isn't working quite as you expect, so this should pull out all the relevant rules. From jeff at ellisplace.net Mon Jun 19 20:57:43 2006 From: jeff at ellisplace.net (Jeff Ellis) Date: Mon Jun 19 20:57:48 2006 Subject: Whitelisted when it shouldn't be In-Reply-To: <2023D81BC0235143A46589958FF543F502F5D7F8@bigbird.columbiafuels.com> References: <2023D81BC0235143A46589958FF543F502F5D7F8@bigbird.columbiafuels.com> Message-ID: <449701B7.1090401@ellisplace.net> Christian Rasmussen wrote: > I'm running version 4.54.6/Sendmail on FC3 > > I'm seeing entries in my maillog showing whitelisted messages a couple > of times a day from domains/IPs that I haven't whitelisted. Aside from > the MailScanner/rules/spam.whitelist.rules (or any other file in that > tree) is there anywhere else that MailScanner would get the idea that > the message should be whitelisted? Everything else appears to be working > just fine and the ones that are actually whitelisted do appear in the > same manner. > > I can't find anyone else posting to the list with the same issue (no > hits in the wiki either) > > Jun 19 05:59:36 mx1 sendmail[10599]: k5JCxNGc010599: > from=, size=2448, class=0, nrcpts=1, > msgid=, proto=SM > TP, daemon=MTA, relay=cei175.neoplus.adsl.tpnet.pl [83.30.184.175] > Jun 19 05:59:36 mx1 sendmail[10599]: k5JCxNGc010599: > to=, delay=00:00:04, mailer=relay, pri=32448, > stat=queued > Jun 19 05:59:38 mx1 MailScanner[6417]: New Batch: Found 2 messages > waiting > Jun 19 05:59:38 mx1 MailScanner[6417]: New Batch: Scanning 1 messages, > 3003 bytes > Jun 19 05:59:38 mx1 MailScanner[6417]: MCP Checks: Starting > Jun 19 05:59:38 mx1 MailScanner[6417]: Spam Checks: Starting > Jun 19 05:59:38 mx1 MailScanner[6417]: Expired 3 records from the > SpamAssassin cache > Jun 19 05:59:38 mx1 MailScanner[6417]: Message k5JCxNGc010599 from > 83.30.184.175 (pqwpzr@schwarb.com) is whitelisted > > Any ideas/thoughts/pointers appreciated. > > Thanks, > > -Christian > I chased down this issue earlier today on my server. Domains were getting whitelisted from my "70_sare_whitelist_rcvd.cf" file. I had two copies of the file -- one in /etc/mail/spamassassin/70_sare_whitelist_rcvd.cf and one in /etc/mail/spamassassin/RulesDuJour/70_sare_whitelist_rcvd.cf. Not sure which it was hitting but renamed both files and those domains are no longer whitelisted. Jeff From sandrews at andrewscompanies.com Mon Jun 19 20:58:24 2006 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Mon Jun 19 20:58:28 2006 Subject: Filename rules question Message-ID: <1964AAFBC212F742958F9275BF63DBB03B16C4@winchester.andrewscompanies.com> In filename.rules.conf, it blocks double file extensions; however, I've got one company that has to be able to get a file "xxxxxx.cmt.rtf" in their email. How should I allow this? Tia Steve From mkettler at evi-inc.com Mon Jun 19 21:07:05 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Jun 19 21:07:17 2006 Subject: Whitelisted when it shouldn't be In-Reply-To: <449701B7.1090401@ellisplace.net> References: <2023D81BC0235143A46589958FF543F502F5D7F8@bigbird.columbiafuels.com> <449701B7.1090401@ellisplace.net> Message-ID: <449703E9.5010009@evi-inc.com> Jeff Ellis wrote: >> > I chased down this issue earlier today on my server. Domains were > getting whitelisted from my "70_sare_whitelist_rcvd.cf" file. I had two > copies of the file -- one in > /etc/mail/spamassassin/70_sare_whitelist_rcvd.cf and one in > /etc/mail/spamassassin/RulesDuJour/70_sare_whitelist_rcvd.cf. Not sure > which it was hitting but renamed both files and those domains are no > longer whitelisted. That should not be the source of this problem. 70_sare_whitelist_rcvd.cf would cause SpamAssassin to think the message was whitelisted (ie: it would cause a rule hit of USER_IN_WHITELIST) This is MailScanner thinking it's whitelisted, which will not be related to any file in /etc/mail/spamassassin/. Jeff: FWIW, the one in /etc/mail/spamassassin was the running copy. The one in the RulesDuJour sub-dir is a temp copy used when RDJ runs and downloads files. You should make sure that the whitelist file is no longer enabled in your RDJ config, otherwise the file will simply get installed again the next time you run RDJ. From mkettler at evi-inc.com Mon Jun 19 21:15:52 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Jun 19 21:16:01 2006 Subject: Filename rules question In-Reply-To: <1964AAFBC212F742958F9275BF63DBB03B16C4@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB03B16C4@winchester.andrewscompanies.com> Message-ID: <449705F8.9020102@evi-inc.com> sandrews@andrewscompanies.com wrote: > In filename.rules.conf, it blocks double file extensions; however, I've > got one company that has to be able to get a file "xxxxxx.cmt.rtf" in > their email. > > How should I allow this? Above the double-extension deny rule, add an allow rule like such: allow \.cmt\.rtf$ - - Warning: please note that the above fields MUST be delimted by TAB characters. If you copy-paste into your config file, they'll likely get changed to spaces and you'll have to fix that. You can see a lot of other examples of exceptions you might wish to consider in the file attached to my post earlier today with the subject "Re: Checking Suspected E-Mails". From Denis.Beauchemin at USherbrooke.ca Mon Jun 19 21:15:58 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Jun 19 21:31:26 2006 Subject: Filename rules question In-Reply-To: <1964AAFBC212F742958F9275BF63DBB03B16C4@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB03B16C4@winchester.andrewscompanies.com> Message-ID: <449705FE.4050309@USherbrooke.ca> sandrews@andrewscompanies.com a ?crit : > In filename.rules.conf, it blocks double file extensions; however, I've > got one company that has to be able to get a file "xxxxxx.cmt.rtf" in > their email. > > How should I allow this? > > Tia > > Steve > Allow Filenames = xxxxxx\.cmt\.rtf$ Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060619/611c914a/smime.bin From jeff at ellisplace.net Mon Jun 19 21:34:32 2006 From: jeff at ellisplace.net (Jeff Ellis) Date: Mon Jun 19 21:35:14 2006 Subject: Whitelisted when it shouldn't be In-Reply-To: <449703E9.5010009@evi-inc.com> References: <2023D81BC0235143A46589958FF543F502F5D7F8@bigbird.columbiafuels.com> <449701B7.1090401@ellisplace.net> <449703E9.5010009@evi-inc.com> Message-ID: <44970A58.5000106@ellisplace.net> Matt Kettler wrote: > Jeff Ellis wrote: > > >>> >>> >> I chased down this issue earlier today on my server. Domains were >> getting whitelisted from my "70_sare_whitelist_rcvd.cf" file. I had two >> copies of the file -- one in >> /etc/mail/spamassassin/70_sare_whitelist_rcvd.cf and one in >> /etc/mail/spamassassin/RulesDuJour/70_sare_whitelist_rcvd.cf. Not sure >> which it was hitting but renamed both files and those domains are no >> longer whitelisted. >> > > > > That should not be the source of this problem. 70_sare_whitelist_rcvd.cf would > cause SpamAssassin to think the message was whitelisted (ie: it would cause a > rule hit of USER_IN_WHITELIST) > > This is MailScanner thinking it's whitelisted, which will not be related to any > file in /etc/mail/spamassassin/. > > > Jeff: FWIW, the one in /etc/mail/spamassassin was the running copy. The one in > the RulesDuJour sub-dir is a temp copy used when RDJ runs and downloads files. > > You should make sure that the whitelist file is no longer enabled in your RDJ > config, otherwise the file will simply get installed again the next time you run > RDJ. > > Thank you for the information. I have a _lot_ to learn yet about all this and shouldn't jumped in so quickly. I changed my RDJ config so those files won't be updated again and now I'll go back to lurking and learning. :-) From daniel.maher at ubisoft.com Mon Jun 19 21:44:17 2006 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Mon Jun 19 21:44:20 2006 Subject: RulesDuJour (mildly OT) Message-ID: <1E293D3FF63A3740B10AD5AAD88535D20226CF12@UBIMAIL1.ubisoft.org> Hi all, Though I realise this is the MailScanner list, I was wondering if anybody out there was using RulesDuJour? I've got it installed and working properly, in that it downloads the Rules as expected, however where it places the rules is somewhat inconvenient. Instead of putting them into the directory which spamassassin expects: /etc/mail/spamassassin/ , it places them into a sub-directory from there: /etc/mail/spamassassin/RulesDuJour/ . I could just edit the RulesDuJour script (for example), but it auto-updates itself, meaning every time the script changed, I'd have to edit it again. There are, of course, numerous other possible options; I am curious as to what solution the MailScanner community has found to be the "cleanest". Thanks! -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Sentio aliquos togatos contra me conspirare. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060619/6bf5a91e/attachment.html From sandrews at andrewscompanies.com Mon Jun 19 21:50:23 2006 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Mon Jun 19 21:50:26 2006 Subject: Filename rules question Message-ID: <1964AAFBC212F742958F9275BF63DBB03B16CC@winchester.andrewscompanies.com> Thanks Matt! -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Kettler Sent: Monday, June 19, 2006 4:16 PM To: MailScanner discussion Subject: Re: Filename rules question sandrews@andrewscompanies.com wrote: > In filename.rules.conf, it blocks double file extensions; however, > I've got one company that has to be able to get a file > "xxxxxx.cmt.rtf" in their email. > > How should I allow this? Above the double-extension deny rule, add an allow rule like such: allow \.cmt\.rtf$ - - Warning: please note that the above fields MUST be delimted by TAB characters. If you copy-paste into your config file, they'll likely get changed to spaces and you'll have to fix that. You can see a lot of other examples of exceptions you might wish to consider in the file attached to my post earlier today with the subject "Re: Checking Suspected E-Mails". -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mkettler at evi-inc.com Mon Jun 19 21:56:08 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Jun 19 21:56:20 2006 Subject: Whitelisted when it shouldn't be In-Reply-To: <44970A58.5000106@ellisplace.net> References: <2023D81BC0235143A46589958FF543F502F5D7F8@bigbird.columbiafuels.com> <449701B7.1090401@ellisplace.net> <449703E9.5010009@evi-inc.com> <44970A58.5000106@ellisplace.net> Message-ID: <44970F68.3080906@evi-inc.com> Jeff Ellis wrote: > Matt Kettler wrote: >> >> That should not be the source of this problem. 70_sare_whitelist_rcvd.cf would >> cause SpamAssassin to think the message was whitelisted (ie: it would cause a >> rule hit of USER_IN_WHITELIST) >> >> > Thank you for the information. I have a _lot_ to learn yet about all > this and shouldn't jumped in so quickly. Hey, no problem.. If you hadn't jumped in, you would not have gained the knowledge you now possess. From mkettler at evi-inc.com Mon Jun 19 22:04:08 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Jun 19 22:04:16 2006 Subject: RulesDuJour (mildly OT) In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D20226CF12@UBIMAIL1.ubisoft.org> References: <1E293D3FF63A3740B10AD5AAD88535D20226CF12@UBIMAIL1.ubisoft.org> Message-ID: <44971148.1050701@evi-inc.com> Daniel Maher wrote: > Hi all, > > > > Though I realise this is the MailScanner list, I was wondering if > anybody out there was using RulesDuJour? I do. I?ve got it installed and > working properly, in that it downloads the Rules as expected, however > where it /places/ the rules is somewhat inconvenient. Instead of > putting them into the directory which spamassassin expects: > /etc/mail/spamassassin/ , it places them into a sub-directory from > there: /etc/mail/spamassassin/RulesDuJour/ . Those are only temp files where RDJ performs its initial downloads. After the rules successfully pass spamassassin --lint, they should be copied to /etc/mail/spamassassin. This acts as a fail safe against installing a corrupted download or bugged ruleset. Are you sure RDJ is not copying them into /etc/mail/spamassassin after a successful run? Note: RDJ keeps the temp files as a record to itself of what it last downloaded. So don't expect them to go away. It copies them to /etc/mail/spamassassin, it does not move them. > > I could just edit the RulesDuJour script (for example), but it > auto-updates itself, meaning every time the script changed, I?d have to > edit it again. There are, of course, numerous other possible options; I > am curious as to what solution the MailScanner community has found to be > the ?cleanest?. No need to edit it. It should be working correctly. Check to make sure it's not. Odds are RDJ is working fine. From michele at blacknight.ie Mon Jun 19 22:13:17 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Mon Jun 19 22:13:21 2006 Subject: OffTopic: HoneyPot In-Reply-To: <4496F744.9030508@taz-mania.com> References: <20060619185432.2efda7ce@cyborg> <4496F744.9030508@taz-mania.com> Message-ID: <4497136D.9080001@blacknight.ie> Dennis Willson wrote: > Put email addresses using these domains in: > > 1. signatures of emails to mailing lists. > 2. in webpages (you can make them invisible by making the foreground and > background colors the same) > 3. postings to usenet groups > 4. contacts for domain registrations > 5. use them on "remove me" pages for Spam you get > > just to name a few... > Far too much hardwork :) I get plenty of spam to rarely used or defunct emails all the time... Make it public once and you'll get spam -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From michele at blacknight.ie Mon Jun 19 22:19:58 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Mon Jun 19 22:19:59 2006 Subject: RulesDuJour (mildly OT) In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D20226CF12@UBIMAIL1.ubisoft.org> References: <1E293D3FF63A3740B10AD5AAD88535D20226CF12@UBIMAIL1.ubisoft.org> Message-ID: <449714FE.5060104@blacknight.ie> Have a look at the FSL script http://www.fsl.com/support It's a nice and tidy implementation -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From mailscanner at yeticomputers.com Mon Jun 19 22:24:24 2006 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Mon Jun 19 22:26:19 2006 Subject: Checking Suspected E-Mails In-Reply-To: <4496E0CA.80308@evi-inc.com> References: <9C63A4713C4E3342B90428CE44806A7302679777@PHSXMB5.partners.org> <4496E0CA.80308@evi-inc.com> Message-ID: <44971608.2040107@yeticomputers.com> Matt Kettler wrote: > Kaplan, Andrew H. wrote: > >> Hi there -- >> >> I sent a request to the user receiving the resumes to have the send resubmit >> them in plain text format. That should, hopefully, take care of the issue. >> > > Yes, but you might not want to do that if the person you're recruiting (the > sender) is technical. > > I know I for one would have a negative impression of the technical capacity of > the company if I received such a request if the original was truly innocuous and > not anything a reasonable person would consider questionable. > > I know my own angles on such things are harsher than most, but do consider the > kind of impression you're creating with such things. > > In this case, you may not want to hire someone so opinionated, so that might be > perfectly fine. I'm simply advising that the "resend as text please" may create > a negative impression you might not wish to convey to potential customers, > partners or recruits. Be aware of it, consider it, and establish your policies > accordingly. It's interesting how different one person's view of "reasonable" can be from another's. I consider myself perfectly reasonable, but I find it annoying when people send me resumes in formats other than plain text. Anything else is making a (usually) unwarranted assumption about the receiver. Of course, I certainly wouldn't expect anybody to want to work for me if they found my way of thinking to be unreasonable. nor would I hire them if I felt we were incompatible, so I guess this is just a long way of agreeing with you. I guess it doesn't matter what format you request when receiving documents, there will be someone who judges you based on that request. I wouldn't even apply for a job if the advert said, "Please attach resume in Microsoft Word format," even though I am perfectly capable of producing such a document. Bad impression. Would either myself or the potential employer really lose out? No, we're almost certainly going to be a bad match. One of the reasons I'm self-employed, I guess. :) To bring this back onto topic: Andrew's original problem wasn't the format of the resume, it was the fact that the filename of the resume contained a CLSID string. If someone sent me a resume with the filename "TIBOR_BERNER{3EDC67F9-93A4-42C3-AEC1-502D90D9A895}.html", I would be likely to delete it unread, even if it did make it past MailScanner. Rick From uxbod at splatnix.net Tue Jun 20 00:40:38 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Mon Jun 19 23:41:03 2006 Subject: OffTopic: HoneyPot In-Reply-To: <4497136D.9080001@blacknight.ie> References: <20060619185432.2efda7ce@cyborg> <4496F744.9030508@taz-mania.com> <4497136D.9080001@blacknight.ie> Message-ID: <20060619234038.30025673@cyborg> On Mon, 19 Jun 2006 22:13:17 +0100 "Michele Neylon :: Blacknight.ie" wrote: > Dennis Willson wrote: > > Put email addresses using these domains in: > > > > 1. signatures of emails to mailing lists. > > 2. in webpages (you can make them invisible by making the foreground and > > background colors the same) > > 3. postings to usenet groups > > 4. contacts for domain registrations > > 5. use them on "remove me" pages for Spam you get > > > > just to name a few... > > > > Far too much hardwork :) > > I get plenty of spam to rarely used or defunct emails all the time... > Make it public once and you'll get spam > > Many thanks to everyone's reply - Appreciated. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From samp at arial-concept.com Tue Jun 20 00:26:48 2006 From: samp at arial-concept.com (Sam Przyswa) Date: Tue Jun 20 00:27:02 2006 Subject: Rulesest format in smap.whitelist.rules In-Reply-To: <44915B9B.9060807@USherbrooke.ca> References: <4491541C.5000203@arial-concept.com> <44915B9B.9060807@USherbrooke.ca> Message-ID: <449732B8.4040606@arial-concept.com> Denis Beauchemin a ?crit : > Sam Przyswa a ?crit : > >> Hi, >> >> Is it possible to use the regex format in spam.whitelist.rules as: >> >> From: smtp*.orange.fr yes >> >> to permit the smtp1.orange.fr, smtp2.orange.fr, smtpX.orange.fr etc ? >> >> Sam. >> > Sam, > > It should work just fine. It DON'T !!! I have in my whitelist From: smtp*.free.fr yes When I received a mail from smtp2-g19.free.fr (blacklisted server) the mail is received as SPAM !!! What's wrong ? Sam. -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. From mkettler at evi-inc.com Tue Jun 20 00:47:47 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Jun 20 00:47:55 2006 Subject: Checking Suspected E-Mails In-Reply-To: <44971608.2040107@yeticomputers.com> References: <9C63A4713C4E3342B90428CE44806A7302679777@PHSXMB5.partners.org> <4496E0CA.80308@evi-inc.com> <44971608.2040107@yeticomputers.com> Message-ID: <449737A3.8070001@evi-inc.com> Rick Chadderdon wrote: > > To bring this back onto topic: Andrew's original problem wasn't the > format of the resume, it was the fact that the filename of the resume > contained a CLSID string. If someone sent me a resume with the filename > "TIBOR_BERNER{3EDC67F9-93A4-42C3-AEC1-502D90D9A895}.html", I would be > likely to delete it unread, even if it did make it past MailScanner. True. I'd agree 100%. There are some filenames that are just over the top. However, consider if it was something like "Resume-kettler.matt.pdf". You can't take the platform assumption argument, other than that I'm assuming you're using a graphical OS. (ok, I'm assuming you're not using a dumb terminal connected to a VAX...) There's certainly nothing suspect, or even out of the ordinary, about that filename. The filetype itself is not amenable to carrying attacks. (it's not able to carry over-powered macros that can do more-or-less anything like word documents) However, that file name would be blocked by the default filename.rules.conf. There's no default "allow" rule for pdf's and ".matt.pdf" would match the default "double extension" rule. For reference, the default double-extension rule is: \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ The filename would be unreasonably blocked by MailScanner. Asking a person to try to dodge MS's default filename rules is, IMHO, unreasonable. "Re-send it in text" makes it sound like your computing facilities were state of the art in 1990 and haven't improved since. (Can't handle a PDF because Windows 98, Macos 9, OS/2 warp and RedHat 6.0 are all too new for you eh?) From mikej at rogers.com Tue Jun 20 03:45:49 2006 From: mikej at rogers.com (Mike Jakubik) Date: Tue Jun 20 03:45:34 2006 Subject: Reporting all attachments in "Always Looked Up Last" Message-ID: <4497615D.5000108@rogers.com> Julian, Is it possible to have Always Looked Up Last report all of the present attachments even if there is no virus or name infection? The current behavior seems to only do it when either of the above are present. Thanks. From grover1711 at gmail.com Tue Jun 20 06:50:22 2006 From: grover1711 at gmail.com (ankush grover) Date: Tue Jun 20 06:50:31 2006 Subject: giving scores in blacklist or configuring some email ids in blacklist to be high scoring spam Message-ID: <5f638b360606192250g7b67188dy2927507ced270fc5@mail.gmail.com> hey friends, How do I give scores in blacklist? For example if I am receiving mails from a particular domain and I want to reject the mails from that domain totally. How can I do with blacklist ? I have defined few spammers in my list and now I don't want to receive any mails from them. I have set High Scoring Spam Actions = delete in MailScanner.conf From: magd@dwboston.com yes From: royaligeara@comteck.com yes From: hohnbrynmor@amiga.com yes How I can configure these emails to be high scoring spam ? I am using MailScanner 4.44 with Postfix 2.1.5 on FC3. Thanks & Regards Ankush Grover From shuttlebox at gmail.com Tue Jun 20 08:35:30 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Jun 20 08:35:35 2006 Subject: giving scores in blacklist or configuring some email ids in blacklist to be high scoring spam In-Reply-To: <5f638b360606192250g7b67188dy2927507ced270fc5@mail.gmail.com> References: <5f638b360606192250g7b67188dy2927507ced270fc5@mail.gmail.com> Message-ID: <625385e30606200035o45b00adepc9349b6e3c02af78@mail.gmail.com> On 6/20/06, ankush grover wrote: > hey friends, > > > How do I give scores in blacklist? For example if I am receiving mails > from a particular domain and I want to reject the mails from that > domain totally. How can I do with blacklist ? > > I have defined few spammers in my list and now I don't want to receive > any mails from them. I have set High Scoring Spam Actions = delete in > MailScanner.conf > > From: magd@dwboston.com yes > From: royaligeara@comteck.com yes > From: hohnbrynmor@amiga.com yes > > How I can configure these emails to be high scoring spam ? # Setting this to yes means that spam found in the blacklist is treated # as "High Scoring Spam" in the "Spam Actions" section below. Setting it # to no means that it will be treated as "normal" spam. # This can also be the filename of a ruleset. Definite Spam Is High Scoring = yes -- /peter From MailScanner at ecs.soton.ac.uk Tue Jun 20 08:50:10 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 20 08:50:23 2006 Subject: Checking Suspected E-Mails In-Reply-To: <449737A3.8070001@evi-inc.com> References: <9C63A4713C4E3342B90428CE44806A7302679777@PHSXMB5.partners.org> <4496E0CA.80308@evi-inc.com> <44971608.2040107@yeticomputers.com> <449737A3.8070001@evi-inc.com> Message-ID: <9A11C30B-C951-47FA-9201-F6345FDCC8F3@ecs.soton.ac.uk> On 20 Jun 2006, at 00:47, Matt Kettler wrote: > Rick Chadderdon wrote: > > > assumption > argument isn't 100% valid.> > >> >> To bring this back onto topic: Andrew's original problem wasn't the >> format of the resume, it was the fact that the filename of the resume >> contained a CLSID string. If someone sent me a resume with the >> filename >> "TIBOR_BERNER{3EDC67F9-93A4-42C3-AEC1-502D90D9A895}.html", I would be >> likely to delete it unread, even if it did make it past MailScanner. > > True. I'd agree 100%. There are some filenames that are just over > the top. > > However, consider if it was something like "Resume-kettler.matt.pdf". > > You can't take the platform assumption argument, other than that > I'm assuming > you're using a graphical OS. (ok, I'm assuming you're not using a > dumb terminal > connected to a VAX...) > > There's certainly nothing suspect, or even out of the ordinary, > about that > filename. > > The filetype itself is not amenable to carrying attacks. (it's not > able to carry > over-powered macros that can do more-or-less anything like word > documents) > > However, that file name would be blocked by the default > filename.rules.conf. No it won't. > > There's no default "allow" rule for pdf's and ".matt.pdf" would > match the > default "double extension" rule. Read it carefully. It stops .xx.yyy and .xxx.yyy. It does not stop .xxxx.yyy. > > For reference, the default double-extension rule is: > \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ > > > The filename would be unreasonably blocked by MailScanner. No it won't. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From grover1711 at gmail.com Tue Jun 20 09:06:23 2006 From: grover1711 at gmail.com (ankush grover) Date: Tue Jun 20 09:06:26 2006 Subject: giving scores in blacklist or configuring some email ids in blacklist to be high scoring spam In-Reply-To: <625385e30606200035o45b00adepc9349b6e3c02af78@mail.gmail.com> References: <5f638b360606192250g7b67188dy2927507ced270fc5@mail.gmail.com> <625385e30606200035o45b00adepc9349b6e3c02af78@mail.gmail.com> Message-ID: <5f638b360606200106y75ad15d0w5f5c4a90a5715be3@mail.gmail.com> > > # Setting this to yes means that spam found in the blacklist is treated > # as "High Scoring Spam" in the "Spam Actions" section below. Setting it > # to no means that it will be treated as "normal" spam. > # This can also be the filename of a ruleset. > Definite Spam Is High Scoring = yes > -- > /peter Thanks, That solved my problem. Thanks & Regards Ankush Grover From shuttlebox at gmail.com Tue Jun 20 10:49:35 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Jun 20 10:49:38 2006 Subject: Problem with 4.54 download files? Message-ID: <625385e30606200249h68f600b1k4352f2e688fe7a5@mail.gmail.com> At one customer site their Trend http scanner is restricting me from downloading the 4.54 files, only the sig files are allowed. I can download the beta 4.55 files and at other sites I can download any file. It's the zip format it's complaining about. Message: >>>>> IWSS Security Event (s-iwss1) InterScan Web Security detected the following in HTTP traffic: Item: /files/4/tar/MailScanner-install-4.54.6-1.tar.gz Action: deleted Reason: Violation of a compressed file restriction -- File: MailScanner-install-4.54.6-1.tar.gz, security warning: Corrupted_Zip_file The uncleanable file is deleted. >>>>> Why is it having problems with 4.54 but not with earlier and later releases? -- /peter From alex at erus.co.uk Tue Jun 20 12:27:41 2006 From: alex at erus.co.uk (Alex Pimperton) Date: Tue Jun 20 12:28:02 2006 Subject: [OT] Strip attachment and add link for download Message-ID: <4497DBAD.7080500@erus.co.uk> Hi All, This may be a shot in the dark but does anybody use/know of a system that does the following: -message arrives at server from local users -message is checked for attachments -if attachments exist and are over a certain size, the server splits off the attachments to a web-accessible directory and inserts a link in the email so the recipient can download the attachment I know this is not really MailScanners domain but it would be a very useful feature. Is this more of a mailwatch-type feature? I'm currently using postfix and MailScanner which I don't really want to change even though know I can do things like this with MDaemon. Regards, Alex -- This message has been scanned for viruses and dangerous content by the MailScanner at Placet.co.uk, and is believed to be clean. From glenn.steen at gmail.com Tue Jun 20 14:11:29 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 20 14:11:31 2006 Subject: [OT] Strip attachment and add link for download In-Reply-To: <4497DBAD.7080500@erus.co.uk> References: <4497DBAD.7080500@erus.co.uk> Message-ID: <223f97700606200611t6e929a4tdca6ab82082e9bd4@mail.gmail.com> On 20/06/06, Alex Pimperton wrote: > Hi All, > > This may be a shot in the dark but does anybody use/know of a system > that does the following: > > -message arrives at server from local users > -message is checked for attachments > -if attachments exist and are over a certain size, the server splits off > the attachments to a web-accessible directory and inserts a link in the > email so the recipient can download the attachment > > I know this is not really MailScanners domain but it would be a very > useful feature. > > Is this more of a mailwatch-type feature? > > I'm currently using postfix and MailScanner which I don't really want to > change even though know I can do things like this with MDaemon. > > Regards, > > Alex > I haven't tried this, but ... You should be able to make a probable facsimile with a combination of quarantining/notification and MailWatch with per user (email address) access. Look at the "Maximum Attachment Size" setting in MailScanner.conf, might be what you need. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rob at thehostmasters.com Tue Jun 20 15:03:42 2006 From: rob at thehostmasters.com (Rob Morin) Date: Tue Jun 20 15:03:50 2006 Subject: whitelist lint problems... Message-ID: <4498003E.8010902@thehostmasters.com> No matter what i do i keep getting [24084] warn: config: failed to parse line, skipping: /opt/MailScanner/etc/rules/spam.whitelist.rules the format is as follows # This is where you can build a Spam WhiteList # Addresses matching in here, with the value # "yes" will never be marked as spam. FromOrTo: default no #From: 127.0.0.1 yes #### No need to scan from Brian, as it is already scanned From: 206.248.146.163 yes From: 64.86.63.158 yes #### FromOrTo: *@*.blackberry.net yes FromOrTo: orcasound@videotron.ca yes FromOrTo: tous@flextherm.com yes FromOrTo: weather@inbox.weather.com yes #FromOrTo: testing@orcasound.com yes i tried with using just spaces and only just tabs i get the same thing.... even if i have only one line in the file... its weird!? any ideas? -- Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 From dave.list at pixelhammer.com Tue Jun 20 15:23:40 2006 From: dave.list at pixelhammer.com (DAve) Date: Tue Jun 20 15:24:08 2006 Subject: whitelist lint problems... In-Reply-To: <4498003E.8010902@thehostmasters.com> References: <4498003E.8010902@thehostmasters.com> Message-ID: <449804EC.2070105@pixelhammer.com> Rob Morin wrote: > No matter what i do i keep getting > > [24084] warn: config: failed to parse line, skipping: > /opt/MailScanner/etc/rules/spam.whitelist.rules > > the format is as follows > > # This is where you can build a Spam WhiteList > # Addresses matching in here, with the value > # "yes" will never be marked as spam. > FromOrTo: default no > #From: 127.0.0.1 yes > #### No need to scan from Brian, as it is already scanned > From: 206.248.146.163 yes > From: 64.86.63.158 yes > #### > FromOrTo: *@*.blackberry.net yes > FromOrTo: orcasound@videotron.ca yes > FromOrTo: tous@flextherm.com yes > FromOrTo: weather@inbox.weather.com yes > #FromOrTo: testing@orcasound.com yes > > i tried with using just spaces and only just tabs i get the same > thing.... even if i have only one line in the file... > > its weird!? > > any ideas? > > Have you tried just hand typing everything into a newly touched file and checking to see if the problem remained? What does ":set list" in VIM show? Dunno if that helps, but it would be the first two things I would try. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From Denis.Beauchemin at USherbrooke.ca Tue Jun 20 15:58:02 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Jun 20 15:58:23 2006 Subject: whitelist lint problems... In-Reply-To: <4498003E.8010902@thehostmasters.com> References: <4498003E.8010902@thehostmasters.com> Message-ID: <44980CFA.6060606@USherbrooke.ca> Rob Morin a ?crit : > No matter what i do i keep getting > > [24084] warn: config: failed to parse line, skipping: > /opt/MailScanner/etc/rules/spam.whitelist.rules > Rob, It says that it can't parse the line, not the file it refers to... are you sure the line is OK in MailScanner.conf? Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060620/0cd8e483/smime.bin From bpumphrey at woodmclaw.com Tue Jun 20 16:11:54 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Tue Jun 20 16:11:57 2006 Subject: How to setup rules? Message-ID: <04D932B0071FE34FA63EBB1977B48D1501489E8B@woodenex.woodmaclaw.local> Will some people post a few more examples of using this. I want to use this but I want to do it right the first time so that I do not cause problems. Thank you From gborders at jlewiscooper.com Tue Jun 20 16:30:20 2006 From: gborders at jlewiscooper.com (Greg Borders) Date: Tue Jun 20 16:31:21 2006 Subject: [OT] Strip attachment and add link for download In-Reply-To: <223f97700606200611t6e929a4tdca6ab82082e9bd4@mail.gmail.com> References: <4497DBAD.7080500@erus.co.uk> <223f97700606200611t6e929a4tdca6ab82082e9bd4@mail.gmail.com> Message-ID: <4498148C.6080306@jlewiscooper.com> Glenn Steen wrote: > On 20/06/06, Alex Pimperton wrote: >> Hi All, >> >> This may be a shot in the dark but does anybody use/know of a system >> that does the following: >> >> -message arrives at server from local users >> -message is checked for attachments >> -if attachments exist and are over a certain size, the server splits off >> the attachments to a web-accessible directory and inserts a link in the >> email so the recipient can download the attachment >> >> I know this is not really MailScanners domain but it would be a very >> useful feature. >> >> Is this more of a mailwatch-type feature? >> >> I'm currently using postfix and MailScanner which I don't really want to >> change even though know I can do things like this with MDaemon. >> >> Regards, >> >> Alex >> > I haven't tried this, but ... You should be able to make a probable > facsimile with a combination of quarantining/notification and > MailWatch with per user (email address) access. Look at the "Maximum > Attachment Size" setting in MailScanner.conf, might be what you need. > I've gotten this working on my system. I do indeed use the "Maximum Attachment Size" setting that Glenn mentions. In my case I wanted to prevent users from sending very large files via e-mail, and use means better suited for the task. (I.E. FTP) I used that Max Attach Size in a ruleset to trigger the settings for specific users/groups. Then once triggered, MS will send the message to the recipient that the file was "too large" using the text in stored.virus.message.txt I modified the default message to include some extra info for a direct link to the file, for example: ----------------------- Note to Postmaster: Attachment is located on $hostname in $quarantinedir/$datenumber (message $id). URL: for direct download: "http://example.com/pickup/$datenumber/$id/$filename" ------------------------ Next, I modified my Apache HTTP server config file to host the directory in the quarantine as the "http://example.com/pickup/" That way, you won't be showing your file structure to the realworld: ------------------------- Alias /pickup/ "/var/spool/MailScanner/quarantine/" Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all -------------------------- The only down side is you have to open up permissions to the quarantine folders, and thus making ALL of the messages available to those that know how to peruse the folders. Fortunately, the message id is quite long and random, and makes it harder to dig around unless you know exactly what it is. Hope this helps with your set up! Greg. Borders Sys. Admin. JLC Co. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Tue Jun 20 17:43:38 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Tue Jun 20 16:44:01 2006 Subject: [OT] Strip attachment and add link for download In-Reply-To: <4498148C.6080306@jlewiscooper.com> References: <4497DBAD.7080500@erus.co.uk> <223f97700606200611t6e929a4tdca6ab82082e9bd4@mail.gmail.com> <4498148C.6080306@jlewiscooper.com> Message-ID: <20060620164338.4fb1ea56@cyborg> Hmmm, thats pretty cool Greg. Now, how about if the URL was http://example.com/pickup.php?$datenumber/$id/$filename and the script validated the To: address from the message file. At least then there would be some kind of validation. Alternatively, if a ruleset could be created to execute a script when say the Max Size has been exceeded, you could inject a validation code into the email that the recipient would need to use to access the download. Just some thoughts. Phil On Tue, 20 Jun 2006 11:30:20 -0400 Greg Borders wrote: > Glenn Steen wrote: > > On 20/06/06, Alex Pimperton wrote: > >> Hi All, > >> > >> This may be a shot in the dark but does anybody use/know of a system > >> that does the following: > >> > >> -message arrives at server from local users > >> -message is checked for attachments > >> -if attachments exist and are over a certain size, the server splits off > >> the attachments to a web-accessible directory and inserts a link in the > >> email so the recipient can download the attachment > >> > >> I know this is not really MailScanners domain but it would be a very > >> useful feature. > >> > >> Is this more of a mailwatch-type feature? > >> > >> I'm currently using postfix and MailScanner which I don't really want to > >> change even though know I can do things like this with MDaemon. > >> > >> Regards, > >> > >> Alex > >> > > I haven't tried this, but ... You should be able to make a probable > > facsimile with a combination of quarantining/notification and > > MailWatch with per user (email address) access. Look at the "Maximum > > Attachment Size" setting in MailScanner.conf, might be what you need. > > > I've gotten this working on my system. I do indeed use the "Maximum > Attachment Size" setting that Glenn mentions. > In my case I wanted to prevent users from sending very large files via > e-mail, and use means better suited for the task. (I.E. FTP) > I used that Max Attach Size in a ruleset to trigger the settings for > specific users/groups. > > Then once triggered, MS will send the message to the recipient that the > file was "too large" using the text in > stored.virus.message.txt > > I modified the default message to include some extra info for a direct > link to the file, for example: > ----------------------- > Note to Postmaster: > Attachment is located on $hostname in $quarantinedir/$datenumber > (message $id). > URL: for direct download: > "http://example.com/pickup/$datenumber/$id/$filename" > ------------------------ > > Next, I modified my Apache HTTP server config file to host the directory > in the quarantine as the "http://example.com/pickup/" > That way, you won't be showing your file structure to the realworld: > > ------------------------- > Alias /pickup/ "/var/spool/MailScanner/quarantine/" > > Options Indexes MultiViews > AllowOverride None > Order allow,deny > Allow from all > > -------------------------- > > The only down side is you have to open up permissions to the quarantine > folders, and thus making ALL of the messages available to those that > know how to peruse the folders. Fortunately, the message id is quite > long and random, and makes it harder to dig around unless you know > exactly what it is. > > Hope this helps with your set up! > > Greg. Borders > > Sys. Admin. > JLC Co. > > -- > This transmission may contain information that is privileged, confidential > and/or exempt from disclosure under applicable law. If you are not the > intended recipient, you are hereby notified that any disclosure, copying, > distribution, or use of the information contained herein (including any > reliance thereon) is STRICTLY PROHIBITED. If you received this transmission > in error, please immediately contact the sender and destroy the material in > its entirety, whether in electronic or hard copy format. Thank you. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From orjandp at gmail.com Tue Jun 20 16:45:12 2006 From: orjandp at gmail.com (=?ISO-8859-1?Q?=D8rjan_Pettersen?=) Date: Tue Jun 20 16:45:15 2006 Subject: Another call for improvements In-Reply-To: <5EBABD62DC5AC048AD8AEC3312E02D4CCD315F@exchange03.lkl.ltkalmar.se> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD315F@exchange03.lkl.ltkalmar.se> Message-ID: <9175bad10606200845v7faf980eh4f97b59ed4803a0b@mail.gmail.com> On 6/1/06, Anders Andersson, IT wrote: > Could this be what your looking for? > Found it in an old thread named "spam/notspam w/sa-learn" > > /Anders > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Chris Hammond > > Sent: Thursday, June 01, 2006 7:57 PM > > To: MailScanner discussion > > Subject: RE: Another call for improvements > > > > Jeff, is this a script that can and/or willing to share? I > > wouldn't even know where to start to do something like this. > > > > Thanks > > Chris > > > > >>> "Jeff Mills" 05/31/06 7:13 PM >>> > > I have created a public Folder on the exchange box for spam > > where users have access to drop emails, but not view the > > contents of the folder. > > I then run a script every hour where my MailScanner box > > connects to the public folder and learns from the mail in there. > > Once a week I run a script to clear the contents of the folder. > > > > > > > ----- Original Message----- > > > From: mailscanner- bounces@lists.mailscanner.info > > > [mailto:mailscanner- bounces@lists.mailscanner.info]On Behalf Of > > Dennis > > > Willson > > > Sent: Thursday, 1 June 2006 9:01 AM > > > To: MailScanner discussion > > > Subject: Re: Another call for improvements > > > > > > > > > Can't you use mailwatch? > > > > > > Pete Russell wrote: > > > > > > > > > > > Love to see a tool that really easily allows us > > > exchange/outlook users > > > > to provide a service to end users to be able to forward > > > spam that does > > > > get through to a SPAM or NOT SPAM mailbox that is auto sa- learned > > > > > > > > > -- > > > > > > ---------------------------------- > > > Dennis Willson > > > mailto:taz@taz- mania.com > > > http://www.taz- mania.com > > > > > > Owner / Operator, Kepnet Internet Services > > > > > > > > > > > > > > > > > > > > *** "This company is now part of the Versacold Holdings Corp. > > and is no longer owned by or affiliated with the P&O Group" *** > > > > Please update your address books: > > Was: firstname.lastname@pocold.com.au > > Now: firstname.lastname@versacold.com.au > > > > ************** www.versacold.com ************** > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > This message has been scanned for viruses and dangerous > > content by MailScanner, and is believed to be clean. > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > Do anyone have a howto on how to use this script? What do I have to do on the exchange server, and on the mailscanner server? To quote Chris; "I wouldn't even know where to start to do something like this." ;) -Orjan- From MailScanner at ecs.soton.ac.uk Tue Jun 20 16:52:34 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 20 16:52:48 2006 Subject: [OT] Strip attachment and add link for download In-Reply-To: <4497DBAD.7080500@erus.co.uk> References: <4497DBAD.7080500@erus.co.uk> Message-ID: <8B424278-4132-4BF1-BE4D-AD82884ED04D@ecs.soton.ac.uk> Sounds like you need the quarantine management system one of my colleagues has written. Whenever it gets attachments that have been removed by MailScanner, the Attachment-Warning.txt gets a link in it which submits a request to the system to go and fetch the attachments from the appropriate mail server (it's designed to work with multiple MailScanners). We then require that a sysadmin looks at the request and, if appropriate, releases the attachments to the recipients by mailing them a link to a directory on the web server containing their attachments. You could always bypass the bit requiring the sysadmin to look at it. Saves a lot of mailstore space. Drop him a line at apl@ecs.soton.ac.uk (Andy Landells). On 20 Jun 2006, at 12:27, Alex Pimperton wrote: > Hi All, > > This may be a shot in the dark but does anybody use/know of a system > that does the following: > > -message arrives at server from local users > -message is checked for attachments > -if attachments exist and are over a certain size, the server > splits off > the attachments to a web-accessible directory and inserts a link in > the > email so the recipient can download the attachment > > I know this is not really MailScanners domain but it would be a very > useful feature. > > Is this more of a mailwatch-type feature? > > I'm currently using postfix and MailScanner which I don't really > want to > change even though know I can do things like this with MDaemon. > > Regards, > > Alex > > > -- > This message has been scanned for viruses and > dangerous content by the MailScanner at Placet.co.uk, > and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From gborders at jlewiscooper.com Tue Jun 20 16:59:20 2006 From: gborders at jlewiscooper.com (Greg Borders) Date: Tue Jun 20 17:00:19 2006 Subject: [OT] Strip attachment and add link for download In-Reply-To: <20060620164338.4fb1ea56@cyborg> References: <4497DBAD.7080500@erus.co.uk> <223f97700606200611t6e929a4tdca6ab82082e9bd4@mail.gmail.com> <4498148C.6080306@jlewiscooper.com> <20060620164338.4fb1ea56@cyborg> Message-ID: <44981B58.1030003@jlewiscooper.com> > On Tue, 20 Jun 2006 11:30:20 -0400 > Greg Borders wrote: > > >> Glenn Steen wrote: >> >>> On 20/06/06, Alex Pimperton wrote: >>> >>>> Hi All, >>>> >>>> This may be a shot in the dark but does anybody use/know of a system >>>> that does the following: >>>> >>>> -message arrives at server from local users >>>> -message is checked for attachments >>>> -if attachments exist and are over a certain size, the server splits off >>>> the attachments to a web-accessible directory and inserts a link in the >>>> email so the recipient can download the attachment >>>> >>>> I know this is not really MailScanners domain but it would be a very >>>> useful feature. >>>> >>>> Is this more of a mailwatch-type feature? >>>> >>>> I'm currently using postfix and MailScanner which I don't really want to >>>> change even though know I can do things like this with MDaemon. >>>> >>>> Regards, >>>> >>>> Alex >>>> >>>> >>> I haven't tried this, but ... You should be able to make a probable >>> facsimile with a combination of quarantining/notification and >>> MailWatch with per user (email address) access. Look at the "Maximum >>> Attachment Size" setting in MailScanner.conf, might be what you need. >>> >>> >> I've gotten this working on my system. I do indeed use the "Maximum >> Attachment Size" setting that Glenn mentions. >> In my case I wanted to prevent users from sending very large files via >> e-mail, and use means better suited for the task. (I.E. FTP) >> I used that Max Attach Size in a ruleset to trigger the settings for >> specific users/groups. >> >> Then once triggered, MS will send the message to the recipient that the >> file was "too large" using the text in >> stored.virus.message.txt >> >> I modified the default message to include some extra info for a direct >> link to the file, for example: >> ----------------------- >> Note to Postmaster: >> Attachment is located on $hostname in $quarantinedir/$datenumber >> (message $id). >> URL: for direct download: >> "http://example.com/pickup/$datenumber/$id/$filename" >> ------------------------ >> >> Next, I modified my Apache HTTP server config file to host the directory >> in the quarantine as the "http://example.com/pickup/" >> That way, you won't be showing your file structure to the realworld: >> >> ------------------------- >> Alias /pickup/ "/var/spool/MailScanner/quarantine/" >> >> Options Indexes MultiViews >> AllowOverride None >> Order allow,deny >> Allow from all >> >> -------------------------- >> >> The only down side is you have to open up permissions to the quarantine >> folders, and thus making ALL of the messages available to those that >> know how to peruse the folders. Fortunately, the message id is quite >> long and random, and makes it harder to dig around unless you know >> exactly what it is. >> >> Hope this helps with your set up! >> >> Greg. Borders >> >> Sys. Admin. >> JLC Co. >> > --[UxBoD]-- wrote: > >> Hmmm, thats pretty cool Greg. Now, how about if the URL was http://example.com/pickup.php?$datenumber/$id/$filename and the script validated the To: >> address from the message file. At least then there would be some kind of validation. >> >> Alternatively, if a ruleset could be created to execute a script when say the Max Size has been exceeded, you could inject a validation code into the >> email that the recipient would need to use to access the download. >> >> Just some thoughts. >> >> Phil And very good thoughts at that! I'd only spent a little spare time experimenting with the retrieve capabilities, and had cooked up the extra text in the message trick back when I first started with MS, and was still a bit "green". I like the logic of using PHP to validate a user for pickup. I'll experiment with that idea, and share any results I cook up. Greg. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dwinkler at algorithmics.com Tue Jun 20 17:18:42 2006 From: dwinkler at algorithmics.com (Derek Winkler) Date: Tue Jun 20 17:16:48 2006 Subject: [OT] Strip attachment and add link for download Message-ID: <23675CFC52BBC44EB355406A3A8A0491772ADE@TORMAIL.algorithmics.com> > > ------------------------- > Alias /pickup/ "/var/spool/MailScanner/quarantine/" > > Options Indexes MultiViews > AllowOverride None > Order allow,deny > Allow from all > > -------------------------- > > The only down side is you have to open up permissions to the quarantine > folders, and thus making ALL of the messages available to those that > know how to peruse the folders. Fortunately, the message id is quite > long and random, and makes it harder to dig around unless you know > exactly what it is. You should really change this to -Indexes since this allows for directory indexing. It doesn't matter how messed up the URL is if you allow directory indexing. When you go to http://www.whatever.tld/pickups/ doesn't it give you a directory listing? and the same for all sub-directories? This email and any files transmitted with it are confidential and proprietary to Algorithmics Incorporated and its affiliates ("Algorithmics"). If received in error, use is prohibited. Please destroy, and notify sender. Sender does not waive confidentiality or privilege. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. Algorithmics does not accept liability for any errors or omissions. Any commitment intended to bind Algorithmics must be reduced to writing and signed by an authorized signatory. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060620/6ee82392/attachment.html From ka at pacific.net Tue Jun 20 17:24:54 2006 From: ka at pacific.net (Ken A) Date: Tue Jun 20 17:24:39 2006 Subject: [OT] Strip attachment and add link for download In-Reply-To: <20060620164338.4fb1ea56@cyborg> References: <4497DBAD.7080500@erus.co.uk> <223f97700606200611t6e929a4tdca6ab82082e9bd4@mail.gmail.com> <4498148C.6080306@jlewiscooper.com> <20060620164338.4fb1ea56@cyborg> Message-ID: <44982156.7020506@pacific.net> --[UxBoD]-- wrote: > Hmmm, thats pretty cool Greg. Now, how about if the URL was http://example.com/pickup.php?$datenumber/$id/$filename and the script validated the To: > address from the message file. At least then there would be some kind of validation. > > Alternatively, if a ruleset could be created to execute a script when say the Max Size has been exceeded, you could inject a validation code into the > email that the recipient would need to use to access the download. Another idea.. Add some attachment handling and conversion functions to your web site. Add buttons for [delete] [zip] [send link]. That could potentially save a lot of bandwidth. I suppose it could also encourage people to send larger files via email, depending on your users habits. :-\ Ken Pacific.Net > Just some thoughts. > > Phil > > On Tue, 20 Jun 2006 11:30:20 -0400 > Greg Borders wrote: > >> Glenn Steen wrote: >>> On 20/06/06, Alex Pimperton wrote: >>>> Hi All, >>>> >>>> This may be a shot in the dark but does anybody use/know of a system >>>> that does the following: >>>> >>>> -message arrives at server from local users >>>> -message is checked for attachments >>>> -if attachments exist and are over a certain size, the server splits off >>>> the attachments to a web-accessible directory and inserts a link in the >>>> email so the recipient can download the attachment >>>> >>>> I know this is not really MailScanners domain but it would be a very >>>> useful feature. >>>> >>>> Is this more of a mailwatch-type feature? >>>> >>>> I'm currently using postfix and MailScanner which I don't really want to >>>> change even though know I can do things like this with MDaemon. >>>> >>>> Regards, >>>> >>>> Alex >>>> >>> I haven't tried this, but ... You should be able to make a probable >>> facsimile with a combination of quarantining/notification and >>> MailWatch with per user (email address) access. Look at the "Maximum >>> Attachment Size" setting in MailScanner.conf, might be what you need. >>> >> I've gotten this working on my system. I do indeed use the "Maximum >> Attachment Size" setting that Glenn mentions. >> In my case I wanted to prevent users from sending very large files via >> e-mail, and use means better suited for the task. (I.E. FTP) >> I used that Max Attach Size in a ruleset to trigger the settings for >> specific users/groups. >> >> Then once triggered, MS will send the message to the recipient that the >> file was "too large" using the text in >> stored.virus.message.txt >> >> I modified the default message to include some extra info for a direct >> link to the file, for example: >> ----------------------- >> Note to Postmaster: >> Attachment is located on $hostname in $quarantinedir/$datenumber >> (message $id). >> URL: for direct download: >> "http://example.com/pickup/$datenumber/$id/$filename" >> ------------------------ >> >> Next, I modified my Apache HTTP server config file to host the directory >> in the quarantine as the "http://example.com/pickup/" >> That way, you won't be showing your file structure to the realworld: >> >> ------------------------- >> Alias /pickup/ "/var/spool/MailScanner/quarantine/" >> >> Options Indexes MultiViews >> AllowOverride None >> Order allow,deny >> Allow from all >> >> -------------------------- >> >> The only down side is you have to open up permissions to the quarantine >> folders, and thus making ALL of the messages available to those that >> know how to peruse the folders. Fortunately, the message id is quite >> long and random, and makes it harder to dig around unless you know >> exactly what it is. >> >> Hope this helps with your set up! >> >> Greg. Borders >> >> Sys. Admin. >> JLC Co. >> >> -- >> This transmission may contain information that is privileged, confidential >> and/or exempt from disclosure under applicable law. If you are not the >> intended recipient, you are hereby notified that any disclosure, copying, >> distribution, or use of the information contained herein (including any >> reliance thereon) is STRICTLY PROHIBITED. If you received this transmission >> in error, please immediately contact the sender and destroy the material in >> its entirety, whether in electronic or hard copy format. Thank you. >> > From uxbod at splatnix.net Tue Jun 20 18:30:14 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Tue Jun 20 17:30:37 2006 Subject: [OT] Strip attachment and add link for download In-Reply-To: <8B424278-4132-4BF1-BE4D-AD82884ED04D@ecs.soton.ac.uk> References: <4497DBAD.7080500@erus.co.uk> <8B424278-4132-4BF1-BE4D-AD82884ED04D@ecs.soton.ac.uk> Message-ID: <20060620173014.32d24c9c@cyborg> Oh no, got me thinking now :) Some great ideas floating around at the moment on here - Well done all. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solid-state-logic.com Tue Jun 20 17:40:45 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Jun 20 17:40:57 2006 Subject: Another call for improvements In-Reply-To: <9175bad10606200845v7faf980eh4f97b59ed4803a0b@mail.gmail.com> Message-ID: <001401c69488$475e3fe0$3004010a@martinhlaptop> I have a script that will do the MailScanner side. On the Exchange side all I know is you have to create a shared folder that is accessible by IMAP. Call the script with the appropriate uid and passwd paramters, change the server name and off you go.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of ?rjan Pettersen > Sent: 20 June 2006 16:45 > To: MailScanner discussion > Subject: Re: Another call for improvements > > On 6/1/06, Anders Andersson, IT wrote: > > Could this be what your looking for? > > Found it in an old thread named "spam/notspam w/sa-learn" > > > > /Anders > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > > Of Chris Hammond > > > Sent: Thursday, June 01, 2006 7:57 PM > > > To: MailScanner discussion > > > Subject: RE: Another call for improvements > > > > > > Jeff, is this a script that can and/or willing to share? I > > > wouldn't even know where to start to do something like this. > > > > > > Thanks > > > Chris > > > > > > >>> "Jeff Mills" 05/31/06 7:13 PM >>> > > > I have created a public Folder on the exchange box for spam > > > where users have access to drop emails, but not view the > > > contents of the folder. > > > I then run a script every hour where my MailScanner box > > > connects to the public folder and learns from the mail in there. > > > Once a week I run a script to clear the contents of the folder. > > > > > > > > > > ----- Original Message----- > > > > From: mailscanner- bounces@lists.mailscanner.info > > > > [mailto:mailscanner- bounces@lists.mailscanner.info]On Behalf Of > > > Dennis > > > > Willson > > > > Sent: Thursday, 1 June 2006 9:01 AM > > > > To: MailScanner discussion > > > > Subject: Re: Another call for improvements > > > > > > > > > > > > Can't you use mailwatch? > > > > > > > > Pete Russell wrote: > > > > > > > > > > > > > > Love to see a tool that really easily allows us > > > > exchange/outlook users > > > > > to provide a service to end users to be able to forward > > > > spam that does > > > > > get through to a SPAM or NOT SPAM mailbox that is auto sa- learned > > > > > > > > > > > > -- > > > > > > > > ---------------------------------- > > > > Dennis Willson > > > > mailto:taz@taz- mania.com > > > > http://www.taz- mania.com > > > > > > > > Owner / Operator, Kepnet Internet Services > > > > > > > > > > > > > > > > > > > > > > > > > > > > *** "This company is now part of the Versacold Holdings Corp. > > > and is no longer owned by or affiliated with the P&O Group" *** > > > > > > Please update your address books: > > > Was: firstname.lastname@pocold.com.au > > > Now: firstname.lastname@versacold.com.au > > > > > > ************** www.versacold.com ************** > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > > > This message has been scanned for viruses and dangerous > > > content by MailScanner, and is believed to be clean. > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > Do anyone have a howto on how to use this script? > > What do I have to do on the exchange server, and on the mailscanner > server? > To quote Chris; "I wouldn't even know where to start to do something > like this." ;) > > -Orjan- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------- next part -------------- A non-text attachment was scrubbed... Name: learn_spam.pl Type: application/octet-stream Size: 4370 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060620/2df9a097/learn_spam.obj From mkettler at evi-inc.com Tue Jun 20 18:02:00 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Jun 20 18:02:15 2006 Subject: Checking Suspected E-Mails In-Reply-To: <9A11C30B-C951-47FA-9201-F6345FDCC8F3@ecs.soton.ac.uk> References: <9C63A4713C4E3342B90428CE44806A7302679777@PHSXMB5.partners.org> <4496E0CA.80308@evi-inc.com> <44971608.2040107@yeticomputers.com> <449737A3.8070001@evi-inc.com> <9A11C30B-C951-47FA-9201-F6345FDCC8F3@ecs.soton.ac.uk> Message-ID: <44982A08.70408@evi-inc.com> Julian Field wrote: > Read it carefully. It stops .xx.yyy and .xxx.yyy. It does not stop > .xxxx.yyy. > >> >> For reference, the default double-extension rule is: >> \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ >> >> >> The filename would be unreasonably blocked by MailScanner. > > No it won't. Yes it will. It WILL stop .xxxx.yyy Re-read it again julian Note there's an extra [a-z] in the front. From dhawal at netmagicsolutions.com Tue Jun 20 18:12:46 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue Jun 20 18:12:58 2006 Subject: OT: Setting Up DNSBL using RBLDNSD In-Reply-To: <20060614201417.9172.qmail@mymail.netmagicians.com> References: <034601c68fb4$31602e70$88c5c657@arthur> <20060614201417.9172.qmail@mymail.netmagicians.com> Message-ID: <44982C8E.8070203@netmagicsolutions.com> Dhawal Doshy wrote: > Michele Neylon :: Blacknight Solutions writes: >> Has anyone any tips on doing this? >> I do not want to mirror existing data (I already am :) ) >> I want to setup my own DNSBL to catch the junk that the other DNSBLS >> miss.. >> The only tutorials / guides I've found either refer explicitly to Bind or >> make reference to rbldns-conf, which doesn't appear to exist on Ubuntu >> Any tips, thoughts or even flames are welcome > > Michele, i use a combination of SEC (http://simple-evcorr.sf.net/), > inserting IPs sending spam mails (at 3 per minute) and virus infected > mails (at 2 per minute) in to a mysql database (though you could use a > flat file). This is picked up by a remote machine running rbldnsd. > I could send you mailscanner related SEC rules if required, though its > really simple (as compared to swatch). > The results vary from amazing to zilch at times, since i expire the data > after an hour.. > - dhawal Hmm.. managed to create a wiki entry for this.. the sec code needed some modifications to accommodate SA cache related changes. http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:rbls:all:your_own_onemore It might need modifications again for the new beta (separation of info/notice logs) - dhawal From kwang at ucalgary.ca Tue Jun 20 18:15:32 2006 From: kwang at ucalgary.ca (Kai Wang) Date: Tue Jun 20 18:15:37 2006 Subject: The same MailScanner process made different "Spam Actions" Message-ID: <44982D34.4080000@ucalgary.ca> Jun 20 11:13:23 mhub3 MailScanner[6313]: Spam Actions: message 3E309801A.2F2B0 actions are deliver,header Jun 20 11:13:23 mhub3 MailScanner[6313]: Spam Actions: message 4887D10204.A3F44 actions are delete Jun 20 11:13:23 mhub3 MailScanner[6313]: Spam Actions: message 328ED8636.8685A actions are deliver,header Jun 20 11:13:23 mhub3 MailScanner[6313]: Spam Actions: message 406CF8024.19355 actions are deliver,header Jun 20 11:13:23 mhub3 MailScanner[6313]: Spam Actions: message 3EBB7806B.4A1A2 actions are deliver,header Jun 20 11:13:23 mhub3 MailScanner[6313]: Spam Actions: message 364168030.483E4 actions are deliver,header Jun 20 11:13:23 mhub3 MailScanner[6313]: Spam Actions: message 4B0DD8057.B545D actions are delete -- Kai Wang System Services Information Technologies, University of Calgary, 2500 University Drive, N.W., Calgary, Alberta, Canada T2N 1N4 Phone (403) 220-2423, Fax (403) 282-9361 From uxbod at splatnix.net Tue Jun 20 19:26:03 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Tue Jun 20 18:26:40 2006 Subject: OT: Setting Up DNSBL using RBLDNSD In-Reply-To: <44982C8E.8070203@netmagicsolutions.com> References: <034601c68fb4$31602e70$88c5c657@arthur> <20060614201417.9172.qmail@mymail.netmagicians.com> <44982C8E.8070203@netmagicsolutions.com> Message-ID: <20060620182603.4cdda982@cyborg> Very nice indeed Dhawal - Great documentation. Must give it a whirl :) On Tue, 20 Jun 2006 22:42:46 +0530 Dhawal Doshy wrote: > Dhawal Doshy wrote: > > Michele Neylon :: Blacknight Solutions writes: > >> Has anyone any tips on doing this? > >> I do not want to mirror existing data (I already am :) ) > >> I want to setup my own DNSBL to catch the junk that the other DNSBLS > >> miss.. > >> The only tutorials / guides I've found either refer explicitly to Bind or > >> make reference to rbldns-conf, which doesn't appear to exist on Ubuntu > >> Any tips, thoughts or even flames are welcome > > > > Michele, i use a combination of SEC (http://simple-evcorr.sf.net/), > > inserting IPs sending spam mails (at 3 per minute) and virus infected > > mails (at 2 per minute) in to a mysql database (though you could use a > > flat file). This is picked up by a remote machine running rbldnsd. > > I could send you mailscanner related SEC rules if required, though its > > really simple (as compared to swatch). > > The results vary from amazing to zilch at times, since i expire the data > > after an hour.. > > - dhawal > > Hmm.. managed to create a wiki entry for this.. the sec code needed some > modifications to accommodate SA cache related changes. > > http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:rbls:all:your_own_onemore > > It might need modifications again for the new beta (separation of > info/notice logs) > > - dhawal -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From AHKAPLAN at PARTNERS.ORG Tue Jun 20 18:33:10 2006 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Tue Jun 20 18:33:23 2006 Subject: Notifying Recipients of Blocked Messages Message-ID: <9C63A4713C4E3342B90428CE44806A7302679781@PHSXMB5.partners.org> Hi there - How do I determine if recipients of blocked messages are being notified, and how would I configure MailScanner to do that? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060620/7c1ada4f/attachment.html From michele at blacknight.ie Tue Jun 20 18:39:42 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Tue Jun 20 18:39:43 2006 Subject: Notifying Recipients of Blocked Messages In-Reply-To: <9C63A4713C4E3342B90428CE44806A7302679781@PHSXMB5.partners.org> References: <9C63A4713C4E3342B90428CE44806A7302679781@PHSXMB5.partners.org> Message-ID: <449832DE.7050702@blacknight.ie> Kaplan, Andrew H. wrote: > Hi there ? > > > > How do I determine if recipients of blocked messages are being notified, Check your mail logs > and how would I configure MailScanner to do that? Thanks. It's the default setting in MailScanner.conf, so unless you changed it you shouldn't have to do anything -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From gborders at jlewiscooper.com Tue Jun 20 18:53:24 2006 From: gborders at jlewiscooper.com (Greg Borders) Date: Tue Jun 20 18:54:26 2006 Subject: [OT] Strip attachment and add link for download In-Reply-To: <23675CFC52BBC44EB355406A3A8A0491772ADE@TORMAIL.algorithmics.com> References: <23675CFC52BBC44EB355406A3A8A0491772ADE@TORMAIL.algorithmics.com> Message-ID: <44983614.3010009@jlewiscooper.com> Derek Winkler wrote: > > > > > ------------------------- > > Alias /pickup/ "/var/spool/MailScanner/quarantine/" > > > > Options Indexes MultiViews > > AllowOverride None > > Order allow,deny > > Allow from all > > > > -------------------------- > > > > The only down side is you have to open up permissions to the quarantine > > folders, and thus making ALL of the messages available to those that > > know how to peruse the folders. Fortunately, the message id is quite > > long and random, and makes it harder to dig around unless you know > > exactly what it is. > > You should really change this to -Indexes since this allows for > directory indexing. It doesn't matter how messed up the URL is if you > allow directory indexing. > > When you go to http://www.whatever.tld/pickups/ doesn't it give you a > directory listing? and the same for all sub-directories? > Good call. While I'm a jack-of-all trades, I'm usually master of none, including apache configurations. ;D I did a quick tweak on the alias, and removed the "Indexes", now it only let's me get at the direct link of the file. Nice! Now back to playing with PHP.... Greg. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jun 20 19:02:26 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 20 19:02:46 2006 Subject: Checking Suspected E-Mails In-Reply-To: <44982A08.70408@evi-inc.com> References: <9C63A4713C4E3342B90428CE44806A7302679777@PHSXMB5.partners.org> <4496E0CA.80308@evi-inc.com> <44971608.2040107@yeticomputers.com> <449737A3.8070001@evi-inc.com> <9A11C30B-C951-47FA-9201-F6345FDCC8F3@ecs.soton.ac.uk> <44982A08.70408@evi-inc.com> Message-ID: Oops, sorry you are absolutely right. Now don't I look a fool :-) I'll put it down to lack of pain-killers. Hard narcotics always help my day... On 20 Jun 2006, at 18:02, Matt Kettler wrote: > Julian Field wrote: > >> Read it carefully. It stops .xx.yyy and .xxx.yyy. It does not stop >> .xxxx.yyy. >> >>> >>> For reference, the default double-extension rule is: >>> \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ >>> >>> >>> The filename would be unreasonably blocked by MailScanner. >> >> No it won't. > > Yes it will. It WILL stop .xxxx.yyy > > > Re-read it again julian > > Note there's an extra [a-z] in the front. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue Jun 20 19:09:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 20 19:09:36 2006 Subject: Checking Suspected E-Mails In-Reply-To: <44982A08.70408@evi-inc.com> References: <9C63A4713C4E3342B90428CE44806A7302679777@PHSXMB5.partners.org> <4496E0CA.80308@evi-inc.com> <44971608.2040107@yeticomputers.com> <449737A3.8070001@evi-inc.com> <9A11C30B-C951-47FA-9201-F6345FDCC8F3@ecs.soton.ac.uk> <44982A08.70408@evi-inc.com> Message-ID: On 20 Jun 2006, at 18:02, Matt Kettler wrote: > Julian Field wrote: > >> Read it carefully. It stops .xx.yyy and .xxx.yyy. It does not stop >> .xxxx.yyy. >> >>> >>> For reference, the default double-extension rule is: >>> \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ >>> >>> >>> The filename would be unreasonably blocked by MailScanner. >> >> No it won't. > > Yes it will. It WILL stop .xxxx.yyy > > > Re-read it again julian > > Note there's an extra [a-z] in the front. The catch is that way-back when I wrote the filename rules system, I wrote this rule as a demonstration of what could be done with the system, beyond simple \.exe$ rules and obvious stuff like that. The double-matching-extension rule was another example, showing how you could use a string found earlier in the filename, again later in the filename. It never occurred to me at the time that people would actually use these rules, particularly not the first one. Amazingly, as I should have predicted, no-one would bother editing the rules I supply by default, and so it would be used on everyone's system. The laziness of many sysadmins is a virtue according to Larry Wall, so I guess it's a good thing :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From campbell at cnpapers.com Tue Jun 20 19:12:25 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Tue Jun 20 19:12:39 2006 Subject: Notifying Recipients of Blocked Messages References: <9C63A4713C4E3342B90428CE44806A7302679781@PHSXMB5.partners.org> <449832DE.7050702@blacknight.ie> Message-ID: <002401c69495$15858e30$0705000a@DDF5DW71> ----- Original Message ----- From: "Michele Neylon :: Blacknight.ie" To: "MailScanner discussion" Sent: Tuesday, June 20, 2006 1:39 PM Subject: Re: Notifying Recipients of Blocked Messages > Kaplan, Andrew H. wrote: >> Hi there ? >> >> >> >> How do I determine if recipients of blocked messages are being notified, > > Check your mail logs > >> and how would I configure MailScanner to do that? Thanks. > > It's the default setting in MailScanner.conf, so unless you changed it > you shouldn't have to do anything > If you don't know what to change, how do you know if you changed it or not? Steve > > -- > Mr Michele Neylon > Blacknight Solutions > Quality Business Hosting & Colocation > http://www.blacknight.ie/ > Tel. 1850 927 280 > Intl. +353 (0) 59 9183072 > Direct Dial: +353 (0)59 9183090 > Fax. +353 (0) 59 9164239 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Tue Jun 20 19:13:05 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 20 19:13:23 2006 Subject: The same MailScanner process made different "Spam Actions" In-Reply-To: <44982D34.4080000@ucalgary.ca> References: <44982D34.4080000@ucalgary.ca> Message-ID: <32598785-BFEF-4A7E-9B0C-EFD5902FF0A5@ecs.soton.ac.uk> So you had a batch of 7 messages which got different results. What's the problem? In case you didn't know: for efficiency and speed, MailScanner processes mail in batches so that the virus scanners only have to be run once for each entire batch, and the scanners are not run separately for each and every message. On 20 Jun 2006, at 18:15, Kai Wang wrote: > > Jun 20 11:13:23 mhub3 MailScanner[6313]: Spam Actions: message > 3E309801A.2F2B0 actions are deliver,header > Jun 20 11:13:23 mhub3 MailScanner[6313]: Spam Actions: message > 4887D10204.A3F44 actions are delete > Jun 20 11:13:23 mhub3 MailScanner[6313]: Spam Actions: message > 328ED8636.8685A actions are deliver,header > Jun 20 11:13:23 mhub3 MailScanner[6313]: Spam Actions: message > 406CF8024.19355 actions are deliver,header > Jun 20 11:13:23 mhub3 MailScanner[6313]: Spam Actions: message > 3EBB7806B.4A1A2 actions are deliver,header > Jun 20 11:13:23 mhub3 MailScanner[6313]: Spam Actions: message > 364168030.483E4 actions are deliver,header > Jun 20 11:13:23 mhub3 MailScanner[6313]: Spam Actions: message > 4B0DD8057.B545D actions are delete > > -- > Kai Wang > System Services > Information Technologies, University of Calgary, > 2500 University Drive, N.W., > Calgary, Alberta, Canada T2N 1N4 > Phone (403) 220-2423, Fax (403) 282-9361 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mkettler at evi-inc.com Tue Jun 20 19:14:31 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Jun 20 19:16:41 2006 Subject: Checking Suspected E-Mails In-Reply-To: References: <9C63A4713C4E3342B90428CE44806A7302679777@PHSXMB5.partners.org> <4496E0CA.80308@evi-inc.com> <44971608.2040107@yeticomputers.com> <449737A3.8070001@evi-inc.com> <9A11C30B-C951-47FA-9201-F6345FDCC8F3@ecs.soton.ac.uk> <44982A08.70408@evi-inc.com> Message-ID: <44983B07.3090303@evi-inc.com> Julian Field wrote: > Oops, sorry you are absolutely right. Now don't I look a fool :-) > I'll put it down to lack of pain-killers. Hard narcotics always help my > day... That's ok.. regexes can be really sneaky devils to read at times. The eye tends to want to skip over parts as the mind tries to simplify the regex. You naturally want to jump to the {2,3} and backtrack, then jump to the {3} at the end. Unfortunately, in doing that you might miss the first [a-z] or the \s* in the middle. (Gee, can you tell I've fallen victim to this a few times? I don't know how many times I did that when working on antidrug) From mkettler at evi-inc.com Tue Jun 20 19:21:19 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Jun 20 19:21:28 2006 Subject: Checking Suspected E-Mails In-Reply-To: References: <9C63A4713C4E3342B90428CE44806A7302679777@PHSXMB5.partners.org> <4496E0CA.80308@evi-inc.com> <44971608.2040107@yeticomputers.com> <449737A3.8070001@evi-inc.com> <9A11C30B-C951-47FA-9201-F6345FDCC8F3@ecs.soton.ac.uk> <44982A08.70408@evi-inc.com> Message-ID: <44983C9F.4010404@evi-inc.com> Julian Field wrote: > > > The catch is that way-back when I wrote the filename rules system, I > wrote this rule as a demonstration of what could be done with the > system, beyond simple \.exe$ rules and obvious stuff like that. The > double-matching-extension rule was another example, showing how you > could use a string found earlier in the filename, again later in the > filename. > > It never occurred to me at the time that people would actually use these > rules, particularly not the first one. Amazingly, as I should have > predicted, no-one would bother editing the rules I supply by default, > and so it would be used on everyone's system. The laziness of many > sysadmins is a virtue according to Larry Wall, so I guess it's a good > thing :-) Yep.. even ECS hasn't bothered to edit them... ------------ Message-Id: <200606201800.k5KI0EbS023872@moorhen.ecs.soton.ac.uk> From: "MailScanner" Our e-mail content detector has just been triggered by a message you sent: To: mailscanner@ecs.soton.ac.uk Report: Report: MailScanner: Attempt to hide real filename extension (kettler.matt.pdf) ------------ From lshaw at emitinc.com Tue Jun 20 19:56:05 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Tue Jun 20 19:56:24 2006 Subject: Checking Suspected E-Mails In-Reply-To: References: <9C63A4713C4E3342B90428CE44806A7302679777@PHSXMB5.partners.org> <4496E0CA.80308@evi-inc.com> <44971608.2040107@yeticomputers.com> <449737A3.8070001@evi-inc.com> <9A11C30B-C951-47FA-9201-F6345FDCC8F3@ecs.soton.ac.uk> <44982A08.70408@evi-inc.com> Message-ID: On Tue, 20 Jun 2006, Julian Field wrote: > It never occurred to me at the time that people would actually use these > rules, particularly not the first one. Amazingly, as I should have predicted, > no-one would bother editing the rules I supply by default, and so it would be > used on everyone's system. Having worn both hats (developer and administrator) at different times, the sysadmin side of me has this piece of advice for developers: 99% of what's obvious to you is not obvious to the person trying to use your software. In this case, the way that would apply is that it's obvious to you that there is a file named filename.rules.conf that contains some configuration directives which aren't in a final form that someone would want to apply to their environment. But to someone who hasn't used the software before, all they see is that every package they have comes with a bunch of configuration files that almost never need to be changed in a typical environment and a few other configuration files that probably will need to be changed. So, they don't know that filename.rules.conf is a place where they should focus some of their efforts. At least, not until they find that out through experience. - Logan From uxbod at splatnix.net Tue Jun 20 21:20:30 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Tue Jun 20 20:20:49 2006 Subject: [OT] Strip attachment and add link for download In-Reply-To: <44983614.3010009@jlewiscooper.com> References: <23675CFC52BBC44EB355406A3A8A0491772ADE@TORMAIL.algorithmics.com> <44983614.3010009@jlewiscooper.com> Message-ID: <20060620202030.6c756076@cyborg> Sounds like a Star Wars trip - Love the humour aswell on this forum. Wink Wink, made a damn good product Julian. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From marlo at raidbr.com.br Tue Jun 20 20:34:21 2006 From: marlo at raidbr.com.br (marlo - raidbr) Date: Tue Jun 20 20:30:30 2006 Subject: MAILSCANNER BLOCK LINK Message-ID: <1150832062.20962.62.camel@localhost.localdomain> Hi, is there any way to block .exe links that is in the body message from an e-mail ? thank you Marlo Binsfeld From axisml at gmail.com Tue Jun 20 21:00:47 2006 From: axisml at gmail.com (Chris Stone) Date: Tue Jun 20 21:03:20 2006 Subject: OffTopic: HoneyPot In-Reply-To: <4496E6A4.2040401@netmagicsolutions.com> References: <20060619185432.2efda7ce@cyborg> <4496E6A4.2040401@netmagicsolutions.com> Message-ID: <200606201400.47813@cs.axint.net> On Monday 19 June 2006 12:02 pm, Dhawal Doshy wrote: >> i have now registered a few domains to provide honeypot addresses. What > > tactics do you use for getting these email addresses around ? > > > Use the URLs in your signature.. when posting to mailing lists ;-) And also put them within HTML comment tags in a page or two on your web site - that'll make sure the harvesters get it.... From AHKAPLAN at PARTNERS.ORG Tue Jun 20 21:35:08 2006 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Tue Jun 20 21:35:17 2006 Subject: Notifying Recipients of Blocked Messages Message-ID: <9C63A4713C4E3342B90428CE44806A7302679782@PHSXMB5.partners.org> At the risk of sounding like a complete idiot, what is the line(s) in question in the MailScanner.conf file? Sorry... -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Campbell Sent: Tuesday, June 20, 2006 2:12 PM To: MailScanner discussion Subject: Re: Notifying Recipients of Blocked Messages ----- Original Message ----- From: "Michele Neylon :: Blacknight.ie" To: "MailScanner discussion" Sent: Tuesday, June 20, 2006 1:39 PM Subject: Re: Notifying Recipients of Blocked Messages > Kaplan, Andrew H. wrote: >> Hi there - >> >> >> >> How do I determine if recipients of blocked messages are being notified, > > Check your mail logs > >> and how would I configure MailScanner to do that? Thanks. > > It's the default setting in MailScanner.conf, so unless you changed it > you shouldn't have to do anything > If you don't know what to change, how do you know if you changed it or not? Steve > > -- > Mr Michele Neylon > Blacknight Solutions > Quality Business Hosting & Colocation > http://www.blacknight.ie/ > Tel. 1850 927 280 > Intl. +353 (0) 59 9183072 > Direct Dial: +353 (0)59 9183090 > Fax. +353 (0) 59 9164239 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From bpumphrey at woodmclaw.com Tue Jun 20 22:08:35 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Tue Jun 20 22:08:44 2006 Subject: Checking Suspected E-Mails Message-ID: <04D932B0071FE34FA63EBB1977B48D150148A0F9@woodenex.woodmaclaw.local> I might have to jump on the bandwagon noting that it could use to be better. I have no idea how to write a rule, but I can put input sometimes. Out of about 1500 message a day, mine blocks maybe 3-10 emails per day with the double extension. I have sent out a email to all in the company explaining why these sort of files get blocked. It blows my mind why people dumbingly put double extensions on file names, but that is besides the point. I do not do anything with the blocked ones unless a user request it to be released. From campbell at cnpapers.com Tue Jun 20 22:09:48 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Tue Jun 20 22:10:04 2006 Subject: Notifying Recipients of Blocked Messages References: <9C63A4713C4E3342B90428CE44806A7302679782@PHSXMB5.partners.org> Message-ID: <001001c694ad$dd457e90$0705000a@DDF5DW71> Andrew, ----- Original Message ----- From: "Kaplan, Andrew H." To: "MailScanner discussion" Sent: Tuesday, June 20, 2006 4:35 PM Subject: RE: Notifying Recipients of Blocked Messages > At the risk of sounding like a complete idiot, what is the line(s) in > question > in the MailScanner.conf file? Sorry... That was my point, but a general one, at that. Some options in some config files don't seem to indicate what they are used for. But in this case, I think you'll find it pretty easily. Actually, you should scan the Mailscanner.conf file and read the paragraph above each config option. You might even scan the file for "Notify" to see all of the different options. If you haven't read the conf file from beginning to end, you're missing a lot of ideas you could be doing with MS. You won't remember them all or what they do, but at least you'll be slightly familiar. Don't worry about ever sounding like a complete idiot on this list, as we have all done that here on this list at one time or another. And most of us have ask the same kind of config questions before also. Remember, the only stupid question is the one you never ask, or how ever that goes. Steve > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve > Campbell > Sent: Tuesday, June 20, 2006 2:12 PM > To: MailScanner discussion > Subject: Re: Notifying Recipients of Blocked Messages > > > ----- Original Message ----- > From: "Michele Neylon :: Blacknight.ie" > To: "MailScanner discussion" > Sent: Tuesday, June 20, 2006 1:39 PM > Subject: Re: Notifying Recipients of Blocked Messages > > >> Kaplan, Andrew H. wrote: >>> Hi there - >>> >>> >>> >>> How do I determine if recipients of blocked messages are being notified, >> >> Check your mail logs >> >>> and how would I configure MailScanner to do that? Thanks. >> >> It's the default setting in MailScanner.conf, so unless you changed it >> you shouldn't have to do anything >> > If you don't know what to change, how do you know if you changed it or > not? > > Steve > >> >> -- >> Mr Michele Neylon >> Blacknight Solutions >> Quality Business Hosting & Colocation >> http://www.blacknight.ie/ >> Tel. 1850 927 280 >> Intl. +353 (0) 59 9183072 >> Direct Dial: +353 (0)59 9183090 >> Fax. +353 (0) 59 9164239 >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From arturs at netvision.net.il Tue Jun 20 23:11:56 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Tue Jun 20 22:14:11 2006 Subject: MailScanner eats memory out Message-ID: <01bc01c694b6$8b5c5280$3701a8c0@lapxp> Hi, This started recently, probably after I have installed RDJ. The server has 1GB of memory and was happily utilizing ~300 of it. Now it eats up everything. When I rebooted the server and checked 'top' there hardly was 30MB free, which then climbed to ~120MB. 'ps' shows this: --- [root@ns1 ~]# ps -eo\%cpu,\%mem,size,rss,pid,cmd |sort -rnk1 | head -20 3.6 18.6 240324 193140 3056 MailScanner: waiting for messages 3.5 16.6 240316 171920 3023 MailScanner: waiting for messages 3.4 16.2 240316 168192 3022 MailScanner: waiting for messages 3.4 15.4 240380 160320 3021 MailScanner: waiting for messages 3.3 12.2 240316 126784 2279 MailScanner: waiting for messages 0.3 0.0 1476 508 1 init [3] 0.2 0.0 0 0 40 [kswapd0] %CPU %MEM SZ RSS PID CMD 0.0 0.6 44492 6520 2212 clamav-milter --config-file=/etc/clamd.conf --max-children=10 --force-scan --quiet --dont-log-clean --noreject -obl local:/var/run/clamav/clmilter.sock 0.0 0.6 17628 7164 2278 MailScanner: master waiting for children, sleeping 0.0 0.4 7312 4624 2911 /usr/sbin/httpd 0.0 0.3 7312 3280 2960 /usr/sbin/httpd 0.0 0.3 7312 3280 2959 /usr/sbin/httpd 0.0 0.3 7312 3280 2479 /usr/sbin/httpd 0.0 0.3 7312 3280 2478 /usr/sbin/httpd 0.0 0.3 7312 3280 2477 /usr/sbin/httpd 0.0 0.3 7312 3280 2476 /usr/sbin/httpd 0.0 0.3 7312 3256 2475 /usr/sbin/httpd 0.0 0.3 7312 3240 2474 /usr/sbin/httpd 0.0 0.3 7312 3236 2473 /usr/sbin/httpd --- Which clearly shows that MS is responcible for this. Please mention that this was in quitest time - actually no mails at that time in maillog. Does anyone has a clue what to do in this case? Thanks. Best, -- Arthur Sherman +972-52-4878851 CPTeam From mike at vesol.com Tue Jun 20 22:26:16 2006 From: mike at vesol.com (Mike Kercher) Date: Tue Jun 20 22:26:29 2006 Subject: MailScanner eats memory out In-Reply-To: <01bc01c694b6$8b5c5280$3701a8c0@lapxp> Message-ID: mailscanner-bounces@lists.mailscanner.info <> scribbled on : > Hi, > > This started recently, probably after I have installed RDJ. > > The server has 1GB of memory and was happily utilizing ~300 of it. > Now it eats up everything. > When I rebooted the server and checked 'top' there hardly was > 30MB free, which then climbed to ~120MB. > > 'ps' shows this: > --- > [root@ns1 ~]# ps -eo\%cpu,\%mem,size,rss,pid,cmd |sort -rnk1 >> head -20 > 3.6 18.6 240324 193140 3056 MailScanner: waiting for messages > 3.5 16.6 240316 171920 3023 MailScanner: waiting for messages > 3.4 16.2 240316 168192 3022 MailScanner: waiting for messages > 3.4 15.4 240380 160320 3021 MailScanner: waiting for messages > 3.3 12.2 240316 126784 2279 MailScanner: waiting for messages > 0.3 0.0 1476 508 1 init [3] > > 0.2 0.0 0 0 40 [kswapd0] > %CPU %MEM SZ RSS PID CMD > 0.0 0.6 44492 6520 2212 clamav-milter > --config-file=/etc/clamd.conf --max-children=10 --force-scan > --quiet --dont-log-clean --noreject -obl > local:/var/run/clamav/clmilter.sock > 0.0 0.6 17628 7164 2278 MailScanner: master waiting for > children, sleeping 0.0 0.4 7312 4624 2911 /usr/sbin/httpd > 0.0 0.3 7312 3280 2960 /usr/sbin/httpd 0.0 0.3 7312 3280 > 2959 /usr/sbin/httpd 0.0 0.3 7312 3280 2479 /usr/sbin/httpd > 0.0 0.3 7312 3280 2478 /usr/sbin/httpd 0.0 0.3 7312 3280 > 2477 /usr/sbin/httpd 0.0 0.3 7312 3280 2476 /usr/sbin/httpd > 0.0 0.3 7312 3256 2475 /usr/sbin/httpd 0.0 0.3 7312 3240 > 2474 /usr/sbin/httpd 0.0 0.3 7312 3236 2473 /usr/sbin/httpd > --- > > Which clearly shows that MS is responcible for this. > Please mention that this was in quitest time - actually no > mails at that time in maillog. > > Does anyone has a clue what to do in this case? Which rulesets did you get from RDJ? I'd remove them and start adding one by one until you find the culprit. Mike From mkettler at evi-inc.com Tue Jun 20 22:27:56 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Jun 20 22:28:05 2006 Subject: MailScanner eats memory out In-Reply-To: <01bc01c694b6$8b5c5280$3701a8c0@lapxp> References: <01bc01c694b6$8b5c5280$3701a8c0@lapxp> Message-ID: <4498685C.9050302@evi-inc.com> Arthur Sherman wrote: > Hi, > > This started recently, probably after I have installed RDJ. > > The server has 1GB of memory and was happily utilizing ~300 of it. > Now it eats up everything. > When I rebooted the server and checked 'top' there hardly was 30MB free, > which then climbed to ~120MB. Any chance you recently added any add-on rulesets to spamassassin? Most notably, any chance you added sa-blacklist*.cf? From arturs at netvision.net.il Wed Jun 21 00:00:50 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Tue Jun 20 23:02:47 2006 Subject: MailScanner eats memory out In-Reply-To: <4498685C.9050302@evi-inc.com> Message-ID: <01c101c694bd$603eb550$3701a8c0@lapxp> > > Hi, > > > > This started recently, probably after I have installed RDJ. > > > > The server has 1GB of memory and was happily utilizing ~300 of it. > > Now it eats up everything. > > When I rebooted the server and checked 'top' there hardly > was 30MB free, > > which then climbed to ~120MB. > > Any chance you recently added any add-on rulesets to > spamassassin? Most notably, > any chance you added sa-blacklist*.cf? I do have sa-blacklist.current.uri.cf. Is it evil? Best, -- Arthur Sherman +972-52-4878851 CPTeam From arturs at netvision.net.il Wed Jun 21 00:00:50 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Tue Jun 20 23:02:50 2006 Subject: what rules do you use with RDJ? Message-ID: <01c201c694bd$606995e0$3701a8c0@lapxp> Hi, I wonder what set of rules do you use with RDJ so to 1)stay on a safe side, 2)not to overload a server? Best, -- Arthur Sherman +972-52-4878851 CPTeam From arturs at netvision.net.il Wed Jun 21 00:00:50 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Tue Jun 20 23:02:53 2006 Subject: MailScanner eats memory out In-Reply-To: Message-ID: <01c301c694bd$60995870$3701a8c0@lapxp> > > Hi, > > > > This started recently, probably after I have installed RDJ. > > > > The server has 1GB of memory and was happily utilizing ~300 of it. > > Now it eats up everything. > > When I rebooted the server and checked 'top' there hardly was > > 30MB free, which then climbed to ~120MB. > > > > 'ps' shows this: > > --- > > [root@ns1 ~]# ps -eo\%cpu,\%mem,size,rss,pid,cmd |sort -rnk1 > >> head -20 > > 3.6 18.6 240324 193140 3056 MailScanner: waiting for messages > > 3.5 16.6 240316 171920 3023 MailScanner: waiting for messages > > 3.4 16.2 240316 168192 3022 MailScanner: waiting for messages > > 3.4 15.4 240380 160320 3021 MailScanner: waiting for messages > > 3.3 12.2 240316 126784 2279 MailScanner: waiting for messages > > 0.3 0.0 1476 508 1 init [3] > > > > 0.2 0.0 0 0 40 [kswapd0] > > %CPU %MEM SZ RSS PID CMD > > 0.0 0.6 44492 6520 2212 clamav-milter > > --config-file=/etc/clamd.conf --max-children=10 --force-scan > > --quiet --dont-log-clean --noreject -obl > > local:/var/run/clamav/clmilter.sock > > 0.0 0.6 17628 7164 2278 MailScanner: master waiting for > > children, sleeping 0.0 0.4 7312 4624 2911 /usr/sbin/httpd > > 0.0 0.3 7312 3280 2960 /usr/sbin/httpd 0.0 0.3 7312 3280 > > 2959 /usr/sbin/httpd 0.0 0.3 7312 3280 2479 /usr/sbin/httpd > > 0.0 0.3 7312 3280 2478 /usr/sbin/httpd 0.0 0.3 7312 3280 > > 2477 /usr/sbin/httpd 0.0 0.3 7312 3280 2476 /usr/sbin/httpd > > 0.0 0.3 7312 3256 2475 /usr/sbin/httpd 0.0 0.3 7312 3240 > > 2474 /usr/sbin/httpd 0.0 0.3 7312 3236 2473 /usr/sbin/httpd > > --- > > > > Which clearly shows that MS is responcible for this. > > Please mention that this was in quitest time - actually no > > mails at that time in maillog. > > > > Does anyone has a clue what to do in this case? > > Which rulesets did you get from RDJ? I'd remove them and start adding > one by one until you find the culprit. > > Mike Well, actually I have added almost everything. Now, there comes next question: what rules do you use with RDJ? I'll take it to another thread better... Best, -- Arthur Sherman +972-52-4878851 CPTeam From alex at nkpanama.com Tue Jun 20 22:48:10 2006 From: alex at nkpanama.com (Alex Neuman) Date: Tue Jun 20 23:06:52 2006 Subject: MAILSCANNER BLOCK LINK In-Reply-To: <1150832062.20962.62.camel@localhost.localdomain> References: <1150832062.20962.62.camel@localhost.localdomain> Message-ID: <44986D1A.1020304@nkpanama.com> marlo - raidbr escribi?: > Hi, is there any way to block .exe links that is in the body message > from an e-mail ? > > thank you > > Marlo Binsfeld > > Yes, there are actually several. The easiest would be to use a SpamAssassin rule during the spam scan or during MCP scan. You would have to assign a regular expression for a URL ending in \.exe$ a score of, say, 1000 or something ridiculously high. From uxbod at splatnix.net Wed Jun 21 00:06:48 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Tue Jun 20 23:07:11 2006 Subject: MailScanner eats memory out In-Reply-To: References: <01bc01c694b6$8b5c5280$3701a8c0@lapxp> Message-ID: <20060620230648.415de289@cyborg> Surely MS spawns SA as a child process so would it cosume the memory ? If anything a memory leak would be the culprit somewhere ? On Tue, 20 Jun 2006 16:26:16 -0500 "Mike Kercher" wrote: > mailscanner-bounces@lists.mailscanner.info <> scribbled on : > > > Hi, > > > > This started recently, probably after I have installed RDJ. > > > > The server has 1GB of memory and was happily utilizing ~300 of it. > > Now it eats up everything. > > When I rebooted the server and checked 'top' there hardly was > > 30MB free, which then climbed to ~120MB. > > > > 'ps' shows this: > > --- > > [root@ns1 ~]# ps -eo\%cpu,\%mem,size,rss,pid,cmd |sort -rnk1 > >> head -20 > > 3.6 18.6 240324 193140 3056 MailScanner: waiting for messages > > 3.5 16.6 240316 171920 3023 MailScanner: waiting for messages > > 3.4 16.2 240316 168192 3022 MailScanner: waiting for messages > > 3.4 15.4 240380 160320 3021 MailScanner: waiting for messages > > 3.3 12.2 240316 126784 2279 MailScanner: waiting for messages > > 0.3 0.0 1476 508 1 init [3] > > > > 0.2 0.0 0 0 40 [kswapd0] > > %CPU %MEM SZ RSS PID CMD > > 0.0 0.6 44492 6520 2212 clamav-milter > > --config-file=/etc/clamd.conf --max-children=10 --force-scan > > --quiet --dont-log-clean --noreject -obl > > local:/var/run/clamav/clmilter.sock > > 0.0 0.6 17628 7164 2278 MailScanner: master waiting for > > children, sleeping 0.0 0.4 7312 4624 2911 /usr/sbin/httpd > > 0.0 0.3 7312 3280 2960 /usr/sbin/httpd 0.0 0.3 7312 3280 > > 2959 /usr/sbin/httpd 0.0 0.3 7312 3280 2479 /usr/sbin/httpd > > 0.0 0.3 7312 3280 2478 /usr/sbin/httpd 0.0 0.3 7312 3280 > > 2477 /usr/sbin/httpd 0.0 0.3 7312 3280 2476 /usr/sbin/httpd > > 0.0 0.3 7312 3256 2475 /usr/sbin/httpd 0.0 0.3 7312 3240 > > 2474 /usr/sbin/httpd 0.0 0.3 7312 3236 2473 /usr/sbin/httpd > > --- > > > > Which clearly shows that MS is responcible for this. > > Please mention that this was in quitest time - actually no > > mails at that time in maillog. > > > > Does anyone has a clue what to do in this case? > > Which rulesets did you get from RDJ? I'd remove them and start adding > one by one until you find the culprit. > > Mike > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From arturs at netvision.net.il Wed Jun 21 00:09:12 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Tue Jun 20 23:11:08 2006 Subject: MailScanner eats memory out--SOLVED In-Reply-To: <4498685C.9050302@evi-inc.com> Message-ID: <01c401c694be$8b6c3760$3701a8c0@lapxp> > Arthur Sherman wrote: > > Hi, > > > > This started recently, probably after I have installed RDJ. > > > > The server has 1GB of memory and was happily utilizing ~300 of it. > > Now it eats up everything. > > When I rebooted the server and checked 'top' there hardly > was 30MB free, > > which then climbed to ~120MB. > > Any chance you recently added any add-on rulesets to > spamassassin? Most notably, > any chance you added sa-blacklist*.cf? THANKS, Mike and Matt, The issue was blacklist and blacklist-URI rules, indeed. After removed, the load is back to normal. Best, -- Arthur Sherman +972-52-4878851 CPTeam From mkettler at evi-inc.com Tue Jun 20 23:16:26 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Jun 20 23:16:34 2006 Subject: MailScanner eats memory out In-Reply-To: <01c101c694bd$603eb550$3701a8c0@lapxp> References: <01c101c694bd$603eb550$3701a8c0@lapxp> Message-ID: <449873BA.8080101@evi-inc.com> Arthur Sherman wrote: >>> Hi, >>> >>> This started recently, probably after I have installed RDJ. >>> >>> The server has 1GB of memory and was happily utilizing ~300 of it. >>> Now it eats up everything. >>> When I rebooted the server and checked 'top' there hardly >> was 30MB free, >>> which then climbed to ~120MB. >> Any chance you recently added any add-on rulesets to >> spamassassin? Most notably, >> any chance you added sa-blacklist*.cf? > > I do have sa-blacklist.current.uri.cf. > Is it evil? Yes, it is a well-known *MASSIVE* consumer of memory, and is almost certainly the source of your current problems. Each of the sa-blacklist*.cf files is known to burn up about 100 megs of ram per instance of SA. I mean, look at the size of the file.. It's 3.6 megs in rule file format. Generally a rule file will expand very considerably when parsed and loaded into memory. Growth is typically at least a factor of 10, and in some cases closer to 50. I generally suggest you should be very wary of including any rule file over 128k. This file is more than 27 times bigger than that. Besides, the file is 100% redundant with the URIBL_WS_SURBL, which is a fairly light weight test, but does need DNS lookups. From mkettler at evi-inc.com Tue Jun 20 23:24:19 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Jun 20 23:24:28 2006 Subject: what rules do you use with RDJ? In-Reply-To: <01c201c694bd$606995e0$3701a8c0@lapxp> References: <01c201c694bd$606995e0$3701a8c0@lapxp> Message-ID: <44987593.1070102@evi-inc.com> Arthur Sherman wrote: > Hi, > > I wonder what set of rules do you use with RDJ so to 1)stay on a safe side, > 2)not to overload a server? > > I use: TRUSTED_RULESETS="SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 SARE_RANDOM SARE_ADULT SARE_SPECIFIC SARE_GENLSUBJ0 SARE_OBFU0 SARE_URI0 SARE_HTML0"; I also use 70_sare_stocks.cf, but I don't RDJ it at the moment. On top of this, I have about 15 small files of local custom rules I've added. Most of these are fairly specific to my site or test rules. The only general one is a ruleset I made to use the RelayCountry plugin data. If you're interested in that, a version is up on the spamassassin list archives: http://mail-archives.apache.org/mod_mbox/spamassassin-users/200511.mbox/%3C437642C3.2080300@evi-inc.com%3E Note: Don't use antidrug unless you're running SA older than 3.0.0. From mkettler at evi-inc.com Tue Jun 20 23:26:40 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Jun 20 23:26:49 2006 Subject: MailScanner eats memory out In-Reply-To: <20060620230648.415de289@cyborg> References: <01bc01c694b6$8b5c5280$3701a8c0@lapxp> <20060620230648.415de289@cyborg> Message-ID: <44987620.6070700@evi-inc.com> --[UxBoD]-- wrote: > Surely MS spawns SA as a child process so would it cosume the memory ? If anything a memory leak would be the culprit somewhere ? > Surely MS wouldn't do anything so slow and wasteful. MS is written in perl, SA is written in perl and has a perl API spec. MS directly loads the SA into itself using the perl API. This means that each mailscanner child acts as it's own spamd, and its size is largely dominated by SA. From uxbod at splatnix.net Wed Jun 21 00:26:46 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Tue Jun 20 23:27:10 2006 Subject: MailScanner eats memory out In-Reply-To: <01c301c694bd$60995870$3701a8c0@lapxp> References: <01c301c694bd$60995870$3701a8c0@lapxp> Message-ID: <20060620232646.4d08ebc1@cyborg> This is what I get and running SARE etc ... %CPU %MEM SZ RSS PID CMD 0.0 8.1 70992 73548 25063 MailScanner: waiting for messages 0.0 8.1 70940 73436 25318 MailScanner: waiting for messages 0.0 8.1 70932 73560 25201 MailScanner: waiting for messages 0.0 8.0 70660 73192 25401 MailScanner: waiting for messages 0.0 8.0 70628 73176 25351 MailScanner: waiting for messages On Wed, 21 Jun 2006 01:00:50 +0200 Arthur Sherman wrote: > > > Hi, > > > > > > This started recently, probably after I have installed RDJ. > > > > > > The server has 1GB of memory and was happily utilizing ~300 of it. > > > Now it eats up everything. > > > When I rebooted the server and checked 'top' there hardly was > > > 30MB free, which then climbed to ~120MB. > > > > > > 'ps' shows this: > > > --- > > > [root@ns1 ~]# ps -eo\%cpu,\%mem,size,rss,pid,cmd |sort -rnk1 > > >> head -20 > > > 3.6 18.6 240324 193140 3056 MailScanner: waiting for messages > > > 3.5 16.6 240316 171920 3023 MailScanner: waiting for messages > > > 3.4 16.2 240316 168192 3022 MailScanner: waiting for messages > > > 3.4 15.4 240380 160320 3021 MailScanner: waiting for messages > > > 3.3 12.2 240316 126784 2279 MailScanner: waiting for messages > > > 0.3 0.0 1476 508 1 init [3] > > > > > > 0.2 0.0 0 0 40 [kswapd0] > > > %CPU %MEM SZ RSS PID CMD > > > 0.0 0.6 44492 6520 2212 clamav-milter > > > --config-file=/etc/clamd.conf --max-children=10 --force-scan > > > --quiet --dont-log-clean --noreject -obl > > > local:/var/run/clamav/clmilter.sock > > > 0.0 0.6 17628 7164 2278 MailScanner: master waiting for > > > children, sleeping 0.0 0.4 7312 4624 2911 /usr/sbin/httpd > > > 0.0 0.3 7312 3280 2960 /usr/sbin/httpd 0.0 0.3 7312 3280 > > > 2959 /usr/sbin/httpd 0.0 0.3 7312 3280 2479 /usr/sbin/httpd > > > 0.0 0.3 7312 3280 2478 /usr/sbin/httpd 0.0 0.3 7312 3280 > > > 2477 /usr/sbin/httpd 0.0 0.3 7312 3280 2476 /usr/sbin/httpd > > > 0.0 0.3 7312 3256 2475 /usr/sbin/httpd 0.0 0.3 7312 3240 > > > 2474 /usr/sbin/httpd 0.0 0.3 7312 3236 2473 /usr/sbin/httpd > > > --- > > > > > > Which clearly shows that MS is responcible for this. > > > Please mention that this was in quitest time - actually no > > > mails at that time in maillog. > > > > > > Does anyone has a clue what to do in this case? > > > > Which rulesets did you get from RDJ? I'd remove them and start adding > > one by one until you find the culprit. > > > > Mike > > Well, actually I have added almost everything. > Now, there comes next question: what rules do you use with RDJ? > I'll take it to another thread better... > > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Wed Jun 21 00:48:28 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Tue Jun 20 23:48:48 2006 Subject: MailScanner eats memory out In-Reply-To: <44987620.6070700@evi-inc.com> References: <01bc01c694b6$8b5c5280$3701a8c0@lapxp> <20060620230648.415de289@cyborg> <44987620.6070700@evi-inc.com> Message-ID: <20060620234828.61d2f905@cyborg> Useful to know - learn something new everyday. Perhaps a watcher script for memory usage ? On Tue, 20 Jun 2006 18:26:40 -0400 Matt Kettler wrote: > --[UxBoD]-- wrote: > > Surely MS spawns SA as a child process so would it cosume the memory ? If anything a memory leak would be the culprit somewhere ? > > > > Surely MS wouldn't do anything so slow and wasteful. > > MS is written in perl, SA is written in perl and has a perl API spec. > > MS directly loads the SA into itself using the perl API. This means that each > mailscanner child acts as it's own spamd, and its size is largely dominated by SA. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From arturs at netvision.net.il Wed Jun 21 01:06:16 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Wed Jun 21 00:08:12 2006 Subject: MailScanner eats memory out In-Reply-To: <44987620.6070700@evi-inc.com> Message-ID: <01c501c694c6$846f4d00$3701a8c0@lapxp> Hi Matt, > MS directly loads the SA into itself using the perl API. This > means that each > mailscanner child acts as it's own spamd, and its size is > largely dominated by SA. So that means I could control its size with some spamassassin config? Thank you. Best, -- Arthur Sherman +972-52-4878851 CPTeam From uxbod at splatnix.net Wed Jun 21 01:21:14 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Wed Jun 21 00:21:35 2006 Subject: MailScanner eats memory out In-Reply-To: <01c501c694c6$846f4d00$3701a8c0@lapxp> References: <44987620.6070700@evi-inc.com> <01c501c694c6$846f4d00$3701a8c0@lapxp> Message-ID: <20060621002114.3f715c9a@cyborg> By reducing what SA does I guess. Less work = Less Load ? On Wed, 21 Jun 2006 02:06:16 +0200 Arthur Sherman wrote: > Hi Matt, > > > MS directly loads the SA into itself using the perl API. This > > means that each > > mailscanner child acts as it's own spamd, and its size is > > largely dominated by SA. > > So that means I could control its size with some spamassassin config? > > Thank you. > > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From arturs at netvision.net.il Wed Jun 21 01:23:41 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Wed Jun 21 00:25:37 2006 Subject: MailScanner eats memory out In-Reply-To: <20060621002114.3f715c9a@cyborg> Message-ID: <01ca01c694c8$f2f57360$3701a8c0@lapxp> > By reducing what SA does I guess. Less work = Less Load ? :)) Too tired for today... I am better off to sleep. Good night! Best, -- Arthur Sherman +972-52-4878851 CPTeam From ssilva at sgvwater.com Wed Jun 21 05:44:42 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 21 05:45:06 2006 Subject: Spamassassin false negatives In-Reply-To: <200606191501.17573.dyioulos@firstbhph.com> References: <200606191501.17573.dyioulos@firstbhph.com> Message-ID: Dimitri Yioulos spake the following on 6/19/2006 12:01 PM: > Hello all. > > I'm not sure if this is the 100% correct place to ask (if not, > apologoes), but: > > I recently upgraded to MS 4.54.6-1 running on a CentOS 3.7 box. I'm > also running sendmail-8.12.11-4.RHEL3.6 and SA 3.0.4-1. Up until > recently, my setup was catching every piece of spam entering our > system. But lately (not sure exactly when this started), I'm getting > a faair number of false negatives. Curiously, most of the rule hits > now are bayes, DCC, pyzor, razor and rbl. That isn't bad, of course, > but I would think, based on the content of the spam, that I'd be > hitting a lot more rules (I have several SARE rulesets installed). > Really, I haven't changed my MS configuration much, and am puzzled as > to why more rules aren't being hit. Your insights would be > appreciated. > > Dimitri > Spammers look at the same things that you do. They are like cockroaches, they adapt and keep on trying. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From febrianto at sioenasia.com Wed Jun 21 08:37:31 2006 From: febrianto at sioenasia.com (Budi Febrianto) Date: Wed Jun 21 08:33:26 2006 Subject: OOT: Bayes ignore_from In-Reply-To: Message-ID: Hi, Sorry, this might be out of topic. In spam.assassin.prefs.conf, is this possible: bayes_ignore_from *@returns.groups.yahoo.com I try it, but bayes still learn emails from yahoogroups. Best Regards From shuttlebox at gmail.com Wed Jun 21 08:33:26 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Jun 21 08:33:31 2006 Subject: whitelist lint problems... In-Reply-To: <4498003E.8010902@thehostmasters.com> References: <4498003E.8010902@thehostmasters.com> Message-ID: <625385e30606210033x3dd332f2xd93d4943b4efbbef@mail.gmail.com> On 6/20/06, Rob Morin wrote: > No matter what i do i keep getting > > [24084] warn: config: failed to parse line, skipping: > /opt/MailScanner/etc/rules/spam.whitelist.rules > > any ideas? Are you editing the file on the MailScanner system or on a Windows PC? That has gotten a lot of people into trouble before because of different ways of representing line breaks. -- /peter From martinh at solid-state-logic.com Wed Jun 21 09:07:29 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 21 09:07:43 2006 Subject: what rules do you use with RDJ? In-Reply-To: <01c201c694bd$606995e0$3701a8c0@lapxp> Message-ID: <005b01c69509$bfc04150$3004010a@martinhlaptop> Arthur See http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassi n:rules:recommended I've also got a load of other rules in there as well as the Maxsec ones mentioned, must get around to updating these soon. The SARE_STOCK being especially useful. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Arthur Sherman > Sent: 21 June 2006 00:01 > To: 'MailScanner discussion' > Subject: what rules do you use with RDJ? > > Hi, > > I wonder what set of rules do you use with RDJ so to 1)stay on a safe > side, > 2)not to overload a server? > > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Wed Jun 21 10:16:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 21 10:16:50 2006 Subject: whitelist lint problems... In-Reply-To: <625385e30606210033x3dd332f2xd93d4943b4efbbef@mail.gmail.com> References: <4498003E.8010902@thehostmasters.com> <625385e30606210033x3dd332f2xd93d4943b4efbbef@mail.gmail.com> Message-ID: On 21 Jun 2006, at 08:33, shuttlebox wrote: > On 6/20/06, Rob Morin wrote: >> No matter what i do i keep getting >> >> [24084] warn: config: failed to parse line, skipping: >> /opt/MailScanner/etc/rules/spam.whitelist.rules >> >> any ideas? > > Are you editing the file on the MailScanner system or on a Windows PC? > That has gotten a lot of people into trouble before because of > different ways of representing line breaks. Also check your text editor didn't break up 1 long line into 2 short ones. That would certainly cause this error. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From rajlinux at gmail.com Wed Jun 21 10:59:18 2006 From: rajlinux at gmail.com (Raj) Date: Wed Jun 21 10:59:20 2006 Subject: giving scores in blacklist or configuring some email ids in blacklist to be high scoring spam In-Reply-To: <5f638b360606192250g7b67188dy2927507ced270fc5@mail.gmail.com> References: <5f638b360606192250g7b67188dy2927507ced270fc5@mail.gmail.com> Message-ID: <912a0c6a0606210259p212732d2kf1c1d462b0f7e0ca@mail.gmail.com> U can compleatly block the domain using "/etc/mail/access" dont go for scores of spamming if you are sure the mails are comming from unwanted domain. i dont know much about postfix, I am using sendmail Here u can give dwboston.com DISCARD it will discard all mails from that domain. U can find the same kind of setup on postfix also. On 6/20/06, ankush grover wrote: > > hey friends, > > > How do I give scores in blacklist? For example if I am receiving mails > from a particular domain and I want to reject the mails from that > domain totally. How can I do with blacklist ? > > I have defined few spammers in my list and now I don't want to receive > any mails from them. I have set High Scoring Spam Actions = delete in > MailScanner.conf > > From: magd@dwboston.com yes > From: royaligeara@comteck.com yes > From: hohnbrynmor@amiga.com yes > > How I can configure these emails to be high scoring spam ? > > I am using MailScanner 4.44 with Postfix 2.1.5 on FC3. > > Thanks & Regards > > Ankush Grover > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Regards Rajeev Sekhar ph 9822751120 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060621/7750a587/attachment.html From jgg at giversen.net Wed Jun 21 11:50:24 2006 From: jgg at giversen.net (sysadm) Date: Wed Jun 21 11:50:11 2006 Subject: OT: Exim rewriting Message-ID: <44992470.3020400@giversen.net> Dear all I am tired of people sending mails not following the (RFC-2822) Some companies does not ad the DATE: header in their newsletters/mails. However I cannot just delete those mails. I have tried to contact those companies without any luck. I have decided to ad the DATE header in my MTA (exim), if it does not exist already, but how do I do that ? OS: CentOS 4.3 MTA: Exim 4.43 Regards jg From martinh at solid-state-logic.com Wed Jun 21 11:59:23 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 21 11:59:29 2006 Subject: Exim rewriting In-Reply-To: <44992470.3020400@giversen.net> Message-ID: <00e501c69521$c131e5d0$3004010a@martinhlaptop> Hi Prob best to ask on the exim users list - all the guru's hang out there. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of sysadm > Sent: 21 June 2006 11:50 > To: mailscanner@lists.mailscanner.info > Subject: OT: Exim rewriting > > Dear all > I am tired of people sending mails not following the (RFC-2822) Some > companies does not ad the DATE: header in their newsletters/mails. > However I cannot just delete those mails. I have tried to contact those > companies without any luck. I have decided to ad the DATE header in my > MTA (exim), if it does not exist already, but how do I do that ? > > OS: CentOS 4.3 > MTA: Exim 4.43 > > > Regards jg > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From rajlinux at gmail.com Wed Jun 21 13:05:01 2006 From: rajlinux at gmail.com (Raj) Date: Wed Jun 21 13:05:02 2006 Subject: can we block mails with perticular subject line Message-ID: <912a0c6a0606210505w3410e02bmd24d396c681f0332@mail.gmail.com> Can we block any particular subject line in MailScanner i mean if subject have words like Viagra, sex, fuck etc.. can we block them ? MailScanner is working very well blocking with extension like *.exe. I am facing too many problem with spams these days. Some time spamassassin fails to recognise the spams. So can we block them with its subject line. it is possible on qmail by QTRAP. it blockes mails with customised words. i gone through docs of MS, But fails to find such function out of it. If this is possible on MS that will be great. -- Regards Rajeev Sekhar ph 9822751120 From dhawal at netmagicsolutions.com Wed Jun 21 13:22:43 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Jun 21 13:23:04 2006 Subject: can we block mails with perticular subject line In-Reply-To: <912a0c6a0606210505w3410e02bmd24d396c681f0332@mail.gmail.com> References: <912a0c6a0606210505w3410e02bmd24d396c681f0332@mail.gmail.com> Message-ID: <44993A13.8020708@netmagicsolutions.com> Raj wrote: > Can we block any particular subject line in MailScanner > i mean if subject have words like Viagra, sex, fuck etc.. can we block > them ? > MailScanner is working very well blocking with extension like *.exe. > > I am facing too many problem with spams these days. Some time > spamassassin fails to recognise the spams. So can we block them with > its subject line. > > it is possible on qmail by QTRAP. it blockes mails with customised words. > > i gone through docs of MS, But fails to find such function out of it. > If this is possible on MS that will be great. To reject completely, use features/options at your MTA level. To block/quarantine see: http://wiki.apache.org/spamassassin/WhiteListSubjectPlugin. There is also the possible option of using MCP, but i do not know how. - dhawal From shuttlebox at gmail.com Wed Jun 21 13:26:39 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Jun 21 13:26:43 2006 Subject: can we block mails with perticular subject line In-Reply-To: <912a0c6a0606210505w3410e02bmd24d396c681f0332@mail.gmail.com> References: <912a0c6a0606210505w3410e02bmd24d396c681f0332@mail.gmail.com> Message-ID: <625385e30606210526u6db8ca1dv83331e56996f9276@mail.gmail.com> On 6/21/06, Raj wrote: > Can we block any particular subject line in MailScanner > i mean if subject have words like Viagra, sex, fuck etc.. can we block them ? > MailScanner is working very well blocking with extension like *.exe. > > I am facing too many problem with spams these days. Some time > spamassassin fails to recognise the spams. So can we block them with > its subject line. > > it is possible on qmail by QTRAP. it blockes mails with customised words. > > i gone through docs of MS, But fails to find such function out of it. > If this is possible on MS that will be great. Just make your own SA rule (in any .cf file): describe local_sub Banned subject words header local_sub Subject =~ /\bviagra|fuck|sex\b/i score local_sub 0.1 Check with spamassassin --lint for syntax errors. -- /peter From martinh at solid-state-logic.com Wed Jun 21 13:35:45 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 21 13:35:51 2006 Subject: can we block mails with perticular subject line In-Reply-To: <912a0c6a0606210505w3410e02bmd24d396c681f0332@mail.gmail.com> Message-ID: <012001c6952f$37cbea30$3004010a@martinhlaptop> Rajeev Also check out the extra rules in www.rulesdujour.com Especially the SARE rules and the Other-rules. I'd also check you've got the URI-RBL plugin installed and working too. This helps a lot in catching the image spams. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Raj > Sent: 21 June 2006 13:05 > To: mailscanner@lists.mailscanner.info > Subject: can we block mails with perticular subject line > > Can we block any particular subject line in MailScanner > i mean if subject have words like Viagra, sex, fuck etc.. can we block > them ? > MailScanner is working very well blocking with extension like *.exe. > > I am facing too many problem with spams these days. Some time > spamassassin fails to recognise the spams. So can we block them with > its subject line. > > it is possible on qmail by QTRAP. it blockes mails with customised words. > > i gone through docs of MS, But fails to find such function out of it. > If this is possible on MS that will be great. > > > > -- > Regards > Rajeev Sekhar > ph 9822751120 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From jgg at giversen.net Wed Jun 21 13:56:19 2006 From: jgg at giversen.net (sysadm) Date: Wed Jun 21 13:56:24 2006 Subject: Exim rewriting In-Reply-To: <00e501c69521$c131e5d0$3004010a@martinhlaptop> References: <00e501c69521$c131e5d0$3004010a@martinhlaptop> Message-ID: <449941F3.50403@giversen.net> Martin Hepworth skrev: > Hi > > Prob best to ask on the exim users list - all the guru's hang out there. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of sysadm >> Sent: 21 June 2006 11:50 >> To: mailscanner@lists.mailscanner.info >> Subject: OT: Exim rewriting >> >> Dear all >> I am tired of people sending mails not following the (RFC-2822) Some >> companies does not ad the DATE: header in their newsletters/mails. >> However I cannot just delete those mails. I have tried to contact those >> companies without any luck. I have decided to ad the DATE header in my >> MTA (exim), if it does not exist already, but how do I do that ? >> >> OS: CentOS 4.3 >> MTA: Exim 4.43 >> >> >> Regards jg >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> Thanks I will do that regards jg From mailscanner at grunta.com Wed Jun 21 14:17:30 2006 From: mailscanner at grunta.com (grant beattie) Date: Wed Jun 21 14:17:41 2006 Subject: OT: Exim rewriting In-Reply-To: <44992470.3020400@giversen.net> References: <44992470.3020400@giversen.net> Message-ID: <20060621131730.GA7082@fang> On Wed, Jun 21, 2006 at 12:50:24PM +0200, sysadm wrote: > Dear all > I am tired of people sending mails not following the (RFC-2822) Some > companies does not ad the DATE: header in their newsletters/mails. > However I cannot just delete those mails. I have tried to contact those > companies without any luck. I have decided to ad the DATE header in my > MTA (exim), if it does not exist already, but how do I do that ? put something like this in your data acl: warn add_header = Date: $tod_full condition = ${if !def:h_Date: {1}} grant. From daniel.maher at ubisoft.com Wed Jun 21 14:22:04 2006 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Wed Jun 21 14:22:08 2006 Subject: what rules do you use with RDJ? Message-ID: <1E293D3FF63A3740B10AD5AAD88535D20226CF21@UBIMAIL1.ubisoft.org> TRUSTED_RULESETS="ANTIDRUG SARE_ADULT SARE_OBFU0 SARE_URI0 SARE_FRAUD SARE_BML SARE_SPOOF SARE_HEADER0 SARE_SPECIFIC" Unlike many organizations, we don't use TRIPWIRE. This is because our company legitimately deals with a lot of non-English email, and TRIPWIRE is really geared towards the English language. The "0" rulesets, when they exist, are generally "safe" as well. -- Daniel Maher Administrateur Syst?me Unix Unix System Administrator Sentio aliquos togatos contra me conspirare. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Arthur Sherman Sent: June 20, 2006 7:01 PM To: MailScanner discussion Subject: what rules do you use with RDJ? Hi, I wonder what set of rules do you use with RDJ so to 1)stay on a safe side, 2)not to overload a server? Best, -- Arthur Sherman +972-52-4878851 CPTeam -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From daniel.maher at ubisoft.com Wed Jun 21 14:25:21 2006 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Wed Jun 21 14:25:23 2006 Subject: what rules do you use with RDJ? Message-ID: <1E293D3FF63A3740B10AD5AAD88535D20226CF22@UBIMAIL1.ubisoft.org> When you say "SA older than 3.0.0", do you mean 2.9.9 and below, or 3.0.1 and above? Also, what are the reasons for this statement? I currently have Antidrug enabled, and if I shouldn't be using it, I suppose I should turn it off. :) -- Daniel Maher Administrateur Syst?me Unix Unix System Administrator Sentio aliquos togatos contra me conspirare. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Kettler Sent: June 20, 2006 6:24 PM To: MailScanner discussion Subject: Re: what rules do you use with RDJ? Arthur Sherman wrote: > Hi, > > I wonder what set of rules do you use with RDJ so to 1)stay on a safe side, > 2)not to overload a server? > > I use: TRUSTED_RULESETS="SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 SARE_RANDOM SARE_ADULT SARE_SPECIFIC SARE_GENLSUBJ0 SARE_OBFU0 SARE_URI0 SARE_HTML0"; I also use 70_sare_stocks.cf, but I don't RDJ it at the moment. On top of this, I have about 15 small files of local custom rules I've added. Most of these are fairly specific to my site or test rules. The only general one is a ruleset I made to use the RelayCountry plugin data. If you're interested in that, a version is up on the spamassassin list archives: http://mail-archives.apache.org/mod_mbox/spamassassin-users/200511.mbox/%3C437642C3.2080300@evi-inc.com%3E Note: Don't use antidrug unless you're running SA older than 3.0.0. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mkettler at evi-inc.com Wed Jun 21 16:29:29 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Jun 21 16:29:42 2006 Subject: MailScanner eats memory out In-Reply-To: <20060620234828.61d2f905@cyborg> References: <01bc01c694b6$8b5c5280$3701a8c0@lapxp> <20060620230648.415de289@cyborg> <44987620.6070700@evi-inc.com> <20060620234828.61d2f905@cyborg> Message-ID: <449965D9.1050603@evi-inc.com> --[UxBoD]-- wrote: > Useful to know - learn something new everyday. Perhaps a watcher script for memory usage ? There's dozens of such tools out there. I use bigsister to alert me to server issues. I monitor disk, memory, network services, and running processes. From mkettler at evi-inc.com Wed Jun 21 16:33:19 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Jun 21 16:33:33 2006 Subject: MailScanner eats memory out In-Reply-To: <01c501c694c6$846f4d00$3701a8c0@lapxp> References: <01c501c694c6$846f4d00$3701a8c0@lapxp> Message-ID: <449966BF.3090008@evi-inc.com> Arthur Sherman wrote: > Hi Matt, > >> MS directly loads the SA into itself using the perl API. This >> means that each >> mailscanner child acts as it's own spamd, and its size is >> largely dominated by SA. > > So that means I could control its size with some spamassassin config? Indirectly, yes. SA's memory footprint is a function of the rules and features you have enabled. If you remove rules and turn off features, the memory use goes down. However, there's no option like "max_mem 30mb" in SpamAssassin. From rob at thehostmasters.com Wed Jun 21 17:47:13 2006 From: rob at thehostmasters.com (Rob Morin) Date: Wed Jun 21 17:47:20 2006 Subject: whitelist lint problems... In-Reply-To: References: <4498003E.8010902@thehostmasters.com> <625385e30606210033x3dd332f2xd93d4943b4efbbef@mail.gmail.com> Message-ID: <44997811.1040706@thehostmasters.com> I fixed it , i had a duplicate entry for that path in my spam.assassin.prefs.conf file as pasted below # While you can white list here but see below for a better place. # White list addresses should be added in # /opt/MailScanner/etc/rules/spam.whitelist.rules # Black list addresses should be added in # /opt/MailScanner/etc/rules/spam.blacklist.rules # FSL Notes: we need to set the default rule for: # Is Definitely Spam = no # to: # %rules-dir/spam.blacklist.rules # and create a default rules-dir/spam.blacklist.rules file I commented it back out like above and all was ok.... Weird, no? Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Julian Field wrote: > > On 21 Jun 2006, at 08:33, shuttlebox wrote: > >> On 6/20/06, Rob Morin wrote: >>> No matter what i do i keep getting >>> >>> [24084] warn: config: failed to parse line, skipping: >>> /opt/MailScanner/etc/rules/spam.whitelist.rules >>> >>> any ideas? >> >> Are you editing the file on the MailScanner system or on a Windows PC? >> That has gotten a lot of people into trouble before because of >> different ways of representing line breaks. > > Also check your text editor didn't break up 1 long line into 2 short > ones. That would certainly cause this error. > --Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mkettler at evi-inc.com Wed Jun 21 18:18:32 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Jun 21 18:18:40 2006 Subject: what rules do you use with RDJ? In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D20226CF22@UBIMAIL1.ubisoft.org> References: <1E293D3FF63A3740B10AD5AAD88535D20226CF22@UBIMAIL1.ubisoft.org> Message-ID: <44997F68.8010002@evi-inc.com> Daniel Maher wrote: > When you say "SA older than 3.0.0", do you mean 2.9.9 and below, or 3.0.1 and above? I mean 2.* (also note that this family didn't number things in the format of 2.9.9, they used the format 2.64) All versions of SA from 3.0.0 and up already have antidrug included in the standard ruleset. If you download and use antidrug.cf you'll downgrade any improvements the SA devs might have made to the rules. > Note: Don't use antidrug unless you're running SA older than 3.0.0. > From mkettler at evi-inc.com Wed Jun 21 18:21:32 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Jun 21 18:21:40 2006 Subject: OOT: Bayes ignore_from In-Reply-To: References: Message-ID: <4499801C.8080305@evi-inc.com> Budi Febrianto wrote: > Hi, > Sorry, this might be out of topic. > > In spam.assassin.prefs.conf, is this possible: > > bayes_ignore_from *@returns.groups.yahoo.com > > I try it, but bayes still learn emails from yahoogroups. > That should work, but only if you have envelope_sender_header set correctly. Try adding: envelope_sender_header X-MailScanner-From From AHKAPLAN at PARTNERS.ORG Wed Jun 21 20:15:04 2006 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Wed Jun 21 20:15:12 2006 Subject: Notifying Recipients of Blocked Messages Message-ID: <9C63A4713C4E3342B90428CE44806A7302679785@PHSXMB5.partners.org> Hi there -- I am going through the MailScanner.conf file to locate the recipient notification configuration, and came across several areas: # Set how to invoke MTA when sending messages MailScanner has created # (e.g. to sender/recipient saying "found a virus in your message") # This can also be the filename of a ruleset. Sendmail = /usr/lib/sendmail The /usr/lib/sendmail is a link to /usr/sbin/sendmail. Would it be better to have the line in question point directly to the latter? Also, would changing it as such enable the recipient to receive the above notification? # Still deliver (after cleaning) messages that contained viruses # listed in the above option ("Silent Viruses") to the recipient? # Setting this to "yes" is good when you are testing everything, and # because it shows management that MailScanner is protecting them, # but it is bad because they have to filter/delete all the incoming # virus warnings. # # Note: Once you have deployed this into "production" use, you should # Note: set this option to "no" so you don't bombard thousands of # Note: people with useless messages they don't want! # # This can also be the filename of a ruleset. Still Deliver Silent Viruses = no If I change the value from no to yes, will that activate notification of the recipient of a virus in their e-mail? If these aren't the areas where recipient notification is configured, can someone point out the section in question? Thanks. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Campbell Sent: Tuesday, June 20, 2006 5:10 PM To: MailScanner discussion Subject: Re: Notifying Recipients of Blocked Messages Andrew, ----- Original Message ----- From: "Kaplan, Andrew H." To: "MailScanner discussion" Sent: Tuesday, June 20, 2006 4:35 PM Subject: RE: Notifying Recipients of Blocked Messages > At the risk of sounding like a complete idiot, what is the line(s) in > question > in the MailScanner.conf file? Sorry... That was my point, but a general one, at that. Some options in some config files don't seem to indicate what they are used for. But in this case, I think you'll find it pretty easily. Actually, you should scan the Mailscanner.conf file and read the paragraph above each config option. You might even scan the file for "Notify" to see all of the different options. If you haven't read the conf file from beginning to end, you're missing a lot of ideas you could be doing with MS. You won't remember them all or what they do, but at least you'll be slightly familiar. Don't worry about ever sounding like a complete idiot on this list, as we have all done that here on this list at one time or another. And most of us have ask the same kind of config questions before also. Remember, the only stupid question is the one you never ask, or how ever that goes. Steve > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve > Campbell > Sent: Tuesday, June 20, 2006 2:12 PM > To: MailScanner discussion > Subject: Re: Notifying Recipients of Blocked Messages > > > ----- Original Message ----- > From: "Michele Neylon :: Blacknight.ie" > To: "MailScanner discussion" > Sent: Tuesday, June 20, 2006 1:39 PM > Subject: Re: Notifying Recipients of Blocked Messages > > >> Kaplan, Andrew H. wrote: >>> Hi there - >>> >>> >>> >>> How do I determine if recipients of blocked messages are being notified, >> >> Check your mail logs >> >>> and how would I configure MailScanner to do that? Thanks. >> >> It's the default setting in MailScanner.conf, so unless you changed it >> you shouldn't have to do anything >> > If you don't know what to change, how do you know if you changed it or > not? > > Steve > >> >> -- >> Mr Michele Neylon >> Blacknight Solutions >> Quality Business Hosting & Colocation >> http://www.blacknight.ie/ >> Tel. 1850 927 280 >> Intl. +353 (0) 59 9183072 >> Direct Dial: +353 (0)59 9183090 >> Fax. +353 (0) 59 9164239 >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From bpumphrey at woodmclaw.com Wed Jun 21 20:43:01 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Wed Jun 21 20:43:04 2006 Subject: what rules do you use with RDJ? Message-ID: <04D932B0071FE34FA63EBB1977B48D15014F2061@woodenex.woodmaclaw.local> > > Arthur Sherman wrote: > > Hi, > > > > I wonder what set of rules do you use with RDJ so to 1)stay on a safe > side, > > 2)not to overload a server? > > > > I use: TRUSTED_RULESETS=" ANTIDRUG SARE_ADULT SARE_BAYES_POISON_NXM SARE_BML SARE_EVILNUMBERS2 SARE_FRAUD SARE_GENLSUBJ0 SARE_GENLSUBJ1 SARE_GENLSUBJ2 SARE_GENLSUBJ3 SARE_HTML0 SARE_HTML1 SARE_HTML2 SARE_HTML3 SARE_HTML0 SARE_HTML1 SARE_HTML2 SARE_HTML3 SARE_OBFU SARE_OEM SARE_RANDOM SARE_REDIRECT_POST300 SARE_SPAMCOP_TOP200 SARE_SPECIFIC SARE_SPOOF SARE_STOCKS SARE_UNSUB SARE_URI0 SARE_URI1 SARE_URI3 SARE_WHITELIST_SPF SARE_WHITELIST_RCVD TRIPWIRE " From bpumphrey at woodmclaw.com Wed Jun 21 20:47:55 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Wed Jun 21 20:47:58 2006 Subject: what rules do you use with RDJ? Message-ID: <04D932B0071FE34FA63EBB1977B48D15014F2064@woodenex.woodmaclaw.local> > > Note: Don't use antidrug unless you're running SA older than 3.0.0. > I took mine out via your suggestion. From MailScanner at ecs.soton.ac.uk Wed Jun 21 20:51:17 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 21 20:51:36 2006 Subject: Notifying Recipients of Blocked Messages In-Reply-To: <9C63A4713C4E3342B90428CE44806A7302679785@PHSXMB5.partners.org> References: <9C63A4713C4E3342B90428CE44806A7302679785@PHSXMB5.partners.org> Message-ID: You've got it about right. All viruses these days are messages which are 100% virus data and no useful information at all. So there's little point in notifying users of stuff they never asked for nor wanted in the first place. Doesn't matter, is the answer to your first question. On Wed21 Jun 06, at 20:15, Kaplan, Andrew H. wrote: > Hi there -- > > I am going through the MailScanner.conf file to locate the recipient > notification configuration, and came across several areas: > > # Set how to invoke MTA when sending messages MailScanner has created > # (e.g. to sender/recipient saying "found a virus in your message") > # This can also be the filename of a ruleset. > Sendmail = /usr/lib/sendmail > > The /usr/lib/sendmail is a link to /usr/sbin/sendmail. Would it be > better to > have the line in question point directly to the latter? Also, would > changing > it as such enable the recipient to receive the above notification? > > # Still deliver (after cleaning) messages that contained viruses > # listed in the above option ("Silent Viruses") to the > recipient? > # Setting this to "yes" is good when you are testing everything, and > # because it shows management that MailScanner is protecting them, > # but it is bad because they have to filter/delete all the incoming > # virus warnings. > # > # Note: Once you have deployed this into "production" use, you should > # Note: set this option to "no" so you don't bombard thousands of > # Note: people with useless messages they don't want! > # > # This can also be the filename of a ruleset. > Still Deliver Silent Viruses = no > > If I change the value from no to yes, will that activate > notification of the > recipient of a virus in their e-mail? > > If these aren't the areas where recipient notification is > configured, can > someone point out the section in question? Thanks. > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Steve Campbell > Sent: Tuesday, June 20, 2006 5:10 PM > To: MailScanner discussion > Subject: Re: Notifying Recipients of Blocked Messages > > Andrew, > > ----- Original Message ----- > From: "Kaplan, Andrew H." > To: "MailScanner discussion" > Sent: Tuesday, June 20, 2006 4:35 PM > Subject: RE: Notifying Recipients of Blocked Messages > > >> At the risk of sounding like a complete idiot, what is the line(s) in >> question >> in the MailScanner.conf file? Sorry... > > That was my point, but a general one, at that. Some options in some > config > files don't seem to indicate what they are used for. But in this > case, I > think you'll find it pretty easily. > > Actually, you should scan the Mailscanner.conf file and read the > paragraph > above each config option. You might even scan the file for "Notify" > to see > all of the different options. > > If you haven't read the conf file from beginning to end, you're > missing a > lot of ideas you could be doing with MS. You won't remember them > all or what > they do, but at least you'll be slightly familiar. > > Don't worry about ever sounding like a complete idiot on this list, > as we > have all done that here on this list at one time or another. And > most of us > have ask the same kind of config questions before also. Remember, > the only > stupid question is the one you never ask, or how ever that goes. > > Steve >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> Steve >> Campbell >> Sent: Tuesday, June 20, 2006 2:12 PM >> To: MailScanner discussion >> Subject: Re: Notifying Recipients of Blocked Messages >> >> >> ----- Original Message ----- >> From: "Michele Neylon :: Blacknight.ie" >> To: "MailScanner discussion" >> Sent: Tuesday, June 20, 2006 1:39 PM >> Subject: Re: Notifying Recipients of Blocked Messages >> >> >>> Kaplan, Andrew H. wrote: >>>> Hi there - >>>> >>>> >>>> >>>> How do I determine if recipients of blocked messages are being >>>> notified, >>> >>> Check your mail logs >>> >>>> and how would I configure MailScanner to do that? Thanks. >>> >>> It's the default setting in MailScanner.conf, so unless you >>> changed it >>> you shouldn't have to do anything >>> >> If you don't know what to change, how do you know if you changed >> it or >> not? >> >> Steve >> >>> >>> -- >>> Mr Michele Neylon >>> Blacknight Solutions >>> Quality Business Hosting & Colocation >>> http://www.blacknight.ie/ >>> Tel. 1850 927 280 >>> Intl. +353 (0) 59 9183072 >>> Direct Dial: +353 (0)59 9183090 >>> Fax. +353 (0) 59 9164239 >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From bpumphrey at woodmclaw.com Wed Jun 21 21:20:22 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Wed Jun 21 21:20:25 2006 Subject: what rules do you use with RDJ? Message-ID: <04D932B0071FE34FA63EBB1977B48D15014F209D@woodenex.woodmaclaw.local> My updated list of rdj rules: TRUSTED_RULESETS=" BOGUSVIRUS RANDOMVAL SARE_ADULT SARE_BAYES_POISON_NXM SARE_BML SARE_CODING SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 SARE_EVILNUMBERS2 SARE_FRAUD SARE_GENLSUBJ0 SARE_GENLSUBJ1 SARE_GENLSUBJ2 SARE_GENLSUBJ3 SARE_HEADER SARE_HEADER0 SARE_HEADER1 SARE_HTML0 SARE_HTML1 SARE_HTML2 SARE_HTML3 SARE_HTML0 SARE_HTML1 SARE_HTML2 SARE_HTML3 SARE_OBFU SARE_OEM SARE_RANDOM SARE_REDIRECT_POST300 SARE_SPAMCOP_TOP200 SARE_SPECIFIC SARE_SPOOF SARE_STOCKS SARE_UNSUB SARE_URI SARE_URI_ENG SARE_URI0 SARE_URI1 SARE_URI3 SARE_WHITELIST_SPF SARE_WHITELIST_RCVD TRIPWIRE " -------------------------------------------------------- | Billy Pumphrey | http://www.billypumphrey.com | | IT Manager | http://www.guitartrainer.com | | Wooden & McLaughlin | | -------------------------------------------------------- From res at ausics.net Wed Jun 21 21:20:45 2006 From: res at ausics.net (Res) Date: Wed Jun 21 21:20:54 2006 Subject: can we block mails with perticular subject line In-Reply-To: <44993A13.8020708@netmagicsolutions.com> References: <912a0c6a0606210505w3410e02bmd24d396c681f0332@mail.gmail.com> <44993A13.8020708@netmagicsolutions.com> Message-ID: On Wed, 21 Jun 2006, Dhawal Doshy wrote: > To reject completely, use features/options at your MTA level. Most if not all MTA's can not do this as the subject is regarded as par tof "DATA" > > To block/quarantine see: > http://wiki.apache.org/spamassassin/WhiteListSubjectPlugin. Maybe he doesnt want to use this spamassassin rubbish ? whoch is why he is asking -- Cheers Res From arturs at netvision.net.il Wed Jun 21 22:35:03 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Wed Jun 21 21:37:03 2006 Subject: what rules do you use with RDJ? In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15014F2064@woodenex.woodmaclaw.local> Message-ID: <023601c6957a$8e60dfe0$3701a8c0@lapxp> Thank you very much! This list is very friendly and helpful, I must admit. Best, -- Arthur Sherman +972-52-4878851 CPTeam From arturs at netvision.net.il Wed Jun 21 22:35:03 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Wed Jun 21 21:37:08 2006 Subject: MailScanner eats memory out In-Reply-To: <449966BF.3090008@evi-inc.com> Message-ID: <023b01c6957a$8eed8f80$3701a8c0@lapxp> Thank you all. Best, -- Arthur Sherman +972-52-4878851 CPTeam From glenn.steen at gmail.com Wed Jun 21 21:51:27 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Jun 21 21:51:30 2006 Subject: can we block mails with perticular subject line In-Reply-To: References: <912a0c6a0606210505w3410e02bmd24d396c681f0332@mail.gmail.com> <44993A13.8020708@netmagicsolutions.com> Message-ID: <223f97700606211351p5c743330k67378440dde698e1@mail.gmail.com> On 21/06/06, Res wrote: > On Wed, 21 Jun 2006, Dhawal Doshy wrote: > > > To reject completely, use features/options at your MTA level. > > Most if not all MTA's can not do this as the subject is regarded as par > tof "DATA" Postfix (which I know Dahwal uses) is very well capable of rejecting due to any pattern on headers or body. Usually rejections will be effected at RCPT TO: or after DATA (in compliance with the RFCs). Why rejections due to DATA content (header or body) wouldn't be possible in any particular MTA... Well, it is more a limitation in that MTA than anything else;-). And no, I'm not looking for an MTA war:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From doc at maddoc.net Wed Jun 21 22:01:01 2006 From: doc at maddoc.net (Doc Schneider) Date: Wed Jun 21 22:01:05 2006 Subject: can we block mails with perticular subject line In-Reply-To: <012001c6952f$37cbea30$3004010a@martinhlaptop> References: <012001c6952f$37cbea30$3004010a@martinhlaptop> Message-ID: <4499B38D.6000401@maddoc.net> Martin Hepworth wrote: > Rajeev > > Also check out the extra rules in www.rulesdujour.com > > Especially the SARE rules and the Other-rules. > > I'd also check you've got the URI-RBL plugin installed and working too. This > helps a lot in catching the image spams. I think you meant to say http://www.rulesemporium.com/ -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From alex at nkpanama.com Thu Jun 22 02:29:58 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jun 22 02:30:30 2006 Subject: can we block mails with perticular subject line In-Reply-To: References: <912a0c6a0606210505w3410e02bmd24d396c681f0332@mail.gmail.com> <44993A13.8020708@netmagicsolutions.com> Message-ID: <4499F296.4000909@nkpanama.com> Res wrote: > On Wed, 21 Jun 2006, Dhawal Doshy wrote: > >> To reject completely, use features/options at your MTA level. > > Most if not all MTA's can not do this as the subject is regarded as > par tof "DATA" > >> >> To block/quarantine see: >> http://wiki.apache.org/spamassassin/WhiteListSubjectPlugin. > > Maybe he doesnt want to use this spamassassin rubbish ? > whoch is why he is asking > Yeah, that spamassassin rubbish sucks.... NOT! ;-) From gmane at thomasr.us Thu Jun 22 08:22:36 2006 From: gmane at thomasr.us (bob12321) Date: Thu Jun 22 08:25:07 2006 Subject: (\x01)BOUNDARY_OUTLOOK Messages? References: <001101c63eca$9981e2e0$3004010a@martinhlaptop> Message-ID: > Had a few of these this morning - seem to have stopped now..maybe broken > spammer?!!? > > > > > -----Original Message----- > > From: mailscanner-bounces lists.mailscanner.info [mailto:mailscanner- > > bounces lists.mailscanner.info] On Behalf Of Joshua Hirsh > > Sent: 03 March 2006 13:56 > > To: MailScanner discussion > > Subject: OT: (\x01)BOUNDARY_OUTLOOK Messages? > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > Martin Hepworth solid-state-logic.com> writes: yes the email could be clean but a email viruis might use a fake fookmark to make a person think that it was checked for a virus and persnaly i got some of the BOUNDARY_OUTLOOK emails today the from feild is empety and the recived by email adresses are in teh bogon range in this case the ip was 10.54.114.13 and for some reason there was an return email adress tkope@uswebcon.com wich is a email adress from an macheney company but i think it is just gmails spam fiter going kinda crazy. From martinh at solid-state-logic.com Thu Jun 22 09:05:47 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jun 22 09:05:58 2006 Subject: can we block mails with perticular subject line In-Reply-To: <4499B38D.6000401@maddoc.net> Message-ID: <009801c695d2$ab7eea10$3004010a@martinhlaptop> Doc Err yeah... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Doc Schneider > Sent: 21 June 2006 22:01 > To: MailScanner discussion > Subject: Re: can we block mails with perticular subject line > > Martin Hepworth wrote: > > Rajeev > > > > Also check out the extra rules in www.rulesdujour.com > > > > Especially the SARE rules and the Other-rules. > > > > I'd also check you've got the URI-RBL plugin installed and working too. > This > > helps a lot in catching the image spams. > > I think you meant to say http://www.rulesemporium.com/ > > > > -- > -Doc > Lincoln, NE. > http://www.genealogyforyou.com/ > http://www.cairnproductions.com/ > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From res at ausics.net Thu Jun 22 11:03:29 2006 From: res at ausics.net (Res) Date: Thu Jun 22 11:03:39 2006 Subject: can we block mails with perticular subject line In-Reply-To: <4499F296.4000909@nkpanama.com> References: <912a0c6a0606210505w3410e02bmd24d396c681f0332@mail.gmail.com> <44993A13.8020708@netmagicsolutions.com> <4499F296.4000909@nkpanama.com> Message-ID: On Wed, 21 Jun 2006, Alex Neuman van der Hans wrote: > Res wrote: >> On Wed, 21 Jun 2006, Dhawal Doshy wrote: >> >>> To reject completely, use features/options at your MTA level. >> >> Most if not all MTA's can not do this as the subject is regarded as par tof >> "DATA" >> >>> >>> To block/quarantine see: >>> http://wiki.apache.org/spamassassin/WhiteListSubjectPlugin. >> >> Maybe he doesnt want to use this spamassassin rubbish ? >> whoch is why he is asking >> > Yeah, that spamassassin rubbish sucks.... NOT! ;-) sure..... on little systems :) It would be adventagous to have a subject file in MailScanner itself for those like us who dont/cant run SA on workhorses if we want our usewrs to get mail the same year, as a national wholesaler we get very angry customers, when their customers takes 2 days to get mail cause SA is so f$#@'d -- Cheers Res From dhawal at netmagicsolutions.com Thu Jun 22 11:23:50 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Jun 22 11:24:00 2006 Subject: can we block mails with perticular subject line In-Reply-To: References: <912a0c6a0606210505w3410e02bmd24d396c681f0332@mail.gmail.com> <44993A13.8020708@netmagicsolutions.com> <4499F296.4000909@nkpanama.com> Message-ID: <449A6FB6.5060208@netmagicsolutions.com> Res wrote: > On Wed, 21 Jun 2006, Alex Neuman van der Hans wrote: > >> Res wrote: >>> On Wed, 21 Jun 2006, Dhawal Doshy wrote: >>> >>>> To reject completely, use features/options at your MTA level. >>> >>> Most if not all MTA's can not do this as the subject is regarded as >>> par tof "DATA" As Glenn stated..Postfix can do it, sendmail can do it as well (google for it). >>>> To block/quarantine see: >>>> http://wiki.apache.org/spamassassin/WhiteListSubjectPlugin. >>> >>> Maybe he doesnt want to use this spamassassin rubbish ? >>> whoch is why he is asking >>> >> Yeah, that spamassassin rubbish sucks.... NOT! ;-) > > sure..... on little systems :) > It would be adventagous to have a subject file in MailScanner itself for > those like us who dont/cant run SA on workhorses if we want our usewrs > to get mail the same year, as a national wholesaler we get very angry > customers, when their customers takes 2 days to get mail cause SA is so > f$#@'d Res, there is something fundamentally wrong in your setup if mails take such a long time to get delivered.. You are NOT the only mail setup with multi-million mails getting delivered on a daily basis. You probably are expecting way too much from your hardware.. content filtering IS and WILL be a resource hungry function.. have you considered adding more resources to your setup??? SA works really well for most (if not all) of us. Time for the pot to stop calling the kettle black (or whatever the phrase may be). - dhawal From martinh at solid-state-logic.com Thu Jun 22 11:27:28 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jun 22 11:27:43 2006 Subject: can we block mails with perticular subject line In-Reply-To: Message-ID: <00d901c695e6$76697fc0$3004010a@martinhlaptop> RAM is the big thing here. The more RAM the better. If you've got a latency issue caused my MS/SA looking at the tuning guide on the wiki and get some more RAM. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Res > Sent: 22 June 2006 11:03 > To: MailScanner discussion > Subject: Re: can we block mails with perticular subject line > > On Wed, 21 Jun 2006, Alex Neuman van der Hans wrote: > > > Res wrote: > >> On Wed, 21 Jun 2006, Dhawal Doshy wrote: > >> > >>> To reject completely, use features/options at your MTA level. > >> > >> Most if not all MTA's can not do this as the subject is regarded as par > tof > >> "DATA" > >> > >>> > >>> To block/quarantine see: > >>> http://wiki.apache.org/spamassassin/WhiteListSubjectPlugin. > >> > >> Maybe he doesnt want to use this spamassassin rubbish ? > >> whoch is why he is asking > >> > > Yeah, that spamassassin rubbish sucks.... NOT! ;-) > > sure..... on little systems :) > It would be adventagous to have a subject file in MailScanner itself for > those like us who dont/cant run SA on workhorses if we want our usewrs to > get mail the same year, as a national wholesaler we get very angry > customers, when their customers takes 2 days to get mail cause SA is so > f$#@'d > > > > -- > Cheers > Res > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From edwardbruce at sbcglobal.net Thu Jun 22 13:50:24 2006 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Thu Jun 22 13:50:30 2006 Subject: what rules do you use with RDJ? In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15014F209D@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15014F209D@woodenex.woodmaclaw.local> Message-ID: <449A9210.2030007@sbcglobal.net> Top posting so sue me :) Why do you have the SARE_HTML's listed twice? Billy A. Pumphrey wrote: > My updated list of rdj rules: > > TRUSTED_RULESETS=" > BOGUSVIRUS > RANDOMVAL > SARE_ADULT > SARE_BAYES_POISON_NXM > SARE_BML > SARE_CODING > SARE_EVILNUMBERS0 > SARE_EVILNUMBERS1 > SARE_EVILNUMBERS2 > SARE_FRAUD > SARE_GENLSUBJ0 > SARE_GENLSUBJ1 > SARE_GENLSUBJ2 > SARE_GENLSUBJ3 > SARE_HEADER > SARE_HEADER0 > SARE_HEADER1 > SARE_HTML0 > SARE_HTML1 > SARE_HTML2 > SARE_HTML3 > SARE_HTML0 > SARE_HTML1 > SARE_HTML2 > SARE_HTML3 > SARE_OBFU > SARE_OEM > SARE_RANDOM > SARE_REDIRECT_POST300 > SARE_SPAMCOP_TOP200 > SARE_SPECIFIC > SARE_SPOOF > SARE_STOCKS > SARE_UNSUB > SARE_URI > SARE_URI_ENG > SARE_URI0 > SARE_URI1 > SARE_URI3 > SARE_WHITELIST_SPF > SARE_WHITELIST_RCVD > TRIPWIRE > " > > -------------------------------------------------------- > | Billy Pumphrey | http://www.billypumphrey.com | > | IT Manager | http://www.guitartrainer.com | > | Wooden & McLaughlin | | > -------------------------------------------------------- > From bpumphrey at woodmclaw.com Thu Jun 22 16:55:53 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Thu Jun 22 16:56:00 2006 Subject: what rules do you use with RDJ? Message-ID: <04D932B0071FE34FA63EBB1977B48D15014F22F8@woodenex.woodmaclaw.local> > > Top posting so sue me :) Why do you have the SARE_HTML's listed twice? > > Billy A. Pumphrey wrote: > > My updated list of rdj rules: > > > > TRUSTED_RULESETS=" > > BOGUSVIRUS > > RANDOMVAL > > SARE_ADULT > > SARE_BAYES_POISON_NXM > > SARE_BML > > SARE_CODING > > SARE_EVILNUMBERS0 > > SARE_EVILNUMBERS1 > > SARE_EVILNUMBERS2 > > SARE_FRAUD > > SARE_GENLSUBJ0 > > SARE_GENLSUBJ1 > > SARE_GENLSUBJ2 > > SARE_GENLSUBJ3 > > SARE_HEADER > > SARE_HEADER0 > > SARE_HEADER1 > > SARE_HTML0 > > SARE_HTML1 > > SARE_HTML2 > > SARE_HTML3 > > SARE_HTML0 > > SARE_HTML1 > > SARE_HTML2 > > SARE_HTML3 > > SARE_OBFU > > SARE_OEM > > SARE_RANDOM > > SARE_REDIRECT_POST300 > > SARE_SPAMCOP_TOP200 > > SARE_SPECIFIC > > SARE_SPOOF > > SARE_STOCKS > > SARE_UNSUB > > SARE_URI > > SARE_URI_ENG > > SARE_URI0 > > SARE_URI1 > > SARE_URI3 > > SARE_WHITELIST_SPF > > SARE_WHITELIST_RCVD > > TRIPWIRE > > " > > Good question! I will take them out, after I go to the court house and file a order to sue you for top posting ha. From t.d.lee at durham.ac.uk Thu Jun 22 17:10:19 2006 From: t.d.lee at durham.ac.uk (David Lee) Date: Thu Jun 22 17:11:05 2006 Subject: Filename problem Message-ID: (MailScanner version 4.50.14: a little old, I know, but probably irrelevant.) We recently had a report from a user of a ".jar" file that didn't get through. Instead it seemed to trip over "filename.rules.conf". The (default) text of the replaced attachment was: -------------- The original e-mail attachment "enable.jar" is on the list of unacceptable attachments for this site and has been replaced by this warning message. [...] the virus scanner said: MailScanner: Very long filenames are good signs of attacks against Microsoft e-mail packages (SelectInfoorPr1.cla) -------------- In "filename.rules.conf", the relevant rule seems to be the (default?): deny .{150,} [...] Any idea what might be going on? The filename is believed to be a simple "enable.jar", and yet MS is reporting about "SelectInfoorPr1.cla" and about some file whose name exceeds 150 characters. (Have I overlooked something in the comments? FAQ? MAQ?) Thanks. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : Durham University : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From dhawal at netmagicsolutions.com Thu Jun 22 17:21:27 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Jun 22 17:21:36 2006 Subject: Filename problem In-Reply-To: References: Message-ID: <449AC387.7060902@netmagicsolutions.com> David Lee wrote: > (MailScanner version 4.50.14: a little old, I know, but probably > irrelevant.) > > We recently had a report from a user of a ".jar" file that didn't get > through. Instead it seemed to trip over "filename.rules.conf". > > The (default) text of the replaced attachment was: > -------------- > The original e-mail attachment "enable.jar" > is on the list of unacceptable attachments for this site and has been > replaced by this warning message. > > [...] the virus scanner said: > MailScanner: Very long filenames are good signs of attacks against > Microsoft > e-mail packages (SelectInfoorPr1.cla) > -------------- > > In "filename.rules.conf", the relevant rule seems to be the (default?): > > deny .{150,} [...] > > Any idea what might be going on? The filename is believed to be a simple > "enable.jar", and yet MS is reporting about "SelectInfoorPr1.cla" and > about some file whose name exceeds 150 characters. > > (Have I overlooked something in the comments? FAQ? MAQ?) See http://mailscanner.info/MailScanner.conf.index.html#Maximum%20Archive%20Depth - dhawal From ssilva at sgvwater.com Thu Jun 22 17:24:47 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 22 17:26:08 2006 Subject: Filename problem In-Reply-To: References: Message-ID: David Lee spake the following on 6/22/2006 9:10 AM: > (MailScanner version 4.50.14: a little old, I know, but probably > irrelevant.) > > We recently had a report from a user of a ".jar" file that didn't get > through. Instead it seemed to trip over "filename.rules.conf". > > The (default) text of the replaced attachment was: > -------------- > The original e-mail attachment "enable.jar" > is on the list of unacceptable attachments for this site and has been > replaced by this warning message. > > [...] the virus scanner said: > MailScanner: Very long filenames are good signs of attacks against > Microsoft > e-mail packages (SelectInfoorPr1.cla) > -------------- > > In "filename.rules.conf", the relevant rule seems to be the (default?): > > deny .{150,} [...] > > Any idea what might be going on? The filename is believed to be a simple > "enable.jar", and yet MS is reporting about "SelectInfoorPr1.cla" and > about some file whose name exceeds 150 characters. > > (Have I overlooked something in the comments? FAQ? MAQ?) > > Thanks. > You need to look in the logs to get more detail, as the filename in the response message is "sanitized", and the real name could be much longer. I have added the code for the message ID in all my reports to make it easier to find the message in the logs. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From uxbod at splatnix.net Thu Jun 22 18:31:49 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Thu Jun 22 17:32:13 2006 Subject: Filename problem In-Reply-To: References: Message-ID: <20060622173149.43a50c3f@cyborg> jar is a container though and it is reporting about SelectInfoorPr1.class I reckon ... can unrar/gunzip open a jar file ? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From chris at tac.esi.net Thu Jun 22 17:43:31 2006 From: chris at tac.esi.net (Chris Hammond) Date: Thu Jun 22 17:43:48 2006 Subject: MailScanner Install Script Message-ID: <449A909A.B662.0038.0@tac.esi.net> I setup a subversion repository using a VMware VM called Vastbox on my home machine and have been working with a fellow MailScanner user and many changes have been made to the script. Brad is doing a full install run on the script that he has and if all goes well, another major commit will happen today hopefully and I will put it online. If anyone else has made changes to the script, please let me know as I would like to add these changes if possible. Since it is GLP you don't necessarily have to but it would be appreciated. Since the repo is in a VM on my main machine, I don't want to put out the IP yet until I am comfortable that can not be taken advantage of but those that have changed they would like to add to the script, I will give access to the repo. Thank Chris From lshaw at emitinc.com Thu Jun 22 17:52:47 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Thu Jun 22 17:52:55 2006 Subject: Filename problem In-Reply-To: <20060622173149.43a50c3f@cyborg> References: <20060622173149.43a50c3f@cyborg> Message-ID: On Thu, 22 Jun 2006, --[UxBoD]-- wrote: > jar is a container though and it is reporting about > SelectInfoorPr1.class I reckon ... can unrar/gunzip > open a jar file ? A jar file is zip file with special rules about its contents. You can use any zip utility (that can handle a zip file that has the "wrong" extension), or you can use the "jar" utility from the command line. I believe "jar" works a lot like tar does: you can do "jar -tvf foo.jar", for example. - Logan From ewallig at aerocontractors.com Thu Jun 22 18:17:21 2006 From: ewallig at aerocontractors.com (Ed Wallig) Date: Thu Jun 22 18:17:35 2006 Subject: Strip outgoing digital certs, vcf, etc? Message-ID: <010901c6961f$b91a9f00$320217ac@ACL.int> Hi, Version 4.54.6 on CentOS 4.3 using Postfix 2.1.5 - is there any way to strip outgoing mail of things like digital signatures/certificates, vcf cards, etc? We use an internal CA for email signing which is intended only to verify message validity for internal or webmail clients for the local domain. Sending a signed message is (currently) unnecessary to remote domains and it recently has caused some problems for a couple of our vendors; they don't recognize the signature as valid. We're not looking to purchase a "trusted" certificate for email signing at this time and it will likely be too big of a hassle to get the vendors to trust our CA cert. I don't want to strip regular attachments (or even encrypted attachments for the most part) and I do not want to strip these items from incoming messages. Any thoughts? Thanks, Ed Wallig From JeremyBlonde at grant.k12.ca.us Thu Jun 22 18:15:07 2006 From: JeremyBlonde at grant.k12.ca.us (Jeremy Blonde) Date: Thu Jun 22 18:17:42 2006 Subject: Postfix now times out?? Message-ID: I encountered a strange error today with my new MailScanner box that's been up and running for a few weeks. Postfix now times out when trying to send mail to the box. The machine still responds to smtp connections, but all of them timeout. The MailScanner and postfix processes are still running, the machine seems to store the message in the "incoming" folder, but doesn't close the connection after the ending ".". Does anyone have any ideas? Thanks, Jeremy Blonde Instructional Technology - Server Support Grant Joint Union School District From ka at pacific.net Thu Jun 22 18:35:10 2006 From: ka at pacific.net (Ken A) Date: Thu Jun 22 18:35:18 2006 Subject: [Fwd: Re: [dns-operations] negative caching of throwaway spam domains] Message-ID: <449AD4CE.7090401@pacific.net> Rick Wesson over at Alice's Registry has a dnsrbl listing recently registered domains (see below). I thought this might be of interest to SA users. Anyone used this, or other rbl with similar functions? Scoring? Accuracy? Thanks, Ken A Pacific.Net > -------- Original Message -------- > Subject: Re: [dns-operations] negative caching of throwaway spam domains > Date: Thu, 22 Jun 2006 09:39:24 -0700 > From: Rick Wesson > > I've created a DNSRBL called day-old-bread (ok you think of a good name > for it) that contains a running list of domains registered in the last 5 > days. It lives at dob.sibl.support-intelligence.net. > > a test point is at > test.dob.sibl.support-intelligence.com.dob.sibl.support-intelligence.net. > > the data set currently has just the last 2 days worth of domain > registrations. > > The run rate will be around 5M domains for 5 days worth of registrations. > > I appreciate any thoughts on how useful this might be, and feel free to > let others know the lists exists. From drew at themarshalls.co.uk Thu Jun 22 19:01:33 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Thu Jun 22 19:01:41 2006 Subject: Postfix now times out?? In-Reply-To: References: Message-ID: On 22 Jun 2006, at 18:15, Jeremy Blonde wrote: > I encountered a strange error today with my new MailScanner box that's > been up and running for a few weeks. > > Postfix now times out when trying to send mail to the box. The > machine > still responds to smtp connections, but all of them timeout. The > MailScanner and postfix processes are still running, the machine seems > to store the message in the "incoming" folder, but doesn't close the > connection after the ending ".". > > Does anyone have any ideas? What have you got in your logs? This could well be a DNS issue or some thing else but the logs should give some clues. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From Richard.Frovarp at sendit.nodak.edu Thu Jun 22 19:05:13 2006 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Thu Jun 22 19:05:16 2006 Subject: what rules do you use with RDJ? In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15014F22F8@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15014F22F8@woodenex.woodmaclaw.local> Message-ID: <449ADBD9.3080702@sendit.nodak.edu> Billy A. Pumphrey wrote: >>Top posting so sue me :) Why do you have the SARE_HTML's listed twice? >> >>Billy A. Pumphrey wrote: >> >> >>>My updated list of rdj rules: >>> >>>TRUSTED_RULESETS=" >>>BOGUSVIRUS >>>RANDOMVAL >>>SARE_ADULT >>>SARE_BAYES_POISON_NXM >>>SARE_BML >>>SARE_CODING >>>SARE_EVILNUMBERS0 >>>SARE_EVILNUMBERS1 >>>SARE_EVILNUMBERS2 >>>SARE_FRAUD >>>SARE_GENLSUBJ0 >>>SARE_GENLSUBJ1 >>>SARE_GENLSUBJ2 >>>SARE_GENLSUBJ3 >>>SARE_HEADER >>>SARE_HEADER0 >>>SARE_HEADER1 >>>SARE_HTML0 >>>SARE_HTML1 >>>SARE_HTML2 >>>SARE_HTML3 >>>SARE_HTML0 >>>SARE_HTML1 >>>SARE_HTML2 >>>SARE_HTML3 >>>SARE_OBFU >>>SARE_OEM >>>SARE_RANDOM >>>SARE_REDIRECT_POST300 >>>SARE_SPAMCOP_TOP200 >>>SARE_SPECIFIC >>>SARE_SPOOF >>>SARE_STOCKS >>>SARE_UNSUB >>>SARE_URI >>>SARE_URI_ENG >>>SARE_URI0 >>>SARE_URI1 >>>SARE_URI3 >>>SARE_WHITELIST_SPF >>>SARE_WHITELIST_RCVD >>>TRIPWIRE >>>" >>> >>> >>> > >Good question! I will take them out, after I go to the court house and >file a order to sue you for top posting ha. > > > > You might want to check URI and HEADER as I think those contain the numbered version of the files as well. From MailScanner at ecs.soton.ac.uk Thu Jun 22 19:14:20 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 22 19:14:40 2006 Subject: MailScanner Install Script In-Reply-To: <449A909A.B662.0038.0@tac.esi.net> References: <449A909A.B662.0038.0@tac.esi.net> Message-ID: Dare I ask what you are actually talking about? On Thu22 Jun 06, at 17:43, Chris Hammond wrote: > I setup a subversion repository using a VMware VM called Vastbox on my > home machine and have been working with a fellow MailScanner user and > many changes have been made to the script. Brad is doing a full > install run > on the script that he has and if all goes well, another major > commit will > happen today hopefully and I will put it online. If anyone else > has made > changes to the script, please let me know as I would like to add > these changes > if possible. Since it is GLP you don't necessarily have to but it > would be > appreciated. > > Since the repo is in a VM on my main machine, I don't want to put > out the IP > yet until I am comfortable that can not be taken advantage of but > those that > have changed they would like to add to the script, I will give > access to the > repo. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From michele at blacknight.ie Thu Jun 22 19:27:42 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Thu Jun 22 19:27:44 2006 Subject: MailScanner Install Script In-Reply-To: References: <449A909A.B662.0038.0@tac.esi.net> Message-ID: <449AE11E.5040105@blacknight.ie> Julian Field wrote: > Dare I ask what you are actually talking about? I think he posted the script a few days ago -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From chris at tac.esi.net Thu Jun 22 19:40:28 2006 From: chris at tac.esi.net (Chris Hammond) Date: Thu Jun 22 19:40:41 2006 Subject: MailScanner Install Script In-Reply-To: References: <449A909A.B662.0038.0@tac.esi.net> Message-ID: <449AAC03.B662.0038.0@tac.esi.net> It is a script that when run on a base install of CentOS 4 automates the entire install and setup of MailScanner, Mailwatch and other supporting programs and when complete, you have a fully functional antispam/antivirus server. Chris >>> Julian Field 06/22/06 2:14 PM >>> Dare I ask what you are actually talking about? On Thu22 Jun 06, at 17:43, Chris Hammond wrote: > I setup a subversion repository using a VMware VM called Vastbox on my > home machine and have been working with a fellow MailScanner user and > many changes have been made to the script. Brad is doing a full > install run > on the script that he has and if all goes well, another major > commit will > happen today hopefully and I will put it online. If anyone else > has made > changes to the script, please let me know as I would like to add > these changes > if possible. Since it is GLP you don't necessarily have to but it > would be > appreciated. > > Since the repo is in a VM on my main machine, I don't want to put > out the IP > yet until I am comfortable that can not be taken advantage of but > those that > have changed they would like to add to the script, I will give > access to the > repo. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jethro.binks at strath.ac.uk Thu Jun 22 21:08:49 2006 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Thu Jun 22 21:08:53 2006 Subject: Filename problem In-Reply-To: References: Message-ID: <20060622203611.I5393@defjam.cc.strath.ac.uk> On Thu, 22 Jun 2006, Scott Silva wrote: > You need to look in the logs to get more detail, as the filename in the > response message is "sanitized", and the real name could be much longer. Well there's the thing. I recall Julian saying reasonably recently that it wasn't possible to put the "real" or "original" filename in any logs _without_ sanitising it -- for obvious reasons. Which often makes it difficult to enter into a discussion with the user about the nature of the original filename, other than guesswork. Jethro. > I have added the code for the message ID in all my reports to make it > easier to find the message in the logs. > > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From MailScanner at ecs.soton.ac.uk Thu Jun 22 21:28:45 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 22 21:29:01 2006 Subject: Filename problem In-Reply-To: <20060622203611.I5393@defjam.cc.strath.ac.uk> References: <20060622203611.I5393@defjam.cc.strath.ac.uk> Message-ID: <689C2B4E-370E-495D-B759-AFA7C137455A@ecs.soton.ac.uk> On Thu22 Jun 06, at 21:08, Jethro R Binks wrote: > On Thu, 22 Jun 2006, Scott Silva wrote: > >> You need to look in the logs to get more detail, as the filename >> in the >> response message is "sanitized", and the real name could be much >> longer. > > Well there's the thing. I recall Julian saying reasonably recently > that > it wasn't possible to put the "real" or "original" filename in any > logs > _without_ sanitising it -- for obvious reasons. Which often makes it > difficult to enter into a discussion with the user about the nature > of the > original filename, other than guesswork. > > Jethro. That is indeed a problem. But the alternative is someone embedding nasty things in a filename for an attachment knowing full well that all their text will get inserted into an email message. If they can put a virus in the Subject: line (which can be done) then this is child's play. Fancy a very long filename causing a stack overflow in your syslogd to exploit a vulnerability resulting in arbitrary code execution? Didn't think so. So I don't ever store any unsanitised data anywhere. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From dave.list at pixelhammer.com Thu Jun 22 21:31:02 2006 From: dave.list at pixelhammer.com (DAve) Date: Thu Jun 22 21:31:14 2006 Subject: Always Looked Up Last Message-ID: <449AFE06.6070402@pixelhammer.com> I got hit this morning with an issue where the MailWatch logging script failed and MailScanner ground to a halt. Is there a way I can make MailScanner ignore a failure to load a CustomFunction and continue on? The error in the logs was, Jun 22 10:42:19 avhost1 MailScanner[90509]: Could not use Custom Function code MailScanner::CustomConfig::InitMailWatchLogging, it could not be "eval"ed. Make sure the module is correct with perl -wc Not done troubleshooting yet, the system has been running 18 days so I know that MS has restarted, no changes have been made in that time either. I've confirmed that DBI is working with a short per script, so I don't believe that is the issue. If MailScanner would have just stopped loading MailWatch.pm and continued as normal (Always Looked Up Last = no) I would be in a better place right now. I'll take a look at it, but I'm a Perl >= Bash guy, no real experience with Perl in the application area. I could use a leg up. Thanks, DAve PS. Julian, my feature request for MS would be that it passes over third party functions that fail to load ;^) -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From naolson at gmail.com Thu Jun 22 21:46:50 2006 From: naolson at gmail.com (Nathan Olson) Date: Thu Jun 22 21:46:55 2006 Subject: Always Looked Up Last In-Reply-To: <449AFE06.6070402@pixelhammer.com> References: <449AFE06.6070402@pixelhammer.com> Message-ID: <8f54b4330606221346n6a98a046x153ea027351fff91@mail.gmail.com> Trap the exception thrown by the eval and soldier on. Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060622/9e0b5c90/attachment.html From MailScanner at ecs.soton.ac.uk Thu Jun 22 22:05:29 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 22 22:06:51 2006 Subject: Always Looked Up Last In-Reply-To: <449AFE06.6070402@pixelhammer.com> References: <449AFE06.6070402@pixelhammer.com> Message-ID: <945E7606-0FFA-4B54-93A3-88AAE5B5CEA1@ecs.soton.ac.uk> Around line 815 on Config.pm, just after the line that logs the warning "Make sure the module is correct", add this: $StaticScalars{$key} = $Defaults{$key}; That should force it to replace the Custom Function with the default value instead, so calls to the Custom Function should be replaced by a simple lookup. Give it a go and let me know if it helps. On Thu22 Jun 06, at 21:31, DAve wrote: > I got hit this morning with an issue where the MailWatch logging > script failed and MailScanner ground to a halt. Is there a way I > can make MailScanner ignore a failure to load a CustomFunction and > continue on? > > The error in the logs was, > Jun 22 10:42:19 avhost1 MailScanner[90509]: Could not use Custom > Function code MailScanner::CustomConfig::InitMailWatchLogging, it > could not be "eval"ed. Make sure the module is correct with perl -wc > > Not done troubleshooting yet, the system has been running 18 days > so I know that MS has restarted, no changes have been made in that > time either. I've confirmed that DBI is working with a short per > script, so I don't believe that is the issue. > > If MailScanner would have just stopped loading MailWatch.pm and > continued as normal (Always Looked Up Last = no) I would be in a > better place right now. > > I'll take a look at it, but I'm a Perl >= Bash guy, no real > experience with Perl in the application area. I could use a leg up. > > Thanks, > > DAve > > PS. Julian, my feature request for MS would be that it passes over > third party functions that fail to load ;^) > > -- > Three years now I've asked Google why they don't have a > logo change for Memorial Day. Why do they choose to do logos > for other non-international holidays, but nothing for > Veterans? > > Maybe they forgot who made that choice possible. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From JeremyBlonde at grant.k12.ca.us Thu Jun 22 22:38:34 2006 From: JeremyBlonde at grant.k12.ca.us (Jeremy Blonde) Date: Thu Jun 22 22:39:30 2006 Subject: Postfix now times out?? Message-ID: Thanks for the reply Drew. It's now working again, but why and how I have no idea. I had to modify the postfix configuration file and then undo the change besides reboot the machine a few times. After that it started working again. Strange. Thanks, Jeremy Blonde Instructional Technology - Server Support Grant Joint Union School District -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Drew Marshall Sent: Thursday, June 22, 2006 11:02 AM To: MailScanner discussion Subject: Re: Postfix now times out?? On 22 Jun 2006, at 18:15, Jeremy Blonde wrote: > I encountered a strange error today with my new MailScanner box that's > been up and running for a few weeks. > > Postfix now times out when trying to send mail to the box. The > machine still responds to smtp connections, but all of them timeout. > The MailScanner and postfix processes are still running, the machine > seems to store the message in the "incoming" folder, but doesn't close > the connection after the ending ".". > > Does anyone have any ideas? What have you got in your logs? This could well be a DNS issue or some thing else but the logs should give some clues. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From dave.list at pixelhammer.com Thu Jun 22 22:58:26 2006 From: dave.list at pixelhammer.com (DAve) Date: Thu Jun 22 22:58:37 2006 Subject: Always Looked Up Last In-Reply-To: <945E7606-0FFA-4B54-93A3-88AAE5B5CEA1@ecs.soton.ac.uk> References: <449AFE06.6070402@pixelhammer.com> <945E7606-0FFA-4B54-93A3-88AAE5B5CEA1@ecs.soton.ac.uk> Message-ID: <449B1282.9020706@pixelhammer.com> Julian Field wrote: > Around line 815 on Config.pm, just after the line that logs the warning > "Make sure the module is correct", add this: > $StaticScalars{$key} = $Defaults{$key}; > That should force it to replace the Custom Function with the default > value instead, so calls to the Custom Function should be replaced by a > simple lookup. > > Give it a go and let me know if it helps. It doesn't cause any additional problems. Currently I cannot get the error to duplicate so I am unsure if it is a fix at this point. I should be able to something and see if it solve the problem. Still I can't duplicate the error from the log, nor can I get MailWatchLogging to work. I got Steve on the MW list now, but I'm tired and frustrated, and at least the mail is flowing now. DAve > > On Thu22 Jun 06, at 21:31, DAve wrote: > >> I got hit this morning with an issue where the MailWatch logging >> script failed and MailScanner ground to a halt. Is there a way I can >> make MailScanner ignore a failure to load a CustomFunction and >> continue on? >> >> The error in the logs was, >> Jun 22 10:42:19 avhost1 MailScanner[90509]: Could not use Custom >> Function code MailScanner::CustomConfig::InitMailWatchLogging, it >> could not be "eval"ed. Make sure the module is correct with perl -wc >> >> Not done troubleshooting yet, the system has been running 18 days so I >> know that MS has restarted, no changes have been made in that time >> either. I've confirmed that DBI is working with a short per script, so >> I don't believe that is the issue. >> >> If MailScanner would have just stopped loading MailWatch.pm and >> continued as normal (Always Looked Up Last = no) I would be in a >> better place right now. >> >> I'll take a look at it, but I'm a Perl >= Bash guy, no real experience >> with Perl in the application area. I could use a leg up. >> >> Thanks, >> >> DAve >> >> PS. Julian, my feature request for MS would be that it passes over >> third party functions that fail to load ;^) >> >> --Three years now I've asked Google why they don't have a >> logo change for Memorial Day. Why do they choose to do logos >> for other non-international holidays, but nothing for >> Veterans? >> >> Maybe they forgot who made that choice possible. >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > --Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From wizard at jimhermann.com Fri Jun 23 02:51:49 2006 From: wizard at jimhermann.com (Jim Hermann) Date: Fri Jun 23 02:52:00 2006 Subject: SPF SOFTFAIL not working properly Message-ID: <09c301c69667$9a8c6d50$9801a8c0@Dual> Is anyone else seeing incorrect SPF_SOFTMAIL false positives? Here is an example that I was able to isolate to a test file. The debug looks like this: [28763] dbg: spf: checking EnvelopeFrom (helo=BABY, ip=125.214.61.195, envfrom=marileestewart@relmaxtop.com) [28763] dbg: spf: query for marileestewart@relmaxtop.com/125.214.61.195/BABY: result: softfail, comment: [28763] dbg: plugin: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x9880c54)) [28763] dbg: rules: ran eval rule SPF_SOFTFAIL ======> got hit Headers: >From marileestewart@relmaxtop.com Mon Jun 19 00:44:04 2006 Return-Path: Received: from host.uuserver.net (root@localhost) by xxxx.org (8.12.11/8.12.11) with ESMTP id k5I8573c022877 for ; Sun, 18 Jun 2006 03:05:08 -0500 X-ClientAddr: 125.214.61.195 Received: from BABY ([125.214.61.195]) by host.uuserver.net (8.12.11/8.12.11) with ESMTP id k5I84QuC026169 for ; Sun, 18 Jun 2006 03:04:28 -0500 Report has this: pts rule name description ---- ---------------------- ----------------------------------------- 0.5 PLING_QUERY Subject has exclamation mark and question mark 1.4 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) [SPF failed: ] From dave.list at pixelhammer.com Fri Jun 23 03:38:57 2006 From: dave.list at pixelhammer.com (DAve) Date: Fri Jun 23 03:39:11 2006 Subject: Always Looked Up Last In-Reply-To: <945E7606-0FFA-4B54-93A3-88AAE5B5CEA1@ecs.soton.ac.uk> References: <449AFE06.6070402@pixelhammer.com> <945E7606-0FFA-4B54-93A3-88AAE5B5CEA1@ecs.soton.ac.uk> Message-ID: <449B5441.6080504@pixelhammer.com> Julian Field wrote: > Around line 815 on Config.pm, just after the line that logs the warning > "Make sure the module is correct", add this: > $StaticScalars{$key} = $Defaults{$key}; > That should force it to replace the Custom Function with the default > value instead, so calls to the Custom Function should be replaced by a > simple lookup. > > Give it a go and let me know if it helps. > Julian, That appears to be a good fix. I duplicated the problem and I can see messages flowing through the the outbound queue after applying your change. So if this happens again at least the mail will not stop. Thank you, very much. Below is what I sent to the MW list describing what I found. Any additional input is welcomed. It's been another sysadmin kinda day, time to sleep. ----------------------------------------- MailScanner in debug mode shows no errors. Poking around in MailWatch.pm it would seem like InitConnection was failing. Adding some logging showed exactly that. So I shut down MailScanner and checked, sure enough netstat shows I have a listener on 127.0.0.1.11553. I changed $server_port to 21553 and logging is started up! The question remains what is listening on port 11553, and why is it there? #sockstat | grep 11553 root perl5.8. 90509 7 tcp4 127.0.0.1:11553 *:* root perl5.8. 90509 9 tcp4 127.0.0.1:1145 127.0.0.1:11553 #ps -ax | grep 90509 bash-2.05b# ps -ax | grep 90509 90509 ?? S 0:08.96 MailScanner: finishing batch (perl5.8.8) So do I have an orphaned MailScanner child? A runaway MailWatch listener? It's now over my head. I did not stop it yet in case someone has a magical command to make it provide us with more information. Oddly, both servers suffered the same issue within an hour of each other, and both servers show the same state. ---------------------------------------------- DAve > On Thu22 Jun 06, at 21:31, DAve wrote: > >> I got hit this morning with an issue where the MailWatch logging >> script failed and MailScanner ground to a halt. Is there a way I can >> make MailScanner ignore a failure to load a CustomFunction and >> continue on? >> >> The error in the logs was, >> Jun 22 10:42:19 avhost1 MailScanner[90509]: Could not use Custom >> Function code MailScanner::CustomConfig::InitMailWatchLogging, it >> could not be "eval"ed. Make sure the module is correct with perl -wc >> >> Not done troubleshooting yet, the system has been running 18 days so I >> know that MS has restarted, no changes have been made in that time >> either. I've confirmed that DBI is working with a short per script, so >> I don't believe that is the issue. >> >> If MailScanner would have just stopped loading MailWatch.pm and >> continued as normal (Always Looked Up Last = no) I would be in a >> better place right now. >> >> I'll take a look at it, but I'm a Perl >= Bash guy, no real experience >> with Perl in the application area. I could use a leg up. >> >> Thanks, >> >> DAve >> >> PS. Julian, my feature request for MS would be that it passes over >> third party functions that fail to load ;^) >> -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From n3dlinux at gmail.com Fri Jun 23 05:26:00 2006 From: n3dlinux at gmail.com (den gon) Date: Fri Jun 23 05:26:07 2006 Subject: MailScanner Error Message-ID: Hello to Everyone! I'm new with this list. We're using MailScanner for a less than a year. Our current configuration are the following; MailScanner-4.42.9-1, SpamAssassin Server version 3.1.0 and clamav-0.88. I would like to ask if the message below is valid or not. As of my maillogs, it was more than 700,000 times appeared for a month starting May 2006 to present. Jun 23 12:11:06 genesis MailScanner[2554]: New Batch: Found invalid queue files: k4PDHq2B021381 Jun 23 12:11:06 genesis MailScanner[2554]: New Batch: Found 18 messages waiting Jun 23 12:11:06 genesis MailScanner[2554]: New Batch: Scanning 1 messages, 1915 bytes Thanks! Dennis -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060623/8c325876/attachment.html From mike at vesol.com Fri Jun 23 05:32:01 2006 From: mike at vesol.com (Mike Kercher) Date: Fri Jun 23 05:32:16 2006 Subject: MailScanner Error In-Reply-To: Message-ID: I'd look at the timestamp on the file. Obviously, MailScanner doesn't want to deal with it. If it's THAT old, I'd just delete it. Mike ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of den gon Sent: Thursday, June 22, 2006 11:26 PM To: mailscanner@lists.mailscanner.info Subject: MailScanner Error Hello to Everyone! I'm new with this list. We're using MailScanner for a less than a year. Our current configuration are the following; MailScanner-4.42.9-1, SpamAssassin Server version 3.1.0 and clamav-0.88. I would like to ask if the message below is valid or not. As of my maillogs, it was more than 700,000 times appeared for a month starting May 2006 to present. Jun 23 12:11:06 genesis MailScanner[2554]: New Batch: Found invalid queue files: k4PDHq2B021381 Jun 23 12:11:06 genesis MailScanner[2554]: New Batch: Found 18 messages waiting Jun 23 12:11:06 genesis MailScanner[2554]: New Batch: Scanning 1 messages, 1915 bytes Thanks! Dennis From rajlinux at gmail.com Fri Jun 23 08:00:55 2006 From: rajlinux at gmail.com (Raj) Date: Fri Jun 23 08:00:57 2006 Subject: can we block mails with perticular subject line In-Reply-To: <912a0c6a0606210505w3410e02bmd24d396c681f0332@mail.gmail.com> References: <912a0c6a0606210505w3410e02bmd24d396c681f0332@mail.gmail.com> Message-ID: <912a0c6a0606230000p37abf248k17422a5298d65344@mail.gmail.com> Hi everyone. really thx for your replays, I think i found the solution to block or redirect the mails with particular words in the subject line. STICK TO THE BASICS GUYS.............! YES ......It is possible on sendmail. i used scripts on MDA( message deliver agent) which is procmail on my sendmail. I will explain how, May some one can benefit out this. I made a simple script inside ~/.procmailrc on each user. :0 * ^Subject:.*\fuck $MAILDIR/mail/SPAM :0 * ^Subject:.*\sex $MAILDIR/mail/SPAM This will move mails with fuck & sex on the subject line from inbox to SPAM folder for each user in the sendmail.There are many thing possible on procmail you can even send these mails to any other user as if mailscanner is sending a warning to a superuser. for that u have to give :0 * ^Subject:.*fuck { :0 c !trackspam@pun.softspins.com } where fuck is the bad word & trackspam is the user to monitor the mails. by carefully inspecting procmail many things are possible , u can even manipulate mails with words in the message body or perticular attachment and so on. so try your own scripts which suites your company & infrastructure. But still i am facing some problem, what happened is i got nearly 80 users & if i want to implement this i have to copy these files to all home directory on each & every user. The same scripts didn't worked when i put inside /etc/procmailrc. I am trying to find a solution, if any one got please help me out. On 6/21/06, Raj wrote: > Can we block any particular subject line in MailScanner > i mean if subject have words like Viagra, sex, fuck etc.. can we block them ? > MailScanner is working very well blocking with extension like *.exe. > > I am facing too many problem with spams these days. Some time > spamassassin fails to recognise the spams. So can we block them with > its subject line. > > it is possible on qmail by QTRAP. it blockes mails with customised words. > > i gone through docs of MS, But fails to find such function out of it. > If this is possible on MS that will be great. > > > > -- > Regards > Rajeev Sekhar > ph 9822751120 > -- Regards Rajeev Sekhar ph 9822751120 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060623/665301b5/attachment.html From febrianto at sioenasia.com Fri Jun 23 09:17:15 2006 From: febrianto at sioenasia.com (Budi Febrianto) Date: Fri Jun 23 09:13:14 2006 Subject: MailScanner reload: no such process In-Reply-To: <912a0c6a0606230000p37abf248k17422a5298d65344@mail.gmail.com> Message-ID: Hi, I don't know when, maybe this week... but everytime I do service MailScanner reload, it always return: Reloading MailScanner workers: MailScanner: kill -22598: No such process [ OK ] So to make sure I run Service MailScanner stop; Service MailScanner start. I'm using mailscanner 4.52.2-1 Best Regards From glenn.steen at gmail.com Fri Jun 23 09:38:08 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 23 09:38:12 2006 Subject: Filename problem In-Reply-To: <689C2B4E-370E-495D-B759-AFA7C137455A@ecs.soton.ac.uk> References: <20060622203611.I5393@defjam.cc.strath.ac.uk> <689C2B4E-370E-495D-B759-AFA7C137455A@ecs.soton.ac.uk> Message-ID: <223f97700606230138g70bc4252vefda018825150772@mail.gmail.com> On 22/06/06, Julian Field wrote: > On Thu22 Jun 06, at 21:08, Jethro R Binks wrote: > > > On Thu, 22 Jun 2006, Scott Silva wrote: > > > >> You need to look in the logs to get more detail, as the filename > >> in the > >> response message is "sanitized", and the real name could be much > >> longer. > > > > Well there's the thing. I recall Julian saying reasonably recently > > that > > it wasn't possible to put the "real" or "original" filename in any > > logs > > _without_ sanitising it -- for obvious reasons. Which often makes it > > difficult to enter into a discussion with the user about the nature > > of the > > original filename, other than guesswork. > > > > Jethro. > > That is indeed a problem. But the alternative is someone embedding > nasty things in a filename for an attachment knowing full well that > all their text will get inserted into an email message. If they can > put a virus in the Subject: line (which can be done) then this is > child's play. > Fancy a very long filename causing a stack overflow in your syslogd > to exploit a vulnerability resulting in arbitrary code execution? > Didn't think so. > > So I don't ever store any unsanitised data anywhere. > Very sound thinking. Could one have the actual byte count in the log though? "original lenght: .... bytes"? Would perhaps simplify the "discussions" with the users...:-). (Or is that already done? I'm "preparing" for the traditional midsummers eve celebrations, so don't really have my heaqd turned on:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Fri Jun 23 09:57:53 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 23 09:58:21 2006 Subject: Always Looked Up Last In-Reply-To: <449B5441.6080504@pixelhammer.com> References: <449AFE06.6070402@pixelhammer.com> <945E7606-0FFA-4B54-93A3-88AAE5B5CEA1@ecs.soton.ac.uk> <449B5441.6080504@pixelhammer.com> Message-ID: On 23 Jun 2006, at 03:38, DAve wrote: > Julian Field wrote: >> Around line 815 on Config.pm, just after the line that logs the >> warning "Make sure the module is correct", add this: >> $StaticScalars{$key} = $Defaults{$key}; >> That should force it to replace the Custom Function with the >> default value instead, so calls to the Custom Function should be >> replaced by a simple lookup. >> Give it a go and let me know if it helps. > > Julian, > That appears to be a good fix. I duplicated the problem and I can > see messages flowing through the the outbound queue after applying > your change. So if this happens again at least the mail will not stop. > > Thank you, very much. Wonderful news. This will be in the next release. -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From drew at themarshalls.co.uk Fri Jun 23 10:44:53 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Jun 23 10:45:35 2006 Subject: Postfix now times out?? In-Reply-To: References: Message-ID: <52072.194.70.180.170.1151055893.squirrel@webmail.r-bit.net> On Thu, June 22, 2006 22:38, Jeremy Blonde wrote: > Thanks for the reply Drew. > > It's now working again, but why and how I have no idea. I had to modify > the postfix configuration file and then undo the change besides reboot > the machine a few times. After that it started working again. Strange. No worries. Having done all that, it still could have been anything as the re-boots will have restarted any failed services (Such as named). I would still just haul out the maillog and have a look at the time it all failed as there is a good chance your problem will re-appear the same way it mysteriously disappeared. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From ttaylor20060622 at duh.net Fri Jun 23 12:59:59 2006 From: ttaylor20060622 at duh.net (Travis Taylor) Date: Fri Jun 23 13:01:31 2006 Subject: OT: DOS attack using RSET commands? Message-ID: <200606231200.k5NBxxbA010434@MX1.otherbbs.com> Apologies about multiple posts, but appears my postings are not making it to the mailing list. Anyone else noticing a large surge in number of clients/connections issuing repetitive RSET commands when the connection is permanently or temporarily rejected? The majority of the connections appear to originate from the RIPE and APNIC netspace. It is getting to the point where the load is 3 times normal and email delivery to us is extremely slow due to the large number of repetitive open connections. Anyone have similar issues? -- Travis Taylor Unified School District 373 From martinh at solid-state-logic.com Fri Jun 23 13:41:34 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Jun 23 13:41:54 2006 Subject: DOS attack using RSET commands? In-Reply-To: <200606231200.k5NBxxbA010434@MX1.otherbbs.com> Message-ID: <00da01c696c2$5c5a9560$3004010a@martinhlaptop> Travis Seeing a lot of these I wasn't seeing before... (in Exim) SMTP protocol violation: synchronization error (input sent without waiting for greeting): rejected connection about 25% of my reject log is this rubbish, don't recall seeing this before. And I only reject on unknown user for that connection..I don't use any access list on the MTA. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Travis Taylor > Sent: 23 June 2006 13:00 > To: mailscanner@lists.mailscanner.info > Subject: OT: DOS attack using RSET commands? > > Apologies about multiple posts, but appears my postings are not making > it to the mailing list. > > Anyone else noticing a large surge in number of clients/connections > issuing repetitive RSET commands when the connection is permanently or > temporarily rejected? > > The majority of the connections appear to originate from the RIPE and > APNIC netspace. It is getting to the point where the load is 3 times > normal and email delivery to us is extremely slow due to the large > number of repetitive open connections. Anyone have similar issues? > > -- > Travis Taylor > Unified School District 373 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From samp at arial-concept.com Fri Jun 23 14:24:25 2006 From: samp at arial-concept.com (Sam Przyswa) Date: Fri Jun 23 14:24:36 2006 Subject: RegEx in whitelist Message-ID: <449BEB89.6090900@arial-concept.com> Hi, I tried to put this line in my spam.whitelist.rules file: From: smtp*.free.fr yes But the smtp5-g19.free.fr is not whitelisted !? What is the right way accept all the smtp*-g*.free.fr machine ? Sam. -- Sam Przyswa - Chef de projet Arial Concept - Int?grateur Internet 36, rue de Turin - 75008 - Paris - France Tel: 01 40 54 86 04 - 0870 444 596 - Fax: 01 40 54 83 01 Skype ID: arial-concept Web: http://www.arial-concept.com - Email: Info@arial-concept.com -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. From shuttlebox at gmail.com Fri Jun 23 14:37:47 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Jun 23 14:37:50 2006 Subject: RegEx in whitelist In-Reply-To: <449BEB89.6090900@arial-concept.com> References: <449BEB89.6090900@arial-concept.com> Message-ID: <625385e30606230637r491a1e1bm710e8fb291b93bb1@mail.gmail.com> On 6/23/06, Sam Przyswa wrote: > What is the right way accept all the smtp*-g*.free.fr machine ? This should work: smtp.*-g.*\.free\.fr It can be done many ways. -- /peter From MailScanner at ecs.soton.ac.uk Fri Jun 23 14:51:47 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 23 14:52:00 2006 Subject: RegEx in whitelist In-Reply-To: <625385e30606230637r491a1e1bm710e8fb291b93bb1@mail.gmail.com> References: <449BEB89.6090900@arial-concept.com> <625385e30606230637r491a1e1bm710e8fb291b93bb1@mail.gmail.com> Message-ID: <7A9DA6DD-D04D-4D1D-B1C2-D88C42DB7120@ecs.soton.ac.uk> On 23 Jun 2006, at 14:37, shuttlebox wrote: > On 6/23/06, Sam Przyswa wrote: >> What is the right way accept all the smtp*-g*.free.fr machine ? > > This should work: > > smtp.*-g.*\.free\.fr > > It can be done many ways. If you really want to use a regex, then just surround with regex with "/" characters and you can use all the regex features that Perl has (which is a lot!). So /@smtp.*-g.*\.free\.fr/ should do the trick if you prefer working with regexes. -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From wizard at jimhermann.com Fri Jun 23 14:59:08 2006 From: wizard at jimhermann.com (wizard@jimhermann.com) Date: Fri Jun 23 14:57:35 2006 Subject: Truncated $longreport Message-ID: <8645.12.34.40.218.1151071148.squirrel@www.jimhermann.com> Why does the longreport get truncated sometimes? It appears to have something to do with the percent sign in the rule description. In the example below, the percent sign at the end of the BAYES_50 description has been replaced with the word uppercase, which is the last part AFTER the percent sign in the UPPERCASE_25_50 description. For example: Message Header has: X-UUN-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=6.143, required 5, BAYES_50 2.60, HTML_FONT_INVISIBLE 0.80, HTML_MESSAGE 0.00, HTML_TINY_FONT 2.32, RAZOR2_CF_RANGE_00_01 0.01, SARE_SPEC_LEO_LINE03a 0.41, UPPERCASE_25_50 0.00) Message body has: pts rule name description ---- ---------------------- ----------------------------------------- 0.8 HTML_FONT_INVISIBLE BODY: HTML font color is same as background 0.0 HTML_MESSAGE BODY: HTML included in message 2.6 BAYES_50 BODY: Bayesian spam probability is 40 to 60 uppercase ----- End of MailScanner report I added the last line to my inline.spam.warning.txt file, so that I could see if the entire message was truncated or just the longreport. From mstandish at gmail.com Fri Jun 23 15:28:57 2006 From: mstandish at gmail.com (Matt Standish) Date: Fri Jun 23 15:29:00 2006 Subject: Input/Output Error Message-ID: <39e688060606230728i171be7d9rbe56e67d39d54370@mail.gmail.com> Hello all. After running Mailscanner for a while (I haven't been able to find a constant variable) MailScanner (postfix) stops delivering or receiving mail. I receive an Input/Output error whenever I type a command at the terminal and I am forced to reboot. I am thinking I am either running too many processes or opening to many files. Anyone know a kernel variable I can try and set? I am running Suse 10.0 MailScanner 4.53.6-1 Postfix 2.2.5 SA 3.1.0 ClamAV 0.88 Bind is running for local caching I am using just the database logging portion of MailWatch I have a ram drive at /var/spool/MailScanner/incoming The server is a Dual PIV 1.8Ghz Xeon 4G Ram 120G RAID 5 (SCSI 10k RPM) (ReiserFS) I havce nothing in /var/log/messages, which I am assuming is because the file system can't be written too. -- Matt Standish MSN Messenger: mps_@hotmail.com Yahoo Messenger: mattstandish@yahoo.com Google Talk: mstandish From dhawal at netmagicsolutions.com Fri Jun 23 15:45:32 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Jun 23 15:45:48 2006 Subject: Input/Output Error In-Reply-To: <39e688060606230728i171be7d9rbe56e67d39d54370@mail.gmail.com> References: <39e688060606230728i171be7d9rbe56e67d39d54370@mail.gmail.com> Message-ID: <449BFE8C.4050608@netmagicsolutions.com> Matt Standish wrote: > Hello all. > After running Mailscanner for a while (I haven't been able to find a > constant variable) MailScanner (postfix) stops delivering or receiving > mail. I receive an Input/Output error whenever I type a command at the > terminal and I am forced to reboot. I am thinking I am either running > too many processes or opening to many files. Anyone know a kernel > variable I can try and set? > I am running > Suse 10.0 > MailScanner 4.53.6-1 > Postfix 2.2.5 > SA 3.1.0 > ClamAV 0.88 > Bind is running for local caching > > I am using just the database logging portion of MailWatch > > I have a ram drive at /var/spool/MailScanner/incoming > > The server is a > Dual PIV 1.8Ghz Xeon > 4G Ram > 120G RAID 5 (SCSI 10k RPM) (ReiserFS) > > I havce nothing in /var/log/messages, which I am assuming is because > the file system can't be written too. An I/O error generally indicates that you either have a bad disk. It could also mean a bad memory chip (since you are using a ramdisk). Try using a remote syslog server for some time. 'dmesg' could give you a hint here.. see if your logs indicate anything. egrep 'error|fatal|panic' /var/log/mail* egrep 'error|fatal|panic' /var/log/messages Also check your system if it has been compromised.. - dhawal From marcelo at ciagri.usp.br Fri Jun 23 15:52:32 2006 From: marcelo at ciagri.usp.br (Marcelo Zacarias da Silva) Date: Fri Jun 23 15:48:26 2006 Subject: Input/Output Error In-Reply-To: <39e688060606230728i171be7d9rbe56e67d39d54370@mail.gmail.com> References: <39e688060606230728i171be7d9rbe56e67d39d54370@mail.gmail.com> Message-ID: <20060623145232.GA2051@qs.ciagri.usp.br> On Fri, Jun 23, 2006 at 10:28:57AM -0400, Matt Standish wrote: > Hello all. > After running Mailscanner for a while (I haven't been able to find a > constant variable) MailScanner (postfix) stops delivering or receiving > mail. I receive an Input/Output error whenever I type a command at the > terminal and I am forced to reboot. I am thinking I am either running > too many processes or opening to many files. Anyone know a kernel > variable I can try and set? > I am running > > Suse 10.0 > MailScanner 4.53.6-1 > Postfix 2.2.5 > SA 3.1.0 > ClamAV 0.88 > Bind is running for local caching > > I am using just the database logging portion of MailWatch > > I have a ram drive at /var/spool/MailScanner/incoming > > The server is a > Dual PIV 1.8Ghz Xeon > 4G Ram > 120G RAID 5 (SCSI 10k RPM) (ReiserFS) > > I havce nothing in /var/log/messages, which I am assuming is because > the file system can't be written too. > I had the same problem with an Adaptec 2200S SCSI RAID controller and the aacraid driver. The problem was (almost) solved with a firmware upgrade. -- Marcelo Zacarias da Silva - CIAGRI/USP / Fone: (19)3429-4532 GPG public key: http://www.ciagri.usp.br/~marcelo/marcelo.asc From mkettler at evi-inc.com Fri Jun 23 16:01:40 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Jun 23 16:01:52 2006 Subject: SPF SOFTFAIL not working properly In-Reply-To: <09c301c69667$9a8c6d50$9801a8c0@Dual> References: <09c301c69667$9a8c6d50$9801a8c0@Dual> Message-ID: <449C0254.3000400@evi-inc.com> Jim Hermann wrote: > > Is anyone else seeing incorrect SPF_SOFTMAIL false positives? >From the looks of it, you have a broken trust path. SA is deciding that host.uuserver.net is a part of your network, not an outside server. Usually this happens if xxxx.org is a mailserver that has a non-routable IP (ie: 10.*, 192.168.*, etc) and is static-map natted by an upstream router. To fix it you need to declare trusted_networks manually in your local.cf. see http://wiki.apache.org/spamassassin/TrustPath Note: this will also fix ALL_TRUSTED matching spam messages (which should never happen) as well as FPs on dialup RBLs. From ssilva at sgvwater.com Fri Jun 23 16:14:41 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 23 16:16:17 2006 Subject: can we block mails with perticular subject line In-Reply-To: <912a0c6a0606230000p37abf248k17422a5298d65344@mail.gmail.com> References: <912a0c6a0606210505w3410e02bmd24d396c681f0332@mail.gmail.com> <912a0c6a0606230000p37abf248k17422a5298d65344@mail.gmail.com> Message-ID: Raj spake the following on 6/23/2006 12:00 AM: > Hi everyone. > really thx for your replays, > > I think i found the solution to block or redirect the mails with > particular words in the subject line. > > STICK TO THE BASICS GUYS.............! > > YES ......It is possible on sendmail. > i used scripts on MDA( message deliver agent) which is procmail on my > sendmail. > > I will explain how, May some one can benefit out this. > > I made a simple script inside ~/.procmailrc on each user. > > :0 > * ^Subject:.*\fuck > $MAILDIR/mail/SPAM > > :0 > * ^Subject:.*\sex > $MAILDIR/mail/SPAM > > > This will move mails with fuck & sex on the subject line from inbox to > SPAM folder for each user in the sendmail.There are many thing possible > on procmail you can even send these mails to any other user as if > mailscanner is sending a warning to a superuser. > > for that u have to give > > :0 > * ^Subject:.*fuck > { > :0 c > !trackspam@ pun.softspins.com > > } > > where fuck is the bad word & trackspam is the user to monitor the mails. > > by carefully inspecting procmail many things are possible , u can even > manipulate mails with words in the message body or perticular attachment > and so on. > > so try your own scripts which suites your company & infrastructure. > > > But still i am facing some problem, what happened is i got nearly 80 > users & if i want to implement this i have to copy these files to all > home directory on each & every user. > The same scripts didn't worked when i put inside /etc/procmailrc. > > I am trying to find a solution, if any one got please help me out. > > > > On 6/21/06, Raj > wrote: >> Can we block any particular subject line in MailScanner >> i mean if subject have words like Viagra, sex, fuck etc.. can we block > them ? >> MailScanner is working very well blocking with extension like *.exe. >> >> I am facing too many problem with spams these days. Some time >> spamassassin fails to recognise the spams. So can we block them with >> its subject line. >> >> it is possible on qmail by QTRAP. it blockes mails with customised words. >> >> i gone through docs of MS, But fails to find such function out of it. >> If this is possible on MS that will be great. This doesn't block them in sendmail, it moves them after they are received. It isn't any different than having MailScanner take care of it. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Fri Jun 23 16:17:19 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 23 16:20:11 2006 Subject: Filename problem In-Reply-To: <689C2B4E-370E-495D-B759-AFA7C137455A@ecs.soton.ac.uk> References: <20060622203611.I5393@defjam.cc.strath.ac.uk> <689C2B4E-370E-495D-B759-AFA7C137455A@ecs.soton.ac.uk> Message-ID: Julian Field spake the following on 6/22/2006 1:28 PM: > On Thu22 Jun 06, at 21:08, Jethro R Binks wrote: > >> On Thu, 22 Jun 2006, Scott Silva wrote: >> >>> You need to look in the logs to get more detail, as the filename in the >>> response message is "sanitized", and the real name could be much longer. >> >> Well there's the thing. I recall Julian saying reasonably recently that >> it wasn't possible to put the "real" or "original" filename in any logs >> _without_ sanitising it -- for obvious reasons. Which often makes it >> difficult to enter into a discussion with the user about the nature of >> the >> original filename, other than guesswork. >> >> Jethro. > > That is indeed a problem. But the alternative is someone embedding nasty > things in a filename for an attachment knowing full well that all their > text will get inserted into an email message. If they can put a virus in > the Subject: line (which can be done) then this is child's play. > Fancy a very long filename causing a stack overflow in your syslogd to > exploit a vulnerability resulting in arbitrary code execution? Didn't > think so. > > So I don't ever store any unsanitised data anywhere. > I guess I wasn't clear enough. With the log info, you could look at the original message if you quarantine them and you could see what the original filename was supposed to be. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From samp at arial-concept.com Fri Jun 23 16:42:43 2006 From: samp at arial-concept.com (Sam Przyswa) Date: Fri Jun 23 16:42:54 2006 Subject: RegEx in whitelist In-Reply-To: <625385e30606230637r491a1e1bm710e8fb291b93bb1@mail.gmail.com> References: <449BEB89.6090900@arial-concept.com> <625385e30606230637r491a1e1bm710e8fb291b93bb1@mail.gmail.com> Message-ID: <449C0BF3.9030200@arial-concept.com> shuttlebox a ?crit : > On 6/23/06, Sam Przyswa wrote: > >> What is the right way accept all the smtp*-g*.free.fr machine ? > > > This should work: > > smtp.*-g.*\.free\.fr > > It can be done many ways. In fact a pure RegEx work as: From: smtp[\d]+-g[\d]+\.free\.fr yes Sure ? -- Sam Przyswa - Chef de projet Arial Concept - Int?grateur Internet 36, rue de Turin - 75008 - Paris - France Tel: 01 40 54 86 04 - 0870 444 596 - Fax: 01 40 54 83 01 Skype ID: arial-concept Web: http://www.arial-concept.com - Email: Info@arial-concept.com -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. From MailScanner at ecs.soton.ac.uk Fri Jun 23 16:52:14 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 23 16:52:44 2006 Subject: Beta release 4.55.6 Message-ID: <0DA7CD7F-0372-4E10-B61F-A04A42328FCF@ecs.soton.ac.uk> I have just released a new beta 4.55.6. New changes since the last beta are: - "--changed" or "-c" command-line option. This prints a table of the MailScanner.conf settings that are not the same as the default values hard-coded into MailScanner. Very useful for analysing setups and finding mistakes. - Better handling of broken Custom Functions. Trying to evaluate these will now just cause the setting to return its default value instead of breaking. Download from www.mailscanner.info/downloads.html as usual. The full Change Log is this: * New Features and Improvements * 1 Added educ.ar and uba.ar to country.domains.conf for less strict phishing net. 1 Code tidy up in Message constructor. 1 Speed improvements to ZMailer attachment extraction to keep up with the other MTAs. 1 "Log Speed = no" now does what it says on the tin. (UK in-joke :-) 1 Added "stopms" option to Linux init.d scripts. 1 Improved behaviour when %percentvars% at start of MailScanner.conf have not been configured at all. It now uses the fully-qualified hostname to guess the domain name and website address. It used to refuse to run which was very impolite. 1 Added Sys::Hostname::Long to list of required modules to implement the above. 2 Documentation rationalisation. Most up to date versions are all on the web. 3 Now output lock type in use with "--lint". 4 Improvement to Sophos.install for Sophos Version 5 so that email logging is disabled. 4 Now use syslog "notice" priority instead of "info" when issuing messages that are nearly warnings. This helps you drastically reduce the amount of syslog output by just logging priorities greater than or equal to "notice". 5 Added a "Contact Us" web page instead of just a mailto: link. 6 Improved Help guidance in Contact Us web page. 6 New command-line option: "-c" or "--changed". This will print out a table of all the configuration settings that have been changed from the default values hard-coded into MailScanner. Note this may not be quite the same as the differences from the supplied default MailScanner.conf file. 6 Updated hard-coded defaults to better match MailScanner.conf settings. 6 Improved handling of broken Custom Functions. Having a broken Custom Function will now just result in the setting's default value being used. * Fixes * 1 Put back in the checks of free disk space that were in 4.53.1 but then lost. 1 Fix in check_MailScanner for MacOSX. 3 Default lock type for sendmail is now posix, as it should be. 4 Fix to phishing net so that links to "www.domain.com." are accepted as legal. 6 Fixed problem with dangerous filenames in TNEF archives when using the external TNEF expander. -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From alex at nkpanama.com Fri Jun 23 16:52:42 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Jun 23 16:53:05 2006 Subject: can we block mails with perticular subject line In-Reply-To: <912a0c6a0606230000p37abf248k17422a5298d65344@mail.gmail.com> References: <912a0c6a0606210505w3410e02bmd24d396c681f0332@mail.gmail.com> <912a0c6a0606230000p37abf248k17422a5298d65344@mail.gmail.com> Message-ID: <449C0E4A.5030509@nkpanama.com> Raj wrote: > > But still i am facing some problem, what happened is i got nearly 80 > users & if i want to implement this i have to copy these files to all > home directory on each & every user. > The same scripts didn't worked when i put inside /etc/procmailrc. How about implementing a symlink? From samp at arial-concept.com Fri Jun 23 17:00:08 2006 From: samp at arial-concept.com (Sam Przyswa) Date: Fri Jun 23 17:00:21 2006 Subject: RegEx in whitelist In-Reply-To: <625385e30606230637r491a1e1bm710e8fb291b93bb1@mail.gmail.com> References: <449BEB89.6090900@arial-concept.com> <625385e30606230637r491a1e1bm710e8fb291b93bb1@mail.gmail.com> Message-ID: <449C1008.70000@arial-concept.com> shuttlebox a ?crit : > On 6/23/06, Sam Przyswa wrote: > >> What is the right way accept all the smtp*-g*.free.fr machine ? > > > This should work: > > smtp.*-g.*\.free\.fr From: smtp.*-g.*\.free\.fr yes Doesn't work with v4.41.3 !!! It only work with IP : From: 212.27.42. yes But it's to much... Sam. -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. From MailScanner at ecs.soton.ac.uk Fri Jun 23 17:01:07 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 23 17:01:35 2006 Subject: RegEx in whitelist In-Reply-To: <449C0BF3.9030200@arial-concept.com> References: <449BEB89.6090900@arial-concept.com> <625385e30606230637r491a1e1bm710e8fb291b93bb1@mail.gmail.com> <449C0BF3.9030200@arial-concept.com> Message-ID: <4445E471-4E60-4F6F-A102-6BA7F4C66E1F@ecs.soton.ac.uk> On 23 Jun 2006, at 16:42, Sam Przyswa wrote: > shuttlebox a ?crit : > >> On 6/23/06, Sam Przyswa wrote: >> >>> What is the right way accept all the smtp*-g*.free.fr machine ? >> >> >> This should work: >> >> smtp.*-g.*\.free\.fr >> >> It can be done many ways. > > > In fact a pure RegEx work as: > > From: smtp[\d]+-g[\d]+\.free\.fr yes > > Sure ? You should surround the regexp with "/" so that MailScanner recognises it properly and does not try to compile it into a regexp again. So use From: /smtp\d+-g\d+\.free\.fr/ yes instead. Your square brackets are completely superfluous. -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From shuttlebox at gmail.com Fri Jun 23 17:07:54 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Jun 23 17:07:57 2006 Subject: RegEx in whitelist In-Reply-To: <449C0BF3.9030200@arial-concept.com> References: <449BEB89.6090900@arial-concept.com> <625385e30606230637r491a1e1bm710e8fb291b93bb1@mail.gmail.com> <449C0BF3.9030200@arial-concept.com> Message-ID: <625385e30606230907h2c53b217h6ac6e9a8fac97bd4@mail.gmail.com> On 6/23/06, Sam Przyswa wrote: > shuttlebox a ?crit : > > > On 6/23/06, Sam Przyswa wrote: > > > >> What is the right way accept all the smtp*-g*.free.fr machine ? > > > > > > This should work: > > > > smtp.*-g.*\.free\.fr > > > > It can be done many ways. > > > In fact a pure RegEx work as: > > From: smtp[\d]+-g[\d]+\.free\.fr yes > > Sure ? Yours is more true to your example with numbers in it but when I see asterisks I always tend to think of how file name matching is done in the shell, the equivalent of "*" in Perl RE is ".*". The more you know about what you want to match the more "pure" RE you can construct. -- /peter From samp at arial-concept.com Fri Jun 23 17:15:52 2006 From: samp at arial-concept.com (Sam Przyswa) Date: Fri Jun 23 17:16:02 2006 Subject: RegEx in whitelist In-Reply-To: <4445E471-4E60-4F6F-A102-6BA7F4C66E1F@ecs.soton.ac.uk> References: <449BEB89.6090900@arial-concept.com> <625385e30606230637r491a1e1bm710e8fb291b93bb1@mail.gmail.com> <449C0BF3.9030200@arial-concept.com> <4445E471-4E60-4F6F-A102-6BA7F4C66E1F@ecs.soton.ac.uk> Message-ID: <449C13B8.7090702@arial-concept.com> Julian Field a ?crit : > > On 23 Jun 2006, at 16:42, Sam Przyswa wrote: > >> shuttlebox a ?crit : >> >>> On 6/23/06, Sam Przyswa wrote: >>> >>>> What is the right way accept all the smtp*-g*.free.fr machine ? >>> >>> >>> >>> This should work: >>> >>> smtp.*-g.*\.free\.fr >>> >>> It can be done many ways. >> >> >> >> In fact a pure RegEx work as: >> >> From: smtp[\d]+-g[\d]+\.free\.fr yes >> >> Sure ? > > > You should surround the regexp with "/" so that MailScanner > recognises it properly and does not try to compile it into a regexp > again. So use Argh !!! > From: /smtp\d+-g\d+\.free\.fr/ yes Big THANKS ! > instead. Your square brackets are completely superfluous. Nice, I test it with Kregexpeditor... Thanks again. Sam. -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. From rvallejo at novadevices.com Fri Jun 23 17:32:59 2006 From: rvallejo at novadevices.com (Rafael Vallejo) Date: Fri Jun 23 17:37:53 2006 Subject: Error loading some perl modules on spamassassin In-Reply-To: References: Message-ID: <449C17BB.5010703@novadevices.com> Hello list. I have a problem with spamassassin and is that some perl modules I got messages like this [20075] dbg: diag: module not installed: LWP::UserAgent ('require' failed) UserAgent is a module among others I want to use, I installed by hand spamassasin and have no other choice, LWP and all the modules it need is there in where it is supposed to be /usr/lib/perl5/vendor_perl/5.8.1/LWP, but spamassasin does not locate it my guess is that perl or spamassassin does not get the path for LWP for some reason. Is there any file in where Perl and/or spamassasin look to know where modules are loaded? Regards -- Rafael From samp at arial-concept.com Fri Jun 23 17:53:18 2006 From: samp at arial-concept.com (Sam Przyswa) Date: Fri Jun 23 17:53:29 2006 Subject: RegEx in whitelist In-Reply-To: <4445E471-4E60-4F6F-A102-6BA7F4C66E1F@ecs.soton.ac.uk> References: <449BEB89.6090900@arial-concept.com> <625385e30606230637r491a1e1bm710e8fb291b93bb1@mail.gmail.com> <449C0BF3.9030200@arial-concept.com> <4445E471-4E60-4F6F-A102-6BA7F4C66E1F@ecs.soton.ac.uk> Message-ID: <449C1C7E.7080803@arial-concept.com> Julian Field a ?crit : > > On 23 Jun 2006, at 16:42, Sam Przyswa wrote: > >> shuttlebox a ?crit : >> >>> On 6/23/06, Sam Przyswa wrote: >>> >>>> What is the right way accept all the smtp*-g*.free.fr machine ? >>> >>> >>> >>> This should work: >>> >>> smtp.*-g.*\.free\.fr >> > > You should surround the regexp with "/" so that MailScanner > recognises it properly and does not try to compile it into a regexp > again. So use > From: /smtp\d+-g\d+\.free\.fr/ yes I put it in my spam.whitelist.rules, restart MailScanner and then that's don't work, mails from the smtp2-g19.free.fr (blacklisted) server is not whitelisted :-( I use MailScanner 4.41.3 What's wrong ? Sam. -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. From lshaw at emitinc.com Fri Jun 23 18:42:09 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Fri Jun 23 18:42:18 2006 Subject: Error loading some perl modules on spamassassin In-Reply-To: <449C17BB.5010703@novadevices.com> References: <449C17BB.5010703@novadevices.com> Message-ID: On Fri, 23 Jun 2006, Rafael Vallejo wrote: > I have a problem with spamassassin and is that some perl modules I got > messages like this > > [20075] dbg: diag: module not installed: LWP::UserAgent ('require' failed) > > UserAgent is a module among others I want to use, I installed by hand > spamassasin and have no other choice, LWP and all the modules it need is > there in where it is supposed to be /usr/lib/perl5/vendor_perl/5.8.1/LWP, I would try using the CPAN shell to automatically install the modules you need. The CPAN shell should make sure they are installed in a place where Perl can find them automatically. Just do perl -MCPAN -e shell You'll then get a prompt where you can type things like install LWP::UserAgent to install a module. Or, to list things that match a pattern, i /UserAgent/ Hope that helps. - Logan From rajlinux at gmail.com Fri Jun 23 19:01:26 2006 From: rajlinux at gmail.com (Raj) Date: Fri Jun 23 19:01:29 2006 Subject: can we block mails with perticular subject line In-Reply-To: References: <912a0c6a0606210505w3410e02bmd24d396c681f0332@mail.gmail.com> <912a0c6a0606230000p37abf248k17422a5298d65344@mail.gmail.com> Message-ID: <912a0c6a0606231101t55eca10p2067118fded68e37@mail.gmail.com> it dosent matter to me ,the job is of Mailscanner or procmail. I want my requirement to work. I thought MS can do it, because you know MS can parse all attachment & if it is suspisious it will replace with a warning message. So if mailscanner can process subject line also, that will be cool . is'nt?? On 6/23/06, Scott Silva wrote: > > Raj spake the following on 6/23/2006 12:00 AM: > > Hi everyone. > > really thx for your replays, > > > > I think i found the solution to block or redirect the mails with > > particular words in the subject line. > > > > STICK TO THE BASICS GUYS.............! > > > > YES ......It is possible on sendmail. > > i used scripts on MDA( message deliver agent) which is procmail on my > > sendmail. > > > > I will explain how, May some one can benefit out this. > > > > I made a simple script inside ~/.procmailrc on each user. > > > > :0 > > * ^Subject:.*\fuck > > $MAILDIR/mail/SPAM > > > > :0 > > * ^Subject:.*\sex > > $MAILDIR/mail/SPAM > > > > > > This will move mails with fuck & sex on the subject line from inbox to > > SPAM folder for each user in the sendmail.There are many thing possible > > on procmail you can even send these mails to any other user as if > > mailscanner is sending a warning to a superuser. > > > > for that u have to give > > > > :0 > > * ^Subject:.*fuck > > { > > :0 c > > !trackspam@ pun.softspins.com < > http://pun.softspins.com> > > > > } > > > > where fuck is the bad word & trackspam is the user to monitor the mails. > > > > by carefully inspecting procmail many things are possible , u can even > > manipulate mails with words in the message body or perticular attachment > > and so on. > > > > so try your own scripts which suites your company & infrastructure. > > > > > > But still i am facing some problem, what happened is i got nearly 80 > > users & if i want to implement this i have to copy these files to all > > home directory on each & every user. > > The same scripts didn't worked when i put inside /etc/procmailrc. > > > > I am trying to find a solution, if any one got please help me out. > > > > > > > > On 6/21/06, Raj > wrote: > >> Can we block any particular subject line in MailScanner > >> i mean if subject have words like Viagra, sex, fuck etc.. can we block > > them ? > >> MailScanner is working very well blocking with extension like *.exe. > >> > >> I am facing too many problem with spams these days. Some time > >> spamassassin fails to recognise the spams. So can we block them with > >> its subject line. > >> > >> it is possible on qmail by QTRAP. it blockes mails with customised > words. > >> > >> i gone through docs of MS, But fails to find such function out of it. > >> If this is possible on MS that will be great. > This doesn't block them in sendmail, it moves them after they are > received. It > isn't any different than having MailScanner take care of it. > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Regards Rajeev Sekhar ph 9822751120 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060623/f3bdaa19/attachment.html From rajlinux at gmail.com Fri Jun 23 19:18:39 2006 From: rajlinux at gmail.com (Raj) Date: Fri Jun 23 19:18:43 2006 Subject: Error loading some perl modules on spamassassin In-Reply-To: <449C17BB.5010703@novadevices.com> References: <449C17BB.5010703@novadevices.com> Message-ID: <912a0c6a0606231118t620fc814y34613afa5472b576@mail.gmail.com> I am not expertised in perl but still can give you idea how to check the perl module is installed or not & if where it is. #perl -e "use LWP::UserAgent;" this check the module DBI is installed or not You can also check by rpm -qa | grep perl http://starling.us/gus_netbsd/gus_netbsd_perl_module.html use the above link, you can get better idea. On 6/23/06, Rafael Vallejo wrote: > > Hello list. > > I have a problem with spamassassin and is that some perl modules I got > messages like this > > [20075] dbg: diag: module not installed: LWP::UserAgent ('require' failed) > > UserAgent is a module among others I want to use, I installed by hand > spamassasin and have no other choice, LWP and all the modules it need is > there in where it is supposed to be > /usr/lib/perl5/vendor_perl/5.8.1/LWP, but spamassasin does not locate it > my guess is that perl or spamassassin does not get the path for LWP for > some reason. > > Is there any file in where Perl and/or spamassasin look to know where > modules are loaded? > > Regards > > -- > Rafael > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Regards Rajeev Sekhar ph 9822751120 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060623/044e0806/attachment.html From michele at blacknight.ie Fri Jun 23 19:30:18 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Fri Jun 23 19:30:43 2006 Subject: can we block mails with perticular subject line In-Reply-To: <912a0c6a0606231101t55eca10p2067118fded68e37@mail.gmail.com> References: <912a0c6a0606210505w3410e02bmd24d396c681f0332@mail.gmail.com> <912a0c6a0606230000p37abf248k17422a5298d65344@mail.gmail.com> <912a0c6a0606231101t55eca10p2067118fded68e37@mail.gmail.com> Message-ID: <449C333A.4090501@blacknight.ie> Raj wrote: > it dosent matter to me ,the job is of Mailscanner or procmail. I want my > requirement to work. > > I thought MS can do it, because you know MS can parse all attachment & > if it is suspisious it will replace with a warning message. So if > mailscanner can process subject line also, that will be cool . is'nt?? > You could use MCP... -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From arturs at netvision.net.il Fri Jun 23 20:44:08 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Fri Jun 23 19:46:07 2006 Subject: spamassassin -D skipping: dcc_home /var/dcc/ Message-ID: <004401c696fd$64a56110$3701a8c0@lapxp> Hi, When I run 'spamassassin -D --lint' it provides errors: [16275] warn: config: failed to parse line, skipping: dcc_home /var/dcc/ [16275] warn: config: failed to parse line, skipping: dcc_path /var/dcc/dccifd Yes, I do want it to relay on dccifd. Could be I have messed configs up? Your help is appreciated :) Best, -- Arthur Sherman +972-52-4878851 CPTeam From ugob at camo-route.com Fri Jun 23 19:54:11 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Fri Jun 23 19:54:31 2006 Subject: spamassassin -D skipping: dcc_home /var/dcc/ In-Reply-To: <004401c696fd$64a56110$3701a8c0@lapxp> References: <004401c696fd$64a56110$3701a8c0@lapxp> Message-ID: Arthur Sherman wrote: > Hi, > > When I run 'spamassassin -D --lint' it provides errors: > > [16275] warn: config: failed to parse line, skipping: dcc_home /var/dcc/ > [16275] warn: config: failed to parse line, skipping: dcc_path > /var/dcc/dccifd > > Yes, I do want it to relay on dccifd. > Could be I have messed configs up? I don't think so. You probably forgot to enable dcc in your *.pre files. > > Your help is appreciated :) > > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > From naolson at gmail.com Fri Jun 23 20:12:27 2006 From: naolson at gmail.com (Nathan Olson) Date: Fri Jun 23 20:12:29 2006 Subject: SA cache hit rate Message-ID: <8f54b4330606231212y7bb2ed47j4ff852f3f69aacbc@mail.gmail.com> Is a hit rate of 11-16% even worth keeping the SA cache on? Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060623/0b57728e/attachment.html From eneal at dfi-intl.com Fri Jun 23 20:15:01 2006 From: eneal at dfi-intl.com (Errol Neal) Date: Fri Jun 23 20:15:05 2006 Subject: Disabling SPF Checks.. Message-ID: I've commented out the loadplugin line for SPF, but I'm still seeing SPF_*. I've even set the score to 0 but it's not being honoured.. Jun 23 15:14:38 mailscanner2 MailScanner[492]: New Batch: Scanning 1 messages, 1420 bytes Jun 23 15:14:38 mailscanner2 MailScanner[492]: Spam Checks: Starting Jun 23 15:14:39 mailscanner2 MailScanner[492]: RBL checks: k5NJE2wK002095 found in CBL, SBL+XBL Jun 23 15:14:39 mailscanner2 MailScanner[492]: SpamAssassin cache hit for message k5NJE2wK002095 Jun 23 15:14:39 mailscanner2 MailScanner[492]: Message k5NJE2wK002095 from 58.9.13.119 (tlabani@bombay.oilfield.slb.com) to xxxxx.com is spam, CBL, SBL+XBL, SpamAssassin (cached, score=15.716, required 4.5, BAYES_99 3.50, DCC_CHECK 5.00, DIGEST_MULTIPLE 0.77, FORGED_RCVD_HELO 0.14, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CHECK 0.50, SPF_HELO_SOFTFAIL 2.43, SPF_SOFTFAIL 1.38) # This is the right place to customize your installation of SpamAssassin. # # See 'perldoc Mail::SpamAssassin::Conf' for details of what can be # tweaked. # # This file contains plugin activation commands for plugins included # in SpamAssassin 3.0.x releases. It will not be installed if you # already have a file in place called "init.pre". # ######################################################################## ### # RelayCountry - add metadata for Bayes learning, marking the countries # a message was relayed through # # Note: This requires the IP::Country::Fast Perl module # # loadplugin Mail::SpamAssassin::Plugin::RelayCountry # URIDNSBL - look up URLs found in the message against several DNS # blocklists. # loadplugin Mail::SpamAssassin::Plugin::URIDNSBL # Hashcash - perform hashcash verification. # loadplugin Mail::SpamAssassin::Plugin::Hashcash # SPF - perform SPF verification. # # loadplugin Mail::SpamAssassin::Plugin::SPF loadplugin Mail::SpamAssassin::Plugin::RelayCountry loadplugin Mail::SpamAssassin::Plugin::Razor2 $$$$$$$$$$ In mailscanner.cf. score SPF_HELO_SOFTFAIL 0 score SPF_SOFTFAIL 0 Can it be disabled? __________________________________________ Errol Uriel Neal Jr. Sr. Network Administrator DFI International, Inc. 1717 Pennsylvania Ave NW, Suite 1300 Washington, DC 20006 Tel (202)452-6955 Fax (202)452-6910 eneal@dfi-intl.com www.dfi-intl.com From arturs at netvision.net.il Fri Jun 23 21:15:57 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Fri Jun 23 20:17:57 2006 Subject: spamassassin -D skipping: dcc_home /var/dcc/ In-Reply-To: Message-ID: <004601c69701$d686d580$3701a8c0@lapxp> > Arthur Sherman wrote: > > Hi, > > > > When I run 'spamassassin -D --lint' it provides errors: > > > > [16275] warn: config: failed to parse line, skipping: > dcc_home /var/dcc/ > > [16275] warn: config: failed to parse line, skipping: dcc_path > > /var/dcc/dccifd > > > > Yes, I do want it to relay on dccifd. > > Could be I have messed configs up? > > I don't think so. > > You probably forgot to enable dcc in your *.pre files. Hi Ugo, I went through init.pre, then checked Mail::SpamAssassin::Conf and, frankly, still don't get how to enable dcc in it. Could you guide me? Best, -- Arthur Sherman +972-52-4878851 CPTeam From lshaw at emitinc.com Fri Jun 23 20:18:52 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Fri Jun 23 20:19:09 2006 Subject: SA cache hit rate In-Reply-To: <8f54b4330606231212y7bb2ed47j4ff852f3f69aacbc@mail.gmail.com> References: <8f54b4330606231212y7bb2ed47j4ff852f3f69aacbc@mail.gmail.com> Message-ID: On Fri, 23 Jun 2006, Nathan Olson wrote: > Is a hit rate of 11-16% even worth keeping the SA cache on? Sure, why not? That seems like you'll cut 11-16% off your processing time. Is there any downside to the cache? - Logan From mkettler at evi-inc.com Fri Jun 23 20:39:29 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Jun 23 20:39:37 2006 Subject: Disabling SPF Checks.. In-Reply-To: References: Message-ID: <449C4371.5060902@evi-inc.com> Errol Neal wrote: > I've commented out the loadplugin line for SPF, but I'm still seeing > SPF_*. I've even set the score to 0 but it's not being honoured.. Double-check to make sure there's no other loadplugins. Also, you'll have to reload MailScanner for this kind of change to actually take effect. *.pre and *.cf are only parsed when a SA instance is created, so as long as a particular MailScanner child runs it will continue to use the old settings. From eneal at dfi-intl.com Fri Jun 23 21:11:05 2006 From: eneal at dfi-intl.com (Errol Neal) Date: Fri Jun 23 21:11:11 2006 Subject: Disabling SPF Checks.. Message-ID: >> I've commented out the loadplugin line for SPF, but I'm still seeing >> SPF_*. I've even set the score to 0 but it's not being honoured.. You Wrote >Double-check to make sure there's no other loadplugins. Did this.... I made SURE to search every file.. >Also, you'll have to reload MailScanner for this kind of change to actually take effect. I've done that too. I've done better actually stopped-and-started MailScanner. Errol From naolson at gmail.com Fri Jun 23 21:17:59 2006 From: naolson at gmail.com (Nathan Olson) Date: Fri Jun 23 21:18:01 2006 Subject: Disabling SPF Checks.. In-Reply-To: References: Message-ID: <8f54b4330606231317h47b0c1a5wca618e36dee7cd63@mail.gmail.com> Do a find / -name *.pre as root and see what you find. Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060623/653e4ec4/attachment.html From naolson at gmail.com Fri Jun 23 21:23:34 2006 From: naolson at gmail.com (Nathan Olson) Date: Fri Jun 23 21:23:36 2006 Subject: Disabling SPF Checks.. In-Reply-To: References: Message-ID: <8f54b4330606231323n346192e7sa7a597708d16bc3c@mail.gmail.com> You've got emails in the new SA cache that hit SPF while it was still on, looks like. Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060623/b297a6d6/attachment.html From eneal at dfi-intl.com Fri Jun 23 21:36:38 2006 From: eneal at dfi-intl.com (Errol Neal) Date: Fri Jun 23 21:36:43 2006 Subject: Disabling SPF Checks.. Message-ID: You wrote: >> You've got emails in the new SA cache that hit SPF while it was still on, looks like. I thought about that.. I'll do some checking there.. Thanks, Errol From mkettler at evi-inc.com Fri Jun 23 21:53:17 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Jun 23 21:53:39 2006 Subject: Disabling SPF Checks.. In-Reply-To: References: Message-ID: <449C54BD.10203@evi-inc.com> Errol Neal wrote: > You wrote: >>> You've got emails in the new SA cache that hit SPF while it was still > on, looks like. > > I thought about that.. I'll do some checking there.. By the way.. Why do you want to disable SPF anyway? Are you having SPF false-positives? You may have trust-path problems if you see it false fire.. Other symptoms include problems with ALL_TRUSTED and DUL RBL's: http://wiki.apache.org/spamassassin/TrustPath From ssilva at sgvwater.com Fri Jun 23 22:20:39 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 23 22:21:03 2006 Subject: spamassassin -D skipping: dcc_home /var/dcc/ In-Reply-To: <004601c69701$d686d580$3701a8c0@lapxp> References: <004601c69701$d686d580$3701a8c0@lapxp> Message-ID: Arthur Sherman spake the following on 6/23/2006 1:15 PM: >> Arthur Sherman wrote: >>> Hi, >>> >>> When I run 'spamassassin -D --lint' it provides errors: >>> >>> [16275] warn: config: failed to parse line, skipping: >> dcc_home /var/dcc/ >>> [16275] warn: config: failed to parse line, skipping: dcc_path >>> /var/dcc/dccifd >>> >>> Yes, I do want it to relay on dccifd. >>> Could be I have messed configs up? >> I don't think so. >> >> You probably forgot to enable dcc in your *.pre files. > > Hi Ugo, > > I went through init.pre, then checked Mail::SpamAssassin::Conf and, frankly, > still don't get how to enable dcc in it. > Could you guide me? loadplugin Mail::SpamAssassin::Plugin::DCC -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From wizard at jimhermann.com Fri Jun 23 23:23:45 2006 From: wizard at jimhermann.com (Jim Hermann) Date: Fri Jun 23 23:24:01 2006 Subject: SPF SOFTFAIL not working properly Message-ID: <0ae601c69713$b78f1c20$9801a8c0@Dual> > Jim Hermann wrote: > > > > Is anyone else seeing incorrect SPF_SOFTMAIL false positives? > > >From the looks of it, you have a broken trust path. SA is deciding that > host.uuserver.net is a part of your network, not an outside server. Matt, host.uuserver.net IS part of my network. It is the main email server that receives all email for every domain name that is hosted on my server. MailScanner processes all received emails before they are distributed to each hosted domain name. Jim -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.9.2/373 - Release Date: 06/22/06 From MailScanner at ecs.soton.ac.uk Fri Jun 23 23:43:32 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 23 23:43:50 2006 Subject: RegEx in whitelist In-Reply-To: <449C1C7E.7080803@arial-concept.com> References: <449BEB89.6090900@arial-concept.com> <625385e30606230637r491a1e1bm710e8fb291b93bb1@mail.gmail.com> <449C0BF3.9030200@arial-concept.com> <4445E471-4E60-4F6F-A102-6BA7F4C66E1F@ecs.soton.ac.uk> <449C1C7E.7080803@arial-concept.com> Message-ID: On Fri23 Jun 06, at 17:53, Sam Przyswa wrote: > Julian Field a ?crit : > >> >> On 23 Jun 2006, at 16:42, Sam Przyswa wrote: >> >>> shuttlebox a ?crit : >>> >>>> On 6/23/06, Sam Przyswa wrote: >>>> >>>>> What is the right way accept all the smtp*-g*.free.fr machine ? >>>> >>>> >>>> >>>> This should work: >>>> >>>> smtp.*-g.*\.free\.fr >>> >> >> You should surround the regexp with "/" so that MailScanner >> recognises it properly and does not try to compile it into a >> regexp again. So use >> From: /smtp\d+-g\d+\.free\.fr/ yes > > > I put it in my spam.whitelist.rules, restart MailScanner and then > that's don't work, mails from the smtp2-g19.free.fr (blacklisted) > server is not whitelisted :-( > > I use MailScanner 4.41.3 > > What's wrong ? Whitelisting the domain name here is not the same as whitelisting the IP address of the server sending you the mail. What you are whitelisting is the sender's email address used on the message being sent to you, it is not whitelisting the hostname of the mail server sending the message to you. If you want to whitelist the mail server sending the message to you, list the IP address of the server (or the netblock containing the servers, in any of the common formats). -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Fri Jun 23 23:46:01 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 23 23:46:16 2006 Subject: Error loading some perl modules on spamassassin In-Reply-To: <449C17BB.5010703@novadevices.com> References: <449C17BB.5010703@novadevices.com> Message-ID: <2BD1F8C5-DFF3-4EC1-B5BA-40FCB17033B1@ecs.soton.ac.uk> If you install SpamAssassin from my easy-to-install ClamAV+SA package available from www.mailscanner.info (the downloads page) then it will take care of installing all the required modules for you, as well as lots of setup tweaks you need to do to make it all work properly. On Fri23 Jun 06, at 17:32, Rafael Vallejo wrote: > Hello list. > > I have a problem with spamassassin and is that some perl modules I > got messages like this > > [20075] dbg: diag: module not installed: LWP::UserAgent ('require' > failed) > > UserAgent is a module among others I want to use, I installed by > hand spamassasin and have no other choice, LWP and all the modules > it need is there in where it is supposed to be /usr/lib/perl5/ > vendor_perl/5.8.1/LWP, but spamassasin does not locate it my guess > is that perl or spamassassin does not get the path for LWP for some > reason. > > Is there any file in where Perl and/or spamassasin look to know > where modules are loaded? > > Regards > > -- > Rafael > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Fri Jun 23 23:49:01 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 23 23:49:16 2006 Subject: spamassassin -D skipping: dcc_home /var/dcc/ In-Reply-To: References: <004401c696fd$64a56110$3701a8c0@lapxp> Message-ID: On Fri23 Jun 06, at 19:54, Ugo Bellavance wrote: > Arthur Sherman wrote: >> Hi, >> >> When I run 'spamassassin -D --lint' it provides errors: >> >> [16275] warn: config: failed to parse line, skipping: dcc_home / >> var/dcc/ >> [16275] warn: config: failed to parse line, skipping: dcc_path >> /var/dcc/dccifd >> >> Yes, I do want it to relay on dccifd. >> Could be I have messed configs up? > > I don't think so. > > You probably forgot to enable dcc in your *.pre files. Again, if you had used my easy-to-install ClamAV+SA package, you wouldn't have this problem. Fortunately if you look on the wiki for the details of what my ClamAV+SA package does, it will tell you all the configuration steps it does for you, so you can still do them by hand if you want to. > >> >> Your help is appreciated :) >> >> >> Best, >> >> -- >> Arthur Sherman >> >> +972-52-4878851 >> CPTeam >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Fri Jun 23 23:52:07 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 23 23:52:22 2006 Subject: spamassassin -D skipping: dcc_home /var/dcc/ In-Reply-To: <004601c69701$d686d580$3701a8c0@lapxp> References: <004601c69701$d686d580$3701a8c0@lapxp> Message-ID: On Fri23 Jun 06, at 21:15, Arthur Sherman wrote: >> Arthur Sherman wrote: >>> Hi, >>> >>> When I run 'spamassassin -D --lint' it provides errors: >>> >>> [16275] warn: config: failed to parse line, skipping: >> dcc_home /var/dcc/ >>> [16275] warn: config: failed to parse line, skipping: dcc_path >>> /var/dcc/dccifd >>> >>> Yes, I do want it to relay on dccifd. >>> Could be I have messed configs up? >> >> I don't think so. >> >> You probably forgot to enable dcc in your *.pre files. > > Hi Ugo, > > I went through init.pre, then checked Mail::SpamAssassin::Conf and, > frankly, > still don't get how to enable dcc in it. > Could you guide me? If you want to see what my easy-to-install ClamAV+SA package does for you, read this: http://wiki.mailscanner.info/doku.php?id=documentation:clamav_sa -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From rvallejo at novadevices.com Sat Jun 24 00:29:19 2006 From: rvallejo at novadevices.com (Rafael Vallejo) Date: Sat Jun 24 00:27:54 2006 Subject: Error loading some perl modules on spamassassin In-Reply-To: <2BD1F8C5-DFF3-4EC1-B5BA-40FCB17033B1@ecs.soton.ac.uk> References: <449C17BB.5010703@novadevices.com> <2BD1F8C5-DFF3-4EC1-B5BA-40FCB17033B1@ecs.soton.ac.uk> Message-ID: <449C794F.6070709@novadevices.com> Julian and Logan, Thanks for the respnse unfortunatelly I can not just simply use CPAN or any script like yours Julian because I'm embeeding this on a system that does not have a shell prompt son on the target system I can not install things this way,m on a normal Linux system I successfully installed spamassassin, nut I have to copy to this device spamassassin file by file manually, so something is missing there and need to identify it. Julian you made an installation program, so I guess you know how to make it low level what does it need to register copy or what ever those moules so it knows they exists. Hope to hear from you soon Rafael Julian Field escribi?: > If you install SpamAssassin from my easy-to-install ClamAV+SA package > available from www.mailscanner.info (the downloads page) then it will > take care of installing all the required modules for you, as well as > lots of setup tweaks you need to do to make it all work properly. > > On Fri23 Jun 06, at 17:32, Rafael Vallejo wrote: > >> Hello list. >> >> I have a problem with spamassassin and is that some perl modules I >> got messages like this >> >> [20075] dbg: diag: module not installed: LWP::UserAgent ('require' >> failed) >> >> UserAgent is a module among others I want to use, I installed by >> hand spamassasin and have no other choice, LWP and all the modules >> it need is there in where it is supposed to be /usr/lib/perl5/ >> vendor_perl/5.8.1/LWP, but spamassasin does not locate it my guess >> is that perl or spamassassin does not get the path for LWP for some >> reason. >> >> Is there any file in where Perl and/or spamassasin look to know >> where modules are loaded? >> >> Regards >> >> -- >> Rafael >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > From arturs at netvision.net.il Sat Jun 24 01:49:16 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Sat Jun 24 00:51:16 2006 Subject: SPAM got in Message-ID: <007101c69728$05474280$3701a8c0@lapxp> Hi, See this, he got in: --- Return-Path: Received: from USER1.8u5wz1e.org (client-190.40.42.185.speedy.net.pe [190.40.42.185] (may be forged)) by ns1.cpt.co.il (8.13.1/8.13.1) with ESMTP id k5NKjnUS018089 for ; Fri, 23 Jun 2006 23:46:07 +0300 Message-ID: <89372896837738.77E4499E0B@9B61SCQJ> From: "Logan" To: Subject: Hot and new Get a better job Date: Fri, 23 Jun 2006 15:44:11 -0500 MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Thread-Index: 9Hw8CcbhptlRC9VaY58EHcbN2oa6RmqJGhZm Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.88.2/1562/Fri Jun 23 10:50:07 2006 on ns1.cpt.co.il X-Virus-Status: Clean X-CPTeam-MailScanner-Information: Please contact the C.P.Team for more information X-CPTeam-MailScanner: Found to be clean X-CPTeam-MailScanner-SpamScore: 1 X-CPTeam-MailScanner-From: nathanielbassettbm@scientist.com X-Spam-Status: No X-UIDL: X/_!!'O6!!A@V!!I1=!! --- I have RDJ installed with rules as follows: --- TRUSTED_RULESETS="ANTIDRUG SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 SARE_EVILNUMBERS2 RANDOMVAL BOGUSVIRUS SARE_ADULT SARE_FRAUD SARE_BML SARE_RATWARE SARE_SPOOF SARE_BAYES_POISON_NXM SARE_OEM SARE_RANDOM SARE_HEADER0 SARE_HEADER2 SARE_HEADER3 SARE_HEADER_ENG SARE_HEADER_X264_X30 SARE_HEADER_X30 SARE_HTML SARE_HTML0 SARE_HTML1 SARE_HTML2 SARE_HTML3 SARE_HTML4 SARE_HTML_ENG SARE_SPECIFIC SARE_OBFU0 SARE_OBFU1 SARE_OBFU2 SARE_OBFU3 SARE_REDIRECT SARE_REDIRECT_POST300 SARE_SPAMCOP_TOP200 SARE_GENLSUBJ0 SARE_GENLSUBJ1 SARE_GENLSUBJ2 SARE_GENLSUBJ3 SARE_GENLSUBJ_X30 SARE_GENLSUBJ_ENG SARE_HIGHRISK SARE_UNSUB SARE_URI0 SARE_URI1 SARE_URI2 SARE_URI3 SARE_URI_ENG SARE_WHITELIST"; --- Why it got in? Btw, how you deal with other languages, espacially hebrew and russian? Best, -- Arthur Sherman +972-52-4878851 CPTeam From arturs at netvision.net.il Sat Jun 24 01:52:36 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Sat Jun 24 00:54:44 2006 Subject: spamassassin -D skipping: dcc_home /var/dcc/ In-Reply-To: Message-ID: <007201c69728$81714d10$3701a8c0@lapxp> > >> When I run 'spamassassin -D --lint' it provides errors: > >> > >> [16275] warn: config: failed to parse line, skipping: dcc_home / > >> var/dcc/ > >> [16275] warn: config: failed to parse line, skipping: dcc_path > >> /var/dcc/dccifd > >> > >> Yes, I do want it to relay on dccifd. > >> Could be I have messed configs up? > > > > I don't think so. > > > > You probably forgot to enable dcc in your *.pre files. > > Again, if you had used my easy-to-install ClamAV+SA package, you > wouldn't have this problem. Fortunately if you look on the wiki for > the details of what my ClamAV+SA package does, it will tell you all > the configuration steps it does for you, so you can still do them by > hand if you want to. > > > > >> > >> Your help is appreciated :) The reason for me not to install that tempting package is that I have clamav-milter working on MTA level, so it would be preferable to have a different antivirus with MS, such as f-prot (currently). Best, -- Arthur Sherman +972-52-4878851 CPTeam From arturs at netvision.net.il Sat Jun 24 01:54:26 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Sat Jun 24 00:56:28 2006 Subject: spamassassin -D skipping: dcc_home /var/dcc/ In-Reply-To: Message-ID: <007601c69728$bdd92b10$3701a8c0@lapxp> > If you want to see what my easy-to-install ClamAV+SA package > does for > you, read this: > http://wiki.mailscanner.info/doku.php?id=documentation:clamav_sa Thank you, Julian. Best, -- Arthur Sherman +972-52-4878851 CPTeam From res at ausics.net Sat Jun 24 01:00:09 2006 From: res at ausics.net (Res) Date: Sat Jun 24 01:00:17 2006 Subject: can we block mails with perticular subject line In-Reply-To: <912a0c6a0606231101t55eca10p2067118fded68e37@mail.gmail.com> References: <912a0c6a0606210505w3410e02bmd24d396c681f0332@mail.gmail.com> <912a0c6a0606230000p37abf248k17422a5298d65344@mail.gmail.com> <912a0c6a0606231101t55eca10p2067118fded68e37@mail.gmail.com> Message-ID: On Fri, 23 Jun 2006, Raj wrote: > I thought MS can do it, because you know MS can parse all attachment & if it > is suspisious it will replace with a warning message. So if mailscanner can > process subject line also, that will be cool . is'nt?? yes :) but saly the fanbois of spam assassin will tell us to go use that even though it has nothing to do with our request to the MailScanner author for inclusion of this ability. *shrug* -- Cheers Res From MailScanner at ecs.soton.ac.uk Sat Jun 24 01:02:30 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 24 01:02:44 2006 Subject: Error loading some perl modules on spamassassin In-Reply-To: <449C794F.6070709@novadevices.com> References: <449C17BB.5010703@novadevices.com> <2BD1F8C5-DFF3-4EC1-B5BA-40FCB17033B1@ecs.soton.ac.uk> <449C794F.6070709@novadevices.com> Message-ID: <006C6CE8-5B2C-4685-8B6A-E6F566E5A64D@ecs.soton.ac.uk> There isn't any "registration" system for modules, you just have to make sure the relevant *.pm files appear in the @INC path somewhere. Do a "perl -V" and it will show you the @INC path so you know where to look. "perl -v" prints the version number and a little info, "perl -V" prints a whole lot more info. On Sat24 Jun 06, at 00:29, Rafael Vallejo wrote: > Julian and Logan, > > > Thanks for the respnse unfortunatelly I can not just simply use > CPAN or any script like yours Julian because I'm embeeding this on > a system that does not have a shell prompt son on the target system > I can not install things this way,m on a normal Linux system I > successfully installed spamassassin, nut I have to copy to this > device spamassassin file by file manually, so something is missing > there and need to identify it. > > Julian you made an installation program, so I guess you know how to > make it low level what does it need to register copy or what ever > those moules so it knows they exists. > > Hope to hear from you soon > > Rafael > > Julian Field escribi?: > >> If you install SpamAssassin from my easy-to-install ClamAV+SA >> package available from www.mailscanner.info (the downloads page) >> then it will take care of installing all the required modules for >> you, as well as lots of setup tweaks you need to do to make it >> all work properly. >> >> On Fri23 Jun 06, at 17:32, Rafael Vallejo wrote: >> >>> Hello list. >>> >>> I have a problem with spamassassin and is that some perl modules >>> I got messages like this >>> >>> [20075] dbg: diag: module not installed: LWP::UserAgent >>> ('require' failed) >>> >>> UserAgent is a module among others I want to use, I installed by >>> hand spamassasin and have no other choice, LWP and all the >>> modules it need is there in where it is supposed to be /usr/lib/ >>> perl5/ vendor_perl/5.8.1/LWP, but spamassasin does not locate it >>> my guess is that perl or spamassassin does not get the path for >>> LWP for some reason. >>> >>> Is there any file in where Perl and/or spamassasin look to know >>> where modules are loaded? >>> >>> Regards >>> >>> -- >>> Rafael >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sat Jun 24 01:04:44 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 24 01:05:09 2006 Subject: SPAM got in In-Reply-To: <007101c69728$05474280$3701a8c0@lapxp> References: <007101c69728$05474280$3701a8c0@lapxp> Message-ID: On Sat24 Jun 06, at 01:49, Arthur Sherman wrote: > Hi, > > See this, he got in: > > --- > Return-Path: > Received: from USER1.8u5wz1e.org (client-190.40.42.185.speedy.net.pe > [190.40.42.185] (may be forged)) > by ns1.cpt.co.il (8.13.1/8.13.1) with ESMTP id k5NKjnUS018089 > for ; Fri, 23 Jun 2006 23:46:07 +0300 > Message-ID: <89372896837738.77E4499E0B@9B61SCQJ> > From: "Logan" > To: > Subject: Hot and new Get a better job > Date: Fri, 23 Jun 2006 15:44:11 -0500 > MIME-Version: 1.0 > X-Mailer: Microsoft Office Outlook, Build 11.0.5510 > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 > Thread-Index: 9Hw8CcbhptlRC9VaY58EHcbN2oa6RmqJGhZm > Content-Type: text/plain; > charset="Windows-1252" > Content-Transfer-Encoding: 7bit > X-Virus-Scanned: ClamAV 0.88.2/1562/Fri Jun 23 10:50:07 2006 on > ns1.cpt.co.il > X-Virus-Status: Clean > X-CPTeam-MailScanner-Information: Please contact the C.P.Team for more > information > X-CPTeam-MailScanner: Found to be clean > X-CPTeam-MailScanner-SpamScore: 1 > X-CPTeam-MailScanner-From: nathanielbassettbm@scientist.com > X-Spam-Status: No > X-UIDL: X/_!!'O6!!A@V!!I1=!! > --- > > I have RDJ installed with rules as follows: > > --- > TRUSTED_RULESETS="ANTIDRUG SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 > SARE_EVILNUMBERS2 RANDOMVAL BOGUSVIRUS > SARE_ADULT SARE_FRAUD SARE_BML SARE_RATWARE SARE_SPOOF > SARE_BAYES_POISON_NXM > SARE_OEM SARE_RANDOM > SARE_HEADER0 SARE_HEADER2 SARE_HEADER3 SARE_HEADER_ENG > SARE_HEADER_X264_X30 > SARE_HEADER_X30 SARE_HTML > SARE_HTML0 SARE_HTML1 SARE_HTML2 SARE_HTML3 SARE_HTML4 SARE_HTML_ENG > SARE_SPECIFIC SARE_OBFU0 > SARE_OBFU1 SARE_OBFU2 SARE_OBFU3 SARE_REDIRECT SARE_REDIRECT_POST300 > SARE_SPAMCOP_TOP200 SARE_GENLSUBJ0 > SARE_GENLSUBJ1 SARE_GENLSUBJ2 SARE_GENLSUBJ3 SARE_GENLSUBJ_X30 > SARE_GENLSUBJ_ENG SARE_HIGHRISK SARE_UNSUB SARE_URI0 SARE_URI1 > SARE_URI2 SARE_URI3 SARE_URI_ENG SARE_WHITELIST"; > --- > > Why it got in? Start by setting Always Include SpamAssassin Report = yes so you get to see what rules hit, otherwise you only get to see the report when it reaches the spam score threshold. I don't recommending setting this to yes in production settings, but it is very useful when debugging. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From arturs at netvision.net.il Sat Jun 24 02:04:18 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Sat Jun 24 01:06:19 2006 Subject: Is it wise to run both razor and pyzor checks on the same system? Message-ID: <007701c6972a$1eebfa80$3701a8c0@lapxp> Is it wise to run both razor and pyzor checks on the same system? Best, -- Arthur Sherman +972-52-4878851 CPTeam From mkettler at evi-inc.com Sat Jun 24 01:28:16 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Sat Jun 24 01:28:25 2006 Subject: SPAM got in In-Reply-To: <007101c69728$05474280$3701a8c0@lapxp> References: <007101c69728$05474280$3701a8c0@lapxp> Message-ID: <449C8720.6050707@evi-inc.com> Arthur Sherman wrote: > Hi, > > See this, he got in: > > I have RDJ installed with rules as follows: Step 1: what version of SA are you using? If 3.0.0 or higher, remove antidrug from your configuration. This file is ONLY for users of SA 2.x. Step 2: are you using network tests? if so, remove SARE_SPAMCOP_TOP200 from your config, it's redundant. > Why it got in? Step 3: to debug the false negative, you'll need to turn on the following in MailScanner.conf: Always Include SpamAssassin Report = yes This will cause a spamassassin report to be added to the header of all messages. Without it, you can't even begin to guess why there was a FN. > > Btw, how you deal with other languages, espacially hebrew and russian? The same way I deal with any other language.. feed it to bayes as appropriate. From mkettler at evi-inc.com Sat Jun 24 01:30:07 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Sat Jun 24 01:30:19 2006 Subject: Is it wise to run both razor and pyzor checks on the same system? In-Reply-To: <007701c6972a$1eebfa80$3701a8c0@lapxp> References: <007701c6972a$1eebfa80$3701a8c0@lapxp> Message-ID: <449C878F.6080702@evi-inc.com> Arthur Sherman wrote: > Is it wise to run both razor and pyzor checks on the same system? I don't see why not. The network score sets are tuned assuming you have all the network features turned on (ie: razor,dcc,pyzor, rbl's and uribls all enabled). They work fine if you don't have em all on, but there's no reason to choose only one hash system. SA is mass-checked with all 3 hash systems enabled. From arturs at netvision.net.il Sat Jun 24 02:54:01 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Sat Jun 24 01:56:02 2006 Subject: Is it wise to run both razor and pyzor checks on the same system? In-Reply-To: <449C878F.6080702@evi-inc.com> Message-ID: <008b01c69731$10da9530$3701a8c0@lapxp> > > Is it wise to run both razor and pyzor checks on the same system? > > I don't see why not. The network score sets are tuned > assuming you have all the > network features turned on (ie: razor,dcc,pyzor, rbl's and > uribls all enabled). > > They work fine if you don't have em all on, but there's no > reason to choose only > one hash system. SA is mass-checked with all 3 hash systems enabled. And how this affects performance? Best, -- Arthur Sherman +972-52-4878851 CPTeam From arturs at netvision.net.il Sat Jun 24 02:54:01 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Sat Jun 24 01:56:05 2006 Subject: SPAM got in In-Reply-To: <449C8720.6050707@evi-inc.com> Message-ID: <008c01c69731$110575c0$3701a8c0@lapxp> > > Btw, how you deal with other languages, espacially hebrew > and russian? > > The same way I deal with any other language.. feed it to > bayes as appropriate. Could you guide me to howto? Thanks a lot! Best, -- Arthur Sherman +972-52-4878851 CPTeam From mkettler at evi-inc.com Sat Jun 24 02:20:39 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Sat Jun 24 02:20:48 2006 Subject: SPAM got in In-Reply-To: <008c01c69731$110575c0$3701a8c0@lapxp> References: <008c01c69731$110575c0$3701a8c0@lapxp> Message-ID: <449C9367.6050000@evi-inc.com> Arthur Sherman wrote: >>> Btw, how you deal with other languages, espacially hebrew >> and russian? >> >> The same way I deal with any other language.. feed it to >> bayes as appropriate. > > Could you guide me to howto? I copy the message onto my MailScanner box and feed it to sa-learn --ham or sa-learn --spam, whichever is appropriate. From ewallig at aerocontractors.com Sat Jun 24 03:21:23 2006 From: ewallig at aerocontractors.com (Ed Wallig) Date: Sat Jun 24 03:21:39 2006 Subject: DOS attack using RSET commands? Message-ID: Seeing a lot of the same thing - "dictionary-type" attacks with resets once the mail has been rejected. - Ed -----Original message----- From: "Martin Hepworth" martinh@solid-state-logic.com Date: Fri, 23 Jun 2006 08:43:02 -0400 To: "'MailScanner discussion'" mailscanner@lists.mailscanner.info Subject: RE: DOS attack using RSET commands? > Travis > > Seeing a lot of these I wasn't seeing before... (in Exim) > > SMTP protocol violation: synchronization error (input sent without waiting > for greeting): rejected connection > > about 25% of my reject log is this rubbish, don't recall seeing this before. > > And I only reject on unknown user for that connection..I don't use any > access list on the MTA. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Travis Taylor > > Sent: 23 June 2006 13:00 > > To: mailscanner@lists.mailscanner.info > > Subject: OT: DOS attack using RSET commands? > > > > Apologies about multiple posts, but appears my postings are not making > > it to the mailing list. > > > > Anyone else noticing a large surge in number of clients/connections > > issuing repetitive RSET commands when the connection is permanently or > > temporarily rejected? > > > > The majority of the connections appear to originate from the RIPE and > > APNIC netspace. It is getting to the point where the load is 3 times > > normal and email delivery to us is extremely slow due to the large > > number of repetitive open connections. Anyone have similar issues? > > > > -- > > Travis Taylor > > Unified School District 373 > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 1859 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060623/8c506197/smime.bin From rajlinux at gmail.com Sat Jun 24 06:40:15 2006 From: rajlinux at gmail.com (Raj) Date: Sat Jun 24 06:40:23 2006 Subject: can we block mails with perticular subject line In-Reply-To: <449C333A.4090501@blacknight.ie> References: <912a0c6a0606210505w3410e02bmd24d396c681f0332@mail.gmail.com> <912a0c6a0606230000p37abf248k17422a5298d65344@mail.gmail.com> <912a0c6a0606231101t55eca10p2067118fded68e37@mail.gmail.com> <449C333A.4090501@blacknight.ie> Message-ID: <912a0c6a0606232240t1979fefeqf5c4a94c524d0658@mail.gmail.com> What is MCP??? , Can u send me any link or documentation related to that... please On 6/24/06, Michele Neylon:: Blacknight.ie wrote: > > Raj wrote: > > it dosent matter to me ,the job is of Mailscanner or procmail. I want my > > requirement to work. > > > > I thought MS can do it, because you know MS can parse all attachment & > > if it is suspisious it will replace with a warning message. So if > > mailscanner can process subject line also, that will be cool . is'nt?? > > > You could use MCP... > > -- > Mr Michele Neylon > Blacknight Solutions > Quality Business Hosting & Colocation > http://www.blacknight.ie/ > Tel. 1850 927 280 > Intl. +353 (0) 59 9183072 > Direct Dial: +353 (0)59 9183090 > Fax. +353 (0) 59 9164239 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Regards Rajeev Sekhar ph 9822751120 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060624/10b981fa/attachment.html From raymond at prolocation.net Sat Jun 24 08:35:07 2006 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Sat Jun 24 08:35:08 2006 Subject: SPAM got in In-Reply-To: <007101c69728$05474280$3701a8c0@lapxp> References: <007101c69728$05474280$3701a8c0@lapxp> Message-ID: Hi! > See this, he got in: > > --- > Return-Path: > Received: from USER1.8u5wz1e.org (client-190.40.42.185.speedy.net.pe Please stop posting spam to the list. This is btw no MailScanner issue, but a SA thing. Better ask on the SA list if you want to tweak SA. Thanks, Raymond. From glenn.steen at gmail.com Sat Jun 24 10:15:55 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Jun 24 10:15:59 2006 Subject: Input/Output Error In-Reply-To: <20060623145232.GA2051@qs.ciagri.usp.br> References: <39e688060606230728i171be7d9rbe56e67d39d54370@mail.gmail.com> <20060623145232.GA2051@qs.ciagri.usp.br> Message-ID: <223f97700606240215m315b2d4cs3d6b02557f0ce408@mail.gmail.com> On 23/06/06, Marcelo Zacarias da Silva wrote: > On Fri, Jun 23, 2006 at 10:28:57AM -0400, Matt Standish wrote: > > Hello all. > > After running Mailscanner for a while (I haven't been able to find a > > constant variable) MailScanner (postfix) stops delivering or receiving > > mail. I receive an Input/Output error whenever I type a command at the > > terminal and I am forced to reboot. I am thinking I am either running > > too many processes or opening to many files. Anyone know a kernel > > variable I can try and set? > > I am running > > > > Suse 10.0 > > MailScanner 4.53.6-1 > > Postfix 2.2.5 > > SA 3.1.0 > > ClamAV 0.88 > > Bind is running for local caching > > > > I am using just the database logging portion of MailWatch > > > > I have a ram drive at /var/spool/MailScanner/incoming > > > > The server is a > > Dual PIV 1.8Ghz Xeon > > 4G Ram > > 120G RAID 5 (SCSI 10k RPM) (ReiserFS) > > > > I havce nothing in /var/log/messages, which I am assuming is because > > the file system can't be written too. > > > > I had the same problem with an Adaptec 2200S SCSI RAID controller and > the aacraid driver. The problem was (almost) solved with a firmware > upgrade. > > Excelent suggestions by others... You could try get some more infor by way of using the magic sysrq thing. It often don't give that much, but at least one can look at what the system thinks it was doing at the point of error:) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sat Jun 24 10:35:02 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Jun 24 10:35:05 2006 Subject: Is it wise to run both razor and pyzor checks on the same system? In-Reply-To: <008b01c69731$10da9530$3701a8c0@lapxp> References: <449C878F.6080702@evi-inc.com> <008b01c69731$10da9530$3701a8c0@lapxp> Message-ID: <223f97700606240235y7be45b51x49aa8fde0a655f88@mail.gmail.com> On 24/06/06, Arthur Sherman wrote: > > > Is it wise to run both razor and pyzor checks on the same system? > > > > I don't see why not. The network score sets are tuned > > assuming you have all the > > network features turned on (ie: razor,dcc,pyzor, rbl's and > > uribls all enabled). > > > > They work fine if you don't have em all on, but there's no > > reason to choose only > > one hash system. SA is mass-checked with all 3 hash systems enabled. > > > And how this affects performance? > Moderately->little, depending on how you view it:-). If you run MailWatch, you can get a nice timed and colorized SA --lint run. Will show you where SA spends most time. Yes, the helper application fork exec and "network wait" times can be somewhat long for some of them, but generally not that bad...:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sat Jun 24 10:45:31 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Jun 24 10:45:33 2006 Subject: can we block mails with perticular subject line In-Reply-To: <912a0c6a0606232240t1979fefeqf5c4a94c524d0658@mail.gmail.com> References: <912a0c6a0606210505w3410e02bmd24d396c681f0332@mail.gmail.com> <912a0c6a0606230000p37abf248k17422a5298d65344@mail.gmail.com> <912a0c6a0606231101t55eca10p2067118fded68e37@mail.gmail.com> <449C333A.4090501@blacknight.ie> <912a0c6a0606232240t1979fefeqf5c4a94c524d0658@mail.gmail.com> Message-ID: <223f97700606240245n142a5049r2ab5d8c0503b0a8b@mail.gmail.com> On 24/06/06, Raj wrote: > What is MCP??? , Can u send me any link or documentation related to that... > please > Message Content Protection. It basically is another invocation of SA with a stripped down set of rules. The link to how to set it up seems to be dead though... It should be http://www.mailscanner.info/install/mcp/ but ... that doesn't seem to be there anymore. Jules, could you fix that? Perhaps time to move it into the wiki? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Sat Jun 24 12:45:37 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 24 12:45:53 2006 Subject: can we block mails with perticular subject line In-Reply-To: References: <912a0c6a0606210505w3410e02bmd24d396c681f0332@mail.gmail.com> <912a0c6a0606230000p37abf248k17422a5298d65344@mail.gmail.com> <912a0c6a0606231101t55eca10p2067118fded68e37@mail.gmail.com> Message-ID: <54635C5D-532D-43C9-857F-2388D7671FA0@ecs.soton.ac.uk> On Sat24 Jun 06, at 01:00, Res wrote: > On Fri, 23 Jun 2006, Raj wrote: > >> I thought MS can do it, because you know MS can parse all >> attachment & if it >> is suspisious it will replace with a warning message. So if >> mailscanner can >> process subject line also, that will be cool . is'nt?? > > yes :) but saly the fanbois of spam assassin will tell us to go > use that even though it has nothing to do with our request to the > MailScanner author for inclusion of this ability. The reason that MailScanner doesn't do this is that I also consider it part of SpamAssassin's job. You can't just do simple keyword checking due to all the words that will trigger false alars, think of little birds called "blue tits" and a place in England called "Scunthorpe". So you need a score-based system looking for likely- sounding words. There already is one of those, and it is very good too. It's called SpamAssassin. So please don't expect this feature to appear any time soon... -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sat Jun 24 12:52:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 24 12:52:56 2006 Subject: can we block mails with perticular subject line In-Reply-To: <223f97700606240245n142a5049r2ab5d8c0503b0a8b@mail.gmail.com> References: <912a0c6a0606210505w3410e02bmd24d396c681f0332@mail.gmail.com> <912a0c6a0606230000p37abf248k17422a5298d65344@mail.gmail.com> <912a0c6a0606231101t55eca10p2067118fded68e37@mail.gmail.com> <449C333A.4090501@blacknight.ie> <912a0c6a0606232240t1979fefeqf5c4a94c524d0658@mail.gmail.com> <223f97700606240245n142a5049r2ab5d8c0503b0a8b@mail.gmail.com> Message-ID: <16CF74FA-122D-4FA5-884B-67B6321AC0D4@ecs.soton.ac.uk> On Sat24 Jun 06, at 10:45, Glenn Steen wrote: > On 24/06/06, Raj wrote: >> What is MCP??? , Can u send me any link or documentation related >> to that... >> please >> > Message Content Protection. It basically is another invocation of SA > with a stripped down set of rules. The link to how to set it up seems > to be dead though... It should be > http://www.mailscanner.info/install/mcp/ but ... that doesn't seem to > be there anymore. > > Jules, could you fix that? Perhaps time to move it into the wiki? It's linked from the install guides page. The link there should work fine. It was moved in the new website which has a flat directory structure. So the link should be http://www.mailscanner.info/mcp.html -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Sat Jun 24 15:18:17 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Jun 24 15:18:21 2006 Subject: can we block mails with perticular subject line In-Reply-To: <16CF74FA-122D-4FA5-884B-67B6321AC0D4@ecs.soton.ac.uk> References: <912a0c6a0606210505w3410e02bmd24d396c681f0332@mail.gmail.com> <912a0c6a0606230000p37abf248k17422a5298d65344@mail.gmail.com> <912a0c6a0606231101t55eca10p2067118fded68e37@mail.gmail.com> <449C333A.4090501@blacknight.ie> <912a0c6a0606232240t1979fefeqf5c4a94c524d0658@mail.gmail.com> <223f97700606240245n142a5049r2ab5d8c0503b0a8b@mail.gmail.com> <16CF74FA-122D-4FA5-884B-67B6321AC0D4@ecs.soton.ac.uk> Message-ID: <223f97700606240718w2289a2d2wf1697d0e5c3b5861@mail.gmail.com> On 24/06/06, Julian Field wrote: > On Sat24 Jun 06, at 10:45, Glenn Steen wrote: > > On 24/06/06, Raj wrote: > >> What is MCP??? , Can u send me any link or documentation related > >> to that... > >> please > >> > > Message Content Protection. It basically is another invocation of SA > > with a stripped down set of rules. The link to how to set it up seems > > to be dead though... It should be > > http://www.mailscanner.info/install/mcp/ but ... that doesn't seem to > > be there anymore. > > > > Jules, could you fix that? Perhaps time to move it into the wiki? > > It's linked from the install guides page. The link there should work > fine. It was moved in the new website which has a flat directory > structure. So the link should be > http://www.mailscanner.info/mcp.html > Thought I looked there.... obviously I'm suffering "after midsummer celebration" syndrome:-). I'll update the MAQ link, if Ugo hasn't already... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From arturs at netvision.net.il Sat Jun 24 18:31:07 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Sat Jun 24 17:33:12 2006 Subject: Is it wise to run both razor and pyzor checks on the same system? In-Reply-To: <223f97700606240235y7be45b51x49aa8fde0a655f88@mail.gmail.com> Message-ID: <00e001c697b3$fa032c90$3701a8c0@lapxp> > > And how this affects performance? > > > Moderately->little, depending on how you view it:-). > If you run MailWatch, you can get a nice timed and colorized SA --lint > run. Will show you where SA spends most time. Yes, the helper > application fork exec and "network wait" times can be somewhat long > for some of them, but generally not that bad...:-) All right. Thank you. Best, -- Arthur Sherman +972-52-4878851 CPTeam From arturs at netvision.net.il Sat Jun 24 22:33:38 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Sat Jun 24 21:54:11 2006 Subject: What is config file /etc/mail/spamassassin/RulesDuJour/rules_du_jour ? Message-ID: <00e501c697d5$dad79eb0$3701a8c0@lapxp> I never edited it before, nor I remember it liisted in docs. Did I miss something? Or is it auto configurable? /etc/mail/spamassassin/RulesDuJour/rules_du_jour Best, -- Arthur Sherman +972-52-4878851 CPTeam From MailScanner at ecs.soton.ac.uk Sat Jun 24 22:17:57 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 24 22:18:19 2006 Subject: What is config file /etc/mail/spamassassin/RulesDuJour/rules_du_jour ? In-Reply-To: <00e501c697d5$dad79eb0$3701a8c0@lapxp> References: <00e501c697d5$dad79eb0$3701a8c0@lapxp> Message-ID: <7E125E09-B985-4AE6-B162-7204A574124C@ecs.soton.ac.uk> I believe it is the latest version of the main rules_du_jour script that it downloads to keep your rules_du_jour script up to date. You shouldn't have to touch any of the files in that directory, they are just the latest copies it downloads, so that it never accidentally puts a partially-downloaded script into the main /etc/ mail/spamassassin directory. So just ignore it. On Sat24 Jun 06, at 22:33, Arthur Sherman wrote: > I never edited it before, nor I remember it liisted in docs. > Did I miss something? > Or is it auto configurable? > > /etc/mail/spamassassin/RulesDuJour/rules_du_jour > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From wizard at jimhermann.com Sat Jun 24 22:29:06 2006 From: wizard at jimhermann.com (Jim Hermann) Date: Sat Jun 24 22:33:27 2006 Subject: Truncated $longreport In-Reply-To: <8645.12.34.40.218.1151071148.squirrel@www.jimhermann.com> Message-ID: <014c01c697d5$4b61d9d0$9801a8c0@Dual> I changed all the percent signs to the word percent. I have not seen a truncated report since the change. Any ideas why my system does this? Jim -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of wizard@jimhermann.com Sent: Friday, June 23, 2006 08:59 AM To: mailscanner@lists.mailscanner.info Subject: Truncated $longreport Why does the longreport get truncated sometimes? It appears to have something to do with the percent sign in the rule description. In the example below, the percent sign at the end of the BAYES_50 description has been replaced with the word uppercase, which is the last part AFTER the percent sign in the UPPERCASE_25_50 description. For example: Message Header has: X-UUN-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=6.143, required 5, BAYES_50 2.60, HTML_FONT_INVISIBLE 0.80, HTML_MESSAGE 0.00, HTML_TINY_FONT 2.32, RAZOR2_CF_RANGE_00_01 0.01, SARE_SPEC_LEO_LINE03a 0.41, UPPERCASE_25_50 0.00) Message body has: pts rule name description ---- ---------------------- ----------------------------------------- 0.8 HTML_FONT_INVISIBLE BODY: HTML font color is same as background 0.0 HTML_MESSAGE BODY: HTML included in message 2.6 BAYES_50 BODY: Bayesian spam probability is 40 to 60 uppercase ----- End of MailScanner report I added the last line to my inline.spam.warning.txt file, so that I could see if the entire message was truncated or just the longreport. From arturs at netvision.net.il Sat Jun 24 23:43:57 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Sat Jun 24 22:46:01 2006 Subject: What is config file/etc/mail/spamassassin/RulesDuJour/rules_du_jour ? In-Reply-To: <7E125E09-B985-4AE6-B162-7204A574124C@ecs.soton.ac.uk> Message-ID: <00ee01c697df$adffee10$3701a8c0@lapxp> Thank you, Julian. Best, -- Arthur Sherman +972-52-4878851 CPTeam > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: Saturday, June 24, 2006 11:18 PM > To: MailScanner discussion > Subject: Re: What is config > file/etc/mail/spamassassin/RulesDuJour/rules_du_jour ? > > I believe it is the latest version of the main rules_du_jour script > that it downloads to keep your rules_du_jour script up to date. > You shouldn't have to touch any of the files in that directory, they > are just the latest copies it downloads, so that it never > accidentally puts a partially-downloaded script into the main /etc/ > mail/spamassassin directory. > > So just ignore it. > > On Sat24 Jun 06, at 22:33, Arthur Sherman wrote: > > > I never edited it before, nor I remember it liisted in docs. > > Did I miss something? > > Or is it auto configurable? > > > > /etc/mail/spamassassin/RulesDuJour/rules_du_jour > > > > Best, > > > > -- > > Arthur Sherman > > > > +972-52-4878851 > > CPTeam > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 24 22:53:09 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 24 22:53:26 2006 Subject: Truncated $longreport In-Reply-To: <014c01c697d5$4b61d9d0$9801a8c0@Dual> References: <014c01c697d5$4b61d9d0$9801a8c0@Dual> Message-ID: <08357C81-179E-4E61-A505-704362AECFCB@ecs.soton.ac.uk> It's because it is allowing %variable% lookups in the output, so that you can put things like %org-long-name% in the output. I'll take a look to see if I can sort this one out for you, I've got an idea of how to do it, involving some hairy regexps and s/// expressions. On Sat24 Jun 06, at 22:29, Jim Hermann wrote: > I changed all the percent signs to the word percent. I have not > seen a > truncated report since the change. > > Any ideas why my system does this? > > Jim > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > wizard@jimhermann.com > Sent: Friday, June 23, 2006 08:59 AM > To: mailscanner@lists.mailscanner.info > Subject: Truncated $longreport > > Why does the longreport get truncated sometimes? > > It appears to have something to do with the percent sign in the rule > description. In the example below, the percent sign at the end of the > BAYES_50 description has been replaced with the word uppercase, > which is the > last part AFTER the percent sign in the UPPERCASE_25_50 description. > > For example: > > Message Header has: > > X-UUN-MailScanner-SpamCheck: spam, SpamAssassin (not cached, > score=6.143, > required 5, BAYES_50 2.60, HTML_FONT_INVISIBLE 0.80, > HTML_MESSAGE 0.00, HTML_TINY_FONT 2.32, RAZOR2_CF_RANGE_00_01 > 0.01, > SARE_SPEC_LEO_LINE03a 0.41, UPPERCASE_25_50 0.00) > > Message body has: > > pts rule name description > ---- ---------------------- ----------------------------------------- > 0.8 HTML_FONT_INVISIBLE BODY: HTML font color is same as background > 0.0 HTML_MESSAGE BODY: HTML included in message > 2.6 BAYES_50 BODY: Bayesian spam probability is 40 to 60 > uppercase > > > > > ----- > End of MailScanner report > > I added the last line to my inline.spam.warning.txt file, so that I > could > see if the entire message was truncated or just the longreport. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From wizard at jimhermann.com Sat Jun 24 23:04:09 2006 From: wizard at jimhermann.com (Jim Hermann) Date: Sat Jun 24 23:04:11 2006 Subject: Truncated $longreport In-Reply-To: <08357C81-179E-4E61-A505-704362AECFCB@ecs.soton.ac.uk> Message-ID: <016701c697da$1ed8d7b0$9801a8c0@Dual> Thank you. Wouldn't it be easier to ignore %variable% when there is a space anywhere between the percent signs? Jim -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Saturday, June 24, 2006 04:53 PM To: MailScanner discussion Subject: Re: Truncated $longreport It's because it is allowing %variable% lookups in the output, so that you can put things like %org-long-name% in the output. I'll take a look to see if I can sort this one out for you, I've got an idea of how to do it, involving some hairy regexps and s/// expressions. On Sat24 Jun 06, at 22:29, Jim Hermann wrote: > I changed all the percent signs to the word percent. I have not > seen a > truncated report since the change. > > Any ideas why my system does this? > > Jim > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > wizard@jimhermann.com > Sent: Friday, June 23, 2006 08:59 AM > To: mailscanner@lists.mailscanner.info > Subject: Truncated $longreport > > Why does the longreport get truncated sometimes? > > It appears to have something to do with the percent sign in the rule > description. In the example below, the percent sign at the end of the > BAYES_50 description has been replaced with the word uppercase, > which is the > last part AFTER the percent sign in the UPPERCASE_25_50 description. > > For example: > > Message Header has: > > X-UUN-MailScanner-SpamCheck: spam, SpamAssassin (not cached, > score=6.143, > required 5, BAYES_50 2.60, HTML_FONT_INVISIBLE 0.80, > HTML_MESSAGE 0.00, HTML_TINY_FONT 2.32, RAZOR2_CF_RANGE_00_01 > 0.01, > SARE_SPEC_LEO_LINE03a 0.41, UPPERCASE_25_50 0.00) > > Message body has: > > pts rule name description > ---- ---------------------- ----------------------------------------- > 0.8 HTML_FONT_INVISIBLE BODY: HTML font color is same as background > 0.0 HTML_MESSAGE BODY: HTML included in message > 2.6 BAYES_50 BODY: Bayesian spam probability is 40 to 60 > uppercase > > > > > ----- > End of MailScanner report > > I added the last line to my inline.spam.warning.txt file, so that I > could > see if the entire message was truncated or just the longreport. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.9.3/374 - Release Date: 06/23/06 From MailScanner at ecs.soton.ac.uk Sat Jun 24 23:01:24 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 24 23:06:54 2006 Subject: Truncated $longreport In-Reply-To: <014c01c697d5$4b61d9d0$9801a8c0@Dual> References: <014c01c697d5$4b61d9d0$9801a8c0@Dual> Message-ID: Ah, easy solution to this one. Apply this tiny patch to Message.pm. All it does is to swap over 2 lines. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- A non-text attachment was scrubbed... Name: Message.pm.patch.gz Type: application/x-gzip Size: 262 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060624/1e6db1b4/Message.pm.patch.gz -------------- next part -------------- On Sat24 Jun 06, at 22:29, Jim Hermann wrote: > I changed all the percent signs to the word percent. I have not > seen a > truncated report since the change. > > Any ideas why my system does this? > > Jim > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > wizard@jimhermann.com > Sent: Friday, June 23, 2006 08:59 AM > To: mailscanner@lists.mailscanner.info > Subject: Truncated $longreport > > Why does the longreport get truncated sometimes? > > It appears to have something to do with the percent sign in the rule > description. In the example below, the percent sign at the end of the > BAYES_50 description has been replaced with the word uppercase, > which is the > last part AFTER the percent sign in the UPPERCASE_25_50 description. > > For example: > > Message Header has: > > X-UUN-MailScanner-SpamCheck: spam, SpamAssassin (not cached, > score=6.143, > required 5, BAYES_50 2.60, HTML_FONT_INVISIBLE 0.80, > HTML_MESSAGE 0.00, HTML_TINY_FONT 2.32, RAZOR2_CF_RANGE_00_01 > 0.01, > SARE_SPEC_LEO_LINE03a 0.41, UPPERCASE_25_50 0.00) > > Message body has: > > pts rule name description > ---- ---------------------- ----------------------------------------- > 0.8 HTML_FONT_INVISIBLE BODY: HTML font color is same as background > 0.0 HTML_MESSAGE BODY: HTML included in message > 2.6 BAYES_50 BODY: Bayesian spam probability is 40 to 60 > uppercase > > > > > ----- > End of MailScanner report > > I added the last line to my inline.spam.warning.txt file, so that I > could > see if the entire message was truncated or just the longreport. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From chris at tac.esi.net Sat Jun 24 23:25:17 2006 From: chris at tac.esi.net (Chris Hammond) Date: Sat Jun 24 23:21:21 2006 Subject: MCP Message-ID: <449D838D.B662.0038.0@tac.esi.net> Are there any sites out there that have spamassassin rules for MCP? I have done some looking and not found anything specific to MCP. Any links would be appreciated. Thanks Chris From arturs at netvision.net.il Sun Jun 25 00:45:47 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Sat Jun 24 23:47:49 2006 Subject: no connection to syslog available Message-ID: <010001c697e8$51208390$3701a8c0@lapxp> I get this error: --- [root@ns1 ~]# MailScanner -debug --lint no connection to syslog available - _PATH_LOG not available in syslog.h at /usr/lib/MailScanner/MailScanner/Log.pm line 143 [root@ns1 ~]# MailScanner -debug-sa -lint no connection to syslog available - _PATH_LOG not available in syslog.h at /usr/lib/MailScanner/MailScanner/Log.pm line 143 --- /usr/lib/MailScanner/MailScanner/Log.pm line 143 has: --- Sys::Syslog::syslog($level, $_) if $_ ne ""; --- Syslog.h has : --- define _PATH_LOG "/tmp/syslog" --- Which has perms of 700. Also, I get MailScanner defunct processes, which are recreated after killing. All I did was to modify (less) rules in RDJ and some perl modules update with CPAN. Never forced. Does anyone see the problem here? Best, -- Arthur Sherman +972-52-4878851 CPTeam From MailScanner at ecs.soton.ac.uk Sun Jun 25 00:06:03 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jun 25 00:06:23 2006 Subject: MCP In-Reply-To: <449D838D.B662.0038.0@tac.esi.net> References: <449D838D.B662.0038.0@tac.esi.net> Message-ID: The syntax of the rules is just the same as for SpamAssassin. The syntax is defined in the man page printed by man Mail::SpamAssassin::Conf There are a couple of little examples in /etc/MailScanner/mcp/* On Sat24 Jun 06, at 23:25, Chris Hammond wrote: > Are there any sites out there that have spamassassin rules for > MCP? I have done some looking > and not found anything specific to MCP. Any links would be > appreciated. > > Thanks > Chris > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sun Jun 25 00:28:46 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jun 25 00:29:48 2006 Subject: no connection to syslog available In-Reply-To: <010001c697e8$51208390$3701a8c0@lapxp> References: <010001c697e8$51208390$3701a8c0@lapxp> Message-ID: <837A1707-76F1-4978-8F3B-5E81150E923F@ecs.soton.ac.uk> On Sun25 Jun 06, at 00:45, Arthur Sherman wrote: > > I get this error: > --- > [root@ns1 ~]# MailScanner -debug --lint > no connection to syslog available > - _PATH_LOG not available in syslog.h at > /usr/lib/MailScanner/MailScanner/Log.pm line 143 > [root@ns1 ~]# MailScanner -debug-sa -lint > no connection to syslog available > - _PATH_LOG not available in syslog.h at > /usr/lib/MailScanner/MailScanner/Log.pm line 143 > --- > > /usr/lib/MailScanner/MailScanner/Log.pm line 143 has: > --- > Sys::Syslog::syslog($level, $_) if $_ ne ""; > --- > > Syslog.h has : > --- > define _PATH_LOG "/tmp/syslog" > --- > Which has perms of 700. > > Also, I get MailScanner defunct processes, which are recreated after > killing. > > All I did was to modify (less) rules in RDJ and some perl modules > update > with CPAN. > Never forced. This should show you what you have installed: MailScanner -v It should be in the first section, ie compulsory modules. It's called Sys::Syslog. And make sure your syslogd is running -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From res at ausics.net Sun Jun 25 01:46:59 2006 From: res at ausics.net (Res) Date: Sun Jun 25 01:47:07 2006 Subject: can we block mails with perticular subject line In-Reply-To: <54635C5D-532D-43C9-857F-2388D7671FA0@ecs.soton.ac.uk> References: <912a0c6a0606210505w3410e02bmd24d396c681f0332@mail.gmail.com> <912a0c6a0606230000p37abf248k17422a5298d65344@mail.gmail.com> <912a0c6a0606231101t55eca10p2067118fded68e37@mail.gmail.com> <54635C5D-532D-43C9-857F-2388D7671FA0@ecs.soton.ac.uk> Message-ID: On Sat, 24 Jun 2006, Julian Field wrote: > > The reason that MailScanner doesn't do this is that I also consider it part > of SpamAssassin's job. You can't just do simple keyword checking due to all > the words that will trigger false alars, think of little birds called "blue > tits" and a place in England called "Scunthorpe". So you need a score-based > system looking for likely-sounding words. There already is one of those, and > it is very good too. It's called SpamAssassin. > > So please don't expect this feature to appear any time soon... I modified all of our sendmail boxes to use regex in subject years ago they work fine, i'll try a program someone else mentioned here recently that qmail can use, pitty if an mta can do it with what we beleive to be 0.01% false hits, MS cant :) oh well. life goes on > > -- Cheers Res From MailScanner at ecs.soton.ac.uk Sun Jun 25 16:01:50 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jun 25 16:02:06 2006 Subject: can we block mails with perticular subject line In-Reply-To: References: <912a0c6a0606210505w3410e02bmd24d396c681f0332@mail.gmail.com> <912a0c6a0606230000p37abf248k17422a5298d65344@mail.gmail.com> <912a0c6a0606231101t55eca10p2067118fded68e37@mail.gmail.com> <54635C5D-532D-43C9-857F-2388D7671FA0@ecs.soton.ac.uk> Message-ID: <74C46D57-5AEE-46AD-8B2D-17298DDE4ECE@ecs.soton.ac.uk> On Sun25 Jun 06, at 01:46, Res wrote: > On Sat, 24 Jun 2006, Julian Field wrote: >> >> The reason that MailScanner doesn't do this is that I also >> consider it part of SpamAssassin's job. You can't just do simple >> keyword checking due to all the words that will trigger false >> alars, think of little birds called "blue tits" and a place in >> England called "Scunthorpe". So you need a score-based system >> looking for likely-sounding words. There already is one of those, >> and it is very good too. It's called SpamAssassin. >> >> So please don't expect this feature to appear any time soon... > > I modified all of our sendmail boxes to use regex in subject years > ago they work fine, i'll try a program someone else mentioned here > recently that qmail can use, pitty if an mta can do it with what we > beleive to be 0.01% false hits, MS cant :) oh well. life goes on There are a few practical problems, such as how to encode spaces and tabs and stuff like that in a configuration option. And what would I actually report? The current reporting emails contain the original subject. Doing this in MailScanner would be cool, I guess, but there are all sorts of practical problems doing it. And what would you actually want to do with the message contents? I guess you want to do similar handling to spam. I guess it could be a list of regexps which caused a message to be spam. But it would also have to replace the subject line, so it's not just straight spam. This would be a real mess to implement, and SpamAssassin is far better at it anyway. It's dead easy to write a few SpamAssassin rules to do the simple stuff you are trying to do. So I'm still going to leave it to SpamAssassin, sorry. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From martinh at solid-state-logic.com Mon Jun 26 09:06:03 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Jun 26 09:06:13 2006 Subject: SPAM got in In-Reply-To: <007101c69728$05474280$3701a8c0@lapxp> Message-ID: <024b01c698f7$5e3ce130$3004010a@martinhlaptop> Arthur Can you put a copy of the message (full headers etc) either in pastebin or a normal web page. Then we can run it on our systems and advise.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Arthur Sherman > Sent: 24 June 2006 01:49 > To: 'MailScanner discussion' > Subject: SPAM got in > > Hi, > > See this, he got in: > > --- > Return-Path: > Received: from USER1.8u5wz1e.org (client-190.40.42.185.speedy.net.pe > [190.40.42.185] (may be forged)) > by ns1.cpt.co.il (8.13.1/8.13.1) with ESMTP id k5NKjnUS018089 > for ; Fri, 23 Jun 2006 23:46:07 +0300 > Message-ID: <89372896837738.77E4499E0B@9B61SCQJ> > From: "Logan" > To: > Subject: Hot and new Get a better job > Date: Fri, 23 Jun 2006 15:44:11 -0500 > MIME-Version: 1.0 > X-Mailer: Microsoft Office Outlook, Build 11.0.5510 > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 > Thread-Index: 9Hw8CcbhptlRC9VaY58EHcbN2oa6RmqJGhZm > Content-Type: text/plain; > charset="Windows-1252" > Content-Transfer-Encoding: 7bit > X-Virus-Scanned: ClamAV 0.88.2/1562/Fri Jun 23 10:50:07 2006 on > ns1.cpt.co.il > X-Virus-Status: Clean > X-CPTeam-MailScanner-Information: Please contact the C.P.Team for more > information > X-CPTeam-MailScanner: Found to be clean > X-CPTeam-MailScanner-SpamScore: 1 > X-CPTeam-MailScanner-From: nathanielbassettbm@scientist.com > X-Spam-Status: No > X-UIDL: X/_!!'O6!!A@V!!I1=!! > --- > > I have RDJ installed with rules as follows: > > --- > TRUSTED_RULESETS="ANTIDRUG SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 > SARE_EVILNUMBERS2 RANDOMVAL BOGUSVIRUS > SARE_ADULT SARE_FRAUD SARE_BML SARE_RATWARE SARE_SPOOF > SARE_BAYES_POISON_NXM > SARE_OEM SARE_RANDOM > SARE_HEADER0 SARE_HEADER2 SARE_HEADER3 SARE_HEADER_ENG > SARE_HEADER_X264_X30 > SARE_HEADER_X30 SARE_HTML > SARE_HTML0 SARE_HTML1 SARE_HTML2 SARE_HTML3 SARE_HTML4 SARE_HTML_ENG > SARE_SPECIFIC SARE_OBFU0 > SARE_OBFU1 SARE_OBFU2 SARE_OBFU3 SARE_REDIRECT SARE_REDIRECT_POST300 > SARE_SPAMCOP_TOP200 SARE_GENLSUBJ0 > SARE_GENLSUBJ1 SARE_GENLSUBJ2 SARE_GENLSUBJ3 SARE_GENLSUBJ_X30 > SARE_GENLSUBJ_ENG SARE_HIGHRISK SARE_UNSUB SARE_URI0 SARE_URI1 > SARE_URI2 SARE_URI3 SARE_URI_ENG SARE_WHITELIST"; > --- > > Why it got in? > > Btw, how you deal with other languages, espacially hebrew and russian? > > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From yin288 at gmail.com Mon Jun 26 11:36:17 2006 From: yin288 at gmail.com (Gong Chaoyin) Date: Mon Jun 26 11:36:21 2006 Subject: what happend? Report: MailScanner: No programs allowed (msg-9368-6.txt) Message-ID: <15ee4f850606260336y55f6ddd5k2e2088c93a594cee@mail.gmail.com> please help me! the log: new Batch: Found 2 messages waiting Jun 22 12:48:47 mail MailScanner[9368]: New Batch: Scanning 1 messages, 36442 bytes Jun 22 12:48:47 mail MailScanner[9368]: Virus and Content Scanning: Starting Jun 22 12:48:47 mail MailScanner[9368]: Filetype Checks: No executables (1FtH7W-0002Tm-S5 0) Jun 22 12:48:47 mail MailScanner[9368]: Filetype Checks: No executables (1FtH7W-0002Tm-S5 msg-9368-3.txt) Jun 22 12:48:47 mail MailScanner[9368]: Other Checks: Found 2 problems Jun 22 12:48:47 mail MailScanner[9368]: Saved entire message to /var/spool/MailScanner/quarantine/20060622/1FtH7W-0002Tm-S5 Jun 22 12:48:47 mail MailScanner[9368]: Saved infected "msg-9368-3.txt" to /var/spool/MailScanner/quarantine/20060622/1FtH7W-0002Tm-S5 Jun 22 12:48:47 mail MailScanner[9368]: Notices: Warned The following e-mails were found to have: Bad Filename Detected Sender: xiajianping@xxxxxxxx.com IP Address: 61.142.114.180 Recipient: DHUANG@yyyyy.com, alancheung@yyyyy.com Subject: ??: ??????PO#G0605207? MessageID: 1FtH7W-0002Tm-S5 Quarantine: /var/spool/MailScanner/quarantine/20060622/1FtH7W-0002Tm-S5 Report: MailScanner: No programs allowed (msg-9368-6.txt) Report: MailScanner: No programs allowed (msg-9368-3.txt) /etc/MailScanner/filename.rules.conf # These are known to be mostly harmless. allow \.jpg$ - - allow \.gif$ - - # .url is arguably dangerous, but I can't just ban it... allow \.url$ - - allow \.vcf$ - - allow \.txt$ - - allow \.zip$ - - allow \.t?gz$ - - allow \.bz2$ - - allow \.Z$ - - allow \.rpm$ - - # PGP and GPG allow \.gpg$ - - allow \.pgp$ - - allow \.sit$ - - allow \.asc$ - - # Macintosh archives allow \.hqx$ - - allow \.sit.bin$ - - allow \.sea$ - - /etc/MailScanner/filetype.rules.conf allow text - - allow script - - allow archive - - allow postscript - - deny self-extract No self-extracting archives No self-extracting archives allowed deny executable No executables No programs allowed deny ELF No executables No programs allowed deny Registry No Windows Registry entries No Windows Registry files allowed #deny MPEG No MPEG movies No MPEG movies allowed #deny AVI No AVI movies No AVI movies allowed #deny MNG No MNG/PNG movies No MNG movies allowed #deny QuickTime No QuickTime movies No QuickTime movies allowed #deny ASF No Windows media No Windows media files allowed #deny metafont No Windows Metafont drawings No WMF drawings allowed what happend? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060626/fda52f05/attachment.html From martinh at solid-state-logic.com Mon Jun 26 11:45:59 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Jun 26 11:46:14 2006 Subject: what happend? Report: MailScanner: No programs allowed(msg-9368-6.txt) In-Reply-To: <15ee4f850606260336y55f6ddd5k2e2088c93a594cee@mail.gmail.com> Message-ID: <031b01c6990d$b653d610$3004010a@martinhlaptop> Hi The 'file' program said the attachment was an executable.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Gong Chaoyin > Sent: 26 June 2006 11:36 > To: mailscanner@lists.mailscanner.info > Subject: what happend? Report: MailScanner: No programs allowed(msg-9368- > 6.txt) > > please help me! the log: > > new Batch: Found 2 messages waiting > Jun 22 12:48:47 mail MailScanner[9368]: New Batch: Scanning > 1 messages, 36442 bytes > Jun 22 12:48:47 mail MailScanner[9368]: Virus and Content > Scanning: Starting > Jun 22 12:48:47 mail MailScanner[9368]: Filetype Checks: No > executables (1FtH7W-0002Tm-S5 0) > Jun 22 12:48:47 mail MailScanner[9368]: Filetype Checks: No > executables (1FtH7W-0002Tm-S5 msg-9368-3.txt) > Jun 22 12:48:47 mail MailScanner[9368]: Other Checks: Found > 2 problems > Jun 22 12:48:47 mail MailScanner[9368]: Saved entire > message to > /var/spool/MailScanner/quarantine/20060622/1FtH7W-0002Tm-S5 > Jun 22 12:48:47 mail MailScanner[9368]: Saved infected > "msg-9368-3.txt" to > /var/spool/MailScanner/quarantine/20060622/1FtH7W-0002Tm-S5 > Jun 22 12:48:47 mail MailScanner[9368]: Notices: Warned > > The following e-mails were found to have: Bad Filename Detected > > Sender: xiajianping@xxxxxxxx.com > IP Address: MailScanner warning: numerical links are often malicious: > 61.142.114.180 > Recipient: DHUANG@yyyyy.com, alancheung@yyyyy.com > Subject: ??: ??????PO#G0605207? > MessageID: 1FtH7W-0002Tm-S5 > Quarantine: /var/spool/MailScanner/quarantine/20060622/1FtH7W-0002Tm-S5 > Report: MailScanner: No programs allowed (msg-9368-6.txt) > Report: MailScanner: No programs allowed (msg-9368-3.txt) > > /etc/MailScanner/filename.rules.conf > > # These are known to be mostly harmless. > allow \.jpg$ - - > allow \.gif$ - - > # .url is arguably dangerous, but I can't just ban it... > allow \.url$ - - > allow \.vcf$ - - > allow \.txt$ - - > allow \.zip$ - - > allow \.t?gz$ - - > allow \.bz2$ - - > allow \.Z$ - - > allow \.rpm$ - - > # PGP and GPG > allow \.gpg$ - - > allow \.pgp$ - - > allow \.sit$ - - > allow \.asc$ - - > # Macintosh archives > allow \.hqx$ - - > allow \.sit.bin$ - - > allow \.sea$ - - > > /etc/MailScanner/filetype.rules.conf > > allow text - - > allow script - - > allow archive - - > allow postscript - - > deny self-extract No self-extracting archives No self-extracting archives > allowed > deny executable No executables No programs allowed > deny ELF No executables No programs allowed > deny Registry No Windows Registry entries No Windows Registry files > allowed > > #deny MPEG No MPEG movies No MPEG movies allowed > #deny AVI No AVI movies No AVI movies allowed > #deny MNG No MNG/PNG movies No MNG movies allowed > #deny QuickTime No QuickTime movies No QuickTime movies allowed > #deny ASF No Windows media No Windows media files allowed > #deny metafont No Windows Metafont drawings No WMF drawings allowed > > what happend? > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From yin288 at gmail.com Mon Jun 26 11:59:50 2006 From: yin288 at gmail.com (Gong Chaoyin) Date: Mon Jun 26 11:59:53 2006 Subject: what happend? Report: MailScanner: No programs allowed(msg-9368-6.txt) In-Reply-To: <031b01c6990d$b653d610$3004010a@martinhlaptop> References: <15ee4f850606260336y55f6ddd5k2e2088c93a594cee@mail.gmail.com> <031b01c6990d$b653d610$3004010a@martinhlaptop> Message-ID: <15ee4f850606260359rbf6e693h47c4ed9f724a856d@mail.gmail.com> thanks! May i set it like this? #File Command = /usr/bin/file File Commnad = 2006/6/26, Martin Hepworth : > > Hi > > The 'file' program said the attachment was an executable.... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Gong Chaoyin > > Sent: 26 June 2006 11:36 > > To: mailscanner@lists.mailscanner.info > > Subject: what happend? Report: MailScanner: No programs > allowed(msg-9368- > > 6.txt) > > > > please help me! the log: > > > > new Batch: Found 2 messages waiting > > Jun 22 12:48:47 mail MailScanner[9368]: New Batch: Scanning > > 1 messages, 36442 bytes > > Jun 22 12:48:47 mail MailScanner[9368]: Virus and Content > > Scanning: Starting > > Jun 22 12:48:47 mail MailScanner[9368]: Filetype Checks: No > > executables (1FtH7W-0002Tm-S5 0) > > Jun 22 12:48:47 mail MailScanner[9368]: Filetype Checks: No > > executables (1FtH7W-0002Tm-S5 msg-9368-3.txt) > > Jun 22 12:48:47 mail MailScanner[9368]: Other Checks: Found > > 2 problems > > Jun 22 12:48:47 mail MailScanner[9368]: Saved entire > > message to > > /var/spool/MailScanner/quarantine/20060622/1FtH7W-0002Tm-S5 > > Jun 22 12:48:47 mail MailScanner[9368]: Saved infected > > "msg-9368-3.txt" to > > /var/spool/MailScanner/quarantine/20060622/1FtH7W-0002Tm-S5 > > Jun 22 12:48:47 mail MailScanner[9368]: Notices: Warned > > > > The following e-mails were found to have: Bad Filename Detected > > > > Sender: xiajianping@xxxxxxxx.com > > IP Address: MailScanner warning: numerical links are often malicious: > > 61.142.114.180 > > Recipient: DHUANG@yyyyy.com, alancheung@yyyyy.com > > Subject: ??: ??????PO#G0605207? > > MessageID: 1FtH7W-0002Tm-S5 > > Quarantine: /var/spool/MailScanner/quarantine/20060622/1FtH7W-0002Tm-S5 > > Report: MailScanner: No programs allowed (msg-9368-6.txt) > > Report: MailScanner: No programs allowed (msg-9368-3.txt) > > > > /etc/MailScanner/filename.rules.conf > > > > # These are known to be mostly harmless. > > allow \.jpg$ - - > > allow \.gif$ - - > > # .url is arguably dangerous, but I can't just ban it... > > allow \.url$ - - > > allow \.vcf$ - - > > allow \.txt$ - - > > allow \.zip$ - - > > allow \.t?gz$ - - > > allow \.bz2$ - - > > allow \.Z$ - - > > allow \.rpm$ - - > > # PGP and GPG > > allow \.gpg$ - - > > allow \.pgp$ - - > > allow \.sit$ - - > > allow \.asc$ - - > > # Macintosh archives > > allow \.hqx$ - - > > allow \.sit.bin$ - - > > allow \.sea$ - - > > > > /etc/MailScanner/filetype.rules.conf > > > > allow text - - > > allow script - - > > allow archive - - > > allow postscript - - > > deny self-extract No self-extracting archives No self-extracting > archives > > allowed > > deny executable No executables No programs allowed > > deny ELF No executables No programs allowed > > deny Registry No Windows Registry entries No Windows Registry files > > allowed > > > > #deny MPEG No MPEG movies No MPEG movies allowed > > #deny AVI No AVI movies No AVI movies allowed > > #deny MNG No MNG/PNG movies No MNG movies allowed > > #deny QuickTime No QuickTime movies No QuickTime movies allowed > > #deny ASF No Windows media No Windows media files allowed > > #deny metafont No Windows Metafont drawings No WMF drawings allowed > > > > what happend? > > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060626/ee84484c/attachment.html From AHKAPLAN at PARTNERS.ORG Mon Jun 26 14:33:46 2006 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Mon Jun 26 14:33:51 2006 Subject: Notifying Recipients of Blocked Messages Message-ID: <9C63A4713C4E3342B90428CE44806A7302679795@PHSXMB5.partners.org> Hi there -- I modified the following line in MailScanner.conf in order to notify the recpients that bad content was detected in their e-mails: Still Deliver Silent Viruses = yes and restarted MailScanner, ClamAV, and Sendmail on the system in question. The administrator did receive a notification that bad content was detected in a user's email. But when I queried the recipient to see if he had received notification, he claimed he did not. What else should I modify to have the recipients notified when bad content is detected in their e-mails? Thanks. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian Field Sent: Wednesday, June 21, 2006 3:51 PM To: MailScanner discussion Subject: Re: Notifying Recipients of Blocked Messages You've got it about right. All viruses these days are messages which are 100% virus data and no useful information at all. So there's little point in notifying users of stuff they never asked for nor wanted in the first place. Doesn't matter, is the answer to your first question. On Wed21 Jun 06, at 20:15, Kaplan, Andrew H. wrote: > Hi there -- > > I am going through the MailScanner.conf file to locate the recipient > notification configuration, and came across several areas: > > # Set how to invoke MTA when sending messages MailScanner has created > # (e.g. to sender/recipient saying "found a virus in your message") > # This can also be the filename of a ruleset. > Sendmail = /usr/lib/sendmail > > The /usr/lib/sendmail is a link to /usr/sbin/sendmail. Would it be > better to > have the line in question point directly to the latter? Also, would > changing > it as such enable the recipient to receive the above notification? > > # Still deliver (after cleaning) messages that contained viruses > # listed in the above option ("Silent Viruses") to the > recipient? > # Setting this to "yes" is good when you are testing everything, and > # because it shows management that MailScanner is protecting them, > # but it is bad because they have to filter/delete all the incoming > # virus warnings. > # > # Note: Once you have deployed this into "production" use, you should > # Note: set this option to "no" so you don't bombard thousands of > # Note: people with useless messages they don't want! > # > # This can also be the filename of a ruleset. > Still Deliver Silent Viruses = no > > If I change the value from no to yes, will that activate > notification of the > recipient of a virus in their e-mail? > > If these aren't the areas where recipient notification is > configured, can > someone point out the section in question? Thanks. > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Steve Campbell > Sent: Tuesday, June 20, 2006 5:10 PM > To: MailScanner discussion > Subject: Re: Notifying Recipients of Blocked Messages > > Andrew, > > ----- Original Message ----- > From: "Kaplan, Andrew H." > To: "MailScanner discussion" > Sent: Tuesday, June 20, 2006 4:35 PM > Subject: RE: Notifying Recipients of Blocked Messages > > >> At the risk of sounding like a complete idiot, what is the line(s) in >> question >> in the MailScanner.conf file? Sorry... > > That was my point, but a general one, at that. Some options in some > config > files don't seem to indicate what they are used for. But in this > case, I > think you'll find it pretty easily. > > Actually, you should scan the Mailscanner.conf file and read the > paragraph > above each config option. You might even scan the file for "Notify" > to see > all of the different options. > > If you haven't read the conf file from beginning to end, you're > missing a > lot of ideas you could be doing with MS. You won't remember them > all or what > they do, but at least you'll be slightly familiar. > > Don't worry about ever sounding like a complete idiot on this list, > as we > have all done that here on this list at one time or another. And > most of us > have ask the same kind of config questions before also. Remember, > the only > stupid question is the one you never ask, or how ever that goes. > > Steve >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> Steve >> Campbell >> Sent: Tuesday, June 20, 2006 2:12 PM >> To: MailScanner discussion >> Subject: Re: Notifying Recipients of Blocked Messages >> >> >> ----- Original Message ----- >> From: "Michele Neylon :: Blacknight.ie" >> To: "MailScanner discussion" >> Sent: Tuesday, June 20, 2006 1:39 PM >> Subject: Re: Notifying Recipients of Blocked Messages >> >> >>> Kaplan, Andrew H. wrote: >>>> Hi there - >>>> >>>> >>>> >>>> How do I determine if recipients of blocked messages are being >>>> notified, >>> >>> Check your mail logs >>> >>>> and how would I configure MailScanner to do that? Thanks. >>> >>> It's the default setting in MailScanner.conf, so unless you >>> changed it >>> you shouldn't have to do anything >>> >> If you don't know what to change, how do you know if you changed >> it or >> not? >> >> Steve >> >>> >>> -- >>> Mr Michele Neylon >>> Blacknight Solutions >>> Quality Business Hosting & Colocation >>> http://www.blacknight.ie/ >>> Tel. 1850 927 280 >>> Intl. +353 (0) 59 9183072 >>> Direct Dial: +353 (0)59 9183090 >>> Fax. +353 (0) 59 9164239 >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From chris at tac.esi.net Mon Jun 26 15:38:32 2006 From: chris at tac.esi.net (Chris Hammond) Date: Mon Jun 26 15:38:46 2006 Subject: MCP In-Reply-To: References: <449D838D.B662.0038.0@tac.esi.net> Message-ID: <449FB952.B662.0038.0@tac.esi.net> Thanks Julian, I did give it a try but it nearly trippled the batch time so I had to turn it off. I am still looking at possible causes of what I think is slow processing times. So until I figure that out, I will go without MCP, but it was quite simple to setup and use. Thanks Chris >>> Julian Field 06/24/06 7:06 PM >>> The syntax of the rules is just the same as for SpamAssassin. The syntax is defined in the man page printed by man Mail::SpamAssassin::Conf There are a couple of little examples in /etc/MailScanner/mcp/* On Sat24 Jun 06, at 23:25, Chris Hammond wrote: > Are there any sites out there that have spamassassin rules for > MCP? I have done some looking > and not found anything specific to MCP. Any links would be > appreciated. > > Thanks > Chris > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Jun 26 15:46:02 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 26 15:46:32 2006 Subject: what happend? Report: MailScanner: No programs allowed(msg-9368-6.txt) In-Reply-To: <15ee4f850606260359rbf6e693h47c4ed9f724a856d@mail.gmail.com> References: <15ee4f850606260336y55f6ddd5k2e2088c93a594cee@mail.gmail.com> <031b01c6990d$b653d610$3004010a@martinhlaptop> <15ee4f850606260359rbf6e693h47c4ed9f724a856d@mail.gmail.com> Message-ID: <18FE9FDD-7991-43C3-BC0C-CA96E09F0C1D@ecs.soton.ac.uk> Yes, if you do not want any filetype checking at all. On 26 Jun 2006, at 11:59, Gong Chaoyin wrote: > thanks! > May i set it like this? > > #File Command = /usr/bin/file > File Commnad = > > > > 2006/6/26, Martin Hepworth : > Hi > > The 'file' program said the attachment was an executable.... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto: > mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Gong Chaoyin > > Sent: 26 June 2006 11:36 > > To: mailscanner@lists.mailscanner.info > > Subject: what happend? Report: MailScanner: No programs allowed > (msg-9368- > > 6.txt) > > > > please help me! the log: > > > > new Batch: Found 2 messages waiting > > Jun 22 12:48:47 mail MailScanner[9368]: New Batch: Scanning > > 1 messages, 36442 bytes > > Jun 22 12:48:47 mail MailScanner[9368]: Virus and Content > > Scanning: Starting > > Jun 22 12:48:47 mail MailScanner[9368]: Filetype Checks: No > > executables (1FtH7W-0002Tm-S5 0) > > Jun 22 12:48:47 mail MailScanner[9368]: Filetype Checks: No > > executables (1FtH7W-0002Tm-S5 msg-9368-3.txt) > > Jun 22 12:48:47 mail MailScanner[9368]: Other Checks: Found > > 2 problems > > Jun 22 12:48:47 mail MailScanner[9368]: Saved entire > > message to > > /var/spool/MailScanner/quarantine/20060622/1FtH7W-0002Tm-S5 > > Jun 22 12:48:47 mail MailScanner[9368]: Saved infected > > "msg-9368-3.txt" to > > /var/spool/MailScanner/quarantine/20060622/1FtH7W-0002Tm-S5 > > Jun 22 12:48:47 mail MailScanner[9368]: Notices: Warned > > > > The following e-mails were found to have: Bad Filename Detected > > > > Sender: xiajianping@xxxxxxxx.com > > IP Address: MailScanner warning: numerical links are often > malicious: > > MailScanner warning: numerical links are often malicious: > 61.142.114.180 malicious: http://61.142.114.180> > > Recipient: DHUANG@yyyyy.com, alancheung@yyyyy.com > > Subject: ??: ??????PO#G0605207? > > MessageID: 1FtH7W-0002Tm-S5 > > Quarantine: /var/spool/MailScanner/quarantine/ > 20060622/1FtH7W-0002Tm-S5 > > Report: MailScanner: No programs allowed (msg-9368-6.txt) > > Report: MailScanner: No programs allowed ( msg-9368-3.txt) > > > > /etc/MailScanner/filename.rules.conf > > > > # These are known to be mostly harmless. > > allow \.jpg$ - - > > allow \.gif$ - - > > # .url is arguably dangerous, but I can't just ban it... > > allow \.url$ - - > > allow \.vcf$ - - > > allow \.txt$ - - > > allow \.zip$ - - > > allow \.t?gz$ - - > > allow \.bz2$ - - > > allow \.Z$ - - > > allow \.rpm$ - - > > # PGP and GPG > > allow \.gpg$ - - > > allow \.pgp$ - - > > allow \.sit$ - - > > allow \.asc$ - - > > # Macintosh archives > > allow \.hqx$ - - > > allow \.sit.bin$ - - > > allow \.sea$ - - > > > > /etc/MailScanner/filetype.rules.conf > > > > allow text - - > > allow script - - > > allow archive - - > > allow postscript - - > > deny self-extract No self-extracting archives No self-extracting > archives > > allowed > > deny executable No executables No programs allowed > > deny ELF No executables No programs allowed > > deny Registry No Windows Registry entries No Windows Registry files > > allowed > > > > #deny MPEG No MPEG movies No MPEG movies allowed > > #deny AVI No AVI movies No AVI movies allowed > > #deny MNG No MNG/PNG movies No MNG movies allowed > > #deny QuickTime No QuickTime movies No QuickTime movies allowed > > #deny ASF No Windows media No Windows media files allowed > > #deny metafont No Windows Metafont drawings No WMF drawings allowed > > > > what happend? > > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060626/f0676335/attachment.html From rvallejo at novadevices.com Mon Jun 26 15:31:27 2006 From: rvallejo at novadevices.com (Rafael Vallejo) Date: Mon Jun 26 15:57:14 2006 Subject: Error loading some perl modules on spamassassin In-Reply-To: <006C6CE8-5B2C-4685-8B6A-E6F566E5A64D@ecs.soton.ac.uk> References: <449C17BB.5010703@novadevices.com> <2BD1F8C5-DFF3-4EC1-B5BA-40FCB17033B1@ecs.soton.ac.uk> <449C794F.6070709@novadevices.com> <006C6CE8-5B2C-4685-8B6A-E6F566E5A64D@ecs.soton.ac.uk> Message-ID: <449FEFBF.6060601@novadevices.com> Thaks it seems to be that the solution is closer to me, where do I edit the @INC path in order to add a new path? Rafael Julian Field escribi?: > There isn't any "registration" system for modules, you just have to > make sure the relevant *.pm files appear in the @INC path somewhere. > Do a "perl -V" and it will show you the @INC path so you know where > to look. > "perl -v" prints the version number and a little info, "perl -V" > prints a whole lot more info. > > On Sat24 Jun 06, at 00:29, Rafael Vallejo wrote: > >> Julian and Logan, >> >> >> Thanks for the respnse unfortunatelly I can not just simply use CPAN >> or any script like yours Julian because I'm embeeding this on a >> system that does not have a shell prompt son on the target system I >> can not install things this way,m on a normal Linux system I >> successfully installed spamassassin, nut I have to copy to this >> device spamassassin file by file manually, so something is missing >> there and need to identify it. >> >> Julian you made an installation program, so I guess you know how to >> make it low level what does it need to register copy or what ever >> those moules so it knows they exists. >> >> Hope to hear from you soon >> >> Rafael >> >> Julian Field escribi?: >> >>> If you install SpamAssassin from my easy-to-install ClamAV+SA >>> package available from www.mailscanner.info (the downloads page) >>> then it will take care of installing all the required modules for >>> you, as well as lots of setup tweaks you need to do to make it all >>> work properly. >>> >>> On Fri23 Jun 06, at 17:32, Rafael Vallejo wrote: >>> >>>> Hello list. >>>> >>>> I have a problem with spamassassin and is that some perl modules >>>> I got messages like this >>>> >>>> [20075] dbg: diag: module not installed: LWP::UserAgent >>>> ('require' failed) >>>> >>>> UserAgent is a module among others I want to use, I installed by >>>> hand spamassasin and have no other choice, LWP and all the >>>> modules it need is there in where it is supposed to be /usr/lib/ >>>> perl5/ vendor_perl/5.8.1/LWP, but spamassasin does not locate it >>>> my guess is that perl or spamassassin does not get the path for >>>> LWP for some reason. >>>> >>>> Is there any file in where Perl and/or spamassasin look to know >>>> where modules are loaded? >>>> >>>> Regards >>>> >>>> -- >>>> Rafael >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > From MailScanner at ecs.soton.ac.uk Mon Jun 26 16:18:16 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 26 16:19:06 2006 Subject: Error loading some perl modules on spamassassin In-Reply-To: <449FEFBF.6060601@novadevices.com> References: <449C17BB.5010703@novadevices.com> <2BD1F8C5-DFF3-4EC1-B5BA-40FCB17033B1@ecs.soton.ac.uk> <449C794F.6070709@novadevices.com> <006C6CE8-5B2C-4685-8B6A-E6F566E5A64D@ecs.soton.ac.uk> <449FEFBF.6060601@novadevices.com> Message-ID: <103CB923-66E4-44FC-8384-855B38117206@ecs.soton.ac.uk> To change @INC completely requires you to recompile Perl, it is hard- coded. However, to add things to it for 1 or 2 scripts is easy, you can add the -I options in the #!/usr/bin/perl line at the top of the script, so it looks like #!/usr/bin/perl -I/usr/local/perl/lib for example. I'm sure someone will correct me if I'm wrong! On 26 Jun 2006, at 15:31, Rafael Vallejo wrote: > Thaks it seems to be that the solution is closer to me, where do I > edit the @INC path in order to add a new path? > > > Rafael > > > > Julian Field escribi?: > >> There isn't any "registration" system for modules, you just have >> to make sure the relevant *.pm files appear in the @INC path >> somewhere. Do a "perl -V" and it will show you the @INC path so >> you know where to look. >> "perl -v" prints the version number and a little info, "perl -V" >> prints a whole lot more info. >> >> On Sat24 Jun 06, at 00:29, Rafael Vallejo wrote: >> >>> Julian and Logan, >>> >>> >>> Thanks for the respnse unfortunatelly I can not just simply use >>> CPAN or any script like yours Julian because I'm embeeding this >>> on a system that does not have a shell prompt son on the target >>> system I can not install things this way,m on a normal Linux >>> system I successfully installed spamassassin, nut I have to copy >>> to this device spamassassin file by file manually, so something >>> is missing there and need to identify it. >>> >>> Julian you made an installation program, so I guess you know how >>> to make it low level what does it need to register copy or what >>> ever those moules so it knows they exists. >>> >>> Hope to hear from you soon >>> >>> Rafael >>> >>> Julian Field escribi?: >>> >>>> If you install SpamAssassin from my easy-to-install ClamAV+SA >>>> package available from www.mailscanner.info (the downloads >>>> page) then it will take care of installing all the required >>>> modules for you, as well as lots of setup tweaks you need to >>>> do to make it all work properly. >>>> >>>> On Fri23 Jun 06, at 17:32, Rafael Vallejo wrote: >>>> >>>>> Hello list. >>>>> >>>>> I have a problem with spamassassin and is that some perl >>>>> modules I got messages like this >>>>> >>>>> [20075] dbg: diag: module not installed: LWP::UserAgent >>>>> ('require' failed) >>>>> >>>>> UserAgent is a module among others I want to use, I installed >>>>> by hand spamassasin and have no other choice, LWP and all >>>>> the modules it need is there in where it is supposed to be / >>>>> usr/lib/ perl5/ vendor_perl/5.8.1/LWP, but spamassasin does not >>>>> locate it my guess is that perl or spamassassin does not get >>>>> the path for LWP for some reason. >>>>> >>>>> Is there any file in where Perl and/or spamassasin look to >>>>> know where modules are loaded? >>>>> >>>>> Regards >>>>> >>>>> -- >>>>> Rafael >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From naolson at gmail.com Mon Jun 26 16:24:58 2006 From: naolson at gmail.com (Nathan Olson) Date: Mon Jun 26 16:25:01 2006 Subject: Error loading some perl modules on spamassassin In-Reply-To: <103CB923-66E4-44FC-8384-855B38117206@ecs.soton.ac.uk> References: <449C17BB.5010703@novadevices.com> <2BD1F8C5-DFF3-4EC1-B5BA-40FCB17033B1@ecs.soton.ac.uk> <449C794F.6070709@novadevices.com> <006C6CE8-5B2C-4685-8B6A-E6F566E5A64D@ecs.soton.ac.uk> <449FEFBF.6060601@novadevices.com> <103CB923-66E4-44FC-8384-855B38117206@ecs.soton.ac.uk> Message-ID: <8f54b4330606260824k6c2f24beif5daab2e90a16750@mail.gmail.com> The environment variable PERL5LIB. There is also a 'lib' pragma. use lib Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060626/0ec08469/attachment.html From bpumphrey at woodmclaw.com Mon Jun 26 16:39:05 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Mon Jun 26 16:39:07 2006 Subject: SPAM got in Message-ID: <04D932B0071FE34FA63EBB1977B48D15014F2A0B@woodenex.woodmaclaw.local> > > Arthur > > Can you put a copy of the message (full headers etc) either in pastebin or > a > normal web page. Then we can run it on our systems and advise.... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > Agreed, I will run it through mine also. I am curious to see what mine does. From ssilva at sgvwater.com Mon Jun 26 17:07:33 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jun 26 17:08:13 2006 Subject: what happend? Report: MailScanner: No programs allowed(msg-9368-6.txt) In-Reply-To: <15ee4f850606260359rbf6e693h47c4ed9f724a856d@mail.gmail.com> References: <15ee4f850606260336y55f6ddd5k2e2088c93a594cee@mail.gmail.com> <031b01c6990d$b653d610$3004010a@martinhlaptop> <15ee4f850606260359rbf6e693h47c4ed9f724a856d@mail.gmail.com> Message-ID: Gong Chaoyin spake the following on 6/26/2006 3:59 AM: > thanks! > May i set it like this? > > #File Command = /usr/bin/file > File Commnad = But that will let in all the nasty viruses that pretend to be a txt file. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From naolson at gmail.com Mon Jun 26 17:11:50 2006 From: naolson at gmail.com (Nathan Olson) Date: Mon Jun 26 17:11:52 2006 Subject: what happend? Report: MailScanner: No programs allowed(msg-9368-6.txt) In-Reply-To: References: <15ee4f850606260336y55f6ddd5k2e2088c93a594cee@mail.gmail.com> <031b01c6990d$b653d610$3004010a@martinhlaptop> <15ee4f850606260359rbf6e693h47c4ed9f724a856d@mail.gmail.com> Message-ID: <8f54b4330606260911j5212650ci7d52856ac4cdcfa6@mail.gmail.com> Not if his virus scanner works. Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060626/44f5a29b/attachment.html From martinh at solid-state-logic.com Mon Jun 26 17:21:14 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Jun 26 17:21:24 2006 Subject: what happend? Report: MailScanner: No programsallowed(msg-9368-6.txt) In-Reply-To: <8f54b4330606260911j5212650ci7d52856ac4cdcfa6@mail.gmail.com> Message-ID: <002801c6993c$8be78050$3004010a@martinhlaptop> Assuming there's a signature for the malware in question. I've had several emails where this test in MS has beaten the AV companies by hours. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Nathan Olson > Sent: 26 June 2006 17:12 > To: MailScanner discussion > Subject: Re: what happend? Report: MailScanner: No programsallowed(msg- > 9368-6.txt) > > Not if his virus scanner works. > > Nate > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From ssilva at sgvwater.com Mon Jun 26 18:32:49 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jun 26 18:33:03 2006 Subject: what happend? Report: MailScanner: No programsallowed(msg-9368-6.txt) In-Reply-To: <002801c6993c$8be78050$3004010a@martinhlaptop> References: <8f54b4330606260911j5212650ci7d52856ac4cdcfa6@mail.gmail.com> <002801c6993c$8be78050$3004010a@martinhlaptop> Message-ID: Martin Hepworth spake the following on 6/26/2006 9:21 AM: > Assuming there's a signature for the malware in question. > > I've had several emails where this test in MS has beaten the AV companies by > hours. There was a bagle variant just last week that my servers caught before the signature was out. I have some very "special" users that would have opened the gates to hell if an e-mail told them to! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From chris at tac.esi.net Mon Jun 26 19:25:10 2006 From: chris at tac.esi.net (Chris Hammond) Date: Mon Jun 26 19:25:21 2006 Subject: Users of RBL's Message-ID: <449FEE70.B662.0038.0@tac.esi.net> I have been looking at caching RBL lookups. I have found how to's on rsyncing a copy of the RBL to a local machine but I am wondering if it is possible to just cache the lookups and not have to rsync a copy to a local machine? Thanks Chris From ssilva at sgvwater.com Mon Jun 26 19:55:45 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jun 26 19:56:39 2006 Subject: Users of RBL's In-Reply-To: <449FEE70.B662.0038.0@tac.esi.net> References: <449FEE70.B662.0038.0@tac.esi.net> Message-ID: Chris Hammond spake the following on 6/26/2006 11:25 AM: > I have been looking at caching RBL lookups. I have found how to's on rsyncing a copy of the RBL to a local machine > but I am wondering if it is possible to just cache the lookups and not have to rsync a copy to a local machine? > > Thanks > Chris > Running a caching nameserver should do just that. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mkettler at evi-inc.com Mon Jun 26 19:58:52 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Jun 26 19:59:00 2006 Subject: Users of RBL's In-Reply-To: <449FEE70.B662.0038.0@tac.esi.net> References: <449FEE70.B662.0038.0@tac.esi.net> Message-ID: <44A02E6C.7090707@evi-inc.com> Chris Hammond wrote: > I have been looking at caching RBL lookups. I have found how to's on rsyncing a copy of the RBL to a local machine > but I am wondering if it is possible to just cache the lookups and not have to rsync a copy to a local machine? Yes.. just use any ordinary DNS server package to do that.. Configure it as a resolver (or forwarding resolver, your choice) and set your MailScanner box to use it as it's DNS server in resolv.conf. DNS servers by design inherently cache answers to queries they've made. From rob at thehostmasters.com Mon Jun 26 21:09:29 2006 From: rob at thehostmasters.com (Rob Morin) Date: Mon Jun 26 21:09:36 2006 Subject: Users of RBL's In-Reply-To: <449FEE70.B662.0038.0@tac.esi.net> References: <449FEE70.B662.0038.0@tac.esi.net> Message-ID: <44A03EF9.20805@thehostmasters.com> Can you point out a "how to" for me to use? Thanks... Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Chris Hammond wrote: > I have been looking at caching RBL lookups. I have found how to's on rsyncing a copy of the RBL to a local machine > but I am wondering if it is possible to just cache the lookups and not have to rsync a copy to a local machine? > > Thanks > Chris > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From mkettler at evi-inc.com Mon Jun 26 21:29:01 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Jun 26 21:29:12 2006 Subject: Users of RBL's In-Reply-To: <44A03EF9.20805@thehostmasters.com> References: <449FEE70.B662.0038.0@tac.esi.net> <44A03EF9.20805@thehostmasters.com> Message-ID: <44A0438D.5040004@evi-inc.com> Rob Morin wrote: > Can you point out a "how to" for me to use? > > Thanks... http://www.google.com/search?hl=en&lr=&q=RBL+rsync+mirror+howto&btnG=Search From glenn.steen at gmail.com Mon Jun 26 21:39:41 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 26 21:39:44 2006 Subject: Users of RBL's In-Reply-To: <44A03EF9.20805@thehostmasters.com> References: <449FEE70.B662.0038.0@tac.esi.net> <44A03EF9.20805@thehostmasters.com> Message-ID: <223f97700606261339u7e543405p19dd2ba52ec75289@mail.gmail.com> On 26/06/06, Rob Morin wrote: > Can you point out a "how to" for me to use? > > Thanks... > Quoting the MAQ: "Use a local DNS caching nameserver (On RedHat, you can usually just install the package named caching-nameserver and change your /etc/resolv.conf file accordingly (use 127.0.0.1 as primary DNS server)." Or use Dahwals suggestions in http://wiki.mailscanner.info/doku.php?id=documentation:related_software:caching_nameserver:djbdns -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From chris at tac.esi.net Mon Jun 26 21:46:45 2006 From: chris at tac.esi.net (Chris Hammond) Date: Mon Jun 26 21:46:55 2006 Subject: Users of RBL's In-Reply-To: References: <449FEE70.B662.0038.0@tac.esi.net> Message-ID: <44A00F9F.B662.0038.0@tac.esi.net> I am running a caching bind server. I found rbldnsd but everything I see points to using it with local hard copies of the rbl itself that has to be rsync'd from the rbl provider. I don't understand it enough to be able to figure out if it can operate like bind in caching mode. I am looking at different areas to try and determine what where my bottleneck is. It does not appear to be memory, the machine has 1.5GB of that. The processor is an Opteron 242 (1.6Ghz) and it doesn't seem to be the issue. The system is running a caching bind server. I also have razor2, pyzor, rules_du_jour (none of the BIG nasty ones). I am having 30 message batch times of 180-280 seconds. This is a single server running everything including Mailwatch and mysql database which I have used mysqlard to try and tune. I turned on MCP over the weekend and my batch times jumped to 680+ seconds. Obviously that wasn't going to work. But now, I am looking at another possibility. Drive subsystem. The server is an HP Proliant DL145 with a pair of 80GB IDE drives software mirrored. The volume of messages being moved to the quarantince, db writes and such may just be too much for it. Is there a way to see within MailScanner a further breakdown of how long the process takes? The batch may be taking 200 seconds, but what is the breakdown of that 200 seconds? Spamassassin this long, clamav, this long, move to quarantine, logging to mysql....... Thanks Chris >>> Scott Silva 06/26/06 2:55 PM >>> Chris Hammond spake the following on 6/26/2006 11:25 AM: > I have been looking at caching RBL lookups. I have found how to's on rsyncing a copy of the RBL to a local machine > but I am wondering if it is possible to just cache the lookups and not have to rsync a copy to a local machine? > > Thanks > Chris > Running a caching nameserver should do just that. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Mon Jun 26 21:54:51 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Jun 26 21:54:59 2006 Subject: Users of RBL's In-Reply-To: <44A00F9F.B662.0038.0@tac.esi.net> References: <449FEE70.B662.0038.0@tac.esi.net> <44A00F9F.B662.0038.0@tac.esi.net> Message-ID: <44A0499B.5060500@evi-inc.com> Chris Hammond wrote: > I am running a caching bind server. I found rbldnsd but everything I see points to using it > with local hard copies of the rbl itself that has to be rsync'd from the rbl provider. Correct, that's because RBLDNSD is NOT intended to be used as a cache. It's intended to run rsynced zones. Continue using bind, or switch to a different TRUE DNS server. rbldnsd is a special-purpose application it should not be used as a cache. It's not designed to do that. From chris at tac.esi.net Mon Jun 26 22:03:01 2006 From: chris at tac.esi.net (Chris Hammond) Date: Mon Jun 26 22:03:15 2006 Subject: Users of RBL's In-Reply-To: <44A0499B.5060500@evi-inc.com> References: <449FEE70.B662.0038.0@tac.esi.net> <44A00F9F.B662.0038.0@tac.esi.net> <44A0499B.5060500@evi-inc.com> Message-ID: <44A01370.B662.0038.0@tac.esi.net> >>> Matt Kettler 06/26/06 4:54 PM >>> >Chris Hammond wrote: >> I am running a caching bind server. I found rbldnsd but everything I see points to using it >>with local hard copies of the rbl itself that has to be rsync'd from the rbl provider. >Correct, that's because RBLDNSD is NOT intended to be used as a cache. It's >intended to run rsynced zones. >Continue using bind, or switch to a different TRUE DNS server. >rbldnsd is a special- purpose application it should not be used as a cache. It's >not designed to do that. Understood. What DNS server in most recommended? Thanks Chris From mkettler at evi-inc.com Mon Jun 26 22:12:30 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Jun 26 22:12:43 2006 Subject: Users of RBL's In-Reply-To: <44A01370.B662.0038.0@tac.esi.net> References: <449FEE70.B662.0038.0@tac.esi.net> <44A00F9F.B662.0038.0@tac.esi.net> <44A0499B.5060500@evi-inc.com> <44A01370.B662.0038.0@tac.esi.net> Message-ID: <44A04DBE.7020807@evi-inc.com> Chris Hammond wrote: > > Understood. What DNS server in most recommended? Well, your choices are bind, djbdns, and microsoft. I'm assuming you're using a unix box, so Microsoft is out. I'd also not call DNS Microsoft's strong suit even if you have it arround. (heck, given the state of NDIS 2-5, I wouldn't call anything network-oriented their strong suite). Since djbdns splits resolving and authoritative servers into two separate tools it might be a bit lighter weight than bind if you're running cache/forward only. However, as long as you're not splitting hairs on the edge of system collapse due to overload either should work fine. From chris at tac.esi.net Mon Jun 26 22:19:55 2006 From: chris at tac.esi.net (Chris Hammond) Date: Mon Jun 26 22:20:06 2006 Subject: Users of RBL's In-Reply-To: <44A04DBE.7020807@evi-inc.com> References: <449FEE70.B662.0038.0@tac.esi.net> <44A00F9F.B662.0038.0@tac.esi.net> <44A0499B.5060500@evi-inc.com> <44A01370.B662.0038.0@tac.esi.net><44A01370.B662.0038.0@tac.esi.net> <44A04DBE.7020807@evi-inc.com> Message-ID: <44A01766.B662.0038.0@tac.esi.net> >>> Matt Kettler 06/26/06 5:12 PM >>> >>Chris Hammond wrote: >> >> Understood. What DNS server in most recommended? >Well, your choices are bind, djbdns, and microsoft. >I'm assuming you're using a unix box, so Microsoft is out. I'd also not call DNS >Microsoft's strong suit even if you have it arround. (heck, given the state of >NDIS 2- 5, I wouldn't call anything network- oriented their strong suite). >Since djbdns splits resolving and authoritative servers into two separate tools >it might be a bit lighter weight than bind if you're running cache/forward only. >However, as long as you're not splitting hairs on the edge of system collapse >due to overload either should work fine. Ok, I am going to move to a later version of bind than what comes with CentOS 4 which is 9.2.4 and will see if the newer version performs better. I have read alot of people complaining about binds speed. Thanks Chris From glenn.steen at gmail.com Mon Jun 26 22:54:03 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 26 22:54:08 2006 Subject: Users of RBL's In-Reply-To: <44A01766.B662.0038.0@tac.esi.net> References: <449FEE70.B662.0038.0@tac.esi.net> <44A00F9F.B662.0038.0@tac.esi.net> <44A0499B.5060500@evi-inc.com> <44A01370.B662.0038.0@tac.esi.net> <44A04DBE.7020807@evi-inc.com> <44A01766.B662.0038.0@tac.esi.net> Message-ID: <223f97700606261454m4b42b47bl83d82b76bc2594d1@mail.gmail.com> On 26/06/06, Chris Hammond wrote: > >>> Matt Kettler 06/26/06 5:12 PM >>> > >>Chris Hammond wrote: > > >> > >> Understood. What DNS server in most recommended? > > >Well, your choices are bind, djbdns, and microsoft. > > >I'm assuming you're using a unix box, so Microsoft is out. I'd also not call DNS > >Microsoft's strong suit even if you have it arround. (heck, given the state of > >NDIS 2- 5, I wouldn't call anything network- oriented their strong suite). > > >Since djbdns splits resolving and authoritative servers into two separate tools > >it might be a bit lighter weight than bind if you're running cache/forward only. > > >However, as long as you're not splitting hairs on the edge of system collapse > >due to overload either should work fine. > > Ok, I am going to move to a later version of bind than what comes with CentOS > 4 which is 9.2.4 and will see if the newer version performs better. I have read > alot of people complaining about binds speed. > > Thanks > Chris > 'If you feel like it, why not look at some of the alternatives here: http://www.dns.net/dnsrd/servers/unix.html ... Just a tad more choice:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mkettler at evi-inc.com Mon Jun 26 23:18:11 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Jun 26 23:18:20 2006 Subject: Users of RBL's In-Reply-To: <44A01766.B662.0038.0@tac.esi.net> References: <449FEE70.B662.0038.0@tac.esi.net> <44A00F9F.B662.0038.0@tac.esi.net> <44A0499B.5060500@evi-inc.com> <44A01370.B662.0038.0@tac.esi.net><44A01370.B662.0038.0@tac.esi.net> <44A04DBE.7020807@evi-inc.com> <44A01766.B662.0038.0@tac.esi.net> Message-ID: <44A05D23.8050108@evi-inc.com> Chris Hammond wrote: > Ok, I am going to move to a later version of bind than what comes with CentOS > 4 which is 9.2.4 and will see if the newer version performs better. I have read > alot of people complaining about binds speed. Fair enough, but be sure the complaints that bind is slower than product X fall under the kind of usage you're doing. Rbldnsd clearly blows the doors of bind or tinydns (djbdns's authoritative server) when you're mirroring RBL zones.. rbldnsd is designed to optimize this kind of operation. It takes a lot of short-cuts a general purpose dns server can't. But that's OK, because rbldnsd is not a regular DNS server. Some old comparisons (2003): http://www.ripe-ncc.org/ripe/meetings/ripe-44/presentations/ripe44-dns-dnscomp.pdf Showed that tinydns was faster than bind for authoritative servers. However, bind was clearly quite substantially faster for resolving/caching when compared with dnscache (djbdns's resolving/caching server). Of course, there's the old adage, there's lies, damn lies, and benchmarks. Not to mention those benchmarks are old. There's plenty out there with results to the contrary: http://groups.google.com/group/comp.protocols.dns.bind/msg/f11b30ab4b3d29ae?hl=en& I'd run my own tests which are as close to the actual intended use as possible. From nick.smith67 at googlemail.com Mon Jun 26 23:29:07 2006 From: nick.smith67 at googlemail.com (Nick Smith) Date: Mon Jun 26 23:29:08 2006 Subject: SA - Disabling network tests after failures Message-ID: Hi, After a few SpamAssassin timeouts, MS is supposed to cause SA to be called without RBL tests (and implicitly all other network-based tests). It does this (in SA.pm) by setting SA's local_tests_only option to 1 thus: $MailScanner::SA::SAspamtest->{conf}->{local_tests_only} = 1; Question - is this right? As far as I can tell, the Mail::Spamassassin object doesn't have a structure named "conf", and local_tests_only is defined as a top level option: $MailScanner::SA::SAspamtest->{local_tests_only} = 1; Further question on a related subject after reading about SpamAssassin bug #4165: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4165 If I understand this correctly, "network tests disabled" state can only truly be achieved by setting the local_tests_only option referred to above. It is not enough to disable all network tests one by one and expect SA to figure it out In practical terms, this means that score sets 2 and 0 (network tests disabled, with and without bayes respectively) are unavailable in a MailScanner environment, and that SA will always therefore use score set 3 or 1 depending upon whether bayes is in use and available or not The local_tests_only option isn't something which can be set in an SA configuration file, it is expected that the calling entity uses the API to set the option if required Can I request a new MailScanner configuration option "SpamAssassin Network Tests" set to yes/no (default yes). In an environment with no access to the likes of Razor/DCC/Pyzor and with no external DNS, you would set this option to "no" - causing SA to be called with the local_tests_only option, thereby giving access to the "no network" score sets 0 and 2 Thanks Nick From ka at pacific.net Mon Jun 26 23:29:51 2006 From: ka at pacific.net (Ken A) Date: Mon Jun 26 23:29:32 2006 Subject: Users of RBL's In-Reply-To: <44A00F9F.B662.0038.0@tac.esi.net> References: <449FEE70.B662.0038.0@tac.esi.net> <44A00F9F.B662.0038.0@tac.esi.net> Message-ID: <44A05FDF.6050203@pacific.net> Chris Hammond wrote: > I am running a caching bind server. I found rbldnsd but everything I see points to using it > with local hard copies of the rbl itself that has to be rsync'd from the rbl provider. I don't > understand it enough to be able to figure out if it can operate like bind in caching mode. > I am looking at different areas to try and determine what where my bottleneck is. > > It does not appear to be memory, the machine has 1.5GB of that. what does 'free' say about swap in use. 1.5gb may not be enough, depending on how many child processes of MailScanner you are running, and how much ram everything else you have going uses. The processor is an Opteron > 242 (1.6Ghz) and it doesn't seem to be the issue. The system is running a caching bind server. > I also have razor2, pyzor, rules_du_jour (none of the BIG nasty ones). I am having 30 message > batch times of 180-280 seconds. This is a single server running everything including Mailwatch > and mysql database which I have used mysqlard to try and tune. I turned on MCP over the weekend > and my batch times jumped to 680+ seconds. Obviously that wasn't going to work. But now, I > am looking at another possibility. Drive subsystem. The server is an HP Proliant DL145 with a > pair of 80GB IDE drives software mirrored. On different controllers, or the same? What does 'vmstat 2' say? How about 'iostat -x' ? If you don't have it, 'yum install sysstat' Sounds like you may just be asking too much of the hardware. Ken Pacific.Net > > The volume of messages being moved to the quarantince, db writes and such may just be too > much for it. Is there a way to see within MailScanner a further breakdown of how long the process > takes? The batch may be taking 200 seconds, but what is the breakdown of that 200 seconds? > Spamassassin this long, clamav, this long, move to quarantine, logging to mysql....... > > Thanks > Chris > > > >>>> Scott Silva 06/26/06 2:55 PM >>> > Chris Hammond spake the following on 6/26/2006 11:25 AM: >> I have been looking at caching RBL lookups. I have found how to's on rsyncing a copy of the RBL to a local machine >> but I am wondering if it is possible to just cache the lookups and not have to rsync a copy to a local machine? >> >> Thanks >> Chris >> > Running a caching nameserver should do just that. > > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > From chris at tac.esi.net Tue Jun 27 03:09:46 2006 From: chris at tac.esi.net (Chris Hammond) Date: Tue Jun 27 03:05:33 2006 Subject: Users of RBL's In-Reply-To: <223f97700606261454m4b4 References: <449FEE70.B662.0038.0@tac.esi.net> <44A00F9F.B662.0038.0@tac.esi.net> <44A0499B.5060500@evi-inc.com> <44A01370.B662.0038.0@tac.esi.net> <44A04DBE.7020807@evi-inc.com> <44A01766.B662.0038.0@tac.esi.net> <223f97700606261454m4b4 Message-ID: <44A05B2A.B662.0038.0@tac.esi.net> I looked at the site and think I will stick with bind for now but keep my options open. Thanks Chris >>> "Glenn Steen" 06/26/06 5:54 PM >>> On 26/06/06, Chris Hammond wrote: > >>> Matt Kettler 06/26/06 5:12 PM >>> > >>Chris Hammond wrote: > > >> > >> Understood. What DNS server in most recommended? > > >Well, your choices are bind, djbdns, and microsoft. > > >I'm assuming you're using a unix box, so Microsoft is out. I'd also not call DNS > >Microsoft's strong suit even if you have it arround. (heck, given the state of > >NDIS 2- 5, I wouldn't call anything network- oriented their strong suite). > > >Since djbdns splits resolving and authoritative servers into two separate tools > >it might be a bit lighter weight than bind if you're running cache/forward only. > > >However, as long as you're not splitting hairs on the edge of system collapse > >due to overload either should work fine. > > Ok, I am going to move to a later version of bind than what comes with CentOS > 4 which is 9.2.4 and will see if the newer version performs better. I have read > alot of people complaining about binds speed. > > Thanks > Chris > 'If you feel like it, why not look at some of the alternatives here: http://www.dns.net/dnsrd/servers/unix.html ... Just a tad more choice:- ) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From chris at tac.esi.net Tue Jun 27 03:12:26 2006 From: chris at tac.esi.net (Chris Hammond) Date: Tue Jun 27 03:08:07 2006 Subject: Users of RBL's In-Reply-To: <44A01766.B662.0038.0@ta References: <449FEE70.B662.0038.0@tac.esi.net> <44A00F9F.B662.0038.0@tac.esi.net> <44A0499B.5060500@evi-inc.com> <44A01370.B662.0038.0@tac.esi.net><44A01370.B662.0038.0@tac.esi.net> <44A04DBE.7020807@evi-inc.com> <44A01766.B662.0038.0@ta Message-ID: <44A05BCA.B662.0038.0@tac.esi.net> Point well taken and agree 100%. I will try different configs and see what works best. Thanks Chris >>> Matt Kettler 06/26/06 6:18 PM >>> Chris Hammond wrote: > Ok, I am going to move to a later version of bind than what comes with CentOS > 4 which is 9.2.4 and will see if the newer version performs better. I have read > alot of people complaining about binds speed. Fair enough, but be sure the complaints that bind is slower than product X fall under the kind of usage you're doing. Rbldnsd clearly blows the doors of bind or tinydns (djbdns's authoritative server) when you're mirroring RBL zones.. rbldnsd is designed to optimize this kind of operation. It takes a lot of short- cuts a general purpose dns server can't. But that's OK, because rbldnsd is not a regular DNS server. Some old comparisons (2003): http://www.ripe- ncc.org/ripe/meetings/ripe- 44/presentations/ripe44- dns- dnscomp.pdf Showed that tinydns was faster than bind for authoritative servers. However, bind was clearly quite substantially faster for resolving/caching when compared with dnscache (djbdns's resolving/caching server). Of course, there's the old adage, there's lies, damn lies, and benchmarks. Not to mention those benchmarks are old. There's plenty out there with results to the contrary: http://groups.google.com/group/comp.protocols.dns.bind/msg/f11b30ab4b3d29ae?hl=en& I'd run my own tests which are as close to the actual intended use as possible. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From chris at tac.esi.net Tue Jun 27 03:29:00 2006 From: chris at tac.esi.net (Chris Hammond) Date: Tue Jun 27 03:24:43 2006 Subject: Users of RBL's In-Reply-To: <44A05FDF.6050203@pacific.net> References: <449FEE70.B662.0038.0@tac.esi.net> <44A00F9F.B662.0038.0@tac.esi.net> <44A05FDF.6050203@pacific.net> Message-ID: <44A05FAC.B662.0038.0@tac.esi.net> >>> Ken A 06/26/06 6:29 PM >>> >>Chris Hammond wrote: >> I am running a caching bind server. I found rbldnsd but everything I see points to using it >> with local hard copies of the rbl itself that has to be rsync'd from the rbl provider. I don't >> understand it enough to be able to figure out if it can operate like bind in caching mode. >> I am looking at different areas to try and determine what where my bottleneck is. >> >> It does not appear to be memory, the machine has 1.5GB of that. >what does 'free' say about swap in use. 1.5gb may not be enough, >depending on how many child processes of MailScanner you are running, >and how much ram everything else you have going uses. Just for giggles, I turned off the swap partitions 2 days ago and here is what free reports. total used free shared buffers cached Mem: 3116372 2908432 207940 0 398888 1513984 -/+ buffers/cache: 995560 2120812 Swap: 0 0 0 I am using the standard 5 child processes recommended per processor and have only one processor. The processor is an Opteron > 242 (1.6Ghz) and it doesn't seem to be the issue. The system is running a caching bind server. > I also have razor2, pyzor, rules_du_jour (none of the BIG nasty ones). I am having 30 message > batch times of 180- 280 seconds. This is a single server running everything including Mailwatch > and mysql database which I have used mysqlard to try and tune. I turned on MCP over the weekend > and my batch times jumped to 680+ seconds. Obviously that wasn't going to work. But now, I > am looking at another possibility. Drive subsystem. The server is an HP Proliant DL145 with a > pair of 80GB IDE drives software mirrored. >On different controllers, or the same? Different controllers, hda and hdc >What does 'vmstat 2' say? procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu---- r b swpd free buff cache si so bi bo in cs us sy id wa 0 0 0 296436 399156 1482420 0 0 36 102 84 96 69 11 20 1 1 0 0 256620 399160 1482440 0 0 0 64 1086 190 23 8 70 0 1 0 0 207476 399180 1495972 0 0 4 222 1194 309 55 11 31 4 2 0 0 196692 399188 1482736 0 0 0 5444 1144 230 90 10 0 0 3 0 0 179620 399188 1482740 0 0 0 70 1115 328 90 10 0 0 3 0 0 249796 399196 1493560 0 0 0 0 1114 232 87 13 0 0 2 1 0 224188 399196 1493340 0 0 0 5386 1124 184 92 8 0 0 4 0 0 241092 399204 1483324 0 0 30 324 1477 790 79 21 0 1 3 0 0 189948 399208 1494032 0 0 0 344 1134 211 84 17 0 0 >How about 'iostat - x' ? Device: rrqm/s wrqm/s r/s w/s rsec/s wsec/s rkB/s wkB/s avgrq-sz avgqu-sz await svctm %util hda 0.38 339.96 1.23 13.97 35.02 2836.38 17.51 1418.19 189.00 1.13 74.27 3.70 5.62 hdc 0.70 339.97 1.22 13.96 36.53 2836.38 18.26 1418.19 189.19 1.15 75.33 3.73 5.67 md0 0.00 0.00 0.92 0.00 1.84 0.00 0.92 0.00 2.00 0.00 0.00 0.00 0.00 md1 0.00 0.00 2.61 353.35 69.69 2826.78 34.84 1413.39 8.14 0.00 0.00 0.00 0.00 >If you don't have it, 'yum install sysstat' Already there. >Sounds like you may just be asking too much of the hardware. This could very well be. Before I go asking for a new server though, I want to make sure I have my ducks in a row. When this was nothing more than a Postfix box with static rules, it handled the job just fine. But I think it may be really working for it's living. Thanks Chris From wizard at jimhermann.com Tue Jun 27 04:53:31 2006 From: wizard at jimhermann.com (Jim Hermann) Date: Tue Jun 27 04:53:36 2006 Subject: Can I use From: "/^$/" in ruleset? Message-ID: <022f01c6999d$43607d30$9801a8c0@Dual> I don't want Spamassassin to check bounce messages which have from=<> in the Envelope. The maillog shows these messages as: Jun 25 04:55:15 host sm-acceptingconnections[21609]: k5P9tEkN021609: from=<>, size=0, class=0, nrcpts=1, proto=SMTP, daemon=MTA, relay=sv26pub.verizon.net [206.46.252.162] Can I use From: "/^$/" in ruleset spam-scan.rules to do this? From: "/^$/" no And put this line in my MailScanner.conf Use SpamAssassin = %rules-dir%/spam-scan.rules Jim ----- Jim Hermann UUism Networks Ministering to the Needs of Online UUs Web Hosting, Email Services, Mailing Lists ----- From MailScanner at ecs.soton.ac.uk Tue Jun 27 09:17:30 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 27 09:18:03 2006 Subject: Can I use From: "/^$/" in ruleset? In-Reply-To: <022f01c6999d$43607d30$9801a8c0@Dual> References: <022f01c6999d$43607d30$9801a8c0@Dual> Message-ID: <174FC2B3-CCEB-4F76-A119-1A5846D5E9BD@ecs.soton.ac.uk> On 27 Jun 2006, at 04:53, Jim Hermann wrote: > I don't want Spamassassin to check bounce messages which have > from=<> in the > Envelope. > > The maillog shows these messages as: > > Jun 25 04:55:15 host sm-acceptingconnections[21609]: k5P9tEkN021609: > from=<>, size=0, > class=0, nrcpts=1, proto=SMTP, daemon=MTA, relay=sv26pub.verizon.net > [206.46.252.162] > > Can I use From: "/^$/" in ruleset spam-scan.rules to do this? Yes. > > From: "/^$/" no > > And put this line in my MailScanner.conf > > Use SpamAssassin = %rules-dir%/spam-scan.rules Should work fine. -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From housey at sme-ecom.co.uk Tue Jun 27 12:49:36 2006 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Tue Jun 27 12:49:51 2006 Subject: Merging 2 Bayes Databases Message-ID: Hi Ive got 2 front end Mailscanner machines and was looking at getting them to share a bayes database. Ive set up a mysql bayes and tested with both machines and it works fine. What I want to do is dump both the existing Bayes DB's into it, is it as simple as doing sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --backup > host1.txt sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --backup > host2.txt Add the entries to spam.assassin.prefs.conf to use the mysql bayes and then run sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --restore host1.txt sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --restore host2.txt I dont know if merging 2 bayes databases from 2 different machines would cause any problems? Cheers Paul From dhawal at netmagicsolutions.com Tue Jun 27 12:57:45 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue Jun 27 12:57:55 2006 Subject: Merging 2 Bayes Databases In-Reply-To: References: Message-ID: <44A11D39.9060108@netmagicsolutions.com> Paul Houselander wrote: > Hi > > Ive got 2 front end Mailscanner machines and was looking at getting them to > share a bayes database. > > Ive set up a mysql bayes and tested with both machines and it works fine. > > What I want to do is dump both the existing Bayes DB's into it, is it as > simple as doing > > sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --backup > host1.txt > sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --backup > host2.txt > > Add the entries to spam.assassin.prefs.conf to use the mysql bayes and then > run > > sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --restore host1.txt > sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --restore host2.txt > > I dont know if merging 2 bayes databases from 2 different machines would > cause any problems? This is not recommended and also not possible.. use the one which you think is better trained. A '--restore' indicates 'destroy the old one and recreate a new one', so the 2nd restore effectively wipes out the old one.. (though i could be wrong) - dhawal > Cheers > > Paul From daniel.maher at ubisoft.com Tue Jun 27 13:56:19 2006 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Tue Jun 27 13:56:24 2006 Subject: Merging 2 Bayes Databases Message-ID: <1E293D3FF63A3740B10AD5AAD88535D20226CF3C@UBIMAIL1.ubisoft.org> Hello, Merging Bayes databases is not considered good form, and is difficult (or impossible) for a very good reason, which is stated here: http://article.gmane.org/gmane.mail.spam.spamassassin.general/60376 In summary, you'll end up duplicating large amounts of tokens, thus throwing the integrity of the database into question. _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Sentio aliquos togatos contra me conspirare. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Houselander Sent: June 27, 2006 7:50 AM To: MailScanner Mailing List Subject: Merging 2 Bayes Databases Hi Ive got 2 front end Mailscanner machines and was looking at getting them to share a bayes database. Ive set up a mysql bayes and tested with both machines and it works fine. What I want to do is dump both the existing Bayes DB's into it, is it as simple as doing sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --backup > host1.txt sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --backup > host2.txt Add the entries to spam.assassin.prefs.conf to use the mysql bayes and then run sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --restore host1.txt sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --restore host2.txt I dont know if merging 2 bayes databases from 2 different machines would cause any problems? Cheers Paul -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ljosnet at gmail.com Tue Jun 27 14:26:50 2006 From: ljosnet at gmail.com (emm1) Date: Tue Jun 27 14:26:54 2006 Subject: Allowing .exe's Message-ID: <910ee2ac0606270626s47babb1cr2e41e0785231afa3@mail.gmail.com> Hello, if I allow .exe's in filename.rules.conf and filetype.rules.conf will MailScanner let viruses through or will Clamav stop them? I have a mailserver with few people who are sending small programs but MailScanner always stops them, so I am trying to find a way to let it through without opening up for viruses. Thanks! From pravin.rane at gmail.com Tue Jun 27 14:47:07 2006 From: pravin.rane at gmail.com (Pravin Rane) Date: Tue Jun 27 14:47:10 2006 Subject: Allowing .exe's In-Reply-To: <910ee2ac0606270626s47babb1cr2e41e0785231afa3@mail.gmail.com> References: <910ee2ac0606270626s47babb1cr2e41e0785231afa3@mail.gmail.com> Message-ID: <13c021a90606270647w4b04f298s92a5eb74aae9f9ad@mail.gmail.com> Infected files will be always stopped, though their extension an type is allowed in mailscanner conf. On 6/27/06, emm1 wrote: > > Hello, if I allow .exe's in filename.rules.conf and > filetype.rules.conf will MailScanner let viruses through or will > Clamav stop them? > > I have a mailserver with few people who are sending small programs but > MailScanner always stops them, so I am trying to find a way to let it > through without opening up for viruses. > > Thanks! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Regards Pravin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060627/47539c1e/attachment.html From prandal at herefordshire.gov.uk Tue Jun 27 14:56:56 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jun 27 14:58:18 2006 Subject: Allowing .exe's Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580DA84352@isabella.herefordshire.gov.uk> Known infected files, you mean. It will still let through new viruses for which your virus scanners don't yet have patterns to detect them. That may or may not be an acceptable risk. I personally think it's not. Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Pravin Rane Sent: 27 June 2006 14:47 To: MailScanner discussion Subject: Re: Allowing .exe's Infected files will be always stopped, though their extension an type is allowed in mailscanner conf. On 6/27/06, emm1 < ljosnet@gmail.com > wrote: Hello, if I allow .exe's in filename.rules.conf and filetype.rules.conf will MailScanner let viruses through or will Clamav stop them? I have a mailserver with few people who are sending small programs but MailScanner always stops them, so I am trying to find a way to let it through without opening up for viruses. Thanks! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Regards Pravin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060627/7db4ccf0/attachment.html From rajlinux at gmail.com Tue Jun 27 15:08:14 2006 From: rajlinux at gmail.com (Raj) Date: Tue Jun 27 15:08:17 2006 Subject: Allowing .exe's In-Reply-To: <910ee2ac0606270626s47babb1cr2e41e0785231afa3@mail.gmail.com> References: <910ee2ac0606270626s47babb1cr2e41e0785231afa3@mail.gmail.com> Message-ID: <912a0c6a0606270708u4f3318bcjbbcb27dad3b48aac@mail.gmail.com> see there is no harm on giving user the right to send *.exe, Your clamav can still stop them if it is infected. Read the wiki there is a block diagram which shows the 3 steps of mail scanner. 1. Spam check 2. ClamAV for virus 3,. Attachment manipulation. So if you have virus on *.exe this will stop the mails reaching the user, But hee... still it is risky , most of the viruses are *.exe file, & if your freshcalm didnt work or clamav database fails to identify any new virus , then your are @#$%^&*!@#$%^&!@#$%^&.. boy On 6/27/06, emm1 wrote: > > Hello, if I allow .exe's in filename.rules.conf and > filetype.rules.conf will MailScanner let viruses through or will > Clamav stop them? > > I have a mailserver with few people who are sending small programs but > MailScanner always stops them, so I am trying to find a way to let it > through without opening up for viruses. > > Thanks! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Regards Rajeev Sekhar ph 9822751120 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060627/cf97b8cb/attachment.html From r.curtis at ywcaelpaso.org Tue Jun 27 16:34:45 2006 From: r.curtis at ywcaelpaso.org (Curtis, Roger) Date: Tue Jun 27 16:35:57 2006 Subject: MailScanner -debug errors Message-ID: I just upgraded to the latest stable release of MailScanner trying to correct the "info:" and errors shown when using MailScanner -debug (below) but that didn't seem to fix anything. I used Julian's easy-to-use installation files. I have the appropriate loadplugin lines enabled in init.pre for all the plug-ins (dcc, pyzor, and razor2). I did not look at the Spamassassin.pm file as I have not made any changes to it so it should still be the "stock" file. What am I missing? Thanks for your help and guidance. Roger Curtis Versions: MailScanner 4.54.6 SpamAssassin 3.1.3 Postfix 2.2.2 [root@gateway rules]# MailScanner -debug In Debugging mode, not forking... [12606] dbg: logger: adding facilities: all [12606] dbg: logger: logging level is DBG [12606] dbg: generic: SpamAssassin version 3.1.3 [12606] dbg: config: score set 0 chosen. [12606] dbg: util: running in taint mode? no [12606] dbg: message: ---- MIME PARSER START ---- [12606] dbg: message: main message type: text/plain [12606] dbg: message: parsing normal part [12606] dbg: message: added part, type: text/plain [12606] dbg: message: ---- MIME PARSER END ---- [12606] dbg: dns: is Net::DNS::Resolver available? yes [12606] dbg: dns: Net::DNS version: 0.57 [12606] info: config: failed to parse line, skipping: use_dcc 0 [12606] info: config: failed to parse line, skipping: use_pyzor 0 [12606] info: config: failed to parse line, skipping: use_razor1 0 [12606] info: config: failed to parse line, skipping: use_razor2 0 [12606] info: config: failed to parse line, skipping: decode_attachments 1 [12606] dbg: logger: adding facilities: all [12606] dbg: logger: logging level is DBG [12606] dbg: generic: SpamAssassin version 3.1.3 [12606] dbg: config: score set 0 chosen. [12606] dbg: message: ---- MIME PARSER START ---- [12606] dbg: message: main message type: text/plain [12606] dbg: message: parsing normal part [12606] dbg: message: added part, type: text/plain [12606] dbg: message: ---- MIME PARSER END ---- [12606] dbg: dns: is Net::DNS::Resolver available? yes [12606] dbg: dns: Net::DNS version: 0.57 Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin.pm line 1009. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin.pm line 1011. [12606] dbg: config: read_scoreonly_config: cannot open "": No such file or directory From naolson at gmail.com Tue Jun 27 16:46:36 2006 From: naolson at gmail.com (Nathan Olson) Date: Tue Jun 27 16:46:38 2006 Subject: MailScanner -debug errors In-Reply-To: References: Message-ID: <8f54b4330606270846v79aa53b9kc66cf803269a7e9b@mail.gmail.com> Check for a v310.pre file, or similar. You appear to be using SA 3.1.3 The right SA modules are not being loaded. Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060627/12bc403c/attachment.html From ka at pacific.net Tue Jun 27 16:56:02 2006 From: ka at pacific.net (Ken A) Date: Tue Jun 27 16:55:41 2006 Subject: Users of RBL's In-Reply-To: <44A05FAC.B662.0038.0@tac.esi.net> References: <449FEE70.B662.0038.0@tac.esi.net> <44A00F9F.B662.0038.0@tac.esi.net> <44A05FDF.6050203@pacific.net> <44A05FAC.B662.0038.0@tac.esi.net> Message-ID: <44A15512.6000608@pacific.net> Chris Hammond wrote: >>>> Ken A 06/26/06 6:29 PM >>> > > >>> Chris Hammond wrote: >>> I am running a caching bind server. I found rbldnsd but everything I see points to using it >>> with local hard copies of the rbl itself that has to be rsync'd from the rbl provider. I don't >>> understand it enough to be able to figure out if it can operate like bind in caching mode. >>> I am looking at different areas to try and determine what where my bottleneck is. >>> >>> It does not appear to be memory, the machine has 1.5GB of that. > >> what does 'free' say about swap in use. 1.5gb may not be enough, >> depending on how many child processes of MailScanner you are running, >> and how much ram everything else you have going uses. > > Just for giggles, I turned off the swap partitions 2 days ago and here is what free reports. > > total used free shared buffers cached > Mem: 3116372 2908432 207940 0 398888 1513984 > -/+ buffers/cache: 995560 2120812 > Swap: 0 0 0 > > I am using the standard 5 child processes recommended per processor and have only one processor. > > The processor is an Opteron >> 242 (1.6Ghz) and it doesn't seem to be the issue. The system is running a caching bind server. >> I also have razor2, pyzor, rules_du_jour (none of the BIG nasty ones). I am having 30 message >> batch times of 180- 280 seconds. This is a single server running everything including Mailwatch >> and mysql database which I have used mysqlard to try and tune. I turned on MCP over the weekend >> and my batch times jumped to 680+ seconds. Obviously that wasn't going to work. But now, I >> am looking at another possibility. Drive subsystem. The server is an HP Proliant DL145 with a >> pair of 80GB IDE drives software mirrored. > >> On different controllers, or the same? > > Different controllers, hda and hdc > >> What does 'vmstat 2' say? > > procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu---- > r b swpd free buff cache si so bi bo in cs us sy id wa > 0 0 0 296436 399156 1482420 0 0 36 102 84 96 69 11 20 1 > 1 0 0 256620 399160 1482440 0 0 0 64 1086 190 23 8 70 0 > 1 0 0 207476 399180 1495972 0 0 4 222 1194 309 55 11 31 4 > 2 0 0 196692 399188 1482736 0 0 0 5444 1144 230 90 10 0 0 > 3 0 0 179620 399188 1482740 0 0 0 70 1115 328 90 10 0 0 > 3 0 0 249796 399196 1493560 0 0 0 0 1114 232 87 13 0 0 > 2 1 0 224188 399196 1493340 0 0 0 5386 1124 184 92 8 0 0 > 4 0 0 241092 399204 1483324 0 0 30 324 1477 790 79 21 0 1 > 3 0 0 189948 399208 1494032 0 0 0 344 1134 211 84 17 0 0 > >> How about 'iostat - x' ? > > Device: rrqm/s wrqm/s r/s w/s rsec/s wsec/s rkB/s wkB/s avgrq-sz avgqu-sz await svctm %util > hda 0.38 339.96 1.23 13.97 35.02 2836.38 17.51 1418.19 189.00 1.13 74.27 3.70 5.62 > hdc 0.70 339.97 1.22 13.96 36.53 2836.38 18.26 1418.19 189.19 1.15 75.33 3.73 5.67 > md0 0.00 0.00 0.92 0.00 1.84 0.00 0.92 0.00 2.00 0.00 0.00 0.00 0.00 > md1 0.00 0.00 2.61 353.35 69.69 2826.78 34.84 1413.39 8.14 0.00 0.00 0.00 0.00 > >> If you don't have it, 'yum install sysstat' > > Already there. > >> Sounds like you may just be asking too much of the hardware. > > This could very well be. Before I go asking for a new server though, I want to make sure I have my ducks in a row. > When this was nothing more than a Postfix box with static rules, it handled the job just fine. But I think it may > be really working for it's living. MailScanner and SpamAssassin do use a lot of resources. It looks to be cpu bound, but that's a good thing usually! Any way to upgrade that processor? To reduce CPU usage, tune/configure some software. Did you read the performance tweaks section in the mailscanner wiki? To reduce disk writes, setup syslog to log to another box, or put mysql on another box, or throw another cheap ide drive into the box and log to it, instead of the mirrored drives. Ken A. Pacific.Net > > Thanks > Chris > From housey at sme-ecom.co.uk Tue Jun 27 17:03:10 2006 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Tue Jun 27 17:03:26 2006 Subject: Merging 2 Bayes Databases In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D20226CF3C@UBIMAIL1.ubisoft.org> Message-ID: Hi Thanks for the advice on this, ive now set it up so ive only used the largest of the 2 bayes databases. The mysql server this sits on is actually seperate from the 2 MailScanner machines, my next question is what I should do with regards to expiry? At the moment I have the following set in spam.assassin.prefs.conf on both MailScanner machines bayes_auto_expire 0 and the following in MailScanner.conf Rebuild Bayes Every = 86400 Wait During Bayes Rebuild = yes Im guessing I need to disable this on both MailScanner machines and set a cron job a daily cronjob on the machine the mysql is on? 0 23 * * * /usr/bin/sa-learn --force-expire --sync -p /etc/MailScanner/spam.assassin.prefs.conf Is this correct? Cheers Paul -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Daniel Maher Sent: 27 June 2006 13:56 To: MailScanner discussion Subject: RE: Merging 2 Bayes Databases Hello, Merging Bayes databases is not considered good form, and is difficult (or impossible) for a very good reason, which is stated here: http://article.gmane.org/gmane.mail.spam.spamassassin.general/60376 In summary, you'll end up duplicating large amounts of tokens, thus throwing the integrity of the database into question. _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Sentio aliquos togatos contra me conspirare. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Houselander Sent: June 27, 2006 7:50 AM To: MailScanner Mailing List Subject: Merging 2 Bayes Databases Hi Ive got 2 front end Mailscanner machines and was looking at getting them to share a bayes database. Ive set up a mysql bayes and tested with both machines and it works fine. What I want to do is dump both the existing Bayes DB's into it, is it as simple as doing sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --backup > host1.txt sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --backup > host2.txt Add the entries to spam.assassin.prefs.conf to use the mysql bayes and then run sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --restore host1.txt sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --restore host2.txt I dont know if merging 2 bayes databases from 2 different machines would cause any problems? Cheers Paul -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This message has been scanned by VSL AVS 'Enterprise' From r.curtis at ywcaelpaso.org Tue Jun 27 17:15:00 2006 From: r.curtis at ywcaelpaso.org (Curtis, Roger) Date: Tue Jun 27 17:16:57 2006 Subject: MailScanner -debug errors Message-ID: Nate, The v310.pre file is there in the usual spot, /etc/mail/spamassassin, and all three loadplugin lines are uncommented to enable them. Regards, Roger Curtis Network Manager YWCA El Paso del Norte Region (915) 577-9922 ex. 302 ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Nathan Olson Sent: Tuesday, June 27, 2006 9:47 AM To: MailScanner discussion Subject: Re: MailScanner -debug errors Check for a v310.pre file, or similar. You appear to be using SA 3.1.3 The right SA modules are not being loaded. Nate From cplists at princeservices.com Tue Jun 27 17:19:09 2006 From: cplists at princeservices.com (Cameron B. Prince) Date: Tue Jun 27 17:19:21 2006 Subject: Gateway mode for Communigate Pro Message-ID: <01df01c69a05$6c482820$0201a8c0@PSLAPTOP1> Hello, I have a client who is having serious issues with spam and other illicit content coming through his mail server. I have urged him to consider MailScanner but he would prefer to continue using Communigate Pro as his staff know the system and are comfortable with it. What I am curious about is using MailScanner as a front end for Communigate Pro. I have read the MAQ section about using MailScanner in gateway mode with Exchange and Domino. Will the same configuration apply for Communigate Pro and would it be possible to point the mailertable to a virtual host on the same server? Thanks, Cameron From martinh at solid-state-logic.com Tue Jun 27 17:56:25 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Jun 27 17:56:43 2006 Subject: Gateway mode for Communigate Pro In-Reply-To: <01df01c69a05$6c482820$0201a8c0@PSLAPTOP1> Message-ID: <02b501c69a0a$a06dd1e0$3004010a@martinhlaptop> The gateway mode can be used with any MTA on the receiving end..just sit's in the dataflow and scrubs out the problem emails. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Cameron B. Prince > Sent: 27 June 2006 17:19 > To: mailscanner@lists.mailscanner.info > Subject: Gateway mode for Communigate Pro > > Hello, > > I have a client who is having serious issues with spam and other illicit > content coming through his mail server. I have urged him to consider > MailScanner but he would prefer to continue using Communigate Pro as his > staff know the system and are comfortable with it. > > What I am curious about is using MailScanner as a front end for > Communigate > Pro. I have read the MAQ section about using MailScanner in gateway mode > with Exchange and Domino. Will the same configuration apply for > Communigate > Pro and would it be possible to point the mailertable to a virtual host on > the same server? > > Thanks, > Cameron > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From daniel.maher at ubisoft.com Tue Jun 27 18:57:36 2006 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Tue Jun 27 18:57:39 2006 Subject: Merging 2 Bayes Databases Message-ID: <1E293D3FF63A3740B10AD5AAD88535D20226CF44@UBIMAIL1.ubisoft.org> That would certainly work, yes. :) _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Sentio aliquos togatos contra me conspirare. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Houselander Sent: June 27, 2006 12:03 PM To: MailScanner discussion Subject: RE: Merging 2 Bayes Databases Hi Thanks for the advice on this, ive now set it up so ive only used the largest of the 2 bayes databases. The mysql server this sits on is actually seperate from the 2 MailScanner machines, my next question is what I should do with regards to expiry? At the moment I have the following set in spam.assassin.prefs.conf on both MailScanner machines bayes_auto_expire 0 and the following in MailScanner.conf Rebuild Bayes Every = 86400 Wait During Bayes Rebuild = yes Im guessing I need to disable this on both MailScanner machines and set a cron job a daily cronjob on the machine the mysql is on? 0 23 * * * /usr/bin/sa-learn --force-expire --sync -p /etc/MailScanner/spam.assassin.prefs.conf Is this correct? Cheers Paul -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Daniel Maher Sent: 27 June 2006 13:56 To: MailScanner discussion Subject: RE: Merging 2 Bayes Databases Hello, Merging Bayes databases is not considered good form, and is difficult (or impossible) for a very good reason, which is stated here: http://article.gmane.org/gmane.mail.spam.spamassassin.general/60376 In summary, you'll end up duplicating large amounts of tokens, thus throwing the integrity of the database into question. _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Sentio aliquos togatos contra me conspirare. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Houselander Sent: June 27, 2006 7:50 AM To: MailScanner Mailing List Subject: Merging 2 Bayes Databases Hi Ive got 2 front end Mailscanner machines and was looking at getting them to share a bayes database. Ive set up a mysql bayes and tested with both machines and it works fine. What I want to do is dump both the existing Bayes DB's into it, is it as simple as doing sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --backup > host1.txt sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --backup > host2.txt Add the entries to spam.assassin.prefs.conf to use the mysql bayes and then run sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --restore host1.txt sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --restore host2.txt I dont know if merging 2 bayes databases from 2 different machines would cause any problems? Cheers Paul -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This message has been scanned by VSL AVS 'Enterprise' -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From taz at taz-mania.com Tue Jun 27 19:19:00 2006 From: taz at taz-mania.com (Dennis Willson) Date: Tue Jun 27 19:19:04 2006 Subject: Gateway mode for Communigate Pro In-Reply-To: <01df01c69a05$6c482820$0201a8c0@PSLAPTOP1> References: <01df01c69a05$6c482820$0201a8c0@PSLAPTOP1> Message-ID: <44A17694.8080507@taz-mania.com> I use two sendmail/MailScanner/SpamAssassin/ClamAV gateways in front of my Communigate Pro mail server. I really like the features and user interface on Communigate Pro... But it costs a lot for their in-house version of SpamAssassin. I find that this combination works very well. I send outbound directly from the Communigate Pro server, but the MX records point to the gateways which forward to the Communigate machine (using mailertable). I also added Milter-greylist to sendmail. Also each gateway has its own BIND server for doing the RBL lookups. Right now I'm only doing a couple of hundred thousand eMails (inbound) a day across both gateways and they are not even breaking a sweat (each one is a dual 2.8Ghz P4 Xeon machine with 1GB RAM). Hope this helps. Dennis Cameron B. Prince wrote: >Hello, > >I have a client who is having serious issues with spam and other illicit >content coming through his mail server. I have urged him to consider >MailScanner but he would prefer to continue using Communigate Pro as his >staff know the system and are comfortable with it. > >What I am curious about is using MailScanner as a front end for Communigate >Pro. I have read the MAQ section about using MailScanner in gateway mode >with Exchange and Domino. Will the same configuration apply for Communigate >Pro and would it be possible to point the mailertable to a virtual host on >the same server? > >Thanks, >Cameron > > > -- ---------------------------------- Dennis Willson mailto:taz@taz-mania.com http://www.taz-mania.com Owner / Operator, Kepnet Internet Services http://www.kepnet.com - dennisw@kepnet.com Fight Spam! Join CAUCE! == http://www.cauce.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: taz.vcf Type: text/x-vcard Size: 219 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060627/4e2b8550/taz.vcf From dhawal at netmagicsolutions.com Tue Jun 27 19:30:43 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue Jun 27 19:30:58 2006 Subject: Merging 2 Bayes Databases In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D20226CF44@UBIMAIL1.ubisoft.org> References: <1E293D3FF63A3740B10AD5AAD88535D20226CF44@UBIMAIL1.ubisoft.org> Message-ID: <44A17953.7070804@netmagicsolutions.com> Daniel Maher wrote: > That would certainly work, yes. :) Paul, You might want to read this.. http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:bayes:sql - dhawal > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Houselander > Sent: June 27, 2006 12:03 PM > To: MailScanner discussion > Subject: RE: Merging 2 Bayes Databases > > Hi > > Thanks for the advice on this, ive now set it up so ive only used the > largest of the 2 bayes databases. > > The mysql server this sits on is actually seperate from the 2 MailScanner > machines, my next question is what I should do with regards to expiry? > > At the moment I have the following set in spam.assassin.prefs.conf on both > MailScanner machines > > bayes_auto_expire 0 > > and the following in MailScanner.conf > > Rebuild Bayes Every = 86400 > Wait During Bayes Rebuild = yes > > Im guessing I need to disable this on both MailScanner machines and set a > cron job a daily cronjob on the machine the mysql is on? > > 0 23 * * * /usr/bin/sa-learn --force-expire --sync -p > /etc/MailScanner/spam.assassin.prefs.conf > > Is this correct? > > Cheers > > Paul > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Daniel > Maher > Sent: 27 June 2006 13:56 > To: MailScanner discussion > Subject: RE: Merging 2 Bayes Databases > > > Hello, > > Merging Bayes databases is not considered good form, and is difficult (or > impossible) for a very good reason, which is stated here: > > http://article.gmane.org/gmane.mail.spam.spamassassin.general/60376 > > In summary, you'll end up duplicating large amounts of tokens, thus throwing > the integrity of the database into question. > > _ > ?v? Daniel Maher > /(_)\ Administrateur Syst?me Unix > ^ ^ Unix System Administrator > > Sentio aliquos togatos contra me conspirare. > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul > Houselander > Sent: June 27, 2006 7:50 AM > To: MailScanner Mailing List > Subject: Merging 2 Bayes Databases > > Hi > > Ive got 2 front end Mailscanner machines and was looking at getting them to > share a bayes database. > > Ive set up a mysql bayes and tested with both machines and it works fine. > > What I want to do is dump both the existing Bayes DB's into it, is it as > simple as doing > > sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --backup > host1.txt > sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --backup > host2.txt > > Add the entries to spam.assassin.prefs.conf to use the mysql bayes and then > run > > sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --restore host1.txt > sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --restore host2.txt > > I dont know if merging 2 bayes databases from 2 different machines would > cause any problems? > > Cheers > > Paul > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > This message has been scanned by VSL AVS 'Enterprise' > > From mikea at mikea.ath.cx Tue Jun 27 20:16:51 2006 From: mikea at mikea.ath.cx (mikea) Date: Tue Jun 27 20:16:56 2006 Subject: Allowing .exe's In-Reply-To: <912a0c6a0606270708u4f3318bcjbbcb27dad3b48aac@mail.gmail.com>; from rajlinux@gmail.com on Tue, Jun 27, 2006 at 07:38:14PM +0530 References: <910ee2ac0606270626s47babb1cr2e41e0785231afa3@mail.gmail.com> <912a0c6a0606270708u4f3318bcjbbcb27dad3b48aac@mail.gmail.com> Message-ID: <20060627141651.G8268@mikea.ath.cx> On Tue, Jun 27, 2006 at 07:38:14PM +0530, Raj wrote: > see there is no harm on giving user the right to send *.exe, Your clamav can > still stop them if it is infected. Read the wiki there is a block diagram > which shows the 3 steps of mail scanner. > 1. Spam check > 2. ClamAV for virus > 3,. Attachment manipulation. > > So if you have virus on *.exe this will stop the mails reaching the user, > > But hee... still it is risky , most of the viruses are *.exe file, & if your > freshcalm didnt work or clamav database fails to identify any new virus , > then your are @#$%^&*!@#$%^&!@#$%^&.. boy Just so, and that's not a risk _I_ will take. If a vendor wants one of our people to try a new version of a program, then the vendor gets it to us on CD through the mails, or brings it to us, or puts it up on the vendor's own website with MD5 signature and other authentications. Neither do we allow users to _send_ .exe files, in case one of the machines gets infected. I block _ALL_ executables on the outbound MailScanner box as well. AV tools are only useful _after_ the infection is analy[sz]ed and the signature(s) are made available. Since I update ClamAV every two hours, that means that there's a 1-hour window, on the average, between the ClamAV folks updating their signature files and my inbound mailfilter seeing them. That's in addition to the lag between the malware first appearing in the wild and the ClamAV folks getting their analysis done and signature files build. Too much risk; not enough benefit, and better (i.e., more trustworthy) ways exist to distribute trustworthy executables. But this is tangential to MS itself, and probably should stop here. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From bradadf at gmail.com Tue Jun 27 23:04:16 2006 From: bradadf at gmail.com (Brad Irwin) Date: Tue Jun 27 23:04:19 2006 Subject: Not Logging on OS X Message-ID: <821c5410606271504q7365a046j4e9bd2777ccc50ea@mail.gmail.com> I am running MailScanner 4.54.6 on Mac OS X 10.4 with Postfix 2.2.10. MailScanner is not logging to my /var/log/mail.log. When I turn debug on I get the following error... ps: illegal option -- f usage: ps [-aACcehjlmMrSTuvwx] [-O|o fmt] [-p pid] [-t tty] [-U user] ps [-L] Starting MailScanner... In Debugging mode, not forking... no connection to syslog available - _PATH_LOG not available in syslog.h at /opt/MailScanner/lib/MailScanner/Log.pm line 143 My mailscanner.conf file has Syslog Facility = mail -- Brad Irwin From chris at tac.esi.net Tue Jun 27 23:26:24 2006 From: chris at tac.esi.net (Chris Hammond) Date: Tue Jun 27 23:22:00 2006 Subject: Users of RBL's In-Reply-To: <44A15512.6000608@pacific.net> References: <449FEE70.B662.0038.0@tac.esi.net> <44A00F9F.B662.0038.0@tac.esi.net> <44A05FDF.6050203@pacific.net> <44A05FAC.B662.0038.0@tac.esi.net><44A05FAC.B662.0038.0@tac.esi.net> <44A15512.6000608@pacific.net> Message-ID: <44A1784F.B662.0038.0@tac.esi.net> >>> Sounds like you may just be asking too much of the hardware. >> >> This could very well be. Before I go asking for a new server though, I want to make sure I have my ducks in a row. >> When this was nothing more than a Postfix box with static rules, it handled the job just fine. But I think it may >> be really working for it's living. > >MailScanner and SpamAssassin do use a lot of resources. It looks to be >cpu bound, but that's a good thing usually! Any way to upgrade that >processor? To reduce CPU usage, tune/configure some software. Did you >read the performance tweaks section in the mailscanner wiki? To reduce >disk writes, setup syslog to log to another box, or put mysql on another >box, or throw another cheap ide drive into the box and log to it, >instead of the mirrored drives. I was beginning to feel the same way. The DL-145 is a dual processor capable box so I will see about adding a second processor to it. I did go through the tweaks section on the wiki. My next thought was moving MySQL to another machine. There is no more room for another drive so that is not an option unfortunately. I am going to move the MySQL server to another box tonight and see what that gains me. Thanks Chris From andy at tireswing.net Wed Jun 28 00:04:03 2006 From: andy at tireswing.net (Andy Norris) Date: Wed Jun 28 00:04:31 2006 Subject: MS Outlook "outbind" phishing detection Message-ID: <6.2.3.4.2.20060627175514.0405b550@mail.finedaycoming.com> Hi, I tried my hardest to find the answer on my own... I have a customer who sent me a message a bit ago unhappy that their outbound mail to a customer of theirs had the warning phishing message at the bottom of their email because Outlook put in "outbind://....". What to do? Is there a way to tweak the phishing rules to allow any url that starts with "outbind://"? Running MailScanner v 4.54.6-1 and SendMail v 8.12.11. Thanks in advance for any help, Andy Norris From cplists at princeservices.com Wed Jun 28 02:07:03 2006 From: cplists at princeservices.com (Cameron B. Prince) Date: Wed Jun 28 02:07:13 2006 Subject: Gateway mode for Communigate Pro In-Reply-To: <44A17694.8080507@taz-mania.com> Message-ID: <000001c69a4f$2b09bc30$0201a8c0@PSLAPTOP1> Hi Dennis, Thanks for your reply. I forwarded it to my client for his review. I am sure he will be pleased to know that someone else is already using a similar setup. My client doesn't have nearly the volume you are talking about. We have just ordered a new Dell dual 3GHz server with 4GB RAM and RAID 5. With this setup, do you think it's reasonable to expect both MailScanner and Communigate Pro to be able to run on this same server simultaneously? The other real concern I have about this is that MailScanner will be scanning *EVERY* piece of mail coming through the system. Whereas with my other MailScanner setups, probably 80% of the mail bounces due to invalid usernames. I guess this will just be the trade off to do this. Thanks again, Cameron > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Dennis Willson > Sent: Tuesday, June 27, 2006 1:19 PM > To: MailScanner discussion > Subject: Re: Gateway mode for Communigate Pro > > I use two sendmail/MailScanner/SpamAssassin/ClamAV gateways in front of > my Communigate Pro mail server. I really like the features and user > interface on Communigate Pro... But it costs a lot for their in-house > version of SpamAssassin. I find that this combination works very well. > I send outbound directly from the Communigate Pro server, but the MX > records point to the gateways which forward to the Communigate machine > (using mailertable). I also added Milter-greylist to sendmail. Also each > gateway has its own BIND server for doing the RBL lookups. Right now I'm > only doing a couple of hundred thousand eMails (inbound) a day across > both gateways and they are not even breaking a sweat (each one is a dual > 2.8Ghz P4 Xeon machine with 1GB RAM). > > Hope this helps. > Dennis > > Cameron B. Prince wrote: > > >Hello, > > > >I have a client who is having serious issues with spam and other illicit > >content coming through his mail server. I have urged him to consider > >MailScanner but he would prefer to continue using Communigate Pro as his > >staff know the system and are comfortable with it. > > > >What I am curious about is using MailScanner as a front end for > Communigate > >Pro. I have read the MAQ section about using MailScanner in gateway mode > >with Exchange and Domino. Will the same configuration apply for > Communigate > >Pro and would it be possible to point the mailertable to a virtual host > on > >the same server? > > > >Thanks, > >Cameron > > > > > > > > -- > > ---------------------------------- > Dennis Willson > mailto:taz@taz-mania.com > http://www.taz-mania.com > > Owner / Operator, Kepnet Internet Services > http://www.kepnet.com - dennisw@kepnet.com > > Fight Spam! Join CAUCE! == http://www.cauce.org/ From nats at sscrmnl.edu.ph Wed Jun 28 02:19:47 2006 From: nats at sscrmnl.edu.ph (Jose Nathaniel G. Nengasca) Date: Wed Jun 28 02:21:12 2006 Subject: Gateway mode for Communigate Pro In-Reply-To: <01df01c69a05$6c482820$0201a8c0@PSLAPTOP1> References: <01df01c69a05$6c482820$0201a8c0@PSLAPTOP1> Message-ID: <44A1D933.7090108@sscrmnl.edu.ph> Cameron B. Prince wrote: > Hello, > > I have a client who is having serious issues with spam and other illicit > content coming through his mail server. I have urged him to consider > MailScanner but he would prefer to continue using Communigate Pro as his > staff know the system and are comfortable with it. > > What I am curious about is using MailScanner as a front end for Communigate > Pro. I have read the MAQ section about using MailScanner in gateway mode > with Exchange and Domino. Will the same configuration apply for Communigate > Pro and would it be possible to point the mailertable to a virtual host on > the same server? > > Thanks, > Cameron > > Theres one thing you can do for it, take out communigate pro and replace it a linux with mailscanner installed, and put communigate somewhere along the network, make changes on the mailertable, that will point it to your communigate and added to that you change your dns settings on MX that point to your mailscanner box, that way all email will automatically drop to your mailscanner box then forward it to communigate pro. hope that it shed some light on your problem. just a thought from a lousy network admin.... -- All messages that are coming from this domain is certified to be virus and spam free. If ever you have received any virus infected content or spam, please report it to the internet administrator of this domain nats@sscrmnl.edu.ph From jrudd at ucsc.edu Wed Jun 28 03:00:18 2006 From: jrudd at ucsc.edu (John Rudd) Date: Wed Jun 28 03:00:46 2006 Subject: Gateway mode for Communigate Pro In-Reply-To: <01df01c69a05$6c482820$0201a8c0@PSLAPTOP1> References: <01df01c69a05$6c482820$0201a8c0@PSLAPTOP1> Message-ID: <7f1694f044791b9ffa7aa1235705b4cc@ucsc.edu> Why not use CommuniGate Pro's existing anti-virus and anti-spam plugins? With the new version of CGP, you can even do these checks during the SMTP session. For free plugins: CGPAV works with multiple virus scanners (including ClamAV). CGPSA does Spam Assassin For pay: CommuniGate's page gives 2 commercial AntiSpam plugins (Cloudmark and one other), and 3 or 4 AntiVirus plugins (Sophos, Kaspersky, McAfee, and I think one other). For attachment blocking, there's a plugin that adds a header for attachment names in the message, and then you can write CGP server rules to reject, discard, etc. messages depending upon what that header contains. (I also used to have some scripts that allowed you to use MailScanner with CGP directly, but they never got integrated into MailScanner, and I don't support them anymore ... but some other people on the list might still have copies of them running) As for your concern about scanning _every_ piece of mail that comes through the system, it's trivial to set up CGP to exempt different messages from scanning (whether you're using my MailScanner integration, or the other plugins). For example, you can exempt if the message was submitted via SMTP-AUTH, from a trusted IP address, if it's smaller than a certain size, if the time is between 1am and 1:05am, etc. The rules are pretty comprehensive and flexible (though, they don't yet do full regular expression matching, just * wildcarding, so it's not quite as good as procmail's rule structure). Running it directly on the CGP system means you don't have the problem invalid usernames. But if you still want to run it on a separate machine, you could always use milter-ahead on your MailScanner box to be sure the username is valid on the end system. (if you want to have 2 CGP systems, one for scanning and one for direct user use, CGP can do something like milter-ahead as well, so you'd set that up on the scanning system) Unlike what someone else suggested ... if your client wants to keep running CGP, I wouldn't try to pull that out from under them. Feel free to ask me questions off-list. John On Jun 27, 2006, at 9:19 AM, Cameron B. Prince wrote: > Hello, > > I have a client who is having serious issues with spam and other > illicit > content coming through his mail server. I have urged him to consider > MailScanner but he would prefer to continue using Communigate Pro as > his > staff know the system and are comfortable with it. > > What I am curious about is using MailScanner as a front end for > Communigate > Pro. I have read the MAQ section about using MailScanner in gateway > mode > with Exchange and Domino. Will the same configuration apply for > Communigate > Pro and would it be possible to point the mailertable to a virtual > host on > the same server? > > Thanks, > Cameron > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From tchamtieh at nayzak.com Wed Jun 28 04:05:59 2006 From: tchamtieh at nayzak.com (Thomas Chamtieh) Date: Wed Jun 28 04:05:23 2006 Subject: MS Outlook "outbind" phishing detection Message-ID: <9EF54EC4D23F874F9034C2A245622AC506E832@ad.hosting.farm> Hi Andy, You can just turn out the highlighting of Phishing Fraud in MailScanner.conf Highlight Phishing Fraud = no -Thomas > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Andy Norris > Sent: Tuesday, June 27, 2006 4:04 PM > To: mailscanner@lists.mailscanner.info > Subject: MS Outlook "outbind" phishing detection > > > Hi, > > I tried my hardest to find the answer on my own... > > I have a customer who sent me a message a bit ago unhappy > that their outbound mail to a customer of theirs had the > warning phishing message at the bottom of their email because > Outlook put in "outbind://....". > > What to do? Is there a way to tweak the phishing rules to > allow any url that starts with "outbind://"? > > Running MailScanner v 4.54.6-1 and SendMail v 8.12.11. > > Thanks in advance for any help, > > Andy Norris > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From yin288 at gmail.com Wed Jun 28 05:19:28 2006 From: yin288 at gmail.com (Gong Chaoyin) Date: Wed Jun 28 05:19:33 2006 Subject: It is a bug? Report: MailScanner: Could not analyze message Message-ID: <15ee4f850606272119y9025d2ds9fc7d227b95312@mail.gmail.com> *the log:* Subject: Other Bad Content Detected The following e-mails were found to have: Other Bad Content Detected Sender: oaouiyauaaeyyiyaaoio@xxxxxxx.net IP Address: 84.172.248.182 Recipient: davidloh@yyyyyyyy.com, gloriangai@yyyyyyyy.com, Subject: FW:I heard that ... MessageID: 1FvQBh-0003U7-GS Quarantine: /var/spool/MailScanner/quarantine/20060628/1FvQBh-0003U7-GS Report: MailScanner: Could not analyze message *the message in /var/spool/MailScanner/quarantine/20060628/1FvQBh-0003U7-GS: * This is a multi-part message in MIME format. ------=_NextPart_000_0008_01C6835A.A8FE6F20 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0009_01C6835A.A8FE6F20" ------=_NextPart_001_0009_01C6835A.A8FE6F20 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable or complete and rain weight if flower. is tin to school red are rule. is lead to right company if comparison. but form else history automatic too frequent. or crack and plough wind but cake. ! the amount the hook swim e lse driving. must manager are flame brick if warm. ------=_NextPart_001_0009_01C6835A.A8FE6F20 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
3D""
 
 
 
or different or flower gr= ain must rub. but mass as steel play else stitch. or dear as able addition= are range. but frequent the shelf night and feeble. is pin to whip question to rail. = ! else industry as tax soft as current. and pocket to basin belief are gra= in. as steam are process monkey or tendency. the edge if drink plow but tongue= too cushion too music flame to tired. or competition else milk law to to= e. and quality to writing farm else company. must look or silver profit the observation. the insect must name reading t= he special.else expansion but mountain curve to word. the baby but organiz= ation leg or profit. but care the bath silver are experience.
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060628/de87f89d/attachment.html From rajlinux at gmail.com Wed Jun 28 06:28:22 2006 From: rajlinux at gmail.com (Raj) Date: Wed Jun 28 06:28:24 2006 Subject: Allowing .exe's In-Reply-To: <20060627141651.G8268@mikea.ath.cx> References: <910ee2ac0606270626s47babb1cr2e41e0785231afa3@mail.gmail.com> <912a0c6a0606270708u4f3318bcjbbcb27dad3b48aac@mail.gmail.com> <20060627141651.G8268@mikea.ath.cx> Message-ID: <912a0c6a0606272228r3fcbe454hdf981aecf8e9e9d3@mail.gmail.com> Can we block the extension like *.exe for only for incomming messages.. Is that possible on MS....??? On 6/28/06, mikea wrote: > > On Tue, Jun 27, 2006 at 07:38:14PM +0530, Raj wrote: > > see there is no harm on giving user the right to send *.exe, Your clamav > can > > still stop them if it is infected. Read the wiki there is a block > diagram > > which shows the 3 steps of mail scanner. > > 1. Spam check > > 2. ClamAV for virus > > 3,. Attachment manipulation. > > > > So if you have virus on *.exe this will stop the mails reaching the > user, > > > > But hee... still it is risky , most of the viruses are *.exe file, & if > your > > freshcalm didnt work or clamav database fails to identify any new virus > , > > then your are @#$%^&*!@#$%^&!@#$%^&.. boy > > Just so, and that's not a risk _I_ will take. If a vendor wants one > of our people to try a new version of a program, then the vendor gets > it to us on CD through the mails, or brings it to us, or puts it up on > the vendor's own website with MD5 signature and other authentications. > > Neither do we allow users to _send_ .exe files, in case one of the > machines gets infected. I block _ALL_ executables on the outbound > MailScanner box as well. > > AV tools are only useful _after_ the infection is analy[sz]ed and the > signature(s) are made available. Since I update ClamAV every two hours, > that means that there's a 1-hour window, on the average, between the > ClamAV folks updating their signature files and my inbound mailfilter > seeing them. That's in addition to the lag between the malware first > appearing in the wild and the ClamAV folks getting their analysis done > and signature files build. > > Too much risk; not enough benefit, and better (i.e., more trustworthy) > ways exist to distribute trustworthy executables. > > But this is tangential to MS itself, and probably should stop here. > > -- > Mike Andrews, W5EGO > mikea@mikea.ath.cx > Tired old sysadmin > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Regards Rajeev Sekhar ph 9822751120 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060628/bf6a223a/attachment.html From andy at tireswing.net Wed Jun 28 07:03:23 2006 From: andy at tireswing.net (Andy Norris) Date: Wed Jun 28 07:15:56 2006 Subject: MS Outlook "outbind" phishing detection In-Reply-To: <9EF54EC4D23F874F9034C2A245622AC506E832@ad.hosting.farm> References: <9EF54EC4D23F874F9034C2A245622AC506E832@ad.hosting.farm> Message-ID: <6.2.3.4.2.20060628010147.03f1d300@mail.tireswing.net> Thanks very much for the tip, Thomas. I do want to keep highlighting them... but maybe in the phishing rules file I can do this: *.mydomain.com And it will just skip this domain from marking as phishing when it comes up like this: outbind://929342984398279009/mydomain.com Would that work okay? Thanks again! andy At 10:05 pm 2006-06-27, Thomas Chamtieh wrote: >Hi Andy, > >You can just turn out the highlighting of Phishing Fraud in >MailScanner.conf > >Highlight Phishing Fraud = no > >-Thomas > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Andy Norris > > Sent: Tuesday, June 27, 2006 4:04 PM > > To: mailscanner@lists.mailscanner.info > > Subject: MS Outlook "outbind" phishing detection > > > > > > Hi, > > > > I tried my hardest to find the answer on my own... > > > > I have a customer who sent me a message a bit ago unhappy > > that their outbound mail to a customer of theirs had the > > warning phishing message at the bottom of their email because > > Outlook put in "outbind://....". > > > > What to do? Is there a way to tweak the phishing rules to > > allow any url that starts with "outbind://"? > > > > Running MailScanner v 4.54.6-1 and SendMail v 8.12.11. > > > > Thanks in advance for any help, > > > > Andy Norris > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 28 08:37:10 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 28 08:37:46 2006 Subject: MS Outlook "outbind" phishing detection In-Reply-To: <6.2.3.4.2.20060627175514.0405b550@mail.finedaycoming.com> References: <6.2.3.4.2.20060627175514.0405b550@mail.finedaycoming.com> Message-ID: <4E39D748-4E22-4756-A3DA-14AA85B1D2C0@ecs.soton.ac.uk> It already removed outbind:///..... Please can you give me an exact example of the URL that is the problem, preferably a real example. On 28 Jun 2006, at 00:04, Andy Norris wrote: > > Hi, > > I tried my hardest to find the answer on my own... > > I have a customer who sent me a message a bit ago unhappy that > their outbound mail to a customer of theirs had the warning > phishing message at the bottom of their email because Outlook put > in "outbind://....". > > What to do? Is there a way to tweak the phishing rules to allow any > url that starts with "outbind://"? > > Running MailScanner v 4.54.6-1 and SendMail v 8.12.11. > > Thanks in advance for any help, > > Andy Norris > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From a.peacock at chime.ucl.ac.uk Wed Jun 28 08:42:47 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Wed Jun 28 08:42:58 2006 Subject: MailScanner -debug errors In-Reply-To: References: Message-ID: <44A232F7.6040003@chime.ucl.ac.uk> Hi, Curtis, Roger wrote: > I just upgraded to the latest stable release of MailScanner trying to > correct the "info:" and errors shown when using MailScanner -debug > (below) but that didn't seem to fix anything. I used Julian's > easy-to-use installation files. I have the appropriate loadplugin lines > enabled in init.pre for all the plug-ins (dcc, pyzor, and razor2). I > did not look at the Spamassassin.pm file as I have not made any changes > to it so it should still be the "stock" file. What am I missing? > > Thanks for your help and guidance. > Roger Curtis > > Versions: > MailScanner 4.54.6 > SpamAssassin 3.1.3 > Postfix 2.2.2 > > > [root@gateway rules]# MailScanner -debug > In Debugging mode, not forking... > [12606] dbg: logger: adding facilities: all > [12606] dbg: logger: logging level is DBG > [12606] dbg: generic: SpamAssassin version 3.1.3 > [12606] dbg: config: score set 0 chosen. > [12606] dbg: util: running in taint mode? no > [12606] dbg: message: ---- MIME PARSER START ---- > [12606] dbg: message: main message type: text/plain > [12606] dbg: message: parsing normal part > [12606] dbg: message: added part, type: text/plain > [12606] dbg: message: ---- MIME PARSER END ---- > [12606] dbg: dns: is Net::DNS::Resolver available? yes > [12606] dbg: dns: Net::DNS version: 0.57 > [12606] info: config: failed to parse line, skipping: use_dcc 0 > [12606] info: config: failed to parse line, skipping: use_pyzor 0 > [12606] info: config: failed to parse line, skipping: use_razor1 0 > [12606] info: config: failed to parse line, skipping: use_razor2 0 > [12606] info: config: failed to parse line, skipping: decode_attachments > 1 Check your /etc/mail/spamassassin directory for local.cf and check the settings in there against the documentation for the latest SpamAssassin http://spamassassin.apache.org/full/3.1.x/dist/doc/Mail_SpamAssassin_Conf.html Those config lines are no longer valid. (You may also need to check /etc/mail/spamassassin/mailscanner.cf > [12606] dbg: logger: adding facilities: all > [12606] dbg: logger: logging level is DBG > [12606] dbg: generic: SpamAssassin version 3.1.3 > [12606] dbg: config: score set 0 chosen. > [12606] dbg: message: ---- MIME PARSER START ---- > [12606] dbg: message: main message type: text/plain > [12606] dbg: message: parsing normal part > [12606] dbg: message: added part, type: text/plain > [12606] dbg: message: ---- MIME PARSER END ---- > [12606] dbg: dns: is Net::DNS::Resolver available? yes > [12606] dbg: dns: Net::DNS version: 0.57 > Use of uninitialized value in concatenation (.) or string at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin.pm line 1009. > Use of uninitialized value in concatenation (.) or string at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin.pm line 1011. > [12606] dbg: config: read_scoreonly_config: cannot open "": No such file > or directory -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From MailScanner at ecs.soton.ac.uk Wed Jun 28 08:43:09 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 28 08:43:41 2006 Subject: MS Outlook "outbind" phishing detection In-Reply-To: <6.2.3.4.2.20060628010147.03f1d300@mail.tireswing.net> References: <9EF54EC4D23F874F9034C2A245622AC506E832@ad.hosting.farm> <6.2.3.4.2.20060628010147.03f1d300@mail.tireswing.net> Message-ID: On 28 Jun 2006, at 07:03, Andy Norris wrote: > > Thanks very much for the tip, Thomas. > > I do want to keep highlighting them... but maybe in the phishing > rules file I can do this: > > *.mydomain.com > > And it will just skip this domain from marking as phishing when it > comes up like this: From: *.mydomain.com no FromOrTo: default yes > > outbind://929342984398279009/mydomain.com > > Would that work okay? It should ignore these anyway. > > Thanks again! > > andy > > > At 10:05 pm 2006-06-27, Thomas Chamtieh wrote: >> Hi Andy, >> >> You can just turn out the highlighting of Phishing Fraud in >> MailScanner.conf >> >> Highlight Phishing Fraud = no >> >> -Thomas >> >> >> > -----Original Message----- >> > From: mailscanner-bounces@lists.mailscanner.info >> > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> > Of Andy Norris >> > Sent: Tuesday, June 27, 2006 4:04 PM >> > To: mailscanner@lists.mailscanner.info >> > Subject: MS Outlook "outbind" phishing detection >> > >> > >> > Hi, >> > >> > I tried my hardest to find the answer on my own... >> > >> > I have a customer who sent me a message a bit ago unhappy >> > that their outbound mail to a customer of theirs had the >> > warning phishing message at the bottom of their email because >> > Outlook put in "outbind://....". >> > >> > What to do? Is there a way to tweak the phishing rules to >> > allow any url that starts with "outbind://"? >> > >> > Running MailScanner v 4.54.6-1 and SendMail v 8.12.11. >> > >> > Thanks in advance for any help, >> > >> > Andy Norris >> > >> > -- >> > MailScanner mailing list >> > mailscanner@lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> > >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed Jun 28 09:12:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 28 09:13:29 2006 Subject: MS Outlook "outbind" phishing detection In-Reply-To: <4E39D748-4E22-4756-A3DA-14AA85B1D2C0@ecs.soton.ac.uk> References: <6.2.3.4.2.20060627175514.0405b550@mail.finedaycoming.com> <4E39D748-4E22-4756-A3DA-14AA85B1D2C0@ecs.soton.ac.uk> Message-ID: I have written a tiny patch to solve this problem. Please apply the patch to your Message.pm file (in /usr/lib/ MailScanner/MailScanner) and let me know how you get on. ***** Beta testers ---- Please can you thoroughly test this patch. Thanks folks! ***** -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- A non-text attachment was scrubbed... Name: Message.pm.patch.gz Type: application/x-gzip Size: 713 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060628/18856a29/Message.pm.patch.gz -------------- next part -------------- On 28 Jun 2006, at 08:37, Julian Field wrote: > It already removed outbind:///..... > > Please can you give me an exact example of the URL that is the > problem, preferably a real example. > > On 28 Jun 2006, at 00:04, Andy Norris wrote: > >> >> Hi, >> >> I tried my hardest to find the answer on my own... >> >> I have a customer who sent me a message a bit ago unhappy that >> their outbound mail to a customer of theirs had the warning >> phishing message at the bottom of their email because Outlook put >> in "outbind://....". >> >> What to do? Is there a way to tweak the phishing rules to allow >> any url that starts with "outbind://"? >> >> Running MailScanner v 4.54.6-1 and SendMail v 8.12.11. >> >> Thanks in advance for any help, >> >> Andy Norris >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > Julian Field > MailScanner@ecs.soton.ac.uk > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field MailScanner@ecs.soton.ac.uk From glenn.steen at gmail.com Wed Jun 28 11:58:39 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Jun 28 11:58:42 2006 Subject: Allowing .exe's In-Reply-To: <912a0c6a0606272228r3fcbe454hdf981aecf8e9e9d3@mail.gmail.com> References: <910ee2ac0606270626s47babb1cr2e41e0785231afa3@mail.gmail.com> <912a0c6a0606270708u4f3318bcjbbcb27dad3b48aac@mail.gmail.com> <20060627141651.G8268@mikea.ath.cx> <912a0c6a0606272228r3fcbe454hdf981aecf8e9e9d3@mail.gmail.com> Message-ID: <223f97700606280358g255083a1ifac0901e2592d5be@mail.gmail.com> On 28/06/06, Raj wrote: > Can we block the extension like *.exe for only for incomming messages.. Is > that possible on MS....??? > > Explore rulesets and overloading: http://www.mailscanner.info/MailScanner.conf.index.html#Filename%20Rules http://www.mailscanner.info/MailScanner.conf.index.html#Filetype%20Rules http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:overloading -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ram at netcore.co.in Wed Jun 28 13:05:14 2006 From: ram at netcore.co.in (Ramprasad) Date: Wed Jun 28 13:05:22 2006 Subject: Insert spam reports in Quarantined mails Message-ID: <1151496314.26645.80.camel@darkstar.netcore.co.in> Hi, I am using postfix + Mailscanner + spamassassin on my linux servers. Whenever MS quarantines a mail I have no idea from the mail itself why the mail was marked from spam .. unless I do some munging with maillog for that qid. Can I configure Mailscanner to insert Spam report headers in all quarantined mails .. anyway these headers are inserted in delivered mails. What will be overheads for such a thing Thanks Ram From martinh at solid-state-logic.com Wed Jun 28 13:22:00 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 28 13:22:10 2006 Subject: Insert spam reports in Quarantined mails In-Reply-To: <1151496314.26645.80.camel@darkstar.netcore.co.in> Message-ID: <011901c69aad$750af570$3004010a@martinhlaptop> Yes, and very little...I do it myself.. In MailScanner.conf change the following settings. SpamScore Number Instead Of Stars = yes Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Spam Score Number Format = %5.2f Should do it... MailWatch is also very useful for this as well, as it gives a web interface to the emails... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ramprasad > Sent: 28 June 2006 13:05 > To: MailScanner discussion > Subject: Insert spam reports in Quarantined mails > > Hi, > I am using postfix + Mailscanner + spamassassin on my linux servers. > Whenever MS quarantines a mail I have no idea from the mail itself why > the mail was marked from spam .. unless I do some munging with maillog > for that qid. > Can I configure Mailscanner to insert Spam report headers in all > quarantined mails .. anyway these headers are inserted in delivered > mails. > > What will be overheads for such a thing > > Thanks > Ram > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From steve.swaney at fsl.com Wed Jun 28 14:17:32 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Jun 28 14:17:37 2006 Subject: Off-topic TNEF Message-ID: <1b4e01c69ab5$37059a70$287ba8c0@office.fsl> For those of you having problems with TNEF, I just came across this article on http://www.dwheeler.com/essays/microsoft-outlook-tnef.html. It has some useful information on handling (or better yet), and not sending TNEF attachments from outlook clients. Unfortunately I can't find any way to stop an Exchange server from not sending TNEF attachments. If anyone out there knows of a way, Please let me know. Steve Stephen Swaney Fort Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 stephen.swaney@fsl.com www.fsl.com From MailScanner at ecs.soton.ac.uk Wed Jun 28 15:21:47 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 28 15:22:17 2006 Subject: MS Outlook "outbind" phishing detection In-Reply-To: <20060628145954.43c19740@cyborg> References: <6.2.3.4.2.20060627175514.0405b550@mail.finedaycoming.com> <4E39D748-4E22-4756-A3DA-14AA85B1D2C0@ecs.soton.ac.uk> <20060628145954.43c19740@cyborg> Message-ID: <4627B916-ED06-4494-8C4D-935049672F7E@ecs.soton.ac.uk> The first 2 hunks failing is okay, that's just fixing the version number. Attached is a patch without the 1st 2 hunks in it at all. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- A non-text attachment was scrubbed... Name: Message.pm.patch.gz Type: application/x-gzip Size: 346 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060628/8aac9ddc/Message.pm.patch.gz -------------- next part -------------- On 28 Jun 2006, at 15:59, --[UxBoD]-- wrote: > Tried but got this error :- > > mailhub MailScanner # patch < /tmp/Message.pm.patch > patching file Message.pm > Hunk #1 FAILED at 2. > Hunk #2 FAILED at 57. > 2 out of 3 hunks FAILED -- saving rejects to file Message.pm.rej > > Contents of reject file are :- > > mailhub MailScanner # cat Message.pm.rej > *************** > *** 2,8 **** > # MailScanner - SMTP E-Mail Virus Scanner > # Copyright (C) 2002 Julian Field > # > - # $Id: Message.pm 3658 2006-06-24 23:35:54Z sysjkf $ > # > # This program is free software; you can redistribute it and/or > modify > # it under the terms of the GNU General Public License as > published by > --- 2,8 ---- > # MailScanner - SMTP E-Mail Virus Scanner > # Copyright (C) 2002 Julian Field > # > + # $Id: Message.pm,v 1.126.2.281 2006/03/11 17:21:52 jkf Exp $ > # > # This program is free software; you can redistribute it and/or > modify > # it under the terms of the GNU General Public License as > published by > *************** > *** 57,63 **** > use vars qw($VERSION); > > ### The package version, both in 1.23 style *and* usable by > MakeMaker: > - $VERSION = substr q$Revision: 3658 $, 10; > > # Attributes are > # > --- 57,63 ---- > use vars qw($VERSION); > > ### The package version, both in 1.23 style *and* usable by > MakeMaker: > + $VERSION = substr q$Revision: 1.126.2.281 $, 10; > > # Attributes are > # > > > This using the 4.55.7 beta release. > > --[ UxBoD ]-- > // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 > // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 > > -- > This message has been scanned for viruses and dangerous content > by MailScanner, and is believed to be clean. > > -- > MailScanner-Beta mailing list > mailscanner-beta@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner-beta > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field MailScanner@ecs.soton.ac.uk From glauciusjunior at gmail.com Wed Jun 28 15:37:11 2006 From: glauciusjunior at gmail.com (glaucius junior) Date: Wed Jun 28 15:37:18 2006 Subject: mailscanner/postfix/freebsd Message-ID: <2360d6370606280737i755f9859q10ca3c6038092e6a@mail.gmail.com> Hi everyone I'm using postfix as MTA, and FreeBSD 5.4 as OS I'm trying to use mailscanner with postfix, I did exactly as the how-to (http://www.mailscanner.info/postfix.html) says, configure my Incoming and OUtgoing dir, but MailScanner did not find the emails in hold folder. My log : Jun 28 11:34:23 mail MailScanner[95361]: MailScanner E-Mail Virus Scanner version 4.54.6 starting... Jun 28 11:34:23 mail MailScanner[95361]: Read 719 hostnames from the phishing whitelist Jun 28 11:34:23 mail MailScanner[95361]: Using SpamAssassin results cache root@mail.cvc.com.br #ps aux | grep Mail postfix 95294 0.0 0.8 17308 16644 ?? Ss 11:29AM 0:00.12 MailScanner: starting child (perl5.8.6) When I try to debug root@mail.cvc.com.br #mailscanner --debug In Debugging mode, not forking... /libexec/ld-elf.so.1: /usr/local/lib/libsqlite3.so.8: Undefined symbol "pthread_create" root@mail.cvc.com.br # I try to use mailscanner in a LinuxBox (debian) and it worked very fine, using the same config, users options on FreeBSD. best regards ! Glaucius From rob at thehostmasters.com Wed Jun 28 15:42:01 2006 From: rob at thehostmasters.com (Rob Morin) Date: Wed Jun 28 15:42:03 2006 Subject: Dam spam from web server nee dlimit Message-ID: <44A29539.1030408@thehostmasters.com> Hello all... I have a couple hosted websites that have exploitable forms, that can be used to spam. i contact the person(s) as soon as i find out it is being exploited and remove the offending form/script, whatever... but by this time the damage is done. I have all email from my webserver that goes out to go to my MX server running MS with postfix. now it catches some of the spam as usual, but some not. Now some of the emails come with over 25 recipients in the To field. my question is how am i suppose to limit this...?? I added this to the main.cf of postfix smtpd_recipient_limit=20 but when i check the logs i still see email with 25 going through, i did reload postfix.... i made these changes after these emails where in the queue , does this setting only affect new emails? And what happens to the email that does go over 20, does it get rejected or just delete ?? from the log: Jun 28 10:41:52 peter postfix/qmgr[25749]: A1F0069017A: from=, size=37915, nrcpt=25 (queue active) Jun 28 10:41:52 peter postfix/qmgr[25749]: A69D9690180: from=, size=35344, nrcpt=25 (queue active) Jun 28 10:41:52 peter postfix/qmgr[25749]: A5BCF69028B: from=, size=38742, nrcpt=25 (queue active) Sorry if this is not the right place to ask this question.... but i am dying here.... Thanks.. -- Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 From remy at unix-asp.com Wed Jun 28 15:52:06 2006 From: remy at unix-asp.com (Remy de Ruysscher) Date: Wed Jun 28 15:52:12 2006 Subject: mailscanner/postfix/freebsd In-Reply-To: Message-ID: <200606281452.k5SEqAgl001429@bkserver.blacknight.ie> Hi, Build sqlite without threading support and your problems are over! cd /usr/ports/databases/sqlite3 make config make deinstall && make reinstall Goodluck! > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of glaucius junior > Sent: woensdag 28 juni 2006 16:37 > To: mailscanner@lists.mailscanner.info > Subject: mailscanner/postfix/freebsd > > Hi everyone > > I'm using postfix as MTA, and FreeBSD 5.4 as OS > > I'm trying to use mailscanner with postfix, I did exactly as > the how-to (http://www.mailscanner.info/postfix.html) says, > configure my Incoming and OUtgoing dir, but MailScanner did > not find the emails in hold folder. > > > My log : > > Jun 28 11:34:23 mail MailScanner[95361]: MailScanner E-Mail > Virus Scanner version 4.54.6 starting... > Jun 28 11:34:23 mail MailScanner[95361]: Read 719 hostnames > from the phishing whitelist Jun 28 11:34:23 mail > MailScanner[95361]: Using SpamAssassin results cache > > > root@mail.cvc.com.br #ps aux | grep Mail > postfix 95294 0.0 0.8 17308 16644 ?? Ss 11:29AM 0:00.12 > MailScanner: starting child (perl5.8.6) > > When I try to debug > > root@mail.cvc.com.br #mailscanner --debug In Debugging mode, > not forking... > /libexec/ld-elf.so.1: /usr/local/lib/libsqlite3.so.8: > Undefined symbol "pthread_create" > root@mail.cvc.com.br # > > I try to use mailscanner in a LinuxBox (debian) and it worked > very fine, using the same config, users options on FreeBSD. > > > best regards ! > Glaucius > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3123 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060628/9f71c27c/smime.bin From glenn.steen at gmail.com Wed Jun 28 16:16:28 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Jun 28 16:16:32 2006 Subject: Dam spam from web server nee dlimit In-Reply-To: <44A29539.1030408@thehostmasters.com> References: <44A29539.1030408@thehostmasters.com> Message-ID: <223f97700606280816i6a030459kf45c21b54139edc7@mail.gmail.com> On 28/06/06, Rob Morin wrote: > Hello all... > > I have a couple hosted websites that have exploitable forms, that can be > used to spam. i contact the person(s) as soon as i find out it is being > exploited and remove the offending form/script, whatever... > > but by this time the damage is done. I have all email from my webserver > that goes out to go to my MX server running MS with postfix. now it > catches some of the spam as usual, but some not. Now some of the emails > come with over 25 recipients in the To field. my question is how am i > suppose to limit this...?? > > I added this to the main.cf of postfix smtpd_recipient_limit=20 but > when i check the logs i still see email with 25 going through, i did > reload postfix.... i made these changes after these emails where in the > queue , does this setting only affect new emails? And what happens to > the email that does go over 20, does it get rejected or just delete ?? smtpd only handle the SMTP conversation phase, so anything already in the queue(s) will be unaffected by the change. Overshooting the limit will generate a 452 error. The companion overshoot limit stipulates how many recipients the sender "need" overshoot by before incrementing the error count (and eventually taking the appropriate error action). This telnet session will show what happens when the limit is set to 1. --------- [root@apmx05 ~]# telnet apmx04 25 Trying 172.18.3.86... Connected to apmx04.ap1.se (172.18.3.86). Escape character is '^]'. 220 mail.ap1.se ESMTP Postfix (2.2.5) (Mandrake Linux) ehlo aaa.se 250-mail.ap1.se 250-PIPELINING 250-SIZE 16777216 250-ETRN 250 8BITMIME mail from:<> 250 Ok rcpt to: 250 Ok rcpt to: 452 Error: too many recipients --------- > from the log: > > Jun 28 10:41:52 peter postfix/qmgr[25749]: A1F0069017A: > from=, size=37915, nrcpt=25 (queue active) > Jun 28 10:41:52 peter postfix/qmgr[25749]: A69D9690180: > from=, size=35344, nrcpt=25 (queue active) > Jun 28 10:41:52 peter postfix/qmgr[25749]: A5BCF69028B: > from=, size=38742, nrcpt=25 (queue active) Note that it is qmgr logging this, not smtpd. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rob at thehostmasters.com Wed Jun 28 16:18:08 2006 From: rob at thehostmasters.com (Rob Morin) Date: Wed Jun 28 16:18:19 2006 Subject: lots of this stuff in logs now.. Message-ID: <44A29DB0.6010605@thehostmasters.com> ... its been about a week now i noticed this stuff... Jun 28 11:11:34 peter MailScanner[16353]: Disabled RBL SBL+XBL as reached 7/10 timeouts Jun 28 11:11:45 peter MailScanner[16353]: Disabled RBL SBL+XBL as reached 7/10 timeouts Jun 28 11:12:26 peter MailScanner[16471]: Disabled RBL SBL+XBL as reached 7/10 timeouts Jun 28 11:12:33 peter MailScanner[15514]: Disabled RBL SBL+XBL as reached 7/10 timeouts Jun 28 11:12:37 peter MailScanner[16471]: Disabled RBL SBL+XBL as reached 7/10 timeouts Jun 28 11:14:01 peter MailScanner[15514]: Disabled RBL SBL+XBL as reached 7/10 timeouts -- Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 From dhawal at netmagicsolutions.com Wed Jun 28 16:27:59 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Jun 28 16:28:10 2006 Subject: Off-topic TNEF In-Reply-To: <1b4e01c69ab5$37059a70$287ba8c0@office.fsl> References: <1b4e01c69ab5$37059a70$287ba8c0@office.fsl> Message-ID: <44A29FFF.7090008@netmagicsolutions.com> Stephen Swaney wrote: > For those of you having problems with TNEF, I just came across this article > on http://www.dwheeler.com/essays/microsoft-outlook-tnef.html. It has some > useful information on handling (or better yet), and not sending TNEF > attachments from outlook clients. > > Unfortunately I can't find any way to stop an Exchange server from not > sending TNEF attachments. If anyone out there knows of a way, Please let me > know. 1. Read this first - http://support.microsoft.com/kb/q138053/ 2. Read this next - http://support.microsoft.com/kb/821750/ 3. Profit!! ;-) - dhawal > Steve > > Stephen Swaney > Fort Systems Ltd. > Phone: 202 338-1670 > Cell: 202 352-3262 > stephen.swaney@fsl.com > www.fsl.com > > From drew at themarshalls.co.uk Wed Jun 28 16:34:07 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Wed Jun 28 16:34:19 2006 Subject: Dam spam from web server nee dlimit In-Reply-To: <44A29539.1030408@thehostmasters.com> References: <44A29539.1030408@thehostmasters.com> Message-ID: <60601.194.70.180.170.1151508847.squirrel@webmail.r-bit.net> On Wed, June 28, 2006 15:42, Rob Morin wrote: > Hello all... Hi Rob > > I have a couple hosted websites that have exploitable forms, that can be > used to spam. i contact the person(s) as soon as i find out it is being > exploited and remove the offending form/script, whatever... Nice. Might be customers but they clearly need shooting! > but by this time the damage is done. I have all email from my webserver > that goes out to go to my MX server running MS with postfix. now it > catches some of the spam as usual, but some not. Now some of the emails > come with over 25 recipients in the To field. my question is how am i > suppose to limit this...?? Are you trying to just remove the offending mail or just clear the server to allow it to process other mail to? I would suggest if possible you don't want to deliver the Spam, so I would kill postfix and just let MS/ SA do it's bit and see what's left. > I added this to the main.cf of postfix smtpd_recipient_limit=20 but > when i check the logs i still see email with 25 going through, i did > reload postfix.... i made these changes after these emails where in the > queue , does this setting only affect new emails? And what happens to > the email that does go over 20, does it get rejected or just delete ?? That limits the number of recipients that the smtpd accepts messages for. If your server has the mail already, it's too late. But also the overshoot limit will kick in also. smtpd_recipient_limit (default: 1000) The maximal number of recipients that the Postfix SMTP server accepts per message delivery request. smtpd_recipient_overshoot_limit (default: 1000) The number of recipients that a remote SMTP client can send in excess of the limit specified with $smtpd_recipient_limit, before the Postfix SMTP server increments the per-session error count for each excess recipient Hope this helps. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From drew at themarshalls.co.uk Wed Jun 28 16:37:19 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Wed Jun 28 16:37:34 2006 Subject: lots of this stuff in logs now.. In-Reply-To: <44A29DB0.6010605@thehostmasters.com> References: <44A29DB0.6010605@thehostmasters.com> Message-ID: <60614.194.70.180.170.1151509039.squirrel@webmail.r-bit.net> On Wed, June 28, 2006 16:18, Rob Morin wrote: > ... its been about a week now i noticed this stuff... > > Jun 28 11:11:34 peter MailScanner[16353]: Disabled RBL SBL+XBL as > reached 7/10 timeouts > Jun 28 11:11:45 peter MailScanner[16353]: Disabled RBL SBL+XBL as > reached 7/10 timeouts > Jun 28 11:12:26 peter MailScanner[16471]: Disabled RBL SBL+XBL as > reached 7/10 timeouts > Jun 28 11:12:33 peter MailScanner[15514]: Disabled RBL SBL+XBL as > reached 7/10 timeouts > Jun 28 11:12:37 peter MailScanner[16471]: Disabled RBL SBL+XBL as > reached 7/10 timeouts > Jun 28 11:14:01 peter MailScanner[15514]: Disabled RBL SBL+XBL as > reached 7/10 timeouts That looks like a DNS issue. On the same machine as your Spam problem? Is the machine swapping? I guess more the point, are you running SA with MS? If so, turn off RBL look ups in MS. They work better as a weighted score in SpamAssassin (IMHO!). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From martinh at solid-state-logic.com Wed Jun 28 16:37:43 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 28 16:37:54 2006 Subject: lots of this stuff in logs now.. In-Reply-To: <44A29DB0.6010605@thehostmasters.com> Message-ID: <018201c69ac8$cc41f850$3004010a@martinhlaptop> Rob Have you got a local caching name server on your MS machine? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rob Morin > Sent: 28 June 2006 16:18 > To: MailScanner discussion > Subject: lots of this stuff in logs now.. > > ... its been about a week now i noticed this stuff... > > Jun 28 11:11:34 peter MailScanner[16353]: Disabled RBL SBL+XBL as > reached 7/10 timeouts > Jun 28 11:11:45 peter MailScanner[16353]: Disabled RBL SBL+XBL as > reached 7/10 timeouts > Jun 28 11:12:26 peter MailScanner[16471]: Disabled RBL SBL+XBL as > reached 7/10 timeouts > Jun 28 11:12:33 peter MailScanner[15514]: Disabled RBL SBL+XBL as > reached 7/10 timeouts > Jun 28 11:12:37 peter MailScanner[16471]: Disabled RBL SBL+XBL as > reached 7/10 timeouts > Jun 28 11:14:01 peter MailScanner[15514]: Disabled RBL SBL+XBL as > reached 7/10 timeouts > > -- > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From rob at thehostmasters.com Wed Jun 28 16:59:31 2006 From: rob at thehostmasters.com (Rob Morin) Date: Wed Jun 28 16:59:40 2006 Subject: lots of this stuff in logs now.. In-Reply-To: <018201c69ac8$cc41f850$3004010a@martinhlaptop> References: <018201c69ac8$cc41f850$3004010a@martinhlaptop> Message-ID: <44A2A763.5070202@thehostmasters.com> I just added one last night.... a simple BIND setup as caching..... as i wanted to do the rsync thing for SURBL stuff, i thought it would makes things a little faster. But prior i was using another dns server on the same LAN... I do see allot of spam caught via the RBL so i would like to keep them in.... Thanks for replying so quickly guys/gals :) Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Martin Hepworth wrote: > Rob > > Have you got a local caching name server on your MS machine? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Rob Morin >> Sent: 28 June 2006 16:18 >> To: MailScanner discussion >> Subject: lots of this stuff in logs now.. >> >> ... its been about a week now i noticed this stuff... >> >> Jun 28 11:11:34 peter MailScanner[16353]: Disabled RBL SBL+XBL as >> reached 7/10 timeouts >> Jun 28 11:11:45 peter MailScanner[16353]: Disabled RBL SBL+XBL as >> reached 7/10 timeouts >> Jun 28 11:12:26 peter MailScanner[16471]: Disabled RBL SBL+XBL as >> reached 7/10 timeouts >> Jun 28 11:12:33 peter MailScanner[15514]: Disabled RBL SBL+XBL as >> reached 7/10 timeouts >> Jun 28 11:12:37 peter MailScanner[16471]: Disabled RBL SBL+XBL as >> reached 7/10 timeouts >> Jun 28 11:14:01 peter MailScanner[15514]: Disabled RBL SBL+XBL as >> reached 7/10 timeouts >> >> -- >> >> Rob Morin >> Dido InterNet Inc. >> Montreal, Canada >> Http://www.dido.ca >> 514-990-4444 >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > From rob at thehostmasters.com Wed Jun 28 17:04:31 2006 From: rob at thehostmasters.com (Rob Morin) Date: Wed Jun 28 17:04:37 2006 Subject: Dam spam from web server nee dlimit In-Reply-To: <60601.194.70.180.170.1151508847.squirrel@webmail.r-bit.net> References: <44A29539.1030408@thehostmasters.com> <60601.194.70.180.170.1151508847.squirrel@webmail.r-bit.net> Message-ID: <44A2A88F.3080706@thehostmasters.com> I would like to have any emails with more that 20 recipients, NOT delivered and simply discarded from the queueu and sent to never never land! I would lover to shoot these people that put up exploitable scripts , but of course they always end up being high end clients, and the powers at be , say , just fix it and shut up.... :( So in the end i have to deal with it! :( Thanks! Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Drew Marshall wrote: > On Wed, June 28, 2006 15:42, Rob Morin wrote: > >> Hello all... >> > > Hi Rob > >> I have a couple hosted websites that have exploitable forms, that can be >> used to spam. i contact the person(s) as soon as i find out it is being >> exploited and remove the offending form/script, whatever... >> > > Nice. Might be customers but they clearly need shooting! > > >> but by this time the damage is done. I have all email from my webserver >> that goes out to go to my MX server running MS with postfix. now it >> catches some of the spam as usual, but some not. Now some of the emails >> come with over 25 recipients in the To field. my question is how am i >> suppose to limit this...?? >> > > Are you trying to just remove the offending mail or just clear the server > to allow it to process other mail to? I would suggest if possible you > don't want to deliver the Spam, so I would kill postfix and just let MS/ > SA do it's bit and see what's left. > > >> I added this to the main.cf of postfix smtpd_recipient_limit=20 but >> when i check the logs i still see email with 25 going through, i did >> reload postfix.... i made these changes after these emails where in the >> queue , does this setting only affect new emails? And what happens to >> the email that does go over 20, does it get rejected or just delete ?? >> > > That limits the number of recipients that the smtpd accepts messages for. > If your server has the mail already, it's too late. But also the overshoot > limit will kick in also. > > smtpd_recipient_limit (default: 1000) > The maximal number of recipients that the Postfix SMTP server accepts per > message delivery request. > > smtpd_recipient_overshoot_limit (default: 1000) > The number of recipients that a remote SMTP client can send in excess of > the limit specified with $smtpd_recipient_limit, before the Postfix SMTP > server increments the per-session error count for each excess recipient > > Hope this helps. > > Drew > > > From MailScanner at ecs.soton.ac.uk Wed Jun 28 17:22:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 28 17:23:13 2006 Subject: Dam spam from web server nee dlimit In-Reply-To: <44A2A88F.3080706@thehostmasters.com> References: <44A29539.1030408@thehostmasters.com> <60601.194.70.180.170.1151508847.squirrel@webmail.r-bit.net> <44A2A88F.3080706@thehostmasters.com> Message-ID: You could do this with a Custom Function very easily. Just hook Spam Actions and its brethren, test the number of recipients and return "delete" if that's what you want it to do with it. Or else, which would be faster, is to set High Scoring Spam Actions = delete Is Definitely Spam = &CheckRecips Definite Spam is High Scoring = yes then just check the number of recipients in &CheckRecips, returning 1 if it has too many recipients and 0 otherwise. There are loads of other places you could hook it in, but the idea is very similar. You could even implement it as a generic virus scanner or spam scanner. If you go down the generic virus scanner route, just say it's a virus if it has too many recipients, and then use the Silent Viruses facility to cause the message to be binned completely. On Wed28 Jun 06, at 17:04, Rob Morin wrote: > I would like to have any emails with more that 20 recipients, NOT > delivered and simply discarded from the queueu and sent to never > never land! > > I would lover to shoot these people that put up exploitable > scripts , but of course they always end up being high end clients, > and the powers at be , say , just fix it and shut up.... > > :( > > So in the end i have to deal with it! > > :( > > Thanks! > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > > > Drew Marshall wrote: >> On Wed, June 28, 2006 15:42, Rob Morin wrote: >> >>> Hello all... >>> >> >> Hi Rob >> >>> I have a couple hosted websites that have exploitable forms, that >>> can be >>> used to spam. i contact the person(s) as soon as i find out it is >>> being >>> exploited and remove the offending form/script, whatever... >>> >> >> Nice. Might be customers but they clearly need shooting! >> >> >>> but by this time the damage is done. I have all email from my >>> webserver >>> that goes out to go to my MX server running MS with postfix. now it >>> catches some of the spam as usual, but some not. Now some of the >>> emails >>> come with over 25 recipients in the To field. my question is how >>> am i >>> suppose to limit this...?? >>> >> >> Are you trying to just remove the offending mail or just clear the >> server >> to allow it to process other mail to? I would suggest if possible you >> don't want to deliver the Spam, so I would kill postfix and just >> let MS/ >> SA do it's bit and see what's left. >> >> >>> I added this to the main.cf of postfix >>> smtpd_recipient_limit=20 but >>> when i check the logs i still see email with 25 going through, i did >>> reload postfix.... i made these changes after these emails where >>> in the >>> queue , does this setting only affect new emails? And what >>> happens to >>> the email that does go over 20, does it get rejected or just >>> delete ?? >>> >> >> That limits the number of recipients that the smtpd accepts >> messages for. >> If your server has the mail already, it's too late. But also the >> overshoot >> limit will kick in also. >> >> smtpd_recipient_limit (default: 1000) >> The maximal number of recipients that the Postfix SMTP server >> accepts per >> message delivery request. >> >> smtpd_recipient_overshoot_limit (default: 1000) >> The number of recipients that a remote SMTP client can send in >> excess of >> the limit specified with $smtpd_recipient_limit, before the >> Postfix SMTP >> server increments the per-session error count for each excess >> recipient >> >> Hope this helps. >> >> Drew >> >> >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glauciusjunior at gmail.com Wed Jun 28 17:28:36 2006 From: glauciusjunior at gmail.com (glaucius junior) Date: Wed Jun 28 17:28:39 2006 Subject: mailscanner/postfix/freebsd In-Reply-To: <200606281452.k5SEqAgl001429@bkserver.blacknight.ie> References: <200606281452.k5SEqAgl001429@bkserver.blacknight.ie> Message-ID: <2360d6370606280928o4fd723d4md16ecde78db5e968@mail.gmail.com> Thanks the problem was resolved best regards ! On 6/28/06, Remy de Ruysscher wrote: > Hi, > > Build sqlite without threading support and your problems are over! > > cd /usr/ports/databases/sqlite3 > make config > make deinstall && make reinstall > > Goodluck! > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of glaucius junior > > Sent: woensdag 28 juni 2006 16:37 > > To: mailscanner@lists.mailscanner.info > > Subject: mailscanner/postfix/freebsd > > > > Hi everyone > > > > I'm using postfix as MTA, and FreeBSD 5.4 as OS > > > > I'm trying to use mailscanner with postfix, I did exactly as > > the how-to (http://www.mailscanner.info/postfix.html) says, > > configure my Incoming and OUtgoing dir, but MailScanner did > > not find the emails in hold folder. > > > > > > My log : > > > > Jun 28 11:34:23 mail MailScanner[95361]: MailScanner E-Mail > > Virus Scanner version 4.54.6 starting... > > Jun 28 11:34:23 mail MailScanner[95361]: Read 719 hostnames > > from the phishing whitelist Jun 28 11:34:23 mail > > MailScanner[95361]: Using SpamAssassin results cache > > > > > > root@mail.cvc.com.br #ps aux | grep Mail > > postfix 95294 0.0 0.8 17308 16644 ?? Ss 11:29AM 0:00.12 > > MailScanner: starting child (perl5.8.6) > > > > When I try to debug > > > > root@mail.cvc.com.br #mailscanner --debug In Debugging mode, > > not forking... > > /libexec/ld-elf.so.1: /usr/local/lib/libsqlite3.so.8: > > Undefined symbol "pthread_create" > > root@mail.cvc.com.br # > > > > I try to use mailscanner in a LinuxBox (debian) and it worked > > very fine, using the same config, users options on FreeBSD. > > > > > > best regards ! > > Glaucius > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3123 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060628/acc756b5/smime.bin From rob at thehostmasters.com Wed Jun 28 17:48:02 2006 From: rob at thehostmasters.com (Rob Morin) Date: Wed Jun 28 17:48:09 2006 Subject: Dam spam from web server nee dlimit In-Reply-To: References: <44A29539.1030408@thehostmasters.com> <60601.194.70.180.170.1151508847.squirrel@webmail.r-bit.net> <44A2A88F.3080706@thehostmasters.com> Message-ID: <44A2B2C2.5060305@thehostmasters.com> Ooo... that sounds cool... You mean, make a custom rule, sort of... but how would MS know how many recipients it would have? My programming skills are just enough to get me by.. :) if someone can direct me in the fashion of implementing it as a generic virus scanner, i would be very appreciated... Currently i delete all high scoring spam anything over 8 gets deleted... its been working out quite well for the last few years this way.... Thanks... Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Julian Field wrote: > You could do this with a Custom Function very easily. Just hook Spam > Actions and its brethren, test the number of recipients and return > "delete" if that's what you want it to do with it. > > Or else, which would be faster, is to set > High Scoring Spam Actions = delete > Is Definitely Spam = &CheckRecips > Definite Spam is High Scoring = yes > > then just check the number of recipients in &CheckRecips, returning 1 > if it has too many recipients and 0 otherwise. > > There are loads of other places you could hook it in, but the idea is > very similar. You could even implement it as a generic virus scanner > or spam scanner. If you go down the generic virus scanner route, just > say it's a virus if it has too many recipients, and then use the > Silent Viruses facility to cause the message to be binned completely. > > On Wed28 Jun 06, at 17:04, Rob Morin wrote: > >> I would like to have any emails with more that 20 recipients, NOT >> delivered and simply discarded from the queueu and sent to never >> never land! >> >> I would lover to shoot these people that put up exploitable scripts , >> but of course they always end up being high end clients, and the >> powers at be , say , just fix it and shut up.... >> >> :( >> >> So in the end i have to deal with it! >> >> :( >> >> Thanks! >> >> Rob Morin >> Dido InterNet Inc. >> Montreal, Canada >> Http://www.dido.ca >> 514-990-4444 >> >> >> >> Drew Marshall wrote: >>> On Wed, June 28, 2006 15:42, Rob Morin wrote: >>> >>>> Hello all... >>>> >>> >>> Hi Rob >>> >>>> I have a couple hosted websites that have exploitable forms, that >>>> can be >>>> used to spam. i contact the person(s) as soon as i find out it is >>>> being >>>> exploited and remove the offending form/script, whatever... >>>> >>> >>> Nice. Might be customers but they clearly need shooting! >>> >>> >>>> but by this time the damage is done. I have all email from my >>>> webserver >>>> that goes out to go to my MX server running MS with postfix. now it >>>> catches some of the spam as usual, but some not. Now some of the >>>> emails >>>> come with over 25 recipients in the To field. my question is how am i >>>> suppose to limit this...?? >>>> >>> >>> Are you trying to just remove the offending mail or just clear the >>> server >>> to allow it to process other mail to? I would suggest if possible you >>> don't want to deliver the Spam, so I would kill postfix and just let >>> MS/ >>> SA do it's bit and see what's left. >>> >>> >>>> I added this to the main.cf of postfix smtpd_recipient_limit=20 but >>>> when i check the logs i still see email with 25 going through, i did >>>> reload postfix.... i made these changes after these emails where in >>>> the >>>> queue , does this setting only affect new emails? And what happens to >>>> the email that does go over 20, does it get rejected or just delete ?? >>>> >>> >>> That limits the number of recipients that the smtpd accepts messages >>> for. >>> If your server has the mail already, it's too late. But also the >>> overshoot >>> limit will kick in also. >>> >>> smtpd_recipient_limit (default: 1000) >>> The maximal number of recipients that the Postfix SMTP server >>> accepts per >>> message delivery request. >>> >>> smtpd_recipient_overshoot_limit (default: 1000) >>> The number of recipients that a remote SMTP client can send in >>> excess of >>> the limit specified with $smtpd_recipient_limit, before the Postfix >>> SMTP >>> server increments the per-session error count for each excess recipient >>> >>> Hope this helps. >>> >>> Drew >>> >>> >>> >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > --Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store ! > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From gmane at tippingmar.com Wed Jun 28 17:48:44 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Wed Jun 28 17:50:28 2006 Subject: Sophos for Linux announcement Message-ID: We would like to make you aware of an issue with the latest version of Sophos Anti-Virus for Linux, which needs your urgent attention to ensure that your protection is up to date. We are contacting you because our records indicate that your company has downloaded this latest version and that you may therefore be using it within your company. If you are not the person in your company responsible for administering Sophos Anti-Virus on Linux computers, please could you pass this email on to that person as soon as possible Sophos Anti-Virus for Linux 5.0.6 (released Friday 23 June) contains a bug which has resulted in a loss of updating functionality. An error will be generated when /opt/sophos-av/savupdate is run: ERROR: Failed to read configuration 'UpdateSourcePath' Although Sophos Anti-Virus for Linux will continue to protect against malware, it will not be able to update itself. Customers using Sophos Anti-Virus for Linux in conjunction with gateway products will also be affected. >From more details, and a solution, see this knowledgebase article: http://s561.link.sophos.com/kb5718?pl_id=9 From rob at thehostmasters.com Wed Jun 28 18:17:24 2006 From: rob at thehostmasters.com (Rob Morin) Date: Wed Jun 28 18:20:48 2006 Subject: lots of this stuff in logs now.. In-Reply-To: <44A2A763.5070202@thehostmasters.com> References: <018201c69ac8$cc41f850$3004010a@martinhlaptop> <44A2A763.5070202@thehostmasters.com> Message-ID: <44A2B9A4.6040008@thehostmasters.com> Mind you i can not reach sbl-xbl.spamhaus.org or any of its other ones from my server for some reason.... maybe thats why i get the time outs? I removed them and are using another source for RBL, NJABL Anyone else have this issue...?? Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Rob Morin wrote: > I just added one last night.... a simple BIND setup as caching..... as > i wanted to do the rsync thing for SURBL stuff, i thought it would > makes things a little faster. But prior i was using another dns server > on the same LAN... > > I do see allot of spam caught via the RBL so i would like to keep them > in.... > > Thanks for replying so quickly guys/gals > :) > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > > > Martin Hepworth wrote: >> Rob >> >> Have you got a local caching name server on your MS machine? >> >> -- >> Martin Hepworth Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Rob Morin >>> Sent: 28 June 2006 16:18 >>> To: MailScanner discussion >>> Subject: lots of this stuff in logs now.. >>> >>> ... its been about a week now i noticed this stuff... >>> >>> Jun 28 11:11:34 peter MailScanner[16353]: Disabled RBL SBL+XBL as >>> reached 7/10 timeouts >>> Jun 28 11:11:45 peter MailScanner[16353]: Disabled RBL SBL+XBL as >>> reached 7/10 timeouts >>> Jun 28 11:12:26 peter MailScanner[16471]: Disabled RBL SBL+XBL as >>> reached 7/10 timeouts >>> Jun 28 11:12:33 peter MailScanner[15514]: Disabled RBL SBL+XBL as >>> reached 7/10 timeouts >>> Jun 28 11:12:37 peter MailScanner[16471]: Disabled RBL SBL+XBL as >>> reached 7/10 timeouts >>> Jun 28 11:14:01 peter MailScanner[15514]: Disabled RBL SBL+XBL as >>> reached 7/10 timeouts >>> >>> -- >>> >>> Rob Morin >>> Dido InterNet Inc. >>> Montreal, Canada >>> Http://www.dido.ca >>> 514-990-4444 >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> From MailScanner at ecs.soton.ac.uk Wed Jun 28 18:42:17 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 28 18:43:16 2006 Subject: Dam spam from web server nee dlimit In-Reply-To: <44A2B2C2.5060305@thehostmasters.com> References: <44A29539.1030408@thehostmasters.com> <60601.194.70.180.170.1151508847.squirrel@webmail.r-bit.net> <44A2A88F.3080706@thehostmasters.com> <44A2B2C2.5060305@thehostmasters.com> Message-ID: On Wed28 Jun 06, at 17:48, Rob Morin wrote: > Ooo... that sounds cool... You mean, make a custom rule, sort > of... but how would MS know how many recipients it would have? My > programming skills are just enough to get me by.. > :) Count the number of elements in @{$message->{to}} and return 1 (= yes) or 0 (= no) (if you are using a yes/no rule) or the appropriate string for the configuration setting. > > if someone can direct me in the fashion of implementing it as a > generic virus scanner, i would be very appreciated... Currently i > delete all high scoring spam anything over 8 gets deleted... its > been working out quite well for the last few years this way.... Take a look in /usr/lib/MailScanner/MailScanner/CustomFunctions and read the docs. If you delete all high-scoring spam anyway then you could do it with "Is Definitely Spam", but that would remove your ability to have a normal blacklist as well, so you are probably still better off with the Custom Virus Scanner approach. > > Julian Field wrote: >> You could do this with a Custom Function very easily. Just hook >> Spam Actions and its brethren, test the number of recipients and >> return "delete" if that's what you want it to do with it. >> >> Or else, which would be faster, is to set >> High Scoring Spam Actions = delete >> Is Definitely Spam = &CheckRecips >> Definite Spam is High Scoring = yes >> >> then just check the number of recipients in &CheckRecips, >> returning 1 if it has too many recipients and 0 otherwise. >> >> There are loads of other places you could hook it in, but the idea >> is very similar. You could even implement it as a generic virus >> scanner or spam scanner. If you go down the generic virus scanner >> route, just say it's a virus if it has too many recipients, and >> then use the Silent Viruses facility to cause the message to be >> binned completely. >> >> On Wed28 Jun 06, at 17:04, Rob Morin wrote: >> >>> I would like to have any emails with more that 20 recipients, NOT >>> delivered and simply discarded from the queueu and sent to never >>> never land! >>> >>> I would lover to shoot these people that put up exploitable >>> scripts , but of course they always end up being high end >>> clients, and the powers at be , say , just fix it and shut up.... >>> >>> :( >>> >>> So in the end i have to deal with it! >>> >>> :( >>> >>> Thanks! >>> >>> Rob Morin >>> Dido InterNet Inc. >>> Montreal, Canada >>> Http://www.dido.ca >>> 514-990-4444 >>> >>> >>> >>> Drew Marshall wrote: >>>> On Wed, June 28, 2006 15:42, Rob Morin wrote: >>>> >>>>> Hello all... >>>>> >>>> >>>> Hi Rob >>>> >>>>> I have a couple hosted websites that have exploitable forms, >>>>> that can be >>>>> used to spam. i contact the person(s) as soon as i find out it >>>>> is being >>>>> exploited and remove the offending form/script, whatever... >>>>> >>>> >>>> Nice. Might be customers but they clearly need shooting! >>>> >>>> >>>>> but by this time the damage is done. I have all email from my >>>>> webserver >>>>> that goes out to go to my MX server running MS with postfix. >>>>> now it >>>>> catches some of the spam as usual, but some not. Now some of >>>>> the emails >>>>> come with over 25 recipients in the To field. my question is >>>>> how am i >>>>> suppose to limit this...?? >>>>> >>>> >>>> Are you trying to just remove the offending mail or just clear >>>> the server >>>> to allow it to process other mail to? I would suggest if >>>> possible you >>>> don't want to deliver the Spam, so I would kill postfix and just >>>> let MS/ >>>> SA do it's bit and see what's left. >>>> >>>> >>>>> I added this to the main.cf of postfix >>>>> smtpd_recipient_limit=20 but >>>>> when i check the logs i still see email with 25 going through, >>>>> i did >>>>> reload postfix.... i made these changes after these emails >>>>> where in the >>>>> queue , does this setting only affect new emails? And what >>>>> happens to >>>>> the email that does go over 20, does it get rejected or just >>>>> delete ?? >>>>> >>>> >>>> That limits the number of recipients that the smtpd accepts >>>> messages for. >>>> If your server has the mail already, it's too late. But also the >>>> overshoot >>>> limit will kick in also. >>>> >>>> smtpd_recipient_limit (default: 1000) >>>> The maximal number of recipients that the Postfix SMTP server >>>> accepts per >>>> message delivery request. >>>> >>>> smtpd_recipient_overshoot_limit (default: 1000) >>>> The number of recipients that a remote SMTP client can send in >>>> excess of >>>> the limit specified with $smtpd_recipient_limit, before the >>>> Postfix SMTP >>>> server increments the per-session error count for each excess >>>> recipient >>>> >>>> Hope this helps. >>>> >>>> Drew >>>> >>>> >>>> >>> --MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> --Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store ! >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> >> --This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From andy at tireswing.net Wed Jun 28 18:28:45 2006 From: andy at tireswing.net (Andy Norris) Date: Wed Jun 28 18:52:00 2006 Subject: MS Outlook "outbind" phishing detection In-Reply-To: <4E39D748-4E22-4756-A3DA-14AA85B1D2C0@ecs.soton.ac.uk> References: <6.2.3.4.2.20060627175514.0405b550@mail.finedaycoming.com> <4E39D748-4E22-4756-A3DA-14AA85B1D2C0@ecs.soton.ac.uk> Message-ID: <6.2.3.4.2.20060628122706.0466d138@mail.tireswing.net> Hi Julian, Thanks very much for looking into this. The following is the URL in question: MailScanner has detected a possible fraud attempt from "outbind:" claiming to be www.greatcircleflight.com I will now apply the patch you sent and see how we get on. Thank you again, Andy Norris At 02:37 am 2006-06-28, you wrote: >It already removed outbind:///..... > >Please can you give me an exact example of the URL that is the >problem, preferably a real example. > >On 28 Jun 2006, at 00:04, Andy Norris wrote: > >> >>Hi, >> >>I tried my hardest to find the answer on my own... >> >>I have a customer who sent me a message a bit ago unhappy that >>their outbound mail to a customer of theirs had the warning >>phishing message at the bottom of their email because Outlook put >>in "outbind://....". >> >>What to do? Is there a way to tweak the phishing rules to allow any >>url that starts with "outbind://"? >> >>Running MailScanner v 4.54.6-1 and SendMail v 8.12.11. >> >>Thanks in advance for any help, >> >>Andy Norris >> >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! > >-- >Julian Field >MailScanner@ecs.soton.ac.uk > > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. >MailScanner thanks transtec Computers for their support. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From ka at pacific.net Wed Jun 28 19:05:33 2006 From: ka at pacific.net (Ken A) Date: Wed Jun 28 19:11:16 2006 Subject: O.T. milter-link - reject phishing & spam Message-ID: <44A2C4ED.6060007@pacific.net> Anyone using or tried snertsoft's milter-link ? It checks message bodies against surbl or other similar list. Seems to work nicely and takes a bit of load off MailScanner/S.A. Thoughts? It supports whitelisting, so it's important to whitelist things like abuse@, postmaster@, and support@, if you do that sort of thing. Thanks, Ken A. Pacific.Net From r.curtis at ywcaelpaso.org Wed Jun 28 18:12:30 2006 From: r.curtis at ywcaelpaso.org (Curtis, Roger) Date: Wed Jun 28 19:22:53 2006 Subject: MailScanner -debug errors Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Anthony Peacock > Sent: Wednesday, June 28, 2006 1:43 AM > To: MailScanner discussion > Subject: Re: MailScanner -debug errors > > Hi, > > Curtis, Roger wrote: > > I just upgraded to the latest stable release of MailScanner trying to > > correct the "info:" and errors shown when using MailScanner -debug > > (below) but that didn't seem to fix anything. I used Julian's > > easy-to-use installation files. I have the appropriate loadplugin lines > > enabled in init.pre for all the plug-ins (dcc, pyzor, and razor2). I > > did not look at the Spamassassin.pm file as I have not made any changes > > to it so it should still be the "stock" file. What am I missing? > > > > Thanks for your help and guidance. > > Roger Curtis > > > > Versions: > > MailScanner 4.54.6 > > SpamAssassin 3.1.3 > > Postfix 2.2.2 > > > > > > [root@gateway rules]# MailScanner -debug > > In Debugging mode, not forking... > > [12606] dbg: logger: adding facilities: all > > [12606] dbg: logger: logging level is DBG > > [12606] dbg: generic: SpamAssassin version 3.1.3 > > [12606] dbg: config: score set 0 chosen. > > [12606] dbg: util: running in taint mode? no > > [12606] dbg: message: ---- MIME PARSER START ---- > > [12606] dbg: message: main message type: text/plain > > [12606] dbg: message: parsing normal part > > [12606] dbg: message: added part, type: text/plain > > [12606] dbg: message: ---- MIME PARSER END ---- > > [12606] dbg: dns: is Net::DNS::Resolver available? yes > > [12606] dbg: dns: Net::DNS version: 0.57 > > [12606] info: config: failed to parse line, skipping: use_dcc 0 > > [12606] info: config: failed to parse line, skipping: use_pyzor 0 > > [12606] info: config: failed to parse line, skipping: use_razor1 0 > > [12606] info: config: failed to parse line, skipping: use_razor2 0 > > [12606] info: config: failed to parse line, skipping: decode_attachments > > 1 > > Check your /etc/mail/spamassassin directory for local.cf and check the > settings in there against the documentation for the latest SpamAssassin > > http://spamassassin.apache.org/full/3.1.x/dist/doc/Mail_SpamAssassin_Con f. > html > > Those config lines are no longer valid. > Most options in local.cf are commented out. What remained were valid bayes-related options. > > (You may also need to check /etc/mail/spamassassin/mailscanner.cf > Everything in mailscanner.cf are also valid options per the Mail_SpamAssassin_Conf doc, or are options made available via a plug-in. The clue might be the "use_razor1 0" option, as I see that nowhere in any config file in /etc/mail/spamassassin. Not being a Linux guru, I used "grep razor1 *" to check all files in /etc/mail/spamassassin. Is that valid? Where else should I be looking for a config file that might have razor1 options in it? > > > [12606] dbg: logger: adding facilities: all > > [12606] dbg: logger: logging level is DBG > > [12606] dbg: generic: SpamAssassin version 3.1.3 > > [12606] dbg: config: score set 0 chosen. > > [12606] dbg: message: ---- MIME PARSER START ---- > > [12606] dbg: message: main message type: text/plain > > [12606] dbg: message: parsing normal part > > [12606] dbg: message: added part, type: text/plain > > [12606] dbg: message: ---- MIME PARSER END ---- > > [12606] dbg: dns: is Net::DNS::Resolver available? yes > > [12606] dbg: dns: Net::DNS version: 0.57 > > Use of uninitialized value in concatenation (.) or string at > > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin.pm line 1009. > > Use of uninitialized value in concatenation (.) or string at > > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin.pm line 1011. > > [12606] dbg: config: read_scoreonly_config: cannot open "": No such file > > or directory From r.curtis at ywcaelpaso.org Wed Jun 28 19:28:06 2006 From: r.curtis at ywcaelpaso.org (Curtis, Roger) Date: Wed Jun 28 19:29:44 2006 Subject: MailScanner -debug errors Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Anthony Peacock > Sent: Wednesday, June 28, 2006 1:43 AM > To: MailScanner discussion > Subject: Re: MailScanner -debug errors > > Hi, > > Curtis, Roger wrote: > > I just upgraded to the latest stable release of MailScanner trying to > > correct the "info:" and errors shown when using MailScanner -debug > > (below) but that didn't seem to fix anything. I used Julian's > > easy-to-use installation files. I have the appropriate loadplugin lines > > enabled in init.pre for all the plug-ins (dcc, pyzor, and razor2). I > > did not look at the Spamassassin.pm file as I have not made any changes > > to it so it should still be the "stock" file. What am I missing? > > > > Thanks for your help and guidance. > > Roger Curtis > > > > Versions: > > MailScanner 4.54.6 > > SpamAssassin 3.1.3 > > Postfix 2.2.2 > > > > > > [root@gateway rules]# MailScanner -debug > > In Debugging mode, not forking... > > [12606] dbg: logger: adding facilities: all > > [12606] dbg: logger: logging level is DBG > > [12606] dbg: generic: SpamAssassin version 3.1.3 > > [12606] dbg: config: score set 0 chosen. > > [12606] dbg: util: running in taint mode? no > > [12606] dbg: message: ---- MIME PARSER START ---- > > [12606] dbg: message: main message type: text/plain > > [12606] dbg: message: parsing normal part > > [12606] dbg: message: added part, type: text/plain > > [12606] dbg: message: ---- MIME PARSER END ---- > > [12606] dbg: dns: is Net::DNS::Resolver available? yes > > [12606] dbg: dns: Net::DNS version: 0.57 > > [12606] info: config: failed to parse line, skipping: use_dcc 0 > > [12606] info: config: failed to parse line, skipping: use_pyzor 0 > > [12606] info: config: failed to parse line, skipping: use_razor1 0 > > [12606] info: config: failed to parse line, skipping: use_razor2 0 > > [12606] info: config: failed to parse line, skipping: decode_attachments > > 1 > > Check your /etc/mail/spamassassin directory for local.cf and check the > settings in there against the documentation for the latest SpamAssassin > > http://spamassassin.apache.org/full/3.1.x/dist/doc/Mail_SpamAssassin_Con f. > html > > Those config lines are no longer valid. > Most options in local.cf are commented out. What remained were valid bayes-related options. > > (You may also need to check /etc/mail/spamassassin/mailscanner.cf > Everything in mailscanner.cf are also valid options per the Mail_SpamAssassin_Conf doc, or are options made available via a plug-in. The clue might be the "use_razor1 0" option, as I see that nowhere in any config file in /etc/mail/spamassassin. Not being a Linux guru, I used "grep razor1 *" to check all files in /etc/mail/spamassassin. Is that valid? Where else should I be looking for a config file that might have razor1 options in it? > > > [12606] dbg: logger: adding facilities: all > > [12606] dbg: logger: logging level is DBG > > [12606] dbg: generic: SpamAssassin version 3.1.3 > > [12606] dbg: config: score set 0 chosen. > > [12606] dbg: message: ---- MIME PARSER START ---- > > [12606] dbg: message: main message type: text/plain > > [12606] dbg: message: parsing normal part > > [12606] dbg: message: added part, type: text/plain > > [12606] dbg: message: ---- MIME PARSER END ---- > > [12606] dbg: dns: is Net::DNS::Resolver available? yes > > [12606] dbg: dns: Net::DNS version: 0.57 > > Use of uninitialized value in concatenation (.) or string at > > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin.pm line 1009. > > Use of uninitialized value in concatenation (.) or string at > > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin.pm line 1011. > > [12606] dbg: config: read_scoreonly_config: cannot open "": No such file > > or directory From steve.freegard at fsl.com Wed Jun 28 20:23:49 2006 From: steve.freegard at fsl.com (Steve Freegard) Date: Wed Jun 28 20:21:57 2006 Subject: O.T. milter-link - reject phishing & spam In-Reply-To: <44A2C4ED.6060007@pacific.net> References: <44A2C4ED.6060007@pacific.net> Message-ID: <44A2D745.9040104@fsl.com> Hi Ken, Ken A wrote: > Anyone using or tried snertsoft's milter-link ? > It checks message bodies against surbl or other similar list. > Seems to work nicely and takes a bit of load off MailScanner/S.A. Disclaimer: I helped Anthony write and test milter-link as it was based on a milter that I wrote in Perl that used SpamAssassin to do the same. This was a re-implementation of my code + a lot of extras but written in C for far greater speed and efficiency. milter-link is very undervalued in my opinion -- it does a fantastic job of reducing the load on MailScanner (see attached graph of todays MTA rejections from the FSL spam trap!). Cheers, Steve. -------------- next part -------------- A non-text attachment was scrubbed... Name: mta-last24.png Type: image/png Size: 11031 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060628/f49b19d7/mta-last24.png From ka at pacific.net Wed Jun 28 20:45:49 2006 From: ka at pacific.net (Ken A) Date: Wed Jun 28 20:45:28 2006 Subject: O.T. milter-link - reject phishing & spam In-Reply-To: <44A2D745.9040104@fsl.com> References: <44A2C4ED.6060007@pacific.net> <44A2D745.9040104@fsl.com> Message-ID: <44A2DC6D.6030303@pacific.net> Steve Freegard wrote: > Hi Ken, > > Ken A wrote: >> Anyone using or tried snertsoft's milter-link ? >> It checks message bodies against surbl or other similar list. >> Seems to work nicely and takes a bit of load off MailScanner/S.A. > > Disclaimer: I helped Anthony write and test milter-link as it was based > on a milter that I wrote in Perl that used SpamAssassin to do the same. > This was a re-implementation of my code + a lot of extras but written > in C for far greater speed and efficiency. > > milter-link is very undervalued in my opinion -- it does a fantastic job > of reducing the load on MailScanner (see attached graph of todays MTA > rejections from the FSL spam trap!). Hi Steve, I was looking at the perl milter api for checking message bodies before I stumbled upon this one. Great work by you and Anthony! Is the URIBL in your graph just a generic term here, or are you using milter-link with URIBL rather than SURBL, or both? I was just testing using SURBL, but might drop a couple more in and see how it goes... Thanks, Ken A. Pacific.Net > > Cheers, > Steve. > > > ------------------------------------------------------------------------ > From steve.swaney at fsl.com Wed Jun 28 20:59:17 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Jun 28 20:59:21 2006 Subject: O.T. milter-link - reject phishing & spam In-Reply-To: <44A2C4ED.6060007@pacific.net> Message-ID: <1dc701c69aed$56ed3270$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ken A > Sent: Wednesday, June 28, 2006 2:06 PM > To: mailscanner@lists.mailscanner.info > Subject: O.T. milter-link - reject phishing & spam > > > Anyone using or tried snertsoft's milter-link ? > It checks message bodies against surbl or other similar list. > Seems to work nicely and takes a bit of load off MailScanner/S.A. > > Thoughts? > > It supports whitelisting, so it's important to whitelist things like > abuse@, postmaster@, and support@, if you do that sort of thing. > > Thanks, > Ken A. > Pacific.Net We've been testing and it seems to work well, just like all of Anthony's milters. You are right about reducing load, since the message is never accepted and is not run through MailScanner or SpamAssassin. Since you are deleteing the message based on spammy URLS you need to be careful which lists you are telling milter-limit to check against. Anyone considering it should check out the docs at: http://www.snertsoft.com/sendmail/milter-link/ And this one is free :) Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From ka at pacific.net Wed Jun 28 21:14:51 2006 From: ka at pacific.net (Ken A) Date: Wed Jun 28 21:14:29 2006 Subject: O.T. milter-link - reject phishing & spam In-Reply-To: <1dc701c69aed$56ed3270$287ba8c0@office.fsl> References: <1dc701c69aed$56ed3270$287ba8c0@office.fsl> Message-ID: <44A2E33B.6030102@pacific.net> Stephen Swaney wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Ken A >> Sent: Wednesday, June 28, 2006 2:06 PM >> To: mailscanner@lists.mailscanner.info >> Subject: O.T. milter-link - reject phishing & spam >> >> >> Anyone using or tried snertsoft's milter-link ? >> It checks message bodies against surbl or other similar list. >> Seems to work nicely and takes a bit of load off MailScanner/S.A. >> >> Thoughts? >> >> It supports whitelisting, so it's important to whitelist things like >> abuse@, postmaster@, and support@, if you do that sort of thing. >> >> Thanks, >> Ken A. >> Pacific.Net > > We've been testing and it seems to work well, just like all of Anthony's > milters. You are right about reducing load, since the message is never > accepted and is not run through MailScanner or SpamAssassin. > > Since you are deleteing the message based on spammy URLS you need to be > careful which lists you are telling milter-limit to check against. Anyone > considering it should check out the docs at: > > http://www.snertsoft.com/sendmail/milter-link/ Agreed. We are soft failing with a 4xx error though, not discarding, so if it's a legitimate email (with a link to ImPKDpGgjgGfuAbrrfkmIIm.zanzzibar.com!), it'll come through eventually if/when it's removed from surbl, or bounce back to the sender in a few days. Ken A. Pacific.Net > And this one is free :) > > Steve > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > From steve.freegard at fsl.com Wed Jun 28 21:52:36 2006 From: steve.freegard at fsl.com (Steve Freegard) Date: Wed Jun 28 21:50:43 2006 Subject: O.T. milter-link - reject phishing & spam In-Reply-To: <44A2DC6D.6030303@pacific.net> References: <44A2C4ED.6060007@pacific.net> <44A2D745.9040104@fsl.com> <44A2DC6D.6030303@pacific.net> Message-ID: <44A2EC14.6060908@fsl.com> Hi Ken, Ken A wrote: > Is the URIBL in your graph just a generic term here, or are you using > milter-link with URIBL rather than SURBL, or both? I was just testing > using SURBL, but might drop a couple more in and see how it goes... It's a generic term -- I use all three URI lists (in the following order): sbl-xbl.spamhaus.org multi.surbl.org black.uribl.com The spamhaus test is slightly different from the other two lists -- it lists the IP addresses of spamvertised web servers and seems to work the best of all three lists. Kind regards, Steve. From glauciusjunior at gmail.com Wed Jun 28 22:16:41 2006 From: glauciusjunior at gmail.com (glaucius junior) Date: Wed Jun 28 22:16:46 2006 Subject: mailscanner/postfix/freebsd In-Reply-To: <2360d6370606280928o4fd723d4md16ecde78db5e968@mail.gmail.com> References: <200606281452.k5SEqAgl001429@bkserver.blacknight.ie> <2360d6370606280928o4fd723d4md16ecde78db5e968@mail.gmail.com> Message-ID: <2360d6370606281416y3bf891d7t34798461b5ac97d7@mail.gmail.com> Hi Now it is working fine, but the message after be processed by MailScanner goes back to /var/spool/postfix/incoming , ok, but Postfix doesn't make anything else, the file is there and the message doe's not go to final destination, take a look Jun 28 18:11:06 mail postfix/cleanup[27832]: 63975FF21: hold: header Subject: iptu from unknown[10.1.1.79]; from= to= proto=ESMTP helo=<[10.1.1.79]>: email spam :*cvc-0001 Jun 28 18:09:26 mail MailScanner[27786]: MailScanner E-Mail Virus Scanner version 4.54.6 starting... Jun 28 18:09:26 mail MailScanner[27786]: Read 204 hostnames from the phishing whitelist Jun 28 18:09:26 mail MailScanner[27786]: ClamAV scanner using unrar command /usr/local/bin/unrar Jun 28 18:09:26 mail MailScanner[27786]: Using locktype = flock Jun 28 18:11:07 mail MailScanner[27786]: New Batch: Scanning 1 messages, 899 bytes Jun 28 18:11:07 mail MailScanner[27786]: Virus and Content Scanning: Starting Jun 28 18:11:10 mail MailScanner[27786]: Requeue: 63975FF21.D7659 to 5B948FE68 Jun 28 18:11:10 mail MailScanner[27786]: Uninfected: Delivered 1 messages root@mail.cvc.com.br #pwd /var/spool/postfix/incoming root@mail.cvc.com.br #cat 5B948FE68 C? 887 271 1 0T 1151529066Sglaucius@cvc.com.brArewrite_context=remoteAclient_address=10.1.1.79A!message_origin=unknown[10.1.1.79]Ahelo_name=[10.1.1.79]Aprotocol_name=ESMTPOglaucius@cvc.com.brRglaucius@cvc.com.brMN0Received: from [10.1.1.79] (unknown [10.1.1.79])N5 by mail.cvc.com.br (Postfix) with ESMTP id 63975FF21NA for ; Wed, 28 Jun 2006 18:11:06 -0300 (BRT)N)Message-ID: <44A2F169.1010603@cvc.com.br>N%Date: Wed, 28 Jun 2006 18:15:21 -0300N:From: Glaucius Djalma Pereira Junior wrote: > Thanks > the problem was resolved > > best regards ! > > On 6/28/06, Remy de Ruysscher wrote: > > Hi, > > > > Build sqlite without threading support and your problems are over! > > > > cd /usr/ports/databases/sqlite3 > > make config > > make deinstall && make reinstall > > > > Goodluck! > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > > Of glaucius junior > > > Sent: woensdag 28 juni 2006 16:37 > > > To: mailscanner@lists.mailscanner.info > > > Subject: mailscanner/postfix/freebsd > > > > > > Hi everyone > > > > > > I'm using postfix as MTA, and FreeBSD 5.4 as OS > > > > > > I'm trying to use mailscanner with postfix, I did exactly as > > > the how-to (http://www.mailscanner.info/postfix.html) says, > > > configure my Incoming and OUtgoing dir, but MailScanner did > > > not find the emails in hold folder. > > > > > > > > > My log : > > > > > > Jun 28 11:34:23 mail MailScanner[95361]: MailScanner E-Mail > > > Virus Scanner version 4.54.6 starting... > > > Jun 28 11:34:23 mail MailScanner[95361]: Read 719 hostnames > > > from the phishing whitelist Jun 28 11:34:23 mail > > > MailScanner[95361]: Using SpamAssassin results cache > > > > > > > > > root@mail.cvc.com.br #ps aux | grep Mail > > > postfix 95294 0.0 0.8 17308 16644 ?? Ss 11:29AM 0:00.12 > > > MailScanner: starting child (perl5.8.6) > > > > > > When I try to debug > > > > > > root@mail.cvc.com.br #mailscanner --debug In Debugging mode, > > > not forking... > > > /libexec/ld-elf.so.1: /usr/local/lib/libsqlite3.so.8: > > > Undefined symbol "pthread_create" > > > root@mail.cvc.com.br # > > > > > > I try to use mailscanner in a LinuxBox (debian) and it worked > > > very fine, using the same config, users options on FreeBSD. > > > > > > > > > best regards ! > > > Glaucius > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > From ka at pacific.net Wed Jun 28 22:38:21 2006 From: ka at pacific.net (Ken A) Date: Wed Jun 28 22:37:59 2006 Subject: O.T. milter-link - reject phishing & spam In-Reply-To: <44A2EC14.6060908@fsl.com> References: <44A2C4ED.6060007@pacific.net> <44A2D745.9040104@fsl.com> <44A2DC6D.6030303@pacific.net> <44A2EC14.6060908@fsl.com> Message-ID: <44A2F6CD.8060502@pacific.net> Steve Freegard wrote: > Hi Ken, > > Ken A wrote: >> Is the URIBL in your graph just a generic term here, or are you using >> milter-link with URIBL rather than SURBL, or both? I was just testing >> using SURBL, but might drop a couple more in and see how it goes... > > It's a generic term -- I use all three URI lists (in the following order): > > sbl-xbl.spamhaus.org > multi.surbl.org > black.uribl.com > > The spamhaus test is slightly different from the other two lists -- it > lists the IP addresses of spamvertised web servers and seems to work the > best of all three lists. Seems like that could be risky when considering a shared hosting environment, where there are hundreds of sites on a single IP. Wouldn't you be punishing them all? Thanks, Ken A. Pacific.Net > Kind regards, > Steve. > From ka at pacific.net Thu Jun 29 01:02:31 2006 From: ka at pacific.net (Ken A) Date: Thu Jun 29 01:02:12 2006 Subject: O.T. milter-link - reject phishing & spam In-Reply-To: <44A2F6CD.8060502@pacific.net> References: <44A2C4ED.6060007@pacific.net> <44A2D745.9040104@fsl.com> <44A2DC6D.6030303@pacific.net> <44A2EC14.6060908@fsl.com> <44A2F6CD.8060502@pacific.net> Message-ID: <44A31897.3080207@pacific.net> Ken A wrote: > > > Steve Freegard wrote: >> Hi Ken, >> >> Ken A wrote: >>> Is the URIBL in your graph just a generic term here, or are you using >>> milter-link with URIBL rather than SURBL, or both? I was just testing >>> using SURBL, but might drop a couple more in and see how it goes... >> >> It's a generic term -- I use all three URI lists (in the following >> order): >> >> sbl-xbl.spamhaus.org >> multi.surbl.org >> black.uribl.com >> >> The spamhaus test is slightly different from the other two lists -- it >> lists the IP addresses of spamvertised web servers and seems to work >> the best of all three lists. > > Seems like that could be risky when considering a shared hosting > environment, where there are hundreds of sites on a single IP. Wouldn't > you be punishing them all? for example.. # host humboldt.edu humboldt.edu has address 137.150.145.17 # host 17.145.150.137.sbl-xbl.spamhaus.org 17.145.150.137.sbl-xbl.spamhaus.org has address 127.0.0.4 That's Humboldt State University in Northern California. I wonder if they host student sites, or have an open relay script.. :-( Another one.. #host alumni.net alumni.net has address 66.240.255.123 # host 123.255.240.66.sbl-xbl.spamhaus.org 123.255.240.66.sbl-xbl.spamhaus.org has address 127.0.0.4 This is a alumni networking site claiming 4 million members.. They aren't on any other lists, probably another site on the same ip is being exploited to send spam. I think maybe just the sbl might be safer, at least for an ISP environment. Thanks, Ken A. Pacific.Net > Thanks, > Ken A. > Pacific.Net > >> Kind regards, >> Steve. >> From steve.swaney at fsl.com Thu Jun 29 02:16:51 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jun 29 02:16:55 2006 Subject: O.T. milter-link - reject phishing & spam In-Reply-To: <44A31897.3080207@pacific.net> Message-ID: <1f0401c69b19$b3e22db0$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ken A > Sent: Wednesday, June 28, 2006 8:03 PM > To: MailScanner discussion > Subject: Re: O.T. milter-link - reject phishing & spam > > > > Ken A wrote: > > > > > > Steve Freegard wrote: > >> Hi Ken, > >> > >> Ken A wrote: > >>> Is the URIBL in your graph just a generic term here, or are you using > >>> milter-link with URIBL rather than SURBL, or both? I was just testing > >>> using SURBL, but might drop a couple more in and see how it goes... > >> > >> It's a generic term -- I use all three URI lists (in the following > >> order): > >> > >> sbl-xbl.spamhaus.org > >> multi.surbl.org > >> black.uribl.com > >> > >> The spamhaus test is slightly different from the other two lists -- it > >> lists the IP addresses of spamvertised web servers and seems to work > >> the best of all three lists. > > > > Seems like that could be risky when considering a shared hosting > > environment, where there are hundreds of sites on a single IP. Wouldn't > > you be punishing them all? > > for example.. > > # host humboldt.edu > humboldt.edu has address 137.150.145.17 > # host 17.145.150.137.sbl-xbl.spamhaus.org > 17.145.150.137.sbl-xbl.spamhaus.org has address 127.0.0.4 > > That's Humboldt State University in Northern California. > I wonder if they host student sites, or have an open relay script.. > :-( > > Another one.. > #host alumni.net > alumni.net has address 66.240.255.123 > # host 123.255.240.66.sbl-xbl.spamhaus.org > 123.255.240.66.sbl-xbl.spamhaus.org has address 127.0.0.4 > > This is a alumni networking site claiming 4 million members.. > They aren't on any other lists, probably another site on the same ip is > being exploited to send spam. I think maybe just the sbl might be safer, > at least for an ISP environment. > > Thanks, > Ken A. > Pacific.Net Ken, I don't dispute your analysis or data but our service bureau scanners and all of our client's (Mostly UK, EU and US sites) have been blocking at the MTA level on sbl-xbl.spamhaus.org since it came into being. Maybe it's just luck but we've never had a single complaint of blocked email from a client or user that had email blocked because of an sbl-xbl.spamhaus.org listing. Many of our ISP and ASP clients would be unable to process the email they receive if they didn't block or drop on sbl-xbl.spamhaus.org at the MTA level. We are seeing some of our IPS client sites where the attempted spam / junk delivery rate is 95% of all incoming email. They have just got to block as much as possible at the MTA level or they are out of business! My hats off to the people who maintain the sbl-xbl.spamhaus.org list. We should all tip our hats and support as best we can all of the good folks who create and maintain all of the lists and tools we use every day to stop #@!&*@#$! spam, viruses, phishing attacks, etc., etc. These are the people who are really keeping the Internet up, running and open for business. Just my 2p / 2c Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From AHKAPLAN at PARTNERS.ORG Thu Jun 29 03:21:58 2006 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Thu Jun 29 03:25:19 2006 Subject: Notifying Recipients of Blocked Messages References: <9C63A4713C4E3342B90428CE44806A7302679785@PHSXMB5.partners.org> Message-ID: <9C63A4713C4E3342B90428CE44806A730D2EE1@PHSXMB5.partners.org> Sorry to keep on asking about this, but I still have the situation where the Administrator is getting notified when users receive viruses, but the users themselves are not getting the notifications. I modifed the MailScanner.conf file line Still Deliver Silent Viruses = no to Still Deliver Silent Viruses = yes and I have restarted MailScanner. What else do I need to do in order for the users to get the notifications? I know most setups do not have this, but it is our company's policy that users do get informed. Thanks. ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Julian Field Sent: Wed 6/21/2006 3:51 PM To: MailScanner discussion Subject: Re: Notifying Recipients of Blocked Messages You've got it about right. All viruses these days are messages which are 100% virus data and no useful information at all. So there's little point in notifying users of stuff they never asked for nor wanted in the first place. Doesn't matter, is the answer to your first question. On Wed21 Jun 06, at 20:15, Kaplan, Andrew H. wrote: > Hi there -- > > I am going through the MailScanner.conf file to locate the recipient > notification configuration, and came across several areas: > > # Set how to invoke MTA when sending messages MailScanner has created > # (e.g. to sender/recipient saying "found a virus in your message") > # This can also be the filename of a ruleset. > Sendmail = /usr/lib/sendmail > > The /usr/lib/sendmail is a link to /usr/sbin/sendmail. Would it be > better to > have the line in question point directly to the latter? Also, would > changing > it as such enable the recipient to receive the above notification? > > # Still deliver (after cleaning) messages that contained viruses > # listed in the above option ("Silent Viruses") to the > recipient? > # Setting this to "yes" is good when you are testing everything, and > # because it shows management that MailScanner is protecting them, > # but it is bad because they have to filter/delete all the incoming > # virus warnings. > # > # Note: Once you have deployed this into "production" use, you should > # Note: set this option to "no" so you don't bombard thousands of > # Note: people with useless messages they don't want! > # > # This can also be the filename of a ruleset. > Still Deliver Silent Viruses = no > > If I change the value from no to yes, will that activate > notification of the > recipient of a virus in their e-mail? > > If these aren't the areas where recipient notification is > configured, can > someone point out the section in question? Thanks. > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Steve Campbell > Sent: Tuesday, June 20, 2006 5:10 PM > To: MailScanner discussion > Subject: Re: Notifying Recipients of Blocked Messages > > Andrew, > > ----- Original Message ----- > From: "Kaplan, Andrew H." > To: "MailScanner discussion" > Sent: Tuesday, June 20, 2006 4:35 PM > Subject: RE: Notifying Recipients of Blocked Messages > > >> At the risk of sounding like a complete idiot, what is the line(s) in >> question >> in the MailScanner.conf file? Sorry... > > That was my point, but a general one, at that. Some options in some > config > files don't seem to indicate what they are used for. But in this > case, I > think you'll find it pretty easily. > > Actually, you should scan the Mailscanner.conf file and read the > paragraph > above each config option. You might even scan the file for "Notify" > to see > all of the different options. > > If you haven't read the conf file from beginning to end, you're > missing a > lot of ideas you could be doing with MS. You won't remember them > all or what > they do, but at least you'll be slightly familiar. > > Don't worry about ever sounding like a complete idiot on this list, > as we > have all done that here on this list at one time or another. And > most of us > have ask the same kind of config questions before also. Remember, > the only > stupid question is the one you never ask, or how ever that goes. > > Steve >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> Steve >> Campbell >> Sent: Tuesday, June 20, 2006 2:12 PM >> To: MailScanner discussion >> Subject: Re: Notifying Recipients of Blocked Messages >> >> >> ----- Original Message ----- >> From: "Michele Neylon :: Blacknight.ie" >> To: "MailScanner discussion" >> Sent: Tuesday, June 20, 2006 1:39 PM >> Subject: Re: Notifying Recipients of Blocked Messages >> >> >>> Kaplan, Andrew H. wrote: >>>> Hi there - >>>> >>>> >>>> >>>> How do I determine if recipients of blocked messages are being >>>> notified, >>> >>> Check your mail logs >>> >>>> and how would I configure MailScanner to do that? Thanks. >>> >>> It's the default setting in MailScanner.conf, so unless you >>> changed it >>> you shouldn't have to do anything >>> >> If you don't know what to change, how do you know if you changed >> it or >> not? >> >> Steve >> >>> >>> -- >>> Mr Michele Neylon >>> Blacknight Solutions >>> Quality Business Hosting & Colocation >>> http://www.blacknight.ie/ >>> Tel. 1850 927 280 >>> Intl. +353 (0) 59 9183072 >>> Direct Dial: +353 (0)59 9183090 >>> Fax. +353 (0) 59 9164239 >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 12049 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060628/01e8547a/attachment.bin From alex at nkpanama.com Thu Jun 29 04:01:03 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jun 29 04:01:38 2006 Subject: Notifying Recipients of Blocked Messages In-Reply-To: <9C63A4713C4E3342B90428CE44806A730D2EE1@PHSXMB5.partners.org> References: <9C63A4713C4E3342B90428CE44806A7302679785@PHSXMB5.partners.org> <9C63A4713C4E3342B90428CE44806A730D2EE1@PHSXMB5.partners.org> Message-ID: <44A3426F.3040500@nkpanama.com> Kaplan, Andrew H. wrote: > Sorry to keep on asking about this, but I still have the situation where the > Administrator is getting notified when users receive viruses, but the users > themselves are not getting the notifications. I modifed the MailScanner.conf > file line Still Deliver Silent Viruses = no to Still Deliver Silent Viruses = > yes and I have restarted MailScanner. What else do I need to > do in order for the users to get the notifications? I know most setups do not > have this, but it is our company's policy that users do get informed. Thanks. > Perhaps you should try to change the company's policy. Most viruses fake the sender's address (and have done this for almost 5 years now), so such notifications can be considered spam (and are, depending on circumstances and policy). Take the following situation: someone using your proposed setup, someone receives 10k copies of a virus purporting to be from "ahkaplan@partners.org". You then get 10k notifications saying "OMG you sent teh virus"; maybe even with a copy of the attachment. I know *I* would block mail from this site until they changed it back to something more reasonable. Notifying users that they received viruses is almost as bad. I, for one, delete viruses and rarely, if ever, notify the admin. The logs and/or MailWatch usually provide enough info for you to know how effective your setup is at blocking viruses. Attachments labeled as "dangerous" are another thing. You may want to notify people when they send you unwanted attachments; I'm usually inclined to notify people when they send attachments that, although not dangerous, are against company policy (i.e., some companies don't like receiving powerpoint presentations, files bigger than 2mb, etc.) - so the sender and the receiver might want to be reminded of policy. Executables, however, are usually disallowed completely - people can choose other means like an FTP site to host the executable and the MD5sum, or zipping it up and using yousendit.com to send it, or whatever... From ram at netcore.co.in Thu Jun 29 07:41:49 2006 From: ram at netcore.co.in (Ramprasad) Date: Thu Jun 29 07:41:40 2006 Subject: Insert spam reports in Quarantined mails In-Reply-To: <011901c69aad$750af570$3004010a@martinhlaptop> References: <011901c69aad$750af570$3004010a@martinhlaptop> Message-ID: <1151563309.26645.94.camel@darkstar.netcore.co.in> On Wed, 2006-06-28 at 13:22 +0100, Martin Hepworth wrote: > Yes, and very little...I do it myself.. > > In MailScanner.conf change the following settings. > > SpamScore Number Instead Of Stars = yes > Detailed Spam Report = yes > Include Scores In SpamAssassin Report = yes > Spam Score Number Format = %5.2f > > I have that setting already , but reports dont appear in quarantined mails .. Only in the delivered mails Thanks Ram From lhaig at haigmail.com Thu Jun 29 08:31:49 2006 From: lhaig at haigmail.com (Lance Haig) Date: Thu Jun 29 08:31:53 2006 Subject: Could not analyze message Message-ID: <44A381E5.1090005@haigmail.com> Hi, I get this error in some of the mail being processed by my system Report: MailScanner: Could not analyze message Has someone else had something like this? Thanks Lance === This is MailScanner version 4.55.3 This is SuSE Linux 9.3 (i586) This is Perl version 5.008006 (5.8.6) From penguin at dhcp.net Thu Jun 29 08:38:17 2006 From: penguin at dhcp.net (Arnim Eijkhoudt) Date: Thu Jun 29 08:38:06 2006 Subject: Could not analyze message In-Reply-To: <44A381E5.1090005@haigmail.com> References: <44A381E5.1090005@haigmail.com> Message-ID: <44A38369.8000002@dhcp.net> Hi, I'm seeing the same thing here on a regular basis now. It's probably some new kind of 'attack' that's being rendered harmless by MailScanner... Kudos Julian :-D Regards, Arnim Lance Haig wrote: > Hi, > > I get this error in some of the mail being processed by my system > > Report: MailScanner: Could not analyze message > > Has someone else had something like this? > > > Thanks > > > Lance > > === > > This is MailScanner version 4.55.3 > This is SuSE Linux 9.3 (i586) > This is Perl version 5.008006 (5.8.6) > > > From lhaig at haigmail.com Thu Jun 29 08:50:17 2006 From: lhaig at haigmail.com (Lance Haig) Date: Thu Jun 29 08:50:21 2006 Subject: Could not analyze message In-Reply-To: <44A38369.8000002@dhcp.net> References: <44A381E5.1090005@haigmail.com> <44A38369.8000002@dhcp.net> Message-ID: <44A38639.8090108@haigmail.com> I thought as much but just wanted to make sure :-) Lance Arnim Eijkhoudt wrote: > Hi, > > I'm seeing the same thing here on a regular basis now. It's probably > some new kind of 'attack' that's being rendered harmless by > MailScanner... Kudos Julian :-D > > Regards, > > Arnim > > Lance Haig wrote: >> Hi, >> >> I get this error in some of the mail being processed by my system >> >> Report: MailScanner: Could not analyze message >> >> Has someone else had something like this? >> >> >> Thanks >> >> >> Lance >> >> === >> >> This is MailScanner version 4.55.3 >> This is SuSE Linux 9.3 (i586) >> This is Perl version 5.008006 (5.8.6) >> >> >> From a.peacock at chime.ucl.ac.uk Thu Jun 29 08:50:32 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu Jun 29 08:50:48 2006 Subject: MailScanner -debug errors In-Reply-To: References: Message-ID: <44A38648.90400@chime.ucl.ac.uk> Hi, Curtis, Roger wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Anthony Peacock >> Sent: Wednesday, June 28, 2006 1:43 AM >> To: MailScanner discussion >> Subject: Re: MailScanner -debug errors >> >> Hi, >> >> Curtis, Roger wrote: >>> I just upgraded to the latest stable release of MailScanner trying > to >>> correct the "info:" and errors shown when using MailScanner -debug >>> (below) but that didn't seem to fix anything. I used Julian's >>> easy-to-use installation files. I have the appropriate loadplugin > lines >>> enabled in init.pre for all the plug-ins (dcc, pyzor, and razor2). > I >>> did not look at the Spamassassin.pm file as I have not made any > changes >>> to it so it should still be the "stock" file. What am I missing? >>> >>> Thanks for your help and guidance. >>> Roger Curtis >>> >>> Versions: >>> MailScanner 4.54.6 >>> SpamAssassin 3.1.3 >>> Postfix 2.2.2 >>> >>> >>> [root@gateway rules]# MailScanner -debug >>> In Debugging mode, not forking... >>> [12606] dbg: logger: adding facilities: all >>> [12606] dbg: logger: logging level is DBG >>> [12606] dbg: generic: SpamAssassin version 3.1.3 >>> [12606] dbg: config: score set 0 chosen. >>> [12606] dbg: util: running in taint mode? no >>> [12606] dbg: message: ---- MIME PARSER START ---- >>> [12606] dbg: message: main message type: text/plain >>> [12606] dbg: message: parsing normal part >>> [12606] dbg: message: added part, type: text/plain >>> [12606] dbg: message: ---- MIME PARSER END ---- >>> [12606] dbg: dns: is Net::DNS::Resolver available? yes >>> [12606] dbg: dns: Net::DNS version: 0.57 >>> [12606] info: config: failed to parse line, skipping: use_dcc 0 >>> [12606] info: config: failed to parse line, skipping: use_pyzor 0 >>> [12606] info: config: failed to parse line, skipping: use_razor1 0 >>> [12606] info: config: failed to parse line, skipping: use_razor2 0 >>> [12606] info: config: failed to parse line, skipping: > decode_attachments >>> 1 >> Check your /etc/mail/spamassassin directory for local.cf and check the >> settings in there against the documentation for the latest > SpamAssassin >> > http://spamassassin.apache.org/full/3.1.x/dist/doc/Mail_SpamAssassin_Con > f. >> html >> >> Those config lines are no longer valid. >> > Most options in local.cf are commented out. What remained were valid > bayes-related options. >> (You may also need to check /etc/mail/spamassassin/mailscanner.cf >> > Everything in mailscanner.cf are also valid options per the > Mail_SpamAssassin_Conf doc, or are options made available via a plug-in. > > The clue might be the "use_razor1 0" option, as I see that nowhere in > any config file in /etc/mail/spamassassin. Not being a Linux guru, I > used "grep razor1 *" to check all files in /etc/mail/spamassassin. Is > that valid? Where else should I be looking for a config file that might > have razor1 options in it? Check in the home directory of the user that you ran this command as, you may have a per user configuration file. The default user prefs file is: ~/.spamassassin/user_prefs > >>> [12606] dbg: logger: adding facilities: all >>> [12606] dbg: logger: logging level is DBG >>> [12606] dbg: generic: SpamAssassin version 3.1.3 >>> [12606] dbg: config: score set 0 chosen. >>> [12606] dbg: message: ---- MIME PARSER START ---- >>> [12606] dbg: message: main message type: text/plain >>> [12606] dbg: message: parsing normal part >>> [12606] dbg: message: added part, type: text/plain >>> [12606] dbg: message: ---- MIME PARSER END ---- >>> [12606] dbg: dns: is Net::DNS::Resolver available? yes >>> [12606] dbg: dns: Net::DNS version: 0.57 >>> Use of uninitialized value in concatenation (.) or string at >>> /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin.pm line 1009. >>> Use of uninitialized value in concatenation (.) or string at >>> /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin.pm line 1011. >>> [12606] dbg: config: read_scoreonly_config: cannot open "": No such > file >>> or directory -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From martinh at solid-state-logic.com Thu Jun 29 08:57:47 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jun 29 08:57:55 2006 Subject: Could not analyze message In-Reply-To: <44A381E5.1090005@haigmail.com> Message-ID: <007901c69b51$b6789590$3004010a@martinhlaptop> Lance Couldn't drop an example email to a web page or pastebin, could ya? Full headers or queue format (tell us which MTA) and someone should be able to have a look at it.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Lance Haig > Sent: 29 June 2006 08:32 > To: MailScanner discussion > Subject: Could not analyze message > > Hi, > > I get this error in some of the mail being processed by my system > > Report: MailScanner: Could not analyze message > > Has someone else had something like this? > > > Thanks > > > Lance > > === > > This is MailScanner version 4.55.3 > This is SuSE Linux 9.3 (i586) > This is Perl version 5.008006 (5.8.6) > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From john at tradoc.fr Thu Jun 29 09:03:06 2006 From: john at tradoc.fr (John Wilcock) Date: Thu Jun 29 09:03:15 2006 Subject: Could not analyze message In-Reply-To: <44A381E5.1090005@haigmail.com> References: <44A381E5.1090005@haigmail.com> Message-ID: <44A3893A.1060009@tradoc.fr> Lance Haig wrote: > Hi, > > I get this error in some of the mail being processed by my system > > Report: MailScanner: Could not analyze message > > Has someone else had something like this? I'm seeing this too - it looks to be spam with malformed headers. In particular, I'm seeing an extraneous blank line between "Content-Type: multipart/related;" and "boundary=whatever" which probably explains why Mailscanner has trouble parsing it. John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From MailScanner at ecs.soton.ac.uk Thu Jun 29 09:20:33 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 29 09:21:02 2006 Subject: Insert spam reports in Quarantined mails In-Reply-To: <1151563309.26645.94.camel@darkstar.netcore.co.in> References: <011901c69aad$750af570$3004010a@martinhlaptop> <1151563309.26645.94.camel@darkstar.netcore.co.in> Message-ID: On 29 Jun 2006, at 07:41, Ramprasad wrote: > > On Wed, 2006-06-28 at 13:22 +0100, Martin Hepworth wrote: >> Yes, and very little...I do it myself.. >> >> In MailScanner.conf change the following settings. >> >> SpamScore Number Instead Of Stars = yes >> Detailed Spam Report = yes >> Include Scores In SpamAssassin Report = yes >> Spam Score Number Format = %5.2f >> >> > > I have that setting already , but reports dont appear in quarantined > mails .. Only in the delivered mails Quarantined mail is specifically designed to be untouched mail, as it was delivered to the MailScanner server. The quarantined mail will contain no reports or other modifications. If you want to know what happened to a message, use your logs or MailWatch. -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mark at presling.com Thu Jun 29 11:58:56 2006 From: mark at presling.com (Mark Presling) Date: Thu Jun 29 11:59:13 2006 Subject: Users of RBL's In-Reply-To: <44A1784F.B662.0038.0@tac.esi.net> References: <449FEE70.B662.0038.0@tac.esi.net> <44A00F9F.B662.0038.0@tac.esi.net> <44A05FDF.6050203@pacific.net> <44A05FAC.B662.0038.0@tac.esi.net><44A05FAC.B662.0038.0@tac.esi.net> <44A15512.6000608@pacific.net> <44A1784F.B662.0038.0@tac.esi.net> Message-ID: <44A3B270.8080905@presling.com> Hi Chris, Have you checked the size of your bayes database files? I used to have a 1GB machine that SpamAssassin would regularly time out on because the bayes DB would get too big from the auto learning. I had to tune it so that the DB file would stay below 5MB or it just timed out scanning larger messages. It also used up 100% of the CPU most of the time. I used to manually expire old tokens from it as well, but that was before MS started doing that automatically for me. Even on my newer server (2G Pentium 4) I still restrict the size of the the bayes DB with "bayes_expiry_max_db_size 400000". This seems to keep the DB at around 10MB. Mark Chris Hammond wrote: >>>> Sounds like you may just be asking too much of the hardware. >>>> >>> This could very well be. Before I go asking for a new server though, I want to make sure I have my ducks in a row. >>> When this was nothing more than a Postfix box with static rules, it handled the job just fine. But I think it may >>> be really working for it's living. >>> >> MailScanner and SpamAssassin do use a lot of resources. It looks to be >> cpu bound, but that's a good thing usually! Any way to upgrade that >> processor? To reduce CPU usage, tune/configure some software. Did you >> read the performance tweaks section in the mailscanner wiki? To reduce >> disk writes, setup syslog to log to another box, or put mysql on another >> box, or throw another cheap ide drive into the box and log to it, >> instead of the mirrored drives. >> > > I was beginning to feel the same way. The DL-145 is a dual processor capable box > so I will see about adding a second processor to it. > > I did go through the tweaks section on the wiki. My next thought was moving MySQL to > another machine. There is no more room for another drive so that is not an option > unfortunately. I am going to move the MySQL server to another box tonight and see what > that gains me. > > Thanks > Chris > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: mark.vcf Type: text/x-vcard Size: 143 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060629/be75c622/mark.vcf From daniel.maher at ubisoft.com Thu Jun 29 15:26:06 2006 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Thu Jun 29 15:26:10 2006 Subject: massive spamassassin database files (Was: RE: Users of RBL's) Message-ID: <1E293D3FF63A3740B10AD5AAD88535D20226CF51@UBIMAIL1.ubisoft.org> Hi there, Speaking of massive spamassassin-related files, my auto-whitelist files are /huge/ - in every case larger than the seen and token files by a factor of 2 or 3. Any idea what I could be doing to keep the whitelist nice and trim as well? _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Sentio aliquos togatos contra me conspirare. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mark Presling Sent: June 29, 2006 6:59 AM To: MailScanner discussion Subject: Re: Users of RBL's Hi Chris, Have you checked the size of your bayes database files? I used to have a 1GB machine that SpamAssassin would regularly time out on because the bayes DB would get too big from the auto learning. I had to tune it so that the DB file would stay below 5MB or it just timed out scanning larger messages. It also used up 100% of the CPU most of the time. I used to manually expire old tokens from it as well, but that was before MS started doing that automatically for me. Even on my newer server (2G Pentium 4) I still restrict the size of the the bayes DB with "bayes_expiry_max_db_size 400000". This seems to keep the DB at around 10MB. Mark Chris Hammond wrote: >>>> Sounds like you may just be asking too much of the hardware. >>>> >>> This could very well be. Before I go asking for a new server though, I want to make sure I have my ducks in a row. >>> When this was nothing more than a Postfix box with static rules, it handled the job just fine. But I think it may >>> be really working for it's living. >>> >> MailScanner and SpamAssassin do use a lot of resources. It looks to be >> cpu bound, but that's a good thing usually! Any way to upgrade that >> processor? To reduce CPU usage, tune/configure some software. Did you >> read the performance tweaks section in the mailscanner wiki? To reduce >> disk writes, setup syslog to log to another box, or put mysql on another >> box, or throw another cheap ide drive into the box and log to it, >> instead of the mirrored drives. >> > > I was beginning to feel the same way. The DL-145 is a dual processor capable box > so I will see about adding a second processor to it. > > I did go through the tweaks section on the wiki. My next thought was moving MySQL to > another machine. There is no more room for another drive so that is not an option > unfortunately. I am going to move the MySQL server to another box tonight and see what > that gains me. > > Thanks > Chris > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From campbell at cnpapers.com Thu Jun 29 15:45:09 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jun 29 15:45:23 2006 Subject: Users of RBL's References: <449FEE70.B662.0038.0@tac.esi.net> <44A00F9F.B662.0038.0@tac.esi.net> <44A05FDF.6050203@pacific.net> <44A05FAC.B662.0038.0@tac.esi.net><44A05FAC.B662.0038.0@tac.esi.net> <44A15512.6000608@pacific.net><44A1784F.B662.0038.0@tac.esi.net> <44A3B270.8080905@presling.com> Message-ID: <002601c69b8a$9eed45e0$0705000a@DDF5DW71> Chris, and all, ----- Original Message ----- From: "Mark Presling" To: "MailScanner discussion" Sent: Thursday, June 29, 2006 6:58 AM Subject: Re: Users of RBL's > Hi Chris, > > Have you checked the size of your bayes database files? I used to have a > 1GB machine that SpamAssassin would regularly time out on because the > bayes DB would get too big from the auto learning. I had to tune it so > that the DB file would stay below 5MB or it just timed out scanning > larger messages. It also used up 100% of the CPU most of the time. I > used to manually expire old tokens from it as well, but that was before > MS started doing that automatically for me. Even on my newer server (2G > Pentium 4) I still restrict the size of the the bayes DB with > "bayes_expiry_max_db_size 400000". This seems to keep the DB at around > 10MB. I assume this should go into spam.assassins.prefs file? And do I just add this line and the next expiry will whittle the file down or do I have to do something to the files first? Thanks for any input. Steve > > Mark > > Chris Hammond wrote: >>>>> Sounds like you may just be asking too much of the hardware. >>>>> >>>> This could very well be. Before I go asking for a new server though, I >>>> want to make sure I have my ducks in a row. >>>> When this was nothing more than a Postfix box with static rules, it >>>> handled the job just fine. But I think it may >>>> be really working for it's living. >>>> >>> MailScanner and SpamAssassin do use a lot of resources. It looks to be >>> cpu bound, but that's a good thing usually! Any way to upgrade that >>> processor? To reduce CPU usage, tune/configure some software. Did you >>> read the performance tweaks section in the mailscanner wiki? To reduce >>> disk writes, setup syslog to log to another box, or put mysql on another >>> box, or throw another cheap ide drive into the box and log to it, >>> instead of the mirrored drives. >>> >> >> I was beginning to feel the same way. The DL-145 is a dual processor >> capable box >> so I will see about adding a second processor to it. >> >> I did go through the tweaks section on the wiki. My next thought was >> moving MySQL to >> another machine. There is no more room for another drive so that is not >> an option >> unfortunately. I am going to move the MySQL server to another box >> tonight and see what >> that gains me. >> >> Thanks >> Chris >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > This message has been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > > -------------------------------------------------------------------------------- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MSCHNEIDER at northweststate.edu Thu Jun 29 15:46:31 2006 From: MSCHNEIDER at northweststate.edu (Michael Schneider) Date: Thu Jun 29 15:47:12 2006 Subject: Modified Spam Report to replace the default Mailscanner simple spam report Message-ID: Hi all, In the Mailscanner.conf file, there is an option to use a detailed report or the simple spam/not spam report that is set in languages.conf. We have Novell GroupWise 6.5 and it looks for the following header: X-Spam-Flag: YES to determine whether to place messages in our Junk Mail folder or our Inbox. I have modifed the languages.conf to insert X-Spam-Flag: YES to the header instead of spam when a message exceeds the spam threshold. Additionally, I have set the Spam Header to: "Spam Header =" My problem is, GroupWise apparently does not like any spaces at the beginning or end of the header, but Mailscanner puts a space in there. The following is cut from the header of an email that was detected as SPAM: X-northweststate.edu-MailScanner: Found to be clean X-Spam-Flag: YES X-MailScanner-SpamScore: sssss Is there any way I can remove this space? Thanks for your help! Michael Schneider Network/Systems Administrator Northwest State Community College 22-600 State Route 34 Archbold, OH 43502-9542 Phone: 419-267-1202 Fax: 419-267-3688 Email: mschneider@northweststate.edu From mkettler at evi-inc.com Thu Jun 29 16:01:09 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Jun 29 16:01:22 2006 Subject: massive spamassassin database files (Was: RE: Users of RBL's) In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D20226CF51@UBIMAIL1.ubisoft.org> References: <1E293D3FF63A3740B10AD5AAD88535D20226CF51@UBIMAIL1.ubisoft.org> Message-ID: <44A3EB35.80203@evi-inc.com> Daniel Maher wrote: > Hi there, > > Speaking of massive spamassassin-related files, my auto-whitelist files are /huge/ - in every case larger than the seen and token files by a factor of 2 or 3. Any idea what I could be doing to keep the whitelist nice and trim as well? >From the "tools" directory of the SpamAssassin tarball, there's a script called "check_whitelist" Running check_whitelist --clean will purge all the "seen only once" entries from the AWL database. From alex at nkpanama.com Thu Jun 29 16:02:06 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jun 29 16:02:28 2006 Subject: Modified Spam Report to replace the default Mailscanner simple spam report In-Reply-To: References: Message-ID: <44A3EB6E.9060503@nkpanama.com> I have no spaces in my headers... But I would use the following options: Non Spam Actions = deliver header "X-Spam-Flag: NO" High Scoring Spam Actions = deliver header "X-Spam-Flag: YES" Spam Actions = deliver header "X-Spam-Flag: YES" ... to achieve the same result, without modifying languages.conf at all. Michael Schneider wrote: > Hi all, > > In the Mailscanner.conf file, there is an option to use a detailed > report or the simple spam/not spam report that is set in languages.conf. > We have Novell GroupWise 6.5 and it looks for the following header: > X-Spam-Flag: YES to determine whether to place messages in our Junk Mail > folder or our Inbox. I have modifed the languages.conf to insert > X-Spam-Flag: YES to the header instead of spam when a message exceeds > the spam threshold. Additionally, I have set the Spam Header to: "Spam > Header =" > > My problem is, GroupWise apparently does not like any spaces at the > beginning or end of the header, but Mailscanner puts a space in there. > The following is cut from the header of an email that was detected as > SPAM: > > X-northweststate.edu-MailScanner: Found to be clean > X-Spam-Flag: YES > X-MailScanner-SpamScore: sssss > > Is there any way I can remove this space? > > Thanks for your help! > > Michael Schneider > Network/Systems Administrator > Northwest State Community College > 22-600 State Route 34 > Archbold, OH 43502-9542 > > Phone: 419-267-1202 > Fax: 419-267-3688 > Email: mschneider@northweststate.edu > From marcel-ml at irc-addicts.de Thu Jun 29 16:10:46 2006 From: marcel-ml at irc-addicts.de (Marcel Blenkers) Date: Thu Jun 29 16:11:14 2006 Subject: It is a bug? Report: MailScanner: Could not analyze message In-Reply-To: <15ee4f850606272119y9025d2ds9fc7d227b95312@mail.gmail.com> References: <15ee4f850606272119y9025d2ds9fc7d227b95312@mail.gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there, currently i am receiving also a lot of those mails within my postmaster-account. As those Mails are not sended to the recipient with some kind of message or not even put into the spambox, the recipient doesn?t even know, that this mail got blocked somehow. > *the log:* > Subject: Other Bad Content Detected > > The following e-mails were found to have: Other Bad Content Detected > > Sender: oaouiyauaaeyyiyaaoio@xxxxxxx.net > IP Address: 84.172.248.182 > Recipient: davidloh@yyyyyyyy.com, gloriangai@yyyyyyyy.com, > > Subject: FW:I heard that ... > MessageID: 1FvQBh-0003U7-GS > Quarantine: /var/spool/MailScanner/quarantine/20060628/1FvQBh-0003U7-GS > Report: MailScanner: Could not analyze message > Sendmail Version: Sendmail version 8.13.4, config V10/Berkeley marcel:~ # MailScanner -v Running on Linux marcel 2.6.13-15.10-default #1 Fri May 12 16:27:12 UTC 2006 i686 i686 i386 GNU/Linux This is SUSE LINUX 10.0 (i586) This is Perl version 5.008007 (5.8.7) This is MailScanner version 4.54.6 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.04 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.16 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.54 HTML::Parser 2.37 HTML::TokeParser 1.21 IO 1.11 IO::File 1.123 IO::Pipe 1.74 Mail::Header 3.05 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.03 MIME::QuotedPrint 5.420 MIME::Tools 0.11 Net::CIDR 1.08 POSIX 1.77 Socket 0.06 Sys::Syslog 1.87 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.814 DB_File 1.12 DBD::SQLite 1.50 DBI 1.10 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.001003 Mail::SpamAssassin 1.998 Mail::SPF::Query 0.18 Net::CIDR::Lite 1.25 Net::IP 0.57 Net::DNS 0.33 Net::LDAP 1.80 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.56 Test::Harness 0.62 Test::Simple 1.95 Text::Balanced 1.35 URI Greetings, Marcel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFEo+16euKbXOoTCo8RAq0oAJ46WG+zNOtgxQ4hs9lbdv3LpfPeoACfeT2e DOCxgqnYyJmCv6MHjGMXU1g= =GgVO -----END PGP SIGNATURE----- From martinh at solid-state-logic.com Thu Jun 29 16:11:15 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jun 29 16:11:25 2006 Subject: Modified Spam Report to replace the default Mailscanner simplespam report In-Reply-To: Message-ID: <014a01c69b8e$44727190$3004010a@martinhlaptop> Hmm Ah - the provlem in the org-name in MailScanner.conf, you've got a '.'. That will upset Groupwise as well...remove that dot and things will be better... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Michael Schneider > Sent: 29 June 2006 15:47 > To: mailscanner@lists.mailscanner.info > Subject: Modified Spam Report to replace the default Mailscanner > simplespam report > > Hi all, > > In the Mailscanner.conf file, there is an option to use a detailed > report or the simple spam/not spam report that is set in languages.conf. > We have Novell GroupWise 6.5 and it looks for the following header: > X-Spam-Flag: YES to determine whether to place messages in our Junk Mail > folder or our Inbox. I have modifed the languages.conf to insert > X-Spam-Flag: YES to the header instead of spam when a message exceeds > the spam threshold. Additionally, I have set the Spam Header to: "Spam > Header =" > > My problem is, GroupWise apparently does not like any spaces at the > beginning or end of the header, but Mailscanner puts a space in there. > The following is cut from the header of an email that was detected as > SPAM: > > X-northweststate.edu-MailScanner: Found to be clean > X-Spam-Flag: YES > X-MailScanner-SpamScore: sssss > > Is there any way I can remove this space? > > Thanks for your help! > > Michael Schneider > Network/Systems Administrator > Northwest State Community College > 22-600 State Route 34 > Archbold, OH 43502-9542 > > Phone: 419-267-1202 > Fax: 419-267-3688 > Email: mschneider@northweststate.edu > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From uxbod at splatnix.net Thu Jun 29 17:18:20 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Thu Jun 29 16:18:34 2006 Subject: Modified Spam Report to replace the default Mailscanner simple spam report In-Reply-To: References: Message-ID: <20060629161820.7e5ee100@cyborg> What version of MailScanner ? --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ka at pacific.net Thu Jun 29 16:27:12 2006 From: ka at pacific.net (Ken A) Date: Thu Jun 29 16:26:50 2006 Subject: O.T. milter-link - reject phishing & spam In-Reply-To: <1f0401c69b19$b3e22db0$287ba8c0@office.fsl> References: <1f0401c69b19$b3e22db0$287ba8c0@office.fsl> Message-ID: <44A3F150.3060907@pacific.net> Stephen Swaney wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Ken A >> Sent: Wednesday, June 28, 2006 8:03 PM >> To: MailScanner discussion >> Subject: Re: O.T. milter-link - reject phishing & spam >> >> >> >> Ken A wrote: >>> >>> Steve Freegard wrote: >>>> Hi Ken, >>>> >>>> Ken A wrote: >>>>> Is the URIBL in your graph just a generic term here, or are you using >>>>> milter-link with URIBL rather than SURBL, or both? I was just testing >>>>> using SURBL, but might drop a couple more in and see how it goes... >>>> It's a generic term -- I use all three URI lists (in the following >>>> order): >>>> >>>> sbl-xbl.spamhaus.org >>>> multi.surbl.org >>>> black.uribl.com >>>> >>>> The spamhaus test is slightly different from the other two lists -- it >>>> lists the IP addresses of spamvertised web servers and seems to work >>>> the best of all three lists. >>> Seems like that could be risky when considering a shared hosting >>> environment, where there are hundreds of sites on a single IP. Wouldn't >>> you be punishing them all? >> for example.. >> >> # host humboldt.edu >> humboldt.edu has address 137.150.145.17 >> # host 17.145.150.137.sbl-xbl.spamhaus.org >> 17.145.150.137.sbl-xbl.spamhaus.org has address 127.0.0.4 >> >> That's Humboldt State University in Northern California. >> I wonder if they host student sites, or have an open relay script.. >> :-( >> >> Another one.. >> #host alumni.net >> alumni.net has address 66.240.255.123 >> # host 123.255.240.66.sbl-xbl.spamhaus.org >> 123.255.240.66.sbl-xbl.spamhaus.org has address 127.0.0.4 >> >> This is a alumni networking site claiming 4 million members.. >> They aren't on any other lists, probably another site on the same ip is >> being exploited to send spam. I think maybe just the sbl might be safer, >> at least for an ISP environment. >> >> Thanks, >> Ken A. >> Pacific.Net > > Ken, > > I don't dispute your analysis or data but our service bureau scanners and > all of our client's (Mostly UK, EU and US sites) have been blocking at the > MTA level on sbl-xbl.spamhaus.org since it came into being. Maybe it's just > luck but we've never had a single complaint of blocked email from a client > or user that had email blocked because of an sbl-xbl.spamhaus.org listing. > > Many of our ISP and ASP clients would be unable to process the email they > receive if they didn't block or drop on sbl-xbl.spamhaus.org at the MTA > level. We are seeing some of our IPS client sites where the attempted spam / > junk delivery rate is 95% of all incoming email. They have just got to block > as much as possible at the MTA level or they are out of business! > > My hats off to the people who maintain the sbl-xbl.spamhaus.org list. We > should all tip our hats and support as best we can all of the good folks who > create and maintain all of the lists and tools we use every day to stop > #@!&*@#$! spam, viruses, phishing attacks, etc., etc. > > These are the people who are really keeping the Internet up, running and > open for business. Steve, I Agree completely. The team at spamhaus does a great job. Using spamhaus sbl-xbl to block the connecting IP in your MTA makes a lot of sense. But, that's a lot different than using xbl to block with milter-link given the realities of shared IPs addresses, and open proxies that often land such IPs on the cbl. That's just my thinking on this, since we happen to host more than one site on a shared IP. I certainly don't have the large scale operation you do, so perhaps I'm just a bit off target with my theoretical look at this, as is often the case, especially before the 2nd cup... :-) Ken A. Pacific.Net > Just my 2p / 2c > > Steve > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > From MSCHNEIDER at northweststate.edu Thu Jun 29 16:39:03 2006 From: MSCHNEIDER at northweststate.edu (Michael Schneider) Date: Thu Jun 29 16:39:38 2006 Subject: Modified Spam Report to replace the default Mailscanner simple spam report Message-ID: I modified the Spam Action rules as indicated below (with the exception of the High Scoring Spam Rule - they get deleted) and this worked! Thanks so much!! For some reason, GroupWise is still not recognizing it properly, but I believe this to be a GroupWise issue now that I need to look at. Thanks for all the responses. Michael Schneider Network/Systems Administrator Northwest State Community College 22-600 State Route 34 Archbold, OH 43502-9542 Phone: 419-267-1202 Fax: 419-267-3688 Email: mschneider@northweststate.edu >>> alex@nkpanama.com 6/29/2006 11:02:06 AM >>> I have no spaces in my headers... But I would use the following options: Non Spam Actions = deliver header "X-Spam-Flag: NO" High Scoring Spam Actions = deliver header "X-Spam-Flag: YES" Spam Actions = deliver header "X-Spam-Flag: YES" ... to achieve the same result, without modifying languages.conf at all. Michael Schneider wrote: > Hi all, > > In the Mailscanner.conf file, there is an option to use a detailed > report or the simple spam/not spam report that is set in languages.conf. > We have Novell GroupWise 6.5 and it looks for the following header: > X-Spam-Flag: YES to determine whether to place messages in our Junk Mail > folder or our Inbox. I have modifed the languages.conf to insert > X-Spam-Flag: YES to the header instead of spam when a message exceeds > the spam threshold. Additionally, I have set the Spam Header to: "Spam > Header =" > > My problem is, GroupWise apparently does not like any spaces at the > beginning or end of the header, but Mailscanner puts a space in there. > The following is cut from the header of an email that was detected as > SPAM: > > X-northweststate.edu-MailScanner: Found to be clean > X-Spam-Flag: YES > X-MailScanner-SpamScore: sssss > > Is there any way I can remove this space? > > Thanks for your help! > > Michael Schneider > Network/Systems Administrator > Northwest State Community College > 22-600 State Route 34 > Archbold, OH 43502-9542 > > Phone: 419-267-1202 > Fax: 419-267-3688 > Email: mschneider@northweststate.edu > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From naolson at gmail.com Thu Jun 29 16:43:04 2006 From: naolson at gmail.com (Nathan Olson) Date: Thu Jun 29 16:43:07 2006 Subject: O.T. milter-link - reject phishing & spam In-Reply-To: <44A2D745.9040104@fsl.com> References: <44A2C4ED.6060007@pacific.net> <44A2D745.9040104@fsl.com> Message-ID: <8f54b4330606290843k1d309b4l5d406a608b18acfa@mail.gmail.com> btw, what did you use to make the graph? (mta-last24) Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060629/048c76b7/attachment.html From r.curtis at ywcaelpaso.org Thu Jun 29 16:42:53 2006 From: r.curtis at ywcaelpaso.org (Curtis, Roger) Date: Thu Jun 29 16:43:49 2006 Subject: MailScanner -debug errors Message-ID: > >> Curtis, Roger wrote: > >>> I just upgraded to the latest stable release of MailScanner trying > > to > >>> correct the "info:" and errors shown when using MailScanner -debug > >>> (below) but that didn't seem to fix anything. I used Julian's > >>> easy-to-use installation files. I have the appropriate loadplugin > > lines > >>> enabled in init.pre for all the plug-ins (dcc, pyzor, and razor2). > > I > >>> did not look at the Spamassassin.pm file as I have not made any > > changes > >>> to it so it should still be the "stock" file. What am I missing? > >>> > >>> Thanks for your help and guidance. > >>> Roger Curtis > >>> > >>> Versions: > >>> MailScanner 4.54.6 > >>> SpamAssassin 3.1.3 > >>> Postfix 2.2.2 > >>> > >>> > >>> [root@gateway rules]# MailScanner -debug > >>> In Debugging mode, not forking... > >>> [12606] dbg: logger: adding facilities: all > >>> [12606] dbg: logger: logging level is DBG > >>> [12606] dbg: generic: SpamAssassin version 3.1.3 > >>> [12606] dbg: config: score set 0 chosen. > >>> [12606] dbg: util: running in taint mode? no > >>> [12606] dbg: message: ---- MIME PARSER START ---- > >>> [12606] dbg: message: main message type: text/plain > >>> [12606] dbg: message: parsing normal part > >>> [12606] dbg: message: added part, type: text/plain > >>> [12606] dbg: message: ---- MIME PARSER END ---- > >>> [12606] dbg: dns: is Net::DNS::Resolver available? yes > >>> [12606] dbg: dns: Net::DNS version: 0.57 > >>> [12606] info: config: failed to parse line, skipping: use_dcc 0 > >>> [12606] info: config: failed to parse line, skipping: use_pyzor 0 > >>> [12606] info: config: failed to parse line, skipping: use_razor1 0 > >>> [12606] info: config: failed to parse line, skipping: use_razor2 0 > >>> [12606] info: config: failed to parse line, skipping: > > decode_attachments > >>> 1 > >> Check your /etc/mail/spamassassin directory for local.cf and check the > >> settings in there against the documentation for the latest > > SpamAssassin > >> > > http://spamassassin.apache.org/full/3.1.x/dist/doc/Mail_SpamAssassin_Con > > f. > >> html > >> > >> Those config lines are no longer valid. > >> > > Most options in local.cf are commented out. What remained were valid > > bayes-related options. > >> (You may also need to check /etc/mail/spamassassin/mailscanner.cf > >> > > Everything in mailscanner.cf are also valid options per the > > Mail_SpamAssassin_Conf doc, or are options made available via a plug-in. > > > > The clue might be the "use_razor1 0" option, as I see that nowhere in > > any config file in /etc/mail/spamassassin. Not being a Linux guru, I > > used "grep razor1 *" to check all files in /etc/mail/spamassassin. Is > > that valid? Where else should I be looking for a config file that might > > have razor1 options in it? > > Check in the home directory of the user that you ran this command as, > you may have a per user configuration file. > > The default user prefs file is: ~/.spamassassin/user_prefs > The command was run as root. Everything in ~/.spamassassin/user_prefs was commented out. Someplace else to look? > >>> [12606] dbg: logger: adding facilities: all > >>> [12606] dbg: logger: logging level is DBG > >>> [12606] dbg: generic: SpamAssassin version 3.1.3 > >>> [12606] dbg: config: score set 0 chosen. > >>> [12606] dbg: message: ---- MIME PARSER START ---- > >>> [12606] dbg: message: main message type: text/plain > >>> [12606] dbg: message: parsing normal part > >>> [12606] dbg: message: added part, type: text/plain > >>> [12606] dbg: message: ---- MIME PARSER END ---- > >>> [12606] dbg: dns: is Net::DNS::Resolver available? yes > >>> [12606] dbg: dns: Net::DNS version: 0.57 > >>> Use of uninitialized value in concatenation (.) or string at > >>> /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin.pm line 1009. > >>> Use of uninitialized value in concatenation (.) or string at > >>> /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin.pm line 1011. > >>> [12606] dbg: config: read_scoreonly_config: cannot open "": No such > > file > >>> or directory From martinh at solid-state-logic.com Thu Jun 29 17:00:33 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jun 29 17:00:45 2006 Subject: Modified Spam Report to replace the default Mailscannersimple spam report In-Reply-To: Message-ID: <017b01c69b95$272e0e80$3004010a@martinhlaptop> Michael Check the . in the org-name parameter in MailScanner.conf. I know the Symantec scanner gets really upset about it.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Michael Schneider > Sent: 29 June 2006 16:39 > To: mailscanner@lists.mailscanner.info > Subject: Re: Modified Spam Report to replace the default Mailscannersimple > spam report > > I modified the Spam Action rules as indicated below (with the exception > of the High Scoring Spam Rule - they get deleted) and this worked! > Thanks so much!! For some reason, GroupWise is still not recognizing it > properly, but I believe this to be a GroupWise issue now that I need to > look at. > > Thanks for all the responses. > > Michael Schneider > Network/Systems Administrator > Northwest State Community College > 22-600 State Route 34 > Archbold, OH 43502-9542 > > Phone: 419-267-1202 > Fax: 419-267-3688 > Email: mschneider@northweststate.edu > > >>> alex@nkpanama.com 6/29/2006 11:02:06 AM >>> > I have no spaces in my headers... But I would use the following > options: > > > Non Spam Actions = deliver header "X-Spam-Flag: NO" > High Scoring Spam Actions = deliver header "X-Spam-Flag: YES" > Spam Actions = deliver header "X-Spam-Flag: YES" > > ... to achieve the same result, without modifying languages.conf at > all. > > Michael Schneider wrote: > > Hi all, > > > > In the Mailscanner.conf file, there is an option to use a detailed > > report or the simple spam/not spam report that is set in > languages.conf. > > We have Novell GroupWise 6.5 and it looks for the following header: > > > X-Spam-Flag: YES to determine whether to place messages in our Junk > Mail > > folder or our Inbox. I have modifed the languages.conf to insert > > X-Spam-Flag: YES to the header instead of spam when a message > exceeds > > the spam threshold. Additionally, I have set the Spam Header to: > "Spam > > Header =" > > > > My problem is, GroupWise apparently does not like any spaces at the > > beginning or end of the header, but Mailscanner puts a space in > there. > > The following is cut from the header of an email that was detected > as > > SPAM: > > > > X-northweststate.edu-MailScanner: Found to be clean > > X-Spam-Flag: YES > > X-MailScanner-SpamScore: sssss > > > > Is there any way I can remove this space? > > > > Thanks for your help! > > > > Michael Schneider > > Network/Systems Administrator > > Northwest State Community College > > 22-600 State Route 34 > > Archbold, OH 43502-9542 > > > > Phone: 419-267-1202 > > Fax: 419-267-3688 > > Email: mschneider@northweststate.edu > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MSCHNEIDER at northweststate.edu Thu Jun 29 17:07:36 2006 From: MSCHNEIDER at northweststate.edu (Michael Schneider) Date: Thu Jun 29 17:08:15 2006 Subject: Modified Spam Report to replace the default Mailscannersimple spam report Message-ID: Hi Martin, I did change the org-name to NSCC instead of northweststate.edu per your earlier suggestion. We are not running Symantec antivirus, but this is good to know. Thanks, Michael Schneider Network/Systems Administrator Northwest State Community College 22-600 State Route 34 Archbold, OH 43502-9542 Phone: 419-267-1202 Fax: 419-267-3688 Email: mschneider@northweststate.edu >>> martinh@solid-state-logic.com 6/29/2006 12:00:33 PM >>> Michael Check the . in the org-name parameter in MailScanner.conf. I know the Symantec scanner gets really upset about it.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Michael Schneider > Sent: 29 June 2006 16:39 > To: mailscanner@lists.mailscanner.info > Subject: Re: Modified Spam Report to replace the default Mailscannersimple > spam report > > I modified the Spam Action rules as indicated below (with the exception > of the High Scoring Spam Rule - they get deleted) and this worked! > Thanks so much!! For some reason, GroupWise is still not recognizing it > properly, but I believe this to be a GroupWise issue now that I need to > look at. > > Thanks for all the responses. > > Michael Schneider > Network/Systems Administrator > Northwest State Community College > 22-600 State Route 34 > Archbold, OH 43502-9542 > > Phone: 419-267-1202 > Fax: 419-267-3688 > Email: mschneider@northweststate.edu > > >>> alex@nkpanama.com 6/29/2006 11:02:06 AM >>> > I have no spaces in my headers... But I would use the following > options: > > > Non Spam Actions = deliver header "X-Spam-Flag: NO" > High Scoring Spam Actions = deliver header "X-Spam-Flag: YES" > Spam Actions = deliver header "X-Spam-Flag: YES" > > ... to achieve the same result, without modifying languages.conf at > all. > > Michael Schneider wrote: > > Hi all, > > > > In the Mailscanner.conf file, there is an option to use a detailed > > report or the simple spam/not spam report that is set in > languages.conf. > > We have Novell GroupWise 6.5 and it looks for the following header: > > > X-Spam-Flag: YES to determine whether to place messages in our Junk > Mail > > folder or our Inbox. I have modifed the languages.conf to insert > > X-Spam-Flag: YES to the header instead of spam when a message > exceeds > > the spam threshold. Additionally, I have set the Spam Header to: > "Spam > > Header =" > > > > My problem is, GroupWise apparently does not like any spaces at the > > beginning or end of the header, but Mailscanner puts a space in > there. > > The following is cut from the header of an email that was detected > as > > SPAM: > > > > X-northweststate.edu-MailScanner: Found to be clean > > X-Spam-Flag: YES > > X-MailScanner-SpamScore: sssss > > > > Is there any way I can remove this space? > > > > Thanks for your help! > > > > Michael Schneider > > Network/Systems Administrator > > Northwest State Community College > > 22-600 State Route 34 > > Archbold, OH 43502-9542 > > > > Phone: 419-267-1202 > > Fax: 419-267-3688 > > Email: mschneider@northweststate.edu > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From steve.freegard at fsl.com Thu Jun 29 17:48:29 2006 From: steve.freegard at fsl.com (Steve Freegard) Date: Thu Jun 29 17:46:39 2006 Subject: O.T. milter-link - reject phishing & spam In-Reply-To: <8f54b4330606290843k1d309b4l5d406a608b18acfa@mail.gmail.com> References: <44A2C4ED.6060007@pacific.net> <44A2D745.9040104@fsl.com> <8f54b4330606290843k1d309b4l5d406a608b18acfa@mail.gmail.com> Message-ID: <44A4045D.8090700@fsl.com> Hi Nate, Nathan Olson wrote: > btw, what did you use to make the graph? (mta-last24) MailWatch 2.0a1 (not released yet) -- it uses PHP and PEAR Image_Graph to generate the graphs. Cheers, Steve. From MailScanner at ecs.soton.ac.uk Thu Jun 29 17:47:47 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 29 17:48:01 2006 Subject: Users of RBL's In-Reply-To: <002601c69b8a$9eed45e0$0705000a@DDF5DW71> References: <449FEE70.B662.0038.0@tac.esi.net> <44A00F9F.B662.0038.0@tac.esi.net> <44A05FDF.6050203@pacific.net> <44A05FAC.B662.0038.0@tac.esi.net><44A05FAC.B662.0038.0@tac.esi.net> <44A15512.6000608@pacific.net><44A1784F.B662.0038.0@tac.esi.net> <44A3B270.8080905@presling.com> <002601c69b8a$9eed45e0$0705000a@DDF5DW71> Message-ID: On Thu29 Jun 06, at 15:45, Steve Campbell wrote: > Chris, and all, > > ----- Original Message ----- From: "Mark Presling" > To: "MailScanner discussion" > Sent: Thursday, June 29, 2006 6:58 AM > Subject: Re: Users of RBL's > > >> Hi Chris, >> >> Have you checked the size of your bayes database files? I used to >> have a >> 1GB machine that SpamAssassin would regularly time out on because the >> bayes DB would get too big from the auto learning. I had to tune >> it so >> that the DB file would stay below 5MB or it just timed out scanning >> larger messages. It also used up 100% of the CPU most of the time. I >> used to manually expire old tokens from it as well, but that was >> before >> MS started doing that automatically for me. Even on my newer >> server (2G >> Pentium 4) I still restrict the size of the the bayes DB with >> "bayes_expiry_max_db_size 400000". This seems to keep the DB at >> around 10MB. > > I assume this should go into spam.assassins.prefs file? And do I > just add this line and the next expiry will whittle the file down > or do I have to do something to the files first? > > Thanks for any input. I would advise a MailScanner restart after changing spam.assassin.prefs.conf, or else it won't re-read the new settings. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu Jun 29 18:53:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 29 18:53:25 2006 Subject: Dam spam from web server nee dlimit In-Reply-To: <44A2A88F.3080706@thehostmasters.com> References: <44A29539.1030408@thehostmasters.com> <60601.194.70.180.170.1151508847.squirrel@webmail.r-bit.net> <44A2A88F.3080706@thehostmasters.com> Message-ID: <7FE3D059-6527-487C-BD9A-3246E4B9BE3C@ecs.soton.ac.uk> You could do this with a Custom Function very easily. Just hook Spam Actions and its brethren, test the number of recipients and return "delete" if that's what you want it to do with it. Or else, which would be faster, is to set High Scoring Spam Actions = delete Is Definitely Spam = &CheckRecips Definite Spam is High Scoring = yes then just check the number of recipients in &CheckRecips, returning 1 if it has too many recipients and 0 otherwise. There are loads of other places you could hook it in, but the idea is very similar. You could even implement it as a generic virus scanner or spam scanner. If you go down the generic virus scanner route, just say it's a virus if it has too many recipients, and then use the Silent Viruses facility to cause the message to be binned completely. On Wed28 Jun 06, at 17:04, Rob Morin wrote: > I would like to have any emails with more that 20 recipients, NOT > delivered and simply discarded from the queueu and sent to never > never land! > > I would lover to shoot these people that put up exploitable > scripts , but of course they always end up being high end clients, > and the powers at be , say , just fix it and shut up.... > > :( > > So in the end i have to deal with it! > > :( > > Thanks! > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > > > Drew Marshall wrote: >> On Wed, June 28, 2006 15:42, Rob Morin wrote: >> >>> Hello all... >>> >> >> Hi Rob >> >>> I have a couple hosted websites that have exploitable forms, that >>> can be >>> used to spam. i contact the person(s) as soon as i find out it is >>> being >>> exploited and remove the offending form/script, whatever... >>> >> >> Nice. Might be customers but they clearly need shooting! >> >> >>> but by this time the damage is done. I have all email from my >>> webserver >>> that goes out to go to my MX server running MS with postfix. now it >>> catches some of the spam as usual, but some not. Now some of the >>> emails >>> come with over 25 recipients in the To field. my question is how >>> am i >>> suppose to limit this...?? >>> >> >> Are you trying to just remove the offending mail or just clear the >> server >> to allow it to process other mail to? I would suggest if possible you >> don't want to deliver the Spam, so I would kill postfix and just >> let MS/ >> SA do it's bit and see what's left. >> >> >>> I added this to the main.cf of postfix >>> smtpd_recipient_limit=20 but >>> when i check the logs i still see email with 25 going through, i did >>> reload postfix.... i made these changes after these emails where >>> in the >>> queue , does this setting only affect new emails? And what >>> happens to >>> the email that does go over 20, does it get rejected or just >>> delete ?? >>> >> >> That limits the number of recipients that the smtpd accepts >> messages for. >> If your server has the mail already, it's too late. But also the >> overshoot >> limit will kick in also. >> >> smtpd_recipient_limit (default: 1000) >> The maximal number of recipients that the Postfix SMTP server >> accepts per >> message delivery request. >> >> smtpd_recipient_overshoot_limit (default: 1000) >> The number of recipients that a remote SMTP client can send in >> excess of >> the limit specified with $smtpd_recipient_limit, before the >> Postfix SMTP >> server increments the per-session error count for each excess >> recipient >> >> Hope this helps. >> >> Drew >> >> >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060629/c1a74b4b/attachment.html From jeffm at andersonlabs.com Thu Jun 29 21:51:54 2006 From: jeffm at andersonlabs.com (Jeff Meyer) Date: Thu Jun 29 22:05:15 2006 Subject: blocking outgoing filenames Message-ID: Is it possible to allow receiving of certain filenames, yet block them from being sent. example: I want to block my all my users from sending .doc & .xls files but I will allow them to receive them. From alex at nkpanama.com Thu Jun 29 22:32:22 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jun 29 22:33:15 2006 Subject: blocking outgoing filenames In-Reply-To: References: Message-ID: <44A446E6.2050200@nkpanama.com> Jeff Meyer wrote: > Is it possible to allow receiving of certain filenames, yet block them > from being sent. > example: > > I want to block my all my users from sending .doc & .xls files but I > will allow them to receive them. > Use a ruleset. From mark at presling.com Thu Jun 29 23:20:07 2006 From: mark at presling.com (Mark Presling) Date: Thu Jun 29 23:20:20 2006 Subject: Users of RBL's In-Reply-To: <002601c69b8a$9eed45e0$0705000a@DDF5DW71> References: <449FEE70.B662.0038.0@tac.esi.net> <44A00F9F.B662.0038.0@tac.esi.net> <44A05FDF.6050203@pacific.net> <44A05FAC.B662.0038.0@tac.esi.net><44A05FAC.B662.0038.0@tac.esi.net> <44A15512.6000608@pacific.net><44A1784F.B662.0038.0@tac.esi.net> <44A3B270.8080905@presling.com> <002601c69b8a$9eed45e0$0705000a@DDF5DW71> Message-ID: <44A45217.70504@presling.com> Steve Campbell wrote: > Chris, and all, > > ----- Original Message ----- From: "Mark Presling" > To: "MailScanner discussion" > Sent: Thursday, June 29, 2006 6:58 AM > Subject: Re: Users of RBL's > > >> Hi Chris, >> >> Have you checked the size of your bayes database files? I used to have a >> 1GB machine that SpamAssassin would regularly time out on because the >> bayes DB would get too big from the auto learning. I had to tune it so >> that the DB file would stay below 5MB or it just timed out scanning >> larger messages. It also used up 100% of the CPU most of the time. I >> used to manually expire old tokens from it as well, but that was before >> MS started doing that automatically for me. Even on my newer server (2G >> Pentium 4) I still restrict the size of the the bayes DB with >> "bayes_expiry_max_db_size 400000". This seems to keep the DB at >> around 10MB. > > I assume this should go into spam.assassins.prefs file? And do I just > add this line and the next expiry will whittle the file down or do I > have to do something to the files first? Yes that is correct. I am using MailScanner version 4.43.8 (~July 2005) and I put it at the end of /etc/MailScanner/spam.assassin.prefs.conf. I am in the process of preparing to upgrade to a newer version so can't confirm that this is still the correct approach. MailScanner automatically triggers the expiry, I don't have to do anything. Just make sure that MailScanner.conf contains something similar to this: # If you are using the Bayesian statistics engine on a busy server, # you may well need to force a Bayesian database rebuild and expiry # at regular intervals. This is measures in seconds. # 1 day = 86400 seconds. # To disable this feature set this to 0. Rebuild Bayes Every = 86400 > > Thanks for any input. > > Steve > >> >> Mark >> >> Chris Hammond wrote: >>>>>> Sounds like you may just be asking too much of the hardware. >>>>>> >>>>> This could very well be. Before I go asking for a new server >>>>> though, I want to make sure I have my ducks in a row. >>>>> When this was nothing more than a Postfix box with static rules, >>>>> it handled the job just fine. But I think it may >>>>> be really working for it's living. >>>>> >>>> MailScanner and SpamAssassin do use a lot of resources. It looks to be >>>> cpu bound, but that's a good thing usually! Any way to upgrade that >>>> processor? To reduce CPU usage, tune/configure some software. Did you >>>> read the performance tweaks section in the mailscanner wiki? To reduce >>>> disk writes, setup syslog to log to another box, or put mysql on >>>> another >>>> box, or throw another cheap ide drive into the box and log to it, >>>> instead of the mirrored drives. >>>> >>> >>> I was beginning to feel the same way. The DL-145 is a dual >>> processor capable box >>> so I will see about adding a second processor to it. >>> >>> I did go through the tweaks section on the wiki. My next thought >>> was moving MySQL to >>> another machine. There is no more room for another drive so that is >>> not an option >>> unfortunately. I am going to move the MySQL server to another box >>> tonight and see what >>> that gains me. >>> >>> Thanks >>> Chris >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> -- >> This message has been scanned for viruses and dangerous >> content by MailScanner, and is believed to be clean. >> >> > > > -------------------------------------------------------------------------------- > > > >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: mark.vcf Type: text/x-vcard Size: 143 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060630/1a7e8f53/mark.vcf From campbell at cnpapers.com Fri Jun 30 03:06:11 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Jun 30 03:06:37 2006 Subject: Users of RBL's In-Reply-To: <44A45217.70504@presling.com> References: <449FEE70.B662.0038.0@tac.esi.net> <44A00F9F.B662.0038.0@tac.esi.net> <44A05FDF.6050203@pacific.net> <44A05FAC.B662.0038.0@tac.esi.net><44A05FAC.B662.0038.0@tac.esi.net> <44A15512.6000608@pacific.net><44A1784F.B662.0038.0@tac.esi.net> <44A3B270.8080905@presling.com> <002601c69b8a$9eed45e0$0705000a@DDF5DW71> <44A45217.70504@presling.com> Message-ID: <1151633171.44a487139cc60@perdition.cnpapers.net> Quoting Mark Presling : > > Steve Campbell wrote: > > Chris, and all, > > > > ----- Original Message ----- From: "Mark Presling" > > To: "MailScanner discussion" > > Sent: Thursday, June 29, 2006 6:58 AM > > Subject: Re: Users of RBL's > > > > > >> Hi Chris, > >> > >> Have you checked the size of your bayes database files? I used to have a > >> 1GB machine that SpamAssassin would regularly time out on because the > >> bayes DB would get too big from the auto learning. I had to tune it so > >> that the DB file would stay below 5MB or it just timed out scanning > >> larger messages. It also used up 100% of the CPU most of the time. I > >> used to manually expire old tokens from it as well, but that was before > >> MS started doing that automatically for me. Even on my newer server (2G > >> Pentium 4) I still restrict the size of the the bayes DB with > >> "bayes_expiry_max_db_size 400000". This seems to keep the DB at > >> around 10MB. > > > > I assume this should go into spam.assassins.prefs file? And do I just > > add this line and the next expiry will whittle the file down or do I > > have to do something to the files first? > Yes that is correct. I am using MailScanner version 4.43.8 (~July 2005) > and I put it at the end of /etc/MailScanner/spam.assassin.prefs.conf. I > am in the process of preparing to upgrade to a newer version so can't > confirm that this is still the correct approach. MailScanner > automatically triggers the expiry, I don't have to do anything. Just > make sure that MailScanner.conf contains something similar to this: > > # If you are using the Bayesian statistics engine on a busy server, > # you may well need to force a Bayesian database rebuild and expiry > # at regular intervals. This is measures in seconds. > # 1 day = 86400 seconds. > # To disable this feature set this to 0. > Rebuild Bayes Every = 86400 Thanks, Already have that set. It just seemed that my 50+ MB file was a lot bigger than the 10MB mentioned, and I wanted to know if adding the additional setting would take care of pruning the next time the expiry occurred or if it would complain because of the size. I also stopped/started MS after adding the new setting. Steve > > > > > > Thanks for any input. > > > > Steve > > > >> > >> Mark > >> > >> Chris Hammond wrote: > >>>>>> Sounds like you may just be asking too much of the hardware. > >>>>>> > >>>>> This could very well be. Before I go asking for a new server > >>>>> though, I want to make sure I have my ducks in a row. > >>>>> When this was nothing more than a Postfix box with static rules, > >>>>> it handled the job just fine. But I think it may > >>>>> be really working for it's living. > >>>>> > >>>> MailScanner and SpamAssassin do use a lot of resources. It looks to be > >>>> cpu bound, but that's a good thing usually! Any way to upgrade that > >>>> processor? To reduce CPU usage, tune/configure some software. Did you > >>>> read the performance tweaks section in the mailscanner wiki? To reduce > >>>> disk writes, setup syslog to log to another box, or put mysql on > >>>> another > >>>> box, or throw another cheap ide drive into the box and log to it, > >>>> instead of the mirrored drives. > >>>> > >>> > >>> I was beginning to feel the same way. The DL-145 is a dual > >>> processor capable box > >>> so I will see about adding a second processor to it. > >>> > >>> I did go through the tweaks section on the wiki. My next thought > >>> was moving MySQL to > >>> another machine. There is no more room for another drive so that is > >>> not an option > >>> unfortunately. I am going to move the MySQL server to another box > >>> tonight and see what > >>> that gains me. > >>> > >>> Thanks > >>> Chris > >>> > >>> -- > >>> MailScanner mailing list > >>> mailscanner@lists.mailscanner.info > >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>> > >>> Before posting, read http://wiki.mailscanner.info/posting > >>> > >>> Support MailScanner development - buy the book off the website! > >>> > >>> > >> > >> -- > >> This message has been scanned for viruses and dangerous > >> content by MailScanner, and is believed to be clean. > >> > >> > > > > > > > -------------------------------------------------------------------------------- > > > > > > > > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > > > > > -- > This message has been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > > ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ From mark at presling.com Thu Jun 29 16:27:22 2006 From: mark at presling.com (Mark Presling) Date: Fri Jun 30 04:27:50 2006 Subject: Users of RBL's In-Reply-To: <1151633171.44a487139cc60@perdition.cnpapers.net> References: <449FEE70.B662.0038.0@tac.esi.net> <44A00F9F.B662.0038.0@tac.esi.net> <44A05FDF.6050203@pacific.net> <44A05FAC.B662.0038.0@tac.esi.net><44A05FAC.B662.0038.0@tac.esi.net> <44A15512.6000608@pacific.net><44A1784F.B662.0038.0@tac.esi.net> <44A3B270.8080905@presling.com> <002601c69b8a$9eed45e0$0705000a@DDF5DW71> <44A45217.70504@presling.com> <1151633171.44a487139cc60@perdition.cnpapers.net> Message-ID: <44A3F15A.6070901@presling.com> Ahhhhh... the one time I get a chance to do a MS upgrade while I have time to kill on the train and the website is broken and I can't download the latest version!! Doh... Steve Campbell wrote: >Quoting Mark Presling : > > > >>Steve Campbell wrote: >> >> >>>Chris, and all, >>> >>>----- Original Message ----- From: "Mark Presling" >>>To: "MailScanner discussion" >>>Sent: Thursday, June 29, 2006 6:58 AM >>>Subject: Re: Users of RBL's >>> >>> >>> >>> >>>>Hi Chris, >>>> >>>>Have you checked the size of your bayes database files? I used to have a >>>>1GB machine that SpamAssassin would regularly time out on because the >>>>bayes DB would get too big from the auto learning. I had to tune it so >>>>that the DB file would stay below 5MB or it just timed out scanning >>>>larger messages. It also used up 100% of the CPU most of the time. I >>>>used to manually expire old tokens from it as well, but that was before >>>>MS started doing that automatically for me. Even on my newer server (2G >>>>Pentium 4) I still restrict the size of the the bayes DB with >>>>"bayes_expiry_max_db_size 400000". This seems to keep the DB at >>>>around 10MB. >>>> >>>> >>>I assume this should go into spam.assassins.prefs file? And do I just >>>add this line and the next expiry will whittle the file down or do I >>>have to do something to the files first? >>> >>> >>Yes that is correct. I am using MailScanner version 4.43.8 (~July 2005) >>and I put it at the end of /etc/MailScanner/spam.assassin.prefs.conf. I >>am in the process of preparing to upgrade to a newer version so can't >>confirm that this is still the correct approach. MailScanner >>automatically triggers the expiry, I don't have to do anything. Just >>make sure that MailScanner.conf contains something similar to this: >> >># If you are using the Bayesian statistics engine on a busy server, >># you may well need to force a Bayesian database rebuild and expiry >># at regular intervals. This is measures in seconds. >># 1 day = 86400 seconds. >># To disable this feature set this to 0. >>Rebuild Bayes Every = 86400 >> >> > >Thanks, > >Already have that set. It just seemed that my 50+ MB file was a lot bigger than >the 10MB mentioned, and I wanted to know if adding the additional setting would >take care of pruning the next time the expiry occurred or if it would complain >because of the size. > >I also stopped/started MS after adding the new setting. > >Steve > > >> >> >>>Thanks for any input. >>> >>>Steve >>> >>> >>> >>>>Mark >>>> >>>>Chris Hammond wrote: >>>> >>>> >>>>>>>>Sounds like you may just be asking too much of the hardware. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>This could very well be. Before I go asking for a new server >>>>>>>though, I want to make sure I have my ducks in a row. >>>>>>>When this was nothing more than a Postfix box with static rules, >>>>>>>it handled the job just fine. But I think it may >>>>>>>be really working for it's living. >>>>>>> >>>>>>> >>>>>>> >>>>>>MailScanner and SpamAssassin do use a lot of resources. It looks to be >>>>>>cpu bound, but that's a good thing usually! Any way to upgrade that >>>>>>processor? To reduce CPU usage, tune/configure some software. Did you >>>>>>read the performance tweaks section in the mailscanner wiki? To reduce >>>>>>disk writes, setup syslog to log to another box, or put mysql on >>>>>>another >>>>>>box, or throw another cheap ide drive into the box and log to it, >>>>>>instead of the mirrored drives. >>>>>> >>>>>> >>>>>> >>>>>I was beginning to feel the same way. The DL-145 is a dual >>>>>processor capable box >>>>>so I will see about adding a second processor to it. >>>>> >>>>>I did go through the tweaks section on the wiki. My next thought >>>>>was moving MySQL to >>>>>another machine. There is no more room for another drive so that is >>>>>not an option >>>>>unfortunately. I am going to move the MySQL server to another box >>>>>tonight and see what >>>>>that gains me. >>>>> >>>>>Thanks >>>>>Chris >>>>> >>>>>-- >>>>>MailScanner mailing list >>>>>mailscanner@lists.mailscanner.info >>>>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>>Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>>Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>>> >>>>-- >>>>This message has been scanned for viruses and dangerous >>>>content by MailScanner, and is believed to be clean. >>>> >>>> >>>> >>>> >>> >>> >>> >>-------------------------------------------------------------------------------- >> >> >> >>> >>> >>> >>>>-- >>>>MailScanner mailing list >>>>mailscanner@lists.mailscanner.info >>>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>>Before posting, read http://wiki.mailscanner.info/posting >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>> >>> >>-- >>This message has been scanned for viruses and dangerous >>content by MailScanner, and is believed to be clean. >> >> >> >> > > > > >------------------------------------------------- >This mail sent through IMP: http://horde.org/imp/ > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Jun 30 08:54:28 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 30 08:54:57 2006 Subject: Users of RBL's In-Reply-To: <44A3F15A.6070901@presling.com> References: <449FEE70.B662.0038.0@tac.esi.net> <44A00F9F.B662.0038.0@tac.esi.net> <44A05FDF.6050203@pacific.net> <44A05FAC.B662.0038.0@tac.esi.net><44A05FAC.B662.0038.0@tac.esi.net> <44A15512.6000608@pacific.net><44A1784F.B662.0038.0@tac.esi.net> <44A3B270.8080905@presling.com> <002601c69b8a$9eed45e0$0705000a@DDF5DW71> <44A45217.70504@presling.com> <1151633171.44a487139cc60@perdition.cnpapers.net> <44A3F15A.6070901@presling.com> Message-ID: <46759F2F-E176-469F-9DEC-8FF4E022CE88@ecs.soton.ac.uk> Our network went down for 5 minutes for Cisco upgrades last night. BTW there is always www.emailscanner.info as a backup website if you have any other problems, it syncs every night (many thanks Blacknight!) On 29 Jun 2006, at 16:27, Mark Presling wrote: > Ahhhhh... the one time I get a chance to do a MS upgrade while I > have time to kill on the train and the website is broken and I > can't download the latest version!! Doh... > > Steve Campbell wrote: > >> Quoting Mark Presling : >> >> >>> Steve Campbell wrote: >>> >>>> Chris, and all, >>>> >>>> ----- Original Message ----- From: "Mark Presling" >>>> >>>> To: "MailScanner discussion" >>>> Sent: Thursday, June 29, 2006 6:58 AM >>>> Subject: Re: Users of RBL's >>>> >>>> >>>> >>>>> Hi Chris, >>>>> >>>>> Have you checked the size of your bayes database files? I used >>>>> to have a >>>>> 1GB machine that SpamAssassin would regularly time out on >>>>> because the >>>>> bayes DB would get too big from the auto learning. I had to >>>>> tune it so >>>>> that the DB file would stay below 5MB or it just timed out >>>>> scanning >>>>> larger messages. It also used up 100% of the CPU most of the >>>>> time. I >>>>> used to manually expire old tokens from it as well, but that >>>>> was before >>>>> MS started doing that automatically for me. Even on my newer >>>>> server (2G >>>>> Pentium 4) I still restrict the size of the the bayes DB with >>>>> "bayes_expiry_max_db_size 400000". This seems to keep the DB at >>>>> around 10MB. >>>>> >>>> I assume this should go into spam.assassins.prefs file? And do I >>>> just add this line and the next expiry will whittle the file >>>> down or do I have to do something to the files first? >>>> >>> Yes that is correct. I am using MailScanner version 4.43.8 (~July >>> 2005) and I put it at the end of /etc/MailScanner/ >>> spam.assassin.prefs.conf. I am in the process of preparing to >>> upgrade to a newer version so can't confirm that this is still >>> the correct approach. MailScanner automatically triggers the >>> expiry, I don't have to do anything. Just make sure that >>> MailScanner.conf contains something similar to this: >>> >>> # If you are using the Bayesian statistics engine on a busy server, >>> # you may well need to force a Bayesian database rebuild and expiry >>> # at regular intervals. This is measures in seconds. >>> # 1 day = 86400 seconds. >>> # To disable this feature set this to 0. >>> Rebuild Bayes Every = 86400 >>> >> >> Thanks, >> >> Already have that set. It just seemed that my 50+ MB file was a >> lot bigger than >> the 10MB mentioned, and I wanted to know if adding the additional >> setting would >> take care of pruning the next time the expiry occurred or if it >> would complain >> because of the size. >> >> I also stopped/started MS after adding the new setting. >> >> Steve >> >>> >>>> Thanks for any input. >>>> >>>> Steve >>>> >>>> >>>>> Mark >>>>> >>>>> Chris Hammond wrote: >>>>> >>>>>>>>> Sounds like you may just be asking too much of the hardware. >>>>>>>>> >>>>>>>>> >>>>>>>> This could very well be. Before I go asking for a new >>>>>>>> server though, I want to make sure I have my ducks in a row. >>>>>>>> When this was nothing more than a Postfix box with static >>>>>>>> rules, it handled the job just fine. But I think it may >>>>>>>> be really working for it's living. >>>>>>>> >>>>>>>> >>>>>>> MailScanner and SpamAssassin do use a lot of resources. It >>>>>>> looks to be >>>>>>> cpu bound, but that's a good thing usually! Any way to >>>>>>> upgrade that >>>>>>> processor? To reduce CPU usage, tune/configure some software. >>>>>>> Did you >>>>>>> read the performance tweaks section in the mailscanner wiki? >>>>>>> To reduce >>>>>>> disk writes, setup syslog to log to another box, or put mysql >>>>>>> on another >>>>>>> box, or throw another cheap ide drive into the box and log to >>>>>>> it, >>>>>>> instead of the mirrored drives. >>>>>>> >>>>>>> >>>>>> I was beginning to feel the same way. The DL-145 is a dual >>>>>> processor capable box >>>>>> so I will see about adding a second processor to it. >>>>>> >>>>>> I did go through the tweaks section on the wiki. My next >>>>>> thought was moving MySQL to >>>>>> another machine. There is no more room for another drive so >>>>>> that is not an option >>>>>> unfortunately. I am going to move the MySQL server to another >>>>>> box tonight and see what >>>>>> that gains me. >>>>>> >>>>>> Thanks >>>>>> Chris >>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> >>>>> -- >>>>> This message has been scanned for viruses and dangerous >>>>> content by MailScanner, and is believed to be clean. >>>>> >>>>> >>>>> >>>> >>>> >>> -------------------------------------------------------------------- >>> ------------ >>> >>> >>>> >>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>> >>> -- >>> This message has been scanned for viruses and dangerous >>> content by MailScanner, and is believed to be clean. >>> >>> >>> >> >> >> >> >> ------------------------------------------------- >> This mail sent through IMP: http://horde.org/imp/ >> > > -- > This message has been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From martinh at solid-state-logic.com Fri Jun 30 09:09:03 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Jun 30 09:09:12 2006 Subject: blocking outgoing filenames In-Reply-To: Message-ID: <009c01c69c1c$731f5b50$3004010a@martinhlaptop> In word yes In more than one word.. http://wiki.mailscanner.info/doku.php?id=documentation:configuration:ruleset s:overloading I'd change the test so it's looking at the ip-addresses on the LAN rather than the domain name in the 'from', otherwise people can merely change their from address and the Office files will pass through. Out of interest what threat are you trying to mitigate by blocking .xls and .doc files? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jeff Meyer > Sent: 29 June 2006 21:52 > To: mailscanner@lists.mailscanner.info > Subject: blocking outgoing filenames > > Is it possible to allow receiving of certain filenames, yet block them > from being sent. > example: > > I want to block my all my users from sending .doc & .xls files but I > will allow them to receive them. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From a.peacock at chime.ucl.ac.uk Fri Jun 30 09:14:38 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Jun 30 09:14:47 2006 Subject: MailScanner -debug errors In-Reply-To: References: Message-ID: <44A4DD6E.6040808@chime.ucl.ac.uk> Hi, Curtis, Roger wrote: >>>> Curtis, Roger wrote: >>>>> I just upgraded to the latest stable release of MailScanner trying >>> to >>>>> correct the "info:" and errors shown when using MailScanner -debug >>>>> (below) but that didn't seem to fix anything. I used Julian's >>>>> easy-to-use installation files. I have the appropriate loadplugin >>> lines >>>>> enabled in init.pre for all the plug-ins (dcc, pyzor, and razor2). >>> I >>>>> did not look at the Spamassassin.pm file as I have not made any >>> changes >>>>> to it so it should still be the "stock" file. What am I missing? >>>>> >>>>> Thanks for your help and guidance. >>>>> Roger Curtis >>>>> >>>>> Versions: >>>>> MailScanner 4.54.6 >>>>> SpamAssassin 3.1.3 >>>>> Postfix 2.2.2 >>>>> >>>>> >>>>> [root@gateway rules]# MailScanner -debug >>>>> In Debugging mode, not forking... >>>>> [12606] dbg: logger: adding facilities: all >>>>> [12606] dbg: logger: logging level is DBG >>>>> [12606] dbg: generic: SpamAssassin version 3.1.3 >>>>> [12606] dbg: config: score set 0 chosen. >>>>> [12606] dbg: util: running in taint mode? no >>>>> [12606] dbg: message: ---- MIME PARSER START ---- >>>>> [12606] dbg: message: main message type: text/plain >>>>> [12606] dbg: message: parsing normal part >>>>> [12606] dbg: message: added part, type: text/plain >>>>> [12606] dbg: message: ---- MIME PARSER END ---- >>>>> [12606] dbg: dns: is Net::DNS::Resolver available? yes >>>>> [12606] dbg: dns: Net::DNS version: 0.57 >>>>> [12606] info: config: failed to parse line, skipping: use_dcc 0 >>>>> [12606] info: config: failed to parse line, skipping: use_pyzor 0 >>>>> [12606] info: config: failed to parse line, skipping: use_razor1 0 >>>>> [12606] info: config: failed to parse line, skipping: use_razor2 0 >>>>> [12606] info: config: failed to parse line, skipping: >>> decode_attachments >>>>> 1 >>>> Check your /etc/mail/spamassassin directory for local.cf and check > the >>>> settings in there against the documentation for the latest >>> SpamAssassin > http://spamassassin.apache.org/full/3.1.x/dist/doc/Mail_SpamAssassin_Con >>> f. >>>> html >>>> >>>> Those config lines are no longer valid. >>>> >>> Most options in local.cf are commented out. What remained were > valid >>> bayes-related options. >>>> (You may also need to check /etc/mail/spamassassin/mailscanner.cf >>>> >>> Everything in mailscanner.cf are also valid options per the >>> Mail_SpamAssassin_Conf doc, or are options made available via a > plug-in. >>> The clue might be the "use_razor1 0" option, as I see that nowhere > in >>> any config file in /etc/mail/spamassassin. Not being a Linux guru, > I >>> used "grep razor1 *" to check all files in /etc/mail/spamassassin. > Is >>> that valid? Where else should I be looking for a config file that > might >>> have razor1 options in it? >> Check in the home directory of the user that you ran this command as, >> you may have a per user configuration file. >> >> The default user prefs file is: ~/.spamassassin/user_prefs >> > > The command was run as root. Everything in ~/.spamassassin/user_prefs > was commented out. Someplace else to look? I think you need to have a look at the docs: http://spamassassin.apache.org/full/3.1.x/dist/doc/spamassassin.html#configuration_files It could be that these config lines are in a *.pre file... -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From Anjana.Patel at Cranfield.ac.uk Fri Jun 30 11:52:19 2006 From: Anjana.Patel at Cranfield.ac.uk (Patel, Anjana) Date: Fri Jun 30 11:52:32 2006 Subject: logging content checks Message-ID: <56D9735674D05043AFC1E97F1CD49AF601CD371B@ccexchange-2.cns.cranfield.ac.uk> Hello, I'm trying to extract some stats from our maillog and found that although it logs messages that contain spam, phishing or HTML messages converted to plain text it does NOT log any messages that have bad content or bad filenames. I've looked through the MailScanner.conf file and as far as I can see the logging options are set correctly. So for example, this works: # Do you want all spam to be logged? Useful if you want to gather # spam statistics from your logs, but can increase the system load quite # a bit if you get a lot of spam. Log Spam = yes But this doesn't: (unless I have interpreted this wrong, I should not need to set this to yes for it to log filenames that are denied) # Log all the filenames that are allowed by the Filename Rules, or just # the filenames that are denied? # This can also be the filename of a ruleset. Log Permitted Filenames = no System spec: Red Hat Enterprise Linux AS release 4 (Nahant Update 3) Mailscanner v 4.52.2 Any advice would be appreciated. Thanks Anjana From gmatt at nerc.ac.uk Fri Jun 30 16:49:36 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Fri Jun 30 16:49:47 2006 Subject: Best way to measure sendmail queue depth? In-Reply-To: <57573D714A832C43B9D80EAFBDA48D0351B62C@inex3.herffjones.hj-int> References: <57573D714A832C43B9D80EAFBDA48D0351B62C@inex3.herffjones.hj-int> Message-ID: <44A54810.5070407@nerc.ac.uk> Furnish, Trever G wrote: > I've been checking sendmail inbound queue depth using a simple readdir > and dividing the number of entries by two. This is checked every five > minutes by Nagios with a 10-second timeout -- because of the timeout and > the frequency with which I want to do the check, I can't just use, for > example: > > mailq |head -1 > > ...because under heavy flow conditions the mailq command takes WAY too > long to parse the entire set of queue files and generates too much load. > > I always realized dividing the number of files in the queue by two was > only a rough guess, but I didn't realize there could be so much > disparity between that number and the number of messages listed by > mailq. With mailq reporting 6 messages in the inbound queue, the > directory actually contains 477 files! > > Mailq's result seems to match the count of files starting with a > lowercase "q". I also have about the same number of files starting with > an uppercase "Q". The rest of the files are df files, most of them > without any corresponding q file. I've reported a steadily growing in-queue here before and it is these "orphaned" df files that are the culprit. I have made sure my systems use the posix file locking as suggested but still I see a steady increase in the number of orphaned data files. I use the attached script to get rid of them. This script does more than just check for the age of the file, it also checks whether it really is orphaned. It also doesnt remove files outright, just moves them. If the directory you move them to is on the same partition, this operation is lightening fast (if that is important - personally, I have seperate /var and /var/spool partitions). The stopping and starting of MailScanner is probably unnecessarily paranoid. > > Any idea what's going on? Previously I expected to find files that > started with qf, df, xf, and tf (not Q), and to always have pairs of > files. Obviously my expectation was pretty far off. :-) > > -- > Trever -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. -------------- next part -------------- #!/bin/bash # clean up orphaned df* files in mqueue.in # no known cause for these files yet. /etc/init.d/MailScanner stop sleep 2 dir="/var/spool/mqueue.in" file=`find $dir -mtime +1` for i in ${file} do m=`basename ${i}` j=${m:2} if [ ! -e "${dir}/qf${j}" ]; then mv ${i} /var/tmp/ fi done echo df -hl /etc/init.d/MailScanner start exit 0 From r.curtis at ywcaelpaso.org Fri Jun 30 16:52:11 2006 From: r.curtis at ywcaelpaso.org (Curtis, Roger) Date: Fri Jun 30 16:53:29 2006 Subject: MailScanner -debug errors Message-ID: > Curtis, Roger wrote: > >>>> Curtis, Roger wrote: > >>>>> I just upgraded to the latest stable release of MailScanner trying > >>> to > >>>>> correct the "info:" and errors shown when using MailScanner -debug > >>>>> (below) but that didn't seem to fix anything. I used Julian's > >>>>> easy-to-use installation files. I have the appropriate loadplugin > >>> lines > >>>>> enabled in init.pre for all the plug-ins (dcc, pyzor, and razor2). > >>> I > >>>>> did not look at the Spamassassin.pm file as I have not made any > >>> changes > >>>>> to it so it should still be the "stock" file. What am I missing? > >>>>> > >>>>> Thanks for your help and guidance. > >>>>> Roger Curtis > >>>>> > >>>>> Versions: > >>>>> MailScanner 4.54.6 > >>>>> SpamAssassin 3.1.3 > >>>>> Postfix 2.2.2 > >>>>> > >>>>> > >>>>> [root@gateway rules]# MailScanner -debug > >>>>> In Debugging mode, not forking... > >>>>> [12606] dbg: logger: adding facilities: all > >>>>> [12606] dbg: logger: logging level is DBG > >>>>> [12606] dbg: generic: SpamAssassin version 3.1.3 > >>>>> [12606] dbg: config: score set 0 chosen. > >>>>> [12606] dbg: util: running in taint mode? no > >>>>> [12606] dbg: message: ---- MIME PARSER START ---- > >>>>> [12606] dbg: message: main message type: text/plain > >>>>> [12606] dbg: message: parsing normal part > >>>>> [12606] dbg: message: added part, type: text/plain > >>>>> [12606] dbg: message: ---- MIME PARSER END ---- > >>>>> [12606] dbg: dns: is Net::DNS::Resolver available? yes > >>>>> [12606] dbg: dns: Net::DNS version: 0.57 > >>>>> [12606] info: config: failed to parse line, skipping: use_dcc 0 > >>>>> [12606] info: config: failed to parse line, skipping: use_pyzor 0 > >>>>> [12606] info: config: failed to parse line, skipping: use_razor1 0 > >>>>> [12606] info: config: failed to parse line, skipping: use_razor2 0 > >>>>> [12606] info: config: failed to parse line, skipping: > >>> decode_attachments > >>>>> 1 > >>>> Check your /etc/mail/spamassassin directory for local.cf and check > > the > >>>> settings in there against the documentation for the latest > >>> SpamAssassin > > http://spamassassin.apache.org/full/3.1.x/dist/doc/Mail_SpamAssassin_Con > >>> f. > >>>> html > >>>> > >>>> Those config lines are no longer valid. > >>>> > >>> Most options in local.cf are commented out. What remained were > > valid > >>> bayes-related options. > >>>> (You may also need to check /etc/mail/spamassassin/mailscanner.cf > >>>> > >>> Everything in mailscanner.cf are also valid options per the > >>> Mail_SpamAssassin_Conf doc, or are options made available via a > > plug-in. > >>> The clue might be the "use_razor1 0" option, as I see that nowhere > > in > >>> any config file in /etc/mail/spamassassin. Not being a Linux guru, > > I > >>> used "grep razor1 *" to check all files in /etc/mail/spamassassin. > > Is > >>> that valid? Where else should I be looking for a config file that > > might > >>> have razor1 options in it? > >> Check in the home directory of the user that you ran this command as, > >> you may have a per user configuration file. > >> > >> The default user prefs file is: ~/.spamassassin/user_prefs > >> > > > > The command was run as root. Everything in ~/.spamassassin/user_prefs > > was commented out. Someplace else to look? > > > I think you need to have a look at the docs: > > http://spamassassin.apache.org/full/3.1.x/dist/doc/spamassassin.html#con fi > guration_files > > It could be that these config lines are in a *.pre file... > OK, I looked in the directories that the document listed but still nothing. I will try to scour the machine using recursive grep until I find those config lines. Thanks. From MailScanner at ecs.soton.ac.uk Fri Jun 30 17:16:38 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 30 17:17:07 2006 Subject: Best way to measure sendmail queue depth? In-Reply-To: <44A54810.5070407@nerc.ac.uk> References: <57573D714A832C43B9D80EAFBDA48D0351B62C@inex3.herffjones.hj-int> <44A54810.5070407@nerc.ac.uk> Message-ID: <41D51355-05C3-43E3-BB10-E31928356B3C@ecs.soton.ac.uk> On 30 Jun 2006, at 16:49, Greg Matthews wrote: > Furnish, Trever G wrote: >> I've been checking sendmail inbound queue depth using a simple >> readdir >> and dividing the number of entries by two. This is checked every >> five >> minutes by Nagios with a 10-second timeout -- because of the >> timeout and >> the frequency with which I want to do the check, I can't just use, >> for >> example: >> mailq |head -1 >> ...because under heavy flow conditions the mailq command takes >> WAY too >> long to parse the entire set of queue files and generates too much >> load. >> I always realized dividing the number of files in the queue by >> two was >> only a rough guess, but I didn't realize there could be so much >> disparity between that number and the number of messages listed by >> mailq. With mailq reporting 6 messages in the inbound queue, the >> directory actually contains 477 files! >> Mailq's result seems to match the count of files starting with a >> lowercase "q". I also have about the same number of files >> starting with >> an uppercase "Q". The rest of the files are df files, most of them >> without any corresponding q file. > > I've reported a steadily growing in-queue here before and it is > these "orphaned" df files that are the culprit. I have made sure my > systems use the posix file locking as suggested but still I see a > steady increase in the number of orphaned data files. I use the > attached script to get rid of them. This script does more than just > check for the age of the file, it also checks whether it really is > orphaned. It also doesnt remove files outright, just moves them. If > the directory you move them to is on the same partition, this > operation is lightening fast (if that is important - personally, I > have seperate /var and /var/spool partitions). > > The stopping and starting of MailScanner is probably unnecessarily > paranoid. You don't need to restart MailScanner after playing with the queues, it should be happy to run "live". But you could kill -STOP and then kill -CONT it if you are wary. > >> Any idea what's going on? Previously I expected to find files that >> started with qf, df, xf, and tf (not Q), and to always have pairs of >> files. Obviously my expectation was pretty far off. :-) >> -- >> Trever > > > -- > Greg Matthews 01491 692445 > Head of UNIX/Linux, iTSS Wallingford > > -- > This message (and any attachments) is for the recipient only. NERC > is subject to the Freedom of Information Act 2000 and the contents > of this email and any reply you make may be disclosed by NERC unless > it is exempt from release under the Act. Any material supplied to > NERC may be stored in an electronic records management system. > > #!/bin/bash > # clean up orphaned df* files in mqueue.in > # no known cause for these files yet. > > /etc/init.d/MailScanner stop > > sleep 2 > dir="/var/spool/mqueue.in" > > file=`find $dir -mtime +1` > for i in ${file} > do m=`basename ${i}` > j=${m:2} > if [ ! -e "${dir}/qf${j}" ]; then > mv ${i} /var/tmp/ > fi > done > echo > df -hl > > /etc/init.d/MailScanner start > > exit 0 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From ka at pacific.net Fri Jun 30 17:21:33 2006 From: ka at pacific.net (Ken A) Date: Fri Jun 30 17:21:11 2006 Subject: Could not analyze message In-Reply-To: <44A3893A.1060009@tradoc.fr> References: <44A381E5.1090005@haigmail.com> <44A3893A.1060009@tradoc.fr> Message-ID: <44A54F8D.2050908@pacific.net> Seeing it here too.. > The content is dangerous as it is often used to spread viruses or to gain > personal or confidential information from you, such as passwords or credit > card numbers. > > MailScanner: Could not analyze message zip attached of queue files.. (might not get through!) Ken A Pacific.Net John Wilcock wrote: > Lance Haig wrote: >> Hi, >> >> I get this error in some of the mail being processed by my system >> >> Report: MailScanner: Could not analyze message >> >> Has someone else had something like this? > > I'm seeing this too - it looks to be spam with malformed headers. > > In particular, I'm seeing an extraneous blank line between > "Content-Type: multipart/related;" and "boundary=whatever" which > probably explains why Mailscanner has trouble parsing it. > > John. > -------------- next part -------------- A non-text attachment was scrubbed... Name: queue_files.zip Type: application/x-zip-compressed Size: 12997 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060630/9452612c/queue_files.bin From ssilva at sgvwater.com Fri Jun 30 17:40:51 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 30 17:41:27 2006 Subject: It is a bug? Report: MailScanner: Could not analyze message In-Reply-To: <15ee4f850606272119y9025d2ds9fc7d227b95312@mail.gmail.com> References: <15ee4f850606272119y9025d2ds9fc7d227b95312@mail.gmail.com> Message-ID: Gong Chaoyin spake the following on 6/27/2006 9:19 PM: > *the log:* > > Subject: Other Bad Content Detected > > The following e-mails were found to have: Other Bad Content Detected > > Sender: oaouiyauaaeyyiyaaoio@xxxxxxx.net > > IP Address: 84.172.248.182 > Recipient: davidloh@yyyyyyyy.com , > gloriangai@yyyyyyyy.com , > > Subject: FW:I heard that ... > MessageID: 1FvQBh-0003U7-GS > Quarantine: /var/spool/MailScanner/quarantine/20060628/1FvQBh-0003U7-GS > Report: MailScanner: Could not analyze message > > *the message in > /var/spool/MailScanner/quarantine/20060628/1FvQBh-0003U7-GS: > * > > This is a multi-part message in MIME format. > > ------=_NextPart_000_0008_01C6835A.A8FE6F20 > Content-Type: multipart/alternative; > boundary="----=_NextPart_001_0009_01C6835A.A8FE6F20" > > > ------=_NextPart_001_0009_01C6835A.A8FE6F20 > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > > or complete and rain weight if flower. is tin to school red are rule. is > lead to right company if comparison. > but form else history automatic too frequent. or crack and plough wind > but cake. ! the amount the hook swim e > lse driving. > must manager are flame brick if warm. > > > ------=_NextPart_001_0009_01C6835A.A8FE6F20 > Content-Type: text/html; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > > > > 6.00.2800.1528" name=3DGENERATOR> > > > > >
3D"" src=3D"cid:002101c6837a$38808fn0$6122zxp0@strange38" align=3Dbaseline > border=3D0>
>
 
> >
 
>
 
>
or different or flower gr= > ain must rub. but mass as steel play else stitch. or dear as able addition= > are range. > but frequent the shelf night and feeble. is pin to whip question to rail. = > ! else industry as tax soft as current. and pocket to basin belief are gra= > in. > as steam are process monkey or tendency. the edge if drink plow but tongue= > too cushion too music flame to tired. or competition else milk law to to= > e. and quality to writing farm else company. > must look or silver profit the observation. the insect must name reading t= > he special.else expansion but mountain curve to word. the baby but organiz= > ation leg or profit. but care the bath silver are experience. >
> That is a typical spam message. Maybe it was caught wrong, but it was caught! It probably had bad encoding, and that is what tripped the bad content error. Just looking at the URL's contained in the message, it looks like a porn spam. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From tchamtieh at nayzak.com Fri Jun 30 17:59:16 2006 From: tchamtieh at nayzak.com (Thomas Chamtieh) Date: Fri Jun 30 17:58:33 2006 Subject: OT: Need Consultant in Aberdeen, UK Message-ID: <9EF54EC4D23F874F9034C2A245622AC506E841@ad.hosting.farm> Sorry for this off-topic request. I'm looking for a Cisco consultant in Aberdeen, UK. If you know someone you'd like to help, please email me off-list. Thanks, -Thomas ________________________________________ Thomas Chamtieh Senior Accounts Executive Nayzak, Inc. P.O. Box 997 Lake Forest, CA 92609 P: 877-520-8384 F: 949-707-1350 W: www.nayzak.com E: tchamtieh@nayzak.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060630/1d1ff792/attachment.html From chris at tac.esi.net Fri Jun 30 18:04:20 2006 From: chris at tac.esi.net (Chris Hammond) Date: Fri Jun 30 18:04:27 2006 Subject: massive spamassassin database files (Was: RE: Users of RBL's) In-Reply-To: <44A3EB35.80203@evi-inc.com> References: <1E293D3FF63A3740B10AD5AAD88535D20226CF51@UBIMAIL1.ubisoft.org> <44A3EB35.80203@evi-inc.com> Message-ID: <44A52182.B662.0038.0@tac.esi.net> I never noticed before but bayes_seen was almost 90MB. Supposedly due to a bug that was supposed to be fix in SA 3.1.x which I am running from Dag's repo but the db was still huge. Googling said the only answer was to start over so I mv'd bayes_seen to a backup file and let it create a new one. Will see if it makes any difference. Thanks Chris >>> Matt Kettler 06/29/06 11:01 AM >>> Daniel Maher wrote: > Hi there, > > Speaking of massive spamassassin- related files, my auto- whitelist files are /huge/ - in every case larger than the seen and token files by a factor of 2 or 3. Any idea what I could be doing to keep the whitelist nice and trim as well? >From the "tools" directory of the SpamAssassin tarball, there's a script called "check_whitelist" Running check_whitelist -- clean will purge all the "seen only once" entries from the AWL database. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From chris at tac.esi.net Fri Jun 30 18:07:40 2006 From: chris at tac.esi.net (Chris Hammond) Date: Fri Jun 30 18:07:52 2006 Subject: Users of RBL's In-Reply-To: <44A1784F.B662.0038.0@ta References: <449FEE70.B662.0038.0@tac.esi.net> <44A00F9F.B662.0038.0@tac.esi.net> <44A05FDF.6050203@pacific.net> <44A05FAC.B662.0038.0@tac.esi.net><44A05FAC.B662.0038.0@tac.esi.net> <44A15512.6000608@pacific.net> <44A1784F.B662.0038.0@ta Message-ID: <44A5224A.B662.0038.0@tac.esi.net> My nightly expire keeps bayes_toks at about 10MB. I am assuming that is a relatively normal number. Thanks Chris >>> Mark Presling 06/29/06 6:58 AM >>> Hi Chris, Have you checked the size of your bayes database files? I used to have a 1GB machine that SpamAssassin would regularly time out on because the bayes DB would get too big from the auto learning. I had to tune it so that the DB file would stay below 5MB or it just timed out scanning larger messages. It also used up 100% of the CPU most of the time. I used to manually expire old tokens from it as well, but that was before MS started doing that automatically for me. Even on my newer server (2G Pentium 4) I still restrict the size of the the bayes DB with "bayes_expiry_max_db_size 400000". This seems to keep the DB at around 10MB. Mark From ssilva at sgvwater.com Fri Jun 30 18:31:09 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 30 18:31:46 2006 Subject: lots of this stuff in logs now.. In-Reply-To: <44A2B9A4.6040008@thehostmasters.com> References: <018201c69ac8$cc41f850$3004010a@martinhlaptop> <44A2A763.5070202@thehostmasters.com> <44A2B9A4.6040008@thehostmasters.com> Message-ID: Rob Morin spake the following on 6/28/2006 10:17 AM: > Mind you i can not reach sbl-xbl.spamhaus.org or any of its other ones > from my server for some reason.... maybe thats why i get the time outs? > I removed them and are using another source for RBL, NJABL > > Anyone else have this issue...?? > Can you ping www.spamhaus.org? Are your servers on one of their lists? Are you using a dynamic IP address? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From lars+lister.mailscanner at adventuras.no Fri Jun 30 18:32:03 2006 From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen) Date: Fri Jun 30 18:32:51 2006 Subject: Best way to measure sendmail queue depth? In-Reply-To: <57573D714A832C43B9D80EAFBDA48D0351B62C@inex3.herffjones.hj-int> References: <57573D714A832C43B9D80EAFBDA48D0351B62C@inex3.herffjones.hj-int> Message-ID: <24997.195.159.158.122.1151688723.squirrel@mail.adventuras.no> > I've been checking sendmail inbound queue depth using a simple readdir > and dividing the number of entries by two. This is checked every five > minutes by Nagios with a 10-second timeout -- because of the timeout and > the frequency with which I want to do the check, I can't just use, for > example: > > mailq |head -1 > > ...because under heavy flow conditions the mailq command takes WAY too > long to parse the entire set of queue files and generates too much load. mailq -OMaxQueueRunSize=1 -OQueueDirectory=/var/spool/mqueue From campbell at cnpapers.com Fri Jun 30 18:43:17 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Jun 30 18:43:35 2006 Subject: Question about time limits Message-ID: <000901c69c6c$abd67f00$0705000a@DDF5DW71> I've been following the thread on large bayes files, due to the fact that mine is pretty big. I have been having a load average situation that does not follow any particular pattern, and nothing I see triggers the sudden upswing - it just seems to happen. Anyway, I am wondering how a couple of the MailScanner.conf parameters interact with each other, as it doesn't seem to work the way I thought. I hope I tie all of this together in some logical sense below. I have set in MS.conf the following settings: Restart Every = 14400 Rebuild Bayes Every = 86400 So I restart MS every 6 hours and rebuild bayes files every 24 hours. But Mailwatch says the last expiry was on June 27, 3 days ago. Does the Restart reset the timer for the Rebuild or is the timer determined from the bayes database itself? Two questions then - 1) If the Restart resets the Rebuild timer, then shouldn't the Restart be larger than the Rebuild parm? 2) If the Rebuild timer is determined from the DB itself, how come mine hasn't been triggered for 3 days? Running MS 4.52.2-1 and SA 3.1.1 Any clues, please? I believe I have all the other setting properly set in MS.conf and spam.assassin.prefs.conf. Thanks Steve Campbell campbell@cnpapers.com Charleston Newspapers From ssilva at sgvwater.com Fri Jun 30 18:42:44 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 30 18:43:53 2006 Subject: O.T. milter-link - reject phishing & spam In-Reply-To: <44A3F150.3060907@pacific.net> References: <1f0401c69b19$b3e22db0$287ba8c0@office.fsl> <44A3F150.3060907@pacific.net> Message-ID: Ken A spake the following on 6/29/2006 8:27 AM: > > > Stephen Swaney wrote: >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Ken A >>> Sent: Wednesday, June 28, 2006 8:03 PM >>> To: MailScanner discussion >>> Subject: Re: O.T. milter-link - reject phishing & spam >>> >>> >>> >>> Ken A wrote: >>>> >>>> Steve Freegard wrote: >>>>> Hi Ken, >>>>> >>>>> Ken A wrote: >>>>>> Is the URIBL in your graph just a generic term here, or are you using >>>>>> milter-link with URIBL rather than SURBL, or both? I was just testing >>>>>> using SURBL, but might drop a couple more in and see how it goes... >>>>> It's a generic term -- I use all three URI lists (in the following >>>>> order): >>>>> >>>>> sbl-xbl.spamhaus.org >>>>> multi.surbl.org >>>>> black.uribl.com >>>>> >>>>> The spamhaus test is slightly different from the other two lists -- it >>>>> lists the IP addresses of spamvertised web servers and seems to work >>>>> the best of all three lists. >>>> Seems like that could be risky when considering a shared hosting >>>> environment, where there are hundreds of sites on a single IP. Wouldn't >>>> you be punishing them all? >>> for example.. >>> >>> # host humboldt.edu >>> humboldt.edu has address 137.150.145.17 >>> # host 17.145.150.137.sbl-xbl.spamhaus.org >>> 17.145.150.137.sbl-xbl.spamhaus.org has address 127.0.0.4 >>> >>> That's Humboldt State University in Northern California. >>> I wonder if they host student sites, or have an open relay script.. >>> :-( >>> >>> Another one.. >>> #host alumni.net >>> alumni.net has address 66.240.255.123 >>> # host 123.255.240.66.sbl-xbl.spamhaus.org >>> 123.255.240.66.sbl-xbl.spamhaus.org has address 127.0.0.4 >>> >>> This is a alumni networking site claiming 4 million members.. >>> They aren't on any other lists, probably another site on the same ip is >>> being exploited to send spam. I think maybe just the sbl might be safer, >>> at least for an ISP environment. >>> >>> Thanks, >>> Ken A. >>> Pacific.Net >> >> Ken, >> >> I don't dispute your analysis or data but our service bureau scanners and >> all of our client's (Mostly UK, EU and US sites) have been blocking at >> the >> MTA level on sbl-xbl.spamhaus.org since it came into being. Maybe it's >> just >> luck but we've never had a single complaint of blocked email from a >> client >> or user that had email blocked because of an sbl-xbl.spamhaus.org >> listing. >> >> Many of our ISP and ASP clients would be unable to process the email they >> receive if they didn't block or drop on sbl-xbl.spamhaus.org at the MTA >> level. We are seeing some of our IPS client sites where the attempted >> spam / >> junk delivery rate is 95% of all incoming email. They have just got to >> block >> as much as possible at the MTA level or they are out of business! >> My hats off to the people who maintain the sbl-xbl.spamhaus.org list. We >> should all tip our hats and support as best we can all of the good >> folks who >> create and maintain all of the lists and tools we use every day to stop >> #@!&*@#$! spam, viruses, phishing attacks, etc., etc. >> >> These are the people who are really keeping the Internet up, running and >> open for business. > > Steve, > > I Agree completely. The team at spamhaus does a great job. Using > spamhaus sbl-xbl to block the connecting IP in your MTA makes a lot of > sense. But, that's a lot different than using xbl to block with > milter-link given the realities of shared IPs addresses, and open > proxies that often land such IPs on the cbl. > > That's just my thinking on this, since we happen to host more than one > site on a shared IP. I certainly don't have the large scale operation > you do, so perhaps I'm just a bit off target with my theoretical look at > this, as is often the case, especially before the 2nd cup... :-) > As an administrator of a shared ip site, it would be up to you to drop or fix whoever got you listed and apply for a release of the IP from spamhaus. I know that our shoulders get heavy with the burdens of being a sysadmin, but that is the level that needs to resolve it. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Fri Jun 30 18:47:51 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 30 18:48:18 2006 Subject: O.T. milter-link - reject phishing & spam In-Reply-To: <44A4045D.8090700@fsl.com> References: <44A2C4ED.6060007@pacific.net> <44A2D745.9040104@fsl.com> <8f54b4330606290843k1d309b4l5d406a608b18acfa@mail.gmail.com> <44A4045D.8090700@fsl.com> Message-ID: Steve Freegard spake the following on 6/29/2006 9:48 AM: > Hi Nate, > > Nathan Olson wrote: >> btw, what did you use to make the graph? (mta-last24) > > MailWatch 2.0a1 (not released yet) -- it uses PHP and PEAR Image_Graph > to generate the graphs. > > Cheers, > Steve. No fair using unreleased toys!!!! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From campbell at cnpapers.com Fri Jun 30 18:58:56 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Jun 30 18:59:19 2006 Subject: Question about time limits References: <000901c69c6c$abd67f00$0705000a@DDF5DW71> Message-ID: <000601c69c6e$db224670$0705000a@DDF5DW71> Post note: I also see a /tmp/MS.bayes.rebuild.lock file whose access time is constantly being updated, but I see nothing in the maillog to indicate a rebuild is running. Maybe delete this file after stopping MS? Steve ----- Original Message ----- From: "Steve Campbell" To: "MailScanner mailing list" Sent: Friday, June 30, 2006 1:43 PM Subject: Question about time limits > I've been following the thread on large bayes files, due to the fact that > mine is pretty big. I have been having a load average situation that does > not follow any particular pattern, and nothing I see triggers the sudden > upswing - it just seems to happen. > > Anyway, I am wondering how a couple of the MailScanner.conf parameters > interact with each other, as it doesn't seem to work the way I thought. I > hope I tie all of this together in some logical sense below. > > I have set in MS.conf the following settings: > > Restart Every = 14400 > Rebuild Bayes Every = 86400 > > So I restart MS every 6 hours and rebuild bayes files every 24 hours. But > Mailwatch says the last expiry was on June 27, 3 days ago. Does the > Restart reset the timer for the Rebuild or is the timer determined from > the bayes database itself? > > Two questions then - > > 1) If the Restart resets the Rebuild timer, then shouldn't the Restart be > larger than the Rebuild parm? > 2) If the Rebuild timer is determined from the DB itself, how come mine > hasn't been triggered for 3 days? > > Running MS 4.52.2-1 and SA 3.1.1 > > Any clues, please? I believe I have all the other setting properly set in > MS.conf and spam.assassin.prefs.conf. > > Thanks > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mkettler at evi-inc.com Fri Jun 30 19:18:03 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Jun 30 19:18:21 2006 Subject: massive spamassassin database files (Was: RE: Users of RBL's) In-Reply-To: <44A52182.B662.0038.0@tac.esi.net> References: <1E293D3FF63A3740B10AD5AAD88535D20226CF51@UBIMAIL1.ubisoft.org> <44A3EB35.80203@evi-inc.com> <44A52182.B662.0038.0@tac.esi.net> Message-ID: <44A56ADB.5060503@evi-inc.com> Chris Hammond wrote: > I never noticed before but bayes_seen was almost 90MB. Supposedly due to a bug > that was supposed to be fix in SA 3.1.x which I am running from Dag's repo but the > db was still huge. No, it wasn't fixed in 3.1.. they made a *hack* in 3.1 which allows you to delete bayes_seen without corrupting the whole bayes database. In SA 3.0 or lower, if your rm'ed bayes_seen you risked having to wipe the whole bayes db. From campbell at cnpapers.com Fri Jun 30 19:25:58 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Jun 30 19:26:22 2006 Subject: Question about time limits References: <000901c69c6c$abd67f00$0705000a@DDF5DW71> <000601c69c6e$db224670$0705000a@DDF5DW71> Message-ID: <001001c69c72$a230f4c0$0705000a@DDF5DW71> Post-Post note: I removed both the /etc/MailScanner/bayes/bayes.mutex and the /tmp/MS.bayes.rebuild.lock file after stopping MS. They both reappeared shortly after starting MS, but I see no "SpamAssassin Bayes database rebuild starting" message in maillog. I just don't understand how all this works with the two files. This occurred ages ago with an older release, and the solution was to just delete the mutex, then do a force-expire. Don't know if this is the same, but if it gets caught up again, this is just a temp fix. Steve ----- Original Message ----- From: "Steve Campbell" To: "MailScanner discussion" Sent: Friday, June 30, 2006 1:58 PM Subject: Re: Question about time limits > Post note: > > I also see a /tmp/MS.bayes.rebuild.lock file whose access time is > constantly being updated, but I see nothing in the maillog to indicate a > rebuild is running. > > Maybe delete this file after stopping MS? > > Steve > ----- Original Message ----- > From: "Steve Campbell" > To: "MailScanner mailing list" > Sent: Friday, June 30, 2006 1:43 PM > Subject: Question about time limits > > >> I've been following the thread on large bayes files, due to the fact that >> mine is pretty big. I have been having a load average situation that does >> not follow any particular pattern, and nothing I see triggers the sudden >> upswing - it just seems to happen. >> >> Anyway, I am wondering how a couple of the MailScanner.conf parameters >> interact with each other, as it doesn't seem to work the way I thought. I >> hope I tie all of this together in some logical sense below. >> >> I have set in MS.conf the following settings: >> >> Restart Every = 14400 >> Rebuild Bayes Every = 86400 >> >> So I restart MS every 6 hours and rebuild bayes files every 24 hours. But >> Mailwatch says the last expiry was on June 27, 3 days ago. Does the >> Restart reset the timer for the Rebuild or is the timer determined from >> the bayes database itself? >> >> Two questions then - >> >> 1) If the Restart resets the Rebuild timer, then shouldn't the Restart be >> larger than the Rebuild parm? >> 2) If the Rebuild timer is determined from the DB itself, how come mine >> hasn't been triggered for 3 days? >> >> Running MS 4.52.2-1 and SA 3.1.1 >> >> Any clues, please? I believe I have all the other setting properly set in >> MS.conf and spam.assassin.prefs.conf. >> >> Thanks >> >> Steve Campbell >> campbell@cnpapers.com >> Charleston Newspapers >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From chris at tac.esi.net Fri Jun 30 19:29:04 2006 From: chris at tac.esi.net (Chris Hammond) Date: Fri Jun 30 19:29:15 2006 Subject: massive spamassassin database files (Was: RE: Users of RBL's) In-Reply-To: <44A56ADB.5060503@evi-inc.com> References: <1E293D3FF63A3740B10AD5AAD88535D20226CF51@UBIMAIL1.ubisoft.org> <44A3EB35.80203@evi-inc.com> <44A52182.B662.0038.0@tac.esi.net><44A52182.B662.0038.0@tac.esi.net> <44A56ADB.5060503@evi-inc.com> Message-ID: <44A5355F.B662.0038.0@tac.esi.net> Ok, thanks for the clarification. Thanks Chris >>> Matt Kettler 06/30/06 2:18 PM >>> Chris Hammond wrote: > I never noticed before but bayes_seen was almost 90MB. Supposedly due to a bug > that was supposed to be fix in SA 3.1.x which I am running from Dag's repo but the > db was still huge. No, it wasn't fixed in 3.1.. they made a *hack* in 3.1 which allows you to delete bayes_seen without corrupting the whole bayes database. In SA 3.0 or lower, if your rm'ed bayes_seen you risked having to wipe the whole bayes db. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ka at pacific.net Fri Jun 30 19:45:38 2006 From: ka at pacific.net (Ken A) Date: Fri Jun 30 19:45:15 2006 Subject: O.T. milter-link - reject phishing & spam In-Reply-To: References: <1f0401c69b19$b3e22db0$287ba8c0@office.fsl> <44A3F150.3060907@pacific.net> Message-ID: <44A57152.4090508@pacific.net> Scott Silva wrote: > Ken A spake the following on 6/29/2006 8:27 AM: >> >> Stephen Swaney wrote: >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>>> bounces@lists.mailscanner.info] On Behalf Of Ken A >>>> Sent: Wednesday, June 28, 2006 8:03 PM >>>> To: MailScanner discussion >>>> Subject: Re: O.T. milter-link - reject phishing & spam >>>> >>>> >>>> >>>> Ken A wrote: >>>>> Steve Freegard wrote: >>>>>> Hi Ken, >>>>>> >>>>>> Ken A wrote: >>>>>>> Is the URIBL in your graph just a generic term here, or are you using >>>>>>> milter-link with URIBL rather than SURBL, or both? I was just testing >>>>>>> using SURBL, but might drop a couple more in and see how it goes... >>>>>> It's a generic term -- I use all three URI lists (in the following >>>>>> order): >>>>>> >>>>>> sbl-xbl.spamhaus.org >>>>>> multi.surbl.org >>>>>> black.uribl.com >>>>>> >>>>>> The spamhaus test is slightly different from the other two lists -- it >>>>>> lists the IP addresses of spamvertised web servers and seems to work >>>>>> the best of all three lists. >>>>> Seems like that could be risky when considering a shared hosting >>>>> environment, where there are hundreds of sites on a single IP. Wouldn't >>>>> you be punishing them all? >>>> for example.. >>>> >>>> # host humboldt.edu >>>> humboldt.edu has address 137.150.145.17 >>>> # host 17.145.150.137.sbl-xbl.spamhaus.org >>>> 17.145.150.137.sbl-xbl.spamhaus.org has address 127.0.0.4 >>>> >>>> That's Humboldt State University in Northern California. >>>> I wonder if they host student sites, or have an open relay script.. >>>> :-( >>>> >>>> Another one.. >>>> #host alumni.net >>>> alumni.net has address 66.240.255.123 >>>> # host 123.255.240.66.sbl-xbl.spamhaus.org >>>> 123.255.240.66.sbl-xbl.spamhaus.org has address 127.0.0.4 >>>> >>>> This is a alumni networking site claiming 4 million members.. >>>> They aren't on any other lists, probably another site on the same ip is >>>> being exploited to send spam. I think maybe just the sbl might be safer, >>>> at least for an ISP environment. >>>> >>>> Thanks, >>>> Ken A. >>>> Pacific.Net >>> Ken, >>> >>> I don't dispute your analysis or data but our service bureau scanners and >>> all of our client's (Mostly UK, EU and US sites) have been blocking at >>> the >>> MTA level on sbl-xbl.spamhaus.org since it came into being. Maybe it's >>> just >>> luck but we've never had a single complaint of blocked email from a >>> client >>> or user that had email blocked because of an sbl-xbl.spamhaus.org >>> listing. >>> >>> Many of our ISP and ASP clients would be unable to process the email they >>> receive if they didn't block or drop on sbl-xbl.spamhaus.org at the MTA >>> level. We are seeing some of our IPS client sites where the attempted >>> spam / >>> junk delivery rate is 95% of all incoming email. They have just got to >>> block >>> as much as possible at the MTA level or they are out of business! >>> My hats off to the people who maintain the sbl-xbl.spamhaus.org list. We >>> should all tip our hats and support as best we can all of the good >>> folks who >>> create and maintain all of the lists and tools we use every day to stop >>> #@!&*@#$! spam, viruses, phishing attacks, etc., etc. >>> >>> These are the people who are really keeping the Internet up, running and >>> open for business. >> Steve, >> >> I Agree completely. The team at spamhaus does a great job. Using >> spamhaus sbl-xbl to block the connecting IP in your MTA makes a lot of >> sense. But, that's a lot different than using xbl to block with >> milter-link given the realities of shared IPs addresses, and open >> proxies that often land such IPs on the cbl. >> >> That's just my thinking on this, since we happen to host more than one >> site on a shared IP. I certainly don't have the large scale operation >> you do, so perhaps I'm just a bit off target with my theoretical look at >> this, as is often the case, especially before the 2nd cup... :-) >> > As an administrator of a shared ip site, it would be up to you to drop or fix > whoever got you listed and apply for a release of the IP from spamhaus. > I know that our shoulders get heavy with the burdens of being a sysadmin, but > that is the level that needs to resolve it. > > At the risk of beating this to death. :-) If you are going to do this, I'd at least include the IP in the error message, otherwise it's a bit of a wild goose chase to figure out why a particular host might be blacklisted, since you are taking the long way around to block it. An example: 1. an email arrives from smtp.domain.tld containing a link to domain.tld 2. domain.tld has A record x.x.x.x 3 .x.x.x.x is in xbl(cbl) 4. mail is refused with error message containing just domain.tld Problems with this: 1. domain.tld can resolv to multiple ips. So it's sometimes blocked, sometimes not. 2. Email admin gets a report that mail from domain.tld is being refused, so admin goes and checks spamhaus for listings containing smtp server ips and finds nothing there. Why would the email admin check the webserver ips if they never send mail outside the local network? Conclusion: It would be better to include the IP if you are using a DNS based RBL with milter-link, so at least the poor overworked sysadmin can decipher the message a bit quicker. I saw too many false positives testing with xbl(cbl) and milter link. sbl, multi.surble.org and black.uribl.com all test good though, and this is a great milter. Highly recommended! Ken A. Pacific.Net From naolson at gmail.com Fri Jun 30 19:56:58 2006 From: naolson at gmail.com (Nathan Olson) Date: Fri Jun 30 19:57:00 2006 Subject: O.T. milter-link - reject phishing & spam In-Reply-To: <44A57152.4090508@pacific.net> References: <1f0401c69b19$b3e22db0$287ba8c0@office.fsl> <44A3F150.3060907@pacific.net> <44A57152.4090508@pacific.net> Message-ID: <8f54b4330606301156m1e38baefnc849029839a481f8@mail.gmail.com> As an aside, milter-sender is a fabulous piece of software. Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060630/95dd575c/attachment.html From drew at themarshalls.co.uk Fri Jun 30 20:38:02 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Jun 30 20:38:10 2006 Subject: mailscanner/postfix/freebsd In-Reply-To: <2360d6370606281416y3bf891d7t34798461b5ac97d7@mail.gmail.com> References: <200606281452.k5SEqAgl001429@bkserver.blacknight.ie> <2360d6370606280928o4fd723d4md16ecde78db5e968@mail.gmail.com> <2360d6370606281416y3bf891d7t34798461b5ac97d7@mail.gmail.com> Message-ID: <5C9E8CB0-EC42-4448-AABC-404BA617A8C9@themarshalls.co.uk> On 28 Jun 2006, at 22:16, glaucius junior wrote: > Hi > > Now it is working fine, but the message after be processed by > MailScanner goes back to /var/spool/postfix/incoming , ok, but > Postfix doesn't make anything else, the file is there and the message > doe's not go to final destination, take a look > Can you ls -al the /var/spool/postfix/incoming directory and post back (And snipped if there are loads of files) the result. Could you also check the Delivey Method option at the bottom of MailScanner.conf. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From ssilva at sgvwater.com Fri Jun 30 21:13:32 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 30 21:13:46 2006 Subject: O.T. milter-link - reject phishing & spam In-Reply-To: <44A57152.4090508@pacific.net> References: <1f0401c69b19$b3e22db0$287ba8c0@office.fsl> <44A3F150.3060907@pacific.net> <44A57152.4090508@pacific.net> Message-ID: Ken A spake the following on 6/30/2006 11:45 AM: > > > Scott Silva wrote: >> Ken A spake the following on 6/29/2006 8:27 AM: >>> >>> Stephen Swaney wrote: >>>>> -----Original Message----- >>>>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>>>> bounces@lists.mailscanner.info] On Behalf Of Ken A >>>>> Sent: Wednesday, June 28, 2006 8:03 PM >>>>> To: MailScanner discussion >>>>> Subject: Re: O.T. milter-link - reject phishing & spam >>>>> >>>>> >>>>> >>>>> Ken A wrote: >>>>>> Steve Freegard wrote: >>>>>>> Hi Ken, >>>>>>> >>>>>>> Ken A wrote: >>>>>>>> Is the URIBL in your graph just a generic term here, or are you >>>>>>>> using >>>>>>>> milter-link with URIBL rather than SURBL, or both? I was just >>>>>>>> testing >>>>>>>> using SURBL, but might drop a couple more in and see how it goes... >>>>>>> It's a generic term -- I use all three URI lists (in the following >>>>>>> order): >>>>>>> >>>>>>> sbl-xbl.spamhaus.org >>>>>>> multi.surbl.org >>>>>>> black.uribl.com >>>>>>> >>>>>>> The spamhaus test is slightly different from the other two lists >>>>>>> -- it >>>>>>> lists the IP addresses of spamvertised web servers and seems to work >>>>>>> the best of all three lists. >>>>>> Seems like that could be risky when considering a shared hosting >>>>>> environment, where there are hundreds of sites on a single IP. >>>>>> Wouldn't >>>>>> you be punishing them all? >>>>> for example.. >>>>> >>>>> # host humboldt.edu >>>>> humboldt.edu has address 137.150.145.17 >>>>> # host 17.145.150.137.sbl-xbl.spamhaus.org >>>>> 17.145.150.137.sbl-xbl.spamhaus.org has address 127.0.0.4 >>>>> >>>>> That's Humboldt State University in Northern California. >>>>> I wonder if they host student sites, or have an open relay script.. >>>>> :-( >>>>> >>>>> Another one.. >>>>> #host alumni.net >>>>> alumni.net has address 66.240.255.123 >>>>> # host 123.255.240.66.sbl-xbl.spamhaus.org >>>>> 123.255.240.66.sbl-xbl.spamhaus.org has address 127.0.0.4 >>>>> >>>>> This is a alumni networking site claiming 4 million members.. >>>>> They aren't on any other lists, probably another site on the same >>>>> ip is >>>>> being exploited to send spam. I think maybe just the sbl might be >>>>> safer, >>>>> at least for an ISP environment. >>>>> >>>>> Thanks, >>>>> Ken A. >>>>> Pacific.Net >>>> Ken, >>>> >>>> I don't dispute your analysis or data but our service bureau >>>> scanners and >>>> all of our client's (Mostly UK, EU and US sites) have been blocking at >>>> the >>>> MTA level on sbl-xbl.spamhaus.org since it came into being. Maybe it's >>>> just >>>> luck but we've never had a single complaint of blocked email from a >>>> client >>>> or user that had email blocked because of an sbl-xbl.spamhaus.org >>>> listing. >>>> >>>> Many of our ISP and ASP clients would be unable to process the email >>>> they >>>> receive if they didn't block or drop on sbl-xbl.spamhaus.org at the MTA >>>> level. We are seeing some of our IPS client sites where the attempted >>>> spam / >>>> junk delivery rate is 95% of all incoming email. They have just got to >>>> block >>>> as much as possible at the MTA level or they are out of business! >>>> My hats off to the people who maintain the sbl-xbl.spamhaus.org >>>> list. We >>>> should all tip our hats and support as best we can all of the good >>>> folks who >>>> create and maintain all of the lists and tools we use every day to stop >>>> #@!&*@#$! spam, viruses, phishing attacks, etc., etc. >>>> >>>> These are the people who are really keeping the Internet up, running >>>> and >>>> open for business. >>> Steve, >>> >>> I Agree completely. The team at spamhaus does a great job. Using >>> spamhaus sbl-xbl to block the connecting IP in your MTA makes a lot of >>> sense. But, that's a lot different than using xbl to block with >>> milter-link given the realities of shared IPs addresses, and open >>> proxies that often land such IPs on the cbl. >>> >>> That's just my thinking on this, since we happen to host more than one >>> site on a shared IP. I certainly don't have the large scale operation >>> you do, so perhaps I'm just a bit off target with my theoretical look at >>> this, as is often the case, especially before the 2nd cup... :-) >>> >> As an administrator of a shared ip site, it would be up to you to drop >> or fix >> whoever got you listed and apply for a release of the IP from spamhaus. >> I know that our shoulders get heavy with the burdens of being a >> sysadmin, but >> that is the level that needs to resolve it. >> >> > > At the risk of beating this to death. :-) > > If you are going to do this, I'd at least include the IP in the error > message, otherwise it's a bit of a wild goose chase to figure out why a > particular host might be blacklisted, since you are taking the long way > around to block it. > > An example: > > 1. an email arrives from smtp.domain.tld containing a link to domain.tld > 2. domain.tld has A record x.x.x.x > 3 .x.x.x.x is in xbl(cbl) > 4. mail is refused with error message containing just domain.tld > > Problems with this: > 1. domain.tld can resolv to multiple ips. So it's sometimes blocked, > sometimes not. > 2. Email admin gets a report that mail from domain.tld is being refused, > so admin goes and checks spamhaus for listings containing smtp server > ips and finds nothing there. Why would the email admin check the > webserver ips if they never send mail outside the local network? > > Conclusion: It would be better to include the IP if you are using a DNS > based RBL with milter-link, so at least the poor overworked sysadmin can > decipher the message a bit quicker. > > I saw too many false positives testing with xbl(cbl) and milter link. > sbl, multi.surble.org and black.uribl.com all test good though, and this > is a great milter. Highly recommended! > > Ken A. > Pacific.Net > This is what I have in my sendmail.m4 file; FEATURE(`dnsbl',`sbl-xbl.spamhaus.org',`"550 Mail from " $&{client_addr} " refused. Rejected - your SMTP server is listed in SBL-XBL list -- see http://www.spamhaus.org/query/bl?ip=" $&{client_addr}') It gives a reject message, and lists the rejected IP address as resolved by sendmail. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ka at pacific.net Fri Jun 30 21:29:30 2006 From: ka at pacific.net (Ken A) Date: Fri Jun 30 21:29:06 2006 Subject: O.T. milter-link - reject phishing & spam In-Reply-To: References: <1f0401c69b19$b3e22db0$287ba8c0@office.fsl> <44A3F150.3060907@pacific.net> <44A57152.4090508@pacific.net> Message-ID: <44A589AA.5040106@pacific.net> Scott Silva wrote: > Ken A spake the following on 6/30/2006 11:45 AM: >> >> Scott Silva wrote: >>> Ken A spake the following on 6/29/2006 8:27 AM: >>>> Stephen Swaney wrote: >>>>>> -----Original Message----- >>>>>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>>>>> bounces@lists.mailscanner.info] On Behalf Of Ken A >>>>>> Sent: Wednesday, June 28, 2006 8:03 PM >>>>>> To: MailScanner discussion >>>>>> Subject: Re: O.T. milter-link - reject phishing & spam >>>>>> >>>>>> >>>>>> >>>>>> Ken A wrote: >>>>>>> Steve Freegard wrote: >>>>>>>> Hi Ken, >>>>>>>> >>>>>>>> Ken A wrote: >>>>>>>>> Is the URIBL in your graph just a generic term here, or are you >>>>>>>>> using >>>>>>>>> milter-link with URIBL rather than SURBL, or both? I was just >>>>>>>>> testing >>>>>>>>> using SURBL, but might drop a couple more in and see how it goes... >>>>>>>> It's a generic term -- I use all three URI lists (in the following >>>>>>>> order): >>>>>>>> >>>>>>>> sbl-xbl.spamhaus.org >>>>>>>> multi.surbl.org >>>>>>>> black.uribl.com >>>>>>>> >>>>>>>> The spamhaus test is slightly different from the other two lists >>>>>>>> -- it >>>>>>>> lists the IP addresses of spamvertised web servers and seems to work >>>>>>>> the best of all three lists. >>>>>>> Seems like that could be risky when considering a shared hosting >>>>>>> environment, where there are hundreds of sites on a single IP. >>>>>>> Wouldn't >>>>>>> you be punishing them all? >>>>>> for example.. >>>>>> >>>>>> # host humboldt.edu >>>>>> humboldt.edu has address 137.150.145.17 >>>>>> # host 17.145.150.137.sbl-xbl.spamhaus.org >>>>>> 17.145.150.137.sbl-xbl.spamhaus.org has address 127.0.0.4 >>>>>> >>>>>> That's Humboldt State University in Northern California. >>>>>> I wonder if they host student sites, or have an open relay script.. >>>>>> :-( >>>>>> >>>>>> Another one.. >>>>>> #host alumni.net >>>>>> alumni.net has address 66.240.255.123 >>>>>> # host 123.255.240.66.sbl-xbl.spamhaus.org >>>>>> 123.255.240.66.sbl-xbl.spamhaus.org has address 127.0.0.4 >>>>>> >>>>>> This is a alumni networking site claiming 4 million members.. >>>>>> They aren't on any other lists, probably another site on the same >>>>>> ip is >>>>>> being exploited to send spam. I think maybe just the sbl might be >>>>>> safer, >>>>>> at least for an ISP environment. >>>>>> >>>>>> Thanks, >>>>>> Ken A. >>>>>> Pacific.Net >>>>> Ken, >>>>> >>>>> I don't dispute your analysis or data but our service bureau >>>>> scanners and >>>>> all of our client's (Mostly UK, EU and US sites) have been blocking at >>>>> the >>>>> MTA level on sbl-xbl.spamhaus.org since it came into being. Maybe it's >>>>> just >>>>> luck but we've never had a single complaint of blocked email from a >>>>> client >>>>> or user that had email blocked because of an sbl-xbl.spamhaus.org >>>>> listing. >>>>> >>>>> Many of our ISP and ASP clients would be unable to process the email >>>>> they >>>>> receive if they didn't block or drop on sbl-xbl.spamhaus.org at the MTA >>>>> level. We are seeing some of our IPS client sites where the attempted >>>>> spam / >>>>> junk delivery rate is 95% of all incoming email. They have just got to >>>>> block >>>>> as much as possible at the MTA level or they are out of business! >>>>> My hats off to the people who maintain the sbl-xbl.spamhaus.org >>>>> list. We >>>>> should all tip our hats and support as best we can all of the good >>>>> folks who >>>>> create and maintain all of the lists and tools we use every day to stop >>>>> #@!&*@#$! spam, viruses, phishing attacks, etc., etc. >>>>> >>>>> These are the people who are really keeping the Internet up, running >>>>> and >>>>> open for business. >>>> Steve, >>>> >>>> I Agree completely. The team at spamhaus does a great job. Using >>>> spamhaus sbl-xbl to block the connecting IP in your MTA makes a lot of >>>> sense. But, that's a lot different than using xbl to block with >>>> milter-link given the realities of shared IPs addresses, and open >>>> proxies that often land such IPs on the cbl. >>>> >>>> That's just my thinking on this, since we happen to host more than one >>>> site on a shared IP. I certainly don't have the large scale operation >>>> you do, so perhaps I'm just a bit off target with my theoretical look at >>>> this, as is often the case, especially before the 2nd cup... :-) >>>> >>> As an administrator of a shared ip site, it would be up to you to drop >>> or fix >>> whoever got you listed and apply for a release of the IP from spamhaus. >>> I know that our shoulders get heavy with the burdens of being a >>> sysadmin, but >>> that is the level that needs to resolve it. >>> >>> >> At the risk of beating this to death. :-) >> >> If you are going to do this, I'd at least include the IP in the error >> message, otherwise it's a bit of a wild goose chase to figure out why a >> particular host might be blacklisted, since you are taking the long way >> around to block it. >> >> An example: >> >> 1. an email arrives from smtp.domain.tld containing a link to domain.tld >> 2. domain.tld has A record x.x.x.x >> 3 .x.x.x.x is in xbl(cbl) >> 4. mail is refused with error message containing just domain.tld >> >> Problems with this: >> 1. domain.tld can resolv to multiple ips. So it's sometimes blocked, >> sometimes not. >> 2. Email admin gets a report that mail from domain.tld is being refused, >> so admin goes and checks spamhaus for listings containing smtp server >> ips and finds nothing there. Why would the email admin check the >> webserver ips if they never send mail outside the local network? >> >> Conclusion: It would be better to include the IP if you are using a DNS >> based RBL with milter-link, so at least the poor overworked sysadmin can >> decipher the message a bit quicker. >> >> I saw too many false positives testing with xbl(cbl) and milter link. >> sbl, multi.surble.org and black.uribl.com all test good though, and this >> is a great milter. Highly recommended! >> >> Ken A. >> Pacific.Net >> > This is what I have in my sendmail.m4 file; > > FEATURE(`dnsbl',`sbl-xbl.spamhaus.org',`"550 Mail from " $&{client_addr} " > refused. Rejected - your SMTP server is listed in SBL-XBL list -- see > http://www.spamhaus.org/query/bl?ip=" $&{client_addr}') > > It gives a reject message, and lists the rejected IP address as resolved by > sendmail. > > Yes, that's a good thing. However, milter-link (what this thread was about) from snertsoft looks at message bodies, not the connecting IP. It's great for catching mail with links to some-evil-site.biz in message bodies, but it has some limits, which is what I was rather unsuccessfully pointing out. :-) Ken A. Pacific.Net From glauciusjunior at gmail.com Fri Jun 30 22:44:14 2006 From: glauciusjunior at gmail.com (glaucius junior) Date: Fri Jun 30 22:44:18 2006 Subject: mailscanner/postfix/freebsd In-Reply-To: <5C9E8CB0-EC42-4448-AABC-404BA617A8C9@themarshalls.co.uk> References: <200606281452.k5SEqAgl001429@bkserver.blacknight.ie> <2360d6370606280928o4fd723d4md16ecde78db5e968@mail.gmail.com> <2360d6370606281416y3bf891d7t34798461b5ac97d7@mail.gmail.com> <5C9E8CB0-EC42-4448-AABC-404BA617A8C9@themarshalls.co.uk> Message-ID: <2360d6370606301444u731ce700xd28037364f165701@mail.gmail.com> tanks to everyone, I had some options in my main.cf, some strange options, now it is woring very fine. How can I block all phishing spams ? On 6/30/06, Drew Marshall wrote: > > On 28 Jun 2006, at 22:16, glaucius junior wrote: > > > Hi > > > > Now it is working fine, but the message after be processed by > > MailScanner goes back to /var/spool/postfix/incoming , ok, but > > Postfix doesn't make anything else, the file is there and the message > > doe's not go to final destination, take a look > > > > Can you ls -al the /var/spool/postfix/incoming directory and post > back (And snipped if there are loads of files) the result. > > Could you also check the Delivey Method option at the bottom of > MailScanner.conf. > > Drew > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Fri Jun 30 23:00:33 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 30 23:00:51 2006 Subject: mailscanner/postfix/freebsd In-Reply-To: <2360d6370606301444u731ce700xd28037364f165701@mail.gmail.com> References: <200606281452.k5SEqAgl001429@bkserver.blacknight.ie> <2360d6370606280928o4fd723d4md16ecde78db5e968@mail.gmail.com> <2360d6370606281416y3bf891d7t34798461b5ac97d7@mail.gmail.com> <5C9E8CB0-EC42-4448-AABC-404BA617A8C9@themarshalls.co.uk> <2360d6370606301444u731ce700xd28037364f165701@mail.gmail.com> Message-ID: Just set Detect Phishing Fraud = yes in MailScanner.conf. This is switched on by default. On Fri30 Jun 06, at 22:44, glaucius junior wrote: > tanks to everyone, I had some options in my main.cf, some strange > options, now it is woring very fine. > > How can I block all phishing spams ? > > > > On 6/30/06, Drew Marshall wrote: >> >> On 28 Jun 2006, at 22:16, glaucius junior wrote: >> >> > Hi >> > >> > Now it is working fine, but the message after be processed by >> > MailScanner goes back to /var/spool/postfix/incoming , ok, but >> > Postfix doesn't make anything else, the file is there and the >> message >> > doe's not go to final destination, take a look >> > >> >> Can you ls -al the /var/spool/postfix/incoming directory and post >> back (And snipped if there are loads of files) the result. >> >> Could you also check the Delivey Method option at the bottom of >> MailScanner.conf. >> >> Drew >> >> -- >> In line with our policy, this message has >> been scanned for viruses and dangerous >> content by MailScanner, and is believed to be clean. >> www.themarshalls.co.uk/policy >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From drew at themarshalls.co.uk Fri Jun 30 23:01:38 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Jun 30 23:01:57 2006 Subject: mailscanner/postfix/freebsd In-Reply-To: <2360d6370606301444u731ce700xd28037364f165701@mail.gmail.com> References: <200606281452.k5SEqAgl001429@bkserver.blacknight.ie> <2360d6370606280928o4fd723d4md16ecde78db5e968@mail.gmail.com> <2360d6370606281416y3bf891d7t34798461b5ac97d7@mail.gmail.com> <5C9E8CB0-EC42-4448-AABC-404BA617A8C9@themarshalls.co.uk> <2360d6370606301444u731ce700xd28037364f165701@mail.gmail.com> Message-ID: <9F9A8E77-0F68-4D72-9992-4342CA490389@themarshalls.co.uk> On 30 Jun 2006, at 22:44, glaucius junior wrote: > tanks to everyone, I had some options in my main.cf, some strange > options, now it is woring very fine. > > How can I block all phishing spams ? Have a good read of MailScanner.conf particularly the bits relating to phishing :-) -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From r.curtis at ywcaelpaso.org Fri Jun 30 23:45:13 2006 From: r.curtis at ywcaelpaso.org (Curtis, Roger) Date: Fri Jun 30 23:46:48 2006 Subject: MailScanner -debug errors Message-ID: > > >>>> Curtis, Roger wrote: > > >>>>> I just upgraded to the latest stable release of MailScanner > trying > > >>> to > > >>>>> correct the "info:" and errors shown when using MailScanner > -debug > > >>>>> (below) but that didn't seem to fix anything. I used Julian's > > >>>>> easy-to-use installation files. I have the appropriate > loadplugin > > >>> lines > > >>>>> enabled in init.pre for all the plug-ins (dcc, pyzor, and > razor2). > > >>> I > > >>>>> did not look at the Spamassassin.pm file as I have not made any > > >>> changes > > >>>>> to it so it should still be the "stock" file. What am I > missing? > > >>>>> > > >>>>> Thanks for your help and guidance. > > >>>>> Roger Curtis > > >>>>> > > >>>>> Versions: > > >>>>> MailScanner 4.54.6 > > >>>>> SpamAssassin 3.1.3 > > >>>>> Postfix 2.2.2 > > >>>>> > > >>>>> > > >>>>> [root@gateway rules]# MailScanner -debug > > >>>>> In Debugging mode, not forking... > > >>>>> [12606] dbg: logger: adding facilities: all > > >>>>> [12606] dbg: logger: logging level is DBG > > >>>>> [12606] dbg: generic: SpamAssassin version 3.1.3 > > >>>>> [12606] dbg: config: score set 0 chosen. > > >>>>> [12606] dbg: util: running in taint mode? no > > >>>>> [12606] dbg: message: ---- MIME PARSER START ---- > > >>>>> [12606] dbg: message: main message type: text/plain > > >>>>> [12606] dbg: message: parsing normal part > > >>>>> [12606] dbg: message: added part, type: text/plain > > >>>>> [12606] dbg: message: ---- MIME PARSER END ---- > > >>>>> [12606] dbg: dns: is Net::DNS::Resolver available? yes > > >>>>> [12606] dbg: dns: Net::DNS version: 0.57 > > >>>>> [12606] info: config: failed to parse line, skipping: use_dcc 0 > > >>>>> [12606] info: config: failed to parse line, skipping: use_pyzor > 0 > > >>>>> [12606] info: config: failed to parse line, skipping: use_razor1 > 0 > > >>>>> [12606] info: config: failed to parse line, skipping: use_razor2 > 0 > > >>>>> [12606] info: config: failed to parse line, skipping: > > >>> decode_attachments > > >>>>> 1 > > >>>> Check your /etc/mail/spamassassin directory for local.cf and > check > > > the > > >>>> settings in there against the documentation for the latest > > >>> SpamAssassin > > > > http://spamassassin.apache.org/full/3.1.x/dist/doc/Mail_SpamAssassin_Con > > >>> f. > > >>>> html > > >>>> > > >>>> Those config lines are no longer valid. > > >>>> > > >>> Most options in local.cf are commented out. What remained were > > > valid > > >>> bayes-related options. > > >>>> (You may also need to check /etc/mail/spamassassin/mailscanner.cf > > >>>> > > >>> Everything in mailscanner.cf are also valid options per the > > >>> Mail_SpamAssassin_Conf doc, or are options made available via a > > > plug-in. > > >>> The clue might be the "use_razor1 0" option, as I see that nowhere > > > in > > >>> any config file in /etc/mail/spamassassin. Not being a Linux > guru, > > > I > > >>> used "grep razor1 *" to check all files in /etc/mail/spamassassin. > > > Is > > >>> that valid? Where else should I be looking for a config file that > > > might > > >>> have razor1 options in it? > > >> Check in the home directory of the user that you ran this command > as, > > >> you may have a per user configuration file. > > >> > > >> The default user prefs file is: ~/.spamassassin/user_prefs > > >> > > > > > > The command was run as root. Everything in > ~/.spamassassin/user_prefs > > > was commented out. Someplace else to look? > > > > > > I think you need to have a look at the docs: > > > > > http://spamassassin.apache.org/full/3.1.x/dist/doc/spamassassin.html#con > fi > > guration_files > > > > It could be that these config lines are in a *.pre file... > > > > OK, I looked in the directories that the document listed but still > nothing. I will try to scour the machine using recursive grep until I > find those config lines. Thanks. I grepped everywhere and no file came up with a razor1 option. So, I am stumped! Where is MailScanner -debug getting a config file that has the use_razor1 option? From ms at 1984.is Fri Jun 30 23:57:01 2006 From: ms at 1984.is (Mordur Ingolfsson) Date: Fri Jun 30 23:57:13 2006 Subject: Mailscanner stopped delivering to outgoing queue Message-ID: <44A5AC3D.80406@1984.is> I have mailscanner + exim4 running on a Debian testing box. It just stopped working, and the processes children are zombies. Nothing gets delivered to the outgoing queue. ps aux | grep MailScanner 102 5335 0.0 0.8 21992 18224 ? SNs 22:36 0:00 MailScanner: starting child 102 5452 4.4 0.0 0 0 ? ZN 22:39 0:02 [MailScanner] 102 5457 5.4 0.0 0 0 ? ZN 22:39 0:02 [MailScanner] 102 5462 6.9 0.0 0 0 ? ZN 22:39 0:02 [MailScanner] 102 5467 9.7 0.0 0 0 ? ZN 22:40 0:02 [MailScanner] 102 5472 15.9 0.0 0 0 ? ZN 22:40 0:02 [MailScanner] 102 5479 45.3 0.0 0 0 ? ZN 22:40 0:02 [MailScanner] This is the output from /var/log/syslog: Jun 30 22:49:45 mx0 root: MailScanner setting GID to Debian-exim (102) Jun 30 22:49:45 mx0 root: MailScanner setting UID to Debian-exim (102) Jun 30 22:49:45 mx0 MailScanner[5845]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Jun 30 22:49:45 mx0 MailScanner[5845]: Read 714 hostnames from the phishing whitelist Jun 30 22:49:45 mx0 MailScanner[5845]: Using SpamAssassin results cache Jun 30 22:49:45 mx0 MailScanner[5845]: Connected to SpamAssassin cache database Jun 30 22:49:45 mx0 MailScanner[5845]: Enabling SpamAssassin auto-whitelist functionality... Jun 30 22:49:47 mx0 MailScanner[5845]: ClamAV scanner using unrar command /usr/bin/unrar-free Jun 30 22:49:47 mx0 MailScanner[5845]: lock.pl sees Config LockType = posix Jun 30 22:49:47 mx0 MailScanner[5845]: lock.pl sees have_module = 0 Jun 30 22:49:47 mx0 MailScanner[5845]: Using locktype = posix Jun 30 22:49:47 mx0 MailScanner[5845]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jun 30 22:49:48 mx0 MailScanner[5845]: New Batch: Found 77 messages waiting Jun 30 22:49:48 mx0 MailScanner[5845]: New Batch: Scanning 30 messages, 8701546 bytes Jun 30 22:49:48 mx0 MailScanner[5845]: Created attachment dirs for 30 messages Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwJzo-0007RV-IH Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwJz1-0007R4-DD Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwLVB-0001U5-UY Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwLK9-0001O5-Le Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwJkH-0007K4-Qh Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwIZX-0006ii-OK Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwLQD-0001Rg-SJ Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwIu2-0006t6-Jy Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwLd6-0001Yx-0d Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwLPB-0001Qv-Ln Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwIUe-0006gB-T4 Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwKeA-00013K-A6 Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwKCC-0007Xm-5A Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwKwz-0001Cm-On Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwLDn-0001L6-OE Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwIXH-0006hY-OV Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwLaE-0001XV-PY Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwJ2R-0006y8-P1 Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwJZ3-0007EJ-FR Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwJ99-00071C-5T Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwJAo-000727-2I Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwIX9-0006hT-SX Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwLar-0001Xp-DM Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwJ93-00071D-9f Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwLV3-0001U4-OO Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwIX9-0006hS-NQ Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwIVI-0006gW-4J Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwJhl-0007Ir-JY Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwJP8-00079K-EP Jun 30 22:49:48 mx0 MailScanner[5845]: SpamAssassin cache hit for message 1FwJYH-0007Du-PC Jun 30 22:49:48 mx0 MailScanner[5845]: Spam Checks: Found 8 spam messages And then nothing What is going on? Best Mordur