From taz at taz-mania.com Thu Jun 1 00:01:20 2006 From: taz at taz-mania.com (Dennis Willson) Date: Thu Jun 1 00:01:26 2006 Subject: Another call for improvements In-Reply-To: <447D97C7.2080805@enitech.com.au> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D8FC3.5040005@elirion.net> <447D59A5.B662.0038.0@tac.esi.net> <447D97C7.2080805@enitech.com.au> Message-ID: <447E2040.4090009@taz-mania.com> Can't you use mailwatch? Pete Russell wrote: > > Love to see a tool that really easily allows us exchange/outlook users > to provide a service to end users to be able to forward spam that does > get through to a SPAM or NOT SPAM mailbox that is auto sa-learned -- ---------------------------------- Dennis Willson mailto:taz@taz-mania.com http://www.taz-mania.com Owner / Operator, Kepnet Internet Services -------------- next part -------------- A non-text attachment was scrubbed... Name: taz.vcf Type: text/x-vcard Size: 219 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060531/19d60d01/taz.vcf From lshaw at emitinc.com Thu Jun 1 00:02:07 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Thu Jun 1 00:02:15 2006 Subject: Question about whitelisting a domain In-Reply-To: <1149115016.447e1a88c7c0d@webmail.northcarolina.edu> References: <1149115016.447e1a88c7c0d@webmail.northcarolina.edu> Message-ID: On Wed, 31 May 2006, jchezny@northcarolina.edu wrote: > Can any one help me determine why one domain out of twelve is not whitelisted; > even though this domain is listed in the 'Whitelist for Mailwatch'? Perhaps there is something different about it compared to the other 11 of them... :-) - Logan From Jeff.Mills at versacold.com.au Thu Jun 1 00:13:07 2006 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Thu Jun 1 00:13:12 2006 Subject: Another call for improvements Message-ID: <197F21E06E4D2A478519EA9078D6AA1C01B0AF11@poclexch.AU.POCOLD.POCL> I have created a public Folder on the exchange box for spam where users have access to drop emails, but not view the contents of the folder. I then run a script every hour where my MailScanner box connects to the public folder and learns from the mail in there. Once a week I run a script to clear the contents of the folder. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Dennis > Willson > Sent: Thursday, 1 June 2006 9:01 AM > To: MailScanner discussion > Subject: Re: Another call for improvements > > > Can't you use mailwatch? > > Pete Russell wrote: > > > > > Love to see a tool that really easily allows us > exchange/outlook users > > to provide a service to end users to be able to forward > spam that does > > get through to a SPAM or NOT SPAM mailbox that is auto sa-learned > > > -- > > ---------------------------------- > Dennis Willson > mailto:taz@taz-mania.com > http://www.taz-mania.com > > Owner / Operator, Kepnet Internet Services > > > > *** "This company is now part of the Versacold Holdings Corp. and is no longer owned by or affiliated with the P&O Group" *** Please update your address books: Was: firstname.lastname@pocold.com.au Now: firstname.lastname@versacold.com.au ************** www.versacold.com ************** From taz at taz-mania.com Thu Jun 1 00:18:15 2006 From: taz at taz-mania.com (Dennis Willson) Date: Thu Jun 1 00:18:18 2006 Subject: Another call for improvements In-Reply-To: <447E2040.4090009@taz-mania.com> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D8FC3.5040005@elirion.net> <447D59A5.B662.0038.0@tac.esi.net> <447D97C7.2080805@enitech.com.au> <447E2040.4090009@taz-mania.com> Message-ID: <447E2437.7040108@taz-mania.com> I would like the configuration file to be put into a database (optionally). If there's an option in the config file that is the name of the file that does database accesses for the configuration information then it ignores the rest of the file and begins to call that function to get the configuration information. This would make keeping multiple copies of MailScanner correctly sync'ed up much easier and allow an extension of MailWatch to make configuration changes. ---------------------------------- Dennis Willson mailto:taz@taz-mania.com http://www.taz-mania.com Owner / Operator, Kepnet Internet Services -------------- next part -------------- A non-text attachment was scrubbed... Name: taz.vcf Type: text/x-vcard Size: 219 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060531/8d7007e7/taz.vcf From mauriciopcavalcanti at hotmail.com Thu Jun 1 00:45:55 2006 From: mauriciopcavalcanti at hotmail.com (Mauricio) Date: Thu Jun 1 00:46:56 2006 Subject: Best way to test links? In-Reply-To: <200605022346.k42NkYgd011027@bkserver.blacknight.ie> Message-ID: Hi, I have a phishing problem that is getting me crazy. I send a HTML e-mail with a link to http://localhost/eicar.com or another link with virus (.cmd or .pif). I?m running apache in MS and put eicar in apache root directory. I?ve tested all links with wget in MS server and I get all of them. I tried to use MS with clamav with feature ?mail-follow-urls? but my message is still passing thought MS. What it?s wrong? What is the best way to test links inside html file? Thanks in advance, Mauricio. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060531/d6c4b109/attachment.html From gmane at tippingmar.com Thu Jun 1 01:18:00 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Thu Jun 1 01:18:15 2006 Subject: Another call for improvements In-Reply-To: <447CB0F3.5070401@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > Any of you got any features which you really need? > I don't guarantee to implement them, or even consider them :-) > > Is there currently a way to have the installation scripts create a log file so we can see what happened if things don't work out? Mark Nienberg From mikej at rogers.com Thu Jun 1 02:03:45 2006 From: mikej at rogers.com (Mike Jakubik) Date: Thu Jun 1 02:03:41 2006 Subject: Deleting blacklisted items (instead of storing) In-Reply-To: <447E1DD2.7070703@blacknight.ie> References: <447E1B54.3090600@rogers.com> <447E1DD2.7070703@blacknight.ie> Message-ID: <447E3CF1.5080000@rogers.com> Michele Neylon:: Blacknight.ie wrote: > Mike Jakubik wrote: > >> I have my lows scoring spam set to store, and high to delete. Whenever a >> message is received that is blacklisted it is stored. Is there any way >> to setup MS to delete blacklisted items? >> >> > What do you mean by blacklisted? Your personal blacklist or listed in a > DNSBL? > > The MS blacklist, is there any other kind? From alden at engineno9inc.com Thu Jun 1 04:23:06 2006 From: alden at engineno9inc.com (Alden Levy) Date: Thu Jun 1 04:23:14 2006 Subject: Use TNEF Contents problem Message-ID: <001701c6852a$b32e3b70$6c00a8c0@AldenLap> Nope. Haven't had a chance, yet. As luck would have it, my host's name servers were down for hours yesterday, so I had to deal with that. If anyone else has tried, please let me know. Thanks, Alden From: Julian Field ecs.soton.ac.uk> Subject: Re: Use TNEF Contents problem Newsgroups: gmane.mail.virus.mailscanner Date: 2006-05-30 20:36:19 GMT Have you tried TNEF Contents = add ? It's quite possible that Outlook-only features may be mis-rendered by Outlook when the Outlook features are replaced. This may be a good reason to change the default to TNEF Contents = add What does anyone else think of this setting? Alden Levy wrote: > MS version 4.54.6, FC2 > > I just found out that if you set Use TNEF Contents = replace, instead of = > no, vCards will not be properly rendered by Outlook. > > This may be known by many of you, but I just wanted to highlight it for > those of us who didn't. > > Regards, > Alden > > Alden Levy > Engine No. 9, Inc. > 130 W. 57th Street, Suite 2F > New York, NY 10019 > (212) 981-1122 > (212) 504-9598 fax > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From brad at beckenhauer.com Thu Jun 1 05:56:16 2006 From: brad at beckenhauer.com (Brad Beckenhauer) Date: Thu Jun 1 05:56:51 2006 Subject: Another call for improvements References: UID63431-1101139125 Message-ID: <20060531T235616Z_A9B700000000@beckenhauer.com> Requests/ideas: 1) Add Variables for the default filetype and filename conf files in MailScanner.conf. This allows for easier concatenation of multiple rulesets in the rules directory. Example: mailscanner.conf: # Set location of the default filetype rules %def-ft-rules% = %etc-dir%/filetype.rules.conf # Set location of the default filename rules %def-fn-rules% = %etc-dir%/filename.rules.conf This allows the following to be used: rules/filename.rules: FromOrTo: *@domain1.tld %rules-dir%/sites/domain1.tld/filename.rules.conf %def-fn-rules% FromOrTo: *@domain2.tld %rules-dir%/sites/domain2.tld/filename.rules.conf %def-fn-rules% FromOrTo: default %def-fn-rules% # Default filename ruleset rules/filetype.rules: FromOrTo: *@domain1.tld %rules-dir%/sites/domain1.tld/filetype.rules.conf %def-ft-rules% FromOrTo: *@domain2.tld %rules-dir%/sites/domain2.tld/filetype.rules.conf %def-ft-rules% FromOrTo: default %def-ft-rules% # Default filetype ruleset 2) review MailScanner.conf. There are several options that do not state what the available valid options. Obviously this does not apply to all options. example: # valid options: [yes], [no] or [filename of a ruleset] Content Modify Subject = yes 3) See http://www.archlinux.org/~simo/archstats/ This is a volunteer program with anonymous system information. It would be interesting to have MailScanner collect similiar info. MS could even collect information as to what percentage of the user base is using the defaults settings for an given option. example... Whats's the min/max/average and mode of the "Required SpamAssassin Score". >>> Julian Field 5/30/2006 3:54:11 PM >>> Any of you got any features which you really need? I don't guarantee to implement them, or even consider them :-) Anything you don't like, anything you particularly like (gratitude is always welcome :-) I'm a right sucker for it :-) At the moment there aren't any features people want, other than a 200% speed improvement which I've done my best for in the past. Don't ignore anything you have asked for in the past, consider them forgotten :-( Regards, Jules. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- Skipped content of type multipart/related From strydom.dave at gmail.com Thu Jun 1 06:04:15 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Thu Jun 1 06:04:17 2006 Subject: Another call for improvements In-Reply-To: <447E2437.7040108@taz-mania.com> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D8FC3.5040005@elirion.net> <447D59A5.B662.0038.0@tac.esi.net> <447D97C7.2080805@enitech.com.au> <447E2040.4090009@taz-mania.com> <447E2437.7040108@taz-mania.com> Message-ID: On 6/1/06, Dennis Willson wrote: > > I would like the configuration file to be put into a database > (optionally). If there's an option in the config file that is the name > of the file that does database accesses for the configuration > information then it ignores the rest of the file and begins to call that > function to get the configuration information. This would make keeping > multiple copies of MailScanner correctly sync'ed up much easier and > allow an extension of MailWatch to make configuration changes. > > ---------------------------------- > Dennis Willson > mailto:taz@taz-mania.com > http://www.taz-mania.com > > Owner / Operator, Kepnet Internet Services Although this may seem like a good idea, my only concern about something like this is that the chance of a mysql server crashing compared to a txt file crashing is hugly different. Also, is it not quicker to read from a txt file, than it would be to do sql queries? Dave From assooy at yahoo.com Thu Jun 1 07:07:31 2006 From: assooy at yahoo.com (ius) Date: Thu Jun 1 06:58:59 2006 Subject: quick rules question In-Reply-To: References: <1964AAFBC212F742958F9275BF63DBB03B14A2@winchester.andrewscompanies.com> <447B9A53.5050701@yahoo.com> Message-ID: <447E8423.40700@yahoo.com> Bahadir Kiziltan wrote: > What MTA do you use? In Postfix, I've managed to reject all mails from > a list by using "List-id" pattern shown in mail header. > > For Postfix, just add the following line to "header_checks" file and > restart the postfix... > > /^List-Id: $/ REJECT > > On 5/30/06, ius wrote: >> sandrews@andrewscompanies.com wrote: >> > Why not mailscanner's blacklist? >> > >> > -----Original Message----- >> > From: mailscanner-bounces@lists.mailscanner.info >> > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> Julian >> > Field >> > Sent: Monday, May 29, 2006 5:35 AM >> > To: MailScanner discussion >> > Subject: Re: quick rules question >> > >> > You should do that in your MTA. In sendmail it's the "access" >> database. >> > >> > ius wrote: >> > >> >> Dear experts, >> >> >> >> Quick question. I like to block a miling list from yahoo, for example >> >> : davincicrap@yahoogroups.com. How can i do that in MailScanner >> rules? >> >> >> >> >> >> Thanks a lot >> >> ius >> >> >> >> >> > >> > -- >> > Julian Field >> > www.MailScanner.info >> > Buy the MailScanner book at www.MailScanner.info/store Professional >> > Support Services at www.MailScanner.biz MailScanner thanks transtec >> > Computers for their support >> > >> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> > >> > >> > -- >> > This message has been scanned for viruses and dangerous content by >> > MailScanner, and is believed to be clean. >> > MailScanner thanks transtec Computers for their support. >> > >> > -- >> > MailScanner mailing list >> > mailscanner@lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> > >> > >> > -- >> > MailScanner mailing list >> > mailscanner@lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> > >> > >> > >> > >> yes .. I already do that. But i like to block the spesific yahoogroups >> name, not the user names. >> This is my rules : >> >> FromOrTo: >> *plucky=anything.com@returns.groups.yahoo.com yes >> FromOrTo: >> *bugsbunny=anything.com@returns.groups.yahoo.com yes >> FromOrTo: default no >> >> It blocks only users that joined any miling list in yahoogroups. Any >> other suggestions ? >> >> >> Thanks >> ius >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> I'm using sendmail. Thanks ius -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From res at ausics.net Thu Jun 1 07:55:10 2006 From: res at ausics.net (Res) Date: Thu Jun 1 07:55:20 2006 Subject: Another call for improvements In-Reply-To: <447D8FFA.9060507@elirion.net> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D8FFA.9060507@elirion.net> Message-ID: On Wed, 31 May 2006, Richard Siddall wrote: > Res wrote: >> Qmail Hash Directory Number = 23 > > I still haven't figured out why the Qmail code can't automatically > determine the number of hash directories. no need its been implimented so you dont need to change it :) all qmail testing ive done ive also use qmail settings on sendmail server to ensure it wont break or complian about anything > > Regards, > > Richard Siddall > > -- Cheers Res From res at ausics.net Thu Jun 1 08:14:40 2006 From: res at ausics.net (Res) Date: Thu Jun 1 08:14:47 2006 Subject: Another call for improvements In-Reply-To: <447DD429.2070906@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> <004201c68437$261f6fe0$010a000a@dorfam.ca> <447DD429.2070906@ecs.soton.ac.uk> Message-ID: On Wed, 31 May 2006, Julian Field wrote: >> > This is why I use syslog. You can configure different log levels with > /etc/syslog.conf. If you just log warn and above, you will only get error > messages and other warnings. Speaking of syslog... Is there any way we can have MailScanner continue to run if syslog barfs? rather than it just dying, I know its handy to know when syslog dies etc etc, but thats no good to anyone if it dies at 10pm and is not found until the hords of no mail complaints come in at 8am, leaving a nice queue of messages to process, thats cool if you get 100 messages overnight, but when you do 300-500 a minute, well, you do the maths on how large that queue will be by the time we find out :) -- Cheers Res From shuttlebox at gmail.com Thu Jun 1 08:23:31 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Jun 1 08:23:36 2006 Subject: Deleting blacklisted items (instead of storing) In-Reply-To: <447E1B54.3090600@rogers.com> References: <447E1B54.3090600@rogers.com> Message-ID: <625385e30606010023r40b23463j9dd04d60b89feffb@mail.gmail.com> On 6/1/06, Mike Jakubik wrote: > I have my lows scoring spam set to store, and high to delete. Whenever a > message is received that is blacklisted it is stored. Is there any way > to setup MS to delete blacklisted items? # Setting this to yes means that spam found in the blacklist is treated # as "High Scoring Spam" in the "Spam Actions" section below. Setting it # to no means that it will be treated as "normal" spam. # This can also be the filename of a ruleset. Definite Spam Is High Scoring = yes -- /peter From MailScanner at ecs.soton.ac.uk Thu Jun 1 08:47:06 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 1 08:47:21 2006 Subject: Another call for improvements In-Reply-To: <447DFDAF.5020405@nkpanama.com> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D8530.8040105@trayerproducts.com> <447DD3D3.90002@ecs.soton.ac.uk> <447DE844.2000803@nkpanama.com> <447DF336.2030106@ecs.soton.ac.uk> <447DF7B8.6040500@nkpanama.com> <447DFAB3.8060306@ecs.soton.ac.uk> <447DFDAF.5020405@nkpanama.com> Message-ID: <82B7D3C0-9551-44D7-9D8E-172BA3355C83@ecs.soton.ac.uk> On 31 May 2006, at 21:33, Alex Neuman van der Hans wrote: > Julian Field wrote: >> >> >> Alex Neuman van der Hans wrote: >>> Julian Field wrote: >>>>>> >>>>> Hold on... so spam isn't archived by the "archive mail" >>>>> function? I thought it was by design that "archive mail" went >>>>> before everything else, and so spam gets archived with it. Is >>>>> it different now? >>>> It gets archived into a "spam" subdirectory. Look. >>>> >>> >>> Ok, so to recap, if I have, for example: >>> >>> Archive Mail = %rules-dir%/archive.rules >>> >>> archive.rules: >>> >>> FromOrTo: default no >>> From: alex@nkpanama.com /home/backup/mail/outgoing/alex >>> To: alex@nkpanama.com /home/backup/mail/incoming/alex >>> >>> Spam Actions = attachment deliver header "X-Spam-Status: yes" >>> High Scoring Spam Actions = delete # no need to set header "X- >>> Spam-Status: yes" >>> Non Spam Actions = deliver header "X-Spam-Status: no" >>> >>> Where would the spam go? To the quarantine in a spam folder? >> Should do, yes. >> > What if I *don't* want to archive spam? Would I have to set up a > cron job to delete it? Yes. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu Jun 1 08:48:28 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 1 08:48:44 2006 Subject: Another call for improvements In-Reply-To: References: <200605312002.k4VK2mFc014583@bkserver.blacknight.ie> Message-ID: <14EA07C3-829C-4020-B79D-BA39EC521F54@ecs.soton.ac.uk> On 31 May 2006, at 21:34, Richard Westlake wrote: > Julian > Many thank for all the work you put into an excellent product. > > You asked for suggestions so here is mine. > > It would be useful if the init script you distribute could look in > a standard place for local customisations. I get the settings from /etc/sysconfig/MailScanner which is the standard place to fetch settings for an init.d script. I don't see why you should need to edit the init.d script at all. > This would save me merging my changes with your script when I > upgrade. I customised the scripts to start and stop extra services, > add additional command line arguments, change the behaviour of > existing command line arguments and perform some other site > specific actions. > The local customisation are in an extra file MailScanner.local > which the main script sources, however I still need to add the > hooks into your script when I upgrade. > > If you want I could send you my scripts, which show the hooks in > the main file and how the local customisations work. > > All the best, and thanks again for all your work > > > > Richard Westlake > > School of Crystallography, Birkbeck College, Malet Street, London > WC1E 7HX > Tel: 020-7631-6859 > ---------------------------------------------------------------------- > Truth endures but spelling changes -- Anon. > ---------------------------------------------------------------------- > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu Jun 1 08:49:27 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 1 08:50:00 2006 Subject: Deleting blacklisted items (instead of storing) In-Reply-To: <447E1B54.3090600@rogers.com> References: <447E1B54.3090600@rogers.com> Message-ID: <382EDB54-8953-47EB-9FE8-336870097CB0@ecs.soton.ac.uk> Look up Definite Spam Is High-Scoring = yes On 31 May 2006, at 23:40, Mike Jakubik wrote: > I have my lows scoring spam set to store, and high to delete. > Whenever a message is received that is blacklisted it is stored. Is > there any way to setup MS to delete blacklisted items? > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From dhawal at netmagicsolutions.com Thu Jun 1 09:11:31 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Jun 1 09:11:52 2006 Subject: Another call for improvements In-Reply-To: <447CB0F3.5070401@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: <447EA133.50508@netmagicsolutions.com> Julian Field wrote: > Any of you got any features which you really need? > I don't guarantee to implement them, or even consider them :-) > > Anything you don't like, anything you particularly like (gratitude is > always welcome :-) I'm a right sucker for it :-) > > At the moment there aren't any features people want, other than a 200% > speed improvement which I've done my best for in the past. > > Don't ignore anything you have asked for in the past, consider them > forgotten :-( Julian, 1. How about 'postconf -n' like support for mailscanner to see changed parameters in MailScanner.conf as compared to the default values? troubleshooting and problem reporting would be much easier this way. The current 'MaiScanner -v' doesn't do this.. If you have a postfix based server, try a 'postconf -n' or 'postfinger' to see the output. 2. This is more for the beta list.. but testers need to come up with a test framework for testing new releases. Typically the test framework ought to test: HAM, Eicar, GTUBE, Webbugs, Phishing, etc. possibly a web-based test OR a 'telnet rt.njabl.org 2500' like test where you submit your IP and test things. thanks, - dhawal > Regards, > Jules. From Jan-Peter.Koopmann at seceidos.de Thu Jun 1 10:56:56 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Thu Jun 1 10:57:06 2006 Subject: Another call for improvements In-Reply-To: <447D97C7.2080805@enitech.com.au> Message-ID: On Wednesday, May 31, 2006 3:19 PM Pete Russell wrote: > Love to see a tool that really easily allows us exchange/outlook > users to provide a service to end users to be able to forward spam > that does get through to a SPAM or NOT SPAM mailbox that is auto > sa-learned Archive all incoming mails for a few days, pull the SPAM/NOSPAM public folders via IMAP, use a little script that identifies the message-ID of the pulled mails, see if you have the original mail in the archive. If you do, feed this to sa-learn if you do not then use the pulled mail. Works like a charm. Regards, JP From maillists at conactive.com Thu Jun 1 11:43:45 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jun 1 11:43:57 2006 Subject: Another call for improvements In-Reply-To: <447DD429.2070906@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> <004201c68437$261f6fe0$010a000a@dorfam.ca> <447DD429.2070906@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Wed, 31 May 2006 18:36:41 +0100: > This is why I use syslog. You can configure different log levels with > /etc/syslog.conf. If you just log warn and above, you will only get > error messages and other warnings. Ah, I didn't think about this. This is great, thanks! I have logging now off on one machine. Still, though, it's a bit of a yes/no game. It would be nice to have some influence on the detail logging when logging more than warnings. F.i. *one* line of logging with the most interesting data instead of being so verbose as we are now. This would be helpful for those who want to scan their logs with logwatch or other automated tools. F.i. normal operation like "read x entries from whitelist" or "logged sf534ggd to MailSQL logging child" isn't sooo interesting. But the amount of messages going thru MS or one wants just to see that everything is well by getting continous output of "processed x messages" or so. But one doesn't need all the full logging that is now there. However, at the moment it's all or nothing isn't it? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Thu Jun 1 11:43:45 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jun 1 11:43:57 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: Dave Strydom wrote on Wed, 31 May 2006 20:27:17 +0200: > MailScanner to have the ability to take advantage of the Spamassassin > Spamcop Plugin. I'm not using that plugin, so I may be wrong, but I think this is already possible with SA. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Thu Jun 1 11:43:45 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jun 1 11:44:02 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: References: Message-ID: Philip Hachey wrote on Wed, 31 May 2006 12:10:57 -0400: > It's inconsistent and I'm not sure what to do about it. Have there been > changes in the 0.88.2 code to freshclam? I'm considering rebuilding > ClamAV to see if that increases stability. I don't know about the freshclam coming with Jules' package, but usually you have to configure freshclam.conf before it does something. Did you try running freshclam directly? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From miguelk at konsultex.com.br Thu Jun 1 13:06:01 2006 From: miguelk at konsultex.com.br (Miguel Koren OBrien de Lacy) Date: Thu Jun 1 13:06:29 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: References: Message-ID: <20060601115944.M91769@konsultex.com.br> I noticed this problem last week on 2 out of 4 servers and decided to delete the virus signature files and run freshcalm manually. When I did that I found that access to the mirrors was excruciatingly slow. In fact I never did get to rebuild my files. So I looked around in freshclam.conf and uncommented this line: DatabaseMirror db.US.clamav.net which according to the comments in the file should be uncommented anyway. I don't remeber what it had in its commented form. I tried putting BR in there (would be correct for my case) and it did not work. I then tried US and evereything works fine. Miguel -- Konsultex Informatica (http://www.konsultex.com.br) ---------- Original Message ----------- From: "Kai Schaetzl" To: mailscanner@lists.mailscanner.info Sent: Thu, 01 Jun 2006 12:43:45 +0200 Subject: Re: [Clamav-users] Problem with internal logger > Philip Hachey wrote on Wed, 31 May 2006 12:10:57 -0400: > > > It's inconsistent and I'm not sure what to do about it. Have there been > > changes in the 0.88.2 code to freshclam? I'm considering rebuilding > > ClamAV to see if that increases stability. > > I don't know about the freshclam coming with Jules' package, but usually > you have to configure freshclam.conf before it does something. Did you try > running freshclam directly? > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Esta mensagem foi verificada pelo sistema de antiv?rus e > acredita-se estar livre de perigo. ------- End of Original Message ------- -- Esta mensagem foi verificada pelo sistema de antiv?rus e acredita-se estar livre de perigo. From wolf at zim.goe.net Thu Jun 1 13:28:31 2006 From: wolf at zim.goe.net (Wolf) Date: Thu Jun 1 13:30:01 2006 Subject: Mail stuck in incoming queue of MailScanner Message-ID: <637e55b80606010528s4be695d3wd47a413d1999bc18@mail.gmail.com> Hi List. I had a good running setup with UUCP-Postfix-MailScanner-Cyrus on Debian unstable. >From one day to the next the mails got stuck in the incoming queue of MS. Incoming Work Dir = /var/spool/MailScanner/incoming It started suddenly with this enty im the logs: ... May 29 15:21:08 bio postfix: Process did not exit cleanly, returned 255 with signal 0 There isnt even a process named postfix! Postfixes processes got other names like master... I already searched for this error-message but didnt find a satisfying answer. Any Ideas? MS restartet right after the postfix-message: May 29 15:21:08 bio MailScanner[8876]: MailScanner E-Mail Virus Scanner version 4.46.2 starting... And it checks the same 5 mails again. May 29 15:21:08 bio MailScanner[8876]: MailScanner E-Mail Virus Scanner version 4.46.2 starting... May 29 15:21:10 bio MailScanner[8876]: Read 676 hostnames from the phishing whitelist May 29 15:21:11 bio MailScanner[8876]: Enabling SpamAssassin auto-whitelist functionality... May 29 15:21:12 bio MailScanner[8876]: Using locktype = flock May 29 15:21:12 bio MailScanner[8876]: New Batch: Scanning 5 messages, 130613 bytes May 29 15:21:12 bio MailScanner[8876]: MCP Checks completed at 130613 bytes per second May 29 15:21:12 bio MailScanner[8876]: Spam Checks: Starting May 29 15:21:14 bio MailScanner[8876]: Spam Checks completed at 65306 bytes per second May 29 15:21:14 bio MailScanner[8876]: Virus and Content Scanning: Starting .... May 29 15:21:14 bio MailScanner[8876]: Filename Checks: Allowing 144A676998.4C336 msg-8876-7.txt May 29 15:21:14 bio MailScanner[8876]: Filename Checks: Allowing 144A676998.4C336 PM-DAS-UNGASS.pdf (no rule matched) .. May 29 15:21:14 bio MailScanner[8876]: tag found in message CF3267699E.00C19 from laxxxxxxxn@laxxxxxxxxxxx.de May 29 15:21:14 bio MailScanner[8876]: Virus Scanning completed at 130613 bytes per second May 29 15:21:16 bio CRON[5953]: (pam_unix) session closed for user root May 29 15:21:19 bio postfix: Process did not exit cleanly, returned 255 with signal 0 This will go ad infinitum. Incoming queue is filling up. Workaround was to bypass MailScanner in main.cf (of Postfix) So ist there a mail that MS cant scan and causes this error? -- Wolf Hees http://alphawolf.blogg.de From Denis.Beauchemin at USherbrooke.ca Thu Jun 1 13:48:47 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jun 1 13:49:30 2006 Subject: Listserv whitelisting: Reply-to header field? In-Reply-To: References: Message-ID: <447EE22F.9070204@USherbrooke.ca> Brett Charbeneau a ?crit : > > Can anyone please offer me some tips on this? I've scoured the > list archives and docs and have come up empty-handed. > > SPECIFICS: > Debian 3.1, kernel 2.6.8, > Sendmail 8.13.4, MailScanner 4.41.3-2, SpamAssassin 3.0.3-2 (deb > packages) > > Several of my users subscribe to a listserv that consistently gets > marked as SPAM and I'm having a hard time figuring out how to > whitelist these messages. > The listserv creates headers that shows posts as coming from the > poster, not the listserv server. This makes filtering on the "From:" > field ineffective. > I tried to enter a rule in my > > /etc/MailScanner/rules/spam.whitelist.rules > > file to filter on the "Reply-To:" field like this: > > Reply-To: OCLC-Cataloging yes > > but this isn't working either. I supply a sample of the header > from this list below. > > > > > Date: Tue, 16 May 2006 16:20:36 -0500 > Reply-To: OCLC-Cataloging > Sender: OCLC-Cataloging > From: "Library Cataloger" > Subject: {Spam?} Re: [OCLC-CAT] simplify MARC records? > To: OCLC-CAT@OCLC.ORG > Precedence: list > > Brett, Look in your maillog for the envelope sender. It may well be quite different from the From: in the message itself. You need to work with the envelope sender and not the message sender. Use the following option to get it in the message headers of every email processed my MS: Add Envelope From Header = yes When you have the envelope sender, use that value (maybe with wildcards) in your whitelist rule. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060601/137413f3/smime.bin From Denis.Beauchemin at USherbrooke.ca Thu Jun 1 13:52:03 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jun 1 13:52:20 2006 Subject: Best way to test links? In-Reply-To: References: Message-ID: <447EE2F3.2090004@USherbrooke.ca> Mauricio a ?crit : > > Hi, > > I have a phishing problem that is getting me crazy. > > I send a HTML e-mail with a link to http://localhost/eicar.com or > another link with virus (.cmd or .pif). I?m running apache in MS and > put eicar in apache root directory. I?ve tested all links with wget in > MS server and I get all of them. > > I tried to use MS with clamav with feature ?mail-follow-urls? but my > message is still passing thought MS. > > What it?s wrong? > > What is the best way to test links inside html file? > > Thanks in advance, > > Mauricio. > Mauricio, MailScanner can't help you out with this. What you're trying to protect your users from is not phishing. You need a good antivirus on your user's computers to protect them from the type of malware you are describing. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060601/a2c50285/smime.bin From strydom.dave at gmail.com Thu Jun 1 13:35:30 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Thu Jun 1 14:00:53 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: On 6/1/06, Kai Schaetzl wrote: > Dave Strydom wrote on Wed, 31 May 2006 20:27:17 +0200: > > > MailScanner to have the ability to take advantage of the Spamassassin > > Spamcop Plugin. > > I'm not using that plugin, so I may be wrong, but I think this is already > possible with SA. > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > In the /etc/spamassassin/v310.pre # SpamCop - perform SpamCop message reporting # loadplugin Mail::SpamAssassin::Plugin::SpamCop Or maybe if mailscanner could have the ability to invoke the reporting. Dave From steve.swaney at fsl.com Thu Jun 1 14:02:17 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jun 1 14:02:21 2006 Subject: Mail stuck in incoming queue of MailScanner In-Reply-To: <637e55b80606010528s4be695d3wd47a413d1999bc18@mail.gmail.com> Message-ID: <008501c6857b$9c58e160$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Wolf > Sent: Thursday, June 01, 2006 8:29 AM > To: mailscanner@lists.mailscanner.info > Subject: Mail stuck in incoming queue of MailScanner > > Hi List. > > I had a good running setup with UUCP-Postfix-MailScanner-Cyrus on > Debian unstable. > >From one day to the next the mails got stuck in the incoming queue of MS. > > Incoming Work Dir = /var/spool/MailScanner/incoming > > It started suddenly with this enty im the logs: > ... > May 29 15:21:08 bio postfix: Process did not exit cleanly, returned > 255 with signal 0 > > There isnt even a process named postfix! Postfixes processes got other > names like master... > > I already searched for this error-message but didnt find a satisfying > answer. Any Ideas? > > MS restartet right after the postfix-message: > > May 29 15:21:08 bio MailScanner[8876]: MailScanner E-Mail Virus > Scanner version 4.46.2 starting... > > And it checks the same 5 mails again. > > May 29 15:21:08 bio MailScanner[8876]: MailScanner E-Mail Virus > Scanner version 4.46.2 starting... > May 29 15:21:10 bio MailScanner[8876]: Read 676 hostnames from the > phishing whitelist > May 29 15:21:11 bio MailScanner[8876]: Enabling SpamAssassin > auto-whitelist functionality... > May 29 15:21:12 bio MailScanner[8876]: Using locktype = flock > May 29 15:21:12 bio MailScanner[8876]: New Batch: Scanning 5 messages, > 130613 bytes > May 29 15:21:12 bio MailScanner[8876]: MCP Checks completed at 130613 > bytes per second > May 29 15:21:12 bio MailScanner[8876]: Spam Checks: Starting > May 29 15:21:14 bio MailScanner[8876]: Spam Checks completed at 65306 > bytes per second > May 29 15:21:14 bio MailScanner[8876]: Virus and Content Scanning: > Starting > .... > May 29 15:21:14 bio MailScanner[8876]: Filename Checks: Allowing > 144A676998.4C336 msg-8876-7.txt > May 29 15:21:14 bio MailScanner[8876]: Filename Checks: Allowing > 144A676998.4C336 PM-DAS-UNGASS.pdf (no rule matched) > .. > May 29 15:21:14 bio MailScanner[8876]: tag found in message > CF3267699E.00C19 from laxxxxxxxn@laxxxxxxxxxxx.de > May 29 15:21:14 bio MailScanner[8876]: Virus Scanning completed at > 130613 bytes per second > May 29 15:21:16 bio CRON[5953]: (pam_unix) session closed for user root > May 29 15:21:19 bio postfix: Process did not exit cleanly, returned > 255 with signal 0 > > This will go ad infinitum. Incoming queue is filling up. > > Workaround was to bypass MailScanner in main.cf (of Postfix) > > So ist there a mail that MS cant scan and causes this error? > -- > Wolf Hees This is a known problem with older versions of MailScanner and Postfix. You're running version 4.46.2. Simply upgrade to the latest stable version and the problem should be resolved. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From MailScanner at ecs.soton.ac.uk Thu Jun 1 14:04:52 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 1 14:05:19 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: References: Message-ID: On 1 Jun 2006, at 11:43, Kai Schaetzl wrote: > Philip Hachey wrote on Wed, 31 May 2006 12:10:57 -0400: > >> It's inconsistent and I'm not sure what to do about it. Have >> there been >> changes in the 0.88.2 code to freshclam? I'm considering rebuilding >> ClamAV to see if that increases stability. > > I don't know about the freshclam coming with Jules' package, but > usually > you have to configure freshclam.conf before it does something. Did > you try > running freshclam directly? My easy-to-install ClamAV+SA package configures freshclam.conf and spamd.conf for you, by commenting out the "Example" lines. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From maillists at conactive.com Thu Jun 1 14:31:23 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jun 1 14:31:38 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: <20060601115944.M91769@konsultex.com.br> References: <20060601115944.M91769@konsultex.com.br> Message-ID: Miguel Koren OBrien de Lacy wrote on Thu, 1 Jun 2006 09:06:01 -0300: > which according to the comments in the file should be uncommented anyway. I don't > remeber what it had in its commented form. I tried putting BR in there (would be > correct for my case) and it did not work. I then tried US and evereything works fine. Well, if there's no "br" than you cannot use it. I followed your link to the database mirror and this finally leads to http://www.clamav.net/mirrors.html There you can check which regions are available. You could try ar or ec. In general you *will* see mirrors timing out about once a day or so. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From glenn.steen at gmail.com Thu Jun 1 15:06:13 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jun 1 15:06:19 2006 Subject: Another call for improvements In-Reply-To: <447D95AA.2020705@enitech.com.au> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D95AA.2020705@enitech.com.au> Message-ID: <223f97700606010706n593c7b55n5e1e4f084a656ab9@mail.gmail.com> On 31/05/06, Pete Russell wrote: > 1. I would REALLY love to see a solution to postfix limitation/inability > to split inbound messages into individual queues files. This is REALLY > starting to drive us nuts. Pete, If it is really driving you mad, then do us a favour(:-).... Set up a dual postfix+HOLD&MS, and document it:-). What I'm talking about is this: The reason Postfix+HOLD&MS can't split the mails/recipient is that the actual splitting is done too late (at delivery via smtp/lmtp/pipe), after MS is done, so it wouldn't benefit us. The somewhat ugly solution is to add in a "front side" postfix, that does the usual stuff (header checks and all, but not the HOLD thing) and splits the messages/recipient, then hands them on to the second (or "backside":-) postfix (via a transport map or similar) that do the HOLD etc. Not pretty, but at least remotely feasible:-). So far I've not seen this as a big enough problem to actually do this myself... If i ever get a slow moment, I'll do it myself;-). > 2. I cant do regexp - i want to try and learn but my brain cant do it :( > I would love to see an easy way to block an email by subject or sender, > or body or URI content - i guess his isnt really a MailScanner task, an > MailWatch one? > Postfix header/body checks... But then, these have some fairly obvious limitations, as being line-oriented and ... needing some form of REs to be really useful:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From maillists at conactive.com Thu Jun 1 16:30:35 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jun 1 16:30:26 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: References: Message-ID: Julian Field wrote on Thu, 1 Jun 2006 14:04:52 +0100: > My easy-to-install ClamAV+SA package configures freshclam.conf and > spamd.conf for you, by commenting out the "Example" lines. and then sets the mirror to US ? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Thu Jun 1 16:30:35 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jun 1 16:30:27 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: Dave Strydom wrote on Thu, 1 Jun 2006 14:35:30 +0200: > Or maybe if mailscanner could have the ability to invoke the reporting. isn't that automatically done when auto-learning spam? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mauriciopcavalcanti at hotmail.com Thu Jun 1 16:34:40 2006 From: mauriciopcavalcanti at hotmail.com (Mauricio) Date: Thu Jun 1 16:35:31 2006 Subject: RES: Best way to test links? In-Reply-To: <447EE2F3.2090004@USherbrooke.ca> Message-ID: Hi, I change the default in clamav-wrapper to: ScanOptions="--mail-follow-urls". In clamscan manual they say that this feature opens the HTML file, follow URLs, download and scan them. So, if I send an e-mail to MS server (HTML attach) with a link to http://localhost/eicar.com (and I can manually follow this link and get eicar using wget in MS server), I think that clamav will make what it says. Anyone uses this clamscan feature or another AV/program that blocks this kind of message? Thanks in advance, Mauricio From mikej at rogers.com Thu Jun 1 16:52:37 2006 From: mikej at rogers.com (Mike Jakubik) Date: Thu Jun 1 16:52:28 2006 Subject: Deleting blacklisted items (instead of storing) In-Reply-To: <625385e30606010023r40b23463j9dd04d60b89feffb@mail.gmail.com> References: <447E1B54.3090600@rogers.com> <625385e30606010023r40b23463j9dd04d60b89feffb@mail.gmail.com> Message-ID: <447F0D45.5000704@rogers.com> shuttlebox wrote: > On 6/1/06, Mike Jakubik wrote: >> I have my lows scoring spam set to store, and high to delete. Whenever a >> message is received that is blacklisted it is stored. Is there any way >> to setup MS to delete blacklisted items? > > # Setting this to yes means that spam found in the blacklist is treated > # as "High Scoring Spam" in the "Spam Actions" section below. Setting it > # to no means that it will be treated as "normal" spam. > # This can also be the filename of a ruleset. > Definite Spam Is High Scoring = yes > Excellent, thanks! From Q.G.Campbell at newcastle.ac.uk Thu Jun 1 17:00:16 2006 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Thu Jun 1 17:00:24 2006 Subject: MCP-Checker (MCP timed out) - what is ahppening? Message-ID: <4165CF7A7F12DE4B96622CCBB905864707194DAC@largo.campus.ncl.ac.uk> I am seeing for one sender the following record in the logs: Jun 1 10:13:57 cheviot1 MailScanner[425]: Message k519DcIG001362 from 195.33.10 4.10 (xxx.yyy@intl.pepsico.com) to newcastle.ac.uk is MCP, MCP-Checker (MCP timed out) The mail is disappearing. What might be the cause? Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ Any opinion expressed above is mine and not that of Newcastle University. From MailScanner at ecs.soton.ac.uk Thu Jun 1 17:01:53 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 1 17:02:15 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: References: Message-ID: <65C0B9C2-50A0-47C4-830D-2F43B1D3CB1D@ecs.soton.ac.uk> On 1 Jun 2006, at 16:30, Kai Schaetzl wrote: > Julian Field wrote on Thu, 1 Jun 2006 14:04:52 +0100: > >> My easy-to-install ClamAV+SA package configures freshclam.conf and >> spamd.conf for you, by commenting out the "Example" lines. > > and then sets the mirror to US ? No, as I don't know what country you might be in. It just gets it working for you, saving new users a nasty catch which will confuse them entirely. Doing things like this annoys me, as they don't produce a nice error message telling the user what they need to do to alleviate the problem. It's a case of "Switch this option on to make anything work, default is off". I know I do it myself, but I do at least generate a polite error message which tells the user they need to set their company name in MailScanner.conf. I am considering removing it from MailScanner. If the %org-name% has not been configured, then I just use the domain name by using Sys::Hostname::Long which is already needed by SpamAssassin so most people have it installed already. I replace the hostname with www to get the website address, and put the same in % org-long-name% as %org-name%. Does that sound rather better than the current "I'm not going to start" behaviour. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From ka at pacific.net Thu Jun 1 17:05:31 2006 From: ka at pacific.net (Ken A) Date: Thu Jun 1 17:05:31 2006 Subject: RES: Best way to test links? In-Reply-To: References: Message-ID: <447F104B.10908@pacific.net> Mauricio wrote: > Hi, > I change the default in clamav-wrapper to: > > ScanOptions="--mail-follow-urls". > > In clamscan manual they say that this feature opens the HTML file, follow > URLs, download and scan them. > > So, if I send an e-mail to MS server (HTML attach) with a link to > http://localhost/eicar.com (and I can manually follow this link and get > eicar using wget in MS server), I think that clamav will make what it says. > > Anyone uses this clamscan feature or another AV/program that blocks this > kind of message? If clamscan determined that the url is 'clean' - it can be 'dirty' the next minute, so what's the point? Don't trust urls in email, period. Ken > > Thanks in advance, > Mauricio From JeremyBlonde at grant.k12.ca.us Thu Jun 1 17:07:59 2006 From: JeremyBlonde at grant.k12.ca.us (Jeremy Blonde) Date: Thu Jun 1 17:07:12 2006 Subject: MCP-Checker (MCP timed out) - what is ahppening? Message-ID: I ran into this same problem. I had to delete my existing mcp rule file and re-create it. Apparently, I had added a typo somewhere. Jeremy Blonde Instructional Technology - Server Support Grant Joint Union School District -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Quentin Campbell Sent: Thursday, June 01, 2006 9:00 AM To: mailscanner@lists.mailscanner.info Subject: MCP-Checker (MCP timed out) - what is ahppening? I am seeing for one sender the following record in the logs: Jun 1 10:13:57 cheviot1 MailScanner[425]: Message k519DcIG001362 from 195.33.10 4.10 (xxx.yyy@intl.pepsico.com) to newcastle.ac.uk is MCP, MCP-Checker (MCP timed out) The mail is disappearing. What might be the cause? Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ Any opinion expressed above is mine and not that of Newcastle University. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From alex at nkpanama.com Thu Jun 1 17:14:13 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jun 1 17:14:52 2006 Subject: Use TNEF Contents problem In-Reply-To: <001701c6852a$b32e3b70$6c00a8c0@AldenLap> References: <001701c6852a$b32e3b70$6c00a8c0@AldenLap> Message-ID: <447F1255.1050403@nkpanama.com> Alden Levy wrote: > It's quite possible that Outlook-only features may be mis-rendered by > Outlook when the Outlook features are replaced. > > This may be a good reason to change the default to > TNEF Contents = add > > What does anyone else think of this setting? > I think it should remain in "replace" instead of "add" because "add" uses up more storage (and probably more processing time) - perhaps a commented entry right above stating, for Outlook/MS Exchange admins, that they should consider using "add" - and maybe a comment or two about fixing all the things that are broken in Exchange to begin with ;-) From alex at nkpanama.com Thu Jun 1 17:16:37 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jun 1 17:16:59 2006 Subject: RES: Best way to test links? In-Reply-To: References: Message-ID: <447F12E5.6060805@nkpanama.com> You should consider using squidclamav in your gateway as well. I think clam has this turned off for a very valid reason. What happens if I send you three or four e-mails with the addresses for, say, a CentOS DVD iso? Per hour? Mauricio wrote: > Hi, > I change the default in clamav-wrapper to: > > ScanOptions="--mail-follow-urls". > > In clamscan manual they say that this feature opens the HTML file, follow > URLs, download and scan them. > > So, if I send an e-mail to MS server (HTML attach) with a link to > http://localhost/eicar.com (and I can manually follow this link and get > eicar using wget in MS server), I think that clamav will make what it says. > > Anyone uses this clamscan feature or another AV/program that blocks this > kind of message? > > Thanks in advance, > Mauricio > From jchezny at northcarolina.edu Thu Jun 1 17:32:05 2006 From: jchezny at northcarolina.edu (jchezny@northcarolina.edu) Date: Thu Jun 1 17:32:12 2006 Subject: Question about whitelisting a domain In-Reply-To: References: <1149115016.447e1a88c7c0d@webmail.northcarolina.edu> Message-ID: <1149179525.447f168506374@webmail.northcarolina.edu> I've tried listing via IP and FQDN. Your thoughts? Quoting Logan Shaw : > On Wed, 31 May 2006, jchezny@northcarolina.edu wrote: > > Can any one help me determine why one domain out of twelve is not > whitelisted; > > even though this domain is listed in the 'Whitelist for Mailwatch'? > > Perhaps there is something different about it compared to the > other 11 of them... :-) > > - Logan > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ---------------------------------------------------------------- This message was sent with UNC-GA Webmail http://webmail.northcarolina.edu From MailScanner at ecs.soton.ac.uk Thu Jun 1 17:43:59 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 1 17:44:19 2006 Subject: RES: Best way to test links? In-Reply-To: <447F104B.10908@pacific.net> References: <447F104B.10908@pacific.net> Message-ID: <447F194F.1020408@ecs.soton.ac.uk> Ken A wrote: > If clamscan determined that the url is 'clean' - it can be 'dirty' the > next minute, so what's the point? Don't trust urls in email, period. > Ken This is the same reason I don't trust mail with external bodies. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From strydom.dave at gmail.com Thu Jun 1 18:17:42 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Thu Jun 1 18:17:46 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: On 6/1/06, Kai Schaetzl wrote: > isn't that automatically done when auto-learning spam? > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com Nope, that updates the bayes db on your machine, what I want is MailScanner to take say any message which scores over 25, and use the spamassassin spamcop plugin to report the message to www.spamcop.net, this will list the server which sent out the mail on a RBL. Dave From chris at tac.esi.net Thu Jun 1 18:56:31 2006 From: chris at tac.esi.net (Chris Hammond) Date: Thu Jun 1 18:56:42 2006 Subject: Another call for improvements In-Reply-To: <197F21E06E4D2A478519EA9078D6AA1C01B0AF11@poclexch.AU.POCOLD.POCL> References: <197F21E06E4D2A478519EA9078D6AA1C01B0AF11@poclexch.AU.POCOLD.POCL> Message-ID: <447EF221.B662.0038.0@tac.esi.net> Jeff, is this a script that can and/or willing to share? I wouldn't even know where to start to do something like this. Thanks Chris >>> "Jeff Mills" 05/31/06 7:13 PM >>> I have created a public Folder on the exchange box for spam where users have access to drop emails, but not view the contents of the folder. I then run a script every hour where my MailScanner box connects to the public folder and learns from the mail in there. Once a week I run a script to clear the contents of the folder. > ----- Original Message----- > From: mailscanner- bounces@lists.mailscanner.info > [mailto:mailscanner- bounces@lists.mailscanner.info]On Behalf Of Dennis > Willson > Sent: Thursday, 1 June 2006 9:01 AM > To: MailScanner discussion > Subject: Re: Another call for improvements > > > Can't you use mailwatch? > > Pete Russell wrote: > > > > > Love to see a tool that really easily allows us > exchange/outlook users > > to provide a service to end users to be able to forward > spam that does > > get through to a SPAM or NOT SPAM mailbox that is auto sa- learned > > > -- > > ---------------------------------- > Dennis Willson > mailto:taz@taz- mania.com > http://www.taz- mania.com > > Owner / Operator, Kepnet Internet Services > > > > *** "This company is now part of the Versacold Holdings Corp. and is no longer owned by or affiliated with the P&O Group" *** Please update your address books: Was: firstname.lastname@pocold.com.au Now: firstname.lastname@versacold.com.au ************** www.versacold.com ************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From taz at taz-mania.com Thu Jun 1 19:14:04 2006 From: taz at taz-mania.com (Dennis Willson) Date: Thu Jun 1 19:14:12 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D8FC3.5040005@elirion.net> <447D59A5.B662.0038.0@tac.esi.net> <447D97C7.2080805@enitech.com.au> <447E2040.4090009@taz-mania.com> <447E2437.7040108@taz-mania.com> Message-ID: <447F2E6C.2030203@taz-mania.com> Dave Strydom wrote: > On 6/1/06, Dennis Willson wrote: > >> >> I would like the configuration file to be put into a database >> (optionally). If there's an option in the config file that is the name >> of the file that does database accesses for the configuration >> information then it ignores the rest of the file and begins to call that >> function to get the configuration information. This would make keeping >> multiple copies of MailScanner correctly sync'ed up much easier and >> allow an extension of MailWatch to make configuration changes. >> >> ---------------------------------- >> Dennis Willson >> mailto:taz@taz-mania.com >> http://www.taz-mania.com >> >> Owner / Operator, Kepnet Internet Services > > > Although this may seem like a good idea, my only concern about > something like this is that the chance of a mysql server crashing > compared to a txt file crashing is hugly different. > > Also, is it not quicker to read from a txt file, than it would be to > do sql queries? > > Dave Each of my MailScanner installations has its own MySQL server with circular replication so a MySQL crash will at most only bring down one of the MailScanner installations. However I assume (I may be wrong here, Julian would have to say for sure) but that the config file is only read in on startup and the variables stored in memory. If MailScanner read the txt config files over and over every time it needed some variable that would be much slower than using SQL. Besides, I only mean for this to be an option, my suggestion is that it can do either txt files or database. -- ---------------------------------- Dennis Willson mailto:taz@taz-mania.com http://www.taz-mania.com Owner / Operator, Kepnet Internet Services -------------- next part -------------- A non-text attachment was scrubbed... Name: taz.vcf Type: text/x-vcard Size: 219 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060601/a3b28611/taz.vcf From maillists at conactive.com Thu Jun 1 19:31:20 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jun 1 19:31:32 2006 Subject: Question about whitelisting a domain In-Reply-To: <1149179525.447f168506374@webmail.northcarolina.edu> References: <1149115016.447e1a88c7c0d@webmail.northcarolina.edu> <1149179525.447f168506374@webmail.northcarolina.edu> Message-ID: wrote on Thu, 1 Jun 2006 12:32:05 -0400: > I've tried listing via IP and FQDN. Your thoughts? Fog, fog, fog, their is so much fog ... Why don't you give examples of what you did and where you picked up what it should match? Either you did it the wrong way or you are matching the wrong data. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From anders.andersson at ltkalmar.se Thu Jun 1 19:45:40 2006 From: anders.andersson at ltkalmar.se (Anders Andersson, IT) Date: Thu Jun 1 19:46:32 2006 Subject: Another call for improvements Message-ID: <5EBABD62DC5AC048AD8AEC3312E02D4CCD315F@exchange03.lkl.ltkalmar.se> Could this be what your looking for? Found it in an old thread named "spam/notspam w/sa-learn" /Anders > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Chris Hammond > Sent: Thursday, June 01, 2006 7:57 PM > To: MailScanner discussion > Subject: RE: Another call for improvements > > Jeff, is this a script that can and/or willing to share? I > wouldn't even know where to start to do something like this. > > Thanks > Chris > > >>> "Jeff Mills" 05/31/06 7:13 PM >>> > I have created a public Folder on the exchange box for spam > where users have access to drop emails, but not view the > contents of the folder. > I then run a script every hour where my MailScanner box > connects to the public folder and learns from the mail in there. > Once a week I run a script to clear the contents of the folder. > > > > ----- Original Message----- > > From: mailscanner- bounces@lists.mailscanner.info > > [mailto:mailscanner- bounces@lists.mailscanner.info]On Behalf Of > Dennis > > Willson > > Sent: Thursday, 1 June 2006 9:01 AM > > To: MailScanner discussion > > Subject: Re: Another call for improvements > > > > > > Can't you use mailwatch? > > > > Pete Russell wrote: > > > > > > > > Love to see a tool that really easily allows us > > exchange/outlook users > > > to provide a service to end users to be able to forward > > spam that does > > > get through to a SPAM or NOT SPAM mailbox that is auto sa- learned > > > > > > -- > > > > ---------------------------------- > > Dennis Willson > > mailto:taz@taz- mania.com > > http://www.taz- mania.com > > > > Owner / Operator, Kepnet Internet Services > > > > > > > > > > > > *** "This company is now part of the Versacold Holdings Corp. > and is no longer owned by or affiliated with the P&O Group" *** > > Please update your address books: > Was: firstname.lastname@pocold.com.au > Now: firstname.lastname@versacold.com.au > > ************** www.versacold.com ************** > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- A non-text attachment was scrubbed... Name: GetSpam&Ham.pl Type: application/octet-stream Size: 1977 bytes Desc: GetSpam&Ham.pl Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060601/917ebae1/GetSpamHam.obj From wolf at zim.goe.net Thu Jun 1 20:05:44 2006 From: wolf at zim.goe.net (Wolf) Date: Thu Jun 1 20:05:46 2006 Subject: Mail stuck in incoming queue of MailScanner In-Reply-To: <008501c6857b$9c58e160$2901010a@office.fsl> References: <637e55b80606010528s4be695d3wd47a413d1999bc18@mail.gmail.com> <008501c6857b$9c58e160$2901010a@office.fsl> Message-ID: <637e55b80606011205r460a1cd7s94ebfcbb31af2906@mail.gmail.com> Thank you. Problem solved. > This is a known problem with older versions of MailScanner and Postfix. > You're running version 4.46.2. Simply upgrade to the latest stable version > and the problem should be resolved. The only thing I didnt understand is why it happend so sudden. -- Wolf Hees http://alphawolf.blogg.de From brett at wrl.org Thu Jun 1 20:20:42 2006 From: brett at wrl.org (Brett Charbeneau) Date: Thu Jun 1 20:22:19 2006 Subject: Listserv whitelisting: Reply-to header field? Message-ID: > > Can anyone please offer me some tips on this? I've scoured the list > > archives and docs and have come up empty-handed. > > What about the listserv IP? Thanks for the reply, Michele! Not sure I'm following you here. Would I enter the listserv server's IP in the /etc/MailScanner/rules/spam.whitelist.rules file? After a "From:" statement? -- ******************************************************************** Brett Charbeneau Network Administrator Williamsburg Regional Library 7770 Croaker Road Williamsburg, VA 23188-7064 (757)259-4044 www.wrl.org (757)259-4079 (fax) brett@wrl.org ******************************************************************** From brett at wrl.org Thu Jun 1 20:41:55 2006 From: brett at wrl.org (Brett Charbeneau) Date: Thu Jun 1 20:42:47 2006 Subject: Listserv whitelisting: Reply-to header field? Message-ID: > Look in your maillog for the envelope sender. It may well be quite > different from the From: in the message itself. You need to work with > the envelope sender and not the message sender. Use the following > option to get it in the message headers of every email processed my MS: > Add Envelope From Header = yes > > When you have the envelope sender, use that value (maybe with wildcards) > in your whitelist rule. I appreciate the reply, Denis! I actually have that directive in my MailScanner.conf file already, but haven't looked at the envelope sender field. Interesting. Would I list this as a simple "From:" statement in my /etc/MailScanner/rules/spam.whitelist.rules file? -- ******************************************************************** Brett Charbeneau Network Administrator Williamsburg Regional Library 7770 Croaker Road Williamsburg, VA 23188-7064 (757)259-4044 www.wrl.org (757)259-4079 (fax) brett@wrl.org ******************************************************************** From dave.list at pixelhammer.com Thu Jun 1 21:47:12 2006 From: dave.list at pixelhammer.com (DAve) Date: Thu Jun 1 21:47:25 2006 Subject: MailScanner version Message-ID: <447F5250.1060007@pixelhammer.com> Hello all, I'm about to hit the switch on my upgrade of MailScanner plus addition of MailWatch and I was curious as just how bad is version 4.53.8? The change log doesn't look like anything Julian fixed since would be a problem for me. I know I could install the latest source, and I normally only build my own source but.... I've been trying to use the ports system on FreeBSD with my MailScanner machines, half as an experiment and half "what do we do if DAve gets hit by a truck" preparedness ;^). The most current port is 4.53.8. We run ClamAv and BitDefender, should we use 4.53.8 or not? I hate to wait too long, this weekend is a perfect time to do the push for me. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From james at grayonline.id.au Thu Jun 1 22:06:59 2006 From: james at grayonline.id.au (James Gray) Date: Thu Jun 1 23:29:09 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: <200606020707.07543.james@grayonline.id.au> On Thu, 1 Jun 2006 10:18 am, Mark Nienberg wrote: > Julian Field wrote: > > Any of you got any features which you really need? > > I don't guarantee to implement them, or even consider them :-) > > Is there currently a way to have the installation scripts create a log > file so we can see what happened if things don't work out? ./install.sh 2>&1 | tee ms-install.log ....usually works for me. I guess you could build that into the install script by looking for a "-L logfile.txt" when the installer is called or something: install(){ # # The full installation process # } if [ $LOGOPT == "YES" ]; then install | tee $LOGFILE else install fi Not pretty shell script, but it's 7am, I've been up since 3am and haven't had any coffee... ;) Cheers, James -- It's not the men in my life, but the life in my men that counts. -- Mae West -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060602/260c3861/attachment.bin From wintermutecx at gmail.com Fri Jun 2 00:01:20 2006 From: wintermutecx at gmail.com (Dave) Date: Fri Jun 2 00:01:23 2006 Subject: recover user mail Message-ID: We recently had a user that lost all their mail. I have incoming Mailscanner archives for 30 days. Has anyone seen or written a script that greps the archives and can copy out the q and d files that has that persons email address within the message? He mainly wants to get some recent contacts and the body of a few messages. I'll start on something tomorrow, but don't want to reinvent the wheel :) From x72m35 at gmail.com Fri Jun 2 05:18:23 2006 From: x72m35 at gmail.com (Lasantha Marian) Date: Fri Jun 2 05:18:59 2006 Subject: Can the order of Spam, MCP, Arichiving processing be determined Message-ID: <447FBC0F.5080709@gmail.com> Hi Everyone ! MailScanner has been a one of the best FOSS tools that I have used and I have deployed at six locations in three countries. It has always served my requirements beyond expectations. Mostly my setups are Postfix/DBMail/MailScanner/SpamAssassin/AVG/ClamAV/F-Prot/F-Secure with one new deployment having Exim as MTA. I am extremely thankful to the wonderful people who are involved the development of MailScnner (this my first time on this list). The Problem (may be a feature request) is that the Archive feature of the MailScanner processes messages before processing Spam and MCP. Which results in having Spam and MCP positive messages being archived. The need is to get the archiving messages which are Spam and MCP negatives only. Unfortunately for me I could not find a way to achieve this. Is there a possibility to decide in which order the processing of Spam, MCP and Archiving can be done (For Spam and MCP the option "First Check = spam" fills the same kind of need) ? If not available is there a possibility to introduce a configuration option to decide the order of processing ? The setup where I have this problem is having Exim/DBMail/MailScanner/SpamAssassin/AVG/ClamAV/F-Prot/F-Secure running on DELL PowerEdge Server with Intel Pentium 3 1.33 GHz x 2 with 2GB Memory. Thank you very much in advance. Best regards, Lasantha. From gobinathlk at yahoo.com Fri Jun 2 08:38:31 2006 From: gobinathlk at yahoo.com (gobinath thangavel) Date: Fri Jun 2 08:38:34 2006 Subject: user wise attachment blocking (filename) In-Reply-To: Message-ID: <20060602073831.82403.qmail@web51110.mail.yahoo.com> Dear all, Can any one help on this i want to block custom attachment for particular users. how can i do it with MailScanner. thank you gobinath __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060602/8eb94dd3/attachment.html From a.peacock at chime.ucl.ac.uk Fri Jun 2 08:39:12 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Jun 2 08:39:28 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: <65C0B9C2-50A0-47C4-830D-2F43B1D3CB1D@ecs.soton.ac.uk> References: <65C0B9C2-50A0-47C4-830D-2F43B1D3CB1D@ecs.soton.ac.uk> Message-ID: <447FEB20.80800@chime.ucl.ac.uk> Hi Julian, Julian Field wrote: > > On 1 Jun 2006, at 16:30, Kai Schaetzl wrote: > >> Julian Field wrote on Thu, 1 Jun 2006 14:04:52 +0100: >> >>> My easy-to-install ClamAV+SA package configures freshclam.conf and >>> spamd.conf for you, by commenting out the "Example" lines. >> >> and then sets the mirror to US ? > > No, as I don't know what country you might be in. It just gets it > working for you, saving new users a nasty catch which will confuse them > entirely. Doing things like this annoys me, as they don't produce a nice > error message telling the user what they need to do to alleviate the > problem. It's a case of "Switch this option on to make anything work, > default is off". I know I do it myself, but I do at least generate a > polite error message which tells the user they need to set their company > name in MailScanner.conf. > > I am considering removing it from MailScanner. > If the %org-name% has not been configured, then I just use the domain > name by using Sys::Hostname::Long which is already needed by > SpamAssassin so most people have it installed already. I replace the > hostname with www to get the website address, and put the same in > %org-long-name% as %org-name%. > > Does that sound rather better than the current "I'm not going to start" > behaviour. I wouldn't really be in favour of this. A side-effect of the current behaviour is that it forces the person installing the system to at least open and look at the config file first. I don't think anyone should be installing something as important as mailscanner without at least understanding what the default options are doing. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The problem with defending the purity of the English language is that English is about as pure as a cribhouse whore. We don't just borrow words; on occasion, English has pursued other languages down alleyways to beat them unconscious and rifle their pockets for new vocabulary." -- James D. Nicoll From MailScanner at ecs.soton.ac.uk Fri Jun 2 08:46:02 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 2 08:46:25 2006 Subject: MailScanner version In-Reply-To: <447F5250.1060007@pixelhammer.com> References: <447F5250.1060007@pixelhammer.com> Message-ID: On 1 Jun 2006, at 21:47, DAve wrote: > Hello all, > > I'm about to hit the switch on my upgrade of MailScanner plus > addition of MailWatch and I was curious as just how bad is version > 4.53.8? The change log doesn't look like anything Julian fixed > since would be a problem for me. There was a nasty problem in the phishing net, that was the biggest problem. I would definitely go for 4.54. > I know I could install the latest source, and I normally only build > my own source but.... It's written in perl, there *is* only source. > I've been trying to use the ports system on FreeBSD with my > MailScanner machines, half as an experiment and half "what do we do > if DAve gets hit by a truck" preparedness ;^). > > The most current port is 4.53.8. We run ClamAv and BitDefender, > should we use 4.53.8 or not? I hate to wait too long, this weekend > is a perfect time to do the push for me. I would not go for 4.53, personally. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Fri Jun 2 08:49:45 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 2 08:50:02 2006 Subject: Can the order of Spam, MCP, Arichiving processing be determined In-Reply-To: <447FBC0F.5080709@gmail.com> References: <447FBC0F.5080709@gmail.com> Message-ID: <8FB03548-4E28-4B9C-8BD9-47A9DF1C32E7@ecs.soton.ac.uk> On 2 Jun 2006, at 05:18, Lasantha Marian wrote: > Hi Everyone ! > > MailScanner has been a one of the best FOSS tools that I have used > and I > have deployed at six locations in three countries. It has always > served > my requirements beyond expectations. Mostly my setups are > Postfix/DBMail/MailScanner/SpamAssassin/AVG/ClamAV/F-Prot/F-Secure > with > one new deployment having Exim as MTA. I am extremely thankful to the > wonderful people who are involved the development of MailScnner > (this my > first time on this list). Gratitude gratefully received! > > The Problem (may be a feature request) is that the Archive feature of > the MailScanner processes messages before processing Spam and MCP. > Which > results in having Spam and MCP positive messages being archived. The > need is to get the archiving messages which are Spam and MCP negatives > only. Unfortunately for me I could not find a way to achieve this. The spam gets archived into a spam subdirectory of the day's quarantine. Just delete the archived spam directory every night. > Is there a possibility to decide in which order the processing of > Spam, > MCP and Archiving can be done (For Spam and MCP the option "First > Check > = spam" fills the same kind of need) ? If not available is there a > possibility to introduce a configuration option to decide the order of > processing ? The data put into the archive is _always_ the contents of the message as received by MailScanner, and I have no intention of changing that. You can stop viruses going into the archive, but that is all. I want the archive as a way of looking at original messages if something went wrong. Having mangled messages in the archive would destroy the point. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Fri Jun 2 08:50:59 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 2 08:52:10 2006 Subject: user wise attachment blocking (filename) In-Reply-To: <20060602073831.82403.qmail@web51110.mail.yahoo.com> References: <20060602073831.82403.qmail@web51110.mail.yahoo.com> Message-ID: <2C1F33C5-9CEA-4B2F-8306-6AF431A13734@ecs.soton.ac.uk> Start here: http://wiki.mailscanner.info/doku.php? id=documentation:configuration:rulesets:overloading On 2 Jun 2006, at 08:38, gobinath thangavel wrote: > Dear all, > Can any one help on this > i want to block custom attachment for particular users. how can i > do it with MailScanner. > > thank you -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060602/54ef8113/attachment.html From Q.G.Campbell at newcastle.ac.uk Fri Jun 2 08:54:11 2006 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Fri Jun 2 08:54:15 2006 Subject: MCP-Checker (MCP timed out) - what is happening? Message-ID: <4165CF7A7F12DE4B96622CCBB905864707194DDA@largo.campus.ncl.ac.uk> Jeremy Have run 'spamassassin --siteconfigpath=/etc/MailScanner/mcp --lint' and this shows no problems. In my case I have more than one *.cf file in ~/mcp. I have found 59 instances of this problem occurring over the last 8 weeks. That is a tiny number compared to the 1,000,000 or so messages we receive per day so the problem seems to arise out of a very special set of circumstances. Not just mail from 'intl.pepsico.com' is involved although that site accounts for a significant proportion of the 59 cases. At least two different people sending mail from that site have beem affected. A full extract of log records for one such instance is: Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: from=, size=2953, class=0, nrcpts=1, msgid=<933D22EF8B0CA249BC3C5056C06FCE2201FCBB9D@pepwmu00262.cww.pep.pvt> , proto=ESMTP, daemon=MTA, relay=pepwmz00096.pbsg.com [195.33.104.10] Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: Milter add: header: Received-SPF: none (cheviot2.ncl.ac.uk: domain of xxx.yyy@intl.pepsico.com does not designate permitted sender hosts) Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: to=, delay=00:00:00, mailer=esmtp, pri=32953, stat=queued Jun 1 10:12:39 cheviot2 MailScanner[22318]: Message k519CLJN025995 from 195.33.104.10 (xxx.yyy@intl.pepsico.com) to newcastle.ac.uk is MCP, MCP-Checker (MCP timed out) Jun 1 10:12:39 cheviot2 MailScanner[22318]: MCP Actions: message k519CLJN025995 actions are deliver At this point the message disappears from the queue. It is not delivered and the log records above confirm this. I am running with MailScanner-4.51.6-1 and SpamAssassin 3.1.1. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ Any opinion expressed above is mine and not that of Newcastle University. >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >Of Jeremy Blonde >Sent: 01 June 2006 17:08 >To: MailScanner discussion >Subject: RE: MCP-Checker (MCP timed out) - what is ahppening? > >I ran into this same problem. I had to delete my existing mcp >rule file >and re-create it. Apparently, I had added a typo somewhere. > > >Jeremy Blonde >Instructional Technology - Server Support >Grant Joint Union School District > > >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >Of Quentin >Campbell >Sent: Thursday, June 01, 2006 9:00 AM >To: mailscanner@lists.mailscanner.info >Subject: MCP-Checker (MCP timed out) - what is ahppening? > >I am seeing for one sender the following record in the logs: > >Jun 1 10:13:57 cheviot1 MailScanner[425]: Message k519DcIG001362 from >195.33.10 4.10 (xxx.yyy@intl.pepsico.com) to newcastle.ac.uk is MCP, >MCP-Checker (MCP timed out) > >The mail is disappearing. What might be the cause? > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >--------------------------------------------------------------- >--------- >Any opinion expressed above is mine and not that of Newcastle >University. >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > From x72m35 at gmail.com Fri Jun 2 09:17:13 2006 From: x72m35 at gmail.com (Lasantha Marian) Date: Fri Jun 2 09:17:53 2006 Subject: Can the order of Spam, MCP, Arichiving processing be determined In-Reply-To: <8FB03548-4E28-4B9C-8BD9-47A9DF1C32E7@ecs.soton.ac.uk> References: <447FBC0F.5080709@gmail.com> <8FB03548-4E28-4B9C-8BD9-47A9DF1C32E7@ecs.soton.ac.uk> Message-ID: <447FF409.8050903@gmail.com> Dear Julian, -------- Original Message -------- From: Julian Field Date: 02/06/2006 01:19 p > > On 2 Jun 2006, at 05:18, Lasantha Marian wrote: > >> Hi Everyone ! >> >> MailScanner has been a one of the best FOSS tools that I have used and I >> have deployed at six locations in three countries. It has always served >> my requirements beyond expectations. Mostly my setups are >> Postfix/DBMail/MailScanner/SpamAssassin/AVG/ClamAV/F-Prot/F-Secure with >> one new deployment having Exim as MTA. I am extremely thankful to the >> wonderful people who are involved the development of MailScnner (this my >> first time on this list). > > Gratitude gratefully received! Appreciate your prompt reply. > >> >> The Problem (may be a feature request) is that the Archive feature of >> the MailScanner processes messages before processing Spam and MCP. Which >> results in having Spam and MCP positive messages being archived. The >> need is to get the archiving messages which are Spam and MCP negatives >> only. Unfortunately for me I could not find a way to achieve this. > > The spam gets archived into a spam subdirectory of the day's > quarantine. Just delete the archived spam directory every night. I use "Archive Mail" option with rule set and forwarding to a selected account. That is the reason why I am searching the capability to control at which point the archiving should happen. > >> Is there a possibility to decide in which order the processing of Spam, >> MCP and Archiving can be done (For Spam and MCP the option "First Check >> = spam" fills the same kind of need) ? If not available is there a >> possibility to introduce a configuration option to decide the order of >> processing ? > > The data put into the archive is _always_ the contents of the message > as received by MailScanner, and I have no intention of changing that. > You can stop viruses going into the archive, but that is all. I want > the archive as a way of looking at original messages if something went > wrong. Having mangled messages in the archive would destroy the point. I honor your stance on this. But if I were to make the change for my self in my installations, what modules should I be looking. > > --Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Thanks and regards, Lasantha. From glenn.steen at gmail.com Fri Jun 2 09:31:52 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 2 09:31:56 2006 Subject: Listserv whitelisting: Reply-to header field? In-Reply-To: References: Message-ID: <223f97700606020131i7f56f83fla463f714152deaec@mail.gmail.com> On 01/06/06, Brett Charbeneau wrote: > > > Can anyone please offer me some tips on this? I've scoured the list > > > archives and docs and have come up empty-handed. > > > > What about the listserv IP? > > Thanks for the reply, Michele! > Not sure I'm following you here. Would I enter the listserv server's IP > in the > > /etc/MailScanner/rules/spam.whitelist.rules > > file? After a "From:" statement? > Yes. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Jun 2 09:33:16 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 2 09:33:18 2006 Subject: Listserv whitelisting: Reply-to header field? In-Reply-To: References: Message-ID: <223f97700606020133nbabf0e2i93d61ab9886c03df@mail.gmail.com> On 01/06/06, Brett Charbeneau wrote: > > Look in your maillog for the envelope sender. It may well be quite > > different from the From: in the message itself. You need to work with > > the envelope sender and not the message sender. Use the following > > option to get it in the message headers of every email processed my MS: > > Add Envelope From Header = yes > > > > When you have the envelope sender, use that value (maybe with wildcards) > > in your whitelist rule. > > I appreciate the reply, Denis! > I actually have that directive in my MailScanner.conf file already, but > haven't looked at the envelope sender field. Interesting. > Would I list this as a simple "From:" statement in my > > /etc/MailScanner/rules/spam.whitelist.rules > > file? Yes again. Either the sending server IP address or the envelope sender (as read from the logs) would do. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From brian.okeeffe at kepak.com Fri Jun 2 09:55:15 2006 From: brian.okeeffe at kepak.com (Brian O'Keeffe) Date: Fri Jun 2 09:55:30 2006 Subject: recover user mail In-Reply-To: Message-ID: This may help but you will need to tweak it a little, this searches the archive for any mails to, from or cc'd to your input user and outputs to an imap folder. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave Sent: 02 June 2006 00:01 To: mailscanner@lists.mailscanner.info Subject: recover user mail We recently had a user that lost all their mail. I have incoming Mailscanner archives for 30 days. Has anyone seen or written a script that greps the archives and can copy out the q and d files that has that persons email address within the message? He mainly wants to get some recent contacts and the body of a few messages. I'll start on something tomorrow, but don't want to reinvent the wheel :) -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.7.4/351 - Release Date: 29/05/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.7.4/351 - Release Date: 29/05/2006 -------------- next part -------------- A non-text attachment was scrubbed... Name: rebuild.sh Type: application/octet-stream Size: 1762 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060602/1fc0ec9a/rebuild.obj From MailScanner at ecs.soton.ac.uk Fri Jun 2 09:55:28 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 2 09:55:50 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: <447FEB20.80800@chime.ucl.ac.uk> References: <65C0B9C2-50A0-47C4-830D-2F43B1D3CB1D@ecs.soton.ac.uk> <447FEB20.80800@chime.ucl.ac.uk> Message-ID: On 2 Jun 2006, at 08:39, Anthony Peacock wrote: > Hi Julian, > > Julian Field wrote: >> On 1 Jun 2006, at 16:30, Kai Schaetzl wrote: >>> Julian Field wrote on Thu, 1 Jun 2006 14:04:52 +0100: >>> >>>> My easy-to-install ClamAV+SA package configures freshclam.conf and >>>> spamd.conf for you, by commenting out the "Example" lines. >>> >>> and then sets the mirror to US ? >> No, as I don't know what country you might be in. It just gets it >> working for you, saving new users a nasty catch which will confuse >> them entirely. Doing things like this annoys me, as they don't >> produce a nice error message telling the user what they need to do >> to alleviate the problem. It's a case of "Switch this option on to >> make anything work, default is off". I know I do it myself, but I >> do at least generate a polite error message which tells the user >> they need to set their company name in MailScanner.conf. >> I am considering removing it from MailScanner. >> If the %org-name% has not been configured, then I just use the >> domain name by using Sys::Hostname::Long which is already needed >> by SpamAssassin so most people have it installed already. I >> replace the hostname with www to get the website address, and put >> the same in %org-long-name% as %org-name%. >> Does that sound rather better than the current "I'm not going to >> start" behaviour. > > I wouldn't really be in favour of this. > > A side-effect of the current behaviour is that it forces the person > installing the system to at least open and look at the config file > first. > > I don't think anyone should be installing something as important as > mailscanner without at least understanding what the default options > are doing. But I really hate all those systems which are "broken by default". Very often after installing something I want to try starting it up to see if it runs at all or whether I still have stuff left to install such as other Perl modules in MailScanner's case. The fact that "service MailScanner start" doesn't work until I start wading into config files, of which I know neither the name nor the location, really annoys me with other systems. So I don't want to inflict the same annoyance on other people. I want the system to be intelligent and make up sensible settings for me until I find where the config files are and how to edit them. Always imagine yourself as a complete newbie installing it for the first time, only half knowing what you are doing with a command-line at all having been brought up on Windows systems. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From joost at waversveld.nl Fri Jun 2 10:00:17 2006 From: joost at waversveld.nl (Joost Waversveld) Date: Fri Jun 2 10:00:31 2006 Subject: Another call for improvements In-Reply-To: <447CB0F3.5070401@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: <447FFE21.50305@waversveld.nl> In sendmail you have the ability to show where sendmail will send the email to by doing an sendmail -bv info@domain.tld. Sendmail then just tells you what he should do, where he will deliver the email. Is it possible to create something similar for MailScanner? By MailScanner I think of the settings for spam scanning, virus scanning, etc. For example, I do an: MailScanner -bv info@domain.tld and I get as output: Low Scoring Spam: 6 High Scoring Spam: 10 Non-Spam-Action: deliver Spam-Action: delete Scan Virus: no etc... (every settings you can alter with an ruleset?) So you can easily check the settings for the email address just entered? Sometimes it's difficult to see what specific settings there are for an emailaddress :D Regards, Joost Waversveld Julian Field wrote: > Any of you got any features which you really need? > I don't guarantee to implement them, or even consider them :-) > > Anything you don't like, anything you particularly like (gratitude is > always welcome :-) I'm a right sucker for it :-) > > At the moment there aren't any features people want, other than a 200% > speed improvement which I've done my best for in the past. > > Don't ignore anything you have asked for in the past, consider them > forgotten :-( > > Regards, > Jules. > From MailScanner at ecs.soton.ac.uk Fri Jun 2 10:02:19 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 2 10:02:35 2006 Subject: Can the order of Spam, MCP, Arichiving processing be determined In-Reply-To: <447FF409.8050903@gmail.com> References: <447FBC0F.5080709@gmail.com> <8FB03548-4E28-4B9C-8BD9-47A9DF1C32E7@ecs.soton.ac.uk> <447FF409.8050903@gmail.com> Message-ID: On 2 Jun 2006, at 09:17, Lasantha Marian wrote: > Dear Julian, > > -------- Original Message -------- > From: Julian Field > Date: 02/06/2006 01:19 p >> >> On 2 Jun 2006, at 05:18, Lasantha Marian wrote: >> >>> Hi Everyone ! >>> >>> MailScanner has been a one of the best FOSS tools that I have >>> used and I >>> have deployed at six locations in three countries. It has always >>> served >>> my requirements beyond expectations. Mostly my setups are >>> Postfix/DBMail/MailScanner/SpamAssassin/AVG/ClamAV/F-Prot/F- >>> Secure with >>> one new deployment having Exim as MTA. I am extremely thankful to >>> the >>> wonderful people who are involved the development of MailScnner >>> (this my >>> first time on this list). >> >> Gratitude gratefully received! > Appreciate your prompt reply. >> >>> >>> The Problem (may be a feature request) is that the Archive >>> feature of >>> the MailScanner processes messages before processing Spam and >>> MCP. Which >>> results in having Spam and MCP positive messages being archived. The >>> need is to get the archiving messages which are Spam and MCP >>> negatives >>> only. Unfortunately for me I could not find a way to achieve this. >> >> The spam gets archived into a spam subdirectory of the day's >> quarantine. Just delete the archived spam directory every night. > I use "Archive Mail" option with rule set and forwarding to a > selected account. That is the reason why I am searching the > capability to control at which point the archiving should happen. >> >>> Is there a possibility to decide in which order the processing of >>> Spam, >>> MCP and Archiving can be done (For Spam and MCP the option "First >>> Check >>> = spam" fills the same kind of need) ? If not available is there a >>> possibility to introduce a configuration option to decide the >>> order of >>> processing ? >> >> The data put into the archive is _always_ the contents of the >> message as received by MailScanner, and I have no intention of >> changing that. You can stop viruses going into the archive, but >> that is all. I want the archive as a way of looking at original >> messages if something went wrong. Having mangled messages in the >> archive would destroy the point. > I honor your stance on this. > > But if I were to make the change for my self in my installations, > what modules should I be looking. It's in /usr/sbin/MailScanner. That calls MessageBatch.pm which calls Message.pm. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Fri Jun 2 10:02:40 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 2 10:02:42 2006 Subject: Can the order of Spam, MCP, Arichiving processing be determined In-Reply-To: <447FF409.8050903@gmail.com> References: <447FBC0F.5080709@gmail.com> <8FB03548-4E28-4B9C-8BD9-47A9DF1C32E7@ecs.soton.ac.uk> <447FF409.8050903@gmail.com> Message-ID: <223f97700606020202jb6b6934y22707a535320d0e@mail.gmail.com> On 02/06/06, Lasantha Marian wrote: (snip) > >> The Problem (may be a feature request) is that the Archive feature of > >> the MailScanner processes messages before processing Spam and MCP. Which > >> results in having Spam and MCP positive messages being archived. The > >> need is to get the archiving messages which are Spam and MCP negatives > >> only. Unfortunately for me I could not find a way to achieve this. > > > > The spam gets archived into a spam subdirectory of the day's > > quarantine. Just delete the archived spam directory every night. > I use "Archive Mail" option with rule set and forwarding to a selected > account. That is the reason why I am searching the capability to > control at which point the archiving should happen. If you want to have the cookie _and_ eat it.... Why not use what is already there? Just add the forward to your Non Spam Actions... Of course, these mails will not be in "untouched" condition, but that wouldn't be such a big deal. You could have that _and_ the archive mail->disk feature, and just keep the on-disk archive for a short-ish period;). (snip) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From x72m35 at gmail.com Fri Jun 2 10:29:51 2006 From: x72m35 at gmail.com (Lasantha Marian) Date: Fri Jun 2 10:30:36 2006 Subject: Can the order of Spam, MCP, Arichiving processing be determined In-Reply-To: <223f97700606020202jb6b6934y22707a535320d0e@mail.gmail.com> References: <447FBC0F.5080709@gmail.com> <8FB03548-4E28-4B9C-8BD9-47A9DF1C32E7@ecs.soton.ac.uk> <447FF409.8050903@gmail.com> <223f97700606020202jb6b6934y22707a535320d0e@mail.gmail.com> Message-ID: <4480050F.3020406@gmail.com> Dear Glenn, Thank you very much. You gave me an extremely good alternative work on. Wonderful thing about MailScanner which I have noticed in documentation and which I have not yet thoroughly used is using rules for most of the configuration options. I think I should be using more rules. Best regards, Lasantha. -------- Original Message -------- From: Glenn Steen Date: 02/06/2006 02:32 p > On 02/06/06, Lasantha Marian wrote: > (snip) >> >> The Problem (may be a feature request) is that the Archive feature of >> >> the MailScanner processes messages before processing Spam and MCP. >> Which >> >> results in having Spam and MCP positive messages being archived. The >> >> need is to get the archiving messages which are Spam and MCP >> negatives >> >> only. Unfortunately for me I could not find a way to achieve this. >> > >> > The spam gets archived into a spam subdirectory of the day's >> > quarantine. Just delete the archived spam directory every night. >> I use "Archive Mail" option with rule set and forwarding to a selected >> account. That is the reason why I am searching the capability to >> control at which point the archiving should happen. > > If you want to have the cookie _and_ eat it.... Why not use what is > already there? Just add the forward to your Non Spam Actions... Of > course, these mails will not be in "untouched" condition, but that > wouldn't be such a big deal. You could have that _and_ the archive > mail->disk feature, and just keep the on-disk archive for a short-ish > period;). > > (snip) > From a.peacock at chime.ucl.ac.uk Fri Jun 2 11:11:36 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Jun 2 11:11:46 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: References: <65C0B9C2-50A0-47C4-830D-2F43B1D3CB1D@ecs.soton.ac.uk> <447FEB20.80800@chime.ucl.ac.uk> Message-ID: <44800ED8.4080704@chime.ucl.ac.uk> Hi Julian, Julian Field wrote: > > On 2 Jun 2006, at 08:39, Anthony Peacock wrote: > >> Hi Julian, >> >> Julian Field wrote: >>> On 1 Jun 2006, at 16:30, Kai Schaetzl wrote: >>>> Julian Field wrote on Thu, 1 Jun 2006 14:04:52 +0100: >>>> >>>>> My easy-to-install ClamAV+SA package configures freshclam.conf and >>>>> spamd.conf for you, by commenting out the "Example" lines. >>>> >>>> and then sets the mirror to US ? >>> No, as I don't know what country you might be in. It just gets it >>> working for you, saving new users a nasty catch which will confuse >>> them entirely. Doing things like this annoys me, as they don't >>> produce a nice error message telling the user what they need to do to >>> alleviate the problem. It's a case of "Switch this option on to make >>> anything work, default is off". I know I do it myself, but I do at >>> least generate a polite error message which tells the user they need >>> to set their company name in MailScanner.conf. >>> I am considering removing it from MailScanner. >>> If the %org-name% has not been configured, then I just use the domain >>> name by using Sys::Hostname::Long which is already needed by >>> SpamAssassin so most people have it installed already. I replace the >>> hostname with www to get the website address, and put the same in >>> %org-long-name% as %org-name%. >>> Does that sound rather better than the current "I'm not going to >>> start" behaviour. >> >> I wouldn't really be in favour of this. >> >> A side-effect of the current behaviour is that it forces the person >> installing the system to at least open and look at the config file first. >> >> I don't think anyone should be installing something as important as >> mailscanner without at least understanding what the default options >> are doing. > > But I really hate all those systems which are "broken by default". Very > often after installing something I want to try starting it up to see if > it runs at all or whether I still have stuff left to install such as > other Perl modules in MailScanner's case. The fact that "service > MailScanner start" doesn't work until I start wading into config files, > of which I know neither the name nor the location, really annoys me with > other systems. > > So I don't want to inflict the same annoyance on other people. I agree with you on those systems that just don't work or give uninformative errors. I fully understand your wish to make this as easy as possible for people with minimal experience. And if that makes the difference between completely insecure servers and servers secured by a default MailScanner configuration then I completely support that. Helping people who don't know what they are doing to setup a secure server will make all of our lives easier. Where we disagree is how much of this should be exposed to the person installing the system. We have had similar discussion to this in the past. I respect your view (I just have a slightly different take on it), and really appreciate the work you have put into making a great tool. > I want the system to be intelligent and make up sensible settings for me > until I find where the config files are and how to edit them. I think that picking sensible defaults is a good idea. I haven't used your install script, so I don't know if it requires any user interaction, but one way of picking sensible defaults, and exposing the fact that there is a config file and it should be checked could be to have a call & response section at the start of the install script. Work out the defaults as you suggest above and present these so that pressing return uses them. Much like the build process for Perl (but not as long winded). Something like: >install.sh MailScanner needs some basic information to run. Please supply the following values, press enter to accept the default. You can change these and other important configuration details after installation by editing the configuration file at /opt/MailScanner/etc/MailScanner.conf. Organisation name [CHIME]: Long Organisation name [CHIME]: Web address [www.chime.ucl.ac.uk]: > Always imagine yourself as a complete newbie installing it for the first > time, only half knowing what you are doing with a command-line at all > having been brought up on Windows systems. One of the legacies of Windows will be a generation of people who think being a system administrator only involves running setup.exe and clicking 'next' in the installation wizard. My gripe is not about making life easier for people or about picking sensible defaults it is about somehow making them aware that more thought should be put into setting up a system at the same time. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The problem with defending the purity of the English language is that English is about as pure as a cribhouse whore. We don't just borrow words; on occasion, English has pursued other languages down alleyways to beat them unconscious and rifle their pockets for new vocabulary." -- James D. Nicoll From MailScanner at ecs.soton.ac.uk Fri Jun 2 14:16:20 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 2 14:16:49 2006 Subject: World Tour, was Re: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <4473268E.B662.0038.0@tac.esi.net> References: X <4473268E.B662.0038.0@tac.esi.net> Message-ID: I have set up a page on the wiki devoted to a possible World Tour so I can come and meet some of you and say Hi, possibly involving a couple of nights on your sofa to see the city/town/village/country you live in. Please could you add some details of where you are (Google Earth links might be an idea), when are the best times of year, and stuff like that. Your name would be really useful too! There is a "World Tour" section at the bottom of the front page of wiki.mailscanner.info. There are a few suggested sections in it but feel free to do your own thing, just don't delete any real content. Thanks folks! Jules. On 23 May 2006, at 20:13, Chris Hammond wrote: > > >>>> MailScanner@ecs.soton.ac.uk 05/23/06 2:55 pm >>> > >>> Well as much as I am proud to be a Hoosier, (I actually consider >>> myself a Texan, spent 16 years there in the USAF, married, both sons >>> born there) you only have three weeks! > >> I have been to DC and NY before, so don't need to stop there for >> long, >> if at all, just to say hello. I might go to DC this summer for a few >> days anyway (Steve ---- you up for that?) > > If you do, come south a little and we can feed you plenty of > seafood and > beer. :) > >>> You should see DC, New York, and the Pacific Northwest >>> (Seattle/Alaska). A whirlwind "MailScanner World Tour" should see >>> the >>> sights first. Indiana can only offer home town hospitality, good >>> cookin', and friendly people. If you come, we would love to have >>> you. > >> That's great, thanks! I might be able to stretch it a bit, or else I >> will have to splite it into 2 trips (or is that 3 now, including S.A. >> and New Zealand?) > > Get that donation site setup. I'm sure you could get enough to > offset the > cost of the trip and maybe pay and extra couple of week of salary > to give > you more time to take things in. > >> A U.S. only tour sounds increasingly likely here. I could do >> Alaska and >> Canada in a separate trip. (My G*d, this is turning into a set of >> trips, >> we're up to 3 now!) > > If it keeps going like this, you may just want to move to the US > for 6 months, > then Canada for a few, then....... > >>> Do it on a motorcycle, you would never be the same ;^) >> Probably spread all over the road like tomato paste :- ) > > Naa, stay away from the motorcycles. We would all go insane and > kill ourselves > if we didn't have you around to help us keep our spam under > control. :) > > Chris > -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From Q.G.Campbell at newcastle.ac.uk Fri Jun 2 14:22:13 2006 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Fri Jun 2 14:22:30 2006 Subject: MCP-Checker (MCP timed out) - Answer: MCP spamassassin timing out Message-ID: <4165CF7A7F12DE4B96622CCBB90586470730CB57@largo.campus.ncl.ac.uk> Have identified the cause and found a work around but am worried that a simple message could give rise to this problem. Am getting the MCP checker "timed out" message because the invocation of 'spamassassin' that is run for MCP processing is timing out for the messages in question. It will do this even if I have an _empty_ 'mcp' subdirectory! I note from MailScanner.conf in 4.51.6-1 that the timeout values for the MCP and non-MCP invocations of 'spamassassin' are different. For the former it is only 10 seconds while for the latter it is 75 seconds! That explains why I only see the probem when the MCP check is done. The default values set by Julian are: SpamAssassin Timeout = 75 MCP SpamAssassin Timeout = 10 The work around was to change in MailScanner.conf the 'MCP SpamAssassin Timeout' value from 10 to 75 (seconds). Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ Any opinion expressed above is mine and not that of Newcastle University. >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >Of Quentin Campbell >Sent: 02 June 2006 08:54 >To: MailScanner discussion >Subject: RE: MCP-Checker (MCP timed out) - what is happening? > >Jeremy > >Have run 'spamassassin --siteconfigpath=/etc/MailScanner/mcp >--lint' and >this shows no problems. In my case I have more than one *.cf file in >~/mcp. > >I have found 59 instances of this problem occurring over the last 8 >weeks. That is a tiny number compared to the 1,000,000 or so >messages we >receive per day so the problem seems to arise out of a very special set >of circumstances. > >Not just mail from 'intl.pepsico.com' is involved although that site >accounts for a significant proportion of the 59 cases. At least two >different people sending mail from that site have beem affected. > >A full extract of log records for one such instance is: > >Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: >from=, size=2953, class=0, nrcpts=1, >msgid=<933D22EF8B0CA249BC3C5056C06FCE2201FCBB9D@pepwmu00262.cww >.pep.pvt> >, proto=ESMTP, daemon=MTA, relay=pepwmz00096.pbsg.com [195.33.104.10] > >Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: Milter add: >header: Received-SPF: none (cheviot2.ncl.ac.uk: domain of >xxx.yyy@intl.pepsico.com does not designate permitted sender hosts) > >Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: >to=, delay=00:00:00, mailer=esmtp, pri=32953, >stat=queued > >Jun 1 10:12:39 cheviot2 MailScanner[22318]: Message >k519CLJN025995 from >195.33.104.10 (xxx.yyy@intl.pepsico.com) to newcastle.ac.uk is MCP, >MCP-Checker (MCP timed out) > >Jun 1 10:12:39 cheviot2 MailScanner[22318]: MCP Actions: message >k519CLJN025995 actions are deliver > >At this point the message disappears from the queue. It is not >delivered >and the log records above confirm this. > >I am running with MailScanner-4.51.6-1 and SpamAssassin 3.1.1. > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >--------------------------------------------------------------- >--------- >Any opinion expressed above is mine and not that of Newcastle >University. > > >>-----Original Message----- >>From: mailscanner-bounces@lists.mailscanner.info >>[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>Of Jeremy Blonde >>Sent: 01 June 2006 17:08 >>To: MailScanner discussion >>Subject: RE: MCP-Checker (MCP timed out) - what is ahppening? >> >>I ran into this same problem. I had to delete my existing mcp >>rule file >>and re-create it. Apparently, I had added a typo somewhere. >> >> >>Jeremy Blonde >>Instructional Technology - Server Support >>Grant Joint Union School District >> >> >>-----Original Message----- >>From: mailscanner-bounces@lists.mailscanner.info >>[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>Of Quentin >>Campbell >>Sent: Thursday, June 01, 2006 9:00 AM >>To: mailscanner@lists.mailscanner.info >>Subject: MCP-Checker (MCP timed out) - what is ahppening? >> >>I am seeing for one sender the following record in the logs: >> >>Jun 1 10:13:57 cheviot1 MailScanner[425]: Message k519DcIG001362 from >>195.33.10 4.10 (xxx.yyy@intl.pepsico.com) to newcastle.ac.uk is MCP, >>MCP-Checker (MCP timed out) >> >>The mail is disappearing. What might be the cause? >> >>Quentin >>--- >>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>--------------------------------------------------------------- >>--------- >>Any opinion expressed above is mine and not that of Newcastle >>University. >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! >> >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > From Q.G.Campbell at newcastle.ac.uk Fri Jun 2 14:39:22 2006 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Fri Jun 2 14:39:26 2006 Subject: MCP-Checker (MCP timed out) - More details of the cause Message-ID: <4165CF7A7F12DE4B96622CCBB90586470730CB63@largo.campus.ncl.ac.uk> The delay in 'spamassassin' for the particular site is apparently caused while SA tries to do a DNS PTR lookup for the IP addresses in the 'Received:" lines. It seems that the NS for the site is very slow to respond: ... [19506] dbg: dns: looking up PTR record for '165.198.2.156' [19506] dbg: dns: PTR for '165.198.2.156': '' [19506] dbg: received-header: parsed as [ ip=165.198.2.156 rdns= helo=pepwmr00040.cww.pep.pvt by=pepwmz00096.pbsg.com ident= envfrom= intl=0 id= auth= ] [19506] dbg: received-header: relay 165.198.2.156 trusted? no internal? no [19506] dbg: dns: looking up PTR record for '165.198.2.160' [19506] dbg: dns: PTR for '165.198.2.160': '' [19506] dbg: received-header: parsed as [ ip=165.198.2.160 rdns= helo=pepwmr00029.cww.pep.pvt by=pepwmr00040.cww.pep.pvt ident= envfrom= intl=0 id= auth= ] [19506] dbg: received-header: relay 165.198.2.160 trusted? no internal? no [19506] dbg: dns: looking up PTR record for '165.198.22.184' [19506] dbg: dns: PTR for '165.198.22.184': '' [19506] dbg: received-header: parsed as [ ip=165.198.22.184 rdns= helo=pepwmu00265.cww.pep.pvt by=pepwmr00029.cww.pep.pvt ident= envfrom= intl=0 id= auth= ] [19506] dbg: received-header: relay 165.198.22.184 trusted? no internal? no [19506] dbg: dns: looking up PTR record for '165.198.218.84' [19506] dbg: dns: PTR for '165.198.218.84': '' [19506] dbg: received-header: parsed as [ ip=165.198.218.84 rdns= helo=pepwmu00262.cww.pep.pvt by=pepwmu00265.cww.pep.pvt ident= envfrom= intl=0 id= auth= ] [19506] dbg: received-header: relay 165.198.218.84 trusted? no internal? no ... However it is not clear why this slows down the invocation of SA for MCP checks since the 'Received:' header lines should not be part of what is scanned at that point. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ Any opinion expressed above is mine and not that of Newcastle University. >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >Of Quentin Campbell >Sent: 02 June 2006 14:22 >To: MailScanner discussion >Subject: RE: MCP-Checker (MCP timed out) - Answer: MCP >spamassassin timingout > >Have identified the cause and found a work around but am worried that a >simple message could give rise to this problem. > >Am getting the MCP checker "timed out" message because the >invocation of >'spamassassin' that is run for MCP processing is timing out for the >messages in question. It will do this even if I have an _empty_ 'mcp' >subdirectory! > >I note from MailScanner.conf in 4.51.6-1 that the timeout >values for the >MCP and non-MCP invocations of 'spamassassin' are different. For the >former it is only 10 seconds while for the latter it is 75 >seconds! That >explains why I only see the probem when the MCP check is done. The >default values set by Julian are: > >SpamAssassin Timeout = 75 >MCP SpamAssassin Timeout = 10 > >The work around was to change in MailScanner.conf the 'MCP SpamAssassin >Timeout' value from 10 to 75 (seconds). > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >--------------------------------------------------------------- >--------- >Any opinion expressed above is mine and not that of Newcastle >University. > > >>-----Original Message----- >>From: mailscanner-bounces@lists.mailscanner.info >>[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>Of Quentin Campbell >>Sent: 02 June 2006 08:54 >>To: MailScanner discussion >>Subject: RE: MCP-Checker (MCP timed out) - what is happening? >> >>Jeremy >> >>Have run 'spamassassin --siteconfigpath=/etc/MailScanner/mcp >>--lint' and >>this shows no problems. In my case I have more than one *.cf file in >>~/mcp. >> >>I have found 59 instances of this problem occurring over the last 8 >>weeks. That is a tiny number compared to the 1,000,000 or so >>messages we >>receive per day so the problem seems to arise out of a very >special set >>of circumstances. >> >>Not just mail from 'intl.pepsico.com' is involved although that site >>accounts for a significant proportion of the 59 cases. At least two >>different people sending mail from that site have beem affected. >> >>A full extract of log records for one such instance is: >> >>Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: >>from=, size=2953, class=0, nrcpts=1, >>msgid=<933D22EF8B0CA249BC3C5056C06FCE2201FCBB9D@pepwmu00262.cww >>.pep.pvt> >>, proto=ESMTP, daemon=MTA, relay=pepwmz00096.pbsg.com [195.33.104.10] >> >>Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: Milter add: >>header: Received-SPF: none (cheviot2.ncl.ac.uk: domain of >>xxx.yyy@intl.pepsico.com does not designate permitted sender hosts) >> >>Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: >>to=, delay=00:00:00, mailer=esmtp, pri=32953, >>stat=queued >> >>Jun 1 10:12:39 cheviot2 MailScanner[22318]: Message >>k519CLJN025995 from >>195.33.104.10 (xxx.yyy@intl.pepsico.com) to newcastle.ac.uk is MCP, >>MCP-Checker (MCP timed out) >> >>Jun 1 10:12:39 cheviot2 MailScanner[22318]: MCP Actions: message >>k519CLJN025995 actions are deliver >> >>At this point the message disappears from the queue. It is not >>delivered >>and the log records above confirm this. >> >>I am running with MailScanner-4.51.6-1 and SpamAssassin 3.1.1. >> >>Quentin >>--- >>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>--------------------------------------------------------------- >>--------- >>Any opinion expressed above is mine and not that of Newcastle >>University. >> >> >>>-----Original Message----- >>>From: mailscanner-bounces@lists.mailscanner.info >>>[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>Of Jeremy Blonde >>>Sent: 01 June 2006 17:08 >>>To: MailScanner discussion >>>Subject: RE: MCP-Checker (MCP timed out) - what is ahppening? >>> >>>I ran into this same problem. I had to delete my existing mcp >>>rule file >>>and re-create it. Apparently, I had added a typo somewhere. >>> >>> >>>Jeremy Blonde >>>Instructional Technology - Server Support >>>Grant Joint Union School District >>> >>> >>>-----Original Message----- >>>From: mailscanner-bounces@lists.mailscanner.info >>>[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>Of Quentin >>>Campbell >>>Sent: Thursday, June 01, 2006 9:00 AM >>>To: mailscanner@lists.mailscanner.info >>>Subject: MCP-Checker (MCP timed out) - what is ahppening? >>> >>>I am seeing for one sender the following record in the logs: >>> >>>Jun 1 10:13:57 cheviot1 MailScanner[425]: Message >k519DcIG001362 from >>>195.33.10 4.10 (xxx.yyy@intl.pepsico.com) to newcastle.ac.uk is MCP, >>>MCP-Checker (MCP timed out) >>> >>>The mail is disappearing. What might be the cause? >>> >>>Quentin >>>--- >>>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>> University of Newcastle, >>> Newcastle upon Tyne, >>>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>--------------------------------------------------------------- >>>--------- >>>Any opinion expressed above is mine and not that of Newcastle >>>University. >>>-- >>>MailScanner mailing list >>>mailscanner@lists.mailscanner.info >>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>>Before posting, read http://wiki.mailscanner.info/posting >>> >>>Support MailScanner development - buy the book off the website! >>>-- >>>MailScanner mailing list >>>mailscanner@lists.mailscanner.info >>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>>Before posting, read http://wiki.mailscanner.info/posting >>> >>>Support MailScanner development - buy the book off the website! >>> >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! >> >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > From Mailscanner at mailing.kaufland-informationssysteme.com Fri Jun 2 14:53:31 2006 From: Mailscanner at mailing.kaufland-informationssysteme.com (Matthias Sutter) Date: Fri Jun 2 14:53:35 2006 Subject: Many [MailScanner] Message-ID: <448042DB.7080209@mailing.kaufland-informationssysteme.com> Hi all, can somebody explain me why I have some "[MailScanner] ". I use MailScanner-4.54.6-1 on a Suse Linux 10.1. Thanks Matthias exim 10972 0.0 0.0 13148 848 ? Ss Jun01 0:04 /opt/exim/bin/exim -C /opt/exim/configure.in -bd exim 8659 0.0 0.0 13156 528 ? S 15:49 0:00 \_ /opt/exim/bin/exim -C /opt/exim/configure.in -bd exim 8660 0.0 0.0 13156 528 ? S 15:49 0:00 \_ /opt/exim/bin/exim -C /opt/exim/configure.in -bd exim 8661 0.0 0.0 13156 528 ? S 15:49 0:00 \_ /opt/exim/bin/exim -C /opt/exim/configure.in -bd exim 10992 0.0 0.9 57800 29516 ? Ss Jun01 0:00 MailScanner: starting child exim 18355 0.2 2.0 98388 63572 ? S 14:17 0:13 \_ MailScanner: waiting for messages exim 8308 0.0 0.0 0 0 ? Z 15:47 0:00 | \_ [MailScanner] exim 18397 0.1 2.0 97328 62572 ? S 14:17 0:08 \_ MailScanner: waiting for messages exim 8438 0.0 0.0 0 0 ? Z 15:48 0:00 | \_ [MailScanner] exim 18431 0.2 2.0 97828 63072 ? S 14:17 0:15 \_ MailScanner: waiting for messages exim 8127 0.0 0.0 0 0 ? Z 15:47 0:00 | \_ [MailScanner] exim 18449 0.2 2.0 97608 62852 ? S 14:18 0:12 \_ MailScanner: waiting for messages exim 8360 0.0 0.0 0 0 ? Z 15:47 0:00 | \_ [MailScanner] exim 18481 0.2 2.0 97224 62384 ? S 14:18 0:13 \_ MailScanner: waiting for messages exim 8536 0.0 0.0 0 0 ? Z 15:49 0:00 | \_ [MailScanner] exim 18843 0.1 2.0 97312 62556 ? S 14:19 0:10 \_ MailScanner: virus scanning exim 8666 22.0 0.3 16400 10156 ? Rs 15:49 0:00 | \_ /usr/local/Sophos/bin/sweep -sc -f -all -rec ss -archive -cab -loopback --no-follow- exim 18954 0.2 2.0 97636 62880 ? S 14:20 0:12 \_ MailScanner: waiting for messages exim 8642 0.2 0.0 0 0 ? Z 15:49 0:00 | \_ [MailScanner] exim 19046 0.2 2.0 97324 62568 ? S 14:20 0:12 \_ MailScanner: waiting for messages exim 8628 0.1 0.0 0 0 ? Z 15:49 0:00 | \_ [MailScanner] exim 19225 0.2 2.0 97384 62628 ? S 14:21 0:10 \_ MailScanner: waiting for messages exim 8651 0.2 0.0 0 0 ? Z 15:49 0:00 | \_ [MailScanner] exim 19355 0.1 2.0 97292 62428 ? S 14:22 0:09 \_ MailScanner: waiting for messages exim 8605 0.0 0.0 0 0 ? Z 15:49 0:00 \_ [MailScanner] exim 19364 0.0 1.0 67544 32952 ? S 14:22 0:01 MailWatch SQL root 8106 0.0 0.0 11864 1724 ? Ss 15:47 0:00 /opt/exim/bin/exim -C /opt/exim/configure.out -Mc 1Fm9zT-00026j-CS exim 8107 0.0 0.0 12932 1336 ? S 15:47 0:00 \_ /opt/exim/bin/exim -C /opt/exim/configure.out -Mc 1Fm9zT-00026j-CS root 8656 0.0 0.0 11860 1724 ? Ss 15:49 0:00 /opt/exim/bin/exim -C /opt/exim/configure.out -Mc 1FmA1v-0002Fb-0Z exim 8657 0.0 0.0 12928 1384 ? S 15:49 0:00 \_ /opt/exim/bin/exim -C /opt/exim/configure.out -Mc 1FmA1v-0002Fb-0Z From MailScanner at ecs.soton.ac.uk Fri Jun 2 15:19:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 2 15:21:26 2006 Subject: MCP-Checker (MCP timed out) - Answer: MCP spamassassin timing out In-Reply-To: <4165CF7A7F12DE4B96622CCBB90586470730CB57@largo.campus.ncl.ac.uk> References: <4165CF7A7F12DE4B96622CCBB90586470730CB57@largo.campus.ncl.ac.uk> Message-ID: <3CD8AF69-7F86-41CE-A69B-C2C911D5E9FB@ecs.soton.ac.uk> On 2 Jun 2006, at 14:22, Quentin Campbell wrote: > Have identified the cause and found a work around but am worried > that a > simple message could give rise to this problem. > > Am getting the MCP checker "timed out" message because the > invocation of > 'spamassassin' that is run for MCP processing is timing out for the > messages in question. It will do this even if I have an _empty_ 'mcp' > subdirectory! > > I note from MailScanner.conf in 4.51.6-1 that the timeout values > for the > MCP and non-MCP invocations of 'spamassassin' are different. For the > former it is only 10 seconds while for the latter it is 75 seconds! > That > explains why I only see the probem when the MCP check is done. The > default values set by Julian are: > > SpamAssassin Timeout = 75 > MCP SpamAssassin Timeout = 10 > > The work around was to change in MailScanner.conf the 'MCP > SpamAssassin > Timeout' value from 10 to 75 (seconds). The reason the timeout is much smaller is that it is not doing any network-based checks, just a very small selection of SpamAssassin rules. So it shouldn't take anything like as long as the SpamAssassin call for identifying spam. If it is taking 75 seconds to check a message against about 10 rules and nothing else, then there is a problem somewhere. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From Q.G.Campbell at newcastle.ac.uk Fri Jun 2 15:55:19 2006 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Fri Jun 2 15:55:25 2006 Subject: MCP-Checker (MCP timed out) - More details of the cause Message-ID: <4165CF7A7F12DE4B96622CCBB90586470730CBCB@largo.campus.ncl.ac.uk> Re. my message below the output I provided is a result of running 'spamassassin -t ...' on a sample message which includes the Received: headers. When they are removed then 'spamassassin' runs very quickly. The inference that I draw from this is that when the message is being run through the production MailScanner set up here, some DNS checks are being carried out during MCP processing. The DNS delays are most likely being caused by the same IP addresses that appear in the Received: headers. Unlikely I know but it is the only explanation I can find. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ Any opinion expressed above is mine and not that of Newcastle University. >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >Of Quentin Campbell >Sent: 02 June 2006 14:39 >To: MailScanner discussion >Subject: RE: MCP-Checker (MCP timed out) - More details of the cause > >The delay in 'spamassassin' for the particular site is >apparently caused >while SA tries to do a DNS PTR lookup for the IP addresses in the >'Received:" lines. It seems that the NS for the site is very slow to >respond: > >... >[19506] dbg: dns: looking up PTR record for '165.198.2.156' >[19506] dbg: dns: PTR for '165.198.2.156': '' >[19506] dbg: received-header: parsed as [ ip=165.198.2.156 rdns= >helo=pepwmr00040.cww.pep.pvt by=pepwmz00096.pbsg.com ident= envfrom= >intl=0 id= auth= ] >[19506] dbg: received-header: relay 165.198.2.156 trusted? no internal? >no >[19506] dbg: dns: looking up PTR record for '165.198.2.160' >[19506] dbg: dns: PTR for '165.198.2.160': '' >[19506] dbg: received-header: parsed as [ ip=165.198.2.160 rdns= >helo=pepwmr00029.cww.pep.pvt by=pepwmr00040.cww.pep.pvt ident= envfrom= >intl=0 id= auth= ] >[19506] dbg: received-header: relay 165.198.2.160 trusted? no internal? >no >[19506] dbg: dns: looking up PTR record for '165.198.22.184' >[19506] dbg: dns: PTR for '165.198.22.184': '' >[19506] dbg: received-header: parsed as [ ip=165.198.22.184 rdns= >helo=pepwmu00265.cww.pep.pvt by=pepwmr00029.cww.pep.pvt ident= envfrom= >intl=0 id= auth= ] >[19506] dbg: received-header: relay 165.198.22.184 trusted? no >internal? >no >[19506] dbg: dns: looking up PTR record for '165.198.218.84' >[19506] dbg: dns: PTR for '165.198.218.84': '' >[19506] dbg: received-header: parsed as [ ip=165.198.218.84 rdns= >helo=pepwmu00262.cww.pep.pvt by=pepwmu00265.cww.pep.pvt ident= envfrom= >intl=0 id= auth= ] >[19506] dbg: received-header: relay 165.198.218.84 trusted? no >internal? >no >... > >However it is not clear why this slows down the invocation of >SA for MCP >checks since the 'Received:' header lines should not be part of what is >scanned at that point. > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >--------------------------------------------------------------- >--------- >Any opinion expressed above is mine and not that of Newcastle >University. > > >>-----Original Message----- >>From: mailscanner-bounces@lists.mailscanner.info >>[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>Of Quentin Campbell >>Sent: 02 June 2006 14:22 >>To: MailScanner discussion >>Subject: RE: MCP-Checker (MCP timed out) - Answer: MCP >>spamassassin timingout >> >>Have identified the cause and found a work around but am >worried that a >>simple message could give rise to this problem. >> >>Am getting the MCP checker "timed out" message because the >>invocation of >>'spamassassin' that is run for MCP processing is timing out for the >>messages in question. It will do this even if I have an _empty_ 'mcp' >>subdirectory! >> >>I note from MailScanner.conf in 4.51.6-1 that the timeout >>values for the >>MCP and non-MCP invocations of 'spamassassin' are different. For the >>former it is only 10 seconds while for the latter it is 75 >>seconds! That >>explains why I only see the probem when the MCP check is done. The >>default values set by Julian are: >> >>SpamAssassin Timeout = 75 >>MCP SpamAssassin Timeout = 10 >> >>The work around was to change in MailScanner.conf the 'MCP >SpamAssassin >>Timeout' value from 10 to 75 (seconds). >> >>Quentin >>--- >>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>--------------------------------------------------------------- >>--------- >>Any opinion expressed above is mine and not that of Newcastle >>University. >> >> >>>-----Original Message----- >>>From: mailscanner-bounces@lists.mailscanner.info >>>[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>Of Quentin Campbell >>>Sent: 02 June 2006 08:54 >>>To: MailScanner discussion >>>Subject: RE: MCP-Checker (MCP timed out) - what is happening? >>> >>>Jeremy >>> >>>Have run 'spamassassin --siteconfigpath=/etc/MailScanner/mcp >>>--lint' and >>>this shows no problems. In my case I have more than one *.cf file in >>>~/mcp. >>> >>>I have found 59 instances of this problem occurring over the last 8 >>>weeks. That is a tiny number compared to the 1,000,000 or so >>>messages we >>>receive per day so the problem seems to arise out of a very >>special set >>>of circumstances. >>> >>>Not just mail from 'intl.pepsico.com' is involved although that site >>>accounts for a significant proportion of the 59 cases. At least two >>>different people sending mail from that site have beem affected. >>> >>>A full extract of log records for one such instance is: >>> >>>Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: >>>from=, size=2953, class=0, nrcpts=1, >>>msgid=<933D22EF8B0CA249BC3C5056C06FCE2201FCBB9D@pepwmu00262.cww >>>.pep.pvt> >>>, proto=ESMTP, daemon=MTA, relay=pepwmz00096.pbsg.com [195.33.104.10] >>> >>>Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: Milter add: >>>header: Received-SPF: none (cheviot2.ncl.ac.uk: domain of >>>xxx.yyy@intl.pepsico.com does not designate permitted sender hosts) >>> >>>Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: >>>to=, delay=00:00:00, mailer=esmtp, >pri=32953, >>>stat=queued >>> >>>Jun 1 10:12:39 cheviot2 MailScanner[22318]: Message >>>k519CLJN025995 from >>>195.33.104.10 (xxx.yyy@intl.pepsico.com) to newcastle.ac.uk is MCP, >>>MCP-Checker (MCP timed out) >>> >>>Jun 1 10:12:39 cheviot2 MailScanner[22318]: MCP Actions: message >>>k519CLJN025995 actions are deliver >>> >>>At this point the message disappears from the queue. It is not >>>delivered >>>and the log records above confirm this. >>> >>>I am running with MailScanner-4.51.6-1 and SpamAssassin 3.1.1. >>> >>>Quentin >>>--- >>>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>> University of Newcastle, >>> Newcastle upon Tyne, >>>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>--------------------------------------------------------------- >>>--------- >>>Any opinion expressed above is mine and not that of Newcastle >>>University. >>> >>> >>>>-----Original Message----- >>>>From: mailscanner-bounces@lists.mailscanner.info >>>>[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>>Of Jeremy Blonde >>>>Sent: 01 June 2006 17:08 >>>>To: MailScanner discussion >>>>Subject: RE: MCP-Checker (MCP timed out) - what is ahppening? >>>> >>>>I ran into this same problem. I had to delete my existing mcp >>>>rule file >>>>and re-create it. Apparently, I had added a typo somewhere. >>>> >>>> >>>>Jeremy Blonde >>>>Instructional Technology - Server Support >>>>Grant Joint Union School District >>>> >>>> >>>>-----Original Message----- >>>>From: mailscanner-bounces@lists.mailscanner.info >>>>[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>>Of Quentin >>>>Campbell >>>>Sent: Thursday, June 01, 2006 9:00 AM >>>>To: mailscanner@lists.mailscanner.info >>>>Subject: MCP-Checker (MCP timed out) - what is ahppening? >>>> >>>>I am seeing for one sender the following record in the logs: >>>> >>>>Jun 1 10:13:57 cheviot1 MailScanner[425]: Message >>k519DcIG001362 from >>>>195.33.10 4.10 (xxx.yyy@intl.pepsico.com) to newcastle.ac.uk is MCP, >>>>MCP-Checker (MCP timed out) >>>> >>>>The mail is disappearing. What might be the cause? >>>> >>>>Quentin >>>>--- >>>>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>>> University of Newcastle, >>>> Newcastle upon Tyne, >>>>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>>--------------------------------------------------------------- >>>>--------- >>>>Any opinion expressed above is mine and not that of Newcastle >>>>University. >>>>-- >>>>MailScanner mailing list >>>>mailscanner@lists.mailscanner.info >>>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>>Before posting, read http://wiki.mailscanner.info/posting >>>> >>>>Support MailScanner development - buy the book off the website! >>>>-- >>>>MailScanner mailing list >>>>mailscanner@lists.mailscanner.info >>>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>>Before posting, read http://wiki.mailscanner.info/posting >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>-- >>>MailScanner mailing list >>>mailscanner@lists.mailscanner.info >>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>>Before posting, read http://wiki.mailscanner.info/posting >>> >>>Support MailScanner development - buy the book off the website! >>> >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! >> >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > From Kevin_Miller at ci.juneau.ak.us Fri Jun 2 16:24:17 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Jun 2 16:24:27 2006 Subject: [Clamav-users] Problem with internal logger Message-ID: Anthony Peacock wrote: > Hi Julian, > > Julian Field wrote: >> >> On 1 Jun 2006, at 16:30, Kai Schaetzl wrote: >> >>> Julian Field wrote on Thu, 1 Jun 2006 14:04:52 +0100: >>> >>>> My easy-to-install ClamAV+SA package configures freshclam.conf and >>>> spamd.conf for you, by commenting out the "Example" lines. >>> >>> and then sets the mirror to US ? >> >> No, as I don't know what country you might be in. It just gets it >> working for you, saving new users a nasty catch which will confuse >> them entirely. Doing things like this annoys me, as they don't >> produce a nice error message telling the user what they need to do >> to alleviate the problem. It's a case of "Switch this option on to >> make anything work, default is off". I know I do it myself, but I do >> at least generate a polite error message which tells the user they >> need to set their company name in MailScanner.conf. >> >> I am considering removing it from MailScanner. >> If the %org-name% has not been configured, then I just use the domain >> name by using Sys::Hostname::Long which is already needed by >> SpamAssassin so most people have it installed already. I replace the >> hostname with www to get the website address, and put the same in >> %org-long-name% as %org-name%. >> >> Does that sound rather better than the current "I'm not going to >> start" behaviour. > > I wouldn't really be in favour of this. > > A side-effect of the current behaviour is that it forces the person > installing the system to at least open and look at the config file > first. > > I don't think anyone should be installing something as important as > mailscanner without at least understanding what the default options > are doing. I think it's a good idea. Only thing I'd do differently is to use the hostname instead of www + domain-name. That would keep it shorter (I like concise), and the comments mention that periods sometimes hose the Symantic virus scanner or something to that effect. Don't use Symantic so didn't pay too close attention. Maybe I'm just being grumpy, but I think anybody installing something like MailScanner w/o looking at the docs deserves what they get! Just my inflation adjusted, subject to federal, state and local taxes, $.02 worth... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From MailScanner at ecs.soton.ac.uk Fri Jun 2 16:41:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 2 16:42:15 2006 Subject: Many [MailScanner] In-Reply-To: <448042DB.7080209@mailing.kaufland-informationssysteme.com> References: <448042DB.7080209@mailing.kaufland-informationssysteme.com> Message-ID: Are the same ones there all the time, or do the process ids (the number in the 2nd column) keep changing pretty frequently? If they keep changing, don't worry, this is an intentional design decision. It is faster to reap lots of zombies at once than it is to reap them all one at a time. Makes quite a big speed difference, despite looking a little ugly. On 2 Jun 2006, at 14:53, Matthias Sutter wrote: > Hi all, > > can somebody explain me why I have some "[MailScanner] ". > I use MailScanner-4.54.6-1 on a Suse Linux 10.1. > > Thanks > Matthias > > exim 10972 0.0 0.0 13148 848 ? Ss Jun01 0:04 / > opt/exim/bin/exim -C /opt/exim/configure.in -bd > exim 8659 0.0 0.0 13156 528 ? S 15:49 0:00 > \_ /opt/exim/bin/exim -C /opt/exim/configure.in -bd > exim 8660 0.0 0.0 13156 528 ? S 15:49 0:00 > \_ /opt/exim/bin/exim -C /opt/exim/configure.in -bd > exim 8661 0.0 0.0 13156 528 ? S 15:49 0:00 > \_ /opt/exim/bin/exim -C /opt/exim/configure.in -bd > exim 10992 0.0 0.9 57800 29516 ? Ss Jun01 0:00 > MailScanner: starting child > exim 18355 0.2 2.0 98388 63572 ? S 14:17 0:13 > \_ MailScanner: waiting for messages > exim 8308 0.0 0.0 0 0 ? Z 15:47 0:00 > | \_ [MailScanner] > exim 18397 0.1 2.0 97328 62572 ? S 14:17 0:08 > \_ MailScanner: waiting for messages > exim 8438 0.0 0.0 0 0 ? Z 15:48 0:00 > | \_ [MailScanner] > exim 18431 0.2 2.0 97828 63072 ? S 14:17 0:15 > \_ MailScanner: waiting for messages > exim 8127 0.0 0.0 0 0 ? Z 15:47 0:00 > | \_ [MailScanner] > exim 18449 0.2 2.0 97608 62852 ? S 14:18 0:12 > \_ MailScanner: waiting for messages > exim 8360 0.0 0.0 0 0 ? Z 15:47 0:00 > | \_ [MailScanner] > exim 18481 0.2 2.0 97224 62384 ? S 14:18 0:13 > \_ MailScanner: waiting for messages > exim 8536 0.0 0.0 0 0 ? Z 15:49 0:00 > | \_ [MailScanner] > exim 18843 0.1 2.0 97312 62556 ? S 14:19 0:10 > \_ MailScanner: virus scanning > exim 8666 22.0 0.3 16400 10156 ? Rs 15:49 0:00 > | \_ /usr/local/Sophos/bin/sweep -sc -f -all -rec ss -archive - > cab -loopback --no-follow- > exim 18954 0.2 2.0 97636 62880 ? S 14:20 0:12 > \_ MailScanner: waiting for messages > exim 8642 0.2 0.0 0 0 ? Z 15:49 0:00 > | \_ [MailScanner] > exim 19046 0.2 2.0 97324 62568 ? S 14:20 0:12 > \_ MailScanner: waiting for messages > exim 8628 0.1 0.0 0 0 ? Z 15:49 0:00 > | \_ [MailScanner] > exim 19225 0.2 2.0 97384 62628 ? S 14:21 0:10 > \_ MailScanner: waiting for messages > exim 8651 0.2 0.0 0 0 ? Z 15:49 0:00 > | \_ [MailScanner] > exim 19355 0.1 2.0 97292 62428 ? S 14:22 0:09 > \_ MailScanner: waiting for messages > exim 8605 0.0 0.0 0 0 ? Z 15:49 > 0:00 \_ [MailScanner] > exim 19364 0.0 1.0 67544 32952 ? S 14:22 0:01 > MailWatch SQL > root 8106 0.0 0.0 11864 1724 ? Ss 15:47 0:00 / > opt/exim/bin/exim -C /opt/exim/configure.out -Mc 1Fm9zT-00026j-CS > exim 8107 0.0 0.0 12932 1336 ? S 15:47 0:00 > \_ /opt/exim/bin/exim -C /opt/exim/configure.out -Mc 1Fm9zT-00026j-CS > root 8656 0.0 0.0 11860 1724 ? Ss 15:49 0:00 / > opt/exim/bin/exim -C /opt/exim/configure.out -Mc 1FmA1v-0002Fb-0Z > exim 8657 0.0 0.0 12928 1384 ? S 15:49 0:00 > \_ /opt/exim/bin/exim -C /opt/exim/configure.out -Mc 1FmA1v-0002Fb-0Z > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Fri Jun 2 16:44:50 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 2 16:45:06 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: References: Message-ID: On 2 Jun 2006, at 16:24, Kevin Miller wrote: > Anthony Peacock wrote: >> Hi Julian, >> >> Julian Field wrote: >>> >>> On 1 Jun 2006, at 16:30, Kai Schaetzl wrote: >>> >>>> Julian Field wrote on Thu, 1 Jun 2006 14:04:52 +0100: >>>> >>>>> My easy-to-install ClamAV+SA package configures freshclam.conf and >>>>> spamd.conf for you, by commenting out the "Example" lines. >>>> >>>> and then sets the mirror to US ? >>> >>> No, as I don't know what country you might be in. It just gets it >>> working for you, saving new users a nasty catch which will confuse >>> them entirely. Doing things like this annoys me, as they don't >>> produce a nice error message telling the user what they need to do >>> to alleviate the problem. It's a case of "Switch this option on to >>> make anything work, default is off". I know I do it myself, but I do >>> at least generate a polite error message which tells the user they >>> need to set their company name in MailScanner.conf. >>> >>> I am considering removing it from MailScanner. >>> If the %org-name% has not been configured, then I just use the >>> domain >>> name by using Sys::Hostname::Long which is already needed by >>> SpamAssassin so most people have it installed already. I replace the >>> hostname with www to get the website address, and put the same in >>> %org-long-name% as %org-name%. >>> >>> Does that sound rather better than the current "I'm not going to >>> start" behaviour. >> >> I wouldn't really be in favour of this. >> >> A side-effect of the current behaviour is that it forces the person >> installing the system to at least open and look at the config file >> first. >> >> I don't think anyone should be installing something as important as >> mailscanner without at least understanding what the default options >> are doing. > > I think it's a good idea. Only thing I'd do differently is to use the > hostname instead of www + domain-name. That would keep it shorter (I > like concise), and the comments mention that periods sometimes hose > the > Symantic virus scanner or something to that effect. Don't use > Symantic > so didn't pay too close attention. The %web-site% is only ever used in the message body, not in a header. But you are right about the other ones having dots in them which might confuse Symantec's scanner. I will just change the dots to dashes or underscores. Thanks for pointing that out, it hadn't occurred to me. > > Maybe I'm just being grumpy, but I think anybody installing something > like MailScanner w/o looking at the docs deserves what they get! That's very easy for an experienced user to say :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Fri Jun 2 16:45:34 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 2 16:45:48 2006 Subject: MCP-Checker (MCP timed out) - More details of the cause In-Reply-To: <4165CF7A7F12DE4B96622CCBB90586470730CBCB@largo.campus.ncl.ac.uk> References: <4165CF7A7F12DE4B96622CCBB90586470730CBCB@largo.campus.ncl.ac.uk> Message-ID: Should I therefore increase the default MCP timeout to 75 seconds? On 2 Jun 2006, at 15:55, Quentin Campbell wrote: > Re. my message below the output I provided is a result of running > 'spamassassin -t ...' on a sample message which includes the Received: > headers. When they are removed then 'spamassassin' runs very quickly. > > The inference that I draw from this is that when the message is being > run through the production MailScanner set up here, some DNS checks > are > being carried out during MCP processing. The DNS delays are most > likely > being caused by the same IP addresses that appear in the Received: > headers. Unlikely I know but it is the only explanation I can find. > > Quentin > --- > PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, > FAX: +44 191 222 8765 United Kingdom, NE1 7RU. > ---------------------------------------------------------------------- > -- > Any opinion expressed above is mine and not that of Newcastle > University. > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Quentin Campbell >> Sent: 02 June 2006 14:39 >> To: MailScanner discussion >> Subject: RE: MCP-Checker (MCP timed out) - More details of the cause >> >> The delay in 'spamassassin' for the particular site is >> apparently caused >> while SA tries to do a DNS PTR lookup for the IP addresses in the >> 'Received:" lines. It seems that the NS for the site is very slow to >> respond: >> >> ... >> [19506] dbg: dns: looking up PTR record for '165.198.2.156' >> [19506] dbg: dns: PTR for '165.198.2.156': '' >> [19506] dbg: received-header: parsed as [ ip=165.198.2.156 rdns= >> helo=pepwmr00040.cww.pep.pvt by=pepwmz00096.pbsg.com ident= envfrom= >> intl=0 id= auth= ] >> [19506] dbg: received-header: relay 165.198.2.156 trusted? no >> internal? >> no >> [19506] dbg: dns: looking up PTR record for '165.198.2.160' >> [19506] dbg: dns: PTR for '165.198.2.160': '' >> [19506] dbg: received-header: parsed as [ ip=165.198.2.160 rdns= >> helo=pepwmr00029.cww.pep.pvt by=pepwmr00040.cww.pep.pvt ident= >> envfrom= >> intl=0 id= auth= ] >> [19506] dbg: received-header: relay 165.198.2.160 trusted? no >> internal? >> no >> [19506] dbg: dns: looking up PTR record for '165.198.22.184' >> [19506] dbg: dns: PTR for '165.198.22.184': '' >> [19506] dbg: received-header: parsed as [ ip=165.198.22.184 rdns= >> helo=pepwmu00265.cww.pep.pvt by=pepwmr00029.cww.pep.pvt ident= >> envfrom= >> intl=0 id= auth= ] >> [19506] dbg: received-header: relay 165.198.22.184 trusted? no >> internal? >> no >> [19506] dbg: dns: looking up PTR record for '165.198.218.84' >> [19506] dbg: dns: PTR for '165.198.218.84': '' >> [19506] dbg: received-header: parsed as [ ip=165.198.218.84 rdns= >> helo=pepwmu00262.cww.pep.pvt by=pepwmu00265.cww.pep.pvt ident= >> envfrom= >> intl=0 id= auth= ] >> [19506] dbg: received-header: relay 165.198.218.84 trusted? no >> internal? >> no >> ... >> >> However it is not clear why this slows down the invocation of >> SA for MCP >> checks since the 'Received:' header lines should not be part of >> what is >> scanned at that point. >> >> Quentin >> --- >> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >> --------------------------------------------------------------- >> --------- >> Any opinion expressed above is mine and not that of Newcastle >> University. >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>> Of Quentin Campbell >>> Sent: 02 June 2006 14:22 >>> To: MailScanner discussion >>> Subject: RE: MCP-Checker (MCP timed out) - Answer: MCP >>> spamassassin timingout >>> >>> Have identified the cause and found a work around but am >> worried that a >>> simple message could give rise to this problem. >>> >>> Am getting the MCP checker "timed out" message because the >>> invocation of >>> 'spamassassin' that is run for MCP processing is timing out for the >>> messages in question. It will do this even if I have an _empty_ >>> 'mcp' >>> subdirectory! >>> >>> I note from MailScanner.conf in 4.51.6-1 that the timeout >>> values for the >>> MCP and non-MCP invocations of 'spamassassin' are different. For the >>> former it is only 10 seconds while for the latter it is 75 >>> seconds! That >>> explains why I only see the probem when the MCP check is done. The >>> default values set by Julian are: >>> >>> SpamAssassin Timeout = 75 >>> MCP SpamAssassin Timeout = 10 >>> >>> The work around was to change in MailScanner.conf the 'MCP >> SpamAssassin >>> Timeout' value from 10 to 75 (seconds). >>> >>> Quentin >>> --- >>> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>> University of Newcastle, >>> Newcastle upon Tyne, >>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>> --------------------------------------------------------------- >>> --------- >>> Any opinion expressed above is mine and not that of Newcastle >>> University. >>> >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>> Of Quentin Campbell >>>> Sent: 02 June 2006 08:54 >>>> To: MailScanner discussion >>>> Subject: RE: MCP-Checker (MCP timed out) - what is happening? >>>> >>>> Jeremy >>>> >>>> Have run 'spamassassin --siteconfigpath=/etc/MailScanner/mcp >>>> --lint' and >>>> this shows no problems. In my case I have more than one *.cf >>>> file in >>>> ~/mcp. >>>> >>>> I have found 59 instances of this problem occurring over the last 8 >>>> weeks. That is a tiny number compared to the 1,000,000 or so >>>> messages we >>>> receive per day so the problem seems to arise out of a very >>> special set >>>> of circumstances. >>>> >>>> Not just mail from 'intl.pepsico.com' is involved although that >>>> site >>>> accounts for a significant proportion of the 59 cases. At least two >>>> different people sending mail from that site have beem affected. >>>> >>>> A full extract of log records for one such instance is: >>>> >>>> Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: >>>> from=, size=2953, class=0, nrcpts=1, >>>> msgid=<933D22EF8B0CA249BC3C5056C06FCE2201FCBB9D@pepwmu00262.cww >>>> .pep.pvt> >>>> , proto=ESMTP, daemon=MTA, relay=pepwmz00096.pbsg.com >>>> [195.33.104.10] >>>> >>>> Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: Milter >>>> add: >>>> header: Received-SPF: none (cheviot2.ncl.ac.uk: domain of >>>> xxx.yyy@intl.pepsico.com does not designate permitted sender hosts) >>>> >>>> Jun 1 10:12:26 cheviot2 sendmail[25995]: k519CLJN025995: >>>> to=, delay=00:00:00, mailer=esmtp, >> pri=32953, >>>> stat=queued >>>> >>>> Jun 1 10:12:39 cheviot2 MailScanner[22318]: Message >>>> k519CLJN025995 from >>>> 195.33.104.10 (xxx.yyy@intl.pepsico.com) to newcastle.ac.uk is MCP, >>>> MCP-Checker (MCP timed out) >>>> >>>> Jun 1 10:12:39 cheviot2 MailScanner[22318]: MCP Actions: message >>>> k519CLJN025995 actions are deliver >>>> >>>> At this point the message disappears from the queue. It is not >>>> delivered >>>> and the log records above confirm this. >>>> >>>> I am running with MailScanner-4.51.6-1 and SpamAssassin 3.1.1. >>>> >>>> Quentin >>>> --- >>>> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>>> University of Newcastle, >>>> Newcastle upon Tyne, >>>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>> --------------------------------------------------------------- >>>> --------- >>>> Any opinion expressed above is mine and not that of Newcastle >>>> University. >>>> >>>> >>>>> -----Original Message----- >>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>>> Of Jeremy Blonde >>>>> Sent: 01 June 2006 17:08 >>>>> To: MailScanner discussion >>>>> Subject: RE: MCP-Checker (MCP timed out) - what is ahppening? >>>>> >>>>> I ran into this same problem. I had to delete my existing mcp >>>>> rule file >>>>> and re-create it. Apparently, I had added a typo somewhere. >>>>> >>>>> >>>>> Jeremy Blonde >>>>> Instructional Technology - Server Support >>>>> Grant Joint Union School District >>>>> >>>>> >>>>> -----Original Message----- >>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>>> Of Quentin >>>>> Campbell >>>>> Sent: Thursday, June 01, 2006 9:00 AM >>>>> To: mailscanner@lists.mailscanner.info >>>>> Subject: MCP-Checker (MCP timed out) - what is ahppening? >>>>> >>>>> I am seeing for one sender the following record in the logs: >>>>> >>>>> Jun 1 10:13:57 cheviot1 MailScanner[425]: Message >>> k519DcIG001362 from >>>>> 195.33.10 4.10 (xxx.yyy@intl.pepsico.com) to newcastle.ac.uk is >>>>> MCP, >>>>> MCP-Checker (MCP timed out) >>>>> >>>>> The mail is disappearing. What might be the cause? >>>>> >>>>> Quentin >>>>> --- >>>>> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>>>> University of Newcastle, >>>>> Newcastle upon Tyne, >>>>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>>> --------------------------------------------------------------- >>>>> --------- >>>>> Any opinion expressed above is mine and not that of Newcastle >>>>> University. >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From a.peacock at chime.ucl.ac.uk Fri Jun 2 16:50:48 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Jun 2 16:51:04 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: References: Message-ID: <44805E58.4060904@chime.ucl.ac.uk> Hi Kevin, Kevin Miller wrote: > Anthony Peacock wrote: >> Hi Julian, >> >> Julian Field wrote: >>> On 1 Jun 2006, at 16:30, Kai Schaetzl wrote: >>> >>>> Julian Field wrote on Thu, 1 Jun 2006 14:04:52 +0100: >>>> >>>>> My easy-to-install ClamAV+SA package configures freshclam.conf and >>>>> spamd.conf for you, by commenting out the "Example" lines. >>>> and then sets the mirror to US ? >>> No, as I don't know what country you might be in. It just gets it >>> working for you, saving new users a nasty catch which will confuse >>> them entirely. Doing things like this annoys me, as they don't >>> produce a nice error message telling the user what they need to do >>> to alleviate the problem. It's a case of "Switch this option on to >>> make anything work, default is off". I know I do it myself, but I do >>> at least generate a polite error message which tells the user they >>> need to set their company name in MailScanner.conf. >>> >>> I am considering removing it from MailScanner. >>> If the %org-name% has not been configured, then I just use the domain >>> name by using Sys::Hostname::Long which is already needed by >>> SpamAssassin so most people have it installed already. I replace the >>> hostname with www to get the website address, and put the same in >>> %org-long-name% as %org-name%. >>> >>> Does that sound rather better than the current "I'm not going to >>> start" behaviour. >> I wouldn't really be in favour of this. >> >> A side-effect of the current behaviour is that it forces the person >> installing the system to at least open and look at the config file >> first. >> >> I don't think anyone should be installing something as important as >> mailscanner without at least understanding what the default options >> are doing. > > I think it's a good idea. Only thing I'd do differently is to use the > hostname instead of www + domain-name. That would keep it shorter (I > like concise), and the comments mention that periods sometimes hose the > Symantic virus scanner or something to that effect. Don't use Symantic > so didn't pay too close attention. > > Maybe I'm just being grumpy, but I think anybody installing something > like MailScanner w/o looking at the docs deserves what they get! I guess I am sitting somewhere in the middle here... :-) I like the current behaviour because it forces the person installing the software to look into the config file before the software will even run. I think the install script that Julian has created is great in that it removes most of the complications of getting a secure mail server up and running. The downside (as I see it) is that it is possible for someone to get a secure mail server up and running without really understanding what is going on. In my opinion that is dangerous. I really am trying not to sound like a grumpy old man here, but I do feel that running an internet connected mail server is something that should be done by a person with a basic understanding of what is going on. Anyway, I am not really arguing against Julian's suggestion as if you accept Julian's reason for maintaining the install script, this is the logical next step. Hopefully most people who hit a problem get caught here or on the wiki anyway. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The problem with defending the purity of the English language is that English is about as pure as a cribhouse whore. We don't just borrow words; on occasion, English has pursued other languages down alleyways to beat them unconscious and rifle their pockets for new vocabulary." -- James D. Nicoll From MailScanner at ecs.soton.ac.uk Fri Jun 2 16:51:15 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 2 16:51:33 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: References: Message-ID: <91040E12-89EE-4468-8669-97CC3C36C699@ecs.soton.ac.uk> On 2 Jun 2006, at 16:24, Kevin Miller wrote: > Anthony Peacock wrote: >> Hi Julian, >> >> Julian Field wrote: >>> >>> On 1 Jun 2006, at 16:30, Kai Schaetzl wrote: >>> >>>> Julian Field wrote on Thu, 1 Jun 2006 14:04:52 +0100: >>>> >>>>> My easy-to-install ClamAV+SA package configures freshclam.conf and >>>>> spamd.conf for you, by commenting out the "Example" lines. >>>> >>>> and then sets the mirror to US ? >>> >>> No, as I don't know what country you might be in. It just gets it >>> working for you, saving new users a nasty catch which will confuse >>> them entirely. Doing things like this annoys me, as they don't >>> produce a nice error message telling the user what they need to do >>> to alleviate the problem. It's a case of "Switch this option on to >>> make anything work, default is off". I know I do it myself, but I do >>> at least generate a polite error message which tells the user they >>> need to set their company name in MailScanner.conf. >>> >>> I am considering removing it from MailScanner. >>> If the %org-name% has not been configured, then I just use the >>> domain >>> name by using Sys::Hostname::Long which is already needed by >>> SpamAssassin so most people have it installed already. I replace the >>> hostname with www to get the website address, and put the same in >>> %org-long-name% as %org-name%. >>> >>> Does that sound rather better than the current "I'm not going to >>> start" behaviour. >> >> I wouldn't really be in favour of this. >> >> A side-effect of the current behaviour is that it forces the person >> installing the system to at least open and look at the config file >> first. >> >> I don't think anyone should be installing something as important as >> mailscanner without at least understanding what the default options >> are doing. > > I think it's a good idea. Only thing I'd do differently is to use the > hostname instead of www + domain-name. That would keep it shorter (I > like concise), and the comments mention that periods sometimes hose > the > Symantic virus scanner or something to that effect. Don't use > Symantic > so didn't pay too close attention. At line 285 in /usr/sbin/MailScanner, change that chunk of code to this: # Set them all to be something sensible my $domain_name = hostname_long; $domain_name =~ s/^[^.]+\.//; my $header_domain = $domain_name; $header_domain =~ tr/./_/; # So as not to kill Symantec's broken scanner MailScanner::Config::SetPercent('org-name', $header_domain); MailScanner::Config::SetPercent('org-long-name', $domain_name); MailScanner::Config::SetPercent('web-site', 'www.' . $domain_name); -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Fri Jun 2 17:11:07 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 2 17:11:40 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: <44805E58.4060904@chime.ucl.ac.uk> References: <44805E58.4060904@chime.ucl.ac.uk> Message-ID: On 2 Jun 2006, at 16:50, Anthony Peacock wrote: > I really am trying not to sound like a grumpy old man here, but I > do feel that running an internet connected mail server is something > that should be done by a person with a basic understanding of what > is going on. This is one of the few subjects which will get me ranting. So don't get me started :-) My position is that we all have to start learning somewhere. We also have a duty to get more people running software that protects themselves and everyone else from the hazards of spam, viruses, etc. I also feel strongly that we should encourage newbies to stick with it, by producing software that is as easy as possible to get going as possible. Most newcomers to Unix/Linux/whatever are very wary as they are on new ground, and have the assumption that it is all so much harder than Windows. Try getting a company to install their very first Unix box when all they have ever used is Windows. There is good money to be made here doing system management for them as they admit that they don't know what they are doing and everything is going to break leaving their company with no electronic communication at all. Many companies who suffer a complete failure of their email system for any length of time do not recover. This stuff costs people real money, their jobs, everything. If we don't put lots of effort into making their life as easy as possible, they will never even start learning: they will stick with what they are used to. Why do you think so many people have used Microsoft's SQL Server instead of DB2 or Oracle for small company systems? It's partly because you can put the CD in the drive, click on the setup icon and end up with a working database system. The last time I used DB2 or Oracle, there were fundamental bugs in their install scripts that meant that it all just broke outside of the USA. I know which one I would go for: the one that works out of the box. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Fri Jun 2 17:11:36 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 2 17:11:51 2006 Subject: World Tour, was Re: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <4473268E.B662.0038.0@tac.esi.net> References: X <4473268E.B662.0038.0@tac.esi.net> Message-ID: I have set up a page on the wiki devoted to a possible World Tour so I can come and meet some of you and say Hi, possibly involving a couple of nights on your sofa to see the city/town/village/country you live in. Please could you add some details of where you are (Google Earth links might be an idea), when are the best times of year, and stuff like that. Your name would be really useful too! There is a "World Tour" section at the bottom of the front page of wiki.mailscanner.info. There are a few suggested sections in it but feel free to do your own thing, just don't delete anything that is real content. Thanks folks! Jules. On 23 May 2006, at 20:13, Chris Hammond wrote: > > >>>> MailScanner@ecs.soton.ac.uk 05/23/06 2:55 pm >>> > >>> Well as much as I am proud to be a Hoosier, (I actually consider >>> myself a Texan, spent 16 years there in the USAF, married, both sons >>> born there) you only have three weeks! > >> I have been to DC and NY before, so don't need to stop there for >> long, >> if at all, just to say hello. I might go to DC this summer for a few >> days anyway (Steve ---- you up for that?) > > If you do, come south a little and we can feed you plenty of > seafood and > beer. :) > >>> You should see DC, New York, and the Pacific Northwest >>> (Seattle/Alaska). A whirlwind "MailScanner World Tour" should see >>> the >>> sights first. Indiana can only offer home town hospitality, good >>> cookin', and friendly people. If you come, we would love to have >>> you. > >> That's great, thanks! I might be able to stretch it a bit, or else I >> will have to splite it into 2 trips (or is that 3 now, including S.A. >> and New Zealand?) > > Get that donation site setup. I'm sure you could get enough to > offset the > cost of the trip and maybe pay and extra couple of week of salary > to give > you more time to take things in. > >> A U.S. only tour sounds increasingly likely here. I could do >> Alaska and >> Canada in a separate trip. (My G*d, this is turning into a set of >> trips, >> we're up to 3 now!) > > If it keeps going like this, you may just want to move to the US > for 6 months, > then Canada for a few, then....... > >>> Do it on a motorcycle, you would never be the same ;^) >> Probably spread all over the road like tomato paste :- ) > > Naa, stay away from the motorcycles. We would all go insane and > kill ourselves > if we didn't have you around to help us keep our spam under > control. :) > > Chris > -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From Kevin_Miller at ci.juneau.ak.us Fri Jun 2 17:34:10 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Jun 2 17:34:18 2006 Subject: [Clamav-users] Problem with internal logger Message-ID: Julian Field wrote: >> Maybe I'm just being grumpy, but I think anybody installing something >> like MailScanner w/o looking at the docs deserves what they get! > > That's very easy for an experienced user to say :-) True. I'm *very* experienced at shooting myself in the foot! :-) ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From campbell at cnpapers.com Fri Jun 2 17:35:41 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Jun 2 17:35:59 2006 Subject: [Clamav-users] Problem with internal logger References: <44805E58.4060904@chime.ucl.ac.uk> Message-ID: <005801c68662$964e7900$0705000a@DDF5DW71> ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Friday, June 02, 2006 12:11 PM Subject: Re: [Clamav-users] Problem with internal logger > On 2 Jun 2006, at 16:50, Anthony Peacock wrote: >> I really am trying not to sound like a grumpy old man here, but I do >> feel that running an internet connected mail server is something that >> should be done by a person with a basic understanding of what is going >> on. > > This is one of the few subjects which will get me ranting. So don't get > me started :-) Sounds like that came too late. And now .... > > > My position is that we all have to start learning somewhere. We also have > a duty to get more people running software that protects themselves and > everyone else from the hazards of spam, viruses, etc. I also feel > strongly that we should encourage newbies to stick with it, by producing > software that is as easy as possible to get going as possible. Most > newcomers to Unix/Linux/whatever are very wary as they are on new ground, > and have the assumption that it is all so much harder than Windows. > > Try getting a company to install their very first Unix box when all they > have ever used is Windows. There is good money to be made here doing > system management for them as they admit that they don't know what they > are doing and everything is going to break leaving their company with no > electronic communication at all. Many companies who suffer a complete > failure of their email system for any length of time do not recover. This > stuff costs people real money, their jobs, everything. If we don't put > lots of effort into making their life as easy as possible, they will > never even start learning: they will stick with what they are used to. > > Why do you think so many people have used Microsoft's SQL Server instead > of DB2 or Oracle for small company systems? It's partly because you can > put the CD in the drive, click on the setup icon and end up with a > working database system. The last time I used DB2 or Oracle, there were > fundamental bugs in their install scripts that meant that it all just > broke outside of the USA. I know which one I would go for: the one that > works out of the box. > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > I agree, to some extent, with everything Julian said above. But my reasons are also a little selfish. I have too many tasks to perform, and sometimes cannot take time to RTFM or study the config options to learn what they really mean or do. Having something that works 'out-of-the-box' is really nice. Otherwise, it may never get installed. But at this point, after installing the OOTB app, I would be an untrained admin, so I would worry alittle about problems that might show up. But then, I have a working config file to refer to. Sometimes having very good examples makes me understand better than the FM could ever do. I am just suggesting that, just like in learning a programming language, referring to something that already works can become one of the best tutorials available. I seem to recall trying to figure out the clam conf file a while back before it was done for me, and some of the simplest options weren't simple to understand. (What is that saying about me?) Steve > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From dave.list at pixelhammer.com Fri Jun 2 17:49:46 2006 From: dave.list at pixelhammer.com (DAve) Date: Fri Jun 2 17:49:55 2006 Subject: MailScanner version In-Reply-To: References: <447F5250.1060007@pixelhammer.com> Message-ID: <44806C2A.4000106@pixelhammer.com> Julian Field wrote: > > On 1 Jun 2006, at 21:47, DAve wrote: > >> Hello all, >> >> I'm about to hit the switch on my upgrade of MailScanner plus addition >> of MailWatch and I was curious as just how bad is version 4.53.8? The >> change log doesn't look like anything Julian fixed since would be a >> problem for me. > > There was a nasty problem in the phishing net, that was the biggest > problem. I would definitely go for 4.54. > >> I know I could install the latest source, and I normally only build my >> own source but.... > > It's written in perl, there *is* only source. You and I know that, but if I get it by a truck... "portupgrade -bcDivR mailscanner" just might save the day ;^) > >> I've been trying to use the ports system on FreeBSD with my >> MailScanner machines, half as an experiment and half "what do we do if >> DAve gets hit by a truck" preparedness ;^). >> >> The most current port is 4.53.8. We run ClamAv and BitDefender, should >> we use 4.53.8 or not? I hate to wait too long, this weekend is a >> perfect time to do the push for me. > > I would not go for 4.53, personally. > I didn't think so. Well I *hate* to sound like I'm whining but here goes. Jan, any timeframe on a new FreeBSD port of MailScanner? Looking at the install I would think I could almost edit the Makefile and do a "make makesum" and get it to install 4.54.6-1. Thanks, DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From dyioulos at firstbhph.com Fri Jun 2 18:09:25 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Fri Jun 2 18:09:31 2006 Subject: The book Message-ID: <200606021309.25456.dyioulos@firstbhph.com> Hi, Julian. I think I read that you'll be updating the MailScanner book. When do you expect it to be available? Thanks. Dimitri PS - Hopefully to be one of the proud sponsors of the MailScanner World Tour. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at yeticomputers.com Fri Jun 2 18:18:04 2006 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Fri Jun 2 18:19:16 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: <448072CC.3070007@yeticomputers.com> I think it would be terribly irresponsible to automatically report programmatically detected spam, no matter what the score is. I've had some very high scoring false positives. Even a tiny chance of getting someone improperly listed in an RBL without human intervention is too much to risk for what would probably be very little gain, anyway. More harm than good to do this, I think. Rick Dave Strydom wrote: > On 6/1/06, Kai Schaetzl wrote: >> isn't that automatically done when auto-learning spam? >> >> Kai >> >> -- >> Kai Sch?tzl, Berlin, Germany >> Get your web at Conactive Internet Services: http://www.conactive.com > > Nope, that updates the bayes db on your machine, what I want is > MailScanner to take say any message which scores over 25, and use the > spamassassin spamcop plugin to report the message to www.spamcop.net, > this will list the server which sent out the mail on a RBL. > > Dave From edwardbruce at sbcglobal.net Fri Jun 2 19:08:40 2006 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Fri Jun 2 19:08:48 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: References: <44805E58.4060904@chime.ucl.ac.uk> Message-ID: <44807EA8.6010203@sbcglobal.net> Julian Field wrote: > > > Why do you think so many people have used Microsoft's SQL Server > instead of DB2 or Oracle for small company systems? It's partly > because you can put the CD in the drive, click on the setup icon and > end up with a working database system. The last time I used DB2 or > Oracle, there were fundamental bugs in their install scripts that > meant that it all just broke outside of the USA. I know which one I > would go for: the one that works out of the box. > Well I would argue that sometimes it only appears to work out of the box ;-) . At our company I've decided to require FQDN before I will accept emails. I don't mind holding the hand of the poor office manager at a doctors office to get them configured. Its all the tech companies that I have to keep helping. The one that pissed me off the most is a consulting firm we hired to help us configure Windows Sharepoint that had their Exchange server misconfigured. I'm still thinking of submitting a 2 hour consult bill to them :-) From uxbod at splatnix.net Fri Jun 2 23:11:03 2006 From: uxbod at splatnix.net (uxbod) Date: Fri Jun 2 22:14:13 2006 Subject: Kaspersky Message-ID: <9670b85b6957a77b5b92dc44d2bb2e40@localhost> Which version works with MailScanner? Is it the file server or the workstation ? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Jun 3 10:51:54 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 3 10:52:11 2006 Subject: The book In-Reply-To: <200606021309.25456.dyioulos@firstbhph.com> References: <200606021309.25456.dyioulos@firstbhph.com> Message-ID: <44815BBA.5080306@ecs.soton.ac.uk> Dimitri Yioulos wrote: > Hi, Julian. > > I think I read that you'll be updating the MailScanner book. > When do you expect it to be available? > I intend doing the update in August, I'll post on the mailing lists when I release the new version of the book. > PS - Hopefully to be one of the proud sponsors of the MailScanner > World Tour. > Wonderful! Please can you add your details (when/where/who/etc) to the wiki "World Tour" page for me? Thanks! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Sat Jun 3 10:55:52 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Jun 3 10:55:55 2006 Subject: Kaspersky In-Reply-To: <9670b85b6957a77b5b92dc44d2bb2e40@localhost> References: <9670b85b6957a77b5b92dc44d2bb2e40@localhost> Message-ID: <223f97700606030255s311f917epb10d4c9d6fcd13c6@mail.gmail.com> On 03/06/06, uxbod wrote: > Which version works with MailScanner? Is it the file server or the workstation ? > Not that I run it, but http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:kaspersky:install might be a hint:-). Also look at http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:kaspersky:mailscanner_configuration ... seems to be useful info. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From uxbod at splatnix.net Sat Jun 3 13:18:02 2006 From: uxbod at splatnix.net (uxbod) Date: Sat Jun 3 12:21:17 2006 Subject: Kaspersky In-Reply-To: <223f97700606030255s311f917epb10d4c9d6fcd13c6@mail.gmail.com> References: <223f97700606030255s311f917epb10d4c9d6fcd13c6@mail.gmail.com> Message-ID: WiKi slaps uxbod around the head with a wet fish ! Thanks Glenn. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Jun 3 20:37:43 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 3 20:37:54 2006 Subject: Wikipedia Message-ID: <4481E507.2060908@ecs.soton.ac.uk> Anyone fancy expanding on the Wikipedia article about MailScanner please? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From uxbod at splatnix.net Sat Jun 3 22:07:32 2006 From: uxbod at splatnix.net (uxbod) Date: Sat Jun 3 21:10:40 2006 Subject: Wikipedia In-Reply-To: <4481E507.2060908@ecs.soton.ac.uk> References: <4481E507.2060908@ecs.soton.ac.uk> Message-ID: <68c8efbdce8653229b805de4a7e7c9de@localhost> Maybe worth mentioning its commercial appliance especially as so many companies use it ;) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From res at ausics.net Sun Jun 4 04:01:09 2006 From: res at ausics.net (Res) Date: Sun Jun 4 04:01:18 2006 Subject: MailScanner goes byebyes Message-ID: Hey all, Anyone seen before and bene able to produce a cure for why if tehre is a large queue MailScanner stops processing mail, it runs fine use --lint no errors, run in debug nothing happens I have to continuellay HUP the damned thing for it to process, once with starts its 10 kiddies thatsa the end of it until I hup it again -- Cheers Res From lhaig at haigmail.com Sun Jun 4 09:20:41 2006 From: lhaig at haigmail.com (Lance Haig) Date: Sun Jun 4 09:20:47 2006 Subject: wiki password Message-ID: <448297D9.3010908@haigmail.com> I can't seem to login to the wiki Can someone change it for me please uname = lhaig From lhaig at haigmail.com Sun Jun 4 09:22:47 2006 From: lhaig at haigmail.com (Lance Haig) Date: Sun Jun 4 09:22:51 2006 Subject: Instructions for FreeBSD Message-ID: <44829857.90201@haigmail.com> Has anyone got some documentation on how to install MailScanner on FreeBSD. I would appreciate it as I will be using FreeBSD for the first time and would appreciate some help. I have looked on the wiki but can see or find documentation. Thanks Lance From cpedaschus at gmx.de Sun Jun 4 10:15:37 2006 From: cpedaschus at gmx.de (Christian Pedaschus) Date: Sun Jun 4 10:15:59 2006 Subject: Instructions for FreeBSD In-Reply-To: <44829857.90201@haigmail.com> References: <44829857.90201@haigmail.com> Message-ID: <4482A4B9.9010305@gmx.de> Lance Haig wrote: > Has anyone got some documentation on how to install MailScanner on > FreeBSD. > > > I would appreciate it as I will be using FreeBSD for the first time > and would appreciate some help. > > I have looked on the wiki but can see or find documentation. > > Thanks > > Lance I'm using it on OpenBSD and there's nothing special (i can remember ;) ) , just follow the default install and you're fine. My only showstopper was, that OBSD mounts /var as nosuid, but that was qmail specific. Greets, Chris From chrisgreen at hotmail.com Sun Jun 4 11:21:48 2006 From: chrisgreen at hotmail.com (Chris Green) Date: Sun Jun 4 11:21:55 2006 Subject: Body text garbled UTF-8/BASE64 combination Message-ID: Hi there, I have been experiencing a strange issue with either Mailscanner or Postfix which I am stuck with. I have built a machine as per the instructions at www.piratefish.org - essentially a Debian Sarge box with MailScanner, Postfix, SpamAssassin and ClamAV. Instructions have been followed verbatim. The vast majority of email is relayed with no issues at all, 90% of spam is canned and not a virus in sight. However, three times in the past three weeks we have received an email where the body text is completely garbled. This is probably 0.01% of incoming traffic. I have posted an example pic at http://www.is-dept.com/download/garble.jpg - it's impossible to explain! mail.err and mail.warn are both clean and neither of them indicates that the corrupted messages are any different to others that are delivered without an issue. The only pattern we have identified so far is that each affected message is encoded using UTF-8/BASE64 - but I can offer no evidence that this is unique amongst all mail being received. I am in Hong Kong, so it is possible that locales are something to do with this issue. The only thing we have done so far is to run dpkg-reconfigure locales and add in Asian language locales and corresponding UTF-8 locales for all languages that the system is configured for. However, the problem continues. If anyone can suggest things that we could do to find out what the problem is we would be grateful. Chris From lhaig at haigmail.com Sun Jun 4 13:41:03 2006 From: lhaig at haigmail.com (Lance Haig) Date: Sun Jun 4 13:41:06 2006 Subject: Instructions for FreeBSD In-Reply-To: <4482A4B9.9010305@gmx.de> References: <44829857.90201@haigmail.com> <4482A4B9.9010305@gmx.de> Message-ID: <4482D4DF.3090102@haigmail.com> Was that the tar install? Anything you need to do before installing MS? Lance Christian Pedaschus wrote: > Lance Haig wrote: > > >> Has anyone got some documentation on how to install MailScanner on >> FreeBSD. >> >> >> I would appreciate it as I will be using FreeBSD for the first time >> and would appreciate some help. >> >> I have looked on the wiki but can see or find documentation. >> >> Thanks >> >> Lance >> > > > I'm using it on OpenBSD and there's nothing special (i can remember ;) ) > , just follow the default install and you're fine. > > My only showstopper was, that OBSD mounts /var as nosuid, but that was > qmail specific. > > Greets, Chris > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060604/959ea4db/attachment.html From lhaig at haigmail.com Sun Jun 4 13:43:54 2006 From: lhaig at haigmail.com (Lance Haig) Date: Sun Jun 4 13:43:58 2006 Subject: Instructions for FreeBSD In-Reply-To: <4482A4B9.9010305@gmx.de> References: <44829857.90201@haigmail.com> <4482A4B9.9010305@gmx.de> Message-ID: <4482D58A.7030402@haigmail.com> I just found the ports instructions :-) I am blind Lance Christian Pedaschus wrote: > Lance Haig wrote: > > >> Has anyone got some documentation on how to install MailScanner on >> FreeBSD. >> >> >> I would appreciate it as I will be using FreeBSD for the first time >> and would appreciate some help. >> >> I have looked on the wiki but can see or find documentation. >> >> Thanks >> >> Lance >> > > > I'm using it on OpenBSD and there's nothing special (i can remember ;) ) > , just follow the default install and you're fine. > > My only showstopper was, that OBSD mounts /var as nosuid, but that was > qmail specific. > > Greets, Chris > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060604/5b18ddee/attachment.html From MailScanner at ecs.soton.ac.uk Sun Jun 4 14:53:15 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jun 4 14:53:33 2006 Subject: Body text garbled UTF-8/BASE64 combination In-Reply-To: References: Message-ID: <4482E5CB.7090101@ecs.soton.ac.uk> Chris Green wrote: > Hi there, > > I have been experiencing a strange issue with either Mailscanner or > Postfix which I am stuck with. I have built a machine as per the > instructions at www.piratefish.org - essentially a Debian Sarge box > with MailScanner, Postfix, SpamAssassin and ClamAV. Instructions have > been followed verbatim. The vast majority of email is relayed with no > issues at all, 90% of spam is canned Only 90%? You should be able to do a lot better than that. I usually manage 98% with no reported false positives. And I have 2000 very fussy users who would scream at me if they discovered any messages went missing. Make sure you are using at least DCC, Razor, SURBL and rules_du_jour in addition to plain SpamAssassin. I don't like their recommendations very much: using all that lot in "Spam List" is a sure way to get a very slow server. Stick with the recommended default values for this, all the others are checked much better by SpamAssassin anyway. Their whole setup is a pretty simple, slightly naive, setup. If you must use Debian then fine, but make sure you have all the extra plugins to SpamAssassin not only installed but also correctly configured. Out-of-the-box, SpamAssassin won't use DCC, Razor, SURBL and so on without being told to, and that requires edits to a fairly well-hidden configuration file. The easy-to-install ClamAV and SpamAssassin package on the MailScanner web site does this lot for you, for example. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Sun Jun 4 15:08:49 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Jun 4 15:08:53 2006 Subject: Body text garbled UTF-8/BASE64 combination In-Reply-To: References: Message-ID: <223f97700606040708l1eb4ca42lf67cace8ad99e52e@mail.gmail.com> On 04/06/06, Chris Green wrote: > Hi there, > > I have been experiencing a strange issue with either Mailscanner or Postfix > which I am stuck with. I have built a machine as per the instructions at > www.piratefish.org - essentially a Debian Sarge box with MailScanner, > Postfix, SpamAssassin and ClamAV. Instructions have been followed verbatim. > The vast majority of email is relayed with no issues at all, 90% of spam is > canned and not a virus in sight. However, three times in the past three > weeks we have received an email where the body text is completely garbled. > This is probably 0.01% of incoming traffic. > > I have posted an example pic at http://www.is-dept.com/download/garble.jpg - > it's impossible to explain! > > mail.err and mail.warn are both clean and neither of them indicates that the > corrupted messages are any different to others that are delivered without an > issue. The only pattern we have identified so far is that each affected > message is encoded using UTF-8/BASE64 - but I can offer no evidence that > this is unique amongst all mail being received. > > I am in Hong Kong, so it is possible that locales are something to do with > this issue. The only thing we have done so far is to run dpkg-reconfigure > locales and add in Asian language locales and corresponding UTF-8 locales > for all languages that the system is configured for. However, the problem > continues. If anyone can suggest things that we could do to find out what > the problem is we would be grateful. > > Chris What version of MailScanner and Postfix are that? (I didn't want to register to get at the real info:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mikej at rogers.com Sun Jun 4 17:38:02 2006 From: mikej at rogers.com (Mike Jakubik) Date: Sun Jun 4 17:37:45 2006 Subject: Instructions for FreeBSD In-Reply-To: <44829857.90201@haigmail.com> References: <44829857.90201@haigmail.com> Message-ID: <44830C6A.7070202@rogers.com> Lance Haig wrote: > Has anyone got some documentation on how to install MailScanner on > FreeBSD. > > > I would appreciate it as I will be using FreeBSD for the first time > and would appreciate some help. > > I have looked on the wiki but can see or find documentation. Just like any other application in FreeBSD, use the ports. cd /usr/ports/mail/mailscanner & make install From james at grayonline.id.au Sun Jun 4 21:43:39 2006 From: james at grayonline.id.au (James Gray) Date: Sun Jun 4 23:22:20 2006 Subject: MailScanner goes byebyes In-Reply-To: References: Message-ID: <200606050643.51121.james@grayonline.id.au> On Sun, 4 Jun 2006 01:01 pm, Res wrote: > Hey all, > Anyone seen before and bene able to produce a cure for why if tehre is a > large queue MailScanner stops processing mail, it runs fine use --lint no > errors, run in debug nothing happens > I have to continuellay HUP the damned thing for it to process, once with > starts its 10 kiddies thatsa the end of it until I hup it again Wow, 10 children - I hope you have at least 2 REAL CPU's/cores (not some wanky Intel "Hyperthread" thing that just /says/ it's got 2 CPU's/cores...but it's not really) and a *LOT* of RAM (2GB territory on a dedicated server, double that if this box is sharing with other things). Are you sure you're not hitting some resource limit? On my systems I have a restrictive default config for all accounts that don't have a login (eg, postfix, bind, etc) which bit me on the butt when MailScanner needed more file handles than I was allowing it and resulted in the sort of "hang" you describe above when the mail queues got big. Once I upped the file handles limit everything was peachy again. There were plenty of messages in the logs (/var/log/messages and /var/log/kernel.log on Linux) which gave me the necessary clue. HTH, James -- Success is getting what you want; happiness is wanting what you get. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060605/87c02535/attachment.bin From rich at mail.wvnet.edu Mon Jun 5 00:35:44 2006 From: rich at mail.wvnet.edu (Richard Lynch) Date: Mon Jun 5 00:37:05 2006 Subject: Redirecting SMTP connections Message-ID: <44836E50.4080101@mail.wvnet.edu> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060604/1b039ced/smime.bin From james at grayonline.id.au Mon Jun 5 01:10:25 2006 From: james at grayonline.id.au (James Gray) Date: Mon Jun 5 01:10:42 2006 Subject: Redirecting SMTP connections In-Reply-To: <44836E50.4080101@mail.wvnet.edu> References: <44836E50.4080101@mail.wvnet.edu> Message-ID: <200606051010.25878.james@grayonline.id.au> On Mon, 5 Jun 2006 09:35 am, Richard Lynch wrote: > This may be a little off topic but it is related to the setup of a > MailScanner gateway. > > I have a customer who needs to be able to send and receive encrypted > messages to some of their clients. This is a medical center and I'm > sure some of this is related to HIPPA regulations. They are doing this > using server to server encryption (MS Exchange). I'm uncertain what > product they are using to provide this functionality but my > understanding is that the mail will be encrypted between MS Ex servers > using STARTTLS. Currently we are filtering all of their internet mail > using MailScanner on a server with their MX DNS entry pointing to our > server. > > They have asked me to redirect certain connections based on the incoming > IP address directly to their server which will comply with this > protocol. I don't really know how to achieve this. I think it may be > possible using the redirect function in iptables. Basically, I want to > take incoming connections to our server and, based on the IP address, > redirect it to their server to handle the encrypted message exchange. > > Has anyone ever done anything like this and know how to do it? I hope > I've been clear on what I'm trying to do. Any help is much appreciated. You mention iptables so I assume this is a Linux box. You need to create a destination NAT (DNAT) rule to rewrite the destination address if the source address (and maybe source/destination ports too) match appropriate values. Then once the DNAT is created, you need to ADD a rule to the FORWARD chain that ALLOWS packets from the original source to the NEW DESTINATION (again, possibly matching other connection details). Depending on the encryption scheme they are using this may break the end-to-end security and cause the connection to barf (ipsec springs to mind) but TLS should be ok with DNAT - I've done this sort of thing before with TLS+DNAT on Linux routers. Google is your friend. Cheers, James -- We are what we pretend to be. -- Kurt Vonnegut, Jr. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060605/78a11269/attachment.bin From maillists at conactive.com Mon Jun 5 01:17:11 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Jun 5 01:17:21 2006 Subject: Redirecting SMTP connections In-Reply-To: <44836E50.4080101@mail.wvnet.edu> References: <44836E50.4080101@mail.wvnet.edu> Message-ID: Richard Lynch wrote on Sun, 04 Jun 2006 19:35:44 -0400: > They have asked me to redirect certain connections based on the incoming > IP address directly to their server which will comply with this > protocol. I don't really know how to achieve this. Me, too ;-) I don't think you can "redirect" this. There is an easy solution, though. They just need to communicate with a different hostname (domain or subdomain) that they MX to their own server. They could just call it "hippa.domain.com", which makes it quite clear to everyone they hand that address out what it is good for. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From jm153 at tmp.com.br Mon Jun 5 03:25:01 2006 From: jm153 at tmp.com.br (Durval Menezes) Date: Mon Jun 5 03:25:12 2006 Subject: Invalid 'Return-Path:' header being inserted by MailScanner? Message-ID: <20060604232501.A31944@tmp.com.br> Hello folks, I've been experimenting with MailScanner's quarantine for spam messages ('Spam Actions = store') and found that it inserts the following header as the first line of every quarantined email file: Return-Path: <<81>g> (The <81> is actually a binary 0x81 character). Tried updating from MailScanner 4.48.4 to the latest version (4.54.6), but the above problem persists; searched both Google and this mailing list's archive to no avail. Have anyone here seen anything like it? Thanks in advance. Best Regards, -- Durval Menezes (durval AT tmp DOT com DOT br, http://www.tmp.com.br/) From chrisgreen at hotmail.com Mon Jun 5 03:59:41 2006 From: chrisgreen at hotmail.com (Chris Green) Date: Mon Jun 5 03:59:46 2006 Subject: Body text garbled UTF-8/BASE64 combination In-Reply-To: <4482E5CB.7090101@ecs.soton.ac.uk> Message-ID: Julian Field wrote: >Chris Green wrote: >>Hi there, >> >>I have been experiencing a strange issue with either Mailscanner or >>Postfix which I am stuck with. I have built a machine as per the >>instructions at www.piratefish.org - essentially a Debian Sarge box with >>MailScanner, Postfix, SpamAssassin and ClamAV. Instructions have been >>followed verbatim. The vast majority of email is relayed with no issues at >>all, 90% of spam is canned >Only 90%? You should be able to do a lot better than that. I usually manage >98% with no reported false positives. And I have 2000 very fussy users who >would scream at me if they discovered any messages went missing. Make sure >you are using at least DCC, Razor, SURBL and rules_du_jour in addition to >plain SpamAssassin. > >I don't like their recommendations very much: using all that lot in "Spam >List" is a sure way to get a very slow server. Stick with the recommended >default values for this, all the others are checked much better by >SpamAssassin anyway. > >Their whole setup is a pretty simple, slightly naive, setup. If you must >use Debian then fine, but make sure you have all the extra plugins to >SpamAssassin not only installed but also correctly configured. >Out-of-the-box, SpamAssassin won't use DCC, Razor, SURBL and so on without >being told to, and that requires edits to a fairly well-hidden >configuration file. The easy-to-install ClamAV and SpamAssassin package on >the MailScanner web site does this lot for you, for example. > The 90% figure is more down to our lack of bravado when configuring this product which is still very new to us. When looking at what actually gets through to the mailboxes (ie not counting those in the quarantine area) it's much more like the 98% you cite above :-) However, the point is that the vast majority of mail gets through and three (known to be ham) mails have got screwed up. I will build another box using the packages you describe and see how we get on. It should quickly become clear whether the introduction of DCC, Razor, SURBL and rules_du_jour resolve this issue, I'll keep you posted. I appreciate your feedback very much and love the product despite this small issue. I am determined to get this working. Thanks Julian. From chrisgreen at hotmail.com Mon Jun 5 04:28:59 2006 From: chrisgreen at hotmail.com (Chris Green) Date: Mon Jun 5 04:29:13 2006 Subject: Body text garbled UTF-8/BASE64 combination In-Reply-To: <223f97700606040708l1eb4ca42lf67cace8ad99e52e@mail.gmail.com> Message-ID: Glenn Steen wrote: > >On 04/06/06, Chris Green wrote: >>Hi there, >> >>I have been experiencing a strange issue with either Mailscanner or >>Postfix >>which I am stuck with. I have built a machine as per the instructions at >>www.piratefish.org - essentially a Debian Sarge box with MailScanner, >>Postfix, SpamAssassin and ClamAV. Instructions have been followed >>verbatim. >>The vast majority of email is relayed with no issues at all, 90% of spam >>is >>canned and not a virus in sight. However, three times in the past three >>weeks we have received an email where the body text is completely garbled. >>This is probably 0.01% of incoming traffic. >> >>I have posted an example pic at http://www.is-dept.com/download/garble.jpg >>- >>it's impossible to explain! >> >>mail.err and mail.warn are both clean and neither of them indicates that >>the >>corrupted messages are any different to others that are delivered without >>an >>issue. The only pattern we have identified so far is that each affected >>message is encoded using UTF-8/BASE64 - but I can offer no evidence that >>this is unique amongst all mail being received. >> >>I am in Hong Kong, so it is possible that locales are something to do with >>this issue. The only thing we have done so far is to run dpkg-reconfigure >>locales and add in Asian language locales and corresponding UTF-8 locales >>for all languages that the system is configured for. However, the problem >>continues. If anyone can suggest things that we could do to find out what >>the problem is we would be grateful. >> >>Chris >What version of MailScanner and Postfix are that? (I didn't want to >register to get at the real info:-) > The box is currently running the Debian builds of MailScanner (v 4.41.3-2) and Postfix (v 2.1.5-9) Registration for the instructions to build a Fish must be a new 'feature'...... From Q.G.Campbell at newcastle.ac.uk Mon Jun 5 08:30:32 2006 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Mon Jun 5 08:30:39 2006 Subject: MCP-Checker (MCP timed out) - More details of the cause Message-ID: <4165CF7A7F12DE4B96622CCBB90586470730CC40@largo.campus.ncl.ac.uk> >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >Of Julian Field >Sent: 02 June 2006 16:46 >To: MailScanner discussion >Subject: Re: MCP-Checker (MCP timed out) - More details of the cause > >Should I therefore increase the default MCP timeout to 75 seconds? > Julian 1. I will first confirm that increasing the MCP-check timout fixes the problem and lets mail from the 'slow' sites get through. 2. If increasing the timeout fixes the problem then I would like to know why the MCP-checker is doing DNS lookups. Once I have permission I will forward you a short message that can apparently reproduces this problem. Will try to get back to you on these points ASAP. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ Any opinion expressed above is mine and not that of Newcastle University. From res at ausics.net Mon Jun 5 09:00:32 2006 From: res at ausics.net (Res) Date: Mon Jun 5 09:00:42 2006 Subject: MailScanner goes byebyes In-Reply-To: <200606050643.51121.james@grayonline.id.au> References: <200606050643.51121.james@grayonline.id.au> Message-ID: Hi James, On Mon, 5 Jun 2006, James Gray wrote: > Wow, 10 children - I hope you have at least 2 REAL CPU's/cores (not some wanky yes, DL380 :) > and a *LOT* of RAM (2GB territory on a dedicated server, double Yep :) > that if this box is sharing with other things). Are you sure you're not > hitting some resource limit? > This only happens on one of the several mail servers, doesnt seem to be an issue on any of the others and only some of the time. > MailScanner needed more file handles than I was allowing it and resulted in > the sort of "hang" you describe above when the mail queues got big. Once I > upped the file handles limit everything was peachy again. There were plenty > of messages in the logs (/var/log/messages and /var/log/kernel.log on Linux) > which gave me the necessary clue. Mine get none, the usual child starting blah blah, found and processed X number of messages and thats it.. So I guess its a case of the childs starts, processes its first batch then ninite we go :( -- Cheers Res From a.peacock at chime.ucl.ac.uk Mon Jun 5 09:16:20 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Mon Jun 5 09:16:29 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: References: <44805E58.4060904@chime.ucl.ac.uk> Message-ID: <4483E854.50907@chime.ucl.ac.uk> Hi Julian, Julian Field wrote: > On 2 Jun 2006, at 16:50, Anthony Peacock wrote: >> I really am trying not to sound like a grumpy old man here, but I do >> feel that running an internet connected mail server is something that >> should be done by a person with a basic understanding of what is going >> on. > > This is one of the few subjects which will get me ranting. So don't get > me started :-) Damn! I was trying to pick my words carefully so I didn't hit your rant buttons :-) Don't get me wrong, I agree with your general view point. And I think that the work you have done to make it easy for someone to install a secure mail server is to be applauded. I think my position is only slightly different from yours. Where we appear to differ is about 'exposing' the complexity. As well as agreeing with your position below I think we have a duty to educate. Yes we all had to start somewhere, and we have all made mistakes along the way, I was very lucky to work with some very bright and experienced people in the early days of my career who helped my education a lot. I think that hiding the complexity too much can be a disservice to some people as they could easily think that there is no more to understand. My initial comments at the start of this thread where purely that I thought making someone look in the config file before running the system was a good thing, as it forced them to at least understand that there was a config file there. Anyway, I don't want to look like I am opposing your view, when I think we are actually only debating a small detail. > > > My position is that we all have to start learning somewhere. We also > have a duty to get more people running software that protects themselves > and everyone else from the hazards of spam, viruses, etc. I also feel > strongly that we should encourage newbies to stick with it, by producing > software that is as easy as possible to get going as possible. Most > newcomers to Unix/Linux/whatever are very wary as they are on new > ground, and have the assumption that it is all so much harder than Windows. > > Try getting a company to install their very first Unix box when all they > have ever used is Windows. There is good money to be made here doing > system management for them as they admit that they don't know what they > are doing and everything is going to break leaving their company with no > electronic communication at all. Many companies who suffer a complete > failure of their email system for any length of time do not recover. > This stuff costs people real money, their jobs, everything. If we don't > put lots of effort into making their life as easy as possible, they will > never even start learning: they will stick with what they are used to. > > Why do you think so many people have used Microsoft's SQL Server instead > of DB2 or Oracle for small company systems? It's partly because you can > put the CD in the drive, click on the setup icon and end up with a > working database system. The last time I used DB2 or Oracle, there were > fundamental bugs in their install scripts that meant that it all just > broke outside of the USA. I know which one I would go for: the one that > works out of the box. > > > --Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The problem with defending the purity of the English language is that English is about as pure as a cribhouse whore. We don't just borrow words; on occasion, English has pursued other languages down alleyways to beat them unconscious and rifle their pockets for new vocabulary." -- James D. Nicoll From febrianto at sioenasia.com Mon Jun 5 09:53:49 2006 From: febrianto at sioenasia.com (Budi Febrianto) Date: Mon Jun 5 09:50:03 2006 Subject: How to block emails from some of yahoogroups but not all Message-ID: Dear All, Just join this group, and the two emails from mailscanner.info (confirm and welcome) tagged as spam :). Have manually added mailscanner.info as whitelist. :). Lot's of my users join the yahoogroups. It's not a problem, but... my management want me to block emails from yahoogroups that contains that are not allowed, like porn. So I like to block emails from abc of yahoogroups. I tried to simply blacklist emails from abc@yahoogroups.com, but it didn't work. Should I put it in SA as new rules? Any examples? Best Regards From glenn.steen at gmail.com Mon Jun 5 09:50:09 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 5 09:50:13 2006 Subject: Body text garbled UTF-8/BASE64 combination In-Reply-To: References: <223f97700606040708l1eb4ca42lf67cace8ad99e52e@mail.gmail.com> Message-ID: <223f97700606050150r2a18ab5bn9245f03fd78db6e7@mail.gmail.com> On 05/06/06, Chris Green wrote: > Glenn Steen wrote: > > > >On 04/06/06, Chris Green wrote: > >>Hi there, > >> > >>I have been experiencing a strange issue with either Mailscanner or > >>Postfix > >>which I am stuck with. I have built a machine as per the instructions at > >>www.piratefish.org - essentially a Debian Sarge box with MailScanner, > >>Postfix, SpamAssassin and ClamAV. Instructions have been followed > >>verbatim. > >>The vast majority of email is relayed with no issues at all, 90% of spam > >>is > >>canned and not a virus in sight. However, three times in the past three > >>weeks we have received an email where the body text is completely garbled. > >>This is probably 0.01% of incoming traffic. > >> > >>I have posted an example pic at http://www.is-dept.com/download/garble.jpg > >>- > >>it's impossible to explain! > >> > >>mail.err and mail.warn are both clean and neither of them indicates that > >>the > >>corrupted messages are any different to others that are delivered without > >>an > >>issue. The only pattern we have identified so far is that each affected > >>message is encoded using UTF-8/BASE64 - but I can offer no evidence that > >>this is unique amongst all mail being received. > >> > >>I am in Hong Kong, so it is possible that locales are something to do with > >>this issue. The only thing we have done so far is to run dpkg-reconfigure > >>locales and add in Asian language locales and corresponding UTF-8 locales > >>for all languages that the system is configured for. However, the problem > >>continues. If anyone can suggest things that we could do to find out what > >>the problem is we would be grateful. > >> > >>Chris > >What version of MailScanner and Postfix are that? (I didn't want to > >register to get at the real info:-) > > > The box is currently running the Debian builds of MailScanner (v 4.41.3-2) > and Postfix (v 2.1.5-9) The Postfix version is OK, but you really should go for the latest stable 4.54 version... And throw in Jules Clam+SA package too. My memory isn't what it used to be, but... IIRC that version is susceptible to random (but rather seldom happening) corruption of stray PF files, which Jules has fixed... The 4.5X series has not shown this behaviour (none observed.... used to have the very few corruptions while running 4.[34]X (no, I don't remember exactly when it was fixed:-)). So, to get a plan of action... Use apt-get to uninstall mailscanner, spamassassin and clamav, download the relevant packages from www.mailscanner.info, unpack them and run install.sh (look at the maq/wiki docs for more details, tips and instructions: http://wiki.mailscanner.info). Also, with that new a MailScanner, I'm not sure the webmin module for MailScanner will be much use... Just edit MailScanner.conf directly, it is very well commented. > > Registration for the instructions to build a Fish must be a new > 'feature'...... > Seems like. Judging from what you told me off-list (thanks for that!), he/they are pretty in love with apt-get (easy to fall in love with:-)... Which is OK. But for this type of system, I think you are better off using the latest and greatest, which pretty much precludes use of the somewhat dated Debian packages... I can tell you that the situation isn't much better with most any Debian based system (Ubuntu 6.06 carries version 4.46., which is, relatively speaking, pretty old:). Jules does an admirable job of keeping on top of things (both for SA+Clamav and ... well anything spam/virus-related) so ... Upgrade ASAP! -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martinh at solid-state-logic.com Mon Jun 5 10:34:02 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Jun 5 10:34:14 2006 Subject: Instructions for FreeBSD In-Reply-To: <44829857.90201@haigmail.com> Message-ID: <081f01c68883$2e50d320$3004010a@martinhlaptop> Lance Depends on whether you want to install via ports or via the generic Unix .tar.gz . I use the tar.gz but then I help out with the beta a lot and therefore can't wait for JP to update the ports. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Lance Haig > Sent: 04 June 2006 09:23 > To: MailScanner discussion > Subject: Instructions for FreeBSD > > Has anyone got some documentation on how to install MailScanner on > FreeBSD. > > > I would appreciate it as I will be using FreeBSD for the first time and > would appreciate some help. > > I have looked on the wiki but can see or find documentation. > > Thanks > > Lance > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From lhaig at haigmail.com Mon Jun 5 10:44:07 2006 From: lhaig at haigmail.com (Lance Haig) Date: Mon Jun 5 10:44:12 2006 Subject: Instructions for FreeBSD In-Reply-To: <081f01c68883$2e50d320$3004010a@martinhlaptop> References: <081f01c68883$2e50d320$3004010a@martinhlaptop> Message-ID: <4483FCE7.6000205@haigmail.com> Hi martin, I want to use the tar as I also am on the beta list Lance Martin Hepworth wrote: > Lance > > Depends on whether you want to install via ports or via the generic Unix > .tar.gz . > > I use the tar.gz but then I help out with the beta a lot and therefore can't > wait for JP to update the ports. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Lance Haig >> Sent: 04 June 2006 09:23 >> To: MailScanner discussion >> Subject: Instructions for FreeBSD >> >> Has anyone got some documentation on how to install MailScanner on >> FreeBSD. >> >> >> I would appreciate it as I will be using FreeBSD for the first time and >> would appreciate some help. >> >> I have looked on the wiki but can see or find documentation. >> >> Thanks >> >> Lance >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- *Lance Haig* Director *Work:* 07967967108 *Mobile:* 07967967108 *Email:* lhaig@haigmail.com *http://www.linkedin.com/in/lancehaig * * * *HaigMail dot Com* See who we know in common Want a signature like this? -------------- next part -------------- Skipped content of type multipart/related From martinh at solid-state-logic.com Mon Jun 5 10:49:01 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Jun 5 10:49:23 2006 Subject: Instructions for FreeBSD In-Reply-To: <4483FCE7.6000205@haigmail.com> Message-ID: <086801c68885$47be9ca0$3004010a@martinhlaptop> Lance Then download the tar.gz, unzip/untar it and run the ./install.sh script. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Lance Haig > Sent: 05 June 2006 10:44 > To: MailScanner discussion > Subject: Re: Instructions for FreeBSD > > Hi martin, > > I want to use the tar as I also am on the beta list > > Lance > > Martin Hepworth wrote: > > Lance > > Depends on whether you want to install via ports or via the generic > Unix > .tar.gz . > > I use the tar.gz but then I help out with the beta a lot and > therefore can't > wait for JP to update the ports. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Lance Haig > Sent: 04 June 2006 09:23 > To: MailScanner discussion > Subject: Instructions for FreeBSD > > Has anyone got some documentation on how to install > MailScanner on > FreeBSD. > > > I would appreciate it as I will be using FreeBSD for the first > time and > would appreciate some help. > > I have looked on the wiki but can see or find documentation. > > Thanks > > Lance > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > > > > > ******************************************************************** > ** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please > notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ******************************************************************** > ** > > > > > -- > > Lance Haig > Director > > Work: 07967967108 > Mobile: 07967967108 > Email: lhaig@haigmail.com > > http://www.linkedin.com/in/lancehaig > > HaigMail dot Com > > See who we know in common > Want a signature like this? ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From lhaig at haigmail.com Mon Jun 5 11:16:48 2006 From: lhaig at haigmail.com (Lance Haig) Date: Mon Jun 5 11:16:53 2006 Subject: Instructions for FreeBSD In-Reply-To: <086801c68885$47be9ca0$3004010a@martinhlaptop> References: <086801c68885$47be9ca0$3004010a@martinhlaptop> Message-ID: <44840490.9080600@haigmail.com> Martin, Apologies for the "dumb" question Do I need to install the other apps as I would do on a Suse box? DCC Razor etc... Spamassassin Thanks Lance Martin Hepworth wrote: > Lance > > Then download the tar.gz, unzip/untar it and run the ./install.sh script. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Lance Haig >> Sent: 05 June 2006 10:44 >> To: MailScanner discussion >> Subject: Re: Instructions for FreeBSD >> >> Hi martin, >> >> I want to use the tar as I also am on the beta list >> >> Lance >> >> Martin Hepworth wrote: >> >> Lance >> >> Depends on whether you want to install via ports or via the generic >> Unix >> .tar.gz . >> >> I use the tar.gz but then I help out with the beta a lot and >> therefore can't >> wait for JP to update the ports. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Lance Haig >> Sent: 04 June 2006 09:23 >> To: MailScanner discussion >> Subject: Instructions for FreeBSD >> >> Has anyone got some documentation on how to install >> MailScanner on >> FreeBSD. >> >> >> I would appreciate it as I will be using FreeBSD for the >> > first > >> time and >> would appreciate some help. >> >> I have looked on the wiki but can see or find documentation. >> >> Thanks >> >> Lance >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the >> website! >> >> >> >> >> ******************************************************************** >> ** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please >> notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ******************************************************************** >> ** >> >> >> >> >> -- >> >> Lance Haig >> Director >> >> Work: 07967967108 >> Mobile: 07967967108 >> Email: lhaig@haigmail.com >> >> http://www.linkedin.com/in/lancehaig >> >> HaigMail dot Com >> >> See who we know in common >> Want a signature like this? >> > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- *Lance Haig* Director *Work:* 07967967108 *Mobile:* 07967967108 *Email:* lhaig@haigmail.com *http://www.linkedin.com/in/lancehaig * * * *HaigMail dot Com* See who we know in common Want a signature like this? -------------- next part -------------- Skipped content of type multipart/related From chrisgreen at hotmail.com Mon Jun 5 11:35:49 2006 From: chrisgreen at hotmail.com (Chris Green) Date: Mon Jun 5 11:35:57 2006 Subject: Body text garbled UTF-8/BASE64 combination In-Reply-To: <223f97700606050150r2a18ab5bn9245f03fd78db6e7@mail.gmail.com> Message-ID: Glenn Steen wrote: > >On 05/06/06, Chris Green wrote: >>Glenn Steen wrote: >> > >> >On 04/06/06, Chris Green wrote: >> >>Hi there, >> >> >> >>I have been experiencing a strange issue with either Mailscanner or >> >>Postfix >> >>which I am stuck with. I have built a machine as per the instructions >>at >> >>www.piratefish.org - essentially a Debian Sarge box with MailScanner, >> >>Postfix, SpamAssassin and ClamAV. Instructions have been followed >> >>verbatim. >> >>The vast majority of email is relayed with no issues at all, 90% of >>spam >> >>is >> >>canned and not a virus in sight. However, three times in the past three >> >>weeks we have received an email where the body text is completely >>garbled. >> >>This is probably 0.01% of incoming traffic. >> >> >> >>I have posted an example pic at >>http://www.is-dept.com/download/garble.jpg >> >>- >> >>it's impossible to explain! >> >> >> >>mail.err and mail.warn are both clean and neither of them indicates >>that >> >>the >> >>corrupted messages are any different to others that are delivered >>without >> >>an >> >>issue. The only pattern we have identified so far is that each affected >> >>message is encoded using UTF-8/BASE64 - but I can offer no evidence >>that >> >>this is unique amongst all mail being received. >> >> >> >>I am in Hong Kong, so it is possible that locales are something to do >>with >> >>this issue. The only thing we have done so far is to run >>dpkg-reconfigure >> >>locales and add in Asian language locales and corresponding UTF-8 >>locales >> >>for all languages that the system is configured for. However, the >>problem >> >>continues. If anyone can suggest things that we could do to find out >>what >> >>the problem is we would be grateful. >> >> >> >>Chris >> >What version of MailScanner and Postfix are that? (I didn't want to >> >register to get at the real info:-) >> > >>The box is currently running the Debian builds of MailScanner (v 4.41.3-2) >>and Postfix (v 2.1.5-9) > >The Postfix version is OK, but you really should go for the latest >stable 4.54 version... And throw in Jules Clam+SA package too. My >memory isn't what it used to be, but... IIRC that version is >susceptible to random (but rather seldom happening) corruption of >stray PF files, which Jules has fixed... The 4.5X series has not shown >this behaviour (none observed.... used to have the very few >corruptions while running 4.[34]X (no, I don't remember exactly when >it was fixed:-)). >So, to get a plan of action... Use apt-get to uninstall mailscanner, >spamassassin and clamav, download the relevant packages from >www.mailscanner.info, unpack them and run install.sh (look at the >maq/wiki docs for more details, tips and instructions: >http://wiki.mailscanner.info). >Also, with that new a MailScanner, I'm not sure the webmin module for >MailScanner will be much use... Just edit MailScanner.conf directly, >it is very well commented. > Wise words I'm sure. Now I've got a taste of what this type of system can do I'm less concerned about my chances of configuring everything manually and ending up with a box that actually works! So I have already built another box to test it all on, and 4.54 is downloaded and ready to go. Slight glitch with the build-essential package not being on that machine but huge progress already. In for a penny, in for a pound! > >> >>Registration for the instructions to build a Fish must be a new >>'feature'...... >> >Seems like. >Judging from what you told me off-list (thanks for that!), he/they are >pretty in love with apt-get (easy to fall in love with:-)... Which is >OK. But for this type of system, I think you are better off using the >latest and greatest, which pretty much precludes use of the somewhat >dated Debian packages... I can tell you that the situation isn't much >better with most any Debian based system (Ubuntu 6.06 carries version >4.46., which is, relatively speaking, pretty >old:). > >Jules does an admirable job of keeping on top of things (both for >SA+Clamav and ... well anything spam/virus-related) so ... Upgrade >ASAP! > One of the reasons I started using Debian was because of it's reputation with stability. It follows that some packages are going to be well out of date. I totally agree with you about using the latest and greatest here though - so compiling from source is where I'm headed. Thanks for your comments and help, I'm only six months into Linux and it REALLY helps getting a leg up every now and again. I've left a beer for you in your local bar - just go up to the barman and ask for it :-) From glenn.steen at gmail.com Mon Jun 5 11:38:45 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 5 11:38:48 2006 Subject: How to block emails from some of yahoogroups but not all In-Reply-To: References: Message-ID: <223f97700606050338o6946927aw4ad1a4c56a21691f@mail.gmail.com> On 05/06/06, Budi Febrianto wrote: > > Dear All, > > Just join this group, and the two emails from mailscanner.info (confirm and > welcome) tagged as spam :). Have manually added mailscanner.info as > whitelist. :). > > Lot's of my users join the yahoogroups. It's not a problem, but... my > management want me to block emails from yahoogroups that contains that are > not allowed, like porn. > > So I like to block emails from abc of yahoogroups. > I tried to simply blacklist emails from abc@yahoogroups.com, but it didn't > work. Should I put it in SA as new rules? Any examples? > > Best Regards > Budi, look at the thread "Listserv whitelisting: Reply-to header field? " ... You get the idea:-). Hmmm, gmane seem to be down, so you'll have to rely on http://lists.mailscanner.info/pipermail/mailscanner/2006-June/thread.html ... whioch doesn't seem to thread that well... Oh well. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martinh at solid-state-logic.com Mon Jun 5 11:43:15 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Jun 5 11:43:25 2006 Subject: Instructions for FreeBSD In-Reply-To: <44840490.9080600@haigmail.com> Message-ID: <090701c6888c$d995a5e0$3004010a@martinhlaptop> Lance Yes - best way I found is to install spamassassin via CPAN (drops things into non-freebsd specific locations), DCC from source (the port seemed to be broke when I tried it). I don't run razor here so I can't guide you on this one. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Lance Haig > Sent: 05 June 2006 11:17 > To: MailScanner discussion > Subject: Re: Instructions for FreeBSD > > Martin, > > Apologies for the "dumb" question > > Do I need to install the other apps as I would do on a Suse box? > DCC Razor etc... Spamassassin > > Thanks > > Lance > > > Martin Hepworth wrote: > > Lance > > Then download the tar.gz, unzip/untar it and run the ./install.sh > script. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Lance Haig > Sent: 05 June 2006 10:44 > To: MailScanner discussion > Subject: Re: Instructions for FreeBSD > > Hi martin, > > I want to use the tar as I also am on the beta list > > Lance > > Martin Hepworth wrote: > > Lance > > Depends on whether you want to install via ports or via > the generic > Unix > .tar.gz . > > I use the tar.gz but then I help out with the beta a lot > and > therefore can't > wait for JP to update the ports. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Lance > Haig > Sent: 04 June 2006 09:23 > To: MailScanner discussion > Subject: Instructions for FreeBSD > > Has anyone got some documentation on how to > install > MailScanner on > FreeBSD. > > > I would appreciate it as I will be using FreeBSD > for the > > > first > > > time and > would appreciate some help. > > I have looked on the wiki but can see or find > documentation. > > Thanks > > Lance > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read > http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off > the > website! > > > > > > ******************************************************************** > ** > > This email and any files transmitted with it are > confidential and > intended solely for the use of the individual or entity > to whom they > are addressed. If you have received this email in error > please > notify > the system manager. > > This footnote confirms that this email message has been > swept > for the presence of computer viruses and is believed to > be clean. > > > ******************************************************************** > ** > > > > > -- > > Lance Haig > Director > > Work: 07967967108 > Mobile: 07967967108 > Email: lhaig@haigmail.com > > http://www.linkedin.com/in/lancehaig > > HaigMail dot Com > > > See who we know in common > > > Want a signature like this? > > > > > > > ******************************************************************** > ** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please > notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ******************************************************************** > ** > > > > > -- > > Lance Haig > Director > > Work: 07967967108 > Mobile: 07967967108 > Email: lhaig@haigmail.com > > http://www.linkedin.com/in/lancehaig > > HaigMail dot Com > > See who we know in common > Want a signature like this? ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Mon Jun 5 12:06:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 5 12:06:49 2006 Subject: Instructions for FreeBSD In-Reply-To: <090701c6888c$d995a5e0$3004010a@martinhlaptop> References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> Message-ID: Is my ClamAV+SA package useless on FreeBSD? If so, why, and is there anything easy I could do to fix it? It's just that it does all sorts of other tweaks and settings for you, as well as just build and install the packages. I guess I could just document all the tweaks it does on the wiki. Is that actually the best solution? On 5 Jun 2006, at 11:43, Martin Hepworth wrote: > Lance > > Yes - best way I found is to install spamassassin via CPAN (drops > things > into non-freebsd specific locations), DCC from source (the port > seemed to be > broke when I tried it). I don't run razor here so I can't guide you > on this > one. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Lance Haig >> Sent: 05 June 2006 11:17 >> To: MailScanner discussion >> Subject: Re: Instructions for FreeBSD >> >> Martin, >> >> Apologies for the "dumb" question >> >> Do I need to install the other apps as I would do on a Suse box? >> DCC Razor etc... Spamassassin >> >> Thanks >> >> Lance >> >> >> Martin Hepworth wrote: >> >> Lance >> >> Then download the tar.gz, unzip/untar it and run the ./install.sh >> script. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Lance Haig >> Sent: 05 June 2006 10:44 >> To: MailScanner discussion >> Subject: Re: Instructions for FreeBSD >> >> Hi martin, >> >> I want to use the tar as I also am on the beta list >> >> Lance >> >> Martin Hepworth wrote: >> >> Lance >> >> Depends on whether you want to install via ports or > via >> the generic >> Unix >> .tar.gz . >> >> I use the tar.gz but then I help out with the beta a > lot >> and >> therefore can't >> wait for JP to update the ports. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> >> -----Original Message----- >> From: > mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of > Lance >> Haig >> Sent: 04 June 2006 09:23 >> To: MailScanner discussion >> Subject: Instructions for FreeBSD >> >> Has anyone got some documentation on how to >> install >> MailScanner on >> FreeBSD. >> >> >> I would appreciate it as I will be using > FreeBSD >> for the >> >> >> first >> >> >> time and >> would appreciate some help. >> >> I have looked on the wiki but can see or > find >> documentation. >> >> Thanks >> >> Lance >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read >> http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the > book off >> the >> website! >> >> >> >> >> >> ******************************************************************** >> ** >> >> This email and any files transmitted with it are >> confidential and >> intended solely for the use of the individual or > entity >> to whom they >> are addressed. If you have received this email in > error >> please >> notify >> the system manager. >> >> This footnote confirms that this email message has > been >> swept >> for the presence of computer viruses and is believed > to >> be clean. >> >> >> ******************************************************************** >> ** >> >> >> >> >> -- >> >> Lance Haig >> Director >> >> Work: 07967967108 >> Mobile: 07967967108 >> Email: lhaig@haigmail.com >> >> http://www.linkedin.com/in/lancehaig >> >> HaigMail dot Com >> >> >> See who we know in common >> >> >> Want a signature like this? >> >> >> >> >> >> >> ******************************************************************** >> ** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please >> notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ******************************************************************** >> ** >> >> >> >> >> -- >> >> Lance Haig >> Director >> >> Work: 07967967108 >> Mobile: 07967967108 >> Email: lhaig@haigmail.com >> >> http://www.linkedin.com/in/lancehaig >> >> HaigMail dot Com >> >> See who we know in common >> Want a signature like this? > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From lhaig at haigmail.com Mon Jun 5 12:20:06 2006 From: lhaig at haigmail.com (Lance Haig) Date: Mon Jun 5 12:20:15 2006 Subject: Instructions for FreeBSD In-Reply-To: References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> Message-ID: <44841366.9090805@haigmail.com> Hi Julian, I will try it today. I was just concerned as I am not fluent in FreeBSD and the server I am using is a mare to get to if I "break" it. I will let you know Thanks Lance Julian Field wrote: > Is my ClamAV+SA package useless on FreeBSD? > If so, why, and is there anything easy I could do to fix it? > It's just that it does all sorts of other tweaks and settings for you, > as well as just build and install the packages. > > I guess I could just document all the tweaks it does on the wiki. Is > that actually the best solution? > > On 5 Jun 2006, at 11:43, Martin Hepworth wrote: > >> Lance >> >> Yes - best way I found is to install spamassassin via CPAN (drops things >> into non-freebsd specific locations), DCC from source (the port >> seemed to be >> broke when I tried it). I don't run razor here so I can't guide you >> on this >> one. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Lance Haig >>> Sent: 05 June 2006 11:17 >>> To: MailScanner discussion >>> Subject: Re: Instructions for FreeBSD >>> >>> Martin, >>> >>> Apologies for the "dumb" question >>> >>> Do I need to install the other apps as I would do on a Suse box? >>> DCC Razor etc... Spamassassin >>> >>> Thanks >>> >>> Lance >>> >>> >>> Martin Hepworth wrote: >>> >>> Lance >>> >>> Then download the tar.gz, unzip/untar it and run the ./install.sh >>> script. >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Lance Haig >>> Sent: 05 June 2006 10:44 >>> To: MailScanner discussion >>> Subject: Re: Instructions for FreeBSD >>> >>> Hi martin, >>> >>> I want to use the tar as I also am on the beta list >>> >>> Lance >>> >>> Martin Hepworth wrote: >>> >>> Lance >>> >>> Depends on whether you want to install via ports or >> via >>> the generic >>> Unix >>> .tar.gz . >>> >>> I use the tar.gz but then I help out with the beta a >> lot >>> and >>> therefore can't >>> wait for JP to update the ports. >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> >>> -----Original Message----- >>> From: >> mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of >> Lance >>> Haig >>> Sent: 04 June 2006 09:23 >>> To: MailScanner discussion >>> Subject: Instructions for FreeBSD >>> >>> Has anyone got some documentation on how to >>> install >>> MailScanner on >>> FreeBSD. >>> >>> >>> I would appreciate it as I will be using >> FreeBSD >>> for the >>> >>> >>> first >>> >>> >>> time and >>> would appreciate some help. >>> >>> I have looked on the wiki but can see or >> find >>> documentation. >>> >>> Thanks >>> >>> Lance >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read >>> http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the >> book off >>> the >>> website! >>> >>> >>> >>> >>> >>> ******************************************************************** >>> >>> ** >>> >>> This email and any files transmitted with it are >>> confidential and >>> intended solely for the use of the individual or >> entity >>> to whom they >>> are addressed. If you have received this email in >> error >>> please >>> notify >>> the system manager. >>> >>> This footnote confirms that this email message has >> been >>> swept >>> for the presence of computer viruses and is believed >> to >>> be clean. >>> >>> >>> ******************************************************************** >>> >>> ** >>> >>> >>> >>> >>> -- >>> >>> Lance Haig >>> Director >>> >>> Work: 07967967108 >>> Mobile: 07967967108 >>> Email: lhaig@haigmail.com >>> >>> http://www.linkedin.com/in/lancehaig >>> >>> HaigMail dot Com >>> >>> >>> See who we know in common >>> >>> >>> Want a signature like this? >>> >>> >>> >>> >>> >>> >>> ******************************************************************** >>> >>> ** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom >>> they >>> are addressed. If you have received this email in error please >>> notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ******************************************************************** >>> >>> ** >>> >>> >>> >>> >>> -- >>> >>> Lance Haig >>> Director >>> >>> Work: 07967967108 >>> Mobile: 07967967108 >>> Email: lhaig@haigmail.com >>> >>> http://www.linkedin.com/in/lancehaig >>> >>> HaigMail dot Com >>> >>> See who we know in common >>> Want a signature like this? >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > --Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > --This message has been scanned for viruses and > dangerous content by Red Armour MailScanner, and is > believed to be clean. http://www.redarmour.co.uk > > > -- *Lance Haig* Director *Work:* 07967967108 *Mobile:* 07967967108 *Email:* lhaig@haigmail.com *http://www.linkedin.com/in/lancehaig * * * *HaigMail dot Com* See who we know in common Want a signature like this? -------------- next part -------------- Skipped content of type multipart/related From glenn.steen at gmail.com Mon Jun 5 12:20:39 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 5 12:20:43 2006 Subject: Body text garbled UTF-8/BASE64 combination In-Reply-To: References: <223f97700606050150r2a18ab5bn9245f03fd78db6e7@mail.gmail.com> Message-ID: <223f97700606050420l6499c71erb89e7ee1a07a7c18@mail.gmail.com> On 05/06/06, Chris Green wrote: (snip) > One of the reasons I started using Debian was because of it's reputation > with stability. It follows that some packages are going to be well out of > date. I totally agree with you about using the latest and greatest here > though - so compiling from source is where I'm headed. Depending on which release of Debian you look at, it can be well more than mouldy versions... "Prehistoric" comes to mind:-). That said, it does have stability, true. But so do many other distros too, and without sticking to outdated releases... Oh well, "Holy wars have started over less"...:-). > Thanks for your comments and help, I'm only six months into Linux and it > REALLY helps getting a leg up every now and again. I've left a beer for you > in your local bar - just go up to the barman and ask for it :-) > We've all been "new to Linux" at one point in time or other, and most have good enough memories to remember what it was like (well, I came from Unix to linux, sort of, and have never really left Unix.... And it was rather early... was it version 0.96? Not that good memopry after all:-)... The crowd here is generally a helpfull bunch, so ... Don't hesitate to ask if you find another "stumbling block"! -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Jun 5 12:24:15 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 5 12:24:17 2006 Subject: Body text garbled UTF-8/BASE64 combination In-Reply-To: <223f97700606050420l6499c71erb89e7ee1a07a7c18@mail.gmail.com> References: <223f97700606050150r2a18ab5bn9245f03fd78db6e7@mail.gmail.com> <223f97700606050420l6499c71erb89e7ee1a07a7c18@mail.gmail.com> Message-ID: <223f97700606050424r7e46c4a0gf80f2a4398192c4@mail.gmail.com> On 05/06/06, Glenn Steen wrote: > On 05/06/06, Chris Green wrote: > (snip) > > One of the reasons I started using Debian was because of it's reputation > > with stability. It follows that some packages are going to be well out of > > date. I totally agree with you about using the latest and greatest here > > though - so compiling from source is where I'm headed. > > Depending on which release of Debian you look at, it can be well more > than mouldy versions... "Prehistoric" comes to mind:-). That said, it > does have stability, true. > But so do many other distros too, and without sticking to outdated > releases... Oh well, "Holy wars have started over less"...:-). > > > Thanks for your comments and help, I'm only six months into Linux and it > > REALLY helps getting a leg up every now and again. I've left a beer for you > > in your local bar - just go up to the barman and ask for it :-) > > > We've all been "new to Linux" at one point in time or other, and most > have good enough memories to remember what it was like (well, I came > from Unix to linux, sort of, and have never really left Unix.... And > it was rather early... was it version 0.96? Not that good memopry > after all:-)... The crowd here is generally a helpfull bunch, so ... > Don't hesitate to ask if you find another "stumbling block"! Oh, and thanks for the beer... It fit nicely with lunch:-):-) (This "replying to oneself" is a thing you need practice a bit... Since you are using Postfix, it is mandatory... Don't ask why, none will be able to give a coherent answer:-):-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martinh at solid-state-logic.com Mon Jun 5 12:27:41 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Jun 5 12:28:18 2006 Subject: Instructions for FreeBSD In-Reply-To: Message-ID: <091d01c68893$107aa140$3004010a@martinhlaptop> Jules FreeBSD doesn't do rpm..... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 05 June 2006 12:07 > To: MailScanner discussion > Subject: Re: Instructions for FreeBSD > > Is my ClamAV+SA package useless on FreeBSD? > If so, why, and is there anything easy I could do to fix it? > It's just that it does all sorts of other tweaks and settings for > you, as well as just build and install the packages. > > I guess I could just document all the tweaks it does on the wiki. Is > that actually the best solution? > > On 5 Jun 2006, at 11:43, Martin Hepworth wrote: > > > Lance > > > > Yes - best way I found is to install spamassassin via CPAN (drops > > things > > into non-freebsd specific locations), DCC from source (the port > > seemed to be > > broke when I tried it). I don't run razor here so I can't guide you > > on this > > one. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Lance Haig > >> Sent: 05 June 2006 11:17 > >> To: MailScanner discussion > >> Subject: Re: Instructions for FreeBSD > >> > >> Martin, > >> > >> Apologies for the "dumb" question > >> > >> Do I need to install the other apps as I would do on a Suse box? > >> DCC Razor etc... Spamassassin > >> > >> Thanks > >> > >> Lance > >> > >> > >> Martin Hepworth wrote: > >> > >> Lance > >> > >> Then download the tar.gz, unzip/untar it and run the ./install.sh > >> script. > >> > >> -- > >> Martin Hepworth > >> Snr Systems Administrator > >> Solid State Logic > >> Tel: +44 (0)1865 842300 > >> > >> > >> > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Lance Haig > >> Sent: 05 June 2006 10:44 > >> To: MailScanner discussion > >> Subject: Re: Instructions for FreeBSD > >> > >> Hi martin, > >> > >> I want to use the tar as I also am on the beta list > >> > >> Lance > >> > >> Martin Hepworth wrote: > >> > >> Lance > >> > >> Depends on whether you want to install via ports or > > via > >> the generic > >> Unix > >> .tar.gz . > >> > >> I use the tar.gz but then I help out with the beta a > > lot > >> and > >> therefore can't > >> wait for JP to update the ports. > >> > >> -- > >> Martin Hepworth > >> Snr Systems Administrator > >> Solid State Logic > >> Tel: +44 (0)1865 842300 > >> > >> > >> > >> -----Original Message----- > >> From: > > mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of > > Lance > >> Haig > >> Sent: 04 June 2006 09:23 > >> To: MailScanner discussion > >> Subject: Instructions for FreeBSD > >> > >> Has anyone got some documentation on how to > >> install > >> MailScanner on > >> FreeBSD. > >> > >> > >> I would appreciate it as I will be using > > FreeBSD > >> for the > >> > >> > >> first > >> > >> > >> time and > >> would appreciate some help. > >> > >> I have looked on the wiki but can see or > > find > >> documentation. > >> > >> Thanks > >> > >> Lance > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read > >> http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the > > book off > >> the > >> website! > >> > >> > >> > >> > >> > >> ******************************************************************** > >> ** > >> > >> This email and any files transmitted with it are > >> confidential and > >> intended solely for the use of the individual or > > entity > >> to whom they > >> are addressed. If you have received this email in > > error > >> please > >> notify > >> the system manager. > >> > >> This footnote confirms that this email message has > > been > >> swept > >> for the presence of computer viruses and is believed > > to > >> be clean. > >> > >> > >> ******************************************************************** > >> ** > >> > >> > >> > >> > >> -- > >> > >> Lance Haig > >> Director > >> > >> Work: 07967967108 > >> Mobile: 07967967108 > >> Email: lhaig@haigmail.com > >> > >> http://www.linkedin.com/in/lancehaig > >> > >> HaigMail dot Com > >> > >> > >> See who we know in common > >> > >> > >> Want a signature like this? > >> > >> > >> > >> > >> > >> > >> ******************************************************************** > >> ** > >> > >> This email and any files transmitted with it are confidential and > >> intended solely for the use of the individual or entity to whom they > >> are addressed. If you have received this email in error please > >> notify > >> the system manager. > >> > >> This footnote confirms that this email message has been swept > >> for the presence of computer viruses and is believed to be clean. > >> > >> ******************************************************************** > >> ** > >> > >> > >> > >> > >> -- > >> > >> Lance Haig > >> Director > >> > >> Work: 07967967108 > >> Mobile: 07967967108 > >> Email: lhaig@haigmail.com > >> > >> http://www.linkedin.com/in/lancehaig > >> > >> HaigMail dot Com > >> > >> See who we know in common > >> Want a signature like this? > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From dave.list at pixelhammer.com Mon Jun 5 12:33:30 2006 From: dave.list at pixelhammer.com (DAve) Date: Mon Jun 5 12:33:56 2006 Subject: Instructions for FreeBSD In-Reply-To: References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> Message-ID: <4484168A.6000709@pixelhammer.com> Julian Field wrote: > Is my ClamAV+SA package useless on FreeBSD? Not at all. > If so, why, and is there anything easy I could do to fix it? > It's just that it does all sorts of other tweaks and settings for you, > as well as just build and install the packages. The issue it not whether your package works but whether your package installs in the same manner as other FreeBSD software. I use non FreeBSD installs all the time, you will find most FreeBSD admins have no problem with non FreeBSD installs. > > I guess I could just document all the tweaks it does on the wiki. Is > that actually the best solution? You could simply make your installer script FreeBSD aware and everything would be fine. Jan would be the man to talk to, as he maintains the FreeBSD port he already knows what needs to be where for a FreeBSD system. For the record, I only use the port because I wanted to try and maintain a FreeBSD box via the portupgrade system (somewhat like YUM or apget). Otherwise I would have no problem using your installer. Also for the record, I'm not impressed and will be converting back to installing via tarball after the next OS upgrade. The ports system isn't really any better than RPMs, YUM, apget, etc. This weekend I upgraded MailScanner and SpamAssassin on two servers and ended up deep inside of dependancy hell. A tarball install would have been faster. Note, upgrading from 4.38 to 4.54.6 showed a marked speed improvement. My processing speed jumped up in MailScanner-mrtg on the minute I restarted MailScanner, literaly, it is 10x faster. Thanks! DAve > > On 5 Jun 2006, at 11:43, Martin Hepworth wrote: > >> Lance >> >> Yes - best way I found is to install spamassassin via CPAN (drops things >> into non-freebsd specific locations), DCC from source (the port seemed >> to be >> broke when I tried it). I don't run razor here so I can't guide you on >> this >> one. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Lance Haig >>> Sent: 05 June 2006 11:17 >>> To: MailScanner discussion >>> Subject: Re: Instructions for FreeBSD >>> >>> Martin, >>> >>> Apologies for the "dumb" question >>> >>> Do I need to install the other apps as I would do on a Suse box? >>> DCC Razor etc... Spamassassin >>> >>> Thanks >>> >>> Lance >>> >>> >>> Martin Hepworth wrote: >>> >>> Lance >>> >>> Then download the tar.gz, unzip/untar it and run the ./install.sh >>> script. >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Lance Haig >>> Sent: 05 June 2006 10:44 >>> To: MailScanner discussion >>> Subject: Re: Instructions for FreeBSD >>> >>> Hi martin, >>> >>> I want to use the tar as I also am on the beta list >>> >>> Lance >>> >>> Martin Hepworth wrote: >>> >>> Lance >>> >>> Depends on whether you want to install via ports or >> via >>> the generic >>> Unix >>> .tar.gz . >>> >>> I use the tar.gz but then I help out with the beta a >> lot >>> and >>> therefore can't >>> wait for JP to update the ports. >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> >>> -----Original Message----- >>> From: >> mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of >> Lance >>> Haig >>> Sent: 04 June 2006 09:23 >>> To: MailScanner discussion >>> Subject: Instructions for FreeBSD >>> >>> Has anyone got some documentation on how to >>> install >>> MailScanner on >>> FreeBSD. >>> >>> >>> I would appreciate it as I will be using >> FreeBSD >>> for the >>> >>> >>> first >>> >>> >>> time and >>> would appreciate some help. >>> >>> I have looked on the wiki but can see or >> find >>> documentation. >>> >>> Thanks >>> >>> Lance >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read >>> http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the >> book off >>> the >>> website! >>> >>> >>> >>> >>> >>> ******************************************************************** >>> ** >>> >>> This email and any files transmitted with it are >>> confidential and >>> intended solely for the use of the individual or >> entity >>> to whom they >>> are addressed. If you have received this email in >> error >>> please >>> notify >>> the system manager. >>> >>> This footnote confirms that this email message has >> been >>> swept >>> for the presence of computer viruses and is believed >> to >>> be clean. >>> >>> >>> ******************************************************************** >>> ** >>> >>> >>> >>> >>> -- >>> >>> Lance Haig >>> Director >>> >>> Work: 07967967108 >>> Mobile: 07967967108 >>> Email: lhaig@haigmail.com >>> >>> http://www.linkedin.com/in/lancehaig >>> >>> HaigMail dot Com >>> >>> >>> See who we know in common >>> >>> >>> Want a signature like this? >>> >>> >>> >>> >>> >>> >>> ******************************************************************** >>> ** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please >>> notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ******************************************************************** >>> ** >>> >>> >>> >>> >>> -- >>> >>> Lance Haig >>> Director >>> >>> Work: 07967967108 >>> Mobile: 07967967108 >>> Email: lhaig@haigmail.com >>> >>> http://www.linkedin.com/in/lancehaig >>> >>> HaigMail dot Com >>> >>> See who we know in common >>> Want a signature like this? >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > --Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From grover1711 at gmail.com Mon Jun 5 12:41:10 2006 From: grover1711 at gmail.com (ankush grover) Date: Mon Jun 5 12:41:12 2006 Subject: PerMsgStatus.pm patch failed with SpamAssassin 3.001001 on FC3 with MailScanner 4.44 Message-ID: <5f638b360606050441r413833d1u313be9a584afab42@mail.gmail.com> hey friends, I am running MailScanner 4.44.4 on FC3 with postfix 2.1.5. I am trying to configure MCP checks . I am following the settings from the below url: http://www.mailscanner.info/install/mcp/ find /usr/lib -name SpamAssassin -print returns 3 directories /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Mail/SpamAssassin /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin 1 & 3 directory both contains below files Conf.pm, Message.pm and PerMsgStatus.pm. SpamAssassin Version is 3.001001 When I tried to patch the 1st directory patch < PerMsgStatus.pm.patch.3.0.0 patching file PerMsgStatus.pm Hunk #1 FAILED at 157. 1 out of 1 hunk FAILED -- saving rejects to file PerMsgStatus.pm.rej other 2 patches worked without any problem. Which directory should I patch 1 or 3 and why the patch for PerMsgStatus is failing ? Please let me know if you need any further inputs. Thanks & Regards Ankush Grover From glenn.steen at gmail.com Mon Jun 5 14:04:34 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 5 14:04:40 2006 Subject: PerMsgStatus.pm patch failed with SpamAssassin 3.001001 on FC3 with MailScanner 4.44 In-Reply-To: <5f638b360606050441r413833d1u313be9a584afab42@mail.gmail.com> References: <5f638b360606050441r413833d1u313be9a584afab42@mail.gmail.com> Message-ID: <223f97700606050604s3baa2d09s58ae9bb5d8b5a2ba@mail.gmail.com> On 05/06/06, ankush grover wrote: (snip)> > SpamAssassin Version is 3.001001 > > When I tried to patch the 1st directory > patch < PerMsgStatus.pm.patch.3.0.0 > patching file PerMsgStatus.pm > Hunk #1 FAILED at 157. > 1 out of 1 hunk FAILED -- saving rejects to file PerMsgStatus.pm.rej > > other 2 patches worked without any problem. If I read this right (which I'm pretty certain I do:-), you are using the wrong set of patches. You should use the ones for 3.1.1, not the ones for 3.0.0 ... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Mon Jun 5 15:11:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 5 15:12:10 2006 Subject: Instructions for FreeBSD In-Reply-To: <4484168A.6000709@pixelhammer.com> References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> <4484168A.6000709@pixelhammer.com> Message-ID: On 5 Jun 2006, at 12:33, DAve wrote: > Julian Field wrote: >> Is my ClamAV+SA package useless on FreeBSD? > > Not at all. > >> If so, why, and is there anything easy I could do to fix it? >> It's just that it does all sorts of other tweaks and settings for >> you, as well as just build and install the packages. > > The issue it not whether your package works but whether your > package installs in the same manner as other FreeBSD software. I > use non FreeBSD installs all the time, you will find most FreeBSD > admins have no problem with non FreeBSD installs. > >> I guess I could just document all the tweaks it does on the wiki. >> Is that actually the best solution? > > You could simply make your installer script FreeBSD aware and > everything would be fine. Jan would be the man to talk to, as he > maintains the FreeBSD port he already knows what needs to be where > for a FreeBSD system. Okay, I will contact Jan-Peter, and find out what should be where. > Note, upgrading from 4.38 to 4.54.6 showed a marked speed > improvement. My processing speed jumped up in MailScanner-mrtg on > the minute I restarted MailScanner, literaly, it is 10x faster. > Thanks! The speed improvements all came together at version 4.50. I should have done a version number jump then and gone to version 5.00, but at the time I didn't think it was right. The speedup was pretty big! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From danc at bluestarshows.com Mon Jun 5 15:24:26 2006 From: danc at bluestarshows.com (Dan Carl) Date: Mon Jun 5 15:27:02 2006 Subject: post-install spamassassin debug yields nothing Message-ID: <032d01c688ab$c0321290$0200000a@danc3> First of all I've been a happy Mailscanner user for several years now thanks for the great software. I started getting more spam so I decided to upgrade to: MailScanner Version Number = 4.54.6 SpamAssassin version 3.1.2 The upgrade seemed to go fine but now when I issue the command: spamassassin -D -lint -p /etc/MailScanner/spam.assassin.prefs.conf Nothing happens, I have to ctrl C to get back to a prompt. If I issue the command: spamassassin -D it gets a far as here [32085] dbg: dns: Net::DNS version: 0.57 and stops If I run analyze_SpamAssassin_cache --------- TOTALS --------- Total records: 286 First seen (oldest): 77768 sec First seen (newest): 6 sec Last seen (oldest): 14958 sec Last seen (newest): 6 sec Cache Hit Rate 10% Been through logs, google, wiki Can anyone help? System Info: P3-550, 640MB RAM, Fedora Core 3, 3000messages/day Razor, Pyzor, DCC From campbell at cnpapers.com Mon Jun 5 15:49:49 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Jun 5 15:50:04 2006 Subject: bdc and clamscan always high on top Message-ID: <000f01c688af$4bfd3ea0$0705000a@DDF5DW71> I'm not sure if this is normal, but bdc and clamscan always seems to be on the top of top's list now. They usually state something around 20% CPU for each of the most active processes for both. My load average is around 5-6, and swapping is minimal, although memory usage is almost 100%. I know more RAM would help, but .... My main concern is using Mailwatch, where it really takes time to load all but the "Recent messages" page. I thought this might be MySQL related, but this doesn't show as a problem anywhere. The machine does keep up. I get around 40K messages per day. Would lowering or raising the Max Children benefit this condition, in anyone's opinion? I can see advantages in both lowering and raising it from 5. This is a hyperthreaded machine, showing two CPUs on top. Due to the recent discussion about Clam config files, I thought I might ask - is there something to speed up the Clam and Bitdefender stuff other than the Clam module? Does it sound like the number of messages being scanned is too high per process? This is not the latest Clam, but the prior release, and the free Bitdefender for Linux. Steve Campbell campbell@cnpapers.com Charleston Newspapers From MailScanner at ecs.soton.ac.uk Mon Jun 5 15:54:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 5 15:55:14 2006 Subject: Installing ClamAV & SpamAssassin by hand Message-ID: Folks, On 5 Jun 2006, at 12:33, DAve wrote: > Julian Field wrote: >> Is my ClamAV+SA package useless on FreeBSD? >> I guess I could just document all the tweaks it does on the wiki. >> Is that actually the best solution? I have just written out the process on the Wiki. The page is at http://wiki.mailscanner.info/doku.php?id=documentation:clamav_sa It shows all the gory details, including all the steps you would have to take if you insist (or for a good reason) on doing it by hand rather than using my package. There's quite a lot of it, and it took a few revisions to get right :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From gborders at jlewiscooper.com Mon Jun 5 16:40:37 2006 From: gborders at jlewiscooper.com (Greg Borders) Date: Mon Jun 5 16:41:02 2006 Subject: post-install spamassassin debug yields nothing In-Reply-To: <032d01c688ab$c0321290$0200000a@danc3> References: <032d01c688ab$c0321290$0200000a@danc3> Message-ID: <44845075.7010608@jlewiscooper.com> Dan Carl wrote: > First of all I've been a happy Mailscanner user for several years now thanks > for the great software. > I started getting more spam so I decided to upgrade to: > MailScanner Version Number = 4.54.6 > SpamAssassin version 3.1.2 > > The upgrade seemed to go fine but now when I issue the command: > spamassassin -D -lint -p /etc/MailScanner/spam.assassin.prefs.conf > Nothing happens, I have to ctrl C to get back to a prompt. > It takes a --lint to do the diagnosis. Without the double dash, SA thinks it's -l, which isn't a proper command, and leave you hung inside SA. Try again with double dash. And IIRC, you don't need the -p switch anymore, the symlink instlled by latest versions will find the proper conf file. spamassassin -D --lint Good luck! Greg Borders Sys. Admin. JLC Co. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Mon Jun 5 16:41:22 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Jun 5 16:41:33 2006 Subject: post-install spamassassin debug yields nothing In-Reply-To: <032d01c688ab$c0321290$0200000a@danc3> References: <032d01c688ab$c0321290$0200000a@danc3> Message-ID: <448450A2.2090601@evi-inc.com> Dan Carl wrote: > First of all I've been a happy Mailscanner user for several years now thanks > for the great software. > I started getting more spam so I decided to upgrade to: > MailScanner Version Number = 4.54.6 > SpamAssassin version 3.1.2 > > The upgrade seemed to go fine but now when I issue the command: > spamassassin -D -lint -p /etc/MailScanner/spam.assassin.prefs.conf You need two -'s in front of lint. Try: spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf > Nothing happens, I have to ctrl C to get back to a prompt. Yes, because SA didn't recognize your lint parameter, so it's waiting for mail input. From martinh at solid-state-logic.com Mon Jun 5 16:46:29 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Jun 5 16:46:38 2006 Subject: Installing ClamAV & SpamAssassin by hand In-Reply-To: Message-ID: <093a01c688b7$36509040$3004010a@martinhlaptop> Jules Talks about ClamAV, but not much about spamassassin (apart from the perl modules). For Spamassassin I always use CPAN which installs all the prerequites as well.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 05 June 2006 15:55 > To: MailScanner mailing list > Subject: Installing ClamAV & SpamAssassin by hand > > Folks, > > On 5 Jun 2006, at 12:33, DAve wrote: > > Julian Field wrote: > >> Is my ClamAV+SA package useless on FreeBSD? > >> I guess I could just document all the tweaks it does on the wiki. > >> Is that actually the best solution? > > I have just written out the process on the Wiki. The page is at > > http://wiki.mailscanner.info/doku.php?id=documentation:clamav_sa > > It shows all the gory details, including all the steps you would have > to take if you insist (or for a good reason) on doing it by hand > rather than using my package. > > There's quite a lot of it, and it took a few revisions to get right :-) > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Mon Jun 5 16:48:10 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Jun 5 16:48:24 2006 Subject: bdc and clamscan always high on top In-Reply-To: <000f01c688af$4bfd3ea0$0705000a@DDF5DW71> Message-ID: <093b01c688b7$727a53d0$3004010a@martinhlaptop> Steve How many of these 40k emails are for valid users???? I presume you're cleaning the Mailwatch DB out on a daily basis to remove old data??? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Steve Campbell > Sent: 05 June 2006 15:50 > To: MailScanner mailing list > Subject: bdc and clamscan always high on top > > I'm not sure if this is normal, but bdc and clamscan always seems to be on > the top of top's list now. They usually state something around 20% CPU for > each of the most active processes for both. My load average is around 5-6, > and swapping is minimal, although memory usage is almost 100%. I know more > RAM would help, but .... > > My main concern is using Mailwatch, where it really takes time to load all > but the "Recent messages" page. I thought this might be MySQL related, but > this doesn't show as a problem anywhere. The machine does keep up. I get > around 40K messages per day. > > Would lowering or raising the Max Children benefit this condition, in > anyone's opinion? I can see advantages in both lowering and raising it > from > 5. This is a hyperthreaded machine, showing two CPUs on top. > > Due to the recent discussion about Clam config files, I thought I might > ask - is there something to speed up the Clam and Bitdefender stuff other > than the Clam module? Does it sound like the number of messages being > scanned is too high per process? > > This is not the latest Clam, but the prior release, and the free > Bitdefender > for Linux. > > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From maillists at conactive.com Mon Jun 5 16:52:44 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Jun 5 16:52:44 2006 Subject: [Clamav-users] Problem with internal logger In-Reply-To: <65C0B9C2-50A0-47C4-830D-2F43B1D3CB1D@ecs.soton.ac.uk> References: <65C0B9C2-50A0-47C4-830D-2F43B1D3CB1D@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Thu, 1 Jun 2006 17:01:53 +0100: > No, as I don't know what country you might be in. It just gets it > working for you, saving new users a nasty catch which will confuse > them entirely. Doing things like this annoys me, as they don't > produce a nice error message telling the user what they need to do to > alleviate the problem. I think it'd be good to alert the user to edit freshclam.conf and add a local database mirror from the list at http://www.clamav.net/mirrors.html Otherwise you make all of them query the fallback round-robin mirror which puts unnecessary extra load on it. You still can be sure that many new users won't do that unless you force them to do it. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon Jun 5 16:52:44 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Jun 5 16:52:45 2006 Subject: Another call for improvements In-Reply-To: <448072CC.3070007@yeticomputers.com> References: <447CB0F3.5070401@ecs.soton.ac.uk> <448072CC.3070007@yeticomputers.com> Message-ID: Rick Chadderdon wrote on Fri, 02 Jun 2006 13:18:04 -0400: > I think it would be terribly irresponsible to automatically report > programmatically detected spam, no matter what the score is. I agree. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon Jun 5 16:52:44 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Jun 5 16:52:48 2006 Subject: post-install spamassassin debug yields nothing In-Reply-To: <032d01c688ab$c0321290$0200000a@danc3> References: <032d01c688ab$c0321290$0200000a@danc3> Message-ID: Dan Carl wrote on Mon, 5 Jun 2006 09:24:26 -0500: > The upgrade seemed to go fine but now when I issue the command: > spamassassin -D -lint -p /etc/MailScanner/spam.assassin.prefs.conf Newer MailScanner puts a symlink to the prefs file in /etc/mail/spamassassin, so you should be fine with doing spamassassin -D --lint > Nothing happens, I have to ctrl C to get back to a prompt. > If I issue the command: > spamassassin -D This won't do anything unless you pipe or read a message to it. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mikej at rogers.com Mon Jun 5 17:01:11 2006 From: mikej at rogers.com (Mike Jakubik) Date: Mon Jun 5 17:01:07 2006 Subject: Instructions for FreeBSD In-Reply-To: <44841366.9090805@haigmail.com> References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> <44841366.9090805@haigmail.com> Message-ID: <44845547.1050400@rogers.com> Lance Haig wrote: > Hi Julian, > > I will try it today. > > I was just concerned as I am not fluent in FreeBSD and the server I am > using is a mare to get to if I "break" it. > > I will let you know In which case your are much much better off sticking to the ports, instead of manually installing stuff. From mikej at rogers.com Mon Jun 5 17:07:12 2006 From: mikej at rogers.com (Mike Jakubik) Date: Mon Jun 5 17:07:05 2006 Subject: Instructions for FreeBSD In-Reply-To: References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> Message-ID: <448456B0.1070600@rogers.com> Julian Field wrote: > Is my ClamAV+SA package useless on FreeBSD? > If so, why, and is there anything easy I could do to fix it? Not sure about that, but its much easier and properly organized (obedience of hier) to use the ports on FreeBSD. Jan-Peter is doing a good job at maintaining the port. When you install the MS port, an option menu lets you select things like ClamAV, Razor, and SA as a dependency. It is then very easy to keep things up to date with the portupgrade script. > It's just that it does all sorts of other tweaks and settings for you, > as well as just build and install the packages. > > I guess I could just document all the tweaks it does on the wiki. Is > that actually the best solution? That sounds like a good idea. From danc at bluestarshows.com Mon Jun 5 17:06:43 2006 From: danc at bluestarshows.com (Dan Carl) Date: Mon Jun 5 17:09:12 2006 Subject: SOLVED post-install spamassassin debug yields nothing References: <032d01c688ab$c0321290$0200000a@danc3> <44845075.7010608@jlewiscooper.com> Message-ID: <035801c688ba$0a21f510$0200000a@danc3> Thanks for the help. In the post install wiki it shows only one dash. ----- Original Message ----- From: "Greg Borders" To: "MailScanner discussion" Sent: Monday, June 05, 2006 10:40 AM Subject: Re: post-install spamassassin debug yields nothing > > > Dan Carl wrote: > > First of all I've been a happy Mailscanner user for several years now thanks > > for the great software. > > I started getting more spam so I decided to upgrade to: > > MailScanner Version Number = 4.54.6 > > SpamAssassin version 3.1.2 > > > > The upgrade seemed to go fine but now when I issue the command: > > spamassassin -D -lint -p /etc/MailScanner/spam.assassin.prefs.conf > > Nothing happens, I have to ctrl C to get back to a prompt. > > > > It takes a --lint to do the diagnosis. Without the double dash, SA > thinks it's -l, which isn't a proper command, and leave you hung inside > SA. Try again with double dash. And IIRC, you don't need the -p switch > anymore, the symlink instlled by latest versions will find the proper > conf file. > > spamassassin -D --lint > > Good luck! > Greg Borders > Sys. Admin. > JLC Co. > > > > > > > -- > This transmission may contain information that is privileged, confidential > and/or exempt from disclosure under applicable law. If you are not the > intended recipient, you are hereby notified that any disclosure, copying, > distribution, or use of the information contained herein (including any > reliance thereon) is STRICTLY PROHIBITED. If you received this transmission > in error, please immediately contact the sender and destroy the material in > its entirety, whether in electronic or hard copy format. Thank you. > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mikej at rogers.com Mon Jun 5 17:10:39 2006 From: mikej at rogers.com (Mike Jakubik) Date: Mon Jun 5 17:10:32 2006 Subject: Instructions for FreeBSD In-Reply-To: <4484168A.6000709@pixelhammer.com> References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> <4484168A.6000709@pixelhammer.com> Message-ID: <4484577F.6040404@rogers.com> DAve wrote: > Julian Field wrote: > >> If so, why, and is there anything easy I could do to fix it? >> It's just that it does all sorts of other tweaks and settings for >> you, as well as just build and install the packages. > > The issue it not whether your package works but whether your package > installs in the same manner as other FreeBSD software. I use non > FreeBSD installs all the time, you will find most FreeBSD admins have > no problem with non FreeBSD installs. Having used FreeBSD since 2.x days, i would have to disagree with you. I dislike installing anything from source, as it usually creates a mess, and is harder to do maintenance on, things such as portaudit do not work, etc, etc... From mikej at rogers.com Mon Jun 5 17:11:42 2006 From: mikej at rogers.com (Mike Jakubik) Date: Mon Jun 5 17:11:38 2006 Subject: Instructions for FreeBSD In-Reply-To: <091d01c68893$107aa140$3004010a@martinhlaptop> References: <091d01c68893$107aa140$3004010a@martinhlaptop> Message-ID: <448457BE.4030706@rogers.com> Martin Hepworth wrote: > Jules > > FreeBSD doesn't do rpm..... > Not natively, but there is an rpm port. Still, better off not using it. From mikej at rogers.com Mon Jun 5 17:13:13 2006 From: mikej at rogers.com (Mike Jakubik) Date: Mon Jun 5 17:13:08 2006 Subject: Instructions for FreeBSD In-Reply-To: References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> <4484168A.6000709@pixelhammer.com> Message-ID: <44845819.9080903@rogers.com> Julian Field wrote: > > Okay, I will contact Jan-Peter, and find out what should be where. I believe the best way would be to submit patches to the port with the required changes, is that a possibility? From mikej at rogers.com Mon Jun 5 17:24:12 2006 From: mikej at rogers.com (Mike Jakubik) Date: Mon Jun 5 17:24:06 2006 Subject: Instructions for FreeBSD In-Reply-To: References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> <4484168A.6000709@pixelhammer.com> Message-ID: <44845AAC.9050506@rogers.com> Julian Field wrote: > > On 5 Jun 2006, at 12:33, DAve wrote: >> You could simply make your installer script FreeBSD aware and >> everything would be fine. Jan would be the man to talk to, as he >> maintains the FreeBSD port he already knows what needs to be where >> for a FreeBSD system. > > Okay, I will contact Jan-Peter, and find out what should be where. Also forgot to mention, if you put the files according to hier ( http://www.freebsd.org/cgi/man.cgi?query=hier ), you may cause a problem by conflicting with the port based counterparts. Therefore you should put the files in their own dirs. But again, i think the best solution is to patch the port accordingly. From prandal at herefordshire.gov.uk Mon Jun 5 17:36:01 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Jun 5 17:36:15 2006 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available! Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580D2114CD@isabella.herefordshire.gov.uk> FYI The files aren't on all mirrors yet, but can definitely be found at http://www.eu.apache.org/dist/spamassassin/ Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK -----Original Message----- From: Theo Van Dinter [mailto:felicity@apache.org] Sent: 05 June 2006 17:13 To: Spamassassin Users List; Spamassassin Devel List; Spamassassin Announcements List Subject: ANNOUNCE: Apache SpamAssassin 3.1.3 available! Apache SpamAssassin 3.1.3 is now available! This is a maintainance release of the 3.1.x branch. Downloads are available from: http://spamassassin.apache.org/downloads.cgi?update=200606050750 The release file will also be available via CPAN in the near future. md5sum of archive files: 5f049f0b9fc63585a85593a3c68409bb Mail-SpamAssassin-3.1.3.tar.bz2 32ad78f3cdaddb02cdf0f55572604d07 Mail-SpamAssassin-3.1.3.tar.gz 6cb6fc27c4466091b2bc4e04af8c39bf Mail-SpamAssassin-3.1.3.zip sha1sum of archive files: e1f4489ec8805985e0ca79765bde586bf0286725 Mail-SpamAssassin-3.1.3.tar.bz2 ed9e18fae6db86d0b77ce48d8262194e06df9ef8 Mail-SpamAssassin-3.1.3.tar.gz 090dfd3eaa0481789fbf94f67bcf9c2dd6387959 Mail-SpamAssassin-3.1.3.zip The release files also have a .asc accompanying them. The file serves as an external GPG signature for the given release file. The signing key is available via the wwwkeys.pgp.net key server, as well as http://spamassassin.apache.org/released/GPG-SIGNING-KEY The key information is: pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B 3.1.3 fixes a remote code execution vulnerability if spamd is run with the "--vpopmail" and "-P" options. If either/both of those options are not used, there is no vulnerability. There was also a fix for the userstate directory and prefs file not being created. Changelog: - bug 4926: given a certain set of parameters to spamd and a specially formatted input message, users could cause spamd to execute arbitrary commands as the spamd user - bug 4932: the userstate dir and userprefs file would not be created under certain conditions. From campbell at cnpapers.com Mon Jun 5 17:39:03 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Jun 5 17:39:28 2006 Subject: bdc and clamscan always high on top References: <093b01c688b7$727a53d0$3004010a@martinhlaptop> Message-ID: <001001c688be$8e51d810$0705000a@DDF5DW71> ----- Original Message ----- From: "Martin Hepworth" To: "'MailScanner discussion'" Sent: Monday, June 05, 2006 11:48 AM Subject: RE: bdc and clamscan always high on top > Steve > > How many of these 40k emails are for valid users???? Not very many. Sendmail kicks most of them out. I guess a milter (ahead, or something) would work here. But the problem is not really how many, but is the bdc/clamscan high CPU normal? > > I presume you're cleaning the Mailwatch DB out on a daily basis to remove > old data??? Yes, there are about 392K rows in the DB. I keep nine days work. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 Thanks for the interest and questions. Steve > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Steve Campbell >> Sent: 05 June 2006 15:50 >> To: MailScanner mailing list >> Subject: bdc and clamscan always high on top >> >> I'm not sure if this is normal, but bdc and clamscan always seems to be >> on >> the top of top's list now. They usually state something around 20% CPU >> for >> each of the most active processes for both. My load average is around >> 5-6, >> and swapping is minimal, although memory usage is almost 100%. I know >> more >> RAM would help, but .... >> >> My main concern is using Mailwatch, where it really takes time to load >> all >> but the "Recent messages" page. I thought this might be MySQL related, >> but >> this doesn't show as a problem anywhere. The machine does keep up. I get >> around 40K messages per day. >> >> Would lowering or raising the Max Children benefit this condition, in >> anyone's opinion? I can see advantages in both lowering and raising it >> from >> 5. This is a hyperthreaded machine, showing two CPUs on top. >> >> Due to the recent discussion about Clam config files, I thought I might >> ask - is there something to speed up the Clam and Bitdefender stuff >> other >> than the Clam module? Does it sound like the number of messages being >> scanned is too high per process? >> >> This is not the latest Clam, but the prior release, and the free >> Bitdefender >> for Linux. >> >> >> Steve Campbell >> campbell@cnpapers.com >> Charleston Newspapers >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ugob at camo-route.com Mon Jun 5 18:06:32 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Mon Jun 5 18:06:52 2006 Subject: SOLVED post-install spamassassin debug yields nothing In-Reply-To: <035801c688ba$0a21f510$0200000a@danc3> References: <032d01c688ab$c0321290$0200000a@danc3> <44845075.7010608@jlewiscooper.com> <035801c688ba$0a21f510$0200000a@danc3> Message-ID: Dan Carl wrote: > Thanks for the help. > In the post install wiki it shows only one dash. > ----- Original Message ----- > From: "Greg Borders" > To: "MailScanner discussion" > Sent: Monday, June 05, 2006 10:40 AM > Subject: Re: post-install spamassassin debug yields nothing > > >> >> Dan Carl wrote: >>> First of all I've been a happy Mailscanner user for several years now > thanks >>> for the great software. >>> I started getting more spam so I decided to upgrade to: >>> MailScanner Version Number = 4.54.6 >>> SpamAssassin version 3.1.2 >>> >>> The upgrade seemed to go fine but now when I issue the command: >>> spamassassin -D -lint -p /etc/MailScanner/spam.assassin.prefs.conf >>> Nothing happens, I have to ctrl C to get back to a prompt. >>> >> It takes a --lint to do the diagnosis. Without the double dash, SA >> thinks it's -l, which isn't a proper command, and leave you hung inside >> SA. Try again with double dash. And IIRC, you don't need the -p switch >> anymore, the symlink instlled by latest versions will find the proper >> conf file. >> >> spamassassin -D --lint The wiki changes -- into '-' unless we use tags, so please use tags as much as possible. From dave.list at pixelhammer.com Mon Jun 5 18:22:33 2006 From: dave.list at pixelhammer.com (DAve) Date: Mon Jun 5 18:22:54 2006 Subject: Instructions for FreeBSD In-Reply-To: <4484577F.6040404@rogers.com> References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> <4484168A.6000709@pixelhammer.com> <4484577F.6040404@rogers.com> Message-ID: <44846859.70906@pixelhammer.com> Mike Jakubik wrote: > DAve wrote: >> Julian Field wrote: >> >>> If so, why, and is there anything easy I could do to fix it? >>> It's just that it does all sorts of other tweaks and settings for >>> you, as well as just build and install the packages. >> >> The issue it not whether your package works but whether your package >> installs in the same manner as other FreeBSD software. I use non >> FreeBSD installs all the time, you will find most FreeBSD admins have >> no problem with non FreeBSD installs. > > Having used FreeBSD since 2.x days, i would have to disagree with you. I > dislike installing anything from source, as it usually creates a mess, > and is harder to do maintenance on, things such as portaudit do not > work, etc, etc... > I can only go back to 3.1, still have a passle of 3.5 CDs though ;^) I made the same argument from your side of the fence for quite a while, then I had to maintain a RedHat machine and a Debian machine. My attitude changed significantly. Packages/RPMs/Ports/whatever of any flavor are the Devils right hand IMO. I am using them now on the MailScanner servers only as a Disaster Recovery method. If I meet a disaster, someone could manage a security upgrade during my funeral. I have servers that clients "need" PHP4, but another client "must have" PHP5. Do you add a new web server for a single hosting account? Add a third for the client who needs Apache 2.x? Turn away clients? Ports will not let you install conflicts. Worse is when sales brings in a new client with an existing site and all it's dependencies. Were it my own server, maybe I would agree with you, but having a NOC filled with web servers running different OSs at different versions, I prefer source. Granted source removes the ability to use the ports tools, but it also removes their limitations. This would be a religious discussion I think. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From MailScanner at ecs.soton.ac.uk Mon Jun 5 19:09:12 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 5 19:09:27 2006 Subject: Installing ClamAV & SpamAssassin by hand In-Reply-To: <093a01c688b7$36509040$3004010a@martinhlaptop> References: <093a01c688b7$36509040$3004010a@martinhlaptop> Message-ID: <44847348.2080300@ecs.soton.ac.uk> But there are all the loadplugin lines in init.pre which are essential. I have moved the 3rd heading so all the SpamAssassin edits are in the SpamAssassin section. Go and look at http://wiki.mailscanner.info/doku.php?id=documentation:clamav_sa again and you will see the new version. Martin Hepworth wrote: > Jules > > Talks about ClamAV, but not much about spamassassin (apart from the perl > modules). For Spamassassin I always use CPAN which installs all the > prerequites as well.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Julian Field >> Sent: 05 June 2006 15:55 >> To: MailScanner mailing list >> Subject: Installing ClamAV & SpamAssassin by hand >> >> Folks, >> >> On 5 Jun 2006, at 12:33, DAve wrote: >> >>> Julian Field wrote: >>> >>>> Is my ClamAV+SA package useless on FreeBSD? >>>> I guess I could just document all the tweaks it does on the wiki. >>>> Is that actually the best solution? >>>> >> I have just written out the process on the Wiki. The page is at >> >> http://wiki.mailscanner.info/doku.php?id=documentation:clamav_sa >> >> It shows all the gory details, including all the steps you would have >> to take if you insist (or for a good reason) on doing it by hand >> rather than using my package. >> >> There's quite a lot of it, and it took a few revisions to get right :-) >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From pravin.rane at gmail.com Mon Jun 5 19:15:09 2006 From: pravin.rane at gmail.com (Pravin Rane) Date: Mon Jun 5 19:15:10 2006 Subject: Qmail repeated Message-ID In-Reply-To: <223f97700604241021o1e40ab61t25f6aa2935b5558d@mail.gmail.com> References: <13c021a90604180805r675617c1gab6add71196ae6c6@mail.gmail.com> <223f97700604241021o1e40ab61t25f6aa2935b5558d@mail.gmail.com> Message-ID: <13c021a90606051115o1f649b20gf8ba5d36cd6ca280@mail.gmail.com> Hey, Problem solved :)) Solution (Patch) at below link http://wiki.mailscanner.info/doku.php?id=documentation:related_software:patches:qmail_unique_id_patch&do=index On 4/24/06, Glenn Steen wrote: > > On 18/04/06, Pravin Rane wrote: > > Hi > > > > This is my first posting to Mailscannner list. > > > > I am using Qmail + MailScanner + Mailwatch + ClamAV + Spamassassin. > > > > My problem is I am getting same messae-Ids for mulitple mails in > Mailwatch > > interface. After searching in Mailwatch FAQ I found the author pointed > to > > counsult with Mailscanner's Author since all this information its > getting > > from MailScanner. > > > > Is there any work-arround (Patch) to get unique message-ids?. Since > qmail > > uses same message-ids to different messages if it does not find that > inode > > no. in queue. > > > > > > > > Regards > > > > Pravin Rane > > > (Sorry for the late reply.... I've been in the mountains (Skiing... > downhill.... formerly broken leg smarting as h*ll, but still.... > Wonderful!:-)) > > This is pretty much the same problem Postfix used to have, and the > solution would be the same. I suggest you contact the maintainers of > the Qmail port (Openprotect, is it?) and suggest they do a similar fix > as Jules did for Postfix. > In the meantime, you can ... alleviate ... the problem by configuring > your system so that it is sure to have a high degree of i-node > consumption (pretty much everything on one partition/filesystem). Will > not cure it completely, but might at least make it not that frequent. > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Regards Pravin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060605/32841b03/attachment.html From mikej at rogers.com Mon Jun 5 19:17:33 2006 From: mikej at rogers.com (Mike Jakubik) Date: Mon Jun 5 19:17:25 2006 Subject: Instructions for FreeBSD In-Reply-To: <44846859.70906@pixelhammer.com> References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> <4484168A.6000709@pixelhammer.com> <4484577F.6040404@rogers.com> <44846859.70906@pixelhammer.com> Message-ID: <4484753D.7090507@rogers.com> DAve wrote: > Mike Jakubik wrote: >> DAve wrote: >>> >>> The issue it not whether your package works but whether your package >>> installs in the same manner as other FreeBSD software. I use non >>> FreeBSD installs all the time, you will find most FreeBSD admins >>> have no problem with non FreeBSD installs. >> >> Having used FreeBSD since 2.x days, i would have to disagree with >> you. I dislike installing anything from source, as it usually creates >> a mess, and is harder to do maintenance on, things such as portaudit >> do not work, etc, etc... >> > > I can only go back to 3.1, still have a passle of 3.5 CDs though ;^) I > made the same argument from your side of the fence for quite a while, > then I had to maintain a RedHat machine and a Debian machine. My > attitude changed significantly. Packages/RPMs/Ports/whatever of any > flavor are the Devils right hand IMO. I am using them now on the > MailScanner servers only as a Disaster Recovery method. If I meet a > disaster, someone could manage a security upgrade during my funeral. > > I have servers that clients "need" PHP4, but another client "must > have" PHP5. Do you add a new web server for a single hosting account? > Add a third for the client who needs Apache 2.x? Turn away clients? > Ports will not let you install conflicts. Worse is when sales brings > in a new client with an existing site and all it's dependencies. > > Were it my own server, maybe I would agree with you, but having a NOC > filled with web servers running different OSs at different versions, I > prefer source. Granted source removes the ability to use the ports > tools, but it also removes their limitations. > > This would be a religious discussion I think. Of course everyone uses what works for them, however you're presenting a specific situation in which you need to install conflicting software, this would create a problem for any packaging system. Although some ports support different versions of the same application, such as apache. However i don't see how that problem applies to MS. From MailScanner at ecs.soton.ac.uk Mon Jun 5 19:51:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 5 19:51:47 2006 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available! In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580D2114CD@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580D2114CD@isabella.herefordshire.gov.uk> Message-ID: <44847D29.5060703@ecs.soton.ac.uk> Thanks for that. I have just updated the ClamAV + SpamAssassin package to contain the new 3.1.3 release of SpamAssassin. Randal, Phil wrote: > FYI > > The files aren't on all mirrors yet, but can definitely be found at > > http://www.eu.apache.org/dist/spamassassin/ > > Cheers, > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > -----Original Message----- > From: Theo Van Dinter [mailto:felicity@apache.org] > Sent: 05 June 2006 17:13 > To: Spamassassin Users List; Spamassassin Devel List; Spamassassin > Announcements List > Subject: ANNOUNCE: Apache SpamAssassin 3.1.3 available! > > Apache SpamAssassin 3.1.3 is now available! This is a maintainance > release of the 3.1.x branch. > > Downloads are available from: > http://spamassassin.apache.org/downloads.cgi?update=200606050750 > > The release file will also be available via CPAN in the near future. > > md5sum of archive files: > 5f049f0b9fc63585a85593a3c68409bb Mail-SpamAssassin-3.1.3.tar.bz2 > 32ad78f3cdaddb02cdf0f55572604d07 Mail-SpamAssassin-3.1.3.tar.gz > 6cb6fc27c4466091b2bc4e04af8c39bf Mail-SpamAssassin-3.1.3.zip > > sha1sum of archive files: > e1f4489ec8805985e0ca79765bde586bf0286725 > Mail-SpamAssassin-3.1.3.tar.bz2 > ed9e18fae6db86d0b77ce48d8262194e06df9ef8 > Mail-SpamAssassin-3.1.3.tar.gz > 090dfd3eaa0481789fbf94f67bcf9c2dd6387959 Mail-SpamAssassin-3.1.3.zip > > > The release files also have a .asc accompanying them. The file serves > as an external GPG signature for the given release file. The signing > key is available via the wwwkeys.pgp.net key server, as well as > http://spamassassin.apache.org/released/GPG-SIGNING-KEY > > The key information is: > > pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key > > Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F > A05B > > 3.1.3 fixes a remote code execution vulnerability if spamd is run with > the > "--vpopmail" and "-P" options. If either/both of those options are not > used, there is no vulnerability. There was also a fix for the userstate > directory and prefs file not being created. > > Changelog: > > - bug 4926: given a certain set of parameters to spamd and a specially > formatted input message, users could cause spamd to execute arbitrary > commands as the spamd user > - bug 4932: the userstate dir and userprefs file would not be created > under certain conditions. > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From sandrews at andrewscompanies.com Mon Jun 5 20:09:39 2006 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Mon Jun 5 20:09:43 2006 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available! Message-ID: <1964AAFBC212F742958F9275BF63DBB03B1544@winchester.andrewscompanies.com> The default config of mailscanner doesn't run with these switches, does it? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Monday, June 05, 2006 2:51 PM To: MailScanner discussion Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available! Thanks for that. I have just updated the ClamAV + SpamAssassin package to contain the new 3.1.3 release of SpamAssassin. Randal, Phil wrote: > FYI > > The files aren't on all mirrors yet, but can definitely be found at > > http://www.eu.apache.org/dist/spamassassin/ > > Cheers, > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > -----Original Message----- > From: Theo Van Dinter [mailto:felicity@apache.org] > Sent: 05 June 2006 17:13 > To: Spamassassin Users List; Spamassassin Devel List; Spamassassin > Announcements List > Subject: ANNOUNCE: Apache SpamAssassin 3.1.3 available! > > Apache SpamAssassin 3.1.3 is now available! This is a maintainance > release of the 3.1.x branch. > > Downloads are available from: > http://spamassassin.apache.org/downloads.cgi?update=200606050750 > > The release file will also be available via CPAN in the near future. > > md5sum of archive files: > 5f049f0b9fc63585a85593a3c68409bb Mail-SpamAssassin-3.1.3.tar.bz2 > 32ad78f3cdaddb02cdf0f55572604d07 Mail-SpamAssassin-3.1.3.tar.gz > 6cb6fc27c4466091b2bc4e04af8c39bf Mail-SpamAssassin-3.1.3.zip > > sha1sum of archive files: > e1f4489ec8805985e0ca79765bde586bf0286725 > Mail-SpamAssassin-3.1.3.tar.bz2 > ed9e18fae6db86d0b77ce48d8262194e06df9ef8 > Mail-SpamAssassin-3.1.3.tar.gz > 090dfd3eaa0481789fbf94f67bcf9c2dd6387959 > Mail-SpamAssassin-3.1.3.zip > > > The release files also have a .asc accompanying them. The file serves > as an external GPG signature for the given release file. The signing > key is available via the wwwkeys.pgp.net key server, as well as > http://spamassassin.apache.org/released/GPG-SIGNING-KEY > > The key information is: > > pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key > > Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F > A05B > > 3.1.3 fixes a remote code execution vulnerability if spamd is run with > the "--vpopmail" and "-P" options. If either/both of those options > are not used, there is no vulnerability. There was also a fix for the > userstate directory and prefs file not being created. > > Changelog: > > - bug 4926: given a certain set of parameters to spamd and a specially > formatted input message, users could cause spamd to execute arbitrary > commands as the spamd user > - bug 4932: the userstate dir and userprefs file would not be created > under certain conditions. > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 5 20:16:48 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 5 20:17:02 2006 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available! In-Reply-To: <1964AAFBC212F742958F9275BF63DBB03B1544@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB03B1544@winchester.andrewscompanies.com> Message-ID: <44848320.8080509@ecs.soton.ac.uk> MailScanner doesn't use spamd at all, so is not vulnerable anyway. It talks straight to the Perl library of SpamAssassin, there is nothing to get in the way. sandrews@andrewscompanies.com wrote: > The default config of mailscanner doesn't run with these switches, does > it? > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Monday, June 05, 2006 2:51 PM > To: MailScanner discussion > Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available! > > Thanks for that. I have just updated the ClamAV + SpamAssassin package > to contain the new 3.1.3 release of SpamAssassin. > > Randal, Phil wrote: > >> FYI >> >> The files aren't on all mirrors yet, but can definitely be found at >> >> http://www.eu.apache.org/dist/spamassassin/ >> >> Cheers, >> >> Phil >> >> -- >> Phil Randal >> Network Engineer >> Herefordshire Council >> Hereford, UK >> >> -----Original Message----- >> From: Theo Van Dinter [mailto:felicity@apache.org] >> Sent: 05 June 2006 17:13 >> To: Spamassassin Users List; Spamassassin Devel List; Spamassassin >> Announcements List >> Subject: ANNOUNCE: Apache SpamAssassin 3.1.3 available! >> >> Apache SpamAssassin 3.1.3 is now available! This is a maintainance >> release of the 3.1.x branch. >> >> Downloads are available from: >> http://spamassassin.apache.org/downloads.cgi?update=200606050750 >> >> The release file will also be available via CPAN in the near future. >> >> md5sum of archive files: >> 5f049f0b9fc63585a85593a3c68409bb Mail-SpamAssassin-3.1.3.tar.bz2 >> 32ad78f3cdaddb02cdf0f55572604d07 Mail-SpamAssassin-3.1.3.tar.gz >> 6cb6fc27c4466091b2bc4e04af8c39bf Mail-SpamAssassin-3.1.3.zip >> >> sha1sum of archive files: >> e1f4489ec8805985e0ca79765bde586bf0286725 >> Mail-SpamAssassin-3.1.3.tar.bz2 >> ed9e18fae6db86d0b77ce48d8262194e06df9ef8 >> Mail-SpamAssassin-3.1.3.tar.gz >> 090dfd3eaa0481789fbf94f67bcf9c2dd6387959 >> Mail-SpamAssassin-3.1.3.zip >> >> >> The release files also have a .asc accompanying them. The file serves >> > > >> as an external GPG signature for the given release file. The signing >> key is available via the wwwkeys.pgp.net key server, as well as >> http://spamassassin.apache.org/released/GPG-SIGNING-KEY >> >> The key information is: >> >> pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key >> >> Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F >> A05B >> >> 3.1.3 fixes a remote code execution vulnerability if spamd is run with >> > > >> the "--vpopmail" and "-P" options. If either/both of those options >> are not used, there is no vulnerability. There was also a fix for the >> > > >> userstate directory and prefs file not being created. >> >> Changelog: >> >> - bug 4926: given a certain set of parameters to spamd and a specially >> formatted input message, users could cause spamd to execute >> > arbitrary > >> commands as the spamd user >> - bug 4932: the userstate dir and userprefs file would not be created >> under certain conditions. >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store Professional > Support Services at www.MailScanner.biz MailScanner thanks transtec > Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Mon Jun 5 20:19:02 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 5 20:19:05 2006 Subject: bdc and clamscan always high on top In-Reply-To: <001001c688be$8e51d810$0705000a@DDF5DW71> References: <093b01c688b7$727a53d0$3004010a@martinhlaptop> <001001c688be$8e51d810$0705000a@DDF5DW71> Message-ID: <223f97700606051219n6293d6ean74912095e5d1fdc6@mail.gmail.com> On 05/06/06, Steve Campbell wrote: > > ----- Original Message ----- > From: "Martin Hepworth" > To: "'MailScanner discussion'" > Sent: Monday, June 05, 2006 11:48 AM > Subject: RE: bdc and clamscan always high on top > > > > Steve > > > > How many of these 40k emails are for valid users???? > > Not very many. Sendmail kicks most of them out. I guess a milter (ahead, or > something) would work here. But the problem is not really how many, but is > the bdc/clamscan high CPU normal? You are not the first to report that BDC is a bit heavy on the CPU.... and if you run both as command-line tools (as if you have any choice with BDC:-), and have a fair amount of incoming traffic, then the fork/exec/read virus defs/etc overhead will begin to tell. If you don't already, run clamavmodule instead of clamav... Will likely solve it for clamav, at least. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From arturs at netvision.net.il Mon Jun 5 21:20:11 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Mon Jun 5 20:21:46 2006 Subject: Mailscanner stopped, sendmail running... Message-ID: <000001c688dd$72d269a0$3701a8c0@lapxp> Hi, OS=CentOS 4.3 Sendmail=8.13.1 MailScanner=4.53.8 I issued 'service MailScanner stop' several times and still had sendmail running. Isn't sendmail controlled by MailScanner? Then why it didn't stopped it? Best, -- Arthur Sherman +972-52-4878851 CPTeam From mkettler at evi-inc.com Mon Jun 5 20:30:14 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Jun 5 20:30:36 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <000001c688dd$72d269a0$3701a8c0@lapxp> References: <000001c688dd$72d269a0$3701a8c0@lapxp> Message-ID: <44848646.1050400@evi-inc.com> Arthur Sherman wrote: > Hi, > > OS=CentOS 4.3 > Sendmail=8.13.1 > MailScanner=4.53.8 > > I issued 'service MailScanner stop' several times and still had sendmail > running. > > Isn't sendmail controlled by MailScanner? > Then why it didn't stopped it? Which sendmail was still running? The main listener? The main queue runner? Or a child of one or the other that was servicing a current transaction? AFAIK stopping MailScanner won't force-kill children that are currently connected and performing network transactions. Those will continue to run until their current transaction completes and then exit. (Of course, take that with a grain of salt, but every time I've seen this occur before, it was a child that was in the process of receiving mail from or delivering mail to a remote site.) From glenn.steen at gmail.com Mon Jun 5 20:31:48 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 5 20:31:55 2006 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available! In-Reply-To: <1964AAFBC212F742958F9275BF63DBB03B1544@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB03B1544@winchester.andrewscompanies.com> Message-ID: <223f97700606051231p6f2c8729ufa1e2b8bca6c2957@mail.gmail.com> On 05/06/06, sandrews@andrewscompanies.com wrote: > The default config of mailscanner doesn't run with these switches, does > it? > As if it even needs spamd running....:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dave.list at pixelhammer.com Mon Jun 5 20:37:47 2006 From: dave.list at pixelhammer.com (DAve) Date: Mon Jun 5 20:38:08 2006 Subject: Instructions for FreeBSD In-Reply-To: <4484753D.7090507@rogers.com> References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> <4484168A.6000709@pixelhammer.com> <4484577F.6040404@rogers.com> <44846859.70906@pixelhammer.com> <4484753D.7090507@rogers.com> Message-ID: <4484880B.9090702@pixelhammer.com> Mike Jakubik wrote: > DAve wrote: >> This would be a religious discussion I think. > > Of course everyone uses what works for them, however you're presenting a > specific situation in which you need to install conflicting software, > this would create a problem for any packaging system. Although some > ports support different versions of the same application, such as > apache. However i don't see how that problem applies to MS. > Your question, your answer ;^) Mike Jakubik wrote: > Also forgot to mention, if you put the files according to hier ( > http://www.freebsd.org/cgi/man.cgi?query=hier ), you may cause a problem > by conflicting with the port based counterparts. Therefore you should > put the files in their own dirs. But again, i think the best solution is > to patch the port accordingly. > If the port currently works, and Julian's tarball currently works, what is there to patch? Now if there needs to be an alternative to the FreeBSD port for those who dislike dealing with tarballs, that only requires an installer script that doesn't stomp on a prior installed port. Jan, as the maintainer of the port, would be the man to consult. None of this requires the port to be patched. It only requires a FreeBSD specific install, whether that be instructions on the Wiki or a shell script. But as I told Julian earlier, there is nothing wrong with the package. Admins who dislike looking at source can use the port, others have the source available. Just my thoughts. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From mrm at medicine.wisc.edu Mon Jun 5 20:43:19 2006 From: mrm at medicine.wisc.edu (Michael Masse) Date: Mon Jun 5 20:43:52 2006 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available! Message-ID: What's the best way to upgrade? Run the new ClamAV + SA + MS package to update a system with this previously installed?? or is there a better way to update. MS is already at the latest version by the way. Mike >>> MailScanner@ecs.soton.ac.uk 6/5/2006 1:51:21 PM >>> Thanks for that. I have just updated the ClamAV + SpamAssassin package to contain the new 3.1.3 release of SpamAssassin. Randal, Phil wrote: > FYI > > The files aren't on all mirrors yet, but can definitely be found at > > http://www.eu.apache.org/dist/spamassassin/ > > Cheers, > > Phil Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 5 20:49:58 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 5 20:50:13 2006 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available! In-Reply-To: References: Message-ID: <44848AE6.2070906@ecs.soton.ac.uk> Just install the new package over the top of the previous one. Michael Masse wrote: > What's the best way to upgrade? Run the new ClamAV + SA + MS package > to update a system with this previously installed?? or is there a > better way to update. MS is already at the latest version by the > way. > > Mike > > >>>> MailScanner@ecs.soton.ac.uk 6/5/2006 1:51:21 PM >>> >>>> > Thanks for that. I have just updated the ClamAV + SpamAssassin package > > to contain the new 3.1.3 release of SpamAssassin. > > Randal, Phil wrote: > >> FYI >> >> The files aren't on all mirrors yet, but can definitely be found at >> >> http://www.eu.apache.org/dist/spamassassin/ >> >> Cheers, >> >> Phil >> > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From campbell at cnpapers.com Mon Jun 5 21:28:00 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Jun 5 21:28:15 2006 Subject: bdc and clamscan always high on top References: <093b01c688b7$727a53d0$3004010a@martinhlaptop><001001c688be$8e51d810$0705000a@DDF5DW71> <223f97700606051219n6293d6ean74912095e5d1fdc6@mail.gmail.com> Message-ID: <001a01c688de$89ebb140$0705000a@DDF5DW71> Thanks, Glenn Steve ----- Original Message ----- From: "Glenn Steen" To: "MailScanner discussion" Sent: Monday, June 05, 2006 3:19 PM Subject: Re: bdc and clamscan always high on top > On 05/06/06, Steve Campbell wrote: >> >> ----- Original Message ----- >> From: "Martin Hepworth" >> To: "'MailScanner discussion'" >> Sent: Monday, June 05, 2006 11:48 AM >> Subject: RE: bdc and clamscan always high on top >> >> >> > Steve >> > >> > How many of these 40k emails are for valid users???? >> >> Not very many. Sendmail kicks most of them out. I guess a milter (ahead, >> or >> something) would work here. But the problem is not really how many, but >> is >> the bdc/clamscan high CPU normal? > > You are not the first to report that BDC is a bit heavy on the CPU.... > and if you run both as command-line tools (as if you have any choice > with BDC:-), and have a fair amount of incoming traffic, then the > fork/exec/read virus defs/etc overhead will begin to tell. If you > don't already, run clamavmodule instead of clamav... Will likely solve > it for clamav, at least. > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From maillists at conactive.com Mon Jun 5 21:31:20 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Jun 5 21:31:37 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <000001c688dd$72d269a0$3701a8c0@lapxp> References: <000001c688dd$72d269a0$3701a8c0@lapxp> Message-ID: Arthur Sherman wrote on Mon, 05 Jun 2006 22:20:11 +0200: > I issued 'service MailScanner stop' several times and still had sendmail > running. What kind of processes? kill the sendmail (killall sendmail) and restart MailScanner. Then stop it again. Is it better now? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From campbell at cnpapers.com Mon Jun 5 21:43:39 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Jun 5 21:43:47 2006 Subject: Mailscanner stopped, sendmail running... References: <000001c688dd$72d269a0$3701a8c0@lapxp> Message-ID: <002201c688e0$b9a555b0$0705000a@DDF5DW71> ----- Original Message ----- From: "Kai Schaetzl" To: Sent: Monday, June 05, 2006 4:31 PM Subject: Re: Mailscanner stopped, sendmail running... > Arthur Sherman wrote on Mon, 05 Jun 2006 22:20:11 +0200: > >> I issued 'service MailScanner stop' several times and still had sendmail >> running. > > What kind of processes? kill the sendmail (killall sendmail) and restart > MailScanner. Then stop it again. Is it better now? By doing the killall sendmail, you are probably going to get some unmatched data files in your queues. But this is the way I do it, and most of the processes left running before the killall are probably useless anyway. I just have to remember to go back and wipe them out. Steve > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mikej at rogers.com Mon Jun 5 22:07:01 2006 From: mikej at rogers.com (Mike Jakubik) Date: Mon Jun 5 22:06:55 2006 Subject: Instructions for FreeBSD In-Reply-To: <4484880B.9090702@pixelhammer.com> References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> <4484168A.6000709@pixelhammer.com> <4484577F.6040404@rogers.com> <44846859.70906@pixelhammer.com> <4484753D.7090507@rogers.com> <4484880B.9090702@pixelhammer.com> Message-ID: <44849CF5.8020209@rogers.com> DAve wrote: > If the port currently works, and Julian's tarball currently works, > what is there to patch? "other tweaks and settings" From ka at pacific.net Mon Jun 5 23:43:30 2006 From: ka at pacific.net (Ken A) Date: Mon Jun 5 23:43:33 2006 Subject: http://mailscanner.info/store not found Message-ID: <4484B392.9060801@pacific.net> Seems to be a broken link on the home page. Ken From pete at enitech.com.au Tue Jun 6 01:54:17 2006 From: pete at enitech.com.au (Peter Russell) Date: Tue Jun 6 01:54:30 2006 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available! In-Reply-To: <44848AE6.2070906@ecs.soton.ac.uk> References: <44848AE6.2070906@ecs.soton.ac.uk> Message-ID: <4484D239.8050707@enitech.com.au> Will it play nicely with MS 4.52.2 ? Julian Field wrote: > Just install the new package over the top of the previous one. > > Michael Masse wrote: >> What's the best way to upgrade? Run the new ClamAV + SA + MS package >> to update a system with this previously installed?? or is there a >> better way to update. MS is already at the latest version by the >> way. >> >> Mike >> >> >>>>> MailScanner@ecs.soton.ac.uk 6/5/2006 1:51:21 PM >>> >>>>> >> Thanks for that. I have just updated the ClamAV + SpamAssassin package >> >> to contain the new 3.1.3 release of SpamAssassin. >> >> Randal, Phil wrote: >> >>> FYI >>> >>> The files aren't on all mirrors yet, but can definitely be found at >>> >>> http://www.eu.apache.org/dist/spamassassin/ >>> Cheers, >>> >>> Phil >>> >> Support MailScanner development - buy the book off the website! > From michele at blacknight.ie Tue Jun 6 02:22:08 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Tue Jun 6 02:22:10 2006 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available! In-Reply-To: <4484D239.8050707@enitech.com.au> References: <44848AE6.2070906@ecs.soton.ac.uk> <4484D239.8050707@enitech.com.au> Message-ID: <4484D8C0.5060607@blacknight.ie> Peter Russell wrote: > Will it play nicely with MS 4.52.2 ? Why wouldn't it? It's a minor update / bugfix -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From dave.list at pixelhammer.com Tue Jun 6 03:43:55 2006 From: dave.list at pixelhammer.com (DAve) Date: Tue Jun 6 03:44:19 2006 Subject: Instructions for FreeBSD In-Reply-To: <44849CF5.8020209@rogers.com> References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> <4484168A.6000709@pixelhammer.com> <4484577F.6040404@rogers.com> <44846859.70906@pixelhammer.com> <4484753D.7090507@rogers.com> <4484880B.9090702@pixelhammer.com> <44849CF5.8020209@rogers.com> Message-ID: <4484EBEB.6090906@pixelhammer.com> Mike Jakubik wrote: > DAve wrote: >> If the port currently works, and Julian's tarball currently works, >> what is there to patch? > > "other tweaks and settings" > I'm sure whatever Julian decides will be good. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From febrianto at sioenasia.com Tue Jun 6 05:35:33 2006 From: febrianto at sioenasia.com (Budi Febrianto) Date: Tue Jun 6 05:31:39 2006 Subject: How to block emails from some of yahoogroups but not all In-Reply-To: <223f97700606050338o6946927aw4ad1a4c56a21691f@mail.gmail.com> Message-ID: mailscanner-bounces@lists.mailscanner.info wrote on 06/05/2006 05:38:45 PM: > On 05/06/06, Budi Febrianto wrote: > > > > Dear All, > > > > Just join this group, and the two emails from mailscanner.info (confirm and > > welcome) tagged as spam :). Have manually added mailscanner.info as > > whitelist. :). > > > > Lot's of my users join the yahoogroups. It's not a problem, but... my > > management want me to block emails from yahoogroups that contains that are > > not allowed, like porn. > > > > So I like to block emails from abc of yahoogroups. > > I tried to simply blacklist emails from abc@yahoogroups.com, but it didn't > > work. Should I put it in SA as new rules? Any examples? > > > > Best Regards > > > Budi, look at the thread "Listserv whitelisting: Reply-to header > field? " ... You get the idea:-). > > Hmmm, gmane seem to be down, so you'll have to rely on > http://lists.mailscanner.info/pipermail/mailscanner/2006-June/thread.html > ... whioch doesn't seem to thread that well... Oh well. > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > Dear Glenn, Thanks for the reply. I check the MailScanner.conf and found out that Add Envelope From Header allready set to yes. ===MailScanner.conf=== Add Envelope From Header = yes Add Envelope To Header = no Envelope From Header = X-%org-name%-MailScanner-From: === But I don't see any header in my emails with the tag like X-myorgname-MailScanner-From:, is that a problem? I tried added To:, From: and even Reply-To: in spam.whitelist.rules, nothing is work. (before doing it in spam.blacklist.rules... better try it in whitelist first) Am I missing something? Best Regards From grover1711 at gmail.com Tue Jun 6 07:09:41 2006 From: grover1711 at gmail.com (ankush grover) Date: Tue Jun 6 07:09:45 2006 Subject: PerMsgStatus.pm patch failed with SpamAssassin 3.001001 on FC3 with MailScanner 4.44 In-Reply-To: <223f97700606050604s3baa2d09s58ae9bb5d8b5a2ba@mail.gmail.com> References: <5f638b360606050441r413833d1u313be9a584afab42@mail.gmail.com> <223f97700606050604s3baa2d09s58ae9bb5d8b5a2ba@mail.gmail.com> Message-ID: <5f638b360606052309m46b61607ua89ba4c80fbd14e0@mail.gmail.com> On 6/5/06, Glenn Steen wrote: > On 05/06/06, ankush grover wrote: > (snip)> > > SpamAssassin Version is 3.001001 > > If I read this right (which I'm pretty certain I do:-), you are using > the wrong set of patches. > You should use the ones for 3.1.1, not the ones for 3.0.0 ... hey, But the version of the spamassassin is 3.001001 not 3.1.1 or does 3.001001 means 3.1.1 Thanks & Regards Ankush Grover From arturs at netvision.net.il Tue Jun 6 08:45:32 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Tue Jun 6 07:47:08 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <44848646.1050400@evi-inc.com> Message-ID: <002401c6893d$30b7cc80$3701a8c0@lapxp> > Which sendmail was still running? The main listener? The main > queue runner? Or a > child of one or the other that was servicing a current transaction? > > AFAIK stopping MailScanner won't force-kill children that are > currently > connected and performing network transactions. Those will > continue to run until > their current transaction completes and then exit. > > (Of course, take that with a grain of salt, but every time > I've seen this occur > before, it was a child that was in the process of receiving > mail from or > delivering mail to a remote site.) AFAIK, those were childs. Btw, is it possible to make MailScanner wait for childs to exit before it reports successful service shutdown? Thank you for your help. Best, -- Arthur Sherman +972-52-4878851 CPTeam From Jan-Peter.Koopmann at seceidos.de Tue Jun 6 07:52:30 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Tue Jun 6 07:52:39 2006 Subject: Instructions for FreeBSD In-Reply-To: Message-ID: On Monday, June 05, 2006 4:12 PM Julian Field wrote: >> You could simply make your installer script FreeBSD aware and >> everything would be fine. Jan would be the man to talk to, as he >> maintains the FreeBSD port he already knows what needs to be where >> for a FreeBSD system. > > Okay, I will contact Jan-Peter, and find out what should be where. :-) Let's start with this: Please do not remove files from your download site without telling me: => MailScanner-install-4.53.8-1.tar.gz doesn't seem to exist in /usr/ports/distfiles/. => Attempting to fetch from http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/. fetch: http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/MailScanner-install-4.53.8-1.tar.gz: Moved Temporarily => Attempting to fetch from ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/. fetch: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/MailScanner-install-4.53.8-1.tar.gz: File unavailable (e.g., file not found, no access) => Couldn't fetch it - please try to retrieve this => port manually into /usr/ports/distfiles/ and try again. *** Error code 1 This is the reason the port currently is not working for anybody. If you still want to have that flexibility I would have to cache the files on our server. I have no problem with that but would like to have your permission first. The port system is totally different from rpm or Linux based installs. It contains so much magic. Starting from automatically handling the install points, rc.d scripts (including variable replacement), maintaining a database, automatically installing and maintaining the relationships to other packages, patching the system to be FreeBSD conform... My port changes quite a lot of little things in MailScanner to make it FreeBSD conform. I strongly doubt that a few tweaks in your install script would suffice. For starters: I strongly advise against using SpamAssassin/ClamAV etc. from CPAN or your install script in FreeBSD. There are excellent ports for all those dependencies (DCC, razor etc.). A new clamav version only requires a portupgrade clamav and that's it. If you are installing things to different locations (which you should in order to not interfere with the ports system) you will have to take care of the updates yourself. I don't even know where to continue. I know my time is quite limited which is why it takes me several days to update the port once Julian has released a new version but I am afraid that's the way it is and is not going to chance soon. On the other hand if there are very critical patches that should be in the system the port sometimes was a lot faster than Julian. If there is a very serious change that people need in the port please contact me immediatly and I will try to get it done ASAP. As for the beta: Since I am on the beta list as well I hope I will find time to produce a few beta ports myself. If that is not sufficient (which I understand) then those people would have to use the tarball. Again: I strongly advise only to use the MailScanner component without installing ClamAV etc. from the tarball. If you do not know your way around FreeBSD and those components 100% the chance of messing up your system is quite high. :-) Kind regards, JP From Jan-Peter.Koopmann at seceidos.de Tue Jun 6 07:58:12 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Tue Jun 6 07:58:25 2006 Subject: Instructions for FreeBSD In-Reply-To: Message-ID: Let me add two things. :-) First of all I just realized that http://www.sng.ecs.soton.ac.uk/mailscanner/files does not contain the files anymore. Just changed that in the ports. Second: The part that is holding me up most is maintaining the man pages. In a new version I have to locate the new options, see where in MailScanner.config they are (since this is not documented in the changelog), put this in an acceptable format and then patch the port and send the updated manpages to Julian. If the tarball already contained current manpages, the FreeBSD port would only take a few minutes to build... Mit freundlichen Gr??en Jan-Peter Koopmann Dipl.-Wirtschaftsinformatiker Gesch?ftsf?hrer -- Seceidos GmbH&Co. KG | Tel: +49 6151 66843-43 Robert-Bosch-Str. 7 | Fax: +49 6151 66843-52 64293 Darmstadt / Germany | IAX: guest@voip.seceidos.de/43 http://www.seceidos.de | SIP: 43@voip.seceidos.de From Jan-Peter.Koopmann at seceidos.de Tue Jun 6 08:06:45 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Tue Jun 6 08:07:07 2006 Subject: FreeBSD 4.56.4 Message-ID: FYI: I just released a quickshot of the 4.56.4 port. I hope it will be committed today. Kind regards, JP From michele at blacknight.ie Tue Jun 6 08:31:16 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Tue Jun 6 08:31:19 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <002201c688e0$b9a555b0$0705000a@DDF5DW71> References: <000001c688dd$72d269a0$3701a8c0@lapxp> <002201c688e0$b9a555b0$0705000a@DDF5DW71> Message-ID: <44852F44.8070106@blacknight.ie> I have to ask.... How long has this been installed? Have you removed / replaced the sendmail init script? -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From res at ausics.net Tue Jun 6 08:46:17 2006 From: res at ausics.net (Res) Date: Tue Jun 6 08:46:25 2006 Subject: MailScanner goes byebyes In-Reply-To: <44840428.65ED.00A2.0@plattesheriff.org> References: <200606050643.51121.james@grayonline.id.au> <44840428.65ED.00A2.0@plattesheriff.org> Message-ID: On Mon, 5 Jun 2006, Rob Poe wrote: >> Mine get none, the usual child starting blah blah, found and processed >> X number of messages and thats it.. >> So I guess its a case of the childs starts, processes its first batch then >> ninite we go :( > > What version of MailScanner are you running. What MTA? Linux Distro? > latest stable MS, linux, slackware, qmail we have 3 other qmail boxes that are as hard of working as this one, we have several sendmail box's that work as hard and even harder, this only happens on one of them. I can not no master how hard i try, make it replicate to any of the others, and it runs the same kernel as most of the others. -- Cheers Res From lhaig at haigmail.com Tue Jun 6 08:51:20 2006 From: lhaig at haigmail.com (Lance Haig) Date: Tue Jun 6 08:51:27 2006 Subject: Instructions for FreeBSD In-Reply-To: References: Message-ID: <448533F8.4050900@haigmail.com> Jan-Peter, if I may ask what would the install order be to have a installed version of MS SA Clamav Bitdefender and the other tools. is there a place on the wiki? I would love to help out if I can. Thanks Lance Koopmann, Jan-Peter wrote: > Let me add two things. :-) > > First of all I just realized that http://www.sng.ecs.soton.ac.uk/mailscanner/files does not contain the files anymore. Just changed that in the ports. > > Second: The part that is holding me up most is maintaining the man pages. In a new version I have to locate the new options, see where in MailScanner.config they are (since this is not documented in the changelog), put this in an acceptable format and then patch the port and send the updated manpages to Julian. If the tarball already contained current manpages, the FreeBSD port would only take a few minutes to build... > > > > Mit freundlichen Gr??en > > Jan-Peter Koopmann > Dipl.-Wirtschaftsinformatiker > Gesch?ftsf?hrer > > -- *Lance Haig* Director *Work:* 07967967108 *Mobile:* 07967967108 *Email:* lhaig@haigmail.com *http://www.linkedin.com/in/lancehaig * * * *HaigMail dot Com* See who we know in common Want a signature like this? -------------- next part -------------- Skipped content of type multipart/related From prakash.kannan at in.ness.com Tue Jun 6 09:02:41 2006 From: prakash.kannan at in.ness.com (Prakash) Date: Tue Jun 6 09:13:07 2006 Subject: sendmail Message-ID: Hi All, How to change the ip address of new smtp server in sendmail. Basically we had changed our exchange server ip address and need to modify in the sendmail server. Thanks Regards, Prakash Disclaimer This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom it is addressed. If you have received this communication in error, please immediately notify the MailAdmin@in.ness.com and destroy the original message. The recipient should check this email and any attachments for the presence of viruses. Ness has taken every reasonable precaution to minimize this risk, and accepts no liability for any damage caused by any virus transmitted in this email. Ness reserves the rights to monitor and review the content of all messages sent to or from this E-mail address, and store them on the Ness E-mail system. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060606/deab4161/attachment.html From MailScanner at ecs.soton.ac.uk Tue Jun 6 09:16:16 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 6 09:16:38 2006 Subject: http://mailscanner.info/store not found In-Reply-To: <4484B392.9060801@pacific.net> References: <4484B392.9060801@pacific.net> Message-ID: Fixed. On 5 Jun 2006, at 23:43, Ken A wrote: > Seems to be a broken link on the home page. > Ken > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue Jun 6 09:40:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 6 09:40:53 2006 Subject: MailScanner ANNOUNCE: New Web Site Message-ID: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> I am please to announce the arrival of the new MailScanner website at www.mailscanner.info This has been professionally designed and I hope you will agree that it is a much-needed step up from my previous amateur effort which has done us less for the 6 years or so. It is still a light design, and will hopefully load quickly. It loads in about 0.6 seconds from here :-) Here's to wishing this site well on its way, and I look forward to see if it lasts as well as my amateur version! Regards, Jules. P.S. All reports of broken links to me directly, not the mailing list please. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue Jun 6 09:41:52 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 6 09:42:07 2006 Subject: Instructions for FreeBSD In-Reply-To: <4484EBEB.6090906@pixelhammer.com> References: <090701c6888c$d995a5e0$3004010a@martinhlaptop> <4484168A.6000709@pixelhammer.com> <4484577F.6040404@rogers.com> <44846859.70906@pixelhammer.com> <4484753D.7090507@rogers.com> <4484880B.9090702@pixelhammer.com> <44849CF5.8020209@rogers.com> <4484EBEB.6090906@pixelhammer.com> Message-ID: On 6 Jun 2006, at 03:43, DAve wrote: > Mike Jakubik wrote: >> DAve wrote: >>> If the port currently works, and Julian's tarball currently >>> works, what is there to patch? >> "other tweaks and settings" > > I'm sure whatever Julian decides will be good. I have documented the clamav_sa script actions on the wiki. Now you can more easily do it all by hand if you need to. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From shuttlebox at gmail.com Tue Jun 6 09:42:11 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Jun 6 09:42:13 2006 Subject: sendmail In-Reply-To: References: Message-ID: <625385e30606060142m6a4a6359o3a9f6f3ec0cfa5dd@mail.gmail.com> On 6/6/06, Prakash wrote: > > How to change the ip address of new smtp server in sendmail. > > > > Basically we had changed our exchange server ip address and need to modify > in the sendmail server. > Have a look in /etc/mail/mailertable. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060606/5ba8a966/attachment.html From MailScanner at ecs.soton.ac.uk Tue Jun 6 09:42:59 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 6 09:43:12 2006 Subject: PerMsgStatus.pm patch failed with SpamAssassin 3.001001 on FC3 with MailScanner 4.44 In-Reply-To: <5f638b360606052309m46b61607ua89ba4c80fbd14e0@mail.gmail.com> References: <5f638b360606050441r413833d1u313be9a584afab42@mail.gmail.com> <223f97700606050604s3baa2d09s58ae9bb5d8b5a2ba@mail.gmail.com> <5f638b360606052309m46b61607ua89ba4c80fbd14e0@mail.gmail.com> Message-ID: <4AA99AF9-C270-455C-8DBE-DB94FB3CAE59@ecs.soton.ac.uk> On 6 Jun 2006, at 07:09, ankush grover wrote: > On 6/5/06, Glenn Steen wrote: >> On 05/06/06, ankush grover wrote: >> (snip)> >> > SpamAssassin Version is 3.001001 > >> >> If I read this right (which I'm pretty certain I do:-), you are using >> the wrong set of patches. >> You should use the ones for 3.1.1, not the ones for 3.0.0 ... > > > hey, > > But the version of the spamassassin is 3.001001 not 3.1.1 or does > 3.001001 means 3.1.1 3.001001 means 3.1.1. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue Jun 6 09:48:17 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 6 09:48:30 2006 Subject: sendmail In-Reply-To: References: Message-ID: <4B4A1862-ABAD-4E60-AFA1-ED4C8AEFCE82@ecs.soton.ac.uk> Look for the IP address in all the files in /etc/mail and change them. It's probably only 1 or 2 files. After editing them, type "make" and restart sendmail to be sure. On 6 Jun 2006, at 09:02, Prakash wrote: > Hi All, > > > > How to change the ip address of new smtp server in sendmail. > > > > Basically we had changed our exchange server ip address and need to > modify in the sendmail server. > > > > > > Thanks Regards, > > Prakash > > > > Disclaimer > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom it > is addressed. If you have received this communication in error, > please immediately notify the MailAdmin@in.ness.com and destroy the > original message. The recipient should check this email and any > attachments for the presence of viruses. Ness has taken every > reasonable precaution to minimize this risk, and accepts no > liability for any damage caused by any virus transmitted in this > email. Ness reserves the rights to monitor and review the content > of all messages sent to or from this E-mail address, and store them > on the Ness E-mail system. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060606/17434884/attachment.html From arturs at netvision.net.il Tue Jun 6 10:58:22 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Tue Jun 6 09:59:59 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: Message-ID: <004201c6894f$bf544330$3701a8c0@lapxp> > What kind of processes? kill the sendmail (killall sendmail) > and restart > MailScanner. Then stop it again. Is it better now? Same. As has been previously saind in the list, these were (AFAIK) childs that didn't exit. If MailScanner would wait for them to exit (and report this when stopping) that would be great. Best, -- Arthur Sherman +972-52-4878851 CPTeam From joost at waversveld.nl Tue Jun 6 10:03:05 2006 From: joost at waversveld.nl (Joost Waversveld) Date: Tue Jun 6 10:03:11 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> Message-ID: <448544C9.3070200@waversveld.nl> Looks very good... Good job, Julian ;-) Julian Field wrote: > I am please to announce the arrival of the new MailScanner website at > > www.mailscanner.info > > This has been professionally designed and I hope you will agree that it > is a much-needed step up from my previous amateur effort which has done > us less for the 6 years or so. > > It is still a light design, and will hopefully load quickly. It loads in > about 0.6 seconds from here :-) > > Here's to wishing this site well on its way, and I look forward to see > if it lasts as well as my amateur version! > > Regards, > Jules. > > > P.S. All reports of broken links to me directly, not the mailing list > please. > --Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From arturs at netvision.net.il Tue Jun 6 11:25:57 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Tue Jun 6 10:27:34 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <44852F44.8070106@blacknight.ie> Message-ID: <005401c68953$99b625e0$3701a8c0@lapxp> > I have to ask.... > > How long has this been installed? > > Have you removed / replaced the sendmail init script? Not long, about a month. Installed from yum, so I had not to manually replace the script, as I did on Cobalt RaQ. It just turned sendmail off in chkconfig. Best, -- Arthur Sherman +972-52-4878851 CPTeam From Jan-Peter.Koopmann at seceidos.de Tue Jun 6 10:35:12 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Tue Jun 6 10:35:23 2006 Subject: Instructions for FreeBSD In-Reply-To: <448533F8.4050900@haigmail.com> Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 5925 bytes Desc: hmail1.jpg Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060606/dbc25452/attachment.jpe From Jan-Peter.Koopmann at seceidos.de Tue Jun 6 10:35:59 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Tue Jun 6 10:36:15 2006 Subject: Instructions for FreeBSD In-Reply-To: <44849CF5.8020209@rogers.com> Message-ID: On Monday, June 05, 2006 11:07 PM Mike Jakubik wrote: > DAve wrote: >> If the port currently works, and Julian's tarball currently works, >> what is there to patch? > > "other tweaks and settings" Like what? From glenn.steen at gmail.com Tue Jun 6 10:37:01 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 6 10:37:03 2006 Subject: How to block emails from some of yahoogroups but not all In-Reply-To: References: <223f97700606050338o6946927aw4ad1a4c56a21691f@mail.gmail.com> Message-ID: <223f97700606060237v2a57be0as7fdecc5d97c16132@mail.gmail.com> On 06/06/06, Budi Febrianto wrote: > > > mailscanner-bounces@lists.mailscanner.info wrote on 06/05/2006 05:38:45 PM: > > > On 05/06/06, Budi Febrianto wrote: > > > > > > Dear All, > > > > > > Just join this group, and the two emails from mailscanner.info (confirm > and > > > welcome) tagged as spam :). Have manually added mailscanner.info as > > > whitelist. :). > > > > > > Lot's of my users join the yahoogroups. It's not a problem, but... my > > > management want me to block emails from yahoogroups that contains that > are > > > not allowed, like porn. > > > > > > So I like to block emails from abc of yahoogroups. > > > I tried to simply blacklist emails from abc@yahoogroups.com, but it > didn't > > > work. Should I put it in SA as new rules? Any examples? > > > > > > Best Regards > > > > > Budi, look at the thread "Listserv whitelisting: Reply-to header > > field? " ... You get the idea:-). > > > > Hmmm, gmane seem to be down, so you'll have to rely on > > http://lists.mailscanner.info/pipermail/mailscanner/2006-June/thread.html > > ... whioch doesn't seem to thread that well... Oh well. > > > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > Dear Glenn, > Thanks for the reply. > I check the MailScanner.conf and found out that Add Envelope From > Header allready set to yes. > > ===MailScanner.conf=== > Add Envelope From Header = yes > Add Envelope To Header = no > Envelope From Header = X-%org-name%-MailScanner-From: > === > > But I don't see any header in my emails with the tag like > X-myorgname-MailScanner-From:, is that a problem? > > I tried added To:, From: and even Reply-To: in spam.whitelist.rules, > nothing is work. (before doing it in spam.blacklist.rules... better try it > in whitelist first) > > Am I missing something? > You can see the envelope sender in your MTAs logfile. The headers are often "forged" on "legitimate" lists too, so are no help at all. In that log you'll see the actual sending servers IP address too. If you run MailWatch (which I think you do), the envelope sender and IP is very prominently visible... And you can also easily see if the headers differ from what is actually used (in the details page). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Jun 6 10:43:53 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 6 10:43:55 2006 Subject: MailScanner goes byebyes In-Reply-To: References: <200606050643.51121.james@grayonline.id.au> <44840428.65ED.00A2.0@plattesheriff.org> Message-ID: <223f97700606060243w2932b5c0xf326c33f41ce40f@mail.gmail.com> On 06/06/06, Res wrote: > On Mon, 5 Jun 2006, Rob Poe wrote: > > >> Mine get none, the usual child starting blah blah, found and processed > >> X number of messages and thats it.. > >> So I guess its a case of the childs starts, processes its first batch then > >> ninite we go :( > > > > What version of MailScanner are you running. What MTA? Linux Distro? > > > > latest stable MS, linux, slackware, qmail > we have 3 other qmail boxes that are as hard of working as this one, we > have several sendmail box's that work as hard and even harder, this only > happens on one of them. I can not no master how hard i try, make it > replicate to any of the others, and it runs the same kernel as most of the > others. > > > -- > Cheers > Res Well, *something* must differ... Perl modules? Some basic kernel settings (if you set 'em via sysconf/proc)? You're a smart person Res, you'll figure it out... If you have a very many hosts, this could be the statistically probable HW strangeness kicking in:-):-) Do you see anything strange in the resource consumption when it hangs? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From michele at blacknight.ie Tue Jun 6 11:02:01 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight Solutions) Date: Tue Jun 6 11:02:13 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> Message-ID: <029d01c68950$42d74130$88c5c657@arthur> Julian Field <> said on 06 June 2006 09:41: > I am please to announce the arrival of the new MailScanner website at > > www.mailscanner.info > > This has been professionally designed and I hope you will agree that > it is a much-needed step up from my previous amateur effort which has > done us less for the 6 years or so. > > It is still a light design, and will hopefully load quickly. It loads > in about 0.6 seconds from here :-) > > Here's to wishing this site well on its way, and I look forward to > see if it lasts as well as my amateur version! > > Regards, > Jules. > Nice, but why does the "contact us" link go straight to a mailto? One of my pethates are "mailto" links hiding under "contact us" type links From lhaig at haigmail.com Tue Jun 6 11:11:25 2006 From: lhaig at haigmail.com (Lance Haig) Date: Tue Jun 6 11:11:31 2006 Subject: Instructions for FreeBSD In-Reply-To: References: Message-ID: <448554CD.3020708@haigmail.com> Thanks, I will wait for the new one to be released and then try installing it. I had quite a bit of trouble the last time I tried the normal and the devel versions Lance Koopmann, Jan-Peter wrote: > > On Dienstag, 6. Juni 2006 9:51 Lance Haig wrote: > > > if I may ask what would the install order be to have a installed > > version of MS SA Clamav Bitdefender and the other tools. is there a > > place on the wiki? > > Using ports? Install MailScanner using the port and tell it to install > SpamAssassin, ClamAV and Bitdefender along with it. That's it. The > rest should be done automatically. After that you need to configure > MailScanner and SpamAssassin to your likings. > > > I would love to help out if I can. > > We first need to straighten out the process of releasing new versions > with Julian. :-) > > > Kind regards, > JP > > > -- > This message has been scanned for viruses and > dangerous content by *Red Armour MailScanner* > , and is > believed to be clean. > -- *Lance Haig* Director *Work:* 07967967108 *Mobile:* 07967967108 *Email:* lhaig@haigmail.com *http://www.linkedin.com/in/lancehaig * * * *HaigMail dot Com* See who we know in common Want a signature like this? -------------- next part -------------- Skipped content of type multipart/related From fajarep at simplimobile.com Tue Jun 6 11:11:31 2006 From: fajarep at simplimobile.com (Fajar) Date: Tue Jun 6 11:11:38 2006 Subject: MailScanner ANNOUNCE: New Web Site References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> Message-ID: <008801c68951$95f908c0$8001a8c0@Fajar> it's rather slow here, but looks like professional site now :) i hope because the site looks cool, mailscanner won't be paid license :) keep your good work cheers ----- Original Message ----- From: "Julian Field" To: "MailScanner mailing list" ; "MailScanner Beta-testers" ; "MailScanner-Announce mailing list list" Sent: Tuesday, June 06, 2006 3:40 PM Subject: MailScanner ANNOUNCE: New Web Site >I am please to announce the arrival of the new MailScanner website at > > www.mailscanner.info > > This has been professionally designed and I hope you will agree that it > is a much-needed step up from my previous amateur effort which has done > us less for the 6 years or so. > > It is still a light design, and will hopefully load quickly. It loads in > about 0.6 seconds from here :-) > > Here's to wishing this site well on its way, and I look forward to see if > it lasts as well as my amateur version! > > Regards, > Jules. > > > P.S. All reports of broken links to me directly, not the mailing list > please. > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at seceidos.de Tue Jun 6 11:14:46 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Tue Jun 6 11:14:56 2006 Subject: FreeBSD 4.56.4 In-Reply-To: Message-ID: On Tuesday, June 06, 2006 9:07 AM Koopmann, Jan-Peter wrote: > FYI: I just released a quickshot of the 4.56.4 port. I hope it will > be committed today. It has just been committed... From maillists at conactive.com Tue Jun 6 11:31:18 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jun 6 11:31:31 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <004201c6894f$bf544330$3701a8c0@lapxp> References: <004201c6894f$bf544330$3701a8c0@lapxp> Message-ID: Arthur Sherman wrote on Tue, 06 Jun 2006 11:58:22 +0200: > As has been previously saind in the list, these were (AFAIK) childs that > didn't exit. "children that didn't exist" is something that doesn't exist. "ps ax|grep send" will tell you more. > If MailScanner would wait for them to exit (and report this when stopping) > that would be great. It doesn't make sense to kill these, if these *were* children handling a connection. You only want to shutdown the queueing processes. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Tue Jun 6 11:31:18 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jun 6 11:31:32 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <002401c6893d$30b7cc80$3701a8c0@lapxp> References: <002401c6893d$30b7cc80$3701a8c0@lapxp> Message-ID: Arthur Sherman wrote on Tue, 06 Jun 2006 09:45:32 +0200: > Btw, is it possible to make MailScanner wait for childs to exit before it > reports successful service shutdown? Don't know, but remember that childs can sit there *very* long. (hours) Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From adrik at salesmanager.nl Tue Jun 6 11:43:26 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Tue Jun 6 11:43:28 2006 Subject: FreeBSD 4.56.4 Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Koopmann, Jan-Peter > Sent: dinsdag 6 juni 2006 12:15 > To: MailScanner discussion > Subject: RE: FreeBSD 4.56.4 > > On Tuesday, June 06, 2006 9:07 AM Koopmann, Jan-Peter wrote: > > > FYI: I just released a quickshot of the 4.56.4 port. I hope > it will be > > committed today. > > It has just been committed... > Jan Peter, Thanks. Adri. From edwardbruce at sbcglobal.net Tue Jun 6 13:02:28 2006 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Tue Jun 6 13:02:32 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> Message-ID: <44856ED4.6050309@sbcglobal.net> Nice clean look and loads fast here in Michigan. From danc at bluestarshows.com Tue Jun 6 14:59:15 2006 From: danc at bluestarshows.com (Dan Carl) Date: Tue Jun 6 15:01:40 2006 Subject: Expired records from the SpamAssassin cache Message-ID: <044001c68971$65fdcf00$0200000a@danc3> Since a recent upgrade I am getting log entires like this: Expired 1 records from the SpamAssassin cache : 80 Time(s) Can some explain what they are? If my memory serves me right I this happened on a previous version and I fixed it by adding this cronjob. 30 0 * * * /usr/bin/sa-learn --force-expire Do I still need to do this? Thanks, ps New Website looks very professional! From martinh at solid-state-logic.com Tue Jun 6 15:45:15 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Jun 6 15:45:30 2006 Subject: Expired records from the SpamAssassin cache In-Reply-To: <044001c68971$65fdcf00$0200000a@danc3> Message-ID: <001c01c68977$d49cfed0$3004010a@martinhlaptop> Dan No - this a a newish feature where MS keeps its own cache of recent spam hashes. Its a lot quicker to look in this system than replay the entire message through SA. If it finds a hit it gets marked as spam, if not it proceeds to run SA. MS keeps this info for about 1 hour (varies) and the expires you are seeing are 'old' records being deleted from MS cache. Given most people get more spam than ham now-adays this technique can dramtically increase speed of processing (anywhere up to 10x). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Dan Carl > Sent: 06 June 2006 14:59 > To: mailscanner@lists.mailscanner.info > Subject: Expired records from the SpamAssassin cache > > Since a recent upgrade I am getting log entires like this: > Expired 1 records from the SpamAssassin cache : 80 Time(s) > > Can some explain what they are? > > If my memory serves me right I this happened on a previous version and > I fixed it by adding this cronjob. > 30 0 * * * /usr/bin/sa-learn --force-expire > Do I still need to do this? > Thanks, > ps > New Website looks very professional! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From cpedaschus at gmx.de Tue Jun 6 15:51:41 2006 From: cpedaschus at gmx.de (Christian Pedaschus) Date: Tue Jun 6 15:52:40 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <44856ED4.6050309@sbcglobal.net> References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> <44856ED4.6050309@sbcglobal.net> Message-ID: <4485967D.3080902@gmx.de> Ed Bruce wrote: >Nice clean look and loads fast here in Michigan. > > Fully agreed and loads fast in Germany too :) From MailScanner at ecs.soton.ac.uk Tue Jun 6 16:38:57 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 6 16:39:18 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <4485967D.3080902@gmx.de> References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> <44856ED4.6050309@sbcglobal.net> <4485967D.3080902@gmx.de> Message-ID: On 6 Jun 2006, at 15:51, Christian Pedaschus wrote: > Ed Bruce wrote: > >> Nice clean look and loads fast here in Michigan. >> >> > Fully agreed and loads fast in Germany too :) That's great news, thanks. Have you bought the book yet? If you want reviews, ask anyone on the list who has a copy. Cheers, Jules. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From cparker at swatgear.com Tue Jun 6 17:03:42 2006 From: cparker at swatgear.com (Chris W. Parker) Date: Tue Jun 6 17:04:01 2006 Subject: MailScanner ANNOUNCE: New Web Site Message-ID: <97FD54B5E57A1842AA1A4B232E4761172C4E15@ati-ex-02.ati.local> Julian Field on Tuesday, June 06, 2006 1:41 AM said: > It is still a light design, and will hopefully load quickly. It loads > in about 0.6 seconds from here :-) Looks to be a lot heavier than your original version, especially with all those tables in there. :P It's weird to see a new design after all these years. Chris. From Jan-Peter.Koopmann at seceidos.de Tue Jun 6 17:08:55 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Tue Jun 6 17:09:07 2006 Subject: Instructions for FreeBSD In-Reply-To: <448554CD.3020708@haigmail.com> Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 5925 bytes Desc: hmail1.jpg Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060606/e8100836/attachment.jpe From cpedaschus at gmx.de Tue Jun 6 17:17:07 2006 From: cpedaschus at gmx.de (Christian Pedaschus) Date: Tue Jun 6 17:18:06 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> <44856ED4.6050309@sbcglobal.net> <4485967D.3080902@gmx.de> Message-ID: <4485AA83.2080103@gmx.de> Julian Field wrote: > That's great news, thanks. > > Have you bought the book yet? If you want reviews, ask anyone on the > list who has a copy. > > Cheers, > Jules. > OK, convinced (because you're a kind and helpful guy ;) ) Ordered it 5min ago on Amazon.de, takes 4-6 weeks to deliver (O_o) and costs 46 Euro (~60$) without shipping. Greets, Chris *Offene Bestellungen* *Bestellungsdatum:* 6. Juni 2006 *Bestellnummer:* 303-9394601-7927413 *Empf?nger:* CHRISTIAN PEDASCHUS Bestellung ansehen oder ?ndern *Noch nicht versandte Artikel:* Lieferung voraussichtlich: 6. Juli 2006 - 22. Juli 2006 * 1 Exemplar(e) von: Mailscanner: User Guide and Training Manual From maillists at conactive.com Tue Jun 6 17:19:09 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jun 6 17:19:21 2006 Subject: Expired records from the SpamAssassin cache In-Reply-To: <044001c68971$65fdcf00$0200000a@danc3> References: <044001c68971$65fdcf00$0200000a@danc3> Message-ID: Dan Carl wrote on Tue, 6 Jun 2006 08:59:15 -0500: > Since a recent upgrade I am getting log entires like this: > Expired 1 records from the SpamAssassin cache : 80 Time(s) It occurred 80 times during that day that only a single record was expired. This is an aggregated figure. (Unfortunately, logwatch cannot aggregate different counts :-( It does *not* mean it expired the same record 80 times ;-) If that was your concern. This is normal operation and has nothing to do with bayes, it's MS-only. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mikej at rogers.com Tue Jun 6 17:25:15 2006 From: mikej at rogers.com (Mike Jakubik) Date: Tue Jun 6 17:25:06 2006 Subject: Instructions for FreeBSD In-Reply-To: References: Message-ID: <4485AC6B.6040703@rogers.com> Koopmann, Jan-Peter wrote: > On Monday, June 05, 2006 11:07 PM Mike Jakubik wrote: > > >> DAve wrote: >> >>> If the port currently works, and Julian's tarball currently works, >>> what is there to patch? >>> >> "other tweaks and settings" >> > > Like what? > > No idea, ask Julian :) He says that they are documented on his Wiki now. "I have documented the clamav_sa script actions on the wiki. Now you can more easily do it all by hand if you need to." From jstevens at athensdistributing.com Tue Jun 6 17:31:09 2006 From: jstevens at athensdistributing.com (James R. Stevens) Date: Tue Jun 6 17:31:16 2006 Subject: MailScanner ANNOUNCE: New Web Site Message-ID: <1A65E6BAEADF9B4F865314484A13ECF10F8E3C@atlas.athensdistributing.com> I was looking at ordering a Shirt or two.. To bad no Hot models wearing the spagetti T-s on the new site..:-) -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Christian Pedaschus Sent: Tuesday, June 06, 2006 11:17 AM To: MailScanner discussion Subject: Re: MailScanner ANNOUNCE: New Web Site Julian Field wrote: > That's great news, thanks. > > Have you bought the book yet? If you want reviews, ask anyone on the > list who has a copy. > > Cheers, > Jules. > OK, convinced (because you're a kind and helpful guy ;) ) Ordered it 5min ago on Amazon.de, takes 4-6 weeks to deliver (O_o) and costs 46 Euro (~60$) without shipping. Greets, Chris *Offene Bestellungen* *Bestellungsdatum:* 6. Juni 2006 *Bestellnummer:* 303-9394601-7927413 *Empf?nger:* CHRISTIAN PEDASCHUS Bestellung ansehen oder ?ndern *Noch nicht versandte Artikel:* Lieferung voraussichtlich: 6. Juli 2006 - 22. Juli 2006 * 1 Exemplar(e) von: Mailscanner: User Guide and Training Manual -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. From TGFurnish at herffjones.com Tue Jun 6 17:41:21 2006 From: TGFurnish at herffjones.com (Furnish, Trever G) Date: Tue Jun 6 17:41:56 2006 Subject: MailScanner goes byebyes Message-ID: <57573D714A832C43B9D80EAFBDA48D0351B593@inex3.herffjones.hj-int> You might consider waiting till you believe all the mailscanner children have stopped processing messages, then attach to one of the children (not the parents) with strace -p to see what's doing. The output's not likely to lead you to any particular spot in the code, but at least you should see each child periodically wake up and read the incoming queue directory for files. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Res Sent: Saturday, June 03, 2006 11:01 PM To: mailscanner@lists.mailscanner.info Subject: MailScanner goes byebyes Hey all, Anyone seen before and bene able to produce a cure for why if tehre is a large queue MailScanner stops processing mail, it runs fine use --lint no errors, run in debug nothing happens I have to continuellay HUP the damned thing for it to process, once with starts its 10 kiddies thatsa the end of it until I hup it again From iarteaga at cwpanama.net Tue Jun 6 17:44:35 2006 From: iarteaga at cwpanama.net (Ivan Arteaga) Date: Tue Jun 6 17:44:56 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> Message-ID: Hi, I really want to congratulate you all the MS team for your great job and your new excellent web site. It loads faster and it's more user friendly ( my personal point of view ) Furthermore, I fixed a couple of nightmares with the list help, not to mentioned the great tool MS itself is... --Ivan. PS. Keep it free!! ( I already bought the book btw ) "In 1968 it took the computing-Power of 2 C-64 to fly a rocket to the moon. Now, it takes the Power of a Pentium 4 to run Windows XP... Something must have gone wrong." -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Tuesday, June 06, 2006 3:41 AM To: MailScanner mailing list; MailScanner Beta-testers; MailScanner-Announce mailing list list Subject: MailScanner ANNOUNCE: New Web Site I am please to announce the arrival of the new MailScanner website at www.mailscanner.info This has been professionally designed and I hope you will agree that it is a much-needed step up from my previous amateur effort which has done us less for the 6 years or so. It is still a light design, and will hopefully load quickly. It loads in about 0.6 seconds from here :-) Here's to wishing this site well on its way, and I look forward to see if it lasts as well as my amateur version! Regards, Jules. P.S. All reports of broken links to me directly, not the mailing list please. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From gmane at tippingmar.com Tue Jun 6 18:56:49 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Tue Jun 6 18:57:40 2006 Subject: sophos v5 updating Message-ID: I'm installing a new MailScanner server from scratch, so I have the opportunity to use sophos 5 instead of sophos 4 if I want to. I've read the wiki and I have the latest MailScanner so I can use MailScanner's sophos installation script. On the Sophos download website I see that v5 download file is 50Mb, while v4 is only 12Mb. I suppose that is because v5 has on-access scanning capability, that we will turn off anyway for use with MailScanner. If I use v5 will I have to download a 50Mb engine update every month? Although I have sophos EM library running for my windows workstations, I'd prefer the mail server to update itself rather than relying on a windows machine. What is everyone else doing? Thanks, Mark From MailScanner at ecs.soton.ac.uk Tue Jun 6 20:26:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 6 20:27:17 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <4485AA83.2080103@gmx.de> References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> <44856ED4.6050309@sbcglobal.net> <4485967D.3080902@gmx.de> <4485AA83.2080103@gmx.de> Message-ID: <4485D6FF.7060303@ecs.soton.ac.uk> Christian Pedaschus wrote: > Julian Field wrote: > > >> That's great news, thanks. >> >> Have you bought the book yet? If you want reviews, ask anyone on the >> list who has a copy. >> >> Cheers, >> Jules. >> >> > OK, convinced (because you're a kind and helpful guy ;) ) > Ordered it 5min ago on Amazon.de, takes 4-6 weeks to deliver (O_o) and > costs 46 Euro (~60$) without shipping. > > You should have ordered it from the web site. It would have cost you $40 and you would have had it in 2 weeks. I strongly advise you cancel your Amazon order and click on the pretty picture in the MailScanner web site, which will take you direct to the publishers. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue Jun 6 20:29:48 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 6 20:30:00 2006 Subject: Instructions for FreeBSD In-Reply-To: <4485AC6B.6040703@rogers.com> References: <4485AC6B.6040703@rogers.com> Message-ID: <4485D7AC.5040108@ecs.soton.ac.uk> Mike Jakubik wrote: > Koopmann, Jan-Peter wrote: >> On Monday, June 05, 2006 11:07 PM Mike Jakubik wrote: >> >> >>> DAve wrote: >>> >>>> If the port currently works, and Julian's tarball currently works, >>>> what is there to patch? >>>> >>> "other tweaks and settings" >>> >> >> Like what? >> >> > > No idea, ask Julian :) He says that they are documented on his Wiki > now. "I have documented the clamav_sa script actions on the wiki. Now > you can more easily do it all by hand if you need to." > http://www.mailscanner.info/wiki/doku.php?id=documentation:clamav_sa -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From cpedaschus at gmx.de Tue Jun 6 20:38:03 2006 From: cpedaschus at gmx.de (Christian Pedaschus) Date: Tue Jun 6 20:39:05 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <4485D6FF.7060303@ecs.soton.ac.uk> References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> <44856ED4.6050309@sbcglobal.net> <4485967D.3080902@gmx.de> <4485AA83.2080103@gmx.de> <4485D6FF.7060303@ecs.soton.ac.uk> Message-ID: <4485D99B.7010006@gmx.de> Julian Field wrote: > > > Christian Pedaschus wrote: > >> Julian Field wrote: >> >> >> >>> That's great news, thanks. >>> >>> Have you bought the book yet? If you want reviews, ask anyone on the >>> list who has a copy. >>> >>> Cheers, >>> Jules. >>> >>> >> >> OK, convinced (because you're a kind and helpful guy ;) ) >> Ordered it 5min ago on Amazon.de, takes 4-6 weeks to deliver (O_o) and >> costs 46 Euro (~60$) without shipping. >> >> > > You should have ordered it from the web site. It would have cost you > $40 and you would have had it in 2 weeks. I strongly advise you cancel > your Amazon order and click on the pretty picture in the MailScanner > web site, which will take you direct to the publishers. > not an option, as i don't own a credit card (yes, such ppl really exist ;) ) From cpedaschus at gmx.de Tue Jun 6 20:41:26 2006 From: cpedaschus at gmx.de (Christian Pedaschus) Date: Tue Jun 6 20:42:29 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <4485D6FF.7060303@ecs.soton.ac.uk> References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> <44856ED4.6050309@sbcglobal.net> <4485967D.3080902@gmx.de> <4485AA83.2080103@gmx.de> <4485D6FF.7060303@ecs.soton.ac.uk> Message-ID: <4485DA66.90207@gmx.de> Julian Field wrote: > > > Christian Pedaschus wrote: > >> Julian Field wrote: >> >> >> >>> That's great news, thanks. >>> >>> Have you bought the book yet? If you want reviews, ask anyone on the >>> list who has a copy. >>> >>> Cheers, >>> Jules. >>> >>> >> >> OK, convinced (because you're a kind and helpful guy ;) ) >> Ordered it 5min ago on Amazon.de, takes 4-6 weeks to deliver (O_o) and >> costs 46 Euro (~60$) without shipping. >> >> > > You should have ordered it from the web site. It would have cost you > $40 and you would have had it in 2 weeks. I strongly advise you cancel > your Amazon order and click on the pretty picture in the MailScanner > web site, which will take you direct to the publishers. > and i'm not in hurry, have lots of stuff to read and i don't really care for the 20 extra bucks, was more 'an informative side-note for you' :) From mikej at rogers.com Tue Jun 6 20:43:44 2006 From: mikej at rogers.com (Mike Jakubik) Date: Tue Jun 6 20:43:34 2006 Subject: Instructions for FreeBSD In-Reply-To: <4485D7AC.5040108@ecs.soton.ac.uk> References: <4485AC6B.6040703@rogers.com> <4485D7AC.5040108@ecs.soton.ac.uk> Message-ID: <4485DAF0.3040109@rogers.com> Julian Field wrote: > > > Mike Jakubik wrote: >> Koopmann, Jan-Peter wrote: >> No idea, ask Julian :) He says that they are documented on his Wiki >> now. "I have documented the clamav_sa script actions on the wiki. Now >> you can more easily do it all by hand if you need to." >> > http://www.mailscanner.info/wiki/doku.php?id=documentation:clamav_sa > Ok, i guess the context of the original message got somehow lost. I don't see how any of this applies to FreeBSD, as its all already handled nicely by the ports... From james at grayonline.id.au Tue Jun 6 21:33:39 2006 From: james at grayonline.id.au (James Gray) Date: Tue Jun 6 21:34:14 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> Message-ID: <200606070633.44037.james@grayonline.id.au> On Tue, 6 Jun 2006 06:40 pm, Julian Field wrote: > I am please to announce the arrival of the new MailScanner website at > > www.mailscanner.info > > This has been professionally designed and I hope you will agree that > it is a much-needed step up from my previous amateur effort which has > done us less for the 6 years or so. Indeed. The new look is slick, professional and intuitive. Not that dissimilar to MailScanner itself really ;) > It is still a light design, and will hopefully load quickly. It loads > in about 0.6 seconds from here :-) 1-2 seconds here including DNS overhead. Congratulations on the new site. It's fantastic! Cheers, James -- BOFH excuse #12: dry joints on cable plug -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060607/13140197/attachment.bin From michele at blacknight.ie Tue Jun 6 21:36:00 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Tue Jun 6 21:36:02 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <4485D6FF.7060303@ecs.soton.ac.uk> References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> <44856ED4.6050309@sbcglobal.net> <4485967D.3080902@gmx.de> <4485AA83.2080103@gmx.de> <4485D6FF.7060303@ecs.soton.ac.uk> Message-ID: <4485E730.5040301@blacknight.ie> Who did the new site? A few people have been asking me -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From shrek-m at gmx.de Tue Jun 6 21:36:40 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Tue Jun 6 21:36:48 2006 Subject: sophos v5 updating In-Reply-To: References: Message-ID: <4485E758.2020004@gmx.de> Mark Nienberg schrieb: > On the Sophos download website I see that v5 download file is 50Mb, > while v4 is only 12Mb. I suppose that is because v5 has on-access > scanning capability, and a gui (sav-web), ... > If I use v5 will I have to download a 50Mb engine update every month? no. sophos v5 has its own update mechanism. see "roots crontab" or "/usr/lib/MailScanner/sophos-autoupdate" `/opt/sophos-av/bin/savupdate` # du -sh /opt/sophos-av/update/ 29M /opt/sophos-av/update/ fc3 -> fc4 update (amd) after several kernel updates == installed once a few months ago, no problems, sav 5.x is up2date fc5 (amd64) after several kernel updates == installed once a few months ago, no problems, sav 5.x is up2date > Although I have sophos EM library running for my windows workstations, the same here. > I'd prefer the mail server to update itself rather than relying on a > windows machine. just my thoughts. > What is everyone else doing? - em library (primary); http://es-web.sophos.com/ (secondary) win clients - sophos v5 update - http://es-web.sophos.com/ (primary) linux servers, sav 5.x mobile clients (win, mac, linux), sav 4.x/5.x workgroups without windows-server/em-library -- shrek-m From naolson at gmail.com Tue Jun 6 21:49:51 2006 From: naolson at gmail.com (Nathan Olson) Date: Tue Jun 6 21:49:53 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <4485E730.5040301@blacknight.ie> References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> <44856ED4.6050309@sbcglobal.net> <4485967D.3080902@gmx.de> <4485AA83.2080103@gmx.de> <4485D6FF.7060303@ecs.soton.ac.uk> <4485E730.5040301@blacknight.ie> Message-ID: <8f54b4330606061349h444ffe1cn923dbfb6a30e916f@mail.gmail.com> Firefox 1.0.8 on RHEL 4 WS. The whole page shimmies to the left when you click on Documentation. Nate From naolson at gmail.com Tue Jun 6 21:50:21 2006 From: naolson at gmail.com (Nathan Olson) Date: Tue Jun 6 21:50:22 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <8f54b4330606061349h444ffe1cn923dbfb6a30e916f@mail.gmail.com> References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> <44856ED4.6050309@sbcglobal.net> <4485967D.3080902@gmx.de> <4485AA83.2080103@gmx.de> <4485D6FF.7060303@ecs.soton.ac.uk> <4485E730.5040301@blacknight.ie> <8f54b4330606061349h444ffe1cn923dbfb6a30e916f@mail.gmail.com> Message-ID: <8f54b4330606061350t582e469pa1e055ac9f8a7c8c@mail.gmail.com> Whoops. To the *right*, that is. Nate From res at ausics.net Tue Jun 6 21:56:04 2006 From: res at ausics.net (Res) Date: Tue Jun 6 21:56:15 2006 Subject: MailScanner goes byebyes In-Reply-To: <57573D714A832C43B9D80EAFBDA48D0351B593@inex3.herffjones.hj-int> References: <57573D714A832C43B9D80EAFBDA48D0351B593@inex3.herffjones.hj-int> Message-ID: On Tue, 6 Jun 2006, Furnish, Trever G wrote: > > You might consider waiting till you believe all the mailscanner children > have stopped processing messages, then attach to one of the children > (not the parents) with strace -p to see what's doing. The output's not That was one of the first things I did, and the last output from memory was an "unlink", hasnt done it for 2 days now, but it can go for a few days before happening, then happen constantly for hours, there was no set pattern. > likely to lead you to any particular spot in the code, but at least you > should see each child periodically wake up and read the incoming queue > directory for files. > Thats just it, no, it was like it was totaly asleep -- Regards Res From naolson at gmail.com Tue Jun 6 21:59:23 2006 From: naolson at gmail.com (Nathan Olson) Date: Tue Jun 6 21:59:24 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <4485E730.5040301@blacknight.ie> References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> <44856ED4.6050309@sbcglobal.net> <4485967D.3080902@gmx.de> <4485AA83.2080103@gmx.de> <4485D6FF.7060303@ecs.soton.ac.uk> <4485E730.5040301@blacknight.ie> Message-ID: <8f54b4330606061359h1357f098s206e0adf1ad0f7f6@mail.gmail.com> The title of the page never changes. It's also kind of odd that the MailScanner logo isn't a link back to the home page. Nate From MailScanner at ecs.soton.ac.uk Tue Jun 6 22:04:58 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 6 22:05:08 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <4485E730.5040301@blacknight.ie> References: <6CD82DB4-6A6B-4990-A923-E667DC96C381@ecs.soton.ac.uk> <44856ED4.6050309@sbcglobal.net> <4485967D.3080902@gmx.de> <4485AA83.2080103@gmx.de> <4485D6FF.7060303@ecs.soton.ac.uk> <4485E730.5040301@blacknight.ie> Message-ID: <4485EDFA.20607@ecs.soton.ac.uk> Vince Dimanno did all the hard work for us. Please tell him I sent you :-) Michele Neylon :: Blacknight.ie wrote: > Who did the new site? > > A few people have been asking me > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From TGFurnish at herffjones.com Tue Jun 6 21:50:15 2006 From: TGFurnish at herffjones.com (Furnish, Trever G) Date: Tue Jun 6 22:39:35 2006 Subject: Handling spam in DSNs from other sites? Message-ID: <57573D714A832C43B9D80EAFBDA48D0351B5A0@inex3.herffjones.hj-int> I have a feeling I'm missing an obvious answer, but what does everyone suggest for handling DSNs from other sites (not mine) that include spam in the message? The mua's don't care that this is a DSN, they still happily display the spam, and I seem to be getting a *lot* more of these lately. It's been a long day and I'm a bit drugged up with cold medicine at the moment, so if I'm not making my question clear, perhaps this will help? I'm refering to the type of messages that would get me listed here if I were to simply reject them: http://www.rfc-ignorant.org/policy-dsn.php ...and which can contain message parts that include spam. What's the best way to deal with these messages? Hope that they still get tagged as spam and don't treat them specially? Is there some other option? Hmmm...maybe there's a DNSBL for "domains that include too much message body in DSNs"... Thanks in advance for all suggestions. -- Trever Furnish, tgfurnish at herffjones dot com From TGFurnish at herffjones.com Tue Jun 6 22:33:15 2006 From: TGFurnish at herffjones.com (Furnish, Trever G) Date: Tue Jun 6 22:39:37 2006 Subject: MailScanner goes byebyes Message-ID: <57573D714A832C43B9D80EAFBDA48D0351B5A1@inex3.herffjones.hj-int> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Res > Sent: Tuesday, June 06, 2006 4:56 PM > To: MailScanner discussion > Subject: RE: MailScanner goes byebyes > > On Tue, 6 Jun 2006, Furnish, Trever G wrote: > > > > > You might consider waiting till you believe all the mailscanner > > children have stopped processing messages, then attach to > one of the > > children (not the parents) with strace -p to see what's doing. The > > output's not > > That was one of the first things I did, and the last output > from memory was an "unlink", hasnt done it for 2 days now, > but it can go for a few days before happening, then happen > constantly for hours, there was no set pattern. > > > > likely to lead you to any particular spot in the code, but at least > > you should see each child periodically wake up and read the > incoming > > queue directory for files. > > > > Thats just it, no, it was like it was totaly asleep Hmmm... Not to sound too alarming, but that sounds odd enough that I'd be making sure I had recent backups of whatever's important on the system, then start looking for other signs of oddness or hardware/kernel problems. Are the processes ending up in uninterruptible sleep state? Is the process cputime increasing (ps -eo pid,user,cputime,cmd on linux -- geeze I hate that manual page!). From steve.swaney at fsl.com Tue Jun 6 22:45:20 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Tue Jun 6 22:45:25 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <8f54b4330606061349h444ffe1cn923dbfb6a30e916f@mail.gmail.com> Message-ID: <200501c689b2$826af730$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Nathan Olson > Sent: Tuesday, June 06, 2006 4:50 PM > To: MailScanner discussion > Subject: Re: MailScanner ANNOUNCE: New Web Site > > Firefox 1.0.8 on RHEL 4 WS. The whole page shimmies to the left when > you click on Documentation. > > Nate > Firefox 1.0.8 on RHEL 4 WS: Similar setup here and all pages work perfectly. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From glenn.steen at gmail.com Tue Jun 6 23:02:22 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 6 23:02:25 2006 Subject: Handling spam in DSNs from other sites? In-Reply-To: <57573D714A832C43B9D80EAFBDA48D0351B5A0@inex3.herffjones.hj-int> References: <57573D714A832C43B9D80EAFBDA48D0351B5A0@inex3.herffjones.hj-int> Message-ID: <223f97700606061502t1bf4a135tc22a32c0f437f886@mail.gmail.com> On 06/06/06, Furnish, Trever G wrote: > I have a feeling I'm missing an obvious answer, but what does everyone > suggest for handling DSNs from other sites (not mine) that include spam > in the message? The mua's don't care that this is a DSN, they still > happily display the spam, and I seem to be getting a *lot* more of these > lately. > > It's been a long day and I'm a bit drugged up with cold medicine at the > moment, so if I'm not making my question clear, perhaps this will help? > I'm refering to the type of messages that would get me listed here if I > were to simply reject them: > > http://www.rfc-ignorant.org/policy-dsn.php > > ...and which can contain message parts that include spam. What's the > best way to deal with these messages? Hope that they still get tagged > as spam and don't treat them specially? Is there some other option? > Hmmm...maybe there's a DNSBL for "domains that include too much message > body in DSNs"... > > Thanks in advance for all suggestions. > I'm sure others have other views, but ... why treat them any different than any other mail? scan them, tag them, drop them....:-). If they are legitimate, they will pass MS/SA/AVs anyway. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From TGFurnish at herffjones.com Tue Jun 6 23:42:25 2006 From: TGFurnish at herffjones.com (Furnish, Trever G) Date: Wed Jun 7 01:02:34 2006 Subject: Handling spam in DSNs from other sites? Message-ID: <57573D714A832C43B9D80EAFBDA48D0351B5A3@inex3.herffjones.hj-int> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Glenn Steen > Sent: Tuesday, June 06, 2006 6:02 PM > To: MailScanner discussion > Subject: Re: Handling spam in DSNs from other sites? > > On 06/06/06, Furnish, Trever G wrote: > > I have a feeling I'm missing an obvious answer, but what > does everyone > > suggest for handling DSNs from other sites (not mine) that include > > spam in the message? > Glenn Steen wrote: > I'm sure others have other views, but ... why treat them any > different than any other mail? scan them, tag them, drop them....:-). > If they are legitimate, they will pass MS/SA/AVs anyway. > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se Thanks. However, in many cases these are actually getting through. Since the ip address of the sending server isn't the spammer and isn't in the RBLs those checks aren't as helpful as they would've been for the original message. I tend to think these aren't being sent by a spammer who's identified a particular server with the specific intention of using the DSN for delivery, but rather just by a worm that's using my domain addresses as the faked sender address. If a specific server had been targeted, it'd probably end up in a DNSBL. SPF would help with the original message, but of course it does nothing to help with the bounce. From gmane at tippingmar.com Wed Jun 7 01:10:14 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Wed Jun 7 01:11:46 2006 Subject: flock, posix comments in MailScanner.conf Message-ID: I think the comments in MailScanner.conf re flock/posix are wrong: # How to lock spool files. # Don't set this unless you *know* you need to. # For sendmail, it defaults to "posix". # For sendmail 8.12 and older, you will probably need to # change it to flock, particularly on Linux systems. # For Exim, it defaults to "posix". # No other type is implemented. Lock Type = But on my fresh install on Fedora Core 5 I see in maillog: Jun 6 17:01:06 tesla MailScanner[24648]: MailScanner E-Mail Virus Scanner version 4.54.6 starting... Jun 6 17:01:06 tesla MailScanner[24648]: Read 746 hostnames from the phishing whitelist Jun 6 17:01:06 tesla MailScanner[24648]: Using SpamAssassin results cache Jun 6 17:01:06 tesla MailScanner[24648]: Connected to SpamAssassin cache database Jun 6 17:01:07 tesla MailScanner[24648]: I have found clamavmodule scanners installed, and will use them all by default. Jun 6 17:01:08 tesla MailScanner[24648]: Using locktype = flock even though I am using sendmail. It is v8.13 so I will set Lock Type = posix manually. Mark Nienberg From gmane at tippingmar.com Wed Jun 7 01:11:51 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Wed Jun 7 01:15:16 2006 Subject: sophos v5 updating In-Reply-To: <4485E758.2020004@gmx.de> References: <4485E758.2020004@gmx.de> Message-ID: shrek-m@gmx.de wrote: > Mark Nienberg schrieb: >> On the Sophos download website I see that v5 download file is 50Mb, >> while v4 is only 12Mb. I suppose that is because v5 has on-access >> scanning capability, > > and a gui (sav-web), ... > >> If I use v5 will I have to download a 50Mb engine update every month? > > no. > sophos v5 has its own update mechanism. > see "roots crontab" or "/usr/lib/MailScanner/sophos-autoupdate" > `/opt/sophos-av/bin/savupdate` > > # du -sh /opt/sophos-av/update/ > 29M /opt/sophos-av/update/ OK, I'll push on with it then. Thanks for the info. Mark From Jan-Peter.Koopmann at seceidos.de Wed Jun 7 07:00:16 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Wed Jun 7 07:00:33 2006 Subject: Instructions for FreeBSD In-Reply-To: <4485DAF0.3040109@rogers.com> Message-ID: On Tuesday, June 06, 2006 9:44 PM Mike Jakubik wrote: > Ok, i guess the context of the original message got somehow lost. I > don't see how any of this applies to FreeBSD, as its all already > handled nicely by the ports... Same here. Well without the tweaking of the config files of course (loadplugin etc.) but this should be done manually IMHO. If you patch this globally (would not know where exactly btw.) this could break installations on boxes with more than MailScanner on it. Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060607/7518276b/smime.bin From prakash.kannan at in.ness.com Wed Jun 7 06:51:16 2006 From: prakash.kannan at in.ness.com (Prakash) Date: Wed Jun 7 07:05:30 2006 Subject: sendmail In-Reply-To: Message-ID: Hi All, Can some one please send me the installation and configuration guide for sendmail for Solaris? Some pdfs/books on sendmail. Thanks Regards, Prakash _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Prakash Sent: Tuesday, June 06, 2006 1:33 PM To: mailscanner@lists.mailscanner.info Subject: sendmail Hi All, How to change the ip address of new smtp server in sendmail. Basically we had changed our exchange server ip address and need to modify in the sendmail server. Thanks Regards, Prakash Disclaimer This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom it is addressed. If you have received this communication in error, please immediately notify the MailAdmin@in.ness.com and destroy the original message. The recipient should check this email and any attachments for the presence of viruses. Ness has taken every reasonable precaution to minimize this risk, and accepts no liability for any damage caused by any virus transmitted in this email. Ness reserves the rights to monitor and review the content of all messages sent to or from this E-mail address, and store them on the Ness E-mail system. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060607/98af75fe/attachment.html From arturs at netvision.net.il Wed Jun 7 09:30:30 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Wed Jun 7 08:32:07 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: Message-ID: <00e101c68a0c$a33a1090$3701a8c0@lapxp> > Don't know, but remember that childs can sit there *very* > long. (hours) Then I prefer them killed. Best, -- Arthur Sherman +972-52-4878851 CPTeam From arturs at netvision.net.il Wed Jun 7 09:30:30 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Wed Jun 7 08:32:08 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: Message-ID: <00e201c68a0c$a38ff8c0$3701a8c0@lapxp> > It doesn't make sense to kill these, if these *were* children > handling a > connection. You only want to shutdown the queueing processes. Right. But I'd like to be notified that they still are and when they finished. You see, this could sound minor, but I had a hell of hour trying to understand why, or why, clamav-milter didn't work after successful installation and sendmail restarted (to remind you, sendmail is controlled by MailScanner, so basically, MailScanner restarted). I documented to myself to check for existance of sendmail childs next time I built a mailer, although it would be nice if MailScanner could hadnle such things itself - would be neater... Best, -- Arthur Sherman +972-52-4878851 CPTeam From smf at f2s.com Wed Jun 7 08:33:34 2006 From: smf at f2s.com (Steve Freegard) Date: Wed Jun 7 08:33:39 2006 Subject: Handling spam in DSNs from other sites? In-Reply-To: <57573D714A832C43B9D80EAFBDA48D0351B5A3@inex3.herffjones.hj-int> References: <57573D714A832C43B9D80EAFBDA48D0351B5A3@inex3.herffjones.hj-int> Message-ID: <4486814E.7020503@f2s.com> Hi Trever, Furnish, Trever G wrote: > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Glenn Steen >> Sent: Tuesday, June 06, 2006 6:02 PM >> To: MailScanner discussion >> Subject: Re: Handling spam in DSNs from other sites? >> >> On 06/06/06, Furnish, Trever G wrote: >>> I have a feeling I'm missing an obvious answer, but what >> does everyone >>> suggest for handling DSNs from other sites (not mine) that include >>> spam in the message? > >> Glenn Steen wrote: >> I'm sure others have other views, but ... why treat them any >> different than any other mail? scan them, tag them, drop them....:-). >> If they are legitimate, they will pass MS/SA/AVs anyway. >> -- >> -- Glenn >> email: glenn < dot > steen < at > gmail < dot > com >> work: glenn < dot > steen < at > ap1 < dot > se > > Thanks. However, in many cases these are actually getting through. > Since the ip address of the sending server isn't the spammer and isn't > in the RBLs those checks aren't as helpful as they would've been for the > original message. > > I tend to think these aren't being sent by a spammer who's identified a > particular server with the specific intention of using the DSN for > delivery, but rather just by a worm that's using my domain addresses as > the faked sender address. If a specific server had been targeted, it'd > probably end up in a DNSBL. SPF would help with the original message, > but of course it does nothing to help with the bounce. I've been experimenting with some stuff to address this. The problem being that the DSN is being sent to you for a message that never originated at your site. After some investigation I found out that someone else had come up with a clever solution to this: using SRS (part of SPF) to re-write all the envelopes of messages sent from out from your domains (and re-writing all inbound returns) with SRS (which contains a hashed-secret which would be impossible for the spammer to guess). Then you use a milter that rejects any DSNs that are not SRS signed or that are SRS signed and do not have a valid signature. Here's my results so far - this shows all MTA level rejections on my test box: date | greet_p | rbl | relay | uribl | 8bit | dsn_no_srs ------------+---------+-------+-------+-------+------+------------ 2006-06-07 | 135 | 2168 | 263 | 467 | 101 | 82 2006-06-06 | 1389 | 25462 | 1061 | 4456 | 2214 | 1001 2006-06-05 | 1728 | 23948 | 93 | 5111 | 1591 | 1129 There are several down-sides, SRS is 'frowned' upon by some as it has the potential to break the RFCs that state that the local-part field size should be 64 bytes although it does state that an implementation can pick a larger value (also VERP has been doing this for years without issue). The other down-side is that to implement this I had to re-compile Sendmail with -DSOCKETMAP and hack the .cf file as the provided m4 HACK provided didn't work for me (it put the changes in the wrong place). I've also never tried this on a production system. See http://srs-socketmap.info/sendmailsrs.htm for the gory details... Exim users have it slightly better than the Sendmail crowd - see http://srs.mirtol.com/exim.php for details. Before anyone asks -- I couldn't find an implementation for Postfix. Cheers, Steve. From arturs at netvision.net.il Wed Jun 7 10:13:26 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Wed Jun 7 09:15:03 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? Message-ID: <00e601c68a12$a25ce840$3701a8c0@lapxp> Suddenly got confused... Who should do RBL checks: MailScanner or SpamAssassin? spam.assassin.prefs.conf says I am better uncomment skip_rbl_checks and let MailScanner do it. But then I will actually disable Razor and DCC checks, won't i? Enabling in both seems unwise and not recommended. Please your advice. Best, -- Arthur Sherman +972-52-4878851 CPTeam From MailScanner at ecs.soton.ac.uk Wed Jun 7 09:32:14 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 7 09:32:30 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <00e601c68a12$a25ce840$3701a8c0@lapxp> References: <00e601c68a12$a25ce840$3701a8c0@lapxp> Message-ID: On 7 Jun 2006, at 10:13, Arthur Sherman wrote: > > Suddenly got confused... > > Who should do RBL checks: MailScanner or SpamAssassin? Personally I would probably advise you to do it in SpamAssassin as it scores each one very well. > spam.assassin.prefs.conf says I am better uncomment skip_rbl_checks > and let > MailScanner do it. > But then I will actually disable Razor and DCC checks, won't i? Shouldn't disable anything except RBL checks just as the name says. > > Enabling in both seems unwise and not recommended. > > Please your advice. > > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From martinh at solid-state-logic.com Wed Jun 7 09:40:11 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 7 09:40:16 2006 Subject: MailScanner ANNOUNCE: New Web Site In-Reply-To: <200501c689b2$826af730$2901010a@office.fsl> Message-ID: <00fd01c68a0d$fd68a760$3004010a@martinhlaptop> Same effect here - seems the resize on the page causes the effect. (main page on the documentation fits in my screen, others need a vertical scrollbar...) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Stephen Swaney > Sent: 06 June 2006 22:45 > To: 'MailScanner discussion' > Subject: RE: MailScanner ANNOUNCE: New Web Site > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Nathan Olson > > Sent: Tuesday, June 06, 2006 4:50 PM > > To: MailScanner discussion > > Subject: Re: MailScanner ANNOUNCE: New Web Site > > > > Firefox 1.0.8 on RHEL 4 WS. The whole page shimmies to the left when > > you click on Documentation. > > > > Nate > > > Firefox 1.0.8 on RHEL 4 WS: > > Similar setup here and all pages work perfectly. > > Steve > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Wed Jun 7 09:42:51 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 7 09:42:58 2006 Subject: sendmail In-Reply-To: Message-ID: <010701c68a0e$5c7a6c20$3004010a@martinhlaptop> Prakesh Have a look on sun.com (http://www.sun.com/bigadmin/home/index.html) for solaris specific stuff (it's still the default MTA anyway). General book it the O'rielly "bat" book on Sendmail. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Prakash > Sent: 07 June 2006 06:51 > To: 'MailScanner discussion' > Subject: RE: sendmail > > Hi All, > > > > Can some one please send me the installation and configuration guide for > sendmail for Solaris? > > Some pdfs/books on sendmail. > > > > Thanks Regards, > > Prakash > > > > > > > > > > > > ________________________________ > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Prakash > Sent: Tuesday, June 06, 2006 1:33 PM > To: mailscanner@lists.mailscanner.info > Subject: sendmail > > > > Hi All, > > > > How to change the ip address of new smtp server in sendmail. > > > > Basically we had changed our exchange server ip address and need to modify > in the sendmail server. > > > > > > Thanks Regards, > > Prakash > > > > Disclaimer > > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom it is addressed. If > you have received this communication in error, please immediately notify > the MailAdmin@in.ness.com and destroy the original message. The recipient > should check this email and any attachments for the presence of viruses. > Ness has taken every reasonable precaution to minimize this risk, and > accepts no liability for any damage caused by any virus transmitted in > this email. Ness reserves the rights to monitor and review the content of > all messages sent to or from this E-mail address, and store them on the > Ness E-mail system. > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Wed Jun 7 09:45:25 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 7 09:45:31 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <00e601c68a12$a25ce840$3701a8c0@lapxp> Message-ID: <010801c68a0e$b89d2740$3004010a@martinhlaptop> Arthur Best to do it SA, then it adds to the scores. I turn most of them off by giving a zero score in my spam.assassin.prefs.conf, only keeping a couple RBLs to reduce DNS lookup time and false positives. AS Jules says the other network tests (DCC etc) are switchable individually as these aren't RBLs! -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Arthur Sherman > Sent: 07 June 2006 10:13 > To: 'MailScanner discussion' > Subject: Who does RBL checks - MailScanner or SpamAssassin? > > > Suddenly got confused... > > Who should do RBL checks: MailScanner or SpamAssassin? > > spam.assassin.prefs.conf says I am better uncomment skip_rbl_checks and > let > MailScanner do it. > But then I will actually disable Razor and DCC checks, won't i? > > Enabling in both seems unwise and not recommended. > > Please your advice. > > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From nauman at worldcall.net.pk Wed Jun 7 09:47:02 2006 From: nauman at worldcall.net.pk (Muhammad Nauman) Date: Wed Jun 7 09:47:09 2006 Subject: Mailscanner stopped, sendmail running... References: <00e101c68a0c$a33a1090$3701a8c0@lapxp> Message-ID: <021d01c68a0e$f44d7510$23c051cb@noc> I m Having the same problem as well infact my MailScanner is using too many MEMORY i just installed 1 GB Ram last night and its utilizing it too . i have set my MAILSCANNER.conf to creat 5 child process for MailScanner but this is now getting hard to control - the server is relaying almost 60,000 to 80,000 mails daily. Can Any one help me fine tune the server. >> Don't know, but remember that childs can sit there *very* >> long. (hours) > Arthur Sherman Thanks and regards, M.Nauman Habib Network Engineer ICT Department WorldCALL Multimedia Pvt Ltd 16-S Gulberg II Lahore, Pakistan Off: 92 (42) 5877051-55 Cell : 0321-4311830 -- This message has been scanned for viruses and dangerous content by WorldCall Scanner, and is believed to be clean. From martinh at solid-state-logic.com Wed Jun 7 10:09:32 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 7 10:09:42 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <021d01c68a0e$f44d7510$23c051cb@noc> Message-ID: <014501c68a12$171563c0$3004010a@martinhlaptop> Have you read the documentation on tuning? http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips use of memory isn't a problem (*nix will use spare memory as filesystem cache so when all the memory's used its not a bad sign). What is a bad sign is high levels of swapping. 80k messages isn't high. How many CPUs have you got are any of these HT or dual core? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Muhammad Nauman > Sent: 07 June 2006 09:47 > To: MailScanner discussion > Subject: Re: Mailscanner stopped, sendmail running... > > I m Having the same problem as well > > infact my MailScanner is using too many MEMORY > > i just installed 1 GB Ram last night and its utilizing it too . > > i have set my MAILSCANNER.conf to creat 5 child process for MailScanner > > but this is now getting hard to control - the server is relaying almost > 60,000 to 80,000 mails daily. > > Can Any one help me fine tune the server. > > > > >> Don't know, but remember that childs can sit there *very* > >> long. (hours) > > Arthur Sherman > > > Thanks and regards, > M.Nauman Habib > Network Engineer > ICT Department > WorldCALL Multimedia Pvt Ltd > 16-S Gulberg II Lahore, Pakistan > Off: 92 (42) 5877051-55 > Cell : 0321-4311830 > > > -- > This message has been scanned for viruses and > dangerous content by WorldCall Scanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From arturs at netvision.net.il Wed Jun 7 11:08:50 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Wed Jun 7 10:10:27 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <010801c68a0e$b89d2740$3004010a@martinhlaptop> Message-ID: <00ec01c68a1a$5fc533e0$3701a8c0@lapxp> Hi, > I turn most of them off by giving a zero score in my > spam.assassin.prefs.conf, only keeping a couple RBLs to > reduce DNS lookup > time and false positives. Could you post which ones? Btw, thank you, guys, for your prompt help. Best, -- Arthur Sherman +972-52-4878851 CPTeam From arturs at netvision.net.il Wed Jun 7 11:14:15 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Wed Jun 7 10:15:52 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: Message-ID: <00ed01c68a1b$21ac06f0$3701a8c0@lapxp> Hi Julian, > Personally I would probably advise you to do it in > SpamAssassin as it > scores each one very well. Then I should set 'Spam List =' to empty in MailScanner.conf, right? Best, -- Arthur Sherman +972-52-4878851 CPTeam From martinh at solid-state-logic.com Wed Jun 7 10:23:30 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 7 10:23:37 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <00ec01c68a1a$5fc533e0$3701a8c0@lapxp> Message-ID: <014601c68a14$0a437590$3004010a@martinhlaptop> Arthur Here's my extract.. #score __RCVD_IN_SBL_XBL 0.0 score RCVD_IN_SBL 0.0 score RCVD_IN_XBL 0.0 score __RCVD_IN_NJABL 0.0 score RCVD_IN_NJABL_DUL 0.0 score RCVD_IN_NJABL_MULTI 0.0 score RCVD_IN_NJABL_PROXY 0.0 score RCVD_IN_NJABL_RELAY 0.0 score RCVD_IN_NJABL_SPAM 0.0 score RCVD_IN_NJABL_CGI 0.0 #score __RCVD_IN_SORBS 0.0 score RCVD_IN_SORBS_HTTP 0.0 score RCVD_IN_SORBS_MISC 0.0 score RCVD_IN_SORBS_SMTP 0.0 score RCVD_IN_SORBS_SOCKS 0.0 score RCVD_IN_SORBS_WEB 0.0 score RCVD_IN_SORBS_BLOCK 0.0 score RCVD_IN_SORBS_ZOMBIE 0.0 score RCVD_IN_SORBS_DUL 0.0 score __RFC_IGNORANT_ENVFROM 0.0 score DNS_FROM_RFC_DSN 0.0 score DNS_FROM_RFC_POST 0.0 score DNS_FROM_RFC_ABUSE 0.0 score DNS_FROM_RFC_WHOIS 0.0 score DNS_FROM_RFC_BOGUSMX 0.0 score RCVD_IN_DSBL 0.0 score DNS_FROM_AHBL_RHSBL 0.0 #score HABEAS_INFRINGER 0.0 #score HABEAS_USER 0.0 score RCVD_IN_BSP_TRUSTED 0.0 score RCVD_IN_BSP_OTHER 0.0 #score __SENDERBASE 0.0 #score SB_NEW_BULK 0.0 #score SB_NSP_VOLUME_SPIKE 0.0 #core RCVD_IN_RSL 0.0 score RCVD_IN_MAPS_RBL 0.0 score RCVD_IN_MAPS_DUL 0.0 score RCVD_IN_MAPS_RSS 0.0 score RCVD_IN_SORBS_MISC 0.0 score RCVD_IN_SORBS_SMTP 0.0 score RCVD_IN_SORBS_SOCKS 0.0 score RCVD_IN_SORBS_WEB 0.0 score RCVD_IN_SORBS_BLOCK 0.0 score RCVD_IN_SORBS_ZOMBIE 0.0 score RCVD_IN_SORBS_DUL 0.0 score __RFC_IGNORANT_ENVFROM 0.0 score DNS_FROM_RFC_DSN 0.0 score DNS_FROM_RFC_POST 0.0 score DNS_FROM_RFC_ABUSE 0.0 score DNS_FROM_RFC_WHOIS 0.0 score DNS_FROM_RFC_BOGUSMX 0.0 score RCVD_IN_DSBL 0.0 score DNS_FROM_AHBL_RHSBL 0.0 #score HABEAS_INFRINGER 0.0 #score HABEAS_USER 0.0 score RCVD_IN_BSP_TRUSTED 0.0 score RCVD_IN_BSP_OTHER 0.0 #score __SENDERBASE 0.0 #score SB_NEW_BULK 0.0 #score SB_NSP_VOLUME_SPIKE 0.0 #core RCVD_IN_RSL 0.0 score RCVD_IN_MAPS_RBL 0.0 score RCVD_IN_MAPS_DUL 0.0 score RCVD_IN_MAPS_RSS 0.0 score RCVD_IN_MAPS_NML 0.0 score RCVD_IN_BL_SPAMCOP_NET 4 Note I bump the score for spamcop as well.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Arthur Sherman > Sent: 07 June 2006 11:09 > To: 'MailScanner discussion' > Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? > > Hi, > > > I turn most of them off by giving a zero score in my > > spam.assassin.prefs.conf, only keeping a couple RBLs to > > reduce DNS lookup > > time and false positives. > > Could you post which ones? > > Btw, thank you, guys, for your prompt help. > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From arturs at netvision.net.il Wed Jun 7 11:30:11 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Wed Jun 7 10:31:48 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <014601c68a14$0a437590$3004010a@martinhlaptop> Message-ID: <00ef01c68a1d$5b2d06c0$3701a8c0@lapxp> > Arthur > > Here's my extract.. > > #score __RCVD_IN_SBL_XBL 0.0 > score RCVD_IN_SBL 0.0 > score RCVD_IN_XBL 0.0 > score __RCVD_IN_NJABL 0.0 > score RCVD_IN_NJABL_DUL 0.0 > score RCVD_IN_NJABL_MULTI 0.0 > score RCVD_IN_NJABL_PROXY 0.0 > score RCVD_IN_NJABL_RELAY 0.0 > score RCVD_IN_NJABL_SPAM 0.0 > score RCVD_IN_NJABL_CGI 0.0 > #score __RCVD_IN_SORBS 0.0 > score RCVD_IN_SORBS_HTTP 0.0 > score RCVD_IN_SORBS_MISC 0.0 > score RCVD_IN_SORBS_SMTP 0.0 > score RCVD_IN_SORBS_SOCKS 0.0 > score RCVD_IN_SORBS_WEB 0.0 > score RCVD_IN_SORBS_BLOCK 0.0 > score RCVD_IN_SORBS_ZOMBIE 0.0 > score RCVD_IN_SORBS_DUL 0.0 > score __RFC_IGNORANT_ENVFROM 0.0 > score DNS_FROM_RFC_DSN 0.0 > score DNS_FROM_RFC_POST 0.0 > score DNS_FROM_RFC_ABUSE 0.0 > score DNS_FROM_RFC_WHOIS 0.0 > score DNS_FROM_RFC_BOGUSMX 0.0 > score RCVD_IN_DSBL 0.0 > score DNS_FROM_AHBL_RHSBL 0.0 > #score HABEAS_INFRINGER 0.0 > #score HABEAS_USER 0.0 > score RCVD_IN_BSP_TRUSTED 0.0 > score RCVD_IN_BSP_OTHER 0.0 > #score __SENDERBASE 0.0 > #score SB_NEW_BULK 0.0 > #score SB_NSP_VOLUME_SPIKE 0.0 > #core RCVD_IN_RSL 0.0 > score RCVD_IN_MAPS_RBL 0.0 > score RCVD_IN_MAPS_DUL 0.0 > score RCVD_IN_MAPS_RSS 0.0 > score RCVD_IN_SORBS_MISC 0.0 > score RCVD_IN_SORBS_SMTP 0.0 > score RCVD_IN_SORBS_SOCKS 0.0 > score RCVD_IN_SORBS_WEB 0.0 > score RCVD_IN_SORBS_BLOCK 0.0 > score RCVD_IN_SORBS_ZOMBIE 0.0 > score RCVD_IN_SORBS_DUL 0.0 > score __RFC_IGNORANT_ENVFROM 0.0 > score DNS_FROM_RFC_DSN 0.0 > score DNS_FROM_RFC_POST 0.0 > score DNS_FROM_RFC_ABUSE 0.0 > score DNS_FROM_RFC_WHOIS 0.0 > score DNS_FROM_RFC_BOGUSMX 0.0 > score RCVD_IN_DSBL 0.0 > score DNS_FROM_AHBL_RHSBL 0.0 > #score HABEAS_INFRINGER 0.0 > #score HABEAS_USER 0.0 > score RCVD_IN_BSP_TRUSTED 0.0 > score RCVD_IN_BSP_OTHER 0.0 > #score __SENDERBASE 0.0 > #score SB_NEW_BULK 0.0 > #score SB_NSP_VOLUME_SPIKE 0.0 > #core RCVD_IN_RSL 0.0 > score RCVD_IN_MAPS_RBL 0.0 > score RCVD_IN_MAPS_DUL 0.0 > score RCVD_IN_MAPS_RSS 0.0 > score RCVD_IN_MAPS_NML 0.0 > score RCVD_IN_BL_SPAMCOP_NET 4 > > Note I bump the score for spamcop as well.... Thank you, Martin. Are those all free services? Best, -- Arthur Sherman +972-52-4878851 CPTeam From martinh at solid-state-logic.com Wed Jun 7 10:34:18 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 7 10:34:32 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <00ed01c68a1b$21ac06f0$3701a8c0@lapxp> Message-ID: <014701c68a15$8c7baea0$3004010a@martinhlaptop> Arthur Correct -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Arthur Sherman > Sent: 07 June 2006 11:14 > To: 'MailScanner discussion' > Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? > > Hi Julian, > > > Personally I would probably advise you to do it in > > SpamAssassin as it > > scores each one very well. > > Then I should set 'Spam List =' to empty in MailScanner.conf, right? > > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From res at ausics.net Wed Jun 7 10:41:47 2006 From: res at ausics.net (Res) Date: Wed Jun 7 10:41:53 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <00e601c68a12$a25ce840$3701a8c0@lapxp> References: <00e601c68a12$a25ce840$3701a8c0@lapxp> Message-ID: On Wed, 7 Jun 2006, Arthur Sherman wrote: > > Suddenly got confused... > > Who should do RBL checks: MailScanner or SpamAssassin? Neither, the MTA should do it. > > spam.assassin.prefs.conf says I am better uncomment skip_rbl_checks and let > MailScanner do it. > But then I will actually disable Razor and DCC checks, won't i? > > Enabling in both seems unwise and not recommended. > > Please your advice. > > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > > -- Cheers Res From martinh at solid-state-logic.com Wed Jun 7 10:47:26 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 7 10:47:38 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: Message-ID: <014c01c68a17$6242be60$3004010a@martinhlaptop> Res Yes that's another option, but I find this type of blacklist give too many false positives. I prefer to get SA to do it, and merely add to the spam score. My MTA rejects unknown email addresses (which gives another risk, but I find it less risky the the RBL route), and I drop over 2/3s of my traffice that way. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Res > Sent: 07 June 2006 10:42 > To: MailScanner discussion > Subject: Re: Who does RBL checks - MailScanner or SpamAssassin? > > On Wed, 7 Jun 2006, Arthur Sherman wrote: > > > > > Suddenly got confused... > > > > Who should do RBL checks: MailScanner or SpamAssassin? > > Neither, the MTA should do it. > > > > > spam.assassin.prefs.conf says I am better uncomment skip_rbl_checks and > let > > MailScanner do it. > > But then I will actually disable Razor and DCC checks, won't i? > > > > Enabling in both seems unwise and not recommended. > > > > Please your advice. > > > > > > Best, > > > > -- > > Arthur Sherman > > > > +972-52-4878851 > > CPTeam > > > > > > -- > Cheers > Res > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From res at ausics.net Wed Jun 7 10:48:46 2006 From: res at ausics.net (Res) Date: Wed Jun 7 10:48:52 2006 Subject: MailScanner goes byebyes In-Reply-To: <57573D714A832C43B9D80EAFBDA48D0351B5A1@inex3.herffjones.hj-int> References: <57573D714A832C43B9D80EAFBDA48D0351B5A1@inex3.herffjones.hj-int> Message-ID: On Tue, 6 Jun 2006, Furnish, Trever G wrote: > Hmmm... Not to sound too alarming, but that sounds odd enough that I'd > be making sure I had recent backups of whatever's important on the all servers in the data center are backed up nightly so no problem with that. > system, then start looking for other signs of oddness or hardware/kernel > problems. Are the processes ending up in uninterruptible sleep state? > Is the process cputime increasing (ps -eo pid,user,cputime,cmd on linux > -- geeze I hate that manual page!). > nothing else is out of place, thats whats so crazy. 3 days now since last time, i guess murphy law wil come into play and it'll screw up on saturday :) -- Cheers Res From res at ausics.net Wed Jun 7 10:55:59 2006 From: res at ausics.net (Res) Date: Wed Jun 7 10:56:03 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <014c01c68a17$6242be60$3004010a@martinhlaptop> References: <014c01c68a17$6242be60$3004010a@martinhlaptop> Message-ID: Hi Martin, On Wed, 7 Jun 2006, Martin Hepworth wrote: > Res > > Yes that's another option, but I find this type of blacklist give too many > false positives. I prefer to get SA to do it, and merely add to the spam > score. Ever tried running S.A on servers that do serious work, and want your mail out of the queue and delivered the same week ? :) (I do run SA on the machines that can handle it though, but thats like 2 out of many) I use SORBS, spamhaus and spamcop, I trust them pretty much, SORBS can be an issue with hotmail at times, when it gets to level 2 complaint level we remove SORBS until its cleared up. I rather not waste any more resources on privacy invading dweebs than I have to, hence why I prefere MTA. > -- Cheers Res From dhawal at netmagicsolutions.com Wed Jun 7 11:23:32 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Jun 7 11:23:43 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: <014c01c68a17$6242be60$3004010a@martinhlaptop> Message-ID: <4486A924.5090502@netmagicsolutions.com> Res wrote: > Hi Martin, > > On Wed, 7 Jun 2006, Martin Hepworth wrote: > >> Res >> >> Yes that's another option, but I find this type of blacklist give too >> many >> false positives. I prefer to get SA to do it, and merely add to the spam >> score. > > Ever tried running S.A on servers that do serious work, and want your > mail out of the queue and delivered the same week ? :) > (I do run SA on the machines that can handle it though, but thats like 2 > out of many) Most of us run servers that pretty much do serious work ;-).. to each his/her way. You can use RBLs at: MTA: Very effective, but prone to false positives.. at times RBLs get over enthusiastic causing collateral damage. Point in case SORBS blocking hotmail and spamcop blocking yahoo/gmail MailScanner: Haven't tried this one. SpamAssassin: Best way to use RBLs as per my POV.. the bad part being that mails originating from ROKSO (spamhaus) are accepted and then tagged. I use it at: 1. The MTA level (spamhaus+spamcop+dsbl) and am quite aware of the FPs but that is something we (me and my customers) are ready to live with. 2. A ton others are used at the SA level as Martin hinted. 3. We also run a few RBLs of our own to take care of my country specific abusers. - dhawal > I use SORBS, spamhaus and spamcop, I trust them pretty much, SORBS can > be an issue with hotmail at times, when it gets to level 2 complaint > level we remove SORBS until its cleared up. I rather not waste any more > resources on privacy invading dweebs than I have to, hence why I prefere > MTA. From Howard at harper-adams.ac.uk Wed Jun 7 11:43:42 2006 From: Howard at harper-adams.ac.uk (Howard Robinson) Date: Wed Jun 7 11:44:34 2006 Subject: caused an error: The main body of virus data is out of date(542) Message-ID: Dear list members I have had all email marked as a virus with the above message. I had a trawl and sure enough I had forgotten to update Sophos. I have done this and mail is now going in and out again. I had to be today when I had doctors appointment so was late in!!! Any way is there a quick method of releasing all the blocked emails from quarantine or do I have to do each one separately? I want to resubmit them ideally so that 'real' viruses are still caught? Any help appreciated. Regards Howard Robinson, (Senior Technical Development Officer), Harper Adams University College, Edgmond, Newport, Shropshire , TF10 8NB. Tel. Direct 01952 815253 Tel. Switch Board 01952 820280 Fax 01952 814783 Email hrobinson@harper-adams.ac.uk Web www.harper-adams.ac.uk From shuttlebox at gmail.com Wed Jun 7 12:53:25 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Jun 7 12:53:28 2006 Subject: sendmail In-Reply-To: References: Message-ID: <625385e30606070453l477c06d3i36db51459cfe26b7@mail.gmail.com> On 6/7/06, Prakash wrote: > > Can some one please send me the installation and configuration guide for > sendmail for Solaris? > > Some pdfs/books on sendmail. > This guy has a lot of good stuff on his site. http://www.brandonhutchinson.com This link might be what you're looking for: http://www.brandonhutchinson.com/Configuring_the_Solaris-supplied_version_of_Sendmail.html -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060607/c9af73af/attachment.html From lhaig at haigmail.com Wed Jun 7 13:01:11 2006 From: lhaig at haigmail.com (Lance Haig) Date: Wed Jun 7 13:01:34 2006 Subject: Instructions for FreeBSD In-Reply-To: References: Message-ID: <4486C007.6010004@haigmail.com> Please excuse me being vague, I will try the new port and let you know. Thanks Lance Koopmann, Jan-Peter wrote: > > On Dienstag, 6. Juni 2006 12:11 Lance Haig wrote: > > > I will wait for the new one to be released and then try installing it. > > Should be there already. > > > I had quite a bit of trouble the last time I tried the normal and the > > devel versions > > What kind of trouble? > > Kind regards, > JP > > > -- > This message has been scanned for viruses and > dangerous content by *Red Armour MailScanner* > , and is > believed to be clean. > -- *Lance Haig* Director *Work:* 07967967108 *Mobile:* 07967967108 *Email:* lhaig@haigmail.com *http://www.linkedin.com/in/lancehaig * * * *HaigMail dot Com* See who we know in common Want a signature like this? -------------- next part -------------- Skipped content of type multipart/related From nirnimesh at students.iiit.ac.in Wed Jun 7 14:41:02 2006 From: nirnimesh at students.iiit.ac.in (Nirnimesh) Date: Wed Jun 7 14:41:15 2006 Subject: virus checker failed with real error Message-ID: <4486D76E.109@students.iiit.ac.in> I'm using MailScanner-4.54.6-1 with clamav-0.88.2. When the virus checks is enabled, I get the following error in the maillog. MailScanner[2895]: Commercial virus checker failed with real error: syslog: expecting argument $format at /usr/lib/MailScanner/MailScanner/Log.pm line 143 Please Help -- Nirnimesh From martinh at solid-state-logic.com Wed Jun 7 14:46:01 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 7 14:46:08 2006 Subject: caused an error: The main body of virus data is out ofdate(542) In-Reply-To: Message-ID: <01aa01c68a38$b6b8bdc0$3004010a@martinhlaptop> Howard How are the quarantine files storesd? If they are MTA mail queue format it's easy enough to copy them back into the incoming MTA queue directory (not sure if will work happily with qmail or postfix though as the filename are based on the inode number).. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Howard Robinson > Sent: 07 June 2006 11:44 > To: mailscanner@lists.mailscanner.info > Subject: caused an error: The main body of virus data is out ofdate(542) > > Dear list members > I have had all email marked as a virus with the above message. > I had a trawl and sure enough I had forgotten to update Sophos. > I have done this and mail is now going in and out again. > I had to be today when I had doctors appointment so was late in!!! > Any way is there a quick method of releasing all the blocked emails from > quarantine or do I have to do each one separately? > I want to resubmit them ideally so that 'real' viruses are still caught? > > Any help appreciated. > > > > Regards > > Howard Robinson, > (Senior Technical Development Officer), > Harper Adams University College, > Edgmond, > Newport, > Shropshire , > TF10 8NB. > > Tel. Direct 01952 815253 > Tel. Switch Board 01952 820280 > Fax 01952 814783 > Email hrobinson@harper-adams.ac.uk > Web www.harper-adams.ac.uk > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Wed Jun 7 14:55:01 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 7 14:55:07 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: Message-ID: <01ab01c68a39$f8d67110$3004010a@martinhlaptop> Res Nope - my SA/MS machine is a gateway machine and dedicated to the task - if that machine gets compromised (hey its connected to the internet) I don't loose anything else. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Res > Sent: 07 June 2006 10:56 > To: MailScanner discussion > Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? > > Hi Martin, > > On Wed, 7 Jun 2006, Martin Hepworth wrote: > > > Res > > > > Yes that's another option, but I find this type of blacklist give too > many > > false positives. I prefer to get SA to do it, and merely add to the spam > > score. > > Ever tried running S.A on servers that do serious work, and want your mail > out of the queue and delivered the same week ? :) > (I do run SA on the machines that can handle it though, but thats like 2 > out of many) > > I use SORBS, spamhaus and spamcop, I trust them pretty much, SORBS can be > an issue with hotmail at times, when it gets to level 2 complaint level we > remove SORBS until its cleared up. I rather not waste any more resources > on privacy invading dweebs than I have to, hence why I prefere MTA. > > > > > -- > Cheers > Res > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From Howard at harper-adams.ac.uk Wed Jun 7 15:18:23 2006 From: Howard at harper-adams.ac.uk (Howard Robinson) Date: Wed Jun 7 15:19:16 2006 Subject: caused an error: The main body of virus data is out ofdate(542) Message-ID: Hi Martin I have dfk* and qfk* files in each directory for each message in quarantine - some 24K messages! Looking at the sendmail /var/spool/mqueue it has these both dfk and qfk files but I would like to have these rescanned so is it just a case of coping them to mqueue.in instead? If so I'll have a go at a script to do this. Thanks >>> martinh@solid-state-logic.com 07/06/2006 14:46:01 >>> Howard How are the quarantine files storesd? If they are MTA mail queue format it's easy enough to copy them back into the incoming MTA queue directory (not sure if will work happily with qmail or postfix though as the filename are based on the inode number).. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Howard Robinson > Sent: 07 June 2006 11:44 > To: mailscanner@lists.mailscanner.info > Subject: caused an error: The main body of virus data is out ofdate(542) > > Dear list members > I have had all email marked as a virus with the above message. > I had a trawl and sure enough I had forgotten to update Sophos. > I have done this and mail is now going in and out again. > I had to be today when I had doctors appointment so was late in!!! > Any way is there a quick method of releasing all the blocked emails from > quarantine or do I have to do each one separately? > I want to resubmit them ideally so that 'real' viruses are still caught? > > Any help appreciated. > > > > Regards > > Howard Robinson, > (Senior Technical Development Officer), > Harper Adams University College, > Edgmond, > Newport, > Shropshire , > TF10 8NB. > > Tel. Direct 01952 815253 > Tel. Switch Board 01952 820280 > Fax 01952 814783 > Email hrobinson@harper-adams.ac.uk > Web www.harper-adams.ac.uk > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From martinh at solid-state-logic.com Wed Jun 7 15:36:44 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 7 15:36:53 2006 Subject: caused an error: The main body of virus data is out ofdate(542) In-Reply-To: Message-ID: <01b901c68a3f$cc97c8f0$3004010a@martinhlaptop> Howard Yesy just copy them back to the mqueue.in dir.....(make sure ownership is ok, and of course it may take a little while to process 24k messages ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Howard Robinson > Sent: 07 June 2006 15:18 > To: mailscanner@lists.mailscanner.info > Subject: RE: caused an error: The main body of virus data is out > ofdate(542) > > > Hi Martin > I have dfk* and qfk* files in each directory for each message in > quarantine - some 24K messages! > Looking at the sendmail /var/spool/mqueue it has these both dfk and qfk > files but I would like to have these rescanned so is it just a case of > coping them to mqueue.in instead? > If so I'll have a go at a script to do this. > Thanks > > > >>> martinh@solid-state-logic.com 07/06/2006 14:46:01 >>> > Howard > > How are the quarantine files storesd? If they are MTA mail queue format > it's > easy enough to copy them back into the incoming MTA queue directory (not > sure if will work happily with qmail or postfix though as the filename are > based on the inode number).. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Howard Robinson > > Sent: 07 June 2006 11:44 > > To: mailscanner@lists.mailscanner.info > > Subject: caused an error: The main body of virus data is out ofdate(542) > > > > Dear list members > > I have had all email marked as a virus with the above message. > > I had a trawl and sure enough I had forgotten to update Sophos. > > I have done this and mail is now going in and out again. > > I had to be today when I had doctors appointment so was late in!!! > > Any way is there a quick method of releasing all the blocked emails from > > quarantine or do I have to do each one separately? > > I want to resubmit them ideally so that 'real' viruses are still caught? > > > > Any help appreciated. > > > > > > > > Regards > > > > Howard Robinson, > > (Senior Technical Development Officer), > > Harper Adams University College, > > Edgmond, > > Newport, > > Shropshire , > > TF10 8NB. > > > > Tel. Direct 01952 815253 > > Tel. Switch Board 01952 820280 > > Fax 01952 814783 > > Email hrobinson@harper-adams.ac.uk > > Web www.harper-adams.ac.uk > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From ugob at camo-route.com Wed Jun 7 15:43:09 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Wed Jun 7 15:43:58 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <00e601c68a12$a25ce840$3701a8c0@lapxp> References: <00e601c68a12$a25ce840$3701a8c0@lapxp> Message-ID: Arthur Sherman wrote: > Suddenly got confused... > > Who should do RBL checks: MailScanner or SpamAssassin? > > spam.assassin.prefs.conf says I am better uncomment skip_rbl_checks and let > MailScanner do it. > But then I will actually disable Razor and DCC checks, won't i? > > Enabling in both seems unwise and not recommended. > > Please your advice. > http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:rbls:all:recommendations > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > From prakash.kannan at in.ness.com Wed Jun 7 15:54:48 2006 From: prakash.kannan at in.ness.com (Prakash) Date: Wed Jun 7 16:05:15 2006 Subject: sendmail In-Reply-To: <625385e30606070453l477c06d3i36db51459cfe26b7@mail.gmail.com> Message-ID: Thank you peter will get back to you if i face some problem _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shuttlebox Sent: Wednesday, June 07, 2006 5:23 PM To: MailScanner discussion Subject: Re: sendmail On 6/7/06, Prakash wrote: Can some one please send me the installation and configuration guide for sendmail for Solaris? Some pdfs/books on sendmail. This guy has a lot of good stuff on his site. http://www.brandonhutchinson.com This link might be what you're looking for: http://www.brandonhutchinson.com/Configuring_the_Solaris-supplied_version_of _Sendmail.html -- /peter Disclaimer This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom it is addressed. If you have received this communication in error, please immediately notify the MailAdmin@in.ness.com and destroy the original message. The recipient should check this email and any attachments for the presence of viruses. Ness has taken every reasonable precaution to minimize this risk, and accepts no liability for any damage caused by any virus transmitted in this email. Ness reserves the rights to monitor and review the content of all messages sent to or from this E-mail address, and store them on the Ness E-mail system. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060607/877aec66/attachment.html From lshaw at emitinc.com Wed Jun 7 16:14:40 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Wed Jun 7 16:14:49 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: <00e601c68a12$a25ce840$3701a8c0@lapxp> Message-ID: On Wed, 7 Jun 2006, Res wrote: > On Wed, 7 Jun 2006, Arthur Sherman wrote: >> Who should do RBL checks: MailScanner or SpamAssassin? > Neither, the MTA should do it. That depends on your policy on what you do with spam. Do you tag it, or do you delete it? At my site, we have basically a no-delete policy; spams are tagged and passed through. This approach gives the users more work (have to set up a filter) but more control. Therefore, in our case, it does little good to filter anything at the MTA level. We're not going to reject it at that point, so the spam will have to go through all the stages (local delivery, POP3 download, etc.) so it saves no work and just adds complication. If you are going to reject it, though, things are different. So in general, if you reject messages, you probably want to do so as early as possible. But if you tag them only, it doesn't really matter much when you do it. The one complication here is that with a tag-only delivery policy, there still is one reason it'd be nice if the MTA could know if the message is spam: it would be helpful to avoid sending bounce messages against undeliverable messages if the messages are spam. They are usually from forged e-mail addresses anyway, so the bounces do no good and just end up wasting resources. - Logan From stork at openenterprise.ca Wed Jun 7 16:38:22 2006 From: stork at openenterprise.ca (Johnny Stork) Date: Wed Jun 7 16:38:52 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <014701c68a15$8c7baea0$3004010a@martinhlaptop> Message-ID: Sorry of this may have been covered elsewhere. I have been following this thread and agree with the logic so would like to try the changes, remove RBL checking from MailScanner and enable in SA. Could someoen pelase list what I change/comment-out in mailscanner.conf, and what I need to add/edit in spam.assassing.prefs.conf...there are bits and peices in this thread, but I want to ensure I have everything. So far I think I have: MailScanner.conf: Change the following.... # This is the list of spam blacklists (RBLs) which you are using. # See the "Spam List Definitions" file for more information about what # you can put here. # This can also be the filename of a ruleset. Spam List = ORDB-RBL SBL+XBL SPAMHAUS NJABL BLITZED CBL DSBL UCEL1 to .... # This is the list of spam blacklists (RBLs) which you are using. # See the "Spam List Definitions" file for more information about what # you can put here. # This can also be the filename of a ruleset. # Spam List = ORDB-RBL SBL+XBL SPAMHAUS NJABL BLITZED CBL DSBL UCEL1 spam.assassin.prefs.conf: Change the following.... #score RCVD_IN_BL_SPAMCOP_NET 4 # These next 3 will cost you money, see mailscanner.conf. #score RCVD_IN_RBL 10 #score RCVD_IN_RSS 1 #score RCVD_IN_DUL 1 to .... #score __RCVD_IN_SBL_XBL 0.0 score RCVD_IN_SBL 0.0 score RCVD_IN_XBL 0.0 score __RCVD_IN_NJABL 0.0 score RCVD_IN_NJABL_DUL 0.0 score RCVD_IN_NJABL_MULTI 0.0 score RCVD_IN_NJABL_PROXY 0.0 score RCVD_IN_NJABL_RELAY 0.0 score RCVD_IN_NJABL_SPAM 0.0 score RCVD_IN_NJABL_CGI 0.0 #score __RCVD_IN_SORBS 0.0 score RCVD_IN_SORBS_HTTP 0.0 score RCVD_IN_SORBS_MISC 0.0 score RCVD_IN_SORBS_SMTP 0.0 score RCVD_IN_SORBS_SOCKS 0.0 score RCVD_IN_SORBS_WEB 0.0 score RCVD_IN_SORBS_BLOCK 0.0 score RCVD_IN_SORBS_ZOMBIE 0.0 score RCVD_IN_SORBS_DUL 0.0 score __RFC_IGNORANT_ENVFROM 0.0 score DNS_FROM_RFC_DSN 0.0 score DNS_FROM_RFC_POST 0.0 score DNS_FROM_RFC_ABUSE 0.0 score DNS_FROM_RFC_WHOIS 0.0 score DNS_FROM_RFC_BOGUSMX 0.0 score RCVD_IN_DSBL 0.0 score DNS_FROM_AHBL_RHSBL 0.0 #score HABEAS_INFRINGER 0.0 #score HABEAS_USER 0.0 score RCVD_IN_BSP_TRUSTED 0.0 score RCVD_IN_BSP_OTHER 0.0 #score __SENDERBASE 0.0 #score SB_NEW_BULK 0.0 #score SB_NSP_VOLUME_SPIKE 0.0 #core RCVD_IN_RSL 0.0 score RCVD_IN_MAPS_RBL 0.0 score RCVD_IN_MAPS_DUL 0.0 score RCVD_IN_MAPS_RSS 0.0 score RCVD_IN_SORBS_MISC 0.0 score RCVD_IN_SORBS_SMTP 0.0 score RCVD_IN_SORBS_SOCKS 0.0 score RCVD_IN_SORBS_WEB 0.0 score RCVD_IN_SORBS_BLOCK 0.0 score RCVD_IN_SORBS_ZOMBIE 0.0 score RCVD_IN_SORBS_DUL 0.0 score __RFC_IGNORANT_ENVFROM 0.0 score DNS_FROM_RFC_DSN 0.0 score DNS_FROM_RFC_POST 0.0 score DNS_FROM_RFC_ABUSE 0.0 score DNS_FROM_RFC_WHOIS 0.0 score DNS_FROM_RFC_BOGUSMX 0.0 score RCVD_IN_DSBL 0.0 score DNS_FROM_AHBL_RHSBL 0.0 #score HABEAS_INFRINGER 0.0 #score HABEAS_USER 0.0 score RCVD_IN_BSP_TRUSTED 0.0 score RCVD_IN_BSP_OTHER 0.0 #score __SENDERBASE 0.0 #score SB_NEW_BULK 0.0 #score SB_NSP_VOLUME_SPIKE 0.0 #core RCVD_IN_RSL 0.0 score RCVD_IN_MAPS_RBL 0.0 score RCVD_IN_MAPS_DUL 0.0 score RCVD_IN_MAPS_RSS 0.0 score RCVD_IN_MAPS_NML 0.0 score RCVD_IN_BL_SPAMCOP_NET 4 -----Original Message----- From: Martin Hepworth [mailto:martinh@solid-state-logic.com] Sent: Wednesday, June 07, 2006 2:34 AM To: 'MailScanner discussion' Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? Arthur Correct -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Arthur Sherman > Sent: 07 June 2006 11:14 > To: 'MailScanner discussion' > Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? > > Hi Julian, > > > Personally I would probably advise you to do it in > > SpamAssassin as it > > scores each one very well. > > Then I should set 'Spam List =' to empty in MailScanner.conf, right? > > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Wed Jun 7 16:39:12 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 7 16:39:53 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <010801c68a0e$b89d2740$3004010a@martinhlaptop> References: <00e601c68a12$a25ce840$3701a8c0@lapxp> <010801c68a0e$b89d2740$3004010a@martinhlaptop> Message-ID: Martin Hepworth spake the following on 6/7/2006 1:45 AM: > Arthur > > Best to do it SA, then it adds to the scores. > > I turn most of them off by giving a zero score in my > spam.assassin.prefs.conf, only keeping a couple RBLs to reduce DNS lookup > time and false positives. > > AS Jules says the other network tests (DCC etc) are switchable individually > as these aren't RBLs! > Does setting a zero score actually stop the RBL test, or just ignore the score? I haven't spent enough time on the spamassassin list or in the docs yet to know for sure. I already have nightmares about being buried in man pages! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From martinh at solid-state-logic.com Wed Jun 7 16:43:31 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 7 16:43:43 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: Message-ID: <021201c68a49$20c64bf0$3004010a@martinhlaptop> Johnny Close..in MailScanner.conf.. # This is the list of spam blacklists (RBLs) which you are using. # See the "Spam List Definitions" file for more information about what # you can put here. # This can also be the filename of a ruleset. Spam List = -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Johnny Stork > Sent: 07 June 2006 16:38 > To: mailscanner > Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? > > Sorry of this may have been covered elsewhere. I have been following this > thread and agree with the logic so would like to try the changes, remove > RBL checking from MailScanner and enable in SA. Could someoen pelase list > what I change/comment-out in mailscanner.conf, and what I need to add/edit > in spam.assassing.prefs.conf...there are bits and peices in this thread, > but I want to ensure I have everything. So far I think I have: > > MailScanner.conf: > > Change the following.... > > # This is the list of spam blacklists (RBLs) which you are using. > # See the "Spam List Definitions" file for more information about what > # you can put here. > # This can also be the filename of a ruleset. > Spam List = ORDB-RBL SBL+XBL SPAMHAUS NJABL BLITZED CBL DSBL UCEL1 > > to .... > > # This is the list of spam blacklists (RBLs) which you are using. > # See the "Spam List Definitions" file for more information about what > # you can put here. > # This can also be the filename of a ruleset. > # Spam List = ORDB-RBL SBL+XBL SPAMHAUS NJABL BLITZED CBL DSBL UCEL1 > > spam.assassin.prefs.conf: > > Change the following.... > > #score RCVD_IN_BL_SPAMCOP_NET 4 > # These next 3 will cost you money, see mailscanner.conf. > #score RCVD_IN_RBL 10 > #score RCVD_IN_RSS 1 > #score RCVD_IN_DUL 1 > > to .... > > > #score __RCVD_IN_SBL_XBL 0.0 > score RCVD_IN_SBL 0.0 > score RCVD_IN_XBL 0.0 > score __RCVD_IN_NJABL 0.0 > score RCVD_IN_NJABL_DUL 0.0 > score RCVD_IN_NJABL_MULTI 0.0 > score RCVD_IN_NJABL_PROXY 0.0 > score RCVD_IN_NJABL_RELAY 0.0 > score RCVD_IN_NJABL_SPAM 0.0 > score RCVD_IN_NJABL_CGI 0.0 > #score __RCVD_IN_SORBS 0.0 > score RCVD_IN_SORBS_HTTP 0.0 > score RCVD_IN_SORBS_MISC 0.0 > score RCVD_IN_SORBS_SMTP 0.0 > score RCVD_IN_SORBS_SOCKS 0.0 > score RCVD_IN_SORBS_WEB 0.0 > score RCVD_IN_SORBS_BLOCK 0.0 > score RCVD_IN_SORBS_ZOMBIE 0.0 > score RCVD_IN_SORBS_DUL 0.0 > score __RFC_IGNORANT_ENVFROM 0.0 > score DNS_FROM_RFC_DSN 0.0 > score DNS_FROM_RFC_POST 0.0 > score DNS_FROM_RFC_ABUSE 0.0 > score DNS_FROM_RFC_WHOIS 0.0 > score DNS_FROM_RFC_BOGUSMX 0.0 > score RCVD_IN_DSBL 0.0 > score DNS_FROM_AHBL_RHSBL 0.0 > #score HABEAS_INFRINGER 0.0 > #score HABEAS_USER 0.0 > score RCVD_IN_BSP_TRUSTED 0.0 > score RCVD_IN_BSP_OTHER 0.0 > #score __SENDERBASE 0.0 > #score SB_NEW_BULK 0.0 > #score SB_NSP_VOLUME_SPIKE 0.0 > #core RCVD_IN_RSL 0.0 > score RCVD_IN_MAPS_RBL 0.0 > score RCVD_IN_MAPS_DUL 0.0 > score RCVD_IN_MAPS_RSS 0.0 > score RCVD_IN_SORBS_MISC 0.0 > score RCVD_IN_SORBS_SMTP 0.0 > score RCVD_IN_SORBS_SOCKS 0.0 > score RCVD_IN_SORBS_WEB 0.0 > score RCVD_IN_SORBS_BLOCK 0.0 > score RCVD_IN_SORBS_ZOMBIE 0.0 > score RCVD_IN_SORBS_DUL 0.0 > score __RFC_IGNORANT_ENVFROM 0.0 > score DNS_FROM_RFC_DSN 0.0 > score DNS_FROM_RFC_POST 0.0 > score DNS_FROM_RFC_ABUSE 0.0 > score DNS_FROM_RFC_WHOIS 0.0 > score DNS_FROM_RFC_BOGUSMX 0.0 > score RCVD_IN_DSBL 0.0 > score DNS_FROM_AHBL_RHSBL 0.0 > #score HABEAS_INFRINGER 0.0 > #score HABEAS_USER 0.0 > score RCVD_IN_BSP_TRUSTED 0.0 > score RCVD_IN_BSP_OTHER 0.0 > #score __SENDERBASE 0.0 > #score SB_NEW_BULK 0.0 > #score SB_NSP_VOLUME_SPIKE 0.0 > #core RCVD_IN_RSL 0.0 > score RCVD_IN_MAPS_RBL 0.0 > score RCVD_IN_MAPS_DUL 0.0 > score RCVD_IN_MAPS_RSS 0.0 > score RCVD_IN_MAPS_NML 0.0 > score RCVD_IN_BL_SPAMCOP_NET 4 > > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Wed Jun 7 16:50:17 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jun 7 16:50:29 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: Message-ID: <021301c68a4a$130a1a40$3004010a@martinhlaptop> Scott Is actually disables the rule (ie doesn't run it). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Scott Silva > Sent: 07 June 2006 16:39 > To: mailscanner@lists.mailscanner.info > Subject: Re: Who does RBL checks - MailScanner or SpamAssassin? > > Martin Hepworth spake the following on 6/7/2006 1:45 AM: > > Arthur > > > > Best to do it SA, then it adds to the scores. > > > > I turn most of them off by giving a zero score in my > > spam.assassin.prefs.conf, only keeping a couple RBLs to reduce DNS > lookup > > time and false positives. > > > > AS Jules says the other network tests (DCC etc) are switchable > individually > > as these aren't RBLs! > > > Does setting a zero score actually stop the RBL test, or just ignore the > score? I haven't spent enough time on the spamassassin list or in the docs > yet > to know for sure. I already have nightmares about being buried in man > pages! > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From dhawal at netmagicsolutions.com Wed Jun 7 16:51:24 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Jun 7 16:51:36 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: <00e601c68a12$a25ce840$3701a8c0@lapxp> <010801c68a0e$b89d2740$3004010a@martinhlaptop> Message-ID: <4486F5FC.8080502@netmagicsolutions.com> Scott Silva wrote: > Martin Hepworth spake the following on 6/7/2006 1:45 AM: >> Arthur >> >> Best to do it SA, then it adds to the scores. >> >> I turn most of them off by giving a zero score in my >> spam.assassin.prefs.conf, only keeping a couple RBLs to reduce DNS lookup >> time and false positives. >> >> AS Jules says the other network tests (DCC etc) are switchable individually >> as these aren't RBLs! >> > Does setting a zero score actually stop the RBL test, or just ignore the > score? I haven't spent enough time on the spamassassin list or in the docs yet > to know for sure. I already have nightmares about being buried in man pages! A score of '0' will disable the rule.. there is also some place in the man pages a way to use rules for testing without affecting the final score (add 0.01 IIRC).. something like T_RULENAME.. Any rule starting with a __ is a meta and doesn't require a score. - dhawal From t.d.lee at durham.ac.uk Wed Jun 7 16:52:24 2006 From: t.d.lee at durham.ac.uk (David Lee) Date: Wed Jun 7 16:53:11 2006 Subject: lock type Message-ID: Just done a fresh installation of Fedora Core 5, and installed MS (4.54.6) onto it. FC5 includes sendmail version 8.13.6 . I'm leaving the MailScanner.conf 'Lock Type' blank. (Correct?) The comment there says: # How to lock spool files. # Don't set this unless you *know* you need to. # For sendmail, it defaults to "posix". # For sendmail 8.12 and older, you will probably need to change it to flock, # particularly on Linux systems. # For Exim, it defaults to "posix". # No other type is implemented. Lock Type = so I would expect it to use "posix". (Correct?) But watching /var/log/maillog I see: ... MailScanner[10490]: Using locktype = flock Am I misunderstanding something, or is something, somewhere not defaulting correctly? [[[ Background: >From my years of using MS, I'm aware that the issue of "Lock Type" comes up on this list from time to time, but what I've encountered seems peculiar. 1. This machine is just about to enter service as a main SMTP submission host that will be very busy, so we need to have the correct setting. 2. A very similar machine is being tested with Mailman and we've seen some peculiar things happening when it used an MS.conf containing an explicit 'Lock Type = posix' (its MS.conf had been rather too blindly copied from an earlier machine). ]]] -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : Durham University : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From dhawal at netmagicsolutions.com Wed Jun 7 16:53:01 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Jun 7 16:53:16 2006 Subject: virus checker failed with real error In-Reply-To: <4486D76E.109@students.iiit.ac.in> References: <4486D76E.109@students.iiit.ac.in> Message-ID: <4486F65D.2090006@netmagicsolutions.com> Nirnimesh wrote: > I'm using MailScanner-4.54.6-1 with clamav-0.88.2. When the virus checks > is enabled, I get the following error in the maillog. > > MailScanner[2895]: Commercial virus checker failed with real error: > syslog: expecting argument $format at > /usr/lib/MailScanner/MailScanner/Log.pm line 143 > > > Please Help What does running in debug mode tell you? Try 'MailScanner --debug' for more details. - dhawal From dhawal at netmagicsolutions.com Wed Jun 7 16:57:25 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Jun 7 16:57:31 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: Message-ID: <4486F765.7010401@netmagicsolutions.com> Johnny Stork wrote: > Sorry of this may have been covered elsewhere. I have been following this thread and agree with the logic so would like to try the changes, remove RBL checking from MailScanner and enable in SA. Could someoen pelase list what I change/comment-out in mailscanner.conf, and what I need to add/edit in spam.assassing.prefs.conf...there are bits and peices in this thread, but I want to ensure I have everything. So far I think I have: {snip} > #score RCVD_IN_RSS 1 This was removed from SA some versions back, IIRC.. You do not need to change the default score (unless you know what you are doing). Also i wouldn't advise scoring a '0' for most RBL rules since they scan more than the last received IP/HOP (unlike RBLs which will only check the last received IP.. read the man pages for more details). - dhawal > #score __RCVD_IN_SBL_XBL 0.0 > score RCVD_IN_SBL 0.0 > score RCVD_IN_XBL 0.0 > score __RCVD_IN_NJABL 0.0 > score RCVD_IN_NJABL_DUL 0.0 > score RCVD_IN_NJABL_MULTI 0.0 > score RCVD_IN_NJABL_PROXY 0.0 > score RCVD_IN_NJABL_RELAY 0.0 > score RCVD_IN_NJABL_SPAM 0.0 > score RCVD_IN_NJABL_CGI 0.0 > #score __RCVD_IN_SORBS 0.0 > score RCVD_IN_SORBS_HTTP 0.0 > score RCVD_IN_SORBS_MISC 0.0 > score RCVD_IN_SORBS_SMTP 0.0 > score RCVD_IN_SORBS_SOCKS 0.0 > score RCVD_IN_SORBS_WEB 0.0 > score RCVD_IN_SORBS_BLOCK 0.0 > score RCVD_IN_SORBS_ZOMBIE 0.0 > score RCVD_IN_SORBS_DUL 0.0 > score __RFC_IGNORANT_ENVFROM 0.0 > score DNS_FROM_RFC_DSN 0.0 > score DNS_FROM_RFC_POST 0.0 > score DNS_FROM_RFC_ABUSE 0.0 > score DNS_FROM_RFC_WHOIS 0.0 > score DNS_FROM_RFC_BOGUSMX 0.0 > score RCVD_IN_DSBL 0.0 > score DNS_FROM_AHBL_RHSBL 0.0 > #score HABEAS_INFRINGER 0.0 > #score HABEAS_USER 0.0 > score RCVD_IN_BSP_TRUSTED 0.0 > score RCVD_IN_BSP_OTHER 0.0 > #score __SENDERBASE 0.0 > #score SB_NEW_BULK 0.0 > #score SB_NSP_VOLUME_SPIKE 0.0 > #core RCVD_IN_RSL 0.0 > score RCVD_IN_MAPS_RBL 0.0 > score RCVD_IN_MAPS_DUL 0.0 > score RCVD_IN_MAPS_RSS 0.0 > score RCVD_IN_SORBS_MISC 0.0 > score RCVD_IN_SORBS_SMTP 0.0 > score RCVD_IN_SORBS_SOCKS 0.0 > score RCVD_IN_SORBS_WEB 0.0 > score RCVD_IN_SORBS_BLOCK 0.0 > score RCVD_IN_SORBS_ZOMBIE 0.0 > score RCVD_IN_SORBS_DUL 0.0 > score __RFC_IGNORANT_ENVFROM 0.0 > score DNS_FROM_RFC_DSN 0.0 > score DNS_FROM_RFC_POST 0.0 > score DNS_FROM_RFC_ABUSE 0.0 > score DNS_FROM_RFC_WHOIS 0.0 > score DNS_FROM_RFC_BOGUSMX 0.0 > score RCVD_IN_DSBL 0.0 > score DNS_FROM_AHBL_RHSBL 0.0 > #score HABEAS_INFRINGER 0.0 > #score HABEAS_USER 0.0 > score RCVD_IN_BSP_TRUSTED 0.0 > score RCVD_IN_BSP_OTHER 0.0 > #score __SENDERBASE 0.0 > #score SB_NEW_BULK 0.0 > #score SB_NSP_VOLUME_SPIKE 0.0 > #core RCVD_IN_RSL 0.0 > score RCVD_IN_MAPS_RBL 0.0 > score RCVD_IN_MAPS_DUL 0.0 > score RCVD_IN_MAPS_RSS 0.0 > score RCVD_IN_MAPS_NML 0.0 > score RCVD_IN_BL_SPAMCOP_NET 4 From KGoods at AIAInsurance.com Wed Jun 7 17:00:34 2006 From: KGoods at AIAInsurance.com (Ken Goods) Date: Wed Jun 7 17:05:56 2006 Subject: lock type Message-ID: <13C0059880FDD3118DC600508B6D4A6D013D89F0@aiainsurance.com> David Lee wrote: > Just done a fresh installation of Fedora Core 5, and installed MS > (4.54.6) onto it. FC5 includes sendmail version 8.13.6 . > > I'm leaving the MailScanner.conf 'Lock Type' blank. (Correct?) The > comment there says: > # How to lock spool files. > # Don't set this unless you *know* you need to. > # For sendmail, it defaults to "posix". > # For sendmail 8.12 and older, you will probably need to change it > to flock, # particularly on Linux systems. > # For Exim, it defaults to "posix". > # No other type is implemented. > Lock Type = > > so I would expect it to use "posix". (Correct?) > > But watching /var/log/maillog I see: > ... MailScanner[10490]: Using locktype = flock > > Am I misunderstanding something, or is something, somewhere not > defaulting correctly? > > [[[ > Background: > >> From my years of using MS, I'm aware that the issue of "Lock Type" >> comes > up on this list from time to time, but what I've encountered seems > peculiar. > > 1. This machine is just about to enter service as a main SMTP > submission > host that will be very busy, so we need to have the correct setting. > > 2. A very similar machine is being tested with Mailman and we've seen > some peculiar things happening when it used an MS.conf containing an > explicit 'Lock Type = posix' (its MS.conf had been rather too blindly > copied from an earlier machine). > ]]] > Same thing happened to me when I recently built a new box (Centos 4.3). I set mine to posix explicitly and everything seems to be running fine for the last couple months. HTH Ken Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. MIS Dept. 111 Main St. Lewiston, ID 83501 (208)799-9023 http://www.cropusainsurance.com kgoods@aiainsurance.com From maillists at conactive.com Wed Jun 7 17:31:15 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Jun 7 17:31:29 2006 Subject: virus checker failed with real error In-Reply-To: <4486D76E.109@students.iiit.ac.in> References: <4486D76E.109@students.iiit.ac.in> Message-ID: Nirnimesh wrote on Wed, 07 Jun 2006 19:11:02 +0530: > I'm using MailScanner-4.54.6-1 with clamav-0.88.2. When the virus checks > is enabled, I get the following error in the maillog. > > MailScanner[2895]: Commercial virus checker failed with real error: ClamAV is not a "commercial virus checker", there's something wrong in your config or the error is *not* about clamAV. Did you notice that you didn't say *anything* about your system and how you installed MS and the depending software? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Wed Jun 7 17:56:49 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 7 17:57:04 2006 Subject: sendmail In-Reply-To: <625385e30606070453l477c06d3i36db51459cfe26b7@mail.gmail.com> References: <625385e30606070453l477c06d3i36db51459cfe26b7@mail.gmail.com> Message-ID: <44870551.1030208@ecs.soton.ac.uk> Please do at least a simple Google search before posting questions here, we expect you to do some homework first. Start at www.sendmail.org and the O'Reilly sendmail book. shuttlebox wrote: > On 6/7/06, *Prakash* > wrote: > > Can some one please send me the installation and configuration > guide for sendmail for Solaris? > > Some pdfs/books on sendmail. > > > This guy has a lot of good stuff on his site. > > http://www.brandonhutchinson.com > > This link might be what you're looking for: > > http://www.brandonhutchinson.com/Configuring_the_Solaris-supplied_version_of_Sendmail.html > > -- > /peter -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed Jun 7 17:59:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 7 18:00:06 2006 Subject: virus checker failed with real error In-Reply-To: References: <4486D76E.109@students.iiit.ac.in> Message-ID: <4487060B.3090402@ecs.soton.ac.uk> Kai Schaetzl wrote: > Nirnimesh wrote on Wed, 07 Jun 2006 19:11:02 +0530: > > >> I'm using MailScanner-4.54.6-1 with clamav-0.88.2. When the virus checks >> is enabled, I get the following error in the maillog. >> >> MailScanner[2895]: Commercial virus checker failed with real error: >> > > ClamAV is not a "commercial virus checker", there's something wrong in As far as the error messages are confirmed, it is. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed Jun 7 18:06:44 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 7 18:06:54 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: <00e601c68a12$a25ce840$3701a8c0@lapxp> <010801c68a0e$b89d2740$3004010a@martinhlaptop> Message-ID: <448707A4.1000900@ecs.soton.ac.uk> Scott Silva wrote: > Does setting a zero score actually stop the RBL test, or just ignore the > score? > It disables the test. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From michele at blacknight.ie Wed Jun 7 18:50:57 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Wed Jun 7 18:50:59 2006 Subject: Vispan exim support Message-ID: <44871201.7050708@blacknight.ie> Has anyone successfully got Vispan (http://www.while.org.uk/mailstats/) working with exim? Alternatively, does anyone know of a stats package that plays nice with MS and exim? TIA M -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From Kevin_Miller at ci.juneau.ak.us Wed Jun 7 20:02:37 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Jun 7 20:02:42 2006 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available! Message-ID: Julian Field wrote: > Thanks for that. I have just updated the ClamAV + SpamAssassin package > to contain the new 3.1.3 release of SpamAssassin. Quick question: if one has installed ClamAV & SpamAssassin previously by hand, is there any reason not to run your package on top of those installs to bring things up to date? (Assuming stock installs - no funny paths, etc.) And conversely, if we install your package, is there any potential damage by running a future release of either SA or ClamAV by hand on top of it? Thanks... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From maillists at conactive.com Wed Jun 7 20:31:21 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Jun 7 20:31:36 2006 Subject: virus checker failed with real error In-Reply-To: <4487060B.3090402@ecs.soton.ac.uk> References: <4486D76E.109@students.iiit.ac.in> <4487060B.3090402@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Wed, 07 Jun 2006 17:59:55 +0100: > > ClamAV is not a "commercial virus checker", there's something wrong in > As far as the error messages are confirmed, it is. So, that's your standard error message then? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Wed Jun 7 20:34:33 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 7 20:34:48 2006 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available! In-Reply-To: References: Message-ID: <44872A49.103@ecs.soton.ac.uk> Kevin Miller wrote: > Julian Field wrote: > >> Thanks for that. I have just updated the ClamAV + SpamAssassin package >> to contain the new 3.1.3 release of SpamAssassin. >> > > Quick question: if one has installed ClamAV & SpamAssassin previously > by hand, is there any reason not to run your package on top of those > installs to bring things up to date? (Assuming stock installs - no > funny paths, etc.) > My package will install ClamAV under /usr/local, which is where it installs by default from source. So if that is where your ClamAV is installed, just go ahead and install it over the top. If it isn't where it is installed, either delete the RPM (if that's how you installed it) or delete the clamscan, freshclam, clamd files (/usr/bin?) and the libclam files which may be in /usr/lib. Then install my package. > And conversely, if we install your package, is there any potential > damage by running a future release of either SA or ClamAV by hand on top > of it? > Worth trying to delete as much as possible of one installation before trying another, if they are installing into different places. The ClamAV installation in my package is pretty much the same as a manual installation. The SpamAssassin installation in my package is pretty much the same as a CPAN installation.. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From sailer at bnl.gov Wed Jun 7 20:35:05 2006 From: sailer at bnl.gov (Tim Sailer) Date: Wed Jun 7 20:35:32 2006 Subject: Vispan exim support In-Reply-To: <44871201.7050708@blacknight.ie> References: <44871201.7050708@blacknight.ie> Message-ID: <20060607193505.GG4716@bnl.gov> On Wed, Jun 07, 2006 at 06:50:57PM +0100, Michele Neylon :: Blacknight.ie wrote: > Has anyone successfully got Vispan (http://www.while.org.uk/mailstats/) > working with exim? I've hacked it a bit to work with Exim. http://www2.buoy.com/vispan message delay and rejected don't currently work, but the rest does. Tim -- Tim Sailer Information and Special Technologies Program Northeast Regional Counterintelligence Office Brookhaven National Laboratory (631) 344-3001 From MailScanner at ecs.soton.ac.uk Wed Jun 7 20:47:09 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 7 20:47:19 2006 Subject: virus checker failed with real error In-Reply-To: References: <4486D76E.109@students.iiit.ac.in> <4487060B.3090402@ecs.soton.ac.uk> Message-ID: <44872D3D.3020005@ecs.soton.ac.uk> Kai Schaetzl wrote: > Julian Field wrote on Wed, 07 Jun 2006 17:59:55 +0100: > >>> ClamAV is not a "commercial virus checker", there's something wrong in >>> >> As far as the error messages are confirmed, it is. >> > So, that's your standard error message then? > Yes, it is. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From kte at nexis.be Wed Jun 7 20:48:26 2006 From: kte at nexis.be (kte@nexis.be) Date: Wed Jun 7 20:51:13 2006 Subject: OS problem Centosx64 on BL25P Message-ID: Jun 2 03:18:40 testserver Losing some ticks... checking if CPU frequency changed. Jun 2 03:18:40 testserver warning: many lost ticks. Jun 2 03:18:40 testserver Your time source seems to be instable or some driver is hogging interupts I have an HP BL25P server with 4 GB ram a dual core AMD processor an CentOS4.3 64 bit installed and I get alot of these messages. I have installed the the PSP 7.51. Anyone any ideas? Thanks Koen -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060607/99e06273/attachment.html From michele at blacknight.ie Wed Jun 7 21:00:05 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Wed Jun 7 21:00:47 2006 Subject: Vispan exim support In-Reply-To: <20060607193505.GG4716@bnl.gov> References: <44871201.7050708@blacknight.ie> <20060607193505.GG4716@bnl.gov> Message-ID: <44873045.10300@blacknight.ie> Tim Sailer wrote: > On Wed, Jun 07, 2006 at 06:50:57PM +0100, Michele Neylon :: Blacknight.ie wrote: >> Has anyone successfully got Vispan (http://www.while.org.uk/mailstats/) >> working with exim? > > I've hacked it a bit to work with Exim. > > http://www2.buoy.com/vispan > > message delay and rejected don't currently work, but the rest does. > > Tim > OOooooh Nice :) I'm primarily interested in the statistics, so if you could share your hacks / changes it would be appreciated M -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From shuttlebox at gmail.com Wed Jun 7 21:12:24 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Jun 7 21:12:27 2006 Subject: Vispan exim support In-Reply-To: <20060607193505.GG4716@bnl.gov> References: <44871201.7050708@blacknight.ie> <20060607193505.GG4716@bnl.gov> Message-ID: <625385e30606071312v196679c7i20e8cd8277e70447@mail.gmail.com> On 6/7/06, Tim Sailer wrote: > On Wed, Jun 07, 2006 at 06:50:57PM +0100, Michele Neylon :: Blacknight.ie wrote: > > Has anyone successfully got Vispan (http://www.while.org.uk/mailstats/) > > working with exim? > > I've hacked it a bit to work with Exim. > > http://www2.buoy.com/vispan > > message delay and rejected don't currently work, but the rest does. Have you sent that to David? I'm sure he would like to incorporate it into Vispan. -- /peter From sailer at bnl.gov Wed Jun 7 21:19:22 2006 From: sailer at bnl.gov (Tim Sailer) Date: Wed Jun 7 21:19:55 2006 Subject: Vispan exim support In-Reply-To: <44873045.10300@blacknight.ie> References: <44871201.7050708@blacknight.ie> <20060607193505.GG4716@bnl.gov> <44873045.10300@blacknight.ie> Message-ID: <20060607201922.GN4716@bnl.gov> On Wed, Jun 07, 2006 at 09:00:05PM +0100, Michele Neylon :: Blacknight.ie wrote: > Tim Sailer wrote: > > On Wed, Jun 07, 2006 at 06:50:57PM +0100, Michele Neylon :: Blacknight.ie wrote: > >> Has anyone successfully got Vispan (http://www.while.org.uk/mailstats/) > >> working with exim? > > > > I've hacked it a bit to work with Exim. > > > > http://www2.buoy.com/vispan > > > > message delay and rejected don't currently work, but the rest does. > > > > Tim > > > OOooooh Nice :) > > I'm primarily interested in the statistics, so if you could share your > hacks / changes it would be appreciated It's been a real long while since I touched it. Let me see if I can get the changes out into diffs. If not, I'll just bundle up what I have and make it availble for disection. Tim -- Tim Sailer Information and Special Technologies Program Northeast Regional Counterintelligence Office Brookhaven National Laboratory (631) 344-3001 From sailer at bnl.gov Wed Jun 7 21:46:07 2006 From: sailer at bnl.gov (Tim Sailer) Date: Wed Jun 7 21:46:36 2006 Subject: Vispan exim support In-Reply-To: <625385e30606071312v196679c7i20e8cd8277e70447@mail.gmail.com> References: <44871201.7050708@blacknight.ie> <20060607193505.GG4716@bnl.gov> <625385e30606071312v196679c7i20e8cd8277e70447@mail.gmail.com> Message-ID: <20060607204607.GA7216@bnl.gov> On Wed, Jun 07, 2006 at 10:12:24PM +0200, shuttlebox wrote: > On 6/7/06, Tim Sailer wrote: > >On Wed, Jun 07, 2006 at 06:50:57PM +0100, Michele Neylon :: Blacknight.ie > >wrote: > >> Has anyone successfully got Vispan (http://www.while.org.uk/mailstats/) > >> working with exim? > > > >I've hacked it a bit to work with Exim. > > > >http://www2.buoy.com/vispan > > > >message delay and rejected don't currently work, but the rest does. > > Have you sent that to David? I'm sure he would like to incorporate it > into Vispan. Nope, but I just offered it. I didn't think it was under active development anymore. I'll have to see if I can get it working with the new code. Tim -- Tim Sailer Information and Special Technologies Program Northeast Regional Counterintelligence Office Brookhaven National Laboratory (631) 344-3001 From michele at blacknight.ie Wed Jun 7 22:29:39 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Wed Jun 7 22:29:41 2006 Subject: Vispan exim support In-Reply-To: <20060607201922.GN4716@bnl.gov> References: <44871201.7050708@blacknight.ie> <20060607193505.GG4716@bnl.gov> <44873045.10300@blacknight.ie> <20060607201922.GN4716@bnl.gov> Message-ID: <44874543.3060703@blacknight.ie> Tim Sailer wrote: > It's been a real long while since I touched it. Let me see if I can > get the changes out into diffs. If not, I'll just bundle up what I have > and make it availble for disection. > > Tim > Cool :) -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From michele at blacknight.ie Wed Jun 7 22:30:22 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Wed Jun 7 22:30:40 2006 Subject: Vispan exim support In-Reply-To: <20060607204607.GA7216@bnl.gov> References: <44871201.7050708@blacknight.ie> <20060607193505.GG4716@bnl.gov> <625385e30606071312v196679c7i20e8cd8277e70447@mail.gmail.com> <20060607204607.GA7216@bnl.gov> Message-ID: <4487456E.70809@blacknight.ie> Tim Sailer wrote: n. > > Nope, but I just offered it. I didn't think it was under active > development anymore. I'll have to see if I can get it working with the > new code. Looks like there was a new release this week... -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From wintermutecx at gmail.com Wed Jun 7 22:55:40 2006 From: wintermutecx at gmail.com (Dave) Date: Wed Jun 7 22:55:43 2006 Subject: recover user mail In-Reply-To: References: Message-ID: Thanks, that worked :) From michele at blacknight.ie Wed Jun 7 23:48:18 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Wed Jun 7 23:48:19 2006 Subject: phish bypassing MS Message-ID: <448757B2.70105@blacknight.ie> A "nice" Barclays phish got through this evening. Possibly due to the structure of the link: Resolves to Korea, so I can't see much point in contacting them about it... (I did contact Barclays who unlike some banks actually have a mechanism for reporting phishing) M -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From maillists at conactive.com Thu Jun 8 01:31:14 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jun 8 01:31:30 2006 Subject: OS problem Centosx64 on BL25P In-Reply-To: References: Message-ID: wrote on Wed, 7 Jun 2006 21:48:26 +0200: > Anyone any ideas? Are you sure you got the right list? It's got not even remotely to do with mail. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From sailer at bnl.gov Thu Jun 8 03:37:51 2006 From: sailer at bnl.gov (Tim Sailer) Date: Thu Jun 8 03:38:22 2006 Subject: Vispan exim support In-Reply-To: <44873045.10300@blacknight.ie> References: <44871201.7050708@blacknight.ie> <20060607193505.GG4716@bnl.gov> <44873045.10300@blacknight.ie> Message-ID: <20060608023751.GA22945@bnl.gov> On Wed, Jun 07, 2006 at 09:00:05PM +0100, Michele Neylon :: Blacknight.ie wrote: > Tim Sailer wrote: > > On Wed, Jun 07, 2006 at 06:50:57PM +0100, Michele Neylon :: Blacknight.ie wrote: > >> Has anyone successfully got Vispan (http://www.while.org.uk/mailstats/) > >> working with exim? > > > > I've hacked it a bit to work with Exim. > > > > http://www2.buoy.com/vispan > > > > message delay and rejected don't currently work, but the rest does. > > > > Tim > > > OOooooh Nice :) > > I'm primarily interested in the statistics, so if you could share your > hacks / changes it would be appreciated quickly looking at the code, I created Exim.pm, made changes to Vispan.conf, added the module to /usr/local/bin/Vispan http://www.buoy.com/~tps/vispan-2.0.2-tps.tar.gz is the tarball from 'locate Vispan' Tim -- Tim Sailer Information and Special Technologies Program Northeast Regional Counterintelligence Office Brookhaven National Laboratory (631) 344-3001 From nauman at worldcall.net.pk Thu Jun 8 06:59:13 2006 From: nauman at worldcall.net.pk (Muhammad Nauman) Date: Thu Jun 8 06:59:17 2006 Subject: Mailscanner stopped, sendmail running... References: <014501c68a12$171563c0$3004010a@martinhlaptop> Message-ID: <01c601c68ac0$ab4c5c20$23c051cb@noc> my systems TOP states : top - 10:49:49 up 15:30, 4 users, load average: 1.97, 2.28, 2.89 Tasks: 163 total, 3 running, 159 sleeping, 0 stopped, 1 zombie Cpu(s): 12.4% us, 5.2% sy, 0.0% ni, 73.9% id, 8.2% wa, 0.0% hi, 0.3% si Mem: 2074908k total, 1978684k used, 96224k free, 142460k buffers Swap: 2096472k total, 176k used, 2096296k free, 1159100k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 21894 root 16 0 59844 54m 3444 R 6.5 2.7 0:00.20 MailScanner 16415 root 15 0 60348 54m 3428 S 0.7 2.7 2:34.72 MailScanner 15394 root 16 0 57872 52m 3428 S 0.3 2.6 2:27.27 MailScanner Its almost utilizing the complete MEM and there are some MailScanners process which are even 2:34 min LONG . [root@machine]# less /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 15 model : 4 model name : Intel(R) Pentium(R) 4 CPU 3.00GHz stepping : 1 cpu MHz : 2994.204 cache size : 1024 KB How much RAM should i use for ramdisk (tmpfs) - can i work without it ? i m currently having 7 child processes of MailScanner .in its conf file > Have you read the documentation on tuning? > > http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips > > use of memory isn't a problem (*nix will use spare memory as filesystem > cache so when all the memory's used its not a bad sign). What is a bad > sign > is high levels of swapping. > > 80k messages isn't high. >> >> >> Don't know, but remember that childs can sit there *very* >> >> long. (hours) >> > Arthur Sherman Thanks and regards, M.Nauman Habib Network Engineer ICT Department WorldCALL Multimedia Pvt Ltd 16-S Gulberg II Lahore, Pakistan Off: 92 (42) 5877051-55 Cell : 0321-4311830 From MailScanner at ecs.soton.ac.uk Thu Jun 8 08:29:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 8 08:30:15 2006 Subject: phish bypassing MS In-Reply-To: <448757B2.70105@blacknight.ie> References: <448757B2.70105@blacknight.ie> Message-ID: <9642E40B-C91A-4FC7-8D06-313E9C901BCC@ecs.soton.ac.uk> It was an image, not text. I can't trap those, sorry. Doing so would require OCR. On 7 Jun 2006, at 23:48, Michele Neylon :: Blacknight.ie wrote: > A "nice" Barclays phish got through this evening. Possibly due to the > structure of the link: > > > www.barclays.com.brc1.jsp.brcontrol.kileof.biz/r1/b= > /> > > > Resolves to Korea, so I can't see much point in contacting them > about it... > > (I did contact Barclays who unlike some banks actually have a > mechanism > for reporting phishing) > > M > -- > Mr Michele Neylon > Blacknight Solutions > Quality Business Hosting & Colocation > http://www.blacknight.ie/ > Tel. 1850 927 280 > Intl. +353 (0) 59 9183072 > Direct Dial: +353 (0)59 9183090 > Fax. +353 (0) 59 9164239 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu Jun 8 08:32:41 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 8 08:33:04 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <01c601c68ac0$ab4c5c20$23c051cb@noc> References: <014501c68a12$171563c0$3004010a@martinhlaptop> <01c601c68ac0$ab4c5c20$23c051cb@noc> Message-ID: <04B2AE58-3635-4162-9415-2AB8736F428D@ecs.soton.ac.uk> On 8 Jun 2006, at 06:59, Muhammad Nauman wrote: > How much RAM should i use for ramdisk (tmpfs) - can i work without > it ? > i m currently having 7 child processes of MailScanner .in its conf > file Read up about tmpfs, you don't tell it how much memory to use, it takes it out of your virtual memory and so will use the amount it needs. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From res at ausics.net Thu Jun 8 08:56:58 2006 From: res at ausics.net (Res) Date: Thu Jun 8 08:57:04 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <4486A924.5090502@netmagicsolutions.com> References: <014c01c68a17$6242be60$3004010a@martinhlaptop> <4486A924.5090502@netmagicsolutions.com> Message-ID: On Wed, 7 Jun 2006, Dhawal Doshy wrote: >> >> Ever tried running S.A on servers that do serious work, and want your mail >> out of the queue and delivered the same week ? :) >> (I do run SA on the machines that can handle it though, but thats like 2 >> out of many) > > Most of us run servers that pretty much do serious work ;-).. to each his/her > way. You can use RBLs at: > > SpamAssassin: Best way to use RBLs as per my POV.. the bad part being that > mails originating from ROKSO (spamhaus) are accepted and then tagged. I'd like to know how your customers get mail so fast, at a constant rate avg of 500 messages per minute, SA can not hope to keep up, after 5 mins the queue was at about 1900 *to be* processed, where MailScanner with anti virus and content checking and all that stuff on it usually keeps up fine anbd people get mail seconds later, SA was tunned to best performance by recommendations, and otehr recommendations that it should be used on high end networks (i know why) if I left that wretched load of crap on, my customers would get mail a week later and some probably months later and id be replaced pretty quickly :) But like I said, on some of our smaller more dedicated mail servers we do use it, because on those that do 50 msgs a minute SA can keep up. -- Cheers Res From res at ausics.net Thu Jun 8 08:59:12 2006 From: res at ausics.net (Res) Date: Thu Jun 8 08:59:18 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <01ab01c68a39$f8d67110$3004010a@martinhlaptop> References: <01ab01c68a39$f8d67110$3004010a@martinhlaptop> Message-ID: On Wed, 7 Jun 2006, Martin Hepworth wrote: > Res > > Nope - my SA/MS machine is a gateway machine and dedicated to the task - if > that machine gets compromised (hey its connected to the internet) I don't > loose anything else. your lucky :) But if you use raid 5 or 10 you shouldnt (you would be unlucky to) lose much if anything > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Res >> Sent: 07 June 2006 10:56 >> To: MailScanner discussion >> Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? >> >> Hi Martin, >> >> On Wed, 7 Jun 2006, Martin Hepworth wrote: >> >>> Res >>> >>> Yes that's another option, but I find this type of blacklist give too >> many >>> false positives. I prefer to get SA to do it, and merely add to the spam >>> score. >> >> Ever tried running S.A on servers that do serious work, and want your mail >> out of the queue and delivered the same week ? :) >> (I do run SA on the machines that can handle it though, but thats like 2 >> out of many) >> >> I use SORBS, spamhaus and spamcop, I trust them pretty much, SORBS can be >> an issue with hotmail at times, when it gets to level 2 complaint level we >> remove SORBS until its cleared up. I rather not waste any more resources >> on privacy invading dweebs than I have to, hence why I prefere MTA. >> >>> >> >> -- >> Cheers >> Res >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- Cheers Res From martinh at solid-state-logic.com Thu Jun 8 09:00:00 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jun 8 09:00:07 2006 Subject: Vispan exim support In-Reply-To: <20060607201922.GN4716@bnl.gov> Message-ID: <00a701c68ad1$8a6b17b0$3004010a@martinhlaptop> Tim I'll double Michele's "oooooo nice.." Couple of things I note- according to the config page youre still running SA 3.0.3. There's a nasty DOS vulnerability in that, may I suggest you upgrade to 3.0.6 (if not 3.1.3). Also as you're quite being in MS versions as well you may find 4.54 is quite a lot faster than your 4.41 version. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Tim Sailer > Sent: 07 June 2006 21:19 > To: MailScanner discussion > Subject: Re: Vispan exim support > > On Wed, Jun 07, 2006 at 09:00:05PM +0100, Michele Neylon :: Blacknight.ie > wrote: > > Tim Sailer wrote: > > > On Wed, Jun 07, 2006 at 06:50:57PM +0100, Michele Neylon :: > Blacknight.ie wrote: > > >> Has anyone successfully got Vispan > (http://www.while.org.uk/mailstats/) > > >> working with exim? > > > > > > I've hacked it a bit to work with Exim. > > > > > > http://www2.buoy.com/vispan > > > > > > message delay and rejected don't currently work, but the rest does. > > > > > > Tim > > > > > OOooooh Nice :) > > > > I'm primarily interested in the statistics, so if you could share your > > hacks / changes it would be appreciated > > It's been a real long while since I touched it. Let me see if I can > get the changes out into diffs. If not, I'll just bundle up what I have > and make it availble for disection. > > Tim > > -- > Tim Sailer > Information and Special Technologies Program > Northeast Regional Counterintelligence Office > Brookhaven National Laboratory (631) 344-3001 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From res at ausics.net Thu Jun 8 09:03:36 2006 From: res at ausics.net (Res) Date: Thu Jun 8 09:03:41 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: <00e601c68a12$a25ce840$3701a8c0@lapxp> Message-ID: On Wed, 7 Jun 2006, Logan Shaw wrote: > On Wed, 7 Jun 2006, Res wrote: >> On Wed, 7 Jun 2006, Arthur Sherman wrote: > >>> Who should do RBL checks: MailScanner or SpamAssassin? > >> Neither, the MTA should do it. > > That depends on your policy on what you do with spam. Do you > tag it, or do you delete it? At my site, we have basically > a no-delete policy; spams are tagged and passed through. > This approach gives the users more work (have to set up a > filter) but more control. I'd rather prevent the known spammers connecting, we also use DUL lists as well, apart from SORBS listing hotmail, Ive never in many many many years had a single problem, most users are glad to be protected (as best we can) from scum. On the smaller use machines where we use MS with SA, we have low scoring of 3 tag, and high scoring of 12 delete it. -- Cheers Res From martinh at solid-state-logic.com Thu Jun 8 09:05:56 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jun 8 09:06:03 2006 Subject: phish bypassing MS In-Reply-To: <9642E40B-C91A-4FC7-8D06-313E9C901BCC@ecs.soton.ac.uk> Message-ID: <00a801c68ad2$5ef249e0$3004010a@martinhlaptop> Michele What URI-RBL's are you using in the SA setup? I think the latest SA (3.1.3) has the URI-black in there as well which I find very usefule. I find that 88_FVGT_uri.cf from http://www.rulesemporium.com/other-rules.htm (and Freds other rules) help a lot on this kind of thing too - assuming the clamav phishing stuff doesn't catch them, which isn't as good as it used to be..) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 08 June 2006 08:30 > To: MailScanner discussion > Subject: Re: phish bypassing MS > > It was an image, not text. I can't trap those, sorry. > Doing so would require OCR. > > On 7 Jun 2006, at 23:48, Michele Neylon :: Blacknight.ie wrote: > > > A "nice" Barclays phish got through this evening. Possibly due to the > > structure of the link: > > > > > > > www.barclays.com.brc1.jsp.brcontrol.kileof.biz/r1/b= > > /> > > > > > > Resolves to Korea, so I can't see much point in contacting them > > about it... > > > > (I did contact Barclays who unlike some banks actually have a > > mechanism > > for reporting phishing) > > > > M > > -- > > Mr Michele Neylon > > Blacknight Solutions > > Quality Business Hosting & Colocation > > http://www.blacknight.ie/ > > Tel. 1850 927 280 > > Intl. +353 (0) 59 9183072 > > Direct Dial: +353 (0)59 9183090 > > Fax. +353 (0) 59 9164239 > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From arturs at netvision.net.il Thu Jun 8 10:07:27 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Thu Jun 8 09:09:11 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <014501c68a12$171563c0$3004010a@martinhlaptop> Message-ID: <003e01c68ada$f71cc800$3701a8c0@lapxp> > Have you read the documentation on tuning? > > http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips Most links to instructions are broken... Best, -- Arthur Sherman +972-52-4878851 CPTeam From martinh at solid-state-logic.com Thu Jun 8 09:25:58 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jun 8 09:26:06 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: Message-ID: <00b201c68ad5$2b948a60$3004010a@martinhlaptop> Res Wow 43 Million messages a day.. I think the most any has had is about 2 million messages out of a single machine (dunno if anyone has done any laod tests with the recent faster code). I think the best way to handle this would be to handle some sort of cluster with a mysql based bayes engine and using DNS to load balance. Also I dunno if anyone's tested the new spam cache code using shared (NFS) files for this or they would recommend keeping one per local system. Maybe one of the Steves or Jules can comment on clusters better.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Res > Sent: 08 June 2006 08:57 > To: MailScanner discussion > Subject: Re: Who does RBL checks - MailScanner or SpamAssassin? > > On Wed, 7 Jun 2006, Dhawal Doshy wrote: > >> > >> Ever tried running S.A on servers that do serious work, and want your > mail > >> out of the queue and delivered the same week ? :) > >> (I do run SA on the machines that can handle it though, but thats like > 2 > >> out of many) > > > > Most of us run servers that pretty much do serious work ;-).. to each > his/her > > way. You can use RBLs at: > > > > SpamAssassin: Best way to use RBLs as per my POV.. the bad part being > that > > mails originating from ROKSO (spamhaus) are accepted and then tagged. > > > I'd like to know how your customers get mail so fast, at a constant rate > avg of 500 messages per minute, SA can not hope to keep up, after 5 mins > the queue was at about 1900 *to be* processed, where MailScanner with anti > virus and content checking and all that stuff on it usually keeps up > fine anbd people get mail seconds later, SA was tunned to best > performance by recommendations, and otehr recommendations that it should > be used on high end networks (i know why) if I left that wretched load of > crap on, my customers would get mail a week later and some probably months > later and id be > replaced pretty quickly :) > > But like I said, on some of our smaller more dedicated mail servers we do > use it, because on those that do 50 msgs a minute SA can keep up. > > -- > Cheers > Res > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Thu Jun 8 09:28:03 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jun 8 09:28:11 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: Message-ID: <00b301c68ad5$75ce9da0$3004010a@martinhlaptop> Res RAID won't help when you're system's compromised and that is used as a jumping station to your other systems.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Res > Sent: 08 June 2006 08:59 > To: MailScanner discussion > Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? > > On Wed, 7 Jun 2006, Martin Hepworth wrote: > > > Res > > > > Nope - my SA/MS machine is a gateway machine and dedicated to the task - > if > > that machine gets compromised (hey its connected to the internet) I > don't > > loose anything else. > > your lucky :) > But if you use raid 5 or 10 you shouldnt (you would be unlucky to) lose > much if anything > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Res > >> Sent: 07 June 2006 10:56 > >> To: MailScanner discussion > >> Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? > >> > >> Hi Martin, > >> > >> On Wed, 7 Jun 2006, Martin Hepworth wrote: > >> > >>> Res > >>> > >>> Yes that's another option, but I find this type of blacklist give too > >> many > >>> false positives. I prefer to get SA to do it, and merely add to the > spam > >>> score. > >> > >> Ever tried running S.A on servers that do serious work, and want your > mail > >> out of the queue and delivered the same week ? :) > >> (I do run SA on the machines that can handle it though, but thats like > 2 > >> out of many) > >> > >> I use SORBS, spamhaus and spamcop, I trust them pretty much, SORBS can > be > >> an issue with hotmail at times, when it gets to level 2 complaint level > we > >> remove SORBS until its cleared up. I rather not waste any more > resources > >> on privacy invading dweebs than I have to, hence why I prefere MTA. > >> > >>> > >> > >> -- > >> Cheers > >> Res > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > > > -- > Cheers > Res > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Thu Jun 8 09:29:03 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jun 8 09:29:12 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: Message-ID: <00b401c68ad5$99a28570$3004010a@martinhlaptop> Res Hmm I use 5 as low scoring and 10 as delete....get very few 5-10 false positives... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Res > Sent: 08 June 2006 09:04 > To: MailScanner discussion > Subject: Re: Who does RBL checks - MailScanner or SpamAssassin? > > On Wed, 7 Jun 2006, Logan Shaw wrote: > > > On Wed, 7 Jun 2006, Res wrote: > >> On Wed, 7 Jun 2006, Arthur Sherman wrote: > > > >>> Who should do RBL checks: MailScanner or SpamAssassin? > > > >> Neither, the MTA should do it. > > > > That depends on your policy on what you do with spam. Do you > > tag it, or do you delete it? At my site, we have basically > > a no-delete policy; spams are tagged and passed through. > > This approach gives the users more work (have to set up a > > filter) but more control. > > > I'd rather prevent the known spammers connecting, we also use DUL lists as > well, apart from SORBS listing hotmail, Ive never in many many many years > had a single problem, most users are glad to be protected (as best we can) > from scum. > > On the smaller use machines where we use MS with SA, we have low scoring > of 3 tag, and high scoring of 12 delete it. > > > -- > Cheers > Res > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From febrianto at sioenasia.com Thu Jun 8 09:51:12 2006 From: febrianto at sioenasia.com (Budi Febrianto) Date: Thu Jun 8 09:45:35 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <4486F765.7010401@netmagicsolutions.com> Message-ID: Dumb question: I changed the configuration in MailScanner.conf from Spam List = SBL+XBL # You can un-comment this to enable them To Spam List = # SBL+XBL # You can un-comment this to enable them And in spam.assassin.pref.conf from #score RCVD_IN_BL_SPAMCOP_NET 4 # These next 3 will cost you money, see mailscanner.conf. #score RCVD_IN_RBL 10 #score RCVD_IN_RSS 1 #score RCVD_IN_DUL 1 To score __RCVD_IN_SBL_XBL 4 #score RCVD_IN_BL_SPAMCOP_NET 4 # These next 3 will cost you money, see mailscanner.conf. #score RCVD_IN_RBL 10 #score RCVD_IN_RSS 1 #score RCVD_IN_DUL 1 Do the spamassassin --lint result OK. Then do MailScanner reload. Now, how do I know if the RBL works in SA? Because in the log (I use mailwatch), I don't see any tag in spam report. I can see the pyzor_check score. I use SA 3.1.0 and MailScanner 4.52.2 Thanks mailscanner-bounces@lists.mailscanner.info wrote on 06/07/2006 10:57:25 PM: > Johnny Stork wrote: > > Sorry of this may have been covered elsewhere. I have been > following this thread and agree with the logic so would like to try > the changes, remove RBL checking from MailScanner and enable in SA. > Could someoen pelase list what I change/comment-out in mailscanner. > conf, and what I need to add/edit in spam.assassing.prefs.conf... > there are bits and peices in this thread, but I want to ensure I > have everything. So far I think I have: > > {snip} > > > #score RCVD_IN_RSS 1 > > This was removed from SA some versions back, IIRC.. > > You do not need to change the default score (unless you know what you > are doing). Also i wouldn't advise scoring a '0' for most RBL rules > since they scan more than the last received IP/HOP (unlike RBLs which > will only check the last received IP.. read the man pages for more details). > > - dhawal > > > #score __RCVD_IN_SBL_XBL 0.0 > > score RCVD_IN_SBL 0.0 > > score RCVD_IN_XBL 0.0 > > score __RCVD_IN_NJABL 0.0 > > score RCVD_IN_NJABL_DUL 0.0 > > score RCVD_IN_NJABL_MULTI 0.0 > > score RCVD_IN_NJABL_PROXY 0.0 > > score RCVD_IN_NJABL_RELAY 0.0 > > score RCVD_IN_NJABL_SPAM 0.0 > > score RCVD_IN_NJABL_CGI 0.0 > > #score __RCVD_IN_SORBS 0.0 > > score RCVD_IN_SORBS_HTTP 0.0 > > score RCVD_IN_SORBS_MISC 0.0 > > score RCVD_IN_SORBS_SMTP 0.0 > > score RCVD_IN_SORBS_SOCKS 0.0 > > score RCVD_IN_SORBS_WEB 0.0 > > score RCVD_IN_SORBS_BLOCK 0.0 > > score RCVD_IN_SORBS_ZOMBIE 0.0 > > score RCVD_IN_SORBS_DUL 0.0 > > score __RFC_IGNORANT_ENVFROM 0.0 > > score DNS_FROM_RFC_DSN 0.0 > > score DNS_FROM_RFC_POST 0.0 > > score DNS_FROM_RFC_ABUSE 0.0 > > score DNS_FROM_RFC_WHOIS 0.0 > > score DNS_FROM_RFC_BOGUSMX 0.0 > > score RCVD_IN_DSBL 0.0 > > score DNS_FROM_AHBL_RHSBL 0.0 > > #score HABEAS_INFRINGER 0.0 > > #score HABEAS_USER 0.0 > > score RCVD_IN_BSP_TRUSTED 0.0 > > score RCVD_IN_BSP_OTHER 0.0 > > #score __SENDERBASE 0.0 > > #score SB_NEW_BULK 0.0 > > #score SB_NSP_VOLUME_SPIKE 0.0 > > #core RCVD_IN_RSL 0.0 > > score RCVD_IN_MAPS_RBL 0.0 > > score RCVD_IN_MAPS_DUL 0.0 > > score RCVD_IN_MAPS_RSS 0.0 > > score RCVD_IN_SORBS_MISC 0.0 > > score RCVD_IN_SORBS_SMTP 0.0 > > score RCVD_IN_SORBS_SOCKS 0.0 > > score RCVD_IN_SORBS_WEB 0.0 > > score RCVD_IN_SORBS_BLOCK 0.0 > > score RCVD_IN_SORBS_ZOMBIE 0.0 > > score RCVD_IN_SORBS_DUL 0.0 > > score __RFC_IGNORANT_ENVFROM 0.0 > > score DNS_FROM_RFC_DSN 0.0 > > score DNS_FROM_RFC_POST 0.0 > > score DNS_FROM_RFC_ABUSE 0.0 > > score DNS_FROM_RFC_WHOIS 0.0 > > score DNS_FROM_RFC_BOGUSMX 0.0 > > score RCVD_IN_DSBL 0.0 > > score DNS_FROM_AHBL_RHSBL 0.0 > > #score HABEAS_INFRINGER 0.0 > > #score HABEAS_USER 0.0 > > score RCVD_IN_BSP_TRUSTED 0.0 > > score RCVD_IN_BSP_OTHER 0.0 > > #score __SENDERBASE 0.0 > > #score SB_NEW_BULK 0.0 > > #score SB_NSP_VOLUME_SPIKE 0.0 > > #core RCVD_IN_RSL 0.0 > > score RCVD_IN_MAPS_RBL 0.0 > > score RCVD_IN_MAPS_DUL 0.0 > > score RCVD_IN_MAPS_RSS 0.0 > > score RCVD_IN_MAPS_NML 0.0 > > score RCVD_IN_BL_SPAMCOP_NET 4 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > From arturs at netvision.net.il Thu Jun 8 10:56:52 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Thu Jun 8 09:58:38 2006 Subject: lock type In-Reply-To: Message-ID: <004501c68ae1$de9d18f0$3701a8c0@lapxp> > I'm leaving the MailScanner.conf 'Lock Type' blank. (Correct?) The > comment there says: > # How to lock spool files. > # Don't set this unless you *know* you need to. > # For sendmail, it defaults to "posix". > # For sendmail 8.12 and older, you will probably need to > change it to flock, > # particularly on Linux systems. > # For Exim, it defaults to "posix". > # No other type is implemented. > Lock Type = > > so I would expect it to use "posix". (Correct?) > > But watching /var/log/maillog I see: > ... MailScanner[10490]: Using locktype = flock Just leave it blank. In a case of sendmail flock type will be used. Best, -- Arthur Sherman +972-52-4878851 CPTeam From martinh at solid-state-logic.com Thu Jun 8 09:59:20 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jun 8 09:59:39 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: Message-ID: <00d801c68ad9$d621bf30$3004010a@martinhlaptop> Hi Do a a "spamassassin -D --lint" and see if the tests being called. It could be the DNS module or something isn't installed properly.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Budi Febrianto > Sent: 08 June 2006 09:51 > To: MailScanner discussion > Subject: Re: Who does RBL checks - MailScanner or SpamAssassin? > > > Dumb question: > I changed the configuration in MailScanner.conf > from > Spam List = SBL+XBL # You can un-comment this to enable them > > To > Spam List = # SBL+XBL # You can un-comment this to enable them > > And in spam.assassin.pref.conf > from > #score RCVD_IN_BL_SPAMCOP_NET 4 > # These next 3 will cost you money, see mailscanner.conf. > #score RCVD_IN_RBL 10 > #score RCVD_IN_RSS 1 > #score RCVD_IN_DUL 1 > > To > score __RCVD_IN_SBL_XBL 4 > #score RCVD_IN_BL_SPAMCOP_NET 4 > # These next 3 will cost you money, see mailscanner.conf. > #score RCVD_IN_RBL 10 > #score RCVD_IN_RSS 1 > #score RCVD_IN_DUL 1 > > Do the spamassassin --lint result OK. > Then do MailScanner reload. > Now, how do I know if the RBL works in SA? Because in the log (I use > mailwatch), I don't see any tag in spam report. I can see the pyzor_check > score. > > I use SA 3.1.0 and MailScanner 4.52.2 > > Thanks > > mailscanner-bounces@lists.mailscanner.info wrote on 06/07/2006 10:57:25 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From dhawal at netmagicsolutions.com Thu Jun 8 10:08:25 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Jun 8 10:08:34 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: <014c01c68a17$6242be60$3004010a@martinhlaptop> <4486A924.5090502@netmagicsolutions.com> Message-ID: <4487E909.5030308@netmagicsolutions.com> Res wrote: > On Wed, 7 Jun 2006, Dhawal Doshy wrote: >>> >>> Ever tried running S.A on servers that do serious work, and want your >>> mail out of the queue and delivered the same week ? :) >>> (I do run SA on the machines that can handle it though, but thats >>> like 2 out of many) >> >> Most of us run servers that pretty much do serious work ;-).. to each >> his/her way. You can use RBLs at: >> >> SpamAssassin: Best way to use RBLs as per my POV.. the bad part being >> that mails originating from ROKSO (spamhaus) are accepted and then >> tagged. > > > I'd like to know how your customers get mail so fast, at a constant rate > avg of 500 messages per minute, SA can not hope to keep up, after 5 mins > the queue was at about 1900 *to be* processed, where MailScanner with > anti virus and content checking and all that stuff on it usually keeps > up fine anbd people get mail seconds later, SA was tunned to best > performance by recommendations, and otehr recommendations that it should > be used on high end networks (i know why) if I left that wretched load > of crap on, my customers would get mail a week later and some probably > months later and id be replaced pretty quickly :) > > But like I said, on some of our smaller more dedicated mail servers we > do use it, because on those that do 50 msgs a minute SA can keep up. I do about sustained 12 mails per second for a couple of hours in a day which equals (12*60*60*2 = 86400) and about the twice that throughout the day totaling about 225000 mails per day between 2 servers.. no bad i guess. Both servers are fully loaded MailScanner/Postfix/SA/DCC/Pyzor and add BAYES/MailWatch (on a separate server), 3 antivirus engines and SARE to the list. This is not counting mails rejected at the RBL level. Average mail delivery time is 10-15 seconds to the delivery servers. And i haven't done any advanced tuning (save using TMPFS) on these servers. Of course it helps to have Dual Processors and 3 GB RAM with SCSI Disks (Dell PE1850). I understand people on this list process a lot more mails with a similar setup. - dhawal From t.d.lee at durham.ac.uk Thu Jun 8 10:21:06 2006 From: t.d.lee at durham.ac.uk (David Lee) Date: Thu Jun 8 10:21:37 2006 Subject: lock type In-Reply-To: <004501c68ae1$de9d18f0$3701a8c0@lapxp> References: <004501c68ae1$de9d18f0$3701a8c0@lapxp> Message-ID: On Thu, 8 Jun 2006, Arthur Sherman wrote: > [David Lee had written:] > > I'm leaving the MailScanner.conf 'Lock Type' blank. (Correct?) The > > comment there says: > > # How to lock spool files. > > # Don't set this unless you *know* you need to. > > # For sendmail, it defaults to "posix". > > # For sendmail 8.12 and older, you will probably need to > > change it to flock, > > # particularly on Linux systems. > > # For Exim, it defaults to "posix". > > # No other type is implemented. > > Lock Type = > > > > so I would expect it to use "posix". (Correct?) > > > > But watching /var/log/maillog I see: > > ... MailScanner[10490]: Using locktype = flock > > Just leave it blank. > > In a case of sendmail flock type will be used. But that's incorrect, isn't it? Could you check the reasoning below? o Given: This system is FC5 with sendmail 8.13.6. (MS 4.54.6). o MailScanner.conf has: MTA = sendmail Lock Type = o Therefore, according to the comments, this should result in "posix". o "posix" is, indeed, the desired and expected outcome for this system (isn't it?). o BUT "maillog" is reporting ... MailScanner[26259]: Using locktype = flock The comments say I should end up with "posix". Maillog says I'm getting "flock". So something somewhere (possibly including my understanding!) is incorrect. Help! -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : Durham University : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From glenn.steen at gmail.com Thu Jun 8 10:34:12 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jun 8 10:34:16 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <003e01c68ada$f71cc800$3701a8c0@lapxp> References: <014501c68a12$171563c0$3004010a@martinhlaptop> <003e01c68ada$f71cc800$3701a8c0@lapxp> Message-ID: <223f97700606080234y4843664am633622be35a83100@mail.gmail.com> On 08/06/06, Arthur Sherman wrote: > > Have you read the documentation on tuning? > > > > http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips > > Most links to instructions are broken... > Yep, this is because the old faq-o-matic is gone... Probably went out the window when Jules updated to the new website. Unfortunately not all the relavant info has been moved to the wiki (much because it wasn't that easy to corroborate (to check if some details are correct, some because it contains a few gems and some crud that simply don't apply anymore... etc). Even more unfortunate is that we still have (especially in the MAQ) quite a few references to it. For some we already have equivalent docs in the wiki though (like DCC: http://wiki.mailscanner.info/doku.php?id=&idx=documentation:anti_spam:spamassassin:plugins:dcc), so it moght be just a need for a minor overhaul for these. Jules, Ugo ... we need to adress this. Will see what I can do. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From arturs at netvision.net.il Thu Jun 8 11:33:40 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Thu Jun 8 10:35:31 2006 Subject: lock type In-Reply-To: Message-ID: <005201c68ae7$022e6030$3701a8c0@lapxp> > But that's incorrect, isn't it? Could you check the reasoning below? > > o Given: This system is FC5 with sendmail 8.13.6. (MS 4.54.6). > > o MailScanner.conf has: > MTA = sendmail > Lock Type = > > o Therefore, according to the comments, this should result > in "posix". > > o "posix" is, indeed, the desired and expected outcome for > this system > (isn't it?). > > o BUT "maillog" is reporting > ... MailScanner[26259]: Using locktype = flock > > > The comments say I should end up with "posix". Maillog says > I'm getting > "flock". So something somewhere (possibly including my > understanding!) is > incorrect. As far as I remember, in older versions this was flock... It could be a mistype in conf - however, flock rulez. Best, -- Arthur Sherman +972-52-4878851 CPTeam From glenn.steen at gmail.com Thu Jun 8 10:36:40 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jun 8 10:36:44 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <223f97700606080234y4843664am633622be35a83100@mail.gmail.com> References: <014501c68a12$171563c0$3004010a@martinhlaptop> <003e01c68ada$f71cc800$3701a8c0@lapxp> <223f97700606080234y4843664am633622be35a83100@mail.gmail.com> Message-ID: <223f97700606080236j52469112hfb9df335a9ac7758@mail.gmail.com> On 08/06/06, Glenn Steen wrote: (snip) > ... (to check if some details are correct, some ... Accidental "send" there. That should've read: > ... (to check if some details are correct, one needs to have the system/HW to test on:-) some ... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From febrianto at sioenasia.com Thu Jun 8 11:23:28 2006 From: febrianto at sioenasia.com (Budi Febrianto) Date: Thu Jun 8 11:17:28 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <00d801c68ad9$d621bf30$3004010a@martinhlaptop> Message-ID: Martin, Is there any specifi string that i have to look for? to find out if the rbl works in SA or not? mailscanner-bounces@lists.mailscanner.info wrote on 06/08/2006 03:59:20 PM: > Hi > > Do a a "spamassassin -D --lint" and see if the tests being called. > > It could be the DNS module or something isn't installed properly.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Budi Febrianto > > Sent: 08 June 2006 09:51 > > To: MailScanner discussion > > Subject: Re: Who does RBL checks - MailScanner or SpamAssassin? > > > > > > Dumb question: > > I changed the configuration in MailScanner.conf > > from > > Spam List = SBL+XBL # You can un-comment this to enable them > > > > To > > Spam List = # SBL+XBL # You can un-comment this to enable them > > > > And in spam.assassin.pref.conf > > from > > #score RCVD_IN_BL_SPAMCOP_NET 4 > > # These next 3 will cost you money, see mailscanner.conf. > > #score RCVD_IN_RBL 10 > > #score RCVD_IN_RSS 1 > > #score RCVD_IN_DUL 1 > > > > To > > score __RCVD_IN_SBL_XBL 4 > > #score RCVD_IN_BL_SPAMCOP_NET 4 > > # These next 3 will cost you money, see mailscanner.conf. > > #score RCVD_IN_RBL 10 > > #score RCVD_IN_RSS 1 > > #score RCVD_IN_DUL 1 > > > > Do the spamassassin --lint result OK. > > Then do MailScanner reload. > > Now, how do I know if the RBL works in SA? Because in the log (I use > > mailwatch), I don't see any tag in spam report. I can see the pyzor_check > > score. > > > > I use SA 3.1.0 and MailScanner 4.52.2 > > > > Thanks > > > > mailscanner-bounces@lists.mailscanner.info wrote on 06/07/2006 10:57:25 > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > From glenn.steen at gmail.com Thu Jun 8 11:21:38 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jun 8 11:21:40 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <01c601c68ac0$ab4c5c20$23c051cb@noc> References: <014501c68a12$171563c0$3004010a@martinhlaptop> <01c601c68ac0$ab4c5c20$23c051cb@noc> Message-ID: <223f97700606080321j3b11a3caka0cb92ee9b2afcce@mail.gmail.com> On 08/06/06, Muhammad Nauman wrote: > my systems TOP states : > > top - 10:49:49 up 15:30, 4 users, load average: 1.97, 2.28, 2.89 > Tasks: 163 total, 3 running, 159 sleeping, 0 stopped, 1 zombie > Cpu(s): 12.4% us, 5.2% sy, 0.0% ni, 73.9% id, 8.2% wa, 0.0% hi, 0.3% si > Mem: 2074908k total, 1978684k used, 96224k free, 142460k buffers > Swap: 2096472k total, 176k used, 2096296k free, 1159100k cached > > PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND > 21894 root 16 0 59844 54m 3444 R 6.5 2.7 0:00.20 MailScanner > 16415 root 15 0 60348 54m 3428 S 0.7 2.7 2:34.72 MailScanner > 15394 root 16 0 57872 52m 3428 S 0.3 2.6 2:27.27 MailScanner > > Its almost utilizing the complete MEM and there are some MailScanners > process which are even 2:34 min LONG . Very relative term there ... "almost"...:-). You have approximately 250 MiB available and practiacally no swap activity... Looks pretty well-balanced to me. Load seems reasonable, especially if you run sendmail. The TIME there.... How long ahd the process that took 2:34 been running? Assuming close to 4 hours on a fairly busy server, then using the CPU for well under 3 minutes total isn't much to write home about:-). What I'm saying is that performance measurements without a context and with no "baseline" to compare to, is pretty useless;). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From res at ausics.net Thu Jun 8 11:31:54 2006 From: res at ausics.net (Res) Date: Thu Jun 8 11:32:00 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <00b201c68ad5$2b948a60$3004010a@martinhlaptop> References: <00b201c68ad5$2b948a60$3004010a@martinhlaptop> Message-ID: Hi Martin, On Thu, 8 Jun 2006, Martin Hepworth wrote: > Res > > Wow 43 Million messages a day.. I think the most any has had is about 2 > million messages out of a single machine (dunno if anyone has done any laod > tests with the recent faster code). HUH wtf did you get 43m from? It's about 30k messages an hour, I know I was hopeless at maths but 30000 x 500 !=43000000 ;) > I think the best way to handle this would be to handle some sort of cluster > with a mysql based bayes engine and using DNS to load balance. So you want us to outlay 10's of thousands of dollars for no reason? it handles it nicely now, and the load rarely gets above 3 when its in peak, and all that is probably disk speed, we are fairly happy without SA thanks :) > -- Cheers Res From res at ausics.net Thu Jun 8 11:36:03 2006 From: res at ausics.net (Res) Date: Thu Jun 8 11:36:09 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <00b301c68ad5$75ce9da0$3004010a@martinhlaptop> References: <00b301c68ad5$75ce9da0$3004010a@martinhlaptop> Message-ID: On Thu, 8 Jun 2006, Martin Hepworth wrote: > Res > > RAID won't help when you're system's compromised and that is used as a > jumping station to your other systems.... Whats to compromise, sendmail or qmail, a good network should have its data centers well protectd by ACL's allowing in only what you want and to where you want. Both Sendmail and Qmail are pretty secure these days, but we regulary audit all servers, to think it will 'never' happen to you, is only being nieve and it will probably happen to that kind of person if they dont keep regular tabs on things. Only ever problem we've had is disk die on RAID. > -- Cheers Res From res at ausics.net Thu Jun 8 11:37:54 2006 From: res at ausics.net (Res) Date: Thu Jun 8 11:38:01 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <00b401c68ad5$99a28570$3004010a@martinhlaptop> References: <00b401c68ad5$99a28570$3004010a@martinhlaptop> Message-ID: On Thu, 8 Jun 2006, Martin Hepworth wrote: > Res > > Hmm I use 5 as low scoring and 10 as delete....get very few 5-10 false > positives... On a box that uses SA I'm amazed at the amount of calais and viagra crap that are marked as totaly cleam scoring a bare 0.1 etc... -- Cheers Res From res at ausics.net Thu Jun 8 11:42:30 2006 From: res at ausics.net (Res) Date: Thu Jun 8 11:42:36 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <4487E909.5030308@netmagicsolutions.com> References: <014c01c68a17$6242be60$3004010a@martinhlaptop> <4486A924.5090502@netmagicsolutions.com> <4487E909.5030308@netmagicsolutions.com> Message-ID: On Thu, 8 Jun 2006, Dhawal Doshy wrote: > Average mail delivery time is 10-15 seconds to the delivery servers. And i > haven't done any advanced tuning (save using TMPFS) on these servers. Of > course it helps to have Dual Processors and 3 GB RAM with SCSI Disks (Dell > PE1850). > Yes but you still have not said what your SA tunnings are I wasnt being a smart ass i was being genuine, but no problems I take it the way you meant it and you shall be ignored :) If anyone on this list processing the levels we do and actually is bored enough to say how they tuned SA i'd be interested in reading > > - dhawal > -- Cheers Res From martinh at solid-state-logic.com Thu Jun 8 11:42:42 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jun 8 11:42:50 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: Message-ID: <00f601c68ae8$456572c0$3004010a@martinhlaptop> Budi Should see lines like dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Budi Febrianto > Sent: 08 June 2006 11:23 > To: MailScanner discussion > Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? > > Martin, > > Is there any specifi string that i have to look for? to find out if the > rbl > works in SA or not? > > mailscanner-bounces@lists.mailscanner.info wrote on 06/08/2006 03:59:20 > PM: > > > Hi > > > > Do a a "spamassassin -D --lint" and see if the tests being called. > > > > It could be the DNS module or something isn't installed properly.. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Budi Febrianto > > > Sent: 08 June 2006 09:51 > > > To: MailScanner discussion > > > Subject: Re: Who does RBL checks - MailScanner or SpamAssassin? > > > > > > > > > Dumb question: > > > I changed the configuration in MailScanner.conf > > > from > > > Spam List = SBL+XBL # You can un-comment this to enable them > > > > > > To > > > Spam List = # SBL+XBL # You can un-comment this to enable them > > > > > > And in spam.assassin.pref.conf > > > from > > > #score RCVD_IN_BL_SPAMCOP_NET 4 > > > # These next 3 will cost you money, see mailscanner.conf. > > > #score RCVD_IN_RBL 10 > > > #score RCVD_IN_RSS 1 > > > #score RCVD_IN_DUL 1 > > > > > > To > > > score __RCVD_IN_SBL_XBL 4 > > > #score RCVD_IN_BL_SPAMCOP_NET 4 > > > # These next 3 will cost you money, see mailscanner.conf. > > > #score RCVD_IN_RBL 10 > > > #score RCVD_IN_RSS 1 > > > #score RCVD_IN_DUL 1 > > > > > > Do the spamassassin --lint result OK. > > > Then do MailScanner reload. > > > Now, how do I know if the RBL works in SA? Because in the log (I use > > > mailwatch), I don't see any tag in spam report. I can see the > pyzor_check > > > score. > > > > > > I use SA 3.1.0 and MailScanner 4.52.2 > > > > > > Thanks > > > > > > mailscanner-bounces@lists.mailscanner.info wrote on 06/07/2006 > 10:57:25 > > > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From patrick at isoc.lu Thu Jun 8 11:50:40 2006 From: patrick at isoc.lu (Patrick Vande Walle) Date: Thu Jun 8 11:50:50 2006 Subject: Archive Public Keys Message-ID: <44880100.7000202@isoc.lu> Hello Julian, I tried to implement the archiving of public keys, as explained here: http://thread.gmane.org/gmane.mail.virus.mailscanner/35920/focus=35923 Not much success up at start. No keys got saved. Apparently the two lines doing the job are commented out in /usr/lib/MailScanner/MailScanner/SweepContent.pm # Find and save all the public keys (X.509 and PGP) in each message. #ExtractPublicKeys($message, $ent) # if MailScanner::Config::Value('archivepublickeys', $message); Once In uncommented the lines, it worked like a charm. Further, when I ran upgrade_mailscanner_conf, it said: Removed old: Public Key Archive Dir = /var/spool/MailScanner/keys Removed old: Archive Public Keys = yes ... which is logical, since these two values do not appear un Mailscanner.conf.rpmnew. This is with MS version 4.54.6 So the question is: is this feature meant to remain commented out ? Thanks a lot, Patrick Vande Walle From glenn.steen at gmail.com Thu Jun 8 11:51:30 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jun 8 11:51:35 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: <00b201c68ad5$2b948a60$3004010a@martinhlaptop> Message-ID: <223f97700606080351o10700dcby205822218959b6b6@mail.gmail.com> On 08/06/06, Res wrote: > Hi Martin, > > On Thu, 8 Jun 2006, Martin Hepworth wrote: > > > Res > > > > Wow 43 Million messages a day.. I think the most any has had is about 2 > > million messages out of a single machine (dunno if anyone has done any laod > > tests with the recent faster code). > > HUH wtf did you get 43m from? It's about 30k messages an hour, > I know I was hopeless at maths but 30000 x 500 !=43000000 ;) Missread by Martin I beleive... He read "second" where you said "minute" (60*60*24*500=43.2*10^6 ... I did the same thing... sat there full of awe for a moment, considering you have several boxes doing that:-). The 720k you do per day isn't bad, though perhaps not as aweinspiring:-). > > I think the best way to handle this would be to handle some sort of cluster > > with a mysql based bayes engine and using DNS to load balance. > > So you want us to outlay 10's of thousands of dollars for no reason? > it handles it nicely now, and the load rarely gets above 3 when its in > peak, and all that is probably disk speed, we are fairly happy without SA > thanks :) I guess you have this very well covered, but... What is it that "kills you" when running SA? The DNS overhead? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From steve.swaney at fsl.com Thu Jun 8 12:01:05 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jun 8 12:01:09 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: Message-ID: <03d101c68aea$d6f55320$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Res > Sent: Thursday, June 08, 2006 6:38 AM > To: MailScanner discussion > Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? > > On Thu, 8 Jun 2006, Martin Hepworth wrote: > > > Res > > > > Hmm I use 5 as low scoring and 10 as delete....get very few 5-10 false > > positives... > > On a box that uses SA I'm amazed at the amount of calais and viagra crap > that are marked as totaly cleam scoring a bare 0.1 etc... > > > -- > Cheers > Res We run MS/SA on our own systems and a lot of others. We don't see any: > On a box that uses SA I'm amazed at the amount of calais and viagra crap > that are marked as totaly cleam scoring a bare 0.1 etc... My guess is that you're not using the SARE rule sets in combination with Rules_du_Jour. They are very effective, especially when you update them daily. My thanks to the folks who maintain the SARE rule sets; you are much appreciated :) Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From dhawal at netmagicsolutions.com Thu Jun 8 12:08:07 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Jun 8 12:08:21 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: <014c01c68a17$6242be60$3004010a@martinhlaptop> <4486A924.5090502@netmagicsolutions.com> <4487E909.5030308@netmagicsolutions.com> Message-ID: <44880517.5010201@netmagicsolutions.com> Res wrote: > On Thu, 8 Jun 2006, Dhawal Doshy wrote: > >> Average mail delivery time is 10-15 seconds to the delivery servers. >> And i haven't done any advanced tuning (save using TMPFS) on these >> servers. Of course it helps to have Dual Processors and 3 GB RAM with >> SCSI Disks (Dell PE1850). >> > > > Yes but you still have not said what your SA tunnings are None, zilch.. we do not tune SA at all (i compile rpms from the stock tar.gz distro).. moreover we add tonnes of SARE rules to it. If using a dedicated server for MySQL based Bayes is tuning, then yes we do tuning. From that POV, we use djbdns' dnscache for the local caching-nameserver, which helps Net::DNS tremendously. Also thanks to the prolocation chaps, we rsync SURBL for local use.. I have added wiki entries for both of them quite some time back. http://wiki.mailscanner.info/doku.php?id=&idx=documentation:related_software:caching_nameserver http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:bayes:sql > I wasnt being a smart ass i was being genuine, but no problems I take it > the way you meant it and you shall be ignored :) I wasn't being one either.. apologies if i did sound like one. - dhawal > If anyone on this list processing the levels we do and actually is bored > enough to say how they tuned SA i'd be interested in reading From Denis.Beauchemin at USherbrooke.ca Thu Jun 8 13:27:39 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jun 8 13:28:14 2006 Subject: lock type In-Reply-To: <005201c68ae7$022e6030$3701a8c0@lapxp> References: <005201c68ae7$022e6030$3701a8c0@lapxp> Message-ID: <448817BB.6090906@USherbrooke.ca> Arthur Sherman a ?crit : >> But that's incorrect, isn't it? Could you check the reasoning below? >> >> o Given: This system is FC5 with sendmail 8.13.6. (MS 4.54.6). >> >> o MailScanner.conf has: >> MTA = sendmail >> Lock Type = >> >> o Therefore, according to the comments, this should result >> in "posix". >> >> o "posix" is, indeed, the desired and expected outcome for >> this system >> (isn't it?). >> >> o BUT "maillog" is reporting >> ... MailScanner[26259]: Using locktype = flock >> >> >> The comments say I should end up with "posix". Maillog says >> I'm getting >> "flock". So something somewhere (possibly including my >> understanding!) is >> incorrect. >> > > As far as I remember, in older versions this was flock... > It could be a mistype in conf - however, flock rulez. > > > I don't know if leaving it blank should do the right thing, but I have it set to posix on my RHEL4 servers and it works just fine. Posix is the right setup for sendmail 8.13. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060608/f4880d62/smime.bin From maillists at conactive.com Thu Jun 8 13:31:18 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jun 8 13:31:34 2006 Subject: virus checker failed with real error In-Reply-To: <44872D3D.3020005@ecs.soton.ac.uk> References: <4486D76E.109@students.iiit.ac.in> <4487060B.3090402@ecs.soton.ac.uk> <44872D3D.3020005@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Wed, 07 Jun 2006 20:47:09 +0100: > Yes, it is. Maybe remove the "commercial" then? It'd be confusing me if I saw it in my logs. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From sailer at bnl.gov Thu Jun 8 14:01:15 2006 From: sailer at bnl.gov (Tim Sailer) Date: Thu Jun 8 14:01:47 2006 Subject: Vispan exim support In-Reply-To: <00a701c68ad1$8a6b17b0$3004010a@martinhlaptop> References: <20060607201922.GN4716@bnl.gov> <00a701c68ad1$8a6b17b0$3004010a@martinhlaptop> Message-ID: <20060608130115.GA7427@bnl.gov> On Thu, Jun 08, 2006 at 09:00:00AM +0100, Martin Hepworth wrote: > Tim > > I'll double Michele's "oooooo nice.." > > Couple of things I note- according to the config page youre still running SA > 3.0.3. There's a nasty DOS vulnerability in that, may I suggest you upgrade > to 3.0.6 (if not 3.1.3). > > Also as you're quite being in MS versions as well you may find 4.54 is quite > a lot faster than your 4.41 version. I'm running this all with Debian packages (except for Vispan). I believe the 3.0.3 deb is backported (I could be wrong). As far as speed, the current setup is working fine (this ISP is my 'other' job, the one that takes up the rest of my time). No complaints from users, and they *do* complain! :) Tim -- Tim Sailer Information and Special Technologies Program Northeast Regional Counterintelligence Office Brookhaven National Laboratory (631) 344-3001 From arturs at netvision.net.il Thu Jun 8 16:15:45 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Thu Jun 8 15:17:23 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <223f97700606080234y4843664am633622be35a83100@mail.gmail.com> Message-ID: <007b01c68b0e$6a767930$3701a8c0@lapxp> > Yep, this is because the old faq-o-matic is gone... Probably went out > the window when Jules updated to the new website. > Unfortunately not all the relavant info has been moved to the wiki > (much because it wasn't that easy to corroborate (to check if some > details are correct, some because it contains a few gems and some crud > that simply don't apply anymore... etc). Even more unfortunate is that > we still have (especially in the MAQ) quite a few references to it. > For some we already have equivalent docs in the wiki though (like DCC: > http://wiki.mailscanner.info/doku.php?id=&idx=documentation:an > ti_spam:spamassassin:plugins:dcc), > so it moght be just a need for a minor overhaul for these. > > Jules, Ugo ... we need to adress this. > Will see what I can do. Thank you. Best, -- Arthur Sherman +972-52-4878851 CPTeam From Denis.Beauchemin at USherbrooke.ca Thu Jun 8 15:43:41 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jun 8 15:44:13 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <223f97700606080321j3b11a3caka0cb92ee9b2afcce@mail.gmail.com> References: <014501c68a12$171563c0$3004010a@martinhlaptop> <01c601c68ac0$ab4c5c20$23c051cb@noc> <223f97700606080321j3b11a3caka0cb92ee9b2afcce@mail.gmail.com> Message-ID: <4488379D.9090107@USherbrooke.ca> Glenn Steen a ?crit : > On 08/06/06, Muhammad Nauman wrote: >> my systems TOP states : >> >> top - 10:49:49 up 15:30, 4 users, load average: 1.97, 2.28, 2.89 >> Tasks: 163 total, 3 running, 159 sleeping, 0 stopped, 1 zombie >> Cpu(s): 12.4% us, 5.2% sy, 0.0% ni, 73.9% id, 8.2% wa, 0.0% hi, >> 0.3% si >> Mem: 2074908k total, 1978684k used, 96224k free, 142460k buffers >> Swap: 2096472k total, 176k used, 2096296k free, 1159100k cached >> >> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND >> 21894 root 16 0 59844 54m 3444 R 6.5 2.7 0:00.20 MailScanner >> 16415 root 15 0 60348 54m 3428 S 0.7 2.7 2:34.72 MailScanner >> 15394 root 16 0 57872 52m 3428 S 0.3 2.6 2:27.27 MailScanner >> >> Its almost utilizing the complete MEM and there are some MailScanners >> process which are even 2:34 min LONG . > > Very relative term there ... "almost"...:-). > You have approximately 250 MiB available and practiacally no swap > activity... Looks pretty well-balanced to me. Load seems reasonable, > especially if you run sendmail. > The TIME there.... How long ahd the process that took 2:34 been > running? Assuming close to 4 hours on a fairly busy server, then using > the CPU for well under 3 minutes total isn't much to write home > about:-). What I'm saying is that performance measurements without a > context and with no "baseline" to compare to, is pretty useless;). > I agree with you. I don't see anything wrong with this top excerpt. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060608/1b65dcc9/smime.bin From craig at csfs.co.za Thu Jun 8 17:14:33 2006 From: craig at csfs.co.za (Craig Retief) Date: Thu Jun 8 17:14:28 2006 Subject: OT: To Hyperthread or NOT to Hyperthread Message-ID: HI All, A question maybe 4 the gurus. When running a Linux server with MailScanner, SpamAssassin, Sendmail, "the milters", razor, pyzor, dcc, bdc, clamav, etc, etc, etc. Would it be better to have the servers hyperthreading enabled or disabled? I have read articles where the general recommended consensus is that it should be disabled. Has anyone actually experienced this scenario or have some comments relating? Thanks Craig -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060608/a42c2044/attachment.html From martinh at solid-state-logic.com Thu Jun 8 17:33:51 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jun 8 17:34:03 2006 Subject: To Hyperthread or NOT to Hyperthread In-Reply-To: Message-ID: <01ee01c68b19$53528cc0$3004010a@martinhlaptop> I use my system with HT on... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Craig Retief > Sent: 08 June 2006 17:15 > To: 'MailScanner discussion' > Subject: OT: To Hyperthread or NOT to Hyperthread > > HI All, > > > > A question maybe 4 the gurus. > > > > When running a Linux server with MailScanner, SpamAssassin, Sendmail, "the > milters", razor, pyzor, dcc, bdc, clamav, etc, etc, etc. Would it be > better to have the servers hyperthreading enabled or disabled? > > > > I have read articles where the general recommended consensus is that it > should be disabled. Has anyone actually experienced this scenario or have > some comments relating? > > > > Thanks > > > > Craig ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From dhawal at netmagicsolutions.com Thu Jun 8 17:35:15 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Jun 8 17:35:27 2006 Subject: OT: To Hyperthread or NOT to Hyperthread In-Reply-To: References: Message-ID: <448851C3.1070709@netmagicsolutions.com> Craig Retief wrote: > HI All, > > A question maybe 4 the gurus? > > When running a Linux server with MailScanner, SpamAssassin, Sendmail, > ?the milters?, razor, pyzor, dcc, bdc, clamav, etc, etc, etc. Would it > be better to have the servers hyperthreading enabled or disabled? > > I have read articles where the general recommended consensus is that it > should be disabled. Has anyone actually experienced this scenario or > have some comments relating? *Disclaimer*: i am NOT (and probably never will be) a linux guru. Hyperthreading is somewhat useful if your server utilization is less than 50%.. It works by appearing to your OS that you have 2 logical CPUs per physical CPU. It is also important that the applications on your server understand and take advantage of SMP. If your server is running at more than 50% utilization.. hyperthreading is going to be bad for you.. if you are not sure, turn it off. Once you understand how hyperthreading works.. it all makes sense. Also at the end of the day understand that there is no such thing as a free lunch. The CPU manufacturers are using this as a marketing gimmick with hardly any real world increase in performance. No one is giving you 2 CPUs for the price of one ;-). With a similar setup as yours, i use hyperthreading since my CPU usage is never more than 50% (mostly RAM and I/O) with BDC being the app using 35% of it. I am taking my chances though and intend on turning it off someday.. if only i could get out of my basement.. - dhawal From MailScanner at ecs.soton.ac.uk Thu Jun 8 18:33:20 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 8 18:33:37 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <00b201c68ad5$2b948a60$3004010a@martinhlaptop> References: <00b201c68ad5$2b948a60$3004010a@martinhlaptop> Message-ID: <44885F60.1090706@ecs.soton.ac.uk> Martin Hepworth wrote: > Wow 43 Million messages a day.. I think the most any has had is about 2 > million messages out of a single machine (dunno if anyone has done any laod > tests with the recent faster code). > I am waiting for a couple of possibilities of sourcing a faster machine than my current best (dual Opteron). I'll let you know speed and capacity benchmarks if either of them ever produce anything. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu Jun 8 18:40:26 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 8 18:40:35 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <003e01c68ada$f71cc800$3701a8c0@lapxp> References: <003e01c68ada$f71cc800$3701a8c0@lapxp> Message-ID: <4488610A.8030802@ecs.soton.ac.uk> Arthur Sherman wrote: >> Have you read the documentation on tuning? >> >> http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips >> > > Most links to instructions are broken... > Please can you re-test these pages. Hopefully they all work now. Please let me know of any that are still broken. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From arturs at netvision.net.il Thu Jun 8 19:49:24 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Thu Jun 8 18:51:04 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <4488610A.8030802@ecs.soton.ac.uk> Message-ID: <00ae01c68b2c$4303c420$3701a8c0@lapxp> > >> Have you read the documentation on tuning? > >> > >> > http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips > >> > > > > Most links to instructions are broken... > > > Please can you re-test these pages. Hopefully they all work > now. Please > let me know of any that are still broken. > > -- > Julian Field Yep. They work now. Thumbs up! Best, -- Arthur Sherman +972-52-4878851 CPTeam From ssilva at sgvwater.com Thu Jun 8 19:29:38 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 8 19:30:14 2006 Subject: lock type In-Reply-To: <005201c68ae7$022e6030$3701a8c0@lapxp> References: <005201c68ae7$022e6030$3701a8c0@lapxp> Message-ID: Arthur Sherman spake the following on 6/8/2006 3:33 AM: >> But that's incorrect, isn't it? Could you check the reasoning below? >> >> o Given: This system is FC5 with sendmail 8.13.6. (MS 4.54.6). >> >> o MailScanner.conf has: >> MTA = sendmail >> Lock Type = >> >> o Therefore, according to the comments, this should result >> in "posix". >> >> o "posix" is, indeed, the desired and expected outcome for >> this system >> (isn't it?). >> >> o BUT "maillog" is reporting >> ... MailScanner[26259]: Using locktype = flock >> >> >> The comments say I should end up with "posix". Maillog says >> I'm getting >> "flock". So something somewhere (possibly including my >> understanding!) is >> incorrect. > > As far as I remember, in older versions this was flock... > It could be a mistype in conf - however, flock rulez. It doesn't "rule" on v 8.13 sendmail! It definitely "drools"! You will get inconsistent or missing queue files, and maybe even the same message trying to be delivered over and over, and sendmail will barf allover itself. In this case posix is the choice. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From glenn.steen at gmail.com Thu Jun 8 19:31:59 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jun 8 19:32:03 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <4488610A.8030802@ecs.soton.ac.uk> References: <003e01c68ada$f71cc800$3701a8c0@lapxp> <4488610A.8030802@ecs.soton.ac.uk> Message-ID: <223f97700606081131h5ef91acbv4d284c8b36e021c2@mail.gmail.com> On 08/06/06, Julian Field wrote: > > > Arthur Sherman wrote: > >> Have you read the documentation on tuning? > >> > >> http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips > >> > > > > Most links to instructions are broken... > > > Please can you re-test these pages. Hopefully they all work now. Please > let me know of any that are still broken. > Ah, it has risen from the dead:-). Still, perhaps we should aim at some creative cut'n'pasting, just to get it all into the wiki... Just so much of it ...:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ugob at camo-route.com Thu Jun 8 19:39:42 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Thu Jun 8 19:40:24 2006 Subject: OS problem Centosx64 on BL25P In-Reply-To: References: Message-ID: kte@nexis.be wrote: > > > Jun 2 03:18:40 testserver Losing some ticks... checking if CPU frequency > changed. > Jun 2 03:18:40 testserver warning: many lost ticks. > Jun 2 03:18:40 testserver Your time source seems to be instable or some > driver is hogging interupts > > I have an HP BL25P server with 4 GB ram a dual core AMD processor an > CentOS4.3 64 bit installed and I get alot of these messages. > I have installed the the PSP 7.51. Anyone any ideas? You probably have to change your time source (argument to kernel load) > > Thanks Koen > From arturs at netvision.net.il Thu Jun 8 20:55:56 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Thu Jun 8 19:57:36 2006 Subject: lock type In-Reply-To: Message-ID: <00d001c68b35$8ed04820$3701a8c0@lapxp> > It doesn't "rule" on v 8.13 sendmail! > It definitely "drools"! You will get inconsistent or missing > queue files, and > maybe even the same message trying to be delivered over and > over, and sendmail > will barf allover itself. In this case posix is the choice. All right, learned something new, thanks. I've already tested it - meanwhile it is OK. Best, -- Arthur Sherman +972-52-4878851 CPTeam From naolson at gmail.com Thu Jun 8 20:04:12 2006 From: naolson at gmail.com (Nathan Olson) Date: Thu Jun 8 20:04:14 2006 Subject: lock type In-Reply-To: <00d001c68b35$8ed04820$3701a8c0@lapxp> References: <00d001c68b35$8ed04820$3701a8c0@lapxp> Message-ID: <8f54b4330606081204t2ed5f4a9y7c34c17d93954d1b@mail.gmail.com> I could be wrong, but many of you seem to be missing his point. He's saying that the comment states the correct type will be determined automatically if it is left blank. This is not the case. Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060608/7be5f2f3/attachment.html From naolson at gmail.com Thu Jun 8 20:19:13 2006 From: naolson at gmail.com (Nathan Olson) Date: Thu Jun 8 20:19:14 2006 Subject: lock type In-Reply-To: <8f54b4330606081204t2ed5f4a9y7c34c17d93954d1b@mail.gmail.com> References: <00d001c68b35$8ed04820$3701a8c0@lapxp> <8f54b4330606081204t2ed5f4a9y7c34c17d93954d1b@mail.gmail.com> Message-ID: <8f54b4330606081219o6b794645y3817d890c984956@mail.gmail.com> Disregard my last email. Lord knows where I hit my head this morning. Nate From KGoods at AIAInsurance.com Thu Jun 8 20:26:19 2006 From: KGoods at AIAInsurance.com (Ken Goods) Date: Thu Jun 8 20:31:42 2006 Subject: lock type Message-ID: <13C0059880FDD3118DC600508B6D4A6D013D89FE@aiainsurance.com> Nathan Olson wrote: > Disregard my last email. Lord knows where I hit my head this morning. > > Nate No Nate... I think you hit the nail on the head. This is exactly what happened when I built a new box with sendmail 8.13.x on it a couple months ago. I left it blank as it said in the comments but it was getting set to flock automagically and I was having problems. I set it to posix emplicitly and all is well. I just didn't think it was serious enough to mention to Julian since it was an easy and intuitive fix. I think the OP was seeing the same thing I did and wanted clarification. Kind regards, Ken Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. From TGFurnish at herffjones.com Thu Jun 8 21:28:37 2006 From: TGFurnish at herffjones.com (Furnish, Trever G) Date: Thu Jun 8 21:30:04 2006 Subject: Handling spam in DSNs from other sites? Message-ID: <57573D714A832C43B9D80EAFBDA48D0351B5C5@inex3.herffjones.hj-int> Thanks, Steve. :) > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Steve Freegard > Sent: Wednesday, June 07, 2006 3:34 AM > To: MailScanner discussion > Subject: Re: Handling spam in DSNs from other sites? > > Hi Trever, > > Furnish, Trever G wrote: > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > >> Glenn Steen > >> Sent: Tuesday, June 06, 2006 6:02 PM > >> To: MailScanner discussion > >> Subject: Re: Handling spam in DSNs from other sites? > >> > >> On 06/06/06, Furnish, Trever G wrote: > >>> I have a feeling I'm missing an obvious answer, but what > >> does everyone > >>> suggest for handling DSNs from other sites (not mine) > that include > >>> spam in the message? > > > >> Glenn Steen wrote: > >> I'm sure others have other views, but ... why treat them any > >> different than any other mail? scan them, tag them, drop > them....:-). > >> If they are legitimate, they will pass MS/SA/AVs anyway. > >> -- > >> -- Glenn > >> email: glenn < dot > steen < at > gmail < dot > com > >> work: glenn < dot > steen < at > ap1 < dot > se > > > > Thanks. However, in many cases these are actually getting through. > > Since the ip address of the sending server isn't the > spammer and isn't > > in the RBLs those checks aren't as helpful as they would've > been for > > the original message. > > > > I tend to think these aren't being sent by a spammer who's > identified > > a particular server with the specific intention of using > the DSN for > > delivery, but rather just by a worm that's using my domain > addresses > > as the faked sender address. If a specific server had been > targeted, > > it'd probably end up in a DNSBL. SPF would help with the original > > message, but of course it does nothing to help with the bounce. > > I've been experimenting with some stuff to address this. The > problem being that the DSN is being sent to you for a message > that never originated at your site. > > After some investigation I found out that someone else had > come up with a clever solution to this: using SRS (part of > SPF) to re-write all the envelopes of messages sent from out > from your domains (and re-writing all inbound returns) with > SRS (which contains a hashed-secret which would be impossible > for the spammer to guess). Then you use a milter that > rejects any DSNs that are not SRS signed or that are SRS > signed and do not have a valid signature. > > Here's my results so far - this shows all MTA level > rejections on my test box: > > date | greet_p | rbl | relay | uribl | 8bit | dsn_no_srs > ------------+---------+-------+-------+-------+------+------------ > 2006-06-07 | 135 | 2168 | 263 | 467 | 101 | 82 > 2006-06-06 | 1389 | 25462 | 1061 | 4456 | 2214 | 1001 > 2006-06-05 | 1728 | 23948 | 93 | 5111 | 1591 | 1129 > > There are several down-sides, SRS is 'frowned' upon by some > as it has the potential to break the RFCs that state that the > local-part field size should be 64 bytes although it does > state that an implementation can pick a larger value (also > VERP has been doing this for years without issue). The other > down-side is that to implement this I had to re-compile > Sendmail with -DSOCKETMAP and hack the .cf file as the > provided m4 HACK provided didn't work for me (it put the > changes in the wrong place). I've also never tried this on a > production system. > > See http://srs-socketmap.info/sendmailsrs.htm for the gory details... > > Exim users have it slightly better than the Sendmail crowd - > see http://srs.mirtol.com/exim.php for details. > > Before anyone asks -- I couldn't find an implementation for Postfix. > > Cheers, > Steve. Very neat idea. In my case though, besides the mild scariness of SRS :), I would also have to start handling outbound mail (since I currently only handle the inbound portion of our mail), and I'd have to figure out some way to handle users who I've created SPF "exceptions" for, since those users don't currently go out through our relays. That means I'd need another server to handle the increase load from outbound messages and would need to work with remote users to have them use our relays. In my particular case, these are probably showstoppers for this approach (at least for the time being). I'm in the midst of deploying a new mailscanner (and mailwatch, of course ;) ) system, so I've got some work to do before I can even start on this problem in earnest, but maybe when I start looking more closely at the number of messages like this getting through I'll find out that just adding a bit to the spamassassin score of bounces will suit my sites, even if that's not a good generic solution. -- Trever From maillists at conactive.com Thu Jun 8 21:31:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jun 8 21:31:35 2006 Subject: lock type In-Reply-To: <8f54b4330606081219o6b794645y3817d890c984956@mail.gmail.com> References: <00d001c68b35$8ed04820$3701a8c0@lapxp> <8f54b4330606081204t2ed5f4a9y7c34c17d93954d1b@mail.gmail.com> <8f54b4330606081219o6b794645y3817d890c984956@mail.gmail.com> Message-ID: Nathan Olson wrote on Thu, 8 Jun 2006 14:19:13 -0500: > Disregard my last email. Lord knows where I hit my head this morning. Hm, I thought you were quite right. It seems he got the wrong locktype if he's using sendmail > 12. Do I need to hit something now? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From ugob at camo-route.com Thu Jun 8 22:07:30 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Thu Jun 8 22:07:52 2006 Subject: Unofficial clamav phishing sigs Message-ID: Hi, Anyone tried these ones? http://www.sanesecurity.com/clamav/ Any false positives? I asked the clamav staff about their opinion and they said that they cannot give an opinion since they don't use it. Regards, Ugo Bellavance From richard.siddall at elirion.net Thu Jun 8 22:16:55 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Thu Jun 8 22:17:24 2006 Subject: Unofficial clamav phishing sigs In-Reply-To: References: Message-ID: <448893C7.7010901@elirion.net> Ugo Bellavance wrote: > Anyone tried these ones? > http://www.sanesecurity.com/clamav/ > > Any false positives? > > I asked the clamav staff about their opinion and they said that they > cannot give an opinion since they don't use it. > Yes. Been using them for a couple of months. We're using download scripts based on the ones Phil Randal posted to this list (most recently on 5/31). We've had one known false positive. I mailed the sendmail queue files to Steve Basford and he fixed it within 24 hours. I have noticed recently that some, or all, of the e-mails flagged by the Sane Security signatures are disinfected. Since MS quarantines them, I'd much rather have them deleted and recovered from the quarantine if necessary. Regards, Richard Siddall From ugob at camo-route.com Thu Jun 8 22:19:48 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Thu Jun 8 22:20:26 2006 Subject: Unofficial clamav phishing sigs In-Reply-To: <448893C7.7010901@elirion.net> References: <448893C7.7010901@elirion.net> Message-ID: Richard Siddall wrote: > Ugo Bellavance wrote: >> Anyone tried these ones? >> http://www.sanesecurity.com/clamav/ >> >> Any false positives? >> >> I asked the clamav staff about their opinion and they said that they >> cannot give an opinion since they don't use it. >> > > Yes. Been using them for a couple of months. We're using download > scripts based on the ones Phil Randal posted to this list (most recently > on 5/31). > > We've had one known false positive. I mailed the sendmail queue files > to Steve Basford and he fixed it within 24 hours. > > I have noticed recently that some, or all, of the e-mails flagged by the > Sane Security signatures are disinfected. Since MS quarantines them, > I'd much rather have them deleted and recovered from the quarantine if > necessary. What do you mean by disinfected? > > Regards, > > Richard Siddall > From richard.siddall at elirion.net Thu Jun 8 22:30:55 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Thu Jun 8 22:31:22 2006 Subject: Unofficial clamav phishing sigs In-Reply-To: References: <448893C7.7010901@elirion.net> Message-ID: <4488970F.5050109@elirion.net> Ugo Bellavance wrote: > > What do you mean by disinfected? > I mean the recipient of the phishing e-mail gets an e-mail with the infected portion removed. Subject: Disinfected: Clalis Sale Oonline! X-Mailer: MailScanner X-Elirion-Mailscanner: Disinfected And the body is usually: 1 1 1 1 1 1 1 1 1 1 1 1 I haven't found time to debug this yet. Regards, Richard Siddall From ssilva at sgvwater.com Thu Jun 8 22:53:15 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 8 22:53:36 2006 Subject: Unofficial clamav phishing sigs In-Reply-To: <4488970F.5050109@elirion.net> References: <448893C7.7010901@elirion.net> <4488970F.5050109@elirion.net> Message-ID: Richard Siddall spake the following on 6/8/2006 2:30 PM: > Ugo Bellavance wrote: >> What do you mean by disinfected? >> > > I mean the recipient of the phishing e-mail gets an e-mail with the > infected portion removed. > > Subject: Disinfected: Clalis Sale Oonline! > X-Mailer: MailScanner > X-Elirion-Mailscanner: Disinfected > > And the body is usually: > > 1 > 1 > 1 > 1 > 1 > 1 > 1 > 1 > 1 > 1 > 1 > 1 > > I haven't found time to debug this yet. > > Regards, > > Richard Siddall > Comes from the setting in mailscanner.conf: # Do you want to deliver messages once they have been cleaned of any # viruses? # By making this a ruleset, you can re-create the "Deliver From Local" # facility of previous versions. Deliver Cleaned Messages = yes -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From maillists at conactive.com Thu Jun 8 23:31:18 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jun 8 23:31:21 2006 Subject: Unofficial clamav phishing sigs In-Reply-To: References: <448893C7.7010901@elirion.net> Message-ID: Ugo Bellavance wrote on Thu, 08 Jun 2006 14:19:48 -0700: > disinfected? disarmed? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From kte at nexis.be Thu Jun 8 23:53:23 2006 From: kte at nexis.be (kte@nexis.be) Date: Thu Jun 8 23:56:16 2006 Subject: OS problem Centosx64 on BL25P In-Reply-To: Message-ID: I have an ntp time server configured, so I don't tink it is a time problem but a CPU frequency change probelm tha is bad interpreted by the linux kernel. But I don't find any solutions. I would like to know if mailscanner will be running stable ont this? Ugo Bellavance Sent by: mailscanner-bounces@lists.mailscanner.info 08/06/2006 20:39 Please respond to MailScanner discussion To mailscanner@lists.mailscanner.info cc Subject Re: OS problem Centosx64 on BL25P kte@nexis.be wrote: > > > Jun 2 03:18:40 testserver Losing some ticks... checking if CPU frequency > changed. > Jun 2 03:18:40 testserver warning: many lost ticks. > Jun 2 03:18:40 testserver Your time source seems to be instable or some > driver is hogging interupts > > I have an HP BL25P server with 4 GB ram a dual core AMD processor an > CentOS4.3 64 bit installed and I get alot of these messages. > I have installed the the PSP 7.51. Anyone any ideas? You probably have to change your time source (argument to kernel load) > > Thanks Koen > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060609/247d5936/attachment-0001.html From ka at pacific.net Thu Jun 8 23:56:50 2006 From: ka at pacific.net (Ken A) Date: Thu Jun 8 23:56:43 2006 Subject: Unofficial clamav phishing sigs In-Reply-To: References: <448893C7.7010901@elirion.net> Message-ID: <4488AB32.80907@pacific.net> Kai Schaetzl wrote: > Ugo Bellavance wrote on Thu, 08 Jun 2006 14:19:48 -0700: > >> disinfected? > > disarmed? Removing the phishing hook? Ken > > Kai > From ugob at camo-route.com Fri Jun 9 00:22:04 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Fri Jun 9 00:22:45 2006 Subject: OS problem Centosx64 on BL25P In-Reply-To: References: Message-ID: kte@nexis.be wrote: > > I have an ntp time server configured, so I don't tink it is a time > problem but a CPU frequency change probelm tha is bad interpreted by the > linux kernel. But I don't find any solutions. I would like to know if > mailscanner will be running stable ont this? Have you tried booting with apic=off as a boot parameter? PS: please avoid top-posting and HTML in your messages. Regards, Ugo From febrianto at sioenasia.com Fri Jun 9 03:34:38 2006 From: febrianto at sioenasia.com (Budi Febrianto) Date: Fri Jun 9 03:27:41 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <00f601c68ae8$456572c0$3004010a@martinhlaptop> Message-ID: Thanks Martin. My fault: I set dns_available no in spam.assassin.pref.conf file. After I changed it into dns_available test, I see the dns: checking entry in spamassassin --lint -D. Now SA check the RBL. But, even I only enable SBL_XBL in the spam.assassin.pref.conf file, it seem that SA still checking others RBL. score __RCVD_IN_SBL_XBL 4 #score RCVD_IN_BL_SPAMCOP_NET 4 # These next 3 will cost you money, see mailscanner.conf. #score RCVD_IN_RBL 10 #score RCVD_IN_RSS 1 #score RCVD_IN_DUL 1 Spam report taken from mailwatch. 4.09 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist 3.01 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist 1.64 URIBL_SBL Contains an URL listed in the SBL blocklist Should I disable all the RBL by setting the score to 0? Best Regards mailscanner-bounces@lists.mailscanner.info wrote on 06/08/2006 05:42:42 PM: > Budi > > Should see lines like > > dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Budi Febrianto > > Sent: 08 June 2006 11:23 > > To: MailScanner discussion > > Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? > > > > Martin, > > > > Is there any specifi string that i have to look for? to find out if the > > rbl > > works in SA or not? > > > > mailscanner-bounces@lists.mailscanner.info wrote on 06/08/2006 03:59:20 > > PM: > > > > > Hi > > > > > > Do a a "spamassassin -D --lint" and see if the tests being called. > > > > > > It could be the DNS module or something isn't installed properly.. > > > > > > -- > > > Martin Hepworth > > > Snr Systems Administrator > > > Solid State Logic > > > Tel: +44 (0)1865 842300 > > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > > bounces@lists.mailscanner.info] On Behalf Of Budi Febrianto > > > > Sent: 08 June 2006 09:51 > > > > To: MailScanner discussion > > > > Subject: Re: Who does RBL checks - MailScanner or SpamAssassin? > > > > > > > > > > > > Dumb question: > > > > I changed the configuration in MailScanner.conf > > > > from > > > > Spam List = SBL+XBL # You can un-comment this to enable them > > > > > > > > To > > > > Spam List = # SBL+XBL # You can un-comment this to enable them > > > > > > > > And in spam.assassin.pref.conf > > > > from > > > > #score RCVD_IN_BL_SPAMCOP_NET 4 > > > > # These next 3 will cost you money, see mailscanner.conf. > > > > #score RCVD_IN_RBL 10 > > > > #score RCVD_IN_RSS 1 > > > > #score RCVD_IN_DUL 1 > > > > > > > > To > > > > score __RCVD_IN_SBL_XBL 4 > > > > #score RCVD_IN_BL_SPAMCOP_NET 4 > > > > # These next 3 will cost you money, see mailscanner.conf. > > > > #score RCVD_IN_RBL 10 > > > > #score RCVD_IN_RSS 1 > > > > #score RCVD_IN_DUL 1 > > > > > > > > Do the spamassassin --lint result OK. > > > > Then do MailScanner reload. > > > > Now, how do I know if the RBL works in SA? Because in the log (I use > > > > mailwatch), I don't see any tag in spam report. I can see the > > pyzor_check > > > > score. > > > > > > > > I use SA 3.1.0 and MailScanner 4.52.2 > > > > > > > > Thanks > > > > > > > > mailscanner-bounces@lists.mailscanner.info wrote on 06/07/2006 > > 10:57:25 > > > > > > > > > > > > ********************************************************************** > > > > > > This email and any files transmitted with it are confidential and > > > intended solely for the use of the individual or entity to whom they > > > are addressed. If you have received this email in error please notify > > > the system manager. > > > > > > This footnote confirms that this email message has been swept > > > for the presence of computer viruses and is believed to be clean. > > > > > > ********************************************************************** > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > > believed to be clean. > > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > From res at ausics.net Fri Jun 9 08:35:38 2006 From: res at ausics.net (Res) Date: Fri Jun 9 08:35:43 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <223f97700606080351o10700dcby205822218959b6b6@mail.gmail.com> References: <00b201c68ad5$2b948a60$3004010a@martinhlaptop> <223f97700606080351o10700dcby205822218959b6b6@mail.gmail.com> Message-ID: On Thu, 8 Jun 2006, Glenn Steen wrote: > Missread by Martin I beleive... He read "second" where you said > "minute" (60*60*24*500=43.2*10^6 ... I did the same thing... sat there > full of awe for a moment, considering you have several boxes doing > that:-). The 720k you do per day isn't bad, though perhaps not as Thats 'per machine x 2 machines'... several others do less, they do about 50-200 a minute, with a few more more dedicated boxes doing much less > I guess you have this very well covered, but... What is it that "kills > you" when running SA? The DNS overhead? SA itself, all the dns stuff is off as is a couple other things they suggested, SA was used for spam detection only, we lowered teh default MS check first.. from 30k to 10k to 5k, even at 5k it only made a minute improvement but was next to useless still, also allowing lots of spam to pass :) Laws in this country were changed recently to require network operators to do what they can and be "pro active" in stopping spam leaving their network, thats great, but only about 1% comes from our users, the rest is international where there appears no legislation to deter it. -- Cheers Res From MailScanner at ecs.soton.ac.uk Fri Jun 9 08:35:40 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 9 08:35:54 2006 Subject: "Lock Type" for sendmail Message-ID: <63C30FDC-C0A6-476F-BFF9-4BCE7EAD0F3A@ecs.soton.ac.uk> Please note that I made a slight mistake and the behaviour of the "Lock Type" setting does not match the comments above it in MailScanner.conf. For sendmail, instead of defaulting to "posix" as documented, it defaults to "flock". If you are using sendmail version 8.13 or greater, particularly if you are on Linux, then you will need to manually set this to Lock Type = posix and then restart MailScanner. Failure to set this correctly could result in delivery of more than 1 copy of each message in the queue. This error is corrected in the latest beta release. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From martinh at solid-state-logic.com Fri Jun 9 09:10:48 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Jun 9 09:10:56 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: Message-ID: <00bb01c68b9c$37571210$3004010a@martinhlaptop> Budi Ah you're confusing RBL checks with URIRBL checks. RBL checks where the message has come from (via the headers). URIRBL checks within the message body for known http: locations that hold spam info - eg all those drug adds that are just jpegs or gifs. IHMO the URIRBLs are extremely useful at blocking spam. I'd leave them on and watch the spam detection levels increase.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Budi Febrianto > Sent: 09 June 2006 03:35 > To: MailScanner discussion > Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? > > Thanks Martin. > > My fault: > I set dns_available no in spam.assassin.pref.conf file. > After I changed it into dns_available test, I see the dns: checking entry > in spamassassin --lint -D. > > Now SA check the RBL. > > But, even I only enable SBL_XBL in the spam.assassin.pref.conf file, it > seem that SA still checking others RBL. > > score __RCVD_IN_SBL_XBL 4 > #score RCVD_IN_BL_SPAMCOP_NET 4 > # These next 3 will cost you money, see mailscanner.conf. > #score RCVD_IN_RBL 10 > #score RCVD_IN_RSS 1 > #score RCVD_IN_DUL 1 > > Spam report taken from mailwatch. > 4.09 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist > 3.01 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist > 1.64 URIBL_SBL Contains an URL listed in the SBL blocklist > > Should I disable all the RBL by setting the score to 0? > > Best Regards > > > mailscanner-bounces@lists.mailscanner.info wrote on 06/08/2006 05:42:42 > PM: > > > Budi > > > > Should see lines like > > > > dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl > > > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Budi Febrianto > > > Sent: 08 June 2006 11:23 > > > To: MailScanner discussion > > > Subject: RE: Who does RBL checks - MailScanner or SpamAssassin? > > > > > > Martin, > > > > > > Is there any specifi string that i have to look for? to find out if > the > > > rbl > > > works in SA or not? > > > > > > mailscanner-bounces@lists.mailscanner.info wrote on 06/08/2006 > 03:59:20 > > > PM: > > > > > > > Hi > > > > > > > > Do a a "spamassassin -D --lint" and see if the tests being called. > > > > > > > > It could be the DNS module or something isn't installed properly.. > > > > > > > > -- > > > > Martin Hepworth > > > > Snr Systems Administrator > > > > Solid State Logic > > > > Tel: +44 (0)1865 842300 > > > > > > > > > -----Original Message----- > > > > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > > > > bounces@lists.mailscanner.info] On Behalf Of Budi Febrianto > > > > > Sent: 08 June 2006 09:51 > > > > > To: MailScanner discussion > > > > > Subject: Re: Who does RBL checks - MailScanner or SpamAssassin? > > > > > > > > > > > > > > > Dumb question: > > > > > I changed the configuration in MailScanner.conf > > > > > from > > > > > Spam List = SBL+XBL # You can un-comment this to enable them > > > > > > > > > > To > > > > > Spam List = # SBL+XBL # You can un-comment this to enable them > > > > > > > > > > And in spam.assassin.pref.conf > > > > > from > > > > > #score RCVD_IN_BL_SPAMCOP_NET 4 > > > > > # These next 3 will cost you money, see mailscanner.conf. > > > > > #score RCVD_IN_RBL 10 > > > > > #score RCVD_IN_RSS 1 > > > > > #score RCVD_IN_DUL 1 > > > > > > > > > > To > > > > > score __RCVD_IN_SBL_XBL 4 > > > > > #score RCVD_IN_BL_SPAMCOP_NET 4 > > > > > # These next 3 will cost you money, see mailscanner.conf. > > > > > #score RCVD_IN_RBL 10 > > > > > #score RCVD_IN_RSS 1 > > > > > #score RCVD_IN_DUL 1 > > > > > > > > > > Do the spamassassin --lint result OK. > > > > > Then do MailScanner reload. > > > > > Now, how do I know if the RBL works in SA? Because in the log (I > use > > > > > mailwatch), I don't see any tag in spam report. I can see the > > > pyzor_check > > > > > score. > > > > > > > > > > I use SA 3.1.0 and MailScanner 4.52.2 > > > > > > > > > > Thanks > > > > > > > > > > mailscanner-bounces@lists.mailscanner.info wrote on 06/07/2006 > > > 10:57:25 > > > > > > > > > > > > > > > > > ********************************************************************** > > > > > > > > This email and any files transmitted with it are confidential and > > > > intended solely for the use of the individual or entity to whom they > > > > are addressed. If you have received this email in error please > notify > > > > the system manager. > > > > > > > > This footnote confirms that this email message has been swept > > > > for the presence of computer viruses and is believed to be clean. > > > > > > > > > ********************************************************************** > > > > > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > -- > > > > This message has been scanned for viruses and > > > > dangerous content by MailScanner, and is > > > > believed to be clean. > > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From t.d.lee at durham.ac.uk Fri Jun 9 09:36:59 2006 From: t.d.lee at durham.ac.uk (David Lee) Date: Fri Jun 9 09:38:04 2006 Subject: lock type In-Reply-To: <8f54b4330606081204t2ed5f4a9y7c34c17d93954d1b@mail.gmail.com> References: <00d001c68b35$8ed04820$3701a8c0@lapxp> <8f54b4330606081204t2ed5f4a9y7c34c17d93954d1b@mail.gmail.com> Message-ID: On Thu, 8 Jun 2006, Nathan Olson wrote: > I could be wrong, but many of you seem to be missing his point. He's > saying that the comment states the correct type will be determined > automatically if it is left blank. This is not the case. Exactly! The value is blank; the comment indicates that blank should result in "posix"; but the actual behaviour is "flock". Documentation and action are inconsistent. It is this inconsistency which is the primary issue that I am raising, for the benefit of other MS installers. It needs Julian to confirm that this mismatch (comment vs. action) of the default (blank) setting is real (not just my mis-reading), then to decide on the best way to resolve it. (For what it's worth, I supsect that the comment represents what is really intended and that therefore the action is a code bug.) (In my own particular case I am explicitly setting "posix" for the moment.) -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : Durham University : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From gmatt at nerc.ac.uk Fri Jun 9 09:57:35 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Fri Jun 9 09:57:43 2006 Subject: lock type In-Reply-To: References: <00d001c68b35$8ed04820$3701a8c0@lapxp> <8f54b4330606081204t2ed5f4a9y7c34c17d93954d1b@mail.gmail.com> Message-ID: <448937FF.5010200@nerc.ac.uk> David Lee wrote: > On Thu, 8 Jun 2006, Nathan Olson wrote: > > >>I could be wrong, but many of you seem to be missing his point. He's >>saying that the comment states the correct type will be determined >>automatically if it is left blank. This is not the case. > > > Exactly! The value is blank; the comment indicates that blank should > result in "posix"; but the actual behaviour is "flock". Documentation and > action are inconsistent. It is this inconsistency which is the primary > issue that I am raising, for the benefit of other MS installers. > > It needs Julian to confirm that this mismatch (comment vs. action) of the > default (blank) setting is real (not just my mis-reading), then to decide > on the best way to resolve it. (For what it's worth, I supsect that the > comment represents what is really intended and that therefore the action > is a code bug.) > > (In my own particular case I am explicitly setting "posix" for the moment.) > I can confirm the behaviour described by David. I have seen similar on CentOS4. I manually set the lock type to posix in MailScanner.conf That said, I see a small percentage of "orphaned" df files in the incoming queue. These appear to have been dealt with my MailScanner but not properly cleaned up. Every few months I run a script to clean these orphans out. CentOS v4.3 sendmail 8.13.1 (stock rpm with backport patches) MailScanner v4.50.15 GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From glenn.steen at gmail.com Fri Jun 9 10:57:26 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 9 10:57:30 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: <00b201c68ad5$2b948a60$3004010a@martinhlaptop> <223f97700606080351o10700dcby205822218959b6b6@mail.gmail.com> Message-ID: <223f97700606090257y335963e2of07157ae0084a055@mail.gmail.com> On 09/06/06, Res wrote: > On Thu, 8 Jun 2006, Glenn Steen wrote: > > > Missread by Martin I beleive... He read "second" where you said > > "minute" (60*60*24*500=43.2*10^6 ... I did the same thing... sat there > > full of awe for a moment, considering you have several boxes doing > > that:-). The 720k you do per day isn't bad, though perhaps not as > > Thats 'per machine x 2 machines'... several others do less, they do > about 50-200 a minute, with a few more more dedicated boxes doing much > less Ok, so you do perhaps 2 million/day, give or take a couple of hundred k... ... Ok, that is a bit awe-inspiring:-). > > I guess you have this very well covered, but... What is it that "kills > > you" when running SA? The DNS overhead? > > SA itself, all the dns stuff is off as is a couple other things they > suggested, SA was used for spam detection only, we lowered teh default MS > check first.. from 30k to 10k to 5k, even at 5k it only made a minute > improvement but was next to useless still, also allowing lots of spam to > pass :) How very depressing. Was it CPU-bound or IO-bound (yeah yeah, IO is CPU-bound, I know:-), mostly? And using the usual tmpfs thing for anything that needs really fast IO (I guess I haven't done the math on that one... Could ramp up to a very hefty amount of RAM, with that throughput:-)? > Laws in this country were changed recently to require netbadwork operators to > do what they can and be "pro active" in stopping spam leaving their > network, thats great, but only about 1% comes from our users, the rest is > international where there appears no legislation to deter it. > Yeah, it's always "somewhere else"... and all that is needed is a few lax admins, and next to no control... Sigh. Legislation will just solve so much (just lad ook at the mess our Swedish parliament made of "anti-piracy":-)... Still, bad rules are probably better than no rules:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Denis.Beauchemin at USherbrooke.ca Fri Jun 9 13:31:30 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Jun 9 13:31:51 2006 Subject: Unofficial clamav phishing sigs In-Reply-To: References: Message-ID: <44896A22.5000606@USherbrooke.ca> Ugo Bellavance a ?crit : > Hi, > > Anyone tried these ones? > > http://www.sanesecurity.com/clamav/ > > Any false positives? > > I asked the clamav staff about their opinion and they said that they > cannot give an opinion since they don't use it. > > Regards, > > Ugo Bellavance > > I've been using them for 2-3 weeks. They trap a lot of phishing attempts but I had 1 false positive about eBay. Overall this is a really good addition to ClamAV. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060609/3307fee3/smime.bin From prakash.kannan at in.ness.com Fri Jun 9 12:58:09 2006 From: prakash.kannan at in.ness.com (Prakash) Date: Fri Jun 9 13:36:29 2006 Subject: sendmail In-Reply-To: <44870551.1030208@ecs.soton.ac.uk> Message-ID: Thanks for your advice -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Wednesday, June 07, 2006 10:27 PM To: MailScanner discussion Subject: Re: sendmail Please do at least a simple Google search before posting questions here, we expect you to do some homework first. Start at www.sendmail.org and the O'Reilly sendmail book. shuttlebox wrote: > On 6/7/06, *Prakash* > wrote: > > Can some one please send me the installation and configuration > guide for sendmail for Solaris? > > Some pdfs/books on sendmail. > > > This guy has a lot of good stuff on his site. > > http://www.brandonhutchinson.com > > This link might be what you're looking for: > > http://www.brandonhutchinson.com/Configuring_the_Solaris-supplied_version_of _Sendmail.html > > -- > /peter -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Disclaimer This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom it is addressed. If you have received this communication in error, please immediately notify the MailAdmin@in.ness.com and destroy the original message. The recipient should check this email and any attachments for the presence of viruses. Ness has taken every reasonable precaution to minimize this risk, and accepts no liability for any damage caused by any virus transmitted in this email. Ness reserves the rights to monitor and review the content of all messages sent to or from this E-mail address, and store them on the Ness E-mail system. From dave.list at pixelhammer.com Fri Jun 9 14:49:34 2006 From: dave.list at pixelhammer.com (DAve) Date: Fri Jun 9 14:49:48 2006 Subject: MailScanner delivering Spam as attachments Message-ID: <44897C6E.6050000@pixelhammer.com> Good morning, It has been a busy week, with so much going on maybe I have just missed something simple. I have upgrade both instances of MailScanner, Clamav, SpamAssassin. I am in the process of migrating all our Spam filtering off the toasters and on to the MailScanner boxes. I want to have MailScanner only test for spam and add the requested headers, nothing more. I will have the individual toasters read the headers and deliver the message appropriately. I've changed my MailScanner.conf to read as follows for my test domain, ===MailScanner.conf Spam Modify Subject = no Spam Checks = %rules-dir%/user.filtering.rules Use SpamAssassin = yes Cache SpamAssassin Results = yes Spam Actions = %rules-dir%/user.delivery.rules High Scoring Spam Actions = %rules-dir%/highscore.delivery.rules Non Spam Actions = deliver ====user.delivery.rules To: *@pixelhammer.com.com deliver # default delivery To: default deliver attachment ====user.filtering.rules To: *@pixelhammer.com yes # Default, don't filter anything else coming through! To: default no From: default no ====highscore.delivery.rules # default delivery To: default store I think this is all correct, however, spam delivered to pixelhammer.com is still attached to a warning message. No clue what I have done wrong here. I even restarted MailScanner a couple of times, and waited overnight so it could restart itself. Hints? DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From matt at coders.co.uk Fri Jun 9 14:58:43 2006 From: matt at coders.co.uk (Matt Hampton) Date: Fri Jun 9 14:58:39 2006 Subject: MailScanner delivering Spam as attachments In-Reply-To: <44897C6E.6050000@pixelhammer.com> References: <44897C6E.6050000@pixelhammer.com> Message-ID: <44897E93.8050407@coders.co.uk> DAve wrote: > ====user.delivery.rules > To: *@pixelhammer.com.com deliver .com.com? matt From dave.list at pixelhammer.com Fri Jun 9 15:07:34 2006 From: dave.list at pixelhammer.com (DAve) Date: Fri Jun 9 15:07:47 2006 Subject: MailScanner delivering Spam as attachments In-Reply-To: <44897E93.8050407@coders.co.uk> References: <44897C6E.6050000@pixelhammer.com> <44897E93.8050407@coders.co.uk> Message-ID: <448980A6.4020205@pixelhammer.com> Matt Hampton wrote: > DAve wrote: > >> ====user.delivery.rules >> To: *@pixelhammer.com.com deliver > > .com.com? > > matt Uhhh, what can I say, it has been a very long week. Two sets of eyes are better than one. Thank you! DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From ssilva at sgvwater.com Fri Jun 9 18:16:26 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 9 18:16:36 2006 Subject: "Lock Type" for sendmail In-Reply-To: <63C30FDC-C0A6-476F-BFF9-4BCE7EAD0F3A@ecs.soton.ac.uk> References: <63C30FDC-C0A6-476F-BFF9-4BCE7EAD0F3A@ecs.soton.ac.uk> Message-ID: Julian Field spake the following on 6/9/2006 12:35 AM: > Please note that I made a slight mistake and the behaviour of the "Lock > Type" setting does not match the comments above it in MailScanner.conf. > > For sendmail, instead of defaulting to "posix" as documented, it > defaults to "flock". > > If you are using sendmail version 8.13 or greater, particularly if you > are on Linux, then you will need to manually set this to > Lock Type = posix > and then restart MailScanner. > > Failure to set this correctly could result in delivery of more than 1 > copy of each message in the queue. > > This error is corrected in the latest beta release. Just to close this issue, does the beta fix the default lock type, or is the comment just fixed? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Fri Jun 9 18:18:28 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 9 18:20:23 2006 Subject: MailScanner delivering Spam as attachments In-Reply-To: <448980A6.4020205@pixelhammer.com> References: <44897C6E.6050000@pixelhammer.com> <44897E93.8050407@coders.co.uk> <448980A6.4020205@pixelhammer.com> Message-ID: DAve spake the following on 6/9/2006 7:07 AM: > Matt Hampton wrote: >> DAve wrote: >> >>> ====user.delivery.rules >>> To: *@pixelhammer.com.com deliver >> >> .com.com? >> >> matt > > Uhhh, what can I say, it has been a very long week. Two sets of eyes are > better than one. > > Thank you! > > DAve > 2 pair of eyes beats a pair of .com's everyday! You should have gone all in! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From dnsadmin at 1bigthink.com Fri Jun 9 18:42:02 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Fri Jun 9 18:42:12 2006 Subject: OT: Request answer off-list-- Sendmail+MailScanner+Mailman configs Message-ID: <4489B2EA.7010300@1bigthink.com> Hello All, I've got a Mail server with Sendmail + MailScanner + Mailman. The mailman lists are working fine. MailScanner is working fine within the mailing lists too. It wasn't until someone tried using mail accounts on the same domain as the list server that I realized sendmail was not working properly. Sendmail is receiving mail for the accounts, but I cannot authenticate any accounts on the domain. I suspect the problem either lies in the mailertable or the sendmail.mc/sendmail.cf file. The one thing that really complicates this is SMTP-AUTH on the regular mail. I am using saslauthd with Pam. My main mail server (completely separate server) is setup this way and is functioning properly, so I mimicked configs. I am no expert at the sendmail.mc/sendmail.cf, nor the mailman mechanisms being used. I understand enough to be dangerous. Quite complex! If any one expresses an interest in helping, please take this off-list unless you think it may help the group. I might need to compose a Niki item on this, once ironed-out! Please reply to dnsadmin-at-1bigthink.com. Thanks All! Glenn Parsons From tjcruz at airc.pt Fri Jun 9 18:57:51 2006 From: tjcruz at airc.pt (Tiago J. S. Martins Cruz) Date: Fri Jun 9 18:57:59 2006 Subject: Problem with delivery of clean mail Message-ID: <20060609185751.8kwwnbxxa844gk8c@webmail.airc.pt> I'm having trouble with my MailScanner configuration and I'm hoping someone on this list could giev me a hand. The MX server for the domain I administer is based on a FC5 Linux Distribution with MailScanner+sendmail in gateway mode. In my mailscanner.conf file I have enabled the "Deliver Cleaned Messages" option but it doesn't seems to work. When a message with an infected attachment hits the system the postmaster is notified but the cleaned message (without the infected attach) is not delivered to the recipient. I saw something similar on the mailing list archives, circa 2004 but the solution that worked then was a patch to the "Message.pm" file. My maillog file doesn't shows any kind of errors - however it does have the log entries for the messages sent to the postmaster. Apart from that, no sign of any message sent to the recipients of the cleaned messages. Thanks, in advance, for any help --Tiago Cruz My configuration is as follows: i686 i386 GNU/Linux This is Fedora Core release 5 (Bordeaux) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.54.6 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.04 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.16 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.54 HTML::Parser 2.37 HTML::TokeParser 1.22 IO 1.13 IO::File 1.13 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.03 MIME::QuotedPrint 5.420 MIME::Tools 0.10 Net::CIDR 1.09 POSIX 1.78 Socket 0.13 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.814 DB_File 1.12 DBD::SQLite 1.50 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.001003 Mail::SpamAssassin 1.999001 Mail::SPF::Query 0.20 Net::CIDR::Lite 1.24 Net::IP 0.57 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.56 Test::Harness 0.62 Test::Simple 1.98 Text::Balanced 1.35 URI -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Jun 9 19:42:41 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 9 19:43:58 2006 Subject: "Lock Type" for sendmail In-Reply-To: References: <63C30FDC-C0A6-476F-BFF9-4BCE7EAD0F3A@ecs.soton.ac.uk> Message-ID: <4489C121.4050606@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > Julian Field spake the following on 6/9/2006 12:35 AM: > >> Please note that I made a slight mistake and the behaviour of the "Lock >> Type" setting does not match the comments above it in MailScanner.conf. >> >> For sendmail, instead of defaulting to "posix" as documented, it >> defaults to "flock". >> >> If you are using sendmail version 8.13 or greater, particularly if you >> are on Linux, then you will need to manually set this to >> Lock Type = posix >> and then restart MailScanner. >> >> Failure to set this correctly could result in delivery of more than 1 >> copy of each message in the queue. >> >> This error is corrected in the latest beta release. >> > Just to close this issue, does the beta fix the default lock type, or is the > comment just fixed? > The beta fixes the default lock type. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRInBMhH2WUcUFbZUEQLY5ACggljUn4PUMUyyJE2Xkq84Y6Wh74UAoNn9 ek5iLlHBg9WjZ94w61wucTNH =GnXY -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From alex at nkpanama.com Fri Jun 9 20:01:04 2006 From: alex at nkpanama.com (Alex Neuman) Date: Fri Jun 9 20:01:35 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: <00b401c68ad5$99a28570$3004010a@martinhlaptop> Message-ID: <1912CB3A-76C3-4157-A481-6AAF4DF177FC@nkpanama.com> On Jun 8, 2006, at 5:37 AM, Res wrote: > On Thu, 8 Jun 2006, Martin Hepworth wrote: > > >> Res >> >> Hmm I use 5 as low scoring and 10 as delete....get very few 5-10 >> false >> positives... >> > > On a box that uses SA I'm amazed at the amount of calais and viagra > crap that are marked as totaly cleam scoring a bare 0.1 etc... > > Probably misconfigured. Things like ALL_TRUSTED and bad AWL scores are usually the culprit. > -- > Cheers > Res > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From alex at nkpanama.com Fri Jun 9 20:11:29 2006 From: alex at nkpanama.com (Alex Neuman) Date: Fri Jun 9 20:14:07 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <44880517.5010201@netmagicsolutions.com> References: <014c01c68a17$6242be60$3004010a@martinhlaptop> <4486A924.5090502@netmagicsolutions.com> <4487E909.5030308@netmagicsolutions.com> <44880517.5010201@netmagicsolutions.com> Message-ID: On Jun 8, 2006, at 6:08 AM, Dhawal Doshy wrote: > Res wrote: > >> On Thu, 8 Jun 2006, Dhawal Doshy wrote: >> >>> Average mail delivery time is 10-15 seconds to the delivery >>> servers. And i haven't done any advanced tuning (save using >>> TMPFS) on these servers. Of course it helps to have Dual >>> Processors and 3 GB RAM with SCSI Disks (Dell PE1850). >>> >>> >> Yes but you still have not said what your SA tunnings are >> > > None, zilch.. we do not tune SA at all (i compile rpms from the > stock tar.gz distro).. moreover we add tonnes of SARE rules to it. > If using a dedicated server for MySQL based Bayes is tuning, then > yes we do tuning. From that POV, we use djbdns' dnscache for the > local caching-nameserver, which helps Net::DNS tremendously. Also > thanks to the prolocation chaps, we rsync SURBL for local use.. > Is using djbdns' dnscache better performance-wise than running Bind in caching mode? I know this probably sounds dumb but since Bind w/ caching is installed by default on most rh-based linux distros I've never bothered to do djbdns... > I have added wiki entries for both of them quite some time back. > http://wiki.mailscanner.info/doku.php? > id=&idx=documentation:related_software:caching_nameserver > http://wiki.mailscanner.info/doku.php? > id=documentation:anti_spam:spamassassin:bayes:sql > > >> I wasnt being a smart ass i was being genuine, but no problems I >> take it the way you meant it and you shall be ignored :) >> > > I wasn't being one either.. apologies if i did sound like one. > > - dhawal > > >> If anyone on this list processing the levels we do and actually is >> bored enough to say how they tuned SA i'd be interested in reading >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From dhawal at netmagicsolutions.com Fri Jun 9 21:20:53 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Jun 9 21:21:07 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: <014c01c68a17$6242be60$3004010a@martinhlaptop> <4486A924.5090502@netmagicsolutions.com> <4487E909.5030308@netmagicsolutions.com> <44880517.5010201@netmagicsolutions.com> Message-ID: <20060609202053.23443.qmail@mymail.netmagicians.com> Alex Neuman writes: >> None, zilch.. we do not tune SA at all (i compile rpms from the stock >> tar.gz distro).. moreover we add tonnes of SARE rules to it. If using a >> dedicated server for MySQL based Bayes is tuning, then yes we do tuning. >> From that POV, we use djbdns' dnscache for the local caching-nameserver, >> which helps Net::DNS tremendously. Also thanks to the prolocation chaps, >> we rsync SURBL for local use.. >> > > Is using djbdns' dnscache better performance-wise than running Bind in > caching mode? I know this probably sounds dumb but since Bind w/ caching > is installed by default on most rh-based linux distros I've never > bothered to do djbdns... i can't really say which one is better.. i seem to like dnscache's performance and can keep it on a leash (from a resource perspective, see the wiki entry). Another reason being that i come from a qmail shop and have always been comfortable with dnscache (never gave bind+caching_ns a chance except for authoritative nameservers). - dhawal From alex at nkpanama.com Sat Jun 10 00:30:09 2006 From: alex at nkpanama.com (Alex Neuman) Date: Sat Jun 10 00:30:40 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <20060609202053.23443.qmail@mymail.netmagicians.com> References: <014c01c68a17$6242be60$3004010a@martinhlaptop> <4486A924.5090502@netmagicsolutions.com> <4487E909.5030308@netmagicsolutions.com> <44880517.5010201@netmagicsolutions.com> <20060609202053.23443.qmail@mymail.netmagicians.com> Message-ID: <1259B985-D73C-4FE4-B9FC-288D69B0BEE8@nkpanama.com> Most of the servers I handle are authoritative for their domain, and do caching for whoever's behind them on a private network. I try to only do recursive lookups for localhost and 192.168.x.x addresses within private networks, and just answer for their own domains when asked by anyone outside. On Jun 9, 2006, at 3:20 PM, Dhawal Doshy wrote: > Alex Neuman writes: > >>> None, zilch.. we do not tune SA at all (i compile rpms from the >>> stock tar.gz distro).. moreover we add tonnes of SARE rules to >>> it. If using a dedicated server for MySQL based Bayes is tuning, >>> then yes we do tuning. From that POV, we use djbdns' dnscache >>> for the local caching-nameserver, which helps Net::DNS >>> tremendously. Also thanks to the prolocation chaps, we rsync >>> SURBL for local use.. >>> >> Is using djbdns' dnscache better performance-wise than running >> Bind in caching mode? I know this probably sounds dumb but since >> Bind w/ caching is installed by default on most rh-based linux >> distros I've never bothered to do djbdns... >> > > i can't really say which one is better.. i seem to like dnscache's > performance and can keep it on a leash (from a resource > perspective, see the wiki entry). Another reason being that i come > from a qmail shop and have always been comfortable with dnscache > (never gave bind+caching_ns a chance except for authoritative > nameservers). > - dhawal > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From cpedaschus at gmx.de Sat Jun 10 00:34:58 2006 From: cpedaschus at gmx.de (Christian Pedaschus) Date: Sat Jun 10 00:36:23 2006 Subject: Virtual mailuser with their own bayes db? Message-ID: <448A05A2.70100@gmx.de> Hi everybody, i'm using mailscanner-4.54.6, latest qmail-ldap and courier-imap-3.0.8 and try to get spamassassin to use a separate bayes db for every virtual mailuser instead of a global one, but can't get it to work nor did i find anything in the wiki/documentation about it (perhaps i'm blind, pls excuse if so, was a long day). i found a howto to patch spamd to get the vuser home-dir from courier, but it's not of much help because i'm no perl-developer and can't convert the needed steps to spamassassin. i looked around in Mailscanner/lib/Mailscanner/SA.pm and line 89-92 look promising, but i don't fully understand them. the sa-howto patches the getpwnam call to return the data from courier, i guess that's what i need to do here, i just don't know how or where exactly. can someone give me a hint on how to get this running? Greets, Chris ps. the mentioned spamd-patch howto: http://da.andaka.org/Doku/courier-spamassassin.html From Marc.Dufresne at parks.on.ca Sat Jun 10 01:40:27 2006 From: Marc.Dufresne at parks.on.ca (Marc Dufresne) Date: Sat Jun 10 01:40:58 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working Message-ID: I have just upgraded to FreeBSD 6.1 and Sendmail 8.13.6. The mailscanner software running on my box is mailscanner 4.52.2-1. I have tested this with the above upgrades and it still is working perfectly. I decided to update my ports tree and then updated mailscanner to version 4.54.6. Everything installed correctly, but I cannot get mailscanner to run from the command line or on boot. I have followed the instructions under /usr/local/etc/rc.d/mailscanner by adding the following lines to /etc/rc.conf mailscanner_enable="YES" mailscanner_configfile="/usr/local/etc/MailScanner/MailScanner.conf" mailscanner_pidfile="/var/run/MailScanner.pid" I have also followed the instructions in /usr/local/etc/rc.d/mta by adding the following lines to the /etc/rc.conf mta_enable="YES" mta_type="sendmail" mta_profiles="incoming outgoing submitqueue" mta_incoming_flags="-L sm-mta-in -bd -OPrivacyOptions=noetrn -OQueueDirectory$ mta_incoming_pidfile="/var/run/sendmail_in.pid" mta_incoming_configfile="/etc/mail/sendmail.cf" mta_outgoing_flags="-L sm-mta-out -q15m" mta_outgoing_pidfile="/var/run/sendmail_out.pid" mta_outgoing_configfile="/etc/mail/sendmail.cf" mta_submitqueue_flags="-L sm-msp-queue -Ac -q15m" mta_submitqueue_pidfile="/var/spool/clientmqueue/sm-client.pid" mta_submitqueue_configfile="/etc/mail/submit.cf" Mailscanner will not load!!! I have tried everything I can think of. What am I missing???? -------------- next part -------------- BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marc Dufresne TEL;WORK:613-543-3704 ORG:;Information Technology TEL;PREF;FAX:613-543-2847 EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca N:Dufresne;Marc TITLE:Corporate IT Officer END:VCARD From gmane at tippingmar.com Sat Jun 10 02:43:50 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Sat Jun 10 02:44:14 2006 Subject: Is sophos-autoupdate updating? Message-ID: In my maillog I see: Jun 9 17:07:16 tesla update.virus.scanners: Found sophos installed Jun 9 17:07:16 tesla update.virus.scanners: Running autoupdate for sophos Jun 9 17:07:17 tesla Sophos-autoupdate[1501]: Sophos V5 updated But if I try to manually update I get: [root@tesla ~]# /opt/sophos-av/bin/savupdate -v 5 Starting automatic update... Opening configuration... Configuration opened Processing package 'PACKAGE'... Connection initialized Identified item to update 'sav-linux/manifest.dat' Identified item to update 'sav-linux/manifest.spec' Identified item to update 'sav-linux/cidsync.upd' Identified item to update 'sav-linux/common/' Identified item to update 'doc/' Identified item to update 'savi/' Identified item to update 'talpa/talpa-srcpack.tar.gz' Identified item to update 'talpa/manifest.dat' Identified item to update 'talpa/cidsync.upd' Identified item to update 'sav-linux/x86/' Identified item to update 'talpa/talpa-fedora/talpa-binpack-fedora_2.6.16-1.2111_FC5.tar.gz' Replicating contents in package directory '/opt/sophos-av/update/cache/LOCAL/PACKAGE'... Reading master index 'http://es-web.sophos.com/update/savlinux/master.upd'... Downloading http://es-web.sophos.com/update/savlinux/master.upd Failed to download http://es-web.sophos.com/update/savlinux/master.upd WARNING: Failed to read file 'http://es-web.sophos.com/update/savlinux/master.upd' WARNING: Failed to read master index 'http://es-web.sophos.com/update/savlinux/master.upd' ERROR: Failed to replicate contents in package directory '/opt/sophos-av/update/cache/LOCAL/PACKAGE' ERROR: Package 'PACKAGE' processing failed Updating Sophos Anti-Virus... ERROR: Failed to update Sophos Anti-Virus FATAL: Automatic update aborted And if I manually run "/usr/lib/MailScanner/sophos-autoupdate" or "/usr/lib/MailScanner/sophos-autoupdate /opt/sophos-av" the maillog shows: Jun 9 18:39:02 tesla Sophos-autoupdate[2106]: Sophos V5 updater failed So is Sophos 5 really being updated? Thanks, Mark Nienberg From res at ausics.net Sat Jun 10 05:43:48 2006 From: res at ausics.net (Res) Date: Sat Jun 10 05:43:56 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: <223f97700606090257y335963e2of07157ae0084a055@mail.gmail.com> References: <00b201c68ad5$2b948a60$3004010a@martinhlaptop> <223f97700606080351o10700dcby205822218959b6b6@mail.gmail.com> <223f97700606090257y335963e2of07157ae0084a055@mail.gmail.com> Message-ID: On Fri, 9 Jun 2006, Glenn Steen wrote: >> SA itself, all the dns stuff is off as is a couple other things they >> suggested, SA was used for spam detection only, we lowered teh default MS > > How very depressing. > Was it CPU-bound or IO-bound (yeah yeah, IO is CPU-bound, I know:-), The load only climbed to about 12, machine was still instantly responsive never went through the roof or laged at all. > mostly? And using the usual tmpfs thing for anything that needs really > fast IO (I guess I haven't done the math on that one... Could ramp up > to a very hefty amount of RAM, with that throughput:-)? Oh theres plenty pof ram dont worry abvout that :) > Yeah, it's always "somewhere else"... and all that is needed is a few about 80% comes from asian countries, the rest of the world make up the other 20%, because of large fines and risk of incarseration theres very little chance of much of the crap coming from oz, thoug IMHO the spam laws dont quite go far enough, there are a few holes we'd like closed that the govt decided was to be excluded -- Cheers Res From res at ausics.net Sat Jun 10 05:47:24 2006 From: res at ausics.net (Res) Date: Sat Jun 10 05:47:28 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working In-Reply-To: References: Message-ID: run MailScanner --lint and see what errors pop up On Fri, 9 Jun 2006, Marc Dufresne wrote: > I have just upgraded to FreeBSD 6.1 and Sendmail 8.13.6. > > The mailscanner software running on my box is mailscanner 4.52.2-1. I have tested this with the above upgrades and it still is working perfectly. > > I decided to update my ports tree and then updated mailscanner to version 4.54.6. Everything installed correctly, but I cannot get mailscanner to run from the command line or on boot. -- Cheers Res From grover1711 at gmail.com Sat Jun 10 08:29:46 2006 From: grover1711 at gmail.com (ankush grover) Date: Sat Jun 10 08:29:50 2006 Subject: content filtering with MailScanner 4.44 + postfix 2.1.5 on FC3 Message-ID: <5f638b360606100029x40a60295r4ece048ef8434e97@mail.gmail.com> hey friends, I am using MailScanner 4.44 with postfix 2.1.5 on FC3. I want to do some kind of content filtering a) Banning receiving & sending attachments for some users for example "ankush@example.com" is not allowed to send or receive any attachments. b) Banning receiving emails for some users from the all other domains except from one domain for example if there is any email for user "tom@example.com" from any other domain that mail should be dropped but this user should be able to receive mail from the example.com domain but not from anyother domain. c) People are still sending mails to the accounts of the ex employees I want to totally ban mails to those accounts both within the organisation and from outside means if the mail is for the user "john@example.com" that mail should get dropped. If anyone can give me examples for the above 3 problems of mine that will be very good and I will be very grateful to that person. Please let me know if you need any further inputs. Thanks & Regards Ankush Grover From shrek-m at gmx.de Sat Jun 10 09:34:16 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Sat Jun 10 09:34:23 2006 Subject: Is sophos-autoupdate updating? In-Reply-To: References: Message-ID: <448A8408.2080504@gmx.de> Mark Nienberg schrieb: > In my maillog I see: > > Jun 9 17:07:16 tesla update.virus.scanners: Found sophos installed > Jun 9 17:07:16 tesla update.virus.scanners: Running autoupdate for > sophos > Jun 9 17:07:17 tesla Sophos-autoupdate[1501]: Sophos V5 updated > > > But if I try to manually update I get: > > [root@tesla ~]# /opt/sophos-av/bin/savupdate -v 5 > [...] Failed to download > http://es-web.sophos.com/update/savlinux/master.upd > WARNING: Failed to read file > 'http://es-web.sophos.com/update/savlinux/master.upd' > WARNING: Failed to read master index > 'http://es-web.sophos.com/update/savlinux/master.upd' > ERROR: Failed to replicate contents in package directory > '/opt/sophos-av/update/cache/LOCAL/PACKAGE' > ERROR: Package 'PACKAGE' processing failed > Updating Sophos Anti-Virus... > ERROR: Failed to update Sophos Anti-Virus > FATAL: Automatic update aborted > > > And if I manually run "/usr/lib/MailScanner/sophos-autoupdate" or > "/usr/lib/MailScanner/sophos-autoupdate /opt/sophos-av" the maillog > shows: > > Jun 9 18:39:02 tesla Sophos-autoupdate[2106]: Sophos V5 updater failed > > > So is Sophos 5 really being updated? i doubt. with `savupdate -v5 ` i get at least 1000 lines of output default is "v2" -------- # /opt/sophos-av/bin/savupdate Downloading http://es-web.sophos.com/update/savlinux/master.upd 268 bytes downloaded in 0,702146 secs (381,687100 B/s) /opt/sophos-av/update/cache/LOCAL/PACKAGE/savi/cidsync.upd is up to date /opt/sophos-av/update/cache/LOCAL/PACKAGE/sav-linux/cidsync.upd is up to date /opt/sophos-av/update/cache/LOCAL/PACKAGE/doc/cidsync.upd is up to date Downloading http://es-web.sophos.com/update/savlinux/root.upd 342 bytes downloaded in 0,165553 secs (2,017388 KiB/s) Downloading http://es-web.sophos.com/update/savlinux/root_manifest.dat 3168 bytes downloaded in 0,255198 secs (12,122940 KiB/s) /opt/sophos-av/update/cache/LOCAL/PACKAGE/talpa/cidsync.upd is up to date Downloading http://es-web.sophos.com/update/savlinux/config/index.spec Failed to download http://es-web.sophos.com/update/savlinux/config/index.spec Downloading http://es-web.sophos.com/update/savlinux/talpa-custom/index.spec Failed to download http://es-web.sophos.com/update/savlinux/talpa-custom/index.spec Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/savi/manifest.dat in 0,121533 seconds Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/sav-linux/manifest.dat in 0,174967 seconds Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/doc/manifest.dat in 0,011526 seconds Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/root_manifest.dat in 0,031227 seconds Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/talpa/manifest.dat in 0,154930 seconds Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/root_manifest.dat in 0,010770 seconds Successfully updated Sophos Anti-Virus ----/---- -- shrek-m From lars+lister.mailscanner at adventuras.no Sat Jun 10 12:30:49 2006 From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen) Date: Sat Jun 10 12:31:08 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working In-Reply-To: References: Message-ID: <448AAD69.9010405@adventuras.no> Marc Dufresne skrev: > I have just upgraded to FreeBSD 6.1 and Sendmail 8.13.6. > > The mailscanner software running on my box is mailscanner 4.52.2-1. I have tested this with the above upgrades and it still is working perfectly. > > I decided to update my ports tree and then updated mailscanner to version 4.54.6. Everything installed correctly, but I cannot get mailscanner to run from the command line or on boot. > Any failure messages? Wild shot: You need to update mailscanner after upgrading the os because of a filename installation default. (mta or mta.sh) -- Regards from Lars > I have followed the instructions under > > /usr/local/etc/rc.d/mailscanner by adding the following lines to /etc/rc.conf > > mailscanner_enable="YES" > mailscanner_configfile="/usr/local/etc/MailScanner/MailScanner.conf" > mailscanner_pidfile="/var/run/MailScanner.pid" > > I have also followed the instructions in /usr/local/etc/rc.d/mta by adding the following lines to the /etc/rc.conf > > mta_enable="YES" > mta_type="sendmail" > mta_profiles="incoming outgoing submitqueue" > mta_incoming_flags="-L sm-mta-in -bd -OPrivacyOptions=noetrn -OQueueDirectory$ > mta_incoming_pidfile="/var/run/sendmail_in.pid" > mta_incoming_configfile="/etc/mail/sendmail.cf" > mta_outgoing_flags="-L sm-mta-out -q15m" > mta_outgoing_pidfile="/var/run/sendmail_out.pid" > mta_outgoing_configfile="/etc/mail/sendmail.cf" > mta_submitqueue_flags="-L sm-msp-queue -Ac -q15m" > mta_submitqueue_pidfile="/var/spool/clientmqueue/sm-client.pid" > mta_submitqueue_configfile="/etc/mail/submit.cf" > > Mailscanner will not load!!! I have tried everything I can think of. > > What am I missing???? > > > > ------------------------------------------------------------------------ > > BEGIN:VCARD > VERSION:2.1 > X-GWTYPE:USER > FN:Marc Dufresne > TEL;WORK:613-543-3704 > ORG:;Information Technology > TEL;PREF;FAX:613-543-2847 > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > N:Dufresne;Marc > TITLE:Corporate IT Officer > END:VCARD > > From michele at blacknight.ie Sat Jun 10 12:41:39 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Sat Jun 10 12:41:40 2006 Subject: content filtering with MailScanner 4.44 + postfix 2.1.5 on FC3 In-Reply-To: <5f638b360606100029x40a60295r4ece048ef8434e97@mail.gmail.com> References: <5f638b360606100029x40a60295r4ece048ef8434e97@mail.gmail.com> Message-ID: <448AAFF3.9040404@blacknight.ie> ankush grover wrote: > hey friends, > > I am using MailScanner 4.44 with postfix 2.1.5 on FC3. I want to do > some kind of content filtering Why are you using such old versions of everything? You really should upgrade > > a) Banning receiving & sending attachments for some users for example > "ankush@example.com" is not allowed to send or receive any > attachments. Read up on rulesets > > b) Banning receiving emails for some users from the all other domains > except from > one domain for example if there is any email for user > "tom@example.com" from > any other domain that mail should be dropped but this user should > be able to > receive mail from the example.com domain but not from anyother domain. As above > > c) People are still sending mails to the accounts of the ex employees > I want to > totally ban mails to those accounts both within the organisation and > from > outside means if the mail is for the user "john@example.com" that > mail > should get dropped. That's not a MailScanner issue really. That's more of an MTA configuration matter -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From samp at arial-concept.com Sat Jun 10 14:12:00 2006 From: samp at arial-concept.com (Sam Przyswa) Date: Sat Jun 10 14:12:14 2006 Subject: content filtering with MailScanner 4.44 + postfix 2.1.5 on FC3 In-Reply-To: <448AAFF3.9040404@blacknight.ie> References: <5f638b360606100029x40a60295r4ece048ef8434e97@mail.gmail.com> <448AAFF3.9040404@blacknight.ie> Message-ID: <448AC520.6080709@arial-concept.com> Michele Neylon :: Blacknight.ie a ?crit : >>c) People are still sending mails to the accounts of the ex employees >>I want to >> totally ban mails to those accounts both within the organisation and >>from >> outside means if the mail is for the user "john@example.com" that >>mail >> should get dropped. >> >> > > > Look http://www.postfix.org/RESTRICTION_CLASS_README.html perhaps it's not exactly your need but you have to look in this way. I hope this help. Sam. -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. From MailScanner at ecs.soton.ac.uk Sat Jun 10 15:00:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 10 15:00:44 2006 Subject: Virtual mailuser with their own bayes db? In-Reply-To: <448A05A2.70100@gmx.de> References: <448A05A2.70100@gmx.de> Message-ID: <448AD07F.7030809@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MailScanner does not use spamd/spamc at all, it talks directly to SpamAssassin's Perl library for speed and efficiency reasons. However, this does mean that you are stuck to 1 bayes db for the whole system, sorry. People such as Matt Kettler (Matt--correct me if I'm wrong) have constructed very reliable spam detection without using bayes at all, so this isn't actually a big problem. Most people run with bayes, with one bayes db shared between all their customers/users and have no problems with it at all. So that bad news is that you can't do it. The good news is that it doesn't actually matter anyway. Regards, Jules. Christian Pedaschus wrote: > Hi everybody, > > i'm using mailscanner-4.54.6, latest qmail-ldap and courier-imap-3.0.8 > and try to get spamassassin to use a separate bayes db for every virtual > mailuser instead of a global one, but can't get it to work nor did i > find anything in the wiki/documentation about it (perhaps i'm blind, pls > excuse if so, was a long day). > > i found a howto to patch spamd to get the vuser home-dir from courier, > but it's not of much help because i'm no perl-developer and can't > convert the needed steps to spamassassin. i looked around in > Mailscanner/lib/Mailscanner/SA.pm and line 89-92 look promising, but i > don't fully understand them. the sa-howto patches the getpwnam call to > return the data from courier, i guess that's what i need to do here, i > just don't know how or where exactly. > > can someone give me a hint on how to get this running? > > > Greets, Chris > > ps. the mentioned spamd-patch howto: > http://da.andaka.org/Doku/courier-spamassassin.html > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRIrQghH2WUcUFbZUEQIhIwCgpPwNnLtw7mfE62KWjXR5yM9rc2AAn0sa vNrWZJB+j+Hg6mGtxWotPPxG =3tVA -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sat Jun 10 15:04:23 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 10 15:04:30 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working In-Reply-To: References: Message-ID: <448AD167.9080609@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Also try asking Jan-Peter Koopmann as he is our head BSD wizard around here. You'll find his address from the mailing list, he's a frequent poster. But please try everything you can think of, and everything you can't, before mailing him. He is a very busy man and may well not have time to respond. Furthermore, if you get a solution from him, please post it back to the list so that it gets into the list archive, which is a valuable source of information and is useless without the solutions to posted problems. Regards, Jules. Res wrote: > > > run MailScanner --lint > and see what errors pop up > > On Fri, 9 Jun 2006, Marc Dufresne wrote: > >> I have just upgraded to FreeBSD 6.1 and Sendmail 8.13.6. >> >> The mailscanner software running on my box is mailscanner 4.52.2-1. I >> have tested this with the above upgrades and it still is working >> perfectly. >> >> I decided to update my ports tree and then updated mailscanner to >> version 4.54.6. Everything installed correctly, but I cannot get >> mailscanner to run from the command line or on boot. > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRIrRaBH2WUcUFbZUEQKE/gCfTALKytEPCAr2qQWdT4QN2ZZcqlQAn23z dhedegs5C7mQGEsAF9Nd3qRk =m/gu -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sat Jun 10 15:09:39 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 10 15:09:49 2006 Subject: Is sophos-autoupdate updating? In-Reply-To: References: Message-ID: <448AD2A3.1090409@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Nienberg wrote: > In my maillog I see: > > Jun 9 17:07:16 tesla update.virus.scanners: Found sophos installed > Jun 9 17:07:16 tesla update.virus.scanners: Running autoupdate for > sophos > Jun 9 17:07:17 tesla Sophos-autoupdate[1501]: Sophos V5 updated > > > But if I try to manually update I get: > > [root@tesla ~]# /opt/sophos-av/bin/savupdate -v 5 > Starting automatic update... > Opening configuration... > Configuration opened > Processing package 'PACKAGE'... > Connection initialized > Identified item to update 'sav-linux/manifest.dat' > Identified item to update 'sav-linux/manifest.spec' > Identified item to update 'sav-linux/cidsync.upd' > Identified item to update 'sav-linux/common/' > Identified item to update 'doc/' > Identified item to update 'savi/' > Identified item to update 'talpa/talpa-srcpack.tar.gz' > Identified item to update 'talpa/manifest.dat' > Identified item to update 'talpa/cidsync.upd' > Identified item to update 'sav-linux/x86/' > Identified item to update > 'talpa/talpa-fedora/talpa-binpack-fedora_2.6.16-1.2111_FC5.tar.gz' > Replicating contents in package directory > '/opt/sophos-av/update/cache/LOCAL/PACKAGE'... > Reading master index > 'http://es-web.sophos.com/update/savlinux/master.upd'... > Downloading http://es-web.sophos.com/update/savlinux/master.upd > Failed to download http://es-web.sophos.com/update/savlinux/master.upd > WARNING: Failed to read file > 'http://es-web.sophos.com/update/savlinux/master.upd' > WARNING: Failed to read master index > 'http://es-web.sophos.com/update/savlinux/master.upd' > ERROR: Failed to replicate contents in package directory > '/opt/sophos-av/update/cache/LOCAL/PACKAGE' > ERROR: Package 'PACKAGE' processing failed > Updating Sophos Anti-Virus... > ERROR: Failed to update Sophos Anti-Virus > FATAL: Automatic update aborted > > > And if I manually run "/usr/lib/MailScanner/sophos-autoupdate" or > "/usr/lib/MailScanner/sophos-autoupdate /opt/sophos-av" the maillog > shows: > > Jun 9 18:39:02 tesla Sophos-autoupdate[2106]: Sophos V5 updater failed > > > So is Sophos 5 really being updated? I suspect not. The second command a couple of sentences up is the correct one. You have to give the autoupdater the directory in which Sophos is installed. Check that your /etc/MailScanner/virus.scanners.conf has the correct directory for the installation of Sophos, or it might still be trying to update an old Sophos v3 or v4 installation in /usr/local/Sophos. But running the Sophos command "savupdate" really should work, start by configuring that so that it works properly. Have you given it the right Sophos username and password to get updates? The MailScanner Sophos V5 autoupdate script uses this command to do the update, so that command on its own must work first. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRIrSpBH2WUcUFbZUEQINsgCdF+T8NibZPAO48VkzXuro21wjCx0AoOge 7EHW/eDVnDIBSydjDwkZsnVt =vfHM -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From Marc.Dufresne at parks.on.ca Sat Jun 10 15:16:10 2006 From: Marc.Dufresne at parks.on.ca (Marc Dufresne) Date: Sat Jun 10 15:16:26 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working Message-ID: That's exactly whatI did. Mailscanner installed properly, I then followed the instructions at the end of the install concerning mailscanner and mta. When executing mailscanner manually from the command line /usr/local/etc/rc.d/mailscanner start It would just go back to the command line. If I ran ps -ax mailscanner wasn't running. after pulling my hair out for about two hours, I noticed the latest version of Perl was 5.8.8. I was running perl 5.8.7. So I upgrade to perl5.8.8. That went successful. Mailscanner still didn't work. So I went under /usr/ports/mail/mailscannner and ran make deinstall mailscanner-4.54.6 uninstalled successfully. Then I tried to re-install by running make make install under /usr/ports/mail/mailscannner. Now I'm getting this error: Installing for p5-Filesys-Statvfs_Df-0.68 ===> p5-Filesys-Statvfs_Df-0.68 depends on file: /usr/local/bin/perl5.8.8 - found ===> Generating temporary packing list ===> Checking if devel/p5-Filesys-Statvfs_Df already installed make: don't know how to make /usr/local/lib/perl5/5.8.7/mach/Config.pm. Stop *** Error code 2 Stop in /usr/ports/devel/p5-Filesys-Statvfs_Df. *** Error code 1 Stop in /usr/ports/mail/mailscanner. Any ideas? Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> lars+lister.mailscanner@adventuras.no 6/10/2006 7:30:49 AM >>> Marc Dufresne skrev: > I have just upgraded to FreeBSD 6.1 and Sendmail 8.13.6. > > The mailscanner software running on my box is mailscanner 4.52.2-1. I have tested this with the above upgrades and it still is working perfectly. > > I decided to update my ports tree and then updated mailscanner to version 4.54.6. Everything installed correctly, but I cannot get mailscanner to run from the command line or on boot. > Any failure messages? Wild shot: You need to update mailscanner after upgrading the os because of a filename installation default. (mta or mta.sh) -- Regards from Lars > I have followed the instructions under > > /usr/local/etc/rc.d/mailscanner by adding the following lines to /etc/rc.conf > > mailscanner_enable="YES" > mailscanner_configfile="/usr/local/etc/MailScanner/MailScanner.conf" > mailscanner_pidfile="/var/run/MailScanner.pid" > > I have also followed the instructions in /usr/local/etc/rc.d/mta by adding the following lines to the /etc/rc.conf > > mta_enable="YES" > mta_type="sendmail" > mta_profiles="incoming outgoing submitqueue" > mta_incoming_flags="-L sm-mta-in -bd -OPrivacyOptions=noetrn -OQueueDirectory$ > mta_incoming_pidfile="/var/run/sendmail_in.pid" > mta_incoming_configfile="/etc/mail/sendmail.cf" > mta_outgoing_flags="-L sm-mta-out -q15m" > mta_outgoing_pidfile="/var/run/sendmail_out.pid" > mta_outgoing_configfile="/etc/mail/sendmail.cf" > mta_submitqueue_flags="-L sm-msp-queue -Ac -q15m" > mta_submitqueue_pidfile="/var/spool/clientmqueue/sm-client.pid" > mta_submitqueue_configfile="/etc/mail/submit.cf" > > Mailscanner will not load!!! I have tried everything I can think of. > > What am I missing???? > > > > ------------------------------------------------------------------------ > > BEGIN:VCARD > VERSION:2.1 > X-GWTYPE:USER > FN:Marc Dufresne > TEL;WORK:613-543-3704 > ORG:;Information Technology > TEL;PREF;FAX:613-543-2847 > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > N:Dufresne;Marc > TITLE:Corporate IT Officer > END:VCARD > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marc Dufresne TEL;WORK:613-543-3704 ORG:;Information Technology TEL;PREF;FAX:613-543-2847 EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca N:Dufresne;Marc TITLE:Corporate IT Officer END:VCARD From Marc.Dufresne at parks.on.ca Sat Jun 10 15:18:45 2006 From: Marc.Dufresne at parks.on.ca (Marc Dufresne) Date: Sat Jun 10 15:19:05 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working Message-ID: Will do. I noticed I was still rnning perl 5.8.7 after upgrading to FreeBSD 6.1, Sendmail 8.13.6 and mailscanner-4.54.6. What I did was upgrade to perl5.8.8 hoping that would solve my problem. Still isn't working. what command under FreeBSD do you execute to ensure the latest version of Perl is linked to all services that need it? Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> MailScanner@ecs.soton.ac.uk 6/10/2006 10:04:23 AM >>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Also try asking Jan-Peter Koopmann as he is our head BSD wizard around here. You'll find his address from the mailing list, he's a frequent poster. But please try everything you can think of, and everything you can't, before mailing him. He is a very busy man and may well not have time to respond. Furthermore, if you get a solution from him, please post it back to the list so that it gets into the list archive, which is a valuable source of information and is useless without the solutions to posted problems. Regards, Jules. Res wrote: > > > run MailScanner --lint > and see what errors pop up > > On Fri, 9 Jun 2006, Marc Dufresne wrote: > >> I have just upgraded to FreeBSD 6.1 and Sendmail 8.13.6. >> >> The mailscanner software running on my box is mailscanner 4.52.2-1. I >> have tested this with the above upgrades and it still is working >> perfectly. >> >> I decided to update my ports tree and then updated mailscanner to >> version 4.54.6. Everything installed correctly, but I cannot get >> mailscanner to run from the command line or on boot. > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRIrRaBH2WUcUFbZUEQKE/gCfTALKytEPCAr2qQWdT4QN2ZZcqlQAn23z dhedegs5C7mQGEsAF9Nd3qRk =m/gu -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marc Dufresne TEL;WORK:613-543-3704 ORG:;Information Technology TEL;PREF;FAX:613-543-2847 EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca N:Dufresne;Marc TITLE:Corporate IT Officer END:VCARD From MailScanner at ecs.soton.ac.uk Sat Jun 10 15:29:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 10 15:30:08 2006 Subject: content filtering with MailScanner 4.44 + postfix 2.1.5 on FC3 In-Reply-To: <5f638b360606100029x40a60295r4ece048ef8434e97@mail.gmail.com> References: <5f638b360606100029x40a60295r4ece048ef8434e97@mail.gmail.com> Message-ID: <448AD763.7080302@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ankush grover wrote: > hey friends, > > I am using MailScanner 4.44 with postfix 2.1.5 on FC3. I want to do > some kind of content filtering You can do pretty much all of these with MailScanner "rulesets". Read up about rulesets in any and/or all of the documentation available. Please buy the book! > a) Banning receiving & sending attachments for some users for example > "ankush@example.com" is not allowed to send or receive any > attachments. In MailScanner.conf, Maximum Attachment Size = %rules-dir%/max.attach.size.rules In /etc/MailScanner/rules/max.attach.size.rules FromOrTo: ankush@example.com 0 FromOtTo: default -1 > b) Banning receiving emails for some users from the all other domains > except from > one domain for example if there is any email for user > "tom@example.com" from > any other domain that mail should be dropped but this user should > be able to > receive mail from the example.com domain but not from anyother domain. In MailScanner.conf, Is Definitely Spam = %rules-dir%/is.definitely.spam.rules Definite Spam Is High Scoring = yes High-Scoring Spam Actions = delete store In /etc/MailScanner/rules/is.definitely.spam.rules To: tom@example.com and From: *@example.com no To: tom@example.com yes FromOrTo: default no > c) People are still sending mails to the accounts of the ex employees > I want to > totally ban mails to those accounts both within the organisation > and from > outside means if the mail is for the user "john@example.com" > that mail > should get dropped. Do this in your MTA. In sendmail, for example, add this to /etc/mail/access john@example.com DISCARD then cd /etc/mail make > If anyone can give me examples for the above 3 problems of mine that > will be very good and I will be very grateful to that person. Hopefully the examples above give you a small taste of the power of rulesets. Virtually every configuration option in MailScanner can be controlled by a ruleset, and these can be built into incredibly detailed configuration systems. As long as you have less than, say, 1000 entries in a particular ruleset, they will work very fast. If you come across a requirement which cannot be expressed in a ruleset, then you can use "Custom Functions", which are Perl functions that calculate the result of the configuration option from a section of Perl code that is passed all the details about the message. There are a few examples of what can be done in Custom Functions in /usr/lib/MailScanner/MailScanner/CustomConfig.pm and in the extra examples in /usr/lib/MailScanner/MailScanner/CustomFunctions/*. These do require some basic knowledge of Perl, but you can start from one of the examples and modify it to your needs, so you don't have to start from scratch. If you want Custom Functions written by me for your particular needs, please contact me directly and we can agree a price. You get MailScanner for free, and you get all the support I can possibly offer for free on the mailing list and in personal replies to mail (I reply to *every* email I get, always). But if you want me to write code for you, I have to charge for that. I have bills to pay, like everyone else. Regards, Jules. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRIrXZBH2WUcUFbZUEQKEeACgjHCaizK+Pv5osBQQb4ubLhLEmxcAoOQP zNFkk/YJkA5VvP//EbPIFjK7 =A7J4 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From lars+lister.mailscanner at adventuras.no Sat Jun 10 15:40:01 2006 From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen) Date: Sat Jun 10 15:40:23 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working In-Reply-To: References: Message-ID: <448AD9C1.1040000@adventuras.no> Marc Dufresne skrev: > That's exactly whatI did. Mailscanner installed properly, I then > followed the instructions at the end of the install concerning > mailscanner and mta. > > When executing mailscanner manually from the command line > /usr/local/etc/rc.d/mailscanner start > > It would just go back to the command line. If I ran ps -ax mailscanner > wasn't running. > > after pulling my hair out for about two hours, I noticed the latest > version of Perl was 5.8.8. I was running perl 5.8.7. So I upgrade to > perl5.8.8. That went successful. Mailscanner still didn't work. Look for perl in /usr/ports/Updating and you will see that you need to update everything perl when updating perl itself. The easiest way is to run the perl-after-upgrade script. > > So I went under /usr/ports/mail/mailscannner and ran > > make deinstall > > mailscanner-4.54.6 uninstalled successfully. Then I tried to re-install > by running > > make > make install > under /usr/ports/mail/mailscannner. > > Now I'm getting this error: > > Installing for p5-Filesys-Statvfs_Df-0.68 > ===> p5-Filesys-Statvfs_Df-0.68 depends on file: > /usr/local/bin/perl5.8.8 - found perl5.8 > ===> Generating temporary packing list > ===> Checking if devel/p5-Filesys-Statvfs_Df already installed > make: don't know how to make /usr/local/lib/perl5/5.8.7/mach/Config.pm. perl5.7, so p5-Filesys-Statvfs_Df needs updating too. > Stop > *** Error code 2 > > Stop in /usr/ports/devel/p5-Filesys-Statvfs_Df. > *** Error code 1 > > Stop in /usr/ports/mail/mailscanner. > > Any ideas? > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > >>>> lars+lister.mailscanner@adventuras.no 6/10/2006 7:30:49 AM >>> > Marc Dufresne skrev: >> I have just upgraded to FreeBSD 6.1 and Sendmail 8.13.6. >> >> The mailscanner software running on my box is mailscanner 4.52.2-1. I > have tested this with the above upgrades and it still is working > perfectly. >> I decided to update my ports tree and then updated mailscanner to > version 4.54.6. Everything installed correctly, but I cannot get > mailscanner to run from the command line or on boot. >> > > Any failure messages? > Wild shot: You need to update mailscanner after upgrading the os > because of a filename installation default. > (mta or mta.sh) > > > > ------------------------------------------------------------------------ > > BEGIN:VCARD > VERSION:2.1 > X-GWTYPE:USER > FN:Marc Dufresne > TEL;WORK:613-543-3704 > ORG:;Information Technology > TEL;PREF;FAX:613-543-2847 > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > N:Dufresne;Marc > TITLE:Corporate IT Officer > END:VCARD > From Marc.Dufresne at parks.on.ca Sat Jun 10 15:44:04 2006 From: Marc.Dufresne at parks.on.ca (Marc Dufresne) Date: Sat Jun 10 15:44:23 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working Message-ID: I've been racking by brain trying to find that script name!! Thanks. Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> lars+lister.mailscanner@adventuras.no 6/10/2006 10:40:01 AM >>> Marc Dufresne skrev: > That's exactly whatI did. Mailscanner installed properly, I then > followed the instructions at the end of the install concerning > mailscanner and mta. > > When executing mailscanner manually from the command line > /usr/local/etc/rc.d/mailscanner start > > It would just go back to the command line. If I ran ps -ax mailscanner > wasn't running. > > after pulling my hair out for about two hours, I noticed the latest > version of Perl was 5.8.8. I was running perl 5.8.7. So I upgrade to > perl5.8.8. That went successful. Mailscanner still didn't work. Look for perl in /usr/ports/Updating and you will see that you need to update everything perl when updating perl itself. The easiest way is to run the perl-after-upgrade script. > > So I went under /usr/ports/mail/mailscannner and ran > > make deinstall > > mailscanner-4.54.6 uninstalled successfully. Then I tried to re-install > by running > > make > make install > under /usr/ports/mail/mailscannner. > > Now I'm getting this error: > > Installing for p5-Filesys-Statvfs_Df-0.68 > ===> p5-Filesys-Statvfs_Df-0.68 depends on file: > /usr/local/bin/perl5.8.8 - found perl5.8 > ===> Generating temporary packing list > ===> Checking if devel/p5-Filesys-Statvfs_Df already installed > make: don't know how to make /usr/local/lib/perl5/5.8.7/mach/Config.pm. perl5.7, so p5-Filesys-Statvfs_Df needs updating too. > Stop > *** Error code 2 > > Stop in /usr/ports/devel/p5-Filesys-Statvfs_Df. > *** Error code 1 > > Stop in /usr/ports/mail/mailscanner. > > Any ideas? > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > >>>> lars+lister.mailscanner@adventuras.no 6/10/2006 7:30:49 AM >>> > Marc Dufresne skrev: >> I have just upgraded to FreeBSD 6.1 and Sendmail 8.13.6. >> >> The mailscanner software running on my box is mailscanner 4.52.2-1. I > have tested this with the above upgrades and it still is working > perfectly. >> I decided to update my ports tree and then updated mailscanner to > version 4.54.6. Everything installed correctly, but I cannot get > mailscanner to run from the command line or on boot. >> > > Any failure messages? > Wild shot: You need to update mailscanner after upgrading the os > because of a filename installation default. > (mta or mta.sh) > > > > ------------------------------------------------------------------------ > > BEGIN:VCARD > VERSION:2.1 > X-GWTYPE:USER > FN:Marc Dufresne > TEL;WORK:613-543-3704 > ORG:;Information Technology > TEL;PREF;FAX:613-543-2847 > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > N:Dufresne;Marc > TITLE:Corporate IT Officer > END:VCARD > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marc Dufresne TEL;WORK:613-543-3704 ORG:;Information Technology TEL;PREF;FAX:613-543-2847 EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca N:Dufresne;Marc TITLE:Corporate IT Officer END:VCARD From MailScanner at ecs.soton.ac.uk Sat Jun 10 15:48:00 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 10 15:48:11 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working In-Reply-To: References: Message-ID: <448ADBA0.3010202@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marc Dufresne wrote: > That's exactly whatI did. Mailscanner installed properly, I then > followed the instructions at the end of the install concerning > mailscanner and mta. > > When executing mailscanner manually from the command line > /usr/local/etc/rc.d/mailscanner start > > It would just go back to the command line. If I ran ps -ax mailscanner > wasn't running. > Run ps ax | grep Mail and see what that says. Running the rc.d script should start it up then return to the command line. > after pulling my hair out for about two hours, I noticed the latest > version of Perl was 5.8.8. I was running perl 5.8.7. So I upgrade to > perl5.8.8. That went successful. Mailscanner still didn't work. > > So I went under /usr/ports/mail/mailscannner and ran > > make deinstall > > mailscanner-4.54.6 uninstalled successfully. Then I tried to re-install > by running > > make > make install > under /usr/ports/mail/mailscannner. > > Now I'm getting this error: > > Installing for p5-Filesys-Statvfs_Df-0.68 > ===> p5-Filesys-Statvfs_Df-0.68 depends on file: > /usr/local/bin/perl5.8.8 - found > ===> Generating temporary packing list > ===> Checking if devel/p5-Filesys-Statvfs_Df already installed > make: don't know how to make /usr/local/lib/perl5/5.8.7/mach/Config.pm. > Stop > *** Error code 2 > > Stop in /usr/ports/devel/p5-Filesys-Statvfs_Df. > *** Error code 1 > > Stop in /usr/ports/mail/mailscanner. > > Any ideas? > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > > >>>> lars+lister.mailscanner@adventuras.no 6/10/2006 7:30:49 AM >>> >>>> > Marc Dufresne skrev: > >> I have just upgraded to FreeBSD 6.1 and Sendmail 8.13.6. >> >> The mailscanner software running on my box is mailscanner 4.52.2-1. I >> > have tested this with the above upgrades and it still is working > perfectly. > >> I decided to update my ports tree and then updated mailscanner to >> > version 4.54.6. Everything installed correctly, but I cannot get > mailscanner to run from the command line or on boot. > >> >> > > Any failure messages? > Wild shot: You need to update mailscanner after upgrading the os > because of a filename installation default. > (mta or mta.sh) > > > ------------------------------------------------------------------------ > > BEGIN:VCARD > VERSION:2.1 > X-GWTYPE:USER > FN:Marc Dufresne > TEL;WORK:613-543-3704 > ORG:;Information Technology > TEL;PREF;FAX:613-543-2847 > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > N:Dufresne;Marc > TITLE:Corporate IT Officer > END:VCARD > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRIrboRH2WUcUFbZUEQIiFQCg6O1xwi/cw7+loHcFkeXCdLDklfcAn3f4 ijgS1rOa/yNRecy1ONiWNwQd =//1K -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From cpedaschus at gmx.de Sat Jun 10 15:58:43 2006 From: cpedaschus at gmx.de (Christian Pedaschus) Date: Sat Jun 10 16:00:11 2006 Subject: Virtual mailuser with their own bayes db? In-Reply-To: <448AD07F.7030809@ecs.soton.ac.uk> References: <448A05A2.70100@gmx.de> <448AD07F.7030809@ecs.soton.ac.uk> Message-ID: <448ADE23.20908@gmx.de> Thanks for the answer, Jules. I'll have a look at said solutions without bayes, because i don't like the idea of having 1 big bayes db for users across different domains (perhaps some users like a given sort of spam and learn it as ham while others learn it as spam, sounds like a bad idea) Just one more question: Could you please explain what this means, i'm curious :) # N.B. SpamAssassin will use home dir defined in ENV{HOME} # 'if $ENV{HOME} =~ /\//' # So, set ENV{HOME} to desired directory, or undef it to force it to get home # using getpwnam of $> (EUID) In bin/Mailscanner env(home) get unset, that's why this comment irritates me. Greets, Chris Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >MailScanner does not use spamd/spamc at all, it talks directly to >SpamAssassin's Perl library for speed and efficiency reasons. > >However, this does mean that you are stuck to 1 bayes db for the whole >system, sorry. People such as Matt Kettler (Matt--correct me if I'm >wrong) have constructed very reliable spam detection without using bayes >at all, so this isn't actually a big problem. Most people run with >bayes, with one bayes db shared between all their customers/users and >have no problems with it at all. > >So that bad news is that you can't do it. The good news is that it >doesn't actually matter anyway. > >Regards, >Jules. > >Christian Pedaschus wrote: > > >>Hi everybody, >> >>i'm using mailscanner-4.54.6, latest qmail-ldap and courier-imap-3.0.8 >>and try to get spamassassin to use a separate bayes db for every virtual >>mailuser instead of a global one, but can't get it to work nor did i >>find anything in the wiki/documentation about it (perhaps i'm blind, pls >>excuse if so, was a long day). >> >>i found a howto to patch spamd to get the vuser home-dir from courier, >>but it's not of much help because i'm no perl-developer and can't >>convert the needed steps to spamassassin. i looked around in >>Mailscanner/lib/Mailscanner/SA.pm and line 89-92 look promising, but i >>don't fully understand them. the sa-howto patches the getpwnam call to >>return the data from courier, i guess that's what i need to do here, i >>just don't know how or where exactly. >> >>can someone give me a hint on how to get this running? >> >> >>Greets, Chris >> >>ps. the mentioned spamd-patch howto: >>http://da.andaka.org/Doku/courier-spamassassin.html >> >> >> > >- -- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.0.6 (Build 6060) > >iQA/AwUBRIrQghH2WUcUFbZUEQIhIwCgpPwNnLtw7mfE62KWjXR5yM9rc2AAn0sa >vNrWZJB+j+Hg6mGtxWotPPxG >=3tVA >-----END PGP SIGNATURE----- > > > From MailScanner at ecs.soton.ac.uk Sat Jun 10 16:54:13 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 10 16:54:31 2006 Subject: Virtual mailuser with their own bayes db? In-Reply-To: <448ADE23.20908@gmx.de> References: <448A05A2.70100@gmx.de> <448AD07F.7030809@ecs.soton.ac.uk> <448ADE23.20908@gmx.de> Message-ID: <448AEB25.3000706@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Christian Pedaschus wrote: > Thanks for the answer, Jules. > I'll have a look at said solutions without bayes, because i don't like > the idea of having 1 big bayes db for users across different domains > (perhaps some users like a given sort of spam and learn it as ham while > others learn it as spam, sounds like a bad idea) > > > Just one more question: > Could you please explain what this means, i'm curious :) > > # N.B. SpamAssassin will use home dir defined in ENV{HOME} > # 'if $ENV{HOME} =~ /\//' > This will always be true if $ENV{HOME} is set at all. > # So, set ENV{HOME} to desired directory, or undef it to force it to get > home > # using getpwnam of $> (EUID) > > In bin/Mailscanner env(home) get unset, that's why this comment > irritates me. > I think I can remember why I delete $ENV{HOME}. It is set before the UID and EUID are changed to the "Run As User", so will always be that of root. By unsetting it, it forces SpamAssassin to use the home directory of the effective userid (i.e. the "Run As User") for its .spamassassin directory. If it were left defined, it would use the home directory of root as the location of the .spamassassin directory, which it can't actually write to once it has changed to be the "Run As User". I need to force it to use the home directory of the "Run As User" as that is the only place it can write to. So I undefine it to force it to reset it to that of the "Run As User". If I didn't do that, when running as "postfix" it would try to write to "/root/.spamassassin" which it wouldn't be able to access. By undefining it, I force it to use "/var/spool/postfix/.spamassassin" which it can access. I hope that explains why I did it this way. It is very necessary. > Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> MailScanner does not use spamd/spamc at all, it talks directly to >> SpamAssassin's Perl library for speed and efficiency reasons. >> >> However, this does mean that you are stuck to 1 bayes db for the whole >> system, sorry. People such as Matt Kettler (Matt--correct me if I'm >> wrong) have constructed very reliable spam detection without using bayes >> at all, so this isn't actually a big problem. Most people run with >> bayes, with one bayes db shared between all their customers/users and >> have no problems with it at all. >> >> So that bad news is that you can't do it. The good news is that it >> doesn't actually matter anyway. >> >> Regards, >> Jules. >> >> Christian Pedaschus wrote: >> >> >> >>> Hi everybody, >>> >>> i'm using mailscanner-4.54.6, latest qmail-ldap and courier-imap-3.0.8 >>> and try to get spamassassin to use a separate bayes db for every virtual >>> mailuser instead of a global one, but can't get it to work nor did i >>> find anything in the wiki/documentation about it (perhaps i'm blind, pls >>> excuse if so, was a long day). >>> >>> i found a howto to patch spamd to get the vuser home-dir from courier, >>> but it's not of much help because i'm no perl-developer and can't >>> convert the needed steps to spamassassin. i looked around in >>> Mailscanner/lib/Mailscanner/SA.pm and line 89-92 look promising, but i >>> don't fully understand them. the sa-howto patches the getpwnam call to >>> return the data from courier, i guess that's what i need to do here, i >>> just don't know how or where exactly. >>> >>> can someone give me a hint on how to get this running? >>> >>> >>> Greets, Chris >>> >>> ps. the mentioned spamd-patch howto: >>> http://da.andaka.org/Doku/courier-spamassassin.html >>> >>> >>> >>> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.6 (Build 6060) >> >> iQA/AwUBRIrQghH2WUcUFbZUEQIhIwCgpPwNnLtw7mfE62KWjXR5yM9rc2AAn0sa >> vNrWZJB+j+Hg6mGtxWotPPxG >> =3tVA >> -----END PGP SIGNATURE----- >> >> >> >> - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRIrrKxH2WUcUFbZUEQIAzgCgxtIUGFCPiJUqWG5oQQ7xFKkm4ukAoJg7 nyL/yWzdDZI40y/HSyOFi8fU =u9CJ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mkettler at evi-inc.com Sat Jun 10 16:56:03 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Sat Jun 10 16:56:15 2006 Subject: Virtual mailuser with their own bayes db? In-Reply-To: <448AD07F.7030809@ecs.soton.ac.uk> References: <448A05A2.70100@gmx.de> <448AD07F.7030809@ecs.soton.ac.uk> Message-ID: <448AEB93.5030804@evi-inc.com> Julian Field wrote: > MailScanner does not use spamd/spamc at all, it talks directly to > SpamAssassin's Perl library for speed and efficiency reasons. > > However, this does mean that you are stuck to 1 bayes db for the whole > system, sorry. People such as Matt Kettler (Matt--correct me if I'm > wrong) have constructed very reliable spam detection without using bayes > at all, so this isn't actually a big problem. I use bayes, quite extensively. I think bayes is one of the most powerful and useful tools in SA. However, in a corporate environment, I find that a single-site-wide bayes DB actually works better than individual bayes. Really, individual DBs is only worthwhile if your users are highly diverse, such as at an ISP. I'm also one of the proponents of the "hamtrap/spamtrap" automated training technique. a "hamtrap" is a secret, obscure email address that you subscribe to trusted email sources, (industry newsletters, etc) you then use a cron-job to process its mail with sa-learn --ham. A spamtrap is a not-so-secret email address that you seed out to the world in innocuous ways and then configure them to be trained as spam. I generally do this while posting to various technical mailing lists. Whenever an example needs an email address, I insert a bogus one at my domain. I leave the account as nonexistent for about a month, and then create an alias for it so it gets trained. From cpedaschus at gmx.de Sat Jun 10 17:03:11 2006 From: cpedaschus at gmx.de (Christian Pedaschus) Date: Sat Jun 10 17:04:40 2006 Subject: Virtual mailuser with their own bayes db? In-Reply-To: <448AEB25.3000706@ecs.soton.ac.uk> References: <448A05A2.70100@gmx.de> <448AD07F.7030809@ecs.soton.ac.uk> <448ADE23.20908@gmx.de> <448AEB25.3000706@ecs.soton.ac.uk> Message-ID: <448AED3F.8060103@gmx.de> Yes, that explains it. Thanks again. Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Christian Pedaschus wrote: > > >>Thanks for the answer, Jules. >>I'll have a look at said solutions without bayes, because i don't like >>the idea of having 1 big bayes db for users across different domains >>(perhaps some users like a given sort of spam and learn it as ham while >>others learn it as spam, sounds like a bad idea) >> >> >>Just one more question: >>Could you please explain what this means, i'm curious :) >> >># N.B. SpamAssassin will use home dir defined in ENV{HOME} >># 'if $ENV{HOME} =~ /\//' >> >> >> >This will always be true if $ENV{HOME} is set at all. > > >># So, set ENV{HOME} to desired directory, or undef it to force it to get >>home >># using getpwnam of $> (EUID) >> >>In bin/Mailscanner env(home) get unset, that's why this comment >>irritates me. >> >> >> >I think I can remember why I delete $ENV{HOME}. It is set before the UID >and EUID are changed to the "Run As User", so will always be that of >root. By unsetting it, it forces SpamAssassin to use the home directory >of the effective userid (i.e. the "Run As User") for its .spamassassin >directory. > >If it were left defined, it would use the home directory of root as the >location of the .spamassassin directory, which it can't actually write >to once it has changed to be the "Run As User". I need to force it to >use the home directory of the "Run As User" as that is the only place it >can write to. So I undefine it to force it to reset it to that of the >"Run As User". > >If I didn't do that, when running as "postfix" it would try to write to >"/root/.spamassassin" which it wouldn't be able to access. By undefining >it, I force it to use "/var/spool/postfix/.spamassassin" which it can >access. > >I hope that explains why I did it this way. >It is very necessary. > > > >>Julian Field wrote: >> >> >> >>>-----BEGIN PGP SIGNED MESSAGE----- >>>Hash: SHA1 >>> >>>MailScanner does not use spamd/spamc at all, it talks directly to >>>SpamAssassin's Perl library for speed and efficiency reasons. >>> >>>However, this does mean that you are stuck to 1 bayes db for the whole >>>system, sorry. People such as Matt Kettler (Matt--correct me if I'm >>>wrong) have constructed very reliable spam detection without using bayes >>>at all, so this isn't actually a big problem. Most people run with >>>bayes, with one bayes db shared between all their customers/users and >>>have no problems with it at all. >>> >>>So that bad news is that you can't do it. The good news is that it >>>doesn't actually matter anyway. >>> >>>Regards, >>>Jules. >>> >>>Christian Pedaschus wrote: >>> >>> >>> >>> >>> >>>>Hi everybody, >>>> >>>>i'm using mailscanner-4.54.6, latest qmail-ldap and courier-imap-3.0.8 >>>>and try to get spamassassin to use a separate bayes db for every virtual >>>>mailuser instead of a global one, but can't get it to work nor did i >>>>find anything in the wiki/documentation about it (perhaps i'm blind, pls >>>>excuse if so, was a long day). >>>> >>>>i found a howto to patch spamd to get the vuser home-dir from courier, >>>>but it's not of much help because i'm no perl-developer and can't >>>>convert the needed steps to spamassassin. i looked around in >>>>Mailscanner/lib/Mailscanner/SA.pm and line 89-92 look promising, but i >>>>don't fully understand them. the sa-howto patches the getpwnam call to >>>>return the data from courier, i guess that's what i need to do here, i >>>>just don't know how or where exactly. >>>> >>>>can someone give me a hint on how to get this running? >>>> >>>> >>>>Greets, Chris >>>> >>>>ps. the mentioned spamd-patch howto: >>>>http://da.andaka.org/Doku/courier-spamassassin.html >>>> >>>> >>>> >>>> >>>> >>>> >>>- -- >>>Julian Field >>>www.MailScanner.info >>>Buy the MailScanner book at www.MailScanner.info/store >>>Professional Support Services at www.MailScanner.biz >>>MailScanner thanks transtec Computers for their support >>> >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>>-----BEGIN PGP SIGNATURE----- >>>Version: PGP Desktop 9.0.6 (Build 6060) >>> >>>iQA/AwUBRIrQghH2WUcUFbZUEQIhIwCgpPwNnLtw7mfE62KWjXR5yM9rc2AAn0sa >>>vNrWZJB+j+Hg6mGtxWotPPxG >>>=3tVA >>>-----END PGP SIGNATURE----- >>> >>> >>> >>> >>> >>> > >- -- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.0.6 (Build 6060) > >iQA/AwUBRIrrKxH2WUcUFbZUEQIAzgCgxtIUGFCPiJUqWG5oQQ7xFKkm4ukAoJg7 >nyL/yWzdDZI40y/HSyOFi8fU >=u9CJ >-----END PGP SIGNATURE----- > > > From Marc.Dufresne at parks.on.ca Sat Jun 10 17:35:32 2006 From: Marc.Dufresne at parks.on.ca (Marc Dufresne) Date: Sat Jun 10 17:35:50 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working Message-ID: This is what I've done today to resolve my issues. p5-Filesys-Statvfs-Df error (FIXED) -Fixed by removing it from the ports tree. -Ran cvsup -g -L 2 portsupdatefile -Went to /usr/ports/devel/p5-Filesys-Statvfs-Df-0.68 ran make make install Result: Successful installation Mailscanner-4.54.6 (Reinstalled) -removed from ports tree - Ran cvsup -g -L 2 portsupdatefile - went to /usr/ports/mail/mailscanner ran make make install Result: Successful installation Perl5.8.8 went to /usr/ports/lang/perl5.8.8 ran make make install Result: I wanted to make sure perl 5.8.8 was installed corectly since I re-installed p5-Filesys-Statvfs-Df-0.68 and Mailscanenr-4.54.6. After running make then make install, It didn't re--install anything. It quickly went back to the command line. Since all of the above was OK, I then ran the script perl-after-upgrade. It fixed 172 packages. NEXT, I RAN: Ran /usr/local/sbin/MailScanner --lint This is the error I am getting: /usr/local/sbin/MailScanner --lint Could not read file /var/run/MailScanner.pid at /usr/local/lib/MailScanner/MailScanner/Config.pm line 2317 Error in line 162, file "/var/run/MailScanner.pid" for pidfile does not exist (or can not be read) at /usr/local/lib/MailScanner/MailScanner/Config.pm line 2487 Read 711 hostnames from the phishing whitelist Checking for SpamAssassin errors (if you use it)... You want to use SpamAssassin but have not installed it. at /usr/local/lib/MailScanner/MailScanner/SA.pm line 131 Please download http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz and unpack it and run ./install.sh to install it, then restart MailScanner. at /usr/local/lib/MailScanner/MailScanner/SA.pm line 132 I will run without SpamAssassin for now, you will not detect much spam until you install SpamAssassin. at /usr/local/lib/MailScanner/MailScanner/SA.pm line 133 MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamav Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> Julian Field 6/10/2006 10:45:35 AM >>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marc Dufresne wrote: > Will do. > > I noticed I was still rnning perl 5.8.7 after upgrading to FreeBSD 6.1, > Sendmail 8.13.6 and mailscanner-4.54.6. What I did was upgrade to > perl5.8.8 hoping that would solve my problem. Still isn't working. > > what command under FreeBSD do you execute to ensure the latest version > of Perl is linked to all services that need it? > Sorry, I'm not BSD expert at all, I can't help you. Sorry about that. Running perl 5.8.7 shouldn't cause any problems, I run much older versions than that myself and have no problems. It's just a matter of having the relevant versions of the MailScanner-required Perl modules installed. You can see the versions of all the Perl modules installed that MailScanner requires by running the command MailScanner --versions See what that says, and if it says anything is missing. Then you could just use CPAN or the ports system to upgrade/install the missing modules. Once MailScanner --versions works, try MailScanner --lint and check that works okay. Once that works, you should be ready to go. I hope that lot is some help to you. >>>> MailScanner@ecs.soton.ac.uk 6/10/2006 10:04:23 AM >>> >>>> > * PGP Bad Signature, Signed by a unverified key: 06/10/06 at 15:04:24 > > Also try asking Jan-Peter Koopmann as he is our head BSD wizard around > > here. You'll find his address from the mailing list, he's a frequent > poster. > > But please try everything you can think of, and everything you can't, > before mailing him. He is a very busy man and may well not have time to > > respond. > > Furthermore, if you get a solution from him, please post it back to the > > list so that it gets into the list archive, which is a valuable source > > of information and is useless without the solutions to posted > problems. > > Regards, > Jules. > > Res wrote: > >> run MailScanner --lint >> and see what errors pop up >> >> On Fri, 9 Jun 2006, Marc Dufresne wrote: >> >> >>> I have just upgraded to FreeBSD 6.1 and Sendmail 8.13.6. >>> >>> The mailscanner software running on my box is mailscanner 4.52.2-1. >>> > I > >>> have tested this with the above upgrades and it still is working >>> perfectly. >>> >>> I decided to update my ports tree and then updated mailscanner to >>> version 4.54.6. Everything installed correctly, but I cannot get >>> mailscanner to run from the command line or on boot. >>> >> > > > ------------------------------------------------------------------------ > > BEGIN:VCARD > VERSION:2.1 > X-GWTYPE:USER > FN:Marc Dufresne > TEL;WORK:613-543-3704 > ORG:;Information Technology > TEL;PREF;FAX:613-543-2847 > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > N:Dufresne;Marc > TITLE:Corporate IT Officer > END:VCARD > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRIrbERH2WUcUFbZUEQLTFQCgzCd3IBayOtCpmoqZcjTrZFVrYg8An1uw QvRYIt+2U3xhRuOupfEgylJi =cyAi -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marc Dufresne TEL;WORK:613-543-3704 ORG:;Information Technology TEL;PREF;FAX:613-543-2847 EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca N:Dufresne;Marc TITLE:Corporate IT Officer END:VCARD From lars+lister.mailscanner at adventuras.no Sat Jun 10 18:06:36 2006 From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen) Date: Sat Jun 10 18:07:00 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working In-Reply-To: References: Message-ID: <448AFC1C.6010500@adventuras.no> Marc Dufresne skrev: > This is what I've done today to resolve my issues. > > p5-Filesys-Statvfs-Df error (FIXED) > -Fixed by removing it from the ports tree. > -Ran cvsup -g -L 2 portsupdatefile > -Went to /usr/ports/devel/p5-Filesys-Statvfs-Df-0.68 > ran make > make install > > Result: Successful installation > > Mailscanner-4.54.6 (Reinstalled) > -removed from ports tree > - Ran cvsup -g -L 2 portsupdatefile > - went to /usr/ports/mail/mailscanner > Did you run 'make config' in that directory? You may have missed the options to install spamassassin and clamav. Lars > ran make > make install > > Result: Successful installation > > Perl5.8.8 > went to /usr/ports/lang/perl5.8.8 > ran make > make install > > Result: > I wanted to make sure perl 5.8.8 was installed corectly since I > re-installed p5-Filesys-Statvfs-Df-0.68 and Mailscanenr-4.54.6. After > running make then make install, It didn't re--install anything. It > quickly went back to the command line. > > Since all of the above was OK, I then ran the script > perl-after-upgrade. It fixed 172 packages. > > NEXT, I RAN: > > Ran /usr/local/sbin/MailScanner --lint > > This is the error I am getting: > > /usr/local/sbin/MailScanner --lint > Could not read file /var/run/MailScanner.pid at > /usr/local/lib/MailScanner/MailScanner/Config.pm line 2317 > Error in line 162, file "/var/run/MailScanner.pid" for pidfile does not > exist (or can not be read) at > /usr/local/lib/MailScanner/MailScanner/Config.pm line 2487 > Read 711 hostnames from the phishing whitelist > Checking for SpamAssassin errors (if you use it)... > You want to use SpamAssassin but have not installed it. at > /usr/local/lib/MailScanner/MailScanner/SA.pm line 131 > Please download > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz > and unpack it and run ./install.sh to install it, then restart > MailScanner. at /usr/local/lib/MailScanner/MailScanner/SA.pm line 132 > I will run without SpamAssassin for now, you will not detect much spam > until you install SpamAssassin. at > /usr/local/lib/MailScanner/MailScanner/SA.pm line 133 > > MailScanner.conf says "Virus Scanners = clamav" > Found these virus scanners installed: clamav > > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > > >>>> Julian Field 6/10/2006 10:45:35 AM >>>> >>>> > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Marc Dufresne wrote: > >> Will do. >> >> I noticed I was still rnning perl 5.8.7 after upgrading to FreeBSD >> > 6.1, > >> Sendmail 8.13.6 and mailscanner-4.54.6. What I did was upgrade to >> perl5.8.8 hoping that would solve my problem. Still isn't working. >> >> what command under FreeBSD do you execute to ensure the latest >> > version > >> of Perl is linked to all services that need it? >> >> > Sorry, I'm not BSD expert at all, I can't help you. Sorry about that. > Running perl 5.8.7 shouldn't cause any problems, I run much older > versions than that myself and have no problems. It's just a matter of > having the relevant versions of the MailScanner-required Perl modules > installed. > > You can see the versions of all the Perl modules installed that > MailScanner requires by running the command > MailScanner --versions > > See what that says, and if it says anything is missing. Then you could > > just use CPAN or the ports system to upgrade/install the missing > modules. > > Once MailScanner --versions works, try > MailScanner --lint > and check that works okay. Once that works, you should be ready to go. > > I hope that lot is some help to you. > >>>>> MailScanner@ecs.soton.ac.uk 6/10/2006 10:04:23 AM >>> >>>>> >>>>> >> * PGP Bad Signature, Signed by a unverified key: 06/10/06 at >> > 15:04:24 > >> Also try asking Jan-Peter Koopmann as he is our head BSD wizard >> > around > >> here. You'll find his address from the mailing list, he's a frequent >> poster. >> >> But please try everything you can think of, and everything you can't, >> > > >> before mailing him. He is a very busy man and may well not have time >> > to > >> respond. >> >> Furthermore, if you get a solution from him, please post it back to >> > the > >> list so that it gets into the list archive, which is a valuable >> > source > >> of information and is useless without the solutions to posted >> problems. >> >> Regards, >> Jules. >> >> Res wrote: >> >> >>> run MailScanner --lint >>> and see what errors pop up >>> >>> On Fri, 9 Jun 2006, Marc Dufresne wrote: >>> >>> >>> >>>> I have just upgraded to FreeBSD 6.1 and Sendmail 8.13.6. >>>> >>>> The mailscanner software running on my box is mailscanner >>>> > 4.52.2-1. > >>>> >>>> >> I >> >> >>>> have tested this with the above upgrades and it still is working >>>> perfectly. >>>> >>>> I decided to update my ports tree and then updated mailscanner to >>>> version 4.54.6. Everything installed correctly, but I cannot get >>>> mailscanner to run from the command line or on boot. >>>> >>>> >>> >>> >> >> >> > ------------------------------------------------------------------------ > >> BEGIN:VCARD >> VERSION:2.1 >> X-GWTYPE:USER >> FN:Marc Dufresne >> TEL;WORK:613-543-3704 >> ORG:;Information Technology >> TEL;PREF;FAX:613-543-2847 >> EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca >> N:Dufresne;Marc >> TITLE:Corporate IT Officer >> END:VCARD >> >> >> > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRIrbERH2WUcUFbZUEQLTFQCgzCd3IBayOtCpmoqZcjTrZFVrYg8An1uw > QvRYIt+2U3xhRuOupfEgylJi > =cyAi > -----END PGP SIGNATURE----- > > > ------------------------------------------------------------------------ > > BEGIN:VCARD > VERSION:2.1 > X-GWTYPE:USER > FN:Marc Dufresne > TEL;WORK:613-543-3704 > ORG:;Information Technology > TEL;PREF;FAX:613-543-2847 > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > N:Dufresne;Marc > TITLE:Corporate IT Officer > END:VCARD > > From Marc.Dufresne at parks.on.ca Sat Jun 10 18:38:30 2006 From: Marc.Dufresne at parks.on.ca (Marc Dufresne) Date: Sat Jun 10 18:38:53 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working Message-ID: Didn;t know I had that option. What I did was downloaded the latest install-Clam-SA.tar.gz from http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz Ran the ./install.sh --perl= adjusted path to pyzor and dcc in the mailscanner.cf, then ran /usr/local/sbin/MailScanner --lint Read 711 hostnames from the phishing whitelist Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamavmodule Looks good. Now for the moment of truth!!!! We'll let you know what happens. Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> lars+lister.mailscanner@adventuras.no 6/10/2006 1:06:36 PM >>> Marc Dufresne skrev: > This is what I've done today to resolve my issues. > > p5-Filesys-Statvfs-Df error (FIXED) > -Fixed by removing it from the ports tree. > -Ran cvsup -g -L 2 portsupdatefile > -Went to /usr/ports/devel/p5-Filesys-Statvfs-Df-0.68 > ran make > make install > > Result: Successful installation > > Mailscanner-4.54.6 (Reinstalled) > -removed from ports tree > - Ran cvsup -g -L 2 portsupdatefile > - went to /usr/ports/mail/mailscanner > Did you run 'make config' in that directory? You may have missed the options to install spamassassin and clamav. Lars > ran make > make install > > Result: Successful installation > > Perl5.8.8 > went to /usr/ports/lang/perl5.8.8 > ran make > make install > > Result: > I wanted to make sure perl 5.8.8 was installed corectly since I > re-installed p5-Filesys-Statvfs-Df-0.68 and Mailscanenr-4.54.6. After > running make then make install, It didn't re--install anything. It > quickly went back to the command line. > > Since all of the above was OK, I then ran the script > perl-after-upgrade. It fixed 172 packages. > > NEXT, I RAN: > > Ran /usr/local/sbin/MailScanner --lint > > This is the error I am getting: > > /usr/local/sbin/MailScanner --lint > Could not read file /var/run/MailScanner.pid at > /usr/local/lib/MailScanner/MailScanner/Config.pm line 2317 > Error in line 162, file "/var/run/MailScanner.pid" for pidfile does not > exist (or can not be read) at > /usr/local/lib/MailScanner/MailScanner/Config.pm line 2487 > Read 711 hostnames from the phishing whitelist > Checking for SpamAssassin errors (if you use it)... > You want to use SpamAssassin but have not installed it. at > /usr/local/lib/MailScanner/MailScanner/SA.pm line 131 > Please download > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz > and unpack it and run ./install.sh to install it, then restart > MailScanner. at /usr/local/lib/MailScanner/MailScanner/SA.pm line 132 > I will run without SpamAssassin for now, you will not detect much spam > until you install SpamAssassin. at > /usr/local/lib/MailScanner/MailScanner/SA.pm line 133 > > MailScanner.conf says "Virus Scanners = clamav" > Found these virus scanners installed: clamav > > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > > >>>> Julian Field 6/10/2006 10:45:35 AM >>>> >>>> > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Marc Dufresne wrote: > >> Will do. >> >> I noticed I was still rnning perl 5.8.7 after upgrading to FreeBSD >> > 6.1, > >> Sendmail 8.13.6 and mailscanner-4.54.6. What I did was upgrade to >> perl5.8.8 hoping that would solve my problem. Still isn't working. >> >> what command under FreeBSD do you execute to ensure the latest >> > version > >> of Perl is linked to all services that need it? >> >> > Sorry, I'm not BSD expert at all, I can't help you. Sorry about that. > Running perl 5.8.7 shouldn't cause any problems, I run much older > versions than that myself and have no problems. It's just a matter of > having the relevant versions of the MailScanner-required Perl modules > installed. > > You can see the versions of all the Perl modules installed that > MailScanner requires by running the command > MailScanner --versions > > See what that says, and if it says anything is missing. Then you could > > just use CPAN or the ports system to upgrade/install the missing > modules. > > Once MailScanner --versions works, try > MailScanner --lint > and check that works okay. Once that works, you should be ready to go. > > I hope that lot is some help to you. > >>>>> MailScanner@ecs.soton.ac.uk 6/10/2006 10:04:23 AM >>> >>>>> >>>>> >> * PGP Bad Signature, Signed by a unverified key: 06/10/06 at >> > 15:04:24 > >> Also try asking Jan-Peter Koopmann as he is our head BSD wizard >> > around > >> here. You'll find his address from the mailing list, he's a frequent >> poster. >> >> But please try everything you can think of, and everything you can't, >> > > >> before mailing him. He is a very busy man and may well not have time >> > to > >> respond. >> >> Furthermore, if you get a solution from him, please post it back to >> > the > >> list so that it gets into the list archive, which is a valuable >> > source > >> of information and is useless without the solutions to posted >> problems. >> >> Regards, >> Jules. >> >> Res wrote: >> >> >>> run MailScanner --lint >>> and see what errors pop up >>> >>> On Fri, 9 Jun 2006, Marc Dufresne wrote: >>> >>> >>> >>>> I have just upgraded to FreeBSD 6.1 and Sendmail 8.13.6. >>>> >>>> The mailscanner software running on my box is mailscanner >>>> > 4.52.2-1. > >>>> >>>> >> I >> >> >>>> have tested this with the above upgrades and it still is working >>>> perfectly. >>>> >>>> I decided to update my ports tree and then updated mailscanner to >>>> version 4.54.6. Everything installed correctly, but I cannot get >>>> mailscanner to run from the command line or on boot. >>>> >>>> >>> >>> >> >> >> > ------------------------------------------------------------------------ > >> BEGIN:VCARD >> VERSION:2.1 >> X-GWTYPE:USER >> FN:Marc Dufresne >> TEL;WORK:613-543-3704 >> ORG:;Information Technology >> TEL;PREF;FAX:613-543-2847 >> EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca >> N:Dufresne;Marc >> TITLE:Corporate IT Officer >> END:VCARD >> >> >> > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRIrbERH2WUcUFbZUEQLTFQCgzCd3IBayOtCpmoqZcjTrZFVrYg8An1uw > QvRYIt+2U3xhRuOupfEgylJi > =cyAi > -----END PGP SIGNATURE----- > > > ------------------------------------------------------------------------ > > BEGIN:VCARD > VERSION:2.1 > X-GWTYPE:USER > FN:Marc Dufresne > TEL;WORK:613-543-3704 > ORG:;Information Technology > TEL;PREF;FAX:613-543-2847 > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > N:Dufresne;Marc > TITLE:Corporate IT Officer > END:VCARD > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marc Dufresne TEL;WORK:613-543-3704 ORG:;Information Technology TEL;PREF;FAX:613-543-2847 EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca N:Dufresne;Marc TITLE:Corporate IT Officer END:VCARD From mikej at rogers.com Sat Jun 10 19:21:46 2006 From: mikej at rogers.com (Mike Jakubik) Date: Sat Jun 10 19:21:31 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working In-Reply-To: References: Message-ID: <448B0DBA.9040701@rogers.com> Marc Dufresne wrote: > That's exactly whatI did. Mailscanner installed properly, I then > followed the instructions at the end of the install concerning > mailscanner and mta. > > When executing mailscanner manually from the command line > /usr/local/etc/rc.d/mailscanner start > > It would just go back to the command line. If I ran ps -ax mailscanner > wasn't running. > > after pulling my hair out for about two hours, I noticed the latest > version of Perl was 5.8.8. I was running perl 5.8.7. So I upgrade to > perl5.8.8. That went successful. Mailscanner still didn't work. > > So I went under /usr/ports/mail/mailscannner and ran > > make deinstall > > mailscanner-4.54.6 uninstalled successfully. Then I tried to re-install > by running > > make > make install > under /usr/ports/mail/mailscannner. > > Now I'm getting this error: > > Installing for p5-Filesys-Statvfs_Df-0.68 > ===> p5-Filesys-Statvfs_Df-0.68 depends on file: > /usr/local/bin/perl5.8.8 - found > ===> Generating temporary packing list > ===> Checking if devel/p5-Filesys-Statvfs_Df already installed > make: don't know how to make /usr/local/lib/perl5/5.8.7/mach/Config.pm. > Stop > *** Error code 2 > > Stop in /usr/ports/devel/p5-Filesys-Statvfs_Df. > *** Error code 1 > > Stop in /usr/ports/mail/mailscanner. > > Any ideas? > Yes, you most likely hosed your perl installation by not properly upgrading it. Did you run the perl-after-upgrade script after updating perl? It sounds like the problem is between the keyboard and the chair. From mikej at rogers.com Sat Jun 10 19:22:37 2006 From: mikej at rogers.com (Mike Jakubik) Date: Sat Jun 10 19:22:22 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working In-Reply-To: References: Message-ID: <448B0DED.9080301@rogers.com> Marc Dufresne wrote: > I've been racking by brain trying to find that script name!! > > Thanks. > It's clearly displayed when updating the port. From mikej at rogers.com Sat Jun 10 19:25:12 2006 From: mikej at rogers.com (Mike Jakubik) Date: Sat Jun 10 19:24:56 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working In-Reply-To: References: Message-ID: <448B0E88.3000609@rogers.com> Marc Dufresne wrote: > Didn;t know I had that option. What I did was downloaded the latest > install-Clam-SA.tar.gz from > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz > Don't do that! Do not install 3rd party packages, when perfectly functioning ports exist for them. From lars+lister.mailscanner at adventuras.no Sat Jun 10 19:30:42 2006 From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen) Date: Sat Jun 10 19:30:56 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working In-Reply-To: References: Message-ID: <448B0FD2.5090901@adventuras.no> Marc Dufresne skrev: > Didn;t know I had that option. What I did was downloaded the latest > install-Clam-SA.tar.gz from > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz > > > Ran the ./install.sh --perl= > > adjusted path to pyzor and dcc in the mailscanner.cf, then ran > /usr/local/sbin/MailScanner --lint I have never used the install-Clam-SA.tar.gz, but does that not install in /opt? Are you now mixing two different installations? You may want to get rid of one of them. If you can. My experience is only with the port. Sorry. -- Lars > > Read 711 hostnames from the phishing whitelist > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > > MailScanner.conf says "Virus Scanners = clamav" > Found these virus scanners installed: clamavmodule > > Looks good. Now for the moment of truth!!!! We'll let you know what > happens. > > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > >>>> lars+lister.mailscanner@adventuras.no 6/10/2006 1:06:36 PM >>> > Marc Dufresne skrev: >> This is what I've done today to resolve my issues. >> >> p5-Filesys-Statvfs-Df error (FIXED) >> -Fixed by removing it from the ports tree. >> -Ran cvsup -g -L 2 portsupdatefile >> -Went to /usr/ports/devel/p5-Filesys-Statvfs-Df-0.68 >> ran make >> make install >> >> Result: Successful installation >> >> Mailscanner-4.54.6 (Reinstalled) >> -removed from ports tree >> - Ran cvsup -g -L 2 portsupdatefile >> - went to /usr/ports/mail/mailscanner >> > > Did you run 'make config' in that directory? > You may have missed the options to install spamassassin and clamav. > > Lars >> ran make >> make install >> >> Result: Successful installation >> >> Perl5.8.8 >> went to /usr/ports/lang/perl5.8.8 >> ran make >> make install >> >> Result: >> I wanted to make sure perl 5.8.8 was installed corectly since I >> re-installed p5-Filesys-Statvfs-Df-0.68 and Mailscanenr-4.54.6. > After >> running make then make install, It didn't re--install anything. It >> quickly went back to the command line. >> >> Since all of the above was OK, I then ran the script >> perl-after-upgrade. It fixed 172 packages. >> >> NEXT, I RAN: >> >> Ran /usr/local/sbin/MailScanner --lint >> >> This is the error I am getting: >> >> /usr/local/sbin/MailScanner --lint >> Could not read file /var/run/MailScanner.pid at >> /usr/local/lib/MailScanner/MailScanner/Config.pm line 2317 >> Error in line 162, file "/var/run/MailScanner.pid" for pidfile does > not >> exist (or can not be read) at >> /usr/local/lib/MailScanner/MailScanner/Config.pm line 2487 >> Read 711 hostnames from the phishing whitelist >> Checking for SpamAssassin errors (if you use it)... >> You want to use SpamAssassin but have not installed it. at >> /usr/local/lib/MailScanner/MailScanner/SA.pm line 131 >> Please download >> > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz > >> and unpack it and run ./install.sh to install it, then restart >> MailScanner. at /usr/local/lib/MailScanner/MailScanner/SA.pm line > 132 >> I will run without SpamAssassin for now, you will not detect much > spam >> until you install SpamAssassin. at >> /usr/local/lib/MailScanner/MailScanner/SA.pm line 133 >> >> MailScanner.conf says "Virus Scanners = clamav" >> Found these virus scanners installed: clamav >> >> >> Marc Dufresne, Corporate IT Officer >> St. Lawrence Parks Commission >> 13740 County Road 2 >> Morrisburg, ON K0C 1X0 >> >> E-mail: Marc.Dufresne@parks.on.ca >> Voice: 613-543-3704 Ext#2455 >> Fax: 613-543-2847 >> Corporate website: www.parks.on.ca >> >> >>>>> Julian Field 6/10/2006 10:45:35 AM >>>>> >>>>> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Marc Dufresne wrote: >> >>> Will do. >>> >>> I noticed I was still rnning perl 5.8.7 after upgrading to FreeBSD >>> >> 6.1, >> >>> Sendmail 8.13.6 and mailscanner-4.54.6. What I did was upgrade to >>> perl5.8.8 hoping that would solve my problem. Still isn't working. >>> >>> what command under FreeBSD do you execute to ensure the latest >>> >> version >> >>> of Perl is linked to all services that need it? >>> >>> >> Sorry, I'm not BSD expert at all, I can't help you. Sorry about that. > >> Running perl 5.8.7 shouldn't cause any problems, I run much older >> versions than that myself and have no problems. It's just a matter of > >> having the relevant versions of the MailScanner-required Perl modules > >> installed. >> >> You can see the versions of all the Perl modules installed that >> MailScanner requires by running the command >> MailScanner --versions >> >> See what that says, and if it says anything is missing. Then you > could >> just use CPAN or the ports system to upgrade/install the missing >> modules. >> >> Once MailScanner --versions works, try >> MailScanner --lint >> and check that works okay. Once that works, you should be ready to > go. >> I hope that lot is some help to you. >> >>>>>> MailScanner@ecs.soton.ac.uk 6/10/2006 10:04:23 AM >>> >>>>>> >>>>>> >>> * PGP Bad Signature, Signed by a unverified key: 06/10/06 at >>> >> 15:04:24 >> >>> Also try asking Jan-Peter Koopmann as he is our head BSD wizard >>> >> around >> >>> here. You'll find his address from the mailing list, he's a > frequent >>> poster. >>> >>> But please try everything you can think of, and everything you > can't, >>> >> >>> before mailing him. He is a very busy man and may well not have > time >>> >> to >> >>> respond. >>> >>> Furthermore, if you get a solution from him, please post it back to >>> >> the >> >>> list so that it gets into the list archive, which is a valuable >>> >> source >> >>> of information and is useless without the solutions to posted >>> problems. >>> >>> Regards, >>> Jules. >>> >>> Res wrote: >>> >>> >>>> run MailScanner --lint >>>> and see what errors pop up >>>> >>>> On Fri, 9 Jun 2006, Marc Dufresne wrote: >>>> >>>> >>>> >>>>> I have just upgraded to FreeBSD 6.1 and Sendmail 8.13.6. >>>>> >>>>> The mailscanner software running on my box is mailscanner >>>>> >> 4.52.2-1. >> >>>>> >>>>> >>> I >>> >>> >>>>> have tested this with the above upgrades and it still is working >>>>> perfectly. >>>>> >>>>> I decided to update my ports tree and then updated mailscanner to > >>>>> version 4.54.6. Everything installed correctly, but I cannot get >>>>> mailscanner to run from the command line or on boot. >>>>> >>>>> >>>> >>>> >>> >>> >>> > ------------------------------------------------------------------------ >> >>> BEGIN:VCARD >>> VERSION:2.1 >>> X-GWTYPE:USER >>> FN:Marc Dufresne >>> TEL;WORK:613-543-3704 >>> ORG:;Information Technology >>> TEL;PREF;FAX:613-543-2847 >>> EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca >>> N:Dufresne;Marc >>> TITLE:Corporate IT Officer >>> END:VCARD >>> >>> >>> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.6 (Build 6060) >> >> iQA/AwUBRIrbERH2WUcUFbZUEQLTFQCgzCd3IBayOtCpmoqZcjTrZFVrYg8An1uw >> QvRYIt+2U3xhRuOupfEgylJi >> =cyAi >> -----END PGP SIGNATURE----- >> >> >> > ------------------------------------------------------------------------ >> BEGIN:VCARD >> VERSION:2.1 >> X-GWTYPE:USER >> FN:Marc Dufresne >> TEL;WORK:613-543-3704 >> ORG:;Information Technology >> TEL;PREF;FAX:613-543-2847 >> EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca >> N:Dufresne;Marc >> TITLE:Corporate IT Officer >> END:VCARD >> >> > > > ------------------------------------------------------------------------ > > BEGIN:VCARD > VERSION:2.1 > X-GWTYPE:USER > FN:Marc Dufresne > TEL;WORK:613-543-3704 > ORG:;Information Technology > TEL;PREF;FAX:613-543-2847 > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > N:Dufresne;Marc > TITLE:Corporate IT Officer > END:VCARD > From maillists at conactive.com Sat Jun 10 19:31:15 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Jun 10 19:31:23 2006 Subject: Virtual mailuser with their own bayes db? In-Reply-To: <448ADE23.20908@gmx.de> References: <448A05A2.70100@gmx.de> <448AD07F.7030809@ecs.soton.ac.uk> <448ADE23.20908@gmx.de> Message-ID: Christian Pedaschus wrote on Sat, 10 Jun 2006 16:58:43 +0200: > I'll have a look at said solutions without bayes, because i don't like > the idea of having 1 big bayes db for users across different domains FYI: unless *all* your users get a *lot* of mail you are better off with a site-wide db. If this is not the case the user's Bayes will be quite ineffective because it gets too few spam or ham. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From gmane at tippingmar.com Sat Jun 10 19:39:36 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Sat Jun 10 19:39:38 2006 Subject: Is sophos-autoupdate updating? In-Reply-To: <448AD2A3.1090409@ecs.soton.ac.uk> References: <448AD2A3.1090409@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > I suspect not. The second command a couple of sentences up is the > correct one. You have to give the autoupdater the directory in which > Sophos is installed. Check that your > /etc/MailScanner/virus.scanners.conf has the correct directory for the > installation of Sophos, or it might still be trying to update an old > Sophos v3 or v4 installation in /usr/local/Sophos. But running the > Sophos command "savupdate" really should work, start by configuring that > so that it works properly. Have you given it the right Sophos username > and password to get updates? The MailScanner Sophos V5 autoupdate script > uses this command to do the update, so that command on its own must work > first. I agree that it is not updating. The values in virus.scanners.conf are correct. I installed using the MailScanner installation script, so that set the correct values for me. This machine has never had an older version of Sophos on it. I'll play with username and password. It may be that I am supposed to use the Sophos EM Library password instead of the regular user updating password for this. I'm not sure. The strange part is that when MailScanner runs the autoupdate it logs success, but when I run it it logs failure. Is it possible that the return code is not being passed correctly? Thanks, Mark From shrek-m at gmx.de Sat Jun 10 20:11:36 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Sat Jun 10 20:11:38 2006 Subject: Is sophos-autoupdate updating? In-Reply-To: References: <448AD2A3.1090409@ecs.soton.ac.uk> Message-ID: <448B1968.1090000@gmx.de> Mark Nienberg schrieb: > I'll play with username and password. It may be that I am supposed to > use the Sophos EM Library password instead of the regular user > updating password for this. I'm not sure. take a look on your licence. "EM Download username password" is what you need. # /opt/sophos-av/bin/savsetup Welcome to Sophos Anti-Virus interactive configuration [1] Update configuration [2] Sophos Anti-Virus GUI configuration [q] Quit What do you want to do? [1] > 1 [1] Display update configuration [2] Add new update group [3] Add package to existing update group [4] Select update group for this computer [5] Select package within current update group [6] Configure computer to update from Sophos [7] Configure computer to update from own server [q] Quit What do you want to do? [1] > 6 Username for Sophos updates? [] > [...] -- shrek-m From cpedaschus at gmx.de Sat Jun 10 20:19:28 2006 From: cpedaschus at gmx.de (Christian Pedaschus) Date: Sat Jun 10 20:20:58 2006 Subject: Virtual mailuser with their own bayes db? In-Reply-To: References: <448A05A2.70100@gmx.de> <448AD07F.7030809@ecs.soton.ac.uk> <448ADE23.20908@gmx.de> Message-ID: <448B1B40.1090008@gmx.de> Kai Schaetzl wrote: >Christian Pedaschus wrote on Sat, 10 Jun 2006 16:58:43 +0200: > > > >>I'll have a look at said solutions without bayes, because i don't like >>the idea of having 1 big bayes db for users across different domains >> >> > >FYI: unless *all* your users get a *lot* of mail you are better off with a >site-wide db. If this is not the case the user's Bayes will be quite >ineffective because it gets too few spam or ham. > >Kai > > > At least 200 spam/ham, i know, but that's no problem, most of the users have >2000 mails in their box (without all the spam). Messis everywhere (don't know howto translate messi, in german it means ppl who keep all kind of things, even if they won't ever need it again) ;) It's not so important to have a single bayes-db for every user, but at least a single bayes for every domain. The single user stuff was just my first thought because it seemed logical to use the users homedir for spamassassin. Btw. Jules, that would be my "call for improvements" :) Greets, Chris From cpedaschus at gmx.de Sat Jun 10 20:28:18 2006 From: cpedaschus at gmx.de (Christian Pedaschus) Date: Sat Jun 10 20:29:48 2006 Subject: Virtual mailuser with their own bayes db? In-Reply-To: <448B1B40.1090008@gmx.de> References: <448A05A2.70100@gmx.de> <448AD07F.7030809@ecs.soton.ac.uk> <448ADE23.20908@gmx.de> <448B1B40.1090008@gmx.de> Message-ID: <448B1D52.90808@gmx.de> Christian Pedaschus wrote: >Kai Schaetzl wrote: > > > >>Christian Pedaschus wrote on Sat, 10 Jun 2006 16:58:43 +0200: >> >> >> >> >> >>>I'll have a look at said solutions without bayes, because i don't like >>>the idea of having 1 big bayes db for users across different domains >>> >>> >>> >>> >>FYI: unless *all* your users get a *lot* of mail you are better off with a >>site-wide db. If this is not the case the user's Bayes will be quite >>ineffective because it gets too few spam or ham. >> >>Kai >> >> >> >> >> >At least 200 spam/ham, i know, but that's no problem, most of the users >have >2000 mails in their box (without all the spam). > >Messis everywhere (don't know howto translate messi, in german it means >ppl who keep all kind of things, even if they won't ever need it again) ;) > >It's not so important to have a single bayes-db for every user, but at >least a single bayes for every domain. The single user stuff was just my >first thought because it seemed logical to use the users homedir for >spamassassin. > >Btw. Jules, that would be my "call for improvements" :) > >Greets, Chris > > > forgot to add that those 2000mails per box are from a few months, busy mailers they are :) From richard.siddall at elirion.net Sat Jun 10 21:09:16 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Sat Jun 10 21:09:49 2006 Subject: Pack rats, was: Virtual mailuser with their own bayes db? In-Reply-To: <448B1B40.1090008@gmx.de> References: <448A05A2.70100@gmx.de> <448AD07F.7030809@ecs.soton.ac.uk> <448ADE23.20908@gmx.de> <448B1B40.1090008@gmx.de> Message-ID: <448B26EC.9000600@elirion.net> Christian Pedaschus wrote: > Messis everywhere (don't know howto translate messi, in german it means > ppl who keep all kind of things, even if they won't ever need it again) ;) > The closest term in American slang is "pack rat", IMHO. "The term pack rat is also used in English as slang to refer to a person who collects miscellaneous items and has trouble getting rid of them." (http://en.wikipedia.org/wiki/Pack_rat) Regards, Richard Siddall From cpedaschus at gmx.de Sat Jun 10 22:00:03 2006 From: cpedaschus at gmx.de (Christian Pedaschus) Date: Sat Jun 10 22:01:33 2006 Subject: Pack rats, was: Virtual mailuser with their own bayes db? In-Reply-To: <448B26EC.9000600@elirion.net> References: <448A05A2.70100@gmx.de> <448AD07F.7030809@ecs.soton.ac.uk> <448ADE23.20908@gmx.de> <448B1B40.1090008@gmx.de> <448B26EC.9000600@elirion.net> Message-ID: <448B32D3.9050907@gmx.de> Richard Siddall wrote: >Christian Pedaschus wrote: > > >>Messis everywhere (don't know howto translate messi, in german it means >>ppl who keep all kind of things, even if they won't ever need it again) ;) >> >> >> > >The closest term in American slang is "pack rat", IMHO. > >"The term pack rat is also used in English as slang to refer to a person >who collects miscellaneous items and has trouble getting rid of them." >(http://en.wikipedia.org/wiki/Pack_rat) > >Regards, > > Richard Siddall > > Lol, funny animals :) From res at ausics.net Sat Jun 10 23:50:05 2006 From: res at ausics.net (Res) Date: Sat Jun 10 23:50:14 2006 Subject: Another call for improvements Message-ID: Jules, How about consideration of change to the src install script like on our redhat counterpart servers, those that use /opt like slackware et al takes extra time to move shuffle and and follow the upgrade process for MS and Langs requires intervention, so my question is whats wrong with just doing it the same way as RH version where it just updates and overwrites? This saves moving our mrtg and rules files and any customized reports etc as well as stuffing around with upgrade sripts :) Its still a good idiea I think to keep it under /opt as makes easy install from backups if something goes pear shaped, rather than a symlink, make it a a true /opt/MailScanner. I have looked at it and I can see no ill effects for doing it this way, but thats me :) -- Cheers Res From shuttlebox at gmail.com Sun Jun 11 00:52:42 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Sun Jun 11 00:52:45 2006 Subject: Another call for improvements In-Reply-To: References: Message-ID: <625385e30606101652o32959014qaaee35a8507b8062@mail.gmail.com> On 6/11/06, Res wrote: > Jules, > > How about consideration of change to the src install script > like on our redhat counterpart servers, those that use /opt like slackware > et al takes extra time to move shuffle and and follow the upgrade process > for MS and Langs requires intervention, so my question is whats wrong with > just doing it the same way as RH version where it just updates and overwrites? > This saves moving our mrtg and rules files and any customized reports > etc as well as stuffing around with upgrade sripts :) > > Its still a good idiea I think to keep it under /opt as makes easy > install from backups if something goes pear shaped, rather than a > symlink, make it a a true /opt/MailScanner. > > I have looked at it and I can see no ill effects for doing it this way, > but thats me :) That's a very bad idea if you ask me. I manage both RPM and non-RPM systems running MS and I find it much easier and less risky to update the non-RPM systems due to the symlink approach. I can take all day during full production tinkering with the new system making sure every config file is the way I want it before switching the symlink. If something still goes wrong I'm back in a second to the old config. With the RPM systems everything seems easier but you still have to diff the files just the same and much worse - you have to do that while the system is offline. I would like it to stay the way it is. -- /peter From res at ausics.net Sun Jun 11 01:30:22 2006 From: res at ausics.net (Res) Date: Sun Jun 11 01:30:28 2006 Subject: Another call for improvements In-Reply-To: <625385e30606101652o32959014qaaee35a8507b8062@mail.gmail.com> References: <625385e30606101652o32959014qaaee35a8507b8062@mail.gmail.com> Message-ID: On Sun, 11 Jun 2006, shuttlebox wrote: > On 6/11/06, Res wrote: >> Jules, >> >> How about consideration of change to the src install script >> like on our redhat counterpart servers, those that use /opt like slackware >> et al takes extra time to move shuffle and and follow the upgrade process >> for MS and Langs requires intervention, so my question is whats wrong with >> just doing it the same way as RH version where it just updates and >> overwrites? >> This saves moving our mrtg and rules files and any customized reports >> etc as well as stuffing around with upgrade sripts :) >> >> Its still a good idiea I think to keep it under /opt as makes easy >> install from backups if something goes pear shaped, rather than a >> symlink, make it a a true /opt/MailScanner. >> >> I have looked at it and I can see no ill effects for doing it this way, >> but thats me :) > > That's a very bad idea if you ask me. I manage both RPM and non-RPM > systems running MS and I find it much easier and less risky to update > the non-RPM systems due to the symlink approach. I can take all day > during full production tinkering with the new system making sure every > config file is the way I want it before switching the symlink. If > something still goes wrong I'm back in a second to the old config. So you don't backup before upgrade then? I've always done so, cp -a MailScanner /opt/mailscan.old first, so my recovery is 3 seconds if I need it, but i've never had to roll back yet. > > With the RPM systems everything seems easier but you still have to > diff the files just the same and much worse - you have to do that > while the system is offline. eh? never taken it offline to do so, just service MailScanner stop/start after upgrade, and diff takes a few seconds, i've never had a corruption yet, i know i know, "yet" is a dangerous word, which is why most our units our slackware, only 2 are rpm distros > > I would like it to stay the way it is. > > OK 1 for 1 against, I'll throw into this one in as well, perhaps an install option for the upgrade over-write way so those that want to do it as it is now can ./install.sh -fast and for those that want full automation maybe, ./install.sh -fast -upgrade -- Cheers Res From grover1711 at gmail.com Sun Jun 11 07:48:53 2006 From: grover1711 at gmail.com (ankush grover) Date: Sun Jun 11 07:48:57 2006 Subject: content filtering with MailScanner 4.44 + postfix 2.1.5 on FC3 In-Reply-To: <448AD763.7080302@ecs.soton.ac.uk> References: <5f638b360606100029x40a60295r4ece048ef8434e97@mail.gmail.com> <448AD763.7080302@ecs.soton.ac.uk> Message-ID: <5f638b360606102348p4dda2acdwdbdbf3543e91fa37@mail.gmail.com> > > a) Banning receiving & sending attachments for some users for example > > "ankush@example.com" is not allowed to send or receive any > > attachments. > > In MailScanner.conf, > Maximum Attachment Size = %rules-dir%/max.attach.size.rules > > In /etc/MailScanner/rules/max.attach.size.rules > FromOrTo: ankush@example.com 0 > FromOtTo: default -1 > > > b) Banning receiving emails for some users from the all other domains > > except from > > one domain for example if there is any email for user > > "tom@example.com" from > > any other domain that mail should be dropped but this user should > > be able to > > receive mail from the example.com domain but not from anyother domain. > > In MailScanner.conf, > Is Definitely Spam = %rules-dir%/is.definitely.spam.rules > Definite Spam Is High Scoring = yes > High-Scoring Spam Actions = delete store > > In /etc/MailScanner/rules/is.definitely.spam.rules > To: tom@example.com and From: *@example.com no > To: tom@example.com yes > FromOrTo: default no > > > c) People are still sending mails to the accounts of the ex employees > > I want to > > totally ban mails to those accounts both within the organisation > > and from > > outside means if the mail is for the user "john@example.com" > > that mail > > should get dropped. > > Do this in your MTA. In sendmail, for example, add this to /etc/mail/access > john@example.com DISCARD > then > cd /etc/mail > make hey friends, Thanks to everybody for their guidance specially Mr.Julian. Thanks & Regards Ankush Grover From MailScanner at ecs.soton.ac.uk Sun Jun 11 12:29:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jun 11 12:29:33 2006 Subject: Is sophos-autoupdate updating? In-Reply-To: References: <448AD2A3.1090409@ecs.soton.ac.uk> Message-ID: <448BFE87.7090309@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Nienberg wrote: > Julian Field wrote: >> I suspect not. The second command a couple of sentences up is the >> correct one. You have to give the autoupdater the directory in which >> Sophos is installed. Check that your >> /etc/MailScanner/virus.scanners.conf has the correct directory for >> the installation of Sophos, or it might still be trying to update an >> old Sophos v3 or v4 installation in /usr/local/Sophos. But running >> the Sophos command "savupdate" really should work, start by >> configuring that so that it works properly. Have you given it the >> right Sophos username and password to get updates? The MailScanner >> Sophos V5 autoupdate script uses this command to do the update, so >> that command on its own must work first. > > Is it possible that the return code is not being passed correctly? Very :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRIv+iRH2WUcUFbZUEQKndQCfe/b9S+DDi/F3pgw5/PgR6GgMZw0AoKaC SpcH5WpUj40xFs9Gv3I4xNen =XElD -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sun Jun 11 12:41:53 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jun 11 12:42:04 2006 Subject: Another call for improvements In-Reply-To: References: <625385e30606101652o32959014qaaee35a8507b8062@mail.gmail.com> Message-ID: <448C0181.20101@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Res wrote: > > On Sun, 11 Jun 2006, shuttlebox wrote: > >> On 6/11/06, Res wrote: >>> Jules, >>> >>> How about consideration of change to the src install script >>> like on our redhat counterpart servers, those that use /opt like >>> slackware >>> et al takes extra time to move shuffle and and follow the upgrade >>> process >>> for MS and Langs requires intervention, so my question is whats >>> wrong with >>> just doing it the same way as RH version where it just updates and >>> overwrites? >>> This saves moving our mrtg and rules files and any customized reports >>> etc as well as stuffing around with upgrade sripts :) >>> >>> Its still a good idiea I think to keep it under /opt as makes easy >>> install from backups if something goes pear shaped, rather than a >>> symlink, make it a a true /opt/MailScanner. >>> >>> I have looked at it and I can see no ill effects for doing it this way, >>> but thats me :) I fundamentally am missing your point :-( What are you saying and suggesting - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRIwBghH2WUcUFbZUEQJnMQCg5vXB0Ytn+gfax6c+JOA29Ha2BpUAoLTc PW3AYuwyp/QCNYTq1mzgWvSC =LJwn -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From Marc.Dufresne at parks.on.ca Sun Jun 11 14:02:19 2006 From: Marc.Dufresne at parks.on.ca (Marc Dufresne) Date: Sun Jun 11 14:03:02 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working Message-ID: If it was a fully functioning port than why wasn't Spamassassin installed. This was the exact error message I received after I ran /usr/local/sbin/MailScanner --lint >> >> /usr/local/sbin/MailScanner --lint >> Could not read file /var/run/MailScanner.pid at >> /usr/local/lib/MailScanner/MailScanner/Config.pm line 2317 >> Error in line 162, file "/var/run/MailScanner.pid" for pidfile does > not >> exist (or can not be read) at >> /usr/local/lib/MailScanner/MailScanner/Config.pm line 2487 >> Read 711 hostnames from the phishing whitelist >> Checking for SpamAssassin errors (if you use it)... >> You want to use SpamAssassin but have not installed it. at >> /usr/local/lib/MailScanner/MailScanner/SA.pm line 131 >> Please download >> > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz > >> and unpack it and run ./install.sh to install it, then restart >> MailScanner. at /usr/local/lib/MailScanner/MailScanner/SA.pm line > 132 >> I will run without SpamAssassin for now, you will not detect much > spam >> until you install SpamAssassin. at >> /usr/local/lib/MailScanner/MailScanner/SA.pm line 133 >> >> MailScanner.conf says "Virus Scanners = clamav" >> Found these virus scanners installed: clamav It you don't want anyone to download a third party product, than the error output shouldn't instruct you to! Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> mikej@rogers.com 6/10/2006 2:25:12 PM >>> Marc Dufresne wrote: > Didn;t know I had that option. What I did was downloaded the latest > install-Clam-SA.tar.gz from > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz > Don't do that! Do not install 3rd party packages, when perfectly functioning ports exist for them. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marc Dufresne TEL;WORK:613-543-3704 ORG:;Information Technology TEL;PREF;FAX:613-543-2847 EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca N:Dufresne;Marc TITLE:Corporate IT Officer END:VCARD From Marc.Dufresne at parks.on.ca Sun Jun 11 14:04:56 2006 From: Marc.Dufresne at parks.on.ca (Marc Dufresne) Date: Sun Jun 11 14:05:21 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working Message-ID: Must have missed it. Resolved all of my issues. Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> mikej@rogers.com 6/10/2006 2:22:37 PM >>> Marc Dufresne wrote: > I've been racking by brain trying to find that script name!! > > Thanks. > It's clearly displayed when updating the port. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marc Dufresne TEL;WORK:613-543-3704 ORG:;Information Technology TEL;PREF;FAX:613-543-2847 EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca N:Dufresne;Marc TITLE:Corporate IT Officer END:VCARD From maillists at conactive.com Sun Jun 11 15:31:22 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Jun 11 15:31:31 2006 Subject: Virtual mailuser with their own bayes db? In-Reply-To: <448B1B40.1090008@gmx.de> References: <448A05A2.70100@gmx.de> <448AD07F.7030809@ecs.soton.ac.uk> <448ADE23.20908@gmx.de> <448B1B40.1090008@gmx.de> Message-ID: Christian Pedaschus wrote on Sat, 10 Jun 2006 21:19:28 +0200: > At least 200 spam/ham, i know, but that's no problem, most of the users > have >2000 mails in their box (without all the spam). I'm not so much talking of the minimum. There's a difference if you have 1 Mio Bayes tokens for each single user (site-wide) or only 10.000 for each single user. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From res at ausics.net Sun Jun 11 23:45:53 2006 From: res at ausics.net (Res) Date: Sun Jun 11 23:46:00 2006 Subject: Another call for improvements In-Reply-To: <448C0181.20101@ecs.soton.ac.uk> References: <625385e30606101652o32959014qaaee35a8507b8062@mail.gmail.com> <448C0181.20101@ecs.soton.ac.uk> Message-ID: On Sun, 11 Jun 2006, Julian Field wrote: > What are you saying and suggesting I thought it was pretty clear, shuttle understood it, no mater it seems its not going to be a popular request, so suggestion is withdrawn, Ill write my own mod script for us > > -- Cheers Res From cpedaschus at gmx.de Mon Jun 12 00:41:29 2006 From: cpedaschus at gmx.de (Christian Pedaschus) Date: Mon Jun 12 00:43:09 2006 Subject: Virtual mailuser with their own bayes db? In-Reply-To: References: <448A05A2.70100@gmx.de> <448AD07F.7030809@ecs.soton.ac.uk> <448ADE23.20908@gmx.de> <448B1B40.1090008@gmx.de> Message-ID: <448CAA29.1010308@gmx.de> Kai Schaetzl wrote: >Christian Pedaschus wrote on Sat, 10 Jun 2006 21:19:28 +0200: > > > >>At least 200 spam/ham, i know, but that's no problem, most of the users >>have >2000 mails in their box (without all the spam). >> >> > >I'm not so much talking of the minimum. There's a difference if you have 1 >Mio Bayes tokens for each single user (site-wide) or only 10.000 for each >single user. > >Kai > > > That's true, no doubt. Which brings me to the question: "does anybody know if bayes take the recipient into his calculation"? If so, it would clear all my concerns about virtual domains. I must admit i didn't enter this question in google (yet), just came home and checked my mails before going to bed ;) Greets, Chris From eneal at dfi-intl.com Mon Jun 12 04:29:05 2006 From: eneal at dfi-intl.com (Errol Neal) Date: Mon Jun 12 04:29:11 2006 Subject: MultipleQueueDir using "{todomain}" Message-ID: In CustomConfig.pm I have: Return '/var/spool/mqueue.priority' if $message->{todomain} = enhtech.com; MS didn't choke on it, however, I'm finding that that's not all that's making into this queue. What have I done incorrectly? This server is a gateway so sendmail returns mail.enhtech.com for all domains This server protects. TIA, Errol __________________________________________ Errol Uriel Neal Jr. Sr. Network Administrator DFI International, Inc. 1717 Pennsylvania Ave NW, Suite 1300 Washington, DC 20006 Tel (202)452-6955 Fax (202)452-6910 eneal@dfi-intl.com www.dfi-intl.com From goetz.reinicke at filmakademie.de Mon Jun 12 08:00:57 2006 From: goetz.reinicke at filmakademie.de (=?ISO-8859-15?Q?G=F6tz_Reinicke?=) Date: Mon Jun 12 08:01:07 2006 Subject: Lots off SPAM mail passing checks without beeinig scored high Message-ID: <448D1129.6060407@filmakademie.de> Hi, for the last few days I noticed, that I do get a lot of SPAM mails scored lower than my requierde score. E.g. a mail with the subject "Small-Cap Review" (if anybody else get this message ;-) ) The SPAM-CHECK-Header-Information is: X-Spam-Check: SpamAssassin 3.0.6 (2005-12-07) X-Spam-Status: No, score=0.8 required=3.2 tests=BAYES_05, RCVD_IN_BL_SPAMCOP_NET autolearn=no version=3.0.6 How may my mailscanner-installation catch thous SPAM mails as well? Thanks for hints and Tips! Regards G?tz Reinicke -- G?tz Reinicke IT Koordinator - IT OfficeNet Tel. +49 (0) 7141 - 969 420 Fax +49 (0) 7141 - 969 55 420 goetz.reinicke@filmakademie.de Filmakademie Baden-W?rttemberg Mathildenstr. 20 71638 Ludwigsburg www.filmakademie.de From MailScanner at ecs.soton.ac.uk Mon Jun 12 08:51:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 12 08:51:57 2006 Subject: MultipleQueueDir using "{todomain}" In-Reply-To: References: Message-ID: On 12 Jun 2006, at 04:29, Errol Neal wrote: > In CustomConfig.pm I have: > > Return '/var/spool/mqueue.priority' if $message->{todomain} = > enhtech.com; That's bad perl. What you meant was this: return '/var/spool/mqueue.priority' if ${$message->{todomain}}[0] eq 'enhtech.com'; or something similar. {todomain} is a list, so you want the first (for example) element of the list. '=' is the assignment operator. You want to do a string compare which is 'eq'. The string should of course be surrounded by ' quotes. > > MS didn't choke on it, however, I'm finding that that's not all that's > making into this queue. > What have I done incorrectly? This server is a gateway so sendmail > returns mail.enhtech.com for all domains > This server protects. > > TIA, > > Errol > > __________________________________________ > Errol Uriel Neal Jr. > Sr. Network Administrator > DFI International, Inc. > 1717 Pennsylvania Ave NW, Suite 1300 > Washington, DC 20006 > Tel (202)452-6955 > Fax (202)452-6910 > eneal@dfi-intl.com > www.dfi-intl.com > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From martinh at solid-state-logic.com Mon Jun 12 09:42:17 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Jun 12 09:42:43 2006 Subject: Lots off SPAM mail passing checks without beeinig scored high In-Reply-To: <448D1129.6060407@filmakademie.de> Message-ID: <01d001c68dfc$1e284b30$3004010a@martinhlaptop> Hi Those headers are not MS headers, but SA headers. IE MS isn't calling SA, something else is.... Anyway, you don't mention which version of SA and MS, but you'll find a lot of extra useful rules at www.rulesemporium.com along with a nice utility to keep them updated called rulesdujour. I'd also make sure you have the URI-RBL pluging installed in one of the /etc/mail/spamassassin/*.pre files.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of G?tz Reinicke > Sent: 12 June 2006 08:01 > To: mailscanner@lists.mailscanner.info > Subject: Lots off SPAM mail passing checks without beeinig scored high > > Hi, > > for the last few days I noticed, that I do get a lot of SPAM mails > scored lower than my requierde score. > > E.g. a mail with the subject "Small-Cap Review" (if anybody else get > this message ;-) ) > > The SPAM-CHECK-Header-Information is: > > X-Spam-Check: SpamAssassin 3.0.6 (2005-12-07) > > X-Spam-Status: No, score=0.8 required=3.2 tests=BAYES_05, > RCVD_IN_BL_SPAMCOP_NET autolearn=no version=3.0.6 > > How may my mailscanner-installation catch thous SPAM mails as well? > > Thanks for hints and Tips! > > Regards > > G?tz Reinicke > -- > G?tz Reinicke > IT Koordinator - IT OfficeNet > > Tel. +49 (0) 7141 - 969 420 > Fax +49 (0) 7141 - 969 55 420 > goetz.reinicke@filmakademie.de > > Filmakademie Baden-W?rttemberg > Mathildenstr. 20 > 71638 Ludwigsburg > www.filmakademie.de > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From eneal at dfi-intl.com Mon Jun 12 11:15:42 2006 From: eneal at dfi-intl.com (Errol Neal) Date: Mon Jun 12 11:17:31 2006 Subject: MultipleQueueDir using "{todomain}" Message-ID: I feel embarrased :) But better embarrassed and corrected than the alternative! Thanks for the clarification. Also, for further clarification, is {todomain} an array? What is returned? I just assumed it was a single dest domain. Errol -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Monday, June 12, 2006 3:52 AM To: MailScanner discussion Subject: Re: MultipleQueueDir using "{todomain}" On 12 Jun 2006, at 04:29, Errol Neal wrote: > In CustomConfig.pm I have: > > Return '/var/spool/mqueue.priority' if $message->{todomain} = > enhtech.com; That's bad perl. What you meant was this: return '/var/spool/mqueue.priority' if ${$message->{todomain}}[0] eq 'enhtech.com'; or something similar. {todomain} is a list, so you want the first (for example) element of the list. '=' is the assignment operator. You want to do a string compare which is 'eq'. The string should of course be surrounded by ' quotes. > > MS didn't choke on it, however, I'm finding that that's not all that's > making into this queue. > What have I done incorrectly? This server is a gateway so sendmail > returns mail.enhtech.com for all domains This server protects. > > TIA, > > Errol > > __________________________________________ > Errol Uriel Neal Jr. > Sr. Network Administrator > DFI International, Inc. > 1717 Pennsylvania Ave NW, Suite 1300 > Washington, DC 20006 > Tel (202)452-6955 > Fax (202)452-6910 > eneal@dfi-intl.com > www.dfi-intl.com > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at seceidos.de Mon Jun 12 11:19:07 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Mon Jun 12 11:19:18 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working In-Reply-To: Message-ID: On Sunday, June 11, 2006 3:02 PM Marc Dufresne wrote: > If it was a fully functioning port than why wasn't Spamassassin > installed. This was the exact error message I received after I ran There are fully functioning ports for ClamAV, Spamassassin and hopefully MailScanner as well. If you install MailScanner for the first time it will ask if you want to install SpamAssassin, ClamAV etc. with it. If you choose not to you will not be asked again (due to the port system) unless you delete a file in the ports-database. This is probably what happened to you. Even then you should be able to install the ports manually. Do _not_ use third party packages, it will definatly give you problems. > It you don't want anyone to download a third party product, than the > error output shouldn't instruct you to! What error output do you refer to? What error output told you to run install-Clam-SA? If there is such an output it comes from MailScanner directly and not from the port. Do I understand it correctly: All your problems are solved now? Kind regards, JP From Jan-Peter.Koopmann at seceidos.de Mon Jun 12 11:20:00 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Mon Jun 12 11:20:12 2006 Subject: Mailscanner 4.54.6 on FreeBSd 6.1 not working In-Reply-To: <448AD167.9080609@ecs.soton.ac.uk> Message-ID: On Saturday, June 10, 2006 4:04 PM Julian Field wrote: > But please try everything you can think of, and everything you can't, > before mailing him. He is a very busy man and may well not have time > to respond. Too kind and too true. :-) Thanks to all people helping Marc. I just saw the problem a few minutes ago and therefore did not respond earlier. Kind regards, JP From MailScanner at ecs.soton.ac.uk Mon Jun 12 11:35:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 12 11:35:29 2006 Subject: MultipleQueueDir using "{todomain}" In-Reply-To: References: Message-ID: On 12 Jun 2006, at 11:15, Errol Neal wrote: > I feel embarrased :) > But better embarrassed and corrected than the alternative! > Thanks for the clarification. > > Also, for further clarification, is {todomain} an array? Yes. > What is > returned? I just assumed it was a single dest domain. It's the list of domains of each of the recipients of the message. Remember each message has multiple recipients in MailScanner. > Errol > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Julian > Field > Sent: Monday, June 12, 2006 3:52 AM > To: MailScanner discussion > Subject: Re: MultipleQueueDir using "{todomain}" > > > On 12 Jun 2006, at 04:29, Errol Neal wrote: > >> In CustomConfig.pm I have: >> >> Return '/var/spool/mqueue.priority' if $message->{todomain} = >> enhtech.com; > > That's bad perl. > What you meant was this: > > return '/var/spool/mqueue.priority' if ${$message->{todomain}}[0] eq > 'enhtech.com'; > > or something similar. > > {todomain} is a list, so you want the first (for example) element > of the > list. > '=' is the assignment operator. You want to do a string compare > which is > 'eq'. > The string should of course be surrounded by ' quotes. > >> >> MS didn't choke on it, however, I'm finding that that's not all >> that's > >> making into this queue. >> What have I done incorrectly? This server is a gateway so sendmail >> returns mail.enhtech.com for all domains This server protects. >> >> TIA, >> >> Errol >> >> __________________________________________ >> Errol Uriel Neal Jr. >> Sr. Network Administrator >> DFI International, Inc. >> 1717 Pennsylvania Ave NW, Suite 1300 >> Washington, DC 20006 >> Tel (202)452-6955 >> Fax (202)452-6910 >> eneal@dfi-intl.com >> www.dfi-intl.com >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store PGP footprint: > EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From eneal at dfi-intl.com Mon Jun 12 13:13:45 2006 From: eneal at dfi-intl.com (Errol Neal) Date: Mon Jun 12 13:15:30 2006 Subject: MultipleQueueDir using "{todomain}" Message-ID: Thanks again for clarifying. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Monday, June 12, 2006 6:35 AM To: MailScanner discussion Subject: Re: MultipleQueueDir using "{todomain}" On 12 Jun 2006, at 11:15, Errol Neal wrote: > I feel embarrased :) > But better embarrassed and corrected than the alternative! > Thanks for the clarification. > > Also, for further clarification, is {todomain} an array? Yes. > What is > returned? I just assumed it was a single dest domain. It's the list of domains of each of the recipients of the message. Remember each message has multiple recipients in MailScanner. > Errol > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Julian Field > Sent: Monday, June 12, 2006 3:52 AM > To: MailScanner discussion > Subject: Re: MultipleQueueDir using "{todomain}" > > > On 12 Jun 2006, at 04:29, Errol Neal wrote: > >> In CustomConfig.pm I have: >> >> Return '/var/spool/mqueue.priority' if $message->{todomain} = >> enhtech.com; > > That's bad perl. > What you meant was this: > > return '/var/spool/mqueue.priority' if ${$message->{todomain}}[0] eq > 'enhtech.com'; > > or something similar. > > {todomain} is a list, so you want the first (for example) element of > the list. > '=' is the assignment operator. You want to do a string compare which > is 'eq'. > The string should of course be surrounded by ' quotes. > >> >> MS didn't choke on it, however, I'm finding that that's not all >> that's > >> making into this queue. >> What have I done incorrectly? This server is a gateway so sendmail >> returns mail.enhtech.com for all domains This server protects. >> >> TIA, >> >> Errol >> >> __________________________________________ >> Errol Uriel Neal Jr. >> Sr. Network Administrator >> DFI International, Inc. >> 1717 Pennsylvania Ave NW, Suite 1300 >> Washington, DC 20006 >> Tel (202)452-6955 >> Fax (202)452-6910 >> eneal@dfi-intl.com >> www.dfi-intl.com >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store PGP footprint: > EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From matt at coders.co.uk Mon Jun 12 14:03:17 2006 From: matt at coders.co.uk (Matt Hampton) Date: Mon Jun 12 14:03:24 2006 Subject: Possible Bug in Phishing Detection Message-ID: <448D6615.9010304@coders.co.uk> All I think I have discovered a possible bug in the Phishing net. Versions: (RPM based) This is CentOS release 4.3 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.54.6 If you send a link in the format http://www.domain.com. You get the standard warning of "MailScanner has detected a possible fraud attempt from "www.domain.com." claiming to be http://www.domain.com. Obviously this is wrong: especially when you look in the syslog and get the following: Found phishing fraud from www.domain.com. claiming to be www.domain.com in k5CCsrln020271 I haven't had a chance to look at a fix yet - I'll try when I get home from the office. regards Matt From carinus.carelse at mrc.ac.za Mon Jun 12 14:26:41 2006 From: carinus.carelse at mrc.ac.za (carinus.carelse@mrc.ac.za) Date: Mon Jun 12 14:25:43 2006 Subject: Logo to the inline.sig.html Message-ID: I wonder if it would be possible to add the log to the inlin.sig.html I have ftp'd the file off and inserted a picture but I every time I send a mail through the system it does not attach the signature it just send the email through blank. Can anone give me some advice as to what I am doing wrong. Carinus -- This e-mail and its contents are subject to the South African Medical Research Council e-mail legal notice available at http://www.mrc.ac.za/about/EmailLegalNotice.htm -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060612/17d361f6/attachment.html From MailScanner at ecs.soton.ac.uk Mon Jun 12 14:47:29 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 12 14:47:46 2006 Subject: Possible Bug in Phishing Detection In-Reply-To: <448D6615.9010304@coders.co.uk> References: <448D6615.9010304@coders.co.uk> Message-ID: <8F9819D9-C660-43EB-9F3F-2B2546F65A2C@ecs.soton.ac.uk> Dead simple fix. Add this 1 line to Message.pm: --- Message.pm.old 2006-06-06 18:03:43.000000000 +0100 +++ /Message.pm 2006-06-12 14:44:47.000000000 +0100 @@ -5734,6 +5734,7 @@ #print STDERR "Is $linkurl\n"; return ("",0) if $linkurl =~ /\@/ && $linkurl !~ /\//; # Ignore emails #$linkurl = "" if $linkurl =~ /\@/ && $linkurl !~ /\//; # Ignore emails + $linkurl =~ s/[,.]+$//; # Remove trailing dots, but also commas while at it $linkurl =~ s/^\[\d*\]//; # Remove leading [numbers] $linkurl =~ s/^blocked[:\/]+//i; # Remove "blocked::" labels $linkurl =~ s/^outbind:\/\/\d+\///i; # Remove "outbind://22/" type labels On 12 Jun 2006, at 14:03, Matt Hampton wrote: > All > > I think I have discovered a possible bug in the Phishing net. > > Versions: (RPM based) > This is CentOS release 4.3 (Final) > This is Perl version 5.008005 (5.8.5) > This is MailScanner version 4.54.6 > > > If you send a link in the format > http://www.domain.com. > > You get the standard warning of > > "MailScanner has detected a possible fraud attempt from > "www.domain.com." claiming to be http://www.domain.com. > > Obviously this is wrong: especially when you look in the syslog and > get > the following: > > Found phishing fraud from www.domain.com. claiming to be > www.domain.com > in k5CCsrln020271 > > I haven't had a chance to look at a fix yet - I'll try when I get home > from the office. > > > > regards > > Matt > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Mon Jun 12 14:55:43 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 12 14:56:00 2006 Subject: Logo to the inline.sig.html In-Reply-To: References: Message-ID: <43E44166-74B7-4906-95C7-CBDE0625FC7E@ecs.soton.ac.uk> I don't quite understand what you're getting at. However, if the message is clean it will attach inline.sig.html if it is already an HTML email and "Sign Clean Messages" is set to yes for these messages (Just set "Sign Clean Messages = yes" to do all mail). If the message is originally just a plain text message then it will attach inline.sig.txt. It does not convert plain text messages to HTML just to add the signature, it leaves them in the form it found them. On 12 Jun 2006, at 14:26, carinus.carelse@mrc.ac.za wrote: > > I wonder if it would be possible to add the log to the > inlin.sig.html I have ftp'd the file off and inserted a picture but > I every time I send a mail through the system it does not attach > the signature it just send the email through blank. > > Can anone give me some advice as to what I am doing wrong. > > Carinus > > -- > This e-mail and its contents are subject to the > South African Medical Research Council > e-mail legal notice available at http://www.mrc.ac.za/about/ > EmailLegalNotice.html > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060612/fb75d4e4/attachment.html From dickenson at cfmc.com Mon Jun 12 14:55:42 2006 From: dickenson at cfmc.com (Jim Dickenson) Date: Mon Jun 12 14:56:03 2006 Subject: OT: limit idle time in sendmail Message-ID: I have sendmail configured to limit the number of children to 150. What I am seeing is most of the children are dealing with connections that get opened but not closed. This causes sendmail to reject connections because the limit of children has been reached. Is there any option to limit how long a child will leave the connection open basically in idle state? These have been around for about an hour: root 6287 3674 0 05:54 ? 00:00:00 sendmail: server [221.233.250.108] cmd read root 6288 3674 0 05:54 ? 00:00:00 sendmail: server [59.39.215.19] cmd read root 6307 3674 0 05:54 ? 00:00:00 sendmail: server [219.131.108.243] cmd read Thanks for any ideas. -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ From campbell at cnpapers.com Mon Jun 12 15:15:28 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Jun 12 15:15:51 2006 Subject: OT: sendmail cmd read Message-ID: <000a01c68e2a$a83e3ea0$0705000a@DDF5DW71> This is OT, and may have been discussed before... but here goes anyway. Google didn't show much on this one. I am fighting a machine that has recently starting showing increased load averages. What used to stay below 5 is now climbing into the 11.+ at times, and stays around 8 for most of the day. I have considered bdc as the culprit, but really, this hasn't changed recently, as I have not really changed anything for a while. I did install a caching name server, but see little improvement. I'm not looking for additional "fixes" so much as resolving the problem of what is causing this when changes haven't been made. The load climbs when MailWatch shows 8+ MailScanner processes (I have 5 set in Mailscanner.conf) and around 50 sendmail processes. I don't think the version of Mailscanner had anything to do with this (4.52.2), and I am running this on two other servers without the problem - and clamav and bitdefender on the others also. A 'ps -ax | grep sendmail' has always shown a lot of processes to of the form: sendmail: server [IP address] cmd read These usually have common IP addresses, and I wonder, firstly, what is sendmail really doing at this point, and secondly, is there something that I can do that will make the longer-lived processes go away if these are bad connections? These sendmail processes tend to gradually climb to a level of around 40-50, and never really drop without restarting sendmail. I haven't checked to see if they are the same process IDs. I have an idea that these are uncompleteable (?) sendmail connections that are started, but not sure. I'm sure there is a setting in sendmail (8.12 for now) that might fix this (as sort of a timeout thing) , or maybe a milter, but I haven't found it yet. I would like to understand, though, what may have caused the increased load averages, other than the varying input to sendmail. I realize this could be a major factor, but don't see a lot of change in the usual crap that comes in daily. Around 40K+ messages a day with about 85-90% spam caught. This has been constant for a long time. Opinions would be greatly appreciated. Thanks! Steve Campbell campbell@cnpapers.com Charleston Newspapers From carinus.carelse at mrc.ac.za Mon Jun 12 15:17:20 2006 From: carinus.carelse at mrc.ac.za (carinus.carelse@mrc.ac.za) Date: Mon Jun 12 15:16:06 2006 Subject: Logo to the inline.sig.html In-Reply-To: <43E44166-74B7-4906-95C7-CBDE0625FC7E@ecs.soton.ac.uk> Message-ID: Is there a way to force MailScanner to only attach the html version of the signature. Whether the email is text or HTML. Carinus Julian Field Sent by: mailscanner-bounces@lists.mailscanner.info 2006/06/12 15:55 Please respond to MailScanner discussion To MailScanner discussion cc Subject Re: Logo to the inline.sig.html I don't quite understand what you're getting at. However, if the message is clean it will attach inline.sig.html if it is already an HTML email and "Sign Clean Messages" is set to yes for these messages (Just set "Sign Clean Messages = yes" to do all mail). If the message is originally just a plain text message then it will attach inline.sig.txt. It does not convert plain text messages to HTML just to add the signature, it leaves them in the form it found them. On 12 Jun 2006, at 14:26, carinus.carelse@mrc.ac.za wrote: I wonder if it would be possible to add the log to the inlin.sig.html I have ftp'd the file off and inserted a picture but I every time I send a mail through the system it does not attach the signature it just send the email through blank. Can anone give me some advice as to what I am doing wrong. Carinus -- This e-mail and its contents are subject to the South African Medical Research Council e-mail legal notice available at http://www.mrc.ac.za/about/EmailLegalNotice.html -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This e-mail and its contents are subject to the South African Medical Research Council e-mail legal notice available at http://www.mrc.ac.za/about/EmailLegalNotice.htm -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060612/09d05ef7/attachment.html From naolson at gmail.com Mon Jun 12 15:20:22 2006 From: naolson at gmail.com (Nathan Olson) Date: Mon Jun 12 15:20:26 2006 Subject: OT: limit idle time in sendmail In-Reply-To: References: Message-ID: <8f54b4330606120720g22b9b66dl6588fde3e608c947@mail.gmail.com> Peruse the options (O) that start with 'Timeout'. Nate From campbell at cnpapers.com Mon Jun 12 15:19:53 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Jun 12 15:20:51 2006 Subject: limit idle time in sendmail References: Message-ID: <003301c68e2b$462add30$0705000a@DDF5DW71> Sorry for my post just a few minutes ago. Same thing going on, but was writing mine while this came in. Everyone can just ignore mine and I'll follow this one. Amazing, how that works sometimes. Steve ----- Original Message ----- From: "Jim Dickenson" To: "MailScanner Mail List" Sent: Monday, June 12, 2006 9:55 AM Subject: OT: limit idle time in sendmail >I have sendmail configured to limit the number of children to 150. What I >am > seeing is most of the children are dealing with connections that get > opened > but not closed. This causes sendmail to reject connections because the > limit > of children has been reached. Is there any option to limit how long a > child > will leave the connection open basically in idle state? > > These have been around for about an hour: > > root 6287 3674 0 05:54 ? 00:00:00 sendmail: server > [221.233.250.108] cmd read > root 6288 3674 0 05:54 ? 00:00:00 sendmail: server > [59.39.215.19] cmd read > root 6307 3674 0 05:54 ? 00:00:00 sendmail: server > [219.131.108.243] cmd read > > Thanks for any ideas. > -- > Jim Dickenson > mailto:dickenson@cfmc.com > > CfMC > http://www.cfmc.com/ > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From maillists at conactive.com Mon Jun 12 15:31:20 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Jun 12 15:31:31 2006 Subject: Possible Bug in Phishing Detection In-Reply-To: <448D6615.9010304@coders.co.uk> References: <448D6615.9010304@coders.co.uk> Message-ID: Matt Hampton wrote on Mon, 12 Jun 2006 14:03:17 +0100: > If you send a link in the format > http://www.domain.com. Matt, do you refer to a URL with a dot at the end or to any URL where href and innertext match? BTW: domain.com exists, we shouldn#t use it for examples anymore. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From matt at coders.co.uk Mon Jun 12 15:43:28 2006 From: matt at coders.co.uk (Matt Hampton) Date: Mon Jun 12 15:43:26 2006 Subject: Possible Bug in Phishing Detection In-Reply-To: References: <448D6615.9010304@coders.co.uk> Message-ID: <448D7D90.6090106@coders.co.uk> Kai Schaetzl wrote: > Matt Hampton wrote on Mon, 12 Jun 2006 14:03:17 +0100: > >> If you send a link in the format >> http://www.domain.com. > > Matt, do you refer to a URL with a dot at the end or to any URL where href > and innertext match? The fully qualified domain (i.e. dot) > > BTW: domain.com exists, we shouldn#t use it for examples anymore. Old habits are hard to break! Most networking books refer to 111.111.111.111 and 222.222.222.222 (allocated to China) matt From MailScanner at ecs.soton.ac.uk Mon Jun 12 16:02:00 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 12 16:02:18 2006 Subject: Logo to the inline.sig.html In-Reply-To: References: Message-ID: <9050CD2C-0369-42E4-AD91-AE636F621046@ecs.soton.ac.uk> No. You would have to write this as a Custom Function with a side- effect that did this. On 12 Jun 2006, at 15:17, carinus.carelse@mrc.ac.za wrote: > > Is there a way to force MailScanner to only attach the html version > of the signature. Whether the email is text or HTML. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060612/e0dd49c9/attachment.html From ssilva at sgvwater.com Mon Jun 12 16:03:01 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jun 12 16:03:18 2006 Subject: Possible Bug in Phishing Detection In-Reply-To: References: <448D6615.9010304@coders.co.uk> Message-ID: Kai Schaetzl spake the following on 6/12/2006 7:31 AM: > Matt Hampton wrote on Mon, 12 Jun 2006 14:03:17 +0100: > >> If you send a link in the format >> http://www.domain.com. > > Matt, do you refer to a URL with a dot at the end or to any URL where href > and innertext match? > > BTW: domain.com exists, we shouldn#t use it for examples anymore. > > Kai > Maybe we should use evilbadspammer.com .. I doubt anyone would claim that one! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Mon Jun 12 16:03:40 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 12 16:03:57 2006 Subject: Possible Bug in Phishing Detection In-Reply-To: References: <448D6615.9010304@coders.co.uk> Message-ID: <92572533-3114-49D5-BD7E-590A7CA613D0@ecs.soton.ac.uk> On 12 Jun 2006, at 15:43, Matt Hampton wrote: > Matt Hampton wrote on Mon, 12 Jun 2006 14:03:17 +0100: > >> If you send a link in the format >> http://www.domain.com. > > Matt, do you refer to a URL with a dot at the end or to any URL > where href > and innertext match? > > BTW: domain.com exists, we shouldn#t use it for examples anymore. We should use example.com, which is registered by IANA for precisely this purpose. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From campbell at cnpapers.com Mon Jun 12 16:10:52 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Jun 12 16:11:33 2006 Subject: OT: limit idle time in sendmail References: <8f54b4330606120720g22b9b66dl6588fde3e608c947@mail.gmail.com> Message-ID: <002201c68e32$65427140$0705000a@DDF5DW71> ----- Original Message ----- From: "Nathan Olson" To: "MailScanner discussion" Sent: Monday, June 12, 2006 10:20 AM Subject: Re: OT: limit idle time in sendmail > Peruse the options (O) that start with 'Timeout'. I don't want to steal this thread, but I am adding just for information. I changed a bunch of the "TO_" options defaults and got the processes down to an average of 20. Load is still up, though. Maybe a restart will clear something out as my next recourse. Steve > > Nate > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From ka at pacific.net Mon Jun 12 16:51:49 2006 From: ka at pacific.net (Ken A) Date: Mon Jun 12 16:51:42 2006 Subject: OT: limit idle time in sendmail In-Reply-To: References: Message-ID: <448D8D95.4020404@pacific.net> This might help: http://www.sendmail.org/~ca/email/doc8.12/op-sh-4.html Ken Pacific.Net Jim Dickenson wrote: > I have sendmail configured to limit the number of children to 150. What I am > seeing is most of the children are dealing with connections that get opened > but not closed. This causes sendmail to reject connections because the limit > of children has been reached. Is there any option to limit how long a child > will leave the connection open basically in idle state? > > These have been around for about an hour: > > root 6287 3674 0 05:54 ? 00:00:00 sendmail: server > [221.233.250.108] cmd read > root 6288 3674 0 05:54 ? 00:00:00 sendmail: server > [59.39.215.19] cmd read > root 6307 3674 0 05:54 ? 00:00:00 sendmail: server > [219.131.108.243] cmd read > > Thanks for any ideas. From michele at blacknight.ie Mon Jun 12 17:05:38 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight Solutions) Date: Mon Jun 12 17:05:49 2006 Subject: Logo to the inline.sig.html In-Reply-To: Message-ID: <050c01c68e3a$0d1b5420$88c5c657@arthur> Why on earth would you want to add a HTML signature to a plain text mail? Are you actually trying to break people's mail? Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.ie/ http://blog.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From gmane at tippingmar.com Mon Jun 12 17:05:46 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Mon Jun 12 17:06:47 2006 Subject: Is sophos-autoupdate updating? In-Reply-To: <448B1968.1090000@gmx.de> References: <448AD2A3.1090409@ecs.soton.ac.uk> <448B1968.1090000@gmx.de> Message-ID: shrek-m@gmx.de wrote: > Mark Nienberg schrieb: >> I'll play with username and password. It may be that I am supposed to >> use the Sophos EM Library password instead of the regular user >> updating password for this. I'm not sure. > > take a look on your licence. > > "EM Download username password" > > is what you need. That fixed it. I was using the other Download password. Thanks, Mark From gmane at tippingmar.com Mon Jun 12 17:21:33 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Mon Jun 12 17:22:38 2006 Subject: Sophos.install improvements Message-ID: Julian, Can you add the following to Sophos.install for v5 installations? # prevent notifications from causing a mail loop /opt/sophos-av/bin/savconfig -u set EmailNotifier disabled # prevent autoupdates (let MailScanner do it instead) /opt/sophos-av/bin/savdctl stop sav-protect /opt/sophos-av/bin/savdctl disableOnBoot sav-protect The email that sophos sends with the on-demand scan results is in turn scanned, generating another email which is scanned, etc. If sav-protect daemon is running, it updates Sophos, but without the locking that MailScanner's update uses. Thanks, Mark Nienberg From chris at tac.esi.net Mon Jun 12 21:04:49 2006 From: chris at tac.esi.net (Chris Hammond) Date: Mon Jun 12 21:05:02 2006 Subject: MailScanner setup script Message-ID: <448D90BF.B662.0038.0@tac.esi.net> I was just wondering if anyone had looked at the script I sent to the list a couple of weeks ago. I would like to get some feedback and ideas on where it could go as a project with more knowledgeable people than I working on it. Thanks Chris From paul at tenfjord.net Mon Jun 12 21:40:04 2006 From: paul at tenfjord.net (Paul Tenfjord) Date: Mon Jun 12 21:41:49 2006 Subject: Mailscanner + Spamassassin domain Preferences Message-ID: <200606122240.04119.paul@tenfjord.net> Hi all. I am setting up a mail hub using postfix, mailscanner, clamav and spamassassing. This works very well, mailscanner is really great, the only thing left for me to do is figure out how to have user preferences (or domain settings, per user is not that important) in spamassassin. I've read about sql user preferences but that requires that SA uses spamc/spamd, which as far as I know MS does not do. I also found some posts in the archive but they are dated back to 2004 (http://lists.mailscanner.info/pipermail/mailscanner/2006-April/060055.html), maybe something has happend in this front since then. I appreciate all answers. Thanks Best regards Paul From MailScanner at ecs.soton.ac.uk Mon Jun 12 22:12:02 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 12 22:12:18 2006 Subject: Sophos.install improvements In-Reply-To: References: Message-ID: <448DD8A2.1020904@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Done. Thanks for that. Mark Nienberg wrote: > Julian, > > Can you add the following to Sophos.install for v5 installations? > > # prevent notifications from causing a mail loop > /opt/sophos-av/bin/savconfig -u set EmailNotifier disabled > > # prevent autoupdates (let MailScanner do it instead) > /opt/sophos-av/bin/savdctl stop sav-protect > /opt/sophos-av/bin/savdctl disableOnBoot sav-protect > > > The email that sophos sends with the on-demand scan results is in turn > scanned, generating another email which is scanned, etc. > > If sav-protect daemon is running, it updates Sophos, but without the > locking that MailScanner's update uses. > > > Thanks, > Mark Nienberg > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRI3YpBH2WUcUFbZUEQIsXwCeKTz8tPfYW1monTshzffXDbgJZbQAoOOq /+EWqfcYeng2+2yV0cS6LDxu =znL5 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Mon Jun 12 22:14:46 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 12 22:14:57 2006 Subject: Mailscanner + Spamassassin domain Preferences In-Reply-To: <200606122240.04119.paul@tenfjord.net> References: <200606122240.04119.paul@tenfjord.net> Message-ID: <448DD946.1010500@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Basically all the settings people ever actually need to change are controllable from MailScanner.conf. What settings are you trying to set per-domain? Paul Tenfjord wrote: > Hi all. > > I am setting up a mail hub using postfix, mailscanner, clamav and > spamassassing. This works very well, mailscanner is really great, the only > thing left for me to do is figure out how to have user preferences (or domain > settings, per user is not that important) in spamassassin. I've read about > sql user preferences but that requires that SA uses spamc/spamd, which as far > as I know MS does not do. I also found some posts in the archive but they are > dated back to 2004 > (http://lists.mailscanner.info/pipermail/mailscanner/2006-April/060055.html), > maybe something has happend in this front since then. > > I appreciate all answers. > > Thanks > > Best regards > Paul > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRI3ZRxH2WUcUFbZUEQJrVQCfVNQPSsG/sdh1cMvarb2Im6UlTcEAnjSd X7a9dZErYtFQLKcKMg7ITd/x =YlW/ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From jgames at sitp.net Mon Jun 12 22:16:15 2006 From: jgames at sitp.net (John Games) Date: Mon Jun 12 22:16:48 2006 Subject: Mailscanner + Spamassassin domain Preferences In-Reply-To: <200606122240.04119.paul@tenfjord.net> References: <200606122240.04119.paul@tenfjord.net> Message-ID: <448D934E.C8E0.00C6.0@sitp.net> Try Mailwatch Regards, John Games 806.771.2300 x101 fax 806.209.0126 jgames@sitp.net Skype: sitpinc >>> On Mon, Jun 12, 2006 at 3:40 PM, in message <200606122240.04119.paul@tenfjord.net>, Paul Tenfjord wrote: Hi all. I am setting up a mail hub using postfix, mailscanner, clamav and spamassassing. This works very well, mailscanner is really great, the only thing left for me to do is figure out how to have user preferences (or domain settings, per user is not that important) in spamassassin. I've read about sql user preferences but that requires that SA uses spamc/spamd, which as far as I know MS does not do. I also found some posts in the archive but they are dated back to 2004 (http://lists.mailscanner.info/pipermail/mailscanner/2006-April/060055.html), maybe something has happend in this front since then. I appreciate all answers. Thanks Best regards Paul -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by SelectProtect, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by SelectProtect, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060612/0ff6a277/attachment.html From michele at blacknight.ie Tue Jun 13 00:17:22 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Tue Jun 13 00:17:26 2006 Subject: MailScanner setup script In-Reply-To: <448D90BF.B662.0038.0@tac.esi.net> References: <448D90BF.B662.0038.0@tac.esi.net> Message-ID: <448DF602.9020708@blacknight.ie> Chris Hammond wrote: > I was just wondering if anyone had looked at the script I sent to the list a couple of > weeks ago. I would like to get some feedback and ideas on where it could go as a > project with more knowledgeable people than I working on it. > > Thanks > Chris > Chris Any chance of you reposting it? Or a link to it? Michele -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From chris at tac.esi.net Tue Jun 13 00:34:38 2006 From: chris at tac.esi.net (Chris Hammond) Date: Tue Jun 13 00:32:54 2006 Subject: MailScanner setup script In-Reply-To: <448DF602.9020708@blacknight.ie> References: <448D90BF.B662.0038.0@tac.esi.net> <448DF602.9020708@blacknight.ie> Message-ID: <448DC1CE.B662.0038.0@tac.esi.net> Sure, it is attached. Chris >>> "Michele Neylon :: Blacknight.ie" 06/12/06 7:17 PM >>> Chris Hammond wrote: > I was just wondering if anyone had looked at the script I sent to the list a couple of > weeks ago. I would like to get some feedback and ideas on where it could go as a > project with more knowledgeable people than I working on it. > > Thanks > Chris > Chris Any chance of you reposting it? Or a link to it? Michele -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: asinst_script.sh Type: application/x-sh Size: 37254 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060612/139edc4e/asinst_script-0001.sh From chris at tac.esi.net Tue Jun 13 01:40:55 2006 From: chris at tac.esi.net (Chris Hammond) Date: Tue Jun 13 01:38:54 2006 Subject: MailScanner setup script In-Reply-To: <448DC1CE.B662.0038.0@tac.esi.net> References: <448D90BF.B662.0038.0@tac.esi.net> <448DF602.9020708@blacknight.ie> <448DC1CE.B662.0038.0@tac.esi.net> Message-ID: <448DD157.B662.0038.0@tac.esi.net> Ok, this time tar.gz'd. Chris >>> "Chris Hammond" 06/12/06 7:34 PM >>> Sure, it is attached. Chris >>> "Michele Neylon :: Blacknight.ie" 06/12/06 7:17 PM >>> Chris Hammond wrote: > I was just wondering if anyone had looked at the script I sent to the list a couple of > weeks ago. I would like to get some feedback and ideas on where it could go as a > project with more knowledgeable people than I working on it. > > Thanks > Chris > Chris Any chance of you reposting it? Or a link to it? Michele -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: asinst_script.tar.gz Type: application/octet-stream Size: 9210 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060612/9a0a5652/asinst_script.tar.obj From carinus.carelse at mrc.ac.za Tue Jun 13 05:42:56 2006 From: carinus.carelse at mrc.ac.za (carinus.carelse@mrc.ac.za) Date: Tue Jun 13 05:41:46 2006 Subject: Logo to the inline.sig.html In-Reply-To: <050c01c68e3a$0d1b5420$88c5c657@arthur> Message-ID: No Not really. I just had a request from the management to add a logo to the signature and I thought the html sig was the best way to do it. If anyone has any other suggestions I would welcome them. Carinus "Michele Neylon :: Blacknight Solutions" Sent by: mailscanner-bounces@lists.mailscanner.info 2006/06/12 18:05 Please respond to MailScanner discussion To "'MailScanner discussion'" cc Subject RE: Logo to the inline.sig.html Why on earth would you want to add a HTML signature to a plain text mail? Are you actually trying to break people's mail? Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.ie/ http://blog.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This e-mail and its contents are subject to the South African Medical Research Council e-mail legal notice available at http://www.mrc.ac.za/about/EmailLegalNotice.htm -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060613/a81805c7/attachment.html From eneal at dfi-intl.com Tue Jun 13 05:57:50 2006 From: eneal at dfi-intl.com (Errol Neal) Date: Tue Jun 13 05:59:35 2006 Subject: Expanding MultipleQueueDir function Message-ID: I'm trying to expand the MultipleQueueDir function to make it a bit more usable for my environment. I'm almost there, but it seems like something in the code I've written isn't correct. Now mind you, I'm not a Programmer so some of it may be terribly wrong. I reused a lot of what's already in CustomConfig.pm. my ($PriorityDomainListFile) = '/etc/MailScanner/rules/prioritylist.conf'; use FileHandle; sub InitMultipleQueueDir { MailScanner::Log::InfoLog("Initialising list for domains receiving priority service"); #"from %s", $PriorityDomainListFile); my $listfile = new FileHandle; unless($listfile->open("<$PriorityDomainListFile")) { MailScanner::Log::WarnLog("Could not read list of domains for priority service " . "from %s", $PriorityDomainListFile); return; } my($fh, $line, $PriorityDomainList); $line = 0; while (<$listfile>) { $line++; chomp; #print STDERR "Line is \"$_\"\n"; s/#.*$//; # Strip comments s/\S*:\S*//g; # Strip any words with ":" in them s/^\s+//g; # Strip leading whitespace s/^(\S+)\s.*$/$1/; # Use only the 1st word s/^\*\@//; # Strip any leading "*@" they might have put in #print STDERR "Line is \"$_\"\n"; next if /^$/; # Strip blank lines $PriorityDomainList->{$listfile}{lc($_)} = 1; # Store the domains return; } $fh->close(); MailScanner::Log::InfoLog("Read %d domains from %s", $line, $PriorityDomainListFile); } sub EndMultipleQueueDir { MailScanner::Log::InfoLog("Shutting down priority domain list"); } sub MultipleQueueDir { my($message, $PriorityDomainList) = @_; #return 0 unless $message; # Sanity check the input my(@todomain, $todomain, $isspam); @todomain = @{$message->{todomain}}; $todomain = $todomain[0]; $isspam = $message->{isspam}; return '/var/spool/mqueue' unless $message; return '/var/spool/mqueue.priority' if $PriorityDomainList->{$todomain}; return '/var/spool/mqueue.spam' if $message->{$isspam}; # It is not in the list return '/var/spool/mqueue'; } Hopefully, you can get the picture of what I'm trying to do. Domains are stored in the prioritylist.conf. >From what I can tell, it's not getting beyond opening the file and reading it. Can someone help me get this working right? TIA. Errol Neal From Jan-Peter.Koopmann at seceidos.de Tue Jun 13 06:02:53 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Tue Jun 13 06:03:06 2006 Subject: Logo to the inline.sig.html In-Reply-To: Message-ID: On Dienstag, 13. Juni 2006 6:42 carinus.carelse@mrc.ac.za wrote: > No Not really. ?I just had a request from the management to add a > logo to the signature and I thought the html sig was the best way to > do it. ?If anyone has any other suggestions I would welcome them. I suggest you tell your management that there is no clean way of simply attaching a HTML signature to a plain text mail. This might (!) display correctly on some MUAs but it usually will not. And this would definatly break your CI and make a lot of people laugh about you which probably is the last thing your management would like. If management really wants to have images attached to your mails then force your MUAs to send HTML mails only and attach the signatures there. Depending on your infrastructure (Exchange? Notes?) there might be several tools that can autocreate the signatures for you (including information from your LDAP/Active Directory/whatever). Attaching a signature in MailScanner might lead to problems (digital signatures with S/MIME, PGP) and is not the best way to handle this I am afraid. Regards, JP From hden at kcbbs.gen.nz Tue Jun 13 06:29:07 2006 From: hden at kcbbs.gen.nz (Hendrik den Hartog) Date: Tue Jun 13 06:13:28 2006 Subject: Sophos SAVI In-Reply-To: References: <050c01c68e3a$0d1b5420$88c5c657@arthur> Message-ID: <20060613052907.GA1172@mew.kcbbs.gen.nz> (Excuse if this is a duplicate?) We need to rebuild our Server. Can someone please point out the path to the [new[ location of the DOCS that explain how to install/use sophos SAVI with Mailscanner. Appreciated! hden From nauman at worldcall.net.pk Tue Jun 13 06:22:40 2006 From: nauman at worldcall.net.pk (Muhammad Nauman) Date: Tue Jun 13 06:22:58 2006 Subject: Mailscanner stopped, sendmail running... References: <003e01c68ada$f71cc800$3701a8c0@lapxp><4488610A.8030802@ecs.soton.ac.uk> <223f97700606081131h5ef91acbv4d284c8b36e021c2@mail.gmail.com> Message-ID: <009c01c68ea9$65e6a770$23c051cb@noc> >> Arthur Sherman wrote: >> >> Have you read the documentation on tuning? >> >> >> >> http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips >> >> >> > >> > Most links to instructions are broken... >> > >> Please can you re-test these pages. Hopefully they all work now. Please >> let me know of any that are still broken. >> > Ah, it has risen from the dead:-). Still, perhaps we should aim at > some creative cut'n'pasting, just to get it all into the wiki... Just > so much of it ...:-) > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se I m still facing this problem - My sendmail suddenly gets stuck I have done all the optimizations possible according to my server : http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips but still i observe thing as follows: [root@server ~]# sendmail -v nauman test . nauman... Connecting to [127.0.0.1] via relay... nauman... Deferred: Connection refused by [127.0.0.1] [root@server ~]# /etc/init.d/MailScanner stop Shutting down MailScanner daemons: MailScanner: [ OK ] incoming sendmail: [ OK ] outgoing sendmail: [ OK ] [root@server ~]# /etc/init.d/MailScanner status Checking MailScanner daemons: MailScanner: [FAILED] incoming sendmail: head: cannot open `/var/run/sendmail.in.pid' for reading: No such file or directory [FAILED] outgoing sendmail: head: cannot open `/var/run/sendmail.out.pid' for reading: No such file or directory [FAILED] [root@server ~]# /etc/init.d/MailScanner stop Shutting down MailScanner daemons: MailScanner: [FAILED] incoming sendmail: [ OK ] outgoing sendmail: [ OK ] [root@server ~]# /etc/init.d/sendmail status sendmail (pid 32112 32107 32055 32013 32004 31610 31581 30306 30185 30095 30002 29917 29863 29667 29520 29461 29399 29042 28938 28918 28263 28041 27015 26655 26567 26536 26289 23442 22532 22246 22151 18507 14118) is running... [root@server ~]# /etc/init.d/sendmail stop Shutting down sendmail: [ OK ] Shutting down sm-client: [FAILED] [root@server ~]# /etc/init.d/sendmail stop Shutting down sendmail: [FAILED] and after these all - when i restart my Mailscanner - it starts working fine again - But why do i have to do all this ?? how can this be fixed one and for all ? Thanks and regards, M.Nauman Habib Network Engineer ICT Department WorldCALL Multimedia Pvt Ltd 16-S Gulberg II Lahore, Pakistan Off: 92 (42) 5877051-55 Cell : 0321-4311830 -- This message has been scanned for viruses and dangerous content by WorldCall Scanner, and is believed to be clean. From x72m35 at gmail.com Tue Jun 13 06:49:48 2006 From: x72m35 at gmail.com (Lasantha Marian) Date: Tue Jun 13 06:50:18 2006 Subject: Detailed Spam report in Bounce/Notify messages Message-ID: <448E51FC.3010306@gmail.com> Dear All, Is there a possibility to incorporate a detailed report of SpamAssassin in Bounce messages and Notify messages generated by MailScanner ? If so, how can that be done. Thanks in advanced. Lasantha. From MailScanner at ecs.soton.ac.uk Tue Jun 13 08:54:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 13 08:55:10 2006 Subject: Sophos SAVI In-Reply-To: <20060613052907.GA1172@mew.kcbbs.gen.nz> References: <050c01c68e3a$0d1b5420$88c5c657@arthur> <20060613052907.GA1172@mew.kcbbs.gen.nz> Message-ID: <53A206F2-35D0-4E3A-B927-1D8F818F69A3@ecs.soton.ac.uk> On 13 Jun 2006, at 06:29, Hendrik den Hartog wrote: > We need to rebuild our Server. Can someone please point out the > path to the [new[ location of the DOCS that explain how to install/ > use sophos SAVI with Mailscanner. Download and unpack the Sophos distribution. Then run "Sophos.install". -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From gmatt at nerc.ac.uk Tue Jun 13 09:46:33 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Tue Jun 13 09:46:51 2006 Subject: OT: sendmail cmd read In-Reply-To: <000a01c68e2a$a83e3ea0$0705000a@DDF5DW71> References: <000a01c68e2a$a83e3ea0$0705000a@DDF5DW71> Message-ID: <448E7B69.6030600@nerc.ac.uk> Steve Campbell wrote: > This is OT, and may have been discussed before... but here goes anyway. > Google didn't show much on this one. > > I am fighting a machine that has recently starting showing increased > load averages. What used to stay below 5 is now climbing into the 11.+ > at times, and stays around 8 for most of the day. I have considered bdc > as the culprit, but really, this hasn't changed recently, as I have not > really changed anything for a while. I did install a caching name > server, but see little improvement. I'm not looking for additional > "fixes" so much as resolving the problem of what is causing this when > changes haven't been made. The load climbs when MailWatch shows 8+ > MailScanner processes (I have 5 set in Mailscanner.conf) and around 50 > sendmail processes. I don't think the version of Mailscanner had > anything to do with this (4.52.2), and I am running this on two other > servers without the problem - and clamav and bitdefender on the others > also. > > A 'ps -ax | grep sendmail' has always shown a lot of processes to of the > form: > > sendmail: server [IP address] cmd read > > These usually have common IP addresses, and I wonder, firstly, what is > sendmail really doing at this point, and secondly, is there something > that I can do that will make the longer-lived processes go away if these > are bad connections? These sendmail processes tend to gradually climb to > a level of around 40-50, and never really drop without restarting > sendmail. I haven't checked to see if they are the same process IDs. I > have an idea that these are uncompleteable (?) sendmail connections that > are started, but not sure. you've pretty much identified the problem here. sendmail processes are hanging around which is reflected in the rising load average. In fact the host is probably not using many cpu cycles but there are a lot of sendmail processes in the queue. It looks like external mail hosts are connecting to your box but being really slow at communicating. This could be an attempt to slow down/stop your mail server by connecting until the max connections is reached thus stopping anyone else connecting. Stopping or restarting sendmail will not usually kill these connections, to do so, issue a "pkill sendmail" which will close them down. > > I'm sure there is a setting in sendmail (8.12 for now) that might fix > this (as sort of a timeout thing) , or maybe a milter, but I haven't > found it yet. I would like to understand, though, what may have caused > the increased load averages, other than the varying input to sendmail. I > realize this could be a major factor, but don't see a lot of change in > the usual crap that comes in daily. Around 40K+ messages a day with > about 85-90% spam caught. This has been constant for a long time. you can limit the max number of connections, rate of connection and impose limits per ip address (you'll have to check how much of this you can do with 8.12, I use 8.13). Look at: confCONNECTION_RATE_THROTTLE FEATURE(`ratecontrol', ,`terminate') FEATURE(`conncontrol', ,`terminate') a good place to read about managing this sort of thing is: http://www.technoids.org/dossed.html good luck GREG > > Opinions would be greatly appreciated. Thanks! > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From gmatt at nerc.ac.uk Tue Jun 13 09:56:01 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Tue Jun 13 09:56:09 2006 Subject: MailScanner setup script In-Reply-To: <448DC1CE.B662.0038.0@tac.esi.net> References: <448D90BF.B662.0038.0@tac.esi.net> <448DF602.9020708@blacknight.ie> <448DC1CE.B662.0038.0@tac.esi.net> Message-ID: <448E7DA1.30905@nerc.ac.uk> Chris Hammond wrote: > Sure, it is attached. > why turn off mdmonitor? all my mail relays have software raid1 mirrored disks. mdmonitor is vital! G > Chris > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From michele at blacknight.ie Tue Jun 13 10:54:30 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight Solutions) Date: Tue Jun 13 10:54:41 2006 Subject: Logo to the inline.sig.html In-Reply-To: Message-ID: <01cd01c68ecf$5e56a930$88c5c657@arthur> Koopmann, Jan-Peter <> said on 13 June 2006 06:03: > > Attaching a signature in MailScanner might lead to problems (digital > signatures with S/MIME, PGP) and is not the best way to handle this I > am afraid. Ah yes. Ye old b0rked signature issue :) Great fun when you encrypt the email and the recipient can't open it Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.ie/ http://blog.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From campbell at cnpapers.com Tue Jun 13 11:09:49 2006 From: campbell at cnpapers.com (campbell@cnpapers.com) Date: Tue Jun 13 11:10:30 2006 Subject: OT: sendmail cmd read In-Reply-To: <448E7B69.6030600@nerc.ac.uk> References: <000a01c68e2a$a83e3ea0$0705000a@DDF5DW71> <448E7B69.6030600@nerc.ac.uk> Message-ID: <1150193389.448e8eed230ed@perdition.cnpapers.net> Greg, thanks very much. See a few comments below: Quoting Greg Matthews : > Steve Campbell wrote: > > This is OT, and may have been discussed before... but here goes anyway. > > Google didn't show much on this one. > > > > I am fighting a machine that has recently starting showing increased > > load averages. What used to stay below 5 is now climbing into the 11.+ > > at times, and stays around 8 for most of the day. I have considered bdc > > as the culprit, but really, this hasn't changed recently, as I have not > > really changed anything for a while. I did install a caching name > > server, but see little improvement. I'm not looking for additional > > "fixes" so much as resolving the problem of what is causing this when > > changes haven't been made. The load climbs when MailWatch shows 8+ > > MailScanner processes (I have 5 set in Mailscanner.conf) and around 50 > > sendmail processes. I don't think the version of Mailscanner had > > anything to do with this (4.52.2), and I am running this on two other > > servers without the problem - and clamav and bitdefender on the others > > also. > > > > A 'ps -ax | grep sendmail' has always shown a lot of processes to of the > > form: > > > > sendmail: server [IP address] cmd read > > > > These usually have common IP addresses, and I wonder, firstly, what is > > sendmail really doing at this point, and secondly, is there something > > that I can do that will make the longer-lived processes go away if these > > are bad connections? These sendmail processes tend to gradually climb to > > a level of around 40-50, and never really drop without restarting > > sendmail. I haven't checked to see if they are the same process IDs. I > > have an idea that these are uncompleteable (?) sendmail connections that > > are started, but not sure. > > you've pretty much identified the problem here. sendmail processes are > hanging around which is reflected in the rising load average. In fact > the host is probably not using many cpu cycles but there are a lot of > sendmail processes in the queue. It looks like external mail hosts are > connecting to your box but being really slow at communicating. This > could be an attempt to slow down/stop your mail server by connecting > until the max connections is reached thus stopping anyone else > connecting. Stopping or restarting sendmail will not usually kill these > connections, to do so, issue a "pkill sendmail" which will close them down. Up until now, I would ususally have to "killall sendmail" to flush these. They would go on forever. > > > > > I'm sure there is a setting in sendmail (8.12 for now) that might fix > > this (as sort of a timeout thing) , or maybe a milter, but I haven't > > found it yet. I would like to understand, though, what may have caused > > the increased load averages, other than the varying input to sendmail. I > > realize this could be a major factor, but don't see a lot of change in > > the usual crap that comes in daily. Around 40K+ messages a day with > > about 85-90% spam caught. This has been constant for a long time. > > you can limit the max number of connections, rate of connection and > impose limits per ip address (you'll have to check how much of this you > can do with 8.12, I use 8.13). Look at: > confCONNECTION_RATE_THROTTLE > FEATURE(`ratecontrol', ,`terminate') > FEATURE(`conncontrol', ,`terminate') > a good place to read about managing this sort of thing is: > http://www.technoids.org/dossed.html I'll try the link, and for now, have changed a lot of the timeout values for the default sendmail.mc that RH ships. I recall ages ago, like RH 6.2, that the ident timeout used to require zeroing or sendmail would come to a real halt, but had not needed any other changes since then. This has made the average number of sendmail processes drop to about 20 or less, but the load still swings to a high 8 or 9, for what looks like no apparent reason. > > good luck Thanks for the help. Steve > > GREG > > > > > Opinions would be greatly appreciated. Thanks! > > > > Steve Campbell > > campbell@cnpapers.com > > Charleston Newspapers > > > > > > > -- > Greg Matthews 01491 692445 > Head of UNIX/Linux, iTSS Wallingford > > -- > This message (and any attachments) is for the recipient only. NERC > is subject to the Freedom of Information Act 2000 and the contents > of this email and any reply you make may be disclosed by NERC unless > it is exempt from release under the Act. Any material supplied to > NERC may be stored in an electronic records management system. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ From chris at tac.esi.net Tue Jun 13 11:54:24 2006 From: chris at tac.esi.net (Chris Hammond) Date: Tue Jun 13 11:52:21 2006 Subject: MailScanner setup script In-Reply-To: <448E7DA1.30905@nerc.ac.uk> References: <448D90BF.B662.0038.0@tac.esi.net> <448DF602.9020708@blacknight.ie> <448DC1CE.B662.0038.0@tac.esi.net> <448E7DA1.30905@nerc.ac.uk> Message-ID: <448E611F.B662.0038.0@tac.esi.net> Mine were not initially. The last two are but I never changed the script. I just turned it back on on those two machines. It is definately vital when software raid is in place, maybe a check for the presence of raid partitions would be in order. Chris >>> Greg Matthews 06/13/06 4:56 AM >>> Chris Hammond wrote: > Sure, it is attached. > why turn off mdmonitor? all my mail relays have software raid1 mirrored disks. mdmonitor is vital! G > Chris > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Tue Jun 13 11:56:12 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 13 11:56:15 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <009c01c68ea9$65e6a770$23c051cb@noc> References: <003e01c68ada$f71cc800$3701a8c0@lapxp> <4488610A.8030802@ecs.soton.ac.uk> <223f97700606081131h5ef91acbv4d284c8b36e021c2@mail.gmail.com> <009c01c68ea9$65e6a770$23c051cb@noc> Message-ID: <223f97700606130356r746a47bk16a81527243726d4@mail.gmail.com> On 13/06/06, Muhammad Nauman wrote: > >> Arthur Sherman wrote: > >> >> Have you read the documentation on tuning? > >> >> > >> >> http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips > >> >> > >> > > >> > Most links to instructions are broken... > >> > > >> Please can you re-test these pages. Hopefully they all work now. Please > >> let me know of any that are still broken. > >> > > Ah, it has risen from the dead:-). Still, perhaps we should aim at > > some creative cut'n'pasting, just to get it all into the wiki... Just > > so much of it ...:-) > > > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > > I m still facing this problem - My sendmail suddenly gets stuck > I have done all the optimizations possible according to my server : > http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips > but still i observe thing as follows: > > [root@server ~]# sendmail -v nauman > test > . > nauman... Connecting to [127.0.0.1] via relay... > nauman... Deferred: Connection refused by [127.0.0.1] > [root@server ~]# /etc/init.d/MailScanner stop > Shutting down MailScanner daemons: > MailScanner: [ OK ] > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > [root@server ~]# /etc/init.d/MailScanner status > Checking MailScanner daemons: > MailScanner: [FAILED] > incoming sendmail: head: cannot open `/var/run/sendmail.in.pid' for > reading: No such file or directory > [FAILED] > outgoing sendmail: head: cannot open `/var/run/sendmail.out.pid' > for reading: No such file or directory > [FAILED] > [root@server ~]# /etc/init.d/MailScanner stop > Shutting down MailScanner daemons: > MailScanner: [FAILED] > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > [root@server ~]# /etc/init.d/sendmail status > sendmail (pid 32112 32107 32055 32013 32004 31610 31581 30306 30185 30095 > 30002 29917 29863 29667 29520 29461 29399 29042 28938 28918 28263 28041 > 27015 26655 26567 26536 26289 23442 22532 22246 22151 18507 14118) is > running... > [root@server ~]# /etc/init.d/sendmail stop > Shutting down sendmail: [ OK ] > Shutting down sm-client: [FAILED] > [root@server ~]# /etc/init.d/sendmail stop > Shutting down sendmail: [FAILED] > > and after these all - when i restart my Mailscanner - it starts working fine > again - But why do i have to do all this ?? > > how can this be fixed one and for all ? > I'm no sendmail guru, but .... there rather recently have been a couple of similar threads, where the askers have a lot of sendmail children just sitting tehre waiting for a timeout to happen.... and by default, that timout has been so long that they actually have gotten hurt by it. "Solution" seems to be to lower the sendmail timeouts. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From maillists at conactive.com Tue Jun 13 12:31:18 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jun 13 12:32:05 2006 Subject: Mailscanner stopped, sendmail running... In-Reply-To: <009c01c68ea9$65e6a770$23c051cb@noc> References: <003e01c68ada$f71cc800$3701a8c0@lapxp> <4488610A.8030802@ecs.soton.ac.uk> <223f97700606081131h5ef91acbv4d284c8b36e021c2@mail.gmail.com> <009c01c68ea9$65e6a770$23c051cb@noc> Message-ID: Muhammad Nauman wrote on Tue, 13 Jun 2006 10:22:40 +0500: > I m still facing this problem - My sendmail suddenly gets stuck I think it has been said before that shutting down sendmail doesn't shut down every single client that is handling a connection. What shuts down is the master process and any client after terminating the currently handled connection. There is no "stuck", the children handle connections. You can get more information about them with ps. And this doesn't look like a MailScanner problem. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From eneal at dfi-intl.com Tue Jun 13 12:40:43 2006 From: eneal at dfi-intl.com (Errol Neal) Date: Tue Jun 13 12:42:38 2006 Subject: Help Expanding MultipleQueueDir function Message-ID: I'm trying to expand the MultipleQueueDir function to make it a bit more usable for my environment. I'm almost there, but it seems like something in the code I've written isn't correct. Now mind you, I'm not a Programmer so some of it may be terribly wrong. I reused a lot of what's already in CustomConfig.pm. my ($PriorityDomainListFile) = '/etc/MailScanner/rules/prioritylist.conf'; use FileHandle; sub InitMultipleQueueDir { MailScanner::Log::InfoLog("Initialising list for domains receiving priority service"); #"from %s", $PriorityDomainListFile); my $listfile = new FileHandle; unless($listfile->open("<$PriorityDomainListFile")) { MailScanner::Log::WarnLog("Could not read list of domains for priority service " . "from %s", $PriorityDomainListFile); return; } my($fh, $line, $PriorityDomainList); $line = 0; while (<$listfile>) { $line++; chomp; #print STDERR "Line is \"$_\"\n"; s/#.*$//; # Strip comments s/\S*:\S*//g; # Strip any words with ":" in them s/^\s+//g; # Strip leading whitespace s/^(\S+)\s.*$/$1/; # Use only the 1st word s/^\*\@//; # Strip any leading "*@" they might have put in #print STDERR "Line is \"$_\"\n"; next if /^$/; # Strip blank lines $PriorityDomainList->{$listfile}{lc($_)} = 1; # Store the domains return; } $fh->close(); MailScanner::Log::InfoLog("Read %d domains from %s", $line, $PriorityDomainListFile); } sub EndMultipleQueueDir { MailScanner::Log::InfoLog("Shutting down priority domain list"); } sub MultipleQueueDir { my($message, $PriorityDomainList) = @_; #return 0 unless $message; # Sanity check the input my(@todomain, $todomain, $isspam); @todomain = @{$message->{todomain}}; $todomain = $todomain[0]; $isspam = $message->{isspam}; return '/var/spool/mqueue' unless $message; return '/var/spool/mqueue.priority' if $PriorityDomainList->{$todomain}; return '/var/spool/mqueue.spam' if $message->{$isspam}; # It is not in the list return '/var/spool/mqueue'; } Hopefully, you can get the picture of what I'm trying to do. Domains are stored in the prioritylist.conf. >From what I can tell, it's not getting beyond opening the file and reading it. Can someone help me get this working right? TIA. Errol Neal From MailScanner at ecs.soton.ac.uk Tue Jun 13 13:41:09 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 13 13:41:20 2006 Subject: MailScanner: New website feature Message-ID: Folks, Just a quick note to let you all know about a new useful page on www.mailscanner.info. http://www.mailscanner.info/MailScanner.conf.index.html There is an indexed list of every configuration option you can set, including details about it such as whether it can take a ruleset, its default value, a detailed description of its purpose, and so on. It is kept up to date completely automatically, every time I build a new release. You can reach it from the "Documentation" link on (virtually) every page. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060613/a95c2c3f/attachment.html From alex at erus.co.uk Tue Jun 13 13:51:26 2006 From: alex at erus.co.uk (Alex Pimperton) Date: Tue Jun 13 13:52:15 2006 Subject: MailScanner: New website feature In-Reply-To: References: Message-ID: <448EB4CE.2090504@erus.co.uk> Julian Field wrote: > Folks, > > Just a quick note to let you all know about a new useful page on > www.mailscanner.info . > > http://www.mailscanner.info/MailScanner.conf.index.html > > There is an indexed list of every configuration option you can set, > including details about it such as whether it can take a ruleset, its > default value, a detailed description of its purpose, and so on. > This is excellent, thanks. Along the same lines, is it in anyway possible to have something similar for the messages mailscanner outputs to syslog with a description of how severe the error is? I'm getting a lot of false positives for logcheck/logwatch but I don't want to hack in my own regexps for fear of missing a "Mailscanner will blow up the server in 10,9,8..." sometime around 7am on a weekday. Regards, Alex -- This message has been scanned for viruses and dangerous content by the MailScanner at Placet.co.uk, and is believed to be clean. From ugob at camo-route.com Tue Jun 13 13:52:42 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Tue Jun 13 13:53:06 2006 Subject: MailScanner: New website feature In-Reply-To: References: Message-ID: Julian Field wrote: > Folks, > > Just a quick note to let you all know about a new useful page on > www.mailscanner.info . > > http://www.mailscanner.info/MailScanner.conf.index.html > > There is an indexed list of every configuration option you can set, > including details about it such as whether it can take a ruleset, its > default value, a detailed description of its purpose, and so on. > > It is kept up to date completely automatically, every time I build a new > release. > > You can reach it from the "Documentation" link on (virtually) every page. Wow, that rocks :)! From ugob at camo-route.com Tue Jun 13 14:06:09 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Tue Jun 13 14:06:52 2006 Subject: MailScanner: New website feature In-Reply-To: <448EB4CE.2090504@erus.co.uk> References: <448EB4CE.2090504@erus.co.uk> Message-ID: Alex Pimperton wrote: > Julian Field wrote: >> Folks, >> >> Just a quick note to let you all know about a new useful page on >> www.mailscanner.info . >> >> http://www.mailscanner.info/MailScanner.conf.index.html >> >> There is an indexed list of every configuration option you can set, >> including details about it such as whether it can take a ruleset, its >> default value, a detailed description of its purpose, and so on. >> > This is excellent, thanks. > > Along the same lines, is it in anyway possible to have something similar > for the messages mailscanner outputs to syslog with a description of how > severe the error is? > > I'm getting a lot of false positives for logcheck/logwatch but I don't > want to hack in my own regexps for fear of missing a "Mailscanner will > blow up the server in 10,9,8..." sometime around 7am on a weekday. For logwatch, I suggest you upgrade to the latest version and use the CVS mailscanner file. I do this with many servers and it works well. Just think of upgrading your logwatch mailscanner file when you upgrade. From Denis.Beauchemin at USherbrooke.ca Tue Jun 13 14:20:40 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Jun 13 14:21:01 2006 Subject: MailScanner: New website feature In-Reply-To: References: Message-ID: <448EBBA8.5030302@USherbrooke.ca> Julian Field a ?crit : > Folks, > > Just a quick note to let you all know about a new useful page on > www.mailscanner.info . > > http://www.mailscanner.info/MailScanner.conf.index.html > > There is an indexed list of every configuration option you can set, > including details about it such as whether it can take a ruleset, its > default value, a detailed description of its purpose, and so on. > > It is kept up to date completely automatically, every time I build a > new release. > > You can reach it from the "Documentation" link on (virtually) every page. Great! Yesterday I was looking for option header "X-Spam-Status: Yes" nd couldn't remember how to use it. I found it in 10 seconds with this new page! Thanks a lot Julian! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060613/addc0b4f/smime.bin From eneal at dfi-intl.com Tue Jun 13 14:26:18 2006 From: eneal at dfi-intl.com (Errol Neal) Date: Tue Jun 13 14:26:23 2006 Subject: Help Expanding MultipleQueueDir Message-ID: I want to apologize. I sent this message a few times thinking that it did not make it to the list, but it got caught in my Junk Mail because of the perl code. __________________________________________ Errol Uriel Neal Jr. Sr. Network Administrator DFI International, Inc. 1717 Pennsylvania Ave NW, Suite 1300 Washington, DC 20006 Tel (202)452-6955 Fax (202)452-6910 eneal@dfi-intl.com www.dfi-intl.com From richard.siddall at elirion.net Tue Jun 13 15:05:29 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Tue Jun 13 15:06:08 2006 Subject: MailScanner: New website feature In-Reply-To: References: Message-ID: <448EC629.4000808@elirion.net> Julian Field wrote: > There is an indexed list of every configuration option you can set, > including details about it such as whether it can take a ruleset, its > default value, a detailed description of its purpose, and so on. > > It is kept up to date completely automatically, every time I build a > new release. > Would it be easy to include a field in the listings to show what release an option first appeared in? Regards, Richard Siddall From marcel-ml at irc-addicts.de Tue Jun 13 15:08:34 2006 From: marcel-ml at irc-addicts.de (Marcel Blenkers) Date: Tue Jun 13 15:09:08 2006 Subject: Use Default Rules With Multiple Recipients Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there, first of all, i did saw the new Website..great stuff :) My Question is for the Option: Use Default Rules With Multiple Recipients and if i did get it right. Does this mean, if set to yes, this is what happens: Example: I have 2 Users 1 does not want his mails to be scanned, so scanning for that user is turned off via ruleset. Second User wants his mails to be scanned all the way. Email User A ab@cx.com Email User B cd@yx.com Mail comes in: To-Field: ab@cx.com, cd@yx.com does this mean, the mail will be delivered to user a without scanning and to user b with scanning?? Maybe i am wrong here.. so, that is just a question, if i understood everything correct.. :) Thanks in advance.. Marcel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEjsbleuKbXOoTCo8RAmfgAJ0UVX11r5htqTB9Lg1T0XQcoV3XCACaAk0d fPc841f42i9xvPWDuvv24N0= =Up/Z -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Tue Jun 13 15:14:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 13 15:14:25 2006 Subject: Help Expanding MultipleQueueDir function In-Reply-To: References: Message-ID: <8B92E0A6-FCEA-4CD3-BCC3-1474BA99BAFE@ecs.soton.ac.uk> On 13 Jun 2006, at 12:40, Errol Neal wrote: > I'm trying to expand the MultipleQueueDir function to make it a bit > more > usable for my environment. I'm almost there, but it seems like > something > in the code I've written isn't correct. Now mind you, I'm not a > Programmer so some of it may be terribly wrong. I reused a lot of > what's > already in CustomConfig.pm. > > my ($PriorityDomainListFile) = > '/etc/MailScanner/rules/prioritylist.conf'; > use FileHandle; > > sub InitMultipleQueueDir { > MailScanner::Log::InfoLog("Initialising list for domains receiving > priority service"); > #"from %s", $PriorityDomainListFile); > my $listfile = new FileHandle; > > unless($listfile->open("<$PriorityDomainListFile")) { > MailScanner::Log::WarnLog("Could not read list of domains for > priority service " . > "from %s", > $PriorityDomainListFile); > > return; > } > > my($fh, $line, $PriorityDomainList); my($fh, $line, %PriorityDomainList); > $line = 0; > while (<$listfile>) { > $line++; > chomp; > #print STDERR "Line is \"$_\"\n"; > s/#.*$//; # Strip comments > s/\S*:\S*//g; # Strip any words with ":" in them > s/^\s+//g; # Strip leading whitespace > s/^(\S+)\s.*$/$1/; # Use only the 1st word > s/^\*\@//; # Strip any leading "*@" they might have put in > #print STDERR "Line is \"$_\"\n"; > next if /^$/; # Strip blank lines > $PriorityDomainList->{$listfile}{lc($_)} = 1; # Store the > domains $PriorityDomainList{lc($_)} = 1; > return; > } > $fh->close(); > MailScanner::Log::InfoLog("Read %d domains from %s", $line, > $PriorityDomainListFile); > > } > > > sub EndMultipleQueueDir { > MailScanner::Log::InfoLog("Shutting down priority domain list"); > > } > > > sub MultipleQueueDir { > my($message, $PriorityDomainList) = @_; You set $PriorityDomainList elsewhere at the top of your code, so my($message) = @_; > #return 0 unless $message; # Sanity check the input return '/var/spool/mqueue' unless $message; > > my(@todomain, $todomain, $isspam); > @todomain = @{$message->{todomain}}; > $todomain = $todomain[0]; > $isspam = $message->{isspam}; > > return '/var/spool/mqueue' unless $message; If $message was undefined (or 0) then it would have bombed out by now, hence my uncommented line in my previous statement. #return '/var/spool/mqueue' unless $message; > return '/var/spool/mqueue.priority' if > $PriorityDomainList->{$todomain}; $PriorityDomainList{$todomain}; > return '/var/spool/mqueue.spam' if $message->{$isspam}; return '/var/spool/mqueue.spam' if $isspam; > # It is not in the list > return '/var/spool/mqueue'; > } > > Hopefully, you can get the picture of what I'm trying to do. > Domains are > stored in the prioritylist.conf. >> From what I can tell, it's not getting beyond opening the file and > reading it. > Can someone help me get this working right? > > TIA. > > > Errol Neal > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue Jun 13 15:23:48 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 13 15:24:01 2006 Subject: Use Default Rules With Multiple Recipients In-Reply-To: References: Message-ID: On 13 Jun 2006, at 15:08, Marcel Blenkers wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi there, > > first of all, i did saw the new Website..great stuff :) > > My Question is for the Option: > Use Default Rules With Multiple Recipients > > and if i did get it right. > > Does this mean, if set to yes, this is what happens: > > Example: > I have 2 Users > 1 does not want his mails to be scanned, so scanning for that user is > turned off via ruleset. > Second User wants his mails to be scanned all the way. > Email User A ab@cx.com > Email User B cd@yx.com > > Mail comes in: > To-Field: ab@cx.com, cd@yx.com > > does this mean, the mail will be delivered to user a without > scanning and > to user b with scanning?? No. Scan Messages is a "All Match" ruleset, so if any of the recipients want it scanned, it will be scanned. All recipients will get the scanned message. MailScanner does not divide up messages into several different messages for different recipients, there is only ever 1 message with all the recipients on it. > > Maybe i am wrong here.. > > so, that is just a question, if i understood everything correct.. :) > > Thanks in advance.. > > Marcel > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.3 (GNU/Linux) > > iD8DBQFEjsbleuKbXOoTCo8RAmfgAJ0UVX11r5htqTB9Lg1T0XQcoV3XCACaAk0d > fPc841f42i9xvPWDuvv24N0= > =Up/Z > -----END PGP SIGNATURE----- > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From paul at tenfjord.net Tue Jun 13 15:57:35 2006 From: paul at tenfjord.net (Paul Tenfjord) Date: Tue Jun 13 15:59:13 2006 Subject: Mailscanner + Spamassassin domain Preferences In-Reply-To: <448DD946.1010500@ecs.soton.ac.uk> References: <200606122240.04119.paul@tenfjord.net> <448DD946.1010500@ecs.soton.ac.uk> Message-ID: <200606131657.37960.paul@tenfjord.net> On Monday 12 June 2006 23:14, Julian Field wrote: > Basically all the settings people ever actually need to change are > controllable from MailScanner.conf. What settings are you trying to set > per-domain? > > Paul Tenfjord wrote: > > Hi all. > > > > I am setting up a mail hub using postfix, mailscanner, clamav and > > spamassassing. This works very well, mailscanner is really great, the > > only thing left for me to do is figure out how to have user preferences > > (or domain settings, per user is not that important) in spamassassin. > > I've read about sql user preferences but that requires that SA uses > > spamc/spamd, which as far as I know MS does not do. I also found some > > posts in the archive but they are dated back to 2004 > > (http://lists.mailscanner.info/pipermail/mailscanner/2006-April/060055.ht > >ml), maybe something has happend in this front since then. > > > > I appreciate all answers. > > > > Thanks > > > > Best regards > > Paul > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. Hi. Thanks for the reply. This server is replacing another mailhub, which has per domain settings. Some domain customers have requested that mail tagged as spam should be redirected to spam@theirfirm.org. This is the only setting I need to set different for each domain. Any suggestions? Thanks again. --Paul -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 191 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060613/fce84cfa/attachment.bin From matt at coders.co.uk Tue Jun 13 15:59:42 2006 From: matt at coders.co.uk (Matt Hampton) Date: Tue Jun 13 15:59:51 2006 Subject: Use Default Rules With Multiple Recipients In-Reply-To: References: Message-ID: <448ED2DE.4090006@coders.co.uk> >> No. Scan Messages is a "All Match" ruleset, so if any of the recipients >> want it scanned, it will be scanned. All recipients will get the scanned >> message. > >> MailScanner does not divide up messages into several different messages >> for different recipients, there is only ever 1 message with all the >> recipients on it. I have updated the MAQ with a specific header: Multiple Recipient Message - how to apply different rules It was hidden under the Misc questions and was Sendmail specific. It now is MTA independent of the MTA but has instructions for only Sendmail. Can some let me know which other MTA's support envelope splitting and which don't - We will probably need to move the information to a new location in the tree - under documentation:configuration:mta:Sendmail etc and leave links under the MAQ. Am I right in thinking that postfix doesn't.... matt From glenn.steen at gmail.com Tue Jun 13 16:16:43 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 13 16:16:45 2006 Subject: Mailscanner + Spamassassin domain Preferences In-Reply-To: <200606131657.37960.paul@tenfjord.net> References: <200606122240.04119.paul@tenfjord.net> <448DD946.1010500@ecs.soton.ac.uk> <200606131657.37960.paul@tenfjord.net> Message-ID: <223f97700606130816w6f0dad27uaf155a5bd662472f@mail.gmail.com> On 13/06/06, Paul Tenfjord wrote: (snip) > Hi. > > Thanks for the reply. > This server is replacing another mailhub, which has per domain settings. Some > domain customers have requested that mail tagged as spam should be redirected > to spam@theirfirm.org. This is the only setting I need to set different for > each domain. > Any suggestions? > > Thanks again. > > --Paul > Why not make a ruleset for http://www.mailscanner.info/MailScanner.conf.index.html#Spam%20Actions and perhaps also on http://www.mailscanner.info/MailScanner.conf.index.html#High%20Scoring%20Spam%20Actions ... would be the logical thing to do, IMO. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From wintermutecx at gmail.com Tue Jun 13 16:54:42 2006 From: wintermutecx at gmail.com (Dave) Date: Tue Jun 13 16:54:44 2006 Subject: force autolearn Message-ID: I've been hit with a dictionary attack for generic accounts like uucp, accounts, home, sales, etc. I have never used or plan to use these accounts. Right now I have a rule that adds 5 to the score if sent to those accounts but I would like to have them autolearned as well. From what I've read, custom rules are not used in the autolearn threshold count. Is that true? From MailScanner at ecs.soton.ac.uk Tue Jun 13 16:55:07 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 13 16:55:25 2006 Subject: Mailscanner + Spamassassin domain Preferences In-Reply-To: <200606131657.37960.paul@tenfjord.net> References: <200606122240.04119.paul@tenfjord.net> <448DD946.1010500@ecs.soton.ac.uk> <200606131657.37960.paul@tenfjord.net> Message-ID: On 13 Jun 2006, at 15:57, Paul Tenfjord wrote: > On Monday 12 June 2006 23:14, Julian Field wrote: >> Basically all the settings people ever actually need to change are >> controllable from MailScanner.conf. What settings are you trying >> to set >> per-domain? >> >> Paul Tenfjord wrote: >>> Hi all. >>> >>> I am setting up a mail hub using postfix, mailscanner, clamav and >>> spamassassing. This works very well, mailscanner is really great, >>> the >>> only thing left for me to do is figure out how to have user >>> preferences >>> (or domain settings, per user is not that important) in >>> spamassassin. >>> I've read about sql user preferences but that requires that SA uses >>> spamc/spamd, which as far as I know MS does not do. I also found >>> some >>> posts in the archive but they are dated back to 2004 >>> (http://lists.mailscanner.info/pipermail/mailscanner/2006-April/ >>> 060055.ht >>> ml), maybe something has happend in this front since then. >>> >>> I appreciate all answers. >>> >>> Thanks >>> >>> Best regards >>> Paul >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. > > > Hi. > > Thanks for the reply. > This server is replacing another mailhub, which has per domain > settings. Some > domain customers have requested that mail tagged as spam should be > redirected > to spam@theirfirm.org. This is the only setting I need to set > different for > each domain. > Any suggestions? You can do this with a ruleset attached to "Spam Actions" and "High- Scoring Spam Actions" in MailScanner.conf. Something along the lines of To: domain1.com forward spam@theirfirm.org To: domain2.com forward spam@domain2.com FromOrTo: default deliver Easy as that. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From ssilva at sgvwater.com Tue Jun 13 17:06:30 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jun 13 17:07:04 2006 Subject: MailScanner: New website feature In-Reply-To: References: Message-ID: Julian Field spake the following on 6/13/2006 5:41 AM: > Folks, > > Just a quick note to let you all know about a new useful page on > www.mailscanner.info . > > http://www.mailscanner.info/MailScanner.conf.index.html > > There is an indexed list of every configuration option you can set, > including details about it such as whether it can take a ruleset, its > default value, a detailed description of its purpose, and so on. > > It is kept up to date completely automatically, every time I build a new > release. > > You can reach it from the "Documentation" link on (virtually) every page. > You are totally awe inspiring! One more step towards World Domination!!! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Tue Jun 13 17:08:06 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jun 13 17:10:17 2006 Subject: Use Default Rules With Multiple Recipients In-Reply-To: References: Message-ID: Marcel Blenkers spake the following on 6/13/2006 7:08 AM: > Hi there, > > first of all, i did saw the new Website..great stuff :) > > My Question is for the Option: > Use Default Rules With Multiple Recipients > > and if i did get it right. > > Does this mean, if set to yes, this is what happens: > > Example: > I have 2 Users > 1 does not want his mails to be scanned, so scanning for that user is > turned off via ruleset. > Second User wants his mails to be scanned all the way. > Email User A ab@cx.com > Email User B cd@yx.com > > Mail comes in: > To-Field: ab@cx.com, cd@yx.com > > does this mean, the mail will be delivered to user a without scanning and > to user b with scanning?? > > Maybe i am wrong here.. > > so, that is just a question, if i understood everything correct.. :) > > Thanks in advance.. > > Marcel You would have to get your MTA to split the messages first if you want this functionality. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ka at pacific.net Tue Jun 13 17:18:05 2006 From: ka at pacific.net (Ken A) Date: Tue Jun 13 17:17:54 2006 Subject: MailScanner: New website feature In-Reply-To: References: Message-ID: <448EE53D.4020701@pacific.net> Scott Silva wrote: > Julian Field spake the following on 6/13/2006 5:41 AM: >> Folks, >> >> Just a quick note to let you all know about a new useful page on >> www.mailscanner.info . >> >> http://www.mailscanner.info/MailScanner.conf.index.html >> >> There is an indexed list of every configuration option you can set, >> including details about it such as whether it can take a ruleset, its >> default value, a detailed description of its purpose, and so on. >> >> It is kept up to date completely automatically, every time I build a new >> release. >> >> You can reach it from the "Documentation" link on (virtually) every page. >> > You are totally awe inspiring! > One more step towards World Domination!!! > Looks like it will make fine wallpaper too! But, how will I ever fit this on a coffee mug? Ken A Pacific.Net From martinh at solid-state-logic.com Tue Jun 13 17:26:15 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Jun 13 17:26:34 2006 Subject: force autolearn In-Reply-To: Message-ID: <016d01c68f06$18027db0$3004010a@martinhlaptop> I find it best to only accept emails for valid address on the inbound MTA. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Dave > Sent: 13 June 2006 16:55 > To: mailscanner@lists.mailscanner.info > Subject: force autolearn > > I've been hit with a dictionary attack for generic accounts like uucp, > accounts, home, sales, etc. I have never used or plan to use these > accounts. Right now I have a rule that adds 5 to the score if sent to > those accounts but I would like to have them autolearned as well. From > what I've read, custom rules are not used in the autolearn threshold > count. Is that true? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From drew at themarshalls.co.uk Tue Jun 13 17:30:56 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Tue Jun 13 17:31:06 2006 Subject: force autolearn In-Reply-To: References: Message-ID: <36002.194.70.180.170.1150216256.squirrel@webmail.r-bit.net> On Tue, June 13, 2006 16:54, Dave wrote: > I've been hit with a dictionary attack for generic accounts like uucp, > accounts, home, sales, etc. I have never used or plan to use these > accounts. Right now I have a rule that adds 5 to the score if sent to > those accounts but I would like to have them autolearned as well. From > what I've read, custom rules are not used in the autolearn threshold > count. Is that true? Why not just reject these (And all other unknown users) at your MTA? Save all the processing overhead and protect your server from a really big directory attack. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From eneal at dfi-intl.com Tue Jun 13 17:34:33 2006 From: eneal at dfi-intl.com (Errol Neal) Date: Tue Jun 13 17:34:41 2006 Subject: Help Expanding MultipleQueueDir function Message-ID: Thanks for your help Julian. This is the final result.. my ($PriorityDomainListFile) = '/etc/MailScanner/rules/prioritylist.conf'; use FileHandle; sub InitMultipleQueueDir { MailScanner::Log::InfoLog("Initialising list for domains receiving priority service"); #"from %s", $PriorityDomainListFile); my $listfile = new FileHandle; unless($listfile->open("<$PriorityDomainListFile")) { MailScanner::Log::WarnLog("Could not read list of domains for priority service " . "from %s", $PriorityDomainListFile); return; } my($fh, $line, %PriorityDomainList); $line = 0; while (<$listfile>) { $line++; chomp; #print STDERR "Line is \"$_\"\n"; s/#.*$//; # Strip comments s/\S*:\S*//g; # Strip any words with ":" in them s/^\s+//g; # Strip leading whitespace s/^(\S+)\s.*$/$1/; # Use only the 1st word s/^\*\@//; # Strip any leading "*@" they might have put in #print STDERR "Line is \"$_\"\n"; next if /^$/; # Strip blank lines #$PriorityDomainList->{$PriorityDomainListFile}{lc($_)} = 1; # Store the domains $PriorityDomainList{lc($_)} = 1; return; } $fh->close(); MailScanner::Log::InfoLog("Read %d domains from %s", $line, $PriorityDomainListFile); } sub EndMultipleQueueDir { MailScanner::Log::InfoLog("Shutting down priority domain list"); } sub MultipleQueueDir { my($message) = @_; return '/var/spool/mqueue' unless $message; # Sanity check the input my(@todomain, $todomain, $isspam); @todomain = @{$message->{todomain}}; $todomain = $todomain[0]; $isspam = $message->{isspam}; return '/var/spool/mqueue.priority' if $PriorityDomainList{$todomain}; return '/var/spool/mqueue.spam' if $isspam; # It is not in the list return '/var/spool/mqueue'; } I get an error though when starting it up. Global symbol "%PriorityDomainList" requires explicit package name at /usr/lib/MailScanner/MailScanner/CustomConfig.pm line 718. Any thoughts? From wintermutecx at gmail.com Tue Jun 13 18:12:48 2006 From: wintermutecx at gmail.com (Dave) Date: Tue Jun 13 18:12:49 2006 Subject: force autolearn In-Reply-To: <36002.194.70.180.170.1150216256.squirrel@webmail.r-bit.net> References: <36002.194.70.180.170.1150216256.squirrel@webmail.r-bit.net> Message-ID: On 6/13/06, Drew Marshall wrote: > On Tue, June 13, 2006 16:54, Dave wrote: > > I've been hit with a dictionary attack for generic accounts like uucp, > > accounts, home, sales, etc. I have never used or plan to use these > > accounts. Right now I have a rule that adds 5 to the score if sent to > > those accounts but I would like to have them autolearned as well. From > > what I've read, custom rules are not used in the autolearn threshold > > count. Is that true? > > Why not just reject these (And all other unknown users) at your MTA? Save > all the processing overhead and protect your server from a really big > directory attack. I don't deliver mail with a spam score greater then 6, nor are they rejected. Does Mailscanner check to see if it's a valid user before spam scoring? From mkettler at evi-inc.com Tue Jun 13 18:24:10 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Jun 13 18:24:20 2006 Subject: force autolearn In-Reply-To: References: Message-ID: <448EF4BA.8010704@evi-inc.com> Dave wrote: > I've been hit with a dictionary attack for generic accounts like uucp, > accounts, home, sales, etc. I have never used or plan to use these > accounts. Right now I have a rule that adds 5 to the score if sent to > those accounts but I would like to have them autolearned as well. From > what I've read, custom rules are not used in the autolearn threshold > count. Is that true? That is not true. SA does not even know the difference between a "stock" rule or a custom rule. As far as SA is concerned, a rule is a rule. The things that don't count for autolearning are: (quoted from man Mail::SpamAssassin::Conf under the definition of bayes_auto_learn) - rules with tflags set to 'learn' (the Bayesian rules) - rules with tflags set to 'userconf' (user white/black-listing rules, etc) - rules with tflags set to 'noautolearn' So unless your custom rule includes a tflags statement that adds one of those flags, it should work fine. That said, I personally alias all these accounts into a single spamtrap account, and a daily cronjob picks the mailbox up and force-feeds it to sa-learn. From MailScanner at ecs.soton.ac.uk Tue Jun 13 18:28:34 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 13 18:29:47 2006 Subject: Help Expanding MultipleQueueDir function In-Reply-To: References: Message-ID: <448EF5C2.8090604@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Errol Neal wrote: > Thanks for your help Julian. This is the final result.. > > my ($PriorityDomainListFile) = > '/etc/MailScanner/rules/prioritylist.conf'; > Add the line my %PriorityDomainList = (); > use FileHandle; > > sub InitMultipleQueueDir { > MailScanner::Log::InfoLog("Initialising list for domains receiving > priority service"); > #"from %s", $PriorityDomainListFile); > my $listfile = new FileHandle; > > unless($listfile->open("<$PriorityDomainListFile")) { > MailScanner::Log::WarnLog("Could not read list of domains for > priority service " . > "from %s", $PriorityDomainListFile); > > return; > } > > my($fh, $line, %PriorityDomainList); > Replace that with my($fh, $line); > $line = 0; > while (<$listfile>) { > $line++; > chomp; > #print STDERR "Line is \"$_\"\n"; > s/#.*$//; # Strip comments > s/\S*:\S*//g; # Strip any words with ":" in them > s/^\s+//g; # Strip leading whitespace > s/^(\S+)\s.*$/$1/; # Use only the 1st word > s/^\*\@//; # Strip any leading "*@" they might have put in > #print STDERR "Line is \"$_\"\n"; > next if /^$/; # Strip blank lines > #$PriorityDomainList->{$PriorityDomainListFile}{lc($_)} = 1; # > Store the domains > $PriorityDomainList{lc($_)} = 1; > return; > Remove that return; > } > $fh->close(); > MailScanner::Log::InfoLog("Read %d domains from %s", $line, > $PriorityDomainListFile); > > } > > > sub EndMultipleQueueDir { > MailScanner::Log::InfoLog("Shutting down priority domain list"); > > } > > > sub MultipleQueueDir { > my($message) = @_; > > return '/var/spool/mqueue' unless $message; # Sanity check the input > > my(@todomain, $todomain, $isspam); > @todomain = @{$message->{todomain}}; > $todomain = $todomain[0]; > $isspam = $message->{isspam}; > > > return '/var/spool/mqueue.priority' if $PriorityDomainList{$todomain}; > return '/var/spool/mqueue.spam' if $isspam; > > # It is not in the list > return '/var/spool/mqueue'; > } > > > I get an error though when starting it up. > > Global symbol "%PriorityDomainList" requires explicit package name at > /usr/lib/MailScanner/MailScanner/CustomConfig.pm line 718. > > Any thoughts? > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRI71wxH2WUcUFbZUEQL4/wCeNwQx6W/VW7TZcy76hXdQIe9d6oUAn2Yx tiBOZxG94TF6nLXSPEKzccDq =zaxR -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Tue Jun 13 18:34:46 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 13 18:34:48 2006 Subject: force autolearn In-Reply-To: References: <36002.194.70.180.170.1150216256.squirrel@webmail.r-bit.net> Message-ID: <223f97700606131034y28ffedb1jdfba6f573c16ba1e@mail.gmail.com> On 13/06/06, Dave wrote: > On 6/13/06, Drew Marshall wrote: > > On Tue, June 13, 2006 16:54, Dave wrote: > > > I've been hit with a dictionary attack for generic accounts like uucp, > > > accounts, home, sales, etc. I have never used or plan to use these > > > accounts. Right now I have a rule that adds 5 to the score if sent to > > > those accounts but I would like to have them autolearned as well. From > > > what I've read, custom rules are not used in the autolearn threshold > > > count. Is that true? > > > > Why not just reject these (And all other unknown users) at your MTA? Save > > all the processing overhead and protect your server from a really big > > directory attack. > > I don't deliver mail with a spam score greater then 6, nor are they > rejected. Does Mailscanner check to see if it's a valid user before > spam scoring? No, but you can teach your MTA how to do it (be it Postfix, Exim or Sendmail.... Well, the latter may need a milter to do it:)... After all, the mails are clearly not for you/your users, and (if it is a real MTA sending) it'll be safe to reject, since the sender will then generate an NDN to the sender... You have no obligation (at all) to handle these. So don't, by rejecting them. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ka at pacific.net Tue Jun 13 19:37:52 2006 From: ka at pacific.net (Ken A) Date: Tue Jun 13 19:37:43 2006 Subject: force autolearn In-Reply-To: <223f97700606131034y28ffedb1jdfba6f573c16ba1e@mail.gmail.com> References: <36002.194.70.180.170.1150216256.squirrel@webmail.r-bit.net> <223f97700606131034y28ffedb1jdfba6f573c16ba1e@mail.gmail.com> Message-ID: <448F0600.8040808@pacific.net> Glenn Steen wrote: > On 13/06/06, Dave wrote: >> On 6/13/06, Drew Marshall wrote: >> > On Tue, June 13, 2006 16:54, Dave wrote: >> > > I've been hit with a dictionary attack for generic accounts like >> uucp, >> > > accounts, home, sales, etc. I have never used or plan to use these >> > > accounts. Right now I have a rule that adds 5 to the score if sent to >> > > those accounts but I would like to have them autolearned as well. >> From >> > > what I've read, custom rules are not used in the autolearn threshold >> > > count. Is that true? >> > >> > Why not just reject these (And all other unknown users) at your MTA? >> Save >> > all the processing overhead and protect your server from a really big >> > directory attack. >> >> I don't deliver mail with a spam score greater then 6, nor are they >> rejected. Does Mailscanner check to see if it's a valid user before >> spam scoring? > No, but you can teach your MTA how to do it (be it Postfix, Exim or > Sendmail.... Well, the latter may need a milter to do it:)... The sendmail access db works too, though you have to do some scripting to generate it from your password db. Ken A Pacific.Net After > all, the mails are clearly not for you/your users, and (if it is a > real MTA sending) it'll be safe to reject, since the sender will then > generate an NDN to the sender... You have no obligation (at all) to > handle these. So don't, by rejecting them. > From arturs at netvision.net.il Tue Jun 13 22:05:37 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Tue Jun 13 21:07:23 2006 Subject: MailScanner: New website feature In-Reply-To: Message-ID: <005501c68f2d$1e988490$3701a8c0@lapxp> wonderfull ! Best, -- Arthur Sherman +972-52-4878851 CPTeam _____ From: mailscanner-announce-bounces@lists.mailscanner.info [mailto:mailscanner-announce-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Tuesday, June 13, 2006 2:41 PM To: MailScanner mailing list Cc: MailScanner-Announce mailing list list Subject: MailScanner: New website feature Folks, Just a quick note to let you all know about a new useful page on www.mailscanner.info. http://www.mailscanner.info/MailScanner.conf.index.html There is an indexed list of every configuration option you can set, including details about it such as whether it can take a ruleset, its default value, a detailed description of its purpose, and so on. It is kept up to date completely automatically, every time I build a new release. You can reach it from the "Documentation" link on (virtually) every page. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060613/93cab51c/attachment.html From wintermutecx at gmail.com Tue Jun 13 21:10:59 2006 From: wintermutecx at gmail.com (Dave) Date: Tue Jun 13 21:11:02 2006 Subject: force autolearn In-Reply-To: References: Message-ID: In the future, I'll set up the MTA to not process mail that doesn't have an end user. In the interim, is the original question possible? Force autolearn using a custom rule? From mkettler at evi-inc.com Tue Jun 13 21:26:39 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Jun 13 21:26:54 2006 Subject: force autolearn In-Reply-To: References: Message-ID: <448F1F7F.1070003@evi-inc.com> Dave wrote: > In the future, I'll set up the MTA to not process mail that doesn't > have an end user. In the interim, is the original question possible? > Force autolearn using a custom rule? As I said before, custom rules are factored into the autolearning, and are treated no differently that the rules that come with SA. However, you will need at least TWO rules to force autolearning as spam. One rule alone cannot force autolearning, no matter how high the score of that rule is. In order to learn as spam, a message must have at least 3.0 worth of points from header rules, AND 3.0 worth of points from body rules. This is a hard-coded requirement that exists regardless of what your autolearn threshold is. You also can't force autolearn to learn anything that would have scored very low on the BAYES scale to begin with. ie: regardless of score, and no matter how many rules fire, the autolearner will not learn as spam anything that would have hit BAYES_00 or BAYES_05. (note: I'm assuming SA 3.1.0 here.. the exact sets of rules that cause this exemption have changed over time because it's based on the score of the bayes rules being less than -1.0. ) In your current situation, these features might seem like a pain, but they're there for a reason. They're all there as safety nets to reduce the chance of the autolearner polluting the bayes database if one rule starts false-firing. From hden at kcbbs.gen.nz Tue Jun 13 21:53:04 2006 From: hden at kcbbs.gen.nz (Hendrik den Hartog) Date: Tue Jun 13 21:37:23 2006 Subject: Sophos SAVI In-Reply-To: <53A206F2-35D0-4E3A-B927-1D8F818F69A3@ecs.soton.ac.uk> References: <050c01c68e3a$0d1b5420$88c5c657@arthur> <20060613052907.GA1172@mew.kcbbs.gen.nz> <53A206F2-35D0-4E3A-B927-1D8F818F69A3@ecs.soton.ac.uk> Message-ID: <20060613205304.GA1431@mew.kcbbs.gen.nz> appreciate the reply, Sheeze, is that *all?*. Back in the olden days you had to add lines to the perl-SAVI configure file while installing perl-SAVI. Those were the instructions I was after /or/ have these been superceded? Thanks Cheers! Hden On Tue, Jun 13, 2006 at 08:54:55AM +0100, Julian Field wrote: > > On 13 Jun 2006, at 06:29, Hendrik den Hartog wrote: > > >We need to rebuild our Server. Can someone please point out the > >path to the [new[ location of the DOCS that explain how to install/ > >use sophos SAVI with Mailscanner. > > Download and unpack the Sophos distribution. Then run "Sophos.install". > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From Gernot.Bauer at gmx.net Tue Jun 13 22:51:43 2006 From: Gernot.Bauer at gmx.net (Gernot Bauer) Date: Tue Jun 13 22:51:45 2006 Subject: sendmail refuses to use /var/spool/mqueue.in Message-ID: <20060613215143.312170@gmx.net> Hi! I am trying to install MailScanner 4.54.6 on SuSE linux 10.1 with sendmail 8.13.6, but sendmail refuses to use the /var/spool/mqueue.in queue directory. Sendmail works fine using /var/spool/mqueue, but any attempt to point the queue directory to another location (either with -OQueueDirectory or through the config file) fails: k5DLFlrt015190: SYSERR(root): gatherq: cannot open "/var/spool/mqueue.in": Operation not permitted daemon could not open control socket /var/run/sendmail/control: Operation not permitted The directory permissions are all fine. Could this be a sendmail bug? The problem appeared when I tried to start MailScanner, after all packages installed nicely. Regards, Gernot Bauer -- Echte DSL-Flatrate dauerhaft f?r 0,- Euro*! "Feel free" mit GMX DSL! http://www.gmx.net/de/go/dsl From ugob at camo-route.com Tue Jun 13 23:44:04 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Tue Jun 13 23:44:38 2006 Subject: sendmail refuses to use /var/spool/mqueue.in In-Reply-To: <20060613215143.312170@gmx.net> References: <20060613215143.312170@gmx.net> Message-ID: Gernot Bauer wrote: > Hi! > > I am trying to install MailScanner 4.54.6 on SuSE linux 10.1 with sendmail 8.13.6, but sendmail refuses to use the /var/spool/mqueue.in queue directory. Sendmail works fine using /var/spool/mqueue, but any attempt to point the queue directory to another location (either with -OQueueDirectory or through the config file) fails: > > k5DLFlrt015190: SYSERR(root): gatherq: cannot open "/var/spool/mqueue.in": Operation not permitted > daemon could not open control socket /var/run/sendmail/control: Operation not permitted > > The directory permissions are all fine. > > Could this be a sendmail bug? > > The problem appeared when I tried to start MailScanner, after all packages installed nicely. Did you stop the original sendmail? > > Regards, > Gernot Bauer > From jrudd at ucsc.edu Wed Jun 14 03:25:50 2006 From: jrudd at ucsc.edu (John Rudd) Date: Wed Jun 14 03:26:18 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: <014c01c68a17$6242be60$3004010a@martinhlaptop> <4486A924.5090502@netmagicsolutions.com> Message-ID: > On Wed, 7 Jun 2006, Dhawal Doshy wrote: >> >> Most of us run servers that pretty much do serious work ;-).. to each >> his/her way. You can use RBLs at: >> >> SpamAssassin: Best way to use RBLs as per my POV.. the bad part being >> that mails originating from ROKSO (spamhaus) are accepted and then >> tagged. Sorry to reply to this so late, but, IMO, the best way to use RBLs is: a) do SBL and XBL at the MTA, so that you're NOT accepting ROKSO originating emails. b) use those RBLs, plus any others you want to (RFC-Ignorant, etc.) in Spam Assassin to mark messages. Step a reduces your SA load, and completely rejects messages that you can be better than 99% sure are spam. Step b lets you leverage RBLs to help tag any other possible spam sources, but without outright rejecting them. From phillip at eacsi.com Wed Jun 14 03:21:49 2006 From: phillip at eacsi.com (phillip@eacsi.com) Date: Wed Jun 14 03:28:51 2006 Subject: OUT OF OFFICE - Re: Re: Who does RBL checks - MailScanner or SpamAssassin? Message-ID: <20060614022149.24920.qmail@coruscant.stellardreams.com> I'm out of the office until Friday or Monday. Please contact support@eacsi.com for assistance. Thanks, Phillip T. George Electronic & Computer Solutions, Inc. From levin at mydream.com.hk Wed Jun 14 04:19:00 2006 From: levin at mydream.com.hk (Levin) Date: Wed Jun 14 04:18:34 2006 Subject: Startup script question Message-ID: <448F8024.7060908@mydream.com.hk> Hi, My mailbox running a sendmail MTA as a relay-only gateway, I setup a mailscanner up and run, however I found out that if it state DeliveryMode=queueonly in /etc/rc.d/init.d/MailScanner script, all incoming from from otherworld will stuck into /var/spool/mqueue.in and not go anywhere, also /var/log/maillog show the mail was queued NOT sent, so I modify it to DeliveryMode=background, it seems work... but I don't know anything wrong, would you please describe a little bit my statement? Thank you very much! Levin From KShortt at ussco.com Wed Jun 14 04:29:47 2006 From: KShortt at ussco.com (Shortt, Kevin) Date: Wed Jun 14 04:29:52 2006 Subject: Upgrade Recommendations Message-ID: <122DFF9D468A2F4DAC3405E57A39DF7805DF2C68@Fsc-Mail-2.na.ds.ussco.com> Hello Everyone, I need to upgrade my current setup. I am looking for some advice from a higher level. (at first anyway) This is what I have: O/S: RHEL 3 (all rpms below..) MailScanner-perl-MIME-Base64-3.05-5 sendmail-8.12.11-4.RHEL3.4 sendmail-cf-8.12.11-4.RHEL3.4 mailscanner-4.36.4-1 perl-MailTools-1.50-1 spamassassin-2.55-3.4 I purchase an entitlement from RH to be able easily update my server. However, RH does NOT support sendmail 8.13.x on RHEL3... NOR spamassasin 3.0.x on RHEL3 either. I am willing to upgrade both manually against RH support. My question: Which should I tackle first.?? Spamassasin...then sendmail...then MS? Any caveats that I need to be aware of?...(I know there is care from SA 2.55 to 3.0.) Is anyone else in my same position? I mean I am getting a lot spam through. Perhaps I only need to fix what I have. I would love any and all opinions on a course of action. Thank you in advance. This is great mailling list. -k From mike at vesol.com Wed Jun 14 04:52:44 2006 From: mike at vesol.com (Mike Kercher) Date: Wed Jun 14 04:53:03 2006 Subject: Upgrade Recommendations Message-ID: Why not move on up to RHEL 4? I wouldn't worry about RH supporting SA3.x personally. The benefit of spamassassin outweighs RH by a long shot. Mike > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Shortt, Kevin > Sent: Tuesday, June 13, 2006 10:30 PM > To: MailScanner discussion > Subject: Upgrade Recommendations > > > Hello Everyone, > > I need to upgrade my current setup. I am looking for some > advice from a higher level. (at first anyway) > > This is what I have: > > O/S: RHEL 3 > (all rpms below..) > MailScanner-perl-MIME-Base64-3.05-5 > sendmail-8.12.11-4.RHEL3.4 > sendmail-cf-8.12.11-4.RHEL3.4 > mailscanner-4.36.4-1 > perl-MailTools-1.50-1 > spamassassin-2.55-3.4 > > > > I purchase an entitlement from RH to be able easily update my server. > However, RH does NOT support sendmail 8.13.x on RHEL3... > NOR spamassasin 3.0.x on RHEL3 either. > > I am willing to upgrade both manually against RH support. > > > My question: > > Which should I tackle first.?? > Spamassasin...then sendmail...then MS? > Any caveats that I need to be aware of?...(I know there is > care from SA > 2.55 to 3.0.) > Is anyone else in my same position? I mean I am getting a > lot spam through. Perhaps I only need to fix what I have. > > > I would love any and all opinions on a course of action. > > > Thank you in advance. This is great mailling list. > > -k > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mikej at rogers.com Wed Jun 14 05:56:26 2006 From: mikej at rogers.com (Mike Jakubik) Date: Wed Jun 14 05:56:18 2006 Subject: Upgrade Recommendations In-Reply-To: <122DFF9D468A2F4DAC3405E57A39DF7805DF2C68@Fsc-Mail-2.na.ds.ussco.com> References: <122DFF9D468A2F4DAC3405E57A39DF7805DF2C68@Fsc-Mail-2.na.ds.ussco.com> Message-ID: <448F96FA.4070900@rogers.com> Shortt, Kevin wrote: > Hello Everyone, > > I need to upgrade my current setup. I am looking for some advice from a > higher level. (at first anyway) > > This is what I have: > > O/S: RHEL 3 > (all rpms below..) > MailScanner-perl-MIME-Base64-3.05-5 > sendmail-8.12.11-4.RHEL3.4 > sendmail-cf-8.12.11-4.RHEL3.4 > mailscanner-4.36.4-1 > perl-MailTools-1.50-1 > spamassassin-2.55-3.4 > > > > I purchase an entitlement from RH to be able easily update my server. > However, RH does NOT support sendmail 8.13.x on RHEL3... > NOR spamassasin 3.0.x on RHEL3 either. > > I am willing to upgrade both manually against RH support. > > > My question: > > Which should I tackle first.?? > Spamassasin...then sendmail...then MS? > The OS, then the application. I would recommend you try FreeBSD, updates and upgrades are always free, and the ports system does an excellent job at managing the MailScanner installation. From Gernot.Bauer at gmx.net Wed Jun 14 09:09:29 2006 From: Gernot.Bauer at gmx.net (Gernot Bauer) Date: Wed Jun 14 09:09:48 2006 Subject: sendmail refuses to use /var/spool/mqueue.in In-Reply-To: References: <20060613215143.312170@gmx.net> Message-ID: <7.0.1.0.0.20060614100714.0204e0f0@gmx.net> > > > > The problem appeared when I tried to start MailScanner, after all > packages installed nicely. > >Did you stop the original sendmail? Of course! I've been using MailScanner happily since 2002, but now I can't get it to work on this SuSE box. Looks all very strange to me. Gernot From phillip at eacsi.com Wed Jun 14 09:05:03 2006 From: phillip at eacsi.com (phillip@eacsi.com) Date: Wed Jun 14 09:12:05 2006 Subject: OUT OF OFFICE - Re: Re: sendmail refuses to use /var/spool/mqueue.in Message-ID: <20060614080503.14372.qmail@coruscant.stellardreams.com> I'm out of the office until Friday or Monday. Please contact support@eacsi.com for assistance. Thanks, Phillip T. George Electronic & Computer Solutions, Inc. From shrek-m at gmx.de Wed Jun 14 09:42:18 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Wed Jun 14 09:42:26 2006 Subject: OUT OF OFFICE - Re: Re: sendmail refuses to use /var/spool/mqueue.in In-Reply-To: <20060614080503.14372.qmail@coruscant.stellardreams.com> References: <20060614080503.14372.qmail@coruscant.stellardreams.com> Message-ID: <448FCBEA.7070809@gmx.de> phillip@eacsi.com schrieb: > I'm out of the office until Friday or Monday. Please contact support@eacsi.com for assistance. > > Thanks, > Phillip T. George > Electronic & Computer Solutions, Inc. out_of_office counter - phillip@eacsi.com 1 x Subject: OUT OF OFFICE - Re: Re: Who does RBL checks - MailScanner or SpamAssassin? 1 x Subject: OUT OF OFFICE - Re: Re: sendmail refuses to use /var/spool/mqueue.in -- shrek-m From prandal at herefordshire.gov.uk Wed Jun 14 10:10:00 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Jun 14 10:13:09 2006 Subject: Upgrade Recommendations Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580D660413@isabella.herefordshire.gov.uk> Upgrade to CentOS 4.3 - it's a community-supported RHEL 4 clone, long support lifecycle, and works a treat here. The upgrade should be pretty painless. http://wwww.centos.org Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Shortt, Kevin > Sent: 14 June 2006 04:30 > To: MailScanner discussion > Subject: Upgrade Recommendations > > > Hello Everyone, > > I need to upgrade my current setup. I am looking for some > advice from a > higher level. (at first anyway) > > This is what I have: > > O/S: RHEL 3 > (all rpms below..) > MailScanner-perl-MIME-Base64-3.05-5 > sendmail-8.12.11-4.RHEL3.4 > sendmail-cf-8.12.11-4.RHEL3.4 > mailscanner-4.36.4-1 > perl-MailTools-1.50-1 > spamassassin-2.55-3.4 > > > > I purchase an entitlement from RH to be able easily update my server. > However, RH does NOT support sendmail 8.13.x on RHEL3... > NOR spamassasin 3.0.x on RHEL3 either. > > I am willing to upgrade both manually against RH support. > > > My question: > > Which should I tackle first.?? > Spamassasin...then sendmail...then MS? > Any caveats that I need to be aware of?...(I know there is > care from SA > 2.55 to 3.0.) > Is anyone else in my same position? I mean I am getting a lot spam > through. Perhaps I only need to fix what I have. > > > I would love any and all opinions on a course of action. > > > Thank you in advance. This is great mailling list. > > -k > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From glenn.steen at gmail.com Wed Jun 14 10:17:48 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Jun 14 10:17:51 2006 Subject: OUT OF OFFICE - Re: Re: sendmail refuses to use /var/spool/mqueue.in In-Reply-To: <448FCBEA.7070809@gmx.de> References: <20060614080503.14372.qmail@coruscant.stellardreams.com> <448FCBEA.7070809@gmx.de> Message-ID: <223f97700606140217m1f7578bbr6a7b6133dbbeece9@mail.gmail.com> On 14/06/06, shrek-m@gmx.de wrote: > phillip@eacsi.com schrieb: > > I'm out of the office until Friday or Monday. Please contact support@eacsi.com for assistance. > > > > Thanks, > > Phillip T. George > > Electronic & Computer Solutions, Inc. > > out_of_office counter - phillip@eacsi.com > > 1 x > > Subject: OUT OF OFFICE - Re: Re: Who does RBL checks - MailScanner or SpamAssassin? > > 1 x > Subject: OUT OF OFFICE - Re: Re: sendmail refuses to use /var/spool/mqueue.in > > *chuckle* I usually send Jules a mail (off-list) asking him to temporarily suspend this type of ....---...:-) Going way off topic, one can wonder what they all are thinking (or not) when they set up OoO/vacation so that it can send this type of non-information outside their organization... Mailbox delegations would be the natural thing to do, not this. And why they think it OK to send such things to mailing lists... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Wed Jun 14 10:18:25 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 14 10:19:22 2006 Subject: Sophos SAVI In-Reply-To: <20060613205304.GA1431@mew.kcbbs.gen.nz> References: <050c01c68e3a$0d1b5420$88c5c657@arthur> <20060613052907.GA1172@mew.kcbbs.gen.nz> <53A206F2-35D0-4E3A-B927-1D8F818F69A3@ecs.soton.ac.uk> <20060613205304.GA1431@mew.kcbbs.gen.nz> Message-ID: <5E1CB5F5-9707-4A07-8D12-516FD685FAD5@ecs.soton.ac.uk> You will still have to install the perl-SAVI module if that's what you want to use. Do that after installing Sophos itself. I haven't tried this myself, would be interested to hear your progress. On 13 Jun 2006, at 21:53, Hendrik den Hartog wrote: > appreciate the reply, > > Sheeze, is that *all?*. Back in the olden days you had to add lines > to the > perl-SAVI configure file while installing perl-SAVI. > > Those were the instructions I was after /or/ have these been > superceded? > > Thanks > Cheers! > Hden > > > > On Tue, Jun 13, 2006 at 08:54:55AM +0100, Julian Field wrote: >> >> On 13 Jun 2006, at 06:29, Hendrik den Hartog wrote: >> >>> We need to rebuild our Server. Can someone please point out the >>> path to the [new[ location of the DOCS that explain how to install/ >>> use sophos SAVI with Mailscanner. >> >> Download and unpack the Sophos distribution. Then run >> "Sophos.install". >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From shuttlebox at gmail.com Wed Jun 14 10:23:37 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Jun 14 10:23:40 2006 Subject: Startup script question In-Reply-To: <448F8024.7060908@mydream.com.hk> References: <448F8024.7060908@mydream.com.hk> Message-ID: <625385e30606140223y1421a9b3u55f44c6764361946@mail.gmail.com> On 6/14/06, Levin wrote: > Hi, > > My mailbox running a sendmail MTA as a relay-only gateway, I setup a > mailscanner up and run, however I found out that if it state > DeliveryMode=queueonly in /etc/rc.d/init.d/MailScanner script, all > incoming from from otherworld will stuck into /var/spool/mqueue.in and > not go anywhere, also /var/log/maillog show the mail was queued NOT > sent, so I modify it to DeliveryMode=background, it seems work... but I > don't know anything wrong, would you please describe a little bit my > statement? This page describes well what needs to be done with Sendmail. http://mailscanner.info/sendmail.html The main thing is that the listening Sendmail process does not deliver, instead MailScanner intercepts the message in the incoming queue and when it has processed it it places it in the outgoing queue where the other (delivering) Sendmail process takes care of it and sends it on its way. -- /peter From levin at mydream.com.hk Wed Jun 14 11:32:53 2006 From: levin at mydream.com.hk (Levin) Date: Wed Jun 14 11:32:09 2006 Subject: Startup script question In-Reply-To: <625385e30606140223y1421a9b3u55f44c6764361946@mail.gmail.com> References: <448F8024.7060908@mydream.com.hk> <625385e30606140223y1421a9b3u55f44c6764361946@mail.gmail.com> Message-ID: <448FE5D5.8070103@mydream.com.hk> shuttlebox wrote: > On 6/14/06, Levin wrote: >> Hi, >> >> My mailbox running a sendmail MTA as a relay-only gateway, I setup a >> mailscanner up and run, however I found out that if it state >> DeliveryMode=queueonly in /etc/rc.d/init.d/MailScanner script, all >> incoming from from otherworld will stuck into /var/spool/mqueue.in and >> not go anywhere, also /var/log/maillog show the mail was queued NOT >> sent, so I modify it to DeliveryMode=background, it seems work... but I >> don't know anything wrong, would you please describe a little bit my >> statement? > > This page describes well what needs to be done with Sendmail. > > http://mailscanner.info/sendmail.html > > The main thing is that the listening Sendmail process does not > deliver, instead MailScanner intercepts the message in the incoming > queue and when it has processed it it places it in the outgoing queue > where the other (delivering) Sendmail process takes care of it and > sends it on its way. Thanks, so if the DeliveryMode=background, will MailScanner/sendmail bypassed any detection process? From gmatt at nerc.ac.uk Wed Jun 14 12:33:08 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Wed Jun 14 12:33:24 2006 Subject: MailScanner setup script In-Reply-To: <448E611F.B662.0038.0@tac.esi.net> References: <448D90BF.B662.0038.0@tac.esi.net> <448DF602.9020708@blacknight.ie> <448DC1CE.B662.0038.0@tac.esi.net> <448E7DA1.30905@nerc.ac.uk> <448E611F.B662.0038.0@tac.esi.net> Message-ID: <448FF3F4.8080504@nerc.ac.uk> Chris Hammond wrote: > Mine were not initially. The last two are but I never changed the > script. I just turned it back on on those two machines. It is > definately vital when software raid is in place, maybe a check for > the presence of raid partitions would be in order. I think you'll find that mdmonitor does nothing at all in the case of no software raid so it is safe to leave it as it is. G > > Chris > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From Peter.Bates at lshtm.ac.uk Wed Jun 14 14:18:12 2006 From: Peter.Bates at lshtm.ac.uk (Peter Bates) Date: Wed Jun 14 14:23:55 2006 Subject: SpamAssassin plugins Message-ID: <44901AA4020000760000575B@193.63.251.15> Hello all... More of an SA question, I guess, but just thought I'd ask for people's opinions. I've just upgraded to SA 3.1.3 and was then looking at init.pre, and the v310.pre and v312.pre on my system. I've enabled things like Pyzor, Razor2 and DCC (the first two as they were enabled anyway, the last because I don't mind the licence problem at the moment). The ones I'm intrigued with are: RelayCountry Hashcash The former seems to be disabled in the SA 3.1.3 distribution (presumably because of the IP::Country::Fast Perl module requirement), the latter seems enabled in the 3.1.3 distribution, but turned off on my system. Has anyone tweaked these plugins with regard to speed, and additionally, has anyone tried or is using the DomainKeys plugins? Thanks. ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 From michele at blacknight.ie Wed Jun 14 14:12:29 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight Solutions) Date: Wed Jun 14 14:46:05 2006 Subject: OT: Setting Up DNSBL using RBLDNSD Message-ID: <034601c68fb4$31602e70$88c5c657@arthur> Has anyone any tips on doing this? I do not want to mirror existing data (I already am :) ) I want to setup my own DNSBL to catch the junk that the other DNSBLS miss.. The only tutorials / guides I've found either refer explicitly to Bind or make reference to rbldns-conf, which doesn't appear to exist on Ubuntu Any tips, thoughts or even flames are welcome TIA Michele Mr Michele Neylon Blacknight Solutions http://www.blacknight.ie/ http://blog.blacknight.ie/ Intl. +353 (0) 59 9183072 UK: 0870 163 0607 From mike at tc3net.com Wed Jun 14 15:29:09 2006 From: mike at tc3net.com (Michael Baird) Date: Wed Jun 14 15:24:47 2006 Subject: mailscanner archiving Message-ID: <1150295349.30141.7.camel@mike-new2.tc3net.com> Hello, I'm wanting to start utilizing MailScanner's archiving functionality, and trying to come up with a good way to do it. I have multiple incoming mx servers, which store mail to a centralized NFS store. I wanted to have all the mailservers archive to a directory on this NFS store, which works fine, however if I have them all archive to the same directory, each sendmail is capable of generating a duplicate name and will overwrite messages archived by the other servers. My question is, is it possible or could it be made possible for MailScanner to have some control over the queue file names, like a tag on each one which is related to the specific machine, ex. qfEAxxxxxmx1 qfEAxxxxxmx2 etc. If I can already do this with MailScanner or even in sendmail that would be great as well. Regards Michael Baird From steve.swaney at fsl.com Wed Jun 14 15:39:43 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Jun 14 15:39:46 2006 Subject: mailscanner archiving In-Reply-To: <1150295349.30141.7.camel@mike-new2.tc3net.com> Message-ID: <12b001c68fc0$604957f0$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Michael Baird > Sent: Wednesday, June 14, 2006 10:29 AM > To: mailscanner@lists.mailscanner.info > Subject: mailscanner archiving > > Hello, I'm wanting to start utilizing MailScanner's archiving > functionality, and trying to come up with a good way to do it. I have > multiple incoming mx servers, which store mail to a centralized NFS > store. I wanted to have all the mailservers archive to a directory on > this NFS store, which works fine, however if I have them all archive to > the same directory, each sendmail is capable of generating a duplicate > name and will overwrite messages archived by the other servers. > > My question is, is it possible or could it be made possible for > MailScanner to have some control over the queue file names, like a tag > on each one which is related to the specific machine, ex. qfEAxxxxxmx1 > qfEAxxxxxmx2 etc. If I can already do this with MailScanner or even in > sendmail that would be great as well. I think that the chance sendmail, even on different systems, will generate duplicate message ID's is very, very small so you shouldn't have a problem. > > Regards > Michael Baird Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From ka at pacific.net Wed Jun 14 15:57:07 2006 From: ka at pacific.net (Ken A) Date: Wed Jun 14 15:57:04 2006 Subject: OT: Setting Up DNSBL using RBLDNSD In-Reply-To: <034601c68fb4$31602e70$88c5c657@arthur> References: <034601c68fb4$31602e70$88c5c657@arthur> Message-ID: <449023C3.4030602@pacific.net> look in /etc/default/rbldnsd or /etc/sysconfig/rbldnsd There's got to be a config file if you are running rbldnsd. Ken Pacific.Net Michele Neylon :: Blacknight Solutions wrote: > Has anyone any tips on doing this? > > I do not want to mirror existing data (I already am :) ) > > I want to setup my own DNSBL to catch the junk that the other DNSBLS miss.. > > The only tutorials / guides I've found either refer explicitly to Bind or > make reference to rbldns-conf, which doesn't appear to exist on Ubuntu > > Any tips, thoughts or even flames are welcome > > TIA > > Michele > > Mr Michele Neylon > Blacknight Solutions > http://www.blacknight.ie/ > http://blog.blacknight.ie/ > Intl. +353 (0) 59 9183072 > UK: 0870 163 0607 > From bpumphrey at woodmclaw.com Wed Jun 14 16:07:03 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Wed Jun 14 16:07:06 2006 Subject: OT: Setting Up DNSBL using RBLDNSD Message-ID: <04D932B0071FE34FA63EBB1977B48D1501429DB5@woodenex.woodmaclaw.local> Test Please ignore From MailScanner at ecs.soton.ac.uk Wed Jun 14 16:31:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 14 16:31:38 2006 Subject: Startup script question In-Reply-To: <448FE5D5.8070103@mydream.com.hk> References: <448F8024.7060908@mydream.com.hk> <625385e30606140223y1421a9b3u55f44c6764361946@mail.gmail.com> <448FE5D5.8070103@mydream.com.hk> Message-ID: <941D5492-FE43-443F-88A0-210F5EC6C6C4@ecs.soton.ac.uk> On 14 Jun 2006, at 11:32, Levin wrote: > shuttlebox wrote: >> On 6/14/06, Levin wrote: >>> Hi, >>> >>> My mailbox running a sendmail MTA as a relay-only gateway, I setup a >>> mailscanner up and run, however I found out that if it state >>> DeliveryMode=queueonly in /etc/rc.d/init.d/MailScanner script, all >>> incoming from from otherworld will stuck into /var/spool/ >>> mqueue.in and >>> not go anywhere, also /var/log/maillog show the mail was queued NOT >>> sent, so I modify it to DeliveryMode=background, it seems work... >>> but I >>> don't know anything wrong, would you please describe a little bit my >>> statement? >> >> This page describes well what needs to be done with Sendmail. >> >> http://mailscanner.info/sendmail.html >> >> The main thing is that the listening Sendmail process does not >> deliver, instead MailScanner intercepts the message in the incoming >> queue and when it has processed it it places it in the outgoing queue >> where the other (delivering) Sendmail process takes care of it and >> sends it on its way. > Thanks, so if the DeliveryMode=background, will MailScanner/ > sendmail bypassed any detection process? No, the default sendmail command to start the incoming sendmail process is $SENDMAIL -bd -OPrivacyOptions=noetrn \ -ODeliveryMode=queueonly \ -OQueueDirectory=$INQDIR \ -OPidFile=$INPID It's the 'DeliveryMode' setting which controls what it is going to do, as you can see above. But if you omit this setting, then MailScanner will be totally bypassed. But don't take my word as gospel! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From bpumphrey at woodmclaw.com Wed Jun 14 16:43:56 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Wed Jun 14 16:44:00 2006 Subject: Spamassassin errors all of a sudden Message-ID: <04D932B0071FE34FA63EBB1977B48D1501429DFA@woodenex.woodmaclaw.local> My Rules_De_jour pointed it out to me, that I am getting some errors. I have attached the lint test so that the formatting will look better. The only thing that I have done is changed the IP address information a few times in the last few months or so. DNS is working and it can get to the internet. I would not have thought that would have had an impact on the errors. There are some weird formatting stuff in it still thought. Noted errors are: ... well too many. There are 141 errors in there. Please take a look and see if there is something obvious that I cannot see. I got fairly familiar with the MailScanner/spamassassin system, but with my knowledge the only thing that I can think of is to upgrade but I want to wait and see if that is the best thing to do. -------------- next part -------------- debug: SpamAssassin version 3.0.6 debug: Score set 0 chosen. debug: running in taint mode? yes debug: Running in taint mode, removing unsafe env vars, and resetting PATH debug: PATH included '/usr/kerberos/sbin', keeping. debug: PATH included '/usr/kerberos/bin', keeping. debug: PATH included '/usr/local/sbin', keeping. debug: PATH included '/usr/local/bin', keeping. debug: PATH included '/sbin', keeping. debug: PATH included '/bin', keeping. debug: PATH included '/usr/sbin', keeping. debug: PATH included '/usr/bin', keeping. debug: PATH included '/usr/X11R6/bin', keeping. debug: PATH included '/root/bin', which doesn't exist, dropping. debug: Final PATH set to: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin debug: diag: module installed: DBI, version 1.50 debug: diag: module installed: DB_File, version 1.809 debug: diag: module installed: Digest::SHA1, version 2.07 debug: diag: module installed: IO::Socket::UNIX, version 1.21 debug: diag: module installed: MIME::Base64, version 3.01 debug: diag: module installed: Net::DNS, version 0.48 debug: diag: module installed: Net::LDAP, version 0.31 debug: diag: module installed: Razor2::Client::Agent, version 2.80 debug: diag: module installed: Storable, version 2.13 debug: diag: module installed: URI, version 1.30 debug: ignore: using a test message to lint rules debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre debug: config: read file /etc/mail/spamassassin/init.pre debug: using "/usr/share/spamassassin" for default rules dir debug: config: read file /usr/share/spamassassin/10_misc.cf debug: config: read file /usr/share/spamassassin/20_advance_fee.cf debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf debug: config: read file /usr/share/spamassassin/20_body_tests.cf debug: config: read file /usr/share/spamassassin/20_compensate.cf debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf debug: config: read file /usr/share/spamassassin/20_drugs.cf debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf debug: config: read file /usr/share/spamassassin/20_head_tests.cf debug: config: read file /usr/share/spamassassin/20_html_tests.cf debug: config: read file /usr/share/spamassassin/20_meta_tests.cf debug: config: read file /usr/share/spamassassin/20_net_tests.cf debug: config: read file /usr/share/spamassassin/20_phrases.cf debug: config: read file /usr/share/spamassassin/20_porn.cf debug: config: read file /usr/share/spamassassin/20_ratware.cf debug: config: read file /usr/share/spamassassin/20_uri_tests.cf debug: config: read file /usr/share/spamassassin/23_bayes.cf debug: config: read file /usr/share/spamassassin/25_accessdb.cf debug: config: read file /usr/share/spamassassin/25_antivirus.cf debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf debug: config: read file /usr/share/spamassassin/25_body_tests_pl.cf debug: config: read file /usr/share/spamassassin/25_dcc.cf debug: config: read file /usr/share/spamassassin/25_domainkeys.cf debug: config: read file /usr/share/spamassassin/25_hashcash.cf debug: config: read file /usr/share/spamassassin/25_pyzor.cf debug: config: read file /usr/share/spamassassin/25_razor2.cf debug: config: read file /usr/share/spamassassin/25_replace.cf debug: config: read file /usr/share/spamassassin/25_spf.cf debug: config: read file /usr/share/spamassassin/25_textcat.cf debug: config: read file /usr/share/spamassassin/25_uribl.cf debug: config: read file /usr/share/spamassassin/30_text_de.cf debug: config: read file /usr/share/spamassassin/30_text_fr.cf debug: config: read file /usr/share/spamassassin/30_text_it.cf debug: config: read file /usr/share/spamassassin/30_text_nl.cf debug: config: read file /usr/share/spamassassin/30_text_pl.cf debug: config: read file /usr/share/spamassassin/30_text_pt_br.cf debug: config: read file /usr/share/spamassassin/50_scores.cf debug: config: read file /usr/share/spamassassin/60_awl.cf debug: config: read file /usr/share/spamassassin/60_whitelist.cf debug: config: read file /usr/share/spamassassin/60_whitelist_spf.cf debug: config: read file /usr/share/spamassassin/60_whitelist_subject.cf debug: using "/etc/mail/spamassassin" for site rules dir debug: config: read file /etc/mail/spamassassin/70_sare_adult.cf debug: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf debug: config: read file /etc/mail/spamassassin/70_sare_evilnum2.cf debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj0.cf debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj1.cf debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj2.cf debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj3.cf debug: config: read file /etc/mail/spamassassin/70_sare_html0.cf debug: config: read file /etc/mail/spamassassin/70_sare_html1.cf debug: config: read file /etc/mail/spamassassin/70_sare_html2.cf debug: config: read file /etc/mail/spamassassin/70_sare_html3.cf debug: config: read file /etc/mail/spamassassin/70_sare_obfu.cf debug: config: read file /etc/mail/spamassassin/70_sare_oem.cf debug: config: read file /etc/mail/spamassassin/70_sare_random.cf debug: config: read file /etc/mail/spamassassin/70_sare_specific.cf debug: config: read file /etc/mail/spamassassin/70_sare_spoof.cf debug: config: read file /etc/mail/spamassassin/70_sare_stocks.cf debug: config: read file /etc/mail/spamassassin/70_sare_unsub.cf debug: config: read file /etc/mail/spamassassin/70_sare_uri0.cf debug: config: read file /etc/mail/spamassassin/70_sare_uri1.cf debug: config: read file /etc/mail/spamassassin/70_sare_uri3.cf debug: config: read file /etc/mail/spamassassin/70_sare_whitelist_rcvd.cf debug: config: read file /etc/mail/spamassassin/70_sare_whitelist_spf.cf debug: config: read file /etc/mail/spamassassin/70_sc_top200.cf debug: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf debug: config: read file /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf debug: config: read file /etc/mail/spamassassin/88_FVGT_body.cf debug: config: read file /etc/mail/spamassassin/88_FVGT_headers.cf debug: config: read file /etc/mail/spamassassin/88_FVGT_rawbody.cf debug: config: read file /etc/mail/spamassassin/88_FVGT_subject.cf debug: config: read file /etc/mail/spamassassin/88_FVGT_uri.cf debug: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf debug: config: read file /etc/mail/spamassassin/antidrug.cf debug: config: read file /etc/mail/spamassassin/backhair.cf debug: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf debug: config: read file /etc/mail/spamassassin/chickenpox.cf debug: config: read file /etc/mail/spamassassin/local.cf debug: config: read file /etc/mail/spamassassin/mangled.cf debug: config: read file /etc/mail/spamassassin/tripwire.cf debug: config: read file /etc/mail/spamassassin/weeds.cf debug: using "/root/.spamassassin" for user state dir debug: using "/etc/MailScanner/spam.assassin.conf.prefs" for user prefs file debug: config: read file /etc/MailScanner/spam.assassin.conf.prefs debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9d318cc) debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9d14cf8) debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x9d73a8c) configuration file "/usr/share/spamassassin/20_advance_fee.cf" requires version 3.001001 of SpamAssassin, but this is code version 3.000006. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 332. configuration file "/usr/share/spamassassin/20_net_tests.cf" requires version 3.001001 of SpamAssassin, but this is code version 3.000006. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 332. debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9d318cc) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9d14cf8) implements 'parse_config' config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@nytimes.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@amazon.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@*.amazon.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@amazon.co.uk config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@*.amazon.co.uk config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@ora.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@*.ora.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@bn.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@mypoints.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@*.mypoints.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@paypal.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@ebay.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@foolsubs.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@match.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@walmart.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@securityfocus.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@mediaunspun.imakenews.net config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@bdcimail.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@silicon.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@newsletter.online.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@enews.buy.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@palm.m0.net config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@handspring.4at1.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf calmt@calmt.pmail.biz config: SpamAssassin failed to parse line, skipping: whitelist_from_spf allstate@allstate.rsc01.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf Documents@compliance.advancedclearing.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@CardMemberServices.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@CardMemberServices.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf CardMemberServices@reply.bankone.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@cardmemberservices.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf BankOne@notify.bankone.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf TheFinancialTeam@BankOne.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@capitalone.bfi0.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@alerts.Chase.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@discovernetwork.bfi0.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@Equifax-mail.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@fidelity2.m0.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@e.fidelity.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf fidelityinvestments@fulfillmentconcepts.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf fnbo@ProcessRequest.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@ebusiness.orchardbank.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf feedback@shps.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf 1800USBanks@usbank-email.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf DoNotReply@cems.wamu.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf eNews@wamu.m0.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@wellsfargo.m0.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf info@govdelivery.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@insurance.ca.gov config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@newsletter.myabout.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf scomp@aol.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf auto-confirm@amazon.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf order-update@amazon.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf dailyhoroscope@astrology.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf faxwave_service@callwave.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf mycheckfree@customercenter.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf inbound@coupons.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf savedsearches@ebay.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf feedblitz@mail.feedblitz.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf support@godaddy.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf message@inbound.efax.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf message@inbound.efax.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf newsletter@codeproject.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf googlealerts-noreply@google.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf accounts-noreply@google.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf adwords-noreply@google.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf raogk@raogk.org config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@topsecretrecipes.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf weekly@astrocenter.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf billing@vonage.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf sirius@sirius.01o.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@jeld-wen.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf los_angeles_times@email.latimes.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf nytdirect@nytimes.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf eupdate@wsvn.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf bounce*@mobilizemail.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@e.alsto.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@e.ambrosiawine.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@yahoo.americangreetings.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf customer_service@AnniesAttic.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf service@barnesandnoble.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf store17@bevmo.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@crateandbarrel.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@dell.m0.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf US_DFS_BSD_AUTODOC@dell.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf dsb@dell.delivery.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf US_ACS_Team_1@dell.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@disney-direct.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@drugstore.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@email.800-flowers.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@hallmark.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@hplearningcenter.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@e.homefocuscatalog.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@thehomemarketplace.emsg.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@e.improvementscatalog.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf lillianvernon@lillianvernon.i.delivery.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@mileskimball.emsg.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf Music123@email.music123.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@nokia.bfi0.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@officedepot.rsc01.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf Itinerary@production.priceline.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf Orders@RochesterClothing.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf educationts@message.scholastic.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@e.staples-deals.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@e.staples-deals.ca config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@staples.links-info.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@target.bfi0.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf auto-acknowledge@target.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf support@reply.ticketmaster.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf support@reply.ticketmaster.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@walmart.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf reminder@mail.walgreens.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf WalgreensCustomerService@mail.walgreens.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf customerservice@mail.walgreens.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf walterdrake@s2u2.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@wdrake.emsg.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf Williams-Sonoma@service.williams-sonoma.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@about.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@apcc.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf info@cds.nl config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@digitalriver.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf reply-*@nl.internet.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf Wayport*@postsnet.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@taxact.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf VMware@vmware.rsc02.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf AAA*@ProcessRequest.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@alaskaair.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf Notifications@AlaskaAir.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@2flyawa.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf newsletter@bestwesternnews.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@choicehotels.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@coair.rsc01.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf mail@jetblueconnect.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf trueblue@jetblueconnect.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@marriott.m0.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf ebreaks@marriott.delivery.net config: SpamAssassin failed to parse line, skipping: whitelist_from_spf tcy@travelocity.com config: SpamAssassin failed to parse line, skipping: whitelist_from_spf *@lists.osr.com debug: using "/root/.spamassassin" for user state dir debug: bayes: 25362 tie-ing to DB file R/O /root/.spamassassin/bayes_toks debug: bayes: 25362 tie-ing to DB file R/O /root/.spamassassin/bayes_seen debug: bayes: found bayes db version 3 debug: using "/root/.spamassassin" for user state dir debug: Score set 3 chosen. debug: ---- MIME PARSER START ---- debug: main message type: text/plain debug: parsing normal part debug: added part, type: text/plain debug: ---- MIME PARSER END ---- debug: metadata: X-Spam-Relays-Trusted: debug: metadata: X-Spam-Relays-Untrusted: debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9d318cc) implements 'parsed_metadata' debug: is Net::DNS::Resolver available? yes debug: Net::DNS version: 0.48 debug: trying (3) cingular.com... debug: looking up NS for 'cingular.com' debug: NS lookup of cingular.com failed horribly => Perhaps your resolv.conf isn't pointing at a valid server? debug: All NS queries failed => DNS unavailable (set dns_available to override) debug: is DNS available? 0 debug: decoding: no encoding detected debug: Running tests for priority: 0 debug: running header regexp tests; score so far=0 debug: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9d14cf8)) debug: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x9d73a8c)) debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org debug: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9d14cf8)) debug: all '*To' addrs: debug: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x9d73a8c)) debug: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x9d73a8c)) debug: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x9d73a8c)) debug: no method found for eval test check_for_matching_env_and_hdr_from Failed to run __ENV_AND_HDR_FROM_MATCH SpamAssassin test, skipping: (Can't locate object method "check_for_matching_env_and_hdr_from" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2341. ) debug: no method found for eval test check_for_def_spf_whitelist_from Failed to run USER_IN_DEF_SPF_WL SpamAssassin test, skipping: (Can't locate object method "check_for_def_spf_whitelist_from" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2341. ) debug: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x9d73a8c)) debug: registering glue method for check_for_spf_helo_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x9d73a8c)) debug: no method found for eval test check_for_spf_whitelist_from Failed to run USER_IN_SPF_WHITELIST SpamAssassin test, skipping: (Can't locate object method "check_for_spf_whitelist_from" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2341. ) debug: running body-text per-line regexp tests; score so far=0.125 debug: running uri tests; score so far=0.125 debug: bayes corpus size: nspam = 51080, nham = 47486 debug: tokenize: header tokens for *F = "U*ignore D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org D*org" debug: tokenize: header tokens for *m = " 1150294486 lint_rules " debug: tokenize: header tokens for *RT = " " debug: tokenize: header tokens for *RU = " " debug: bayes token 'H*Ad:D*org' => 0.0095864495619069 debug: bayes: score = 0.245677505364522 debug: bayes: 25362 untie-ing debug: bayes: 25362 untie-ing db_toks debug: bayes: 25362 untie-ing db_seen debug: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9d318cc)) debug: Razor2 is available debug: entering helper-app run mode Razor-Log: Computed razorhome from env: /root/.razor Razor-Log: Found razorhome: /root/.razor Razor-Log: read_file: 15 items read from /root/.razor/razor-agent.conf Jun 14 10:14:50.177447 check[25362]: [ 2] [bootup] Logging initiated LogDebugLevel=9 to stdout Jun 14 10:14:50.177853 check[25362]: [ 5] computed razorhome=/root/.razor, conf=/root/.razor/razor-agent.conf, ident=/root/.razor/identity-foo Jun 14 10:14:50.178039 check[25362]: [ 8] Client supported_engines: 4 8 Jun 14 10:14:50.178392 check[25362]: [ 8] prep_mail done: mail 1 headers=93, mime0=1376 Jun 14 10:14:50.178666 check[25362]: [ 5] read_file: 1 items read from /root/.razor/servers.discovery.lst Jun 14 10:14:50.178935 check[25362]: [ 5] read_file: 2 items read from /root/.razor/servers.nomination.lst Jun 14 10:14:50.179228 check[25362]: [ 5] read_file: 2 items read from /root/.razor/servers.catalogue.lst Jun 14 10:14:50.179566 check[25362]: [ 9] Assigning defaults to joy.cloudmark.com Jun 14 10:14:50.179765 check[25362]: [ 9] Assigning defaults to folly.cloudmark.com Jun 14 10:14:50.179945 check[25362]: [ 9] Assigning defaults to shock.cloudmark.com Jun 14 10:14:50.180134 check[25362]: [ 9] Assigning defaults to c101.cloudmark.com Jun 14 10:14:50.180889 check[25362]: [ 5] read_file: 16 items read from /root/.razor/server.joy.cloudmark.com.conf Jun 14 10:14:50.181398 check[25362]: [ 5] read_file: 16 items read from /root/.razor/server.joy.cloudmark.com.conf Jun 14 10:14:50.181986 check[25362]: [ 5] read_file: 19 items read from /root/.razor/server.c101.cloudmark.com.conf Jun 14 10:14:50.182544 check[25362]: [ 5] read_file: 19 items read from /root/.razor/server.c101.cloudmark.com.conf Jun 14 10:14:50.183158 check[25362]: [ 5] read_file: 19 items read from /root/.razor/server.shock.cloudmark.com.conf Jun 14 10:14:50.183726 check[25362]: [ 5] read_file: 19 items read from /root/.razor/server.shock.cloudmark.com.conf Jun 14 10:14:50.184274 check[25362]: [ 5] read_file: 17 items read from /root/.razor/server.folly.cloudmark.com.conf Jun 14 10:14:50.184797 check[25362]: [ 5] read_file: 17 items read from /root/.razor/server.folly.cloudmark.com.conf Jun 14 10:14:50.184983 check[25362]: [ 5] 111503 seconds before closest server discovery Jun 14 10:14:50.185162 check[25362]: [ 6] shock.cloudmark.com is a Catalogue Server srl 5095; computed min_cf=21, Server se: C8 Jun 14 10:14:50.185354 check[25362]: [ 8] Computed supported_engines: 4 8 Jun 14 10:14:50.185506 check[25362]: [ 8] Using next closest server shock.cloudmark.com:2703, cached info srl 5095 Jun 14 10:14:50.185628 check[25362]: [ 8] mail 1 has no subject Jun 14 10:14:50.186015 check[25362]: [ 6] preproc: mail 1.0 went from 1376 bytes to 1339 Jun 14 10:14:50.186152 check[25362]: [ 6] computing sigs for mail 1.0, len 1339 Jun 14 10:14:50.187967 check[25362]: [ 6] Engine (8) didn't produce a signature for mail 1.0 Jun 14 10:14:50.188145 check[25362]: [ 6] skipping whitelist file (empty?): /root/.razor/razor-whitelist Jun 14 10:14:50.188279 check[25362]: [ 5] Connecting to shock.cloudmark.com ... Jun 14 10:14:50.974772 check[25362]: [ 8] Connection established Jun 14 10:14:50.974983 check[25362]: [ 4] shock.cloudmark.com >> 36 server greeting: sn=C&srl=5095&a=l&a=cg&ep4=7542-10Jun 14 10:14:50.975438 check[25362]: [ 4] shock.cloudmark.com << 25 Jun 14 10:14:50.975534 check[25362]: [ 6] cn=razor-agents&cv=2.80Jun 14 10:14:50.975773 check[25362]: [ 6] shock.cloudmark.com is a Catalogue Server srl 5095; computed min_cf=21, Server se: C8 Jun 14 10:14:50.975991 check[25362]: [ 8] Computed supported_engines: 4 8 Jun 14 10:14:50.976157 check[25362]: [ 8] mail 1.0 e4 sig: xFaZIZUVHk90OQfARnenjx5BZTMA Jun 14 10:14:50.976314 check[25362]: [ 5] mail 1.0 e8 got no sig Jun 14 10:14:50.976444 check[25362]: [ 8] preparing 1 queries Jun 14 10:14:50.976660 check[25362]: [ 8] sending 1 batches Jun 14 10:14:50.976822 check[25362]: [ 4] shock.cloudmark.com << 52 Jun 14 10:14:50.976909 check[25362]: [ 6] a=c&e=4&ep4=7542-10&s=xFaZIZUVHk90OQfARnenjx5BZTMAJun 14 10:14:51.654623 check[25362]: [ 4] shock.cloudmark.com >> 5 Jun 14 10:14:51.654771 check[25362]: [ 6] response to sent.2 p=0Jun 14 10:14:51.655205 check[25362]: [ 6] mail 1.0 e=4 sig=xFaZIZUVHk90OQfARnenjx5BZTMA: sig not found. Jun 14 10:14:51.655331 check[25362]: [ 7] method 4: mail 1.0: no-contention part, spam=0 Jun 14 10:14:51.655425 check[25362]: [ 7] method 4: mail 1: all non-contention parts not spam, mail not spam Jun 14 10:14:51.655523 check[25362]: [ 3] mail 1 is not known spam. Jun 14 10:14:51.655632 check[25362]: [ 5] disconnecting from server shock.cloudmark.com Jun 14 10:14:51.655799 check[25362]: [ 4] shock.cloudmark.com << 5 Jun 14 10:14:51.655885 check[25362]: [ 6] a=qdebug: Using results from Razor v2.80 debug: Found Razor2 part: part=0 engine=4 ct=0 cf=0 debug: leaving helper-app run mode debug: Razor2 results: spam? 0 highest cf score: 0 debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9d318cc) implements 'check_tick' debug: running raw-body-text per-line regexp tests; score so far=-0.971 debug: running full-text regexp tests; score so far=-0.971 debug: Razor2 is available debug: Current PATH is: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin debug: executable for pyzor was found at /usr/bin/pyzor debug: Pyzor is available: /usr/bin/pyzor debug: entering helper-app run mode debug: setuid: helper proc 25365: ruid=0 euid=0 debug: Pyzor: got response: 66.250.40.33:24441 TimeoutError: debug: leaving helper-app run mode debug: Pyzor: couldn't grok response "66.250.40.33:24441 TimeoutError: " debug: DCCifd is not available: no r/w dccifd socket found. debug: executable for dccproc was found at /usr/local/bin/dccproc debug: DCC is available: /usr/local/bin/dccproc debug: entering helper-app run mode debug: setuid: helper proc 25370: ruid=0 euid=0 debug: DCC: got response: X-DCC-EATSERVER-Metrics: WoodenMS2.woodmaclaw.local 1166; Body=72379 Fuz1=94572 Fuz2=746022 debug: leaving helper-app run mode debug: Running tests for priority: 500 debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9d318cc) implements 'check_post_dnsbl' debug: running meta tests; score so far=-0.971 debug: running header regexp tests; score so far=0.254 debug: running body-text per-line regexp tests; score so far=0.254 debug: running uri tests; score so far=0.254 debug: running raw-body-text per-line regexp tests; score so far=0.254 debug: running full-text regexp tests; score so far=0.254 debug: Running tests for priority: 1000 debug: running meta tests; score so far=0.254 debug: running header regexp tests; score so far=0.254 debug: using "/root/.spamassassin" for user state dir debug: lock: 25362 created /root/.spamassassin/auto-whitelist.lock.WoodenMS2.woodmaclaw.local.25362 debug: lock: 25362 trying to get lock on /root/.spamassassin/auto-whitelist with 0 retries debug: lock: 25362 link to /root/.spamassassin/auto-whitelist.lock: link ok debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist debug: auto-whitelist (db-based): ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 debug: AWL active, pre-score: 0.254, autolearn score: 0.254, mean: undef, IP: undef debug: DB addr list: untie-ing and unlocking. debug: DB addr list: file locked, breaking lock. debug: unlock: 25362 unlink /root/.spamassassin/auto-whitelist.lock debug: Post AWL score: 0.254 debug: running body-text per-line regexp tests; score so far=0.254 debug: running uri tests; score so far=0.254 debug: running raw-body-text per-line regexp tests; score so far=0.254 debug: running full-text regexp tests; score so far=0.254 debug: is spam? score=0.254 required=5 debug: tests=BAYES_40,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS debug: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__SARE_WHITELIST_FLAG,__UNUSABLE_MSGID lint: 142 issues detected. please rerun with debug enabled for more information. ]0;root@WoodenMS2:~[root@WoodenMS2 ~]# [root@WoodenMS2 ~]# [root@WoodenMS2 ~]# cd /usr/share/spamassassin ]0;root@WoodenMS2:/usr/share/spamassassin[root@WoodenMS2 spamassassin]# dir 10_misc.cf 20_uri_tests.cf 30_text_de.cf 20_advance_fee.cf 23_bayes.cf 30_text_fr.cf 20_anti_ratware.cf 25_accessdb.cf 30_text_it.cf 20_body_tests.cf 25_antivirus.cf 30_text_nl.cf 20_compensate.cf 25_body_tests_es.cf 30_text_pl.cf 20_dnsbl_tests.cf 25_body_tests_pl.cf 30_text_pt_br.cf 20_drugs.cf 25_dcc.cf 50_scores.cf 20_fake_helo_tests.cf 25_domainkeys.cf 60_awl.cf 20_head_tests.cf 25_hashcash.cf 60_whitelist.cf 20_html_tests.cf 25_pyzor.cf 60_whitelist_spf.cf 20_meta_tests.cf 25_razor2.cf 60_whitelist_subject.cf 20_net_tests.cf 25_replace.cf languages 20_phrases.cf 25_spf.cf sa-update-pubkey.txt 20_porn.cf 25_textcat.cf triplets.txt 20_ratware.cf 25_uribl.cf user_prefs.template ]0;root@WoodenMS2:/usr/share/spamassassin[root@WoodenMS2 spamassassin]# ls 10_misc.cf 20_uri_tests.cf 30_text_de.cf 20_advance_fee.cf 23_bayes.cf 30_text_fr.cf 20_anti_ratware.cf 25_accessdb.cf 30_text_it.cf 20_body_tests.cf 25_antivirus.cf 30_text_nl.cf 20_compensate.cf 25_body_tests_es.cf 30_text_pl.cf 20_dnsbl_tests.cf 25_body_tests_pl.cf 30_text_pt_br.cf 20_drugs.cf 25_dcc.cf 50_scores.cf 20_fake_helo_tests.cf 25_domainkeys.cf 60_awl.cf 20_head_tests.cf 25_hashcash.cf 60_whitelist.cf 20_html_tests.cf 25_pyzor.cf 60_whitelist_spf.cf 20_meta_tests.cf 25_razor2.cf 60_whitelist_subject.cf 20_net_tests.cf 25_replace.cf languages 20_phrases.cf 25_spf.cf sa-update-pubkey.txt 20_porn.cf 25_textcat.cf triplets.txt 20_ratware.cf 25_uribl.cf user_prefs.template From Olaf.Ohlenmacher at colt.net Wed Jun 14 18:26:23 2006 From: Olaf.Ohlenmacher at colt.net (Ohlenmacher, Olaf) Date: Wed Jun 14 18:25:54 2006 Subject: Infected message slipped through -- curious warning message Message-ID: <08AD7B42A2698345BA90F9E33A46F2C4EC357E@ULPGCTMVMAI003.EU.COLT> Hello, our customer reported that he received an infected email. This email was scanned from MailScanner (Version 4.52.2 on RedHat EL ES 3) with Sophos and ClamAV (Version 0.88.2). This email was infected by "Worm.SomeFool.X-msg" (identified by ClamAV). I browsed through the logs and found a warning saying "Other Checks: Found 1 problems" for the ID of this email (see below). On this i looked for this warning and see it clutering my logs. So i suspect that many other viruses were not identified and email not desinfected. I looked through Changelog and the last two months of the mailing lists postings but found nothing that seems to be appropriate. Is this failure caused by a known bug or is it caused by configuration error? Help is appreciated! Any ideas?! Regards, Olf Logs for MailScanner Batch with 2 Emails: * k5C7P8Vo007635 (unidentified Worm.SomeFool.X-msg) and * k5C7P8P0007637 (identified W32/Zafi-B) --- schnipp --- Jun 12 09:25:16 jahrverl-li01 MailScanner[32026]: Message k5C7P8Vo007635 from 193.238.104.252 (wwwrun@server27.serverflex.de) to blinker.de is spam, spamcop.n et, SpamAssassin (score=-4.199, required 6, autolearn=not spam, ALL_TRUSTED -1.80, BAYES_00 -2.60, DNS_FROM_RFC_ABUSE 0.20) Jun 12 09:25:16 jahrverl-li01 MailScanner[32026]: SpamAssassin cache hit for message k5C7P8P0007637 Jun 12 09:25:16 jahrverl-li01 MailScanner[32026]: Spam Checks: Found 1 spam messages Jun 12 09:25:16 jahrverl-li01 MailScanner[32026]: Spam Actions: message k5C7P8Vo007635 actions are deliver Jun 12 09:25:17 jahrverl-li01 MailScanner[32026]: Virus and Content Scanning: Starting Jun 12 09:25:19 jahrverl-li01 MailScanner[32026]: Virus Scanning: Sophos found 1 infections Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: /data/spool/MailScanner/incoming/32026/./k5C7P8P0007637/link.flashcard.d e.viewcard34.php.2672aB.pif: Worm.Za fi.B FOUND Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Virus Scanning: ClamAV found 1 infections Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Infected message k5C7P8P0007637 came from 195.56.241.94 Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Virus Scanning: Found 1 viruses Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Filename Checks: Possible MS-Dos program shortcut attack (k5C7P8P0007637 link.flashcard.de.viewcard34.php.26 72aB.pif)Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Other Checks: Found 1 problems Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Viruses marked as silent: Sophos: >>> Virus 'W32/Zafi-B' found in file ./k5C7P8P0007637/link.flashcard.de.vi ewcard34.php.2672aB.pif,ClamAV: link.flashcard.de.viewcard34.php.2672aB.pif contains Worm.Zafi.B Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Uninfected: Delivered 1 messages Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Silent: Delivered 1 messages containing silent viruses Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Notices: Warned about 1 messages Jun 12 09:25:20 jahrverl-li01 MailScanner[32026]: Batch (2 messages) processed in 10.09 seconds --- schnapp --- ************************************************************************************* The message is intended for the named addressee only and may not be disclosed to or used by anyone else, nor may it be copied in any way. The contents of this message and its attachments are confidential and may also be subject to legal privilege. If you are not the named addressee and/or have received this message in error, please advise us by e-mailing security@colt.net and delete the message and any attachments without retaining any copies. Internet communications are not secure and COLT does not accept responsibility for this message, its contents nor responsibility for any viruses. No contracts can be created or varied on behalf of COLT Telecommunications, its subsidiaries or affiliates ("COLT") and any other party by email Communications unless expressly agreed in writing with such other party. Please note that incoming emails will be automatically scanned to eliminate potential viruses and unsolicited promotional emails. For more information refer to www.colt.net or contact us on +44(0)20 7390 3900. From martelm at quark.vsc.edu Wed Jun 14 18:25:52 2006 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Wed Jun 14 18:26:05 2006 Subject: Spamassassin errors all of a sudden In-Reply-To: <04D932B0071FE34FA63EBB1977B48D1501429DFA@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D1501429DFA@woodenex.woodmaclaw.lo cal> Message-ID: --On June 14, 2006 11:43:56 AM -0400 "Billy A. Pumphrey" wrote: > ... well too many. There are 141 errors in there. Please take a look > and see if there is something obvious that I cannot see. I got fairly > familiar with the MailScanner/spamassassin system, but with my knowledge > the only thing that I can think of is to upgrade but I want to wait and > see if that is the best thing to do. Let's start with the simple things. :) What version of SA do you _think_ you are running ? The log you posted thinks you're running 3.0.6 . --> debug: SpamAssassin version 3.0.6 Then later we see these lines, that indicate these rules are for version 3.1.0 . My guess is that you have one version of SA installed in one place and another in somewhere else. configuration file "/usr/share/spamassassin/20_advance_fee.cf" requires version 3.001001 of SpamAssassin, but this is code version 3.000006. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 332. configuration file "/usr/share/spamassassin/20_net_tests.cf" requires version 3.001001 of SpamAssassin, but this is code version 3.000006. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 332. Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 From mikej at rogers.com Wed Jun 14 18:46:34 2006 From: mikej at rogers.com (Mike Jakubik) Date: Wed Jun 14 18:46:25 2006 Subject: New Sendmail security feature Message-ID: <44904B7A.4060200@rogers.com> Gentlemen, start your patches! (better yet switch to postfix :) http://security.freebsd.org/advisories/FreeBSD-SA-06:17.sendmail.asc From ssilva at sgvwater.com Wed Jun 14 18:54:30 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 14 18:55:51 2006 Subject: Who does RBL checks - MailScanner or SpamAssassin? In-Reply-To: References: <014c01c68a17$6242be60$3004010a@martinhlaptop> <4486A924.5090502@netmagicsolutions.com> Message-ID: John Rudd spake the following on 6/13/2006 7:25 PM: > > >> On Wed, 7 Jun 2006, Dhawal Doshy wrote: >>> >>> Most of us run servers that pretty much do serious work ;-).. to each >>> his/her way. You can use RBLs at: >>> >>> SpamAssassin: Best way to use RBLs as per my POV.. the bad part being >>> that mails originating from ROKSO (spamhaus) are accepted and then >>> tagged. > > Sorry to reply to this so late, but, IMO, the best way to use RBLs is: > > a) do SBL and XBL at the MTA, so that you're NOT accepting ROKSO > originating emails. > > b) use those RBLs, plus any others you want to (RFC-Ignorant, etc.) in > Spam Assassin to mark messages. > > > Step a reduces your SA load, and completely rejects messages that you > can be better than 99% sure are spam. Step b lets you leverage RBLs to > help tag any other possible spam sources, but without outright rejecting > them. > > Exactly how I do it. But sbl+xbl seems to give more FP's in the eastern european and pacific rim areas. If you don't normally have contact with those regions, then this suggestion works well. I reject at least 50% of my load at the MTA. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Jun 14 19:14:33 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 14 19:15:08 2006 Subject: OUT OF OFFICE - Re: Re: sendmail refuses to use /var/spool/mqueue.in In-Reply-To: <223f97700606140217m1f7578bbr6a7b6133dbbeece9@mail.gmail.com> References: <20060614080503.14372.qmail@coruscant.stellardreams.com> <448FCBEA.7070809@gmx.de> <223f97700606140217m1f7578bbr6a7b6133dbbeece9@mail.gmail.com> Message-ID: Glenn Steen spake the following on 6/14/2006 2:17 AM: > On 14/06/06, shrek-m@gmx.de wrote: >> phillip@eacsi.com schrieb: >> > I'm out of the office until Friday or Monday. Please contact >> support@eacsi.com for assistance. >> > >> > Thanks, >> > Phillip T. George >> > Electronic & Computer Solutions, Inc. >> >> out_of_office counter - phillip@eacsi.com >> >> 1 x >> >> Subject: OUT OF OFFICE - Re: Re: Who does RBL checks - MailScanner or >> SpamAssassin? >> >> 1 x >> Subject: OUT OF OFFICE