From alex at nkpanama.com Wed Mar 1 00:35:03 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Mar 1 00:34:31 2006 Subject: OT: building a new MS machine and stuck at the firewall In-Reply-To: <4404A315.4010806@taz-mania.com> References: <440361DC.2070604@ecs.soton.ac.uk> <4403821F.4030503@taz-mania.com> <7EE0254D-DDB1-4E52-A7E1-B78C6CF89C47@ecs.soton.ac.uk> <4404A315.4010806@taz-mania.com> Message-ID: <4404EC37.6090908@nkpanama.com> service iptables stop service iptables save service iptables start That should do it. Dennis Willson wrote: > My comment about being new to managing Linux was really more targeted > to the original poster who said: > > "Well I thought that I was not a newbie, but I am already stuck and > having not did anything but install CentOS 4.2. > > I opted to enable the firewall during the setup, and now I do not even > know how to turn it off let alone configure the iptables, as it seems > that I need to do. I searched and searched and I really just want to > turn it off because it is not directly on the net. > > Any simple command ex: service firewall stop chkconfig firewall or > something to turn it off?" > > > It wasn't really meant to be directed at you... Sorry > Dennis > > > Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> >> >> On 27 Feb 2006, at 22:50, Dennis Willson wrote: >> >> >> >>> If you're new to managing Linux, >>> >> >> Yeah, a bit, only been doing it since we first opened our public >> 24x7 Linux lab back in 1993. >> >> :-) >> >> Thanks for the thought though ;-> >> >> >> >>> Webmin can make life a lot easier. You can also sometimes learn a >>> few things by looking at the config files before and after you do >>> something in Webmin to understand what the configs are really doing. >>> >>> Dennis >>> >>> Julian Field wrote: >>> >>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> >>>> >>>> Joshua Hirsh wrote: >>>> >>>> >>>>>> Any simple command ex: service firewall stop chkconfig firewall or >>>>>> something to turn it off? >>>>>> >>>>>> >>>>> Hi Billy, >>>>> >>>>> You have a few options: >>>>> >>>>> 1) type 'setup' as root and disable the firewall from there >>>>> 2) type 'service iptables stop', and 'chkconfig iptables off' >>>>> (this disabled the firewall startup script) >>>>> 3) for a temporary removal until next reboot, type 'iptables - F' >>>>> (this flushes out the iptables rules) >>>>> >>>>> >>>> Once you've got iptables in, how do you configure it? >>>> Presumably there are some reasonable firewall configuration tools >>>> included with RHEL/CentOS? >>>> I've always just done it the hard way, any time I've needed it >>>> (which is rarely, we have FW-1 connected to an active IDS), but >>>> there must be an easy way. >>>> >>>> - -- Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> Professional Support Services at www.MailScanner.biz >>>> MailScanner thanks transtec Computers for their support >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: PGP Desktop 9.0.5 (Build 5050) >>>> >>>> iQA/AwUBRANh3RH2WUcUFbZUEQLNAQCg9nXA4V/l/WAU1w57bqtLnBVr8pwAoK4x >>>> ZXeOnpzopydwEmppc7JBgj1m >>>> =lGQH >>>> -----END PGP SIGNATURE----- >>>> >>>> >>>> >>> -- >>> >>> ---------------------------------- >>> Dennis Willson >>> mailto:taz@taz-mania.com >>> http://www.taz-mania.com >>> >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> - -- Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.5 (Build 5050) >> >> iQEVAwUBRAQWwvw32o+k+q+hAQE6oAf/T+xeRlFNT077Mn5R0E4fU2iliTH/f8Ma >> ipbTFnbx4tlhM4j8atIaGcXwobUaJPt1KJ/7GElraGprdVFnzao6xbg0tUzVUJJg >> X1PuXfcGJOkhOLB7iAEKag3TgpUg3vmqdPT5bWFow/xorDmoBRe3Ep46hQD54ivg >> aAn63zXhyQooZshl4STLV34uUOXkdZUfS7DzRbwXA+ebdxcaIdzg7nsisY0SQAfx >> +N8pJkX93tLEks9owdikP+VLEgusrPwRNbUvDd3uGecvkCJ9crdlCLA3g3ixwqQA >> I9mC2EMrm/4M471pmKB2gVArF1uKdzntjaC+gFakNaoeUhJeTlbmDg== >> =lKOL >> -----END PGP SIGNATURE----- >> >> >> > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From brent.addis at pronet.co.nz Wed Mar 1 02:14:16 2006 From: brent.addis at pronet.co.nz (Brent Addis) Date: Wed Mar 1 02:15:00 2006 Subject: Mailscanner silently dying.... In-Reply-To: <4F411340-FE78-4306-8578-7D5883D508BF@ecs.soton.ac.uk> References: <007401c63c72$09467ab0$6400a8c0@flex.com> <4F411340-FE78-4306-8578-7D5883D508BF@ecs.soton.ac.uk> Message-ID: <44050378.4030708@pronet.co.nz> Will the next version fix the exim issues 4.50 introduced that I reported a couple of weeks ago? I would really like to upgrade. Julian Field wrote: > You need to run it in debug mode. You don't appear to have a recent > version, you are 10 months out of date. Please upgrade to the latest > release (new one out tomorrow) and then run "MailScanner --debug" and > see if it produces any error messages. > > On 28 Feb 2006, at 14:19, Rob wrote: > >> Mailscanner is quietly dying..... >> >> not much in the logs >> >> You can see it was going fine till 15:46, then my script restarted it >> at 16:27 >> >> I am on Debian Sarge, with Postfix SA Clamd >> >> Any ideas? >> >> Thanks... >> >> >> Feb 27 15:46:50 stewy MailScanner[8361]: HTML-Form tag found in >> message 8FEF8C285.59CF8 from subscription@businessinformationgroup.ca >> Feb 27 15:46:51 stewy MailScanner[8361]: Requeue: 8FEF8C285.59CF8 to >> 29822C298 >> >> >> Feb 27 16:27:49 stewy MailScanner[27971]: MailScanner E-Mail Virus >> Scanner version 4.41.3 starting... >> Feb 27 16:27:49 stewy MailScanner[27971]: Read 120 hostnames from the >> phishing whitelist >> Feb 27 16:27:51 stewy MailScanner[27971]: Enabling SpamAssassin >> auto-whitelist functionality... >> Feb 27 16:27:56 stewy MailScanner[27971]: Using locktype = flock >> Feb 27 16:27:56 stewy MailScanner[27971]: New Batch: Found 116 >> messages waiting >> Feb 27 16:27:56 stewy MailScanner[27971]: New Batch: Scanning 30 >> messages, 1357348 bytes >> Feb 27 16:27:56 stewy MailScanner[27971]: Spam Checks: Starting >> >> >> >> Rob... >> http://www.stupidguytalk.org >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > From ganci at nurdog.com Wed Mar 1 02:59:52 2006 From: ganci at nurdog.com (Paul R. Ganci) Date: Wed Mar 1 03:00:09 2006 Subject: File type rules Message-ID: <44050E28.3020401@nurdog.com> I have been trying to turn off the damn RTF rules and have yet to be successful. From my filename.rules.conf I commented out: # JKF 11/01/2006 Another Microsoft security vulnerability #deny winmail\.dat$ Windows security vulnerability No Outlook Rich Text Format messages due to security hole, use HTML instead From my filetype.rules.conf I commented out: #deny TNEF Windows security vulnerability No Outlook Rich Text Format messages due to security hole, use HTML instead #deny Transport Neutral Encapsulation Format Windows security vulnerability No Outlook Rich Text Format messages due to security hole, use HTML instead and yet MailScanner continues to block these: Feb 7 14:31:49 mx02 MailScanner[32634]: Virus and Content Scanning: Starting Feb 7 14:31:52 mx02 MailScanner[32701]: Expanding TNEF archive at /var/spool/MailScanner/incoming/32701/k17LV2EK006288/winmail.dat Feb 7 14:31:52 mx02 MailScanner[32701]: Virus and Content Scanning: Starting Feb 7 14:31:55 mx02 MailScanner[32701]: Filename Checks: Windows security vulnerability (k17LV2EK006288 winmail.dat) Feb 7 14:31:55 mx02 MailScanner[32701]: Other Checks: Found 1 problems Feb 7 14:31:56 mx02 MailScanner[32701]: Saved infected "winmail.dat" to /var/spool/MailScanner/quarantine/20060207/k17LV2EK006288 Yes, I restarted MailScanner after changing these rules. Please, what do I have to do to get MailScanner to stop blocking these? Thanks. -- Paul (ganci@nurdog.com) From ganci at nurdog.com Wed Mar 1 07:16:54 2006 From: ganci at nurdog.com (Paul R. Ganci) Date: Wed Mar 1 07:17:08 2006 Subject: File type rules In-Reply-To: <44050E28.3020401@nurdog.com> References: <44050E28.3020401@nurdog.com> Message-ID: <44054A66.3020201@nurdog.com> Paul R. Ganci wrote: > I have been trying to turn off the damn RTF rules and have yet to be > successful. From my filename.rules.conf I commented out: Folks, please accept my apologies ... MailScanner is working appropriately. I didn't check the log file date against the date I actually commented out the MailScanner config lines. Sorry my bad. -- Paul (ganci@nurdog.com) From MailScanner at ecs.soton.ac.uk Wed Mar 1 08:34:00 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 1 08:34:11 2006 Subject: [Fwd: Re: exim4 / mailscanner 4.50.15 spool issues] In-Reply-To: <43FAC147.3090001@pronet.co.nz> References: <43FAC147.3090001@pronet.co.nz> Message-ID: <92E6528D-CA95-47FA-8BAD-526DDB9683E9@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 21 Feb 2006, at 07:29, Brent Addis wrote: > Koopmann, Jan-Peter wrote: >> On Tuesday, February 21, 2006 1:04 AM Brent Addis wrote: >> >>> I have built a new server from scratch, instralled 4.50 and am still >>> getting this problem. Has anybody seen it at all? >>> It seems totally random. only 6 out of every 1500 happens. All seem >>> to be just text based messages with nothing odd. >>> I would really like to be use 4.50 in production but that's a no go >>> until this is sorted. >> >> First: I can confirm the problem. I am seeing the exact same >> thing. Julian. >> Something in 4.49 or 4.50 broke exim support a bit. Sometimes -H >> files are >> left in the incoming spool whereas the -D files are gone. Actually >> I have >> yet to debug if the message itself was delivered correctly. >> >> @Brent: Currently I do not think this is a showstopper. You can >> periodically >> run a small script deleting all -H files whithout corresponding -D >> files. >> Not nice but it works. >> > I believe it is. the mail does not seem to arrive at the other end. > I end up having to attach the original message to a new mail and > send it. I have had to turn on quarantine all mail just for this > reason. > > > I am seeing it in the outgoing spool queue not the incoming I think this is a locking problem. Check "Lock Type =" and see if your Exim is using the same locking type. I haven't changed the default lock type for exim. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAVcfPw32o+k+q+hAQFSoggAtqLbo7Lsw8mxcPrIk214L9c9AxncNyYQ WJ/UaNxyxP9F9Ivnxw5c67BlOrHAlom47fCsjMo0JsfyQnTLZCAHOvAYvy2D2zK3 jqy3X4h1gxRCprZfz4xF+kqJ764t8z2EPsOkDEGLOwBq5f0CDe2uCEgWDxp33eKK ZX0EL1n9ykydVOXVHLriUc8mfbx1S++80d2MNP41tx9h0dHJQ5+o9Hg5nyf1c9h0 D+69UmO4DRCjtYG91Pp0gtcImuBtO9il6Ou40pdQnvWvoCX1IrZFAf5y4oyCSz5a 6XRao4nuUzDMHsHdW5/aU2DURwcAnQL8QwuJ1EoU2DD2BBB6iuYESw== =yFJq -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Mar 1 08:51:49 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 1 08:51:59 2006 Subject: MailScanner ANNOUNCE: 4.51 released Message-ID: <25EB4DFC-F1C1-4377-A1B4-37F57B788AF8@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- I have just release 4.51. A quiet month this time, compared to January! There is just one major addition this month, an option "Use TNEF Contents". - -- You can set this to "no", "add" or "replace". - -- Unless you set it to "no", the attachments contained within the winmail.dat file, present in TNEF "Outlook Rich Text Format" messages, will be expanded and attached to the message as new attachments. - -- If you set it to "replace" the original winmail.dat file will then be removed, leaving the message the same size as when it arrived, which is important to users with slow connections or tight quotas. Download it as usual from www.mailscanner.info. The full Change Log is this: * New Features and Improvements * - - Syntax checking of Spam Actions (and its brothers) at run time. Message will be delivered if an error is found. - - Improved detection of Solaris GCC in the installers. - - New option "Use TNEF Contents" allows you to add the contents of winmail.dat attachments to messages in TNEF format. This means that users not running Microsoft Outlook can read attachments put there by badly-configured Outlook or Exchange systems. Valid values are "no", "add" or "replace" which do pretty much what they say. Explanations are in MailScanner.conf. - - Improved PID handling in sendmail on SuSE systems. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAVgp/w32o+k+q+hAQE77Qf9Ff8WOGBubUblCItP3yqq1mqP7kbmfQpm vgfLN9Abrp7wNeEkO6Xbk+Aa7WqU0P02/1u7IKXHC7H6qy2L44pJ1jykcOIRrwt5 KxB0rL2EQiOqikptvH5F9kehbmvCShu2d51G/xXiaoRqXTgadF6SUPR22VqW8glV PFnpxTvulY4kHxsR2cCXT2dsACsLn7RpttpKYTmwdl9xfSTJbmWxqsM+FZmoKrTA Wd7tI/5Jo/69Eq1KQBsjzzAwliuQUedr1ohXlQbkKbW8Oge8kvFif7MBPljx3i8f +AoXZpvycxJro5Qeq7LBIulxCPT33CkWp7vDzZZawqd9oPyb4/FiDg== =cQVP -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Wed Mar 1 14:47:32 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 1 14:47:35 2006 Subject: Mailscanner silently dying.... In-Reply-To: <007401c63c72$09467ab0$6400a8c0@flex.com> References: <007401c63c72$09467ab0$6400a8c0@flex.com> Message-ID: <223f97700603010647n38f3aa9fs@mail.gmail.com> On 28/02/06, Rob wrote: > > > > Mailscanner is quietly dying..... > > not much in the logs > > You can see it was going fine till 15:46, then my script restarted it at > 16:27 > > I am on Debian Sarge, with Postfix SA Clamd > > Any ideas? > > Thanks... > > > Feb 27 15:46:50 stewy MailScanner[8361]: HTML-Form tag found in message > 8FEF8C285.59CF8 from > subscription@businessinformationgroup.ca > Feb 27 15:46:51 stewy MailScanner[8361]: Requeue: 8FEF8C285.59CF8 to > 29822C298 > > > Feb 27 16:27:49 stewy MailScanner[27971]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Feb 27 16:27:49 stewy MailScanner[27971]: Read 120 hostnames from the > phishing whitelist > Feb 27 16:27:51 stewy MailScanner[27971]: Enabling SpamAssassin > auto-whitelist functionality... > Feb 27 16:27:56 stewy MailScanner[27971]: Using locktype = flock > Feb 27 16:27:56 stewy MailScanner[27971]: New Batch: Found 116 messages > waiting > Feb 27 16:27:56 stewy MailScanner[27971]: New Batch: Scanning 30 messages, > 1357348 bytes > Feb 27 16:27:56 stewy MailScanner[27971]: Spam Checks: Starting > IIRC this is due to some "gunk" files getting dumped into the hold queue (tnef crap, was it?). I'm pretty certain that an upgrade will fix your problems... And you could probably fix it by fiddling with what TNEF expander you use.... Search the list from about 8-10 minths back, and you'll probably see several similar errors reported (I'm too lazy....:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rob at thehostmasters.com Wed Mar 1 15:02:28 2006 From: rob at thehostmasters.com (Rob) Date: Wed Mar 1 15:02:35 2006 Subject: Mailscanner silently dying.... References: <007401c63c72$09467ab0$6400a8c0@flex.com> <223f97700603010647n38f3aa9fs@mail.gmail.com> Message-ID: <006001c63d41$28972340$6400a8c0@flex.com> Hashanaha, thanks for the reply, i guess i should upgrade as i am few versions back.... It's just 99.9% of the time Mailscanner works flawlessly! :) its only once in a while something weird happens like this.... I am wondering how i should update.upgrade, i installed with apt-get, but no newer version are released yet, well as per my sources list which is below.... dpkg reports my version as............ ii mailscanner 4.41.3-2 email virus scanner and spam tagger My sources list deb http://ftp.ndlug.nd.edu/mirrors/debian/ stable main deb-src http://ftp.ndlug.nd.edu/mirrors/debian/ stable main deb http://security.debian.org/ stable/updates main Thanks for everyone's help... Have a super day to all... Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Glenn Steen" To: "MailScanner discussion" Sent: Wednesday, March 01, 2006 9:47 AM Subject: Re: Mailscanner silently dying.... On 28/02/06, Rob wrote: > > > > Mailscanner is quietly dying..... > > not much in the logs > > You can see it was going fine till 15:46, then my script restarted it at > 16:27 > > I am on Debian Sarge, with Postfix SA Clamd > > Any ideas? > > Thanks... > > > Feb 27 15:46:50 stewy MailScanner[8361]: HTML-Form tag found in message > 8FEF8C285.59CF8 from > subscription@businessinformationgroup.ca > Feb 27 15:46:51 stewy MailScanner[8361]: Requeue: 8FEF8C285.59CF8 to > 29822C298 > > > Feb 27 16:27:49 stewy MailScanner[27971]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Feb 27 16:27:49 stewy MailScanner[27971]: Read 120 hostnames from the > phishing whitelist > Feb 27 16:27:51 stewy MailScanner[27971]: Enabling SpamAssassin > auto-whitelist functionality... > Feb 27 16:27:56 stewy MailScanner[27971]: Using locktype = flock > Feb 27 16:27:56 stewy MailScanner[27971]: New Batch: Found 116 messages > waiting > Feb 27 16:27:56 stewy MailScanner[27971]: New Batch: Scanning 30 messages, > 1357348 bytes > Feb 27 16:27:56 stewy MailScanner[27971]: Spam Checks: Starting > IIRC this is due to some "gunk" files getting dumped into the hold queue (tnef crap, was it?). I'm pretty certain that an upgrade will fix your problems... And you could probably fix it by fiddling with what TNEF expander you use.... Search the list from about 8-10 minths back, and you'll probably see several similar errors reported (I'm too lazy....:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From brent.bolin at gmail.com Wed Mar 1 15:29:34 2006 From: brent.bolin at gmail.com (BB) Date: Wed Mar 1 15:29:38 2006 Subject: I need help. I'm out of time and out of patients Message-ID: <787dcac20603010729j6b716e7etcbec96ebe357f0f@mail.gmail.com> The last two weeks have kinda sucked. Got engaged for the first time on valentines day, got laid off on Friday. Do you know what I mean ? I would ask this in the MailScanner group but the list has been screwed up for ever. Bassiclly I wan't to allow all outbound file attachments. This is a FreeBSD box In the past I have configured "filename.rules" like this to allow releases from the mailwatch html interface - From: 127.0.0.1 /usr/local/etc/MailScanner/filename.rules.allowall.conf FromOrTo: default /usr/local/etc/MailScanner/filename.rules.conf filename.rules.allow.conf is this - allow .* - - What is the syntax to allow rfc1918 networks 192.168 192.168.11.0/24 192.168.0.0/16 Thanks...btb -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060301/1c416f55/attachment.html From martinh at solid-state-logic.com Wed Mar 1 15:47:19 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Mar 1 15:47:27 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: <787dcac20603010729j6b716e7etcbec96ebe357f0f@mail.gmail.com> Message-ID: <016501c63d47$6c169730$3004010a@martinhlaptop> HI This is the phishing net firing, not the filename checks.... Change this setting to "no".. Also Find Numeric Phishing = yes -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of BB > Sent: 01 March 2006 15:30 > To: mailscanner@lists.mailscanner.info > Subject: I need help. I'm out of time and out of patients > > The last two weeks have kinda sucked. > > Got engaged for the first time on valentines day, got laid off on Friday. > Do you know what I mean ? > > I would ask this in the MailScanner group but the list has been screwed up > for ever. > > Bassiclly I wan't to allow all outbound file attachments. > > This is a FreeBSD box > > In the past I have configured "filename.rules" like this to allow releases > from the mailwatch html interface - > > From: MailScanner warning: numerical links are often malicious: 127.0.0.1 > > /usr/local/etc/MailScanner/filename.rules.allowall.conf > FromOrTo: default /usr/local/etc/MailScanner/filename.rules.conf > > > filename.rules.allow.conf is this - > > allow .* - - > > > What is the syntax to allow rfc1918 networks > > 192.168 > MailScanner warning: numerical links are often malicious: 192.168.11.0/24 > > MailScanner warning: numerical links are often malicious: 192.168.0.0/16 > > > Thanks...btb > > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Wed Mar 1 15:50:50 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 1 15:51:01 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: <787dcac20603010729j6b716e7etcbec96ebe357f0f@mail.gmail.com> References: <787dcac20603010729j6b716e7etcbec96ebe357f0f@mail.gmail.com> Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 487 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060301/e7907d86/PGP.bin From MailScanner at ecs.soton.ac.uk Wed Mar 1 15:52:40 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 1 15:52:52 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: <016501c63d47$6c169730$3004010a@martinhlaptop> References: <016501c63d47$6c169730$3004010a@martinhlaptop> Message-ID: <305DB571-DFEA-498B-9204-38214CB45490@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- I suspect the phishing net comments were added by the MailScanner that protects the mailing list, and weren't in his original text. On 1 Mar 2006, at 15:47, Martin Hepworth wrote: > HI > > This is the phishing net firing, not the filename checks.... > > Change this setting to "no".. > > Also Find Numeric Phishing = yes > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of BB >> Sent: 01 March 2006 15:30 >> To: mailscanner@lists.mailscanner.info >> Subject: I need help. I'm out of time and out of patients >> >> The last two weeks have kinda sucked. >> >> Got engaged for the first time on valentines day, got laid off on >> Friday. >> Do you know what I mean ? >> >> I would ask this in the MailScanner group but the list has been >> screwed up >> for ever. >> >> Bassiclly I wan't to allow all outbound file attachments. >> >> This is a FreeBSD box >> >> In the past I have configured "filename.rules" like this to allow >> releases >> from the mailwatch html interface - >> >> From: MailScanner warning: numerical links are often malicious: >> 127.0.0.1 >> >> /usr/local/etc/MailScanner/filename.rules.allowall.conf >> FromOrTo: default /usr/local/etc/MailScanner/filename.rules.conf >> >> >> filename.rules.allow.conf is this - >> >> allow .* - - >> >> >> What is the syntax to allow rfc1918 networks >> >> 192.168 >> MailScanner warning: numerical links are often malicious: >> 192.168.11.0/24 >> >> MailScanner warning: numerical links are often malicious: >> 192.168.0.0/16 >> >> >> Thanks...btb >> >> > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAXDS/w32o+k+q+hAQGoNwgAuB/SoCBVuPwM0v/CBeLCpJBIRKlONFYh pHkUJQAjj/NYmDUvl6038c4WmkLwjjVK6G2pqc9fh9wghI0OHCn38Umx0tzwTOof o6rCZ80MY8bI/y2/dsfroBYTpF+bU6BDTp4EL6liAas/EEV0/K70Zwp0+wRqfHLZ ISrxWiIhnUD+GonmzNCkCNqrRIj7V97H26JCDPBsDljC8RXQn3eMkurqs9MOYsXc h5izKAFOfxk3tN1Krwum7/c6o2saSP75Cm321cnPBqobN2YIFz61FVNCi7JyoNd4 P5k2UMSCgKmPBzAuQaZHaYiB+ND5XN9+IQEbTl4KvDhCDe6e7e7MrQ== =NGcL -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ryan at marinocrane.com Wed Mar 1 16:02:27 2006 From: ryan at marinocrane.com (Ryan Pitt) Date: Wed Mar 1 16:02:32 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: <787dcac20603010729j6b716e7etcbec96ebe357f0f@mail.gmail.com> References: <787dcac20603010729j6b716e7etcbec96ebe357f0f@mail.gmail.com> Message-ID: <4405C593.2030905@marinocrane.com> On the bright side.... Congratulations on your engagement!! BB wrote: > The last two weeks have kinda sucked. > > Got engaged for the first time on valentines day, got laid off on > Friday. Do you know what I mean ? > > I would ask this in the MailScanner group but the list has been > screwed up for ever. > > Bassiclly I wan't to allow all outbound file attachments. > > This is a FreeBSD box > > In the past I have configured "filename.rules" like this to allow > releases from the mailwatch html interface - > > From: *MailScanner warning: numerical links are often malicious:* > 127.0.0.1 > /usr/local/etc/MailScanner/filename.rules.allowall.conf > FromOrTo: default /usr/local/etc/MailScanner/filename.rules.conf > > > filename.rules.allow.conf is this - > > allow .* - - > > > What is the syntax to allow rfc1918 networks > > 192.168 > *MailScanner warning: numerical links are often malicious:* > 192.168.11.0/24 > *MailScanner warning: numerical links are often malicious:* > 192.168.0.0/16 > > Thanks...btb > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060301/a6e7476d/attachment.html From ugob at camo-route.com Wed Mar 1 16:00:53 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Wed Mar 1 16:03:06 2006 Subject: Chinese e-mail Message-ID: Hi, Would it be dangerous to have a mailscanner server processing chinese people while most of its traffic is french and english? I know bayes would be effective, but... anything else I should check? Regards, Ugo From brent.bolin at gmail.com Wed Mar 1 16:14:27 2006 From: brent.bolin at gmail.com (BB) Date: Wed Mar 1 16:14:31 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: <305DB571-DFEA-498B-9204-38214CB45490@ecs.soton.ac.uk> References: <016501c63d47$6c169730$3004010a@martinhlaptop> <305DB571-DFEA-498B-9204-38214CB45490@ecs.soton.ac.uk> Message-ID: <787dcac20603010814u153babf3t27f60e84e90f7e56@mail.gmail.com> Thanks Julian As my new wife tobe would say - Your not getting older, your getting longer. btb On 3/1/06, Julian Field wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > I suspect the phishing net comments were added by the MailScanner > that protects the mailing list, and weren't in his original text. > > On 1 Mar 2006, at 15:47, Martin Hepworth wrote: > > > HI > > > > This is the phishing net firing, not the filename checks.... > > > > Change this setting to "no".. > > > > Also Find Numeric Phishing = yes > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of BB > >> Sent: 01 March 2006 15:30 > >> To: mailscanner@lists.mailscanner.info > >> Subject: I need help. I'm out of time and out of patients > >> > >> The last two weeks have kinda sucked. > >> > >> Got engaged for the first time on valentines day, got laid off on > >> Friday. > >> Do you know what I mean ? > >> > >> I would ask this in the MailScanner group but the list has been > >> screwed up > >> for ever. > >> > >> Bassiclly I wan't to allow all outbound file attachments. > >> > >> This is a FreeBSD box > >> > >> In the past I have configured "filename.rules" like this to allow > >> releases > >> from the mailwatch html interface - > >> > >> From: MailScanner warning: numerical links are often malicious: > >> 127.0.0.1 > >> > >> /usr/local/etc/MailScanner/filename.rules.allowall.conf > >> FromOrTo: default /usr/local/etc/MailScanner/filename.rules.conf > >> > >> > >> filename.rules.allow.conf is this - > >> > >> allow .* - - > >> > >> > >> What is the syntax to allow rfc1918 networks > >> > >> 192.168 > >> MailScanner warning: numerical links are often malicious: > >> 192.168.11.0/24 > >> > >> MailScanner warning: numerical links are often malicious: > >> 192.168.0.0/16 > >> > >> > >> Thanks...btb > >> > >> > > > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQEVAwUBRAXDS/w32o+k+q+hAQGoNwgAuB/SoCBVuPwM0v/CBeLCpJBIRKlONFYh > pHkUJQAjj/NYmDUvl6038c4WmkLwjjVK6G2pqc9fh9wghI0OHCn38Umx0tzwTOof > o6rCZ80MY8bI/y2/dsfroBYTpF+bU6BDTp4EL6liAas/EEV0/K70Zwp0+wRqfHLZ > ISrxWiIhnUD+GonmzNCkCNqrRIj7V97H26JCDPBsDljC8RXQn3eMkurqs9MOYsXc > h5izKAFOfxk3tN1Krwum7/c6o2saSP75Cm321cnPBqobN2YIFz61FVNCi7JyoNd4 > P5k2UMSCgKmPBzAuQaZHaYiB+ND5XN9+IQEbTl4KvDhCDe6e7e7MrQ== > =NGcL > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060301/274970d5/attachment.html From MailScanner at ecs.soton.ac.uk Wed Mar 1 16:16:03 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 1 16:16:15 2006 Subject: Chinese e-mail In-Reply-To: References: Message-ID: <11BAA984-2637-485D-ABC4-5C4DC0F4E062@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Check out ok_locales in spam.assassin.prefs.conf. The default value is "all" according to man Mail::SpamAssassin::Conf. On 1 Mar 2006, at 16:00, Ugo Bellavance wrote: > Hi, > > Would it be dangerous to have a mailscanner server processing > chinese people while most of its traffic is french and english? I > know bayes would be effective, but... anything else I should check? > > Regards, > > Ugo > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAXIxvw32o+k+q+hAQEMIwf/bcaCfIxh2pUquMDsI3MsgDjxnOh+QCh4 A40j4EMIa/vV3krsnBnKioEoWMiTBGE54Q2gTef7s4Cza61tUK5VqYRjijSjElCn lZc8UFCPAolYSmFABJ6X3VrL20C/c2aI6PtOEODwFuHSpAOhuEHHj9Bb3CunvJ/3 AaeKbDUSU191+FvOmmQhGmtXOp4YR8tHKhAnP7vYXN7MJpVt8oK67NpCUlhepukj FmZhoiRFFVsxbHeY16OY74uHa9w8YMuDamT1vxgCjiIgANGxUQ0QwwNMMwQevswj ULjEU9ipggJ4wRHTXbApFIosB4+6FXEo4BtQk6h4gAfbLhgs5fjvjQ== =oRfA -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From campbell at cnpapers.com Wed Mar 1 16:24:57 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Mar 1 16:25:11 2006 Subject: I need help. I'm out of time and out of patients References: <016501c63d47$6c169730$3004010a@martinhlaptop><305DB571-DFEA-498B-9204-38214CB45490@ecs.soton.ac.uk> <787dcac20603010814u153babf3t27f60e84e90f7e56@mail.gmail.com> Message-ID: <003401c63d4c$ae89c0b0$0705000a@DDF5DW71> I can't wait to see the postings as replys to this one. Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: BB To: MailScanner discussion Sent: Wednesday, March 01, 2006 11:14 AM Subject: Re: I need help. I'm out of time and out of patients Thanks Julian As my new wife tobe would say - Your not getting older, your getting longer. btb On 3/1/06, Julian Field < MailScanner@ecs.soton.ac.uk> wrote: -----BEGIN PGP SIGNED MESSAGE----- I suspect the phishing net comments were added by the MailScanner that protects the mailing list, and weren't in his original text. On 1 Mar 2006, at 15:47, Martin Hepworth wrote: > HI > > This is the phishing net firing, not the filename checks.... > > Change this setting to "no".. > > Also Find Numeric Phishing = yes > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of BB >> Sent: 01 March 2006 15:30 >> To: mailscanner@lists.mailscanner.info >> Subject: I need help. I'm out of time and out of patients >> >> The last two weeks have kinda sucked. >> >> Got engaged for the first time on valentines day, got laid off on >> Friday. >> Do you know what I mean ? >> >> I would ask this in the MailScanner group but the list has been >> screwed up >> for ever. >> >> Bassiclly I wan't to allow all outbound file attachments. >> >> This is a FreeBSD box >> >> In the past I have configured "filename.rules" like this to allow >> releases >> from the mailwatch html interface - >> >> From: MailScanner warning: numerical links are often malicious: >> 127.0.0.1 >> >> /usr/local/etc/MailScanner/filename.rules.allowall.conf >> FromOrTo: default /usr/local/etc/MailScanner/filename.rules.conf >> >> >> filename.rules.allow.conf is this - >> >> allow .* - - >> >> >> What is the syntax to allow rfc1918 networks >> >> 192.168 >> MailScanner warning: numerical links are often malicious: >> 192.168.11.0/24 >> >> MailScanner warning: numerical links are often malicious: >> 192.168.0.0/16 >> < http://192.168.0.0/16> >> >> Thanks...btb >> >> > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAXDS/w32o+k+q+hAQGoNwgAuB/SoCBVuPwM0v/CBeLCpJBIRKlONFYh pHkUJQAjj/NYmDUvl6038c4WmkLwjjVK6G2pqc9fh9wghI0OHCn38Umx0tzwTOof o6rCZ80MY8bI/y2/dsfroBYTpF+bU6BDTp4EL6liAas/EEV0/K70Zwp0+wRqfHLZ ISrxWiIhnUD+GonmzNCkCNqrRIj7V97H26JCDPBsDljC8RXQn3eMkurqs9MOYsXc h5izKAFOfxk3tN1Krwum7/c6o2saSP75Cm321cnPBqobN2YIFz61FVNCi7JyoNd4 P5k2UMSCgKmPBzAuQaZHaYiB+ND5XN9+IQEbTl4KvDhCDe6e7e7MrQ== =NGcL -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ------------------------------------------------------------------------------ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060301/15c6f1ad/attachment.html From alex at nkpanama.com Wed Mar 1 16:26:07 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Mar 1 16:30:44 2006 Subject: Chinese e-mail In-Reply-To: References: Message-ID: <4405CB1F.4040803@nkpanama.com> I would stick to having it process their e-mail. The Dept. of Immigration should take care of chinese people - or french and english people for that matter. ;) Ugo Bellavance wrote: > Hi, > > Would it be dangerous to have a mailscanner server processing > chinese people while most of its traffic is french and english? I > know bayes would be effective, but... anything else I should check? > > Regards, > > Ugo > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From matt at coders.co.uk Wed Mar 1 16:31:30 2006 From: matt at coders.co.uk (Matt Hampton) Date: Wed Mar 1 16:31:27 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: <003401c63d4c$ae89c0b0$0705000a@DDF5DW71> References: <016501c63d47$6c169730$3004010a@martinhlaptop><305DB571-DFEA-498B-9204-38214CB45490@ecs.soton.ac.uk> <787dcac20603010814u153babf3t27f60e84e90f7e56@mail.gmail.com> <003401c63d4c$ae89c0b0$0705000a@DDF5DW71> Message-ID: <4405CC62.1000708@coders.co.uk> Steve Campbell wrote: > I can't wait to see the postings as replys to this one. >>> Your not getting older, your getting longer. But that would childish. matt From martinh at solid-state-logic.com Wed Mar 1 16:32:08 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Mar 1 16:33:17 2006 Subject: Chinese e-mail In-Reply-To: Message-ID: <019201c63d4d$ca4fee90$3004010a@martinhlaptop> Ugo I do quite a bit of Japanese, French, German, Russian/Polish etc with my setup which is predominately English otherwise. No problem I know of -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ugo Bellavance > Sent: 01 March 2006 16:01 > To: mailscanner@lists.mailscanner.info > Subject: Chinese e-mail > > Hi, > > Would it be dangerous to have a mailscanner server processing > chinese > people while most of its traffic is french and english? I know bayes > would be effective, but... anything else I should check? > > Regards, > > Ugo > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From jaearick at colby.edu Wed Mar 1 16:37:55 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Mar 1 16:38:13 2006 Subject: 4.51.4: security concerns, TNEF question Message-ID: Julian, Whilst staring at the new logging additions to TNEF.pm, I noticed the lines: system("rm -rf /tmp/tnef.$$"); Harrumph. I would recommend replacing this with an unlink() call instead (use -U for directory, or unlink() and rmdir()). It would save the cost of a fork() and exec() to create a subshell. Security-wise, I also get nervous when I do not see a full pathname for "rm" in code that runs as root. Likewise, I spotted similar relative-path system() calls in f-prot-autoupdate (wget, cp, unzip) rav-autoupdate (chmod) vexira-autoupdate (wget) Maybe you would want to replace the "system($rm..." calls elsewhere (eg, sophos-autoupdate) with similar unlink() calls? On another note, I see the syslogging for "added TNEF contents" in TNEF.pm, but no "replaced TNEF contents" anywhere. Is there syslogging of a "replace TNEF" event? Jeff Earickson Colby College From brendan at chard.net Wed Mar 1 17:08:09 2006 From: brendan at chard.net (Brendan Chard | Chard.Net) Date: Wed Mar 1 17:09:14 2006 Subject: Exim Custom Router Message-ID: <033201c63d52$b9001200$a000a8c0@sangria> I see in the wiki documentation how to set up a custom router for one domain in exim. How can I make it work if I want the custom router to handle 3 domains. So basically... custom_router: driver = manualroute domains = domain1.com domain2.com domain3.com transport = remote_smtp route_list = "* mailserver.com" Will this work? -Brendan Chard brendan@chard.net Chard.Net Putting Professionals Online Website Design | Hosting | Maintenance ph: 1.800.741.8034 fax: 1.888.605.0495 web: http://www.chard.net From ssilva at sgvwater.com Wed Mar 1 17:55:05 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 1 17:57:22 2006 Subject: Mailscanner silently dying.... In-Reply-To: <006001c63d41$28972340$6400a8c0@flex.com> References: <007401c63c72$09467ab0$6400a8c0@flex.com> <223f97700603010647n38f3aa9fs@mail.gmail.com> <006001c63d41$28972340$6400a8c0@flex.com> Message-ID: Rob spake the following on 3/1/2006 7:02 AM: > Hashanaha, thanks for the reply, i guess i should upgrade as i am few > versions back.... It's just 99.9% of the time Mailscanner works flawlessly! > > :) > > its only once in a while something weird happens like this.... > > I am wondering how i should update.upgrade, i installed with apt-get, > but no newer version are released yet, well as per my sources list which > is below.... > > dpkg reports my version as............ ii mailscanner > 4.41.3-2 email virus scanner and spam tagger > > My sources list > > deb http://ftp.ndlug.nd.edu/mirrors/debian/ stable main > deb-src http://ftp.ndlug.nd.edu/mirrors/debian/ stable main > deb http://security.debian.org/ stable/updates main Even Debian unstable is only at 4.46.2-3. If that is current enough, you can get it from http://packages.debian.org/unstable/mail/mailscanner.html. If you want the newest, you will have to "use the source". From joshua.hirsh at partnersolutions.ca Wed Mar 1 18:06:55 2006 From: joshua.hirsh at partnersolutions.ca (Joshua Hirsh) Date: Wed Mar 1 18:06:58 2006 Subject: 4.51.4: security concerns, TNEF question Message-ID: > Harrumph. I would recommend replacing this with an unlink() > call instead (use -U for directory, or unlink() and rmdir()). > It would save the cost of a fork() and exec() to create a subshell. > Security-wise, I also get nervous when I do not see a full pathname > for "rm" in code that runs as root. Hi Jeff, Although I do agree with you over the use of unlink compared to forking to rm, the PATH is already sanitized by MailScanner. In the main program, you'll find this line: $ENV{PATH}="/sbin:/bin:/usr/sbin:/usr/bin"; So the path to rm is indeed sanitized. I'm not sure if this is being done for the AV helper scripts though. Cheers, -Joshua From ssilva at sgvwater.com Wed Mar 1 18:07:05 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 1 18:10:23 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: <787dcac20603010814u153babf3t27f60e84e90f7e56@mail.gmail.com> References: <016501c63d47$6c169730$3004010a@martinhlaptop> <305DB571-DFEA-498B-9204-38214CB45490@ecs.soton.ac.uk> <787dcac20603010814u153babf3t27f60e84e90f7e56@mail.gmail.com> Message-ID: BB spake the following on 3/1/2006 8:14 AM: > Thanks Julian > > As my new wife to be would say - > > Your not getting older, your getting longer. Or as my current wife says; "Shut up and roll over, you're snoring!" See what you have to look forward to ;-) From jaearick at colby.edu Wed Mar 1 18:26:18 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Mar 1 18:26:25 2006 Subject: 4.51.4: security concerns, TNEF question In-Reply-To: References: Message-ID: All, Good, that makes me feel better security-wise. Unlink() would be rippin fast compared to system(), just decrement the link count in the kernel, done. No overhead. A nanosecond here, a nanosecond there, pretty soon you have a billable hour! Jeff Earickson Colby College On Wed, 1 Mar 2006, Joshua Hirsh wrote: > Date: Wed, 1 Mar 2006 13:06:55 -0500 > From: Joshua Hirsh > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: RE: 4.51.4: security concerns, TNEF question > >> Harrumph. I would recommend replacing this with an unlink() >> call instead (use -U for directory, or unlink() and rmdir()). >> It would save the cost of a fork() and exec() to create a subshell. >> Security-wise, I also get nervous when I do not see a full pathname >> for "rm" in code that runs as root. > > > Hi Jeff, > > Although I do agree with you over the use of unlink compared to forking to rm, the PATH is already sanitized by MailScanner. In the main program, you'll find this line: > > $ENV{PATH}="/sbin:/bin:/usr/sbin:/usr/bin"; > > So the path to rm is indeed sanitized. I'm not sure if this is being done for the AV helper scripts though. > > > Cheers, > -Joshua > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Wed Mar 1 18:26:51 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 1 18:26:56 2006 Subject: 4.51.4: security concerns, TNEF question In-Reply-To: References: Message-ID: <4405E76B.9050805@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeff A. Earickson wrote: > Julian, > > Whilst staring at the new logging additions to TNEF.pm, I > noticed the lines: > > system("rm -rf /tmp/tnef.$$"); > > Harrumph. I would recommend replacing this with an unlink() > call instead (use -U for directory, or unlink() and rmdir()). It would > save the cost of a fork() and exec() to create a subshell. > Security-wise, I also get nervous when I do not see a full pathname > for "rm" in code that runs as root. As someone else has already pointed out, the $PATH is fixed at startup, so this is pretty safe. To emulate "rm -rf" in Perl, I will have to do quite a clever tree walk, as I don't want to follow soft or hard links. "rm -rf" solves a non-trivial problem, and I don't like reinventing the wheel. Is it really that bad? > > Likewise, I spotted similar relative-path system() calls in > > f-prot-autoupdate (wget, cp, unzip) > rav-autoupdate (chmod) > vexira-autoupdate (wget) > > Maybe you would want to replace the "system($rm..." calls elsewhere > (eg, sophos-autoupdate) with similar unlink() calls? I will have to take a look at these. It depends what the rm options given are. > > On another note, I see the syslogging for "added TNEF contents" > in TNEF.pm, but no "replaced TNEF contents" anywhere. Is there > syslogging of a "replace TNEF" event? If the TNEF contents have been successfully extracted, then the winmail.dat file is deleted elsewhere. Try taking a look in Message.pm (I think). Grep for winmail.dat and you should find it, or else 'foundtnefattachments'. The TNEF contents are added in 1 place. If successful and what the user wanted, then the winmail.dat file is deleted later. It's around line 1569 in Message.pm. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAXnbBH2WUcUFbZUEQK65gCfSViMc/t/CmzHJIrRc3XAQGoN2hoAoJo5 3yJWWTXHSjfaSxc8+7CsStRX =CUGh -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Mar 1 18:29:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 1 18:29:35 2006 Subject: Mailscanner silently dying.... In-Reply-To: References: <007401c63c72$09467ab0$6400a8c0@flex.com> <223f97700603010647n38f3aa9fs@mail.gmail.com> <006001c63d41$28972340$6400a8c0@flex.com> Message-ID: <4405E80B.5000402@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > Rob spake the following on 3/1/2006 7:02 AM: > >> Hashanaha, thanks for the reply, i guess i should upgrade as i am few >> versions back.... It's just 99.9% of the time Mailscanner works flawlessly! >> >> :) >> >> its only once in a while something weird happens like this.... >> >> I am wondering how i should update.upgrade, i installed with apt-get, >> but no newer version are released yet, well as per my sources list which >> is below.... >> >> dpkg reports my version as............ ii mailscanner >> 4.41.3-2 email virus scanner and spam tagger >> >> My sources list >> >> deb http://ftp.ndlug.nd.edu/mirrors/debian/ stable main >> deb-src http://ftp.ndlug.nd.edu/mirrors/debian/ stable main >> deb http://security.debian.org/ stable/updates main >> > Even Debian unstable is only at 4.46.2-3. If that is current enough, you can > get it from http://packages.debian.org/unstable/mail/mailscanner.html. > If you want the newest, you will have to "use the source". > Can anyone come up with some good uses for "www.UseTheSource.info" and/or "www.UseTheSource.biz"? I registered them a little while ago. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAXoDBH2WUcUFbZUEQKYRQCgoy0T0Rm71Z25Nk1BR8S7tX7MbHIAoNaG g76TeWdH8ycCXGhAqFqPK7Vo =zmcs -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Mar 1 18:30:15 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 1 18:30:18 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: References: <016501c63d47$6c169730$3004010a@martinhlaptop> <305DB571-DFEA-498B-9204-38214CB45490@ecs.soton.ac.uk> <787dcac20603010814u153babf3t27f60e84e90f7e56@mail.gmail.com> Message-ID: <4405E837.4010905@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > BB spake the following on 3/1/2006 8:14 AM: > >> Thanks Julian >> >> As my new wife to be would say - >> >> Your not getting older, your getting longer. >> > Or as my current wife says; > "Shut up and roll over, you're snoring!" > See what you have to look forward to ;-) > Fortunately I'm not married, so don't suffer that problem :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAXoNxH2WUcUFbZUEQKXVQCdH7skv9X1cni+Q9oJdpHsOotFlRwAmwZm +zPJm+wVIHdeYqTQ5dzEyDWT =TfbZ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jaearick at colby.edu Wed Mar 1 18:50:52 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Mar 1 18:50:59 2006 Subject: 4.51.4: security concerns, TNEF question In-Reply-To: <4405E76B.9050805@ecs.soton.ac.uk> References: <4405E76B.9050805@ecs.soton.ac.uk> Message-ID: On Wed, 1 Mar 2006, Julian Field wrote: >> Whilst staring at the new logging additions to TNEF.pm, I >> noticed the lines: >> >> system("rm -rf /tmp/tnef.$$"); >> >> Harrumph. I would recommend replacing this with an unlink() >> call instead (use -U for directory, or unlink() and rmdir()). It would >> save the cost of a fork() and exec() to create a subshell. >> Security-wise, I also get nervous when I do not see a full pathname >> for "rm" in code that runs as root. > As someone else has already pointed out, the $PATH is fixed at startup, > so this is pretty safe. > > To emulate "rm -rf" in Perl, I will have to do quite a clever tree walk, > as I don't want to follow soft or hard links. "rm -rf" solves a > non-trivial problem, and I don't like reinventing the wheel. Is it > really that bad? I have to concede your point. Going back and looking at the perldoc for unlink() I now realize that the "-U" is not an arg to unlink() but an arg to perl itself as in "do Unsafe things as root". Yikes. >> >> Likewise, I spotted similar relative-path system() calls in >> >> f-prot-autoupdate (wget, cp, unzip) >> rav-autoupdate (chmod) >> vexira-autoupdate (wget) >> >> Maybe you would want to replace the "system($rm..." calls elsewhere >> (eg, sophos-autoupdate) with similar unlink() calls? > I will have to take a look at these. It depends what the rm options > given are. >> >> On another note, I see the syslogging for "added TNEF contents" >> in TNEF.pm, but no "replaced TNEF contents" anywhere. Is there >> syslogging of a "replace TNEF" event? > If the TNEF contents have been successfully extracted, then the > winmail.dat file is deleted elsewhere. Try taking a look in Message.pm > (I think). Grep for winmail.dat and you should find it, or else > 'foundtnefattachments'. The TNEF contents are added in 1 place. If > successful and what the user wanted, then the winmail.dat file is > deleted later. It's around line 1569 in Message.pm. Ok, confusion on my part. The one example that I have seen go by this morning since upgrading is: Mar 1 12:14:36 basalt sendmail[3845]: [ID 801593 mail.info] k21HERwo003845: from=, size=36670, class=-60, nrcpts=1, msgid=<775EC5882A29A34DBC4F95D80DDF61FE01757CCD@s31xe5.systems.smu.edu>, proto=SMTP, daemon=MTA, relay=n27.bullet.scd.yahoo.com [66.94.237.56] Mar 1 12:14:49 basalt <22>MailScanner[14496]: Expanding TNEF archive at /tmp/14496/k21HERwo003845/winmail.dat Mar 1 12:14:49 basalt <22>MailScanner[14496]: Message k21HERwo003845 added TNEF contents image.jpg Mar 1 12:14:51 basalt sendmail[4123]: [ID 801593 mail.info] k21HERwo003845: to=, delay=00:00:16, xdelay=00:00:00, mailer=local, pri=264670, dsn=2.0.0, stat=Sent Mar 1 12:14:51 basalt sendmail[4123]: [ID 801593 mail.info] k21HERwo003845: done; delay=00:00:16, ntries=1 I just have to know that "added" means "replaced" in my case. I look forward to this new feature solving my headaches with remote Exchange users. Many thanks! Jeff Earickson Colby College From ssilva at sgvwater.com Wed Mar 1 18:48:36 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 1 18:59:43 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: <4405E837.4010905@ecs.soton.ac.uk> References: <016501c63d47$6c169730$3004010a@martinhlaptop> <305DB571-DFEA-498B-9204-38214CB45490@ecs.soton.ac.uk> <787dcac20603010814u153babf3t27f60e84e90f7e56@mail.gmail.com> <4405E837.4010905@ecs.soton.ac.uk> Message-ID: Julian Field spake the following on 3/1/2006 10:30 AM: > > > Scott Silva wrote: >>> BB spake the following on 3/1/2006 8:14 AM: >>> >>>> Thanks Julian >>>> >>>> As my new wife to be would say - >>>> >>>> Your not getting older, your getting longer. >>>> >>> Or as my current wife says; >>> "Shut up and roll over, you're snoring!" >>> See what you have to look forward to ;-) >>> > Fortunately I'm not married, so don't suffer that problem :-) > "Marriage is an institution. So is a prison!" From mailscanner at eliquid.com Wed Mar 1 19:20:27 2006 From: mailscanner at eliquid.com (Wess Bechard) Date: Wed Mar 1 19:20:08 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: References: <016501c63d47$6c169730$3004010a@martinhlaptop> <305DB571-DFEA-498B-9204-38214CB45490@ecs.soton.ac.uk> <787dcac20603010814u153babf3t27f60e84e90f7e56@mail.gmail.com> <4405E837.4010905@ecs.soton.ac.uk> Message-ID: <4405F3FB.4040606@eliquid.com> Funny, these little quips. I am getting married on Tiesday :) Scott Silva wrote: > Julian Field spake the following on 3/1/2006 10:30 AM: > >> Scott Silva wrote: >> >>>> BB spake the following on 3/1/2006 8:14 AM: >>>> >>>> >>>>> Thanks Julian >>>>> >>>>> As my new wife to be would say - >>>>> >>>>> Your not getting older, your getting longer. >>>>> >>>>> >>>> Or as my current wife says; >>>> "Shut up and roll over, you're snoring!" >>>> See what you have to look forward to ;-) >>>> >>>> >> Fortunately I'm not married, so don't suffer that problem :-) >> >> > "Marriage is an institution. So is a prison!" > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060301/4a07ecd3/attachment.html From jase at sensis.com Wed Mar 1 19:25:25 2006 From: jase at sensis.com (Desai, Jason) Date: Wed Mar 1 19:25:46 2006 Subject: Exim Custom Router Message-ID: <1951DC816E1A9F469307B05FA183F438210E9C@corpatsmail1.corp.sensis.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Brendan Chard | Chard.Net > Sent: Wednesday, March 01, 2006 12:08 PM > To: 'MailScanner discussion' > Subject: Exim Custom Router > > I see in the wiki documentation how to set up a custom router > for one domain > in exim. How can I make it work if I want the custom router > to handle 3 > domains. > > So basically... > > custom_router: > driver = manualroute > domains = domain1.com domain2.com domain3.com > transport = remote_smtp > route_list = "* mailserver.com" > > Will this work? I think you will need to separate them with colons. domains = domain1.com : domain2.com : domain3.com See http://exim.org/exim-html-4.60/doc/html/spec.html/ch10.html for more info. I suggest you create a temporary exim config file and make your changes to it. You can test which router will be used with something like: exim4 -C /path/to/temp/exim/config -bt user@domain1.com Jase From dyioulos at firstbhph.com Wed Mar 1 19:27:14 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Wed Mar 1 19:27:18 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: <4405F3FB.4040606@eliquid.com> References: <016501c63d47$6c169730$3004010a@martinhlaptop> <4405F3FB.4040606@eliquid.com> Message-ID: <200603011427.15253.dyioulos@firstbhph.com> So, there's still time to talk you out of it. Dimitri On Wednesday March 01 2006 2:20 pm, Wess Bechard wrote: > Funny, these little quips. I am getting married on Tiesday :) > > Scott Silva wrote: > > Julian Field spake the following on 3/1/2006 10:30 AM: > >> Scott Silva wrote: > >>>> BB spake the following on 3/1/2006 8:14 AM: > >>>>> Thanks Julian > >>>>> > >>>>> As my new wife to be would say - > >>>>> > >>>>> Your not getting older, your getting longer. > >>>> > >>>> Or as my current wife says; > >>>> "Shut up and roll over, you're snoring!" > >>>> See what you have to look forward to ;-) > >> > >> Fortunately I'm not married, so don't suffer that problem :-) > > > > "Marriage is an institution. So is a prison!" -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at eliquid.com Wed Mar 1 19:30:37 2006 From: mailscanner at eliquid.com (Wess Bechard) Date: Wed Mar 1 19:30:11 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: <200603011427.15253.dyioulos@firstbhph.com> References: <016501c63d47$6c169730$3004010a@martinhlaptop> <4405F3FB.4040606@eliquid.com> <200603011427.15253.dyioulos@firstbhph.com> Message-ID: <4405F65D.3020002@eliquid.com> lmao... Actually, I leave for the Dominican Republic on Friday, so tickets paid for, luggage packed... Thanks anyways... heh Dimitri Yioulos wrote: > So, there's still time to talk you out of it. > > Dimitri > > > On Wednesday March 01 2006 2:20 pm, Wess Bechard wrote: > >> Funny, these little quips. I am getting married on Tiesday :) >> >> Scott Silva wrote: >> >>> Julian Field spake the following on 3/1/2006 10:30 AM: >>> >>>> Scott Silva wrote: >>>> >>>>>> BB spake the following on 3/1/2006 8:14 AM: >>>>>> >>>>>>> Thanks Julian >>>>>>> >>>>>>> As my new wife to be would say - >>>>>>> >>>>>>> Your not getting older, your getting longer. >>>>>>> >>>>>> Or as my current wife says; >>>>>> "Shut up and roll over, you're snoring!" >>>>>> See what you have to look forward to ;-) >>>>>> >>>> Fortunately I'm not married, so don't suffer that problem :-) >>>> >>> "Marriage is an institution. So is a prison!" >>> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060301/fa13e116/attachment.html From yan at neverneverland.f9.co.uk Wed Mar 1 19:32:53 2006 From: yan at neverneverland.f9.co.uk (YAN) Date: Wed Mar 1 19:31:01 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: Message-ID: <20060301193059.MFIT1217.aamta11-winn.ispmail.ntl.com@connie> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Scott Silva > Sent: 01 March 2006 18:49 > To: mailscanner@lists.mailscanner.info > Subject: Re: I need help. I'm out of time and out of patients > > Julian Field spake the following on 3/1/2006 10:30 AM: > > > > > > Scott Silva wrote: > >>> BB spake the following on 3/1/2006 8:14 AM: > >>> > >>>> Thanks Julian > >>>> > >>>> As my new wife to be would say - > >>>> > >>>> Your not getting older, your getting longer. > >>>> > >>> Or as my current wife says; > >>> "Shut up and roll over, you're snoring!" > >>> See what you have to look forward to ;-) > >>> > > Fortunately I'm not married, so don't suffer that problem :-) > > > "Marriage is an institution. So is a prison!" Yeah but prison you get time off for good behaviour From Kevin_Miller at ci.juneau.ak.us Wed Mar 1 19:38:47 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Mar 1 19:38:58 2006 Subject: I need help. I'm out of time and out of patients Message-ID: > Funny, these little quips. I am getting married on Tiesday :) Don't let 'em scare you. I left on my honeymoon almost 19 years ago and it still hasn't ended. Marry the right gal, treat her right, and LIFE IS GOOD! Spoiled and loving it... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From drew at themarshalls.co.uk Wed Mar 1 20:05:11 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Wed Mar 1 20:05:19 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: <20060301193059.MFIT1217.aamta11-winn.ispmail.ntl.com@connie> References: <20060301193059.MFIT1217.aamta11-winn.ispmail.ntl.com@connie> Message-ID: On 1 Mar 2006, at 19:32, YAN wrote: >> "Marriage is an institution. So is a prison!" > > Yeah but prison you get time off for good behaviour And marriage is the only institution where you get early release for bad behaviour :-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From richard.thomas at psysolutions.com Wed Mar 1 20:18:27 2006 From: richard.thomas at psysolutions.com (Richard Thomas) Date: Wed Mar 1 20:19:34 2006 Subject: Don't understand this match Message-ID: <44060193.3040109@psysolutions.com> I'm not understanding why a certain filename has triggered the "Attempt to hide real filename extension" rule. The filename is Shortcut 29 t.xls The rule is \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ As I understand it, that should match a period, followed by an alpha, followed by two or three alphnumerics, any amount of whitespace and then another period then an alphanumeric three character alphanumeric extension all of this being at the end of the filename. The filename in question has only one period. Of course, I'm not sure which particular version of regular expressions MailScanner uses (maybe the period is the "match any character" period. Is there a bug in the regexp? Is this actually a valid match? Is this just a case of "upgrade to the latest"? Possibly I am just wildly out of date :) Thanks Rich -- MIS Department | Psychiatric Solutions Inc |Phone: +1 615 312 5787 840 Crescent Ctr Dr | |Fax: +1 615 312 5711 Suite 460 +---------------------------+---------------------- Franklin, TN 37067 |Support: helpdesk@psysolutions.com +1 615 312 5888 From ssilva at sgvwater.com Wed Mar 1 20:21:03 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 1 20:23:02 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: <4405F3FB.4040606@eliquid.com> References: <016501c63d47$6c169730$3004010a@martinhlaptop> <305DB571-DFEA-498B-9204-38214CB45490@ecs.soton.ac.uk> <787dcac20603010814u153babf3t27f60e84e90f7e56@mail.gmail.com> <4405E837.4010905@ecs.soton.ac.uk> <4405F3FB.4040606@eliquid.com> Message-ID: Wess Bechard spake the following on 3/1/2006 11:20 AM: > Funny, these little quips. I am getting married on Tiesday :) > > Scott Silva wrote: >> Julian Field spake the following on 3/1/2006 10:30 AM: >> >>> Scott Silva wrote: >>> >>>>> BB spake the following on 3/1/2006 8:14 AM: >>>>> >>>>> >>>>>> Thanks Julian >>>>>> >>>>>> As my new wife to be would say - >>>>>> >>>>>> Your not getting older, your getting longer. >>>>>> >>>>>> >>>>> Or as my current wife says; >>>>> "Shut up and roll over, you're snoring!" >>>>> See what you have to look forward to ;-) >>>>> >>>>> >>> Fortunately I'm not married, so don't suffer that problem :-) >>> >>> >> "Marriage is an institution. So is a prison!" >> >> Run Forrest, Run!!!!! From mailscanner at eliquid.com Wed Mar 1 20:24:45 2006 From: mailscanner at eliquid.com (Wess Bechard) Date: Wed Mar 1 20:24:19 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: References: Message-ID: <4406030D.3010801@eliquid.com> I hear you, we've been together for going on 8 years now, since grade 9. Kevin Miller wrote: >> Funny, these little quips. I am getting married on Tiesday :) >> > > Don't let 'em scare you. I left on my honeymoon almost 19 years ago and > it still hasn't ended. Marry the right gal, treat her right, and LIFE > IS GOOD! > > Spoiled and loving it... > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060301/f96bc763/attachment.html From ssilva at sgvwater.com Wed Mar 1 20:23:41 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 1 20:32:01 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: References: Message-ID: Kevin Miller spake the following on 3/1/2006 11:38 AM: >> Funny, these little quips. I am getting married on Tiesday :) > > Don't let 'em scare you. I left on my honeymoon almost 19 years ago and > it still hasn't ended. Marry the right gal, treat her right, and LIFE > IS GOOD! > > Spoiled and loving it... > Go ahead, rub it in! Next you will tell us that your servers never crash, and your users never ask stupid questions! ;-) From MailScanner at ecs.soton.ac.uk Wed Mar 1 20:51:13 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 1 20:51:17 2006 Subject: Don't understand this match In-Reply-To: <44060193.3040109@psysolutions.com> References: <44060193.3040109@psysolutions.com> Message-ID: <44060941.60707@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Richard Thomas wrote: > I'm not understanding why a certain filename has triggered the "Attempt > to hide real filename extension" rule. The filename is > > Shortcut 29 t.xls > > The rule is \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ > > As I understand it, that should match a period, followed by an alpha, > followed by two or three alphnumerics, any amount of whitespace and > then another period then an alphanumeric three character alphanumeric > extension all of this being at the end of the filename. > > The filename in question has only one period. > > Of course, I'm not sure which particular version of regular > expressions MailScanner uses (maybe the period is the "match any > character" period. It uses Perl's regular expressions. In all regular expressions that I know of, an unescaped "." means match "any single character". > > Is there a bug in the regexp? Is this actually a valid match? Is this > just a case of "upgrade to the latest"? Possibly I am just wildly out > of date :) This regexp is just fine, it has been there for several years without any changes whatsoever. I wrote it carefully and got it right first time. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAYJQhH2WUcUFbZUEQLIugCgpWQ7nWF+qLZVixRS0jzdoNitJBEAoIw+ 6iyApxbzbUb/iANO+wFwgW7D =o6hB -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dave.list at pixelhammer.com Wed Mar 1 21:03:08 2006 From: dave.list at pixelhammer.com (DAve) Date: Wed Mar 1 21:03:18 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: References: Message-ID: <44060C0C.2090200@pixelhammer.com> Kevin Miller wrote: >> Funny, these little quips. I am getting married on Tiesday :) > > Don't let 'em scare you. I left on my honeymoon almost 19 years ago and > it still hasn't ended. Marry the right gal, treat her right, and LIFE > IS GOOD! > > Spoiled and loving it... > > ...Kevin I hear ya, we just celebrated 20 years. She still is the best friend I have. DAve -- This message was checked by forty monkeys and found to not contain any SPAM whatsoever. Your monkeys may vary From richard.thomas at psysolutions.com Wed Mar 1 21:07:11 2006 From: richard.thomas at psysolutions.com (Richard Thomas) Date: Wed Mar 1 21:08:19 2006 Subject: Don't understand this match In-Reply-To: <44060941.60707@ecs.soton.ac.uk> References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> Message-ID: <44060CFF.9000400@psysolutions.com> Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > > > >Richard Thomas wrote: > > >>I'm not understanding why a certain filename has triggered the "Attempt >>to hide real filename extension" rule. The filename is >> >>Shortcut 29 t.xls >> >>The rule is \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ >> >> > >This regexp is just fine, it has been there for several years without >any changes whatsoever. I wrote it carefully and got it right first time. > > OK. I guess I need to scratch my head on why it is matching that filename then. Rich -- MIS Department | Psychiatric Solutions Inc |Phone: +1 615 312 5787 840 Crescent Ctr Dr | |Fax: +1 615 312 5711 Suite 460 +---------------------------+---------------------- Franklin, TN 37067 |Support: helpdesk@psysolutions.com +1 615 312 5888 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060301/63d986c8/smime.bin From Kevin_Miller at ci.juneau.ak.us Wed Mar 1 21:14:05 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Mar 1 21:14:09 2006 Subject: I need help. I'm out of time and out of patients Message-ID: Scott Silva wrote: > Go ahead, rub it in! > Next you will tell us that your servers never crash, Well, not my Linux servers! > and your users never ask stupid questions! ;-) Um, ya got me on that one... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From richard.thomas at psysolutions.com Wed Mar 1 21:16:09 2006 From: richard.thomas at psysolutions.com (Richard Thomas) Date: Wed Mar 1 21:17:36 2006 Subject: Don't understand this match In-Reply-To: <44060941.60707@ecs.soton.ac.uk> References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> Message-ID: <44060F19.3070407@psysolutions.com> Julian Field wrote: > >This regexp is just fine, it has been there for several years without >any changes whatsoever. I wrote it carefully and got it right first time. > > OK, based on that, I dug a little deeper... It *is* a dodgy filename Content-Type: application/vnd.ms-excel; name="Shortcut (2) to Copy of PayrollTFC (version 2) 3.lnk.xls" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="Shortcut (2) to Copy of PayrollTFC (version 2) 3.lnk.xls" But MailScanner is reporting the filename as beign the valid one Warning: This message has had one or more attachments removed Warning: (Shortcut 29 t.xls). Warning: Please read the "PsySolutions-Attachment-Warning.txt" attachment(s) for more information. ------------------------------------------------------------------------ This is a message from the MailScanner E-Mail Virus Protection Service ---------------------------------------------------------------------- The original e-mail attachment "Shortcut 29 t.xls" is on the list of unacceptable attachments for this site and has been replaced by this warning message. If you wish to receive a copy of the original attachment, please e-mail helpdesk and include the whole of this message in your request. Alternatively, you can call them, with the contents of this message to hand when you call. At Wed Mar 1 12:44:39 2006 the virus scanner said: MailScanner: Attempt to hide real filename extension (Shortcut 29 t.xls) Again, we may just be behind the times. Rich -- MIS Department | Psychiatric Solutions Inc |Phone: +1 615 312 5787 840 Crescent Ctr Dr | |Fax: +1 615 312 5711 Suite 460 +---------------------------+---------------------- Franklin, TN 37067 |Support: helpdesk@psysolutions.com +1 615 312 5888 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060301/fbb877df/attachment.html From Denis.Beauchemin at USherbrooke.ca Wed Mar 1 21:17:50 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Mar 1 21:18:39 2006 Subject: Don't understand this match In-Reply-To: <44060193.3040109@psysolutions.com> References: <44060193.3040109@psysolutions.com> Message-ID: <44060F7E.3020406@USherbrooke.ca> Richard Thomas wrote: > I'm not understanding why a certain filename has triggered the "Attempt > to hide real filename extension" rule. The filename is > > Shortcut 29 t.xls > > The rule is \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ > > As I understand it, that should match a period, followed by an alpha, > followed by two or three alphnumerics, any amount of whitespace and > then another period then an alphanumeric three character alphanumeric > extension all of this being at the end of the filename. > > The filename in question has only one period. > > Of course, I'm not sure which particular version of regular > expressions MailScanner uses (maybe the period is the "match any > character" period. > > Is there a bug in the regexp? Is this actually a valid match? Is this > just a case of "upgrade to the latest"? Possibly I am just wildly out > of date :) > > Thanks > > Rich Rich, I tested it at http://www.quanetic.com/regex.php and it didn't match. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060301/27888090/smime.bin From MailScanner at ecs.soton.ac.uk Wed Mar 1 21:26:28 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 1 21:26:34 2006 Subject: Don't understand this match In-Reply-To: <44060F19.3070407@psysolutions.com> References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> <44060F19.3070407@psysolutions.com> Message-ID: <44061184.50003@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Richard Thomas wrote: > Julian Field wrote: >> >> This regexp is just fine, it has been there for several years without >> any changes whatsoever. I wrote it carefully and got it right first time. >> > > OK, based on that, I dug a little deeper... > > It *is* a dodgy filename > > Content-Type: application/vnd.ms-excel; > name="Shortcut (2) to Copy of PayrollTFC (version 2) > 3.lnk.xls" > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; > filename="Shortcut (2) to Copy of PayrollTFC (version 2) > 3.lnk.xls" > > > But MailScanner is reporting the filename as beign the valid one > > Warning: This message has had one or more attachments removed > Warning: (Shortcut 29 t.xls). > Warning: Please read the "PsySolutions-Attachment-Warning.txt" attachment(s) > for more information. > > > > > ------------------------------------------------------------------------ > > This is a message from the MailScanner E-Mail Virus Protection Service > ---------------------------------------------------------------------- > The original e-mail attachment "Shortcut 29 t.xls" > is on the list of unacceptable attachments for this site and has been > replaced by this warning message. > > If you wish to receive a copy of the original attachment, please > e-mail helpdesk and include the whole of this message > in your request. Alternatively, you can call them, with > the contents of this message to hand when you call. > > At Wed Mar 1 12:44:39 2006 the virus scanner said: > MailScanner: Attempt to hide real filename extension (Shortcut 29 t.xls) > > > Again, we may just be behind the times. It santises the filenames before logging them or outputting them in any way. One way it does this is by shortening them, except for the last filename extension. So you won't always see the full original filename. This is to stop exploits based on the reporting of filenames (imagine if you made up a filename that contained MIME boundaries, newline characters and a complete MIME attachment). It never ever outputs raw data based on the input data without sanitising it in some form. This is a fundamental anti-attack method I use. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAYRhBH2WUcUFbZUEQLiCACcCGkCBFRhSqjABCPo9GDHWeH/c5gAoIcF 8xpMgnHDBPnXiUU1o3aKJ4Qd =N+OX -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Wed Mar 1 22:27:50 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 1 22:28:21 2006 Subject: Don't understand this match In-Reply-To: <44060F19.3070407@psysolutions.com> References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> <44060F19.3070407@psysolutions.com> Message-ID: Richard Thomas spake the following on 3/1/2006 1:16 PM: > Julian Field wrote: >> >> This regexp is just fine, it has been there for several years without >> any changes whatsoever. I wrote it carefully and got it right first time. >> > > OK, based on that, I dug a little deeper... > > It *is* a dodgy filename > > Content-Type: application/vnd.ms-excel; > name="Shortcut (2) to Copy of PayrollTFC (version 2) 3.lnk.xls" > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; > filename="Shortcut (2) to Copy of PayrollTFC (version 2) > 3.lnk.xls" > > > But MailScanner is reporting the filename as beign the valid one > > Warning: This message has had one or more attachments removed > Warning: (Shortcut 29 t.xls). > Warning: Please read the "PsySolutions-Attachment-Warning.txt" attachment(s) > for more information. The warning message generates a "sanitized" filename. It is shortened, and some of what makes it invalid is truncated/removed. From richard.thomas at psysolutions.com Wed Mar 1 22:33:01 2006 From: richard.thomas at psysolutions.com (Richard Thomas) Date: Wed Mar 1 22:34:12 2006 Subject: Don't understand this match In-Reply-To: <44061184.50003@ecs.soton.ac.uk> References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> <44060F19.3070407@psysolutions.com> <44061184.50003@ecs.soton.ac.uk> Message-ID: <4406211D.6070207@psysolutions.com> Julian Field wrote: > >It santises the filenames before logging them or outputting them in any way. >One way it does this is by shortening them, except for the last filename >extension. >So you won't always see the full original filename. This is to stop >exploits based on the reporting of filenames (imagine if you made up a >filename that contained MIME boundaries, newline characters and a >complete MIME attachment). It never ever outputs raw data based on the >input data without sanitising it in some form. > >This is a fundamental anti-attack method I use. > > OK, I understand the reasoning behind that. The problem is then I guess that it obscures the reason the file was blocked in the first place. Not that I'm complaining :) Just wondering if there might be some way to reconcile the two issues. (For now, I may just make the reject reason more explicit). Thanks Rich -- MIS Department | Psychiatric Solutions Inc |Phone: +1 615 312 5787 840 Crescent Ctr Dr | |Fax: +1 615 312 5711 Suite 460 +---------------------------+---------------------- Franklin, TN 37067 |Support: helpdesk@psysolutions.com +1 615 312 5888 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060301/4cbf9adb/smime.bin From linux_spartacus at yahoo.com Thu Mar 2 01:30:28 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Thu Mar 2 01:30:37 2006 Subject: MailScanner Ports ? In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580B5DD18F@isabella.herefordshire.gov.uk> Message-ID: <20060302013028.91340.qmail@web35609.mail.mud.yahoo.com> Guys, Sorry for the long delay. Just change our provider thats why it took me some time to get back on the track.My question is what ports does MailScanner used for updating antivirus for ClamAV and updating Spam List for spamassassin. This is a stand alone mail server no dns and no other services just purely mail server.Of course i already open 25 and 110 for SMTP and POP3services.Does ClamAV and Spamassasin used other ports for updates ??? "Randal, Phil" wrote: We've got no power here at the moment (apart from our comms room) so I'll have to look at it when I'm on a PC whith a proper keyboard and mouse and not this laptop :-) Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: 24 February 2006 12:10 > To: MailScanner discussion > Subject: Re: MailScanner Ports ? > > -----BEGIN PGP SIGNED MESSAGE----- > > Is this in the wiki? If not, please can you add it! > > On 24 Feb 2006, at 10:42, Randal, Phil wrote: > > > Razor: 7/tcp and 2703/tcp (outgoing) > > > > Pyzor: 24441/udp (outgoing) > > > > DCC: 6277/udp (outgoing) > > > > ntp: 123/udp (outgoing) (you do want the > server time to be > > correct, don't you?) > > > > ssh: 22/tcp (incoming) > > > > smtp: 25/tcp (in and out and shake it all about) > > > > dns: 53/tcp and 53/udp (outgoing) (you need both) > > > > http: 80/tcp (outgoing) used by freshclam > (and incoming if > > you run mailwatch) > > > > Cheers, > > > > Phil > > > > ---- > > Phil Randal > > Network Engineer > > Herefordshire Council > > Hereford, UK > > > > > > > > > > ________________________________ > > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of spart > > cus > > Sent: 24 February 2006 00:22 > > To: MailScanner > > Cc: jcb@dreamvsat.ph > > Subject: MailScanner Ports ? > > > > > > Hi guys, > > im securing my mail server.Just want to ask what port > does MS uses ? > > Like for updating viruses(CLamAV) and spamlists (SpamAssassin). I > > already open ports 25; and 110, what else ? > > tnx > > > > > > > > > > ________________________________ > > > > Yahoo! Mail > > Use Photomail > > > > photomail > > .mail.yahoo.com> to share photos without annoying attachments. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store PGP > footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQEVAwUBQ/73rvw32o+k+q+hAQEviQf/eBr1kwi7eO6qLyV3xbNgcm2/etTa4tze > n/C4WRdzGFE07jLyp3T7vt9FqRXJqaU1Zra5vlJbTN7cP1SC2AGHvRy47ZUZRGSW > UItMBw9onbFmh+aC1KbWb+2IlqSPMOWd3bHCfgJi2E/BOM3qMa0MlSCOn1spLuDz > RhCppYeY/LU9Qj4hHr9lflwa1QIcbreXN2GgEkipiQFlyW3V/jL6BVB58d7R7Fxb > BhCQI7/e4DGHDr1ccZ2mo0D6TcJisPqtEp8M8QVTclDKpMCTT36NeiF4DomVK8iW > CoeQiP1G45aMR71xWR+H+1I2zOoVXiSEDxZlZfZ1FJ+6GPtYw1H6rg== > =Qcnh > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --------------------------------- Relax. Yahoo! Mail virus scanning helps detect nasty viruses! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060301/158d4ad0/attachment-0001.html From jon.bates at summitmotors.com.au Thu Mar 2 03:16:45 2006 From: jon.bates at summitmotors.com.au (Jon Bates) Date: Thu Mar 2 03:16:59 2006 Subject: Carriage returns removed from text files Message-ID: <200603020315.k223FvXl027247@summitmotors.com.au> Using MailScanner 4.50.14 + Sendmail + Spamassassin Issue: A user sends a properly formatted text file (paragraphed etc) as an attachment to an email. The receiver gets the email with the attachment, but the text file has been reformatted. All of the carriage returns are removed, and replaced with rectangle-like symbols, and all of the text appears on a single line. This happens with every single text file I have tried. I've tried removing users from the content scanning in the hope that this is what is causing the issues, but nothing works. Does anyone have any idea what could be wrong? Thanks - Jon Bates ----------- This message has been scanned for viruses and inappropriate content or attachments as deemed by Summit Investment Australia P/L and is believed to be clean. Although Summit Investment Australia has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. All messages scanned by MailScanner From nats at sscrmnl.edu.ph Thu Mar 2 06:57:00 2006 From: nats at sscrmnl.edu.ph (Jose Nathaniel G. Nengasca) Date: Thu Mar 2 06:57:01 2006 Subject: Localmailer or from localhost being scanned Message-ID: <3E61AA43.9000000@sscrmnl.edu.ph> Hi, It seems that MailScanner is scanning localhost mails, how can change this behavior? TIA Nats -- All messages that are coming from this domain is certified to be virus and spam free. If ever you have received any virus infected content or spam, please report it to the internet administrator of this domain nats@sscrmnl.edu.ph From glenn.steen at gmail.com Thu Mar 2 07:57:07 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 2 07:57:11 2006 Subject: MailScanner Ports ? In-Reply-To: <20060302013028.91340.qmail@web35609.mail.mud.yahoo.com> References: <86144ED6CE5B004DA23E1EAC0B569B580B5DD18F@isabella.herefordshire.gov.uk> <20060302013028.91340.qmail@web35609.mail.mud.yahoo.com> Message-ID: <223f97700603012357m5559ac5ep@mail.gmail.com> On 02/03/06, spart cus wrote: > Guys, > Sorry for the long delay. Just change our provider thats why it took me > some time to get back on the track.My question is what ports does > MailScanner used for updating antivirus for ClamAV and updating Spam List > for spamassassin. This is a stand alone mail server no dns and no other > services just purely mail server.Of course i already open 25 and 110 for > SMTP and POP3services.Does ClamAV and Spamassasin used other ports for > updates ??? freshclam uses DNS (port 53/udp ... and you should open tcp too, perhaps) to check current versions on the cvd files, and use HTTP (port 80/tcp) to download them, when needed. I imagine (not at a box ATM) that the phishing whitelist is gotten with a wget or curl, which implies HTTP...:-). Spam list .... Is that "updated"? Checking RBLs is done via DNS, so .... that's back to port 53... Note that you only need these "from the inside->out", so to speak. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Mar 2 08:04:26 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 2 08:04:28 2006 Subject: Carriage returns removed from text files In-Reply-To: <200603020315.k223FvXl027247@summitmotors.com.au> References: <200603020315.k223FvXl027247@summitmotors.com.au> Message-ID: <223f97700603020004t6fcb575fo@mail.gmail.com> On 02/03/06, Jon Bates wrote: > > Using MailScanner 4.50.14 + Sendmail + Spamassassin > > Issue: > > A user sends a properly formatted text file (paragraphed etc) as an > attachment to an email. The receiver gets the email with the attachment, but > the text file has been reformatted. All of the carriage returns are removed, > and replaced with rectangle-like symbols, and all of the text appears on a > single line. This happens with every single text file I have tried. > > I've tried removing users from the content scanning in the hope that this is > what is causing the issues, but nothing works. > > Does anyone have any idea what could be wrong? > > Thanks > > - Jon Bates Hi Jon, IIRC this is due to a not-that-easy-to-get-at bug in a supporting perl module, and affects all messages that MailScanner rewrites in some way (like your spiffy "company disclaimer" below). So a simple thing to test is to make a ruleset exception to adding that ... Might make a difference). At least that is what my feeble memory is telling me, I might be completely wrong too...:-) > > ----------- > > This message has been scanned for viruses and inappropriate content or > attachments as deemed by Summit Investment Australia P/L and is believed to be > clean. > > Although Summit Investment Australia has taken reasonable precautions to > ensure no viruses are present in this email, the company cannot accept > responsibility for any loss or damage arising from the use of this email or > attachments. > > All messages scanned by MailScanner > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From pete at enitech.com.au Thu Mar 2 08:07:18 2006 From: pete at enitech.com.au (Pete Russell) Date: Thu Mar 2 08:07:31 2006 Subject: No Longer Fnishes Scans Message-ID: <4406A7B6.7090301@enitech.com.au> For some reason today, without any inereference MailScanner startred accepted new mail but none would ever be delivered and after MS restarts we would see the be;loe logs. Anyone got any ideas on how to get mail moving again? I changed Use Spamassassin to no and it continues to use SpamAssassin - so i have left the MS service stopped and fallen back to anothyer server - but this is not ideal Appreciate ANY suggestions Pete Mar 2 18:36:09 car-mbus-sw1 MailScanner[2775]: Using locktype = flock Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: New Batch: Found 133 messages waiting Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: New Batch: Scanning 30 messages, 151525 bytes Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: Spam Checks: Starting Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: Using locktype = flock Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: New Batch: Found 133 messages waiting Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: New Batch: Scanning 30 messages, 5408558 bytes Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: Spam Checks: Starting Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: Using locktype = flock Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: New Batch: Found 133 messages waiting Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: New Batch: Scanning 13 messages, 140946 bytes In the LINT test i see - so i found the rule and remmed it out of the local.cf 4200] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i 0.00038 [4200] warn: config: warning: description exists for non-existent rule ONTIME_HOSTING, 33.38069 After that i retest and find [4609] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i 0.00067 [4609] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xa83c010) implements 'finish_parsing_end' 54.86721 Any ideas what would cause this and any suggestions on whatr to try next? From m.lingen at ooms.com Thu Mar 2 08:19:52 2006 From: m.lingen at ooms.com (Marco Lingen) Date: Thu Mar 2 08:20:28 2006 Subject: Problem with disarmed mail Message-ID: Hello, I'am trying to allow html mail from some adresses. So i changed the following lines in the MailScanner.conf: Allow IFrame Tags = /etc/MailScanner/rules/html.rules Allow Form Tags = /etc/MailScanner/rules/html.rules Allow Script Tags = /etc/MailScanner/rules/html.rules Allow WebBugs = /etc/MailScanner/rules/html.rules Allow Object Codebase Tags = /etc/MailScanner/rules/html.rulesl And html.rules looks like : # Rules om HTML mail uit te sluiten van scan From: propertynl@mailitdirect.com yes From: vgm-nieuwsbrief@sdu.nl yes From: *@novell.com yes From: linuxnews@novell.com yes From: zwmag@novell.com yes From: gwmaglist@novell.com yes From: *@list.novell.com yes FromOrTo: default disarm The strange thing is that in MailWatch it looks like the html mail is passing without being disarmed but in the user mailbox it is disarmed. What could i be doing wrong here? Marco ------------------------------------------------------------------. De informatie verzonden met dit e-mail bericht is uitsluitend bestemd voor de geadresseerde. Gebruik van deze informatie door anderen dan de geadresseerde is niet toegestaan. Aan de inhoud van deze e-mail kunnen geen rechten worden ontleend. ------------------------------------------------------------------. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060302/bf6feced/attachment.html From shuttlebox at gmail.com Thu Mar 2 08:35:11 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 2 08:35:15 2006 Subject: Don't understand this match In-Reply-To: <4406211D.6070207@psysolutions.com> References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> <44060F19.3070407@psysolutions.com> <44061184.50003@ecs.soton.ac.uk> <4406211D.6070207@psysolutions.com> Message-ID: <625385e30603020035r35828166v3ed39870e8d97140@mail.gmail.com> On 3/1/06, Richard Thomas wrote: > OK, I understand the reasoning behind that. The problem is then I guess > that it obscures the reason the file was blocked in the first place. Not > that I'm complaining :) Just wondering if there might be some way to > reconcile the two issues. (For now, I may just make the reject reason > more explicit). I also got some questions from users regarding this so I just added "(filename may be shortened)" or somthing similar to the reports. -- /peter From shuttlebox at gmail.com Thu Mar 2 08:35:53 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 2 08:35:56 2006 Subject: Localmailer or from localhost being scanned In-Reply-To: <3E61AA43.9000000@sscrmnl.edu.ph> References: <3E61AA43.9000000@sscrmnl.edu.ph> Message-ID: <625385e30603020035y6cbc971x3c5cd87bc5243d6f@mail.gmail.com> On 3/2/03, Jose Nathaniel G. Nengasca wrote: > Hi, > > It seems that MailScanner is scanning localhost mails, how can change > this behavior? Use a ruleset for "Scan Messages". -- /peter From MailScanner at ecs.soton.ac.uk Thu Mar 2 08:38:17 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 08:38:29 2006 Subject: Don't understand this match In-Reply-To: <4406211D.6070207@psysolutions.com> References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> <44060F19.3070407@psysolutions.com> <44061184.50003@ecs.soton.ac.uk> <4406211D.6070207@psysolutions.com> Message-ID: <8408E28D-277B-4553-91F1-E2CAEE463FCE@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 1 Mar 2006, at 22:33, Richard Thomas wrote: > Julian Field wrote: > >> >> It santises the filenames before logging them or outputting them >> in any way. >> One way it does this is by shortening them, except for the last >> filename extension. >> So you won't always see the full original filename. This is to >> stop exploits based on the reporting of filenames (imagine if you >> made up a filename that contained MIME boundaries, newline >> characters and a complete MIME attachment). It never ever outputs >> raw data based on the input data without sanitising it in some form. >> >> This is a fundamental anti-attack method I use. >> > OK, I understand the reasoning behind that. The problem is then I > guess that it obscures the reason the file was blocked in the first > place. Not that I'm complaining :) Just wondering if there might be > some way to reconcile the two issues. Not that I have found. > (For now, I may just make the reject reason more explicit). That's my preferred solution. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAau/vw32o+k+q+hAQF39AgAqe34fCCOHUXzwmYWY8PZikr3IdXidbHT wsrN39mHvALbIh82RmVUioJdRCknsL6smJXGquhJZGPHZAVZwwdidDdCx7Xsoz2Z ltVyHGHnVG8LOqMnkG4t97oZXWgRUNtcoLRbUwz4ZlUtWojrSy0i7v+8Vmg2h566 o6tcAUTn9xEaBEBru5jaQFiYg4JDjKp0qJJoiFMiKiswIk5YSgroRmeL5QMKJkuu B8iGZJ9FvSPVSHdVR6baGEflwIfEr+4WrGVwqkZoHkMnN8JFF6xxXZZc8jDgJLkl cinILIHu+AOlSmarFuy7W8QHraMnLj49NeeP+ftalwawsiTON3dDwA== =6B92 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From evanderleun at hal9000.nl Thu Mar 2 09:06:56 2006 From: evanderleun at hal9000.nl (Erik van der Leun) Date: Thu Mar 2 09:07:14 2006 Subject: spam detected but not tagged In-Reply-To: <625385e30602280442j2ee126a9rd0b6261a44a9e062@mail.gmail.com> References: <625385e30602280442j2ee126a9rd0b6261a44a9e062@mail.gmail.com> Message-ID: X-MailScanner-Spamcheck: geen spam, X-MailScanner-SpamScore: 17 This is really all it writes about spam in headers... It detects, but doesn't take action... I //solved// the matter by disabling SA cache by the way... Thanks On Tue, 28 Feb 2006, shuttlebox wrote: > On 2/28/06, Erik van der Leun wrote: > Hi, > > Another issue I fail to understand... > > Since I've recently upgraded MailScanner to 4.50.15.1 and added > pyzor, razor2 checks, it sometimes occurs that spam is detected > well, but not tagged as spam. > > In the mailheaders, I even see the spamscore, but the mail is > not treated as spam... just sent through the regular way. > > No spam subject tag is added either. > > Any thoughts? Post some headers and maybe some log snippets, otherwise it's hard to help. -- /peter From MailScanner at ecs.soton.ac.uk Thu Mar 2 09:14:20 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 09:14:32 2006 Subject: spam detected but not tagged In-Reply-To: References: <625385e30602280442j2ee126a9rd0b6261a44a9e062@mail.gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I think this is another Perl bug, I've seen this exact behaviour several times before. The problem is that I cannot reproduce it and so I'm not sure where to put the workaround. On 2 Mar 2006, at 09:06, Erik van der Leun wrote: > > > X-MailScanner-Spamcheck: geen spam, X-MailScanner-SpamScore: 17 > > This is really all it writes about spam in headers... > It detects, but doesn't take action... > > I //solved// the matter by disabling SA cache by the way... > > Thanks > > On Tue, 28 Feb 2006, shuttlebox wrote: > >> On 2/28/06, Erik van der Leun wrote: >> Hi, >> >> Another issue I fail to understand... >> >> Since I've recently upgraded MailScanner to 4.50.15.1 and added >> pyzor, razor2 checks, it sometimes occurs that spam is detected >> well, but not tagged as spam. >> >> In the mailheaders, I even see the spamscore, but the mail is >> not treated as spam... just sent through the regular way. >> >> No spam subject tag is added either. >> >> Any thoughts? > > Post some headers and maybe some log snippets, otherwise it's hard > to help. > > -- > /peter > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAa3bvw32o+k+q+hAQFi7gf+LtYg2RiXrU9UoiUxuCAXA7hFpjC3myvp PztKGD5eR4ugCLVgUtbnNxW/SopngLMsNr52sq7wcebMfFBRlGFNcKnV1TBb9KNA RsVGoqCkNdF1XgyvKx18rOAAm31/wWCh8Cf+R5F1IbJo36uRYbR3uRvHu1P+VREo /VgQp3h35XlnJBVnCr50NpHG7pM6h+LXf353qOorlOKDmmF3NZjnkf1ly59LLY7z fRvoccgy3dw/+LXJzeky07bzoE0Cv2PXs6FrGeCB6himnDfxv5eoWAy8OL73Tgci bn/vkBRiVS31JXU1byf9pZiAcFWhAFYEaCu9LCvCpluP96MoYGGpBg== =9NCk -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Thu Mar 2 09:18:27 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Mar 2 09:18:34 2006 Subject: MailScanner Ports ? Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580B5DD72D@isabella.herefordshire.gov.uk> ClamAV uses http on port 80. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of spart cus Sent: 02 March 2006 01:30 To: MailScanner discussion Subject: RE: MailScanner Ports ? Guys, Sorry for the long delay. Just change our provider thats why it took me some time to get back on the track.My question is what ports does MailScanner used for updating antivirus for ClamAV and updating Spam List for spamassassin. This is a stand alone mail server no dns and no other services just purely mail server.Of course i already open 25 and 110 for SMTP and POP3services.Does ClamAV and Spamassasin used other ports for updates ??? "Randal, Phil" wrote: We've got no power here at the moment (apart from our comms room) so I'll have to look at it when I'm on a PC whith a proper keyboard and mouse and not this laptop :-) Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: 24 February 2006 12:10 > To: MailScanner discussion > Subject: Re: MailScanner Ports ? > > -----BEGIN PGP SIGNED MESSAGE----- > > Is this in the wiki? If not, please can you add it! > > On 24 Feb 2006, at 10:42, Randal, Phil wrote: > > > Razor: 7/tcp and 2703/tcp (outgoing) > > > > Pyzor: 24441/udp (outgoing) > > > > DCC: 6277/udp (outgoing) > > > > ntp: 123/udp (outgoing) (you do want the > server time to be > > correct, don't you?) > > > > ssh: 22/tcp (incoming) > > > > smtp: 25/tcp (in and out and shake it all about) > > > > dns: 53/tcp and 53/udp (outgoing) (you need both) > > > > http: 80/tcp (outgoing) us! ed by freshclam > (and incoming if > > you run mailwatch) > > > > Cheers, > > > > Phil > > > > ---- > > Phil Randal > > Network Engineer > > Herefordshire Council > > Hereford, UK > > > > > > > > > > ________________________________ > > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of spart > > cus > > Sent: 24 February 2006 00:22 > > To: MailScanner > > Cc: jcb@dreamvsat.ph > > Subject: MailScanner Ports ? > > > > > > Hi guys, > > im securing my mail server.Just want to ask what port > does MS uses ? > > Like for updating viruses(CLamAV) and spamlists (SpamAssassin). I > > already open ports 25; and 110, ! what else ? > > tnx > > > > > > > > > > ________________________________ > > > > Yahoo! Mail > > Use Photomail > > > > photomail > > .mail.yahoo.com> to share photos without annoying attachments. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store PGP > footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQEVAwUBQ/73rvw32o+k+q+hAQEviQf/eBr1kwi7eO6qLyV3xbNgcm2/etTa4tze > n/C4WRdzGFE07jLyp3T7vt9FqRXJqaU1Zra5vlJbTN7cP1SC2AGHvRy47ZUZRGSW > UItMBw9onbFmh+aC1KbWb+2IlqSPMOWd3bHCfgJi2E/BOM3qMa0MlSCOn1spLuDz > RhCppYeY/LU9Qj4hHr9lflwa1QIcbreXN2GgEkipiQFlyW3V/jL6BVB58d7R7Fxb > BhCQI7/e4DGHDr1ccZ2mo0D6TcJisPqtEp8M8QVTclDKpMCTT36NeiF4DomVK8iW > CoeQiP1G45aMR71xWR+H+1I2zOoVXiSEDxZlZfZ1FJ+6GPtYw1H6rg== > =Qcnh > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner develo! pment - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! _____ Relax. Yahoo! Mail virus scanning helps detect nasty viruses! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060302/464814d8/attachment.html From shuttlebox at gmail.com Thu Mar 2 09:35:11 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 2 09:35:15 2006 Subject: Number of messages in a batch Message-ID: <625385e30603020135x7852e4fav129174bff6a540f1@mail.gmail.com> I asked for this during Julian's vacation so I try again... I think the timings of the batch is interesting but it's hard to connect it to the number of messages in that batch, especially when parsing the logs with scripts. I use the default max batch size of 30 messages but during normal load MS starts processing a batch with typically 1-5 messages. I would like this log line: Batch processed in 9.58 seconds ...to look like this or similar: Batch (24 messages) processed in 9.58 seconds Then it would be easy to see the throughput speed. Would that be easy to implement? Is that info available at the time the log line is written? -- /peter From MailScanner at ecs.soton.ac.uk Thu Mar 2 09:49:15 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 09:49:28 2006 Subject: Number of messages in a batch In-Reply-To: <625385e30603020135x7852e4fav129174bff6a540f1@mail.gmail.com> References: <625385e30603020135x7852e4fav129174bff6a540f1@mail.gmail.com> Message-ID: Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 487 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060302/4528e26c/PGP.bin From strydom.dave at gmail.com Thu Mar 2 09:54:22 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Thu Mar 2 09:54:25 2006 Subject: spam detected but not tagged In-Reply-To: References: <625385e30602280442j2ee126a9rd0b6261a44a9e062@mail.gmail.com> Message-ID: yeah this is related to the same problem as mine (just checked the headers of those messages) Dave On 3/2/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > I think this is another Perl bug, I've seen this exact behaviour > several times before. The problem is that I cannot reproduce it and > so I'm not sure where to put the workaround. > > On 2 Mar 2006, at 09:06, Erik van der Leun wrote: > > > > > > > X-MailScanner-Spamcheck: geen spam, X-MailScanner-SpamScore: 17 > > > > This is really all it writes about spam in headers... > > It detects, but doesn't take action... > > > > I //solved// the matter by disabling SA cache by the way... > > > > Thanks > > > > On Tue, 28 Feb 2006, shuttlebox wrote: > > > >> On 2/28/06, Erik van der Leun wrote: > >> Hi, > >> > >> Another issue I fail to understand... > >> > >> Since I've recently upgraded MailScanner to 4.50.15.1 and added > >> pyzor, razor2 checks, it sometimes occurs that spam is detected > >> well, but not tagged as spam. > >> > >> In the mailheaders, I even see the spamscore, but the mail is > >> not treated as spam... just sent through the regular way. > >> > >> No spam subject tag is added either. > >> > >> Any thoughts? > > > > Post some headers and maybe some log snippets, otherwise it's hard > > to help. > > > > -- > > /peter > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQEVAwUBRAa3bvw32o+k+q+hAQFi7gf+LtYg2RiXrU9UoiUxuCAXA7hFpjC3myvp > PztKGD5eR4ugCLVgUtbnNxW/SopngLMsNr52sq7wcebMfFBRlGFNcKnV1TBb9KNA > RsVGoqCkNdF1XgyvKx18rOAAm31/wWCh8Cf+R5F1IbJo36uRYbR3uRvHu1P+VREo > /VgQp3h35XlnJBVnCr50NpHG7pM6h+LXf353qOorlOKDmmF3NZjnkf1ly59LLY7z > fRvoccgy3dw/+LXJzeky07bzoE0Cv2PXs6FrGeCB6himnDfxv5eoWAy8OL73Tgci > bn/vkBRiVS31JXU1byf9pZiAcFWhAFYEaCu9LCvCpluP96MoYGGpBg== > =9NCk > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From shuttlebox at gmail.com Thu Mar 2 10:07:25 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 2 10:07:28 2006 Subject: Number of messages in a batch In-Reply-To: References: <625385e30603020135x7852e4fav129174bff6a540f1@mail.gmail.com> Message-ID: <625385e30603020207q442a2ca0ude429654d2ac18a4@mail.gmail.com> On 3/2/06, Julian Field wrote: > Patch for MessageBatch.pm is attached. Works like a charm! Thank you Julian. Will it be included in the next release? -- /peter From strydom.dave at gmail.com Thu Mar 2 10:14:05 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Thu Mar 2 10:14:07 2006 Subject: spam detected but not tagged In-Reply-To: References: <625385e30602280442j2ee126a9rd0b6261a44a9e062@mail.gmail.com> Message-ID: I have an idea (it may be stupid though) Correct me if I am wrong but, If a message gets a hit from the spamassassin.cache.db then it is definately spam? If the above is right, can you do not put a additional check in the code, that check if the message got a spam hit from the spamassassin.cache.db, and if it did mark it as spam (regard of the output it gets from the hit) Because as you see from this: Feb 28 09:05:42 Cerberus MailScanner[22928]: SpamAssassin cache hit for message 1FDyvT-0006SE-Nn Feb 28 09:05:42 Cerberus MailScanner[22928]: Message 1FDyvT-0006SE-Nn from 220.104.253.235 (cleopatr@akeva.com) to xxxxxxxxxx.com is not spam, It got a hit from the database, (this is where it gets the score of 19 or whatever) but then mailscanner says it's not spam. Could you not code it so it does this: " if spamassassin cache hit then is definately spam. or am I way off the ball here? Dave ================== On 3/2/06, Dave Strydom wrote: > yeah this is related to the same problem as mine (just checked the > headers of those messages) > > Dave > > On 3/2/06, Julian Field wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > > > I think this is another Perl bug, I've seen this exact behaviour > > several times before. The problem is that I cannot reproduce it and > > so I'm not sure where to put the workaround. > > > > On 2 Mar 2006, at 09:06, Erik van der Leun wrote: > > > > > > > > > > > X-MailScanner-Spamcheck: geen spam, X-MailScanner-SpamScore: 17 > > > > > > This is really all it writes about spam in headers... > > > It detects, but doesn't take action... > > > > > > I //solved// the matter by disabling SA cache by the way... > > > > > > Thanks > > > > > > On Tue, 28 Feb 2006, shuttlebox wrote: > > > > > >> On 2/28/06, Erik van der Leun wrote: > > >> Hi, > > >> > > >> Another issue I fail to understand... > > >> > > >> Since I've recently upgraded MailScanner to 4.50.15.1 and added > > >> pyzor, razor2 checks, it sometimes occurs that spam is detected > > >> well, but not tagged as spam. > > >> > > >> In the mailheaders, I even see the spamscore, but the mail is > > >> not treated as spam... just sent through the regular way. > > >> > > >> No spam subject tag is added either. > > >> > > >> Any thoughts? > > > > > > Post some headers and maybe some log snippets, otherwise it's hard > > > to help. > > > > > > -- > > > /peter > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > - -- > > Julian Field > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP Desktop 9.0.5 (Build 5050) > > > > iQEVAwUBRAa3bvw32o+k+q+hAQFi7gf+LtYg2RiXrU9UoiUxuCAXA7hFpjC3myvp > > PztKGD5eR4ugCLVgUtbnNxW/SopngLMsNr52sq7wcebMfFBRlGFNcKnV1TBb9KNA > > RsVGoqCkNdF1XgyvKx18rOAAm31/wWCh8Cf+R5F1IbJo36uRYbR3uRvHu1P+VREo > > /VgQp3h35XlnJBVnCr50NpHG7pM6h+LXf353qOorlOKDmmF3NZjnkf1ly59LLY7z > > fRvoccgy3dw/+LXJzeky07bzoE0Cv2PXs6FrGeCB6himnDfxv5eoWAy8OL73Tgci > > bn/vkBRiVS31JXU1byf9pZiAcFWhAFYEaCu9LCvCpluP96MoYGGpBg== > > =9NCk > > -----END PGP SIGNATURE----- > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > From MailScanner at ecs.soton.ac.uk Thu Mar 2 11:04:52 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 11:05:02 2006 Subject: Number of messages in a batch In-Reply-To: <625385e30603020207q442a2ca0ude429654d2ac18a4@mail.gmail.com> References: <625385e30603020135x7852e4fav129174bff6a540f1@mail.gmail.com> <625385e30603020207q442a2ca0ude429654d2ac18a4@mail.gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 2 Mar 2006, at 10:07, shuttlebox wrote: > On 3/2/06, Julian Field wrote: >> Patch for MessageBatch.pm is attached. > > Works like a charm! Thank you Julian. Will it be included in the > next release? Yes. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAbRV/w32o+k+q+hAQHJvwf/emVDGoO2xehIqAO9QrdRd2IUzV7mZDtB WD4ZSsUN3h6yK4SB1PUHmfAFju6WR+zDtpN5zWvI99Q3KJT7vFshE1d5AVaY9LDH wm905OCmA7wvuUALcvlWaP7425O8B92zxKaoZ1a9LLEZZ0dartkYsXTRRayUCC7E XmUH7l5qiByoxwxL/MygVLxAF6gvDXLQ0CxltcRvCHmr2CAHOXFRyDWEp5p8n5Re MxEZEnOFh8OFbgZPo4f7GgW6H5LNRQMNtthyKyfG6zFRokXw7/CQpyYx74ccH7Dr 99qc3MSMaz99k2paY5ZrfH1IjrLgrhNbf/A5BR4fqXchqPlJ5cJ8MQ== =zjJU -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 2 11:05:52 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 11:06:00 2006 Subject: spam detected but not tagged In-Reply-To: References: <625385e30602280442j2ee126a9rd0b6261a44a9e062@mail.gmail.com> Message-ID: <0063F38B-C9E0-4312-BCDC-1AD02517BF96@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 2 Mar 2006, at 10:14, Dave Strydom wrote: > I have an idea (it may be stupid though) > > Correct me if I am wrong but, If a message gets a hit from the > spamassassin.cache.db then it is definately spam? No, it caches negative results (briefly) too. > If the above is right, can you do not put a additional check in the > code, that check if the message got a spam hit from the > spamassassin.cache.db, and if it did mark it as spam (regard of the > output it gets from the hit) > > Because as you see from this: > > Feb 28 09:05:42 Cerberus MailScanner[22928]: SpamAssassin cache hit > for message 1FDyvT-0006SE-Nn > Feb 28 09:05:42 Cerberus MailScanner[22928]: Message 1FDyvT-0006SE-Nn > from 220.104.253.235 (cleopatr@akeva.com) to xxxxxxxxxx.com is not > spam, > > It got a hit from the database, (this is where it gets the score of 19 > or whatever) but then mailscanner says it's not spam. Could you not > code it so it does this: " > > if spamassassin cache hit then > is definately spam. > > or am I way off the ball here? > > Dave > > > ================== > On 3/2/06, Dave Strydom wrote: >> yeah this is related to the same problem as mine (just checked the >> headers of those messages) >> >> Dave >> >> On 3/2/06, Julian Field wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> >>> I think this is another Perl bug, I've seen this exact behaviour >>> several times before. The problem is that I cannot reproduce it and >>> so I'm not sure where to put the workaround. >>> >>> On 2 Mar 2006, at 09:06, Erik van der Leun wrote: >>> >>>> >>>> >>>> X-MailScanner-Spamcheck: geen spam, X-MailScanner-SpamScore: 17 >>>> >>>> This is really all it writes about spam in headers... >>>> It detects, but doesn't take action... >>>> >>>> I //solved// the matter by disabling SA cache by the way... >>>> >>>> Thanks >>>> >>>> On Tue, 28 Feb 2006, shuttlebox wrote: >>>> >>>>> On 2/28/06, Erik van der Leun wrote: >>>>> Hi, >>>>> >>>>> Another issue I fail to understand... >>>>> >>>>> Since I've recently upgraded MailScanner to 4.50.15.1 and added >>>>> pyzor, razor2 checks, it sometimes occurs that spam is detected >>>>> well, but not tagged as spam. >>>>> >>>>> In the mailheaders, I even see the spamscore, but the mail is >>>>> not treated as spam... just sent through the regular way. >>>>> >>>>> No spam subject tag is added either. >>>>> >>>>> Any thoughts? >>>> >>>> Post some headers and maybe some log snippets, otherwise it's hard >>>> to help. >>>> >>>> -- >>>> /peter >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> - -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.0.5 (Build 5050) >>> >>> iQEVAwUBRAa3bvw32o+k+q+hAQFi7gf+LtYg2RiXrU9UoiUxuCAXA7hFpjC3myvp >>> PztKGD5eR4ugCLVgUtbnNxW/SopngLMsNr52sq7wcebMfFBRlGFNcKnV1TBb9KNA >>> RsVGoqCkNdF1XgyvKx18rOAAm31/wWCh8Cf+R5F1IbJo36uRYbR3uRvHu1P+VREo >>> /VgQp3h35XlnJBVnCr50NpHG7pM6h+LXf353qOorlOKDmmF3NZjnkf1ly59LLY7z >>> fRvoccgy3dw/+LXJzeky07bzoE0Cv2PXs6FrGeCB6himnDfxv5eoWAy8OL73Tgci >>> bn/vkBRiVS31JXU1byf9pZiAcFWhAFYEaCu9LCvCpluP96MoYGGpBg== >>> =9NCk >>> -----END PGP SIGNATURE----- >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAbRkfw32o+k+q+hAQG/9Qf9EAMWyAyQHJlgzqc8Je/k5RaabY3j3hlN 5mg1wIDtgfrvea8eLKORXXDCWr+S6YBSxWdiSHKw3PTXAu6feKR8Ccw3rvLNuAXk qC+qf7q9Ux/5Kr2CuXG8N6YLZniazcvgzQNI31BGm3/aMuDL+yLY6Z49UziBt4RG z78MoI2Y7RQXlH5zjIHgcwlVu35LAhEpG+OE+uqr6hNYD+wADzEBrIApVHP9sYuq pyDBc6aBfRqvYedbKoNXvrNSm6TLt3g84bW7ggXFiAlE6bH77IWBG7xCKMs/Fafm Q04cC15JTdjIytaA6EF5e9e2cgzttSNCGFKN042aVAGRUAMOS6QcZg== =MLCZ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From pete at enitech.com.au Thu Mar 2 11:17:45 2006 From: pete at enitech.com.au (Pete Russell) Date: Thu Mar 2 11:17:54 2006 Subject: No Longer Fnishes Scans - Resolved In-Reply-To: <4406A7B6.7090301@enitech.com.au> References: <4406A7B6.7090301@enitech.com.au> Message-ID: <4406D459.7030400@enitech.com.au> It was caused by a rule from rulesdujour called Blacklist - it had a grown to a crazy size, deleted and retried and all was well :) Pete Russell wrote: > For some reason today, without any inereference MailScanner startred > accepted new mail but none would ever be delivered and after MS restarts > we would see the be;loe logs. Anyone got any ideas on how to get mail > moving again? > > I changed Use Spamassassin to no and it continues to use SpamAssassin - > so i have left the MS service stopped and fallen back to anothyer server > - but this is not ideal > > Appreciate ANY suggestions > Pete > > Mar 2 18:36:09 car-mbus-sw1 MailScanner[2775]: Using locktype = flock > Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: New Batch: Found 133 > messages waiting > Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: New Batch: Scanning 30 > messages, 151525 bytes > Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: Spam Checks: Starting > Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: Using locktype = flock > Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: New Batch: Found 133 > messages waiting > Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: New Batch: Scanning 30 > messages, 5408558 bytes > Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: Spam Checks: Starting > Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: Using locktype = flock > Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: New Batch: Found 133 > messages waiting > Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: New Batch: Scanning 13 > messages, 140946 bytes > > > In the LINT test i see - so i found the rule and remmed it out of the > local.cf > > 4200] dbg: config: adding redirector regex: > m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i 0.00038 > [4200] warn: config: warning: description exists for non-existent rule > ONTIME_HOSTING, 33.38069 > > After that i retest and find > > [4609] dbg: config: adding redirector regex: > m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i 0.00067 > [4609] dbg: plugin: > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xa83c010) implements > 'finish_parsing_end' 54.86721 > > > Any ideas what would cause this and any suggestions on whatr to try next? From strydom.dave at gmail.com Thu Mar 2 11:20:25 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Thu Mar 2 11:20:28 2006 Subject: spam detected but not tagged In-Reply-To: <0063F38B-C9E0-4312-BCDC-1AD02517BF96@ecs.soton.ac.uk> References: <625385e30602280442j2ee126a9rd0b6261a44a9e062@mail.gmail.com> <0063F38B-C9E0-4312-BCDC-1AD02517BF96@ecs.soton.ac.uk> Message-ID: As a work around for the moment, i've just disabled using the Spamassassin.cache.db if there is anything you would like me to test on my side, please let me know. Dave On 3/2/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > On 2 Mar 2006, at 10:14, Dave Strydom wrote: > > > I have an idea (it may be stupid though) > > > > Correct me if I am wrong but, If a message gets a hit from the > > spamassassin.cache.db then it is definately spam? > > No, it caches negative results (briefly) too. > > > If the above is right, can you do not put a additional check in the > > code, that check if the message got a spam hit from the > > spamassassin.cache.db, and if it did mark it as spam (regard of the > > output it gets from the hit) > > > > Because as you see from this: > > > > Feb 28 09:05:42 Cerberus MailScanner[22928]: SpamAssassin cache hit > > for message 1FDyvT-0006SE-Nn > > Feb 28 09:05:42 Cerberus MailScanner[22928]: Message 1FDyvT-0006SE-Nn > > from 220.104.253.235 (cleopatr@akeva.com) to xxxxxxxxxx.com is not > > spam, > > > > It got a hit from the database, (this is where it gets the score of 19 > > or whatever) but then mailscanner says it's not spam. Could you not > > code it so it does this: " > > > > if spamassassin cache hit then > > is definately spam. > > > > or am I way off the ball here? > > > > Dave > > > > > > ================== > > On 3/2/06, Dave Strydom wrote: > >> yeah this is related to the same problem as mine (just checked the > >> headers of those messages) > >> > >> Dave > >> > >> On 3/2/06, Julian Field wrote: > >>> -----BEGIN PGP SIGNED MESSAGE----- > >>> > >>> I think this is another Perl bug, I've seen this exact behaviour > >>> several times before. The problem is that I cannot reproduce it and > >>> so I'm not sure where to put the workaround. > >>> > >>> On 2 Mar 2006, at 09:06, Erik van der Leun wrote: > >>> > >>>> > >>>> > >>>> X-MailScanner-Spamcheck: geen spam, X-MailScanner-SpamScore: 17 > >>>> > >>>> This is really all it writes about spam in headers... > >>>> It detects, but doesn't take action... > >>>> > >>>> I //solved// the matter by disabling SA cache by the way... > >>>> > >>>> Thanks > >>>> > >>>> On Tue, 28 Feb 2006, shuttlebox wrote: > >>>> > >>>>> On 2/28/06, Erik van der Leun wrote: > >>>>> Hi, > >>>>> > >>>>> Another issue I fail to understand... > >>>>> > >>>>> Since I've recently upgraded MailScanner to 4.50.15.1 and added > >>>>> pyzor, razor2 checks, it sometimes occurs that spam is detected > >>>>> well, but not tagged as spam. > >>>>> > >>>>> In the mailheaders, I even see the spamscore, but the mail is > >>>>> not treated as spam... just sent through the regular way. > >>>>> > >>>>> No spam subject tag is added either. > >>>>> > >>>>> Any thoughts? > >>>> > >>>> Post some headers and maybe some log snippets, otherwise it's hard > >>>> to help. > >>>> > >>>> -- > >>>> /peter > >>>> -- > >>>> MailScanner mailing list > >>>> mailscanner@lists.mailscanner.info > >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>> > >>>> Before posting, read http://wiki.mailscanner.info/posting > >>>> > >>>> Support MailScanner development - buy the book off the website! > >>> > >>> - -- > >>> Julian Field > >>> www.MailScanner.info > >>> Buy the MailScanner book at www.MailScanner.info/store > >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>> > >>> > >>> -----BEGIN PGP SIGNATURE----- > >>> Version: PGP Desktop 9.0.5 (Build 5050) > >>> > >>> iQEVAwUBRAa3bvw32o+k+q+hAQFi7gf+LtYg2RiXrU9UoiUxuCAXA7hFpjC3myvp > >>> PztKGD5eR4ugCLVgUtbnNxW/SopngLMsNr52sq7wcebMfFBRlGFNcKnV1TBb9KNA > >>> RsVGoqCkNdF1XgyvKx18rOAAm31/wWCh8Cf+R5F1IbJo36uRYbR3uRvHu1P+VREo > >>> /VgQp3h35XlnJBVnCr50NpHG7pM6h+LXf353qOorlOKDmmF3NZjnkf1ly59LLY7z > >>> fRvoccgy3dw/+LXJzeky07bzoE0Cv2PXs6FrGeCB6himnDfxv5eoWAy8OL73Tgci > >>> bn/vkBRiVS31JXU1byf9pZiAcFWhAFYEaCu9LCvCpluP96MoYGGpBg== > >>> =9NCk > >>> -----END PGP SIGNATURE----- > >>> > >>> -- > >>> This message has been scanned for viruses and > >>> dangerous content by MailScanner, and is > >>> believed to be clean. > >>> > >>> -- > >>> MailScanner mailing list > >>> mailscanner@lists.mailscanner.info > >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>> > >>> Before posting, read http://wiki.mailscanner.info/posting > >>> > >>> Support MailScanner development - buy the book off the website! > >>> > >> > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQEVAwUBRAbRkfw32o+k+q+hAQG/9Qf9EAMWyAyQHJlgzqc8Je/k5RaabY3j3hlN > 5mg1wIDtgfrvea8eLKORXXDCWr+S6YBSxWdiSHKw3PTXAu6feKR8Ccw3rvLNuAXk > qC+qf7q9Ux/5Kr2CuXG8N6YLZniazcvgzQNI31BGm3/aMuDL+yLY6Z49UziBt4RG > z78MoI2Y7RQXlH5zjIHgcwlVu35LAhEpG+OE+uqr6hNYD+wADzEBrIApVHP9sYuq > pyDBc6aBfRqvYedbKoNXvrNSm6TLt3g84bW7ggXFiAlE6bH77IWBG7xCKMs/Fafm > Q04cC15JTdjIytaA6EF5e9e2cgzttSNCGFKN042aVAGRUAMOS6QcZg== > =MLCZ > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From martinh at solid-state-logic.com Thu Mar 2 11:21:23 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Mar 2 11:21:39 2006 Subject: No Longer Fnishes Scans - Resolved In-Reply-To: <4406D459.7030400@enitech.com.au> Message-ID: <00d301c63deb$702e01b0$3004010a@martinhlaptop> Pete The blacklist SA rule has been retired for many many moons. The URI-RBL's are the replacement for this... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Pete Russell > Sent: 02 March 2006 11:18 > To: MailScanner discussion > Subject: Re: No Longer Fnishes Scans - Resolved > > It was caused by a rule from rulesdujour called Blacklist - it had a > grown to a crazy size, deleted and retried and all was well :) > > > Pete Russell wrote: > > For some reason today, without any inereference MailScanner startred > > accepted new mail but none would ever be delivered and after MS restarts > > we would see the be;loe logs. Anyone got any ideas on how to get mail > > moving again? > > > > I changed Use Spamassassin to no and it continues to use SpamAssassin - > > so i have left the MS service stopped and fallen back to anothyer server > > - but this is not ideal > > > > Appreciate ANY suggestions > > Pete > > > > Mar 2 18:36:09 car-mbus-sw1 MailScanner[2775]: Using locktype = flock > > Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: New Batch: Found 133 > > messages waiting > > Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: New Batch: Scanning 30 > > messages, 151525 bytes > > Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: Spam Checks: Starting > > Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: Using locktype = flock > > Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: New Batch: Found 133 > > messages waiting > > Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: New Batch: Scanning 30 > > messages, 5408558 bytes > > Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: Spam Checks: Starting > > Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: Using locktype = flock > > Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: New Batch: Found 133 > > messages waiting > > Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: New Batch: Scanning 13 > > messages, 140946 bytes > > > > > > In the LINT test i see - so i found the rule and remmed it out of the > > local.cf > > > > 4200] dbg: config: adding redirector regex: > > m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i 0.00038 > > [4200] warn: config: warning: description exists for non-existent rule > > ONTIME_HOSTING, 33.38069 > > > > After that i retest and find > > > > [4609] dbg: config: adding redirector regex: > > m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i 0.00067 > > [4609] dbg: plugin: > > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xa83c010) implements > > 'finish_parsing_end' 54.86721 > > > > > > Any ideas what would cause this and any suggestions on whatr to try > next? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From pete at enitech.com.au Thu Mar 2 11:46:51 2006 From: pete at enitech.com.au (Pete Russell) Date: Thu Mar 2 11:46:58 2006 Subject: No Longer Fnishes Scans - Resolved In-Reply-To: <00d301c63deb$702e01b0$3004010a@martinhlaptop> References: <00d301c63deb$702e01b0$3004010a@martinhlaptop> Message-ID: <4406DB2B.3080107@enitech.com.au> Thanks - any chance you could share you list of trusted rulesets with me? assuming yours is maintained and up to date? ThanksPete TRUSTED_RULESETS="TRIPWIRE SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 SARE_EVILNUMBERS2 SARE_BML SARE_OEM SARE_HEADER SARE_HTML0 SARE_RANDOM SARE_REDIRECT_POST300 SARE_FRAUD BOGUSVIRUS SARE_BAYES_POISON_NXM SARE_ADULT SARE_SPOOF SARE_SPECIFIC SARE_UNSUB SARE_URI0 SARE_URI1 SARE_OBFU0 SARE_GENLSUBJ0 ZMI_GERMAN" Martin Hepworth wrote: > Pete > > The blacklist SA rule has been retired for many many moons. The URI-RBL's > are the replacement for this... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >>-----Original Message----- >>From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>bounces@lists.mailscanner.info] On Behalf Of Pete Russell >>Sent: 02 March 2006 11:18 >>To: MailScanner discussion >>Subject: Re: No Longer Fnishes Scans - Resolved >> >>It was caused by a rule from rulesdujour called Blacklist - it had a >>grown to a crazy size, deleted and retried and all was well :) >> >> >>Pete Russell wrote: >> >>>For some reason today, without any inereference MailScanner startred >>>accepted new mail but none would ever be delivered and after MS restarts >>>we would see the be;loe logs. Anyone got any ideas on how to get mail >>>moving again? >>> >>>I changed Use Spamassassin to no and it continues to use SpamAssassin - >>>so i have left the MS service stopped and fallen back to anothyer server >>>- but this is not ideal >>> >>>Appreciate ANY suggestions >>>Pete >>> >>>Mar 2 18:36:09 car-mbus-sw1 MailScanner[2775]: Using locktype = flock >>>Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: New Batch: Found 133 >>>messages waiting >>>Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: New Batch: Scanning 30 >>>messages, 151525 bytes >>>Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: Spam Checks: Starting >>>Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: Using locktype = flock >>>Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: New Batch: Found 133 >>>messages waiting >>>Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: New Batch: Scanning 30 >>>messages, 5408558 bytes >>>Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: Spam Checks: Starting >>>Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: Using locktype = flock >>>Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: New Batch: Found 133 >>>messages waiting >>>Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: New Batch: Scanning 13 >>>messages, 140946 bytes >>> >>> >>>In the LINT test i see - so i found the rule and remmed it out of the >>>local.cf >>> >>>4200] dbg: config: adding redirector regex: >>>m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i 0.00038 >>>[4200] warn: config: warning: description exists for non-existent rule >>>ONTIME_HOSTING, 33.38069 >>> >>>After that i retest and find >>> >>>[4609] dbg: config: adding redirector regex: >>>m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i 0.00067 >>>[4609] dbg: plugin: >>>Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xa83c010) implements >>>'finish_parsing_end' 54.86721 >>> >>> >>>Any ideas what would cause this and any suggestions on whatr to try >> >>next? >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > From martinh at solid-state-logic.com Thu Mar 2 12:03:56 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Mar 2 12:04:06 2006 Subject: No Longer Fnishes Scans - Resolved In-Reply-To: <4406DB2B.3080107@enitech.com.au> Message-ID: <00e201c63df1$61ea1020$3004010a@martinhlaptop> Pete 1st thing, make sure you RDJ is up to date!!! TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS EVILNUMBERS1 EVILNUMBERS2 SARE_RANDOM RANDOMVAL BOGUSVIRUS SARE_ADULT SARE_BML SARE_URI0 SARE_URI1 SARE_URI3 SARE_URI_ENG SARE_SPOOF SARE_BAYES_POISON_NXM SARE_OEM SARE_RANDOM SARE_HEADER0 SARE_HEADER2 SARE_CODING SARE_SPECIFIC SARE_REDIRECT_POST300 SARE_GENLSUBJ SARE_UNSUB SARE_OBFU SARE_OBFU2 SARE_OBFU3 SARE_WHITELIST SARE_WHITELIST_SPF SARE_WHITELIST_RCVDZMI_GERMAN FVGT_meta FVGT_body FVGT_headers FVGT_rawbody FVGT_subject FVGT_uri JG_badhosts JG_body JG_from JG_german JG_header JG_nazi JG_rawbody JG_subject JG_to SARE_STOCKS"; The JG ones are ones I load extra and aren't in the standard RDJ config....for the FVGT configs see the RDJ web site ... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Pete Russell > Sent: 02 March 2006 11:47 > To: MailScanner discussion > Subject: Re: No Longer Fnishes Scans - Resolved > > Thanks - any chance you could share you list of trusted rulesets with > me? assuming yours is maintained and up to date? > > ThanksPete > > TRUSTED_RULESETS="TRIPWIRE SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 > SARE_EVILNUMBERS2 SARE_BML SARE_OEM SARE_HEADER SARE_HTML0 SARE_RANDOM > SARE_REDIRECT_POST300 SARE_FRAUD BOGUSVIRUS SARE_BAYES_POISON_NXM > SARE_ADULT SARE_SPOOF SARE_SPECIFIC SARE_UNSUB SARE_URI0 SARE_URI1 > SARE_OBFU0 SARE_GENLSUBJ0 ZMI_GERMAN" > > > Martin Hepworth wrote: > > Pete > > > > The blacklist SA rule has been retired for many many moons. The URI- > RBL's > > are the replacement for this... > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > >>-----Original Message----- > >>From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >>bounces@lists.mailscanner.info] On Behalf Of Pete Russell > >>Sent: 02 March 2006 11:18 > >>To: MailScanner discussion > >>Subject: Re: No Longer Fnishes Scans - Resolved > >> > >>It was caused by a rule from rulesdujour called Blacklist - it had a > >>grown to a crazy size, deleted and retried and all was well :) > >> > >> > >>Pete Russell wrote: > >> > >>>For some reason today, without any inereference MailScanner startred > >>>accepted new mail but none would ever be delivered and after MS > restarts > >>>we would see the be;loe logs. Anyone got any ideas on how to get mail > >>>moving again? > >>> > >>>I changed Use Spamassassin to no and it continues to use SpamAssassin - > >>>so i have left the MS service stopped and fallen back to anothyer > server > >>>- but this is not ideal > >>> > >>>Appreciate ANY suggestions > >>>Pete > >>> > >>>Mar 2 18:36:09 car-mbus-sw1 MailScanner[2775]: Using locktype = flock > >>>Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: New Batch: Found 133 > >>>messages waiting > >>>Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: New Batch: Scanning 30 > >>>messages, 151525 bytes > >>>Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: Spam Checks: Starting > >>>Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: Using locktype = flock > >>>Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: New Batch: Found 133 > >>>messages waiting > >>>Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: New Batch: Scanning 30 > >>>messages, 5408558 bytes > >>>Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: Spam Checks: Starting > >>>Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: Using locktype = flock > >>>Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: New Batch: Found 133 > >>>messages waiting > >>>Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: New Batch: Scanning 13 > >>>messages, 140946 bytes > >>> > >>> > >>>In the LINT test i see - so i found the rule and remmed it out of the > >>>local.cf > >>> > >>>4200] dbg: config: adding redirector regex: > >>>m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i 0.00038 > >>>[4200] warn: config: warning: description exists for non-existent rule > >>>ONTIME_HOSTING, 33.38069 > >>> > >>>After that i retest and find > >>> > >>>[4609] dbg: config: adding redirector regex: > >>>m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i 0.00067 > >>>[4609] dbg: plugin: > >>>Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xa83c010) implements > >>>'finish_parsing_end' 54.86721 > >>> > >>> > >>>Any ideas what would cause this and any suggestions on whatr to try > >> > >>next? > >>-- > >>MailScanner mailing list > >>mailscanner@lists.mailscanner.info > >>http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >>Before posting, read http://wiki.mailscanner.info/posting > >> > >>Support MailScanner development - buy the book off the website! > > > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From strydom.dave at gmail.com Thu Mar 2 13:42:29 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Thu Mar 2 13:42:33 2006 Subject: Don't understand this match In-Reply-To: <8408E28D-277B-4553-91F1-E2CAEE463FCE@ecs.soton.ac.uk> References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> <44060F19.3070407@psysolutions.com> <44061184.50003@ecs.soton.ac.uk> <4406211D.6070207@psysolutions.com> <8408E28D-277B-4553-91F1-E2CAEE463FCE@ecs.soton.ac.uk> Message-ID: I gave up on this rule in my mailscanner, because i have clients sending emails that contain like whatever.xls.zip which are legit files, since we do about 80 000 emails a day across 3 scanning servers, it's annoying to backtrack and release legit files that get caught by this rule, so i eventually removed the rule and just put some trust in the virus scanning. Infact i edited a whole bunch of stuff in the filename.rules.conf and filetype.rules.conf because some of the defaults are just not suitable in the shared hosting enviroment. Dave On 3/2/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > On 1 Mar 2006, at 22:33, Richard Thomas wrote: > > > Julian Field wrote: > > > >> > >> It santises the filenames before logging them or outputting them > >> in any way. > >> One way it does this is by shortening them, except for the last > >> filename extension. > >> So you won't always see the full original filename. This is to > >> stop exploits based on the reporting of filenames (imagine if you > >> made up a filename that contained MIME boundaries, newline > >> characters and a complete MIME attachment). It never ever outputs > >> raw data based on the input data without sanitising it in some form. > >> > >> This is a fundamental anti-attack method I use. > >> > > OK, I understand the reasoning behind that. The problem is then I > > guess that it obscures the reason the file was blocked in the first > > place. Not that I'm complaining :) Just wondering if there might be > > some way to reconcile the two issues. > > Not that I have found. > > > (For now, I may just make the reject reason more explicit). > > That's my preferred solution. > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQEVAwUBRAau/vw32o+k+q+hAQF39AgAqe34fCCOHUXzwmYWY8PZikr3IdXidbHT > wsrN39mHvALbIh82RmVUioJdRCknsL6smJXGquhJZGPHZAVZwwdidDdCx7Xsoz2Z > ltVyHGHnVG8LOqMnkG4t97oZXWgRUNtcoLRbUwz4ZlUtWojrSy0i7v+8Vmg2h566 > o6tcAUTn9xEaBEBru5jaQFiYg4JDjKp0qJJoiFMiKiswIk5YSgroRmeL5QMKJkuu > B8iGZJ9FvSPVSHdVR6baGEflwIfEr+4WrGVwqkZoHkMnN8JFF6xxXZZc8jDgJLkl > cinILIHu+AOlSmarFuy7W8QHraMnLj49NeeP+ftalwawsiTON3dDwA== > =6B92 > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From alex at nkpanama.com Thu Mar 2 13:51:18 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Mar 2 13:51:28 2006 Subject: Don't understand this match In-Reply-To: References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> <44060F19.3070407@psysolutions.com> <44061184.50003@ecs.soton.ac.uk> <4406211D.6070207@psysolutions.com> <8408E28D-277B-4553-91F1-E2CAEE463FCE@ecs.soton.ac.uk> Message-ID: <4406F856.2000001@nkpanama.com> You could keep the rule and set "allowed filenames", or you could add "allow .xls ... blabla" before the double extension matching rules. Dave Strydom wrote: > I gave up on this rule in my mailscanner, because i have clients > sending emails that contain like whatever.xls.zip which are legit > files, since we do about 80 000 emails a day across 3 scanning > servers, it's annoying to backtrack and release legit files that get > caught by this rule, so i eventually removed the rule and just put > some trust in the virus scanning. > > Infact i edited a whole bunch of stuff in the filename.rules.conf and > filetype.rules.conf because some of the defaults are just not suitable > in the shared hosting enviroment. > > Dave > > On 3/2/06, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> >> >> On 1 Mar 2006, at 22:33, Richard Thomas wrote: >> >> >>> Julian Field wrote: >>> >>> >>>> It santises the filenames before logging them or outputting them >>>> in any way. >>>> One way it does this is by shortening them, except for the last >>>> filename extension. >>>> So you won't always see the full original filename. This is to >>>> stop exploits based on the reporting of filenames (imagine if you >>>> made up a filename that contained MIME boundaries, newline >>>> characters and a complete MIME attachment). It never ever outputs >>>> raw data based on the input data without sanitising it in some form. >>>> >>>> This is a fundamental anti-attack method I use. >>>> >>>> >>> OK, I understand the reasoning behind that. The problem is then I >>> guess that it obscures the reason the file was blocked in the first >>> place. Not that I'm complaining :) Just wondering if there might be >>> some way to reconcile the two issues. >>> >> Not that I have found. >> >> >>> (For now, I may just make the reject reason more explicit). >>> >> That's my preferred solution. >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.5 (Build 5050) >> >> iQEVAwUBRAau/vw32o+k+q+hAQF39AgAqe34fCCOHUXzwmYWY8PZikr3IdXidbHT >> wsrN39mHvALbIh82RmVUioJdRCknsL6smJXGquhJZGPHZAVZwwdidDdCx7Xsoz2Z >> ltVyHGHnVG8LOqMnkG4t97oZXWgRUNtcoLRbUwz4ZlUtWojrSy0i7v+8Vmg2h566 >> o6tcAUTn9xEaBEBru5jaQFiYg4JDjKp0qJJoiFMiKiswIk5YSgroRmeL5QMKJkuu >> B8iGZJ9FvSPVSHdVR6baGEflwIfEr+4WrGVwqkZoHkMnN8JFF6xxXZZc8jDgJLkl >> cinILIHu+AOlSmarFuy7W8QHraMnLj49NeeP+ftalwawsiTON3dDwA== >> =6B92 >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From MailScanner at ecs.soton.ac.uk Thu Mar 2 14:17:57 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 14:18:06 2006 Subject: Don't understand this match In-Reply-To: References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> <44060F19.3070407@psysolutions.com> <44061184.50003@ecs.soton.ac.uk> <4406211D.6070207@psysolutions.com> <8408E28D-277B-4553-91F1-E2CAEE463FCE@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- The default settings I provide are just what I consider to be a pretty good set that should be mostly okay, for most people, most of the time. Obviously if they aren't right for you, then just change them, that's why it is all configurable :-) When I first wrote the filename.rules.conf file, I put in the double file extension trap as an example of what could do done, beyond just matching simple extension names. I didn't realise how important it became for most sites. On 2 Mar 2006, at 13:42, Dave Strydom wrote: > I gave up on this rule in my mailscanner, because i have clients > sending emails that contain like whatever.xls.zip which are legit > files, since we do about 80 000 emails a day across 3 scanning > servers, it's annoying to backtrack and release legit files that get > caught by this rule, so i eventually removed the rule and just put > some trust in the virus scanning. > > Infact i edited a whole bunch of stuff in the filename.rules.conf and > filetype.rules.conf because some of the defaults are just not suitable > in the shared hosting enviroment. > > Dave > > On 3/2/06, Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> >> >> On 1 Mar 2006, at 22:33, Richard Thomas wrote: >> >>> Julian Field wrote: >>> >>>> >>>> It santises the filenames before logging them or outputting them >>>> in any way. >>>> One way it does this is by shortening them, except for the last >>>> filename extension. >>>> So you won't always see the full original filename. This is to >>>> stop exploits based on the reporting of filenames (imagine if you >>>> made up a filename that contained MIME boundaries, newline >>>> characters and a complete MIME attachment). It never ever outputs >>>> raw data based on the input data without sanitising it in some >>>> form. >>>> >>>> This is a fundamental anti-attack method I use. >>>> >>> OK, I understand the reasoning behind that. The problem is then I >>> guess that it obscures the reason the file was blocked in the first >>> place. Not that I'm complaining :) Just wondering if there might be >>> some way to reconcile the two issues. >> >> Not that I have found. >> >>> (For now, I may just make the reject reason more explicit). >> >> That's my preferred solution. >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.5 (Build 5050) >> >> iQEVAwUBRAau/vw32o+k+q+hAQF39AgAqe34fCCOHUXzwmYWY8PZikr3IdXidbHT >> wsrN39mHvALbIh82RmVUioJdRCknsL6smJXGquhJZGPHZAVZwwdidDdCx7Xsoz2Z >> ltVyHGHnVG8LOqMnkG4t97oZXWgRUNtcoLRbUwz4ZlUtWojrSy0i7v+8Vmg2h566 >> o6tcAUTn9xEaBEBru5jaQFiYg4JDjKp0qJJoiFMiKiswIk5YSgroRmeL5QMKJkuu >> B8iGZJ9FvSPVSHdVR6baGEflwIfEr+4WrGVwqkZoHkMnN8JFF6xxXZZc8jDgJLkl >> cinILIHu+AOlSmarFuy7W8QHraMnLj49NeeP+ftalwawsiTON3dDwA== >> =6B92 >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAb+mPw32o+k+q+hAQH1Jgf+LonselRrBN+DC1oRRKcvKvJXIsIPLxds BRnbjEB0LNFHRUcV7kqouiR9t9sVJbmf3EaouKFMTLX943x3xmCT4WeEOKo1M2uI iX2WXAFpe1wggdklvfPTDzKXCZVLz9YfVk32jBwA3rmJJ8NoMCa8C4a09QjiZD2Y 4i0tRDwLMpFTBAhxFjbScMmtWqHJK11vseRiggI7nBt7EO3zCqxSNhuJMiAgeYow CCbEsF/V395PFDuRiiAMWwNlpnOg1ByouZsAONNJKf/RJQ9wsoFDxpvh1DToF2p6 9nJPn9UaqXqJwUMFICpYX7ElqaRs8DKlg+XQz3IsO1oFFzF86GUFgw== =axqG -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Thu Mar 2 14:43:23 2006 From: rcooper at dwford.com (Rick Cooper) Date: Thu Mar 2 14:43:51 2006 Subject: Don't understand this match In-Reply-To: Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Dave > Strydom > Sent: Thursday, March 02, 2006 8:42 AM > To: MailScanner discussion > Subject: Re: Don't understand this match > > > I gave up on this rule in my mailscanner, because i have clients > sending emails that contain like whatever.xls.zip which are legit > files, since we do about 80 000 emails a day across 3 scanning > servers, it's annoying to backtrack and release legit files that get > caught by this rule, so i eventually removed the rule and just put > some trust in the virus scanning. > > Infact i edited a whole bunch of stuff in the filename.rules.conf and > filetype.rules.conf because some of the defaults are just not suitable > in the shared hosting enviroment. > I too had a bunch of venders that sent various files with double+ dots so added an accept rule ahead of the deny rules like: accept \.(xls|pdf|doc|zip)$ So those would get through so long as they *ended* with an acceptable extention. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From cobalt-users1 at fishnet.co.uk Thu Mar 2 15:06:38 2006 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Thu Mar 2 15:06:50 2006 Subject: Changing MailScanner local7 syslog messages to another facility Message-ID: <440709FE.30530.23A4932D@cobalt-users1.fishnet.co.uk> Hi, I get these messages in my /var/log/boot.log ( local use 7 ): Mar 2 12:36:18 bob MailScanner: succeeded Mar 2 12:40:02 bob last message repeated 5 times Mar 2 12:45:03 bob last message repeated 3 times Mar 2 12:50:02 bob last message repeated 3 times Mar 2 12:55:03 bob last message repeated 3 times Mar 2 13:00:03 bob last message repeated 3 times Mar 2 13:05:02 bob last message repeated 3 times Is it possible to change this to another syslog facility? In MailScanner.conf I have: Syslog Facility = local0 to keep MailScanner messages separate from sendmail messages but it still places these messages in the boot.log. TIA for any assistance Ian -- From bpumphrey at WoodMacLaw.com Thu Mar 2 15:09:22 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Thu Mar 2 15:09:26 2006 Subject: Telnet to port 25 fails Message-ID: <04D932B0071FE34FA63EBB1977B48D15DCB6BB@woodenex.woodmaclaw.local> Hello everyone! Well I have gotten some ground on my new install and I cannot connect to my machine through telnet 25. I was going through the WIKI at this page: http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot :mta:connexion That is a really good page to use for testing but it has no solutions for if the telnet fails. I will copy and paste my entire typed log for what I have done. It gets pretty specific with what errors and commands that I used. I figure the next time that I install these completed notes will help me. I also went to search the mailing list archives. I could not find a search. I know that the list was put on a different server. So I guess that there is no search on the new one of I just could not find it. Here is the big o log... Warning, its pretty long. To get to the point skip near the end. Please tell me if this log may be a helpful informal post when it is all said and done, and I can email the completed log after I am all finished. -------------------------------------------------------------------- - Installed CentOS with spamassassion (version?), mysql (version?), - Downloaded MailScanner 4.50.15-1 - Ran install.sh Error: [root@WoodenMS2 MailScanner-4.50.15-1]# ./install.sh Good. You have the patch command. Your /usr/src/redhat, /usr/src/RPM or /usr/src/packages tree is missing. If you have access to an RPM called rpm-build or rpmbuild then install it first and come back and try again. - 1 hour later I got rpm-build installed [root@WoodenMS2 install]# rpm -ivh rpm-build* warning: rpm-build-4.3.3-11_nonptl.i386.rpm: V3 DSA signature: NOKEY, key ID 443 e1821 Preparing... ########################################### [100%] 1:rpm-build ########################################### [100%] - ran ./install.sh from the MailScanner directory - got another error: [root@WoodenMS2 MailScanner-4.50.15-1]# ./install.sh Good. You have the patch command. Good, you have /usr/src/redhat in place. Writing a .rpmmacros file in your home directory to stop unpackaged files breaking the build process. You can delete it once MailScanner is installed if you want to. Adding to the .rpmmacros file in your home directory to stop RPM trying to be too clever finding Perl requirements. You can delete it once MailScanner is installed if you want to. Good, you appear to only have 1 copy of Perl installed. I think you are running on RedHat Linux, Mandrake Linux or SuSE Linux. You must have the following RPM packages installed before you try and do anything else: binutils glibc-devel gcc make You are missing at least 1 of these. Please install them all (Read the manuals if you do not know how to do this). Then come back and run this install.sh script again. - Next day After spending a few hours trying to get the packages, I started from scratch and reinstalled CentOS 4.2 with the development tools. - OS is installed - Created a user at the console - Ran the program Putty to ssh into the machine - logged in as the user - ran su - and logged in as root - downloaded mailscanner useing wget - now looking for the command to untar a tar.gz file - Found the command and used tar -zxvf MailScanner* - Running ./install.sh install is running ok - MailScanner install done. Said spamassassin was not found and it was not installed. - downloaded = spamassassin 3.1.0 wget http://apache.hoxt.com/spamassassin/source/Mail-SpamAssassin-3.1.0.tar.g z mailwatch 1.0.3 wget http://internap.dl.sourceforge.net/sourceforge/mailwatch/mailwatch-1.0.3 .tar.gz clamav .88 wget http://superb.dl.sourceforge.net/sourceforge/clamav/clamav-0.88.tar.gz bitdefender8 wget http://www.bitdefender.com/site/Download/downloadFile/340/EN/ pyzor 0.4.0 wget http://umn.dl.sourceforge.net/sourceforge/pyzor/pyzor-0.4.0.tar.bz2 php 5.1.2 wget http://us3.php.net/get/php-5.1.2.tar.gz/from/this/mirror - installed spamassassin tar -zxvf Mail-SpamAssassin* cd Mail*Spam* perl Makefile.PL got errors about modules needed. Went to http://svn.apache.org/repos/asf/spamassassin/branches/3.1/INSTALL and got information REQUIRED module missing: Digest::SHA1 optional module missing: Net::DNS optional module missing: Mail::SPF::Query optional module missing: IP::Country optional module missing: Razor2 optional module missing: Net::Ident optional module missing: IO::Socket::INET6 optional module missing: IO::Socket::SSL optional module missing: Archive::Tar optional module missing: IO::Zlib perl -MCPAN -e shell o conf prerequisites_policy ask install Digest::SHA1 install NET::DNS install Mail::SPF::Query install IP::Country install Razor2 got error: cpan> install Razor2 Warning: Cannot install Razor2, don't know what it is. Try the command i /Razor2/ to find objects with matching identifiers. install Net::Ident install IO::Socket::INET6 ( I don't know really why I installed this) install Archive::Tar install IO:Zlib returned: IO::Zlib is up to date. quit perl Makefile.PL (lets try spamassassin again shall we) returned: optional module missing: Razor2 optional module missing: Net::Ident optional module missing: IO::Socket::INET6 optional module missing: IO::Socket::SSL warning: some functionality may not be available, please read the above report before continuing! Checking if your kit is complete... Looks good Writing Makefile for Mail::SpamAssassin Makefile written by ExtUtils::MakeMaker 6.17 perl -MCPAN -e shell i /Razor2/ Returned: Module id = Mail::SpamAssassin::Plugin::Razor2 CPAN_USERID JMASON (Justin Mason ) CPAN_VERSION undef CPAN_FILE J/JM/JMASON/Mail-SpamAssassin-3.1.0.tar.gz INST_FILE (not installed) install Mail::spamAssassin::Plugin::Razor2 perl Makefile.PL Returned: optional module missing: Razor2 optional module missing: Net::Ident optional module missing: IO::Socket::INET6 optional module missing: IO::Socket::SSL Taking a guess that it needs a reboot to get Razor2 and INET6 in action, I will reboot using shutdown -r now - Next day - After the reboot it says razor is not there but I will continue and worry about that later. - Logged into old MailScanner machine and copied over the MailScanner.conf preferences Note I did not just copy over the file changed: Organization stuff at the beginning Quarantine User = root Quarantine group = apache Quarantine permissions = 0660 Quarantine whole message = yes Spam List = ORDB-RBL SBL+XBL Required SpamAssin Score = 5 High ScpamAssassin Score 7.2 Rebuild Bayes Every = 432000 Spam Actions = store deliver header "X-Spam-Status: Yes" High Scoring Spam Actions = store delete header "X-spam-Status: yes" Non Spam Actions = store deliver header "X-Spam-Status: No" Log Spedd = yes Log Spam = yes Log non Spam = yes - I then restart the MailScanner service like so service MailScanner restart && tail -f /var/log/maillog - I checked the log for errors Getting error about no virus scanners installed Getting notice that I do have virus scanners installed also Value of bayesrebuild cannot be a ruleset, only a simple value - I had an error in my Rebuild Bayes Every = ... I had 432000 432000 432000 and more instances instead of just one 432000. I changed it to just 432000 - I restarted MailScanner using the above method and checked the log Still getting the virus scanners message. One saying that I have them installed and one saying that I do not. I will worry about this later. - Copied text from the old /etc/mail/access file to the new server - created /etc/mail/relay-domains on the new machien and put in: woodmaclaw.com www.woodmaclaw.com woodmclaw.com www.woodmclaw.com - edited /etc/mail/mailertable. put in: woodmaclaw.com esmtp:[10.1.1.22] www.woodmaclaw.com esmtp:[10.1.1.22] woodmclaw.com esmtp:[10.1.1.22] www.woodmclaw.com esmtp:[10.1.1.22] - I fowarded some mail to the new machien and the log had not picked up anything - Restart MailScanner - Tried the command telnet IPADDRESS 25 and it is not running as the dos box just does not show it. - restarted the machine - From strydom.dave at gmail.com Thu Mar 2 15:12:53 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Thu Mar 2 15:12:55 2006 Subject: Don't understand this match In-Reply-To: References: Message-ID: Thats not a bad idea, thanks for that Rick. Dave On 3/2/06, Rick Cooper wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Dave > > Strydom > > Sent: Thursday, March 02, 2006 8:42 AM > > To: MailScanner discussion > > Subject: Re: Don't understand this match > > > > > > I gave up on this rule in my mailscanner, because i have clients > > sending emails that contain like whatever.xls.zip which are legit > > files, since we do about 80 000 emails a day across 3 scanning > > servers, it's annoying to backtrack and release legit files that get > > caught by this rule, so i eventually removed the rule and just put > > some trust in the virus scanning. > > > > Infact i edited a whole bunch of stuff in the filename.rules.conf and > > filetype.rules.conf because some of the defaults are just not suitable > > in the shared hosting enviroment. > > > > I too had a bunch of venders that sent various files with double+ dots so > added an accept rule ahead of the deny rules like: > > accept \.(xls|pdf|doc|zip)$ > > So those would get through so long as they *ended* with an acceptable > extention. > > Rick > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Thu Mar 2 15:21:23 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 15:21:37 2006 Subject: Changing MailScanner local7 syslog messages to another facility In-Reply-To: <440709FE.30530.23A4932D@cobalt-users1.fishnet.co.uk> References: <440709FE.30530.23A4932D@cobalt-users1.fishnet.co.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- You need to configure your syslogd, which is controlled by /etc/ syslog.conf. On 2 Mar 2006, at 15:06, Ian wrote: > Hi, > > I get these messages in my /var/log/boot.log ( local use 7 ): > > Mar 2 12:36:18 bob MailScanner: succeeded > Mar 2 12:40:02 bob last message repeated 5 times > Mar 2 12:45:03 bob last message repeated 3 times > Mar 2 12:50:02 bob last message repeated 3 times > Mar 2 12:55:03 bob last message repeated 3 times > Mar 2 13:00:03 bob last message repeated 3 times > Mar 2 13:05:02 bob last message repeated 3 times > > Is it possible to change this to another syslog facility? > > In MailScanner.conf I have: > > Syslog Facility = local0 > > to keep MailScanner messages separate from sendmail messages but it > still places these > messages in the boot.log. > > TIA for any assistance > > Ian > -- > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAcNdvw32o+k+q+hAQHDRAf9ElVPPTy49Sz/7OYhseEIbVh7Mq2lHXlT mpNsf3z3V0+JvEQMSllgGh5+VP/WaYpuL3ZSXeHLfCmyUuj+5owovJBvwwW14K2B NG3wXmVE5yyszTtQUWGCNgJhRmHAF+sKhSZp/O4NlrsXpj91nwN+TQ3488Ljjume wAXxmN0LVHpsP42i2D6qTrBeOf/VDoUOH+qTTpvJ3mKuJ06k34OlNrwlirvo4Org Lh7KoljR1gnR5MpLeQrygkuH4u4N6vu0PIBYYoeUBjdjSNi8xy7zCwWkogLM4tQj MeEX5WYztsQHCKEdH4tBBjyYm99fIoYwFTRnsgAP4WTe+Clg4mo4YQ== =BQoU -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From strydom.dave at gmail.com Thu Mar 2 15:23:41 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Thu Mar 2 15:23:45 2006 Subject: Don't understand this match In-Reply-To: References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> <44060F19.3070407@psysolutions.com> <44061184.50003@ecs.soton.ac.uk> <4406211D.6070207@psysolutions.com> <8408E28D-277B-4553-91F1-E2CAEE463FCE@ecs.soton.ac.uk> Message-ID: Don't get me wrong, I'm not complaining about it at all :) On 3/2/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > The default settings I provide are just what I consider to be a > pretty good set that should be mostly okay, for most people, most of > the time. Obviously if they aren't right for you, then just change > them, that's why it is all configurable :-) > > When I first wrote the filename.rules.conf file, I put in the double > file extension trap as an example of what could do done, beyond just > matching simple extension names. I didn't realise how important it > became for most sites. > > On 2 Mar 2006, at 13:42, Dave Strydom wrote: > > > I gave up on this rule in my mailscanner, because i have clients > > sending emails that contain like whatever.xls.zip which are legit > > files, since we do about 80 000 emails a day across 3 scanning > > servers, it's annoying to backtrack and release legit files that get > > caught by this rule, so i eventually removed the rule and just put > > some trust in the virus scanning. > > > > Infact i edited a whole bunch of stuff in the filename.rules.conf and > > filetype.rules.conf because some of the defaults are just not suitable > > in the shared hosting enviroment. > > > > Dave > > > > On 3/2/06, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> > >> > >> On 1 Mar 2006, at 22:33, Richard Thomas wrote: > >> > >>> Julian Field wrote: > >>> > >>>> > >>>> It santises the filenames before logging them or outputting them > >>>> in any way. > >>>> One way it does this is by shortening them, except for the last > >>>> filename extension. > >>>> So you won't always see the full original filename. This is to > >>>> stop exploits based on the reporting of filenames (imagine if you > >>>> made up a filename that contained MIME boundaries, newline > >>>> characters and a complete MIME attachment). It never ever outputs > >>>> raw data based on the input data without sanitising it in some > >>>> form. > >>>> > >>>> This is a fundamental anti-attack method I use. > >>>> > >>> OK, I understand the reasoning behind that. The problem is then I > >>> guess that it obscures the reason the file was blocked in the first > >>> place. Not that I'm complaining :) Just wondering if there might be > >>> some way to reconcile the two issues. > >> > >> Not that I have found. > >> > >>> (For now, I may just make the reject reason more explicit). > >> > >> That's my preferred solution. > >> - -- > >> Julian Field > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >> > >> -----BEGIN PGP SIGNATURE----- > >> Version: PGP Desktop 9.0.5 (Build 5050) > >> > >> iQEVAwUBRAau/vw32o+k+q+hAQF39AgAqe34fCCOHUXzwmYWY8PZikr3IdXidbHT > >> wsrN39mHvALbIh82RmVUioJdRCknsL6smJXGquhJZGPHZAVZwwdidDdCx7Xsoz2Z > >> ltVyHGHnVG8LOqMnkG4t97oZXWgRUNtcoLRbUwz4ZlUtWojrSy0i7v+8Vmg2h566 > >> o6tcAUTn9xEaBEBru5jaQFiYg4JDjKp0qJJoiFMiKiswIk5YSgroRmeL5QMKJkuu > >> B8iGZJ9FvSPVSHdVR6baGEflwIfEr+4WrGVwqkZoHkMnN8JFF6xxXZZc8jDgJLkl > >> cinILIHu+AOlSmarFuy7W8QHraMnLj49NeeP+ftalwawsiTON3dDwA== > >> =6B92 > >> -----END PGP SIGNATURE----- > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQEVAwUBRAb+mPw32o+k+q+hAQH1Jgf+LonselRrBN+DC1oRRKcvKvJXIsIPLxds > BRnbjEB0LNFHRUcV7kqouiR9t9sVJbmf3EaouKFMTLX943x3xmCT4WeEOKo1M2uI > iX2WXAFpe1wggdklvfPTDzKXCZVLz9YfVk32jBwA3rmJJ8NoMCa8C4a09QjiZD2Y > 4i0tRDwLMpFTBAhxFjbScMmtWqHJK11vseRiggI7nBt7EO3zCqxSNhuJMiAgeYow > CCbEsF/V395PFDuRiiAMWwNlpnOg1ByouZsAONNJKf/RJQ9wsoFDxpvh1DToF2p6 > 9nJPn9UaqXqJwUMFICpYX7ElqaRs8DKlg+XQz3IsO1oFFzF86GUFgw== > =axqG > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From matt at coders.co.uk Thu Mar 2 15:26:24 2006 From: matt at coders.co.uk (Matt Hampton) Date: Thu Mar 2 15:26:20 2006 Subject: Telnet to port 25 fails In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15DCB6BB@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15DCB6BB@woodenex.woodmaclaw.local> Message-ID: <44070EA0.2000107@coders.co.uk> Billy A. Pumphrey wrote: > - Tried the command telnet IPADDRESS 25 and it is not running as the dos > box just does not show it. I am guessing that you are running sendmail...... >From the box itself try "telnet 127.0.0.1 25" I am guessing this is going to work. By default sendmail now ships NOT listening to external connections. You will need to modify your sendmail configuration (edit the /etc/mail/sendmail.mc and then run make in the /etc/mail directory) matt From strydom.dave at gmail.com Thu Mar 2 15:30:16 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Thu Mar 2 15:30:42 2006 Subject: No Longer Fnishes Scans In-Reply-To: <4406A7B6.7090301@enitech.com.au> References: <4406A7B6.7090301@enitech.com.au> Message-ID: I had this problem a while back, I found that if i disabled the TNEF stuff, it started working like a charm. Expand TNEF = no Deliver Unparsable TNEF = yes Try it and let me know, also try this: Spam Checks = no Dave On 3/2/06, Pete Russell wrote: > For some reason today, without any inereference MailScanner startred > accepted new mail but none would ever be delivered and after MS restarts > we would see the be;loe logs. Anyone got any ideas on how to get mail > moving again? > > I changed Use Spamassassin to no and it continues to use SpamAssassin - > so i have left the MS service stopped and fallen back to anothyer server > - but this is not ideal > > Appreciate ANY suggestions > Pete > > Mar 2 18:36:09 car-mbus-sw1 MailScanner[2775]: Using locktype = flock > Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: New Batch: Found 133 > messages waiting > Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: New Batch: Scanning 30 > messages, 151525 bytes > Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: Spam Checks: Starting > Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: Using locktype = flock > Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: New Batch: Found 133 > messages waiting > Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: New Batch: Scanning 30 > messages, 5408558 bytes > Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: Spam Checks: Starting > Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: Using locktype = flock > Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: New Batch: Found 133 > messages waiting > Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: New Batch: Scanning 13 > messages, 140946 bytes > > > In the LINT test i see - so i found the rule and remmed it out of the > local.cf > > 4200] dbg: config: adding redirector regex: > m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i 0.00038 > [4200] warn: config: warning: description exists for non-existent rule > ONTIME_HOSTING, 33.38069 > > After that i retest and find > > [4609] dbg: config: adding redirector regex: > m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i 0.00067 > [4609] dbg: plugin: > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xa83c010) implements > 'finish_parsing_end' 54.86721 > > > Any ideas what would cause this and any suggestions on whatr to try next? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From jaearick at colby.edu Thu Mar 2 15:40:33 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Mar 2 15:40:45 2006 Subject: Number of messages in a batch In-Reply-To: References: <625385e30603020135x7852e4fav129174bff6a540f1@mail.gmail.com> Message-ID: Julian, A great addition! Works, many thanks. Jeff Earickson Colby College On Thu, 2 Mar 2006, Julian Field wrote: > Date: Thu, 2 Mar 2006 09:49:15 +0000 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: Number of messages in a batch > > Patch for MessageBatch.pm is attached. > > From shrek-m at gmx.de Thu Mar 2 15:42:53 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Thu Mar 2 15:43:00 2006 Subject: Telnet to port 25 fails In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15DCB6BB@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15DCB6BB@woodenex.woodmaclaw.local> Message-ID: <4407127D.2010907@gmx.de> On 02.03.2006 16:09, Billy A. Pumphrey wrote: >Well I have gotten some ground on my new install and I cannot connect to >my machine through telnet 25. > > # lsof -nPi :25 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME sendmail 5427 root 3u IPv4 12244 TCP 127.0.0.1:25 (LISTEN) sendmail 5427 root 5u IPv4 12245 TCP 192.168.0.10:25 (LISTEN) # grep ^DAEMON /etc/mail/sendmail.mc DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl DAEMON_OPTIONS(`Port=smtp,Addr=192.168.0.10, Name=MTA')dnl [...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................] From john at jolet.net Thu Mar 2 15:52:52 2006 From: john at jolet.net (John Jolet) Date: Thu Mar 2 15:52:56 2006 Subject: Telnet to port 25 fails In-Reply-To: <4407127D.2010907@gmx.de> References: <04D932B0071FE34FA63EBB1977B48D15DCB6BB@woodenex.woodmaclaw.local> <4407127D.2010907@gmx.de> Message-ID: On Mar 2, 2006, at 9:42 AM, shrek-m@gmx.de wrote: > On 02.03.2006 16:09, Billy A. Pumphrey wrote: > >> Well I have gotten some ground on my new install and I cannot >> connect to >> my machine through telnet 25. >> > > # lsof -nPi :25 > COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME > sendmail 5427 root 3u IPv4 12244 TCP 127.0.0.1:25 (LISTEN) > sendmail 5427 root 5u IPv4 12245 TCP 192.168.0.10:25 > (LISTEN) > > > # grep ^DAEMON /etc/mail/sendmail.mc > DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl > DAEMON_OPTIONS(`Port=smtp,Addr=192.168.0.10, Name=MTA')dnl > if it's truly listening, but you can't connect from external...see if you can telnet localhost 25. sounds like a firewall problem or a route problem. From shuttlebox at gmail.com Thu Mar 2 15:57:11 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 2 15:57:14 2006 Subject: Number of messages in a batch In-Reply-To: References: <625385e30603020135x7852e4fav129174bff6a540f1@mail.gmail.com> Message-ID: <625385e30603020757l48327b40j55f7588f025b3662@mail.gmail.com> On 3/2/06, Jeff A. Earickson wrote: > Julian, > > A great addition! Works, many thanks. > > Jeff Earickson > Colby College Somehow I knew you would like it. :-) -- /peter From alex at nkpanama.com Thu Mar 2 16:00:10 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Mar 2 16:00:23 2006 Subject: Don't understand this match In-Reply-To: References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> <44060F19.3070407@psysolutions.com> <44061184.50003@ecs.soton.ac.uk> <4406211D.6070207@psysolutions.com> <8408E28D-277B-4553-91F1-E2CAEE463FCE@ecs.soton.ac.uk> Message-ID: <4407168A.1090504@nkpanama.com> Me neither! ;) Specially since everything's SO configurable! Dave Strydom wrote: > Don't get me wrong, I'm not complaining about it at all :) > > On 3/2/06, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> >> The default settings I provide are just what I consider to be a >> pretty good set that should be mostly okay, for most people, most of >> the time. Obviously if they aren't right for you, then just change >> them, that's why it is all configurable :-) >> >> When I first wrote the filename.rules.conf file, I put in the double >> file extension trap as an example of what could do done, beyond just >> matching simple extension names. I didn't realise how important it >> became for most sites. >> >> On 2 Mar 2006, at 13:42, Dave Strydom wrote: >> >> >>> I gave up on this rule in my mailscanner, because i have clients >>> sending emails that contain like whatever.xls.zip which are legit >>> files, since we do about 80 000 emails a day across 3 scanning >>> servers, it's annoying to backtrack and release legit files that get >>> caught by this rule, so i eventually removed the rule and just put >>> some trust in the virus scanning. >>> >>> Infact i edited a whole bunch of stuff in the filename.rules.conf and >>> filetype.rules.conf because some of the defaults are just not suitable >>> in the shared hosting enviroment. >>> >>> Dave >>> >>> On 3/2/06, Julian Field wrote: >>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> >>>> >>>> On 1 Mar 2006, at 22:33, Richard Thomas wrote: >>>> >>>> >>>>> Julian Field wrote: >>>>> >>>>> >>>>>> It santises the filenames before logging them or outputting them >>>>>> in any way. >>>>>> One way it does this is by shortening them, except for the last >>>>>> filename extension. >>>>>> So you won't always see the full original filename. This is to >>>>>> stop exploits based on the reporting of filenames (imagine if you >>>>>> made up a filename that contained MIME boundaries, newline >>>>>> characters and a complete MIME attachment). It never ever outputs >>>>>> raw data based on the input data without sanitising it in some >>>>>> form. >>>>>> >>>>>> This is a fundamental anti-attack method I use. >>>>>> >>>>>> >>>>> OK, I understand the reasoning behind that. The problem is then I >>>>> guess that it obscures the reason the file was blocked in the first >>>>> place. Not that I'm complaining :) Just wondering if there might be >>>>> some way to reconcile the two issues. >>>>> >>>> Not that I have found. >>>> >>>> >>>>> (For now, I may just make the reject reason more explicit). >>>>> >>>> That's my preferred solution. >>>> - -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: PGP Desktop 9.0.5 (Build 5050) >>>> >>>> iQEVAwUBRAau/vw32o+k+q+hAQF39AgAqe34fCCOHUXzwmYWY8PZikr3IdXidbHT >>>> wsrN39mHvALbIh82RmVUioJdRCknsL6smJXGquhJZGPHZAVZwwdidDdCx7Xsoz2Z >>>> ltVyHGHnVG8LOqMnkG4t97oZXWgRUNtcoLRbUwz4ZlUtWojrSy0i7v+8Vmg2h566 >>>> o6tcAUTn9xEaBEBru5jaQFiYg4JDjKp0qJJoiFMiKiswIk5YSgroRmeL5QMKJkuu >>>> B8iGZJ9FvSPVSHdVR6baGEflwIfEr+4WrGVwqkZoHkMnN8JFF6xxXZZc8jDgJLkl >>>> cinILIHu+AOlSmarFuy7W8QHraMnLj49NeeP+ftalwawsiTON3dDwA== >>>> =6B92 >>>> -----END PGP SIGNATURE----- >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.5 (Build 5050) >> >> iQEVAwUBRAb+mPw32o+k+q+hAQH1Jgf+LonselRrBN+DC1oRRKcvKvJXIsIPLxds >> BRnbjEB0LNFHRUcV7kqouiR9t9sVJbmf3EaouKFMTLX943x3xmCT4WeEOKo1M2uI >> iX2WXAFpe1wggdklvfPTDzKXCZVLz9YfVk32jBwA3rmJJ8NoMCa8C4a09QjiZD2Y >> 4i0tRDwLMpFTBAhxFjbScMmtWqHJK11vseRiggI7nBt7EO3zCqxSNhuJMiAgeYow >> CCbEsF/V395PFDuRiiAMWwNlpnOg1ByouZsAONNJKf/RJQ9wsoFDxpvh1DToF2p6 >> 9nJPn9UaqXqJwUMFICpYX7ElqaRs8DKlg+XQz3IsO1oFFzF86GUFgw== >> =axqG >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From bpumphrey at WoodMacLaw.com Thu Mar 2 16:01:07 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Thu Mar 2 16:01:14 2006 Subject: Telnet to port 25 fails Message-ID: <04D932B0071FE34FA63EBB1977B48D15DCB75F@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Matt Hampton > Sent: Thursday, March 02, 2006 10:26 AM > To: MailScanner discussion > Subject: Re: Telnet to port 25 fails > > Billy A. Pumphrey wrote: > > > - Tried the command telnet IPADDRESS 25 and it is not running as the dos > > box just does not show it. > > > > I am guessing that you are running sendmail...... > > >From the box itself try "telnet 127.0.0.1 25" > > I am guessing this is going to work. > > By default sendmail now ships NOT listening to external connections. > You will need to modify your sendmail configuration (edit the > /etc/mail/sendmail.mc and then run make in the /etc/mail directory) > > matt > That was it. Man you guys are good. Thank you From hermit921 at yahoo.com Thu Mar 2 16:46:35 2006 From: hermit921 at yahoo.com (hermit921) Date: Thu Mar 2 16:46:08 2006 Subject: CLSID matching In-Reply-To: <6.2.1.2.2.20060224122329.0319fed0@pop.mail.yahoo.com> References: <43D7B0C6.4030009@pixelhammer.com> <43D7B4E9.3080601@ecs.soton.ac.uk> <6.2.1.2.2.20060224122329.0319fed0@pop.mail.yahoo.com> Message-ID: <6.2.1.2.2.20060302084546.01e07ad0@pop.mail.yahoo.com> I was looking in the filenames file at the CLSID line. Doesn't this match any file name containing that 25 character string in {}, not just ending in that string? hermit921 # Deny filenames ending with CLSID's deny \{[a-hA-H0-9-]{25,}\} Filename trying to hide its real type Files containing CLSID's are trying to hide their real type From rcooper at dwford.com Thu Mar 2 17:02:13 2006 From: rcooper at dwford.com (Rick Cooper) Date: Thu Mar 2 17:02:35 2006 Subject: CLSID matching In-Reply-To: <6.2.1.2.2.20060302084546.01e07ad0@pop.mail.yahoo.com> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of > hermit921 > Sent: Thursday, March 02, 2006 11:47 AM > To: MailScanner discussion > Subject: Re: CLSID matching > > > I was looking in the filenames file at the CLSID line. Doesn't > this match > any file name containing that 25 character string in {}, not just > ending in > that string? > > hermit921 > > > # Deny filenames ending with CLSID's > deny \{[a-hA-H0-9-]{25,}\} Filename trying to hide its real > type Files > containing CLSID's are trying to hide their real type > > Technically yes, but I cannot imagine someone naming a file with: {ABCDEF012345679-ABCDEF01} anywhere in the file name,but it should be deny \.\{[a-hA-H0-9-]{25,}\}$ for the vulernability to work (IIRC) Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shrek-m at gmx.de Thu Mar 2 17:33:46 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Thu Mar 2 17:33:54 2006 Subject: Telnet to port 25 fails In-Reply-To: <44070EA0.2000107@coders.co.uk> References: <04D932B0071FE34FA63EBB1977B48D15DCB6BB@woodenex.woodmaclaw.local> <44070EA0.2000107@coders.co.uk> Message-ID: <44072C7A.7010102@gmx.de> On 02.03.2006 16:26, Matt Hampton wrote: >By default sendmail now ships NOT listening to external connections. > > now == a very long time, iirc since rhl7.x http://www.seifried.org/security/os/linux/redhat/20011031-rh72-sendmail.html This has got to be one of the worst and best features about Red Hat Linux 7.2. Getting sendmail to listen to things other then itself (localhost) http://www.europe.redhat.com/documentation/rhl7.3/rhl-rg-en-7.3/s1-email-sendmail.php3 *Important The default sendmail.cf does not allow sendmail to accept network connections from any host other than the local computer. If you want to configure sendmail as a server for other clients, please edit /etc/mail/sendmail.mc and change DAEMON_OPTIONS to also listen on network devices or comment out this option all together. Then regenerate /etc/sendmail.cf by running: -- shrek-m * From rcooper at dwford.com Thu Mar 2 18:08:35 2006 From: rcooper at dwford.com (Rick Cooper) Date: Thu Mar 2 18:09:01 2006 Subject: CLSID matching In-Reply-To: <6.2.1.2.2.20060302084546.01e07ad0@pop.mail.yahoo.com> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of > hermit921 > Sent: Thursday, March 02, 2006 11:47 AM > To: MailScanner discussion > Subject: Re: CLSID matching > > > I was looking in the filenames file at the CLSID line. Doesn't > this match > any file name containing that 25 character string in {}, not just > ending in > that string? > > hermit921 > > > # Deny filenames ending with CLSID's > deny \{[a-hA-H0-9-]{25,}\} Filename trying to hide its real > type Files > containing CLSID's are trying to hide their real type Not to beat a dead horse, but I was thinking after that last post and if you want to get technically correct a CLSID is a string of five groups of Hex number groups in the format of 8-4-4-12 such as {00020812-0000-0000-C000-000000000046} for the microsoft excel application. So a properly formatted CLSID detection regex would be: deny \.\{[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{ 12}\}$ or I guess you could shorten it to: deny \.\{[a-fA-F0-9]{8}(?:-[a-fA-F0-9]{4}){3}-[a-fA-F0-9]{12}\}$ Rick Cooper -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From matt at coders.co.uk Thu Mar 2 18:11:24 2006 From: matt at coders.co.uk (Matt Hampton) Date: Thu Mar 2 18:11:21 2006 Subject: Telnet to port 25 fails In-Reply-To: <44072C7A.7010102@gmx.de> References: <04D932B0071FE34FA63EBB1977B48D15DCB6BB@woodenex.woodmaclaw.local> <44070EA0.2000107@coders.co.uk> <44072C7A.7010102@gmx.de> Message-ID: <4407354C.9050405@coders.co.uk> shrek-m@gmx.de wrote: > On 02.03.2006 16:26, Matt Hampton wrote: > >> By default sendmail now ships NOT listening to external connections. >> >> > > now == a very long time, iirc since rhl7.x I have used my own MC files since rh6 so please forgive me ;-) From jd at bentecmed.com Thu Mar 2 18:24:24 2006 From: jd at bentecmed.com (JD Doelitzsch) Date: Thu Mar 2 18:28:29 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: <4405E837.4010905@ecs.soton.ac.uk> Message-ID: Why is it that im not married and I still suffer that problem?? -JD -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian Field Sent: Wednesday, March 01, 2006 10:30 AM To: MailScanner discussion Subject: Re: I need help. I'm out of time and out of patients -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > BB spake the following on 3/1/2006 8:14 AM: > >> Thanks Julian >> >> As my new wife to be would say - >> >> Your not getting older, your getting longer. >> > Or as my current wife says; > "Shut up and roll over, you're snoring!" > See what you have to look forward to ;-) > Fortunately I'm not married, so don't suffer that problem :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAXoNxH2WUcUFbZUEQKXVQCdH7skv9X1cni+Q9oJdpHsOotFlRwAmwZm +zPJm+wVIHdeYqTQ5dzEyDWT =TfbZ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 2 18:29:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 18:29:26 2006 Subject: CLSID matching In-Reply-To: References: Message-ID: <44073981.5050305@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Agreed, but my simple one is faster and close enough. I've never had a report of a false alarm. If it ain't broke (or anyone is reporting it as broke) then I see no point in fixing it :-) Rick Cooper wrote: >> I was looking in the filenames file at the CLSID line. Doesn't >> this match >> any file name containing that 25 character string in {}, not just >> ending in >> that string? >> >> hermit921 >> >> >> # Deny filenames ending with CLSID's >> deny \{[a-hA-H0-9-]{25,}\} Filename trying to hide its real >> type Files >> containing CLSID's are trying to hide their real type >> > > Not to beat a dead horse, but I was thinking after that last post and if you > want to get technically correct a CLSID is a string of five groups of Hex > number groups in the format of 8-4-4-12 such as > {00020812-0000-0000-C000-000000000046} for the microsoft excel application. > So a properly formatted CLSID detection regex would be: > > deny > \.\{[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{ > 12}\}$ > > or I guess you could shorten it to: deny > \.\{[a-fA-F0-9]{8}(?:-[a-fA-F0-9]{4}){3}-[a-fA-F0-9]{12}\}$ > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAc5ghH2WUcUFbZUEQJHEACg271hYPMuQ+6Rhux56Q4etwhmzyMAoLPo eTq4ckQA0LVroYNokcAiOpkh =xfaU -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hermit921 at yahoo.com Thu Mar 2 18:40:04 2006 From: hermit921 at yahoo.com (hermit921) Date: Thu Mar 2 18:39:26 2006 Subject: CLSID matching In-Reply-To: <44073981.5050305@ecs.soton.ac.uk> References: <44073981.5050305@ecs.soton.ac.uk> Message-ID: <6.2.1.2.2.20060302103844.02b3afd0@pop.mail.yahoo.com> Back to my original question. Does this expression match anywhere in the file name or match only as the end of the file name? The comments say one thing but I read it as the other. hermit921 At 10:29 AM 3/2/2006, Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Agreed, but my simple one is faster and close enough. I've never had a >report of a false alarm. If it ain't broke (or anyone is reporting it as >broke) then I see no point in fixing it :-) > >Rick Cooper wrote: > >> I was looking in the filenames file at the CLSID line. Doesn't this match > >> any file name containing that 25 character string in {}, not just > ending in > >> that string? > >> > >> hermit921 > >> > >> > >> # Deny filenames ending with CLSID's > >> deny \{[a-hA-H0-9-]{25,}\} Filename trying to hide its real > >> type Files > >> containing CLSID's are trying to hide their real type > >> > > > > Not to beat a dead horse, but I was thinking after that last post and > if you > > want to get technically correct a CLSID is a string of five groups of Hex > > number groups in the format of 8-4-4-12 such as > > {00020812-0000-0000-C000-000000000046} for the microsoft excel application. > > So a properly formatted CLSID detection regex would be: > > > > deny > > > \.\{[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{ > > 12}\}$ > > > > or I guess you could shorten it to: deny > > \.\{[a-fA-F0-9]{8}(?:-[a-fA-F0-9]{4}){3}-[a-fA-F0-9]{12}\}$ > > >- -- >Julian Field From rcooper at dwford.com Thu Mar 2 19:01:14 2006 From: rcooper at dwford.com (Rick Cooper) Date: Thu Mar 2 19:01:33 2006 Subject: CLSID matching In-Reply-To: <6.2.1.2.2.20060302103844.02b3afd0@pop.mail.yahoo.com> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of > hermit921 > Sent: Thursday, March 02, 2006 1:40 PM > To: MailScanner discussion > Subject: Re: CLSID matching > > > Back to my original question. Does this expression match anywhere in the > file name or match only as the end of the file name? The > comments say one > thing but I read it as the other. > yes -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From combs at magnet.fsu.edu Thu Mar 2 19:10:39 2006 From: combs at magnet.fsu.edu (Tom Combs) Date: Thu Mar 2 19:10:44 2006 Subject: move attachments from email to web? Message-ID: <4407432F.8060001@magnet.fsu.edu> Hi, This is off topic but given the experience of this group, I thought I'd ask... I'd like to be able to scrub large attachments from email, converting them to html and making them accessible via a provided URL. Does anyone have any experience with this? If so, how do you do it? Thanks, Tom Combs -- Tom Combs E-mail: combs@magnet.fsu.edu National High Magnetic Field Laboratory Phone: (850) 644-1657 1800 E. Paul Dirac Drive Tallahassee, FL 32310 From martelm at quark.vsc.edu Thu Mar 2 19:11:04 2006 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Thu Mar 2 19:11:12 2006 Subject: Problem with "Use TNEF Contents" ? Message-ID: <70AB70562F9AC762534846D5@[192.168.1.230]> Greetings! I love the new version. :) However, I'm seeing an oddity. On messages that contain winmail.dat attachments, the contents appear to be added to the message, even though the setting in the config file is replace. Am I reading this wrong ? Replace indicates that it should remove the winmail.dat. I've included the section of my .conf file and the output of MailScanner --lint and MailScanner -v Thanks! # Expand TNEF attachments using an external program (or a Perl module)? # This should be "yes" unless the scanner you are using (Sophos, McAfee) has # the facility built-in. However, if you set it to "no", then the filenames # within the TNEF attachment will not be checked against the filename rules. Expand TNEF = yes # When the TNEF (winmail.dat) attachments are expanded, should the # attachments contained in there be added to the list of attachments in # the message? # If you set this to "add" or "replace" then recipients of messages sent # in "Outlook Rich Text Format" (TNEF) will be able to read the attachments # if they are not using Microsoft Outlook. # # no => Leave winmail.dat TNEF attachments alone. # add => Add the contents of winmail.dat as extra attachments, but also # still include the winmail.dat file itself. This will result in # TNEF messages being doubled in size. # replace => Replace the winmail.dat TNEF attachment with the files it # contains, and delete the original winmail.dat file itself. # This means the message stays the same size, but is usable by # non-Outlook recipients. # # This can also be the filename of a ruleset. #Use TNEF Contents = replace Use TNEF Contents = replace [root@hemlock etc]# /opt/MailScanner/bin/MailScanner --lint Read 710 hostnames from the phishing whitelist Config: calling custom init function MailWatchLogging Cannot write pid file , No such file or directory at /opt/MailScanner/bin/MailScanner line 1238 Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamav mcafee bitdefender f-prot" Found these virus scanners installed: bitdefender, f-prot, clamav, mcafee [root@hemlock etc]# /opt/MailScanner/bin/MailScanner -v Running on Linux hemlock.vsc.edu 2.4.20-28.7smp #1 SMP Thu Dec 18 11:18:31 EST 2003 i686 unknown This is Red Hat Linux release 7.3 (Valhalla) This is Perl version 5.008006 (5.8.6) This is MailScanner version 4.51.4 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.16 File::Temp 1.32 HTML::Entities 3.48 HTML::Parser 2.35 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.03 MIME::QuotedPrint 5.419 MIME::Tools 0.11 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.811 DB_File 1.11 DBD::SQLite 1.50 DBI 1.08 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 0.44 Inline missing Mail::ClamAV 3.001000 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.18 Net::CIDR::Lite 0.48 Net::DNS 0.32 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.2 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 From hermit921 at yahoo.com Thu Mar 2 19:12:58 2006 From: hermit921 at yahoo.com (hermit921) Date: Thu Mar 2 19:12:30 2006 Subject: CLSID matching In-Reply-To: References: <6.2.1.2.2.20060302103844.02b3afd0@pop.mail.yahoo.com> Message-ID: <6.2.1.2.2.20060302110856.02b4ab20@pop.mail.yahoo.com> At 11:01 AM 3/2/2006, Rick Cooper wrote: > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of > > hermit921 > > Sent: Thursday, March 02, 2006 1:40 PM > > To: MailScanner discussion > > Subject: Re: CLSID matching > > > > > > Back to my original question. Does this expression match anywhere in the > > file name or match only as the end of the file name? The comments say one > > thing but I read it as the other. > > > >yes Yes - it matches the end OR Yes - it matches anywhere ??? From MailScanner at ecs.soton.ac.uk Thu Mar 2 19:14:56 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 19:15:02 2006 Subject: CLSID matching In-Reply-To: References: Message-ID: <44074430.4010602@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rick Cooper wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of >> hermit921 >> Sent: Thursday, March 02, 2006 1:40 PM >> To: MailScanner discussion >> Subject: Re: CLSID matching >> >> >> Back to my original question. Does this expression match anywhere in the >> file name or match only as the end of the file name? The >> comments say one >> thing but I read it as the other. >> >> > > yes > Either or? And the answer is "yes". Hmmm.... The expression matches anywhere in the filename, not just at the end. I decided to make it more general in case there later appeared any other vulnerabilities of a similar type, and as I said it has never caused a false alarm that I know of. (Apologies for lousy grammar!) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAdEMRH2WUcUFbZUEQIbiQCeLPX1co/lewYF3mhBisu5CDr2RMYAniDM YMSaU/NxnHJCNcod/6m3sju1 =QEry -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Thu Mar 2 19:20:36 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 2 19:20:39 2006 Subject: CLSID matching In-Reply-To: <6.2.1.2.2.20060302110856.02b4ab20@pop.mail.yahoo.com> References: <6.2.1.2.2.20060302103844.02b3afd0@pop.mail.yahoo.com> <6.2.1.2.2.20060302110856.02b4ab20@pop.mail.yahoo.com> Message-ID: <223f97700603021120m319c914bu@mail.gmail.com> On 02/03/06, hermit921 wrote: > At 11:01 AM 3/2/2006, Rick Cooper wrote: > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of > > > hermit921 > > > Sent: Thursday, March 02, 2006 1:40 PM > > > To: MailScanner discussion > > > Subject: Re: CLSID matching > > > > > > > > > Back to my original question. Does this expression match anywhere in the > > > file name or match only as the end of the file name? The comments say one > > > thing but I read it as the other. > > > > > > >yes > > Yes - it matches the end > OR > Yes - it matches anywhere > > ??? > > It's not anchored, so it is the latter. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Thu Mar 2 19:28:41 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 19:28:46 2006 Subject: move attachments from email to web? In-Reply-To: <4407432F.8060001@magnet.fsu.edu> References: <4407432F.8060001@magnet.fsu.edu> Message-ID: <44074769.3000403@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We have a quarantine retrieval system here which puts quarantined attachments on a website. It isn't quite what you want, but might help. How would you move the attachments to a website? It is quite possible to process the message to remove attachments bigger than a certain size and copy them somewhere, but you have the whole security problem to be aware of. Just generate a random URL? When would you delete the file? It's got to hang around for quite a while. You would replace the attachment with a text attachment containing the URL for the file. It sounds an interesting project to write, and I am quite willing to help. Things are pretty quiet right now (he says, cursing himself into a month like January!). If you can expand the spec, that would help. We could have a directory and ownership and permissions supplied, and a random directory name containing the files attached to a particular message that are over a certain size. So supply: Directory name Owner Group Permissions I then create a random directory name (based on the message queue id for simplicity) and move the attachments into there. I then replace the attachments one at a time with text/plain or text/html attachments directing the user to click on a link to download the attachment, whose filename will be the sanitised original attachment name. How does that sound? A nice little project that would be particularly useful to users with slow connections who are using POP and have a tight mail quota. It effectively moves their mail quota into web server space, but that's not my problem :-) Tom Combs wrote: > Hi, This is off topic but given the experience of this group, I thought > I'd ask... > I'd like to be able to scrub large attachments from email, converting > them to > html and making them accessible via a provided URL. Does anyone have > any experience with this? If so, how do you do it? > > Thanks, Tom Combs > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAdHaRH2WUcUFbZUEQKhZQCg01pHDCNjEBTmkUajsX6kVh+fmREAnjsr 7MPNu3Pd6wmpzz7dGOA7nqOD =Mm2O -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 2 19:30:53 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 19:30:58 2006 Subject: Problem with "Use TNEF Contents" ? In-Reply-To: <70AB70562F9AC762534846D5@[192.168.1.230]> References: <70AB70562F9AC762534846D5@[192.168.1.230]> Message-ID: <440747ED.3060409@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Are the TNEF attachments called exactly "winmail.dat"? I didn't see this during testing. Is anyone else seeing this too? Michael H. Martel wrote: > Greetings! > > I love the new version. :) However, I'm seeing an oddity. On > messages that contain winmail.dat attachments, the contents appear to > be added to the message, even though the setting in the config file is > replace. > > Am I reading this wrong ? Replace indicates that it should remove the > winmail.dat. > > I've included the section of my .conf file and the output of > MailScanner --lint and MailScanner -v > > Thanks! > > # Expand TNEF attachments using an external program (or a Perl module)? > # This should be "yes" unless the scanner you are using (Sophos, > McAfee) has > # the facility built-in. However, if you set it to "no", then the > filenames > # within the TNEF attachment will not be checked against the filename > rules. > Expand TNEF = yes > > # When the TNEF (winmail.dat) attachments are expanded, should the > # attachments contained in there be added to the list of attachments in > # the message? > # If you set this to "add" or "replace" then recipients of messages sent > # in "Outlook Rich Text Format" (TNEF) will be able to read the > attachments > # if they are not using Microsoft Outlook. > # > # no => Leave winmail.dat TNEF attachments alone. > # add => Add the contents of winmail.dat as extra attachments, but > also > # still include the winmail.dat file itself. This will > result in > # TNEF messages being doubled in size. > # replace => Replace the winmail.dat TNEF attachment with the files it > # contains, and delete the original winmail.dat file itself. > # This means the message stays the same size, but is usable by > # non-Outlook recipients. > # > # This can also be the filename of a ruleset. > #Use TNEF Contents = replace > Use TNEF Contents = replace > > > > [root@hemlock etc]# /opt/MailScanner/bin/MailScanner --lint > Read 710 hostnames from the phishing whitelist > Config: calling custom init function MailWatchLogging > Cannot write pid file , No such file or directory at > /opt/MailScanner/bin/MailScanner line 1238 > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > > MailScanner.conf says "Virus Scanners = clamav mcafee bitdefender f-prot" > Found these virus scanners installed: bitdefender, f-prot, clamav, mcafee > [root@hemlock etc]# /opt/MailScanner/bin/MailScanner -v > Running on > Linux hemlock.vsc.edu 2.4.20-28.7smp #1 SMP Thu Dec 18 11:18:31 EST > 2003 i686 unknown > This is Red Hat Linux release 7.3 (Valhalla) > This is Perl version 5.008006 (5.8.6) > > This is MailScanner version 4.51.4 > Module versions are: > 1.00 AnyDBM_File > 1.16 Archive::Zip > 1.03 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.16 File::Temp > 1.32 HTML::Entities > 3.48 HTML::Parser > 2.35 HTML::TokeParser > 1.21 IO > 1.10 IO::File > 1.123 IO::Pipe > 1.71 Mail::Header > 3.05 MIME::Base64 > 5.419 MIME::Decoder > 5.419 MIME::Decoder::UU > 5.419 MIME::Head > 5.419 MIME::Parser > 3.03 MIME::QuotedPrint > 5.419 MIME::Tools > 0.11 Net::CIDR > 1.08 POSIX > 1.77 Socket > 0.05 Sys::Syslog > 1.86 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.811 DB_File > 1.11 DBD::SQLite > 1.50 DBI > 1.08 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.10 Digest::SHA1 > 0.44 Inline > missing Mail::ClamAV > 3.001000 Mail::SpamAssassin > 1.997 Mail::SPF::Query > 0.18 Net::CIDR::Lite > 0.48 Net::DNS > 0.32 Net::LDAP > 1.94 Parse::RecDescent > missing SAVI > 1.2 Sys::Hostname::Long > 2.42 Test::Harness > 0.47 Test::Simple > 1.95 Text::Balanced > 1.35 URI > > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAdH7hH2WUcUFbZUEQKUhACfQWkLDMQwNxcGinETbj584XIQ78wAn1qy jSn2x2GWDsnDJFspwFebgLGc =72Hm -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martelm at quark.vsc.edu Thu Mar 2 20:10:05 2006 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Thu Mar 2 20:10:12 2006 Subject: Problem with "Use TNEF Contents" ? In-Reply-To: <440747ED.3060409@ecs.soton.ac.uk> References: <70AB70562F9AC762534846D5@[192.168.1.230]> <440747ED.3060409@ecs.soton.ac.uk> Message-ID: <7DEA7B9070E0DA1ADFD40645@[192.168.1.230]> --On Thursday, March 02, 2006 7:30 PM +0000 Julian Field wrote: > Are the TNEF attachments called exactly "winmail.dat"? > I didn't see this during testing. > Is anyone else seeing this too? yes. I see this in the logfile ... Mar 2 12:33:24 hemlock MailScanner[16846]: Spam Checks completed at 2149 bytes per second Mar 2 12:33:24 hemlock MailScanner[16846]: Expanding TNEF archive at /var/spool/MailScanner/incoming/16846/k22HXLrb025432/winmail.dat Mar 2 12:33:24 hemlock MailScanner[16846]: Message k22HXLrb025432 added TNEF contents msg-16846-641.txt Mar 2 12:33:24 hemlock MailScanner[16846]: Virus and Content Scanning: Starting The appropriate section of the raw message ... ------_=_NextPart_001_01C63E1F.5F720AE6 Content-Type: application/ms-tnef; name="winmail.dat" Content-Transfer-Encoding: base64 Headers from the mailbox seen here ... >From VSCHelpDesk@lsc.vsc.edu Thu Mar 2 12:33:27 2006 Return-Path: Received: from hemlock.vsc.edu (hemlock.vsc.edu [155.42.1.71]) by sage.vsc.edu (8.11.6/8.11.6) with ESMTP id k22HXR925783 for ; Thu, 2 Mar 2006 12:33:27 -0500 Received: from willow.vsc.edu (willow.vsc.edu [155.42.1.118]) by hemlock.vsc.edu (8.12.11/8.12.11) with ESMTP id k22HXLrb025432; Thu, 2 Mar 2006 12:33:21 -0500 Received: from lsc.vsc.edu (email.lsc.vsc.edu [155.42.122.21]) by willow.vsc.edu (8.12.8/8.12.8) with ESMTP id k22HX9Na020591 for ; Thu, 2 Mar 2006 12:33:09 -0500 X-MIMEOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C63E1F.5F720AE6" Subject: New WO# 8566 - Double booking error Date: Thu, 2 Mar 2006 12:33:09 -0500 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: New WO# 8566 - Double booking error Thread-Index: AcY+H19ySzaP8y/lS4WBQYOaqZ/DBA== From: "VSCHelpDesk" To: X-willow-MailScanner-Information: Please contact the helpdesk for more information X-willow-MailScanner: Found to be clean X-VermontStateColleges-MailScanner-Information: Please contact the helpdesk for more information X-VermontStateColleges-MailScanner: Found to be clean X-MailScanner-From: vschelpdesk@lsc.vsc.edu Status: RO X-Status: X-Keywords: X-UID: 169 Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 From glenn.steen at gmail.com Thu Mar 2 21:13:33 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 2 21:13:35 2006 Subject: move attachments from email to web? In-Reply-To: <44074769.3000403@ecs.soton.ac.uk> References: <4407432F.8060001@magnet.fsu.edu> <44074769.3000403@ecs.soton.ac.uk> Message-ID: <223f97700603021313q1b0aa00at@mail.gmail.com> On 02/03/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > We have a quarantine retrieval system here which puts quarantined > attachments on a website. It isn't quite what you want, but might help. > > How would you move the attachments to a website? It is quite possible to > process the message to remove attachments bigger than a certain size and > copy them somewhere, but you have the whole security problem to be aware > of. Just generate a random URL? When would you delete the file? It's got > to hang around for quite a while. You would replace the attachment with > a text attachment containing the URL for the file. > > It sounds an interesting project to write, and I am quite willing to > help. Things are pretty quiet right now (he says, cursing himself into a > month like January!). > > If you can expand the spec, that would help. > We could have a directory and ownership and permissions supplied, and a > random directory name containing the files attached to a particular > message that are over a certain size. > So supply: > Directory name > Owner > Group > Permissions > > I then create a random directory name (based on the message queue id for > simplicity) and move the attachments into there. I then replace the > attachments one at a time with text/plain or text/html attachments > directing the user to click on a link to download the attachment, whose > filename will be the sanitised original attachment name. > > How does that sound? > A nice little project that would be particularly useful to users with > slow connections who are using POP and have a tight mail quota. It > effectively moves their mail quota into web server space, but that's not > my problem :-) Wouldn't this best be solved by just let it degrade to the problem of "shoving the attachments into the quarantine, possibly notifying the recipient, then handling everything concerning the web view/release from within MailWatch"? Perhaps not as fun a project:-) -- Glenn > Tom Combs wrote: > > Hi, This is off topic but given the experience of this group, I thought > > I'd ask... > > I'd like to be able to scrub large attachments from email, converting > > them to > > html and making them accessible via a provided URL. Does anyone have > > any experience with this? If so, how do you do it? > > > > Thanks, Tom Combs > > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQA/AwUBRAdHaRH2WUcUFbZUEQKhZQCg01pHDCNjEBTmkUajsX6kVh+fmREAnjsr > 7MPNu3Pd6wmpzz7dGOA7nqOD > =Mm2O > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martelm at quark.vsc.edu Thu Mar 2 21:24:55 2006 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Thu Mar 2 21:25:08 2006 Subject: Perl Version Message-ID: <0308C6BA41495C21B60FE34F@[192.168.1.230]> Is anyone running MailScanner with Perl 5.8.8 ? Any issues ? I figured I'd ask before upgrading from 5.8.6 to 5.8.8. Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 From mikej at rogers.com Thu Mar 2 21:33:45 2006 From: mikej at rogers.com (Mike Jakubik) Date: Thu Mar 2 21:33:59 2006 Subject: Perl Version In-Reply-To: <0308C6BA41495C21B60FE34F@[192.168.1.230]> References: <0308C6BA41495C21B60FE34F@[192.168.1.230]> Message-ID: <440764B9.6090005@rogers.com> Michael H. Martel wrote: > Is anyone running MailScanner with Perl 5.8.8 ? Any issues ? > > I figured I'd ask before upgrading from 5.8.6 to 5.8.8. Works fine here: root@mail:~# MailScanner -v Running on FreeBSD mail.spam.local 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #0: Wed Mar 1 00:53:03 EST 2006 root@mail.spam.local:/usr/obj/usr/src/sys/SPAM i386 This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.50.15 From drew at themarshalls.co.uk Thu Mar 2 21:34:08 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Thu Mar 2 21:34:14 2006 Subject: Perl Version In-Reply-To: <0308C6BA41495C21B60FE34F@[192.168.1.230]> References: <0308C6BA41495C21B60FE34F@[192.168.1.230]> Message-ID: <7B395F7F-22B0-4552-833F-00FAAA79AAA5@themarshalls.co.uk> On 2 Mar 2006, at 21:24, Michael H. Martel wrote: > Is anyone running MailScanner with Perl 5.8.8 ? Any issues ? Yes and no, in that order. Or at least not that I have seen Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From Mailscanner at mailing.kaufland-informationssysteme.com Thu Mar 2 21:41:40 2006 From: Mailscanner at mailing.kaufland-informationssysteme.com (Matthias Sutter) Date: Thu Mar 2 21:41:43 2006 Subject: Spam Policy per user In-Reply-To: <44033D05.9060403@ecs.soton.ac.uk> References: <440335F1.3080508@mailing.kaufland-informationssysteme.com> <44033D05.9060403@ecs.soton.ac.uk> Message-ID: <44076694.1040501@mailing.kaufland-informationssysteme.com> Hi, i have some questions regarding the spam arguments. Where I have to define the different arguments. In the Custom Functions? Is it possible to include the RBLs or DCC ? Thanks Matthias Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > > > >Matthias Sutter wrote: > > >>Hi, >> >>our mailscanner installation work very well but now we should >>implement a function that the user have the option to change the Spam >>properties/handling. >>For example there are 3 lists off users: >> >>the first - the user should get no Spam >> >> >Spam Actions = delete >High Scoring Spam Actions = delete > > >>the second - the user get no high score Spam and all others are marked >>in the subject line >> >> >Spam Actions = deliver >High Scoring Spam Actions = delete > > >>and the last and default - no Spam detection and filter is active. >> >> >Spam Actions = deliver >High Scoring Spam Actions = deliver > >All you need to do is write a bit of support for some sort of backend >with a Custom Function for "Spam Actions" and "High Scoring Spam >Actions" to produce either the "deliver" or "delete" actions as appropriate. > >Once you have some sort of a DB backend to store the data in, this is >only a few lines of code to do the Custom Functions required. >No huge job. > > >>Can I build this scenario with mailscanner ? >> >>Thanks in advance >>Matthias >> >> > >- -- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.0.5 (Build 5050) > >iQA/AwUBRAM9BRH2WUcUFbZUEQKxlwCbB3WOv8v+GwuejKfI0ieCuI4Y2S8AoMBp >2qNMSBvnWtYZFzl7dP5s7S8F >=dqo/ >-----END PGP SIGNATURE----- > > > From ugob at camo-route.com Thu Mar 2 22:33:10 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Thu Mar 2 22:33:45 2006 Subject: Chinese e-mail In-Reply-To: <019201c63d4d$ca4fee90$3004010a@martinhlaptop> References: <019201c63d4d$ca4fee90$3004010a@martinhlaptop> Message-ID: Martin Hepworth wrote: > Ugo > > I do quite a bit of Japanese, French, German, Russian/Polish etc with my > setup which is predominately English otherwise. No problem I know of > did you edit the locales settings in SA? > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Ugo Bellavance >> Sent: 01 March 2006 16:01 >> To: mailscanner@lists.mailscanner.info >> Subject: Chinese e-mail >> >> Hi, >> >> Would it be dangerous to have a mailscanner server processing >> chinese >> people while most of its traffic is french and english? I know bayes >> would be effective, but... anything else I should check? >> >> Regards, >> >> Ugo >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > From MailScanner at ecs.soton.ac.uk Thu Mar 2 22:50:03 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 22:50:10 2006 Subject: Problem with "Use TNEF Contents" ? In-Reply-To: <7DEA7B9070E0DA1ADFD40645@[192.168.1.230]> References: <70AB70562F9AC762534846D5@[192.168.1.230]> <440747ED.3060409@ecs.soton.ac.uk> <7DEA7B9070E0DA1ADFD40645@[192.168.1.230]> Message-ID: <4407769B.5060808@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fixed. Released 4.51.5. Will announce next. Michael H. Martel wrote: > --On Thursday, March 02, 2006 7:30 PM +0000 Julian Field > wrote: > >> Are the TNEF attachments called exactly "winmail.dat"? >> I didn't see this during testing. >> Is anyone else seeing this too? > > yes. I see this in the logfile ... > > Mar 2 12:33:24 hemlock MailScanner[16846]: Spam Checks completed at > 2149 bytes per second > > Mar 2 12:33:24 hemlock MailScanner[16846]: Expanding TNEF archive at > /var/spool/MailScanner/incoming/16846/k22HXLrb025432/winmail.dat > > Mar 2 12:33:24 hemlock MailScanner[16846]: Message k22HXLrb025432 > added TNEF contents msg-16846-641.txt > > Mar 2 12:33:24 hemlock MailScanner[16846]: Virus and Content > Scanning: Starting > > > The appropriate section of the raw message ... > > > ------_=_NextPart_001_01C63E1F.5F720AE6 > Content-Type: application/ms-tnef; > name="winmail.dat" > Content-Transfer-Encoding: base64 > > > > Headers from the mailbox seen here ... > >> From VSCHelpDesk@lsc.vsc.edu Thu Mar 2 12:33:27 2006 > Return-Path: > Received: from hemlock.vsc.edu (hemlock.vsc.edu [155.42.1.71]) > by sage.vsc.edu (8.11.6/8.11.6) with ESMTP id k22HXR925783 > for ; Thu, 2 Mar 2006 12:33:27 -0500 > Received: from willow.vsc.edu (willow.vsc.edu [155.42.1.118]) > by hemlock.vsc.edu (8.12.11/8.12.11) with ESMTP id k22HXLrb025432; > Thu, 2 Mar 2006 12:33:21 -0500 > Received: from lsc.vsc.edu (email.lsc.vsc.edu [155.42.122.21]) > by willow.vsc.edu (8.12.8/8.12.8) with ESMTP id k22HX9Na020591 > for ; Thu, 2 Mar 2006 12:33:09 -0500 > X-MIMEOLE: Produced By Microsoft Exchange V6.5 > Content-class: urn:content-classes:message > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="----_=_NextPart_001_01C63E1F.5F720AE6" > Subject: New WO# 8566 - Double booking error > Date: Thu, 2 Mar 2006 12:33:09 -0500 > Message-ID: > X-MS-Has-Attach: > X-MS-TNEF-Correlator: > > Thread-Topic: New WO# 8566 - Double booking error > Thread-Index: AcY+H19ySzaP8y/lS4WBQYOaqZ/DBA== > From: "VSCHelpDesk" > To: > X-willow-MailScanner-Information: Please contact the helpdesk for more > information > X-willow-MailScanner: Found to be clean > X-VermontStateColleges-MailScanner-Information: Please contact the > helpdesk for more information > X-VermontStateColleges-MailScanner: Found to be clean > X-MailScanner-From: vschelpdesk@lsc.vsc.edu > Status: RO > X-Status: > X-Keywords: > X-UID: 169 > > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAd2nBH2WUcUFbZUEQLcWACgyeIL8YPDE9i6Z5PwCsK4TEXhOqMAmQFJ O0l0PxLW9wXqw9mBoRcy4EjB =bBBH -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 2 22:51:08 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 22:51:12 2006 Subject: RELEASED 4.51.5 -- Re: Problem with "Use TNEF Contents" ? In-Reply-To: <7DEA7B9070E0DA1ADFD40645@[192.168.1.230]> References: <70AB70562F9AC762534846D5@[192.168.1.230]> <440747ED.3060409@ecs.soton.ac.uk> <7DEA7B9070E0DA1ADFD40645@[192.168.1.230]> Message-ID: <440776DC.7090703@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have fixed this problem and released 4.51.5 to address this issue, it's serious enough to warrant a replacement release. Michael H. Martel wrote: > --On Thursday, March 02, 2006 7:30 PM +0000 Julian Field > wrote: > >> Are the TNEF attachments called exactly "winmail.dat"? >> I didn't see this during testing. >> Is anyone else seeing this too? > > yes. I see this in the logfile ... > > Mar 2 12:33:24 hemlock MailScanner[16846]: Spam Checks completed at > 2149 bytes per second > > Mar 2 12:33:24 hemlock MailScanner[16846]: Expanding TNEF archive at > /var/spool/MailScanner/incoming/16846/k22HXLrb025432/winmail.dat > > Mar 2 12:33:24 hemlock MailScanner[16846]: Message k22HXLrb025432 > added TNEF contents msg-16846-641.txt > > Mar 2 12:33:24 hemlock MailScanner[16846]: Virus and Content > Scanning: Starting > > > The appropriate section of the raw message ... > > > ------_=_NextPart_001_01C63E1F.5F720AE6 > Content-Type: application/ms-tnef; > name="winmail.dat" > Content-Transfer-Encoding: base64 > > > > Headers from the mailbox seen here ... > >> From VSCHelpDesk@lsc.vsc.edu Thu Mar 2 12:33:27 2006 > Return-Path: > Received: from hemlock.vsc.edu (hemlock.vsc.edu [155.42.1.71]) > by sage.vsc.edu (8.11.6/8.11.6) with ESMTP id k22HXR925783 > for ; Thu, 2 Mar 2006 12:33:27 -0500 > Received: from willow.vsc.edu (willow.vsc.edu [155.42.1.118]) > by hemlock.vsc.edu (8.12.11/8.12.11) with ESMTP id k22HXLrb025432; > Thu, 2 Mar 2006 12:33:21 -0500 > Received: from lsc.vsc.edu (email.lsc.vsc.edu [155.42.122.21]) > by willow.vsc.edu (8.12.8/8.12.8) with ESMTP id k22HX9Na020591 > for ; Thu, 2 Mar 2006 12:33:09 -0500 > X-MIMEOLE: Produced By Microsoft Exchange V6.5 > Content-class: urn:content-classes:message > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="----_=_NextPart_001_01C63E1F.5F720AE6" > Subject: New WO# 8566 - Double booking error > Date: Thu, 2 Mar 2006 12:33:09 -0500 > Message-ID: > X-MS-Has-Attach: > X-MS-TNEF-Correlator: > > Thread-Topic: New WO# 8566 - Double booking error > Thread-Index: AcY+H19ySzaP8y/lS4WBQYOaqZ/DBA== > From: "VSCHelpDesk" > To: > X-willow-MailScanner-Information: Please contact the helpdesk for more > information > X-willow-MailScanner: Found to be clean > X-VermontStateColleges-MailScanner-Information: Please contact the > helpdesk for more information > X-VermontStateColleges-MailScanner: Found to be clean > X-MailScanner-From: vschelpdesk@lsc.vsc.edu > Status: RO > X-Status: > X-Keywords: > X-UID: 169 > > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAd23BH2WUcUFbZUEQJb6QCffXg7i7T07VYsXyeab9gmGAqAf5IAoOZa g5/0+uF2kx9hrc12O323lzSo =EJYP -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 2 22:56:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 22:56:40 2006 Subject: Released 4.51.5 Message-ID: <44077823.5060200@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Due to problems with "Use TNEF Contents = replace" not working as advertised, I have released 4.51.5 which should fix this problem. 4.51.4 did not properly delete the winmail.dat file from the message. I have completely rewritten the code that does this and it seems to be a lot more robust now. This release also incidentally adds 2 fixes/features: - - Logging of batch timing includes number of messages in batch. - - Pid File error produced with "MailScanner --lint" is fixed. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAd4IxH2WUcUFbZUEQI0owCcDuRHOS20pjqBKQc4m01sPvzT5JYAoMRd Xk8yWJUYfprJYaD6cQhC6OZ6 =KmHr -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From brent.addis at pronet.co.nz Thu Mar 2 23:10:43 2006 From: brent.addis at pronet.co.nz (Brent Addis) Date: Thu Mar 2 23:11:25 2006 Subject: Released 4.51.5 In-Reply-To: <44077823.5060200@ecs.soton.ac.uk> References: <44077823.5060200@ecs.soton.ac.uk> Message-ID: <44077B73.4070406@pronet.co.nz> gah. 2 minutes after I spend 20 minutes updating to the last release. guess I get to do it again :) Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Due to problems with "Use TNEF Contents = replace" not working as > advertised, I have released 4.51.5 which should fix this problem. > > 4.51.4 did not properly delete the winmail.dat file from the message. I > have completely rewritten the code that does this and it seems to be a > lot more robust now. > > This release also incidentally adds 2 fixes/features: > - - Logging of batch timing includes number of messages in batch. > - - Pid File error produced with "MailScanner --lint" is fixed. > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQA/AwUBRAd4IxH2WUcUFbZUEQI0owCcDuRHOS20pjqBKQc4m01sPvzT5JYAoMRd > Xk8yWJUYfprJYaD6cQhC6OZ6 > =KmHr > -----END PGP SIGNATURE----- > > From steve.swaney at fsl.com Thu Mar 2 23:42:51 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Mar 2 23:42:55 2006 Subject: Released 4.51.5 In-Reply-To: <44077B73.4070406@pronet.co.nz> Message-ID: <0d1501c63e53$052e5cd0$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Brent Addis > Sent: Thursday, March 02, 2006 6:11 PM > To: MailScanner discussion > Subject: Re: Released 4.51.5 > > gah. > > 2 minutes after I spend 20 minutes updating to the last release. > > guess I get to do it again :) > Brent, 30 second download Type 3 lines Have a drink or whatever while Julian's script does all the work Type 4 more lines Check things out - couple of minutes Have another drink or whatever I don't feel too bad for you but then I was just about to download and start testing then the announcement came out :) I maybe all the MailScanner knew how easy it is to upgrade, the list could stop supporting MailScanner 4.3x and earlier ;) All the best, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From ssilva at sgvwater.com Thu Mar 2 23:43:40 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Mar 2 23:44:07 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: References: <4405E837.4010905@ecs.soton.ac.uk> Message-ID: JD Doelitzsch spake the following on 3/2/2006 10:24 AM: > Why is it that im not married and I still suffer that problem?? > The snoring, or someone telling you to rollover? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From brent.addis at pronet.co.nz Thu Mar 2 23:55:51 2006 From: brent.addis at pronet.co.nz (Brent Addis) Date: Thu Mar 2 23:56:21 2006 Subject: Released 4.51.5 In-Reply-To: <0d1501c63e53$052e5cd0$287ba8c0@office.fsl> References: <0d1501c63e53$052e5cd0$287ba8c0@office.fsl> Message-ID: <44078607.10407@pronet.co.nz> It was an upgrade from version .38, I upgraded the config manually due to the leap. Nothing against the upgrade script code, I just feel safer doing that myself :> Stephen Swaney wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Brent Addis >> Sent: Thursday, March 02, 2006 6:11 PM >> To: MailScanner discussion >> Subject: Re: Released 4.51.5 >> >> gah. >> >> 2 minutes after I spend 20 minutes updating to the last release. >> >> guess I get to do it again :) >> >> > Brent, > > 30 second download > Type 3 lines > Have a drink or whatever while Julian's script does all the work > Type 4 more lines > > Check things out - couple of minutes > > Have another drink or whatever > > I don't feel too bad for you but then I was just about to download and start > testing then the announcement came out :) > > I maybe all the MailScanner knew how easy it is to upgrade, the list could > stop supporting MailScanner 4.3x and earlier ;) > > All the best, > > Steve > > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > > -- From steve.swaney at fsl.com Fri Mar 3 00:11:48 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Fri Mar 3 00:11:51 2006 Subject: Released 4.51.5 In-Reply-To: <44078607.10407@pronet.co.nz> Message-ID: <0d1b01c63e57$105635c0$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Brent Addis > Sent: Thursday, March 02, 2006 6:56 PM > To: MailScanner discussion > Subject: Re: Released 4.51.5 > > It was an upgrade from version .38, I upgraded the config manually due > to the leap. Nothing against the upgrade script code, I just feel safer > doing that myself :> > But you've already done the heavy lifting :) Upgrading from 4.51-4 to 4.51-5 should be as simple as using the install.sh script. I don't think you'd even have to run the upgrade_MailScanner script but it can't hurt. Some of the comments might have changed but I don't think there were any added configuration options. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com > > Stephen Swaney wrote: > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Brent Addis > >> Sent: Thursday, March 02, 2006 6:11 PM > >> To: MailScanner discussion > >> Subject: Re: Released 4.51.5 > >> > >> gah. > >> > >> 2 minutes after I spend 20 minutes updating to the last release. > >> > >> guess I get to do it again :) > >> > >> > > Brent, > > > > 30 second download > > Type 3 lines > > Have a drink or whatever while Julian's script does all the work > > Type 4 more lines > > > > Check things out - couple of minutes > > > > Have another drink or whatever > > > > I don't feel too bad for you but then I was just about to download and > start > > testing then the announcement came out :) > > > > I maybe all the MailScanner knew how easy it is to upgrade, the list > could > > stop supporting MailScanner 4.3x and earlier ;) > > > > All the best, > > > > Steve > > > > > > Stephen Swaney > > Fort Systems Ltd. > > stephen.swaney@fsl.com > > www.fsl.com > > > > > > > -- > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From bsnottum at hotmail.com Fri Mar 3 13:12:08 2006 From: bsnottum at hotmail.com (=?iso-8859-1?B?Qmr4cm4tU3ZlcnJlIE74dHR1bQ==?=) Date: Fri Mar 3 13:12:14 2006 Subject: Help - user error caused mailscanner to stop working Message-ID: Hallo! I have a mailserver running squirrelmail. I use mailscanner on a seperate machine as mailgateway and all the other stuff mailscanner so wonderfully does. A collegue of mine - it is true, it was not me!! - really messed things up today. He made changes into the sendmail configuration file - I do not think it was in either of the two that mailscanner creates - and restarted sendmail itself, not via mailscanner! Stupid ass!! Excuse my language. No no mail passes thruough the mailgateway. I have tried to stop the instance of sendmail that he started and then restarted mailscanner - but it does not help. I am running mailscanner Version 1.1-4 BETA on an fc2 server with sendmail on the mailgateway. Anyone that can help me on this?? Sincerely Bjorn From drew at themarshalls.co.uk Fri Mar 3 13:26:58 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Mar 3 13:27:11 2006 Subject: Phishing Safe Sites List Auto Update Message-ID: <54312.194.70.180.170.1141392418.squirrel@webmail.r-bit.net> I don't remember this being answered before but how often is the master phishing safe sites list updated? I just want to ensure that my cron job is set to sensible time period. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From MailScanner at ecs.soton.ac.uk Fri Mar 3 13:30:58 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 3 13:31:08 2006 Subject: Phishing Safe Sites List Auto Update In-Reply-To: <54312.194.70.180.170.1141392418.squirrel@webmail.r-bit.net> References: <54312.194.70.180.170.1141392418.squirrel@webmail.r-bit.net> Message-ID: <229C40A0-C6DC-4467-8900-5B7ADDFF0329@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Usually not more than once a week at most. On 3 Mar 2006, at 13:26, Drew Marshall wrote: > I don't remember this being answered before but how often is the > master > phishing safe sites list updated? I just want to ensure that my > cron job > is set to sensible time period. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAhFFfw32o+k+q+hAQER6Qf/VvxJq+X2Ou4AUQD20F7PYTAGtg8nuchc YB16Wt4tubQXqDLk8VhubaqlAxL+P4T6BlnCZzCqHtcR7UJDJ4sGmhYWe9a/wgLO LYfsCwNv1yrlgr0fesIBHlQqgAk4UrzKgfJBM/+MxaJ7Rx67WRkWbLaTsl5fpFC/ 7FqJpfKzSuBsd3M2taAx2+hWTW5oP5vgUoSJJ5OlBJA/AbwyDHC+5K2hXvVt9PWL Xpe47YK7Mbb4wSio34s10yQuBqeof7u/tIooHJoyvNO2hGzJz7PFweg4ehCMZO9e f5KhSvaWxKLLduSd6T0UuWRZbIi+I37hDw3wJFw1isoegQywOQl09g== =K5FD -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From drew at themarshalls.co.uk Fri Mar 3 13:42:54 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Mar 3 13:43:09 2006 Subject: Phishing Safe Sites List Auto Update In-Reply-To: <229C40A0-C6DC-4467-8900-5B7ADDFF0329@ecs.soton.ac.uk> References: <54312.194.70.180.170.1141392418.squirrel@webmail.r-bit.net> <229C40A0-C6DC-4467-8900-5B7ADDFF0329@ecs.soton.ac.uk> Message-ID: <54682.194.70.180.170.1141393374.squirrel@webmail.r-bit.net> On Fri, March 3, 2006 13:30, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Usually not more than once a week at most. Thanks. I'll adjust my cron job to every 10 days or so. That should be fine and keep my (And your!!) load down a little bit. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From steve.swaney at fsl.com Fri Mar 3 13:50:30 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Fri Mar 3 13:50:34 2006 Subject: Virus alert Message-ID: <0fb101c63ec9$6fbfd7b0$287ba8c0@office.fsl> We're seeing a ton of these at many sites here in the US right now. Looks like they started overnight. --------------------------- The following e-mails were found to have: Bad Filename Detected Sender: dax@039.com IP Address: 59.2.134.56 Recipient: falesejo@lewisu.edu Subject: MessageID: k23D3uTH027733 Quarantine: /var/spool/MailScanner/quarantine/20060303/k23D3uTH027733 Report: MailScanner: No programs allowed (msg-22172-24.txt) --------------------------- The files all have names similar to msg-22172-24.txt file shows: # file msg-22172-24.txt msg-22172-24.txt: MIPSEL-BE MIPS-III ECOFF executable not stripped - version 0.0 BitDefender and ClamAV scans do NOT detect a virus. Stephen Swaney Fort Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 stephen.swaney@fsl.com www.fsl.com From gmatt at nerc.ac.uk Fri Mar 3 13:52:59 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Fri Mar 3 13:53:24 2006 Subject: Phishing Safe Sites List Auto Update In-Reply-To: <229C40A0-C6DC-4467-8900-5B7ADDFF0329@ecs.soton.ac.uk> References: <54312.194.70.180.170.1141392418.squirrel@webmail.r-bit.net> <229C40A0-C6DC-4467-8900-5B7ADDFF0329@ecs.soton.ac.uk> Message-ID: <1141393980.7317.12.camel@lea.nerc-wallingford.ac.uk> On Fri, 2006-03-03 at 13:30 +0000, Julian Field wrote: > Usually not more than once a week at most. shouldnt the cron job go into /etc/cron.weekly instead of /etc/cron.daily then? GREG > On 3 Mar 2006, at 13:26, Drew Marshall wrote: > > > I don't remember this being answered before but how often is the > > master > > phishing safe sites list updated? I just want to ensure that my > > cron job > > is set to sensible time period. -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From joshua.hirsh at partnersolutions.ca Fri Mar 3 13:56:19 2006 From: joshua.hirsh at partnersolutions.ca (Joshua Hirsh) Date: Fri Mar 3 13:56:23 2006 Subject: OT: (\x01)BOUNDARY_OUTLOOK Messages? Message-ID: Hi List, I've been seeing quite a few messages come through lately that only contain the word BOUNDARY_OUTLOOK, with a single character at the start of the word (\x01) (file picks it up as MIPSEL-BE MIPS-III ECOFF executable not stripped, so they're blocked). Is this scrap from some type of broken virus? Google doesn't really offer up anything on this.. -Joshua From shuttlebox at gmail.com Fri Mar 3 13:57:33 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Mar 3 13:57:37 2006 Subject: Help - user error caused mailscanner to stop working In-Reply-To: References: Message-ID: <625385e30603030557k487a801fo931f36b8f6236e4f@mail.gmail.com> On 3/3/06, Bj?rn-Sverre N?ttum wrote: > No no mail passes thruough the mailgateway. I have tried to stop the > instance of sendmail that he started and then restarted mailscanner - but it > does not help. Doesn't he know what changes he did so you/he can reverse them? Didn't he save the original files with different names before he changed them? Don't you have backups from yesterday? > I am running mailscanner Version 1.1-4 BETA on an fc2 server with sendmail > on the mailgateway. Anyone that can help me on this?? Sounds quite old. ;-) -- /peter From martinh at solid-state-logic.com Fri Mar 3 13:58:50 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Mar 3 13:58:58 2006 Subject: (\x01)BOUNDARY_OUTLOOK Messages? In-Reply-To: Message-ID: <001101c63eca$9981e2e0$3004010a@martinhlaptop> Had a few of these this morning - seem to have stopped now..maybe broken spammer?!!? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Joshua Hirsh > Sent: 03 March 2006 13:56 > To: MailScanner discussion > Subject: OT: (\x01)BOUNDARY_OUTLOOK Messages? > > Hi List, > > I've been seeing quite a few messages come through lately that only > contain the word BOUNDARY_OUTLOOK, with a single character at the start of > the word (\x01) (file picks it up as MIPSEL-BE MIPS-III ECOFF executable > not stripped, so they're blocked). > > > Is this scrap from some type of broken virus? > > > Google doesn't really offer up anything on this.. > > > -Joshua > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From joshua.hirsh at partnersolutions.ca Fri Mar 3 13:59:16 2006 From: joshua.hirsh at partnersolutions.ca (Joshua Hirsh) Date: Fri Mar 3 13:59:19 2006 Subject: Virus alert Message-ID: > We're seeing a ton of these at many sites here in the US > right now. Looks like they started overnight. > > --------------------------- > The following e-mails were found to have: Bad Filename Detected > > Sender: dax@039.com > IP Address: 59.2.134.56 > Recipient: falesejo@lewisu.edu > Subject: > MessageID: k23D3uTH027733 > Quarantine: /var/spool/MailScanner/quarantine/20060303/k23D3uTH027733 > Report: MailScanner: No programs allowed (msg-22172-24.txt) > --------------------------- Hi Stephen, I've been seeing these for atleast a week (see my last message to the list). Mostly from Chinese or European source addresses. They're picked up as executables (but really they aren't) because the payload starts with HEX character 01, followed by the word "BOUNDARY_OUTLOOK". -Joshua From shuttlebox at gmail.com Fri Mar 3 13:59:31 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Mar 3 13:59:33 2006 Subject: Phishing Safe Sites List Auto Update In-Reply-To: <1141393980.7317.12.camel@lea.nerc-wallingford.ac.uk> References: <54312.194.70.180.170.1141392418.squirrel@webmail.r-bit.net> <229C40A0-C6DC-4467-8900-5B7ADDFF0329@ecs.soton.ac.uk> <1141393980.7317.12.camel@lea.nerc-wallingford.ac.uk> Message-ID: <625385e30603030559y58b756dby57a207bb5e9c747b@mail.gmail.com> On 3/3/06, Greg Matthews wrote: > On Fri, 2006-03-03 at 13:30 +0000, Julian Field wrote: > > Usually not more than once a week at most. > > shouldnt the cron job go into /etc/cron.weekly instead > of /etc/cron.daily then? Well, then you might have to wait a week before you get the update. -- /peter From drew at themarshalls.co.uk Fri Mar 3 14:04:10 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Mar 3 14:04:25 2006 Subject: Virus alert In-Reply-To: <0fb101c63ec9$6fbfd7b0$287ba8c0@office.fsl> References: <0fb101c63ec9$6fbfd7b0$287ba8c0@office.fsl> Message-ID: <54861.194.70.180.170.1141394650.squirrel@webmail.r-bit.net> On Fri, March 3, 2006 13:50, Stephen Swaney wrote: > We're seeing a ton of these at many sites here in the US right now. Looks > like they started overnight. > > --------------------------- > The following e-mails were found to have: Bad Filename Detected > > Sender: dax@039.com > IP Address: 59.2.134.56 > Recipient: falesejo@lewisu.edu > Subject: > MessageID: k23D3uTH027733 > Quarantine: /var/spool/MailScanner/quarantine/20060303/k23D3uTH027733 > Report: MailScanner: No programs allowed (msg-22172-24.txt) > --------------------------- > > The files all have names similar to msg-22172-24.txt > > file shows: > # file msg-22172-24.txt > msg-22172-24.txt: MIPSEL-BE MIPS-III ECOFF executable not stripped - > version > 0.0 Yes, I have seen one these too. Having one of those days I haven't had time to look at it any further to investigate if the .txt file really is any thing dodgy or just has an unfortunate string of characters. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From t.d.lee at durham.ac.uk Fri Mar 3 14:05:59 2006 From: t.d.lee at durham.ac.uk (David Lee) Date: Fri Mar 3 14:09:41 2006 Subject: Phishing Safe Sites List Auto Update In-Reply-To: <229C40A0-C6DC-4467-8900-5B7ADDFF0329@ecs.soton.ac.uk> References: <54312.194.70.180.170.1141392418.squirrel@webmail.r-bit.net> <229C40A0-C6DC-4467-8900-5B7ADDFF0329@ecs.soton.ac.uk> Message-ID: On Fri, 3 Mar 2006, Julian Field wrote: > On 3 Mar 2006, at 13:26, Drew Marshall wrote: > > > I don't remember this being answered before but how often is the > > master > > phishing safe sites list updated? I just want to ensure that my > > cron job > > is set to sensible time period. > > Usually not more than once a week at most. Julian: How is progress with the idea we discussed (with my "proof of concept" demonstration) of also offering the phishing whitelist via a DNS zone (analogous to RBL mechanisms)? Best wishes. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : Durham University : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From MailScanner at ecs.soton.ac.uk Fri Mar 3 14:19:22 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 3 14:19:37 2006 Subject: Phishing Safe Sites List Auto Update In-Reply-To: References: <54312.194.70.180.170.1141392418.squirrel@webmail.r-bit.net> <229C40A0-C6DC-4467-8900-5B7ADDFF0329@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 3 Mar 2006, at 14:05, David Lee wrote: > On Fri, 3 Mar 2006, Julian Field wrote: > >> On 3 Mar 2006, at 13:26, Drew Marshall wrote: >> >>> I don't remember this being answered before but how often is the >>> master >>> phishing safe sites list updated? I just want to ensure that my >>> cron job >>> is set to sensible time period. >> >> Usually not more than once a week at most. > > Julian: How is progress with the idea we discussed (with my "proof of > concept" demonstration) of also offering the phishing whitelist via > a DNS > zone (analogous to RBL mechanisms)? By not doing it at the time, I am now doomed to have to support the current system forever anyway. Adding a DNS zone to it will add a 2nd system I have to support. The list is pretty stable now, so people for whom the wget doesn't work will get an update when they upgrade MailScanner anyway. I don't think it needs any form of rapid update system, weekly or even monthly will do now. Sorry I didn't take more effort at the time, it's all a bit late now :-( - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAhQbPw32o+k+q+hAQGEfQf/RLBKlO9bx3QPFjpm1+Nush0w2gLI0Ig+ v7b+plUqK/MEzreZEI1lgHd1Gs2bXMInP3Ag+PU6cYv728JAgisprlqkyamsAhwQ LiCyGmpjxfMLSheujHwGhf83XFzlHvroajJEppWtw9CKid8HS+0qXnfexIqidrsR Xfcrsg0tw0rulJfXkZZiFIFuQjE3jlHAjisNiAu/ChUb9usJ7fUUIvOhRgaUrWL6 ZdyjMKHdR7Tr6KiYM5k4qDW9ZJgoSskVHHW2sJ8Pa4Ku9R/2Nx5FicbKMmwGNDLT uVWetEeEHXAtAZ4x0Yxls29XRf4VGiC/ax4u3GEwfDIYc/7U4NF8Cg== =XNtm -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ebruce at hpmich.com Fri Mar 3 14:39:16 2006 From: ebruce at hpmich.com (Ed Bruce) Date: Fri Mar 3 14:39:27 2006 Subject: (\x01)BOUNDARY_OUTLOOK Messages? In-Reply-To: <001101c63eca$9981e2e0$3004010a@martinhlaptop> References: <001101c63eca$9981e2e0$3004010a@martinhlaptop> Message-ID: <44085514.10306@hpmich.com> Martin Hepworth wrote: > Had a few of these this morning - seem to have stopped now..maybe broken > spammer?!!? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Joshua Hirsh >> Sent: 03 March 2006 13:56 >> To: MailScanner discussion >> Subject: OT: (\x01)BOUNDARY_OUTLOOK Messages? >> >> Hi List, >> >> I've been seeing quite a few messages come through lately that only >> contain the word BOUNDARY_OUTLOOK, with a single character at the start of >> the word (\x01) (file picks it up as MIPSEL-BE MIPS-III ECOFF executable >> not stripped, so they're blocked). >> >> >> Is this scrap from some type of broken virus? >> >> >> Google doesn't really offer up anything on this.. >> >> >> >> I got a few today also, but I've seen this in the past. I was wondering what they were also. -- This message, including any attachments, is intended solely for the use of the named recipients(s) and may contain confidential and/or privileged information. Any unauthorized review, use, disclosure or distribution of this communication is expressly prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy any and all copies of the original message. Thank you for your cooperation. -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. From christian at jarnas.no Fri Mar 3 14:54:07 2006 From: christian at jarnas.no (=?iso-8859-1?Q?Christian_Jarn=E6s?=) Date: Fri Mar 3 14:53:30 2006 Subject: OT maybe? Forward some, and relay all other Message-ID: <020b01c63ed2$54f71110$0201110a@morbido> Hi! I am using Centos 4.2, MailScanner 4.50.14 and Sendmail 8.13.1 I have relay.mydomain.com that is my MailScanner box and where the MX for mydomain.com points towards. exchange.mydomain.com is where a want to relay all other emails outside.mydomain.com is an external mail server and receives MX outside.mydomain.com I wish that some email accounts for instance hans@mydomain.com is forwarded to hans@outside.mydomain.com, per@mydomain.com is forwarded to per@outside.mydomain.com, etc All other email that is not defined i wish to relay to my exchange.mydomain.com box Sendmail setup as of now: /etc/mail/access mydomain.com RELAY /etc/mail/mailertable mydomain.com esmtp:[exchange.mydomain.com] So the thinkable solution for me would be if it worked add mydomain.com to local-host-names in virtualusertable hans@mydomain.com hans@outside.mydomain.com per@mydomain.com per@outside.mydomain.com @pbl.no esmtp:[exchange.mydomain.com] So is there something in Sendmail or MailScanner that can do this? I know I can RELAY all email to the exchange box and then forward to per@outside.mydomain.com , but that is my last resort. Best Regards Christian -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060303/ac3ce948/attachment.html From richard.thomas at psysolutions.com Fri Mar 3 15:14:47 2006 From: richard.thomas at psysolutions.com (Richard Thomas) Date: Fri Mar 3 15:16:27 2006 Subject: Don't understand this match In-Reply-To: References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> <44060F19.3070407@psysolutions.com> <44061184.50003@ecs.soton.ac.uk> <4406211D.6070207@psysolutions.com> <8408E28D-277B-4553-91F1-E2CAEE463FCE@ecs.soton.ac.uk> Message-ID: <44085D67.6060903@psysolutions.com> Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >The default settings I provide are just what I consider to be a >pretty good set that should be mostly okay, for most people, most of >the time. Obviously if they aren't right for you, then just change >them, that's why it is all configurable :-) > >When I first wrote the filename.rules.conf file, I put in the double >file extension trap as an example of what could do done, beyond just >matching simple extension names. I didn't realise how important it >became for most sites. > > I know it saved us big time not so long ago. We occasionally get people asking us to remove this rule but we have fairly solid reasons not to. The virus scan is great but the scanners will often be behind the viruses by enough that a lot of damage can be done. Rich -- MIS Department | Psychiatric Solutions Inc |Phone: +1 615 312 5787 840 Crescent Ctr Dr | |Fax: +1 615 312 5711 Suite 460 +---------------------------+---------------------- Franklin, TN 37067 |Support: helpdesk@psysolutions.com +1 615 312 5888 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060303/d5971fe7/smime.bin From Kevin_Miller at ci.juneau.ak.us Fri Mar 3 16:12:35 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Mar 3 16:12:44 2006 Subject: What is nobody doing? Message-ID: I posted the following a month ago, but didn't receive any responses so thought I'd try again. Is anyone else seeing this behavior? I'd hazard a guess that it's something in the bayes cache mechanism. Thanks. Kevin Miller wrote: > Since I upgraded one of my machines the other day (from 4.33 to 4.50.? > beta) my /var/log/messages has been filling up with the messages > below. I opened two term windows, one running 'tail -f /var/log/mail' > and the other running 'tail -f /var/log/messges' then watched to see > what it was happening. > > /var/log/messages: > ================== > Feb 2 08:18:23 mail3 su: (to nobody) root on none > Feb 2 08:18:23 mail3 su: pam_unix2: session started for user nobody, > service su > Feb 2 08:18:23 mail3 su: pam_unix2: session finished for user nobody, > service su > > /var/log/mail: > ============== > Feb 2 08:18:21 mail3 sendmail-in[6185]: k12HIK0g006185: > to=, delay=00:00:00, mailer=esmtp, > pri=33805, stat=queued > Feb 2 08:18:22 mail3 MailScanner[5160]: New Batch: Scanning 1 > messages, 4424 bytes > > Normally I see a few 'session started for user nobody' when updatedb > runs, but these are happening everytime new mail arrives. The su > seems to happen just after the message is queued, that is between the > first and second lines in the mail log. Is this expected behavior? > Why does root need to su to nobody to do whatever it's doing, when it > never had to before? ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From bpumphrey at WoodMacLaw.com Fri Mar 3 16:12:48 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Fri Mar 3 16:12:52 2006 Subject: Transfering settings and files from one machine to another Message-ID: <04D932B0071FE34FA63EBB1977B48D15DCBBF7@woodenex.woodmaclaw.local> I need to tranfer my bayes database and mysql stuff to the new machine. I suppose I would need to transfer the quarantine also. Here is my problem: I can't see to know how to transfer them. The way that I got by in the past was to ftp the files to a web site and then use wget on the other machine to get the file. So I go the long way around. On the bayes files, since they are bigger I figure bout time I realize how to use ftp. I got the server started on the old machine (ftp). I can connect to the old machine form the new machine. I go to the directory and try to get the files. Get bayes_toks, etc. I get an error Faile to open file. Thinking a permission issue. I chown the remote files to bpumphrey (the ftp user that I am logged into) and chmod the files to 777. Still the error. Any guidance is appreciated. Also, I really have no clue on where to start for moving the mysql database. Thank you From rob at robhq.com Fri Mar 3 16:35:31 2006 From: rob at robhq.com (rob) Date: Fri Mar 3 16:28:15 2006 Subject: Transfering settings and files from one machine to another In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15DCBBF7@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15DCBBF7@woodenex.woodmaclaw.local> Message-ID: <20060303163356.M31925@robhq.com> What flavor of OS is this on? When I build a new machine, I use scp to get my files over to the new server, aka: service mysqld stop scp /var/lib/mysql/database_name root@ipaddress:/var/lib/mysql/ the fire up mysql on the new box. On Fri, 3 Mar 2006 11:12:48 -0500, Billy A. Pumphrey wrote > I need to tranfer my bayes database and mysql stuff to the new machine. > I suppose I would need to transfer the quarantine also. Here is my > problem: > > I can't see to know how to transfer them. > > The way that I got by in the past was to ftp the files to a web site and > then use wget on the other machine to get the file. So I go the long > way around. On the bayes files, since they are bigger I figure bout > time I realize how to use ftp. > > I got the server started on the old machine (ftp). I can connect to the > old machine form the new machine. I go to the directory and try to get > the files. Get bayes_toks, etc. > > I get an error Faile to open file. Thinking a permission issue. I > chown the remote files to bpumphrey (the ftp user that I am logged into) > and chmod the files to 777. Still the error. Any guidance is > appreciated. > > Also, I really have no clue on where to start for moving the mysql > database. > > Thank you > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. -- Open WebMail Project (http://openwebmail.org) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Mar 3 16:35:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 3 16:36:04 2006 Subject: What is nobody doing? In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 3 Mar 2006, at 16:12, Kevin Miller wrote: > I posted the following a month ago, but didn't receive any > responses so > thought I'd try again. Is anyone else seeing this behavior? I'd > hazard > a guess that it's something in the bayes cache mechanism. > > Thanks. > > Kevin Miller wrote: >> Since I upgraded one of my machines the other day (from 4.33 to >> 4.50.? >> beta) my /var/log/messages has been filling up with the messages >> below. I opened two term windows, one running 'tail -f /var/log/mail' >> and the other running 'tail -f /var/log/messges' then watched to see >> what it was happening. >> >> /var/log/messages: >> ================== >> Feb 2 08:18:23 mail3 su: (to nobody) root on none >> Feb 2 08:18:23 mail3 su: pam_unix2: session started for user nobody, >> service su >> Feb 2 08:18:23 mail3 su: pam_unix2: session finished for user >> nobody, >> service su >> >> /var/log/mail: >> ============== >> Feb 2 08:18:21 mail3 sendmail-in[6185]: k12HIK0g006185: >> to=, delay=00:00:00, mailer=esmtp, >> pri=33805, stat=queued >> Feb 2 08:18:22 mail3 MailScanner[5160]: New Batch: Scanning 1 >> messages, 4424 bytes >> >> Normally I see a few 'session started for user nobody' when updatedb >> runs, but these are happening everytime new mail arrives. The su >> seems to happen just after the message is queued, that is between the >> first and second lines in the mail log. Is this expected behavior? >> Why does root need to su to nobody to do whatever it's doing, when it >> never had to before? This may be caused by sendmail changing its username when it tries to deliver mail, but I've never seen this before. MailScanner doesn't change its username when running sendmail at all, so I don't see how this is connected. As for the /var/log/mail extract, this is perfectly normal. Sendmail queues 1 incoming message into /var/spool/mqueue.in, which MailScanner is then picking up as a new batch (a batch of 1 message because there was only 1 message ready for processing when MailScanner looked at the queue). You would expect to see this for every new message that comes into your system. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAhwbfw32o+k+q+hAQFXbgf/T40G/1cBnSR1zKPEuFQ4kCUbl1kWWNWs Cqhz2u72ByRX4ftiGGHP+QO5GP4dv40hC4oLVNr4+nEOnhcsJTjtygK6Zud3Kei8 0qIfoKAPQYcVs30SnZ3G0b1oazWpZtXBa298m2jWn1yWurMfGFZf8vhcxJ+tCcfh t2ugoy4zhfUgFZW7C/oB04VjA0GeOcDsY+ppo5lKVxE3eFawM5CrYLggNoCfhDU1 xri24WfFjeu6lsfeqwg9sW7vJ/pcYsmJyTF245wyLsdiMrKE4ky0trh2FNwRdSdd 2eRaHuaaVOtQAMRZAwjuRPxjV8DUmSUNbvMcrR8rAxrsjcdXOyi0+Q== =lm/i -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From tac.forums at gmail.com Fri Mar 3 16:51:39 2006 From: tac.forums at gmail.com (TAC Forums) Date: Fri Mar 3 16:51:41 2006 Subject: Fwd: New Batch: Found 1768 messages waiting In-Reply-To: References: Message-ID: Hi I noticed that on our server for the past two days the load average has increased quite a bit. This I guess is because of a lot of messages coming in which needs to be scanned. My query - Will increasing my server's memory from 256 MB to 512 MB help reduce the load average? Regards -- TAC Support Team From martinh at solid-state-logic.com Fri Mar 3 16:55:26 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Mar 3 16:55:35 2006 Subject: New Batch: Found 1768 messages waiting In-Reply-To: Message-ID: <001101c63ee3$46f5f3e0$3004010a@martinhlaptop> Oh Yes - in fact I'd stuff in as much ram as you can... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of TAC Forums > Sent: 03 March 2006 16:52 > To: MailScanner discussion > Subject: Fwd: New Batch: Found 1768 messages waiting > > Hi > > I noticed that on our server for the past two days the load average > has increased quite a bit. This I guess is because of a lot of > messages coming in which needs to be scanned. > > My query - Will increasing my server's memory from 256 MB to 512 MB > help reduce the load average? > > Regards > -- > TAC Support Team > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From mdchaney at michaelchaney.com Fri Mar 3 16:56:20 2006 From: mdchaney at michaelchaney.com (Michael Chaney) Date: Fri Mar 3 17:00:12 2006 Subject: Don't understand this match In-Reply-To: <44085D67.6060903@psysolutions.com> References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> <44060F19.3070407@psysolutions.com> <44061184.50003@ecs.soton.ac.uk> <4406211D.6070207@psysolutions.com> <8408E28D-277B-4553-91F1-E2CAEE463FCE@ecs.soton.ac.uk> <44085D67.6060903@psysolutions.com> Message-ID: <20060303165620.GB30437@michaelchaney.com> On Fri, Mar 03, 2006 at 09:14:47AM -0600, Richard Thomas wrote: > I know it saved us big time not so long ago. We occasionally get people > asking us to remove this rule but we have fairly solid reasons not to. > The virus scan is great but the scanners will often be behind the > viruses by enough that a lot of damage can be done. Not sure if you're using clamav, but if not, you should install it. I actually use it exclusively now and it's been quite some time since I had a virus slip through. Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From drew at themarshalls.co.uk Fri Mar 3 16:59:08 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Mar 3 17:00:53 2006 Subject: Fwd: New Batch: Found 1768 messages waiting In-Reply-To: References: Message-ID: <55397.194.70.180.170.1141405148.squirrel@webmail.r-bit.net> On Fri, March 3, 2006 16:51, TAC Forums wrote: > Hi > > I noticed that on our server for the past two days the load average > has increased quite a bit. This I guess is because of a lot of > messages coming in which needs to be scanned. > > My query - Will increasing my server's memory from 256 MB to 512 MB > help reduce the load average? With that number of messages waiting and only 256Mb of RAM your machine will be almost at a stand still I would have thought. How many children are you running as doubling the RAM should mean you can increase the child processes? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From dnsadmin at 1bigthink.com Fri Mar 3 17:06:28 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Fri Mar 3 17:06:35 2006 Subject: Transfering settings and files from one machine to another In-Reply-To: <20060303163356.M31925@robhq.com> References: <04D932B0071FE34FA63EBB1977B48D15DCBBF7@woodenex.woodmaclaw.local> <20060303163356.M31925@robhq.com> Message-ID: <6.2.3.4.0.20060303120415.0a0d5238@mxt.1bigthink.com> At 11:35 AM 3/3/2006, you wrote: >What flavor of OS is this on? When I build a new machine, I use scp >to get my files >over to the new server, aka: > >service mysqld stop >scp /var/lib/mysql/database_name root@ipaddress:/var/lib/mysql/ >the fire up mysql on the new box. > >On Fri, 3 Mar 2006 11:12:48 -0500, Billy A. Pumphrey wrote > > I need to tranfer my bayes database and mysql stuff to the new machine. > > I suppose I would need to transfer the quarantine also. Here is my > > problem: > > > > I can't see to know how to transfer them. > > > > The way that I got by in the past was to ftp the files to a web site and > > then use wget on the other machine to get the file. So I go the long > > way around. On the bayes files, since they are bigger I figure bout > > time I realize how to use ftp. > > > > I got the server started on the old machine (ftp). I can connect to the > > old machine form the new machine. I go to the directory and try to get > > the files. Get bayes_toks, etc. > > > > I get an error Faile to open file. Thinking a permission issue. I > > chown the remote files to bpumphrey (the ftp user that I am logged into) > > and chmod the files to 777. Still the error. Any guidance is > > appreciated. > > > > Also, I really have no clue on where to start for moving the mysql > > database. > > While the above will work for the same version of MySQL across the servers, if you have differing versions, you should use mysqldump to dump the SQL code and modify the textfile for compatibility issues :^)! mysql dump -u root -p mydatabase > mydatabase.sql Cheers, Glenn From tac.forums at gmail.com Fri Mar 3 17:15:54 2006 From: tac.forums at gmail.com (TAC Forums) Date: Fri Mar 3 17:15:56 2006 Subject: Fwd: New Batch: Found 1768 messages waiting In-Reply-To: <55397.194.70.180.170.1141405148.squirrel@webmail.r-bit.net> References: <55397.194.70.180.170.1141405148.squirrel@webmail.r-bit.net> Message-ID: > With that number of messages waiting and only 256Mb of RAM your machine > will be almost at a stand still I would have thought. How many children > are you running as doubling the RAM should mean you can increase the child > processes? > > Drew The server is a Cobalt RaQ 550 which has a P-III processor (1 GHz) and I've configured it to run only one child process. How much do you suggest I should increase it to? From drew at themarshalls.co.uk Fri Mar 3 17:33:44 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Mar 3 17:34:02 2006 Subject: Fwd: New Batch: Found 1768 messages waiting In-Reply-To: References: <55397.194.70.180.170.1141405148.squirrel@webmail.r-bit.net> Message-ID: <55572.194.70.180.170.1141407224.squirrel@webmail.r-bit.net> On Fri, March 3, 2006 17:15, TAC Forums wrote: >> With that number of messages waiting and only 256Mb of RAM your machine >> will be almost at a stand still I would have thought. How many children >> are you running as doubling the RAM should mean you can increase the >> child >> processes? >> >> Drew > > > The server is a Cobalt RaQ 550 which has a P-III processor (1 GHz) and > I've configured it to run only one child process. How much do you > suggest I should increase it to? On similar equipment with nothing else running I have run 2 processes but have slightly reduced the batch size to 20 to try to speed things up. However, I would strongly recommend you throw as much RAM as you can in and then look to increase the children accordingly e.g. 512Mb say 4 children, 1Gb the full 5 with a batch size of 30. Also have a look at any large add on SA rules you have added and either remove and replace them (e.g. Big Evil) or temporarily move them and replace them once your message queues drop. Also make sure you are running a caching name server either on the machine or very locally (e.g. same subnet) as this will speed up RBL and other DNS associated look ups. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From martinh at solid-state-logic.com Fri Mar 3 17:36:31 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Mar 3 17:36:40 2006 Subject: Fwd: New Batch: Found 1768 messages waiting In-Reply-To: Message-ID: <001701c63ee9$02793dc0$3004010a@martinhlaptop> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of TAC Forums > Sent: 03 March 2006 17:16 > To: MailScanner discussion > Subject: Re: Fwd: New Batch: Found 1768 messages waiting > > > With that number of messages waiting and only 256Mb of RAM your machine > > will be almost at a stand still I would have thought. How many children > > are you running as doubling the RAM should mean you can increase the > child > > processes? > > > > Drew > > > The server is a Cobalt RaQ 550 which has a P-III processor (1 GHz) and > I've configured it to run only one child process. How much do you > suggest I should increase it to? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! AS much as you can squeeze into the thing.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From dnsadmin at 1bigthink.com Fri Mar 3 17:54:34 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Fri Mar 3 17:54:48 2006 Subject: Fwd: New Batch: Found 1768 messages waiting In-Reply-To: <001701c63ee9$02793dc0$3004010a@martinhlaptop> References: <001701c63ee9$02793dc0$3004010a@martinhlaptop> Message-ID: <6.2.3.4.0.20060303125249.0671c900@mxt.1bigthink.com> Skipped content of type multipart/alternative From bpumphrey at WoodMacLaw.com Fri Mar 3 18:02:45 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Fri Mar 3 18:02:48 2006 Subject: Transfering settings and files from one machine to another Message-ID: <04D932B0071FE34FA63EBB1977B48D15DCBCE3@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of rob > Sent: Friday, March 03, 2006 11:36 AM > To: MailScanner discussion > Subject: Re: Transfering settings and files from one machine to another > > What flavor of OS is this on? When I build a new machine, I use scp to > get my files > over to the new server, aka: > > service mysqld stop > scp /var/lib/mysql/database_name root@ipaddress:/var/lib/mysql/ > the fire up mysql on the new box. It is Cent OS 4.2 From mailscanner-list at okla.com Fri Mar 3 18:40:19 2006 From: mailscanner-list at okla.com (Tracy Greggs) Date: Fri Mar 3 18:37:23 2006 Subject: Fwd: New Batch: Found 1768 messages waiting In-Reply-To: <6.2.3.4.0.20060303125249.0671c900@mxt.1bigthink.com> Message-ID: <002501c63ef1$ef8e2af0$6701a8c0@tgdesktop> I would have to second the vote for Crucial. Hate to plug vendors as well, but certainly a great choice. Tracy _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of dnsadmin 1bigthink.com Sent: Friday, March 03, 2006 11:55 AM To: MailScanner discussion Subject: RE: Fwd: New Batch: Found 1768 messages waiting At 12:36 PM 3/3/2006, you wrote: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of TAC Forums > Sent: 03 March 2006 17:16 > To: MailScanner discussion > Subject: Re: Fwd: New Batch: Found 1768 messages waiting > > > With that number of messages waiting and only 256Mb of RAM your machine > > will be almost at a stand still I would have thought. How many children > > are you running as doubling the RAM should mean you can increase the > child > > processes? > > > > Drew > > > The server is a Cobalt RaQ 550 which has a P-III processor (1 GHz) and > I've configured it to run only one child process. How much do you > suggest I should increase it to? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! AS much as you can squeeze into the thing.. The Cobalt maxes out at 512MB, I think. You can look up maximum amount and type SDRAM replacement at www.crucial.com. Sorry, not an advertising plug! You can buy the ram elsewhere! Thanks, Glenn -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060303/de9f5a9c/attachment.html From ssilva at sgvwater.com Fri Mar 3 18:38:34 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 3 18:39:41 2006 Subject: Help - user error caused mailscanner to stop working In-Reply-To: <625385e30603030557k487a801fo931f36b8f6236e4f@mail.gmail.com> References: <625385e30603030557k487a801fo931f36b8f6236e4f@mail.gmail.com> Message-ID: shuttlebox spake the following on 3/3/2006 5:57 AM: > On 3/3/06, Bj?rn-Sverre N?ttum wrote: >> No no mail passes thruough the mailgateway. I have tried to stop the >> instance of sendmail that he started and then restarted mailscanner - but it >> does not help. > > Doesn't he know what changes he did so you/he can reverse them? Didn't > he save the original files with different names before he changed > them? Don't you have backups from yesterday? > >> I am running mailscanner Version 1.1-4 BETA on an fc2 server with sendmail >> on the mailgateway. Anyone that can help me on this?? > > Sounds quite old. ;-) The 1.1-4 BETA is the version of the Webmin module for MailScanner, not the version of MailScanner itself. IMHO you need a backup of the relevant files, an idea of his changes, or a big LART to strike him with. "Friends don't let friends admin their servers if they don't know what they are doing." From Kevin_Miller at ci.juneau.ak.us Fri Mar 3 18:47:18 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Mar 3 18:47:22 2006 Subject: What is nobody doing? Message-ID: Julian Field wrote: > This may be caused by sendmail changing its username when it tries to > deliver mail, but I've never seen this before. MailScanner doesn't > change its username when running sendmail at all, so I don't see how > this is connected. I don't either, that's why I asked. Seems really strange to me. > As for the /var/log/mail extract, this is perfectly normal. Sendmail > queues 1 incoming message into /var/spool/mqueue.in, which > MailScanner is then picking up as a new batch (a batch of 1 message > because there was only 1 message ready for processing when > MailScanner looked at the queue). You would expect to see this for > every new message that comes into your system. Right, I understand that I get those messages for each message. What I was trying to say is when I was tailing them with the -f option (two windows open), the entry in message always occurred between the two entries in mail. Don't know why the timing is off - but watching it on the screen, IIFC I'd see the first entry in mail, then the entry in message hot on it's heels, followed by the 2nd entry in mail. The main point was that it occurs when mail arrives so it has something to do w/MailScanner or sendmail. MailScanner was updated, but sendmail didn't change so the likely culprit (it seems to me) was MailScanner. It doesn't seem to be causing problems - just makes logrotate work a little harder I suppose. Maybe it's a SuSEism? I'll be updating several servers in the near future, with clean installs (OS on up) so I'll see what happens on them. Thanks for the reply Julian... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From ssilva at sgvwater.com Fri Mar 3 18:42:33 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 3 18:52:32 2006 Subject: OT: (\x01)BOUNDARY_OUTLOOK Messages? In-Reply-To: References: Message-ID: Joshua Hirsh spake the following on 3/3/2006 5:56 AM: > Hi List, > > I've been seeing quite a few messages come through lately that only contain the word BOUNDARY_OUTLOOK, with a single character at the start of the word (\x01) (file picks it up as MIPSEL-BE MIPS-III ECOFF executable not stripped, so they're blocked). > > > Is this scrap from some type of broken virus? > > > Google doesn't really offer up anything on this.. > > > -Joshua I have been seeing these for about a week, and can't find anything relevant on Google. Seems harmless, probably some spammer has broke his flamethrower. From lhaig at haigmail.com Fri Mar 3 21:33:36 2006 From: lhaig at haigmail.com (Lance Haig) Date: Fri Mar 3 21:33:39 2006 Subject: Going to try upgrading again. Message-ID: <4408B630.8070409@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I had trouble with 4.50.14 and long batch processing. I am going to try with 4.51.4 and see how things go. Thanks Lance -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFECLYwM4kHBIBZ61gRAmcPAJ4yVv4it9sG+slhaW3QjLGO9LlbjQCgjxuh VKX1yIsOPe0XtQ4VD+nlrtU= =y4Us -----END PGP SIGNATURE----- From pal at hkskole.no Fri Mar 3 21:39:46 2006 From: pal at hkskole.no (pal@hkskole.no) Date: Fri Mar 3 21:39:54 2006 Subject: stopping spam from own domain Message-ID: <59736.80.213.185.76.1141421986.squirrel@hkskole.no> Running Mailscanner version 4.44.6 and latest version of sendmail on Fedora core 3, I have a problem with a lot of spam sent to my domain. The spam mail are recognized as sent from my own domain, with fake sender and fake receiver addresses. My domain is example.com, and the mail are sent to george@example.com from admin@example.com. This is of cource not true. How can I get rid of these mails? -- P?l Monstad From dhawal at netmagicsolutions.com Fri Mar 3 21:51:29 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Mar 3 21:51:34 2006 Subject: Going to try upgrading again. In-Reply-To: <4408B630.8070409@haigmail.com> References: <4408B630.8070409@haigmail.com> Message-ID: <20060303215129.25859.qmail@mymail.netmagicians.com> Lance Haig writes: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I had trouble with 4.50.14 and long batch processing. > > I am going to try with 4.51.4 and see how things go. 4.51.5-1 ought to the right version to use.. there is atleast one small but significant FIX included (see the changelog for more details).. - dhawal > Thanks > > Lance > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFECLYwM4kHBIBZ61gRAmcPAJ4yVv4it9sG+slhaW3QjLGO9LlbjQCgjxuh > VKX1yIsOPe0XtQ4VD+nlrtU= > =y4Us > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From lhaig at haigmail.com Fri Mar 3 22:38:29 2006 From: lhaig at haigmail.com (Lance Haig) Date: Fri Mar 3 22:38:31 2006 Subject: Going to try upgrading again. In-Reply-To: <20060303215129.25859.qmail@mymail.netmagicians.com> References: <4408B630.8070409@haigmail.com> <20060303215129.25859.qmail@mymail.netmagicians.com> Message-ID: <4408C565.80200@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Loads of perl errors when running the install I am running on SUSE 9.3 Here are some of the errors is this bad? Lance Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_NW5.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_OS2.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Packlist.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_QNX.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Manifest.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_VMS.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_VOS.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Command.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Mksymlists.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Mkbootstrap.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_Unix.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Liblist.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_BeOS.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_Cygwin.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Installed.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Command/MM.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Liblist/Kid.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/FAQ.pod Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/bytes.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/Tutorial.pod Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/vmsish.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/Config.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man1/instmodsh.1 Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_VMS.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_OS2.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Command::MM.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::testlib.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Liblist.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_VOS.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MY.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Mkbootstrap.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MakeMaker::Tutorial.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_QNX.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Packlist.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MakeMaker::Config.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Mksymlists.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_DOS.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MakeMaker::FAQ.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MakeMaker.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Install.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MakeMaker::bytes.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_Any.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_BeOS.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Command.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_Win32.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_Unix.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_Cygwin.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_Win95.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Installed.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_UWIN.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_MacOS.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MakeMaker::vmsish.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_AIX.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_NW5.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Manifest.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/bin/instmodsh Writing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/i586-linux-thread-multi/auto/ExtUtils/MakeMaker/.packlist Appending installation info to /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/i586-linux-thread-multi/perllocal.pod + '[' -x /usr/lib/rpm/brp-compress ']' + /usr/lib/rpm/brp-compress + find /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr -type f -print + sed 's@^/var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root@@g' + grep -v perllocal.pod + grep -v '\.packlist' ++ cat ExtUtils-MakeMaker-6.30-filelist + '[' '/usr/bin/instmodsh /usr/lib/perl5/5.8.6/ExtUtils/MM_MacOS.pm /usr/lib/perl5/5.8.6/ExtUtils/MM.pm /usr/lib/perl5/5.8.6/ExtUtils/MY.pm /usr/lib/perl5/5.8.6/ExtUtils/testlib.pm /usr/lib/perl5/5.8.6/ExtUtils/Install.pm /usr/lib/perl5/5.8.6/ExtUtils/MM_AIX.pm /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker.pm /usr/lib/perl5/5.8.6/ExtUtils/MM_DOS.pm /usr/lib/perl5/5.8.6/ExtUtils/MM_Any.pm /usr/lib/perl5/5.8.6/ExtUtils/Command/MM.pm /usr/lib/perl5/5.8.6/ExtUtils/MANIFEST.SKIP /usr/lib/perl5/5.8.6/ExtUtils/MM_Win32.pm /usr/lib/perl5/5.8.6/ExtUtils/MM_Win95.pm /usr/lib/perl5/5.8.6/ExtUtils/MM_UWIN.pm /usr/lib/perl5/5.8.6/ExtUtils/MM_NW5.pm /usr/lib/perl5/5.8.6/ExtUtils/MM_OS2.pm /usr/lib/perl5/5.8.6/ExtUtils/Packlist.pm /usr/lib/perl5/5.8.6/ExtUtils/MM_QNX.pm /usr/lib/perl5/5.8.6/ExtUtils/Manifest.pm /usr/lib/perl5/5.8.6/ExtUtils/MM_VMS.pm /usr/lib/perl5/5.8.6/ExtUtils/MM_VOS.pm /usr/lib/perl5/5.8.6/ExtUtils/Liblist/Kid.pm /usr/lib/perl5/5.8.6/ExtUtils/Command.pm /usr/lib/perl5/5.8.6/ExtUtils/Mksymlists.pm /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/FAQ.pod /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/bytes.pm /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/Tutorial.pod /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/vmsish.pm /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/Config.pm /usr/lib/perl5/5.8.6/ExtUtils/Mkbootstrap.pm /usr/lib/perl5/5.8.6/ExtUtils/MM_Unix.pm /usr/lib/perl5/5.8.6/ExtUtils/Liblist.pm /usr/lib/perl5/5.8.6/ExtUtils/MM_BeOS.pm /usr/lib/perl5/5.8.6/ExtUtils/MM_Cygwin.pm /usr/lib/perl5/5.8.6/ExtUtils/Installed.pm /usr/share/man/man1/instmodsh.1.gz /usr/share/man/man3/ExtUtils::MM_BeOS.3pm.gz /usr/share/man/man3/ExtUtils::MM_QNX.3pm.gz /usr/share/man/man3/ExtUtils::Manifest.3pm.gz /usr/share/man/man3/ExtUtils::MakeMaker::Tutorial.3pm.gz /usr/share/man/man3/ExtUtils::MM_MacOS.3pm.gz /usr/share/man/man3/ExtUtils::MM_AIX.3pm.gz /usr/share/man/man3/ExtUtils::Liblist.3pm.gz /usr/share/man/man3/ExtUtils::Packlist.3pm.gz /usr/share/man/man3/ExtUtils::MM_Any.3pm.gz /usr/share/man/man3/ExtUtils::MakeMaker::vmsish.3pm.gz /usr/share/man/man3/ExtUtils::Installed.3pm.gz /usr/share/man/man3/ExtUtils::MM_DOS.3pm.gz /usr/share/man/man3/ExtUtils::MM_NW5.3pm.gz /usr/share/man/man3/ExtUtils::MM.3pm.gz /usr/share/man/man3/ExtUtils::Install.3pm.gz /usr/share/man/man3/ExtUtils::Command.3pm.gz /usr/share/man/man3/ExtUtils::MM_Unix.3pm.gz /usr/share/man/man3/ExtUtils::MM_Win32.3pm.gz /usr/share/man/man3/ExtUtils::MakeMaker::Config.3pm.gz /usr/share/man/man3/ExtUtils::Mkbootstrap.3pm.gz /usr/share/man/man3/ExtUtils::testlib.3pm.gz /usr/share/man/man3/ExtUtils::Command::MM.3pm.gz /usr/share/man/man3/ExtUtils::MM_OS2.3pm.gz /usr/share/man/man3/ExtUtils::MakeMaker::FAQ.3pm.gz /usr/share/man/man3/ExtUtils::MY.3pm.gz /usr/share/man/man3/ExtUtils::Mksymlists.3pm.gz /usr/share/man/man3/ExtUtils::MM_Win95.3pm.gz /usr/share/man/man3/ExtUtils::MM_VMS.3pm.gz /usr/share/man/man3/ExtUtils::MM_Cygwin.3pm.gz /usr/share/man/man3/ExtUtils::MakeMaker.3pm.gz /usr/share/man/man3/ExtUtils::MM_UWIN.3pm.gz /usr/share/man/man3/ExtUtils::MakeMaker::bytes.3pm.gz /usr/share/man/man3/ExtUtils::MM_VOS.3pm.gzX' = X ']' + RPM_BUILD_ROOT=/var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root + export RPM_BUILD_ROOT + test -x /usr/sbin/Check -a 0 = 0 -o -x /usr/sbin/Check -a '!' -z /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root + echo 'I call /usr/sbin/Check...' I call /usr/sbin/Check... + /usr/sbin/Check + /usr/lib/rpm/brp-compress + /usr/lib/rpm/brp-symlink Processing files: perl-ExtUtils-MakeMaker-6.30-1 Finding Provides: /usr/lib/rpm/find-provides Finding Requires: /usr/lib/rpm/find-requires Provides: perl(DynaLoader) perl(ExtUtils::Command) = 1.09 perl(ExtUtils::Command::MM) = 0.05 perl(ExtUtils::Install) = 1.33 perl(ExtUtils::Install::Warn) perl(ExtUtils::Installed) = 0.08 perl(ExtUtils::Liblist) = 1.01 perl(ExtUtils::Liblist::Kid) = 1.30 perl(ExtUtils::MM) = 0.05 perl(ExtUtils::MM_AIX) = 0.03 perl(ExtUtils::MM_Any) = 0.13 perl(ExtUtils::MM_BeOS) = 1.05 perl(ExtUtils::MM_Cygwin) = 1.08 perl(ExtUtils::MM_DOS) = 0.02 perl(ExtUtils::MM_MacOS) = 1.08 perl(ExtUtils::MM_NW5) = 2.08 perl(ExtUtils::MM_OS2) = 1.05 perl(ExtUtils::MM_QNX) = 0.02 perl(ExtUtils::MM_UWIN) = 0.02 perl(ExtUtils::MM_Unix) = 1.50 perl(ExtUtils::MM_VMS) = 5.73 perl(ExtUtils::MM_VOS) = 0.02 perl(ExtUtils::MM_Win32) = 1.12 perl(ExtUtils::MM_Win95) = 0.04 perl(ExtUtils::MY) = 0.01 perl(ExtUtils::MakeMaker) = 6.30 perl(ExtUtils::MakeMaker::Config) = 0.02 perl(ExtUtils::MakeMaker::_version) perl(ExtUtils::MakeMaker::bytes) = 0.01 perl(ExtUtils::MakeMaker::vmsish) = 0.01 perl(ExtUtils::Manifest) = 1.46 perl(ExtUtils::Mkbootstrap) = 1.15 perl(ExtUtils::Mksymlists) = 1.19 perl(ExtUtils::Packlist) = 0.04 perl(ExtUtils::testlib) = 1.15 perl(MM) perl(MY) perl(main) Requires(rpmlib): rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(VersionedDependencies) <= 3.0.3-1 Requires: /usr/bin/perl Checking for unpackaged file(s): /usr/lib/rpm/check-files /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root warning: Installed (but unpackaged) file(s) found: /usr/lib/perl5/5.8.6/i586-linux-thread-multi/auto/ExtUtils/MakeMaker/.packlist /usr/lib/perl5/5.8.6/i586-linux-thread-multi/perllocal.pod Wrote: /usr/src/packages/RPMS/noarch/perl-ExtUtils-MakeMaker-6.30-1.noarch.rpm Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.88750 + umask 022 + cd /usr/src/packages/BUILD + cd ExtUtils-MakeMaker-6.30 + rm -rf /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root + exit 0 Executing(--clean): /bin/sh -e /var/tmp/rpm-tmp.88750 + umask 022 + cd /usr/src/packages/BUILD + rm -rf ExtUtils-MakeMaker-6.30 + exit 0 Do not worry too much about errors from the next command. It is quite likely that some of the Perl modules are already installed on your system. The important ones are HTML-Parser and MIME-tools. Preparing... ########################################### [100%] package perl-ExtUtils-MakeMaker-6.30-1 is already installed file /usr/bin/instmodsh from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/Command.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/Command/MM.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/Install.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/Liblist/Kid.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MANIFEST.SKIP from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MM.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MM_Any.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MM_BeOS.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MM_Cygwin.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MM_MacOS.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MM_NW5.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MM_OS2.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MM_Unix.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MM_VMS.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MM_Win32.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MM_Win95.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/FAQ.pod from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/Tutorial.pod from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/bytes.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/vmsish.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/Manifest.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/Packlist.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::Command.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::Command::MM.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::Install.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::Installed.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::Liblist.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MM.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MM_Any.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MM_BeOS.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MM_Cygwin.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MM_DOS.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MM_MacOS.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MM_NW5.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MM_OS2.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MM_UWIN.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MM_Unix.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MM_VMS.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MM_Win32.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MM_Win95.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MY.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MakeMaker.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MakeMaker::FAQ.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MakeMaker::Tutorial.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MakeMaker::bytes.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MakeMaker::vmsish.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::Manifest.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::Mkbootstrap.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::Mksymlists.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::Packlist.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::testlib.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 Dhawal Doshy wrote: > Lance Haig writes: >> 4.51.5-1 ought to the right version to use.. there is atleast one small >> but significant FIX included (see the changelog for more details).. >> - dhawal > Thanks > Lance - -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFECMVlM4kHBIBZ61gRAhLwAJ955pZiIsbidEPAYB0lc5I0SH21NACffMA4 Z5hvyD35sWF/J88hf7xYBpQ= =G20E -----END PGP SIGNATURE----- From sergey at dorokhov.com Fri Mar 3 22:29:44 2006 From: sergey at dorokhov.com (Sergey Dorokhov) Date: Fri Mar 3 22:41:29 2006 Subject: Filetypes inside archive files. Message-ID: Hello all. Mailscanner is doing pretty good job by filtering dangerous attachments (EXE, COM and etc.). But in the same time I want to allow these types of files to be sent inside archives (ZIP, ARJ and etc.). It seems that I can?t find any info in old postings or docs. I can allow to send any filetypes without ZIPping it but I want to allow EXE files ONLY inside archive but still deny them if they are attached as is. I would appreciate if someone will share their knowledge. Thanks in advance, Sergey From drew at themarshalls.co.uk Fri Mar 3 23:04:36 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Mar 3 23:05:19 2006 Subject: Filetypes inside archive files. In-Reply-To: References: Message-ID: <5F440CC6-0A6D-4E32-BAC6-DC9666A7E0C5@themarshalls.co.uk> On 3 Mar 2006, at 22:29, Sergey Dorokhov wrote: > Hello all. > Mailscanner is doing pretty good job by filtering dangerous > attachments (EXE, > COM and etc.). But in the same time I want to allow these types of > files to be > sent inside archives (ZIP, ARJ and etc.). It seems that I can?t > find any info > in old postings or docs. > I can allow to send any filetypes without ZIPping it but I want to > allow EXE > files ONLY inside archive but still deny them if they are attached > as is. > > I would appreciate if someone will share their knowledge. > Thanks in advance, > Sergey Have a look at the section: # The maximum depth to which zip archives will be unpacked, to allow for # checking filenames and filetypes within zip archives. # # Note: This setting does *not* affect virus scanning in archives at all. # # To disable this feature set this to 0. # A common useful setting is this option = 0, and Allow Password- Protected # Archives = no. That block password-protected archives but does not do # any filename/filetype checks on the files within the archive. # This can also be the filename of a ruleset. Maximum Archive Depth = 0 in MailScanner.conf Set it to 0 (As above) and it will do exactly what you want. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From ssilva at sgvwater.com Fri Mar 3 23:13:52 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 3 23:14:06 2006 Subject: Fwd: New Batch: Found 1768 messages waiting In-Reply-To: <6.2.3.4.0.20060303125249.0671c900@mxt.1bigthink.com> References: <001701c63ee9$02793dc0$3004010a@martinhlaptop> <6.2.3.4.0.20060303125249.0671c900@mxt.1bigthink.com> Message-ID: dnsadmin 1bigthink.com spake the following on 3/3/2006 9:54 AM: > At 12:36 PM 3/3/2006, you wrote: > > > > >> > -----Original Message----- >> > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> > bounces@lists.mailscanner.info] On Behalf Of TAC Forums >> > Sent: 03 March 2006 17:16 >> > To: MailScanner discussion >> > Subject: Re: Fwd: New Batch: Found 1768 messages waiting >> > >> > > With that number of messages waiting and only 256Mb of RAM your >> machine >> > > will be almost at a stand still I would have thought. How many >> children >> > > are you running as doubling the RAM should mean you can increase the >> > child >> > > processes? >> > > >> > > Drew >> > >> > >> > The server is a Cobalt RaQ 550 which has a P-III processor (1 GHz) and >> > I've configured it to run only one child process. How much do you >> > suggest I should increase it to? >> > -- >> > MailScanner mailing list >> > mailscanner@lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> >> AS much as you can squeeze into the thing.. > > The Cobalt maxes out at 512MB, I think. You can look up maximum amount > and type SDRAM replacement at www.crucial.com . > > Sorry, not an advertising plug! You can buy the ram elsewhere! > > Thanks, > Glenn > Crucial lists a 1 gig module for that system, but it is pricey ($414 US) I suppose you could fit 2 of them, as I can't remember how many slots the 550 has. But you have invested close to a grand in an older system, that you could invest into a new 1u system that will run rings around the RAQ. From ssilva at sgvwater.com Fri Mar 3 23:22:22 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 3 23:22:43 2006 Subject: Filetypes inside archive files. In-Reply-To: References: Message-ID: Sergey Dorokhov spake the following on 3/3/2006 2:29 PM: > Hello all. > Mailscanner is doing pretty good job by filtering dangerous attachments (EXE, > COM and etc.). But in the same time I want to allow these types of files to be > sent inside archives (ZIP, ARJ and etc.). It seems that I can?t find any info > in old postings or docs. > I can allow to send any filetypes without ZIPping it but I want to allow EXE > files ONLY inside archive but still deny them if they are attached as is. > > I would appreciate if someone will share their knowledge. > Thanks in advance, > Sergey > # The maximum depth to which zip archives will be unpacked, to allow for # checking filenames and filetypes within zip archives. # # Note: This setting does *not* affect virus scanning in archives at all. # # To disable this feature set this to 0. # A common useful setting is this option = 0, and Allow Password-Protected # Archives = no. That block password-protected archives but does not do # any filename/filetype checks on the files within the archive. # This can also be the filename of a ruleset. Maximum Archive Depth = 0 From root at doctor.nl2k.ab.ca Fri Mar 3 23:56:03 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Fri Mar 3 23:56:17 2006 Subject: Released 4.51.5 In-Reply-To: <44077823.5060200@ecs.soton.ac.uk> References: <44077823.5060200@ecs.soton.ac.uk> Message-ID: <20060303235603.GB27763@doctor.nl2k.ab.ca> On Thu, Mar 02, 2006 at 10:56:35PM +0000, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Due to problems with "Use TNEF Contents = replace" not working as > advertised, I have released 4.51.5 which should fix this problem. > > 4.51.4 did not properly delete the winmail.dat file from the message. I > have completely rewritten the code that does this and it seems to be a > lot more robust now. > > This release also incidentally adds 2 fixes/features: > - - Logging of batch timing includes number of messages in batch. > - - Pid File error produced with "MailScanner --lint" is fixed. > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQA/AwUBRAd4IxH2WUcUFbZUEQI0owCcDuRHOS20pjqBKQc4m01sPvzT5JYAoMRd > Xk8yWJUYfprJYaD6cQhC6OZ6 > =KmHr > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > While we are at it, I can list the up to date perl modules: Archive-Zip-1.16 Compress-Zlib-1.41 Convert-BinHex-1.119 (probably no longer mailtained) Convert-TNEF-0.17 (probably no longer mailtained) DBD-SQLite-1.11 (recent) DBI-1.50 (recent) ExtUtils-MakeMaker-6.30 (recent) File-Spec had now been incorporated in PathTools-3.16 File-Temp-0.16 Getopt-Long-2.35 (current) HTML-Parser-3.50 (recently changed) HTML-Tagset-3.10 (current) IO-stringy-2.110 (current) MIME-Base64-3.07 (current) MIME-tools-5.419 (cuurent) MailTools-1.74 (recently changed) Net-CIDR-0.11 (recent) Storable-2.15 Time-HiRes-1.87 (recently changed) TimeDate-1.16 (current) tnef-1.3.4 (current) I try to keep up to date. Julian, when I try to update via your script, the whole procedure breaks apart. Is there an explanation? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From devonharding at gmail.com Sat Mar 4 02:44:57 2006 From: devonharding at gmail.com (Devon Harding) Date: Sat Mar 4 02:45:00 2006 Subject: MailScanner & DoS Message-ID: <2baac6140603031844oce6d652x3e0ab68faef5a32b@mail.gmail.com> For some reason, I can't seem to stop hackers from performaing DoS against my IPCop fw & MailScanner server. I get alot of these in my /var/log/maillog and the boxes get locked up: Mar 1 20:12:48 mars sendmail[27017]: k220vlXF027017: 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Mar 1 20:12:48 mars sendmail[27019]: k220vmrk027019: 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Mar 1 20:12:48 mars sendmail[27018]: k220vlM8027018: 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Mar 1 20:12:49 mars sendmail[27020]: k220vm8s027020: 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Mar 1 20:12:49 mars sendmail[27023]: k220vngJ027023: 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Mar 1 20:12:49 mars sendmail[27021]: k220vmjG027021: 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA What can I do? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060303/69901cea/attachment.html From cstone at axint.net Sat Mar 4 03:01:37 2006 From: cstone at axint.net (Chris Stone) Date: Sat Mar 4 03:03:26 2006 Subject: MailScanner & DoS In-Reply-To: <2baac6140603031844oce6d652x3e0ab68faef5a32b@mail.gmail.com> References: <2baac6140603031844oce6d652x3e0ab68faef5a32b@mail.gmail.com> Message-ID: <200603032001.37639@cs.axint.net> Try using something like the NJABL_DYNBLOCK rbl to block such cable/dsl users from connecting...... On Friday 03 March 2006 07:44 pm, Devon Harding wrote: > For some reason, I can't seem to stop hackers from performaing DoS against > my IPCop fw & MailScanner server. I get alot of these in my > /var/log/maillog and the boxes get locked up: > > Mar 1 20:12:48 mars sendmail[27017]: k220vlXF027017: > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA > Mar 1 20:12:48 mars sendmail[27019]: k220vmrk027019: > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA > Mar 1 20:12:48 mars sendmail[27018]: k220vlM8027018: > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA > Mar 1 20:12:49 mars sendmail[27020]: k220vm8s027020: > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA > Mar 1 20:12:49 mars sendmail[27023]: k220vngJ027023: > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA > Mar 1 20:12:49 mars sendmail[27021]: k220vmjG027021: > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA > > What can I do? From devonharding at gmail.com Sat Mar 4 06:21:23 2006 From: devonharding at gmail.com (Devon Harding) Date: Sat Mar 4 06:21:27 2006 Subject: MailScanner & DoS In-Reply-To: <200603032001.37639@cs.axint.net> References: <2baac6140603031844oce6d652x3e0ab68faef5a32b@mail.gmail.com> <200603032001.37639@cs.axint.net> Message-ID: <2baac6140603032221g77096ba4ob13b57bf180f68cc@mail.gmail.com> Yea, but I want this to be for every one, not just cable users On 3/3/06, Chris Stone wrote: > > Try using something like the NJABL_DYNBLOCK rbl to block such cable/dsl > users > from connecting...... > > On Friday 03 March 2006 07:44 pm, Devon Harding wrote: > > For some reason, I can't seem to stop hackers from performaing DoS > against > > my IPCop fw & MailScanner server. I get alot of these in my > > /var/log/maillog and the boxes get locked up: > > > > Mar 1 20:12:48 mars sendmail[27017]: k220vlXF027017: > > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > > MAIL/EXPN/VRFY/ETRN during connection to MTA > > Mar 1 20:12:48 mars sendmail[27019]: k220vmrk027019: > > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > > MAIL/EXPN/VRFY/ETRN during connection to MTA > > Mar 1 20:12:48 mars sendmail[27018]: k220vlM8027018: > > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > > MAIL/EXPN/VRFY/ETRN during connection to MTA > > Mar 1 20:12:49 mars sendmail[27020]: k220vm8s027020: > > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > > MAIL/EXPN/VRFY/ETRN during connection to MTA > > Mar 1 20:12:49 mars sendmail[27023]: k220vngJ027023: > > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > > MAIL/EXPN/VRFY/ETRN during connection to MTA > > Mar 1 20:12:49 mars sendmail[27021]: k220vmjG027021: > > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > > MAIL/EXPN/VRFY/ETRN during connection to MTA > > > > What can I do? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060304/ebe83f54/attachment.html From remy at unix-asp.com Sat Mar 4 09:04:10 2006 From: remy at unix-asp.com (Remy de Ruysscher) Date: Sat Mar 4 09:04:44 2006 Subject: MailScanner very memory intensive? In-Reply-To: References: <2baac6140603031844oce6d652x3e0ab68faef5a32b@mail.gmail.com> Message-ID: <200603040904.k2494huB017391@bkserver.blacknight.ie> Hi all, What is the typical MailScanner memory usage (on FreeBSD)? I found my server to use 1,5Gb of memory just for MailScanner! Furthermore it's processing queues very slowly (possibly due to disk swapping). I have 2Gb installed (P4 - 3.0Ghz). Any ideas to improve memory usage? last pid: 72681; load averages: 0.12, 0.09, 0.06 up 1+01:56:38 09:58:39 97 processes: 1 starting, 1 running, 95 sleeping CPU states: 0.0% user, 0.0% nice, 0.0% system, 0.7% interrupt, 99.3% idle Mem: 1354M Active, 340M Inact, 185M Wired, 54M Cache, 112M Buf, 70M Free Swap: 4096M Total, 613M Used, 3483M Free, 14% Inuse PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND 891 squid 1 76 0 39316K 23064K select 1:41 0.00% squid 602 www 1 20 0 27172K 14116K lockf 1:39 0.00% httpd 1054 www 1 79 0 26644K 13548K select 1:33 0.00% httpd 604 www 1 20 0 26716K 13404K lockf 1:32 0.00% httpd 603 www 1 20 0 26576K 13296K lockf 1:32 0.00% httpd 606 www 1 76 0 26528K 13244K select 1:32 0.00% httpd 1841 www 1 20 0 27044K 14024K lockf 1:32 0.00% httpd 1875 www 1 20 0 30044K 15028K lockf 1:29 0.00% httpd 1097 www 1 20 0 32184K 15784K lockf 1:27 0.00% httpd 5675 www 1 20 0 26384K 13292K lockf 1:19 0.00% httpd 738 mysql 18 20 0 98M 5476K kserel 0:51 0.00% mysqld 60795 postfix 1 8 0 470M 210M nanslp 0:50 0.00% perl5.8.8 68200 postfix 1 8 0 470M 378M nanslp 0:49 0.00% perl5.8.8 53602 postfix 1 8 0 470M 55660K nanslp 0:49 0.00% perl5.8.8 69900 postfix 1 8 0 470M 389M nanslp 0:48 0.00% perl5.8.8 72078 postfix 1 8 0 470M 389M nanslp 0:48 0.00% perl5.8.8 829 privoxy 3 20 0 5628K 2376K kserel 0:39 0.00% privoxy bash-2.05b# /usr/local/sbin/MailScanner --version Running on FreeBSD unix-asp.com 6.0-RELEASE-p5 FreeBSD 6.0-RELEASE-p5 #16: Thu Mar 2 07:59:26 CET 2006 root@unix-asp.com:/usr/obj/usr/src/sys/DEFIANT i386 This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.50.15 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.04 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.16 File::Temp 1.32 HTML::Entities 3.50 HTML::Parser 2.35 HTML::TokeParser 1.22 IO 1.13 IO::File 1.13 IO::Pipe 1.74 Mail::Header 3.07 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.07 MIME::QuotedPrint 5.419 MIME::Tools 0.11 Net::CIDR 1.09 POSIX 1.78 Socket 0.13 Sys::Syslog 1.87 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.814 DB_File 1.11 DBD::SQLite 1.50 DBI 1.14 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.001000 Mail::SpamAssassin 1.999001 Mail::SPF::Query 0.20 Net::CIDR::Lite 0.57 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.56 Test::Harness 0.62 Test::Simple 1.95 Text::Balanced 1.35 URI # System settings # --------------- # # How many MailScanner processes do you want to run at a time? # There is no point increasing this figure if your MailScanner server # is happily keeping up with your mail traffic. # If you are running on a server with more than 1 CPU, or you have a # high mail load (and/or slow DNS lookups) then you should see better # performance if you increase this figure. # If you are running on a small system with limited RAM, you should # note that each child takes just over 20MB. # # As a rough guide, try 5 children per CPU. But read the notes above. Max Children = 5 From shuttlebox at gmail.com Sat Mar 4 09:13:53 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Sat Mar 4 09:13:57 2006 Subject: MailScanner very memory intensive? In-Reply-To: <200603040904.k2494huB017391@bkserver.blacknight.ie> References: <2baac6140603031844oce6d652x3e0ab68faef5a32b@mail.gmail.com> <200603040904.k2494huB017391@bkserver.blacknight.ie> Message-ID: <625385e30603040113j28a93285uf5787c49e061ab94@mail.gmail.com> On 3/4/06, Remy de Ruysscher wrote: > 60795 postfix 1 8 0 470M 210M nanslp 0:50 0.00% perl5.8.8 > 68200 postfix 1 8 0 470M 378M nanslp 0:49 0.00% perl5.8.8 > 53602 postfix 1 8 0 470M 55660K nanslp 0:49 0.00% perl5.8.8 > 69900 postfix 1 8 0 470M 389M nanslp 0:48 0.00% perl5.8.8 > 72078 postfix 1 8 0 470M 389M nanslp 0:48 0.00% perl5.8.8 If those are your MS processes something looks very wrong. Depending on how much rules I use in SA my processes use 25-40 MB of memory per child. Yours are more than 10 times that! You're not using the BigEvil rules are you? -- /peter From dhawal at netmagicsolutions.com Sat Mar 4 09:24:19 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Sat Mar 4 09:24:34 2006 Subject: Going to try upgrading again. In-Reply-To: <4408C565.80200@haigmail.com> References: <4408B630.8070409@haigmail.com> <20060303215129.25859.qmail@mymail.netmagicians.com> <4408C565.80200@haigmail.com> Message-ID: <44095CC3.9090209@netmagicsolutions.com> Lance Haig wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Loads of perl errors when running the install > > I am running on SUSE 9.3 > > Here are some of the errors > > is this bad? ExtUtils-MakeMaker is a part of perl on most linux distributions for some time now.. so there is nothing to worry about. The MailScanner installer also clearly indicates the same.. Can anyone report a linux distro which doesn't bundle ExtUtils-MakeMaker along with perl? Julian if possible, how about skipping this for the RPM based install.sh? - dhawal > Lance > > > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_NW5.pm > Installing > Do not worry too much about errors from the next command. > It is quite likely that some of the Perl modules are > already installed on your system. > > The important ones are HTML-Parser and MIME-tools. > > Preparing... ########################################### > [100%] > package perl-ExtUtils-MakeMaker-6.30-1 is already installed > file /usr/bin/instmodsh from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 From remy at unix-asp.com Sat Mar 4 09:50:24 2006 From: remy at unix-asp.com (Remy de Ruysscher) Date: Sat Mar 4 09:50:55 2006 Subject: MailScanner very memory intensive? In-Reply-To: References: <2baac6140603031844oce6d652x3e0ab68faef5a32b@mail.gmail.com> <200603040904.k2494huB017391@bkserver.blacknight.ie> Message-ID: <200603040950.k249orZ1018728@bkserver.blacknight.ie> Hi, No BigEvil rules are decrepated I believe. I do a.o. have these SA rules: -rw-r--r-- 1 root wheel 24298 Oct 5 22:00 70_sare_evilnum0.cf -rw-r--r-- 1 root wheel 1574 Jun 2 2005 70_sare_evilnum1.cf -rw-r--r-- 1 root wheel 6970 Jun 2 2005 70_sare_evilnum2.cf On Sat, March 4, 2006 10:13, shuttlebox wrote: > On 3/4/06, Remy de Ruysscher wrote: >> 60795 postfix 1 8 0 470M 210M nanslp 0:50 0.00% >> perl5.8.8 >> 68200 postfix 1 8 0 470M 378M nanslp 0:49 0.00% >> perl5.8.8 >> 53602 postfix 1 8 0 470M 55660K nanslp 0:49 0.00% >> perl5.8.8 >> 69900 postfix 1 8 0 470M 389M nanslp 0:48 0.00% >> perl5.8.8 >> 72078 postfix 1 8 0 470M 389M nanslp 0:48 0.00% >> perl5.8.8 > > If those are your MS processes something looks very wrong. Depending > on how much rules I use in SA my processes use 25-40 MB of memory per > child. Yours are more than 10 times that! > > You're not using the BigEvil rules are you? > > -- > /peter > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Met vriendelijk groet / kind regards, Remy de Ruysscher remy@unix-asp.com From james at grayonline.id.au Sat Mar 4 14:35:15 2006 From: james at grayonline.id.au (James Gray) Date: Sat Mar 4 14:35:46 2006 Subject: OT: (\x01)BOUNDARY_OUTLOOK Messages? In-Reply-To: References: Message-ID: <200603050135.21772.james@grayonline.id.au> On Sat, 4 Mar 2006 00:56, Joshua Hirsh wrote: > I've been seeing quite a few messages come through lately that only > contain the word BOUNDARY_OUTLOOK, with a single character at the start > of the word (\x01) (file picks it up as MIPSEL-BE MIPS-III ECOFF > executable not stripped, so they're blocked). > > Is this scrap from some type of broken virus? > > Google doesn't really offer up anything on this.. > > -Joshua Ditto here. Got a couple of them about a week ago, and a few more the other day. I've compared the binary between a few of the messages and it's been different each time. I also fired a (zipped) copy off to a friend who is a bit of a hardware hacker and couldn't find anything that even vaugley resembled assembly etc for any CPU's he's played with (which is many - embedded stuff up to Intel/Sparc/Motorola/AMD/etc). In short - they seem harmless. Usual disclaimers apply though. James -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060305/e636c613/attachment.bin From MailScanner at ecs.soton.ac.uk Sat Mar 4 16:16:32 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 4 16:16:36 2006 Subject: stopping spam from own domain In-Reply-To: <59736.80.213.185.76.1141421986.squirrel@hkskole.no> References: <59736.80.213.185.76.1141421986.squirrel@hkskole.no> Message-ID: <4409BD60.5050008@ecs.soton.ac.uk> pal@hkskole.no wrote: > Running Mailscanner version 4.44.6 and latest version of sendmail on > Fedora core 3, I have a problem with a lot of spam sent to my domain. The > spam mail are recognized as sent from my own domain, with fake sender and > fake receiver addresses. > > My domain is example.com, and the mail are sent to george@example.com from > admin@example.com. This is of cource not true. > > How can I get rid of these mails? > Are the envelope addresses these too? Or is it just the headers? You can make MailScanner add the From and To addresses from the envelope (look for "Envelope From" and "Envelope To" in MailScanner.conf and you'll find the find them). If they match, then you could choose to reject messages (or better just drop them) with a ruleset expressions like "From example.com and To example.com" in an appropriate ruleset for an option like "Is Definitely Spam" and then make definite spam high-scoring and then delete high-scoring spam. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Mar 4 16:18:41 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 4 16:18:47 2006 Subject: Going to try upgrading again. In-Reply-To: <4408C565.80200@haigmail.com> References: <4408B630.8070409@haigmail.com> <20060303215129.25859.qmail@mymail.netmagicians.com> <4408C565.80200@haigmail.com> Message-ID: <4409BDE1.9020800@ecs.soton.ac.uk> That's just install.sh trying to install a package which is already installed, possibly by some other route such as your OS distribution or CPAN. Ignore these. Lance Haig wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Loads of perl errors when running the install > > I am running on SUSE 9.3 > > Here are some of the errors > > is this bad? > > Lance > > > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_NW5.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_OS2.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Packlist.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_QNX.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Manifest.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_VMS.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_VOS.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Command.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Mksymlists.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Mkbootstrap.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_Unix.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Liblist.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_BeOS.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_Cygwin.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Installed.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Command/MM.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Liblist/Kid.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/FAQ.pod > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/bytes.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/Tutorial.pod > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/vmsish.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/Config.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man1/instmodsh.1 > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_VMS.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_OS2.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Command::MM.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::testlib.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Liblist.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_VOS.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MY.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Mkbootstrap.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MakeMaker::Tutorial.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_QNX.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Packlist.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MakeMaker::Config.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Mksymlists.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_DOS.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MakeMaker::FAQ.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MakeMaker.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Install.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MakeMaker::bytes.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_Any.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_BeOS.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Command.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_Win32.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_Unix.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_Cygwin.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_Win95.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Installed.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_UWIN.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_MacOS.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MakeMaker::vmsish.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_AIX.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_NW5.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Manifest.3pm > Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/bin/instmodsh > Writing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/i586-linux-thread-multi/auto/ExtUtils/MakeMaker/.packlist > Appending installation info to > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/i586-linux-thread-multi/perllocal.pod > + '[' -x /usr/lib/rpm/brp-compress ']' > + /usr/lib/rpm/brp-compress > + find /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr -type f -print > + sed 's@^/var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root@@g' > + grep -v perllocal.pod > + grep -v '\.packlist' > ++ cat ExtUtils-MakeMaker-6.30-filelist > + '[' '/usr/bin/instmodsh > /usr/lib/perl5/5.8.6/ExtUtils/MM_MacOS.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM.pm > /usr/lib/perl5/5.8.6/ExtUtils/MY.pm > /usr/lib/perl5/5.8.6/ExtUtils/testlib.pm > /usr/lib/perl5/5.8.6/ExtUtils/Install.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM_AIX.pm > /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM_DOS.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM_Any.pm > /usr/lib/perl5/5.8.6/ExtUtils/Command/MM.pm > /usr/lib/perl5/5.8.6/ExtUtils/MANIFEST.SKIP > /usr/lib/perl5/5.8.6/ExtUtils/MM_Win32.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM_Win95.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM_UWIN.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM_NW5.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM_OS2.pm > /usr/lib/perl5/5.8.6/ExtUtils/Packlist.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM_QNX.pm > /usr/lib/perl5/5.8.6/ExtUtils/Manifest.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM_VMS.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM_VOS.pm > /usr/lib/perl5/5.8.6/ExtUtils/Liblist/Kid.pm > /usr/lib/perl5/5.8.6/ExtUtils/Command.pm > /usr/lib/perl5/5.8.6/ExtUtils/Mksymlists.pm > /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/FAQ.pod > /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/bytes.pm > /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/Tutorial.pod > /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/vmsish.pm > /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/Config.pm > /usr/lib/perl5/5.8.6/ExtUtils/Mkbootstrap.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM_Unix.pm > /usr/lib/perl5/5.8.6/ExtUtils/Liblist.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM_BeOS.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM_Cygwin.pm > /usr/lib/perl5/5.8.6/ExtUtils/Installed.pm > /usr/share/man/man1/instmodsh.1.gz > /usr/share/man/man3/ExtUtils::MM_BeOS.3pm.gz > /usr/share/man/man3/ExtUtils::MM_QNX.3pm.gz > /usr/share/man/man3/ExtUtils::Manifest.3pm.gz > /usr/share/man/man3/ExtUtils::MakeMaker::Tutorial.3pm.gz > /usr/share/man/man3/ExtUtils::MM_MacOS.3pm.gz > /usr/share/man/man3/ExtUtils::MM_AIX.3pm.gz > /usr/share/man/man3/ExtUtils::Liblist.3pm.gz > /usr/share/man/man3/ExtUtils::Packlist.3pm.gz > /usr/share/man/man3/ExtUtils::MM_Any.3pm.gz > /usr/share/man/man3/ExtUtils::MakeMaker::vmsish.3pm.gz > /usr/share/man/man3/ExtUtils::Installed.3pm.gz > /usr/share/man/man3/ExtUtils::MM_DOS.3pm.gz > /usr/share/man/man3/ExtUtils::MM_NW5.3pm.gz > /usr/share/man/man3/ExtUtils::MM.3pm.gz > /usr/share/man/man3/ExtUtils::Install.3pm.gz > /usr/share/man/man3/ExtUtils::Command.3pm.gz > /usr/share/man/man3/ExtUtils::MM_Unix.3pm.gz > /usr/share/man/man3/ExtUtils::MM_Win32.3pm.gz > /usr/share/man/man3/ExtUtils::MakeMaker::Config.3pm.gz > /usr/share/man/man3/ExtUtils::Mkbootstrap.3pm.gz > /usr/share/man/man3/ExtUtils::testlib.3pm.gz > /usr/share/man/man3/ExtUtils::Command::MM.3pm.gz > /usr/share/man/man3/ExtUtils::MM_OS2.3pm.gz > /usr/share/man/man3/ExtUtils::MakeMaker::FAQ.3pm.gz > /usr/share/man/man3/ExtUtils::MY.3pm.gz > /usr/share/man/man3/ExtUtils::Mksymlists.3pm.gz > /usr/share/man/man3/ExtUtils::MM_Win95.3pm.gz > /usr/share/man/man3/ExtUtils::MM_VMS.3pm.gz > /usr/share/man/man3/ExtUtils::MM_Cygwin.3pm.gz > /usr/share/man/man3/ExtUtils::MakeMaker.3pm.gz > /usr/share/man/man3/ExtUtils::MM_UWIN.3pm.gz > /usr/share/man/man3/ExtUtils::MakeMaker::bytes.3pm.gz > /usr/share/man/man3/ExtUtils::MM_VOS.3pm.gzX' = X ']' > + RPM_BUILD_ROOT=/var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root > + export RPM_BUILD_ROOT > + test -x /usr/sbin/Check -a 0 = 0 -o -x /usr/sbin/Check -a '!' -z > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root > + echo 'I call /usr/sbin/Check...' > I call /usr/sbin/Check... > + /usr/sbin/Check > + /usr/lib/rpm/brp-compress > + /usr/lib/rpm/brp-symlink > Processing files: perl-ExtUtils-MakeMaker-6.30-1 > Finding Provides: /usr/lib/rpm/find-provides > Finding Requires: /usr/lib/rpm/find-requires > Provides: perl(DynaLoader) perl(ExtUtils::Command) = 1.09 > perl(ExtUtils::Command::MM) = 0.05 perl(ExtUtils::Install) = 1.33 > perl(ExtUtils::Install::Warn) perl(ExtUtils::Installed) = 0.08 > perl(ExtUtils::Liblist) = 1.01 perl(ExtUtils::Liblist::Kid) = 1.30 > perl(ExtUtils::MM) = 0.05 perl(ExtUtils::MM_AIX) = 0.03 > perl(ExtUtils::MM_Any) = 0.13 perl(ExtUtils::MM_BeOS) = 1.05 > perl(ExtUtils::MM_Cygwin) = 1.08 perl(ExtUtils::MM_DOS) = 0.02 > perl(ExtUtils::MM_MacOS) = 1.08 perl(ExtUtils::MM_NW5) = 2.08 > perl(ExtUtils::MM_OS2) = 1.05 perl(ExtUtils::MM_QNX) = 0.02 > perl(ExtUtils::MM_UWIN) = 0.02 perl(ExtUtils::MM_Unix) = 1.50 > perl(ExtUtils::MM_VMS) = 5.73 perl(ExtUtils::MM_VOS) = 0.02 > perl(ExtUtils::MM_Win32) = 1.12 perl(ExtUtils::MM_Win95) = 0.04 > perl(ExtUtils::MY) = 0.01 perl(ExtUtils::MakeMaker) = 6.30 > perl(ExtUtils::MakeMaker::Config) = 0.02 > perl(ExtUtils::MakeMaker::_version) perl(ExtUtils::MakeMaker::bytes) = > 0.01 perl(ExtUtils::MakeMaker::vmsish) = 0.01 perl(ExtUtils::Manifest) = > 1.46 perl(ExtUtils::Mkbootstrap) = 1.15 perl(ExtUtils::Mksymlists) = > 1.19 perl(ExtUtils::Packlist) = 0.04 perl(ExtUtils::testlib) = 1.15 > perl(MM) perl(MY) perl(main) > Requires(rpmlib): rpmlib(PayloadFilesHavePrefix) <= 4.0-1 > rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(VersionedDependencies) <= > 3.0.3-1 > Requires: /usr/bin/perl > Checking for unpackaged file(s): /usr/lib/rpm/check-files > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root > warning: Installed (but unpackaged) file(s) found: > > /usr/lib/perl5/5.8.6/i586-linux-thread-multi/auto/ExtUtils/MakeMaker/.packlist > /usr/lib/perl5/5.8.6/i586-linux-thread-multi/perllocal.pod > Wrote: > /usr/src/packages/RPMS/noarch/perl-ExtUtils-MakeMaker-6.30-1.noarch.rpm > Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.88750 > + umask 022 > + cd /usr/src/packages/BUILD > + cd ExtUtils-MakeMaker-6.30 > + rm -rf /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root > + exit 0 > Executing(--clean): /bin/sh -e /var/tmp/rpm-tmp.88750 > + umask 022 > + cd /usr/src/packages/BUILD > + rm -rf ExtUtils-MakeMaker-6.30 > + exit 0 > > > > > Do not worry too much about errors from the next command. > It is quite likely that some of the Perl modules are > already installed on your system. > > The important ones are HTML-Parser and MIME-tools. > > Preparing... ########################################### > [100%] > package perl-ExtUtils-MakeMaker-6.30-1 is already installed > file /usr/bin/instmodsh from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/Command.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/Command/MM.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/Install.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/Liblist/Kid.pm from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MANIFEST.SKIP from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MM.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MM_Any.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MM_BeOS.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MM_Cygwin.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MM_MacOS.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MM_NW5.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MM_OS2.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MM_Unix.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MM_VMS.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MM_Win32.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MM_Win95.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/FAQ.pod from > install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from > package perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/Tutorial.pod from > install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from > package perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/bytes.pm from > install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from > package perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/vmsish.pm from > install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from > package perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/Manifest.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/Packlist.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::Command.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::Command::MM.3pm.gz from > install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from > package perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::Install.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::Installed.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::Liblist.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MM.3pm.gz from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MM_Any.3pm.gz from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MM_BeOS.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MM_Cygwin.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MM_DOS.3pm.gz from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MM_MacOS.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MM_NW5.3pm.gz from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MM_OS2.3pm.gz from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MM_UWIN.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MM_Unix.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MM_VMS.3pm.gz from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MM_Win32.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MM_Win95.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MY.3pm.gz from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MakeMaker.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MakeMaker::FAQ.3pm.gz from > install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from > package perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MakeMaker::Tutorial.3pm.gz > from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from > package perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MakeMaker::bytes.3pm.gz from > install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from > package perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MakeMaker::vmsish.3pm.gz from > install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from > package perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::Manifest.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::Mkbootstrap.3pm.gz from > install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from > package perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::Mksymlists.3pm.gz from > install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from > package perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::Packlist.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::testlib.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > > > Dhawal Doshy wrote: > >> Lance Haig writes: >> >>> 4.51.5-1 ought to the right version to use.. there is atleast one small >>> but significant FIX included (see the changelog for more details).. >>> - dhawal >>> >> Thanks >> Lance >> > - -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > Before posting, read http://wiki.mailscanner.info/posting > Support MailScanner development - buy the book off the website! > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFECMVlM4kHBIBZ61gRAhLwAJ955pZiIsbidEPAYB0lc5I0SH21NACffMA4 > Z5hvyD35sWF/J88hf7xYBpQ= > =G20E > -----END PGP SIGNATURE----- > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Mar 4 16:21:53 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 4 16:21:57 2006 Subject: Released 4.51.5 In-Reply-To: <20060303235603.GB27763@doctor.nl2k.ab.ca> References: <44077823.5060200@ecs.soton.ac.uk> <20060303235603.GB27763@doctor.nl2k.ab.ca> Message-ID: <4409BEA1.4070606@ecs.soton.ac.uk> Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > On Thu, Mar 02, 2006 at 10:56:35PM +0000, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Due to problems with "Use TNEF Contents = replace" not working as >> advertised, I have released 4.51.5 which should fix this problem. >> >> 4.51.4 did not properly delete the winmail.dat file from the message. I >> have completely rewritten the code that does this and it seems to be a >> lot more robust now. >> >> This release also incidentally adds 2 fixes/features: >> - - Logging of batch timing includes number of messages in batch. >> - - Pid File error produced with "MailScanner --lint" is fixed. >> >> >> > While we are at it, I can list the up to date perl modules: > > Archive-Zip-1.16 > Compress-Zlib-1.41 > Convert-BinHex-1.119 (probably no longer mailtained) > Convert-TNEF-0.17 (probably no longer mailtained) > DBD-SQLite-1.11 (recent) > DBI-1.50 (recent) > ExtUtils-MakeMaker-6.30 (recent) > File-Spec had now been incorporated in PathTools-3.16 > File-Temp-0.16 > Getopt-Long-2.35 (current) > HTML-Parser-3.50 (recently changed) > HTML-Tagset-3.10 (current) > IO-stringy-2.110 (current) > MIME-Base64-3.07 (current) > MIME-tools-5.419 (cuurent) > MailTools-1.74 (recently changed) > Net-CIDR-0.11 (recent) > Storable-2.15 > Time-HiRes-1.87 (recently changed) > TimeDate-1.16 (current) > tnef-1.3.4 (current) > > I try to keep up to date. Julian, when I try to update via > your script, the whole procedure breaks apart. > > Is there an explanation? > I don't guarantee that the versions of modules I ship are the most up to date. But I do know that they all work together well. Every now and then people release code that doesn't work perfectly (I'm as bad at that as everyone else) so using the versions I ship will save you a lot of testing as they are known to work well with MailScanner. Feel free to live on the bleeding edge, but don't blame me if you get cut! :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Mar 4 16:27:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 4 16:27:40 2006 Subject: MailScanner very memory intensive? In-Reply-To: <200603040950.k249orZ1018728@bkserver.blacknight.ie> References: <2baac6140603031844oce6d652x3e0ab68faef5a32b@mail.gmail.com> <200603040904.k2494huB017391@bkserver.blacknight.ie> <200603040950.k249orZ1018728@bkserver.blacknight.ie> Message-ID: <4409BFF7.8030001@ecs.soton.ac.uk> Take out all your extra rulesets, upgrade to the latest SpamAssassin (using my easy to install http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz package) and then only add rulesets using Rules_Du_Jour once you are sure everything is working nicely. My normal advice is 1Gb per CPU, as long as the machine isn't doing much else. You can watch to see your actual disk swapping use using the "vmstat" command. A common command for this is "vmstat 5" and the man page for vmstat will tell you what all the columns mean. You are probably looking for "si" and "so" or "pi" and "po". Remy de Ruysscher wrote: > Hi, > > No BigEvil rules are decrepated I believe. I do a.o. have these SA rules: > > -rw-r--r-- 1 root wheel 24298 Oct 5 22:00 70_sare_evilnum0.cf > -rw-r--r-- 1 root wheel 1574 Jun 2 2005 70_sare_evilnum1.cf > -rw-r--r-- 1 root wheel 6970 Jun 2 2005 70_sare_evilnum2.cf > > > On Sat, March 4, 2006 10:13, shuttlebox wrote: > >> On 3/4/06, Remy de Ruysscher wrote: >> >>> 60795 postfix 1 8 0 470M 210M nanslp 0:50 0.00% >>> perl5.8.8 >>> 68200 postfix 1 8 0 470M 378M nanslp 0:49 0.00% >>> perl5.8.8 >>> 53602 postfix 1 8 0 470M 55660K nanslp 0:49 0.00% >>> perl5.8.8 >>> 69900 postfix 1 8 0 470M 389M nanslp 0:48 0.00% >>> perl5.8.8 >>> 72078 postfix 1 8 0 470M 389M nanslp 0:48 0.00% >>> perl5.8.8 >>> >> If those are your MS processes something looks very wrong. Depending >> on how much rules I use in SA my processes use 25-40 MB of memory per >> child. Yours are more than 10 times that! >> >> You're not using the BigEvil rules are you? >> >> -- >> /peter >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > > Met vriendelijk groet / kind regards, > Remy de Ruysscher > > remy@unix-asp.com > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Mar 4 16:30:00 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 4 16:30:03 2006 Subject: Going to try upgrading again. In-Reply-To: <44095CC3.9090209@netmagicsolutions.com> References: <4408B630.8070409@haigmail.com> <20060303215129.25859.qmail@mymail.netmagicians.com> <4408C565.80200@haigmail.com> <44095CC3.9090209@netmagicsolutions.com> Message-ID: <4409C088.1050104@ecs.soton.ac.uk> Dhawal Doshy wrote: > Lance Haig wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Loads of perl errors when running the install >> >> I am running on SUSE 9.3 >> >> Here are some of the errors >> >> is this bad? > > ExtUtils-MakeMaker is a part of perl on most linux distributions for > some time now.. so there is nothing to worry about. The MailScanner > installer also clearly indicates the same.. > > Can anyone report a linux distro which doesn't bundle > ExtUtils-MakeMaker along with perl? > > Julian if possible, how about skipping this for the RPM based install.sh? RAQs don't include a recent-enough version, and there are still quite a lot of them out there. If you use Perl 5.8 then you're fine, but I think most earlier versions need upgrading. If this module is too old, then you will get some *very* strange errors later in the installation which are hard to diagnose, so I make sure it's up to date enough not to cause problems later in a few of the other modules that happen to use recently-added features in it. > > - dhawal > >> Lance >> >> >> Installing >> /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_NW5.pm >> >> Installing >> Do not worry too much about errors from the next command. >> It is quite likely that some of the Perl modules are >> already installed on your system. >> >> The important ones are HTML-Parser and MIME-tools. >> >> Preparing... ########################################### >> [100%] >> package perl-ExtUtils-MakeMaker-6.30-1 is already installed >> file /usr/bin/instmodsh from install of >> perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package >> perl-5.8.6-5.3 -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Mar 4 16:32:34 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 4 16:32:38 2006 Subject: OT: (\x01)BOUNDARY_OUTLOOK Messages? In-Reply-To: <200603050135.21772.james@grayonline.id.au> References: <200603050135.21772.james@grayonline.id.au> Message-ID: <4409C122.50704@ecs.soton.ac.uk> James Gray wrote: > On Sat, 4 Mar 2006 00:56, Joshua Hirsh wrote: > >> I've been seeing quite a few messages come through lately that only >> contain the word BOUNDARY_OUTLOOK, with a single character at the start >> of the word (\x01) (file picks it up as MIPSEL-BE MIPS-III ECOFF >> executable not stripped, so they're blocked). >> >> Is this scrap from some type of broken virus? >> >> Google doesn't really offer up anything on this.. >> >> -Joshua >> > > Ditto here. Got a couple of them about a week ago, and a few more the other > day. I've compared the binary between a few of the messages and it's been > different each time. I also fired a (zipped) copy off to a friend who is a > bit of a hardware hacker and couldn't find anything that even vaugley > resembled assembly etc for any CPU's he's played with (which is many - > embedded stuff up to Intel/Sparc/Motorola/AMD/etc). > > In short - they seem harmless. Usual disclaimers apply though. > I have seen this once myself too. I added a "COFF executable" "allow" rule to filetype.rules.conf. Would people like me to add that to the distribution? Real COFF executables are pretty harmless as far as I know, but I'm sure someone will correct me. Does anyone use COFF any more? Most systems now use ELF instead. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Sat Mar 4 14:50:29 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Mar 4 16:32:49 2006 Subject: stopping spam from own domain In-Reply-To: <59736.80.213.185.76.1141421986.squirrel@hkskole.no> References: <59736.80.213.185.76.1141421986.squirrel@hkskole.no> Message-ID: <223f97700603040650i1390da86k@mail.gmail.com> On 03/03/06, pal@hkskole.no wrote: > Running Mailscanner version 4.44.6 and latest version of sendmail on > Fedora core 3, I have a problem with a lot of spam sent to my domain. The > spam mail are recognized as sent from my own domain, with fake sender and > fake receiver addresses. > > My domain is example.com, and the mail are sent to george@example.com from > admin@example.com. This is of cource not true. > > How can I get rid of these mails? > -- > P?l Monstad In Postfix (if you had used that MTA) this is rather easy: Just set up appropriate restrictions for the helo_restrictions and sender_restrictions ... a RE map matching your domain and returning a "REJECT you are not me" would handle it nicely (in fact, this is precisely what I do:-). I'm not current on other MTAs, but imagine something can be done there too. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Sat Mar 4 17:00:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 4 17:00:27 2006 Subject: Fwd: New Batch: Found 1768 messages waiting In-Reply-To: References: <001701c63ee9$02793dc0$3004010a@martinhlaptop> <6.2.3.4.0.20060303125249.0671c900@mxt.1bigthink.com> Message-ID: <4409C7A5.6030002@ecs.soton.ac.uk> Scott Silva wrote: >> Crucial lists a 1 gig module for that system, but it is pricey ($414 US) >> I suppose you could fit 2 of them, as I can't remember how many slots the 550 >> has. But you have invested close to a grand in an older system, that you could >> invest into a new 1u system that will run rings around the RAQ. >> I would go for a shared server (or even a dedicated one) from Blacknight Solutions. It will have plenty of power and would be a much better way of investing money than trying to upgrade an old and under-powered raq. Raqs have had their day now, I wouldn't advise pouring any money into them. Give Blacknight a shout and talk to them about getting a server from them. I use Blacknight for all sorts of things now, and they have proved themselves to be very good and very reliable. The tech support is excellent and the prices are good too. They host this mailing list, mailscanner.biz, emailscanner.info (a mirror site for mailscanner.info if I hit problems in Southampton) and jules.fm. They also host a load of other domains for me (39 last count I think) and I have never had a single problem with them. Highly recommended! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Sat Mar 4 15:03:34 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Mar 4 17:40:07 2006 Subject: Fwd: New Batch: Found 1768 messages waiting In-Reply-To: <6.2.3.4.0.20060303125249.0671c900@mxt.1bigthink.com> References: <001701c63ee9$02793dc0$3004010a@martinhlaptop> <6.2.3.4.0.20060303125249.0671c900@mxt.1bigthink.com> Message-ID: <223f97700603040703k2ef2925o@mail.gmail.com> On 03/03/06, dnsadmin 1bigthink.com wrote: > At 12:36 PM 3/3/2006, you wrote: > > > > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of TAC Forums > > Sent: 03 March 2006 17:16 > > To: MailScanner discussion > > Subject: Re: Fwd: New Batch: Found 1768 messages waiting > > > > > With that number of messages waiting and only 256Mb of RAM your machine > > > will be almost at a stand still I would have thought. How many children > > > are you running as doubling the RAM should mean you can increase the > > child > > > processes? > > > > > > Drew > > > > > > The server is a Cobalt RaQ 550 which has a P-III processor (1 GHz) and > > I've configured it to run only one child process. How much do you > > suggest I should increase it to? > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read > http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > AS much as you can squeeze into the thing.. > > The Cobalt maxes out at 512MB, I think. You can look up maximum amount and > type SDRAM replacement at www.crucial.com. > > Sorry, not an advertising plug! You can buy the ram elsewhere! > > Thanks, > Glenn According to http://www.ec.kingston.com/ecom/configurator/modelsinfo.asp?SysID=11839&mfr=Sun&model=Cobalt+RaQ+550+Series&Sys=11839-Sun-Cobalt+RaQ+550+Series&distributor=0&submit1=Search (this isn't a plug either!) it should do at least 1GiB, possibly even 2.... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From nerijus at users.sourceforge.net Sat Mar 4 17:35:31 2006 From: nerijus at users.sourceforge.net (Nerijus Baliunas) Date: Sat Mar 4 17:43:07 2006 Subject: OT: (\x01)BOUNDARY_OUTLOOK Messages? In-Reply-To: <4409C122.50704@ecs.soton.ac.uk> References: <200603050135.21772.james@grayonline.id.au> <4409C122.50704@ecs.soton.ac.uk> Message-ID: <20060304173826.F1D8CEF50@mx.dtiltas.lt> On Sat, 04 Mar 2006 16:32:34 +0000 Julian Field wrote: > I have seen this once myself too. I added a "COFF executable" "allow" > rule to filetype.rules.conf. Would people like me to add that to the > distribution? No. Why make COFF an exception? There are thousands of filetypes in the universe... > Real COFF executables are pretty harmless as far as I > know, but I'm sure someone will correct me. Does anyone use COFF any > more? Most systems now use ELF instead. I never saw ELF attached to the email neither. Regards, Nerijus From glenn.steen at gmail.com Sat Mar 4 15:16:17 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Mar 4 17:53:39 2006 Subject: Fwd: New Batch: Found 1768 messages waiting In-Reply-To: References: <001701c63ee9$02793dc0$3004010a@martinhlaptop> <6.2.3.4.0.20060303125249.0671c900@mxt.1bigthink.com> Message-ID: <223f97700603040716y4bb68a77y@mail.gmail.com> On 04/03/06, Scott Silva wrote: > dnsadmin 1bigthink.com spake the following on 3/3/2006 9:54 AM: > > At 12:36 PM 3/3/2006, you wrote: > > > > > > > > > >> > -----Original Message----- > >> > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> > bounces@lists.mailscanner.info] On Behalf Of TAC Forums > >> > Sent: 03 March 2006 17:16 > >> > To: MailScanner discussion > >> > Subject: Re: Fwd: New Batch: Found 1768 messages waiting > >> > > >> > > With that number of messages waiting and only 256Mb of RAM your > >> machine > >> > > will be almost at a stand still I would have thought. How many > >> children > >> > > are you running as doubling the RAM should mean you can increase the > >> > child > >> > > processes? > >> > > > >> > > Drew > >> > > >> > > >> > The server is a Cobalt RaQ 550 which has a P-III processor (1 GHz) and > >> > I've configured it to run only one child process. How much do you > >> > suggest I should increase it to? > >> > -- > >> > MailScanner mailing list > >> > mailscanner@lists.mailscanner.info > >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > > >> > Before posting, read http://wiki.mailscanner.info/posting > >> > > >> > Support MailScanner development - buy the book off the website! > >> > >> AS much as you can squeeze into the thing.. > > > > The Cobalt maxes out at 512MB, I think. You can look up maximum amount > > and type SDRAM replacement at www.crucial.com . > > > > Sorry, not an advertising plug! You can buy the ram elsewhere! > > > > Thanks, > > Glenn > > > Crucial lists a 1 gig module for that system, but it is pricey ($414 US) > I suppose you could fit 2 of them, as I can't remember how many slots the 550 > has. But you have invested close to a grand in an older system, that you could > invest into a new 1u system that will run rings around the RAQ. > That is steep. Perhaps it's time I actually did a plug for kingston parts then....:-).Getting 2 512 MiB capsules or one 1 Gib ... would set you back far elss if you use the kingston "work-alike-replacements". It's been quite a while since when the use of kingston memory prompted the phrase "do a double-kingston" ... meaning the act of punching the power button twice (effecting a power reset), after the machine had gone bonkers on the shoddy memory:-). They're much better now ... has been using kingston and viking memoryextensively for the past 5-10 years without any more problem than originals would've. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From remy at unix-asp.com Sat Mar 4 21:08:53 2006 From: remy at unix-asp.com (Remy de Ruysscher) Date: Sat Mar 4 21:09:08 2006 Subject: MailScanner very memory intensive? In-Reply-To: References: <2baac6140603031844oce6d652x3e0ab68faef5a32b@mail.gmail.com> <200603040904.k2494huB017391@bkserver.blacknight.ie> <200603040950.k249orZ1018728@bkserver.blacknight.ie> Message-ID: <200603042109.k24L95eR028945@bkserver.blacknight.ie> Hi Julian, Thanks, I found out that SA is indeed using large amounts of memory, by disabling SA in MS. I have cleaned up my SA rules (4.9Mb total in rules), used only a few of the rules mentioned on rulesemporium, but still MS is using around 950Mb with 5 childs. bash-2.05b# spamassassin --version SpamAssassin version 3.1.0 running on Perl version 5.8.8 The server is not heavy used, only for mail gateway and some firewalling/routing. Any more suggestions? Regards, Remy. On Sat, March 4, 2006 17:27, Julian Field wrote: > Take out all your extra rulesets, upgrade to the latest SpamAssassin > (using my easy to install > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz > package) and then only add rulesets using Rules_Du_Jour once you are > sure everything is working nicely. > > My normal advice is 1Gb per CPU, as long as the machine isn't doing much > else. You can watch to see your actual disk swapping use using the > "vmstat" command. A common command for this is "vmstat 5" and the man > page for vmstat will tell you what all the columns mean. You are > probably looking for "si" and "so" or "pi" and "po". > > Remy de Ruysscher wrote: >> Hi, >> >> No BigEvil rules are decrepated I believe. I do a.o. have these SA >> rules: >> >> -rw-r--r-- 1 root wheel 24298 Oct 5 22:00 70_sare_evilnum0.cf >> -rw-r--r-- 1 root wheel 1574 Jun 2 2005 70_sare_evilnum1.cf >> -rw-r--r-- 1 root wheel 6970 Jun 2 2005 70_sare_evilnum2.cf >> >> >> On Sat, March 4, 2006 10:13, shuttlebox wrote: >> >>> On 3/4/06, Remy de Ruysscher wrote: >>> >>>> 60795 postfix 1 8 0 470M 210M nanslp 0:50 0.00% >>>> perl5.8.8 >>>> 68200 postfix 1 8 0 470M 378M nanslp 0:49 0.00% >>>> perl5.8.8 >>>> 53602 postfix 1 8 0 470M 55660K nanslp 0:49 0.00% >>>> perl5.8.8 >>>> 69900 postfix 1 8 0 470M 389M nanslp 0:48 0.00% >>>> perl5.8.8 >>>> 72078 postfix 1 8 0 470M 389M nanslp 0:48 0.00% >>>> perl5.8.8 >>>> >>> If those are your MS processes something looks very wrong. Depending >>> on how much rules I use in SA my processes use 25-40 MB of memory per >>> child. Yours are more than 10 times that! >>> >>> You're not using the BigEvil rules are you? >>> >>> -- >>> /peter >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> >> Met vriendelijk groet / kind regards, >> Remy de Ruysscher >> >> remy@unix-asp.com >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Met vriendelijk groet / kind regards, Remy de Ruysscher remy@unix-asp.com From root at doctor.nl2k.ab.ca Sun Mar 5 00:31:48 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Sun Mar 5 00:31:55 2006 Subject: Released 4.51.5 In-Reply-To: <4409BEA1.4070606@ecs.soton.ac.uk> References: <44077823.5060200@ecs.soton.ac.uk> <20060303235603.GB27763@doctor.nl2k.ab.ca> <4409BEA1.4070606@ecs.soton.ac.uk> Message-ID: <20060305003148.GE20698@doctor.nl2k.ab.ca> On Sat, Mar 04, 2006 at 04:21:53PM +0000, Julian Field wrote: > Dave Shariff Yadallee - System Administrator a.k.a. The Root of the > Problem wrote: > >On Thu, Mar 02, 2006 at 10:56:35PM +0000, Julian Field wrote: > > > >>-----BEGIN PGP SIGNED MESSAGE----- > >>Hash: SHA1 > >> > >>Due to problems with "Use TNEF Contents = replace" not working as > >>advertised, I have released 4.51.5 which should fix this problem. > >> > >>4.51.4 did not properly delete the winmail.dat file from the message. I > >>have completely rewritten the code that does this and it seems to be a > >>lot more robust now. > >> > >>This release also incidentally adds 2 fixes/features: > >>- - Logging of batch timing includes number of messages in batch. > >>- - Pid File error produced with "MailScanner --lint" is fixed. > >> > >> > >> > >While we are at it, I can list the up to date perl modules: > > > >Archive-Zip-1.16 > >Compress-Zlib-1.41 > >Convert-BinHex-1.119 (probably no longer mailtained) > >Convert-TNEF-0.17 (probably no longer mailtained) > >DBD-SQLite-1.11 (recent) > > DBI-1.50 (recent) > >ExtUtils-MakeMaker-6.30 (recent) > >File-Spec had now been incorporated in PathTools-3.16 > > File-Temp-0.16 > >Getopt-Long-2.35 (current) > >HTML-Parser-3.50 (recently changed) > > HTML-Tagset-3.10 (current) > >IO-stringy-2.110 (current) > >MIME-Base64-3.07 (current) > > MIME-tools-5.419 (cuurent) > >MailTools-1.74 (recently changed) > >Net-CIDR-0.11 (recent) > >Storable-2.15 > >Time-HiRes-1.87 (recently changed) > >TimeDate-1.16 (current) > >tnef-1.3.4 (current) > > > >I try to keep up to date. Julian, when I try to update via > >your script, the whole procedure breaks apart. > > > >Is there an explanation? > > > I don't guarantee that the versions of modules I ship are the most up to > date. But I do know that they all work together well. Every now and then > people release code that doesn't work perfectly (I'm as bad at that as > everyone else) so using the versions I ship will save you a lot of > testing as they are known to work well with MailScanner. > > Feel free to live on the bleeding edge, but don't blame me if you get cut! > :-) > Well, I can always go one step back if they are incorrect. So far, I have 0 hiccups to reports and I am using perl 5.8.8 on BSD/OS 4.3.1 > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From admin at thenamegame.com Sun Mar 5 05:06:58 2006 From: admin at thenamegame.com (Michael S.) Date: Sun Mar 5 05:07:20 2006 Subject: BASTED Geocities spam from Brazil Message-ID: <200603050507.k2557HKB020651@bkserver.blacknight.ie> We currently have the follow rules in place to stop these bloody Geocites spam messages; # Geocities Crap uri PROLO_PUBWEB_UKGEO_CHECK1 /^http:\/\/.*\.geocities\.com\// score PROLO_PUBWEB_UKGEO_CHECK1 8.0 describe PROLO_PUBWEB_UKGEO_CHECK1 PROLO_PUBWEB_UKGEO_CHECK1, Body The problem is, geocities.com.br spam is on the rise and all of those are being delivered. Can somebody rewrite the rules above to include geocities.* and geocities.*.* I think it would help a lot of people here. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060305/335a9a93/attachment.html From raymond at prolocation.net Sun Mar 5 09:25:27 2006 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Sun Mar 5 09:26:11 2006 Subject: BASTED Geocities spam from Brazil In-Reply-To: <200603050507.k2557HKB020651@bkserver.blacknight.ie> References: <200603050507.k2557HKB020651@bkserver.blacknight.ie> Message-ID: Hi! > uri PROLO_PUBWEB_UKGEO_CHECK1 /^http:\/\/.*\.geocities\.com\// > score PROLO_PUBWEB_UKGEO_CHECK1 8.0 > describe PROLO_PUBWEB_UKGEO_CHECK1 PROLO_PUBWEB_UKGEO_CHECK1, Body > > The problem is, geocities.com.br spam is on the rise and all of those are > being delivered. You are using a old version of the rule ;) uri PROLO_PUBWEB_GEOSPAM /^http:\/\/((asia|br|ar|it|uk|sg|ca|www|au|in|mx|de|es)\.)?geocities(\.yahoo)?\.com(\.br)?\// score PROLO_PUBWEB_GEOSPAM 12.0 describe PROLO_PUBWEB_GEOSPAM PROLO_PUBWEB_GEO, Body Bye, Raymond. From ljosnet at gmail.com Sun Mar 5 12:51:04 2006 From: ljosnet at gmail.com (emm1) Date: Sun Mar 5 12:51:07 2006 Subject: Problem with MailScanner 4.50 on FreeBSD Message-ID: <910ee2ac0603050451o21928685uda5ea65323a7b4c@mail.gmail.com> Hello, after I upgraded to 4.50 on my FreeBSD 5.4, I noticed there is a change in mailscanner.sh and mta.sh. After reading about it and setting mailscanner_enable="YES" and mta_enable="YES" in rc.conf , the following error occurs when I try to start the MTA: Recipient names must be specified. What is the problem? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060305/bee18905/attachment.html From root at doctor.nl2k.ab.ca Sun Mar 5 13:06:07 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Sun Mar 5 13:06:14 2006 Subject: BASTED Geocities spam from Brazil In-Reply-To: <200603050507.k2557HKB020651@bkserver.blacknight.ie> References: <200603050507.k2557HKB020651@bkserver.blacknight.ie> Message-ID: <20060305130607.GA7932@doctor.nl2k.ab.ca> On Sun, Mar 05, 2006 at 12:06:58AM -0500, Michael S. wrote: > We currently have the follow rules in place to stop these bloody Geocites > spam messages; > > > > # Geocities Crap > > uri PROLO_PUBWEB_UKGEO_CHECK1 /^http:\/\/.*\.geocities\.com\// > > score PROLO_PUBWEB_UKGEO_CHECK1 8.0 > > describe PROLO_PUBWEB_UKGEO_CHECK1 PROLO_PUBWEB_UKGEO_CHECK1, Body > > > > The problem is, geocities.com.br spam is on the rise and all of those are > being delivered. > > > > Can somebody rewrite the rules above to include geocities.* and > geocities.*.* > > > > I think it would help a lot of people here. > > > > Thank you. > In which file does this go into? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From raymond at prolocation.net Sun Mar 5 13:09:56 2006 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Sun Mar 5 13:10:40 2006 Subject: BASTED Geocities spam from Brazil In-Reply-To: <20060305130607.GA7932@doctor.nl2k.ab.ca> References: <200603050507.k2557HKB020651@bkserver.blacknight.ie> <20060305130607.GA7932@doctor.nl2k.ab.ca> Message-ID: Hi! >> # Geocities Crap >> >> uri PROLO_PUBWEB_UKGEO_CHECK1 /^http:\/\/.*\.geocities\.com\// >> >> score PROLO_PUBWEB_UKGEO_CHECK1 8.0 >> >> describe PROLO_PUBWEB_UKGEO_CHECK1 PROLO_PUBWEB_UKGEO_CHECK1, Body >> The problem is, geocities.com.br spam is on the rise and all of those are >> being delivered. >> Can somebody rewrite the rules above to include geocities.* and >> geocities.*.* >> >> I think it would help a lot of people here. > In which file does this go into? Usually somewhere in /etyc/mail/spamassassin ... Most people use local.cf or a custom .cf Bye, Raymond. From james at grayonline.id.au Sun Mar 5 22:16:23 2006 From: james at grayonline.id.au (James Gray) Date: Sun Mar 5 22:39:11 2006 Subject: BASTED Geocities spam from Brazil In-Reply-To: References: <200603050507.k2557HKB020651@bkserver.blacknight.ie> Message-ID: <200603060916.25440.james@grayonline.id.au> On Sunday 05 March 2006 20:25, Raymond Dijkxhoorn wrote: > Hi! > > > uri PROLO_PUBWEB_UKGEO_CHECK1 /^http:\/\/.*\.geocities\.com\// > > score PROLO_PUBWEB_UKGEO_CHECK1 8.0 > > describe PROLO_PUBWEB_UKGEO_CHECK1 PROLO_PUBWEB_UKGEO_CHECK1, Body > > > > The problem is, geocities.com.br spam is on the rise and all of those are > > being delivered. > > You are using a old version of the rule ;) > > uri PROLO_PUBWEB_GEOSPAM > /^http:\/\/((asia|br|ar|it|uk|sg|ca|www|au|in|mx|de|es)\.)?geocities(\.yaho >o)?\.com(\.br)?\// score PROLO_PUBWEB_GEOSPAM 12.0 Nice. BTW, you can reduce the memory footprint fairly significantly if you don't plan to reuse any of the matches in the () (which this rule doesn't). I offer the following memory-friendly version: /^http:\/\/((?:asia|br|ar|it|uk|sg|ca|www|au|in|mx|de|es)\.)?geocities(?: \.yahoo)?\.com(?:\.br)?\// (?:foo) = less memory than (foo) coz Perl doesn't remember the match which means you also can't use $1/$2 etc to repeat the match. My explanation might be lacking a little technical-correctness, but I saw noticeable (15-20%) improvements in memory footprint by rewriting all my rules that didn't require repeat pattern matches using the (?:foo) syntax. I've got a lot of rules though! YMMV and usual disclaimers apply :) Cheers, James -- I don't know half of you half as well as I should like; and I like less than half of you half as well as you deserve. -- J. R. R. Tolkien -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060306/f7895102/attachment.bin From jon.bates at summitmotors.com.au Sun Mar 5 23:02:40 2006 From: jon.bates at summitmotors.com.au (Jon Bates) Date: Sun Mar 5 23:02:53 2006 Subject: Carriage returns removed from text files Message-ID: <200603052301.k25N1X1u009558@summitmotors.com.au> Thanks very much for your reply Glenn. You were right. I turned off the inline signature feature and this has fixed the problem. Now to see if there is a newer fixed version of the Perl module that is causing the problem! I'll post again if I find a resolution. Thanks again Glenn. > Hi Jon, > IIRC this is due to a not-that-easy-to-get-at bug in a supporting perl module, and affects all messages that MailScanner rewrites in some way (like your > spiffy "company disclaimer" below). So a simple thing to test is to make a ruleset exception to adding that ... Might make a difference). At least that > is what my feeble memory is telling me, I might be completely wrong too...:-) > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se From devonharding at gmail.com Mon Mar 6 01:36:03 2006 From: devonharding at gmail.com (Devon Harding) Date: Mon Mar 6 01:36:06 2006 Subject: MailScanner & DoS In-Reply-To: <2baac6140603032221g77096ba4ob13b57bf180f68cc@mail.gmail.com> References: <2baac6140603031844oce6d652x3e0ab68faef5a32b@mail.gmail.com> <200603032001.37639@cs.axint.net> <2baac6140603032221g77096ba4ob13b57bf180f68cc@mail.gmail.com> Message-ID: <2baac6140603051736y6696a517x3364d5710e9773ef@mail.gmail.com> How can I limit concurrent connections from specific IP's with MailScanner? On 3/4/06, Devon Harding wrote: > > Yea, but I want this to be for every one, not just cable users > > > On 3/3/06, Chris Stone wrote: > > > > Try using something like the NJABL_DYNBLOCK rbl to block such cable/dsl > > users > > from connecting...... > > > > On Friday 03 March 2006 07:44 pm, Devon Harding wrote: > > > For some reason, I can't seem to stop hackers from performaing DoS > > against > > > my IPCop fw & MailScanner server. I get alot of these in my > > > /var/log/maillog and the boxes get locked up: > > > > > > Mar 1 20:12:48 mars sendmail[27017]: k220vlXF027017: > > > 69-165-202-64.miamfl.adelphia.net [ 69.165.202.64] did not issue > > > MAIL/EXPN/VRFY/ETRN during connection to MTA > > > Mar 1 20:12:48 mars sendmail[27019]: k220vmrk027019: > > > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > > > MAIL/EXPN/VRFY/ETRN during connection to MTA > > > Mar 1 20:12:48 mars sendmail[27018]: k220vlM8027018: > > > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > > > MAIL/EXPN/VRFY/ETRN during connection to MTA > > > Mar 1 20:12:49 mars sendmail[27020]: k220vm8s027020: > > > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > > > MAIL/EXPN/VRFY/ETRN during connection to MTA > > > Mar 1 20:12:49 mars sendmail[27023]: k220vngJ027023: > > > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > > > MAIL/EXPN/VRFY/ETRN during connection to MTA > > > Mar 1 20:12:49 mars sendmail[27021]: k220vmjG027021: > > > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > > > MAIL/EXPN/VRFY/ETRN during connection to MTA > > > > > > What can I do? > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060305/f54c9f06/attachment.html From mikej at rogers.com Mon Mar 6 02:20:40 2006 From: mikej at rogers.com (Mike Jakubik) Date: Mon Mar 6 02:20:24 2006 Subject: MailScanner & DoS In-Reply-To: <2baac6140603051736y6696a517x3364d5710e9773ef@mail.gmail.com> References: <2baac6140603031844oce6d652x3e0ab68faef5a32b@mail.gmail.com> <200603032001.37639@cs.axint.net> <2baac6140603032221g77096ba4ob13b57bf180f68cc@mail.gmail.com> <2baac6140603051736y6696a517x3364d5710e9773ef@mail.gmail.com> Message-ID: <440B9C78.5090202@rogers.com> Devon Harding wrote: > How can I limit concurrent connections from specific IP's with > MailScanner? You can't, mail scanner is not a mail server. From steve.swaney at fsl.com Mon Mar 6 02:21:33 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Mon Mar 6 02:21:36 2006 Subject: MailScanner & DoS In-Reply-To: <2baac6140603051736y6696a517x3364d5710e9773ef@mail.gmail.com> Message-ID: <046101c640c4$aff89770$287ba8c0@office.fsl> ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Devon Harding Sent: Sunday, March 05, 2006 8:36 PM To: MailScanner discussion Subject: Re: MailScanner & DoS How can I limit concurrent connections from specific IP's with MailScanner? On 3/4/06, Devon Harding wrote: Yea, but I want this to be for every one, not just cable users On 3/3/06, Chris Stone < cstone@axint.net> wrote: Try using something like the NJABL_DYNBLOCK rbl to block such cable/dsl users from connecting...... On Friday 03 March 2006 07:44 pm, Devon Harding wrote: > For some reason, I can't seem to stop hackers from performaing DoS against > my IPCop fw & MailScanner server.??I get alot of these in my > /var/log/maillog and the boxes get locked up: > > Mar??1 20:12:48 mars sendmail[27017]: k220vlXF027017: > 69-165-202-64.miamfl.adelphia.net [MailScanner warning: numerical links are often malicious: 69.165.202.64] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA > Mar??1 20:12:48 mars sendmail[27019]: k220vmrk027019: > 69-165-202-64.miamfl.adelphia.net [MailScanner warning: numerical links are often malicious: 69.165.202.64] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA > Mar??1 20:12:48 mars sendmail[27018]: k220vlM8027018: > 69-165-202-64.miamfl.adelphia.net [MailScanner warning: numerical links are often malicious: 69.165.202.64] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA > Mar??1 20:12:49 mars sendmail[27020]: k220vm8s027020: > 69-165-202-64.miamfl.adelphia.net [MailScanner warning: numerical links are often malicious: 69.165.202.64] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA > Mar??1 20:12:49 mars sendmail[27023]: k220vngJ027023: > 69-165-202-64.miamfl.adelphia.net [MailScanner warning: numerical links are often malicious: 69.165.202.64] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA > Mar??1 20:12:49 mars sendmail[27021]: k220vmjG027021: > 69-165-202-64.miamfl.adelphia.net [MailScanner warning: numerical links are often malicious: 69.165.202.64] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA > > What can I do? That's a job for your MTA not MailScanner :) If you're using a recent version of sendmail, 8.13.x, it's pretty easy. Check out: http://www.technoids.org/dossed.html Hope this helps, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From linux_spartacus at yahoo.com Mon Mar 6 02:47:22 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Mon Mar 6 02:47:24 2006 Subject: how to allow zip files ? Message-ID: <20060306024722.62699.qmail@web35605.mail.mud.yahoo.com> hi guys, im having some trouble here. my clients usually send bitmap files and now MS automatically removes it. Then i tried zipping them still they cant send the attachment. How can i allow zipped files to be send or zipped files with password only? tnx --------------------------------- Yahoo! Mail Bring photos to life! New PhotoMail makes sharing a breeze. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060305/bf377c6c/attachment.html From lox at birdy.nc Mon Mar 6 03:19:03 2006 From: lox at birdy.nc (Laurent Dinclaux) Date: Mon Mar 6 03:19:27 2006 Subject: MailScanner SMTP question Message-ID: <440BAA27.2030201@birdy.nc> Hello, I know I should buy the book and I certainly will, but I would like to know where is MailScanner "sitting" in a SMTP transaction. I mean, is MailScanner able to reject a mail at SMTP level, before downloading it and wasting bandwidth? Best regards -- Laurent Dinclaux Birdy Communication Responsable D?veloppement lox@birdy.nc Mobile : +687 849 272 T?l/fax : +687 278 888 From Jeff.Mills at versacold.com.au Mon Mar 6 03:41:12 2006 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Mon Mar 6 03:41:42 2006 Subject: MailScanner SMTP question Message-ID: <197F21E06E4D2A478519EA9078D6AA1C01B0AD15@poclexch.AU.POCOLD.POCL> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf > Of Laurent > Dinclaux > Sent: Monday, 6 March 2006 2:19 PM > To: MailScanner discussion > Subject: MailScanner SMTP question > > I mean, is MailScanner able to reject a mail at SMTP level, before > downloading it and wasting bandwidth? > MailScanner sits between an external MTA and your "real" mail system. MailScanner does not handle SMTP. You may be able to configure your MTA to reject certain mail at SMTP level, but this is not MailScanner. If you want a system like that, you could try Messagewall. *** "This company is now part of the Versacold Holdings Corp. and is no longer owned by or affiliated with the P&O Group" *** Please update your address books: Was: firstname.lastname@pocold.com.au Now: firstname.lastname@versacold.com.au ************** www.versacold.com ************** From lox at birdy.nc Mon Mar 6 03:53:00 2006 From: lox at birdy.nc (Laurent Dinclaux) Date: Mon Mar 6 03:53:22 2006 Subject: MailScanner SMTP question In-Reply-To: <197F21E06E4D2A478519EA9078D6AA1C01B0AD15@poclexch.AU.POCOLD.POCL> References: <197F21E06E4D2A478519EA9078D6AA1C01B0AD15@poclexch.AU.POCOLD.POCL> Message-ID: <440BB21C.90400@birdy.nc> Jeff Mills a ?crit : > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf >> Of Laurent >> Dinclaux >> Sent: Monday, 6 March 2006 2:19 PM >> To: MailScanner discussion >> Subject: MailScanner SMTP question >> > >> I mean, is MailScanner able to reject a mail at SMTP level, before >> downloading it and wasting bandwidth? >> > > > MailScanner sits between an external MTA and your "real" mail system. > MailScanner does not handle SMTP. > You may be able to configure your MTA to reject certain mail at SMTP level, but this is not MailScanner. > If you want a system like that, you could try Messagewall. Thanks From james at grayonline.id.au Mon Mar 6 03:54:22 2006 From: james at grayonline.id.au (James Gray) Date: Mon Mar 6 03:55:10 2006 Subject: MailScanner SMTP question In-Reply-To: <440BAA27.2030201@birdy.nc> References: <440BAA27.2030201@birdy.nc> Message-ID: <200603061454.27783.james@grayonline.id.au> On Monday 06 March 2006 14:19, Laurent Dinclaux wrote: > Hello, > > I know I should buy the book and I certainly will, but I would like to > know where is MailScanner "sitting" in a SMTP transaction. > I mean, is MailScanner able to reject a mail at SMTP level, before > downloading it and wasting bandwidth? No. Mailscanner sits between two MTA queues: Internet -> Incoming MTA -> MailScanner -> Outgoing MTA It's important to note the MTA's DON'T interact with each other or MailScanner. All three processes operate independantly although all rely on each other. Here's a better overview: http://www.fsl.com/Fortress_SMGateway_Architecture_Diagram.pdf Specifically, look at Figure 2 on page 3. Cheers, James -- List at least two alternate dates. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060306/181f90dd/attachment.bin From james at grayonline.id.au Mon Mar 6 03:57:11 2006 From: james at grayonline.id.au (James Gray) Date: Mon Mar 6 03:57:51 2006 Subject: MailScanner SMTP question In-Reply-To: <440BAA27.2030201@birdy.nc> References: <440BAA27.2030201@birdy.nc> Message-ID: <200603061457.12576.james@grayonline.id.au> On Monday 06 March 2006 14:19, Laurent Dinclaux wrote: > Hello, > > I know I should buy the book and I certainly will, but I would like to > know where is MailScanner "sitting" in a SMTP transaction. > I mean, is MailScanner able to reject a mail at SMTP level, before > downloading it and wasting bandwidth? ...and here's just a plain-old JPEG of the MailScanner process: http://www.hitechsavvy.com/downloads/MailScanner_Process_Overview_v3.jpg Amazing what you can turn up on Google with "MailScanner Diagram" :) HTH, James -- You can never tell which way the train went by looking at the tracks. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060306/1bcc466c/attachment.bin From tristan at witenko.com Mon Mar 6 05:23:59 2006 From: tristan at witenko.com (Tristan Rhodes) Date: Mon Mar 6 05:20:12 2006 Subject: VMware Virtual Appliance Challenge: Create a MailScanner-based email gateway Message-ID: <440BC76F.3050305@witenko.com> "VMware invites you to put your skills to the test, go head-to-head with your peers, and develop the best virtual appliance the industry has ever seen. Using open source or freely distributable components and/or your own code, create the most inventive and useful virtual appliance and win the $100,000 first prize!" (http://www.vmware.com/vmtn/appliances/challenge/) This would be a great opportunity for a team of MailScanner users/developers to create an email gateway appliance based on MailScanner. The idea is to create a pre-configured Linux distribution that includes all the pieces of a filtering email gateway appliance. This might include a SMTP server, MailScanner, SpamAssassin, ClamAV, MailWatch, etc. The appliance would be most successful if every aspect of it could be managed from a web-interface. This includes configuring the MTA, MailScanner, installing security updates, starting/stopping the services, adding/removing users, and perhaps more. I hope some of you find this interesting and create a team to enter the competition. Tristan Rhodes From strydom.dave at gmail.com Mon Mar 6 06:31:57 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Mon Mar 6 06:32:00 2006 Subject: MailScanner SMTP question In-Reply-To: <200603061457.12576.james@grayonline.id.au> References: <440BAA27.2030201@birdy.nc> <200603061457.12576.james@grayonline.id.au> Message-ID: what you are looking for is exim-config http://www.jcdigita.com/eximconfig/ I use that with my MailScanner, i find it works the best. Dave On 3/6/06, James Gray wrote: > On Monday 06 March 2006 14:19, Laurent Dinclaux wrote: > > Hello, > > > > I know I should buy the book and I certainly will, but I would like to > > know where is MailScanner "sitting" in a SMTP transaction. > > I mean, is MailScanner able to reject a mail at SMTP level, before > > downloading it and wasting bandwidth? > > ...and here's just a plain-old JPEG of the MailScanner process: > > http://www.hitechsavvy.com/downloads/MailScanner_Process_Overview_v3.jpg > > Amazing what you can turn up on Google with "MailScanner Diagram" :) > > HTH, > > James > -- > You can never tell which way the train went by looking at the tracks. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > From Jan-Peter.Koopmann at seceidos.de Mon Mar 6 07:44:46 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Mon Mar 6 07:44:57 2006 Subject: Problem with MailScanner 4.50 on FreeBSD Message-ID: On Sonntag, 5. M?rz 2006 1:51 emm1 wrote: > setting mailscanner_enable="YES" and mta_enable="YES" in rc.conf , > the following error occurs when I try to start the MTA: Have you set the other mta_ parameters in rc.conf as well? Regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060306/1dc6fe79/smime.bin From ljosnet at gmail.com Mon Mar 6 08:35:15 2006 From: ljosnet at gmail.com (emm1) Date: Mon Mar 6 08:35:19 2006 Subject: Problem with MailScanner 4.50 on FreeBSD In-Reply-To: References: Message-ID: <910ee2ac0603060035p5878659fi8840257ed78a84ae@mail.gmail.com> Yeah, I've tried many things. Still it has the same problem. :) On 3/6/06, Koopmann, Jan-Peter wrote: > > On Sonntag, 5. M?rz 2006 1:51 emm1 wrote: > > > setting mailscanner_enable="YES" and mta_enable="YES" in rc.conf , > > the following error occurs when I try to start the MTA: > > Have you set the other mta_ parameters in rc.conf as well? > > Regards, > JP > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060306/7ad9377b/attachment.html From MailScanner at ecs.soton.ac.uk Mon Mar 6 08:38:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 6 08:38:43 2006 Subject: how to allow zip files ? In-Reply-To: <20060306024722.62699.qmail@web35605.mail.mud.yahoo.com> References: <20060306024722.62699.qmail@web35605.mail.mud.yahoo.com> Message-ID: <64EE87EF-586C-4B83-921F-85BD886C5FA7@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 6 Mar 2006, at 02:47, spart cus wrote: > hi guys, > im having some trouble here. my clients usually send bitmap files > and now MS automatically removes it. Then i tried zipping them > still they cant send the attachment. How can i allow zipped files > to be send or zipped files with password only? Remove the line from filename.rules.conf that is blocking them. Easy :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAv1Dfw32o+k+q+hAQHfbwf8CKKzCAyz0k0YUw+amGAymj5lyFs/MLtY YnGsF9aKct+PRT5r3NpCHlRe6GRBpRWh3JGbY8iwbDEJ/ZExZqf+wgCUZPbxh9zY hNLcmkdvyCzU4Za/37VfShsre4gZKWHFZ7kBlWWfnixEz9+N88Cx8ooexo5LRIsm 5NXl9qd7XAjVgqWKk8LYLocE+r6KvtlM5A7yzQX7d0QAPEYPqzdmDOK1g5LGBv0G +Jgm9mWcnI0w30IA7Cc4bcKUOuzaxtPlcdYLlUUXjgB+C7WswUc7WVgHm7FMZf40 aaCnktAYF7whi6t/Jnwo+BeDC0SHBTJ7JlGZuxD5wU3V8Q5R+BlCRg== =VX39 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solid-state-logic.com Mon Mar 6 09:04:10 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Mar 6 09:04:28 2006 Subject: MailScanner SMTP question In-Reply-To: <440BAA27.2030201@birdy.nc> Message-ID: <011e01c640fc$f046dcf0$3004010a@martinhlaptop> Hi Other people have answered about the way MS works.. But in answer to you final question, no it can't reject at smtp connect time. BUT what I do it reject all non-valid email addresses at smtp time, I drop about 70% of my inbound email that way. How you do this is MTA and local setup dependant (ie if you run Active Directory you can get many MTA to query that on the fly, or you have to rely on separate files of valid addresses etc etc). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Laurent Dinclaux > Sent: 06 March 2006 03:19 > To: MailScanner discussion > Subject: MailScanner SMTP question > > Hello, > > I know I should buy the book and I certainly will, but I would like to > know where is MailScanner "sitting" in a SMTP transaction. > I mean, is MailScanner able to reject a mail at SMTP level, before > downloading it and wasting bandwidth? > > Best regards > > -- > Laurent Dinclaux > Birdy Communication > Responsable D?veloppement > lox@birdy.nc > > Mobile : +687 849 272 > T?l/fax : +687 278 888 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Mon Mar 6 11:00:29 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 6 11:00:46 2006 Subject: MailScanner SMTP question In-Reply-To: <440BAA27.2030201@birdy.nc> References: <440BAA27.2030201@birdy.nc> Message-ID: <7C42FF8F-3C08-4962-8D54-3546FB53AC15@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- The one thing you can do to alleviate this with MailScanner is to use the "IPBlock" code within CustomConfig.pm. It only works with sendmail, if I remember correctly. You can put the maximum limit of email messages per hour that you accept from a domain or a block of IP addresses. Once it gets more messages that that from an address (or IP) it starts telling sendmail to block mail from that address. Once an hour the counters are reset. Not many people use this, which is why it isn't a core feature, but the person who asked me to write it makes great use of it. Fundamentally, this is really a job for you MTA, and not MailScanner at all. If you are using sendmail, then there are milters such as milter-ahead which will check the addresses it receives are real on your system, and rejects all messages that are being delivered to non- existent addresses. It is a lot faster than you might think it would be, as it does lots of caching, and it will reject a message long before the content of the message is transmitted. Thoroughly recommended. There are mailing list postings and Wiki pages that will tell you how to do something similar on other MTAs. On 6 Mar 2006, at 03:19, Laurent Dinclaux wrote: > Hello, > > I know I should buy the book and I certainly will, but I would like > to know where is MailScanner "sitting" in a SMTP transaction. > I mean, is MailScanner able to reject a mail at SMTP level, before > downloading it and wasting bandwidth? > > Best regards > > -- > Laurent Dinclaux > Birdy Communication > Responsable D?veloppement > lox@birdy.nc > > Mobile : +687 849 272 > T?l/fax : +687 278 888 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAwWT/w32o+k+q+hAQH02gf+IBGzHmB0qm/Fuhv+/NSJhhXPUm9FcDL+ Svvu0JJg58rOU+igVQc8I+RESfiT5sPVs3OhSqRzCSAldjTCdxW8zyYbKroWdJPg 0ec5WHSZofsZem4fngQ4dzNKDQq13cHE42iDQbLQoJa1XgyFnbtcKQAOA4B/jPbG rsUpS/bc8RfqRD93ZrbqaeYPP7X8t0icI6EU1vzqSOcHmvMxBEzrd0OZScWuaMLQ I0810vqv8J4YiL6dZjw7DdVUDyqi8DEFRYbd1OAoA40K7BDlRGdGVPy4IkKkqzJB 9jSjYOn5n+yNla4xx2EBAmcSD90qz8S5QfgQ5PgRcrK3eN2yWXuj3w== =rp3E -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve.swaney at fsl.com Mon Mar 6 13:52:01 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Mon Mar 6 13:52:05 2006 Subject: MailScanner SMTP question In-Reply-To: <440BAA27.2030201@birdy.nc> Message-ID: <04e301c64125$25055660$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Laurent Dinclaux > Sent: Sunday, March 05, 2006 10:19 PM > To: MailScanner discussion > Subject: MailScanner SMTP question > > Hello, > > I know I should buy the book and I certainly will, but I would like to > know where is MailScanner "sitting" in a SMTP transaction. > I mean, is MailScanner able to reject a mail at SMTP level, before > downloading it and wasting bandwidth? > > Best regards > > -- > Laurent Dinclaux > Birdy Communication > Responsable D?veloppement > lox@birdy.nc The MailScanner manual available on our web site: http://www.fsl.com/support/MailScanner-Manual-Version-1.0.1.pdf Has a MailScanner Process Flow diagram on page two. It needs to be updated to show the new cache checking process added in version 4.50. That check will be added just as the message is picked up from the incoming queue and before any other check are performed. The cache will be updated with the checksum and score after the message finishes the SpamAssassin checks. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From jaearick at colby.edu Mon Mar 6 15:44:58 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon Mar 6 15:45:16 2006 Subject: BASTED Geocities spam from Brazil In-Reply-To: References: <200603050507.k2557HKB020651@bkserver.blacknight.ie> Message-ID: Raymond, Did this rule come from someplace else, or did you cook it up? Jeff Earickson Colby College On Sun, 5 Mar 2006, Raymond Dijkxhoorn wrote: > Date: Sun, 5 Mar 2006 10:25:27 +0100 (CET) > From: Raymond Dijkxhoorn > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: BASTED Geocities spam from Brazil > > Hi! > >> uri PROLO_PUBWEB_UKGEO_CHECK1 /^http:\/\/.*\.geocities\.com\// >> score PROLO_PUBWEB_UKGEO_CHECK1 8.0 >> describe PROLO_PUBWEB_UKGEO_CHECK1 PROLO_PUBWEB_UKGEO_CHECK1, Body >> >> The problem is, geocities.com.br spam is on the rise and all of those are >> being delivered. > > You are using a old version of the rule ;) > > uri PROLO_PUBWEB_GEOSPAM > /^http:\/\/((asia|br|ar|it|uk|sg|ca|www|au|in|mx|de|es)\.)?geocities(\.yahoo)?\.com(\.br)?\// > score PROLO_PUBWEB_GEOSPAM 12.0 > describe PROLO_PUBWEB_GEOSPAM PROLO_PUBWEB_GEO, Body > > Bye, > Raymond. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From raymond at prolocation.net Mon Mar 6 15:50:07 2006 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Mon Mar 6 15:50:07 2006 Subject: BASTED Geocities spam from Brazil In-Reply-To: References: <200603050507.k2557HKB020651@bkserver.blacknight.ie> Message-ID: Hi Jeff, > Did this rule come from someplace else, or did you cook it up? >> uri PROLO_PUBWEB_GEOSPAM >> /^http:\/\/((asia|br|ar|it|uk|sg|ca|www|au|in|mx|de|es)\.)?geocities(\.yahoo)?\.com(\.br)?\// >> score PROLO_PUBWEB_GEOSPAM 12.0 describe PROLO_PUBWEB_GEOSPAM >> PROLO_PUBWEB_GEO, Body Its a combi, you can find a somehow altered one inside SARE also. Bye, Raymond. From bpumphrey at WoodMacLaw.com Mon Mar 6 16:40:12 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Mon Mar 6 16:40:16 2006 Subject: Now... My linux machine will not boot - stuck at starting MailScanner Message-ID: <04D932B0071FE34FA63EBB1977B48D15DCC0ED@woodenex.woodmaclaw.local> Now I did it. I rebooted my machine trying to get DCC installed and it will not go past the "Starting MailScanner:" screen. I tried shutting it down and turning it back on again, I figured that it would not work and it did not help. The last things that I did were: - Downloaded DCC from http://www.dcc-servers.net/dcc/ - Installed using http://flakshack.com/anti-spam/wiki/index.php?page=Installing+DCC - I keep getting: [7382] warn: config: failed to parse line, skipping: dcc_path /usr/local/bin/dccproc On a spamassassin lint test - I checked the DCC install using: http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamass assin:plugins:dcc:dccifd_install&s=dcc After the reboot step from the link above, this happened. Any ideas? Thank you From nate.olson at ndsu.edu Mon Mar 6 16:51:59 2006 From: nate.olson at ndsu.edu (Nathan Olson) Date: Mon Mar 6 16:52:02 2006 Subject: Now... My linux machine will not boot - stuck at starting MailScanner In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15DCC0ED@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15DCC0ED@woodenex.woodmaclaw.local> Message-ID: <8f54b4330603060851l77fd735drd3f9b4c442c95115@mail.gmail.com> Type 'single' at the linux: boot prompt (LILO) or edit your GRUB boot line to include it. Be prepared to provide the root password. /sbin/service MailScanner stop /sbin/chkconfig MailScanner off reboot (or telinit). Nate From rpoe at plattesheriff.org Mon Mar 6 16:52:34 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Mon Mar 6 16:52:48 2006 Subject: Now... My linux machine will not boot - stuck at starting MailScanner In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15DCC0ED@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15DCC0ED@woodenex.woodmaclaw.local> Message-ID: <440C1472.65ED.00A2.0@plattesheriff.org> boot into single mode, disable the service reboot regularly???? as a linux semi-noob, that's the first step i'd try >>> bpumphrey@WoodMacLaw.com 3/6/2006 10:40:12 AM >>> Now I did it. I rebooted my machine trying to get DCC installed and it will not go past the "Starting MailScanner:" screen. I tried shutting it down and turning it back on again, I figured that it would not work and it did not help. The last things that I did were: - Downloaded DCC from http://www.dcc-servers.net/dcc/ - Installed using http://flakshack.com/anti-spam/wiki/index.php?page=Installing+DCC - I keep getting: [7382] warn: config: failed to parse line, skipping: dcc_path /usr/local/bin/dccproc On a spamassassin lint test - I checked the DCC install using: http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamass assin:plugins:dcc:dccifd_install&s=dcc After the reboot step from the link above, this happened. Any ideas? Thank you -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From damian at workgroupsolutions.com Mon Mar 6 18:22:50 2006 From: damian at workgroupsolutions.com (Damian Mendoza) Date: Mon Mar 6 18:22:57 2006 Subject: MailScanner halts, dies, stops randomly about once a month Message-ID: <0C941442AC84A8449448BA2207DD4F4D0CCB91@core01.workgroupsolutions.com> Hi, I've been fighting this problem for months now on multiple installations where MailScanner stops even running the latest version 4.5-15 and SA 3.1. I'm using Fedora Core 1 with sendmail 8.13, ClamAV and F-Prot, 512MB memory to 1GB memory, happens more on busy servers with a load of 2.50 or higher. I restart MailScanner and everything starts working again. One installation was down for 16 hours then the automatic MailScanner restart got everything going again. Most lockups are down until I manually restart MailScanner. I thought the default MailScanner restart was every four hours and not sure why that does not always get everything going again. When the problem occurs a "telnet to localhost port 25" on the server results in "connection refused" Any advice will be greatly appreciated. The following is a maillog file with connection refused at the bottom of the file and valid message processed just before the problem occurred: Mar 4 02:12:50 spamgate MailScanner[6207]: Message k247CkSA014987 from 66.129.64.140 (norberto@bresnan.net) to bbsjax.com is spam, Spam Assassin (score=68.8, required 8, autolearn=spam, BAYES_99 3.50, DATE_IN_FUTURE_12_24 3.03, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, RAZOR2 _CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_IN_CHINA 8.00, RCVD_IN_SBL 0.11, SARE_RECV_IP_061172 1.67, SARE_SPEC_LEO_PHARM 1.67, URIB L_AB_SURBL 8.00, URIBL_BLACK 6.00, URIBL_JP_SURBL 8.00, URIBL_OB_SURBL 8.00, URIBL_SBL 1.00, URIBL_SPAMCOP_SURBL 8.00, URIBL_WS_SURBL 8. 00) Mar 4 02:12:52 spamgate MailScanner[6207]: Spam Checks: Found 1 spam messages Mar 4 02:12:52 spamgate MailScanner[6207]: Spam Actions: message k247CkSA014987 actions are store Mar 4 02:12:52 spamgate MailScanner[6207]: Virus and Content Scanning: Starting Mar 4 02:13:22 spamgate sendmail[15021]: k247DLYO015021: from=, size=489, class=0, nrcpts=1, msgid=<200603040820.k248 K0JU026126@localhost.localdomain>, proto=SMTP, daemon=MTA, relay=nsc69.38.18-110.newsouth.net [69.38.18.110] Mar 4 02:13:22 spamgate sendmail[15021]: k247DLYO015021: to=, delay=00:00:00, mailer=esmtp, pri=30489, stat=queued Mar 4 02:13:22 spamgate sendmail[15022]: k247DMbc015022: from=, size=940, class=0, nrcpts=1, msgid=<200603040910.k249 A0x07541@vfcprimary.mem.sysco.com>, proto=SMTP, daemon=MTA, relay=smtpout.sysco.com [129.41.168.196] Mar 4 02:13:22 spamgate sendmail[15022]: k247DMbc015022: to=, delay=00:00:00, mailer=esmtp, pri=30940, stat=queued Mar 4 02:13:22 spamgate MailScanner[6207]: New Batch: Scanning 2 messages, 2455 bytes Mar 4 02:13:22 spamgate MailScanner[6207]: Spam Checks: Starting Mar 4 02:13:28 spamgate MailScanner[6207]: Virus and Content Scanning: Starting Mar 4 02:13:30 spamgate MailScanner[6207]: Uninfected: Delivered 2 messages Mar 4 02:13:30 spamgate sendmail[15051]: k247DLYO015021: to=, delay=00:00:08, xdelay=00:00:00, mailer=esmtp, pri=1204 89, relay=[192.168.1.17] [192.168.1.17], dsn=2.0.0, stat=Sent ( <200603040820.k248K0JU026126@localhost.localdomain> Queued mail for deli very) Mar 4 02:13:30 spamgate sendmail[15051]: k247DMbc015022: to=, delay=00:00:08, xdelay=00:00:00, mailer=esmtp, pri=1209 40, relay=[192.168.1.17] [192.168.1.17], dsn=2.0.0, stat=Sent ( <200603040910.k249A0x07541@vfcprimary.mem.sysco.com> Queued mail for del ivery) Mar 4 02:15:01 spamgate MailScanner[6673]: MailScanner child caught a SIGHUP Mar 4 02:15:01 spamgate MailScanner[6673]: Config: calling custom end function MailWatchLogging Mar 4 02:15:01 spamgate MailScanner[6673]: Disconnected from the database Mar 4 02:15:01 spamgate MailScanner[6207]: MailScanner child caught a SIGHUP Mar 4 02:15:01 spamgate MailScanner[6207]: Config: calling custom end function MailWatchLogging Mar 4 02:15:01 spamgate MailScanner[6207]: Disconnected from the database Mar 4 02:15:01 spamgate MailScanner[6425]: MailScanner child caught a SIGHUP Mar 4 02:15:01 spamgate MailScanner[6425]: Config: calling custom end function MailWatchLogging Mar 4 02:15:01 spamgate MailScanner[6425]: Disconnected from the database Mar 4 02:15:01 spamgate MailScanner[6186]: MailScanner child caught a SIGHUP Mar 4 02:15:01 spamgate MailScanner[6186]: Config: calling custom end function MailWatchLogging Mar 4 02:15:01 spamgate MailScanner[6186]: Disconnected from the database Mar 4 02:15:01 spamgate MailScanner[6601]: MailScanner child caught a SIGHUP Mar 4 02:15:01 spamgate MailScanner[6601]: Config: calling custom end function MailWatchLogging Mar 4 02:15:01 spamgate MailScanner[6601]: Disconnected from the database Mar 4 02:16:20 spamgate sendmail[15192]: alias database /etc/aliases rebuilt by root Mar 4 02:16:20 spamgate sendmail[15192]: /etc/aliases: 63 aliases, longest 10 bytes, 625 bytes total Mar 4 02:16:20 spamgate sm-msp-queue[15202]: starting daemon (8.13.1): queueing@00:15:00 Mar 4 02:16:20 spamgate sendmail[15207]: starting daemon (8.13.1): queueing@00:15:00 Mar 4 02:16:26 spamgate MailScanner[15228]: MailScanner E-Mail Virus Scanner version 4.45.4 starting... Mar 4 02:16:26 spamgate MailScanner[15228]: Config: calling custom init function MailWatchLogging Mar 4 02:16:28 spamgate MailScanner[15228]: Initialising database connection Mar 4 02:16:28 spamgate MailScanner[15228]: Finished initialising database connection Mar 4 02:16:36 spamgate MailScanner[15228]: Using locktype = posix Mar 4 02:16:36 spamgate MailScanner[15228]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Mar 4 02:16:37 spamgate MailScanner[15241]: MailScanner E-Mail Virus Scanner version 4.45.4 starting... Mar 4 02:16:37 spamgate MailScanner[15241]: Config: calling custom init function MailWatchLogging Mar 4 02:16:38 spamgate MailScanner[15241]: Initialising database connection Mar 4 02:16:39 spamgate MailScanner[15241]: Finished initialising database connection Mar 4 02:16:46 spamgate MailScanner[15241]: Using locktype = posix Mar 4 02:16:46 spamgate MailScanner[15241]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Mar 4 02:16:48 spamgate MailScanner[15250]: MailScanner E-Mail Virus Scanner version 4.45.4 starting... Mar 4 02:16:48 spamgate MailScanner[15250]: Config: calling custom init function MailWatchLogging Mar 4 02:16:49 spamgate MailScanner[15250]: Initialising database connection Mar 4 02:16:50 spamgate MailScanner[15250]: Finished initialising database connection Mar 4 02:16:57 spamgate MailScanner[15250]: Using locktype = posix Mar 4 02:16:57 spamgate MailScanner[15250]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Mar 4 02:16:59 spamgate MailScanner[15259]: MailScanner E-Mail Virus Scanner version 4.45.4 starting... Mar 4 02:16:59 spamgate MailScanner[15259]: Config: calling custom init function MailWatchLogging Mar 4 02:17:00 spamgate MailScanner[15259]: Initialising database connection Mar 4 02:17:01 spamgate MailScanner[15259]: Finished initialising database connection Mar 4 02:17:08 spamgate MailScanner[15259]: Using locktype = posix Mar 4 02:17:08 spamgate MailScanner[15259]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Mar 4 02:17:10 spamgate MailScanner[15266]: MailScanner E-Mail Virus Scanner version 4.45.4 starting... Mar 4 02:17:10 spamgate MailScanner[15266]: Config: calling custom init function MailWatchLogging Mar 4 02:17:11 spamgate MailScanner[15266]: Initialising database connection Mar 4 02:17:12 spamgate MailScanner[15266]: Finished initialising database connection Mar 4 02:17:20 spamgate MailScanner[15266]: Using locktype = posix Mar 4 02:17:20 spamgate MailScanner[15266]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Mar 4 02:48:59 spamgate sendmail[13327]: k246mxvT013327: timeout waiting for input from savingsfare.com during server cmd read Mar 4 03:00:05 spamgate sendmail[14073]: k24704lw014073: timeout waiting for input from c-68-50-207-165.hsd1.md.comcast.net during serv er cmd read Mar 4 03:00:05 spamgate sendmail[14073]: k24704lw014073: c-68-50-207-165.hsd1.md.comcast.net [68.50.207.165] did not issue MAIL/EXPN/VR FY/ETRN during connection to MTA Mar 4 03:01:00 spamgate update.virus.scanners: Delaying cron job up to 600 seconds Mar 4 03:04:22 spamgate update.virus.scanners: Found clamav installed Mar 4 03:04:22 spamgate update.virus.scanners: Running autoupdate for clamav Mar 4 03:04:23 spamgate freshclam[16700]: Daemon started. Mar 4 03:04:23 spamgate freshclam[16700]: ClamAV update process started at Sat Mar 4 03:04:23 2006 Mar 4 03:04:23 spamgate freshclam[16700]: WARNING: Your ClamAV installation is OUTDATED! Mar 4 03:04:23 spamgate freshclam[16700]: WARNING: Local version: 0.87.1 Recommended version: 0.88 Mar 4 03:04:23 spamgate freshclam[16700]: DON'T PANIC! Read http://www.clamav.net/faq.html Mar 4 03:04:23 spamgate freshclam[16700]: main.cvd is up to date (version: 36, sigs: 44686, f-level: 7, builder: tkojm) Mar 4 03:04:23 spamgate freshclam[16700]: WARNING: Your ClamAV installation is OUTDATED! Mar 4 03:04:23 spamgate freshclam[16700]: WARNING: Current functionality level = 6, recommended = 7 Mar 4 03:04:23 spamgate freshclam[16700]: DON'T PANIC! Read http://www.clamav.net/faq.html Mar 4 03:04:23 spamgate freshclam[16700]: daily.cvd is up to date (version: 1313, sigs: 1082, f-level: 7, builder: diego) Mar 4 03:04:23 spamgate freshclam[16700]: WARNING: Your ClamAV installation is OUTDATED! Mar 4 03:04:23 spamgate freshclam[16700]: WARNING: Current functionality level = 6, recommended = 7 Mar 4 03:04:23 spamgate freshclam[16700]: DON'T PANIC! Read http://www.clamav.net/faq.html Mar 4 03:04:23 spamgate ClamAV-autoupdate[16699]: ClamAV did not need updating Mar 4 03:04:23 spamgate update.virus.scanners: Found f-prot installed Mar 4 03:04:23 spamgate update.virus.scanners: Running autoupdate for f-prot Mar 4 03:04:23 spamgate F-Prot autoupdate[16723]: F-Prot did not need updating. Mar 4 03:04:23 spamgate update.virus.scanners: Found generic installed Mar 4 03:04:23 spamgate update.virus.scanners: Running autoupdate for generic Mar 4 03:24:32 spamgate sendmail[12216]: k246OTIC012216: timeout waiting for input from [61.50.157.158] during message collect Mar 4 03:24:32 spamgate sendmail[12216]: k246OTIC012216: from=, size=1330, class=0, nrcpts=1, msgid=<001b01c63f54 $34187a79$e15a323d@klck>, proto=SMTP, daemon=MTA, relay=[61.50.157.158] Mar 4 03:24:32 spamgate sendmail[12216]: k246OTIC012216: to=, delay=02:00:01, pri=31330, stat=timeout waiting for i nput during message collect Mar 4 04:01:00 spamgate update.virus.scanners: Delaying cron job up to 600 seconds Mar 4 04:02:05 spamgate sendmail[17089]: k24925kl017089: from=root, size=6613, class=0, nrcpts=1, msgid=<200603040902.k24925kl017089@sp amgate.bbsjax.com>, relay=root@localhost Mar 4 04:02:05 spamgate sendmail[17089]: k24925kl017089: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pr i=36613, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1] Regards, Damian -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060306/a9c363a4/attachment.html From shuttlebox at gmail.com Mon Mar 6 18:34:42 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Mar 6 18:34:46 2006 Subject: MailScanner halts, dies, stops randomly about once a month In-Reply-To: <0C941442AC84A8449448BA2207DD4F4D0CCB91@core01.workgroupsolutions.com> References: <0C941442AC84A8449448BA2207DD4F4D0CCB91@core01.workgroupsolutions.com> Message-ID: <625385e30603061034y79b84af1h397c5468515d699c@mail.gmail.com> On 3/6/06, Damian Mendoza wrote: > When the problem occurs a "telnet to localhost port 25" on the server > results in "connection refused" It's Sendmail that answers that call, not MS so you have a problem before MS. -- /peter From sysadmin at aismedia.com Mon Mar 6 18:35:19 2006 From: sysadmin at aismedia.com (Syadmin) Date: Mon Mar 6 18:35:41 2006 Subject: MailScanner halts, dies, stops randomly about once a month In-Reply-To: <0C941442AC84A8449448BA2207DD4F4D0CCB91@core01.workgroupsolutions.com> Message-ID: <001301c6414c$b8a0be60$1300a8c0@aismediaw.atlp.aismedia.com> What else is going on on that server when this happens? What is the load? What do you do to "fix" the error? Do you know that the mailscanner restart script is NOT running? Have you checked the cron log (/var/log/cron)? -Grant _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Mendoza Sent: Monday, March 06, 2006 1:23 PM To: mailscanner@lists.mailscanner.info Subject: MailScanner halts, dies, stops randomly about once a month Hi, I've been fighting this problem for months now on multiple installations where MailScanner stops even running the latest version 4.5-15 and SA 3.1. I'm using Fedora Core 1 with sendmail 8.13, ClamAV and F-Prot, 512MB memory to 1GB memory, happens more on busy servers with a load of 2.50 or higher. I restart MailScanner and everything starts working again. One installation was down for 16 hours then the automatic MailScanner restart got everything going again. Most lockups are down until I manually restart MailScanner. I thought the default MailScanner restart was every four hours and not sure why that does not always get everything going again. When the problem occurs a "telnet to localhost port 25" on the server results in "connection refused" Any advice will be greatly appreciated. The following is a maillog file with connection refused at the bottom of the file and valid message processed just before the problem occurred: Mar 4 02:12:50 spamgate MailScanner[6207]: Message k247CkSA014987 from 66.129.64.140 (norberto@bresnan.net) to bbsjax.com is spam, Spam Assassin (score=68.8, required 8, autolearn=spam, BAYES_99 3.50, DATE_IN_FUTURE_12_24 3.03, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, RAZOR2 _CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_IN_CHINA 8.00, RCVD_IN_SBL 0.11, SARE_RECV_IP_061172 1.67, SARE_SPEC_LEO_PHARM 1.67, URIB L_AB_SURBL 8.00, URIBL_BLACK 6.00, URIBL_JP_SURBL 8.00, URIBL_OB_SURBL 8.00, URIBL_SBL 1.00, URIBL_SPAMCOP_SURBL 8.00, URIBL_WS_SURBL 8. 00) Mar 4 02:12:52 spamgate MailScanner[6207]: Spam Checks: Found 1 spam messages Mar 4 02:12:52 spamgate MailScanner[6207]: Spam Actions: message k247CkSA014987 actions are store Mar 4 02:12:52 spamgate MailScanner[6207]: Virus and Content Scanning: Starting Mar 4 02:13:22 spamgate sendmail[15021]: k247DLYO015021: from=, size=489, class=0, nrcpts=1, msgid=<200603040820.k248 K0JU026126@localhost.localdomain>, proto=SMTP, daemon=MTA, relay=nsc69.38.18-110.newsouth.net [69.38.18.110] Mar 4 02:13:22 spamgate sendmail[15021]: k247DLYO015021: to=, delay=00:00:00, mailer=esmtp, pri=30489, stat=queued Mar 4 02:13:22 spamgate sendmail[15022]: k247DMbc015022: from=, size=940, class=0, nrcpts=1, msgid=<200603040910.k249 A0x07541@vfcprimary.mem.sysco.com>, proto=SMTP, daemon=MTA, relay=smtpout.sysco.com [129.41.168.196] Mar 4 02:13:22 spamgate sendmail[15022]: k247DMbc015022: to=, delay=00:00:00, mailer=esmtp, pri=30940, stat=queued Mar 4 02:13:22 spamgate MailScanner[6207]: New Batch: Scanning 2 messages, 2455 bytes Mar 4 02:13:22 spamgate MailScanner[6207]: Spam Checks: Starting Mar 4 02:13:28 spamgate MailScanner[6207]: Virus and Content Scanning: Starting Mar 4 02:13:30 spamgate MailScanner[6207]: Uninfected: Delivered 2 messages Mar 4 02:13:30 spamgate sendmail[15051]: k247DLYO015021: to=, delay=00:00:08, xdelay=00:00:00, mailer=esmtp, pri=1204 89, relay=[192.168.1.17] [192.168.1.17], dsn=2.0.0, stat=Sent ( <200603040820.k248K0JU026126@localhost.localdomain> Queued mail for deli very) Mar 4 02:13:30 spamgate sendmail[15051]: k247DMbc015022: to=, delay=00:00:08, xdelay=00:00:00, mailer=esmtp, pri=1209 40, relay=[192.168.1.17] [192.168.1.17], dsn=2.0.0, stat=Sent ( <200603040910.k249A0x07541@vfcprimary.mem.sysco.com> Queued mail for del ivery) Mar 4 02:15:01 spamgate MailScanner[6673]: MailScanner child caught a SIGHUP Mar 4 02:15:01 spamgate MailScanner[6673]: Config: calling custom end function MailWatchLogging Mar 4 02:15:01 spamgate MailScanner[6673]: Disconnected from the database Mar 4 02:15:01 spamgate MailScanner[6207]: MailScanner child caught a SIGHUP Mar 4 02:15:01 spamgate MailScanner[6207]: Config: calling custom end function MailWatchLogging Mar 4 02:15:01 spamgate MailScanner[6207]: Disconnected from the database Mar 4 02:15:01 spamgate MailScanner[6425]: MailScanner child caught a SIGHUP Mar 4 02:15:01 spamgate MailScanner[6425]: Config: calling custom end function MailWatchLogging Mar 4 02:15:01 spamgate MailScanner[6425]: Disconnected from the database Mar 4 02:15:01 spamgate MailScanner[6186]: MailScanner child caught a SIGHUP Mar 4 02:15:01 spamgate MailScanner[6186]: Config: calling custom end function MailWatchLogging Mar 4 02:15:01 spamgate MailScanner[6186]: Disconnected from the database Mar 4 02:15:01 spamgate MailScanner[6601]: MailScanner child caught a SIGHUP Mar 4 02:15:01 spamgate MailScanner[6601]: Config: calling custom end function MailWatchLogging Mar 4 02:15:01 spamgate MailScanner[6601]: Disconnected from the database Mar 4 02:16:20 spamgate sendmail[15192]: alias database /etc/aliases rebuilt by root Mar 4 02:16:20 spamgate sendmail[15192]: /etc/aliases: 63 aliases, longest 10 bytes, 625 bytes total Mar 4 02:16:20 spamgate sm-msp-queue[15202]: starting daemon (8.13.1): queueing@00:15:00 Mar 4 02:16:20 spamgate sendmail[15207]: starting daemon (8.13.1): queueing@00:15:00 Mar 4 02:16:26 spamgate MailScanner[15228]: MailScanner E-Mail Virus Scanner version 4.45.4 starting... Mar 4 02:16:26 spamgate MailScanner[15228]: Config: calling custom init function MailWatchLogging Mar 4 02:16:28 spamgate MailScanner[15228]: Initialising database connection Mar 4 02:16:28 spamgate MailScanner[15228]: Finished initialising database connection Mar 4 02:16:36 spamgate MailScanner[15228]: Using locktype = posix Mar 4 02:16:36 spamgate MailScanner[15228]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Mar 4 02:16:37 spamgate MailScanner[15241]: MailScanner E-Mail Virus Scanner version 4.45.4 starting... Mar 4 02:16:37 spamgate MailScanner[15241]: Config: calling custom init function MailWatchLogging Mar 4 02:16:38 spamgate MailScanner[15241]: Initialising database connection Mar 4 02:16:39 spamgate MailScanner[15241]: Finished initialising database connection Mar 4 02:16:46 spamgate MailScanner[15241]: Using locktype = posix Mar 4 02:16:46 spamgate MailScanner[15241]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Mar 4 02:16:48 spamgate MailScanner[15250]: MailScanner E-Mail Virus Scanner version 4.45.4 starting... Mar 4 02:16:48 spamgate MailScanner[15250]: Config: calling custom init function MailWatchLogging Mar 4 02:16:49 spamgate MailScanner[15250]: Initialising database connection Mar 4 02:16:50 spamgate MailScanner[15250]: Finished initialising database connection Mar 4 02:16:57 spamgate MailScanner[15250]: Using locktype = posix Mar 4 02:16:57 spamgate MailScanner[15250]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Mar 4 02:16:59 spamgate MailScanner[15259]: MailScanner E-Mail Virus Scanner version 4.45.4 starting... Mar 4 02:16:59 spamgate MailScanner[15259]: Config: calling custom init function MailWatchLogging Mar 4 02:17:00 spamgate MailScanner[15259]: Initialising database connection Mar 4 02:17:01 spamgate MailScanner[15259]: Finished initialising database connection Mar 4 02:17:08 spamgate MailScanner[15259]: Using locktype = posix Mar 4 02:17:08 spamgate MailScanner[15259]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Mar 4 02:17:10 spamgate MailScanner[15266]: MailScanner E-Mail Virus Scanner version 4.45.4 starting... Mar 4 02:17:10 spamgate MailScanner[15266]: Config: calling custom init function MailWatchLogging Mar 4 02:17:11 spamgate MailScanner[15266]: Initialising database connection Mar 4 02:17:12 spamgate MailScanner[15266]: Finished initialising database connection Mar 4 02:17:20 spamgate MailScanner[15266]: Using locktype = posix Mar 4 02:17:20 spamgate MailScanner[15266]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Mar 4 02:48:59 spamgate sendmail[13327]: k246mxvT013327: timeout waiting for input from savingsfare.com during server cmd read Mar 4 03:00:05 spamgate sendmail[14073]: k24704lw014073: timeout waiting for input from c-68-50-207-165.hsd1.md.comcast.net during serv er cmd read Mar 4 03:00:05 spamgate sendmail[14073]: k24704lw014073: c-68-50-207-165.hsd1.md.comcast.net [68.50.207.165] did not issue MAIL/EXPN/VR FY/ETRN during connection to MTA Mar 4 03:01:00 spamgate update.virus.scanners: Delaying cron job up to 600 seconds Mar 4 03:04:22 spamgate update.virus.scanners: Found clamav installed Mar 4 03:04:22 spamgate update.virus.scanners: Running autoupdate for clamav Mar 4 03:04:23 spamgate freshclam[16700]: Daemon started. Mar 4 03:04:23 spamgate freshclam[16700]: ClamAV update process started at Sat Mar 4 03:04:23 2006 Mar 4 03:04:23 spamgate freshclam[16700]: WARNING: Your ClamAV installation is OUTDATED! Mar 4 03:04:23 spamgate freshclam[16700]: WARNING: Local version: 0.87.1 Recommended version: 0.88 Mar 4 03:04:23 spamgate freshclam[16700]: DON'T PANIC! Read http://www.clamav.net/faq.html Mar 4 03:04:23 spamgate freshclam[16700]: main.cvd is up to date (version: 36, sigs: 44686, f-level: 7, builder: tkojm) Mar 4 03:04:23 spamgate freshclam[16700]: WARNING: Your ClamAV installation is OUTDATED! Mar 4 03:04:23 spamgate freshclam[16700]: WARNING: Current functionality level = 6, recommended = 7 Mar 4 03:04:23 spamgate freshclam[16700]: DON'T PANIC! Read http://www.clamav.net/faq.html Mar 4 03:04:23 spamgate freshclam[16700]: daily.cvd is up to date (version: 1313, sigs: 1082, f-level: 7, builder: diego) Mar 4 03:04:23 spamgate freshclam[16700]: WARNING: Your ClamAV installation is OUTDATED! Mar 4 03:04:23 spamgate freshclam[16700]: WARNING: Current functionality level = 6, recommended = 7 Mar 4 03:04:23 spamgate freshclam[16700]: DON'T PANIC! Read http://www.clamav.net/faq.html Mar 4 03:04:23 spamgate ClamAV-autoupdate[16699]: ClamAV did not need updating Mar 4 03:04:23 spamgate update.virus.scanners: Found f-prot installed Mar 4 03:04:23 spamgate update.virus.scanners: Running autoupdate for f-prot Mar 4 03:04:23 spamgate F-Prot autoupdate[16723]: F-Prot did not need updating. Mar 4 03:04:23 spamgate update.virus.scanners: Found generic installed Mar 4 03:04:23 spamgate update.virus.scanners: Running autoupdate for generic Mar 4 03:24:32 spamgate sendmail[12216]: k246OTIC012216: timeout waiting for input from [61.50.157.158] during message collect Mar 4 03:24:32 spamgate sendmail[12216]: k246OTIC012216: from=, size=1330, class=0, nrcpts=1, msgid=<001b01c63f54 $34187a79$e15a323d@klck>, proto=SMTP, daemon=MTA, relay=[61.50.157.158] Mar 4 03:24:32 spamgate sendmail[12216]: k246OTIC012216: to=, delay=02:00:01, pri=31330, stat=timeout waiting for i nput during message collect Mar 4 04:01:00 spamgate update.virus.scanners: Delaying cron job up to 600 seconds Mar 4 04:02:05 spamgate sendmail[17089]: k24925kl017089: from=root, size=6613, class=0, nrcpts=1, msgid=<200603040902.k24925kl017089@sp amgate.bbsjax.com>, relay=root@localhost Mar 4 04:02:05 spamgate sendmail[17089]: k24925kl017089: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pr i=36613, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1] Regards, Damian -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060306/9a396ad4/attachment-0001.html From damian at workgroupsolutions.com Mon Mar 6 18:54:31 2006 From: damian at workgroupsolutions.com (Damian Mendoza) Date: Mon Mar 6 18:54:36 2006 Subject: MailScanner halts, dies, stops randomly about once a month Message-ID: <0C941442AC84A8449448BA2207DD4F4D0CCB95@core01.workgroupsolutions.com> Thanks Grant, I will look a lot closer at sendmail, now that you mention it I'm running a beta version of sendmail. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shuttlebox Sent: Monday, March 06, 2006 10:35 AM To: MailScanner discussion Subject: Re: MailScanner halts, dies, stops randomly about once a month On 3/6/06, Damian Mendoza wrote: > When the problem occurs a "telnet to localhost port 25" on the server > results in "connection refused" It's Sendmail that answers that call, not MS so you have a problem before MS. -- /peter -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From shrek-m at gmx.de Mon Mar 6 21:11:05 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Mon Mar 6 21:11:16 2006 Subject: Now... My linux machine will not boot - stuck at starting MailScanner In-Reply-To: <440C1472.65ED.00A2.0@plattesheriff.org> References: <04D932B0071FE34FA63EBB1977B48D15DCC0ED@woodenex.woodmaclaw.local> <440C1472.65ED.00A2.0@plattesheriff.org> Message-ID: <440CA569.90106@gmx.de> On 06.03.2006 17:52, Rob Poe wrote: >boot into single mode, > > as a semi-noob i would try the "interactive mode" at least under redhat/fedora $ grep interactive /etc/rc.sysinit echo -en $"\t\tPress 'I' to enter interactive startup." start MailScanner ? no logon as root and fix the problem or ... >... disable the service >reboot regularly???? > >as a linux semi-noob, that's the first step i'd try > -- shrek-m From bpumphrey at WoodMacLaw.com Mon Mar 6 21:35:29 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Mon Mar 6 21:35:32 2006 Subject: --lint test and DCC Message-ID: <04D932B0071FE34FA63EBB1977B48D15DCC325@woodenex.woodmaclaw.local> I am having a heck of a time getting the lint test to return without the error: [4456] warn: config: failed to parse line, skipping: dcc_path /usr/local/bin/dccproc I have tried all of the instruction in http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamass assin:plugins:dcc:dccifd_install&s=dcc#extra If I insert the cline dcc_home /var/dcc I get another parse line error, skipping: dcc_home /var/dcc. Any help is appreciated. Thank you From nate.olson at ndsu.edu Mon Mar 6 21:48:41 2006 From: nate.olson at ndsu.edu (Nathan Olson) Date: Mon Mar 6 21:48:54 2006 Subject: --lint test and DCC In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15DCC325@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15DCC325@woodenex.woodmaclaw.local> Message-ID: <8f54b4330603061348g379090aagb691323a85d59eab@mail.gmail.com> Does the SpamAssassin DCC plugin successfully load? If not, it doesn't know what dcc_path is. Nate From nate.olson at ndsu.edu Mon Mar 6 22:27:39 2006 From: nate.olson at ndsu.edu (Nathan Olson) Date: Mon Mar 6 22:27:43 2006 Subject: Custom Function question. Message-ID: <8f54b4330603061427n5dbaf506lfd7642e635c9d7b9@mail.gmail.com> Can you use a Custom Function for the value of 'High Scoring Spam Actions'? The Custom Function documentation says values must be returned in MailScanner's internal format. I can't find any internal format information for 'delete' (for example) in CustomDefs.pm Nate From nate.olson at ndsu.edu Mon Mar 6 22:28:45 2006 From: nate.olson at ndsu.edu (Nathan Olson) Date: Mon Mar 6 22:28:47 2006 Subject: Custom Function question. In-Reply-To: <8f54b4330603061427n5dbaf506lfd7642e635c9d7b9@mail.gmail.com> References: <8f54b4330603061427n5dbaf506lfd7642e635c9d7b9@mail.gmail.com> Message-ID: <8f54b4330603061428p680300d5y8524132a3714146a@mail.gmail.com> I meant ConfigDefs.pl, not CustomDefs.pm. Sorry about that. Nate From nate.olson at ndsu.edu Mon Mar 6 22:39:32 2006 From: nate.olson at ndsu.edu (Nathan Olson) Date: Mon Mar 6 22:39:35 2006 Subject: Custom Function question. In-Reply-To: <8f54b4330603061428p680300d5y8524132a3714146a@mail.gmail.com> References: <8f54b4330603061427n5dbaf506lfd7642e635c9d7b9@mail.gmail.com> <8f54b4330603061428p680300d5y8524132a3714146a@mail.gmail.com> Message-ID: <8f54b4330603061439k6a9d6fe1s1961c7315094c43b@mail.gmail.com> Aaannnddd nevermind. Apologies, Nate From lox at birdy.nc Mon Mar 6 23:50:14 2006 From: lox at birdy.nc (Laurent Dinclaux) Date: Mon Mar 6 23:57:18 2006 Subject: MailScanner SMTP question In-Reply-To: References: <440BAA27.2030201@birdy.nc> <200603061457.12576.james@grayonline.id.au> Message-ID: <440CCAB6.8020706@birdy.nc> > what you are looking for is exim-config http://www.jcdigita.com/eximconfig/ Thanks a lot but I use sendmail... Best regards -- Laurent Dinclaux From bpumphrey at WoodMacLaw.com Tue Mar 7 05:01:03 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Tue Mar 7 05:01:41 2006 Subject: --lint test and DCC References: <04D932B0071FE34FA63EBB1977B48D15DCC325@woodenex.woodmaclaw.local> <8f54b4330603061348g379090aagb691323a85d59eab@mail.gmail.com> Message-ID: <04D932B0071FE34FA63EBB1977B48D155E06D6@woodenex.woodmaclaw.local> ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Nathan Olson Sent: Mon 3/6/2006 4:48 PM To: MailScanner discussion Subject: Re: --lint test and DCC Does the SpamAssassin DCC plugin successfully load? If not, it doesn't know what dcc_path is. Nate -- I am not sure how to test it. I installed it and it seemed successfully. How do I see if it loads or not? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 3456 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060307/f053ac6f/attachment.bin From Jan-Peter.Koopmann at seceidos.de Tue Mar 7 07:24:43 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Tue Mar 7 07:25:01 2006 Subject: Problem with MailScanner 4.50 on FreeBSD Message-ID: Many things does not have to be the "right" things. :-) Show me all your mta related rc.conf settings if possible. Oh and could you possibly use text instead of HTML? Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060307/eb2e20f2/smime.bin From mikej at rogers.com Tue Mar 7 08:17:15 2006 From: mikej at rogers.com (Mike Jakubik) Date: Tue Mar 7 08:17:08 2006 Subject: Problem with MailScanner 4.50 on FreeBSD In-Reply-To: <910ee2ac0603050451o21928685uda5ea65323a7b4c@mail.gmail.com> References: <910ee2ac0603050451o21928685uda5ea65323a7b4c@mail.gmail.com> Message-ID: <440D418B.8070209@rogers.com> emm1 wrote: > > Hello, after I upgraded to 4.50 on my FreeBSD 5.4, I noticed there is > a change in mailscanner.sh and mta.sh. After reading about it and > setting mailscanner_enable="YES" and mta_enable="YES" in rc.conf , the > following error occurs when I try to start the MTA: > I find it much easier and better to use the system (sendmail) or rc (postfix, etc) based startup, instead of this mta script. From Jan-Peter.Koopmann at seceidos.de Tue Mar 7 08:37:42 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Tue Mar 7 08:37:51 2006 Subject: Problem with MailScanner 4.50 on FreeBSD Message-ID: On Tuesday, March 07, 2006 9:17 AM Mike Jakubik wrote: > I find it much easier and better to use the system (sendmail) or rc > (postfix, etc) based startup, instead of this mta script. Help me improve please. What could I do to make the mta.sh script easier? Personally I think it is easier to use mta.sh, especially with Exim. Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060307/97929013/smime.bin From glenn.steen at gmail.com Tue Mar 7 15:10:32 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 7 15:10:35 2006 Subject: --lint test and DCC In-Reply-To: <04D932B0071FE34FA63EBB1977B48D155E06D6@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15DCC325@woodenex.woodmaclaw.local> <8f54b4330603061348g379090aagb691323a85d59eab@mail.gmail.com> <04D932B0071FE34FA63EBB1977B48D155E06D6@woodenex.woodmaclaw.local> Message-ID: <223f97700603070710x79925742h@mail.gmail.com> On 07/03/06, Billy A. Pumphrey wrote: > > > ________________________________ > > From: mailscanner-bounces@lists.mailscanner.info on behalf of Nathan Olson > Sent: Mon 3/6/2006 4:48 PM > To: MailScanner discussion > Subject: Re: --lint test and DCC > > > > Does the SpamAssassin DCC plugin successfully load? > If not, it doesn't know what dcc_path is. > > Nate > -- > I am not sure how to test it. I installed it and it seemed successfully. How do I see if it loads or not? > > # spamassassin --lint -D 2>&1 | less -e .... [27249] dbg: config: read file /root/.spamassassin/user_prefs [27249] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC [27249] dbg: dcc: network tests on, registering DCC [27249] dbg: plugin: registered Mail::SpamAssassin::Plugin::DCC=HASH(0x85a1294) .... At least for SA 3.1.0 (assumes a loadplugin thingy in one of the .pre files). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From algorges at gmail.com Tue Mar 7 15:28:39 2006 From: algorges at gmail.com (ASA) Date: Tue Mar 7 15:26:46 2006 Subject: Phishing site Message-ID: <002001c641fb$d0e345b0$1401a8c0@asanote> This attachment email is never captured by the phishing filter. what could be made so that it was captured? -------------- next part -------------- An embedded message was scrubbed... From: "Spc urgente!" Subject: Ped?ncia spc Date: Tue, 7 Mar 2006 12:05:51 -0300 (BRT) Size: 6675 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060307/9c5524e7/iso-8859-1QPedEAncia_spc.mht From samp at arial-concept.com Tue Mar 7 15:56:58 2006 From: samp at arial-concept.com (Sam Przyswa) Date: Tue Mar 7 15:57:11 2006 Subject: Whitelist from RDNS - DNS Hostname from IP Message-ID: <440DAD4A.5030806@arial-concept.com> Hi, Is it possible to validate some whitelist DNS to enable sites as whitelisted as RDNS - DNS Hostname from IP ? Thanks in advance for your reply. Sam. -- Sam Przyswa - Chef de projet Arial Concept - Int???rateur Internet 36, rue de Turin - 75008 - Paris - France Tel: 01 40 54 86 04 - 0870 444 596 - Fax: 01 40 54 83 01 Skype ID: arial-concept Web: http://www.arial-concept.com - Email: Info@arial-concept.com -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. MailScanner remercie transtec pour son soutien. From hermit921 at yahoo.com Tue Mar 7 16:42:55 2006 From: hermit921 at yahoo.com (hermit921) Date: Tue Mar 7 16:42:16 2006 Subject: CLSID matching In-Reply-To: <44074430.4010602@ecs.soton.ac.uk> References: <44074430.4010602@ecs.soton.ac.uk> Message-ID: <6.2.1.2.2.20060307084017.01de9070@pop.mail.yahoo.com> Then I have a minor request. Can you change this comment line: # Deny filenames ending with CLSID's into this comment line: # Deny filenames containing CLSID's Thanks, hermit921 At 11:14 AM 3/2/2006, Julian Field wrote: > >> -----Original Message----- > >> > >> > >> Back to my original question. Does this expression match anywhere in the > >> file name or match only as the end of the file name? The comments say one > >> thing but I read it as the other. > >> >The expression matches anywhere in the filename, not just at the end. I >decided to make it more general in case there later appeared any other >vulnerabilities of a similar type, and as I said it has never caused a >false alarm that I know of. (Apologies for lousy grammar!) > >Julian Field From MailScanner at ecs.soton.ac.uk Tue Mar 7 19:32:23 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 7 19:32:26 2006 Subject: {Disarmed} Phishing site In-Reply-To: <002001c641fb$d0e345b0$1401a8c0@asanote> References: <002001c641fb$d0e345b0$1401a8c0@asanote> Message-ID: <440DDFC7.6090200@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Which of the links is not taking you to where it says? What does the link say? Where does it take you? ASA wrote: > > This attachment email is never captured by the phishing filter. > what could be made so that it was captured? > > ------------------------------------------------------------------------ > > Subject: > Ped?ncia spc > From: > "Spc urgente!" > Date: > Tue, 7 Mar 2006 12:05:51 -0300 (BRT) > To: > juridico.spc@spc.com.br > > To: > juridico.spc@spc.com.br > > > > > > > / *Notifica??o*/ > > /Comunicamos que seu * (C**PF**/ > CNPJ)* consta > em nossos cadastros por motivo de pend?ncias financeiras, com a > institui??o abaixo relacionada./ > > /Akiyoshi Executivo Central de Cobran?as > - Total de > Pend?ncias: *R$ 1.647,91* / > > /Para sua seguran?a e praticidade e necess?rio baixar o arquivo do > relat?rio de pend?ncias. / > > /Relat?rio de Pend?ncias Financeiras/ > > /* Verifique Pend?ncias > */ > > /Se voc? efetuou a regulariza??o, favor desconsiderar. / > > /Manoel Rocha Heidi > Diretor / > > > > > Copyright ? 2003 Lume Servi?os de Tecnologia Ltda. Todos os direitos > reservados > > ------------------------------------------------------------------------ > Esta mensagem foi verificada pelo Sistema NetUno. > NetUno Internet - http://www.netuno.com.br > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRA3fyBH2WUcUFbZUEQLd7ACggbFBvGYoTHvqshAkeqPzCbvlkzcAoJTE Lmqndm517dLTATW7xNXmWzWZ =hDFy -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Cleveland at winnefox.org Tue Mar 7 19:46:35 2006 From: Cleveland at winnefox.org (Jody Cleveland) Date: Tue Mar 7 19:41:06 2006 Subject: How to block all email sent to a specific email address? Message-ID: <9720CA43F755A148BF65B6618B90CB941A5BB0@magneto.wals.local> Hello, Is it possible to create a rule that would blacklist all mail coming in for a specific email address? Kind of like blacklist *@* to *@xavier.winnefox.org? - jody From Kevin_Miller at ci.juneau.ak.us Tue Mar 7 19:53:10 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Mar 7 19:53:17 2006 Subject: How to block all email sent to a specific email address? Message-ID: Jody Cleveland wrote: > Hello, > > Is it possible to create a rule that would blacklist all mail coming > in for a specific email address? > > Kind of like blacklist *@* to *@xavier.winnefox.org? > > - jody Of course. If you're using Sendmail, look into the access file. You can block it at the MTA level there. I'm sure you can do it w/other MTAs as well, but not sure how. In MailScanner look in the rules directory at spam.blacklist.rules (IIFC. There's examples in there... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From combs at magnet.fsu.edu Tue Mar 7 22:08:46 2006 From: combs at magnet.fsu.edu (Tom Combs) Date: Tue Mar 7 22:08:55 2006 Subject: Log rotation question Message-ID: <440E046E.10907@magnet.fsu.edu> Hello All, I'm working on my logrotate configuration under RHEL 3 to rotate my sendmail and mailscanner logs. Is it recommended to stop the sendmail and MS processes before doing the rotation of the logs? I would think that this would be a good practice if not actually a requirement. My only concern is that the nefu process monitor will see that sendmail/ms is down and send a page, not a good thing. Thanks! -- Tom Combs E-mail: combs@magnet.fsu.edu National High Magnetic Field Laboratory Phone: (850) 644-1657 1800 E. Paul Dirac Drive Tallahassee, FL 32310 From mailstodevi at yahoo.com Wed Mar 8 04:09:44 2006 From: mailstodevi at yahoo.com (Devi S) Date: Wed Mar 8 04:10:03 2006 Subject: bad filename detected: condition to trigger In-Reply-To: <20060120132952.13244.qmail@web50610.mail.yahoo.com> Message-ID: <20060308040944.73483.qmail@web50611.mail.yahoo.com> hi all, In my filename.rules.conf I have denied access to .msg and .zip (and to many other extensions). I also have a ruleset that when a mail is sent from my server tmon.com the filename and filetype rules should not be checked. Now, the problem is when a user from tmon.com is sending a mail with attachment .zip the file is not blocked becuase of the ruleset and this behaviour is correct. But when the user sends a mail with .msg attachment the file is blocked. This looks strange for me. Am I missing something in my configuration? Please advice. Thank you. Regards Devi S. Our greatest glory is not in never falling- but in rising every time we fall - Confucius --------------------------------- Yahoo! Mail Bring photos to life! New PhotoMail makes sharing a breeze. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060307/d1b9f7cb/attachment.html From MailScanner at ecs.soton.ac.uk Wed Mar 8 08:49:09 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 8 08:49:22 2006 Subject: Log rotation question In-Reply-To: <440E046E.10907@magnet.fsu.edu> References: <440E046E.10907@magnet.fsu.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- service MailScanner reload will do MailScanner, and the code for sendmail should already be in the logrotate configuration. On 7 Mar 2006, at 22:08, Tom Combs wrote: > Hello All, > > I'm working on my logrotate configuration under RHEL 3 to rotate my > sendmail and mailscanner logs. Is it recommended to stop the sendmail > and MS processes before doing the rotation of the logs? I would > think > that this would be a good practice if not actually a requirement. > My only > concern is that the nefu process monitor will see that sendmail/ms > is down > and send a page, not a good thing. Thanks! > > -- > Tom Combs E-mail: > combs@magnet.fsu.edu > National High Magnetic Field Laboratory Phone: (850) 644-1657 > 1800 E. Paul Dirac Drive Tallahassee, FL 32310 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRA6aifw32o+k+q+hAQFzWAf+JF3F+8sSvPiggZNL8cM6j2fDyMXS1kQm gapKbDT/pjuYv9hzykjEbpDEXix4sVZBEJz1gnS6q/KwclLhDK7aYysCxSyw59lz hlHhARynW3ujPkdS6Xef5pLB0mWnf/MM8Ze/4HJIcxmqdqmsGy4oEo6AxMjreg1a r20t/ux9BqNPjMysCCgzdQ6AysmDYWp4bnjDgfOaAUWPcO/L3VFCZ07gtddmw9cC GcM9Q+Sp8ymtLIssa8EpRg+sFNuaNMxPUkHqi+QpzarbbUP14DQR9dTwYPhZkY79 GPcf/XJgRj8hOLGFTlPx4TNzF2MyZLUbGpckoE1E7IZG5EbXExS3sQ== =wMf5 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From campbell at cnpapers.com Wed Mar 8 13:56:43 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Mar 8 13:57:02 2006 Subject: Yahoo suggestions Message-ID: <005b01c642b8$220b2810$0705000a@DDF5DW71> I work at a newspaper, and it seem that many vaild contributors have and use yahoo accounts. After checking the logs, I find that about 99.9999999% emails sent from yahoo accounts are truly spam, but there is that small percentage that needs to get through. (Of course, these are always sent and blocked on deadline, so they say) My problem is that all of these yahoo mailings seem to be hit by the same common rules like FORGED_YAHOO_RCVD and NO_REAL_NAME and the like even though these are valid yahoo accounts. I realize that yahoo must be doing some non-standard manipulations, but how do others deal with this other than whitelisting accounts as I get called? My MS is a little bit old, but do the newer versions deal with this or is this something that will just have to be? I certainly don't want to whitelist the entire yahoo.com domain! Thanks Steve Campbell campbell@cnpapers.com Charleston Newspapers From DrewB at united-systems.com Wed Mar 8 14:13:36 2006 From: DrewB at united-systems.com (Drew Burchett) Date: Wed Mar 8 14:13:47 2006 Subject: Yahoo suggestions Message-ID: <1E75E79B854C814784D0E8C5BA55AF76BB0FEA@uss2k01.united-systems.local> One of the things that I do to help the situation is to enable smtpd_recipient_restrictions in postfix. I have the following restrictions set: permit_mynetworks, check_sender_access hash:/etc/postfix/db/senderWhitelist, reject_unauth_destination, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unauth_pipelining, reject_unverified_sender, reject_rbl_client relays.ordb.org, reject_rbl_client opm.blitzed.org, reject_rbl_client list.dsbl.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rhsbl_client blackhole.securitysage.com, reject_rhsbl_sender blackhole.securitysage.com, permit The one that helps the most in this case is the reject_unverified_sender, which makes sure the email account exists at the sender's end before accepting the email. I also use the check_sender_access as a form of whitelist for emails from a specific domain or user that I don't want to get caught by the other checks. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Campbell Sent: Wednesday, March 08, 2006 7:57 AM To: MailScanner mailing list Subject: Yahoo suggestions I work at a newspaper, and it seem that many vaild contributors have and use yahoo accounts. After checking the logs, I find that about 99.9999999% emails sent from yahoo accounts are truly spam, but there is that small percentage that needs to get through. (Of course, these are always sent and blocked on deadline, so they say) My problem is that all of these yahoo mailings seem to be hit by the same common rules like FORGED_YAHOO_RCVD and NO_REAL_NAME and the like even though these are valid yahoo accounts. I realize that yahoo must be doing some non-standard manipulations, but how do others deal with this other than whitelisting accounts as I get called? My MS is a little bit old, but do the newer versions deal with this or is this something that will just have to be? I certainly don't want to whitelist the entire yahoo.com domain! Thanks Steve Campbell campbell@cnpapers.com Charleston Newspapers -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean. From murat at mems.eee.metu.edu.tr Wed Mar 8 14:28:14 2006 From: murat at mems.eee.metu.edu.tr (murat@mems.eee.metu.edu.tr) Date: Wed Mar 8 14:28:37 2006 Subject: Mailscanner hangs after a while Message-ID: <2520.144.122.166.61.1141828094.squirrel@www.mems.eee.metu.edu.tr> Dear all, I have recently installed mailscanner on postfix by following the nice tutorial on debian-administration.org: http://www.debian-administration.org/articles/172 (Secure Spam/Virus filtering system with Debian and MailScanner). I recently recognized that, Mailscanner works well for a while, and then does not scan the mails in the queue. After I restart the mailscanner, it works well again for a while. There is nothing related to this in the log files. Everything seems to be working without errors. How can I solve this problem? My web search says that there are other people facing the same problem, but I could not found any good response to those. Thanks in advance. OS: Debian sarge. Mailscanner version is 4.41.3-2 From DrewB at united-systems.com Wed Mar 8 14:38:46 2006 From: DrewB at united-systems.com (Drew Burchett) Date: Wed Mar 8 14:38:54 2006 Subject: Mailscanner hangs after a while Message-ID: <1E75E79B854C814784D0E8C5BA55AF76BBACAB@uss2k01.united-systems.local> It's hard to tell without some log output, but when this happened to me, it was caused by configuration errors. Specifically, I had misconfigured mysql access and that was killing the processes. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of murat@mems.eee.metu.edu.tr Sent: Wednesday, March 08, 2006 8:28 AM To: mailscanner@lists.mailscanner.info Subject: Mailscanner hangs after a while Dear all, I have recently installed mailscanner on postfix by following the nice tutorial on debian-administration.org: http://www.debian-administration.org/articles/172 (Secure Spam/Virus filtering system with Debian and MailScanner). I recently recognized that, Mailscanner works well for a while, and then does not scan the mails in the queue. After I restart the mailscanner, it works well again for a while. There is nothing related to this in the log files. Everything seems to be working without errors. How can I solve this problem? My web search says that there are other people facing the same problem, but I could not found any good response to those. Thanks in advance. OS: Debian sarge. Mailscanner version is 4.41.3-2 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean. From rcooper at dwford.com Wed Mar 8 14:54:14 2006 From: rcooper at dwford.com (Rick Cooper) Date: Wed Mar 8 14:59:27 2006 Subject: Just a test Message-ID: Haven't recieved anything from the list since yesterday afternoon, just checking Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gmatt at nerc.ac.uk Wed Mar 8 15:03:41 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Wed Mar 8 15:03:58 2006 Subject: feature request Message-ID: <1141830221.16260.21.camel@lea.nerc-wallingford.ac.uk> Someone must have asked for this before... can the bitdefender AV produce similar log messages to Sophos and Clam? eg Bitdefender::INFECTED:: :: .// instead of: /:infected: cheer GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From rcooper at dwford.com Wed Mar 8 15:05:18 2006 From: rcooper at dwford.com (Rick Cooper) Date: Wed Mar 8 15:05:46 2006 Subject: Just a test In-Reply-To: Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Rick > Cooper > Sent: Wednesday, March 08, 2006 9:54 AM > To: MailScanner List > Subject: Just a test > > > Haven't recieved anything from the list since yesterday afternoon, just > checking > > Rick > My bad, I hadn't updated the skipblock for the new list server in ExiBlock so it was firewalled yesterday because of this: exim_mainlog: 2006-03-07 10:29:18 1FGe7R-0003Bd-QY H=bkserver.blacknight.ie [83.98.166.45] F= rejected after DATA: [T=rcooper@dwford.com] This message contains Virus (CLAMAV found it): ( Trojan.Bancos-479 ). Denied! which results in a 1 week firewall status Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Wed Mar 8 15:13:30 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 8 15:13:32 2006 Subject: Phishing site In-Reply-To: <002001c641fb$d0e345b0$1401a8c0@asanote> References: <002001c641fb$d0e345b0$1401a8c0@asanote> Message-ID: <223f97700603080713ja070335k@mail.gmail.com> On 07/03/06, ASA wrote: > > This attachment email is never captured by the phishing filter. > > what could be made so that it was captured? > > > > > > > > > > > Notifica??o > > Comunicamos que seu (CPF/CNPJ) consta em nossos cadastros por motivo de pend?ncias financeiras, com a institui??o abaixo relacionada. > > Akiyoshi Executivo Central de Cobran?as - Total de Pend?ncias: R$ 1.647,91 > > Para sua seguran?a e praticidade e necess?rio baixar o arquivo do relat?rio de pend?ncias. > Relat?rio de Pend?ncias Financeiras > > Verifique Pend?ncias > > Se voc? efetuou a regulariza??o, favor desconsiderar. > > Manoel Rocha Heidi > Diretor > > > Copyright (c) 2003 Lume Servi?os de Tecnologia Ltda. Todos os direitos reservados > > ________________________________ Esta mensagem foi verificada pelo Sistema NetUno. > NetUno Internet - http://www.netuno.com.br > > > Well... Strictly speaking, this isn't what the phishing net is out to counter (obfuscation of the destination address in the URL ... They don't do that, now do they?). You can report this message to ClamAV so that they will be able to identify it as phishing in the future. Or see to it that it get detected as spam (the usual things). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Mar 8 15:28:32 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 8 15:28:34 2006 Subject: Mailscanner hangs after a while In-Reply-To: <2520.144.122.166.61.1141828094.squirrel@www.mems.eee.metu.edu.tr> References: <2520.144.122.166.61.1141828094.squirrel@www.mems.eee.metu.edu.tr> Message-ID: <223f97700603080728r71318ed8m@mail.gmail.com> On 08/03/06, murat@mems.eee.metu.edu.tr wrote: > Dear all, > I have recently installed mailscanner on postfix by following the nice > tutorial on debian-administration.org: > http://www.debian-administration.org/articles/172 (Secure Spam/Virus > filtering system with Debian and MailScanner). > > I recently recognized that, Mailscanner works well for a while, and then > does not scan the mails in the queue. After I restart the mailscanner, it > works well again for a while. There is nothing related to this in the log > files. Everything seems to be working without errors. > > How can I solve this problem? My web search says that there are other > people facing the same problem, but I could not found any good response to > those. > > Thanks in advance. > > OS: Debian sarge. Mailscanner version is 4.41.3-2 > > You shouldn't use the debian package, it is quite old and crusty. Use the source instead, as found on the mailscnner site (and use install.sh, the wiki and the MAQ to get it set up correctly). I suspect you are getting some stray (non mail) files in the hold queue, which is confuusing MailScanner a bit... TNEF expander related IIRC. If you use the latest MS, this problem will likely just go away. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From bpumphrey at WoodMacLaw.com Wed Mar 8 15:50:40 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Wed Mar 8 15:50:44 2006 Subject: --lint test and DCC Message-ID: <04D932B0071FE34FA63EBB1977B48D15E1A0DE@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Glenn Steen > Sent: Tuesday, March 07, 2006 10:11 AM > To: MailScanner discussion > Subject: Re: --lint test and DCC > > On 07/03/06, Billy A. Pumphrey wrote: > > > > > > ________________________________ > > > > From: mailscanner-bounces@lists.mailscanner.info on behalf of Nathan > Olson > > Sent: Mon 3/6/2006 4:48 PM > > To: MailScanner discussion > > Subject: Re: --lint test and DCC > > > > > > > > Does the SpamAssassin DCC plugin successfully load? > > If not, it doesn't know what dcc_path is. > > > > Nate > > -- > > I am not sure how to test it. I installed it and it seemed > successfully. How do I see if it loads or not? > > > > > > # spamassassin --lint -D 2>&1 | less -e > .... > [27249] dbg: config: read file /root/.spamassassin/user_prefs > [27249] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC > [27249] dbg: dcc: network tests on, registering DCC > [27249] dbg: plugin: registered > Mail::SpamAssassin::Plugin::DCC=HASH(0x85a1294) > .... > At least for SA 3.1.0 (assumes a loadplugin thingy in one of the .pre > files). > > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- Whewww.... Man I am lost on this DCC thing. I got it going on my last machine but this time around is a different story. I am so confused with reading the different documentation. I have been using this one today: http://www.rhyolite.com/anti-spam/dcc/dcc-tree/INSTALL.html when I do a ./configure for dcc I get the error: look for sendmail milter library in ./../sendmail/obj.Linux.2.6.9-22.ELsmp.i686 *** cannot build dccm without sendmail headers in ./../sendmail and libraries in ./../sendmail/obj.Linux.2.6.9-22.ELsmp.i686 *** checking for Rsendto... (cached) no creating ./config.status I am guessing this is bad since it needs the milter. I have sendmail version 8.13 which automatically has milter support built in right? [root@WoodenMS2 dcc-1.3.30]# sendmail -bs 220 WoodenMS2.woodmaclaw.local ESMTP Sendmail 8.13.1/8.13.1/Submit; Wed, 8 Mar 2006 09:47:23 -0500 I have read that whole page and I am just confused on how to get it working. It says that I need to put the client files in /var/dcc but they are already in there. Says that I need to edit sendmail.cf to make sure that cdd starts before sendmail. ?? Can someone one give me in English what I need to do to make sure that my DCC is working? I have figured out that I do not need the DCC server. My sendmail version is listed above. Thank you From shuttlebox at gmail.com Wed Mar 8 16:02:31 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Mar 8 16:02:34 2006 Subject: --lint test and DCC In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15E1A0DE@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15E1A0DE@woodenex.woodmaclaw.local> Message-ID: <625385e30603080802l14ef2dffud844c761940f3018@mail.gmail.com> On 3/8/06, Billy A. Pumphrey wrote: > Whewww.... Man I am lost on this DCC thing. I got it going on my last > machine but this time around is a different story. > > I am so confused with reading the different documentation. > I have been using this one today: > http://www.rhyolite.com/anti-spam/dcc/dcc-tree/INSTALL.html > > when I do a ./configure for dcc I get the error: > look for sendmail milter library in > ./../sendmail/obj.Linux.2.6.9-22.ELsmp.i686 > *** cannot build dccm without sendmail headers in ./../sendmail > and libraries in > ./../sendmail/obj.Linux.2.6.9-22.ELsmp.i686 *** > checking for Rsendto... (cached) no > creating ./config.status > > I am guessing this is bad since it needs the milter. I have sendmail > version 8.13 which automatically has milter support built in right? > [root@WoodenMS2 dcc-1.3.30]# sendmail -bs > 220 WoodenMS2.woodmaclaw.local ESMTP Sendmail 8.13.1/8.13.1/Submit; Wed, > 8 Mar 2006 09:47:23 -0500 Why don't you issue ./configure --help to see the available options? Then you will see how to disable the milter part and more. Sendmail is usually packaged in several parts and you don't have all of them installed. It might be a lot easier to find a prebuilt package of DCC. -- /peter From TasNYC at TasNYC.com Wed Mar 8 16:14:36 2006 From: TasNYC at TasNYC.com (Taso Chatziantoniou) Date: Wed Mar 8 16:15:12 2006 Subject: Does spamassassin cache database lower the amount of spamassassin timeouts? Message-ID: MailScanner version 4.48.4 SpamAssassin version 3.1.0 SpamAssassin Timeout = 60 Has anyone seen a significant decline in spamassassin time out after upgrading to 4.5x? Since the new version of Mailscanner uses SpamAssassin cache database i am guessing this would help. We are currently running six Mailscanner boxes that receive about 30,000 to 50,000 emails each everyday. We get about 270-280 Spamassassin time outs (as per logwatch) which, considered the amount of mail we get is not bad at all. The problem with this is that 270 emails which could be sent to multiple email addresses can be sent to potentially alot more people then that. When we have users send us spam submissions a bulk of the headers that we get indicate that spamassassin timed out. Also one other question .. Does anyone know of a good site or forum that we can submit sample spams to help us figure out a way to block them. We keep getting these stock html image only files with bayes poisining on the bottom that we cannot seem to find a pattern to to block. This is my first post, please let me know if i am doing anything wrong Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060308/4f5f2e43/attachment.html From Denis.Beauchemin at USherbrooke.ca Wed Mar 8 16:21:15 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Mar 8 16:21:43 2006 Subject: DCC problem with 1.3.30 and solution Message-ID: <440F047B.1070309@USherbrooke.ca> Hello all, Last week-end my DCC was updated (through /etc/cron.weekly/updatedcc) to version 1.3.30. After that no DCC request came through. The problem was as follows: * cdcc stats sendto(dcc1.dcc-servers.net (2001:888:20ee::6277,6277)): Network is unreachable * or in my maillog, I had tons of: Mar 8 04:06:42 smtpe2 dccifd[19156]: sendto(dcc1.dcc-servers.net (2001:888:20ee::6277,6277)): Network is unreachable I corrected the problem this way: * cdcc 'ipv6 off' * cd /var/dcc * mv dcc_conf dcc_conf.20060308 * mv dcc_conf-new dcc_conf * vi dcc_conf : DCCD_ARGS="-4" * ./libexec/rcDCC restart After that I was able to use DCC again: * cdcc stats cdcc stats dcc1.dcc-servers.net 208.201.249.233,512 server-ID 1117 /var/dcc/map 11:10:28 version 2.3.28 tracing ANON CLNT 38928381 hash entries 14024515 used 933924096 DB bytes 101 ms delay 2914788 NOPs 146 ADMN 41696 query >10400 clients since 16:00:19 2689504 reports 7690>10 5757>100 5724>1000 5724 many answers 1341526>10 1221833>100 1085258>1000 989116 many 0 bad IDs 0 passwds 8 error responses 52256 retransmitted 0 answers rate-limited 11186 anonymous 0 rejected reports flood on 4 streams 4 out active 4 in 9862809 total flooded in 3322165 accepted 130578 stale 6411951 dup 0 white 0 delete 6122091 reports added between Mar 07 16:00:19.593181 PST and Mar 08 08:10:28 38 no reputation 120>0% 112>10% 94>20% 88>30% 74>60% Don't know why this happened. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060308/d3dee322/smime.bin From gmatt at nerc.ac.uk Wed Mar 8 16:41:59 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Wed Mar 8 16:42:09 2006 Subject: free bitdefender worth it? Message-ID: <1141836119.22652.18.camel@lea.nerc-wallingford.ac.uk> is the free linux version of bitdefender maintained? I mention this because in a quick test, the latest version failed to detect Worm.SomeFool.P (ClamAV). Checking on http://virusscan.jotti.org/ and their version of bitdefender picks it up as Win32.Netsky.P@mm Most of the engines on this site pick it up as a Netsky trojan. my bitdefender is 7.1-3, the site above doesnt provide version numbers but I suspect version 9 pro. I tested by: /opt/bdc/bdc /folder/full/of/junk/df* clamscan --infected /folder/full/of/junk/df* GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From bpumphrey at WoodMacLaw.com Wed Mar 8 16:53:12 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Wed Mar 8 16:53:15 2006 Subject: --lint test and DCC Message-ID: <04D932B0071FE34FA63EBB1977B48D15E1A199@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of shuttlebox > Sent: Wednesday, March 08, 2006 11:03 AM > To: MailScanner discussion > Subject: Re: --lint test and DCC > > On 3/8/06, Billy A. Pumphrey wrote: > > Whewww.... Man I am lost on this DCC thing. I got it going on my last > > machine but this time around is a different story. > > > > I am so confused with reading the different documentation. > > I have been using this one today: > > http://www.rhyolite.com/anti-spam/dcc/dcc-tree/INSTALL.html > > > > when I do a ./configure for dcc I get the error: > > look for sendmail milter library in > > ./../sendmail/obj.Linux.2.6.9-22.ELsmp.i686 > > *** cannot build dccm without sendmail headers in ./../sendmail > > and libraries in > > ./../sendmail/obj.Linux.2.6.9-22.ELsmp.i686 *** > > checking for Rsendto... (cached) no > > creating ./config.status > > > > I am guessing this is bad since it needs the milter. I have sendmail > > version 8.13 which automatically has milter support built in right? > > [root@WoodenMS2 dcc-1.3.30]# sendmail -bs > > 220 WoodenMS2.woodmaclaw.local ESMTP Sendmail 8.13.1/8.13.1/Submit; Wed, > > 8 Mar 2006 09:47:23 -0500 > > Why don't you issue ./configure --help to see the available options? > Then you will see how to disable the milter part and more. > > Sendmail is usually packaged in several parts and you don't have all > of them installed. It might be a lot easier to find a prebuilt package > of DCC. > > -- > /peter > -- Isn't the milter part required for it to work good? From shuttlebox at gmail.com Wed Mar 8 17:15:25 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Mar 8 17:15:29 2006 Subject: --lint test and DCC In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15E1A199@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15E1A199@woodenex.woodmaclaw.local> Message-ID: <625385e30603080915g27eafca5m33627a23562bec1c@mail.gmail.com> On 3/8/06, Billy A. Pumphrey wrote: > Isn't the milter part required for it to work good? No, how would you use it with other MTA:s than Sendmail then? You only need dccproc. Less is more. -- /peter From MailScanner at ecs.soton.ac.uk Wed Mar 8 17:25:29 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 8 17:25:42 2006 Subject: feature request In-Reply-To: <1141830221.16260.21.camel@lea.nerc-wallingford.ac.uk> References: <1141830221.16260.21.camel@lea.nerc-wallingford.ac.uk> Message-ID: <42410328-0E00-4692-B325-4AAA42A653C6@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 8 Mar 2006, at 15:03, Greg Matthews wrote: > Someone must have asked for this before... can the bitdefender AV > produce similar log messages to Sophos and Clam? eg > Bitdefender::INFECTED:: :: .// > > instead of: > > /:infected: No, because the lines generated by the Sophos and Clam *module-based* virus scanners are in a form I created, as the parser works nicely with a clean format like that. For all other scanners, I just use the output format generated by the scanners. By definition the module- based scanners don't have any output format, and I needed to generate some output to make them work the same way as all the executable- based scanners. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRA8TkPw32o+k+q+hAQFZ8ggAhO+yA/pBEJix1YGUefqnwXKdsYagiWbm /8/8TndQTDK6f9nYzcyADo143SRBXsp1an1uhVOh54oUZBXJ4odRDP7swe0UoX85 P9hMbsJtRhyTpAzWT//NqPojAeKN3xcmYYcNPLMw3ghxz0VMC5KaeOV+d+ObZaam LGNJF9hYiR17EsWZpS0OQlLVedLaRjc+NYU/svmBKcDOpnuqt7Bp8Xm+96dpJWj9 OURBdbcMhA+Cv7dF8ZuXEs86YsJNOLP0YCIms+OEtaMvjcnAME2RsG8/ZbNZWmaL vGFC9lmYx4Pfy8LrOsE7WhCaxzTm66wCxl8iqEVfzIK5KcyRhUxhZA== =ifWU -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ugob at camo-route.com Wed Mar 8 17:27:04 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Wed Mar 8 17:27:11 2006 Subject: free bitdefender worth it? In-Reply-To: <1141836119.22652.18.camel@lea.nerc-wallingford.ac.uk> References: <1141836119.22652.18.camel@lea.nerc-wallingford.ac.uk> Message-ID: <440F13E8.7090908@camo-route.com> Greg Matthews wrote: > is the free linux version of bitdefender maintained? I mention this > because in a quick test, the latest version failed to detect > Worm.SomeFool.P (ClamAV). Yes it is worth it. Did you check the date of the signatures with bdc --info ? > > Checking on http://virusscan.jotti.org/ and their version of bitdefender > picks it up as Win32.Netsky.P@mm Most of the engines on this site pick > it up as a Netsky trojan. > > my bitdefender is 7.1-3, the site above doesnt provide version numbers > but I suspect version 9 pro. > > I tested by: > /opt/bdc/bdc /folder/full/of/junk/df* > clamscan --infected /folder/full/of/junk/df* > > GREG From MailScanner at ecs.soton.ac.uk Wed Mar 8 17:29:24 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 8 17:29:36 2006 Subject: Does spamassassin cache database lower the amount of spamassassin timeouts? In-Reply-To: References: Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 487 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060308/b149abc0/PGP.bin From MailScanner at ecs.soton.ac.uk Wed Mar 8 17:32:52 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 8 17:33:00 2006 Subject: free bitdefender worth it? In-Reply-To: <1141836119.22652.18.camel@lea.nerc-wallingford.ac.uk> References: <1141836119.22652.18.camel@lea.nerc-wallingford.ac.uk> Message-ID: <36387C00-E514-45E9-B916-300533F0A076@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 8 Mar 2006, at 16:41, Greg Matthews wrote: > is the free linux version of bitdefender maintained? As far as I am aware, yes. > I mention this > because in a quick test, the latest version failed to detect > Worm.SomeFool.P (ClamAV). > > Checking on http://virusscan.jotti.org/ and their version of > bitdefender > picks it up as Win32.Netsky.P@mm Most of the engines on this site pick > it up as a Netsky trojan. > > my bitdefender is 7.1-3, the site above doesnt provide version numbers > but I suspect version 9 pro. > > I tested by: > /opt/bdc/bdc /folder/full/of/junk/df* You are expecting it to be able to directly decode email message encodings, which I don't think bitdefender can do. Try scanning the real files, not the email messages which contain them. > clamscan --infected /folder/full/of/junk/df* ClamAV can decode email messages itself, so I would expect a much higher success rate. You are using bitdefender in a way it is not designed to work. Scan files, not email messages. Either that, or just plug it in to MailScanner and let it scan the infected messages with both scanners, and see what reports it generates. Reports from all scanners are included, not just the first one that found a virus.bsite! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRA8VRvw32o+k+q+hAQGGiwf/QVcodv6tH+/sFcIiD+kdp4WW4rP/FMxN 9DDhFH2qtLZUDsWtz69N9idjcvkEaX8mKIaeqaNgY201Y1YuL7HiA5bCvQQV31Zq 8+pvsIeSq6XAyDHvXjjzVaM50b7XYFAKRHf5ww0w9mGbL6iUzzV5uIIaatOsQf/B Tb/ae7DEx2iYw+xbrlRGl80yjzQQimy8UqL83yjbkaQGIbobGvzQJuRwMtCRM9G+ FjpZ03JspGkbK0hjYeBYkXHB7kMxwH8TCSL+FXlcw5XKltOk95bZ0/OnnI4G1jGz RR0pChA4l6oYTQ5G3s5WhJUY4ZSMrXvZFgPB9FU1N7vYL3xk6QVoLQ== =Twkr -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ugob at camo-route.com Wed Mar 8 17:27:04 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Wed Mar 8 17:36:48 2006 Subject: free bitdefender worth it? In-Reply-To: <1141836119.22652.18.camel@lea.nerc-wallingford.ac.uk> References: <1141836119.22652.18.camel@lea.nerc-wallingford.ac.uk> Message-ID: <440F13E8.7090908@camo-route.com> Greg Matthews wrote: > is the free linux version of bitdefender maintained? I mention this > because in a quick test, the latest version failed to detect > Worm.SomeFool.P (ClamAV). Yes it is worth it. Did you check the date of the signatures with bdc --info ? > > Checking on http://virusscan.jotti.org/ and their version of bitdefender > picks it up as Win32.Netsky.P@mm Most of the engines on this site pick > it up as a Netsky trojan. > > my bitdefender is 7.1-3, the site above doesnt provide version numbers > but I suspect version 9 pro. > > I tested by: > /opt/bdc/bdc /folder/full/of/junk/df* > clamscan --infected /folder/full/of/junk/df* > > GREG From gmatt at nerc.ac.uk Wed Mar 8 17:36:48 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Wed Mar 8 17:37:17 2006 Subject: free bitdefender worth it? In-Reply-To: <440F13E8.7090908@camo-route.com> References: <1141836119.22652.18.camel@lea.nerc-wallingford.ac.uk> <440F13E8.7090908@camo-route.com> Message-ID: <1141839409.22652.29.camel@lea.nerc-wallingford.ac.uk> On Wed, 2006-03-08 at 12:27 -0500, Ugo Bellavance wrote: > Greg Matthews wrote: > > is the free linux version of bitdefender maintained? I mention this > > because in a quick test, the latest version failed to detect > > Worm.SomeFool.P (ClamAV). > > Yes it is worth it. > > Did you check the date of the signatures with > > bdc --info well, I only see a build date: # /opt/bdc/bdc --info BDC/Linux-Console v7.1 (build 2559) (i386) (Jul 6 2005 16:28:53) Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved. Engine signatures: 300785 Scan engines: 13 Archive engines: 39 Unpack engines: 4 Mail engines: 6 System engines: 0 G -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From Stephane.Lentz at ansf.alcatel.fr Wed Mar 8 16:46:29 2006 From: Stephane.Lentz at ansf.alcatel.fr (Stephane Lentz) Date: Wed Mar 8 17:51:23 2006 Subject: free bitdefender worth it? In-Reply-To: <1141836119.22652.18.camel@lea.nerc-wallingford.ac.uk> References: <1141836119.22652.18.camel@lea.nerc-wallingford.ac.uk> Message-ID: <20060308164629.GA1473@star> On Wed, Mar 08, 2006 at 04:41:59PM +0000, Greg Matthews wrote: > is the free linux version of bitdefender maintained? I mention this > because in a quick test, the latest version failed to detect > Worm.SomeFool.P (ClamAV). > > .... > my bitdefender is 7.1-3, the site above doesnt provide version numbers > but I suspect version 9 pro. > > I tested by: > /opt/bdc/bdc /folder/full/of/junk/df* > clamscan --infected /folder/full/of/junk/df* > > GREG > -- With Bitdefender 7.0 I used : /opt/bdc/bdc --mail --arc --all files* to properly scan messages in archives/mailboxes Regards, SL/ From ebruce at hpmich.com Wed Mar 8 17:51:27 2006 From: ebruce at hpmich.com (Ed Bruce) Date: Wed Mar 8 17:52:00 2006 Subject: free bitdefender worth it? In-Reply-To: <36387C00-E514-45E9-B916-300533F0A076@ecs.soton.ac.uk> References: <1141836119.22652.18.camel@lea.nerc-wallingford.ac.uk> <36387C00-E514-45E9-B916-300533F0A076@ecs.soton.ac.uk> Message-ID: <440F199F.5010506@hpmich.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > > On 8 Mar 2006, at 16:41, Greg Matthews wrote: > >>> is the free linux version of bitdefender maintained? > > As far as I am aware, yes. > >>> I mention this because in a quick test, the latest version >>> failed to detect Worm.SomeFool.P (ClamAV). >>> >>> Checking on http://virusscan.jotti.org/ and their version of >>> bitdefender picks it up as Win32.Netsky.P@mm Most of the >>> engines on this site > pick >>> it up as a Netsky trojan. >>> >>> my bitdefender is 7.1-3, the site above doesnt provide version > numbers >>> but I suspect version 9 pro. >>> >>> I tested by: /opt/bdc/bdc /folder/full/of/junk/df* > > You are expecting it to be able to directly decode email message > encodings, which I don't think bitdefender can do. Try scanning the > real files, not the email messages which contain them. > >>> clamscan --infected /folder/full/of/junk/df* > > ClamAV can decode email messages itself, so I would expect a much > higher success rate. > > You are using bitdefender in a way it is not designed to work. Scan > files, not email messages. Either that, or just plug it in to > MailScanner and let it scan the infected messages with both > scanners, and see what reports it generates. Reports from all > scanners are included, not just the first one that found a > virus.bsite! > I like to scan my archives regularly with both BitDefender and ClamAV. I have a script that invokes BitDefender like this: bdc --arc --mail --files With this it scans archived, email, and files. later, -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEDxmeN/bGi28P8iQRAiJxAKCh7R3JjsFkZKV36SEoP6S+jG3PjwCfSzi/ 2oGy10hKrpuvEBDhAKpIqlY= =cGs0 -----END PGP SIGNATURE----- -- This message, including any attachments, is intended solely for the use of the named recipients(s) and may contain confidential and/or privileged information. Any unauthorized review, use, disclosure or distribution of this communication is expressly prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy any and all copies of the original message. Thank you for your cooperation. -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. From gborders at jlewiscooper.com Wed Mar 8 17:54:53 2006 From: gborders at jlewiscooper.com (Greg Borders) Date: Wed Mar 8 17:58:05 2006 Subject: Perls of wisdom? Message-ID: <440F1A6D.1070708@jlewiscooper.com> Performed my upgrade from last stable Feb. release 4.50.14-1 to the new 4.51.5-1 last night on my Redhat Ent. 4 box. Got some odd perl program missing in INC path errors. For some reason my install has some programs in a path that doesn't match my current version. Perhaps the install.sh put some things in the wrong places? I'm running [root@mail /]# perl -v This is perl, v5.8.5 built for i386-linux-thread-multi yet there are some files located in a 5.8.6 folder..... [root@mail /]# slocate 5.8.6 /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.6/Mail /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer/smtp.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer/qmail.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer/rfc822.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer/testfile.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer/sendmail.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Filter.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Field.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Send.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Address.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Field /usr/lib/perl5/vendor_perl/5.8.6/Mail/Field/Date.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Field/AddrList.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Header.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Cap.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Internet.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Util.pm /usr/lib/perl5/vendor_perl/5.8.6/auto /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/_prephdr.al /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/smtpsend.al /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/nntppost.al /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/reply.al /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/unescape_from.al /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/send.al /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/autosplit.ix /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/sign.al /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/add_signature.al /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/escape_from.al /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Util /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Util/read_mbox.al /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Util/autosplit.ix /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Util/maildomain.al /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Util/mailaddress.al I copied over the ones it wanted/complained were missing from the path, from the 5.8.6 to the 5.8.5 folder; and it's working fine now, but my question is where did this 5.8.6 folder come from? Any ideas folks? Sincerely, Greg Borders Sys. Admin. JLC Co. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Mar 8 18:29:23 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 8 18:29:24 2006 Subject: Perls of wisdom? In-Reply-To: <440F1A6D.1070708@jlewiscooper.com> References: <440F1A6D.1070708@jlewiscooper.com> Message-ID: <440F2283.8050600@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Have you got 2 copies of Perl installed somehow? Check /usr/bin/perl -v versus /usr/local/bin/perl -v That's the most likely cause. Greg Borders wrote: > Performed my upgrade from last stable Feb. release 4.50.14-1 to the > new 4.51.5-1 last night on my Redhat Ent. 4 box. > Got some odd perl program missing in INC path errors. > For some reason my install has some programs in a path that doesn't > match my current version. Perhaps the install.sh put some things in > the wrong places? > I'm running > > [root@mail /]# perl -v > This is perl, v5.8.5 built for i386-linux-thread-multi > > yet there are some files located in a 5.8.6 folder..... > > > [root@mail /]# slocate 5.8.6 > /usr/lib/perl5/vendor_perl/5.8.6 > /usr/lib/perl5/vendor_perl/5.8.6/Mail > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer/smtp.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer/qmail.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer/rfc822.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer/testfile.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer/sendmail.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Filter.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Field.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Send.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Address.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Field > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Field/Date.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Field/AddrList.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Header.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Cap.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Internet.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Util.pm > /usr/lib/perl5/vendor_perl/5.8.6/auto > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/_prephdr.al > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/smtpsend.al > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/nntppost.al > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/reply.al > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/unescape_from.al > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/send.al > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/autosplit.ix > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/sign.al > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/add_signature.al > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/escape_from.al > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Util > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Util/read_mbox.al > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Util/autosplit.ix > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Util/maildomain.al > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Util/mailaddress.al > > I copied over the ones it wanted/complained were missing from the > path, from the 5.8.6 to the 5.8.5 folder; and it's working fine now, > but my question is where did this 5.8.6 folder come from? > Any ideas folks? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRA8ihBH2WUcUFbZUEQICawCg+5HlBXwHcgOXTsH0a7DV6Yxy/MMAmQHt UsV5B3DIiNoC4VfZcQXZXiCo =oDR0 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Wed Mar 8 18:33:46 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 8 18:38:17 2006 Subject: MailScanner SMTP question In-Reply-To: <7C42FF8F-3C08-4962-8D54-3546FB53AC15@ecs.soton.ac.uk> References: <440BAA27.2030201@birdy.nc> <7C42FF8F-3C08-4962-8D54-3546FB53AC15@ecs.soton.ac.uk> Message-ID: Julian Field spake the following on 3/6/2006 3:00 AM: > The one thing you can do to alleviate this with MailScanner is to use > the "IPBlock" code within CustomConfig.pm. It only works with > sendmail, if I remember correctly. You can put the maximum limit of > email messages per hour that you accept from a domain or a block of > IP addresses. Once it gets more messages that that from an address > (or IP) it starts telling sendmail to block mail from that address. > Once an hour the counters are reset. > > Not many people use this, which is why it isn't a core feature, but > the person who asked me to write it makes great use of it. > > Fundamentally, this is really a job for you MTA, and not MailScanner > at all. If you are using sendmail, then there are milters such as > milter-ahead which will check the addresses it receives are real on > your system, and rejects all messages that are being delivered to non- > existent addresses. It is a lot faster than you might think it would > be, as it does lots of caching, and it will reject a message long > before the content of the message is transmitted. Thoroughly > recommended. There are mailing list postings and Wiki pages that will > tell you how to do something similar on other MTAs. > > On 6 Mar 2006, at 03:19, Laurent Dinclaux wrote: Is there a free equivalent to Milter-ahead? Or does my copy I got "before" it wasn't free still work? I have thought about implementing it, although I would prefer LDAP (just don't have the time to get it working). Now if I could find something to migrate a system from the old password/shadow combination to LDAP, the world would be a better place! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mkettler at evi-inc.com Wed Mar 8 18:41:43 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Mar 8 18:41:57 2006 Subject: Does spamassassin cache database lower the amount of spamassassin timeouts? In-Reply-To: References: Message-ID: <440F2567.8000103@evi-inc.com> Taso Chatziantoniou wrote: > > Also one other question .. > Does anyone know of a good site or forum that we can submit sample spams > to help us figure out a way to block them. We keep getting these stock > html image only files with bayes poisining on the bottom that we cannot > seem to find a pattern to to block. Generally the best place for that would be on the spamassassin-users mailing list. If possible, extract the offending message as a raw mime.822 file (ie: full email with all headers and mime segments) and attach it to your posting. That said, in general a lot of the image-based spams are best dealt with by these methods: Razor - razor's e4 engine does it's hashing on a per-mime-segment basis, so it can realize the image is spam even if the body text keeps changing. URIBLs - if the HTML has any link back to the website. DNSBLs - a lot of these are sent via infected hosts listed in XBL. Bayes training - some folks try to avoid training spam containing poison.. Don't. Train it all, let the statistics handle it. As long as you're training a reasonable amount of nonspam, SA's chi-squared combinining is VERY resistant to training this kind of spam causing FPs. On the other hand, not training it is a sure-fire way to give the spams a good chance slip by as a FN. If there's a particular kind of image-only spam involved, some of the SARE rulesets can be helpful. I personally like the following SARE rulesets and use them on my production systems: 70_sare_adult.cf 70_sare_evilnum0.cf 70_sare_genlsubj0.cf 70_sare_html0.cf 70_sare_obfu0.cf 70_sare_random.cf 70_sare_specific.cf 70_sare_stocks.cf 70_sare_uri0.cf 99_sare_fraud_post25x.cf From brendan at chard.net Wed Mar 1 17:06:06 2006 From: brendan at chard.net (Brendan Chard | Chard.Net) Date: Wed Mar 8 18:44:26 2006 Subject: Exim Custom Router Message-ID: <033101c63d52$6fa3dba0$a000a8c0@sangria> I see in the wiki documentation how to set up a custom router for one domain in exim. How can I make it work if I want the custom router to handle 3 domains. So basically... custom_router: driver = manualroute domains = domain1.com domain2.com domain3.com transport = remote_smtp route_list = "* mailserver.com" Will this work? -Brendan Chard brendan@chard.net Chard.Net Putting Professionals Online Website Design | Hosting | Maintenance ph: 1.800.741.8034 fax: 1.888.605.0495 web: http://www.chard.net From johnh at vrml.k12.la.us Mon Mar 6 20:13:37 2006 From: johnh at vrml.k12.la.us (johnh) Date: Wed Mar 8 18:44:29 2006 Subject: 4.51.5 on RH7.3 Message-ID: <440C97F0.7769B98E@vrml.k12.la.us> ON an Redhat 7.3 with rpm -q perl perl-5.6.1-38.0.7.3.3.legacy UP ' ing 4.40 to 4.51 MailScanner: Can't locate DBI.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib/perl5/5.6.1/i386-linux /usr/lib/perl5/5.6.1 /usr/lib/perl5/site_perl/5.6.1/i386-linux /usr/lib/perl5/site_perl/5.6.1 /usr/lib/perl5/site_perl/5.6.0/i386-linux /usr/lib/perl5/site_perl/5.6.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.6.1/i386-linux /usr/lib/perl5/vendor_perl/5.6.1 /usr/lib/perl5/vendor_perl . /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/SA.pm line 41. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/SA.pm line 41. Compilation failed in require at /usr/sbin/MailScanner line 79. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. [root@vpsd7 MailScanner-4.51.5-1]# rpmbuild --rebuild perl-DBI-1.50-2.src.rpm Installing perl-DBI-1.50-2.src.rpm Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.64002 + umask 022 + cd /usr/src/redhat/BUILD + cd /usr/src/redhat/BUILD + rm -rf DBI-1.50 + /bin/gzip -dc /usr/src/redhat/SOURCES/DBI-1.50.tar.gz + tar -xf - + STATUS=0 + '[' 0 -ne 0 ']' + cd DBI-1.50 ++ /usr/bin/id -u + '[' 0 = 0 ']' + /bin/chown -Rhf root . ++ /usr/bin/id -u + '[' 0 = 0 ']' + /bin/chgrp -Rhf root . + /bin/chmod -Rf a+rX,g-w,o-w . + exit 0 Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.94788 + umask 022 + cd /usr/src/redhat/BUILD + cd DBI-1.50 + CFLAGS=-O2 -march=i386 -mcpu=i686 + perl Makefile.PL PREFIX=/var/tmp/perl-DBI-1.50-2-root/usr Can't locate Test/More.pm in @INC __________ ^^^^^^^^^^^^______________ (@INC contains: lib /usr/lib/perl5/5.6.1/i386-linux /usr/lib/perl5/5.6.1 /usr/lib/perl5/site_perl/5.6.1/i386-linux /usr/lib/perl5/site_perl/5.6.1 /usr/lib/perl5/site_perl/5.6.0/i386-linux /usr/lib/perl5/site_perl/5.6.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.6.1/i386-linux /usr/lib/perl5/vendor_perl/5.6.1 /usr/lib/perl5/vendor_perl .) at Makefile.PL line 36. BEGIN failed--compilation aborted at Makefile.PL line 36. error: Bad exit status from /var/tmp/rpm-tmp.94788 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.94788 (%build) From MailScanner at ecs.soton.ac.uk Wed Mar 8 19:15:16 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 8 19:15:16 2006 Subject: MailScanner SMTP question In-Reply-To: References: <440BAA27.2030201@birdy.nc> <7C42FF8F-3C08-4962-8D54-3546FB53AC15@ecs.soton.ac.uk> Message-ID: <440F2D44.5040202@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > Julian Field spake the following on 3/6/2006 3:00 AM: > >> The one thing you can do to alleviate this with MailScanner is to use >> the "IPBlock" code within CustomConfig.pm. It only works with >> sendmail, if I remember correctly. You can put the maximum limit of >> email messages per hour that you accept from a domain or a block of >> IP addresses. Once it gets more messages that that from an address >> (or IP) it starts telling sendmail to block mail from that address. >> Once an hour the counters are reset. >> >> Not many people use this, which is why it isn't a core feature, but >> the person who asked me to write it makes great use of it. >> >> Fundamentally, this is really a job for you MTA, and not MailScanner >> at all. If you are using sendmail, then there are milters such as >> milter-ahead which will check the addresses it receives are real on >> your system, and rejects all messages that are being delivered to non- >> existent addresses. It is a lot faster than you might think it would >> be, as it does lots of caching, and it will reject a message long >> before the content of the message is transmitted. Thoroughly >> recommended. There are mailing list postings and Wiki pages that will >> tell you how to do something similar on other MTAs. >> >> On 6 Mar 2006, at 03:19, Laurent Dinclaux wrote: >> > Is there a free equivalent to Milter-ahead? Or does my copy I got "before" it > wasn't free still work? He doesn't charge much, does he? I thought it was something like a nominal $99? How much is your time worth implementing something else? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRA8tRBH2WUcUFbZUEQLi5wCg8IKKCMYwZeIh72uzGml9yD+9asYAmwdy es4fC3jcccM6C/0Zb0FqERaU =0KMk -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Mar 8 19:38:06 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 8 19:38:08 2006 Subject: Does spamassassin cache database lower the amount of spamassassin timeouts? In-Reply-To: <440F2567.8000103@evi-inc.com> References: <440F2567.8000103@evi-inc.com> Message-ID: <440F329E.801@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matt Kettler wrote: > Taso Chatziantoniou wrote: > > >> Also one other question .. >> Does anyone know of a good site or forum that we can submit sample spams >> to help us figure out a way to block them. We keep getting these stock >> html image only files with bayes poisining on the bottom that we cannot >> seem to find a pattern to to block. >> > > Generally the best place for that would be on the spamassassin-users mailing list. > > If possible, extract the offending message as a raw mime.822 file (ie: full > email with all headers and mime segments) and attach it to your posting. > > That said, in general a lot of the image-based spams are best dealt with by > these methods: > > Razor - razor's e4 engine does it's hashing on a per-mime-segment basis, so it > can realize the image is spam even if the body text keeps changing. > > URIBLs - if the HTML has any link back to the website. > > DNSBLs - a lot of these are sent via infected hosts listed in XBL. > > Bayes training - some folks try to avoid training spam containing poison.. > Don't. Train it all, let the statistics handle it. As long as you're training a > reasonable amount of nonspam, SA's chi-squared combinining is VERY resistant to > training this kind of spam causing FPs. On the other hand, not training it is a > sure-fire way to give the spams a good chance slip by as a FN. > > If there's a particular kind of image-only spam involved, some of the SARE > rulesets can be helpful. I personally like the following SARE rulesets and use > them on my production systems: > > > 70_sare_adult.cf > 70_sare_evilnum0.cf > 70_sare_genlsubj0.cf > 70_sare_html0.cf > 70_sare_obfu0.cf > 70_sare_random.cf > 70_sare_specific.cf > 70_sare_stocks.cf > 70_sare_uri0.cf > 99_sare_fraud_post25x.cf > Thanks for publishing your list. I was missing obfu0 and stocks, and have a particular problem with stocks at the moment. Hopefully this will improve things somewhat. Cheers! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRA8ynxH2WUcUFbZUEQIBUQCeLuOUS1cH1wVsIfxYwUc7YrLqCXMAoPbe imYc83/Dq/3dLGqKq/NYozt0 =ET+T -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Kevin_Miller at ci.juneau.ak.us Wed Mar 8 19:44:28 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Mar 8 19:44:35 2006 Subject: MailScanner SMTP question Message-ID: I think it's 99 quid - still a bargain in the grand scheme of things... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Wednesday, March 08, 2006 10:15 AM To: MailScanner discussion Subject: Re: MailScanner SMTP question -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > Julian Field spake the following on 3/6/2006 3:00 AM: > >> The one thing you can do to alleviate this with MailScanner is to use >> the "IPBlock" code within CustomConfig.pm. It only works with >> sendmail, if I remember correctly. You can put the maximum limit of >> email messages per hour that you accept from a domain or a block of >> IP addresses. Once it gets more messages that that from an address >> (or IP) it starts telling sendmail to block mail from that address. >> Once an hour the counters are reset. >> >> Not many people use this, which is why it isn't a core feature, but >> the person who asked me to write it makes great use of it. >> >> Fundamentally, this is really a job for you MTA, and not MailScanner >> at all. If you are using sendmail, then there are milters such as >> milter-ahead which will check the addresses it receives are real on >> your system, and rejects all messages that are being delivered to non- >> existent addresses. It is a lot faster than you might think it would >> be, as it does lots of caching, and it will reject a message long >> before the content of the message is transmitted. Thoroughly >> recommended. There are mailing list postings and Wiki pages that will >> tell you how to do something similar on other MTAs. >> >> On 6 Mar 2006, at 03:19, Laurent Dinclaux wrote: >> > Is there a free equivalent to Milter-ahead? Or does my copy I got "before" it > wasn't free still work? He doesn't charge much, does he? I thought it was something like a nominal $99? How much is your time worth implementing something else? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRA8tRBH2WUcUFbZUEQLi5wCg8IKKCMYwZeIh72uzGml9yD+9asYAmwdy es4fC3jcccM6C/0Zb0FqERaU =0KMk -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ugob at camo-route.com Wed Mar 8 20:29:31 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Wed Mar 8 20:30:34 2006 Subject: Yahoo suggestions In-Reply-To: <005b01c642b8$220b2810$0705000a@DDF5DW71> References: <005b01c642b8$220b2810$0705000a@DDF5DW71> Message-ID: Steve Campbell wrote: > I work at a newspaper, and it seem that many vaild contributors have and > use yahoo accounts. After checking the logs, I find that about > 99.9999999% emails sent from yahoo accounts are truly spam, but there is > that small percentage that needs to get through. (Of course, these are > always sent and blocked on deadline, so they say) > > My problem is that all of these yahoo mailings seem to be hit by the > same common rules like FORGED_YAHOO_RCVD and NO_REAL_NAME > and the like even though these are valid yahoo accounts. I realize that > yahoo must be doing some non-standard manipulations, but how do others > deal with this other than whitelisting accounts as I get called? > > My MS is a little bit old, but do the newer versions deal with this or > is this something that will just have to be? I certainly don't want to > whitelist the entire yahoo.com domain! You may want to try the (experimental) DomainKeys support in SpamAssassin. hth > > Thanks > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > > From pete at enitech.com.au Wed Mar 8 20:36:18 2006 From: pete at enitech.com.au (Peter Russell) Date: Wed Mar 8 20:36:29 2006 Subject: Mailscanner hangs after a while In-Reply-To: <2520.144.122.166.61.1141828094.squirrel@www.mems.eee.metu.edu.tr> References: <2520.144.122.166.61.1141828094.squirrel@www.mems.eee.metu.edu.tr> Message-ID: <440F4042.5070006@enitech.com.au> > > I recently recognized that, Mailscanner works well for a while, and then > does not scan the mails in the queue. After I restart the mailscanner, it > works well again for a while. There is nothing related to this in the log > files. Everything seems to be working without errors. The exact same thing happens to me all the time. I kinda gave up trying to troubleshoot it because it so disruptive and cron a service restart. Not a very graceful solution...but a necessary one. From Jan-Peter.Koopmann at seceidos.de Wed Mar 8 20:39:04 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Wed Mar 8 20:39:08 2006 Subject: FreeBSD port / mta.in script Message-ID: Hello all, due to an error during a port commit the mta.sh script examples are not complete for sendmail. This is what you want in rc.conf for the mta.sh script to work with sendmail: mta_enable="YES" mta_type="sendmail" mta_profiles="incoming outgoing submitqueue" mta_incoming_flags="-L sm-mta-in -bd -OPrivacyOptions=noetrn -OQueueDirectory=/var/spool/mqueue.in -ODeliveryMode=queueonly" mta_incoming_pidfile="/var/run/sendmail_in.pid" mta_incoming_configfile="/etc/mail/sendmail.cf" mta_outgoing_flags="-L sm-mta-out -q15m" mta_outgoing_pidfile="/var/run/sendmail_out.pid" mta_outgoing_configfile="/etc/mail/sendmail.cf" mta_submitqueue_flags="-L sm-msp-queue -Ac -q15m" mta_submitqueue_pidfile="/var/spool/clientmqueue/sm-client.pid" mta_submitqueue_configfile="/etc/mail/submit.cf" This will be fixed in the next version. Sorry for the trouble, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060308/17835dad/smime.bin From mikej at rogers.com Wed Mar 8 21:02:59 2006 From: mikej at rogers.com (Mike Jakubik) Date: Wed Mar 8 21:02:44 2006 Subject: FreeBSD port / mta.in script In-Reply-To: References: Message-ID: <440F4683.2000302@rogers.com> Koopmann, Jan-Peter wrote: > Hello all, > > due to an error during a port commit the mta.sh script examples are not > complete for sendmail. This is what you want in rc.conf for the mta.sh > script to work with sendmail: > Jan-Peter, What is the advantage of using this mta.sh script? I have always used the system to start the MTA (postfix in my case), and have had no problems. From campbell at cnpapers.com Wed Mar 8 21:16:47 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Mar 8 21:16:57 2006 Subject: Yahoo suggestions References: <005b01c642b8$220b2810$0705000a@DDF5DW71> Message-ID: <001c01c642f5$9b8d3060$0705000a@DDF5DW71> ----- Original Message ----- From: "Ugo Bellavance" To: Sent: Wednesday, March 08, 2006 3:29 PM Subject: Re: Yahoo suggestions > Steve Campbell wrote: >> I work at a newspaper, and it seem that many vaild contributors have and >> use yahoo accounts. After checking the logs, I find that about >> 99.9999999% emails sent from yahoo accounts are truly spam, but there is >> that small percentage that needs to get through. (Of course, these are >> always sent and blocked on deadline, so they say) >> >> My problem is that all of these yahoo mailings seem to be hit by the same >> common rules like FORGED_YAHOO_RCVD and NO_REAL_NAME >> and the like even though these are valid yahoo accounts. I realize that >> yahoo must be doing some non-standard manipulations, but how do others >> deal with this other than whitelisting accounts as I get called? >> >> My MS is a little bit old, but do the newer versions deal with this or is >> this something that will just have to be? I certainly don't want to >> whitelist the entire yahoo.com domain! > > You may want to try the (experimental) DomainKeys support in SpamAssassin. Ugo, Where do I find out what this does? The SpamAssassin website only lists: This is the DomainKeys plugin and it needs lots more documentation. for a Description. What are domainkeys? Thanks all for the help so far, BTW, I'm using Sendmail Steve Campbell campbell@cnpapers.com Charleston Newspapers > > hth > >> >> Thanks >> >> Steve Campbell >> campbell@cnpapers.com >> Charleston Newspapers >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From campbell at cnpapers.com Wed Mar 8 21:20:14 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Mar 8 21:20:24 2006 Subject: Yahoo suggestions References: <005b01c642b8$220b2810$0705000a@DDF5DW71> Message-ID: <002101c642f6$176f8390$0705000a@DDF5DW71> Never mind, I remembered what it was and am now reading how it's supposed to be used. Steve ----- Original Message ----- From: "Ugo Bellavance" To: Sent: Wednesday, March 08, 2006 3:29 PM Subject: Re: Yahoo suggestions > Steve Campbell wrote: >> I work at a newspaper, and it seem that many vaild contributors have and >> use yahoo accounts. After checking the logs, I find that about >> 99.9999999% emails sent from yahoo accounts are truly spam, but there is >> that small percentage that needs to get through. (Of course, these are >> always sent and blocked on deadline, so they say) >> >> My problem is that all of these yahoo mailings seem to be hit by the same >> common rules like FORGED_YAHOO_RCVD and NO_REAL_NAME >> and the like even though these are valid yahoo accounts. I realize that >> yahoo must be doing some non-standard manipulations, but how do others >> deal with this other than whitelisting accounts as I get called? >> >> My MS is a little bit old, but do the newer versions deal with this or is >> this something that will just have to be? I certainly don't want to >> whitelist the entire yahoo.com domain! > > You may want to try the (experimental) DomainKeys support in SpamAssassin. > > hth > >> >> Thanks >> >> Steve Campbell >> campbell@cnpapers.com >> Charleston Newspapers >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From gborders at jlewiscooper.com Wed Mar 8 21:24:38 2006 From: gborders at jlewiscooper.com (Greg Borders) Date: Wed Mar 8 21:27:54 2006 Subject: Perls of wisdom? In-Reply-To: <440F2283.8050600@ecs.soton.ac.uk> References: <440F1A6D.1070708@jlewiscooper.com> <440F2283.8050600@ecs.soton.ac.uk> Message-ID: <440F4B96.40101@jlewiscooper.com> Doesn't seem like it has more than one install:: [root@mail MailScanner]# /usr/bin/perl -v This is perl, v5.8.5 built for i386-linux-thread-multi [root@mail MailScanner]# /usr/local/bin/perl -v -bash: /usr/local/bin/perl: No such file or directory [root@mail MailScanner]# rpm -q perl perl-5.8.5-24.RHEL4 Quite perplexing...I wonder if I move all this 5.8.6 stuff into the 5.8.5 will break anything, or should I just leave it alone? Perhaps some CPAN update dropped it in there for some reason.. I'm grasping at straws here. Thanks for the reply Julian. ^_^ Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Have you got 2 copies of Perl installed somehow? Check > /usr/bin/perl -v > versus > /usr/local/bin/perl -v > > That's the most likely cause. > > Greg Borders wrote: > >> Performed my upgrade from last stable Feb. release 4.50.14-1 to the >> new 4.51.5-1 last night on my Redhat Ent. 4 box. >> Got some odd perl program missing in INC path errors. > -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve.swaney at fsl.com Wed Mar 8 21:47:41 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Mar 8 21:47:46 2006 Subject: MailScanner SMTP question In-Reply-To: <440F2D44.5040202@ecs.soton.ac.uk> Message-ID: <080101c642f9$ed1a1fc0$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Wednesday, March 08, 2006 2:15 PM > To: MailScanner discussion > Subject: Re: MailScanner SMTP question > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Scott Silva wrote: > > Julian Field spake the following on 3/6/2006 3:00 AM: > > > >> The one thing you can do to alleviate this with MailScanner is to use > >> the "IPBlock" code within CustomConfig.pm. It only works with > >> sendmail, if I remember correctly. You can put the maximum limit of > >> email messages per hour that you accept from a domain or a block of > >> IP addresses. Once it gets more messages that that from an address > >> (or IP) it starts telling sendmail to block mail from that address. > >> Once an hour the counters are reset. > >> > >> Not many people use this, which is why it isn't a core feature, but > >> the person who asked me to write it makes great use of it. > >> > >> Fundamentally, this is really a job for you MTA, and not MailScanner > >> at all. If you are using sendmail, then there are milters such as > >> milter-ahead which will check the addresses it receives are real on > >> your system, and rejects all messages that are being delivered to non- > >> existent addresses. It is a lot faster than you might think it would > >> be, as it does lots of caching, and it will reject a message long > >> before the content of the message is transmitted. Thoroughly > >> recommended. There are mailing list postings and Wiki pages that will > >> tell you how to do something similar on other MTAs. > >> > >> On 6 Mar 2006, at 03:19, Laurent Dinclaux wrote: > >> > > Is there a free equivalent to Milter-ahead? Or does my copy I got > "before" it > > wasn't free still work? > He doesn't charge much, does he? I thought it was something like a > nominal $99? How much is your time worth implementing something else? > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support It's well worth 90 euros. You get a permanent site license to use on all systems on you site and free updates :) I haven't fond anything else with the same features and as reliable for free. If you bought Milter-ahead 1.0, 1.1 is now available for free download for the Snertsoft site www.snertsoft.com Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From ajos1 at onion.demon.co.uk Wed Mar 8 22:36:13 2006 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Wed Mar 8 22:36:30 2006 Subject: phishing local file... Message-ID: - Every night.. my phishing.safe.sites.conf is updated... and I want to leave it that way... because I do not have to worry about it. I would like an additional 'local version' of the file... in which I can stick in 5 or 6 entries particular to my own situation... I have tried reading the documentation... and I cannot find out what I have to do... to have an additional local version of: phishing.safe.sites.conf Can someone point me in the right direction? Thanks in Advance, Ajos1. Basically I need to reduce down some of these messages... for our most common links... "MailScanner has detected a possible fraud attempt from "mail.whatever-mymachine-is-called.uk" claiming to be www.cancer.org.uk" From nerijus at users.sourceforge.net Wed Mar 8 23:15:18 2006 From: nerijus at users.sourceforge.net (Nerijus Baliunas) Date: Wed Mar 8 23:20:17 2006 Subject: phishing local file... In-Reply-To: References: Message-ID: <20060308231813.51208BAD0@mx.dtiltas.lt> On Wed, 08 Mar 2006 22:36:13 (GMT/BST) ajos1@onion.demon.co.uk wrote: > I would like an additional 'local version' of the file... in which I can stick in 5 or 6 entries particular to my own situation... I have tried reading the documentation... and I cannot find out what I have to do... to have an additional local version of: phishing.safe.sites.conf You can change update_phishing_sites cron script to add your local changes to phishing.safe.sites.conf after the update. Regards, Nerijus From Edge at twu.ca Wed Mar 8 23:23:37 2006 From: Edge at twu.ca (Richard Edge) Date: Wed Mar 8 23:21:57 2006 Subject: I need help. I'm out of time and out of patients Message-ID: Well said Kevin. Same here and coming up on 30 years. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kevin Miller Sent: Wednesday, March 01, 2006 11:39 AM To: MailScanner discussion Subject: RE: I need help. I'm out of time and out of patients > Funny, these little quips. I am getting married on Tiesday :) Don't let 'em scare you. I left on my honeymoon almost 19 years ago and it still hasn't ended. Marry the right gal, treat her right, and LIFE IS GOOD! Spoiled and loving it... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4610 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060308/9c8113ac/smime.bin From ssilva at sgvwater.com Thu Mar 9 00:16:48 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Mar 9 00:17:02 2006 Subject: How to block all email sent to a specific email address? In-Reply-To: <9720CA43F755A148BF65B6618B90CB941A5BB0@magneto.wals.local> References: <9720CA43F755A148BF65B6618B90CB941A5BB0@magneto.wals.local> Message-ID: Jody Cleveland spake the following on 3/7/2006 11:46 AM: > Hello, > > Is it possible to create a rule that would blacklist all mail coming in > for a specific email address? > > Kind of like blacklist *@* to *@xavier.winnefox.org? > > - jody userdel xavier will block all the mail ;-) From ssilva at sgvwater.com Thu Mar 9 00:40:26 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Mar 9 00:40:56 2006 Subject: 4.51.5 on RH7.3 In-Reply-To: <440C97F0.7769B98E@vrml.k12.la.us> References: <440C97F0.7769B98E@vrml.k12.la.us> Message-ID: johnh spake the following on 3/6/2006 12:13 PM: > ON an Redhat 7.3 > > with rpm -q perl > perl-5.6.1-38.0.7.3.3.legacy > > > UP ' ing 4.40 to 4.51 <> You are going to have to move away from RedHat 7.3. Even Fedora Legacy will stop supporting it pretty soon. From ajos1 at onion.demon.co.uk Thu Mar 9 03:27:37 2006 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Thu Mar 9 03:27:55 2006 Subject: phishing local file... Message-ID: - A simple solution... which I shall do... BUT... I have been doing some tests... am I right in thinking... that... *.sonicbadger.com will NOT match sonicbadger.com So to cover ALL bases... you actually need 2 lines in the file... sonicbadger.com *.sonicbadger.com -----Original Message----- From: nerijus@users.sourceforge.net Dateoid: Thu, 9 Mar 2006 01:15:18 +0200 Subject: ajos1 - Re: phishing local file... You can change update_phishing_sites cron script to add your local changes to phishing.safe.sites.conf after the update. Regards, Nerijus == ===================================================================== = = "A committee of one... gets things done." = = "It is always sunny in my life..." - Ajos1 = = "We asked the National Association of Estate Agents for a comment, = but unusually for estate agents, they were lost for words." - BBC = = Need help dealing with Parking Tickets, Bailiffs, Capita or NTL... = Call... +44 8457 90 90 90 http://www.samaritans.org/ ===================================================================== From ajos1 at onion.demon.co.uk Thu Mar 9 03:43:03 2006 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Thu Mar 9 03:43:20 2006 Subject: {Spam?} Errors in PHISHING file on my server... Message-ID: Please note this is before I started playing with them! I notice that my phishing file has some errors in it... from the past... and I am just letting you know... just in case they have appeared on other systems... looks like the update program may have gone potty in the past?! --- SNIP START--- ^M #00 #01 This file contains the list of all the sites which can be safely #02 ignored in the "phishing fraud" checks. --- SNIP END--- ### THEN FURTHER DOWN ### --- SNIP START--- *.workopolis.com *.xerox.com 360.ruk1.net ^M ^M ^M ^M aaa.ishayafa.info aacrapps.aacr.org --- SNIP END--- == ===================================================================== = = "A committee of one... gets things done." = = "It is always sunny in my life..." - Ajos1 = = "We asked the National Association of Estate Agents for a comment, = but unusually for estate agents, they were lost for words." - BBC = = Need help dealing with Parking Tickets, Bailiffs, Capita or NTL... = Call... +44 8457 90 90 90 http://www.samaritans.org/ ===================================================================== From ajos1 at onion.demon.co.uk Thu Mar 9 04:00:44 2006 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Thu Mar 9 04:01:02 2006 Subject: errors with phishing.safe.sites.conf.master Message-ID: - errors with phishing.safe.sites.conf.master... creating long term corruption... In : /usr/sbin/update_phishing_sites wget http://www.mailscanner.info/phishing.safe.sites.conf.master Works... okay.... BUT... curl -O http://www.mailscanner.info/phishing.safe.sites.conf.master downloads a file like this... 302 Found

Found

The document has moved here.


Apache/2.0.46 (Red Hat) Server at www.mailscanner.info Port 80
From Jan-Peter.Koopmann at seceidos.de Thu Mar 9 06:47:19 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Thu Mar 9 06:47:31 2006 Subject: FreeBSD port / mta.in script Message-ID: On Wednesday, March 08, 2006 10:03 PM Mike Jakubik wrote: > What is the advantage of using this mta.sh script? I have always used > the system to start the MTA (postfix in my case), and have had no > problems. If you use the system to startup your MTA the way you like it, you are of course free to do so and will not have any disadvantages. At the time the mta script was originally written there was no easy way to fire up the necessary MTA instanced from rc.conf alone (at least not for exim). If this is the case now and the script is obsolete: Fine with me. All I need then are detailed instructions for all MTAs under FreeBSD and I will get rid off the script. It is simply a way to ensure that the MTA in use is called the way that MailScanner needs it to be. Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060309/7b614191/smime.bin From MailScanner at ecs.soton.ac.uk Thu Mar 9 09:23:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 9 09:23:36 2006 Subject: phishing local file... In-Reply-To: References: Message-ID: <1480686C-129B-4701-A7A2-85ECBE1EC798@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- If you use my cron job for updating the phishing.safe.sites.conf file, you should find that your local changes are kept when the update happens. So you should be able to just add your own entries and they should stay in there, the new version of the file will just get wrapped into the mix. Please test this with the update_phishing_sites command and let me know if this is not working. On 8 Mar 2006, at 22:36, ajos1@onion.demon.co.uk wrote: > - > > Every night.. my phishing.safe.sites.conf is updated... and I > want to leave it that way... because I do not have to worry about it. > > I would like an additional 'local version' of the file... in which > I can stick in 5 or 6 entries particular to my own situation... I > have tried reading the documentation... and I cannot find out what > I have to do... to have an additional local version of: > phishing.safe.sites.conf > > Can someone point me in the right direction? > > Thanks in Advance, Ajos1. > > > Basically I need to reduce down some of these messages... for our > most common links... > > "MailScanner has detected a possible fraud attempt from > "mail.whatever-mymachine-is-called.uk" claiming to be > www.cancer.org.uk" > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRA/0DPw32o+k+q+hAQG80AgAgrl5pwKo9hgWoQ0xZJcIQ9ak8AMDidie RN4OTVGTW20dbTjL1d5i4rrXnHbQH7wzvS4B3H3QXVhXDn/SyaO1U9Fia+Fgu+uZ gJvemQcWOou5aRqxJceNH9R9bEbwvROpNdSDrJILqxbbZX4xkL4HzyolbpxTm+l+ ZtFs1UUEIsxGcsvGa6MYi+gXHS0xGrUAK4qK/uWF1eMEUyh2/1R6rG5LAIVC3Jky SpVeCLA3/JQkqCrUoX3SbXPl+6uMubmvCiiSTMlbqEHwMHChSdmRmW1nK4gsZ+0o fx2Yr5sV0Gi3soRd2w8LaQMBWGFH4kl+LhK6t6Qhd9PtHY3zjehkHQ== =qlMM -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 9 09:25:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 9 09:25:43 2006 Subject: errors with phishing.safe.sites.conf.master In-Reply-To: References: Message-ID: <4173913A-0E5A-4970-95B1-7914A3536CD1@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Now you know why I didn't use curl. And the update_phishing_sites script is a whole lot more clever than just a call to wget! On 9 Mar 2006, at 04:00, ajos1@onion.demon.co.uk wrote: > - > > errors with phishing.safe.sites.conf.master... creating long term > corruption... > > In : /usr/sbin/update_phishing_sites > > wget http://www.mailscanner.info/phishing.safe.sites.conf.master > > Works... okay.... BUT... > > curl -O http://www.mailscanner.info/phishing.safe.sites.conf.master > > downloads a file like this... > > > > 302 Found > >

Found

>

The document has moved here.

>
>
Apache/2.0.46 (Red Hat) Server at www.mailscanner.info > Port 80
> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRA/0jPw32o+k+q+hAQFjzgf/aPhDOqGmRlkHkYZezYbkRzJF/DrZiUxT rikRW3+M4hBmQnAMgdEMKIuKbeOXeWVycsifgWiGbQJ6pzxy/Iz657xooV9dIa75 1Ffm/FtAeRMziqaTpQ2e6VOtTeNnOqW6zVCKIDLvHCt5cKFmOZZJDuVDIJGGM6wv ytWJE8qO/S3i/QgIEoUO6PTCrwWEgMoW2mPBvNQSC9VktRwQud/VHmtXQePOanwb wHouwKuZw8XylLKfIFJ32baP68BBfXLfuBvaTo3VNnZGJoudsKkabWEiGn/8ySBT oNNdYLExvWj3jZwh3Uou4s7x7+lTwKquKFr7WCI50udGxXVZegeG8A== =MZBz -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 9 09:35:58 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 9 09:36:08 2006 Subject: errors with phishing.safe.sites.conf.master In-Reply-To: <4173913A-0E5A-4970-95B1-7914A3536CD1@ecs.soton.ac.uk> References: <4173913A-0E5A-4970-95B1-7914A3536CD1@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 9 Mar 2006, at 09:25, Julian Field wrote: > * PGP Signed: 03/09/06 at 09:25:32 > > Now you know why I didn't use curl. Accuracy check: Now you know why I didn't *intend* to use curl. Hopefully you have wget installed! Sorry about that. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRA/3APw32o+k+q+hAQHY3Af/WwaVkQBKxUQBQBvHL7dc3HRVAEneYckA 09B2Nx3ob7fYHVEnz1bYgI/iZ6dkyrAgmxkkRhBWuWUXA4F9JIPBI2ufmdqZD5ap dllnrsxVHuEDxnCWeAhpay4aA0SNO/ICPX9kDKw00iI91wKoeYVSaeJElUlcWKqR 06IsDA/BHb79Sj8BwD54liJ7BX1s5cA1fwNla6jN1owJrnStRjxnNs0HbJYoh867 z4lGM/s3HJY2dWf7suHTb7v9pJU5q+nRj//CjwczduR7Zl7+hwDKhHcVsV8OmTOr 9E58/4Waev22W1ljikcbTmvxuA+hgKsUr34bxWHdUSTrr/8m4NUe7g== =ARbX -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From murat at mems.eee.metu.edu.tr Thu Mar 9 09:42:22 2006 From: murat at mems.eee.metu.edu.tr (Murat Tepegoz) Date: Thu Mar 9 09:42:30 2006 Subject: Filter by subject Message-ID: <440FF87E.6010707@mems.eee.metu.edu.tr> Hi all, I know that it is possible to filter or prevent filtering of a mail with a certain email adress or domain (From/To). I wonder if it is possible to pass filtering for the mails which provide a certain criteria in the subject. In other words, what I want to do is this: - If subject contains "XX" do not filter the message, let it go - Otherwise apply normal filtering mechanism. Is it possible? thanks in advance -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060309/f89d908d/attachment.html From raymond at prolocation.net Thu Mar 9 09:44:44 2006 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Thu Mar 9 09:44:45 2006 Subject: Filter by subject In-Reply-To: <440FF87E.6010707@mems.eee.metu.edu.tr> References: <440FF87E.6010707@mems.eee.metu.edu.tr> Message-ID: Hi! > I know that it is possible to filter or prevent filtering of a mail with a > certain email adress or domain (From/To). > I wonder if it is possible to pass filtering for the mails which provide a > certain criteria in the subject. > > In other words, what I want to do is this: > - If subject contains "XX" do not filter the message, let it go > - Otherwise apply normal filtering mechanism. Make some spamassassin rules for this ... pretty simple i think. Bye, Raymond. From darren at torsion.co.uk Thu Mar 9 10:50:16 2006 From: darren at torsion.co.uk (Darren Walker) Date: Thu Mar 9 10:50:22 2006 Subject: Older version and huge problem In-Reply-To: Message-ID: <005f01c64367$404ae360$6501a8c0@lappy> Hi We have tried in vain to update a Cobalt Qube 3 to the latest version of Mailscanner without success. The Qube developed a problem and needed to be re-installed. Originally Mailscanner and F-prot were running on it which were installed about 2-3 years ago. The problem is that we cannot update the version of perl without loosing the GUI. We have completely reformatted and re-installed the whole qube from fresh, and tried to install all the various perl modules by hand, but whatever we do we cannot get mailscanner to run successfully, the output is missing module x or y or z or some other problem. We have spent 4 days trying to get it to work and basically given up. We have ended up re-installing version 3.271 on a fresh installation of the Qube and it works except for a huge problem. The client has f-prot but the version originally installed we are not sure of- but the new version gives the following error ---------SNIP------- Mar 9 10:48:30 qube in.qpopper[14592]: (v?) POP login by user "dscott" at (192.9.200.147) 192.9.200.147 Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Search: .". Please mail the author of MailScanner Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Action: Report only". Please mail the author of MailScanner Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Files: "Dumb" scan of all files". Please mail the author of MailScanner Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Switches: -ARCHIVE -PACKED -SERVER -OLD". Please mail the author of MailScanner Mar 9 10:48:31 qube mailscanner[14388]: Scanned 1 messages, 1737 bytes in 3 seconds---------SNIP------- Is there anything we can do to sort this out Im not sure that mailscanner is now running the virus scan correctly- or is it that it just cannot run certain aspects of it. I don't know if I can download an older version of f-prot. Any help would be much appreciated Thanks Darren -- This message has been scanned for viruses and dangerous content by Torsion Internet Ltd, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 9 11:19:45 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 9 11:19:58 2006 Subject: Older version and huge problem In-Reply-To: <005f01c64367$404ae360$6501a8c0@lappy> References: <005f01c64367$404ae360$6501a8c0@lappy> Message-ID: <3A08B6DC-0898-4AEB-9D40-DB2A60FBA87E@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- For 3.27 to work properly, you need a version of F-Prot from back then too. And that won't recognise much in the way of recent viruses. Sorry, but the world has moved on since the days of Cobalt Qube systems, no-one that I know of properly supports them any more. I certainly don't provide any support on MailScanner version 3 any more, I haven't supported it for a couple of years now at least. On 9 Mar 2006, at 10:50, Darren Walker wrote: > > Hi > > We have tried in vain to update a Cobalt Qube 3 to the latest > version of > Mailscanner without success. The Qube developed a problem and > needed to be > re-installed. Originally Mailscanner and F-prot were running on it > which > were installed about 2-3 years ago. > The problem is that we cannot update the version of perl without > loosing the > GUI. We have completely reformatted and re-installed the whole qube > from > fresh, and tried to install all the various perl modules by hand, but > whatever we do we cannot get mailscanner to run successfully, the > output is > missing module x or y or z or some other problem. We have spent 4 days > trying to get it to work and basically given up. > > We have ended up re-installing version 3.271 on a fresh > installation of the > Qube and it works except for a huge problem. The client has f-prot > but the > version originally installed we are not sure of- but the new > version gives > the following error > > ---------SNIP------- > > Mar 9 10:48:30 qube in.qpopper[14592]: (v?) POP login by user > "dscott" at > (192.9.200.147) 192.9.200.147 > Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in > MailScanner's F-Prot output parser, or F-Prot's output format has > changed! > F-Prot said this "Search: .". Please mail the author of MailScanner > Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in > MailScanner's F-Prot output parser, or F-Prot's output format has > changed! > F-Prot said this "Action: Report only". Please mail the author of > MailScanner > Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in > MailScanner's F-Prot output parser, or F-Prot's output format has > changed! > F-Prot said this "Files: "Dumb" scan of all files". Please mail the > author > of MailScanner > Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in > MailScanner's F-Prot output parser, or F-Prot's output format has > changed! > F-Prot said this "Switches: -ARCHIVE -PACKED -SERVER -OLD". Please > mail the > author of MailScanner > Mar 9 10:48:31 qube mailscanner[14388]: Scanned 1 messages, 1737 > bytes in 3 > seconds---------SNIP------- > > Is there anything we can do to sort this out Im not sure that > mailscanner is > now running the virus scan correctly- or is it that it just cannot run > certain aspects of it. I don't know if I can download an older > version of > f-prot. > > Any help would be much appreciated > Thanks > > Darren > > > > > -- > This message has been scanned for viruses and > dangerous content by Torsion Internet Ltd, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRBAPVPw32o+k+q+hAQENSQgAoXr+lPG9FoMtcRG7zWgQe5OAmAO/Azo1 ANy43yUri1QyB6beyMC4geFoJYM5Q95AEX/I3HBIRPZWapen8S4sBPyjDr8EURzI ArFKC/22WM4Ne539QUfnFljmo0OuX/Bb19dbvWUHuZfHRRqPCw3LdsG0W7BlJOfZ U9LKJBvKgffwM9F2i6xNzG8A595M3JFCK9W+SpPdPrICIOlUPYZvs6a1AaihM1SZ hRTyOSnN5M2mThtXucrL9mZVbYfzJioxSqmXVPUN1HPDjr8W0nzp3KDkDJJTKljx 45VyIOUEQ12FHCGe7HD++cWN3AlFoujnQbYHNJnpyMBfEglJA6V+7g== =LJCg -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Q.G.Campbell at newcastle.ac.uk Thu Mar 9 11:26:28 2006 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Thu Mar 9 11:26:35 2006 Subject: Errors in 4.51.5 'spam.assassin.prefs.conf'? Message-ID: <4165CF7A7F12DE4B96622CCBB90586470661DB07@largo.campus.ncl.ac.uk> It appears that the list of RBL sites in 'spam.assassin.prefs.conf' (4.51.5) is both incorrect and incomplete as the corresponding entries have different labels in the /usr/share/spamassassin/*.cf files. The file 'spam.assassin.prefs.conf' says: #score RCVD_IN_BL_SPAMCOP_NET 4 # These next 3 will cost you money, see mailscanner.conf. #score RCVD_IN_RBL 10 #score RCVD_IN_RSS 1 #score RCVD_IN_DUL 1 It should probably say: #score RCVD_IN_BL_SPAMCOP_NET 4 # These next 3 will cost you money, see mailscanner.conf. #score RCVD_IN_MAPS_RBL 10 #score RCVD_IN_MAPS_DUL 1 #score RCVD_IN_MAPS_RSS 1 #score RCVD_IN_MAPS_NML 1 (?) Have I missed something? I also have a related question: If I have SpamAssassin run RBL checks but set certain RBL rule scores to '0', does this disable those particular RBL checks so they are not carried out? In my case I use MAPS+ and Spamhaus SBL-XBL in Sendmail so have disabled these and all other RBL checks in MailScanner. I want SpamAssassin to use all the RBL rules it has _except_ the MAPS and Spamhaus ones. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ Any opinion expressed above is mine. The University can get its own. From housey at sme-ecom.co.uk Thu Mar 9 11:33:20 2006 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Thu Mar 9 11:33:33 2006 Subject: Older version and huge problem In-Reply-To: <005f01c64367$404ae360$6501a8c0@lappy> Message-ID: Have you tried this http://www.depopo.net/idx/0/160/article/ (Qube3 Perl 5.8.x upgrader) and this http://www.depopo.net/idx/22/159/article/ (Mailscanner 4 for the Qube) I used some stuff from this site quite some time ago to upgrade perl on a Raq 4 without breaking the interface, maybe worth a go. Cheers Paul -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Darren Walker Sent: 09 March 2006 10:50 To: 'MailScanner discussion' Subject: Older version and huge problem Hi We have tried in vain to update a Cobalt Qube 3 to the latest version of Mailscanner without success. The Qube developed a problem and needed to be re-installed. Originally Mailscanner and F-prot were running on it which were installed about 2-3 years ago. The problem is that we cannot update the version of perl without loosing the GUI. We have completely reformatted and re-installed the whole qube from fresh, and tried to install all the various perl modules by hand, but whatever we do we cannot get mailscanner to run successfully, the output is missing module x or y or z or some other problem. We have spent 4 days trying to get it to work and basically given up. We have ended up re-installing version 3.271 on a fresh installation of the Qube and it works except for a huge problem. The client has f-prot but the version originally installed we are not sure of- but the new version gives the following error ---------SNIP------- Mar 9 10:48:30 qube in.qpopper[14592]: (v?) POP login by user "dscott" at (192.9.200.147) 192.9.200.147 Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Search: .". Please mail the author of MailScanner Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Action: Report only". Please mail the author of MailScanner Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Files: "Dumb" scan of all files". Please mail the author of MailScanner Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Switches: -ARCHIVE -PACKED -SERVER -OLD". Please mail the author of MailScanner Mar 9 10:48:31 qube mailscanner[14388]: Scanned 1 messages, 1737 bytes in 3 seconds---------SNIP------- Is there anything we can do to sort this out Im not sure that mailscanner is now running the virus scan correctly- or is it that it just cannot run certain aspects of it. I don't know if I can download an older version of f-prot. Any help would be much appreciated Thanks Darren -- This message has been scanned for viruses and dangerous content by Torsion Internet Ltd, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This message has been scanned for unacceptable content by 'VITANIUM' the industry leading email virus and content management service from Vitanium Systems. Contact details are available at www.vitanium.com. From darren at torsion.co.uk Thu Mar 9 11:38:46 2006 From: darren at torsion.co.uk (Darren Walker) Date: Thu Mar 9 11:38:50 2006 Subject: Older version and huge problem In-Reply-To: <3A08B6DC-0898-4AEB-9D40-DB2A60FBA87E@ecs.soton.ac.uk> Message-ID: <006501c6436e$06c5aec0$6501a8c0@lappy> Hi Julian, Thanks for your response. I fully understand that it is an old piece of kit, unfortunately convincing a client is sometimes more difficult, when they expect things to run for ever. I also fully understand that you can't support version 3 too. Could you tell me if it is at least scanning the files properly and removing viruses that it is aware of? - or is it just going through the motions? Thanks Darren -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 09 March 2006 11:20 To: MailScanner discussion Subject: Re: Older version and huge problem -----BEGIN PGP SIGNED MESSAGE----- For 3.27 to work properly, you need a version of F-Prot from back then too. And that won't recognise much in the way of recent viruses. Sorry, but the world has moved on since the days of Cobalt Qube systems, no-one that I know of properly supports them any more. I certainly don't provide any support on MailScanner version 3 any more, I haven't supported it for a couple of years now at least. On 9 Mar 2006, at 10:50, Darren Walker wrote: > > Hi > > We have tried in vain to update a Cobalt Qube 3 to the latest > version of > Mailscanner without success. The Qube developed a problem and > needed to be > re-installed. Originally Mailscanner and F-prot were running on it > which > were installed about 2-3 years ago. > The problem is that we cannot update the version of perl without > loosing the > GUI. We have completely reformatted and re-installed the whole qube > from > fresh, and tried to install all the various perl modules by hand, but > whatever we do we cannot get mailscanner to run successfully, the > output is > missing module x or y or z or some other problem. We have spent 4 days > trying to get it to work and basically given up. > > We have ended up re-installing version 3.271 on a fresh > installation of the > Qube and it works except for a huge problem. The client has f-prot > but the > version originally installed we are not sure of- but the new > version gives > the following error > > ---------SNIP------- > > Mar 9 10:48:30 qube in.qpopper[14592]: (v?) POP login by user > "dscott" at > (192.9.200.147) 192.9.200.147 > Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in > MailScanner's F-Prot output parser, or F-Prot's output format has > changed! > F-Prot said this "Search: .". Please mail the author of MailScanner > Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in > MailScanner's F-Prot output parser, or F-Prot's output format has > changed! > F-Prot said this "Action: Report only". Please mail the author of > MailScanner > Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in > MailScanner's F-Prot output parser, or F-Prot's output format has > changed! > F-Prot said this "Files: "Dumb" scan of all files". Please mail the > author > of MailScanner > Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in > MailScanner's F-Prot output parser, or F-Prot's output format has > changed! > F-Prot said this "Switches: -ARCHIVE -PACKED -SERVER -OLD". Please > mail the > author of MailScanner > Mar 9 10:48:31 qube mailscanner[14388]: Scanned 1 messages, 1737 > bytes in 3 > seconds---------SNIP------- > > Is there anything we can do to sort this out Im not sure that > mailscanner is > now running the virus scan correctly- or is it that it just cannot run > certain aspects of it. I don't know if I can download an older > version of > f-prot. > > Any help would be much appreciated > Thanks > > Darren > > > > > -- > This message has been scanned for viruses and > dangerous content by Torsion Internet Ltd, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRBAPVPw32o+k+q+hAQENSQgAoXr+lPG9FoMtcRG7zWgQe5OAmAO/Azo1 ANy43yUri1QyB6beyMC4geFoJYM5Q95AEX/I3HBIRPZWapen8S4sBPyjDr8EURzI ArFKC/22WM4Ne539QUfnFljmo0OuX/Bb19dbvWUHuZfHRRqPCw3LdsG0W7BlJOfZ U9LKJBvKgffwM9F2i6xNzG8A595M3JFCK9W+SpPdPrICIOlUPYZvs6a1AaihM1SZ hRTyOSnN5M2mThtXucrL9mZVbYfzJioxSqmXVPUN1HPDjr8W0nzp3KDkDJJTKljx 45VyIOUEQ12FHCGe7HD++cWN3AlFoujnQbYHNJnpyMBfEglJA6V+7g== =LJCg -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Torsion Internet Ltd, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Torsion Internet Ltd, and is believed to be clean. From ajos1 at onion.demon.co.uk Thu Mar 9 11:45:48 2006 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Thu Mar 9 11:45:58 2006 Subject: phishing local file... Message-ID: - I just checked to source... and see what it is meant to do... It works... so I will do it this way... [ ... from some point in the past 3 machines have a blank line or some code that should not be in it... so I have started with a clean new site file... as from last night ... ] -----Original Message----- From: MailScanner discussion Message-ID: <006601c6436f$38a66e60$6501a8c0@lappy> Hi Paul, Thanks. Yeah we tried that- installing a second version of Perl - and Mailscanner then allows you to ignore the two versions, the problem is getting the modules to run/install properly through CPAN- however many we install there is always a problem afterwards when we start up Mailscanner. What we found was a couple of times the GUI would open without a password, but when you clicked on a user you couldn't modify anything, or the menus on the left wouldn't work and so on. After 4 days of continuously trying we have just had to call it a day. It actually seems to be working but I just don't know if it is removing any viruses- that's the problem I have now. I am trying to locate an old version of f-prot. Thanks Darren -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Houselander Sent: 09 March 2006 11:33 To: MailScanner discussion Subject: RE: Older version and huge problem Have you tried this http://www.depopo.net/idx/0/160/article/ (Qube3 Perl 5.8.x upgrader) and this http://www.depopo.net/idx/22/159/article/ (Mailscanner 4 for the Qube) I used some stuff from this site quite some time ago to upgrade perl on a Raq 4 without breaking the interface, maybe worth a go. Cheers Paul -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Darren Walker Sent: 09 March 2006 10:50 To: 'MailScanner discussion' Subject: Older version and huge problem Hi We have tried in vain to update a Cobalt Qube 3 to the latest version of Mailscanner without success. The Qube developed a problem and needed to be re-installed. Originally Mailscanner and F-prot were running on it which were installed about 2-3 years ago. The problem is that we cannot update the version of perl without loosing the GUI. We have completely reformatted and re-installed the whole qube from fresh, and tried to install all the various perl modules by hand, but whatever we do we cannot get mailscanner to run successfully, the output is missing module x or y or z or some other problem. We have spent 4 days trying to get it to work and basically given up. We have ended up re-installing version 3.271 on a fresh installation of the Qube and it works except for a huge problem. The client has f-prot but the version originally installed we are not sure of- but the new version gives the following error ---------SNIP------- Mar 9 10:48:30 qube in.qpopper[14592]: (v?) POP login by user "dscott" at (192.9.200.147) 192.9.200.147 Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Search: .". Please mail the author of MailScanner Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Action: Report only". Please mail the author of MailScanner Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Files: "Dumb" scan of all files". Please mail the author of MailScanner Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Switches: -ARCHIVE -PACKED -SERVER -OLD". Please mail the author of MailScanner Mar 9 10:48:31 qube mailscanner[14388]: Scanned 1 messages, 1737 bytes in 3 seconds---------SNIP------- Is there anything we can do to sort this out Im not sure that mailscanner is now running the virus scan correctly- or is it that it just cannot run certain aspects of it. I don't know if I can download an older version of f-prot. Any help would be much appreciated Thanks Darren -- This message has been scanned for viruses and dangerous content by Torsion Internet Ltd, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This message has been scanned for unacceptable content by 'VITANIUM' the industry leading email virus and content management service from Vitanium Systems. Contact details are available at www.vitanium.com. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Torsion Internet Ltd, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Torsion Internet Ltd, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 9 11:48:12 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 9 11:48:22 2006 Subject: Older version and huge problem In-Reply-To: <006501c6436e$06c5aec0$6501a8c0@lappy> References: <006501c6436e$06c5aec0$6501a8c0@lappy> Message-ID: <7FCE0966-1D13-492A-9323-0BCCE4708670@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 9 Mar 2006, at 11:38, Darren Walker wrote: > Thanks for your response. I fully understand that it is an old > piece of kit, > unfortunately convincing a client is sometimes more difficult, when > they > expect things to run for ever. I also fully understand that you can't > support version 3 too. > > Could you tell me if it is at least scanning the files properly and > removing > viruses that it is aware of? - or is it just going through the > motions? Sorry, I honestly haven't got a clue. I suggest you try it with a copy of the Eicar test file (www.eicar.org). > > Thanks > > Darren > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Julian > Field > Sent: 09 March 2006 11:20 > To: MailScanner discussion > Subject: Re: Older version and huge problem > > * PGP Signed by an unmatched address: 03/09/06 at 11:19:48 > > For 3.27 to work properly, you need a version of F-Prot from back > then too. And that won't recognise much in the way of recent viruses. > Sorry, but the world has moved on since the days of Cobalt Qube > systems, no-one that I know of properly supports them any more. > > I certainly don't provide any support on MailScanner version 3 any > more, I haven't supported it for a couple of years now at least. > > On 9 Mar 2006, at 10:50, Darren Walker wrote: > >> >> Hi >> >> We have tried in vain to update a Cobalt Qube 3 to the latest >> version of >> Mailscanner without success. The Qube developed a problem and >> needed to be >> re-installed. Originally Mailscanner and F-prot were running on it >> which >> were installed about 2-3 years ago. >> The problem is that we cannot update the version of perl without >> loosing the >> GUI. We have completely reformatted and re-installed the whole qube >> from >> fresh, and tried to install all the various perl modules by hand, but >> whatever we do we cannot get mailscanner to run successfully, the >> output is >> missing module x or y or z or some other problem. We have spent 4 >> days >> trying to get it to work and basically given up. >> >> We have ended up re-installing version 3.271 on a fresh >> installation of the >> Qube and it works except for a huge problem. The client has f-prot >> but the >> version originally installed we are not sure of- but the new >> version gives >> the following error >> >> ---------SNIP------- >> >> Mar 9 10:48:30 qube in.qpopper[14592]: (v?) POP login by user >> "dscott" at >> (192.9.200.147) 192.9.200.147 >> Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in >> MailScanner's F-Prot output parser, or F-Prot's output format has >> changed! >> F-Prot said this "Search: .". Please mail the author of MailScanner >> Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in >> MailScanner's F-Prot output parser, or F-Prot's output format has >> changed! >> F-Prot said this "Action: Report only". Please mail the author of >> MailScanner >> Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in >> MailScanner's F-Prot output parser, or F-Prot's output format has >> changed! >> F-Prot said this "Files: "Dumb" scan of all files". Please mail the >> author >> of MailScanner >> Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in >> MailScanner's F-Prot output parser, or F-Prot's output format has >> changed! >> F-Prot said this "Switches: -ARCHIVE -PACKED -SERVER -OLD". Please >> mail the >> author of MailScanner >> Mar 9 10:48:31 qube mailscanner[14388]: Scanned 1 messages, 1737 >> bytes in 3 >> seconds---------SNIP------- >> >> Is there anything we can do to sort this out Im not sure that >> mailscanner is >> now running the virus scan correctly- or is it that it just cannot >> run >> certain aspects of it. I don't know if I can download an older >> version of >> f-prot. >> >> Any help would be much appreciated >> Thanks >> >> Darren >> >> >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by Torsion Internet Ltd, and is >> believed to be clean. >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > * Julian Field > * 0xA4FAAFA1 (L) > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by Torsion Internet Ltd, and is > believed to be clean. > > > > -- > This message has been scanned for viruses and > dangerous content by Torsion Internet Ltd, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRBAV/vw32o+k+q+hAQF5nAf/a0KO6yFvOAxA4ubOPTmp7JY+TugGAWF0 sBHXz5pMINzGTDaumUyPp5rLUASWHA9x6aV/rAmVYTiJzsHtuxKMKhJ9y3nxDvqo HfDoSif98N1wQzp/ztLT0Jfye2cH+MN22JHEC8cdS8+YMHWSAz8Own8p6mkBSEFd t/uMOVeYmHrH83T4u9jDb/34l28ee8736i0jR/wnbf66OFCwml6dWB6/Di9HIVTS Lfo8J0olh2CClAX9pxPUuhq5gAjQw7WKiUxj0FsPOYD/OTnnB58AQii1F5vay47q 9rv0GSOBxPxUwVI9v/B0OTyVi/U9unkqfy7J2wPYktfTgr+8yadK2Q== =wYwO -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gmatt at nerc.ac.uk Thu Mar 9 12:03:26 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Mar 9 12:03:35 2006 Subject: free bitdefender worth it? In-Reply-To: <20060308164629.GA1473@star> References: <1141836119.22652.18.camel@lea.nerc-wallingford.ac.uk> <20060308164629.GA1473@star> Message-ID: <1141905807.14611.13.camel@lea.nerc-wallingford.ac.uk> As a few of you have pointed out, and as I discovered before reading this thread this morning, I need the "--mail" switch to scan these files. With this, it is discovering a whole slew of viruses in mail received at my blackhole server.... thanks for the help G On Wed, 2006-03-08 at 17:46 +0100, Stephane Lentz wrote: > With Bitdefender 7.0 I used : > /opt/bdc/bdc --mail --arc --all files* > > to properly scan messages in archives/mailboxes > > Regards, > > SL/ -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From richard.siddall at elirion.net Thu Mar 9 12:35:17 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Thu Mar 9 12:35:47 2006 Subject: Older version and huge problem In-Reply-To: <006601c6436f$38a66e60$6501a8c0@lappy> References: <006601c6436f$38a66e60$6501a8c0@lappy> Message-ID: <44102105.803@elirion.net> Darren Walker wrote: > Hi Paul, > > Thanks. Yeah we tried that- installing a second version of Perl - and > Mailscanner then allows you to ignore the two versions, the problem is > getting the modules to run/install properly through CPAN- however many we > install there is always a problem afterwards when we start up Mailscanner. > What we found was a couple of times the GUI would open without a password, > but when you clicked on a user you couldn't modify anything, or the menus on > the left wouldn't work and so on. > Darren, MailScanner worked on a RaQ up to at least version 4.31. Perhaps Julian can find an old (i.e. Perl 5.005 compatible) copy for you to try on the Qube. Regards, Richard Siddall From algorges at gmail.com Thu Mar 9 12:50:59 2006 From: algorges at gmail.com (ASA) Date: Thu Mar 9 12:49:05 2006 Subject: JavaScript Message-ID: <001201c64378$1f016740$1401a8c0@asanote> What does that message? Mar 8 14:03:59 mx MailScanner[26505]: Found phishing fraud from JavaScript claiming to be www.hermes.com.br in 1FB54215ED3.6EF7F Mar 8 14:03:59 mx MailScanner[26505]: Found phishing fraud from JavaScript claiming to be www.malhassanremo.com.br in 1FB54215ED3.6EF7F From samp at arial-concept.com Thu Mar 9 13:22:09 2006 From: samp at arial-concept.com (Sam Przyswa) Date: Thu Mar 9 13:42:44 2006 Subject: Whitelist Message-ID: <44102C01.9090208@arial-concept.com> Hi, How to put whitelist DNS in /etc/MailScanner/spam.lists.conf as RDNS ? Thanks for your reply. Sam. -- Sam Przyswa - Chef de projet Arial Concept - Int???rateur Internet 36, rue de Turin - 75008 - Paris - France Tel: 01 40 54 86 04 - 0870 444 596 - Fax: 01 40 54 83 01 Skype ID: arial-concept Web: http://www.arial-concept.com - Email: Info@arial-concept.com -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. MailScanner remercie transtec pour son soutien. From samp at arial-concept.com Thu Mar 9 13:30:17 2006 From: samp at arial-concept.com (Sam Przyswa) Date: Thu Mar 9 13:59:34 2006 Subject: Bonded Sender Message-ID: <44102DE9.3070404@arial-concept.com> Hi, Does MailScanner can handle the Bonded Sender WL (http://bondedsender.org/bondedsender/technical.php) or how to implement it ? Sam. -- Sam Przyswa - Chef de projet Arial Concept - Int???rateur Internet 36, rue de Turin - 75008 - Paris - France Tel: 01 40 54 86 04 - 0870 444 596 - Fax: 01 40 54 83 01 Skype ID: arial-concept Web: http://www.arial-concept.com - Email: Info@arial-concept.com -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. MailScanner remercie transtec pour son soutien. From ugob at camo-route.com Thu Mar 9 14:04:52 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Thu Mar 9 14:08:01 2006 Subject: Does spamassassin cache database lower the amount of spamassassin timeouts? In-Reply-To: References: Message-ID: Taso Chatziantoniou wrote: > MailScanner version 4.48.4 > SpamAssassin version 3.1.0 > SpamAssassin Timeout = 60 > > > Has anyone seen a significant decline in spamassassin time out after > upgrading to 4.5x? > Since the new version of Mailscanner uses SpamAssassin cache database i > am guessing this would help. > > We are currently running six Mailscanner boxes that receive about 30,000 > to 50,000 emails each everyday. > We get about 270-280 Spamassassin time outs (as per logwatch) which, > considered the amount of mail we get is not bad at all. > The problem with this is that 270 emails which could be sent to multiple > email addresses can be sent to potentially alot more people then that. > When we have users send us spam submissions a bulk of the headers that > we get indicate that spamassassin timed out. What hardware? What MTA? You should probably try to tweak your MTA. Use milter-ahead, or other sendmail anti-spam features (throttling, greet pause). There might be other features for your MTA if it is not Sendmail. You may also try greylisting, at least for your most spammed users. Make sure you read about these before implementing them. > > This is my first post, please let me know if i am doing anything wrong > Thanks > One little thing: avoid posting in HTML. Regards, Ugo From shuttlebox at gmail.com Thu Mar 9 14:23:46 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 9 14:23:49 2006 Subject: Bonded Sender In-Reply-To: <44102DE9.3070404@arial-concept.com> References: <44102DE9.3070404@arial-concept.com> Message-ID: <625385e30603090623j618561f2j4c577f72773439fb@mail.gmail.com> On 3/9/06, Sam Przyswa wrote: > Hi, > > Does MailScanner can handle the Bonded Sender WL > (http://bondedsender.org/bondedsender/technical.php) or how to implement > it ? SpamAssassin supports it by default. # Bonded Sender: http://www.bondedsender.com/ score RCVD_IN_BSP_OTHER 0 -0.1 0 -0.1 score RCVD_IN_BSP_TRUSTED 0 -4.3 0 -4.3 -- /peter From darren at torsion.co.uk Thu Mar 9 14:32:07 2006 From: darren at torsion.co.uk (Darren Walker) Date: Thu Mar 9 14:32:10 2006 Subject: Older version and huge problem In-Reply-To: <44102105.803@elirion.net> Message-ID: <00ad01c64386$3e2441c0$6501a8c0@lappy> HI Richard, I have given in - basically I tried the latest version and just worked back from there until I managed to get one to work- all the versions are on the download page, so they were quite easy to work back from. Im sure that somehow we managed to get v4 working on it before the problem but I just cant work out how we did it and I cant afford to spend any more time on it. Thanks for your all your help - I managed to find an old copy of f-prot and installed that along with version 3.27. It seems to be working but it wont scan inside any zip files- which is a bit of a problem, but beggars cant be choosers... Thanks once again Darren -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Richard Siddall Sent: 09 March 2006 12:35 To: MailScanner discussion Subject: Re: Older version and huge problem Darren Walker wrote: > Hi Paul, > > Thanks. Yeah we tried that- installing a second version of Perl - and > Mailscanner then allows you to ignore the two versions, the problem is > getting the modules to run/install properly through CPAN- however many we > install there is always a problem afterwards when we start up Mailscanner. > What we found was a couple of times the GUI would open without a password, > but when you clicked on a user you couldn't modify anything, or the menus on > the left wouldn't work and so on. > Darren, MailScanner worked on a RaQ up to at least version 4.31. Perhaps Julian can find an old (i.e. Perl 5.005 compatible) copy for you to try on the Qube. Regards, Richard Siddall -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Torsion Internet Ltd, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Torsion Internet Ltd, and is believed to be clean. From KLekas at foxriver.com Thu Mar 9 14:35:14 2006 From: KLekas at foxriver.com (Kosta Lekas) Date: Thu Mar 9 14:35:25 2006 Subject: password protected files? Message-ID: <8D8A77DC1FA09546936E74FC3EEC627A3B1F5A@FREXGENEVA-01.frfr.foxriver.com> I am aware of the option to block password protected archives, is there a way to block password protected files? Kosta -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060309/94aa109f/attachment.html From shuttlebox at gmail.com Thu Mar 9 14:42:54 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 9 14:42:57 2006 Subject: password protected files? In-Reply-To: <8D8A77DC1FA09546936E74FC3EEC627A3B1F5A@FREXGENEVA-01.frfr.foxriver.com> References: <8D8A77DC1FA09546936E74FC3EEC627A3B1F5A@FREXGENEVA-01.frfr.foxriver.com> Message-ID: <625385e30603090642x5a66a983s536c67f53870e8f0@mail.gmail.com> On 3/9/06, Kosta Lekas wrote: > > I am aware of the option to block password protected archives, is there a > way to block password protected files? If they have a different file type than the non-protected file, then yes. Otherwise you have to rely on your virus scanner, Clam can block protected archives, maybe there's scanners that have more options. Do you have any examples of files you want to block? -- /peter From gmatt at nerc.ac.uk Thu Mar 9 14:43:25 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Mar 9 14:43:34 2006 Subject: message vs attachment size Message-ID: <1141915405.14611.23.camel@lea.nerc-wallingford.ac.uk> Cant find this in the book or google: does the "maximum message size" include the whole message including attachments? or are maximum message size and maximum attachment size mutually exclusive? ie if I set maximum message size to be 15MB will it stop attachments of 20MB? cheer GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From MailScanner at ecs.soton.ac.uk Thu Mar 9 14:47:39 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 9 14:47:59 2006 Subject: password protected files? In-Reply-To: <8D8A77DC1FA09546936E74FC3EEC627A3B1F5A@FREXGENEVA-01.frfr.foxriver.com> References: <8D8A77DC1FA09546936E74FC3EEC627A3B1F5A@FREXGENEVA-01.frfr.foxriver.com> Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 487 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060309/75837a29/PGP.bin From MailScanner at ecs.soton.ac.uk Thu Mar 9 14:52:28 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 9 14:52:38 2006 Subject: message vs attachment size In-Reply-To: <1141915405.14611.23.camel@lea.nerc-wallingford.ac.uk> References: <1141915405.14611.23.camel@lea.nerc-wallingford.ac.uk> Message-ID: <97F72773-634A-44A4-8F2E-FE89A3A716A4@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 9 Mar 2006, at 14:43, Greg Matthews wrote: > Cant find this in the book or google: > > does the "maximum message size" include the whole message including > attachments? Yes. > or are maximum message size and maximum attachment size > mutually exclusive? No. > ie if I set maximum message size to be 15MB will it stop > attachments of > 20MB? Yes. It's very simple, the message size is the size of the file containing the body of the text, for MTA's that have 2 files per message (sendmail and Exim). For MTA's that have 1 file per message (Postfix and ZMailer) it is simply the size of the file representing the entire message including headers and envelope data. Yes, I know that makes the figure slightly different for different MTA's with the same mesage. But people only ever use it as an approximate figure, e.g. 10MB. No-one cares if it is 10MB + 100 bytes or 10MB - 100 bytes. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRBBBLvw32o+k+q+hAQGzSAgAg9Tmxx8eIAqed4eOlCldFCLJKDJyteYL 6F2lGUyW1y6SgxkEJe1s5Fm7hvHWG9OGVc8PpGLpgxX7PnpGdIvpIUtuXswoQQ5H 9pep7NwiTFIifFZhsYY24bJA/3oYG7BQDfHEQzinGYsf/OVPJbyXrx557TeQjkTB ejZz0LuQb4u920p21730SiF0L0x2sygskfMlc2c8kyNzCYtNPjyVB+0uMFzdsH3Q SpjkElzP4X2a+k3MTp27sqg52sksOmrf9guOjdnMc/+kCGi4LNoNoVCmTmOefyeO bFLynrr/5wKDAEWDOCV3G0l7zQfHSJn2eM4s458DYR7GxAZZl/MzPg== =nzJA -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mikej at rogers.com Thu Mar 9 14:58:18 2006 From: mikej at rogers.com (Mike Jakubik) Date: Thu Mar 9 14:57:50 2006 Subject: FreeBSD port / mta.in script In-Reply-To: References: Message-ID: <4410428A.9000206@rogers.com> Koopmann, Jan-Peter wrote: > If you use the system to startup your MTA the way you like it, you are of > course free to do so and will not have any disadvantages. At the time the > mta script was originally written there was no easy way to fire up the > necessary MTA instanced from rc.conf alone (at least not for exim). If this > is the case now and the script is obsolete: Fine with me. All I need then > are detailed instructions for all MTAs under FreeBSD and I will get rid off > the script. > > It is simply a way to ensure that the MTA in use is called the way that > MailScanner needs it to be. > Understood. While im not sure about other MTA's, postfix has a RCng style startup script. So you just disable sendmail in rc.conf, and add a postfix_enable="YES". From KLekas at foxriver.com Thu Mar 9 15:05:40 2006 From: KLekas at foxriver.com (Kosta Lekas) Date: Thu Mar 9 15:05:50 2006 Subject: password protected files? Message-ID: <8D8A77DC1FA09546936E74FC3EEC627A3B1F5C@FREXGENEVA-01.frfr.foxriver.com> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shuttlebox Sent: Thursday, March 09, 2006 8:43 AM To: MailScanner discussion Subject: Re: password protected files? On 3/9/06, Kosta Lekas wrote: > > I am aware of the option to block password protected archives, is there a > way to block password protected files? If they have a different file type than the non-protected file, then yes. Otherwise you have to rely on your virus scanner, Clam can block protected archives, maybe there's scanners that have more options. Do you have any examples of files you want to block? -- /peter -- I've seen some excel spread sheets coming in that are password protected. But in general I want to block all and any password protected file types. I am running clamavmodule. Kosta From shuttlebox at gmail.com Thu Mar 9 15:15:07 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 9 15:15:10 2006 Subject: password protected files? In-Reply-To: <8D8A77DC1FA09546936E74FC3EEC627A3B1F5C@FREXGENEVA-01.frfr.foxriver.com> References: <8D8A77DC1FA09546936E74FC3EEC627A3B1F5C@FREXGENEVA-01.frfr.foxriver.com> Message-ID: <625385e30603090715p773c483j24c02fe94b9b4825@mail.gmail.com> On 3/9/06, Kosta Lekas wrote: > I've seen some excel spread sheets coming in that are password > protected. But in general I want to block all and any password protected > file types. I am running clamavmodule. Test the protected files with the file command, if they identify themselves as something different than the unprotected file you can add them to filetype.rules.conf. And Julian answered that Sophos can do this too. -- /peter From Jan-Peter.Koopmann at seceidos.de Thu Mar 9 15:29:23 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Thu Mar 9 15:29:41 2006 Subject: FreeBSD port / mta.in script Message-ID: On Thursday, March 09, 2006 3:58 PM Mike Jakubik wrote: > Understood. While im not sure about other MTA's, postfix has a RCng > style startup script. So you just disable sendmail in rc.conf, and > add a postfix_enable="YES". sendmail and exim have that as well. But the standard exim mta script will not launch all instanced necessary for mailscanner (incoming, outgoing, submit). Nor will the standard sendmail RCng script. I am not sure about postfix or how exactly postfix works with MailScanner so I can only speek for the other two. Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060309/51f89f67/smime.bin From mikej at rogers.com Thu Mar 9 15:38:56 2006 From: mikej at rogers.com (Mike Jakubik) Date: Thu Mar 9 15:38:25 2006 Subject: FreeBSD port / mta.in script In-Reply-To: References: Message-ID: <44104C10.3050602@rogers.com> Koopmann, Jan-Peter wrote: > sendmail and exim have that as well. But the standard exim mta script will > not launch all instanced necessary for mailscanner (incoming, outgoing, > submit). Nor will the standard sendmail RCng script. I am not sure about > postfix or how exactly postfix works with MailScanner so I can only speek > for the other two. > > Kind regards, > JP > Postfix starts up everything that is needed. It doesn't have separate commands that you need to start for queues to work, thats just silly. With postfix, we specify a rule to put all incoming mail in the hold queue, which mailscanner scans and then transfers to postfix incoming queue, where postfix picks it up and sends it on its way. From Jan-Peter.Koopmann at seceidos.de Thu Mar 9 15:54:29 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Thu Mar 9 15:54:44 2006 Subject: FreeBSD port / mta.in script Message-ID: On Thursday, March 09, 2006 4:39 PM Mike Jakubik wrote: > Postfix starts up everything that is needed. It doesn't have separate > commands that you need to start for queues to work, thats just silly. > With postfix, we specify a rule to put all incoming mail in the hold > queue, which mailscanner scans and then transfers to postfix incoming > queue, where postfix picks it up and sends it on its way. Which explains why you (Postfix) do not need the mta.sh script and others (Exim, sendmail) may find it useful since it will start the necessary instances for them. :-) That should answer the original question. Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060309/81a4068e/smime.bin From Kevin_Miller at ci.juneau.ak.us Thu Mar 9 15:59:20 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Mar 9 15:59:23 2006 Subject: message vs attachment size Message-ID: Julian Field wrote: > It's very simple, the message size is the size of the file containing > the body of the text, for MTA's that have 2 files per message > (sendmail and Exim). For MTA's that have 1 file per message (Postfix > and ZMailer) it is simply the size of the file representing the > entire message including headers and envelope data. > > Yes, I know that makes the figure slightly different for different > MTA's with the same mesage. But people only ever use it as an > approximate figure, e.g. 10MB. No-one cares if it is 10MB + 100 bytes > or 10MB - 100 bytes. Just to elaborate a bit, it may also be worth noting that when an attachment is encoded there is about a 25% increase in filesize so if someone asks what your limit is and you say 10 MB, from a practical standpoint they may only be able to attach a 7.5 MB doc. Of course, anybody sending 7.5 - 10 MB files should be fed to the sharks, but that's a different rant... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From samp at arial-concept.com Thu Mar 9 15:51:23 2006 From: samp at arial-concept.com (Sam Przyswa) Date: Thu Mar 9 16:12:46 2006 Subject: Bonded Sender In-Reply-To: <625385e30603090623j618561f2j4c577f72773439fb@mail.gmail.com> References: <44102DE9.3070404@arial-concept.com> <625385e30603090623j618561f2j4c577f72773439fb@mail.gmail.com> Message-ID: <44104EFB.2070303@arial-concept.com> shuttlebox a ?crit : >On 3/9/06, Sam Przyswa wrote: > > >>Hi, >> >>Does MailScanner can handle the Bonded Sender WL >>(http://bondedsender.org/bondedsender/technical.php) or how to implement >>it ? >> >> > >SpamAssassin supports it by default. > ># Bonded Sender: http://www.bondedsender.com/ >score RCVD_IN_BSP_OTHER 0 -0.1 0 -0.1 >score RCVD_IN_BSP_TRUSTED 0 -4.3 0 -4.3 > > Ok but at this time only the blacklists used on MailScanner are active even the host address is in whitelist, or perhaps I have missed something... Thanks for your help. Sam. -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. MailScanner remercie transtec pour son soutien. From cobalt-users1 at fishnet.co.uk Thu Mar 9 17:14:28 2006 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Thu Mar 9 17:14:38 2006 Subject: HTML image only spam and OCR In-Reply-To: Message-ID: <44106274.27869.3E09DC@cobalt-users1.fishnet.co.uk> On 8 Mar 2006 at 11:14, Taso Chatziantoniou wrote: > Also one other question .. > Does anyone know of a good site or forum that we can submit sample spams to help us figure > out a way to block them. We keep getting these stock html image only files with bayes poisining > on the bottom that we cannot seem to find a pattern to to block. Hi, After reading this bit I had though about maybe using ocr when these types of messages are found. A (not-so) quick experiment using netpbm and gocr on a linux machine here produces some ASCII output from one of these gif images. The question is: how can I get MailScanner / SpamAssassin to use this method? The command line I am using is: giftopnm test.gif | gocr - which then produces the text on stdout. Thoughts anyone? Ian -- From max at kipness.com Thu Mar 9 18:03:28 2006 From: max at kipness.com (Max Kipness) Date: Thu Mar 9 18:03:43 2006 Subject: Fwd: Latest RBLs to use Message-ID: <166e673e4aaef0d83043c42e601b294e@localhost> Hello - I'm in the process of installing the latest version of MailScanner. I haven't set one up in a while and was wondering which ones people are using nowadays. Years ago I think I had setup a long list of them. With SURBL is this necessary now? Or just let SpamAssassin handle it? Thanks, Max -- Thanks, Max From mkettler at evi-inc.com Thu Mar 9 18:12:55 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Mar 9 18:13:05 2006 Subject: Fwd: Latest RBLs to use In-Reply-To: <166e673e4aaef0d83043c42e601b294e@localhost> References: <166e673e4aaef0d83043c42e601b294e@localhost> Message-ID: <44107027.4080102@evi-inc.com> Max Kipness wrote: > Hello - > > I'm in the process of installing the latest version of MailScanner. I haven't > set one up in a while and was wondering which ones people are using nowadays. > Years ago I think I had setup a long list of them. With SURBL is this necessary > now? Or just let SpamAssassin handle it? IMHO, it's never been a good idea to use RBLs at the MailScanner or MTA level. However, that belief comes from never finding a RBL with a S/O greater than or equal to five-nines (>99.999% of matching email is spam, and <0.001% is nonspam). I'm generally quite averse to FPs, and adding another source of them on top of the occasional SA FP is troublesome. That said, XBL does have an impressive S/O in the SA development testing. SBL and DSBL also perform fairly well, though not as well as XBL. (take a look at STATISTICS-set1.txt and STATISTICS-set3.txt out of the SA tarball sometime) From shuttlebox at gmail.com Thu Mar 9 18:32:43 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 9 18:32:46 2006 Subject: HTML image only spam and OCR In-Reply-To: <44106274.27869.3E09DC@cobalt-users1.fishnet.co.uk> References: <44106274.27869.3E09DC@cobalt-users1.fishnet.co.uk> Message-ID: <625385e30603091032x11f05c70s47939511b3b45487@mail.gmail.com> On 3/9/06, Ian wrote: > Hi, > > After reading this bit I had though about maybe using ocr when these types of messages are > found. > > A (not-so) quick experiment using netpbm and gocr on a linux machine here produces some > ASCII output from one of these gif images. > > The question is: how can I get MailScanner / SpamAssassin to use this method? > > The command line I am using is: > > > giftopnm test.gif | gocr - > > > which then produces the text on stdout. > > Thoughts anyone? MS supports both a custom spam scanner and a generic virus scanner. Look in MailScanner.conf for more info. -- /peter From TasNYC at TasNYC.com Thu Mar 9 18:41:35 2006 From: TasNYC at TasNYC.com (Taso Chatziantoniou) Date: Thu Mar 9 18:42:11 2006 Subject: How to block all email sent to a specific email address? References: <9720CA43F755A148BF65B6618B90CB941A5BB0@magneto.wals.local> Message-ID: you can add a line like this to your blacklist or whitelist ruleset From: blockemail@example.com and To: youremail@example.com yes The problem that i am running into with this as a whitelist rule (probably the same for blacklist) is that if you just whitelist to youremail@example.com and the email was sent to or cced to youremail@example.com and youremail2@example.com and youemail3@example.com and so on it will get whitelisted for all of them. does anyone know a way around that? if your not sure what i am asking, here is another example I have a user named foo and he wants to be exluded from the spam filter altogether because of too many false positives so i add this line to my whitelist To: foo@foobar.com yes Problem with this is if a spam email was sent to foo, mike, harry, bob, jane, frank since foo is in the whitelist all these people will receive this spam messege no matter the spamassassin score. not sure if we have any other way around that problem -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info on behalf of Scott Silva Sent: Wed 3/8/2006 7:16 PM To: mailscanner@lists.mailscanner.info Subject: Re: How to block all email sent to a specific email address? Jody Cleveland spake the following on 3/7/2006 11:46 AM: > Hello, > > Is it possible to create a rule that would blacklist all mail coming in > for a specific email address? > > Kind of like blacklist *@* to *@xavier.winnefox.org? > > - jody userdel xavier will block all the mail ;-) -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060309/2035f447/attachment.html From john.french at emich.edu Thu Mar 9 18:48:52 2006 From: john.french at emich.edu (jf) Date: Thu Mar 9 18:46:35 2006 Subject: 4.51.5 scanning messages multiple times Message-ID: <44107894.8000104@emich.edu> I am running MailScanner 4.51.5 (recently upgraded from 4.50.15) on 4 RedHat AS4 boxes with the same hardware. The sendmail and MailScanner configuration files are identical, and the load is distributed to all four with a content switch. Three of the boxes are working fine, but on one of the boxes messages are being scanned several times before being delivered. This is happening with almost every message on that server. Only one message is delivered, but it is scanned many times. The only other difference I can find between this server and the three others is that on this one, I see lots of "[MailScanner] " processes, where the other servers have none. The only semi-relevant archived suggestions I can find deal with duplicate deliveries and the lock type. The lock type is set to posix on all four servers. Changing it to flock does not remove the behavior. Below is a log excerpt showing this problem occurring with one message. If anyone has any suggestions, I'd appreciate them. --- start example log ------------------- Mar 9 04:42:30 mailforward-d sendmail[22343]: k299gIL0022343: from=, size=2312, class=0, nrcpts=1, msgid=< 200603090941.k299fL1f089152@ns1.maxmailer.net>, proto=ESMTP, daemon=MTA, relay=ns1.maxmailer.net [216.171.216.248] Mar 9 04:42:30 mailforward-d sendmail[22343]: k299gIL0022343: to=, delay=00:00:00, mailer=esmtp, pri=32312, st at=queued Mar 9 04:57:46 mailforward-d MailScanner[31296]: SpamAssassin cache hit for message k299gIL0022343 Mar 9 04:57:46 mailforward-d MailScanner[31296]: Message k299gIL0022343 from 216.171.216.248 (u789mobs@maxmailer.net) to emich.edu is spam, SpamAssassin (score=6.005, required 5, URIBL_JP_SURBL 2.46, URIBL_OB_SURBL 3.21, unsub13 0.33) Mar 9 04:57:46 mailforward-d MailScanner[31296]: Spam Actions: message k299gIL0022343 actions are deliver Mar 9 04:57:57 mailforward-d MailScanner[31587]: SpamAssassin cache hit for message k299gIL0022343 Mar 9 04:57:57 mailforward-d MailScanner[31587]: Message k299gIL0022343 from 216.171.216.248 (u789mobs@maxmailer.net) to emich.edu is spam, SpamAssassin (score=6.005, required 5, URIBL_JP_SURBL 2.46, URIBL_OB_SURBL 3.21, unsub13 0.33) ... (same thing goes on for a bit) Mar 9 05:05:16 mailforward-d sendmail[2722]: k299gIL0022343: to=, delay=00:22:47, xdelay=00:00:00, mailer=esmtp, pri=122312, relay=server.emich.edu. [serverip], dsn=2.0.0, stat=Sent (Ok.) --- end example log ------------------- From jaearick at colby.edu Thu Mar 9 19:02:19 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Mar 9 19:02:33 2006 Subject: sendmail/MS multiple outbound queues? Message-ID: Gang, My setup: MS 4.51.5, sendmail, Solaris 9. I would like to use sendmail queuegroups on my *outbound* email, and I'm puzzled how to set up MS and sendmail. After MS grabs a message out of mqueue.in and processes it, I would like /var/spool/mqueue to have fastq and slowq directories, with different characteristics. Something like (in my sendmail.mc file): FEATURE(`queuegroup') QUEUE_GROUP(`fastq', `Path=/var/spool/mqueue/fastq, I=10m, R=10') QUEUE_GROUP(`slowq', `Path=/var/spool/mqueue/slowq, I=2h') With an entry in my access.db file of: QGRP:colby.edu fastq I see the "Outgoing Queue Dir" item in MailScanner.conf, but how would MailScanner know how to sort my outbound mail into different queues? I want my local to-be-delivered email in a different queue than outbound internet email. Thanks for any clues here! Jeff Earickson Colby College From MailScanner at ecs.soton.ac.uk Thu Mar 9 19:10:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 9 19:10:47 2006 Subject: 4.51.5 scanning messages multiple times In-Reply-To: <44107894.8000104@emich.edu> References: <44107894.8000104@emich.edu> Message-ID: <44107DA7.3020801@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Have you run MailScanner in debug mode? Does it produce any errors? There are reasons why messages can be dropped from a batch, but there are very few with sendmail, it's only Postfix which does it (intentionally, to allow scanning later). If you are using sendmail 8.13 and upwards you should use Lock Type = posix, before 8.13 you should use Lock Type = flock. Differing locking will cause problems like this. You say the 4 boxes are setup identically, but they are behaving differently, which tends to imply they aren't actually the same :-) jf wrote: > I am running MailScanner 4.51.5 (recently upgraded from 4.50.15) on 4 > RedHat AS4 boxes with the same hardware. The sendmail and MailScanner > configuration files are identical, and the load is distributed to all > four with a content switch. Three of the boxes are working fine, but on > one of the boxes messages are being scanned several times before being > delivered. This is happening with almost every message on that server. > Only one message is delivered, but it is scanned many times. > > The only other difference I can find between this server and the three > others is that on this one, I see lots of "[MailScanner] " > processes, where the other servers have none. > > The only semi-relevant archived suggestions I can find deal with > duplicate deliveries and the lock type. The lock type is set to posix > on all four servers. Changing it to flock does not remove the behavior. > > Below is a log excerpt showing this problem occurring with one message. > > If anyone has any suggestions, I'd appreciate them. > > --- start example log ------------------- > Mar 9 04:42:30 mailforward-d sendmail[22343]: k299gIL0022343: > from=, size=2312, class=0, nrcpts=1, msgid=< > 200603090941.k299fL1f089152@ns1.maxmailer.net>, proto=ESMTP, daemon=MTA, > relay=ns1.maxmailer.net [216.171.216.248] > Mar 9 04:42:30 mailforward-d sendmail[22343]: k299gIL0022343: > to=, delay=00:00:00, mailer=esmtp, pri=32312, st > at=queued > Mar 9 04:57:46 mailforward-d MailScanner[31296]: SpamAssassin cache hit > for message k299gIL0022343 > Mar 9 04:57:46 mailforward-d MailScanner[31296]: Message k299gIL0022343 > from 216.171.216.248 (u789mobs@maxmailer.net) to emich.edu is spam, > SpamAssassin (score=6.005, required 5, URIBL_JP_SURBL 2.46, > URIBL_OB_SURBL 3.21, unsub13 0.33) > Mar 9 04:57:46 mailforward-d MailScanner[31296]: Spam Actions: message > k299gIL0022343 actions are deliver > Mar 9 04:57:57 mailforward-d MailScanner[31587]: SpamAssassin cache hit > for message k299gIL0022343 > Mar 9 04:57:57 mailforward-d MailScanner[31587]: Message k299gIL0022343 > from 216.171.216.248 (u789mobs@maxmailer.net) to emich.edu is spam, > SpamAssassin (score=6.005, required 5, URIBL_JP_SURBL 2.46, > URIBL_OB_SURBL 3.21, unsub13 0.33) > > ... (same thing goes on for a bit) > > Mar 9 05:05:16 mailforward-d sendmail[2722]: k299gIL0022343: > to=, delay=00:22:47, xdelay=00:00:00, mailer=esmtp, > pri=122312, relay=server.emich.edu. [serverip], dsn=2.0.0, stat=Sent (Ok.) > --- end example log ------------------- > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRBB9rhH2WUcUFbZUEQKTiwCgoLyRbgQ3eONUo7PZU2jFUjdMbc4AnRmn w1r4ViBP5r5CJO1mMKfCSFZ2 =zVbR -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 9 19:13:13 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 9 19:13:12 2006 Subject: sendmail/MS multiple outbound queues? In-Reply-To: References: Message-ID: <44107E49.7080203@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeff A. Earickson wrote: > Gang, > > My setup: MS 4.51.5, sendmail, Solaris 9. I would like to use > sendmail queuegroups on my *outbound* email, and I'm puzzled how > to set up MS and sendmail. After MS grabs a message out of > mqueue.in and processes it, I would like /var/spool/mqueue > to have fastq and slowq directories, with different characteristics. > Something like (in my sendmail.mc file): > > FEATURE(`queuegroup') > QUEUE_GROUP(`fastq', `Path=/var/spool/mqueue/fastq, I=10m, R=10') > QUEUE_GROUP(`slowq', `Path=/var/spool/mqueue/slowq, I=2h') > > With an entry in my access.db file of: > > QGRP:colby.edu fastq > > I see the "Outgoing Queue Dir" item in MailScanner.conf, but how > would MailScanner know how to sort my outbound mail into different > queues? Easy. Use a ruleset to set the outgoing queue directory. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRBB+ShH2WUcUFbZUEQIEEgCfSFk9UfRhoW339mJ8aOBC5rtArKkAoJHM +01ZXPWezCxqk82mwpnHtdkt =sHB/ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jaearick at colby.edu Thu Mar 9 19:25:39 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Mar 9 19:25:48 2006 Subject: persistent queue runner for sendmail Message-ID: Julian, Referring to: http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml (which may be old), you have "sendmail -q15m" for the processing of post-MS email. Wouldn't it be better to use persistent queue runner, "sendmail -qp" instead. See the Bat Book, sect 6.1.1 and the O'Reilly sendmail cookbook, section 9.5. I've just made this change, comments please... Jeff Earickson colby College From MailScanner at ecs.soton.ac.uk Thu Mar 9 19:33:23 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 9 19:33:24 2006 Subject: persistent queue runner for sendmail In-Reply-To: References: Message-ID: <44108303.40402@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeff A. Earickson wrote: > Julian, > > Referring to: > > http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml > > (which may be old), you have "sendmail -q15m" for the processing > of post-MS email. Wouldn't it be better to use persistent queue > runner, "sendmail -qp" instead. See the Bat Book, sect 6.1.1 > and the O'Reilly sendmail cookbook, section 9.5. I've just > made this change, comments please... But sendmail -q15m is a persistent queue-runner, is it not? I don't have the bat book to hand (which edition anyway?) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRBCDBBH2WUcUFbZUEQIcwQCg2ovoYwoPhg2CzO/+YllPIfSJMusAn2f1 jJNeQQ/GsaRpRmOxp9KaRcn2 =o9ER -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From john.french at emich.edu Thu Mar 9 19:37:15 2006 From: john.french at emich.edu (jf) Date: Thu Mar 9 19:34:59 2006 Subject: *****SPAM***** Re: 4.51.5 scanning messages multiple times In-Reply-To: <44107DA7.3020801@ecs.soton.ac.uk> References: <44107894.8000104@emich.edu> <44107DA7.3020801@ecs.soton.ac.uk> Message-ID: <441083EB.8050102@emich.edu> Debug mode produces the usual EOCD signature messages and errors like the one below. During this debug session, duplicate scans were logged again (so if there was another message that would pop up during this problem, it should have this time). read-open /var/spool/MailScanner/incoming/16041/k24MxfOU003753/winmail.dat: No such file or directory at /usr/lib/perl5/site_perl/5.8.5/MIME/Body.pm line 435. All boxes are running sendmail 8.13.1; the sendmail.cf, access, MailScanner.conf files do not produce output when they are diff-compared to the other boxes. I've also compared the rc/init.d directories for differences in startup scripts to no avail. I guess I'm primarily fishing for more files to compare. Is there another log that might have relevant messages? Julian Field wrote: > Have you run MailScanner in debug mode? Does it produce any errors? > There are reasons why messages can be dropped from a batch, but there > are very few with sendmail, it's only Postfix which does it > (intentionally, to allow scanning later). > > If you are using sendmail 8.13 and upwards you should use Lock Type = > posix, before 8.13 you should use Lock Type = flock. > > Differing locking will cause problems like this. > > You say the 4 boxes are setup identically, but they are behaving > differently, which tends to imply they aren't actually the same :-) > > jf wrote: >>> I am running MailScanner 4.51.5 (recently upgraded from 4.50.15) on 4 >>> RedHat AS4 boxes with the same hardware. The sendmail and MailScanner >>> configuration files are identical, and the load is distributed to all >>> four with a content switch. Three of the boxes are working fine, but on >>> one of the boxes messages are being scanned several times before being >>> delivered. This is happening with almost every message on that server. >>> Only one message is delivered, but it is scanned many times. >>> >>> The only other difference I can find between this server and the three >>> others is that on this one, I see lots of "[MailScanner] " >>> processes, where the other servers have none. >>> >>> The only semi-relevant archived suggestions I can find deal with >>> duplicate deliveries and the lock type. The lock type is set to posix >>> on all four servers. Changing it to flock does not remove the behavior. >>> >>> Below is a log excerpt showing this problem occurring with one message. >>> >>> If anyone has any suggestions, I'd appreciate them. >>> >>> --- start example log ------------------- >>> Mar 9 04:42:30 mailforward-d sendmail[22343]: k299gIL0022343: >>> from=, size=2312, class=0, nrcpts=1, msgid=< >>> 200603090941.k299fL1f089152@ns1.maxmailer.net>, proto=ESMTP, daemon=MTA, >>> relay=ns1.maxmailer.net [216.171.216.248] >>> Mar 9 04:42:30 mailforward-d sendmail[22343]: k299gIL0022343: >>> to=, delay=00:00:00, mailer=esmtp, pri=32312, st >>> at=queued >>> Mar 9 04:57:46 mailforward-d MailScanner[31296]: SpamAssassin cache hit >>> for message k299gIL0022343 >>> Mar 9 04:57:46 mailforward-d MailScanner[31296]: Message k299gIL0022343 >>> from 216.171.216.248 (u789mobs@maxmailer.net) to emich.edu is spam, >>> SpamAssassin (score=6.005, required 5, URIBL_JP_SURBL 2.46, >>> URIBL_OB_SURBL 3.21, unsub13 0.33) >>> Mar 9 04:57:46 mailforward-d MailScanner[31296]: Spam Actions: message >>> k299gIL0022343 actions are deliver >>> Mar 9 04:57:57 mailforward-d MailScanner[31587]: SpamAssassin cache hit >>> for message k299gIL0022343 >>> Mar 9 04:57:57 mailforward-d MailScanner[31587]: Message k299gIL0022343 >>> from 216.171.216.248 (u789mobs@maxmailer.net) to emich.edu is spam, >>> SpamAssassin (score=6.005, required 5, URIBL_JP_SURBL 2.46, >>> URIBL_OB_SURBL 3.21, unsub13 0.33) >>> >>> ... (same thing goes on for a bit) >>> >>> Mar 9 05:05:16 mailforward-d sendmail[2722]: k299gIL0022343: >>> to=, delay=00:22:47, xdelay=00:00:00, mailer=esmtp, >>> pri=122312, relay=server.emich.edu. [serverip], dsn=2.0.0, stat=Sent (Ok.) >>> --- end example log ------------------- >>> > From jaearick at colby.edu Thu Mar 9 19:40:14 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Mar 9 19:40:34 2006 Subject: persistent queue runner for sendmail In-Reply-To: <44108303.40402@ecs.soton.ac.uk> References: <44108303.40402@ecs.soton.ac.uk> Message-ID: I was looking at Edition 3 of the Bat Book and Edition 1 of the Bat Cookbook. Persistent queue runners came along in sendmail 8.12. Most people on this list probably run 8.12 or 8.13, right? Jeff On Thu, 9 Mar 2006, Julian Field wrote: > Date: Thu, 09 Mar 2006 19:33:23 +0000 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: persistent queue runner for sendmail > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Jeff A. Earickson wrote: >> Julian, >> >> Referring to: >> >> http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml >> >> (which may be old), you have "sendmail -q15m" for the processing >> of post-MS email. Wouldn't it be better to use persistent queue >> runner, "sendmail -qp" instead. See the Bat Book, sect 6.1.1 >> and the O'Reilly sendmail cookbook, section 9.5. I've just >> made this change, comments please... > But sendmail -q15m is a persistent queue-runner, is it not? I don't have > the bat book to hand (which edition anyway?) > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQA/AwUBRBCDBBH2WUcUFbZUEQIcwQCg2ovoYwoPhg2CzO/+YllPIfSJMusAn2f1 > jJNeQQ/GsaRpRmOxp9KaRcn2 > =o9ER > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Thu Mar 9 19:59:12 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 9 19:59:13 2006 Subject: persistent queue runner for sendmail In-Reply-To: References: <44108303.40402@ecs.soton.ac.uk> Message-ID: <44108910.4070804@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Persistent queue runners of the "sendmail -q15m" type were certainly in 8.9 and I suspect long before that. Jeff A. Earickson wrote: > I was looking at Edition 3 of the Bat Book and Edition 1 of the Bat > Cookbook. Persistent queue runners came along in sendmail 8.12. > Most people on this list probably run 8.12 or 8.13, right? > > Jeff > > On Thu, 9 Mar 2006, Julian Field wrote: > >> Date: Thu, 09 Mar 2006 19:33:23 +0000 >> From: Julian Field >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Re: persistent queue runner for sendmail >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Jeff A. Earickson wrote: >>> Julian, >>> >>> Referring to: >>> >>> http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml >>> >>> (which may be old), you have "sendmail -q15m" for the processing >>> of post-MS email. Wouldn't it be better to use persistent queue >>> runner, "sendmail -qp" instead. See the Bat Book, sect 6.1.1 >>> and the O'Reilly sendmail cookbook, section 9.5. I've just >>> made this change, comments please... >> But sendmail -q15m is a persistent queue-runner, is it not? I don't have >> the bat book to hand (which edition anyway?) >> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.5 (Build 5050) >> >> iQA/AwUBRBCDBBH2WUcUFbZUEQIcwQCg2ovoYwoPhg2CzO/+YllPIfSJMusAn2f1 >> jJNeQQ/GsaRpRmOxp9KaRcn2 >> =o9ER >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRBCJERH2WUcUFbZUEQL28ACg30opASQYyiwGwxTrBAQYnX378tMAnRF0 JRofPjmOETrOOJU8/P4mAFmA =EyQ8 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 9 20:00:33 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 9 20:00:32 2006 Subject: *****SPAM***** Re: 4.51.5 scanning messages multiple times In-Reply-To: <441083EB.8050102@emich.edu> References: <44107894.8000104@emich.edu> <44107DA7.3020801@ecs.soton.ac.uk> <441083EB.8050102@emich.edu> Message-ID: <44108961.9050903@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aha! We have an error message. Please can you send me one of the messages producing this error? jf wrote: > Debug mode produces the usual EOCD signature messages and errors like > the one below. During this debug session, duplicate scans were logged > again (so if there was another message that would pop up during this > problem, it should have this time). > > read-open > /var/spool/MailScanner/incoming/16041/k24MxfOU003753/winmail.dat: No > such file or directory at /usr/lib/perl5/site_perl/5.8.5/MIME/Body.pm > line 435. > > All boxes are running sendmail 8.13.1; the sendmail.cf, access, > MailScanner.conf files do not produce output when they are diff-compared > to the other boxes. I've also compared the rc/init.d directories for > differences in startup scripts to no avail. > > I guess I'm primarily fishing for more files to compare. Is there > another log that might have relevant messages? > > Julian Field wrote: > >> Have you run MailScanner in debug mode? Does it produce any errors? >> There are reasons why messages can be dropped from a batch, but there >> are very few with sendmail, it's only Postfix which does it >> (intentionally, to allow scanning later). >> >> If you are using sendmail 8.13 and upwards you should use Lock Type = >> posix, before 8.13 you should use Lock Type = flock. >> >> Differing locking will cause problems like this. >> >> You say the 4 boxes are setup identically, but they are behaving >> differently, which tends to imply they aren't actually the same :-) >> >> jf wrote: >> >>>> I am running MailScanner 4.51.5 (recently upgraded from 4.50.15) on 4 >>>> RedHat AS4 boxes with the same hardware. The sendmail and MailScanner >>>> configuration files are identical, and the load is distributed to all >>>> four with a content switch. Three of the boxes are working fine, but on >>>> one of the boxes messages are being scanned several times before being >>>> delivered. This is happening with almost every message on that server. >>>> Only one message is delivered, but it is scanned many times. >>>> >>>> The only other difference I can find between this server and the three >>>> others is that on this one, I see lots of "[MailScanner] " >>>> processes, where the other servers have none. >>>> >>>> The only semi-relevant archived suggestions I can find deal with >>>> duplicate deliveries and the lock type. The lock type is set to posix >>>> on all four servers. Changing it to flock does not remove the behavior. >>>> >>>> Below is a log excerpt showing this problem occurring with one message. >>>> >>>> If anyone has any suggestions, I'd appreciate them. >>>> >>>> --- start example log ------------------- >>>> Mar 9 04:42:30 mailforward-d sendmail[22343]: k299gIL0022343: >>>> from=, size=2312, class=0, nrcpts=1, msgid=< >>>> 200603090941.k299fL1f089152@ns1.maxmailer.net>, proto=ESMTP, daemon=MTA, >>>> relay=ns1.maxmailer.net [216.171.216.248] >>>> Mar 9 04:42:30 mailforward-d sendmail[22343]: k299gIL0022343: >>>> to=, delay=00:00:00, mailer=esmtp, pri=32312, st >>>> at=queued >>>> Mar 9 04:57:46 mailforward-d MailScanner[31296]: SpamAssassin cache hit >>>> for message k299gIL0022343 >>>> Mar 9 04:57:46 mailforward-d MailScanner[31296]: Message k299gIL0022343 >>>> from 216.171.216.248 (u789mobs@maxmailer.net) to emich.edu is spam, >>>> SpamAssassin (score=6.005, required 5, URIBL_JP_SURBL 2.46, >>>> URIBL_OB_SURBL 3.21, unsub13 0.33) >>>> Mar 9 04:57:46 mailforward-d MailScanner[31296]: Spam Actions: message >>>> k299gIL0022343 actions are deliver >>>> Mar 9 04:57:57 mailforward-d MailScanner[31587]: SpamAssassin cache hit >>>> for message k299gIL0022343 >>>> Mar 9 04:57:57 mailforward-d MailScanner[31587]: Message k299gIL0022343 >>>> from 216.171.216.248 (u789mobs@maxmailer.net) to emich.edu is spam, >>>> SpamAssassin (score=6.005, required 5, URIBL_JP_SURBL 2.46, >>>> URIBL_OB_SURBL 3.21, unsub13 0.33) >>>> >>>> ... (same thing goes on for a bit) >>>> >>>> Mar 9 05:05:16 mailforward-d sendmail[2722]: k299gIL0022343: >>>> to=, delay=00:22:47, xdelay=00:00:00, mailer=esmtp, >>>> pri=122312, relay=server.emich.edu. [serverip], dsn=2.0.0, stat=Sent (Ok.) >>>> --- end example log ------------------- >>>> >>>> - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRBCJYhH2WUcUFbZUEQIXpQCgjHeSFdLsCtOENITkd/5nVOsR0mAAmwRp EIeUCSvawEyrw0yaQGXk2ToE =47Qh -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Thu Mar 9 20:14:00 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Mar 9 20:15:22 2006 Subject: message vs attachment size In-Reply-To: References: Message-ID: Kevin Miller spake the following on 3/9/2006 7:59 AM: > Julian Field wrote: > >> It's very simple, the message size is the size of the file containing >> the body of the text, for MTA's that have 2 files per message >> (sendmail and Exim). For MTA's that have 1 file per message (Postfix >> and ZMailer) it is simply the size of the file representing the >> entire message including headers and envelope data. >> >> Yes, I know that makes the figure slightly different for different >> MTA's with the same mesage. But people only ever use it as an >> approximate figure, e.g. 10MB. No-one cares if it is 10MB + 100 bytes >> or 10MB - 100 bytes. > > Just to elaborate a bit, it may also be worth noting that when an > attachment is encoded there is about a 25% increase in filesize so if > someone asks what your limit is and you say 10 MB, from a practical > standpoint they may only be able to attach a 7.5 MB doc. Of course, > anybody sending 7.5 - 10 MB files should be fed to the sharks, but > that's a different rant... > > ...Kevin Our execs routinely send 25 to 30 MB files to and from lawyers. It is easier on my paycheck to just let them do it, then to get them to learn something different. From Kevin_Miller at ci.juneau.ak.us Thu Mar 9 20:47:08 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Mar 9 20:47:17 2006 Subject: message vs attachment size Message-ID: Scott Silva wrote: >> standpoint they may only be able to attach a 7.5 MB doc. Of course, >> anybody sending 7.5 - 10 MB files should be fed to the sharks, but >> that's a different rant... >> >> ...Kevin > Our execs routinely send 25 to 30 MB files to and from lawyers. It is > easier on my paycheck to just let them do it, then to get them to > learn something different. Ah. Feeding sharks to the sharks would be unethical... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From ssilva at sgvwater.com Thu Mar 9 20:48:12 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Mar 9 20:48:43 2006 Subject: *****SPAM***** Re: 4.51.5 scanning messages multiple times In-Reply-To: <441083EB.8050102@emich.edu> References: <44107894.8000104@emich.edu> <44107DA7.3020801@ecs.soton.ac.uk> <441083EB.8050102@emich.edu> Message-ID: jf spake the following on 3/9/2006 11:37 AM: > Debug mode produces the usual EOCD signature messages and errors like > the one below. During this debug session, duplicate scans were logged > again (so if there was another message that would pop up during this > problem, it should have this time). > > read-open > /var/spool/MailScanner/incoming/16041/k24MxfOU003753/winmail.dat: No > such file or directory at /usr/lib/perl5/site_perl/5.8.5/MIME/Body.pm > line 435. > > All boxes are running sendmail 8.13.1; the sendmail.cf, access, > MailScanner.conf files do not produce output when they are diff-compared > to the other boxes. I've also compared the rc/init.d directories for > differences in startup scripts to no avail. > > I guess I'm primarily fishing for more files to compare. Is there > another log that might have relevant messages? > Try a ; MailScanner --v and compare the output. Maybe a module didn't install. From jaearick at colby.edu Thu Mar 9 21:27:39 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Mar 9 21:31:19 2006 Subject: persistent queue runner for sendmail In-Reply-To: <44108910.4070804@ecs.soton.ac.uk> References: <44108303.40402@ecs.soton.ac.uk> <44108910.4070804@ecs.soton.ac.uk> Message-ID: The -qp option for queue runners only appeared in sendmail 8.12. I got a ruleset written to split my outbound queues into fast (local domain) and slow (everything else), changed my init.d sendmail script to do: /usr/lib/sendmail -qp -OQueueDirectory=/var/spool/mqueue/fastq /usr/lib/sendmail -qp -OQueueDirectory=/var/spool/mqueue/slowq for processing of my two queues, everything is working great. Why didn't I split my queues earlier? Doh! Jeff Earickson Colby College On Thu, 9 Mar 2006, Julian Field wrote: > Date: Thu, 09 Mar 2006 19:59:12 +0000 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: persistent queue runner for sendmail > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Persistent queue runners of the "sendmail -q15m" type were certainly in > 8.9 and I suspect long before that. > > Jeff A. Earickson wrote: >> I was looking at Edition 3 of the Bat Book and Edition 1 of the Bat >> Cookbook. Persistent queue runners came along in sendmail 8.12. >> Most people on this list probably run 8.12 or 8.13, right? >> >> Jeff >> >> On Thu, 9 Mar 2006, Julian Field wrote: >> >>> Date: Thu, 09 Mar 2006 19:33:23 +0000 >>> From: Julian Field >>> Reply-To: MailScanner discussion >>> To: MailScanner discussion >>> Subject: Re: persistent queue runner for sendmail >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> >>> >>> Jeff A. Earickson wrote: >>>> Julian, >>>> >>>> Referring to: >>>> >>>> http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml >>>> >>>> (which may be old), you have "sendmail -q15m" for the processing >>>> of post-MS email. Wouldn't it be better to use persistent queue >>>> runner, "sendmail -qp" instead. See the Bat Book, sect 6.1.1 >>>> and the O'Reilly sendmail cookbook, section 9.5. I've just >>>> made this change, comments please... >>> But sendmail -q15m is a persistent queue-runner, is it not? I don't have >>> the bat book to hand (which edition anyway?) >>> >>> - -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.0.5 (Build 5050) >>> >>> iQA/AwUBRBCDBBH2WUcUFbZUEQIcwQCg2ovoYwoPhg2CzO/+YllPIfSJMusAn2f1 >>> jJNeQQ/GsaRpRmOxp9KaRcn2 >>> =o9ER >>> -----END PGP SIGNATURE----- >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQA/AwUBRBCJERH2WUcUFbZUEQL28ACg30opASQYyiwGwxTrBAQYnX378tMAnRF0 > JRofPjmOETrOOJU8/P4mAFmA > =EyQ8 > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From shuttlebox at gmail.com Thu Mar 9 22:15:51 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 9 22:15:54 2006 Subject: How to block all email sent to a specific email address? In-Reply-To: References: <9720CA43F755A148BF65B6618B90CB941A5BB0@magneto.wals.local> Message-ID: <625385e30603091415k35ce106ta3e0bc815f4f4522@mail.gmail.com> On 3/9/06, Taso Chatziantoniou wrote: > Problem with this is if a spam email was sent to foo, mike, harry, bob, > jane, frank since foo is in the whitelist > all these people will receive this spam messege no matter the spamassassin > score. > not sure if we have any other way around that problem Most MTA:s support recipient splitting which will solve your problem. Note that it increases load on the server though. -- /peter From marco at unixpsycho.com Fri Mar 10 00:08:05 2006 From: marco at unixpsycho.com (uNiX pSyChO) Date: Fri Mar 10 00:08:39 2006 Subject: persistent queue runner for sendmail In-Reply-To: References: <44108303.40402@ecs.soton.ac.uk> <44108910.4070804@ecs.soton.ac.uk> Message-ID: Jeff A. Earickson wrote: > The -qp option for queue runners only appeared in sendmail 8.12. > > I got a ruleset written to split my outbound queues into fast > (local domain) and slow (everything else), changed my init.d > sendmail script to do: > > /usr/lib/sendmail -qp -OQueueDirectory=/var/spool/mqueue/fastq > /usr/lib/sendmail -qp -OQueueDirectory=/var/spool/mqueue/slowq > > for processing of my two queues, everything is working great. > Why didn't I split my queues earlier? Doh! urr? there looks to be something missing. it looks like you just created 2 identical queues. from what i remember you can configure each queue to have different properties, if indeed you wanted a "slow" and "fast" queue. From azher at niit.edu.pk Fri Mar 10 03:06:23 2006 From: azher at niit.edu.pk (Azher Amin) Date: Fri Mar 10 03:06:30 2006 Subject: MailScanner and Quota Message-ID: <4410ED2F.90001@niit.edu.pk> Hi Julian, I have bee using MailScanner for a long time and its really impressive to me. I am managing multiple mail servers running Sendmail and MailScanner together on RedHat and Debian. I am facing a bit problem so i hope you or some other can help me. Disk space for my users (i.e. home dirs) are well managed thru linux quota, however the emails once processed by MailScanner go into /var/spool/mail/. Most of the users (above 600) are not cleaning up their inbox i.e. /var/spool/mail/, and thus i am always getting in the problem of reduced disk space. Is their any piece of code that (with the help of sendmail or MailScanner) sum up the home dir size and the existing /var/spool/mail/ and then respond with an error to remote MTA that this user is out of quota, otherwise accept the email. Look forward to get the solution. Regards Azher From jaearick at colby.edu Fri Mar 10 03:14:05 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri Mar 10 03:30:50 2006 Subject: fast/slow queues for outbound email In-Reply-To: References: <44108303.40402@ecs.soton.ac.uk> <44108910.4070804@ecs.soton.ac.uk> Message-ID: On Thu, 9 Mar 2006, uNiX pSyChO wrote: > Jeff A. Earickson wrote: >> >> I got a ruleset written to split my outbound queues into fast >> (local domain) and slow (everything else), changed my init.d >> sendmail script to do: >> >> /usr/lib/sendmail -qp -OQueueDirectory=/var/spool/mqueue/fastq >> /usr/lib/sendmail -qp -OQueueDirectory=/var/spool/mqueue/slowq >> >> for processing of my two queues, everything is working great. >> Why didn't I split my queues earlier? Doh! > > urr? > > there looks to be something missing. it looks like you just created 2 > identical queues. from what i remember you can configure each queue to have > different properties, if indeed you wanted a "slow" and "fast" queue. > Ahhh, but the magic comes in the MS ruleset. Julian's code is so cool and flexible for me to do this. I set this in my Mailscanner.conf: Outgoing Queue Dir = %localrules-dir%/outqueue.rules and the ruleset looks like: To: @colby.edu /var/spool/mqueue/fastq To: @basalt.colby.edu /var/spool/mqueue/fastq From: @facebook.com /var/spool/mqueue/slowq FromOrTo: default /var/spool/mqueue/slowq Stuff to be locally delivered at my domain goes in the fast queue, other stuff goes in the slowq. Ok, so I hate facebook and they go in the slow queue. The only puzzlement is unqualified addresses, eg "joeblow" instead of "joeblow@colby.edu". They end up in the slow queue. Any Regex dudes out there who could suggest a To: rule for this? Jeff Earickson Colby College From matt at coders.co.uk Fri Mar 10 07:23:39 2006 From: matt at coders.co.uk (Matt Hampton) Date: Fri Mar 10 07:23:44 2006 Subject: MailScanner and Quota In-Reply-To: <4410ED2F.90001@niit.edu.pk> References: <4410ED2F.90001@niit.edu.pk> Message-ID: <4411297B.6030109@coders.co.uk> Azher Amin wrote: > Disk space for my users (i.e. home dirs) are well managed thru linux > quota, however the emails once processed by MailScanner go into > /var/spool/mail/. Most of the users (above 600) are not cleaning > up their inbox i.e. /var/spool/mail/, and thus i am always > getting in the problem of reduced disk space. Is their any piece of code > that (with the help of sendmail or MailScanner) sum up the home dir size > and the existing /var/spool/mail/ and then respond with an error > to remote MTA that this user is out of quota, otherwise accept the email. Why not move the mailbox into the home directory? http://www.yapd.net/howto.php?HOWTO=2 matt From rborland at medsch.uz.ac.zw Fri Mar 10 08:59:57 2006 From: rborland at medsch.uz.ac.zw (Rob Borland) Date: Fri Mar 10 08:56:38 2006 Subject: Does spamassassin cache database lower the amount of spamassassin timeouts? In-Reply-To: <200603091914.k29JCIU8015995@bkserver.blacknight.ie> References: <200603091914.k29JCIU8015995@bkserver.blacknight.ie> Message-ID: <4411400D.80703@medsch.uz.ac.zw> >> We are currently running six Mailscanner boxes that receive about 30,000 >> to 50,000 emails each everyday. >> We get about 270-280 Spamassassin time outs (as per logwatch) which, >> considered the amount of mail we get is not bad at all. I was getting many timeouts on much lower volumes of mail than this. I have eliminated them completely after receiving advice on the list to set the following options: "Rebuild Bayes Every 86400" in MailScanner.conf. "bayes_auto_expire 0" in /etc/mail/spamassassin/local.cf. Clearly the timeouts were occurring during Bayes rebuilds. Leaving this process to MailScanner to handle fixed the problem entirely. Regards, Rob -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solid-state-logic.com Fri Mar 10 09:02:16 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Mar 10 09:02:26 2006 Subject: Latest RBLs to use In-Reply-To: <166e673e4aaef0d83043c42e601b294e@localhost> Message-ID: <005701c64421$54442740$3004010a@martinhlaptop> Max You'll still need a load of the SARE rules (and others) in addition to the URI_RBLS (I've got extra URI-RBL's over the normal SA supplied as well). I also find DCC pyzor useful too. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Max Kipness > Sent: 09 March 2006 18:03 > To: mailscanner@lists.mailscanner.info > Subject: Fwd: Latest RBLs to use > > > Hello - > > I'm in the process of installing the latest version of MailScanner. I > haven't > set one up in a while and was wondering which ones people are using > nowadays. > Years ago I think I had setup a long list of them. With SURBL is this > necessary > now? Or just let SpamAssassin handle it? > > Thanks, > Max > -- > Thanks, > > Max > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Fri Mar 10 09:37:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 10 09:38:05 2006 Subject: Does spamassassin cache database lower the amount of spamassassin timeouts? In-Reply-To: <440F2567.8000103@evi-inc.com> References: <440F2567.8000103@evi-inc.com> Message-ID: <909816BF-9E39-45E9-9777-4DF802D733B4@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 8 Mar 2006, at 18:41, Matt Kettler wrote: > If there's a particular kind of image-only spam involved, some of > the SARE > rulesets can be helpful. I personally like the following SARE > rulesets and use > them on my production systems: > > > 70_sare_adult.cf > 70_sare_evilnum0.cf > 70_sare_genlsubj0.cf > 70_sare_html0.cf > 70_sare_obfu0.cf > 70_sare_random.cf > 70_sare_specific.cf > 70_sare_stocks.cf > 70_sare_uri0.cf > 99_sare_fraud_post25x.cf Many thanks for posting that. I added obfu0 and stocks to my setups and they have helped enormously! No spam whatsoever this morning. :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRBFI9vw32o+k+q+hAQFWwwf/UEhaaYHiEKr7xEjrCRJDc+fZgyf5yNHq rRbp8EpVqF2DFBPXqB/gkzkeh8WQxnKjwJuuCNZhMs5z714VR7QOGYf5XTmGC7Fw ATjav0p9vxosJVzr/ROpzDiD4MWg/KR9/3KBKW/QYJWK4JfvZ6at93CWgLKNcvXr tVi2jMVuTQXrgO+Cw1Ip0A7jP5upho3UNbzyxRY/JJ7CCVhCPRrm0ThtmEoRuar2 ukcln2Jc1SqTBG3SfDw5EWXqW6l8WKgn0g/yKc/jWaWK/l62GbBCQTjX/vdLwlyY s03TwfLY8HNOKmlqLmmULU6C0IBV3SC1CvOJDu8PcUn9VIAnDMjr4g== =v0WR -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From strydom.dave at gmail.com Fri Mar 10 09:51:40 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Fri Mar 10 09:51:43 2006 Subject: Does spamassassin cache database lower the amount of spamassassin timeouts? In-Reply-To: <909816BF-9E39-45E9-9777-4DF802D733B4@ecs.soton.ac.uk> References: <440F2567.8000103@evi-inc.com> <909816BF-9E39-45E9-9777-4DF802D733B4@ecs.soton.ac.uk> Message-ID: Julian, Doesn't your lint test time go through the roof when you add those files? Currently my lint test takes 2.3sec to complete. Dave On 3/10/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > On 8 Mar 2006, at 18:41, Matt Kettler wrote: > > > If there's a particular kind of image-only spam involved, some of > > the SARE > > rulesets can be helpful. I personally like the following SARE > > rulesets and use > > them on my production systems: > > > > > > 70_sare_adult.cf > > 70_sare_evilnum0.cf > > 70_sare_genlsubj0.cf > > 70_sare_html0.cf > > 70_sare_obfu0.cf > > 70_sare_random.cf > > 70_sare_specific.cf > > 70_sare_stocks.cf > > 70_sare_uri0.cf > > 99_sare_fraud_post25x.cf > > Many thanks for posting that. I added obfu0 and stocks to my setups > and they have helped enormously! No spam whatsoever this morning. > :-) > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQEVAwUBRBFI9vw32o+k+q+hAQFWwwf/UEhaaYHiEKr7xEjrCRJDc+fZgyf5yNHq > rRbp8EpVqF2DFBPXqB/gkzkeh8WQxnKjwJuuCNZhMs5z714VR7QOGYf5XTmGC7Fw > ATjav0p9vxosJVzr/ROpzDiD4MWg/KR9/3KBKW/QYJWK4JfvZ6at93CWgLKNcvXr > tVi2jMVuTQXrgO+Cw1Ip0A7jP5upho3UNbzyxRY/JJ7CCVhCPRrm0ThtmEoRuar2 > ukcln2Jc1SqTBG3SfDw5EWXqW6l8WKgn0g/yKc/jWaWK/l62GbBCQTjX/vdLwlyY > s03TwfLY8HNOKmlqLmmULU6C0IBV3SC1CvOJDu8PcUn9VIAnDMjr4g== > =v0WR > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From strydom.dave at gmail.com Fri Mar 10 09:55:02 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Fri Mar 10 09:55:05 2006 Subject: MailScanner and Quota In-Reply-To: <4411297B.6030109@coders.co.uk> References: <4410ED2F.90001@niit.edu.pk> <4411297B.6030109@coders.co.uk> Message-ID: mv /var/spool/mail /home/ ln -sf /home/mail /var/spool/mail On 3/10/06, Matt Hampton wrote: > Azher Amin wrote: > > Disk space for my users (i.e. home dirs) are well managed thru linux > > quota, however the emails once processed by MailScanner go into > > /var/spool/mail/. Most of the users (above 600) are not cleaning > > up their inbox i.e. /var/spool/mail/, and thus i am always > > getting in the problem of reduced disk space. Is their any piece of code > > that (with the help of sendmail or MailScanner) sum up the home dir size > > and the existing /var/spool/mail/ and then respond with an error > > to remote MTA that this user is out of quota, otherwise accept the email. > > Why not move the mailbox into the home directory? > > http://www.yapd.net/howto.php?HOWTO=2 > > matt > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From gmatt at nerc.ac.uk Fri Mar 10 10:01:18 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Fri Mar 10 10:01:32 2006 Subject: sendmail/MS multiple outbound queues? In-Reply-To: <44107E49.7080203@ecs.soton.ac.uk> References: <44107E49.7080203@ecs.soton.ac.uk> Message-ID: <1141984878.15297.9.camel@lea.nerc-wallingford.ac.uk> On Thu, 2006-03-09 at 19:13 +0000, Julian Field wrote: > Easy. Use a ruleset to set the outgoing queue directory. except I've never got this to work, MS just seems to spread all the mail around the queue directories regardless of my rules. For instance I have in MailScanner.conf: Outgoing Queue Dir = %rules-dir%/outgoing.queue.dir.rules and the outgoing.queue.dir.rules file looks like: To: *@bgs.ac.uk /var/spool/mqueue/qBGS # To: *@bas.ac.uk /var/spool/mqueue/qBAS # To: *@nerc.ac.uk /var/spool/mqueue/qGROUPWISE To: *@ceh.ac.uk /var/spool/mqueue/qGROUPWISE To: *@wpo.nerc.ac.uk /var/spool/mqueue/qGROUPWISE # To: *@soc.soton.ac.uk /var/spool/mqueue/qSOC To: *@noc.soton.ac.uk /var/spool/mqueue/qSOC # FromOrTo: default /var/spool/mqueue/qDEFAULT The whitespace is all tabs in the actual file. When I look at the qf files in these directories, they dont correspond to the expected destination addresses. The directories seem to be used randomly. GREG > > - -- > Julian Field -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From jaesquibal at meridiantelekoms.com Fri Mar 10 10:02:36 2006 From: jaesquibal at meridiantelekoms.com (Joey Esquibal) Date: Fri Mar 10 10:02:57 2006 Subject: MailScanner and Quota References: <4410ED2F.90001@niit.edu.pk> <4411297B.6030109@coders.co.uk> Message-ID: <004901c64429$c1fdc720$103ca8c0@joeyae> Put your spool mails inside each user's homedir by using procmail. Implications would be you will need to recompile your POP3 server to locate the spool mails in user's homedir. Regards, Joey ----- Original Message ----- From: "Dave Strydom" To: "MailScanner discussion" Sent: Friday, March 10, 2006 5:55 PM Subject: Re: MailScanner and Quota > mv /var/spool/mail /home/ > ln -sf /home/mail /var/spool/mail > > > On 3/10/06, Matt Hampton wrote: >> Azher Amin wrote: >> > Disk space for my users (i.e. home dirs) are well managed thru linux >> > quota, however the emails once processed by MailScanner go into >> > /var/spool/mail/. Most of the users (above 600) are not cleaning >> > up their inbox i.e. /var/spool/mail/, and thus i am always >> > getting in the problem of reduced disk space. Is their any piece of >> > code >> > that (with the help of sendmail or MailScanner) sum up the home dir >> > size >> > and the existing /var/spool/mail/ and then respond with an error >> > to remote MTA that this user is out of quota, otherwise accept the >> > email. >> >> Why not move the mailbox into the home directory? >> >> http://www.yapd.net/howto.php?HOWTO=2 >> >> matt >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Fri Mar 10 10:06:06 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 10 10:06:16 2006 Subject: Does spamassassin cache database lower the amount of spamassassin timeouts? In-Reply-To: References: <440F2567.8000103@evi-inc.com> <909816BF-9E39-45E9-9777-4DF802D733B4@ecs.soton.ac.uk> Message-ID: <2022C194-AAF8-4A1A-A4BC-C9F3AD16F6C4@ecs.soton.ac.uk> I haven't timed it before I installed the files, and they are production systems so I don't want to play with them. But they aren't very big rulesets compared to the header sets. On 10 Mar 2006, at 09:51, Dave Strydom wrote: > Julian, > > Doesn't your lint test time go through the roof when you add those > files? > > Currently my lint test takes 2.3sec to complete. > > Dave > > On 3/10/06, Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> >> >> On 8 Mar 2006, at 18:41, Matt Kettler wrote: >> >>> If there's a particular kind of image-only spam involved, some of >>> the SARE >>> rulesets can be helpful. I personally like the following SARE >>> rulesets and use >>> them on my production systems: >>> >>> >>> 70_sare_adult.cf >>> 70_sare_evilnum0.cf >>> 70_sare_genlsubj0.cf >>> 70_sare_html0.cf >>> 70_sare_obfu0.cf >>> 70_sare_random.cf >>> 70_sare_specific.cf >>> 70_sare_stocks.cf >>> 70_sare_uri0.cf >>> 99_sare_fraud_post25x.cf >> >> Many thanks for posting that. I added obfu0 and stocks to my setups >> and they have helped enormously! No spam whatsoever this morning. >> :-) >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From strydom.dave at gmail.com Fri Mar 10 10:19:28 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Fri Mar 10 10:19:31 2006 Subject: Does spamassassin cache database lower the amount of spamassassin timeouts? In-Reply-To: <2022C194-AAF8-4A1A-A4BC-C9F3AD16F6C4@ecs.soton.ac.uk> References: <440F2567.8000103@evi-inc.com> <909816BF-9E39-45E9-9777-4DF802D733B4@ecs.soton.ac.uk> <2022C194-AAF8-4A1A-A4BC-C9F3AD16F6C4@ecs.soton.ac.uk> Message-ID: Apparently not... I just got 2.03657 with the following loaded: 70_sare_adult.cf 70_sc_top200.cf 70_sare_stocks.cf 70_sare_specific.cf 70_sare_spoof.cf 70_sare_random.cf Dave On 3/10/06, Julian Field wrote: > I haven't timed it before I installed the files, and they are > production systems so I don't want to play with them. But they aren't > very big rulesets compared to the header sets. > > > On 10 Mar 2006, at 09:51, Dave Strydom wrote: > > > Julian, > > > > Doesn't your lint test time go through the roof when you add those > > files? > > > > Currently my lint test takes 2.3sec to complete. > > > > Dave > > > > On 3/10/06, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> > >> > >> On 8 Mar 2006, at 18:41, Matt Kettler wrote: > >> > >>> If there's a particular kind of image-only spam involved, some of > >>> the SARE > >>> rulesets can be helpful. I personally like the following SARE > >>> rulesets and use > >>> them on my production systems: > >>> > >>> > >>> 70_sare_adult.cf > >>> 70_sare_evilnum0.cf > >>> 70_sare_genlsubj0.cf > >>> 70_sare_html0.cf > >>> 70_sare_obfu0.cf > >>> 70_sare_random.cf > >>> 70_sare_specific.cf > >>> 70_sare_stocks.cf > >>> 70_sare_uri0.cf > >>> 99_sare_fraud_post25x.cf > >> > >> Many thanks for posting that. I added obfu0 and stocks to my setups > >> and they have helped enormously! No spam whatsoever this morning. > >> :-) > >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From marlo at raidbr.com.br Fri Mar 10 12:01:27 2006 From: marlo at raidbr.com.br (marlo - raidbr) Date: Fri Mar 10 12:01:26 2006 Subject: Mailscanner + postgresql Message-ID: <1141992087.6834.4.camel@localhost.localdomain> Staff, howto of mailscanner with prostgresql alguem knows some. From jaearick at colby.edu Fri Mar 10 15:16:04 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri Mar 10 16:05:28 2006 Subject: sendmail/MS multiple outbound queues? In-Reply-To: <1141984878.15297.9.camel@lea.nerc-wallingford.ac.uk> References: <44107E49.7080203@ecs.soton.ac.uk> <1141984878.15297.9.camel@lea.nerc-wallingford.ac.uk> Message-ID: Greg, What may be going on is the issue of multiple recipients in the To: line with different domains. I found a message in my fast queue this morning going to a (nonresponsive) outside domain, where I want only "@colby.edu" messages in that queue. Checking the syslogs, I found that the original message was going to: To: user1@colby.edu, user2@colby.edu, user3@slowhost.com After the queue runner did its thing, the message got delivered to the two local addresses fast, but the message hung around in the fast queue still trying to deliver to slowhost.com. From a "mailq" point of view, all I saw later was a single recipient message in the "wrong" queue. This is probably what you see too. Jeff Earickson Colby College On Fri, 10 Mar 2006, Greg Matthews wrote: > Date: Fri, 10 Mar 2006 10:01:18 +0000 > From: Greg Matthews > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: sendmail/MS multiple outbound queues? > > On Thu, 2006-03-09 at 19:13 +0000, Julian Field wrote: >> Easy. Use a ruleset to set the outgoing queue directory. > > except I've never got this to work, MS just seems to spread all the mail > around the queue directories regardless of my rules. For instance I have > in MailScanner.conf: > > Outgoing Queue Dir = %rules-dir%/outgoing.queue.dir.rules > > and the outgoing.queue.dir.rules file looks like: > > To: *@bgs.ac.uk /var/spool/mqueue/qBGS > # > To: *@bas.ac.uk /var/spool/mqueue/qBAS > # > To: *@nerc.ac.uk /var/spool/mqueue/qGROUPWISE > To: *@ceh.ac.uk /var/spool/mqueue/qGROUPWISE > To: *@wpo.nerc.ac.uk /var/spool/mqueue/qGROUPWISE > # > To: *@soc.soton.ac.uk /var/spool/mqueue/qSOC > To: *@noc.soton.ac.uk /var/spool/mqueue/qSOC > # > FromOrTo: default /var/spool/mqueue/qDEFAULT > > The whitespace is all tabs in the actual file. When I look at the qf > files in these directories, they dont correspond to the expected > destination addresses. The directories seem to be used randomly. > > GREG > >> >> - -- >> Julian Field > > -- > Greg Matthews 01491 692445 > Head of UNIX/Linux, iTSS Wallingford > > > -- > This message (and any attachments) is for the recipient only. NERC > is subject to the Freedom of Information Act 2000 and the contents > of this email and any reply you make may be disclosed by NERC unless > it is exempt from release under the Act. Any material supplied to > NERC may be stored in an electronic records management system. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mkettler at evi-inc.com Fri Mar 10 16:43:23 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Mar 10 16:43:43 2006 Subject: Does spamassassin cache database lower the amount of spamassassin timeouts? In-Reply-To: <909816BF-9E39-45E9-9777-4DF802D733B4@ecs.soton.ac.uk> References: <440F2567.8000103@evi-inc.com> <909816BF-9E39-45E9-9777-4DF802D733B4@ecs.soton.ac.uk> Message-ID: <4411ACAB.1010106@evi-inc.com> Julian Field wrote: > > On 8 Mar 2006, at 18:41, Matt Kettler wrote: > >>> If there's a particular kind of image-only spam involved, some of >>> the SARE >>> rulesets can be helpful. I personally like the following SARE >>> rulesets and use >>> them on my production systems: > > Many thanks for posting that. I added obfu0 and stocks to my setups > and they have helped enormously! No spam whatsoever this morning. > :-) You're welcome Julian.. I'm glad to have returned a small favor to someone who wrote such a handy piece of software that makes my life easier :) From gmatt at nerc.ac.uk Fri Mar 10 16:53:11 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Fri Mar 10 16:53:19 2006 Subject: sendmail/MS multiple outbound queues? In-Reply-To: References: <44107E49.7080203@ecs.soton.ac.uk> <1141984878.15297.9.camel@lea.nerc-wallingford.ac.uk> Message-ID: <1142009591.17913.44.camel@lea.nerc-wallingford.ac.uk> On Fri, 2006-03-10 at 10:16 -0500, Jeff A. Earickson wrote: > Greg, > > What may be going on is the issue of multiple recipients in the > To: line with different domains. I found a message in my fast queue > this morning going to a (nonresponsive) outside domain, where I > want only "@colby.edu" messages in that queue. Checking the > syslogs, I found that the original message was going to: > > To: user1@colby.edu, user2@colby.edu, user3@slowhost.com > > After the queue runner did its thing, the message got delivered to > the two local addresses fast, but the message hung around in > the fast queue still trying to deliver to slowhost.com. From a > "mailq" point of view, all I saw later was a single recipient > message in the "wrong" queue. This is probably what you see too. hmmm... this definitely matches some cases that I see. I think I see what the problem is now, most of the messages are non-delivery messages. These must be generated automatically by sendmail and therefore dont follow the rules (and dont get logged to mailwatch). Apologies for blaming MS for this! G > > Jeff Earickson > Colby College -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From doc at maddoc.net Fri Mar 10 20:30:49 2006 From: doc at maddoc.net (Doc Schneider) Date: Fri Mar 10 20:30:55 2006 Subject: Does spamassassin cache database lower the amount of spamassassin timeouts? In-Reply-To: <909816BF-9E39-45E9-9777-4DF802D733B4@ecs.soton.ac.uk> References: <440F2567.8000103@evi-inc.com> <909816BF-9E39-45E9-9777-4DF802D733B4@ecs.soton.ac.uk> Message-ID: <4411E1F9.40405@maddoc.net> Julian Field wrote: > On 8 Mar 2006, at 18:41, Matt Kettler wrote: > >> If there's a particular kind of image-only spam involved, some of >> the SARE >> rulesets can be helpful. I personally like the following SARE >> rulesets and use >> them on my production systems: >> >> >> 70_sare_adult.cf >> 70_sare_evilnum0.cf >> 70_sare_genlsubj0.cf >> 70_sare_html0.cf >> 70_sare_obfu0.cf >> 70_sare_random.cf >> 70_sare_specific.cf >> 70_sare_stocks.cf >> 70_sare_uri0.cf >> 99_sare_fraud_post25x.cf > > Many thanks for posting that. I added obfu0 and stocks to my setups > and they have helped enormously! No spam whatsoever this morning. > :-) > Man here I go to all the work of maintaining the 70_sare_stocks.cf and you just found it! HAR! Glad to hear it is working for you, though, Julian. -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From ssilva at sgvwater.com Fri Mar 10 21:58:34 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 10 22:01:41 2006 Subject: MailScanner and Quota In-Reply-To: <004901c64429$c1fdc720$103ca8c0@joeyae> References: <4410ED2F.90001@niit.edu.pk> <4411297B.6030109@coders.co.uk> <004901c64429$c1fdc720$103ca8c0@joeyae> Message-ID: Joey Esquibal spake the following on 3/10/2006 2:02 AM: > Put your spool mails inside each user's homedir by using procmail. > Implications would be you will need to recompile your POP3 server to > locate the spool mails in user's homedir. Or use something like dovecot, with a configuration file that lets you set this. From ka at pacific.net Fri Mar 10 23:05:48 2006 From: ka at pacific.net (Ken A) Date: Fri Mar 10 23:02:59 2006 Subject: HTML image only spam and OCR In-Reply-To: <625385e30603091032x11f05c70s47939511b3b45487@mail.gmail.com> References: <44106274.27869.3E09DC@cobalt-users1.fishnet.co.uk> <625385e30603091032x11f05c70s47939511b3b45487@mail.gmail.com> Message-ID: <4412064C.80800@pacific.net> Why not use a checksum of the image attached, assuming the spammers don't customize images for each recipient, you should be able to use DCC, razor, pyzor type approach to block these if you just look at the .gif attachments separate from the bayes poison. You'd probably FP on some commonly used 'stationary' if you aren't careful though. The MailScanner custom scanner interface is an ideal place to plug in such a thing. Ken Pacific.Net shuttlebox wrote: > On 3/9/06, Ian wrote: >> Hi, >> >> After reading this bit I had though about maybe using ocr when these types of messages are >> found. >> >> A (not-so) quick experiment using netpbm and gocr on a linux machine here produces some >> ASCII output from one of these gif images. >> >> The question is: how can I get MailScanner / SpamAssassin to use this method? >> >> The command line I am using is: >> >> >> giftopnm test.gif | gocr - >> >> >> which then produces the text on stdout. >> >> Thoughts anyone? > > MS supports both a custom spam scanner and a generic virus scanner. > Look in MailScanner.conf for more info. > > -- > /peter From basement_mobile2004 at yahoo.com Sat Mar 11 00:26:08 2006 From: basement_mobile2004 at yahoo.com (Anakin SkyWalker) Date: Sat Mar 11 00:26:10 2006 Subject: Big Loads Message-ID: <20060311002608.58633.qmail@web60022.mail.yahoo.com> We have a busy mail server (150K msgs/day). Spamassassin is not a option for us even with newer versions because it slows down the scan processes in such a way that the incoming queue goes high quickly. We're using MailScanner for 2 years now and we're glad it exists. But sometimes even with no third part software for spam checks (SA), it slows down the machine and the queues go up again. Of course it only happens when we're getting massive spam attacks. We're looking for a solution and we do want to use SpamAssassin. Anyone with a similar problem to exchange tips, or even experienced users that know how to deal with such problems? Thank you. --------------------------------- Yahoo! Mail Use Photomail to share photos without annoying attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060310/406a0e4f/attachment.html From billox at billox.com Sat Mar 11 00:41:48 2006 From: billox at billox.com (James Page) Date: Sat Mar 11 00:41:44 2006 Subject: Big Loads In-Reply-To: <20060311002608.58633.qmail@web60022.mail.yahoo.com> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> Message-ID: <44121CCC.7010405@billox.com> Use more than one MailScanner server and round robin on the address record. James Anakin SkyWalker wrote: > We have a busy mail server (150K msgs/day). Spamassassin is not a > option for us even with newer versions because it slows down the scan > processes in such a way that the incoming queue goes high quickly. > We're using MailScanner for 2 years now and we're glad it exists. But > sometimes even with no third part software for spam checks (SA), it > slows down the machine and the queues go up again. Of course it only > happens when we're getting massive spam attacks. > We're looking for a solution and we do want to use SpamAssassin. > Anyone with a similar problem to exchange tips, or even experienced > users that know how to deal with such problems? > > Thank you. > > ------------------------------------------------------------------------ > Yahoo! Mail > Use Photomail > > to share photos without annoying attachments. From ka at pacific.net Sat Mar 11 00:48:37 2006 From: ka at pacific.net (Ken A) Date: Sat Mar 11 00:45:47 2006 Subject: Big Loads In-Reply-To: <20060311002608.58633.qmail@web60022.mail.yahoo.com> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> Message-ID: <44121E65.10608@pacific.net> Is this a dedicated MailScanner/SA box? Have you consulted the MAQ about performance issues? You should be able to run SA unless your hardware is obsolete or you've insufficient RAM. http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips We run 3 MailScanner/SA with lots of SARE rules, dccifd and rbl checks in SA. The boxes are all dual 2+ ghz xeons with 1-2gb of ram. One of them also runs DCCD (a real ram memory hog) and even it can push through 150K messages a day if it has to. Your MTA should give you some protection from "Massive SPAM attacks" as well. Darth Sidious (it must be friday) Pacific.Net Anakin SkyWalker wrote: > We have a busy mail server (150K msgs/day). Spamassassin is not a > option for us even with newer versions because it slows down the scan > processes in such a way that the incoming queue goes high quickly. > We're using MailScanner for 2 years now and we're glad it exists. But > sometimes even with no third part software for spam checks (SA), it > slows down the machine and the queues go up again. Of course it only > happens when we're getting massive spam attacks. We're looking for a > solution and we do want to use SpamAssassin. Anyone with a similar > problem to exchange tips, or even experienced users that know how to > deal with such problems? > > Thank you. > > --------------------------------- Yahoo! Mail Use Photomail to share > photos without annoying attachments. > From michele at blacknight.ie Sat Mar 11 00:48:50 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Sat Mar 11 00:48:52 2006 Subject: Big Loads In-Reply-To: <20060311002608.58633.qmail@web60022.mail.yahoo.com> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> Message-ID: <44121E72.8080606@blacknight.ie> Install more RAM? Upgrade the server? -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Fax. +353 (0) 59 9164239 From mkettler at evi-inc.com Sat Mar 11 01:02:01 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Sat Mar 11 01:02:25 2006 Subject: Big Loads In-Reply-To: <44121E65.10608@pacific.net> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <44121E65.10608@pacific.net> Message-ID: <44122189.1010808@evi-inc.com> Ken A wrote: > > Is this a dedicated MailScanner/SA box? > > Have you consulted the MAQ about performance issues? You should be able > to run SA unless your hardware is obsolete or you've insufficient RAM. > > http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips Side note that's not in the optimization_tips document. If you run a large volume site MailScanner 4.50 and up feature a spamassassin result-cache which can help considerably with the load. If you're running on low-end hardware, you can also gain a lot of speed in SA, at the expense of missing more spam, by disabling:AWL, bayes, and network checks. Without any of these, a stock SA 3.1.0 runs pretty fast and light. From alex at nkpanama.com Sat Mar 11 01:16:33 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sat Mar 11 01:16:41 2006 Subject: Big Loads In-Reply-To: <44121E72.8080606@blacknight.ie> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <44121E72.8080606@blacknight.ie> Message-ID: <441224F1.3090403@nkpanama.com> Implement greylisting? DNS caching? Separating the MTA box from the MS box? Michele Neylon:: Blacknight.ie wrote: > Install more RAM? > Upgrade the server? > > > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From tac.forums at gmail.com Sat Mar 11 07:40:35 2006 From: tac.forums at gmail.com (TAC Forums) Date: Sat Mar 11 07:40:38 2006 Subject: Fwd: New Batch: Found 1768 messages waiting In-Reply-To: <001701c63ee9$02793dc0$3004010a@martinhlaptop> References: <001701c63ee9$02793dc0$3004010a@martinhlaptop> Message-ID: > AS much as you can squeeze into the thing.. Hi everyone, Just performed the upgrade from 256 to 512 MB RAM and it's doing just superb. We'll wait and watch till monday / tuesday to see if the load still is high and if it needs to be pushed to 1 GB. Thanks for the responses on this one. Wish I had asked earlier and done the upgrade a long time ago. Regards Rishi From mbneto at gmail.com Sat Mar 11 20:22:33 2006 From: mbneto at gmail.com (mbneto) Date: Sat Mar 11 20:22:37 2006 Subject: Big Loads In-Reply-To: <44121E72.8080606@blacknight.ie> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <44121E72.8080606@blacknight.ie> Message-ID: <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> Hi, Is there any tool or command that allows me to determine which part is the bottleneck in a busy system such as the one described? It could be the processor speed, the IO, the bus, memory etc. Adding more memory just to find out that the problem is the processor speed will do not good :) On 3/10/06, Michele Neylon:: Blacknight.ie wrote: > Install more RAM? > Upgrade the server? > > > > -- > Mr Michele Neylon > Blacknight Solutions > Quality Business Hosting & Colocation > http://www.blacknight.ie/ > Tel. 1850 927 280 > Intl. +353 (0) 59 9183072 > Fax. +353 (0) 59 9164239 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Sat Mar 11 20:22:44 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 11 20:23:44 2006 Subject: 4.51.6: Messages getting stuck in incoming queue with 4.51.5? Message-ID: <44133194.1010202@ecs.soton.ac.uk> Some of you have experienced problems with occasional messages getting stuck in the incoming queue with the latest version, when you have Use TNEF Contents = replace set in MailScanner.conf. This happened with messages that are delivery error report messages that contain the whole of the failed message. Fortunately these are pretty rare these days as most MTAs open quote the headers, or the first few lines of the message. I have found and fixed the bug, now I actually have a copy of a message that suffers from the problem! I have released 4.51.6 to fix this bug. It is only worth upgrading if you are using 4.51 and are suffering from this problem. The new feature was introduced in 4.51 so there's no need to upgrade unless you are already running 4.51. Sorry about this, but I wanted to get the fix out now rather than leaving it till the start of April. My set of test messages didn't include a message with exactly the right MIME structure to show this bug. :-( Many apologies. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From matt at coders.co.uk Sat Mar 11 20:33:26 2006 From: matt at coders.co.uk (Matt Hampton) Date: Sat Mar 11 20:33:20 2006 Subject: Big Loads In-Reply-To: <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <44121E72.8080606@blacknight.ie> <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> Message-ID: <44133416.7060300@coders.co.uk> mbneto wrote: > Hi, > > Is there any tool or command that allows me to determine which part is > the bottleneck in a busy system such as the one described? > It could be the processor speed, the IO, the bus, memory etc. > > Adding more memory just to find out that the problem is the processor > speed will do not good :) > vmstat is good for this sort of thing. Check how many page faults (si,so) you are getting and that will be a good indication that you need more memory. the CPU section will show how heavily loaded the box is processor wise. matt From MailScanner at ecs.soton.ac.uk Sat Mar 11 20:33:37 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 11 20:33:45 2006 Subject: Big Loads In-Reply-To: <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <44121E72.8080606@blacknight.ie> <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> Message-ID: <44133421.4030303@ecs.soton.ac.uk> What is the current spec, and how many messages are you trying to put through it? You can check CPU load with "top", check for swapping with "vmstat 5", check for RAM usage with "top". mbneto wrote: > Hi, > > Is there any tool or command that allows me to determine which part is > the bottleneck in a busy system such as the one described? > It could be the processor speed, the IO, the bus, memory etc. > > Adding more memory just to find out that the problem is the processor > speed will do not good :) > > On 3/10/06, Michele Neylon:: Blacknight.ie wrote: > >> Install more RAM? >> Upgrade the server? >> >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mbneto at gmail.com Sat Mar 11 20:35:30 2006 From: mbneto at gmail.com (mbneto) Date: Sat Mar 11 20:35:33 2006 Subject: Big Loads In-Reply-To: <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <44121E72.8080606@blacknight.ie> <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> Message-ID: <5cf776b80603111235o60d012bfrf85fd28c32f28c44@mail.gmail.com> James, But how about the actual delivery of the message? If you have different/separate machines doing the scanning process where the MTA would deliver the message after the scan process? On 3/11/06, mbneto wrote: > Hi, > > Is there any tool or command that allows me to determine which part is > the bottleneck in a busy system such as the one described? > It could be the processor speed, the IO, the bus, memory etc. > > Adding more memory just to find out that the problem is the processor > speed will do not good :) > > On 3/10/06, Michele Neylon:: Blacknight.ie wrote: > > Install more RAM? > > Upgrade the server? > > > > > > > > -- > > Mr Michele Neylon > > Blacknight Solutions > > Quality Business Hosting & Colocation > > http://www.blacknight.ie/ > > Tel. 1850 927 280 > > Intl. +353 (0) 59 9183072 > > Fax. +353 (0) 59 9164239 > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > From mkettler at evi-inc.com Sat Mar 11 20:45:56 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Sat Mar 11 20:46:04 2006 Subject: Big Loads In-Reply-To: <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <44121E72.8080606@blacknight.ie> <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> Message-ID: <44133704.80303@evi-inc.com> mbneto wrote: > Hi, > > Is there any tool or command that allows me to determine which part is > the bottleneck in a busy system such as the one described? > It could be the processor speed, the IO, the bus, memory etc. > > Adding more memory just to find out that the problem is the processor > speed will do not good :) free will give you a good idea as to how much memory is in use, etc. top will give you a good idea of CPU usage, and has some of the memory info that free displays. From jon at radel.com Sat Mar 11 20:59:15 2006 From: jon at radel.com (Jon Radel) Date: Sat Mar 11 20:59:25 2006 Subject: Big Loads In-Reply-To: <44133704.80303@evi-inc.com> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <44121E72.8080606@blacknight.ie> <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> <44133704.80303@evi-inc.com> Message-ID: <44133A23.9010107@radel.com> Matt Kettler wrote: > free will give you a good idea as to how much memory is in use, etc. This all assuming that Anakin Skywalker and/or mbneto (are they actually the same anonymous author?) are actually running Linux. I checked every message in this thread and it appears that he / they never bothered saying. (My apologies if I missed something.) To whomever you are: free is lovely on Linux, but is unlikely to give you joy on, just for example, FreeBSD or Solaris. Giving us some hint as to what OS you're running on what hardware will greatly increase the probability that somebody can give useful advice specific to your situation. --Jon Radel jon@radel.com From shrek-m at gmx.de Sat Mar 11 21:14:50 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Sat Mar 11 21:14:53 2006 Subject: Big Loads In-Reply-To: <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <44121E72.8080606@blacknight.ie> <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> Message-ID: <44133DCA.80101@gmx.de> On 11.03.2006 21:22, mbneto wrote: >Is there any tool or command that allows me to determine which part is >the bottleneck in a busy system such as the one described? >It could be the processor speed, the IO, the bus, memory etc. > >Adding more memory just to find out that the problem is the processor >speed will do not good :) > under fedora core 3 i find these progs useful eg. $ top $ iostat 2 $ vmstat 2 these are from which package and which other progs exist ? $ rpm -qf `which iostat` sysstat-5.0.5-1 $ rpm -qlf `which iostat` | grep bin /usr/bin/iostat /usr/bin/mpstat /usr/bin/sar $ rpm -qf `which vmstat` procps-3.2.3-5.3 $ rpm -qlf `which vmstat` | grep bin /bin/ps /sbin/sysctl /usr/bin/free /usr/bin/pgrep /usr/bin/pkill /usr/bin/pmap /usr/bin/skill /usr/bin/slabtop /usr/bin/snice /usr/bin/tload /usr/bin/top /usr/bin/uptime /usr/bin/vmstat /usr/bin/w /usr/bin/watch -- shrek-m From mbneto at gmail.com Mon Mar 13 01:29:45 2006 From: mbneto at gmail.com (mbneto) Date: Mon Mar 13 01:29:48 2006 Subject: Big Loads In-Reply-To: <44133A23.9010107@radel.com> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <44121E72.8080606@blacknight.ie> <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> <44133704.80303@evi-inc.com> <44133A23.9010107@radel.com> Message-ID: <5cf776b80603121729q5e2cdb51i1c220e64e708cfe7@mail.gmail.com> Matt, I use Linux (Fedora distro to be more precise) and face the same problem. Actually what I am more interested is trying to find out is how to proper determine the bottleneck in order to deploy a solution. This can be an upgrade or adding a second/third server to balance things out. A more "standard" solution that I've read is to use 2 servers : one to perform the scanning and the second to provide storage (as a NFS server) so when the MTA delivers the message locally it is actually drops it at another server. On 3/11/06, Jon Radel wrote: > > Matt Kettler wrote: > > > free will give you a good idea as to how much memory is in use, etc. > > This all assuming that Anakin Skywalker and/or mbneto (are they actually > the same anonymous author?) are actually running Linux. I checked every > message in this thread and it appears that he / they never bothered > saying. (My apologies if I missed something.) > > To whomever you are: free is lovely on Linux, but is unlikely to give > you joy on, just for example, FreeBSD or Solaris. Giving us some hint > as to what OS you're running on what hardware will greatly increase the > probability that somebody can give useful advice specific to your situation. > > --Jon Radel > jon@radel.com > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From carl.andrews at crackerbarrel.com Mon Mar 13 14:26:08 2006 From: carl.andrews at crackerbarrel.com (Carl Andrews) Date: Mon Mar 13 14:34:02 2006 Subject: "Phishing Arms race" - isc.sans.org In-Reply-To: <5cf776b80603121729q5e2cdb51i1c220e64e708cfe7@mail.gmail.com> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <44121E72.8080606@blacknight.ie> <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> <44133704.80303@evi-inc.com> <44133A23.9010107@radel.com> <5cf776b80603121729q5e2cdb51i1c220e64e708cfe7@mail.gmail.com> Message-ID: <1142259968.15077.22.camel@localhost.localdomain> Good article about new tactics. http://isc.sans.org/diary.php?storyid=1183 From jchezny at northcarolina.edu Mon Mar 13 15:44:23 2006 From: jchezny at northcarolina.edu (jchezny@northcarolina.edu) Date: Mon Mar 13 15:44:26 2006 Subject: MailScanner logging double entries Message-ID: <1142264663.44159357314c1@webmail.northcarolina.edu> Hi, Can someone tell my why there are double log entries in maillog? I upgraded to 4.51.6-1 this morning. I'm sure I missed something in the configs. Here's my setup: OS: RHEL4 MailScanner: 4.51.6-1 Spamassassin: 3.1.1 MailWatch: 1.0.3 AV: ClamAV 0.88 F-prot: 4.5.4 Logging example: Mar 13 10:26:05 MailScanner[23474]: New Batch: Scanning 1 messages... Mar 13 10:26:05 MailScanner[23474]: New Batch: Scanning 1 messages... . . Mar 13 10:26:05 MailScanner[23474]: Spam Checks: Starting Mar 13 10:26:05 MailScanner[23474]: Spam Checks: Starting . . Mar 13 10:26:05 MailScanner[23474]: Spam Checks completed at... Mar 13 10:26:05 MailScanner[23474]: Spam Checks completed at... . . Mar 13 10:26:06 MailScanner[23474]: Requeue: C60AF7D07.DEEB1 to 859E97D08 Mar 13 10:26:06 MailScanner[23474]: Requeue: C60AF7D07.DEEB1 to 859E97D08 . . Mar 13 10:26:06 postfix/qmgr[23340]: 859E97D08: from=... Mar 13 10:26:06 postfix/qmgr[23340]: 859E97D08: from=... . . Mar 13 10:26:06 MailScanner[23474]: Virus Processing completed at 272012 bytes per second Mar 13 10:26:06 MailScanner[23474]: Virus Processing completed at 272012 bytes per second . . Mar 13 10:26:06 MailScanner[23474]: Batch (1 message) processed in 1.11 seconds Mar 13 10:26:06 MailScanner[23474]: Batch (1 message) processed in 1.11 seconds . . Mar 13 10:26:06 MailScanner[23474]: "Always Looked Up Last" took 0.00 seconds Mar 13 10:26:06 MailScanner[23474]: "Always Looked Up Last" took 0.00 seconds ---------------------------------------------------------------- This message was sent with UNC-GA Webmail http://webmail.northcarolina.edu From Denis.Beauchemin at USherbrooke.ca Mon Mar 13 15:47:00 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Mar 13 15:47:26 2006 Subject: Big Loads In-Reply-To: <20060311002608.58633.qmail@web60022.mail.yahoo.com> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> Message-ID: <441593F4.6020500@USherbrooke.ca> Anakin SkyWalker wrote: > We have a busy mail server (150K msgs/day). Spamassassin is not a > option for us even with newer versions because it slows down the scan > processes in such a way that the incoming queue goes high quickly. > We're using MailScanner for 2 years now and we're glad it exists. But > sometimes even with no third part software for spam checks (SA), it > slows down the machine and the queues go up again. Of course it only > happens when we're getting massive spam attacks. > We're looking for a solution and we do want to use SpamAssassin. > Anyone with a similar problem to exchange tips, or even experienced > users that know how to deal with such problems? > > Thank you. > > ------------------------------------------------------------------------ If you use sendmail you can use IPBlock (part of MS) to help reduce the spam attacks' effectiveness. I default to 50 msgs/hour. I have put higher limits for known servers. I also use milter-greylist (if I get more than 200 messages waiting in my mailq) and many sendmail limits. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060313/a1a38ce4/smime.bin From gavin at netergy.com Mon Mar 13 15:51:02 2006 From: gavin at netergy.com (Gavin Nelmes-Crocker) Date: Mon Mar 13 15:51:07 2006 Subject: 4.51.6: Messages getting stuck in incoming queue with 4.51.5? In-Reply-To: <44133194.1010202@ecs.soton.ac.uk> References: <44133194.1010202@ecs.soton.ac.uk> Message-ID: <441594E6.2050006@netergy.com> Julian Field wrote: > Some of you have experienced problems with occasional messages getting > stuck in the incoming queue with the latest version, when you have > Use TNEF Contents = replace > set in MailScanner.conf. > > This happened with messages that are delivery error report messages that > contain the whole of the failed message. Fortunately these are pretty > rare these days as most MTAs open quote the headers, or the first few > lines of the message. > > I have found and fixed the bug, now I actually have a copy of a message > that suffers from the problem! > > I have released 4.51.6 to fix this bug. It is only worth upgrading if > you are using 4.51 and are suffering from this problem. The new feature > was introduced in 4.51 so there's no need to upgrade unless you are > already running 4.51. Thanks Julian Will the update process those messages that are waiting - I've just noticed it has 85 messages waiting for no obvious reason other than this. Regards Gavin From MailScanner at ecs.soton.ac.uk Mon Mar 13 16:04:49 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 13 16:05:01 2006 Subject: MailScanner logging double entries In-Reply-To: <1142264663.44159357314c1@webmail.northcarolina.edu> References: <1142264663.44159357314c1@webmail.northcarolina.edu> Message-ID: I would suspect your /etc/syslog.conf. Do you have 2 lines which match mail.info? On 13 Mar 2006, at 15:44, jchezny@northcarolina.edu wrote: > Hi, > Can someone tell my why there are double log entries in maillog? I > upgraded to > 4.51.6-1 this morning. I'm sure I missed something in the configs. > Here's my > setup: > > OS: RHEL4 > MailScanner: 4.51.6-1 > Spamassassin: 3.1.1 > MailWatch: 1.0.3 > AV: > ClamAV 0.88 > F-prot: 4.5.4 > > > Logging example: > Mar 13 10:26:05 MailScanner[23474]: New Batch: Scanning 1 > messages... > Mar 13 10:26:05 MailScanner[23474]: New Batch: Scanning 1 > messages... > . > . > Mar 13 10:26:05 MailScanner[23474]: Spam Checks: Starting > Mar 13 10:26:05 MailScanner[23474]: Spam Checks: Starting > . > . > Mar 13 10:26:05 MailScanner[23474]: Spam Checks completed at... > Mar 13 10:26:05 MailScanner[23474]: Spam Checks completed at... > . > . > > Mar 13 10:26:06 MailScanner[23474]: Requeue: C60AF7D07.DEEB1 to > 859E97D08 > Mar 13 10:26:06 MailScanner[23474]: Requeue: C60AF7D07.DEEB1 to > 859E97D08 > . > . > Mar 13 10:26:06 postfix/qmgr[23340]: 859E97D08: > from=... > Mar 13 10:26:06 postfix/qmgr[23340]: 859E97D08: > from=... > . > . > Mar 13 10:26:06 MailScanner[23474]: Virus Processing completed at > 272012 bytes > per second > Mar 13 10:26:06 MailScanner[23474]: Virus Processing completed at > 272012 bytes > per second > . > . > Mar 13 10:26:06 MailScanner[23474]: Batch (1 message) processed > in 1.11 > seconds > Mar 13 10:26:06 MailScanner[23474]: Batch (1 message) processed > in 1.11 > seconds > . > . > Mar 13 10:26:06 MailScanner[23474]: "Always Looked Up Last" took > 0.00 seconds > Mar 13 10:26:06 MailScanner[23474]: "Always Looked Up Last" took > 0.00 seconds > > > > ---------------------------------------------------------------- > This message was sent with UNC-GA Webmail http:// > webmail.northcarolina.edu > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Mar 13 16:05:33 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 13 16:05:43 2006 Subject: 4.51.6: Messages getting stuck in incoming queue with 4.51.5? In-Reply-To: <441594E6.2050006@netergy.com> References: <44133194.1010202@ecs.soton.ac.uk> <441594E6.2050006@netergy.com> Message-ID: <438B9BC1-CDE0-4E17-86A5-EC4307025974@ecs.soton.ac.uk> On 13 Mar 2006, at 15:51, Gavin Nelmes-Crocker wrote: > > > Julian Field wrote: >> Some of you have experienced problems with occasional messages >> getting stuck in the incoming queue with the latest version, when >> you have >> Use TNEF Contents = replace >> set in MailScanner.conf. >> This happened with messages that are delivery error report >> messages that contain the whole of the failed message. Fortunately >> these are pretty rare these days as most MTAs open quote the >> headers, or the first few lines of the message. >> I have found and fixed the bug, now I actually have a copy of a >> message that suffers from the problem! >> I have released 4.51.6 to fix this bug. It is only worth upgrading >> if you are using 4.51 and are suffering from this problem. The new >> feature was introduced in 4.51 so there's no need to upgrade >> unless you are already running 4.51. > > Thanks Julian > > Will the update process those messages that are waiting - I've just > noticed it has 85 messages waiting for no obvious reason other than > this. Yes. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jchezny at northcarolina.edu Mon Mar 13 16:12:54 2006 From: jchezny at northcarolina.edu (jchezny@northcarolina.edu) Date: Mon Mar 13 16:12:56 2006 Subject: MailScanner logging double entries (resolved) In-Reply-To: References: <1142264663.44159357314c1@webmail.northcarolina.edu> Message-ID: <1142266374.44159a06338bd@webmail.northcarolina.edu> Quoting Julian Field : > I would suspect your /etc/syslog.conf. Do you have 2 lines which > match mail.info? > > On 13 Mar 2006, at 15:44, jchezny@northcarolina.edu wrote: > > > Hi, > > Can someone tell my why there are double log entries in maillog? I > > upgraded to > > 4.51.6-1 this morning. I'm sure I missed something in the configs. > > Here's my > > setup: > > > > OS: RHEL4 > > MailScanner: 4.51.6-1 > > Spamassassin: 3.1.1 > > MailWatch: 1.0.3 > > AV: > > ClamAV 0.88 > > F-prot: 4.5.4 > > > > > > Logging example: > > Mar 13 10:26:05 MailScanner[23474]: New Batch: Scanning 1 > > messages... > > Mar 13 10:26:05 MailScanner[23474]: New Batch: Scanning 1 > > messages... > > . > > . > > Mar 13 10:26:05 MailScanner[23474]: Spam Checks: Starting > > Mar 13 10:26:05 MailScanner[23474]: Spam Checks: Starting > > . > > . > > Mar 13 10:26:05 MailScanner[23474]: Spam Checks completed at... > > Mar 13 10:26:05 MailScanner[23474]: Spam Checks completed at... > > . > > . > > > > Mar 13 10:26:06 MailScanner[23474]: Requeue: C60AF7D07.DEEB1 to > > 859E97D08 > > Mar 13 10:26:06 MailScanner[23474]: Requeue: C60AF7D07.DEEB1 to > > 859E97D08 > > . > > . > > Mar 13 10:26:06 postfix/qmgr[23340]: 859E97D08: > > from=... > > Mar 13 10:26:06 postfix/qmgr[23340]: 859E97D08: > > from=... > > . > > . > > Mar 13 10:26:06 MailScanner[23474]: Virus Processing completed at > > 272012 bytes > > per second > > Mar 13 10:26:06 MailScanner[23474]: Virus Processing completed at > > 272012 bytes > > per second > > . > > . > > Mar 13 10:26:06 MailScanner[23474]: Batch (1 message) processed > > in 1.11 > > seconds > > Mar 13 10:26:06 MailScanner[23474]: Batch (1 message) processed > > in 1.11 > > seconds > > . > > . > > Mar 13 10:26:06 MailScanner[23474]: "Always Looked Up Last" took > > 0.00 seconds > > Mar 13 10:26:06 MailScanner[23474]: "Always Looked Up Last" took > > 0.00 seconds > > > > > > > > ---------------------------------------------------------------- > > This message was sent with UNC-GA Webmail http:// > > webmail.northcarolina.edu > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Removing the additional line in /etc/syslogd did the trick. Thanks, Julian. ---------------------------------------------------------------- This message was sent with UNC-GA Webmail http://webmail.northcarolina.edu From samp at arial-concept.com Mon Mar 13 16:17:40 2006 From: samp at arial-concept.com (Sam Przyswa) Date: Mon Mar 13 16:18:13 2006 Subject: Bonded Sender In-Reply-To: <625385e30603090623j618561f2j4c577f72773439fb@mail.gmail.com> References: <44102DE9.3070404@arial-concept.com> <625385e30603090623j618561f2j4c577f72773439fb@mail.gmail.com> Message-ID: <44159B24.4060406@arial-concept.com> shuttlebox a ?crit : >On 3/9/06, Sam Przyswa wrote: > > >>Hi, >> >>Does MailScanner can handle the Bonded Sender WL >>(http://bondedsender.org/bondedsender/technical.php) or how to implement >>it ? >> >> > >SpamAssassin supports it by default. > ># Bonded Sender: http://www.bondedsender.com/ > > I added this in my user pref config file: >score RCVD_IN_BSP_OTHER 0 -0.1 0 -0.1 >score RCVD_IN_BSP_TRUSTED 0 -4.3 0 -4.3 > > But I have the SORBS-DNSBL enabled in may MailScanner.conf does the Bonded whitelist will work ? Thanks for your help. Sam. -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. MailScanner remercie transtec pour son soutien. From linux_spartacus at yahoo.com Tue Mar 14 00:04:28 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Tue Mar 14 00:04:31 2006 Subject: How to whitelist my clietns ? Message-ID: <20060314000428.12521.qmail@web35604.mail.mud.yahoo.com> hi guys, ive recently noticed that one my clients using the name SysAd on his email client is being detected as spam.How can i manually tell my MS not to tagged this client ? thanks --------------------------------- Yahoo! Travel Find great deals to the top 10 hottest destinations! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060313/f531d27f/attachment.html From alex at nkpanama.com Tue Mar 14 00:04:20 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Mar 14 00:04:37 2006 Subject: Big Loads In-Reply-To: <441593F4.6020500@USherbrooke.ca> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <441593F4.6020500@USherbrooke.ca> Message-ID: <44160884.3010306@nkpanama.com> Any good FAQ entries you might recommend on using IPBlock? Denis Beauchemin wrote: > Anakin SkyWalker wrote: > >> We have a busy mail server (150K msgs/day). Spamassassin is not a >> option for us even with newer versions because it slows down the scan >> processes in such a way that the incoming queue goes high quickly. >> We're using MailScanner for 2 years now and we're glad it exists. But >> sometimes even with no third part software for spam checks (SA), it >> slows down the machine and the queues go up again. Of course it only >> happens when we're getting massive spam attacks. >> We're looking for a solution and we do want to use SpamAssassin. >> Anyone with a similar problem to exchange tips, or even experienced >> users that know how to deal with such problems? >> >> Thank you. >> >> ------------------------------------------------------------------------ > > > If you use sendmail you can use IPBlock (part of MS) to help reduce > the spam attacks' effectiveness. I default to 50 msgs/hour. I have > put higher limits for known servers. > > I also use milter-greylist (if I get more than 200 messages waiting in > my mailq) and many sendmail limits. > > Denis > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From alex at nkpanama.com Tue Mar 14 01:31:26 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Mar 14 01:32:04 2006 Subject: How to whitelist my clietns ? In-Reply-To: <20060314000428.12521.qmail@web35604.mail.mud.yahoo.com> References: <20060314000428.12521.qmail@web35604.mail.mud.yahoo.com> Message-ID: <44161CEE.3060808@nkpanama.com> Use a ruleset. spart cus wrote: > hi guys, > ive recently noticed that one my clients using the name SysAd on his > email client is being detected as spam.How can i manually tell my MS > not to tagged this client ? > > thanks > > ------------------------------------------------------------------------ > Yahoo! Travel > Find great deals > > to the top 10 hottest destinations! -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060313/9a6ffc3b/attachment.html From linux_spartacus at yahoo.com Tue Mar 14 01:38:36 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Tue Mar 14 01:38:40 2006 Subject: How to whitelist my clietns ? In-Reply-To: <44161CEE.3060808@nkpanama.com> Message-ID: <20060314013836.20321.qmail@web35612.mail.mud.yahoo.com> Im not really very familiar with this.Can you give me some guidelines? Alex Neuman van der Hans wrote: Use a ruleset. spart cus wrote: hi guys, ive recently noticed that one my clients using the name SysAd on his email client is being detected as spam.How can i manually tell my MS not to tagged this client ? thanks --------------------------------- Yahoo! Travel Find great deals to the top 10 hottest destinations! -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --------------------------------- Yahoo! Travel Find great deals to the top 10 hottest destinations! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060313/23ee5149/attachment.html From alex at nkpanama.com Tue Mar 14 01:47:46 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Mar 14 01:47:57 2006 Subject: How to whitelist my clietns ? In-Reply-To: <20060314013836.20321.qmail@web35612.mail.mud.yahoo.com> References: <20060314013836.20321.qmail@web35612.mail.mud.yahoo.com> Message-ID: <441620C2.5020108@nkpanama.com> Sure. Read the part about rulesets in the configuration file. spart cus wrote: > Im not really very familiar with this.Can you give me some guidelines? > > */Alex Neuman van der Hans /* wrote: > > Use a ruleset. > > spart cus wrote: >> hi guys, >> ive recently noticed that one my clients using the name SysAd on >> his email client is being detected as spam.How can i manually >> tell my MS not to tagged this client ? >> >> thanks >> ------------------------------------------------------------------------ >> Yahoo! Travel >> Find great deals >> >> to the top 10 hottest destinations! > > -- > > Alex Neuman van der Hans > N&K Technology Consultants > Tel. +507 214-9002 - http://nkpanama.com/ > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > ------------------------------------------------------------------------ > Yahoo! Travel > Find great deals > > to the top 10 hottest destinations! -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060313/5969cbe1/attachment.html From alex at nkpanama.com Tue Mar 14 01:56:41 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Mar 14 01:56:48 2006 Subject: How to whitelist my clietns ? In-Reply-To: <441620C2.5020108@nkpanama.com> References: <20060314013836.20321.qmail@web35612.mail.mud.yahoo.com> <441620C2.5020108@nkpanama.com> Message-ID: <441622D9.4030505@nkpanama.com> But seriously... You should really do your homework before asking questions like that. It's like asking "how do I drive the car in reverse?", which makes it appear as if perhaps you shouldn't be behind the wheel. In any case, look to http://wiki.mailscanner.info/posting before posting. The option you're looking for is in mailscanner.conf, and it's called "is definitely not spam =" and it's set to %rules-dir%/spam.whitelist.rules - which means you should edit that file in order to add your client to the "it's definitely not spam" category. It reads by default: "FromOrTo: default no" - which means the default is "no, I don't think of anything at all as 'not spam'" You should add (before this line) a line that says: From: myclient@hisdomain.com yes So that it marks him as not spam... But that brings you the problem of people POSING as him, impersonating his e-mail address. You should *really* look into the REASON why they're being marked as SPAM and correct it, otherwise you're just not doing anything about it. In any case, you should really buy the book or read the FAQ/MAQ/Wiki. I've had all my clients buy the book (there are three, I think, that already sent for it, the others are on their way), and I've heard from one of my clients that already has the book that it's an excellent read. Alex Neuman van der Hans wrote: > Sure. Read the part about rulesets in the configuration file. > > spart cus wrote: >> Im not really very familiar with this.Can you give me some guidelines? >> >> */Alex Neuman van der Hans /* wrote: >> >> Use a ruleset. >> >> spart cus wrote: >>> hi guys, >>> ive recently noticed that one my clients using the name SysAd on >>> his email client is being detected as spam.How can i manually >>> tell my MS not to tagged this client ? >>> >>> thanks >>> ------------------------------------------------------------------------ >>> Yahoo! Travel >>> Find great deals >>> >>> to the top 10 hottest destinations! >> >> -- >> >> Alex Neuman van der Hans >> N&K Technology Consultants >> Tel. +507 214-9002 - http://nkpanama.com/ >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> ------------------------------------------------------------------------ >> Yahoo! Travel >> Find great deals >> >> to the top 10 hottest destinations! > > -- > > Alex Neuman van der Hans > N&K Technology Consultants > Tel. +507 214-9002 - http://nkpanama.com/ -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ Alex Neuman van der Hans wrote: > Sure. Read the part about rulesets in the configuration file. > > spart cus wrote: >> Im not really very familiar with this.Can you give me some guidelines? >> >> */Alex Neuman van der Hans /* wrote: >> >> Use a ruleset. >> >> spart cus wrote: >>> hi guys, >>> ive recently noticed that one my clients using the name SysAd on >>> his email client is being detected as spam.How can i manually >>> tell my MS not to tagged this client ? >>> >>> thanks >>> ------------------------------------------------------------------------ >>> Yahoo! Travel >>> Find great deals >>> >>> to the top 10 hottest destinations! >> >> -- >> >> Alex Neuman van der Hans >> N&K Technology Consultants >> Tel. +507 214-9002 - http://nkpanama.com/ >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> ------------------------------------------------------------------------ >> Yahoo! Travel >> Find great deals >> >> to the top 10 hottest destinations! > > -- > > Alex Neuman van der Hans > N&K Technology Consultants > Tel. +507 214-9002 - http://nkpanama.com/ -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060313/8bc8fef4/attachment.html From taz at taz-mania.com Tue Mar 14 02:26:24 2006 From: taz at taz-mania.com (Dennis Willson) Date: Tue Mar 14 02:26:31 2006 Subject: How to whitelist my clietns ? In-Reply-To: <20060314000428.12521.qmail@web35604.mail.mud.yahoo.com> References: <20060314000428.12521.qmail@web35604.mail.mud.yahoo.com> Message-ID: <441629D0.3020706@taz-mania.com> You should consider installing Mailwatch. Then whitelisting and blacklisting are simple web gui operations. spart cus wrote: > hi guys, > ive recently noticed that one my clients using the name SysAd on his > email client is being detected as spam.How can i manually tell my MS > not to tagged this client ? > > thanks > > ------------------------------------------------------------------------ > Yahoo! Travel > Find great deals > > to the top 10 hottest destinations! -- Dennis Willson (taz@taz-mania.com) Owner, Operator of Kepnet Internet Services http://www.kepnet.com -------------- next part -------------- A non-text attachment was scrubbed... Name: taz.vcf Type: text/x-vcard Size: 229 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060313/6464ffc5/taz.vcf From alex at nkpanama.com Tue Mar 14 02:34:39 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Mar 14 02:34:44 2006 Subject: How to whitelist my clietns ? In-Reply-To: <441629D0.3020706@taz-mania.com> References: <20060314000428.12521.qmail@web35604.mail.mud.yahoo.com> <441629D0.3020706@taz-mania.com> Message-ID: <44162BBF.1000408@nkpanama.com> I think many will agree that if he hasn't read through the config file yet and found out about rulesets, MailWatch is a little bit too much right now. He should first get acquainted with rulesets manually and then progress to MailWatch. It's surprising how well MailScanner can work without user intervention; I wouldn't be able to guess how long this particular installation has been running without using rulesets. I'm guessing it's not using spamassassin, or using it in a limited fashion (no razor/pyzor/dcc). Even still it works very well "out-of-the-box", specially with Julian's SA-Clamav installer. Dennis Willson wrote: > You should consider installing Mailwatch. Then whitelisting and > blacklisting are simple web gui operations. > > spart cus wrote: > >> hi guys, >> ive recently noticed that one my clients using the name SysAd on his >> email client is being detected as spam.How can i manually tell my MS >> not to tagged this client ? >> >> thanks >> >> ------------------------------------------------------------------------ >> Yahoo! Travel >> Find great deals >> >> to the top 10 hottest destinations! > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From alex at nkpanama.com Tue Mar 14 02:39:28 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Mar 14 02:39:33 2006 Subject: install.sh wishlist Message-ID: <44162CE0.2040107@nkpanama.com> I've used clamav-milter on every server I've installed/maintained, and I always have to edit install.sh to add "--enable-milter" to be able to update it. I also search&replace all the "sleep 2"s and "sleep 5"s with "sleep 0", comment them out, or remove them altogether. Makes for a quicker install, and the script is mature enough not to break. Could there be an "--enable-milter" option, or something that would detect the existence of clamav-milter (perhaps a ps -ax | grep clamav-milter) and add it to the ./configure line? Perhaps a "--super-fast" that would preclude the "sleep"s? Just my 2c... -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From ecj at telpacific.com.au Tue Mar 14 04:38:20 2006 From: ecj at telpacific.com.au (DOODS) Date: Tue Mar 14 04:38:50 2006 Subject: Filtering Then Forwarding Message-ID: <34160.203.88.231.8.1142311100.squirrel@203.88.231.8> Hello All. I need a quick help. I would like to do a filtering based on the from and to headers and then forward emails to a specific email address if matched. To be more detailed: Condition: and Action: Forward to user3@domain3.com We're running MailScanner and Exim with MySQL. I have been googling since this morning and can't find the answer that I need. I hope someone can help. Thanks in advance. Now it's back to googling for me... Cheers, DOODS From MailScanner at ecs.soton.ac.uk Tue Mar 14 10:11:45 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 14 10:11:52 2006 Subject: install.sh wishlist In-Reply-To: <44162CE0.2040107@nkpanama.com> References: <44162CE0.2040107@nkpanama.com> Message-ID: On 14 Mar 2006, at 02:39, Alex Neuman van der Hans wrote: > I've used clamav-milter on every server I've installed/maintained, > and I always have to edit install.sh to add "--enable-milter" to be > able to update it. But a large amount of users don't want the milter. > I also search&replace all the "sleep 2"s and "sleep 5"s with "sleep > 0", comment them out, or remove them altogether. Makes for a > quicker install, and the script is mature enough not to break. Try "./install fast" :-) > > Could there be an "--enable-milter" option, or something that would > detect the existence of clamav-milter (perhaps a ps -ax | grep > clamav-milter) and add it to the ./configure line? That's a possibility. > Perhaps a "--super-fast" that would preclude the "sleep"s? > > Just my 2c... All contributions welcome. > > -- > > Alex Neuman van der Hans > N&K Technology Consultants > Tel. +507 214-9002 - http://nkpanama.com/ > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Mar 14 10:13:53 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 14 10:14:01 2006 Subject: Filtering Then Forwarding In-Reply-To: <34160.203.88.231.8.1142311100.squirrel@203.88.231.8> References: <34160.203.88.231.8.1142311100.squirrel@203.88.231.8> Message-ID: <0AD3AC49-C650-4234-BD9C-A930ED229F0F@ecs.soton.ac.uk> Use a ruleset on the "Non-Spam Actions", "Spam Actions" and "High- Scoring Spam Actions" which says something like this: From: user1@domain1.com and To: *@domain2.com forward user3@domain3.com FromOrTo: default deliver On 14 Mar 2006, at 04:38, DOODS wrote: > > Hello All. > I need a quick help. I would like to do a filtering based on the > from and > to headers and then forward emails to a specific email address if > matched. > To be more detailed: > > Condition: and > Action: Forward to user3@domain3.com > > We're running MailScanner and Exim with MySQL. I have been googling > since > this morning and can't find the answer that I need. I hope someone can > help. > Thanks in advance. > Now it's back to googling for me... > > Cheers, -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve.swaney at fsl.com Tue Mar 14 13:56:48 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Tue Mar 14 13:54:50 2006 Subject: Filtering Then Forwarding In-Reply-To: <34160.203.88.231.8.1142311100.squirrel@203.88.231.8> Message-ID: <084f01c6476f$23d2fe50$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of DOODS > Sent: Monday, March 13, 2006 11:38 PM > To: mailscanner@lists.mailscanner.info > Subject: Filtering Then Forwarding > > > Hello All. > I need a quick help. I would like to do a filtering based on the from and > to headers and then forward emails to a specific email address if matched. > To be more detailed: > > Condition: and > Action: Forward to user3@domain3.com > > We're running MailScanner and Exim with MySQL. I have been googling since > this morning and can't find the answer that I need. I hope someone can > help. > Thanks in advance. > Now it's back to googling for me... > > Cheers, > DOODS > You pretty much wrote the rule yourself. Create a rule set for Non Spam Actions (and Spam Actions and High Spam Actions if necessary): From: user1@domain1.com and To: *@domain2.com forward user3@domain3.com delete FromOrTo: default deliver Each rule above should be entered on a single line. I believe this is in the Example and Readme files in the rules directory. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From Denis.Beauchemin at USherbrooke.ca Tue Mar 14 14:16:08 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Mar 14 14:17:49 2006 Subject: Big Loads In-Reply-To: <44160884.3010306@nkpanama.com> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <441593F4.6020500@USherbrooke.ca> <44160884.3010306@nkpanama.com> Message-ID: <4416D028.3030600@USherbrooke.ca> Alex Neuman van der Hans wrote: > Any good FAQ entries you might recommend on using IPBlock? The comments in the /usr/lib/MailScanner/MailScanner/CustomConfig.pm file are pretty much what you will need. Don't forget the crontab job unless you want to block offending IPs forever. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060314/d9d44e15/smime.bin From samp at arial-concept.com Tue Mar 14 14:49:12 2006 From: samp at arial-concept.com (Sam Przyswa) Date: Tue Mar 14 14:49:27 2006 Subject: Rules precedence Message-ID: <4416D7E8.8010108@arial-concept.com> Hi, What is the rules precedence if I use for example the SORBS-DNSBL in MailScanner.conf and SpamAssassin with a -100.000 score rule with a whitelist Bonded Sender program ? Sam. -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. MailScanner remercie transtec pour son soutien. From jaearick at colby.edu Tue Mar 14 14:50:52 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Tue Mar 14 15:02:18 2006 Subject: Big Loads In-Reply-To: <4416D028.3030600@USherbrooke.ca> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <441593F4.6020500@USherbrooke.ca> <44160884.3010306@nkpanama.com> <4416D028.3030600@USherbrooke.ca> Message-ID: See the following: http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/234.html and http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/239.html Jeff Earickson Colby College On Tue, 14 Mar 2006, Denis Beauchemin wrote: > Date: Tue, 14 Mar 2006 09:16:08 -0500 > From: Denis Beauchemin > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: Big Loads > > Alex Neuman van der Hans wrote: > >> Any good FAQ entries you might recommend on using IPBlock? > > The comments in the /usr/lib/MailScanner/MailScanner/CustomConfig.pm file are > pretty much what you will need. Don't forget the crontab job unless you want > to block offending IPs forever. > > Denis > > -- > _ > ?v? Denis Beauchemin, analyste > /(_)\ Universit? de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x2252 F: 819.821.8045 > > > From shuttlebox at gmail.com Tue Mar 14 15:51:13 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Mar 14 15:51:17 2006 Subject: Problem with MIME multipart/related Message-ID: <625385e30603140751r720b3d68t909ba12e76b43fb5@mail.gmail.com> I have a problem with mail sent from some kind of medical appliance. I get a "Could not analyze message" report and the message gets quarantined. This is the only log line from MailScanner: Mar 13 13:50:21 ajax MailScanner[25733]: Saved entire message to /queues/MailScanner/quarantine/20060313/k2DCoIjU028388 The message passes a Sendmail server before it so the problem must be related to MS having problems unpacking the MIME structure. I called the company and they were pretty much clueless but admitted that other customers had varying problems looking at the mails. They contain HTML with image tags and some customers saw it properly and others only saw the text and no images. This is the last part of the qf-file. Is it the two semicolons after multipart/related that is the problem (syntax error) or doesn't MS support this content type? I don't know how common it is. H??X-Mailer: CytoMailer1.0 H??MIME-Version: 1.0 H??Content-Type: multipart/related;; boundary=WC_MAIL_PaRt_BoUnDaRy_05151998 . -- /peter From KLekas at foxriver.com Tue Mar 14 16:04:40 2006 From: KLekas at foxriver.com (Kosta Lekas) Date: Tue Mar 14 16:04:53 2006 Subject: spamassassin timeouts help Message-ID: <8D8A77DC1FA09546936E74FC3EEC627A3B1FDE@FREXGENEVA-01.frfr.foxriver.com> Hi everyone, I would like to figure out how to prevent or minimize spamassassin timeouts. Problem is I'm not exactly sure what causes it to time out in the first place (if someone can explain it to me that would be great). I have 3 MailScanner gateways running on different DMZ's, MX01, MX02, and MX03. 1. MX01 is used primarily for mail archiving relay to IronMountain. I have an internal MS Exchange server, anything sent or received by any of my users is archived to archiveaddress@ironmountain.com; It is relayed from Exchange box to MX01 and then to IronMountain's SMTP servers. MX01 is also a backup MX listed in my public mx pool with a high weight so I do see a lot of spammers trying to hit it. This guy processes an average of 2500 messages a day and 1/80 mails get spamassassin timeouts on this relay. 2. MX02 is my outgoing (internet bound relay) as well as my primary incoming mail server listed with the lowest weight in public DNS. This guy processes an average of 1200 messages a day and 1/190 mails get spamassassin timeouts on this relay. 3. MX03 is a backup relay for internetbound and incoming and is listed in public DNS with a higher weight that MX02 so I do see a lot of spammers try to hit it. This guy processes only 120 messages a day and 1/10 mails get spamassassin timeouts on this relay. What is getting me is the low amount of messages that MX03 is receiving but yet is having so many spamassassin timeouts. Most of the spam that gets thru has come from MX03 and from examination of the headers I can see that spamassassin timed out, but it does catch about 50 a day. Why so many timeouts on this guy. I have included some log entries at the end of this email. On All 3 relays: Max Spam List Timeouts = 7 Spam List Timeouts History = 10 Max SpamAssassin Timeouts = 10 SpamAssassin Timeouts History = 30 Max Custom Spam Scanner Timeouts = 10 MCP Max SpamAssassin Timeouts = 20 The only thing different on MX03 is that I am using the latest MailScanner with the feature "Cache SpamAssassin Results = yes" Here are the Specs for all three relays as you can see MX02 has the best hardware, MX03 comes in second and then MX01. MX01 specs: 1 CPU Pentium 3, 1.4GHz, 500MB of ram Red Hat Enterprise Linux WS release 4 (Nahant Update 2) Perl version 5.008005 (5.8.5) MailScanner version 4.42.9 postfix-2.1.5-4.2.RHEL4 spamassassin-3.0.4-1_25.el4.at (using DCC) clamav-0.87-1.2.el4.rf MX02 specs: Dual Xeon, 3.2GHz, 4GB of ram Red Hat Enterprise Linux WS release 4 (Nahant Update 2) Perl version 5.008005 (5.8.5) MailScanner version 4.45.4 postfix-2.1.5-4.2.RHEL4 spamassassin-3.0.4-1.el4 (using DCC) clamav-0.87-1.2.el4.rf MX03 specs: Dual Xeon, 2.8GHz, 2G of ram Fedora Core release 4 (Stentz) Perl version 5.008006 (5.8.6) MailScanner version 4.51.4 postfix-2.2.2-2 spamassassin-3.0.4-2.fc4 (using DCC, using spamassassin cache feature) clamav-0.88-1.fc4 (using clamavmodule) Here are some log entries from MX03 showing the timeouts: /var/log/maillog:Mar 12 04:17:23 MX03 MailScanner[19465]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 12 04:17:24 MX03 MailScanner[19465]: Message B083647F8F.C006E from 218.18.181.156 (aostos@abt.com.tr) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 12 04:20:10 MX03 MailScanner[19578]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 12 04:20:11 MX03 MailScanner[19578]: Message BDC6747F8F.7787A from 59.5.144.136 (snd_pcm_hw_params_set_period_size_first@glennedward.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 12 09:22:06 MX03 MailScanner[19522]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 12 09:22:08 MX03 MailScanner[19522]: Message 90FC847F8F.4E65E from 59.37.63.81 (gustavo_woodscy@lycos.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 12 12:58:47 MX03 MailScanner[22385]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 12 12:58:48 MX03 MailScanner[22385]: Message E7D6947F80.842A4 from 66.215.18.215 (hugh@paramed.biz) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 12 13:39:04 MX03 MailScanner[19470]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 12 13:39:05 MX03 MailScanner[19470]: Message C111847F83.490CD from 127.0.0.1 (root@mydomain.com) to mydomain.com is not spam (whitelisted), SpamAssassin (timed out) /var/log/maillog:Mar 12 13:46:23 MX03 MailScanner[23571]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 12 13:46:24 MX03 MailScanner[23571]: Message 5658947F85.94B60 from 68.164.134.210 (stitti@bhb.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 12 13:53:51 MX03 MailScanner[28831]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 12 13:53:53 MX03 MailScanner[28831]: Message 6731247F85.D2DA7 from 203.210.151.43 (cmzcuoniucu@hotmail.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 12 14:00:28 MX03 MailScanner[23788]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 12 14:00:29 MX03 MailScanner[23788]: Message E04A347F8A.4DAC5 from 200.165.21.104 (lnpykciriii@hotmail.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 12 15:45:25 MX03 MailScanner[9593]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 12 15:45:26 MX03 MailScanner[9593]: Message CC93847F88.B0E03 from 80.108.24.113 (plsnutrionists@mdgekko.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 12 19:09:09 MX03 MailScanner[13504]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 12 19:09:10 MX03 MailScanner[13504]: Message CC63347F8F.EEFAC from 200.113.75.224 (jvyxcjyidqa@hotmail.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 12 21:07:08 MX03 MailScanner[25699]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 12 21:07:09 MX03 MailScanner[25699]: Message 7D7F647F94.91C50 from 58.168.170.253 (i_golodnikov@inbox.ru) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 12 21:07:15 MX03 MailScanner[12264]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 12 21:07:16 MX03 MailScanner[12264]: Message 619A447F9A.40F2D from 58.168.170.253 (donoghue.laginaqa4@gmail.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 12 21:15:18 MX03 MailScanner[20260]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 12 21:15:19 MX03 MailScanner[20260]: Message 8C0BF47F8F.33EA1 from 222.109.255.235 (info@mydomain.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 13 04:03:31 MX03 MailScanner[15384]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 13 04:03:32 MX03 MailScanner[15384]: Message 852C947F8F.2A2E0 from 127.0.0.1 (root@mydomain.com) to MX03.mydomain.com,root is not spam (whitelisted), SpamAssassin (timed out) /var/log/maillog:Mar 13 04:36:53 MX03 MailScanner[19666]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 13 04:36:54 MX03 MailScanner[19666]: Message 782C047F8F.16EAF from 222.67.132.244 (xaviert@methodistemail.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 13 04:37:33 MX03 MailScanner[13163]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 13 04:37:35 MX03 MailScanner[13163]: Message D990D47F95.A54A4 from 83.35.242.23 (wzjgjztcpeo@hotmail.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 13 08:38:49 MX03 MailScanner[15435]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 13 08:38:50 MX03 MailScanner[15435]: Message 5715F47F8F.6E0A8 from 218.13.88.109 (carls2@yahoo.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 13 09:09:20 MX03 MailScanner[15142]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 13 09:09:21 MX03 MailScanner[15142]: Message 6F64047F8F.ACCA1 from 84.72.68.253 (john@eu-vest.biz) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 13 09:59:44 MX03 MailScanner[15689]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 13 09:59:45 MX03 MailScanner[15689]: Message 8704F47F8E.4A095 from 221.158.30.189 (sherrietomlinsonnm@visuallink.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 13 10:19:36 MX03 MailScanner[29901]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 13 10:19:38 MX03 MailScanner[29901]: Message D6DF047F8E.86E7D from 216.222.251.75 (danosusu@hearngroup.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 13 10:30:43 MX03 MailScanner[29902]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 13 10:30:44 MX03 MailScanner[29902]: Message 4902E47F8E.39042 from 82.246.244.31 (toiubpvcbdttm@math-info.univ-paris5.fr) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 13 16:56:59 MX03 MailScanner[31306]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 13 16:57:01 MX03 MailScanner[31306]: Message BE6C947F8F.4CBDE from 70.92.73.132 (richard@guitarra.biz) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 13 18:26:02 MX03 MailScanner[31312]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 13 18:26:04 MX03 MailScanner[31312]: Message 4D6BF47F6E.8DA38 from 69.143.26.250 (henry@pradella.biz) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 13 18:27:43 MX03 MailScanner[31263]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 13 18:27:44 MX03 MailScanner[31263]: Message EF85B47F97.9CD6C from 24.0.25.137 (john@pistonheads.biz) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 14 01:57:42 MX03 MailScanner[3814]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 14 01:57:43 MX03 MailScanner[3814]: Message 70D2347F90.0A30B from 58.33.193.13 (susanah@gay-mail.net) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 14 04:03:30 MX03 MailScanner[3863]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 14 04:03:31 MX03 MailScanner[3863]: Message E442347F90.0CEF2 from 127.0.0.1 (root@mydomain.com) to MX03.mydomain.com,root is not spam (whitelisted), SpamAssassin (timed out) /var/log/maillog:Mar 14 06:49:58 MX03 MailScanner[3684]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 14 06:49:59 MX03 MailScanner[3684]: Message 62A5B47F8F.5D1D9 from 85.216.44.205 (mmwlpmfvsjb@hotmail.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 14 08:11:33 MX03 MailScanner[7162]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 14 08:11:34 MX03 MailScanner[7162]: Message 8B70847F8F.4FE93 from 222.191.167.14 (wierzbicki@bluehyppo.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 14 08:34:25 MX03 MailScanner[3672]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 14 08:34:27 MX03 MailScanner[3672]: Message CE81647F8F.CF604 from 221.14.241.74 (zdtdvqmgqus@subt-16.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog.1:Mar 9 08:01:46 MX03 MailScanner[2030]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog.1:Mar 9 08:01:47 MX03 MailScanner[2030]: Message 67CA447FA7.9BA57 from 201.138.198.234 (chenchen@0733.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog.1:Mar 9 08:02:05 MX03 MailScanner[2379]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog.1:Mar 9 08:02:08 MX03 MailScanner[2379]: Message B26FA47FC0.CB827 from 211.196.198.72 (j_maldonado_fr@netscape.net) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog.1:Mar 10 04:07:45 MX03 MailScanner[3572]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog.1:Mar 10 08:01:07 MX03 MailScanner[3572]: Message B0C4C47F90.E284C from 221.152.17.195 (bourqfried@dawgrock.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog.1:Mar 10 08:19:04 MX03 MailScanner[2126]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog.1:Mar 10 08:19:05 MX03 MailScanner[2126]: Message 19E6747F89.D3A88 from 83.94.161.243 (certain588@gmail.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog.1:Mar 10 08:19:46 MX03 MailScanner[2476]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog.1:Mar 10 08:19:48 MX03 MailScanner[2476]: Message E6FE147F6E.EFDBC from 83.94.161.243 (phelan.humphry75t@gmail.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog.1:Mar 11 15:29:48 MX03 MailScanner[19464]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog.1:Mar 11 15:29:55 MX03 MailScanner[19464]: Message C768447F8A.3C3C1 from 200.149.217.102 (bzn@0733.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog.1:Mar 11 15:44:40 MX03 MailScanner[19473]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog.1:Mar 11 15:44:41 MX03 MailScanner[19473]: Message D9DB447F8D.32594 from 81.193.12.243 (surlesu@is.titech.ac.jp) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog.1:Mar 11 17:19:13 MX03 MailScanner[19467]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog.1:Mar 11 17:19:14 MX03 MailScanner[19467]: Message 2F2E347F8E.71F12 from 69.201.205.193 (gilbert@first2office.biz) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog.1:Mar 12 01:06:39 MX03 MailScanner[19514]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog.1:Mar 12 01:06:40 MX03 MailScanner[19514]: Message 1452A47F92.DFF53 from 222.137.180.247 (fgwabrmvom@laptopcentral.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog.1:Mar 12 03:13:26 MX03 MailScanner[19467]: SpamAssassin timed out and was killed, failure 2 of 10 /var/log/maillog.1:Mar 12 03:13:27 MX03 MailScanner[19467]: Message 437B147F94.66F30 from 221.202.59.26 (billiessewell_lp@flash.net) to mydomain.com is not spam, SpamAssassin (timed out) Thanks, kosta -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060314/61b7a50e/attachment.html From MailScanner at ecs.soton.ac.uk Tue Mar 14 16:11:44 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 14 16:11:55 2006 Subject: Problem with MIME multipart/related In-Reply-To: <625385e30603140751r720b3d68t909ba12e76b43fb5@mail.gmail.com> References: <625385e30603140751r720b3d68t909ba12e76b43fb5@mail.gmail.com> Message-ID: <4648312B-58BD-48F5-868C-FBAB506C845D@ecs.soton.ac.uk> Please post a zip of a complete message, so we can give it a try. On 14 Mar 2006, at 15:51, shuttlebox wrote: > I have a problem with mail sent from some kind of medical appliance. I > get a "Could not analyze message" report and the message gets > quarantined. This is the only log line from MailScanner: > > Mar 13 13:50:21 ajax MailScanner[25733]: Saved entire message to > /queues/MailScanner/quarantine/20060313/k2DCoIjU028388 > > The message passes a Sendmail server before it so the problem must be > related to MS having problems unpacking the MIME structure. I called > the company and they were pretty much clueless but admitted that other > customers had varying problems looking at the mails. They contain HTML > with image tags and some customers saw it properly and others only saw > the text and no images. > > This is the last part of the qf-file. Is it the two semicolons after > multipart/related that is the problem (syntax error) or doesn't MS > support this content type? I don't know how common it is. > > H??X-Mailer: CytoMailer1.0 > H??MIME-Version: 1.0 > H??Content-Type: multipart/related;; > boundary=WC_MAIL_PaRt_BoUnDaRy_05151998 > . -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Tue Mar 14 16:34:35 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Mar 14 16:34:44 2006 Subject: Rules precedence In-Reply-To: <4416D7E8.8010108@arial-concept.com> References: <4416D7E8.8010108@arial-concept.com> Message-ID: <4416F09B.8000608@evi-inc.com> Sam Przyswa wrote: > Hi, > > What is the rules precedence if I use for example the SORBS-DNSBL in > MailScanner.conf and SpamAssassin with a -100.000 score rule with a > whitelist Bonded Sender program ? > MailScanner.conf trumps any spamassassin score. If you don't *explicitly* trust a DNSBL, do not put it in your MailScanner.conf, let spamassassin run it and factor it into it's scoring instead. From taz at taz-mania.com Tue Mar 14 16:55:54 2006 From: taz at taz-mania.com (Dennis Willson) Date: Tue Mar 14 16:55:59 2006 Subject: spamassassin timeouts help In-Reply-To: <8D8A77DC1FA09546936E74FC3EEC627A3B1FDE@FREXGENEVA-01.frfr.foxriver.com> References: <8D8A77DC1FA09546936E74FC3EEC627A3B1FDE@FREXGENEVA-01.frfr.foxriver.com> Message-ID: <4416F59A.7050900@taz-mania.com> When I see large amounts of SpamAssassin timeouts is when one or more of the DNSBLs are not responding (happens occasionally). The the wait time builds up and causes SpamAssassin to timeout. Also if you local recursive DNS server (used by your gateways) is slow doing lookups that could be a problem too. Kosta Lekas wrote: > Hi everyone, > > I would like to figure out how to prevent or minimize spamassassin > timeouts. Problem is I?m not exactly sure what causes it to time out > in the first place (if someone can explain it to me that would be > great). I have 3 MailScanner gateways running on different DMZ?s, > MX01, MX02, and MX03. > > 1. MX01 is used primarily for mail archiving relay to IronMountain. I > have an internal MS Exchange server, anything sent or received by any > of my users is archived to archiveaddress@ironmountain.com > ; It is relayed from Exchange > box to MX01 and then to IronMountain?s SMTP servers. MX01 is also a > backup MX listed in my public mx pool with a high weight so I do see a > lot of spammers trying to hit it. This guy processes an average of > 2500 messages a day and 1/80 mails get spamassassin timeouts on this > relay. > > 2. MX02 is my outgoing (internet bound relay) as well as my primary > incoming mail server listed with the lowest weight in public DNS. This > guy processes an average of 1200 messages a day and 1/190 mails get > spamassassin timeouts on this relay. > > 3. MX03 is a backup relay for internetbound and incoming and is listed > in public DNS with a higher weight that MX02 so I do see a lot of > spammers try to hit it. This guy processes only 120 messages a day and > 1/10 mails get spamassassin timeouts on this relay. > > What is getting me is the low amount of messages that MX03 is > receiving but yet is having so many spamassassin timeouts. Most of the > spam that gets thru has come from MX03 and from examination of the > headers I can see that spamassassin timed out, but it does catch about > 50 a day. Why so many timeouts on this guy. I have included some log > entries at the end of this email. > > On All 3 relays: > > Max Spam List Timeouts = 7 > > Spam List Timeouts History = 10 > > Max SpamAssassin Timeouts = 10 > > SpamAssassin Timeouts History = 30 > > Max Custom Spam Scanner Timeouts = 10 > > MCP Max SpamAssassin Timeouts = 20 > > The only thing different on MX03 is that I am using the latest > MailScanner with the feature ?Cache SpamAssassin Results = yes? > > Here are the Specs for all three relays as you can see MX02 has the > best hardware, MX03 comes in second and then MX01. > > MX01 specs: > > 1 CPU Pentium 3, 1.4GHz, 500MB of ram > > Red Hat Enterprise Linux WS release 4 (Nahant Update 2) > > Perl version 5.008005 (5.8.5) > > MailScanner version 4.42.9 > > postfix-2.1.5-4.2.RHEL4 > > spamassassin-3.0.4-1_25.el4.at (using DCC) > > clamav-0.87-1.2.el4.rf > > MX02 specs: > > Dual Xeon, 3.2GHz, 4GB of ram > > Red Hat Enterprise Linux WS release 4 (Nahant Update 2) > > Perl version 5.008005 (5.8.5) > > MailScanner version 4.45.4 > > postfix-2.1.5-4.2.RHEL4 > > spamassassin-3.0.4-1.el4 (using DCC) > > clamav-0.87-1.2.el4.rf > > MX03 specs: > > Dual Xeon, 2.8GHz, 2G of ram > > Fedora Core release 4 (Stentz) > > Perl version 5.008006 (5.8.6) > > MailScanner version 4.51.4 > > postfix-2.2.2-2 > > spamassassin-3.0.4-2.fc4 (using DCC, using spamassassin cache feature) > > clamav-0.88-1.fc4 (using clamavmodule) > > Here are some log entries from MX03 showing the timeouts: > > /var/log/maillog:Mar 12 04:17:23 MX03 MailScanner[19465]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 12 04:17:24 MX03 MailScanner[19465]: Message > B083647F8F.C006E from 218.18.181.156 (aostos@abt.com.tr) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 12 04:20:10 MX03 MailScanner[19578]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 12 04:20:11 MX03 MailScanner[19578]: Message > BDC6747F8F.7787A from 59.5.144.136 > (snd_pcm_hw_params_set_period_size_first@glennedward.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 12 09:22:06 MX03 MailScanner[19522]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 12 09:22:08 MX03 MailScanner[19522]: Message > 90FC847F8F.4E65E from 59.37.63.81 (gustavo_woodscy@lycos.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 12 12:58:47 MX03 MailScanner[22385]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 12 12:58:48 MX03 MailScanner[22385]: Message > E7D6947F80.842A4 from 66.215.18.215 (hugh@paramed.biz) to mydomain.com > is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 12 13:39:04 MX03 MailScanner[19470]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 12 13:39:05 MX03 MailScanner[19470]: Message > C111847F83.490CD from 127.0.0.1 (root@mydomain.com) to mydomain.com is > not spam (whitelisted), SpamAssassin (timed out) > > /var/log/maillog:Mar 12 13:46:23 MX03 MailScanner[23571]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 12 13:46:24 MX03 MailScanner[23571]: Message > 5658947F85.94B60 from 68.164.134.210 (stitti@bhb.com) to mydomain.com > is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 12 13:53:51 MX03 MailScanner[28831]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 12 13:53:53 MX03 MailScanner[28831]: Message > 6731247F85.D2DA7 from 203.210.151.43 (cmzcuoniucu@hotmail.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 12 14:00:28 MX03 MailScanner[23788]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 12 14:00:29 MX03 MailScanner[23788]: Message > E04A347F8A.4DAC5 from 200.165.21.104 (lnpykciriii@hotmail.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 12 15:45:25 MX03 MailScanner[9593]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 12 15:45:26 MX03 MailScanner[9593]: Message > CC93847F88.B0E03 from 80.108.24.113 (plsnutrionists@mdgekko.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 12 19:09:09 MX03 MailScanner[13504]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 12 19:09:10 MX03 MailScanner[13504]: Message > CC63347F8F.EEFAC from 200.113.75.224 (jvyxcjyidqa@hotmail.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 12 21:07:08 MX03 MailScanner[25699]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 12 21:07:09 MX03 MailScanner[25699]: Message > 7D7F647F94.91C50 from 58.168.170.253 (i_golodnikov@inbox.ru) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 12 21:07:15 MX03 MailScanner[12264]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 12 21:07:16 MX03 MailScanner[12264]: Message > 619A447F9A.40F2D from 58.168.170.253 (donoghue.laginaqa4@gmail.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 12 21:15:18 MX03 MailScanner[20260]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 12 21:15:19 MX03 MailScanner[20260]: Message > 8C0BF47F8F.33EA1 from 222.109.255.235 (info@mydomain.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 13 04:03:31 MX03 MailScanner[15384]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 13 04:03:32 MX03 MailScanner[15384]: Message > 852C947F8F.2A2E0 from 127.0.0.1 (root@mydomain.com) to > MX03.mydomain.com,root is not spam (whitelisted), SpamAssassin (timed out) > > /var/log/maillog:Mar 13 04:36:53 MX03 MailScanner[19666]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 13 04:36:54 MX03 MailScanner[19666]: Message > 782C047F8F.16EAF from 222.67.132.244 (xaviert@methodistemail.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 13 04:37:33 MX03 MailScanner[13163]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 13 04:37:35 MX03 MailScanner[13163]: Message > D990D47F95.A54A4 from 83.35.242.23 (wzjgjztcpeo@hotmail.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 13 08:38:49 MX03 MailScanner[15435]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 13 08:38:50 MX03 MailScanner[15435]: Message > 5715F47F8F.6E0A8 from 218.13.88.109 (carls2@yahoo.com) to mydomain.com > is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 13 09:09:20 MX03 MailScanner[15142]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 13 09:09:21 MX03 MailScanner[15142]: Message > 6F64047F8F.ACCA1 from 84.72.68.253 (john@eu-vest.biz) to mydomain.com > is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 13 09:59:44 MX03 MailScanner[15689]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 13 09:59:45 MX03 MailScanner[15689]: Message > 8704F47F8E.4A095 from 221.158.30.189 > (sherrietomlinsonnm@visuallink.com) to mydomain.com is not spam, > SpamAssassin (timed out) > > /var/log/maillog:Mar 13 10:19:36 MX03 MailScanner[29901]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 13 10:19:38 MX03 MailScanner[29901]: Message > D6DF047F8E.86E7D from 216.222.251.75 (danosusu@hearngroup.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 13 10:30:43 MX03 MailScanner[29902]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 13 10:30:44 MX03 MailScanner[29902]: Message > 4902E47F8E.39042 from 82.246.244.31 > (toiubpvcbdttm@math-info.univ-paris5.fr) to mydomain.com is not spam, > SpamAssassin (timed out) > > /var/log/maillog:Mar 13 16:56:59 MX03 MailScanner[31306]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 13 16:57:01 MX03 MailScanner[31306]: Message > BE6C947F8F.4CBDE from 70.92.73.132 (richard@guitarra.biz) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 13 18:26:02 MX03 MailScanner[31312]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 13 18:26:04 MX03 MailScanner[31312]: Message > 4D6BF47F6E.8DA38 from 69.143.26.250 (henry@pradella.biz) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 13 18:27:43 MX03 MailScanner[31263]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 13 18:27:44 MX03 MailScanner[31263]: Message > EF85B47F97.9CD6C from 24.0.25.137 (john@pistonheads.biz) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 14 01:57:42 MX03 MailScanner[3814]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 14 01:57:43 MX03 MailScanner[3814]: Message > 70D2347F90.0A30B from 58.33.193.13 (susanah@gay-mail.net) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 14 04:03:30 MX03 MailScanner[3863]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 14 04:03:31 MX03 MailScanner[3863]: Message > E442347F90.0CEF2 from 127.0.0.1 (root@mydomain.com) to > MX03.mydomain.com,root is not spam (whitelisted), SpamAssassin (timed out) > > /var/log/maillog:Mar 14 06:49:58 MX03 MailScanner[3684]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 14 06:49:59 MX03 MailScanner[3684]: Message > 62A5B47F8F.5D1D9 from 85.216.44.205 (mmwlpmfvsjb@hotmail.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 14 08:11:33 MX03 MailScanner[7162]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 14 08:11:34 MX03 MailScanner[7162]: Message > 8B70847F8F.4FE93 from 222.191.167.14 (wierzbicki@bluehyppo.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 14 08:34:25 MX03 MailScanner[3672]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 14 08:34:27 MX03 MailScanner[3672]: Message > CE81647F8F.CF604 from 221.14.241.74 (zdtdvqmgqus@subt-16.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog.1:Mar 9 08:01:46 MX03 MailScanner[2030]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog.1:Mar 9 08:01:47 MX03 MailScanner[2030]: Message > 67CA447FA7.9BA57 from 201.138.198.234 (chenchen@0733.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog.1:Mar 9 08:02:05 MX03 MailScanner[2379]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog.1:Mar 9 08:02:08 MX03 MailScanner[2379]: Message > B26FA47FC0.CB827 from 211.196.198.72 (j_maldonado_fr@netscape.net) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog.1:Mar 10 04:07:45 MX03 MailScanner[3572]: > SpamAssassin timed out and was killed, failure 1 of 10 > > /var/log/maillog.1:Mar 10 08:01:07 MX03 MailScanner[3572]: Message > B0C4C47F90.E284C from 221.152.17.195 (bourqfried@dawgrock.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog.1:Mar 10 08:19:04 MX03 MailScanner[2126]: > SpamAssassin timed out and was killed, failure 1 of 10 > > /var/log/maillog.1:Mar 10 08:19:05 MX03 MailScanner[2126]: Message > 19E6747F89.D3A88 from 83.94.161.243 (certain588@gmail.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog.1:Mar 10 08:19:46 MX03 MailScanner[2476]: > SpamAssassin timed out and was killed, failure 1 of 10 > > /var/log/maillog.1:Mar 10 08:19:48 MX03 MailScanner[2476]: Message > E6FE147F6E.EFDBC from 83.94.161.243 (phelan.humphry75t@gmail.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog.1:Mar 11 15:29:48 MX03 MailScanner[19464]: > SpamAssassin timed out and was killed, failure 1 of 10 > > /var/log/maillog.1:Mar 11 15:29:55 MX03 MailScanner[19464]: Message > C768447F8A.3C3C1 from 200.149.217.102 (bzn@0733.com) to mydomain.com > is not spam, SpamAssassin (timed out) > > /var/log/maillog.1:Mar 11 15:44:40 MX03 MailScanner[19473]: > SpamAssassin timed out and was killed, failure 1 of 10 > > /var/log/maillog.1:Mar 11 15:44:41 MX03 MailScanner[19473]: Message > D9DB447F8D.32594 from 81.193.12.243 (surlesu@is.titech.ac.jp) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog.1:Mar 11 17:19:13 MX03 MailScanner[19467]: > SpamAssassin timed out and was killed, failure 1 of 10 > > /var/log/maillog.1:Mar 11 17:19:14 MX03 MailScanner[19467]: Message > 2F2E347F8E.71F12 from 69.201.205.193 (gilbert@first2office.biz) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog.1:Mar 12 01:06:39 MX03 MailScanner[19514]: > SpamAssassin timed out and was killed, failure 1 of 10 > > /var/log/maillog.1:Mar 12 01:06:40 MX03 MailScanner[19514]: Message > 1452A47F92.DFF53 from 222.137.180.247 (fgwabrmvom@laptopcentral.com) > to mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog.1:Mar 12 03:13:26 MX03 MailScanner[19467]: > SpamAssassin timed out and was killed, failure 2 of 10 > > /var/log/maillog.1:Mar 12 03:13:27 MX03 MailScanner[19467]: Message > 437B147F94.66F30 from 221.202.59.26 (billiessewell_lp@flash.net) to > mydomain.com is not spam, SpamAssassin (timed out) > > Thanks, > > kosta > -- Dennis Willson (taz@taz-mania.com) Owner, Operator of Kepnet Internet Services http://www.kepnet.com -------------- next part -------------- A non-text attachment was scrubbed... Name: taz.vcf Type: text/x-vcard Size: 229 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060314/fbd24670/taz.vcf From shuttlebox at gmail.com Tue Mar 14 16:59:57 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Mar 14 17:00:00 2006 Subject: Problem with MIME multipart/related In-Reply-To: <4648312B-58BD-48F5-868C-FBAB506C845D@ecs.soton.ac.uk> References: <625385e30603140751r720b3d68t909ba12e76b43fb5@mail.gmail.com> <4648312B-58BD-48F5-868C-FBAB506C845D@ecs.soton.ac.uk> Message-ID: <625385e30603140859s3cb94af2wb9533868a9fbce98@mail.gmail.com> On 3/14/06, Julian Field wrote: > Please post a zip of a complete message, so we can give it a try. I can't post the complete message here, for all I know it could contain someones x-ray pictures showing a tumor or something. I have to check with the client if I'm allowed to send you the files off list. Would that be OK? -- /peter From MailScanner at ecs.soton.ac.uk Tue Mar 14 17:12:54 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 14 17:13:00 2006 Subject: Problem with MIME multipart/related In-Reply-To: <625385e30603140859s3cb94af2wb9533868a9fbce98@mail.gmail.com> References: <625385e30603140751r720b3d68t909ba12e76b43fb5@mail.gmail.com> <4648312B-58BD-48F5-868C-FBAB506C845D@ecs.soton.ac.uk> <625385e30603140859s3cb94af2wb9533868a9fbce98@mail.gmail.com> Message-ID: <4416F996.901@ecs.soton.ac.uk> shuttlebox wrote: > On 3/14/06, Julian Field wrote: > >> Please post a zip of a complete message, so we can give it a try. >> > > I can't post the complete message here, for all I know it could > contain someones x-ray pictures showing a tumor or something. I have > to check with the client if I'm allowed to send you the files off > list. Would that be OK? > That would be fine. Definitely send it off-list. I won't publish the message or even look at the attachments it contains, I am only interested in its ability to disassemble the message, I don't need to look at the attachments to study that. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From leah at frauerpower.com Tue Mar 14 18:31:16 2006 From: leah at frauerpower.com (Leah Cunningham) Date: Tue Mar 14 18:19:56 2006 Subject: Archive only non spam tagged messages Message-ID: <200603141331.16951.leah@frauerpower.com> I'm using the Archive setting and was wondering if anyone has a way to set it to only archive messages that are not tagged as spam specifically? It seems to grab everything by default. Maybe someone has a plugin or hook function that would do it? -- Leah Cunningham : d416-585-9971x692 : d416-703-5977 : m416-559-6511 Frauerpower! Co. : www.frauerpower.com : Toronto, ON Canada From DrewB at united-systems.com Tue Mar 14 18:49:41 2006 From: DrewB at united-systems.com (Drew Burchett) Date: Tue Mar 14 18:50:04 2006 Subject: Archive only non spam tagged messages Message-ID: <1E75E79B854C814784D0E8C5BA55AF76BBAD1B@uss2k01.united-systems.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Leah Cunningham > Sent: Tuesday, March 14, 2006 12:31 PM > To: MailScanner discussion > Subject: Archive only non spam tagged messages > > I'm using the Archive setting and was wondering if anyone has a way to set > it > to only archive messages that are not tagged as spam specifically? It > seems > to grab everything by default. Maybe someone has a plugin or hook > function > that would do it? > -- I don't know that there's any existing way to do that because I think that MailScanner archives all of it before it's ever categorized. However, when I was training my Bayesian filter, I wrote a script that would take the MailScanner archives, use SpamAssassin to tag them as spam or not spam and then run them through sa-learn. It's not perfect, but I can provide it if you'd like (and if you can give me a day or so to dig it back out of wherever I dumped it). -- CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean. From ssilva at sgvwater.com Tue Mar 14 22:41:19 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 14 22:43:03 2006 Subject: install.sh wishlist In-Reply-To: References: <44162CE0.2040107@nkpanama.com> Message-ID: Julian Field spake the following on 3/14/2006 2:11 AM: > > On 14 Mar 2006, at 02:39, Alex Neuman van der Hans wrote: > >> I've used clamav-milter on every server I've installed/maintained, and >> I always have to edit install.sh to add "--enable-milter" to be able >> to update it. > > But a large amount of users don't want the milter. > >> I also search&replace all the "sleep 2"s and "sleep 5"s with "sleep >> 0", comment them out, or remove them altogether. Makes for a quicker >> install, and the script is mature enough not to break. > > Try "./install fast" :-) > >> >> Could there be an "--enable-milter" option, or something that would >> detect the existence of clamav-milter (perhaps a ps -ax | grep >> clamav-milter) and add it to the ./configure line? > > That's a possibility. > >> Perhaps a "--super-fast" that would preclude the "sleep"s? >> >> Just my 2c... > > All contributions welcome. Especially monetary ones ;-) From nauman at worldcall.net.pk Wed Mar 15 09:40:37 2006 From: nauman at worldcall.net.pk (Muhammad Nauman) Date: Wed Mar 15 09:40:46 2006 Subject: Help About MailScannerers Stages. References: <44162CE0.2040107@nkpanama.com> Message-ID: <002001c64814$875135f0$23c051cb@noc> Hi All, I m new to this Tools and i have found it really Userful. I have my Mail server on Fedora Core 3 . With Lattest Sendmail With Lattest ClamAV and Lattest MailScanner. I Used the Package ClamAv+SA available on the MailScanner Site with was really easily installed. While Monitoring the SPAM mails on the server , It does catches many of them easily , but some still passes through. I wanna debug the stages of MailScanner so i can trace and fix that problem . Further more - it is also marking my local Mails as Spam - how can i clear it Thankx in Advacne. Nauman From samp at arial-concept.com Wed Mar 15 09:56:04 2006 From: samp at arial-concept.com (Sam Przyswa) Date: Wed Mar 15 09:56:13 2006 Subject: Rules precedence In-Reply-To: <4416F09B.8000608@evi-inc.com> References: <4416D7E8.8010108@arial-concept.com> <4416F09B.8000608@evi-inc.com> Message-ID: <4417E4B4.2010806@arial-concept.com> Matt Kettler a ?crit : >Sam Przyswa wrote: > > >>Hi, >> >>What is the rules precedence if I use for example the SORBS-DNSBL in >>MailScanner.conf and SpamAssassin with a -100.000 score rule with a >>whitelist Bonded Sender program ? >> >> >> > >MailScanner.conf trumps any spamassassin score. > >If you don't *explicitly* trust a DNSBL, do not put it in your MailScanner.conf, >let spamassassin run it and factor it into it's scoring instead. > > I have to much false positive with hotmail.com and hotmail.fr I try only spamassassin. Thanks. Sam. -- Sam Przyswa - Chef de projet Arial Concept - Int???rateur Internet 36, rue de Turin - 75008 - Paris - France Tel: 01 40 54 86 04 - 0870 444 596 - Fax: 01 40 54 83 01 Skype ID: arial-concept Web: http://www.arial-concept.com - Email: Info@arial-concept.com -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. MailScanner remercie transtec pour son soutien. From roger at rudnick.com.br Wed Mar 15 12:07:39 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Wed Mar 15 12:07:46 2006 Subject: Spamassassin 3.1.1 References: <005b01c642b8$220b2810$0705000a@DDF5DW71> <002101c642f6$176f8390$0705000a@DDF5DW71> Message-ID: <020e01c64829$0ed1b040$0600a8c0@roger> Anyone running SpamAssassin 3.1.1 with MailScanner? Any problems? I'm considering an upgrade... Regards Roger Jochem From jaearick at colby.edu Wed Mar 15 12:21:27 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Mar 15 12:24:09 2006 Subject: Spamassassin 3.1.1 In-Reply-To: <020e01c64829$0ed1b040$0600a8c0@roger> References: <005b01c642b8$220b2810$0705000a@DDF5DW71> <002101c642f6$176f8390$0705000a@DDF5DW71> <020e01c64829$0ed1b040$0600a8c0@roger> Message-ID: upgraded to SA 3.1.1 a couple of days ago with MS 4.51.6, no problems here (Solaris 9). Jeff Earickson Colby College On Wed, 15 Mar 2006, Roger Jochem wrote: > Date: Wed, 15 Mar 2006 09:07:39 -0300 > From: Roger Jochem > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Spamassassin 3.1.1 > > Anyone running SpamAssassin 3.1.1 with MailScanner? Any problems? I'm > considering an upgrade... > > Regards > > Roger Jochem > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From alex at nkpanama.com Wed Mar 15 12:29:01 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Mar 15 12:29:07 2006 Subject: Help About MailScannerers Stages. In-Reply-To: <002001c64814$875135f0$23c051cb@noc> References: <44162CE0.2040107@nkpanama.com> <002001c64814$875135f0$23c051cb@noc> Message-ID: <4418088D.8090608@nkpanama.com> Muhammad Nauman wrote: > Hi All, > > I m new to this Tools and i have found it really Userful. > > I have my Mail server on Fedora Core 3 . > With Lattest Sendmail > With Lattest ClamAV > and Lattest MailScanner. > You should really use specific version numbers; your definition of latest could be different from others' point of view. > I Used the Package ClamAv+SA available on the MailScanner Site with > was really easily installed. > > While Monitoring the SPAM mails on the server , It does catches many > of them easily , but some still passes through. I wanna debug the > stages of MailScanner so i can trace and fix that problem . It's not a problem you fix by debugging or tracing. You have to look through the configuration file and pay attention to parameters such as "use spamassassin", the spam scores (which you can make higher or lower depending on your particular mail flow). You should also enable any auxiliary tools for spamassassin that you can (such as Razor, Pyzor and DCC) so that it can make a better analysis. > > Further more - it is also marking my local Mails as Spam - how can i > clear it > You don't clear it; you add your local IP addresses to a whitelist, or disable spam checks for your specific internal IP addresses using rulesets. You shouldn't whitelist names or domains, because those can usually be easily falsified. > Thankx in Advacne. > > Nauman > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From alex at nkpanama.com Wed Mar 15 12:29:43 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Mar 15 12:29:47 2006 Subject: Spamassassin 3.1.1 In-Reply-To: References: <005b01c642b8$220b2810$0705000a@DDF5DW71> <002101c642f6$176f8390$0705000a@DDF5DW71> <020e01c64829$0ed1b040$0600a8c0@roger> Message-ID: <441808B7.5000109@nkpanama.com> Working great on several servers here. Jeff A. Earickson wrote: > upgraded to SA 3.1.1 a couple of days ago with MS 4.51.6, no problems > here (Solaris 9). > > Jeff Earickson > Colby College > > On Wed, 15 Mar 2006, Roger Jochem wrote: > >> Date: Wed, 15 Mar 2006 09:07:39 -0300 >> From: Roger Jochem >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Spamassassin 3.1.1 >> >> Anyone running SpamAssassin 3.1.1 with MailScanner? Any problems? I'm >> considering an upgrade... >> >> Regards >> >> Roger Jochem -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From alex at nkpanama.com Wed Mar 15 12:33:07 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Mar 15 12:33:11 2006 Subject: spamassassin timeouts help In-Reply-To: <4416F59A.7050900@taz-mania.com> References: <8D8A77DC1FA09546936E74FC3EEC627A3B1FDE@FREXGENEVA-01.frfr.foxriver.com> <4416F59A.7050900@taz-mania.com> Message-ID: <44180983.4000203@nkpanama.com> Or Dennis Willson wrote: > When I see large amounts of SpamAssassin timeouts is when one or more > of the DNSBLs are not responding (happens occasionally). The the wait > time builds up and causes SpamAssassin to timeout. Also if you local > recursive DNS server (used by your gateways) is slow doing lookups > that could be a problem too. > Looks more like he *doesn't* have a local recursive DNS server. He could set one up, and/or use local caching DNS for all three boxes. -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From ecj at telpacific.com.au Wed Mar 15 13:14:42 2006 From: ecj at telpacific.com.au (DOODS) Date: Wed Mar 15 13:15:10 2006 Subject: Filtering Then Forwarding In-Reply-To: <084f01c6476f$23d2fe50$287ba8c0@office.fsl> References: <34160.203.88.231.8.1142311100.squirrel@203.88.231.8> <084f01c6476f$23d2fe50$287ba8c0@office.fsl> Message-ID: <12387.138.130.86.215.1142428482.squirrel@138.130.86.215> Thanks for this Stephen and Julian. I tried applying this but then I discovered it doesn't work with our setup. Our MailScanner is on another server and EXIM/IMAP on another. So what happens is that emails sent to other domains that are also hosted on the same server get delivered locally and thus the rules don't get applied. Is there an extra setting that I can do (or perhaps a setting on Exim)? Thanks a lot in advance for any help guys. > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of DOODS >> Sent: Monday, March 13, 2006 11:38 PM >> To: mailscanner@lists.mailscanner.info >> Subject: Filtering Then Forwarding >> >> >> Hello All. >> I need a quick help. I would like to do a filtering based on the from >> and >> to headers and then forward emails to a specific email address if >> matched. >> To be more detailed: >> >> Condition: and >> Action: Forward to user3@domain3.com >> >> We're running MailScanner and Exim with MySQL. I have been googling >> since >> this morning and can't find the answer that I need. I hope someone can >> help. >> Thanks in advance. >> Now it's back to googling for me... >> >> Cheers, >> DOODS >> > > You pretty much wrote the rule yourself. Create a rule set for Non Spam > Actions (and Spam Actions and High Spam Actions if necessary): > > From: user1@domain1.com and To: *@domain2.com forward user3@domain3.com > delete > FromOrTo: default deliver > > Each rule above should be entered on a single line. > > I believe this is in the Example and Readme files in the rules directory. > > Steve > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Cheers, DOODS From tallett at ocvc.ac.uk Wed Mar 15 15:26:04 2006 From: tallett at ocvc.ac.uk (Trevor Allett) Date: Wed Mar 15 15:26:17 2006 Subject: datfiles {OCVC Scanned} Message-ID: <287C63D91CBD264B9C56BB36F7DEF5832C80CF@ox01.occ.local> Hi list, I have been left a mailscanner server. It keeps filling up with dat files (/usr/local/uvscan/datfiles/44xx/) 270 directories, each weighing in at 8MB or so. Am I right in assuming I can delete these as they are old datfiles from MacAfee. And that I can delete all but the latest. The hard drive gets filled up in a matter of a week or so... Cheers for the help ~~~~~~~~~~~~~~~~~~~~~~ Trevor Allett IT Services, Banbury Campus Oxford and Cherwell Valley College Phone 50350 -- Notice: The contents of this message are confidential and may be legally privileged. If you are not the intended recipient any disclosure, copying, printing or distribution of the contents is prohibited and may be unlawful. If you have received this message in error please inform the sender and remove it from your system. Any views or opinions expressed in this message are the responsibility of the originator and do not necessarily reflect those of Oxford and Cherwell Valley College, unless explicitly stated otherwise. This message has been scanned at the Oxford and Cherwell Valley College email gateway using MailScanner (www.mailscanner.info) and is believed to be free of viruses and dangerous content. You are advised, however, to carry out your own checks before opening any attachment(s). -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060315/4c800124/attachment.html From steve.swaney at fsl.com Wed Mar 15 15:58:07 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Mar 15 15:56:08 2006 Subject: Spamassassin 3.1.1 In-Reply-To: Message-ID: <04ec01c64849$4040f850$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jeff A. Earickson > Sent: Wednesday, March 15, 2006 7:21 AM > To: MailScanner discussion > Subject: Re: Spamassassin 3.1.1 > > upgraded to SA 3.1.1 a couple of days ago with MS 4.51.6, no problems > here (Solaris 9). > > Jeff Earickson > Colby College > Ditto here. It's an easy upgrade from 3.0.1 and I didn't see that any changes were necessary to the existing configuration but the UPGRADE file only referred to SpamAssassin 3.0.1. The Changes file seem to show many, many "fixes" but I can't find documentation that parallels Julian's really complete Change Logs :( Anyone know of any major improvements or added functionally in 3.1.1? Thanks, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From prandal at herefordshire.gov.uk Wed Mar 15 15:52:07 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Mar 15 16:00:35 2006 Subject: datfiles {OCVC Scanned} Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580BB19FBB@isabella.herefordshire.gov.uk> You can tweak /usr/lib/MailScanner/mcafee-autoupdate to fix this. Near the top, make sure OPTS="-d" Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Trevor Allett Sent: 15 March 2006 15:26 To: mailscanner@lists.mailscanner.info Subject: datfiles {OCVC Scanned} Hi list, I have been left a mailscanner server. It keeps filling up with dat files (/usr/local/uvscan/datfiles/44xx/) 270 directories, each weighing in at 8MB or so. Am I right in assuming I can delete these as they are old datfiles from MacAfee. And that I can delete all but the latest. The hard drive gets filled up in a matter of a week or so... Cheers for the help ~~~~~~~~~~~~~~~~~~~~~~ Trevor Allett IT Services, Banbury Campus Oxford and Cherwell Valley College Phone 50350 -- Notice: The information in this message is confidential and may be legally privileged. If you are not the intended recipient any disclosure, copying, printing or distribution of the contents is prohibited and may be unlawful. If you have received this message in error please inform the sender and remove it from your system. Any views or opinions expressed in this message are the responsibility of the originator and do not necessarily reflect those of Oxford and Cherwell Valley College, unless explicitly stated otherwise. This message has been scanned at the Oxford and Cherwell Valley College email gateway using MailScanner (www.mailscanner.info) and is believed to be free of viruses and dangerous content. You are advised, however, to carry out your own checks before opening any attachment(s). -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060315/41a80e1e/attachment.html From ssilva at sgvwater.com Wed Mar 15 16:01:39 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 15 16:02:10 2006 Subject: datfiles {OCVC Scanned} In-Reply-To: <287C63D91CBD264B9C56BB36F7DEF5832C80CF@ox01.occ.local> References: <287C63D91CBD264B9C56BB36F7DEF5832C80CF@ox01.occ.local> Message-ID: Trevor Allett spake the following on 3/15/2006 7:26 AM: > Hi list, > I have been left a mailscanner server. It keeps filling up with dat > files (/usr/local/uvscan/datfiles/44xx/) 270 directories, each weighing > in at 8MB or so. Am I right in assuming I can delete these as they are > old datfiles from MacAfee. And that I can delete all but the latest. The > hard drive gets filled up in a matter of a week or so? > > Cheers for the help You should be able to delete the oldest of them easily. You might want to keep a weeks worth, just in case you need to go back. From housey at sme-ecom.co.uk Wed Mar 15 16:05:56 2006 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Wed Mar 15 16:06:09 2006 Subject: UTF8 Message-ID: Hi Im running MailScanner on Fedora Core 2 (Perl version 5.8.3) and CentOS 4.2 (Perl version 5.8.5) Is it necessary on these systems to remove references to UTF-8 in /etc/sysconfig/i18n? I was reading this http://wiki.apache.org/spamassassin/Utf8Performance?highlight=%28UTF%29 and can remember quite a bit of chat on the list about it but was not sure if it was no longer an issue? Kind Regards Paul From Denis.Beauchemin at USherbrooke.ca Wed Mar 15 16:29:45 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Mar 15 16:30:12 2006 Subject: UTF8 In-Reply-To: References: Message-ID: <441840F9.6050403@USherbrooke.ca> Paul Houselander a ?crit : > Hi > > Im running MailScanner on Fedora Core 2 (Perl version 5.8.3) and CentOS 4.2 > (Perl version 5.8.5) > > Is it necessary on these systems to remove references to UTF-8 in > /etc/sysconfig/i18n? > > I was reading this > > http://wiki.apache.org/spamassassin/Utf8Performance?highlight=%28UTF%29 > > and can remember quite a bit of chat on the list about it but was not sure > if it was no longer an issue? > > Kind Regards > > Paul > > Paul, I'm running on RHEL4 servers with LANG="en_US.UTF-8" with no problems. Some Perl modules may not like UTF8 when installing. Just make sure to "export LANG=C" before installing them. If you use Julian's install script, I believe this is taken care of automatically. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060315/9ef8ed6c/smime.bin From nerijus at users.sourceforge.net Wed Mar 15 16:33:27 2006 From: nerijus at users.sourceforge.net (Nerijus Baliunas) Date: Wed Mar 15 16:40:19 2006 Subject: Spamassassin 3.1.1 In-Reply-To: <04ec01c64849$4040f850$287ba8c0@office.fsl> References: <04ec01c64849$4040f850$287ba8c0@office.fsl> Message-ID: <20060315163751.0A306BB4D@mx.dtiltas.lt> On Wed, 15 Mar 2006 10:58:07 -0500 Stephen Swaney wrote: > Ditto here. It's an easy upgrade from 3.0.1 and I didn't see that any > changes were necessary to the existing configuration but the UPGRADE file > only referred to SpamAssassin 3.0.1. > > The Changes file seem to show many, many "fixes" but I can't find > documentation that parallels Julian's really complete Change Logs :( > > Anyone know of any major improvements or added functionally in 3.1.1? http://freshmeat.net/projects/spamassassin/?branch_id=15434&release_id=222150 Regards, Nerijus From gmatt at nerc.ac.uk Wed Mar 15 16:46:09 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Wed Mar 15 16:46:25 2006 Subject: mime and end-of-line encoding Message-ID: <1142441170.19493.52.camel@lea.nerc-wallingford.ac.uk> Has the problem with EOL encoding and "sign clean messages" got any nearer to a fix? This was last mentioned around the 2nd of february after a couple of threads on the issue (Attachment Warnings - End of Line Behavior Changed (CR, LF) and Problem With PDF Files - SOLVED) I have had to implement message signing as part of our Freedom of Infomation (FOI) policy and I've received my first complaint from a user about lines running together. She is using the Eudora mail client. I got the impression that the problem was "hard", but I also got the impression that it wasnt clear where the problem or solution exactly lay, this appeared to be conpounded by the MIME::Tools developer going awol. Is there any update? Any workaround other than "turn off message signing"? respectfully GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From DrewB at united-systems.com Wed Mar 15 18:04:51 2006 From: DrewB at united-systems.com (Drew Burchett) Date: Wed Mar 15 18:05:07 2006 Subject: Archive only non spam tagged messages Message-ID: <1E75E79B854C814784D0E8C5BA55AF76BB0FF4@uss2k01.united-systems.local> > -----Original Message----- > From: Leah Cunningham [mailto:leah@frauerpower.com] > Sent: Tuesday, March 14, 2006 2:04 PM > To: Drew Burchett > Subject: Re: Archive only non spam tagged messages > > On Tuesday 14 March 2006 13:49, you wrote: > > I don't know that there's any existing way to do that because I think > > that MailScanner archives all of it before it's ever categorized. > > However, when I was training my Bayesian filter, I wrote a script that > > would take the MailScanner archives, use SpamAssassin to tag them as > > spam or not spam and then run them through sa-learn. It's not perfect, > > but I can provide it if you'd like (and if you can give me a day or so > > to dig it back out of wherever I dumped it). > > That sounds like it would be useful, I'd appreciate it. > > -- > Leah Cunningham : d416-585-9971x692 : d416-703-5977 : m416-559-6511 > Frauerpower! Co. : www.frauerpower.com : Toronto, ON Canada You can download this script at http://www.united-systems.com/sortspam.pl. Before running the script, open it and change $rootdir to point to whichever directory contains your archive. I've been too busy to change it so that it reads an argument from the command line. Please be warned before using this that it simply uses SpamAssassin to classify the mail before feeding it into sa-learn, so if SpamAssassin is already misclassifying them, it will do the same through this script. -- CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean. From hermit921 at yahoo.com Wed Mar 15 21:06:57 2006 From: hermit921 at yahoo.com (hermit921) Date: Wed Mar 15 21:06:10 2006 Subject: From line has () Message-ID: <6.2.1.2.2.20060315130655.036d05a8@pop.mail.yahoo.com> Just ran into an odd problem. The new Exchange server here seems to reject any message with parentheses () in the body From line. It rejects as "sender denied", after the entire message has been seen by Exchange, as soon as I type in the period. OK, idiot misleading error message, but I want to know if this violates any of the smtp RFCs? Or is anyone unfortunate enough to know if this is an Exchange configuration setting? hermit921 From james at grayonline.id.au Wed Mar 15 22:24:16 2006 From: james at grayonline.id.au (James Gray) Date: Wed Mar 15 22:24:49 2006 Subject: To whitelist or not... Message-ID: <200603160924.21258.james@grayonline.id.au> Hi All, Here's the situation. We don't do any spam scanning in MailScanner (RBL's etc) - we handle all spam filtering in SpamAssassin. MailScanner then does all the virus/attachment/phishing/etc checks. Up until recently, we've been adding addresses to the spam.whitelist.rules to exempt messages from being flagged as spam. We don't deliver spamassassin reports in the headers so the only thing this did was add to our rule hit counts in MailWatch. I've done an experiment. I've created a rule set for the "Use SpamAssassin" config option and moved a few of the whitelisted addresses into there with a "no" action. IOW, the "use.sa.rules" file looks like this: From: whitelist_add1@domain no From: whitelist_add2@another-domain no FromOrTo: default yes We get a LOT of mail from these whitelisted addresses (they are notifications and messages generated by our systems and our customers' systems) and consequently add a nontrivial amount of load. My thinking is that by stopping them from going through SpamAssassin I'll reduce the load, and still achieve the desired effect of "whitelisting" them. I still want the virus/attachment/etc checking done, just none of the spam stuff. It appears to be working as I want but I'm not sure if I've missed something important. Have I missed something? Or is this a reasonable approach? Cheers. James -- The joys of love made her human and the agonies of love destroyed her. -- Spock, "Requiem for Methuselah", stardate 5842.8 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060316/9007338f/attachment.bin From james at grayonline.id.au Wed Mar 15 22:28:02 2006 From: james at grayonline.id.au (James Gray) Date: Wed Mar 15 22:28:26 2006 Subject: From line has () In-Reply-To: <6.2.1.2.2.20060315130655.036d05a8@pop.mail.yahoo.com> References: <6.2.1.2.2.20060315130655.036d05a8@pop.mail.yahoo.com> Message-ID: <200603160928.02767.james@grayonline.id.au> On Thu, 16 Mar 2006 08:06, hermit921 wrote: > Just ran into an odd problem. The new Exchange server here seems to > reject any message with parentheses () in the body From line. It rejects > as "sender denied", after the entire message has been seen by Exchange, > as soon as I type in the period. OK, idiot misleading error message, but > I want to know if this violates any of the smtp RFCs? Or is anyone > unfortunate enough to know if this is an Exchange configuration setting? > > hermit921 The way I read RFC822 (and 2822) is that if an MTA is going to reject a message it should do so as early in the transaction as possible. It should never accept a message it will not deliver. So, if Exchange is dropping the message after the final "dot+" due to a malformed or rejected address, it should have done it during the "MAIL FROM:" or "RCPT TO:" stage. IOW, I believe this violates the RFC. But hey, it's Micrsoft - since when to THEY care about published standards?!? Cheers, James -- joeyh: I was down since midmorning yesterday and pacbell said this morning that AT&T was to blame and almost all of the state was down dunno why people insist the internet can survive a nuclear holocaust when it can't survive a backhoe -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060316/41884628/attachment.bin From jethro.binks at strath.ac.uk Wed Mar 15 22:34:44 2006 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Wed Mar 15 22:34:45 2006 Subject: From line has () In-Reply-To: <200603160928.02767.james@grayonline.id.au> References: <6.2.1.2.2.20060315130655.036d05a8@pop.mail.yahoo.com> <200603160928.02767.james@grayonline.id.au> Message-ID: <20060315223212.C84236@defjam.cc.strath.ac.uk> On Thu, 16 Mar 2006, James Gray wrote: > On Thu, 16 Mar 2006 08:06, hermit921 wrote: > > Just ran into an odd problem. The new Exchange server here seems to > > reject any message with parentheses () in the body From line. It rejects > > as "sender denied", after the entire message has been seen by Exchange, > > as soon as I type in the period. OK, idiot misleading error message, but > > I want to know if this violates any of the smtp RFCs? Or is anyone > > unfortunate enough to know if this is an Exchange configuration setting? > > > > hermit921 > > The way I read RFC822 (and 2822) is that if an MTA is going to reject a > message it should do so as early in the transaction as possible. It > should never accept a message it will not deliver. So, if Exchange is > dropping the message after the final "dot+" due to a malformed or > rejected address, it should have done it during the "MAIL FROM:" or > "RCPT TO:" stage. IOW, I believe this violates the RFC. But hey, it's > Micrsoft - since when to THEY care about published standards?!? That's nonesense, and even if you believed it, it bears no relation to his original question. He said the problem was in the 'body From', which is part of the DATA of the message, which is what is being received right before the +CR. So it couldn't reject it any sooner on that basis, regardless of what the RFC says. It is quite common to defer rejecting an email until right to the end of the SMTP transaction, and required if the reason for rejecting might be related to the actual content of the email, rather than the envelope information. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From ugob at camo-route.com Thu Mar 16 01:19:57 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Thu Mar 16 01:20:11 2006 Subject: To whitelist or not... In-Reply-To: <200603160924.21258.james@grayonline.id.au> References: <200603160924.21258.james@grayonline.id.au> Message-ID: James Gray wrote: > Hi All, > > Here's the situation. We don't do any spam scanning in MailScanner (RBL's > etc) - we handle all spam filtering in SpamAssassin. MailScanner then does > all the virus/attachment/phishing/etc checks. > > Up until recently, we've been adding addresses to the spam.whitelist.rules > to exempt messages from being flagged as spam. We don't deliver > spamassassin reports in the headers so the only thing this did was add to > our rule hit counts in MailWatch. > > I've done an experiment. I've created a rule set for the "Use SpamAssassin" > config option and moved a few of the whitelisted addresses into there with > a "no" action. IOW, the "use.sa.rules" file looks like this: > From: whitelist_add1@domain no > From: whitelist_add2@another-domain no > FromOrTo: default yes > > We get a LOT of mail from these whitelisted addresses (they are > notifications and messages generated by our systems and our customers' > systems) and consequently add a nontrivial amount of load. > > My thinking is that by stopping them from going through SpamAssassin I'll > reduce the load, and still achieve the desired effect of "whitelisting" > them. I still want the virus/attachment/etc checking done, just none of > the spam stuff. It appears to be working as I want but I'm not sure if > I've missed something important. > > Have I missed something? Or is this a reasonable approach? I think it is reasonable. You may be more secure if you'd add one condition to your ruleset: the IP of their server. This way, you reduce the risk of getting spam with a forged address (using your clients). In the end, your users will tell you if it has negative effect on spam-filtering results. You could use only IP's for e-mail generated from your systems. Of course, if one of your systems gets compromised and start sending spam, you have less chance noticing it. There are other means of lowering your load (using rbls, greylisting, etc) but this one may make sense for you and other people. > > Cheers. > > James > From nathan at tcpnetworks.net Thu Mar 16 02:22:10 2006 From: nathan at tcpnetworks.net (Nathan Johanson) Date: Thu Mar 16 02:22:14 2006 Subject: OT: Need Help with Sendmail Issue Message-ID: <0D358E80F09E374486987C6A7E0D0B640E0CE8@exch-mail.in.tcpnetworks.com> Hello all, I apologize for posting a sendmail-only topic to the MailScanner list, but I figured this list has a signifigant amount of collective Sendmail knowledge (and everyone is so helpful). I have a server running RHEL 3.x with the latest versions of MailScanner, SpamAssassin, Clam, etc. It's using the stock RPM of Sendmail version 8.12.11. The system is configured to filter and forward mail to an internal Exchange Server, with corresponding entries in the mailertable and relay-domains files. It properly accepts mail for the domains in question and routes them to the internal system - no problem. The issue lies with mail sent to local accounts, such as root, postmaster, or any other account I create locally. This means that my logwatch mailings, cron logs, etc. --anything addressed to root are not delivered and get dumped in /etc/mail/clientmqueue. Here is an excerpt from the maillogs when I try sending an email to root, using something like "mail root" from the command line. I have already confirmed that the root and postmaster aliases are active... the root alias is redirected to another email account tech@somedomain.org (sending email directly to this account works just fine). I've done this sort of thing on several servers w/out issue. The /var/ partition isn't full and I don't think it's a permissions problem. I have some experience with Sendmail, but I'm not a guru by any stretch. I'm pretty much out of ideas at this point, so I'm hoping one of you may have some suggestions. smtp.somedomain.org is the host name of the server in question. What's particularly odd is that it returns a "DSN: User unknown" when sending to root@localhost. I just don't get it. Thanks in advance! Mar 15 14:36:53 smtp sendmail[2133]: k2FMarkG002133: from=root, size=34, class=0, nrcpts=1, msgid=<200603152 236.k2FMarkG002133@smtp.somedomain.org>, relay=root@localhost Mar 15 14:36:53 smtp sendmail[2135]: k2FMarmW002135: ruleset=check_rcpt, arg1=, relay= smtp.somedomain.org [127.0.0.1], reject=550 5.0.0 ... User Unknown Mar 15 14:36:53 smtp sendmail[2133]: k2FMarkG002133: to=root@localhost, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30034, relay=[127.0.0.1] [127.0.0.1], dsn=5.0.0, stat=User unknown Mar 15 14:36:53 smtp sendmail[2135]: k2FMarmW002135: from=, size=34, class=0, nrcpts=0 , proto=ESMTP, daemon=MTA, relay=smtp.somedomain.org [127.0.0.1] Mar 15 14:36:53 smtp sendmail[2133]: k2FMarkG002133: k2FMarkH002133: DSN: User unknown Mar 15 14:36:53 smtp sendmail[2135]: k2FMarmY002135: ruleset=check_rcpt, arg1=, relay= smtp.somedomain.org [127.0.0.1], reject=550 5.0.0 ... User Unknown Mar 15 14:36:53 smtp sendmail[2133]: k2FMarkH002133: to=root, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31058, relay=[127.0.0.1] [127.0.0.1], dsn=5.0.0, stat=User unknown Mar 15 14:36:53 smtp sendmail[2135]: k2FMarmY002135: from=<>, size=1058, class=0, nrcpts=0, proto=ESMTP, dae mon=MTA, relay=smtp.somedomain.org [127.0.0.1] Mar 15 14:36:53 smtp sendmail[2133]: k2FMarkH002133: k2FMarkI002133: return to sender: User unknown Mar 15 14:36:53 smtp sendmail[2135]: k2FMarma002135: ruleset=check_rcpt, arg1=, relay=smtp.somedomain.org [127.0.0.1], reject=550 5.0.0 ... User Unknown Mar 15 14:36:53 smtp sendmail[2133]: k2FMarkI002133: to=postmaster, delay=00:00:00, xdelay=00:00:00, mailer= relay, pri=32082, relay=[127.0.0.1] [127.0.0.1], dsn=5.0.0, stat=User unknown Mar 15 14:36:53 smtp sendmail[2135]: k2FMarma002135: from=<>, size=2082, class=0, nrcpts=0, proto=ESMTP, dae mon=MTA, relay=smtp.somedomain.org [127.0.0.1] Mar 15 14:36:53 smtp sendmail[2133]: k2FMarkH002133: Losing ./qfk2FMarkH002133: savemail panic Mar 15 14:36:53 smtp sendmail[2133]: k2FMarkH002133: SYSERR(root): savemail: cannot save rejected email anyw here Sincerely - Nathan From alex at nkpanama.com Thu Mar 16 02:53:00 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Mar 16 02:53:06 2006 Subject: OT: Need Help with Sendmail Issue In-Reply-To: <0D358E80F09E374486987C6A7E0D0B640E0CE8@exch-mail.in.tcpnetworks.com> References: <0D358E80F09E374486987C6A7E0D0B640E0CE8@exch-mail.in.tcpnetworks.com> Message-ID: <4418D30C.9050504@nkpanama.com> Do you have root@ and the other bouncing addresses in your mailertable as well? Nathan Johanson wrote: > Exchange Server, with corresponding entries in the mailertable and > relay-domains files. It properly accepts mail for the domains in > > (snip) > Sincerely - Nathan > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From ugob at camo-route.com Thu Mar 16 05:32:45 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Thu Mar 16 05:33:03 2006 Subject: spamassassin timeouts help In-Reply-To: <8D8A77DC1FA09546936E74FC3EEC627A3B1FDE@FREXGENEVA-01.frfr.foxriver.com> References: <8D8A77DC1FA09546936E74FC3EEC627A3B1FDE@FREXGENEVA-01.frfr.foxriver.com> Message-ID: Kosta Lekas wrote: > Hi everyone, > > I would like to figure out how to prevent or minimize spamassassin > timeouts. Problem is I?m not exactly sure what causes it to time out in > the first place (if someone can explain it to me that would be great). I > have 3 MailScanner gateways running on different DMZ?s, MX01, MX02, and > MX03. > http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:performance http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mailscanner http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:spamassassin:timeouts May not help performance, but you should think about upgrading SpamAssassin and ClamAV to the latest version. > 1. MX01 is used primarily for mail archiving relay to IronMountain. I > have an internal MS Exchange server, anything sent or received by any of > my users is archived to archiveaddress@ironmountain.com > ; It is relayed from Exchange > box to MX01 and then to IronMountain?s SMTP servers. MX01 is also a > backup MX listed in my public mx pool with a high weight so I do see a > lot of spammers trying to hit it. This guy processes an average of 2500 > messages a day and 1/80 mails get spamassassin timeouts on this relay. > > > > 2. MX02 is my outgoing (internet bound relay) as well as my primary > incoming mail server listed with the lowest weight in public DNS. This > guy processes an average of 1200 messages a day and 1/190 mails get > spamassassin timeouts on this relay. > > > > 3. MX03 is a backup relay for internetbound and incoming and is listed > in public DNS with a higher weight that MX02 so I do see a lot of > spammers try to hit it. This guy processes only 120 messages a day and > 1/10 mails get spamassassin timeouts on this relay. > > > > What is getting me is the low amount of messages that MX03 is receiving > but yet is having so many spamassassin timeouts. Most of the spam that > gets thru has come from MX03 and from examination of the headers I can > see that spamassassin timed out, but it does catch about 50 a day. Why > so many timeouts on this guy. I have included some log entries at the > end of this email. > > > > On All 3 relays: > > Max Spam List Timeouts = 7 > > Spam List Timeouts History = 10 > > Max SpamAssassin Timeouts = 10 > > SpamAssassin Timeouts History = 30 > > Max Custom Spam Scanner Timeouts = 10 > > MCP Max SpamAssassin Timeouts = 20 > > > > The only thing different on MX03 is that I am using the latest > MailScanner with the feature ?Cache SpamAssassin Results = yes? > > > > Here are the Specs for all three relays as you can see MX02 has the best > hardware, MX03 comes in second and then MX01. > > > > MX01 specs: > > 1 CPU Pentium 3, 1.4GHz, 500MB of ram > > Red Hat Enterprise Linux WS release 4 (Nahant Update 2) > > Perl version 5.008005 (5.8.5) > > MailScanner version 4.42.9 > > postfix-2.1.5-4.2.RHEL4 > > spamassassin-3.0.4-1_25.el4.at (using DCC) > > clamav-0.87-1.2.el4.rf > > > > MX02 specs: > > Dual Xeon, 3.2GHz, 4GB of ram > > Red Hat Enterprise Linux WS release 4 (Nahant Update 2) > > Perl version 5.008005 (5.8.5) > > MailScanner version 4.45.4 > > postfix-2.1.5-4.2.RHEL4 > > spamassassin-3.0.4-1.el4 (using DCC) > > clamav-0.87-1.2.el4.rf > > > > MX03 specs: > > Dual Xeon, 2.8GHz, 2G of ram > > Fedora Core release 4 (Stentz) > > Perl version 5.008006 (5.8.6) > > MailScanner version 4.51.4 > > postfix-2.2.2-2 > > spamassassin-3.0.4-2.fc4 (using DCC, using spamassassin cache feature) > > clamav-0.88-1.fc4 (using clamavmodule) > From craig at csfs.co.za Thu Mar 16 06:11:06 2006 From: craig at csfs.co.za (Craig Retief (CSFS)) Date: Thu Mar 16 06:11:20 2006 Subject: Spamassassin 3.1.1 In-Reply-To: <20060315163751.0A306BB4D@mx.dtiltas.lt> Message-ID: On Wed, 15 Mar 2006 10:58:07 -0500 Stephen Swaney wrote: > Ditto here. It's an easy upgrade from 3.0.1 and I didn't see that any > changes were necessary to the existing configuration but the UPGRADE file > only referred to SpamAssassin 3.0.1. > > The Changes file seem to show many, many "fixes" but I can't find > documentation that parallels Julian's really complete Change Logs :( > > Anyone know of any major improvements or added functionally in 3.1.1? One improvement that I have noticed is that I don't get the DomainKeys perl warning any more when I do the spamassassin lint test. ;) Craig From mailscanner at PDSCC.COM Thu Mar 16 06:59:24 2006 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Thu Mar 16 07:01:00 2006 Subject: mail queue size errors Message-ID: <200603191825.KAA06932@sheridan.sibble.net> Running MS mailscanner-4.49.7-1 on Centos 4.2 with postfix. This was a new box that was built to replace an older 4.2.x version of MS on Mandrake 9.2. I migrated the configuration from the old box and did an upgrade on the new box, however, even though we have no size restrictions on attachements in MailScanner.conf, anything around 10mb or larger is getting bounced. With some testing, I see the following in the logs on the MS machine. Mar 15 22:23:12 mailscan2 postfix/cleanup[23774]: warning: C7D6D14EBEF: queue file size limit exceeded I've checked the list archives at Gmane, but nothing useful found. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From lhaig at haigmail.com Thu Mar 16 07:25:24 2006 From: lhaig at haigmail.com (Lance Haig) Date: Thu Mar 16 07:25:28 2006 Subject: Does this error from debug mean anything? Message-ID: <441912E4.3020501@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I was reading through the performance post earlier and wanted to check my system to see how it performed. so I did the hdparm thing to see if my disk IO was the problem this is the result mailhost:~ # /sbin/hdparm -tT /dev/sda /dev/sda: /dev/sda: Timing cached reads: 4048 MB in 2.00 seconds = 2023.30 MB/sec Timing buffered disk reads: 100 MB in 3.17 seconds = 31.59 MB/sec mailhost:~ # I then setup Mailscanner to run in debug for mailscanner and spamassassin, I watched the message being proccessed and this is the only error I found. Ignore errors about failing to find EOCD signature commit ineffective with AutoCommit enabled at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 35. Commmit ineffective while AutoCommit is on at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 35. I ran a check_Mailscanner and these are the errors I found Use of uninitialized value in hash element at /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received.pm line 320, line 4. Use of uninitialized value in hash element at /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received.pm line 321, line 4. Use of uninitialized value in hash element at /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received.pm line 320, line 4. Use of uninitialized value in hash element at /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received.pm line 321, line 4. Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received.pm line 225, line 4. Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received.pm line 227, line 4. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received.pm line 228, line 4. format error: file is too short at /usr/sbin/MailScanner line 780 commit ineffective with AutoCommit enabled at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 34. Commmit ineffective while AutoCommit is on at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 34. Has this been seen before? Thanks Lance -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEGRLkM4kHBIBZ61gRArfdAJ9mhqZjfvapGMUdXoiKjROgvTRI+gCfcQIP R7ggwRNsysiRsexWr1L8J0k= =7vrY -----END PGP SIGNATURE----- From support-lists at petdoctors.co.uk Thu Mar 16 08:39:32 2006 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Mar 16 08:39:51 2006 Subject: Spamassassin 3.1.1 In-Reply-To: Message-ID: <00a101c648d5$270068d0$04000100@support01> Working OK on three sites, but on one I am now getting: Apart from SpamAssassin, we are running razor and clamAV but none of the other AV/spam tools listed. ***NOTICE***: spamassassin --lint failed. This means that you have an error somwhere in your SpamAssassin configuration. To determine what the problem is, please run 'spamassassin --lint' from a shell and notice the error messages it prints. For more (debug) information, add the -D switch to the command. Usually the problem will be found in local.cf, user_prefs, or some custom rulelset found in /etc/mail/spamassassin. Here are the errors that 'spamassassin --lint' reported: failed to create instance of plugin Mail::SpamAssassin::Plugin::Pyzor: Can't locate object method "register_commands" via package "Mail::SpamAssassin::Conf::Parser" at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/Pyzor.pm line 162. failed to create instance of plugin Mail::SpamAssassin::Plugin::SpamCop: Can't locate object method "register_commands" via package "Mail::SpamAssassin::Conf::Parser" at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/SpamCop.pm line 155. failed to create instance of plugin Mail::SpamAssassin::Plugin::AWL: Can't locate object method "register_commands" via package "Mail::SpamAssassin::Conf::Parser" at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/AWL.pm line 313. failed to create instance of plugin Mail::SpamAssassin::Plugin::AutoLearnThreshold: Can't locate object method "register_commands" via package "Mail::SpamAssassin::Conf::Parser" at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/AutoLearnThreshold.p m line 115. failed to create instance of plugin Mail::SpamAssassin::Plugin::WhiteListSubject: Can't locate object method "register_commands" via package "Mail::SpamAssassin::Conf::Parser" at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/WhiteListSubject.pm line 103. failed to create instance of plugin Mail::SpamAssassin::Plugin::MIMEHeader: Can't locate object method "register_commands" via package "Mail::SpamAssassin::Conf::Parser" at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/MIMEHeader.pm line 142. failed to create instance of plugin Mail::SpamAssassin::Plugin::ReplaceTags: Can't locate object method "register_commands" via package "Mail::SpamAssassin::Conf::Parser" at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/ReplaceTags.pm line 262. configuration file "/usr/share/spamassassin/20_advance_fee.cf" requires version 3.001000 of SpamAssassin, but this is code version 3.000005. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 332. configuration file "/usr/share/spamassassin/20_net_tests.cf" requires version 3.001000 of SpamAssassin, but this is code version 3.000005. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 332. config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@nytimes.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@amazon.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@*.amazon.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@amazon.co.uk config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@*.amazon.co.uk config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@ora.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@*.ora.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@bn.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@mypoints.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@*.mypoints.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@paypal.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@ebay.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@foolsubs.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@match.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@walmart.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@securityfocus.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@mediaunspun.imakenews.net config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@bdcimail.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@silicon.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@newsletter.online.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@enews.buy.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@palm.m0.net config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@handspring.4at1.com invalid rule: NK_SCAM_LOTTO1 Failed to run __ENV_AND_HDR_FROM_MATCH SpamAssassin test, skipping: (Can't locate object method "check_for_matching_env_and_hdr_from" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2341. ) Failed to run USER_IN_DEF_SPF_WL SpamAssassin test, skipping: (Can't locate object method "check_for_def_spf_whitelist_from" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2341. ) Failed to run USER_IN_SPF_WHITELIST SpamAssassin test, skipping: (Can't locate object method "check_for_spf_whitelist_from" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2341. ) lint: 29 issues detected. please rerun with debug enabled for more information. From support-lists at petdoctors.co.uk Thu Mar 16 09:16:47 2006 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Mar 16 09:16:59 2006 Subject: Spamassassin 3.1.1 In-Reply-To: <00a101c648d5$270068d0$04000100@support01> Message-ID: <00ba01c648da$5b3d6b20$04000100@support01> Further to my previous, I have now reinstalled SpamAssassin (and ClamAV) from Julian's package and the new --lint now mentions a typo in one of my rules (extra space!). Fixing this (and reinstalling) has made most of the other errors go away, except for the following: [15709] warn: config: failed to parse line, skipping: razor_config /var/spool/MailScanner/spamassassin This refers to a line in /etc/mail/spamassassin/mailscanner.cf... razor_config /var/spool/MailScanner/spamassassin Yes, we are running razor - at least I installed it about a year ago and I've had no problems since. If I look in /var/spool/MailScanner/spamassassin all I can see is 4 bayes files - is something (now!?) missing? Thoughts anyone? Thanks From martinh at solid-state-logic.com Thu Mar 16 10:00:41 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Mar 16 10:01:09 2006 Subject: Does this error from debug mean anything? In-Reply-To: <441912E4.3020501@haigmail.com> Message-ID: <007001c648e0$7db8e020$3004010a@martinhlaptop> Lance Check the spamassassin config is OK.. spamassassin -D --lint Looks like you may have a syntax error in an SA rule.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Lance Haig > Sent: 16 March 2006 07:25 > To: MailScanner discussion > Subject: Does this error from debug mean anything? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > I was reading through the performance post earlier and wanted to check > my system to see how it performed. > > so I did the hdparm thing to see if my disk IO was the problem this is > the result > > mailhost:~ # /sbin/hdparm -tT /dev/sda /dev/sda: > > /dev/sda: > Timing cached reads: 4048 MB in 2.00 seconds = 2023.30 MB/sec > Timing buffered disk reads: 100 MB in 3.17 seconds = 31.59 MB/sec > mailhost:~ # > > I then setup Mailscanner to run in debug for mailscanner and > spamassassin, I watched the message being proccessed and this is the > only error I found. > > Ignore errors about failing to find EOCD signature > commit ineffective with AutoCommit enabled at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 35. > Commmit ineffective while AutoCommit is on at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 35. > > > I ran a check_Mailscanner and these are the errors I found > > > > Use of uninitialized value in hash element at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 320, line 4. > Use of uninitialized value in hash element at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 321, line 4. > Use of uninitialized value in hash element at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 320, line 4. > Use of uninitialized value in hash element at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 321, line 4. > Use of uninitialized value in pattern match (m//) at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 225, line 4. > Use of uninitialized value in pattern match (m//) at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 227, line 4. > Use of uninitialized value in concatenation (.) or string at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 228, line 4. > > > format error: file is too short > at /usr/sbin/MailScanner line 780 > > > commit ineffective with AutoCommit enabled at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 34. > Commmit ineffective while AutoCommit is on at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 34. > > > > Has this been seen before? > > Thanks > > Lance > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFEGRLkM4kHBIBZ61gRArfdAJ9mhqZjfvapGMUdXoiKjROgvTRI+gCfcQIP > R7ggwRNsysiRsexWr1L8J0k= > =7vrY > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From drew at themarshalls.co.uk Thu Mar 16 11:22:36 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Thu Mar 16 11:22:45 2006 Subject: mail queue size errors In-Reply-To: <200603191825.KAA06932@sheridan.sibble.net> References: <200603191825.KAA06932@sheridan.sibble.net> Message-ID: <40372.194.70.180.170.1142508156.squirrel@webmail.r-bit.net> On Thu, March 16, 2006 06:59, Harondel J. Sibble wrote: > Running MS mailscanner-4.49.7-1 on Centos 4.2 with postfix. This was a > new > box that was built to replace an older 4.2.x version of MS on Mandrake > 9.2. > > I migrated the configuration from the old box and did an upgrade on the > new > box, however, even though we have no size restrictions on attachements in > MailScanner.conf, anything around 10mb or larger is getting bounced. With > some testing, I see the following in the logs on the MS machine. > > Mar 15 22:23:12 mailscan2 postfix/cleanup[23774]: warning: C7D6D14EBEF: > queue > file size limit exceeded This is not a MailScanner error but a Postfix one. Check main.cf for message_size_limit option and adjust accordingly. This happens when a mail server that doesn't understand ESMTP (Where the message size parameter is checked) sends a file. In plain SMTP the message size parameter is not checked and relies on the MTA bouncing the message. I would guess the incoming MTA is an unpatched qMail server. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From linux_spartacus at yahoo.com Thu Mar 16 12:20:21 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Thu Mar 16 12:20:53 2006 Subject: How to whitelist my clietns ? In-Reply-To: <441622D9.4030505@nkpanama.com> Message-ID: <20060316122027.71372.qmail@web35604.mail.mud.yahoo.com> Alex Neuman van der Hans wrote: But seriously... You should really do your homework before asking questions like that. It's like asking "how do I drive the car in reverse?", which makes it appear as if perhaps you shouldn't be behind the wheel. In any case, look to http://wiki.mailscanner.info/posting before posting. The option you're looking for is in mailscanner.conf, and it's called "is definitely not spam =" and it's set to %rules-dir%/spam.whitelist.rules - which means you should edit that file in order to add your client to the "it's definitely not spam" category. It reads by default: "FromOrTo: default no" - which means the default is "no, I don't think of anything at all as 'not spam'" You should add (before this line) a line that says: From: myclient@hisdomain.com yes So that it marks him as not spam... But that brings you the problem of people POSING as him, impersonating his e-mail address. You should *really* look into the REASON why they're being marked as SPAM and correct it, otherwise you're just not doing anything about it. In any case, you should really buy the book or read the FAQ/MAQ/Wiki. I've had all my clients buy the book (there are three, I think, that already sent for it, the others are on their way), and I've heard from one of my clients that already has the book that it's an excellent read. Alex Neuman van der Hans wrote: Sure. Read the part about rulesets in the configuration file. spart cus wrote: Im not really very familiar with this.Can you give me some guidelines? Alex Neuman van der Hans wrote: Use a ruleset. spart cus wrote: hi guys, ive recently noticed that one my clients using the name SysAd on his email client is being detected as spam.How can i manually tell my MS not to tagged this client ? thanks --------------------------------- Yahoo! Travel Find great deals to the top 10 hottest destinations! -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --------------------------------- Yahoo! Travel Find great deals to the top 10 hottest destinations! -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ Alex Neuman van der Hans wrote: Sure. Read the part about rulesets in the configuration file. spart cus wrote: Im not really very familiar with this.Can you give me some guidelines? Alex Neuman van der Hans wrote: Use a ruleset. spart cus wrote: hi guys, ive recently noticed that one my clients using the name SysAd on his email client is being detected as spam.How can i manually tell my MS not to tagged this client ? thanks --------------------------------- Yahoo! Travel Find great deals to the top 10 hottest destinations! -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --------------------------------- Yahoo! Travel Find great deals to the top 10 hottest destinations! -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! thanks for the reply. i already read it and found out that i dont have anything listed on my spam.whitelist.rules here's what i want to do. 1. Allow SysAd sender (From) 2. Deny Sportal.com (From) FromorTo: SysAd yes FromorTo: Sportal.com no FromorTo: default no is this correct ? to check if i understand it correctly thanks. --------------------------------- Yahoo! Travel Find great deals to the top 10 hottest destinations! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060316/c340dcf0/attachment.html From james at grayonline.id.au Thu Mar 16 13:32:02 2006 From: james at grayonline.id.au (James Gray) Date: Thu Mar 16 13:32:31 2006 Subject: From line has () In-Reply-To: <20060315223212.C84236@defjam.cc.strath.ac.uk> References: <6.2.1.2.2.20060315130655.036d05a8@pop.mail.yahoo.com> <200603160928.02767.james@grayonline.id.au> <20060315223212.C84236@defjam.cc.strath.ac.uk> Message-ID: <200603170032.06538.james@grayonline.id.au> On Thu, 16 Mar 2006 09:34, Jethro R Binks wrote: > On Thu, 16 Mar 2006, James Gray wrote: > > On Thu, 16 Mar 2006 08:06, hermit921 wrote: > > > Just ran into an odd problem. The new Exchange server here seems to > > > reject any message with parentheses () in the body From line. It > > > rejects as "sender denied", after the entire message has been seen by > > > Exchange, as soon as I type in the period. OK, idiot misleading > > > error message, but I want to know if this violates any of the smtp > > > RFCs? Or is anyone unfortunate enough to know if this is an Exchange > > > configuration setting? > > > > > > hermit921 > > > > The way I read RFC822 (and 2822) is that if an MTA is going to reject a > > message it should do so as early in the transaction as possible. It > > should never accept a message it will not deliver. So, if Exchange is > > dropping the message after the final "dot+" due to a malformed or > > rejected address, it should have done it during the "MAIL FROM:" or > > "RCPT TO:" stage. IOW, I believe this violates the RFC. But hey, it's > > Micrsoft - since when to THEY care about published standards?!? > > That's nonesense, and even if you believed it, it bears no relation to > his original question. Erm, read RFC2821 specifically section 3.3. (Paraphrasing) Messages should be rejected as soon as possible. However, I did misread to OP's question, and I accept that this, and my earlier comments, have nothing to do with their problem. > He said the problem was in the 'body From', which is part of the DATA of > the message, which is what is being received right before the +CR. > So it couldn't reject it any sooner on that basis, regardless of what the > RFC says. In fact, the RFC says it SHOULDN'T process any actions based on the DATA section until the transaction is terminated with the "." sequence. But that wasn't what I was referring to - I was specifically commenting on the envelope addresses - as I said, my bad; I misread the OP's question. > It is quite common to defer rejecting an email until right to the end of > the SMTP transaction, and required if the reason for rejecting might be > related to the actual content of the email, rather than the envelope > information. Half right. If an MTA is going to reject a message based on the envelope info, it should return an error (5xx) after either the MAIL or RCPT commands (RFC2821). Rejecting based on the body/DATA can ONLY be done after the DATA is terminated with "." (again, RFC2821). Now to answer the OP's question. Sorry, it looks like Exchange actually does something with the "From:" header that is preventing it from accepting a message. This doesn't violate the RFC because the "From:" header is conmtained in the DATA section and Exchange shouldn't do anything until it is properly terminated with the ".". Best bet would be to dig around the support site at MS. Sorry :( Cheers, James -- Due to lack of disk space, this fortune database has been discontinued. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060317/aa517977/attachment.bin From Peter.Bates at lshtm.ac.uk Thu Mar 16 13:56:30 2006 From: Peter.Bates at lshtm.ac.uk (Peter Bates) Date: Thu Mar 16 13:57:00 2006 Subject: Spamassassin 3.1.1 In-Reply-To: <00ba01c648da$5b3d6b20$04000100@support01> References: <00a101c648d5$270068d0$04000100@support01> <00ba01c648da$5b3d6b20$04000100@support01> Message-ID: <44196E8E0200007600003D4D@193.63.251.15> Hello all... > support-lists@petdoctors.co.uk 16/03/06 09:16:47 >>> >[15709] warn: config: failed to parse line, skipping: razor_config >/var/spool/MailScanner/spamassassin >This refers to a line in /etc/mail/spamassassin/mailscanner.cf... >razor_config /var/spool/MailScanner/spamassassin Well, if it's anything like mine (mind you, I haven't updated to SA 3.1.1 yet), I have: razor_config /var/spool/MailScanner/spamassassin/razor/razor-agent.conf i.e. pointing to an actual file, not a directory. That file then contains: razorhome=/var/spool/MailScanner/spamassassin/razor ... which I always thought was a bit odd, but I get no errors from --lint. ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 From Denis.Beauchemin at USherbrooke.ca Thu Mar 16 14:07:00 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Mar 16 14:07:16 2006 Subject: Phishing fraud undetected Message-ID: <44197104.2000108@USherbrooke.ca> Hello all, This morning I came across the following HTML code that was not picked up by MS: > To ensure that your service is not interrupted, > > please update > your account information today > color="#000099"> > href=" https://www.paypal.com/cgi-bin/webscr?cmd=_login-run"> > > > > href="http://lasvegasy.web.lowfathost.com/PayPal-Update/PayPal/update.htm"> > by > > clicking > here. I find it strange that there are 2 in a row but the second one is clearly a phishing attempt. Is it because the URL does not start with www? I'm using MS 4.50.10-1. Thanks! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060316/95a3d3ee/smime.bin From tallett at ocvc.ac.uk Thu Mar 16 14:22:07 2006 From: tallett at ocvc.ac.uk (Trevor Allett) Date: Thu Mar 16 14:22:17 2006 Subject: byes_toks.expireXXX files {OCVC Scanned} Message-ID: <287C63D91CBD264B9C56BB36F7DEF5832C80D1@ox01.occ.local> Hi list, As previously stated I have inherited a pair of MailScanners, the previous admin left. On one of them I have been having a problem with disk space, the problem seems to be the "bayes_toks.expire" files (at /root/.spamassassin/), 5GBs of them. The fix, as I understand it, is; (How do I control the bayes database from growing out of control right now?) Stop MS. Delete all files except bayes_journal, bayes_seen and bayes_toks. Now run "sa-learn --force-expire". ...am I correct? How do I "Stop MS"? and will the Directory fill up again? BTW Thanks for previous help with the DAT files. ------------------------------------ Trevor Allett. IT Services Officer Oxford and Cherwell Valley College Oxfordshire - UK -- Notice: The contents of this message are confidential and may be legally privileged. If you are not the intended recipient any disclosure, copying, printing or distribution of the contents is prohibited and may be unlawful. If you have received this message in error please inform the sender and remove it from your system. Any views or opinions expressed in this message are the responsibility of the originator and do not necessarily reflect those of Oxford and Cherwell Valley College, unless explicitly stated otherwise. This message has been scanned at the Oxford and Cherwell Valley College email gateway using MailScanner (www.mailscanner.info) and is believed to be free of viruses and dangerous content. You are advised, however, to carry out your own checks before opening any attachment(s). From jethro.binks at strath.ac.uk Thu Mar 16 14:26:47 2006 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Thu Mar 16 14:26:49 2006 Subject: From line has () In-Reply-To: <200603170032.06538.james@grayonline.id.au> References: <6.2.1.2.2.20060315130655.036d05a8@pop.mail.yahoo.com> <200603160928.02767.james@grayonline.id.au> <20060315223212.C84236@defjam.cc.strath.ac.uk> <200603170032.06538.james@grayonline.id.au> Message-ID: <20060316140416.R88337@defjam.cc.strath.ac.uk> On Fri, 17 Mar 2006, James Gray wrote: > > > The way I read RFC822 (and 2822) is that if an MTA is going to reject a > > > message it should do so as early in the transaction as possible. It > > > should never accept a message it will not deliver. So, if Exchange is > > > dropping the message after the final "dot+" due to a malformed or > > > rejected address, it should have done it during the "MAIL FROM:" or > > > "RCPT TO:" stage. IOW, I believe this violates the RFC. But hey, it's > > > Micrsoft - since when to THEY care about published standards?!? > > > > That's nonesense, and even if you believed it, it bears no relation to > > his original question. > > Erm, read RFC2821 specifically section 3.3. (Paraphrasing) Messages > should be rejected as soon as possible. However, I did misread to OP's > question, and I accept that this, and my earlier comments, have nothing > to do with their problem. You said "I believe this violates the RFC". It doesn't. The RFC advises that you SHOULD do something a particular way, but does not forbid you from doing it another way if you have strong reasons for doing so, as per the terminology of section 2.3. One of these strong reasons might be that for logging and tracking purposes you want to record more information about the message content. However the RFC does point out, late in that section, "Using a "550 mailbox not found" (or equivalent) reply code after the data are accepted makes it difficult or impossible for the client to determine which recipients failed." Another strong reason would be if your site policy states that you may find some DATA content objectionable (including mangled header content) and reject on that basis: "The DATA command can fail at only two points in the protocol exchange: ... - If the verb is initially accepted and the 354 reply issued, the DATA command should fail only if ... or if the server determines that the message should be rejected for policy or other reasons. " > > It is quite common to defer rejecting an email until right to the end of > > the SMTP transaction, and required if the reason for rejecting might be > > related to the actual content of the email, rather than the envelope > > information. > > Half right. If an MTA is going to reject a message based on the > envelope info, it should return an error (5xx) after either the MAIL or > RCPT commands (RFC2821). It should, but for one reason or another, you may decide you don't want to do it that way. And as I said, it is not uncommon to do so, and the RFC does not forbid it if you have good enough reasons for your own satisfaction (noting the disadvantages the RFC mentions). > Rejecting based on the body/DATA can ONLY be done after the DATA is > terminated with "." (again, RFC2821). Of course. When I said "right to the end of the SMTP transaction", I did in fact mean "at the end of the DATA phase". Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From joshua.hirsh at partnersolutions.ca Thu Mar 16 14:34:13 2006 From: joshua.hirsh at partnersolutions.ca (Joshua Hirsh) Date: Thu Mar 16 14:34:17 2006 Subject: From line has () Message-ID: Hi Hermit.. > Just ran into an odd problem. The new Exchange server here > seems to reject any message with parentheses () in the body From line. All RFC's and finger pointing aside.. Exchange 2003 doesn't do this by default. Check your configuration, specifically at the mailbox restrictions that you may have setup. If you have restrictions set as to who can email certain addresses in your domain, this would cause the same results as your problem. This configuration is found in your user configuration in AD, under 'Exchange General' and 'Delivery Restrictions'. Good luck.. -Joshua From bpumphrey at WoodMacLaw.com Thu Mar 16 14:43:27 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Thu Mar 16 14:43:30 2006 Subject: byes_toks.expireXXX files {OCVC Scanned} Message-ID: <04D932B0071FE34FA63EBB1977B48D15E5D4B4@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Trevor Allett > Sent: Thursday, March 16, 2006 9:22 AM > To: mailscanner@lists.mailscanner.info > Subject: byes_toks.expireXXX files {OCVC Scanned} > > Hi list, > As previously stated I have inherited a pair of MailScanners, the > previous admin left. On one of them I have been having a problem with > disk space, the problem seems to be the "bayes_toks.expire" files (at > /root/.spamassassin/), 5GBs of them. The fix, as I understand it, is; > > (How do I control the bayes database from growing out of control right > now?) > > Stop MS. Delete all files except bayes_journal, bayes_seen and > bayes_toks. Now run "sa-learn --force-expire". > > ...am I correct? How do I "Stop MS"? and will the Directory fill up > again? > > BTW Thanks for previous help with the DAT files. > > ------------------------------------ > Trevor Allett. > IT Services Officer > Oxford and Cherwell Valley College > Oxfordshire - UK > It sounds like you are new to MailScanner as I once was. I too came to a company with a MailScanner machine and had no idea of how it ran or to use it. I seen another post that you did and you were referred to the documentation. There is plenty of documentation and you should read it, but I know that it can get confusing. To answer your question: To stop mailscanner: service MailScanner stop To restart it: service MailScanner restart How do you see if it is working correctly? Get in the habit of typing this every time you restart MailScanner, service MailScanner restart && tail -f /var/log/maillog Since MailScanner logs to the default sendmail log, it is best to check that log to see if MailScanner is giving any errors. It is the best starting point to see what is wrong. The tail command will refresh the log and you can see it in real time. You can look at the log not in real time by: vi /var/log/maillog Search the internet for the various vi commands. Vi will let you edit files and so forth. Not too simple but when you learn the commands it is easy. I think most people recommend another program but vi will work if you want to use it. In the /etc/MailScanner/MailScanner.conf file there is a option that you should change to help these files. Here is what mine is set to (I had this same question in the past). Default was 0 Rebuild Bayes Every = 432000 So to do it.... vi /etc/MailScanner/MailScanner.conf Type "/" to search.. so / Type "Rebuild Bayes" Hit enter This will take you to the setting Hit "i" to insert Use the arrow keys to change the value. Do not use the num pad Hit "esc" when done The to save type ":wq" then hit enter. For humor you can read the following. We had a power failure once. After that no one was getting external email. I remembered that there was a company deskpro 500mhz computer sitting underneath a server that was our exchange server. Oh, I wonder what that machine does. It turned out to be the MailScanner machine. Whewww... Then I started messing with it, screwed it up and had to rebuild it. So started my Linux career, which is barley past newbie even still. Hope that helps. From shuttlebox at gmail.com Thu Mar 16 14:44:05 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 16 14:44:08 2006 Subject: byes_toks.expireXXX files {OCVC Scanned} In-Reply-To: <287C63D91CBD264B9C56BB36F7DEF5832C80D1@ox01.occ.local> References: <287C63D91CBD264B9C56BB36F7DEF5832C80D1@ox01.occ.local> Message-ID: <625385e30603160644y8587e21wddd49ad76a945b6d@mail.gmail.com> On 3/16/06, Trevor Allett wrote: > ...am I correct? How do I "Stop MS"? and will the Directory fill up > again? Are you on some kind of Red Hat derived Linux or something else? You should have scripts in /etc/init.d to control MailScanner. With the Red Hat stuff you can try "service MailScanner stop". Worst case: pkill MailScanner. Do you know what version of MailScanner and related software you have? Maybe you should plan an upgrade to get current. -- /peter From dnsadmin at 1bigthink.com Thu Mar 16 15:33:57 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Thu Mar 16 15:34:14 2006 Subject: Phishing fraud undetected In-Reply-To: <44197104.2000108@USherbrooke.ca> References: <44197104.2000108@USherbrooke.ca> Message-ID: <6.2.3.4.0.20060316103205.05592970@mxt.1bigthink.com> At 09:07 AM 3/16/2006, you wrote: >Hello all, > >This morning I came across the following HTML code that was not >picked up by MS: > >>To ensure that your service is not interrupted, >> >>please update >>your account information today> >>color="#000099">> >>href=" https://www.paypal.com/cgi-bin/webscr?cmd=_login-run"> >> >> > >>href="http://lasvegasy.web.lowfathost.com/PayPal-Update/PayPal/update.htm"> >>by >>clicking >>here. > >I find it strange that there are 2 in a row but the >second one is clearly a phishing attempt. Is it because the URL >does not start with www? > >I'm using MS 4.50.10-1. > >Thanks! > >Denis Hello Denis, Report to http://cgi.clamav.net/sendvirus.cgi They've accepted and incorporated my phishing reports in the past. Cheers, Glenn From prandal at herefordshire.gov.uk Thu Mar 16 16:01:38 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Mar 16 16:06:32 2006 Subject: Phishing fraud undetected Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580BB1A10B@isabella.herefordshire.gov.uk> Steve Basford has a ClamAV phishing database over at http://www.sanesecurity.com/clamav/ Dennis Davis at the University of Bath wrote a script to fetch it - here's my version: ------------------ #!/bin/sh # Shell script to fetch and update Steve Basford's anti-phishing # database. Note this is fetched via HTTP. So we'll need to set a # proxy on machines that don't have direct web access. # # DHD March 2006 set -a # probably not needed. curl=/usr/bin/curl mv=/bin/mv rm=/bin/rm #http_proxy='wwwcache.bath.ac.uk:3128' # Proxy set. #DHD#http_proxy= # No proxy. tmpbase=/tmp tmpdir=$tmpbase/anti-phishing.$$ clamdir=/usr/local/share/clamav phish_db=phish.ndb phish_reference=$clamdir/$phish_db phish_file=http://www.sanesecurity.com/clamav/$phish_db mkdir $tmpdir || exit 1 trap "$rm -rf $tmpdir; trap 0" 0 1 2 15 cd $tmpdir || exit 1 $curl --compressed -x "$http_proxy" -O -R -s \ -z $phish_reference $phish_file if [ -s $tmpdir/$phish_db ] then $mv -f $tmpdir/$phish_db $clamdir service MailScanner reload fi exit 0 ------------------ Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of dnsadmin 1bigthink.com > Sent: 16 March 2006 15:34 > To: MailScanner discussion > Subject: Re: Phishing fraud undetected > > At 09:07 AM 3/16/2006, you wrote: > > >Hello all, > > > >This morning I came across the following HTML code that was > not picked > >up by MS: > > > >>To ensure that your service is not interrupted, > >> > >>please update > >>your account information today >> > >>color="#000099"> >> > >>href=" https://www.paypal.com/cgi-bin/webscr?cmd=_login-run"> > >> > >> >> > >>href="http://lasvegasy.web.lowfathost.com/PayPal-Update/PayP al/update. > >>htm"> by > >>clicking here. > > > >I find it strange that there are 2 in a row but > the second > >one is clearly a phishing attempt. Is it because the URL does not > >start with www? > > > >I'm using MS 4.50.10-1. > > > >Thanks! > > > >Denis > Hello Denis, > > Report to http://cgi.clamav.net/sendvirus.cgi > > They've accepted and incorporated my phishing reports in the past. > > Cheers, > Glenn > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From hermit921 at yahoo.com Thu Mar 16 16:17:23 2006 From: hermit921 at yahoo.com (hermit921) Date: Thu Mar 16 16:16:28 2006 Subject: From line has () In-Reply-To: References: Message-ID: <6.2.1.2.2.20060316081303.01e62008@pop.mail.yahoo.com> At 06:34 AM 3/16/2006, Joshua Hirsh wrote: >Hi Hermit.. > > > > Just ran into an odd problem. The new Exchange server here > > seems to reject any message with parentheses () in the body From line. > > > All RFC's and finger pointing aside.. Exchange 2003 doesn't do this by > default. Check your configuration, specifically at the mailbox > restrictions that you may have setup. If you have restrictions set as to > who can email certain addresses in your domain, this would cause the same > results as your problem. > > This configuration is found in your user configuration in AD, under > 'Exchange General' and 'Delivery Restrictions'. > > Good luck.. > >-Joshua >-- I got a little more information late yesterday. If there is a syntactically valid email address after the (), the message is accepted. So just the presence of () is not the complete criteria. From: brgg works From: (brgg) fails From: (brgg) berby@sony.com works The Exchange people here are trying to figure out if they can do anything about this. hermit921 From lhaig at haigmail.com Thu Mar 16 16:21:22 2006 From: lhaig at haigmail.com (Lance Haig) Date: Thu Mar 16 16:21:28 2006 Subject: Does this error from debug mean anything? In-Reply-To: <007001c648e0$7db8e020$3004010a@martinhlaptop> References: <007001c648e0$7db8e020$3004010a@martinhlaptop> Message-ID: <44199082.5070505@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 great thanks I will have a look Lance Martin Hepworth wrote: > Lance > > Check the spamassassin config is OK.. > > > spamassassin -D --lint > > > Looks like you may have a syntax error in an SA rule.. > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Lance Haig >> Sent: 16 March 2006 07:25 >> To: MailScanner discussion >> Subject: Does this error from debug mean anything? >> > Hi, > > I was reading through the performance post earlier and wanted to check > my system to see how it performed. > > so I did the hdparm thing to see if my disk IO was the problem this is > the result > > mailhost:~ # /sbin/hdparm -tT /dev/sda /dev/sda: > > /dev/sda: > Timing cached reads: 4048 MB in 2.00 seconds = 2023.30 MB/sec > Timing buffered disk reads: 100 MB in 3.17 seconds = 31.59 MB/sec > mailhost:~ # > > I then setup Mailscanner to run in debug for mailscanner and > spamassassin, I watched the message being proccessed and this is the > only error I found. > > Ignore errors about failing to find EOCD signature > commit ineffective with AutoCommit enabled at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 35. > Commmit ineffective while AutoCommit is on at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 35. > > > I ran a check_Mailscanner and these are the errors I found > > > > Use of uninitialized value in hash element at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 320, line 4. > Use of uninitialized value in hash element at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 321, line 4. > Use of uninitialized value in hash element at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 320, line 4. > Use of uninitialized value in hash element at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 321, line 4. > Use of uninitialized value in pattern match (m//) at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 225, line 4. > Use of uninitialized value in pattern match (m//) at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 227, line 4. > Use of uninitialized value in concatenation (.) or string at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 228, line 4. > > > format error: file is too short > at /usr/sbin/MailScanner line 780 > > > commit ineffective with AutoCommit enabled at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 34. > Commmit ineffective while AutoCommit is on at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 34. > > > > Has this been seen before? > > Thanks > > Lance - -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner >> Before posting, read http://wiki.mailscanner.info/posting >> Support MailScanner development - buy the book off the website! > ********************************************************************** > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > ********************************************************************** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEGZCCM4kHBIBZ61gRAmowAJ9J2sZGPZQUTUA/90z6EQ3Wz6mV9QCeO84n coyWlrofz6chvE4q4A4k/bc= =k4+S -----END PGP SIGNATURE----- From mailscanner at pdscc.com Thu Mar 16 18:14:19 2006 From: mailscanner at pdscc.com (Harondel J. Sibble) Date: Thu Mar 16 18:25:35 2006 Subject: mail queue size errors In-Reply-To: <40372.194.70.180.170.1142508156.squirrel@webmail.r-bit.net> References: <200603191825.KAA06932@sheridan.sibble.net> Message-ID: <200603200550.VAA09961@sheridan.sibble.net> On 16 Mar 2006 at 11:22, Drew Marshall wrote: > This is not a MailScanner error but a Postfix one. Check main.cf for > message_size_limit option and adjust accordingly. That doesn't exist in the main.cf on this box :-( Ahh.... the default for that setting is 10mb... I've defined it for 40mb and it seems to be working fine now. Thanks > server that doesn't understand ESMTP (Where the message size parameter is > checked) sends a file. In plain SMTP the message size parameter is not > checked and relies on the MTA bouncing the message. Thanks, I was wondering about that, it's been a while since I looked at the smtp vs. esmtp features. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From ssilva at sgvwater.com Thu Mar 16 18:29:59 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Mar 16 18:31:21 2006 Subject: byes_toks.expireXXX files {OCVC Scanned} In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15E5D4B4@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15E5D4B4@woodenex.woodmaclaw.local> Message-ID: Billy A. Pumphrey spake the following on 3/16/2006 6:43 AM: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Trevor Allett >> Sent: Thursday, March 16, 2006 9:22 AM >> To: mailscanner@lists.mailscanner.info >> Subject: byes_toks.expireXXX files {OCVC Scanned} >> >> Hi list, >> As previously stated I have inherited a pair of MailScanners, the >> previous admin left. On one of them I have been having a problem with >> disk space, the problem seems to be the "bayes_toks.expire" files (at >> /root/.spamassassin/), 5GBs of them. The fix, as I understand it, is; >> >> (How do I control the bayes database from growing out of control right >> now?) >> >> Stop MS. Delete all files except bayes_journal, bayes_seen and >> bayes_toks. Now run "sa-learn --force-expire". >> >> ...am I correct? How do I "Stop MS"? and will the Directory fill up >> again? >> >> BTW Thanks for previous help with the DAT files. >> >> ------------------------------------ >> Trevor Allett. >> IT Services Officer >> Oxford and Cherwell Valley College >> Oxfordshire - UK >> > > It sounds like you are new to MailScanner as I once was. I too came to > a company with a MailScanner machine and had no idea of how it ran or to > use it. > > I seen another post that you did and you were referred to the > documentation. There is plenty of documentation and you should read it, > but I know that it can get confusing. To answer your question: > > To stop mailscanner: > service MailScanner stop > > To restart it: > service MailScanner restart > > How do you see if it is working correctly? > Get in the habit of typing this every time you restart MailScanner, > service MailScanner restart && tail -f /var/log/maillog > > Since MailScanner logs to the default sendmail log, it is best to check > that log to see if MailScanner is giving any errors. It is the best > starting point to see what is wrong. The tail command will refresh the > log and you can see it in real time. You can look at the log not in > real time by: > vi /var/log/maillog less /var/log/maillog is probably a better option here. Wouldn't want to accidentally slime the logfile with something that has the potential to "save". > Search the internet for the various vi commands. Vi will let you edit > files and so forth. Not too simple but when you learn the commands it > is easy. I think most people recommend another program but vi will work > if you want to use it. > > In the /etc/MailScanner/MailScanner.conf file there is a option that you > should change to help these files. Here is what mine is set to (I had > this same question in the past). Default was 0 > Rebuild Bayes Every = 432000 > > So to do it.... > vi /etc/MailScanner/MailScanner.conf > Type "/" to search.. so > / > Type "Rebuild Bayes" > Hit enter > This will take you to the setting > Hit "i" to insert > Use the arrow keys to change the value. Do not use the num pad > Hit "esc" when done > The to save type ":wq" then hit enter. > > > > > > > For humor you can read the following. > We had a power failure once. After that no one was getting external > email. I remembered that there was a company deskpro 500mhz computer > sitting underneath a server that was our exchange server. Oh, I wonder > what that machine does. It turned out to be the MailScanner machine. > Whewww... > > Then I started messing with it, screwed it up and had to rebuild it. So > started my Linux career, which is barley past newbie even still. > > > Hope that helps. From alex at nkpanama.com Thu Mar 16 19:30:56 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Mar 16 19:31:15 2006 Subject: How to whitelist my clietns ? In-Reply-To: <20060316122027.71372.qmail@web35604.mail.mud.yahoo.com> References: <20060316122027.71372.qmail@web35604.mail.mud.yahoo.com> Message-ID: <4419BCF0.7030100@nkpanama.com> It is correct... spart cus wrote: > > here's what i want to do. > 1. Allow SysAd sender (From) > 2. Deny Sportal.com (From) > > FromorTo: SysAd yes > FromorTo: &nb! sp; Sportal.com no > FromorTo: default no > > is this correct ? to check if i understand it correctly > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From combs at magnet.fsu.edu Thu Mar 16 21:24:20 2006 From: combs at magnet.fsu.edu (Tom Combs) Date: Thu Mar 16 21:24:29 2006 Subject: vacation response and spam Message-ID: <4419D784.9040807@magnet.fsu.edu> Hi, I'd like to get my sendmail vacation response not to send a vacation message to spammers, which is usually a bogus address that bounces back. I believe the best way to do this is via procmail: send the email to the user and then if the email is not tagged as spam by MailScanner, run it through the vacation program. My procmail is not up to snuff so I have been struggling to get it to work without success. Is anyone doing something similiar and be will to share your procmail recipe? Thanks, Tom -- Tom Combs E-mail: combs@magnet.fsu.edu National High Magnetic Field Laboratory Phone: (850) 644-1657 1800 E. Paul Dirac Drive Tallahassee, FL 32310 From ka at pacific.net Thu Mar 16 21:50:02 2006 From: ka at pacific.net (Ken A) Date: Thu Mar 16 21:47:10 2006 Subject: MailScannerWebBug is not an image.. Message-ID: <4419DD8A.5000704@pacific.net> In Message.PM: $output .= ' I'm getting a lot of reject messages for files with long names. The few I looked at appear to be those spams with a gif image attached, but it looks like they have quite a few random words as the file name. Any way to work around this without disabling the long file name rule? Report: MailScanner: Very long filenames are good signs of attacks against Microsoft e-mail packages (salesgirl coba.gif) Here is part of the quarantined message Content-Type: image/gif; name="salesgirl cobalt conakry infamy incompressible tool annoyance breadboard coleus orient cistern meg goldstine henbane scurrilous inexperience oldy utah printmake yonkers promenade causal retrofitting come markovian promisc uity anomalous raccoon gravestone dredge duel .gif" From linux_spartacus at yahoo.com Fri Mar 17 01:02:28 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Fri Mar 17 01:02:31 2006 Subject: How to whitelist my clietns ? In-Reply-To: <4419BCF0.7030100@nkpanama.com> Message-ID: <20060317010228.9861.qmail@web35609.mail.mud.yahoo.com> Alex Neuman van der Hans wrote: It is correct... spart cus wrote: > > here's what i want to do. > 1. Allow SysAd sender (From) > 2. Deny Sportal.com (From) > > FromorTo: SysAd yes > FromorTo: &nb! sp; Sportal.com no > FromorTo: default no > > is this correct ? to check if i understand it correctly > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Thanks. It is possible to create a ruleset for whitelist and blacklist. Is this also correct? Is Definitely Not Spam = whitelist.rules Is Definitely Spam = blacklist.rules whitelist.rules FromorTo: SysAd yes FromorTo: default no blacklist.rules FromorTo: Sportal.com yes FromorTo: default no Do i always need to put the last line "FromorTo: default no" on both .rules? Another thing does spamassassin use port 53 ? i only open ports 25,110,80 for my mail server. Im using ClamAv and Spamassassin. many thanks. --------------------------------- Yahoo! Mail Use Photomail to share photos without annoying attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060316/4930c1be/attachment.html From james at grayonline.id.au Fri Mar 17 05:40:24 2006 From: james at grayonline.id.au (James Gray) Date: Fri Mar 17 07:50:27 2006 Subject: From line has () In-Reply-To: <20060316140416.R88337@defjam.cc.strath.ac.uk> References: <6.2.1.2.2.20060315130655.036d05a8@pop.mail.yahoo.com> <200603170032.06538.james@grayonline.id.au> <20060316140416.R88337@defjam.cc.strath.ac.uk> Message-ID: <200603171640.26200.james@grayonline.id.au> On Fri, 17 Mar 2006 01:26 am, Jethro R Binks wrote: > On Fri, 17 Mar 2006, James Gray wrote: > > > > The way I read RFC822 (and 2822) is that if an MTA is going to reject > > > > a message it should do so as early in the transaction as possible. > > > > It should never accept a message it will not deliver. So, if > > > > Exchange is dropping the message after the final "dot+" due to a > > > > malformed or rejected address, it should have done it during the > > > > "MAIL FROM:" or "RCPT TO:" stage. IOW, I believe this violates the > > > > RFC. But hey, it's Micrsoft - since when to THEY care about > > > > published standards?!? > > > > > > That's nonesense, and even if you believed it, it bears no relation to > > > his original question. > > > > Erm, read RFC2821 specifically section 3.3. (Paraphrasing) Messages > > should be rejected as soon as possible. However, I did misread to OP's > > question, and I accept that this, and my earlier comments, have nothing > > to do with their problem. > > You said "I believe this violates the RFC". That comment was based on the (incorrect) interpretation of the OP's question - ie, the problem was in the envelope addresses. After correcting myself, you want to beat me over the head with my first response? Sigh - see below for my last comment. > It doesn't. The RFC advises that you SHOULD do something a particular way, > but does not forbid you from doing it another way if you have strong reasons > for doing so Really? I hadn't realised the RFC's WEREN'T ratified ISO/IETF/IEEE standards. Thanks for pointing that out. BTW, did you know the sky is blue on a clear day? > , as per the terminology of section 2.3. One of these strong reasons might > be that for logging and tracking purposes you want to record more > information about the message content. However the RFC does point out, late > in that section, "Using a "550 mailbox not found" (or equivalent) reply code > after the data are accepted makes it difficult or impossible for the client > to determine which recipients failed." Which is exactly the reason why most MTA's don't behave that way. > Another strong reason would be if your site policy states that you may > find some DATA content objectionable (including mangled header content) > and reject on that basis: Yep. That's what I said. If you want to reject a message based on the body content or (non-envelope) headers, you have to wait until after the DATA section is finished. Just so you don't get confused (and start flaming me again): my initial response regarding Exchange's compliance with the RFC's was based on the incorrect assumption the error was in the envelope "MAIL FROM" but wasn't being rejected until after the DATA section. As you have stated, whilst that behaviour is not "violating" the RFC per se (hard to violate something that isn't necessarily enforceable), it DOES make your MTA quite difficult to communicate with from a client's perspective. Now before you throw my own contradiction back in my face: I used the term "violate" in my original to suggest "does not follow the accepted normal MTA behaviour as outlined in the RFC's". You can't really (literally) "violate" ANY RFC as they are not ratified standards. RFC's may form the basis for an ISO/IETF/IEEE standard, but the RFC itself is not enforceable. Any admin knows that. Having re-read the OP's question, the problem is in the value of the "From:" header, not the "MAIL FROM:" envelope address. The "From:" header lives in the DATA section, so it's obvious that the MTA can't reject based on that header until AFTER the ".". Cheers, James -- "Life sucks, but it's better than the alternative." -- Peter da Silva -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060317/307d33b9/attachment-0001.bin From james at grayonline.id.au Fri Mar 17 05:54:48 2006 From: james at grayonline.id.au (James Gray) Date: Fri Mar 17 07:50:44 2006 Subject: To whitelist or not... In-Reply-To: References: <200603160924.21258.james@grayonline.id.au> Message-ID: <200603171654.50101.james@grayonline.id.au> On Thu, 16 Mar 2006 12:19 pm, Ugo Bellavance wrote: > James Gray wrote: > > I've done an experiment. I've created a rule set for the "Use > > SpamAssassin" config option and moved a few of the whitelisted addresses > > into there with a "no" action. IOW, the "use.sa.rules" file looks like > > this: > > From: whitelist_add1@domain no > > From: whitelist_add2@another-domain no > > FromOrTo: default yes > > I think it is reasonable. > > You may be more secure if you'd add one condition to your ruleset: the > IP of their server. This way, you reduce the risk of getting spam with > a forged address (using your clients). Good point. The problem is some of the senders (like hp.com) have so many MTA's that messages come from, it's going to be hard to include them all. It *would* be the ideal though. I'll definitely do it for our internal machines (all the senders will be in very well defined private subnets). > In the end, your users will tell you if it has negative effect on > spam-filtering results. Indeed they will :) > You could use only IP's for e-mail generated from your systems. Of > course, if one of your systems gets compromised and start sending spam, > you have less chance noticing it. True, but the internal machines are fairly well controlled and firewalled VM's. So if a machine gets 0wn3d (highly unlikely) we can simply hose the image and restore a known working one :) Gotta love virtualisation! > There are other means of lowering your load (using rbls, greylisting, etc) > but this one may make sense for you and other people. Thanks Ugo. I've done a lot of performance tuning on our MailScanner boxes. The problem is that they are running on "superseded" hardware[1] - mail gateways are very non-glamourous boxes that don't attract a lot of budget (mail is merely a tool - not our business focus). We make do, but anything to reduce unnecessary load is a Good Thing(tm). Thanks, James [1] Superseded but still server class kit (not PC's or anything dinky like that). All are P3/Xeon > 1GHz boxes with lots of ECC RAM and SCSI drives on Gigabit links. I'd really like some Sun or Opteron kit though :) -- I've Been Moved! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060317/99bd0336/attachment.bin From thomas.zajic at rockstarvienna.com Fri Mar 17 08:28:38 2006 From: thomas.zajic at rockstarvienna.com (Thomas Zajic) Date: Fri Mar 17 08:28:56 2006 Subject: Free versions of milter-sender and milter-ahead? Message-ID: <20060317082838.GA11919@thomas.rockstarvienna.local> Hi, I'm looking for free versions/clones/workalikes of SnertSoft's milter-sender and milter-ahead. While I certainly don't have a problem with commerical products and/or shelling out 340 ? for those milter site licenses for our MailScanner installation at work, I'd prefer free (beer & speech) solutions for my home setup. SnertSoft's download page[1] doesn't seem to provide free home/personal versions of milter-sender and milter-ahead. [1] http://www.snertsoft.com/download.php The only thing I came up with so far is Spamilter[2], which seems to include something resembling milter-sender. The Python Milters project[3] doesn't seem to have any appropriate milter modules for this at all. [2] http://www.wanlink.com/spamilter/ [3] http://www.bmsi.com/python/milter.html Given that other free MTAs like Exim include this out of the box (it's called sender/recipient callout[4] there), I'm surprised about the lack of freely available Sendmail solutions. Or am I missing something here? :-) [4] http://www.exim.org/exim-html-4.20/doc/html/spec_37.html#SECT37.13 Thanks in advance for any hints/pointers/advice! -- ----------------------------- Thomas Zajic senior system administrator ROCKSTAR VIENNA www.rockstarvienna.com *** Please be aware that all content of this email *** *** plus its attachments are strictly confidential *** From matt at coders.co.uk Fri Mar 17 08:33:47 2006 From: matt at coders.co.uk (Matt Hampton) Date: Fri Mar 17 08:33:42 2006 Subject: Free versions of milter-sender and milter-ahead? In-Reply-To: <20060317082838.GA11919@thomas.rockstarvienna.local> References: <20060317082838.GA11919@thomas.rockstarvienna.local> Message-ID: <441A746B.1000604@coders.co.uk> Thomas Zajic wrote: > Hi, > > I'm looking for free versions/clones/workalikes of SnertSoft's > milter-sender and milter-ahead. While I certainly don't have a > problem with commerical products and/or shelling out 340 ? for > those milter site licenses for our MailScanner installation at > work, I'd prefer free (beer & speech) solutions for my home > setup. SnertSoft's download page[1] doesn't seem to provide > free home/personal versions of milter-sender and milter-ahead. Try googling for mailfromd - free version of milter-sender. matt From jethro.binks at strath.ac.uk Fri Mar 17 08:48:41 2006 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Fri Mar 17 08:48:46 2006 Subject: From line has () In-Reply-To: <200603171640.26200.james@grayonline.id.au> References: <6.2.1.2.2.20060315130655.036d05a8@pop.mail.yahoo.com> <200603170032.06538.james@grayonline.id.au> <20060316140416.R88337@defjam.cc.strath.ac.uk> <200603171640.26200.james@grayonline.id.au> Message-ID: <20060317082348.L88337@defjam.cc.strath.ac.uk> On Fri, 17 Mar 2006, James Gray wrote: > > It doesn't. The RFC advises that you SHOULD do something a particular > > way, but does not forbid you from doing it another way if you have > > strong reasons for doing so > > > Really? I hadn't realised the RFC's WEREN'T ratified ISO/IETF/IEEE standards. > Thanks for pointing that out. BTW, did you know the sky is blue on a clear > day? > We are only speaking of the context of the RFCs, and the Terminology of section 2.3 employed by them. MAY SHOULD MUST etc all have particular meanings, and it is that context I say 'forbid'. SHOULD in the RFC means "you really should do this, unless you've really thought about what will happen". Not "the IEEE will spank your ass if you don't". Amusing though that might be. In summary, I use the term 'forbid' here in the same context as you use the term 'violate', below. > Just so you don't get confused (and start flaming me again): my initial > response regarding Exchange's compliance with the RFC's was based on the > incorrect assumption the error was in the envelope "MAIL FROM" but > wasn't being rejected until after the DATA section. As you have stated, > whilst that behaviour is not "violating" the RFC per se (hard to violate > something that isn't necessarily enforceable), it DOES make your MTA > quite difficult to communicate with from a client's perspective. > > Now before you throw my own contradiction back in my face: I used > theterm "violate" in my original to suggest "does not follow the > accepted normal MTA behaviour as outlined in the RFC's". You can't > really (literally) "violate" ANY RFC as they are not ratified standards. > RFC's may form the basis for an ISO/IETF/IEEE standard, but the RFC > itself is not enforceable. Any admin knows that. I am not flaming, I am clarifying and correcting (but some might say not enough clarity of my own). If some guidance tells you should do something, and you claim to be compliant with it, and then do something it tells you not to do, then it's a violation, regardless of how enforceable it is! If the RFC one claims to follow says MUST NOT and one does, then it has been violated. Not that there is much anyone can do about it, except to tell you so and not exchange mail with you (in this case). Hence the existence of DNSBLs that list 'non-RFC compliance' of various sorts (to bring this vaguely back to relevance to this list). Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From alex at nkpanama.com Fri Mar 17 13:40:22 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Mar 17 13:40:34 2006 Subject: MailScannerWebBug is not an image.. In-Reply-To: <4419DD8A.5000704@pacific.net> References: <4419DD8A.5000704@pacific.net> Message-ID: <441ABC46.6060305@nkpanama.com> IANAP but... How about ? Ken A wrote: > In Message.PM: > > $output .= ' > Some users read mail via a webmail interface. > And so Apache logs fill up with 404's looking for MailScannerWebBug.. :-\ > > Is there a simple solution to this problem? > > Too bad there's not a blank.gif built into browsers and email clients > that can be used for this purpose? We have an about:blank for web pages, > so why not a blank.gif.. All these web developers across the planet > wasting time creating small blank gif images.. > > Any thoughts? > > Thanks, > Ken A > Pacific.Net > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From alex at nkpanama.com Fri Mar 17 13:45:26 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Mar 17 13:45:34 2006 Subject: How to whitelist my clietns ? In-Reply-To: <20060317010228.9861.qmail@web35609.mail.mud.yahoo.com> References: <20060317010228.9861.qmail@web35609.mail.mud.yahoo.com> Message-ID: <441ABD76.9060606@nkpanama.com> Yes. It helps if you read it out loud, as if you were explaining it to someone else. "If so and so, YES it's whitelisted. If it doesn't hit any rules, NO it's not whitelisted." - and the blacklist reads: "If it's so and so, then YES it's blacklisted, but if it doesn't hit any rules, then NO it isn't blacklisted." spart cus wrote: > > > */Alex Neuman van der Hans /* wrote: > > It is correct... > > spart cus wrote: > > > > here's what i want to do. > > 1. Allow SysAd sender (From) > > 2. Deny Sportal.com (From) > > > > FromorTo: SysAd yes > > FromorTo: &nb! sp; Sportal.com no > > FromorTo: default no > > > > is this correct ? to check if i understand it correctly > > > > -- > > Alex Neuman van der Hans > N&K Technology Consultants > Tel. +507 214-9002 - http://nkpanama.com/ > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the websi! te! > > Thanks. It is possible to create a ruleset for whitelist and > blacklist. Is this also correct? > > Is Definitely Not Spam = whitelist.rules > Is Definitely Spam = blacklist.rules > > whitelist.rules > FromorTo: SysAd yes > FromorTo: default no > > blacklist.rules > FromorTo: Sportal.com yes > FromorTo: default no > > Do i always need to put the last line "FromorTo: default > no" on both .rules? > > Another thing does spamassassin use port 53 ? i only open ports > 25,110,80 for my mail server. Im using ClamAv and Spamassassin. > > many thanks. > > ------------------------------------------------------------------------ > Yahoo! Mail > Use Photomail > > to share photos without annoying attachments. -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060317/c4b2f1e5/attachment.html From root at doctor.nl2k.ab.ca Fri Mar 17 14:19:23 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Fri Mar 17 14:20:10 2006 Subject: Free versions of milter-sender and milter-ahead? In-Reply-To: <441A746B.1000604@coders.co.uk> References: <20060317082838.GA11919@thomas.rockstarvienna.local> <441A746B.1000604@coders.co.uk> Message-ID: <20060317141923.GA346@doctor.nl2k.ab.ca> On Fri, Mar 17, 2006 at 08:33:47AM +0000, Matt Hampton wrote: > Thomas Zajic wrote: > > Hi, > > > > I'm looking for free versions/clones/workalikes of SnertSoft's > > milter-sender and milter-ahead. While I certainly don't have a > > problem with commerical products and/or shelling out 340 ??? for > > those milter site licenses for our MailScanner installation at > > work, I'd prefer free (beer & speech) solutions for my home > > setup. SnertSoft's download page[1] doesn't seem to provide > > free home/personal versions of milter-sender and milter-ahead. > > Try googling for mailfromd - free version of milter-sender. > URL: http://puszcza.gnu.org.ua/projects/mailfromd/ > matt > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From richard.siddall at elirion.net Fri Mar 17 14:26:56 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Fri Mar 17 14:27:18 2006 Subject: MailScannerWebBug is not an image.. In-Reply-To: <441ABC46.6060305@nkpanama.com> References: <4419DD8A.5000704@pacific.net> <441ABC46.6060305@nkpanama.com> Message-ID: <441AC730.1060706@elirion.net> Alex Neuman van der Hans wrote: > IANAP but... > > How about ? > How about a 1x1 image attached to the message? Probably hard to implement if the message is text/html with no MIME boundaries. Richard. From Mailscanner at mailing.kaufland-informationssysteme.com Fri Mar 17 15:29:57 2006 From: Mailscanner at mailing.kaufland-informationssysteme.com (Matthias Sutter) Date: Fri Mar 17 15:30:36 2006 Subject: Split the mails Message-ID: <441AD5F5.7040200@mailing.kaufland-informationssysteme.com> I make several Spam actions for different users. But if a mail contains several receiver only the first rule work. Now is it possible to split into several mails for each receiver? Or is there an other - may cooler way? Matthias From thomas.zajic at rockstarvienna.com Fri Mar 17 15:48:23 2006 From: thomas.zajic at rockstarvienna.com (Thomas Zajic) Date: Fri Mar 17 15:48:30 2006 Subject: Free versions of milter-sender and milter-ahead? In-Reply-To: <441A746B.1000604@coders.co.uk> References: <20060317082838.GA11919@thomas.rockstarvienna.local> <441A746B.1000604@coders.co.uk> Message-ID: <20060317154822.GC13532@thomas.rockstarvienna.local> * Matt Hampton , 17/03/2006, 08:33 > Try googling for mailfromd - free version of milter-sender. Thanks, looks good - now let's see if I can get it to do what I want. :-) -- ----------------------------- Thomas Zajic senior system administrator ROCKSTAR VIENNA www.rockstarvienna.com *** Please be aware that all content of this email *** *** plus its attachments are strictly confidential *** From thomas.zajic at rockstarvienna.com Fri Mar 17 15:49:14 2006 From: thomas.zajic at rockstarvienna.com (Thomas Zajic) Date: Fri Mar 17 15:49:54 2006 Subject: Free versions of milter-sender and milter-ahead? In-Reply-To: <20060317141923.GA346@doctor.nl2k.ab.ca> References: <20060317082838.GA11919@thomas.rockstarvienna.local> <441A746B.1000604@coders.co.uk> <20060317141923.GA346@doctor.nl2k.ab.ca> Message-ID: <20060317154914.GD13532@thomas.rockstarvienna.local> * Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem , 17/03/2006, 07:19 > URL: http://puszcza.gnu.org.ua/projects/mailfromd/ Thanks, found it already! Just didn't have time to reply before ... -- ----------------------------- Thomas Zajic senior system administrator ROCKSTAR VIENNA www.rockstarvienna.com *** Please be aware that all content of this email *** *** plus its attachments are strictly confidential *** From martinh at solid-state-logic.com Fri Mar 17 15:51:50 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Mar 17 15:51:58 2006 Subject: Split the mails In-Reply-To: <441AD5F5.7040200@mailing.kaufland-informationssysteme.com> Message-ID: <000101c649da$b4b09f50$3004010a@martinhlaptop> Matthias Only possible if you're running sendmail or exim. Basically you have to get the MTa to split the 1 email with many recipients into many emails with 1 recipient. There's instructions on how to do this for sendmail and exim in this file... http://www.fsl.com/support/QuarantineReport.tar.gz -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Matthias Sutter > Sent: 17 March 2006 15:30 > To: MailScanner discussion > Subject: Split the mails > > I make several Spam actions for different users. > But if a mail contains several receiver only the first rule work. > > Now is it possible to split into several mails for each receiver? > > Or is there an other - may cooler way? > > Matthias > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From bpumphrey at WoodMacLaw.com Fri Mar 17 16:01:38 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Fri Mar 17 16:01:41 2006 Subject: By what means do you backup your mailscanner things? Message-ID: <04D932B0071FE34FA63EBB1977B48D15EBA466@woodenex.woodmaclaw.local> I am looking at how to backup the files. Here is what I have in mind, and I am positive that is it not the best and easiest way. Here is how to backup the MailScanner machine to /home/bpumphrey/backup. 1. Delete the backup folder rm -r -f /home/bpumphrey/backup 1) Make the backup folder mkdir /home/bpumphrey/backup 2) Folder - /etc/mail cp -R -f /etc/mail /home/bpumphrey/backup 3) Folder - /etc/mailScanner cp -R -f /etc/MailScanner /home/bpumphrey/backup 4) Database - mailscanner mysqldump mailscanner > /home/bpumphrey/backup/mailscanner.txt 5) .fetchmail stuff cp /home/spam/.fetchmailrc /home/bpumphrey/backup 6) Quarantine Directory tar cf /home/bpumphrey/backup/quarantine.tar /var/spool/MailScanner/quarantine or cp -r /var/spool/MailScanner/quarantine /home/bpumphrey/backup/quarantine 7) Tar the file tar cf /home/bpumphrey/WoodenMS2.Backup.tar /home/bpumphrey/backup 8) FTP the file to another machine From ka at pacific.net Fri Mar 17 17:07:51 2006 From: ka at pacific.net (Ken A) Date: Fri Mar 17 17:04:56 2006 Subject: By what means do you backup your mailscanner things? In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15EBA466@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15EBA466@woodenex.woodmaclaw.local> Message-ID: <441AECE7.9010506@pacific.net> rsync is a nice tool for backup purposes. It saves time and bandwidth and has lots of cool switches for backup jobs like this. Our backup jobs all run from one server and look like this: day=`date +"%u"` outpath="/backup/daily/$day" limit="--bwlimit=1500" # mailscanner box server="mailscannerbox" paths="/etc/mail /etc/MailScanner /var/spool/rbldnsd /usr/local/src" for path in $paths; do rsync -az --timeout=240 --log-format="%f %l" --delete $limit \ $server:/$path $outpath/$server; done; # other server server="otherbox" .... The backup box is loaded with disk space and is secure behind a firewall, since the box has to have ssh keys to access the other boxes as root. The advantage is that all file transfers are encrypted and this centralizes all the backup jobs into a few scripts on one box. Ken Billy A. Pumphrey wrote: > I am looking at how to backup the files. Here is what I have in mind, > and I am positive that is it not the best and easiest way. > > Here is how to backup the MailScanner machine to /home/bpumphrey/backup. > > 1. Delete the backup folder > rm -r -f /home/bpumphrey/backup > > 1) Make the backup folder > mkdir /home/bpumphrey/backup > > 2) Folder - /etc/mail > cp -R -f /etc/mail /home/bpumphrey/backup > > 3) Folder - /etc/mailScanner > cp -R -f /etc/MailScanner /home/bpumphrey/backup > > 4) Database - mailscanner > mysqldump mailscanner > /home/bpumphrey/backup/mailscanner.txt > > 5) .fetchmail stuff > cp /home/spam/.fetchmailrc /home/bpumphrey/backup > > 6) Quarantine Directory > tar cf /home/bpumphrey/backup/quarantine.tar > /var/spool/MailScanner/quarantine > or > cp -r /var/spool/MailScanner/quarantine > /home/bpumphrey/backup/quarantine > > 7) Tar the file > tar cf /home/bpumphrey/WoodenMS2.Backup.tar /home/bpumphrey/backup > > 8) FTP the file to another machine From ssilva at sgvwater.com Fri Mar 17 17:51:57 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 17 17:52:22 2006 Subject: To whitelist or not... In-Reply-To: <200603171654.50101.james@grayonline.id.au> References: <200603160924.21258.james@grayonline.id.au> <200603171654.50101.james@grayonline.id.au> Message-ID: James Gray spake the following on 3/16/2006 9:54 PM: > On Thu, 16 Mar 2006 12:19 pm, Ugo Bellavance wrote: >> James Gray wrote: >>> I've done an experiment. I've created a rule set for the "Use >>> SpamAssassin" config option and moved a few of the whitelisted addresses >>> into there with a "no" action. IOW, the "use.sa.rules" file looks like >>> this: >>> From: whitelist_add1@domain no >>> From: whitelist_add2@another-domain no >>> FromOrTo: default yes >> I think it is reasonable. >> >> You may be more secure if you'd add one condition to your ruleset: the >> IP of their server. This way, you reduce the risk of getting spam with >> a forged address (using your clients). > > Good point. The problem is some of the senders (like hp.com) have so many > MTA's that messages come from, it's going to be hard to include them all. It > *would* be the ideal though. I'll definitely do it for our internal machines > (all the senders will be in very well defined private subnets). > >> In the end, your users will tell you if it has negative effect on >> spam-filtering results. > > Indeed they will :) > >> You could use only IP's for e-mail generated from your systems. Of >> course, if one of your systems gets compromised and start sending spam, >> you have less chance noticing it. > > True, but the internal machines are fairly well controlled and firewalled > VM's. So if a machine gets 0wn3d (highly unlikely) we can simply hose the > image and restore a known working one :) Gotta love virtualisation! > >> There are other means of lowering your load (using rbls, greylisting, etc) >> but this one may make sense for you and other people. > > Thanks Ugo. I've done a lot of performance tuning on our MailScanner boxes. > The problem is that they are running on "superseded" hardware[1] - mail > gateways are very non-glamourous boxes that don't attract a lot of budget > (mail is merely a tool - not our business focus). We make do, but anything > to reduce unnecessary load is a Good Thing(tm). > > Thanks, > > James > [1] Superseded but still server class kit (not PC's or anything dinky like > that). All are P3/Xeon > 1GHz boxes with lots of ECC RAM and SCSI drives on > Gigabit links. I'd really like some Sun or Opteron kit though :) > Too bad there isn't an option to whitelist by domain name IF the mail comes from proper MX servers, or valid SPF records. IE ... From: hp.com and valid_mx no or something like that. From steve.swaney at fsl.com Fri Mar 17 18:32:36 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Fri Mar 17 18:30:39 2006 Subject: By what means do you backup your mailscanner things? In-Reply-To: <441AECE7.9010506@pacific.net> Message-ID: <037c01c649f1$2a3d6350$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ken A > Sent: Friday, March 17, 2006 12:08 PM > To: MailScanner discussion > Subject: Re: By what means do you backup your mailscanner things? > > rsync is a nice tool for backup purposes. It saves time and bandwidth > and has lots of cool switches for backup jobs like this. Our backup jobs > all run from one server and look like this: > > day=`date +"%u"` > outpath="/backup/daily/$day" > limit="--bwlimit=1500" > > # mailscanner box > server="mailscannerbox" > paths="/etc/mail /etc/MailScanner /var/spool/rbldnsd /usr/local/src" > for path in $paths; > do rsync -az --timeout=240 --log-format="%f %l" --delete $limit \ > $server:/$path $outpath/$server; > done; > > # other server > server="otherbox" > .... > > > The backup box is loaded with disk space and is secure behind a > firewall, since the box has to have ssh keys to access the other boxes > as root. The advantage is that all file transfers are encrypted and this > centralizes all the backup jobs into a few scripts on one box. > > Ken > And can be very secure when used with keychains: http://www.gentoo.org/proj/en/keychain/index.xml Also see http://www-128.ibm.com/developerworks/library/l-keyc2/ Just setup keychains between the systems and then add rsync -az -e --timeout=240 --log-format="%f %l" --delete $limit Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From paul at welshfamily.com Fri Mar 17 23:08:43 2006 From: paul at welshfamily.com (Paul Welsh) Date: Fri Mar 17 23:11:40 2006 Subject: Default MTA for various distros In-Reply-To: <1137114165.20488.14.camel@localhost.localdomain> Message-ID: <200603172308.k2HN8ltS029547@mail.espmail.net> I'm shortly to buid a mail server that will be housed in an office and protected by a separate firewall. Once again, I have to choose which distro to go with. It boils down to CentOS or Debian because security patches will be available for these for the longest time (CentOS 4 till Feb 2012 and for Debian "about one year after the next stable distribution has been released"). OpenSUSE will be updated for 2 years. CentOS is therefore my preferred choice. I'm pretty sure that Debian uses Exim as its default MTA. CentOS uses, I believe, Sendmail but also has Postfix and Exim installed. SUSE uses Postfix by default. RH9 is the distro I have most experience of, though I am in the process of configuring CentOS running Exim (it comes with the DirectAdmin control panel) and it hasn't been too much of a headache so far. However, from my experience with MailScanner and Exim, I gained the strong impression that MailScanner's "default" MTA is Sendmail. So, when all's said and done I think CentOS + Sendmail is my favoured combination. Anyone think that's a mistake? From steve.swaney at fsl.com Fri Mar 17 23:35:17 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Fri Mar 17 23:33:19 2006 Subject: Default MTA for various distros In-Reply-To: <200603172308.k2HN8ltS029547@mail.espmail.net> Message-ID: <048901c64a1b$72d7de40$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Paul Welsh > Sent: Friday, March 17, 2006 6:09 PM > To: 'MailScanner discussion' > Subject: Default MTA for various distros > > I'm shortly to buid a mail server that will be housed in an office and > protected by a separate firewall. Once again, I have to choose which > distro > to go with. It boils down to CentOS or Debian because security patches > will > be available for these for the longest time (CentOS 4 till Feb 2012 and > for > Debian "about one year after the next stable distribution has been > released"). OpenSUSE will be updated for 2 years. CentOS is therefore my > preferred choice. > > I'm pretty sure that Debian uses Exim as its default MTA. CentOS uses, I > believe, Sendmail but also has Postfix and Exim installed. SUSE uses > Postfix by default. > > RH9 is the distro I have most experience of, though I am in the process of > configuring CentOS running Exim (it comes with the DirectAdmin control > panel) and it hasn't been too much of a headache so far. > > However, from my experience with MailScanner and Exim, I gained the strong > impression that MailScanner's "default" MTA is Sendmail. > > So, when all's said and done I think CentOS + Sendmail is my favoured > combination. Anyone think that's a mistake? > Paul, The "right" distro is the one you're most comfortable with. We use primarily CentOS and sendmail and have no problems. We like sendmail because we use milters very effectively. We're doing some testing on various milters now that we hope to be able to share with the list as soon as we're done testing. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From ka at pacific.net Sat Mar 18 00:48:50 2006 From: ka at pacific.net (Ken A) Date: Sat Mar 18 00:45:54 2006 Subject: By what means do you backup your mailscanner things? In-Reply-To: <037c01c649f1$2a3d6350$287ba8c0@office.fsl> References: <037c01c649f1$2a3d6350$287ba8c0@office.fsl> Message-ID: <441B58F2.6060805@pacific.net> Stephen Swaney wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Ken A >> Sent: Friday, March 17, 2006 12:08 PM >> To: MailScanner discussion >> Subject: Re: By what means do you backup your mailscanner things? >> >> rsync is a nice tool for backup purposes. It saves time and bandwidth >> and has lots of cool switches for backup jobs like this. Our backup jobs >> all run from one server and look like this: >> >> day=`date +"%u"` >> outpath="/backup/daily/$day" >> limit="--bwlimit=1500" >> >> # mailscanner box >> server="mailscannerbox" >> paths="/etc/mail /etc/MailScanner /var/spool/rbldnsd /usr/local/src" >> for path in $paths; >> do rsync -az --timeout=240 --log-format="%f %l" --delete $limit \ >> $server:/$path $outpath/$server; >> done; >> >> # other server >> server="otherbox" >> .... >> >> >> The backup box is loaded with disk space and is secure behind a >> firewall, since the box has to have ssh keys to access the other boxes >> as root. The advantage is that all file transfers are encrypted and this >> centralizes all the backup jobs into a few scripts on one box. >> >> Ken >> > > And can be very secure when used with keychains: > http://www.gentoo.org/proj/en/keychain/index.xml > > Also see http://www-128.ibm.com/developerworks/library/l-keyc2/ That's good stuff! Thanks, Ken A Pacific.Net > Just setup keychains between the systems and then add > > rsync -az -e --timeout=240 --log-format="%f %l" --delete $limit > > Steve > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > From john at jolet.net Sat Mar 18 02:50:21 2006 From: john at jolet.net (John Jolet) Date: Sat Mar 18 02:50:27 2006 Subject: Default MTA for various distros In-Reply-To: <048901c64a1b$72d7de40$287ba8c0@office.fsl> References: <048901c64a1b$72d7de40$287ba8c0@office.fsl> Message-ID: <03D09D57-D63A-4434-98B7-896DDD0B4018@jolet.net> > Paul, > > The "right" distro is the one you're most comfortable with. > > We use primarily CentOS and sendmail and have no problems. We like > sendmail > because we use milters very effectively. We're doing some testing > on various > milters now that we hope to be able to share with the list as soon > as we're > done testing. and I prefer gentoo with postfix. I find the configuration of sendmail unnecessarily byzantine. I started on sendmail years ago and fled to postfix at the first opportunity. I don't run mailscanner in production yet, but my co-worker has run it quite well with postfix. I think mta is a more critical choice for you than distro. everyone is going to support sendmail and exim and postfix. (btw, we're switching from exim to postfix on most of our production boxes). Of course, as the quote above says.....the right distro is the one you're most comfortable with. Most of them have both pros and cons...which is why there are so many :) From dmehler26 at woh.rr.com Sat Mar 18 06:47:52 2006 From: dmehler26 at woh.rr.com (Dave) Date: Sat Mar 18 06:57:16 2006 Subject: CentOS4 MailScanner virtual users and webmail solutions References: <4410ED2F.90001@niit.edu.pk> Message-ID: <001101c64a57$e1b518f0$0200a8c0@satellite> Hello, First of all thank you greatly for the rpm of MailScanner it installed just fine on a CentOS4.x server. We've got an old sendmail box running on fc2 that we're going to be upgrading to postfix running on CentOS4. We host literally hundreds of domains, some with a single user others with multiple users. Currently our sendmail setup has each user with a Unix account, needless to say our password files are huge. We don't have a lot of overlap between usernames, i.e. we don't have two user1 users so currently that isn't an issue. I'm wondering given our setup, which would be better virtual alias or virtual mailbox domains? I'm leaning toward virtual mailbox, but would appreciate some practical experiences. In addition, a majority of our user's either get their mail via pop, i think now is the good time to add authenticated smtp with tls for this, and others prefer a webmail solution. We use usermin, (I did not set that up) and i want to move away from this. I'm thinking squirrelmail, but am not sure if it'll work with our virtual mailbox domains. Finally we'll be adding a web control panel so user's can administer more of their own accounts, plesk i was last told. I'm looking for any compatibility issues i might encounter with all this, any practical user experiences with this or similar setups, and any alternative webmail or setups to consider. I am particularly nervous about moving the customers away from sendmail, as i don't know it at all and not sure how it's set up, though i'll be relieved when it is done. We're also doing MailScanner and antispam and antivirus, i'd prefer to stick with rpms as much as possible to keep consistency with packages. Thanks a lot. Dave. From drew at themarshalls.co.uk Sat Mar 18 11:22:39 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Sat Mar 18 11:22:49 2006 Subject: CentOS4 MailScanner virtual users and webmail solutions In-Reply-To: <001101c64a57$e1b518f0$0200a8c0@satellite> References: <4410ED2F.90001@niit.edu.pk> <001101c64a57$e1b518f0$0200a8c0@satellite> Message-ID: <3F014E7F-5B85-48D9-9D0B-AABFE4C02778@themarshalls.co.uk> On 18 Mar 2006, at 06:47, Dave wrote: > Hello, > First of all thank you greatly for the rpm of MailScanner it > installed just fine on a CentOS4.x server. > We've got an old sendmail box running on fc2 that we're going to be > upgrading to postfix running on CentOS4. We host literally hundreds of > domains, some with a single user others with multiple users. > Currently our > sendmail setup has each user with a Unix account, needless to say our > password files are huge. We don't have a lot of overlap between > usernames, > i.e. we don't have two user1 users so currently that isn't an > issue. I'm > wondering given our setup, which would be better virtual alias or > virtual > mailbox domains? > I'm leaning toward virtual mailbox, but would appreciate > some practical experiences. It all depends if you want Postfix to deliver the mail locally or forward it to another box for POP/ IMAP collection. If Postfix is doing the delivery then it's virtual mailboxes, if not then aliases. The difference is (Or should be!) in the map table mailboxes looks like user@domain /domain/user(/) the trainling slash depends if you are using maildir or traditional unix mailboxes. > In addition, a majority of our user's either get > their mail via pop, i think now is the good time to add > authenticated smtp > with tls for this, and others prefer a webmail solution. Why not do both? If you base the POP/ IMAP and SMTP Auth around a MySQL database it's easy enough to maintain too. > We use usermin, (I > did not set that up) and i want to move away from this. I'm thinking > squirrelmail, but am not sure if it'll work with our virtual > mailbox domains. No problems with Squirrel mail with virtual domains. That bit is down to the IMAP server to sort out. Have a look here http://www.gentoo.org/doc/en/virt-mail-howto.xml and here http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/html/ index.html for some ideas. While not written for CentOS you will get the idea :-) One small gotcha to watch out for. You can't use virtual alias addresses in MailScanner as these are aliased by the Trivial Rewrite service, which happens before MailScanner sees the message. This means that if MailScanner tries to send mail to one of these users it will bounce as the alias hasn't been 'resolved' so there is no such user (e.g. warning notices go to postmaster@vdomain which is an alias for user@vdomain. The resolution from postmaster to user happens before MailScanner so if MailScanner sends mail to that address the Postfix delivery process doesn't know what to do with that message) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From shuttlebox at gmail.com Sat Mar 18 13:12:33 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Sat Mar 18 13:12:36 2006 Subject: Default MTA for various distros In-Reply-To: <200603172308.k2HN8ltS029547@mail.espmail.net> References: <1137114165.20488.14.camel@localhost.localdomain> <200603172308.k2HN8ltS029547@mail.espmail.net> Message-ID: <625385e30603180512l3b7db763re87bfa05f0be95f5@mail.gmail.com> On 3/18/06, Paul Welsh wrote: > It boils down to CentOS or Debian because security patches will > be available for these for the longest time (CentOS 4 till Feb 2012 and for > Debian "about one year after the next stable distribution has been > released"). OpenSUSE will be updated for 2 years. CentOS is therefore my > preferred choice. Does that really matter? Will you be on release 4 for the next six years? It takes 30 minutes to upgrade. -- /peter From jrudd at ucsc.edu Sat Mar 18 17:05:54 2006 From: jrudd at ucsc.edu (John Rudd) Date: Sat Mar 18 17:12:06 2006 Subject: Default MTA for various distros In-Reply-To: <625385e30603180512l3b7db763re87bfa05f0be95f5@mail.gmail.com> References: <1137114165.20488.14.camel@localhost.localdomain> <200603172308.k2HN8ltS029547@mail.espmail.net> <625385e30603180512l3b7db763re87bfa05f0be95f5@mail.gmail.com> Message-ID: <5cb5d92c316acbd24b1fa50e6f849881@ucsc.edu> On Mar 18, 2006, at 5:12 AM, shuttlebox wrote: > On 3/18/06, Paul Welsh wrote: >> It boils down to CentOS or Debian because security patches will >> be available for these for the longest time (CentOS 4 till Feb 2012 >> and for >> Debian "about one year after the next stable distribution has been >> released"). OpenSUSE will be updated for 2 years. CentOS is >> therefore my >> preferred choice. > > Does that really matter? Will you be on release 4 for the next six > years? It takes 30 minutes to upgrade. > Only if you consider the most trivial aspects of an upgrade. In reality, in a non-trivial environment, it can take months to go from the start of an upgrade process to the completion of an upgrade. In that kind of environment, it can be nice to know that you wont have to put one of those processes on your todo list for a few years. From shuttlebox at gmail.com Sat Mar 18 23:04:00 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Sat Mar 18 23:04:05 2006 Subject: Default MTA for various distros In-Reply-To: <5cb5d92c316acbd24b1fa50e6f849881@ucsc.edu> References: <1137114165.20488.14.camel@localhost.localdomain> <200603172308.k2HN8ltS029547@mail.espmail.net> <625385e30603180512l3b7db763re87bfa05f0be95f5@mail.gmail.com> <5cb5d92c316acbd24b1fa50e6f849881@ucsc.edu> Message-ID: <625385e30603181504j2201b3eds19584f87ebff80be@mail.gmail.com> On 3/18/06, John Rudd wrote: > Only if you consider the most trivial aspects of an upgrade. > > In reality, in a non-trivial environment, it can take months to go from > the start of an upgrade process to the completion of an upgrade. In > that kind of environment, it can be nice to know that you wont have to > put one of those processes on your todo list for a few years. On an RPM based system for example an upgrade of OS release is not much more than a regular upgrade of packages. Do you do that every other year as well? I use test systems so I know what to expect, that can take some time but the actual upgrades don't take more than 30 minutes. I think it's no biggie doing an OS upgrade more often than every six years no matter how many and complex servers one has. -- /peter From mkettler at evi-inc.com Sun Mar 19 00:21:49 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Sun Mar 19 00:22:06 2006 Subject: Long filename rule misfire? Message-ID: <441CA41D.7010200@evi-inc.com> I had the "Very long filename" rule from filename.rules.conf fire off today. Strangely, the file it complained about is only 18 characters long.. "xxxxxxx intuit.gif" (first part of filename censored, appears to be a person's surname). Anyone ever see this behavior? >From the report: Report: MailScanner: Very long filenames are good signs of attacks against Microsoft e-mail packages (xxxxxxx intuit.gif) And upon checking in the quarantine, that is the filename it trapped and left in the quarantine. Odd. Checking filename.rules.conf, it's still the 150 character rule: # grep "Very long" filename.rules.conf deny .{150,} Very long filename, possible OE attack Very long filenames are good signs of attacks against Microsoft e-mail packages Version info: #MailScanner -v Running on Linux xanadu.evi-inc.com 2.4.27-grsec #2 Thu Aug 26 14:32:13 EDT 2004 i686 i686 i386 GNU/Linux This is Red Hat Linux release 9 (Shrike) This is Perl version 5.008000 (5.8.0) This is MailScanner version 4.50.15 Module versions are: 1.71 Mail::Header 3.05 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.03 MIME::QuotedPrint 5.419 MIME::Tools From dhawal at netmagicsolutions.com Sun Mar 19 07:22:48 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Sun Mar 19 07:22:54 2006 Subject: Long filename rule misfire? In-Reply-To: <441CA41D.7010200@evi-inc.com> References: <441CA41D.7010200@evi-inc.com> Message-ID: <20060319072248.15170.qmail@mymail.netmagicians.com> Matt Kettler writes: > > I had the "Very long filename" rule from filename.rules.conf fire off today. > > Strangely, the file it complained about is only 18 characters long.. > "xxxxxxx intuit.gif" (first part of filename censored, appears to be a person's > surname). > > Anyone ever see this behavior? Matt, This was recently discussed.. mailscanner will sanitize the filename in the report. It would be advisable to double check the length of the file name in question (either somewhere in the logs or by asking the sender). regards, - dhawal >>From the report: > > Report: MailScanner: Very long filenames are good signs of attacks against > Microsoft e-mail packages (xxxxxxx intuit.gif) > > > And upon checking in the quarantine, that is the filename it trapped and left in > the quarantine. Odd. > > > Checking filename.rules.conf, it's still the 150 character rule: > > # grep "Very long" filename.rules.conf > deny .{150,} Very long filename, possible OE attack > Very long filenames are good signs of attacks > against Microsoft e-mail packages > > > Version info: > > #MailScanner -v > Running on > Linux xanadu.evi-inc.com 2.4.27-grsec #2 Thu Aug 26 14:32:13 EDT 2004 i686 i686 > i386 GNU/Linux > This is Red Hat Linux release 9 (Shrike) > This is Perl version 5.008000 (5.8.0) > > This is MailScanner version 4.50.15 > Module versions are: > > 1.71 Mail::Header > 3.05 MIME::Base64 > 5.419 MIME::Decoder > 5.419 MIME::Decoder::UU > 5.419 MIME::Head > 5.419 MIME::Parser > 3.03 MIME::QuotedPrint > 5.419 MIME::Tools > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! **************** CAUTION - Disclaimer ***************** This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail requesting deletion of the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. NetMagic Solutions Pvt. Ltd. has taken every reasonable precaution to minimize the risk of virus infection & spam, but is not liable for any damage, you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. NetMagic Solutions Pvt. Ltd. reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the NetMagic Solutions Pvt. Ltd.'s e-mail system. ***************** End of Disclaimer ******************* From shuttlebox at gmail.com Sun Mar 19 15:04:40 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Sun Mar 19 15:04:44 2006 Subject: Long filename rule misfire? In-Reply-To: <20060319072248.15170.qmail@mymail.netmagicians.com> References: <441CA41D.7010200@evi-inc.com> <20060319072248.15170.qmail@mymail.netmagicians.com> Message-ID: <625385e30603190704q3ea29096t8d372ec55eb95378@mail.gmail.com> On 3/19/06, Dhawal Doshy wrote: > This was recently discussed.. mailscanner will sanitize the filename in the > report. It would be advisable to double check the length of the file name in > question (either somewhere in the logs or by asking the sender). I think the only place the original file name appears is in the queue files themselves. For Sendmail I look in the df-file. -- /peter From ssilva at sgvwater.com Sun Mar 19 15:40:40 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Sun Mar 19 15:41:09 2006 Subject: Long filename rule misfire? In-Reply-To: <441CA41D.7010200@evi-inc.com> References: <441CA41D.7010200@evi-inc.com> Message-ID: Matt Kettler spake the following on 3/18/2006 4:21 PM: > I had the "Very long filename" rule from filename.rules.conf fire off today. > > Strangely, the file it complained about is only 18 characters long.. > "xxxxxxx intuit.gif" (first part of filename censored, appears to be a person's > surname). > > Anyone ever see this behavior? > > >>From the report: > > Report: MailScanner: Very long filenames are good signs of attacks against > Microsoft e-mail packages (xxxxxxx intuit.gif) > > > And upon checking in the quarantine, that is the filename it trapped and left in > the quarantine. Odd. > > > Checking filename.rules.conf, it's still the 150 character rule: > > # grep "Very long" filename.rules.conf > deny .{150,} Very long filename, possible OE attack > Very long filenames are good signs of attacks > against Microsoft e-mail packages > > > Version info: > > #MailScanner -v > Running on > Linux xanadu.evi-inc.com 2.4.27-grsec #2 Thu Aug 26 14:32:13 EDT 2004 i686 i686 > i386 GNU/Linux > This is Red Hat Linux release 9 (Shrike) > This is Perl version 5.008000 (5.8.0) > > This is MailScanner version 4.50.15 > Module versions are: > > 1.71 Mail::Header > 3.05 MIME::Base64 > 5.419 MIME::Decoder > 5.419 MIME::Decoder::UU > 5.419 MIME::Head > 5.419 MIME::Parser > 3.03 MIME::QuotedPrint > 5.419 MIME::Tools > > > I have been getting a few of these. It is some sort of spam message attempt to get past filtering IMHO. From mailscanner at yeticomputers.com Sun Mar 19 18:48:50 2006 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Sun Mar 19 18:49:09 2006 Subject: FreeBSD 6 - update_virus_scanners weirdness Message-ID: <441DA792.9000504@yeticomputers.com> FreeBSD 6.0 MailScanner 4.51.6 Perl 5.8.8 This is a freshly built server, starting from a minimal FreeBSD 6.0 install. I installed MailScanner from ports after manually downloading MailScanner-install-4.51.6-1.tar.gz and fixing up the port to reflect the newer version of the file. If update_virus_scanners (or even update_virus_scanners.cron) is run manually (as root), everything works fine. If either is launched as a cron job (as root), the f-prot autoupdater fails with the error: "Updates download from http://updates.f-prot.com failed. Suspect server could not be reached," The f-prot-autoupdate script also works fine if run directly. I installed the systutils/rc_subr port since update_virus_scanners.cron used it. Also installed are clamav and bitdefender, and their updates seem to work fine from the cron job. I disabled the ipfilter firewall for testing, but the problem still occurs. There is no proxy server. MailScanner is working great, as always. Anyone have an idea what's happening here? From steve.swaney at fsl.com Sun Mar 19 19:14:30 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Sun Mar 19 19:12:36 2006 Subject: FreeBSD 6 - update_virus_scanners weirdness In-Reply-To: <441DA792.9000504@yeticomputers.com> Message-ID: <022101c64b89$5b176360$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rick Chadderdon > Sent: Sunday, March 19, 2006 1:49 PM > To: MailScanner discussion > Subject: FreeBSD 6 - update_virus_scanners weirdness > > FreeBSD 6.0 > MailScanner 4.51.6 > Perl 5.8.8 > > This is a freshly built server, starting from a minimal FreeBSD 6.0 > install. I installed MailScanner from ports after manually downloading > MailScanner-install-4.51.6-1.tar.gz and fixing up the port to reflect > the newer version of the file. > > If update_virus_scanners (or even update_virus_scanners.cron) is run > manually (as root), everything works fine. If either is launched as a > cron job (as root), the f-prot autoupdater fails with the error: > "Updates download from http://updates.f-prot.com failed. Suspect server > could not be reached," The f-prot-autoupdate script also works fine if > run directly. I installed the systutils/rc_subr port since > update_virus_scanners.cron used it. Also installed are clamav and > bitdefender, and their updates seem to work fine from the cron job. I > disabled the ipfilter firewall for testing, but the problem still > occurs. There is no proxy server. MailScanner is working great, as > always. > > Anyone have an idea what's happening here? > -- This is not a MailScanner problem. Cron jobs run in a different, normally more restricted, environment than root's normal shell. Setup a cron job that just runs `printenv` and compare that with the results of running `printenv` from a normal root shell. Hope this helps, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From mailscanner at yeticomputers.com Sun Mar 19 19:29:10 2006 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Sun Mar 19 19:29:16 2006 Subject: FreeBSD 6 - update_virus_scanners weirdness In-Reply-To: <022101c64b89$5b176360$287ba8c0@office.fsl> References: <022101c64b89$5b176360$287ba8c0@office.fsl> Message-ID: <441DB106.7000409@yeticomputers.com> Thanks, Stephen. I thought it might be an environment problem, but printenv never even crossed my mind. In my defense, I was working on this thing into the wee hours... That doesn't excuse this morning, though. :) This showed me the way... wget wasn't in the limited path of the cron job. Rick Stephen Swaney wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Rick Chadderdon >> Sent: Sunday, March 19, 2006 1:49 PM >> To: MailScanner discussion >> Subject: FreeBSD 6 - update_virus_scanners weirdness >> >> FreeBSD 6.0 >> MailScanner 4.51.6 >> Perl 5.8.8 >> >> This is a freshly built server, starting from a minimal FreeBSD 6.0 >> install. I installed MailScanner from ports after manually downloading >> MailScanner-install-4.51.6-1.tar.gz and fixing up the port to reflect >> the newer version of the file. >> >> If update_virus_scanners (or even update_virus_scanners.cron) is run >> manually (as root), everything works fine. If either is launched as a >> cron job (as root), the f-prot autoupdater fails with the error: >> "Updates download from http://updates.f-prot.com failed. Suspect server >> could not be reached," The f-prot-autoupdate script also works fine if >> run directly. I installed the systutils/rc_subr port since >> update_virus_scanners.cron used it. Also installed are clamav and >> bitdefender, and their updates seem to work fine from the cron job. I >> disabled the ipfilter firewall for testing, but the problem still >> occurs. There is no proxy server. MailScanner is working great, as >> always. >> >> Anyone have an idea what's happening here? >> -- >> > > This is not a MailScanner problem. Cron jobs run in a different, normally > more restricted, environment than root's normal shell. > > Setup a cron job that just runs `printenv` and compare that with the results > of running `printenv` from a normal root shell. > > Hope this helps, > > Steve > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060319/c06a3236/attachment.html From jrudd at ucsc.edu Sun Mar 19 21:51:13 2006 From: jrudd at ucsc.edu (John Rudd) Date: Sun Mar 19 21:56:22 2006 Subject: Default MTA for various distros In-Reply-To: <625385e30603181504j2201b3eds19584f87ebff80be@mail.gmail.com> References: <1137114165.20488.14.camel@localhost.localdomain> <200603172308.k2HN8ltS029547@mail.espmail.net> <625385e30603180512l3b7db763re87bfa05f0be95f5@mail.gmail.com> <5cb5d92c316acbd24b1fa50e6f849881@ucsc.edu> <625385e30603181504j2201b3eds19584f87ebff80be@mail.gmail.com> Message-ID: <1104855869faeb06054b288f85dc0415@ucsc.edu> On Mar 18, 2006, at 3:04 PM, shuttlebox wrote: > On 3/18/06, John Rudd wrote: >> Only if you consider the most trivial aspects of an upgrade. >> >> In reality, in a non-trivial environment, it can take months to go >> from >> the start of an upgrade process to the completion of an upgrade. In >> that kind of environment, it can be nice to know that you wont have to >> put one of those processes on your todo list for a few years. > > On an RPM based system for example an upgrade of OS release is not > much more than a regular upgrade of packages. Do you do that every > other year as well? > > I use test systems so I know what to expect, that can take some time > but the actual upgrades don't take more than 30 minutes. > > I think it's no biggie doing an OS upgrade more often than every six > years no matter how many and complex servers one has. I, in fact, have systems on my network (but not my personal responsibility area) which haven't been updated in any form in 6 years, because the vendor stopped supplying any kind of updates or patches for them. The service they provide is too mission critical to retire them, and the software they use cannot be put on a different platform. There is a project here working to migrate them to something else, but until that's 100% finished (and the scope is significant) and fully tested, the fact remains that they're mission critical. Like I said, in a non-trivial environment, these things can happen, and they matter. From pete at enitech.com.au Mon Mar 20 01:44:09 2006 From: pete at enitech.com.au (Peter Russell) Date: Mon Mar 20 01:44:22 2006 Subject: Split the mails In-Reply-To: <000101c649da$b4b09f50$3004010a@martinhlaptop> References: <000101c649da$b4b09f50$3004010a@martinhlaptop> Message-ID: <441E08E9.8000501@enitech.com.au> It isnt possible on Posthfix unless some one write a script to do it as a filter in Postfix...but i am sure that as soon as it is written the functionality of postfix will change and break it. If i hadnt already begun with postfix i would ahve learnt Exim - one day! Martin Hepworth wrote: > Matthias > > Only possible if you're running sendmail or exim. > > Basically you have to get the MTa to split the 1 email with many recipients > into many emails with 1 recipient. > > There's instructions on how to do this for sendmail and exim in this > file... > > http://www.fsl.com/support/QuarantineReport.tar.gz > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >>-----Original Message----- >>From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>bounces@lists.mailscanner.info] On Behalf Of Matthias Sutter >>Sent: 17 March 2006 15:30 >>To: MailScanner discussion >>Subject: Split the mails >> >>I make several Spam actions for different users. >>But if a mail contains several receiver only the first rule work. >> >>Now is it possible to split into several mails for each receiver? >> >>Or is there an other - may cooler way? >> >>Matthias >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > From Bernard.Lheureux at ibsbe.be Mon Mar 20 09:29:06 2006 From: Bernard.Lheureux at ibsbe.be (Bernard.Lheureux@ibsbe.be) Date: Mon Mar 20 09:29:00 2006 Subject: (no subject) Message-ID: I wanted to know if there was a solution for the problem of "removed carriage returns" in attached text files passing through a MailScanner configured as a gateway with CentOS 4.2 ans Sendmail with ClamAV and Sophos. I have read in the mailinglist that it should be a perl bug but in which module, and how to fix it ? Do you have an idea where I could point my searches to ? Best regards / Vriendelijke groeten / Cordialement, --- Bernard Lheureux Consultant / System Engineer - Networking Team IBS TECHNOLOGY AND SERVICES Leuvense Steenweg, 643 1930 Zaventem - Belgium Phone: +32-(0)2-723.91.11 Fax: +32-(0)2-723.92.99 http://www.ibsts.be -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060320/df3ac9e1/attachment.html From Bernard.Lheureux at ibsbe.be Mon Mar 20 09:41:30 2006 From: Bernard.Lheureux at ibsbe.be (Bernard.Lheureux@ibsbe.be) Date: Mon Mar 20 09:41:22 2006 Subject: Problem of removed carriage return on attached txt-files Message-ID: I wanted to know if there was a solution for the problem of "removed carriage returns" in attached text files passing through a MailScanner configured as a gateway with CentOS 4.2 ans Sendmail with ClamAV and Sophos. I have read in the mailinglist that it should be a perl bug but in which module, and how to fix it ? Do you have an idea where I could point my searches to ? Best regards / Vriendelijke groeten / Cordialement, --- Bernard Lheureux Consultant / System Engineer - Networking Team IBS TECHNOLOGY AND SERVICES Leuvense Steenweg, 643 1930 Zaventem - Belgium Phone: +32-(0)2-723.91.11 Fax: +32-(0)2-723.92.99 http://www.ibsts.be -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060320/f2fabe1a/attachment.html From smcguane at mailshield.com.au Mon Mar 20 09:56:22 2006 From: smcguane at mailshield.com.au (ShaunM [MailShield]) Date: Mon Mar 20 09:56:32 2006 Subject: MailWatch Problem - Does not send emails. In-Reply-To: Message-ID: <200603200956.k2K9uU12011317@bkserver.blacknight.ie> Hi, Does anyone know why this is happening? I have asked this question on the mailwatch lists and had no response. I am in dire need to send out reports and for some reason I have been rattling my brain trying to fix this. I have not been successful. It happens when I try to send reports... It does not send the email although it says it has as shown below. root@filter1 [/usr/mailwatch/tools]# ./quarantine_report.php === Generating report for XXXXX type=D ==== Recipient e-mail address is shaun@XXXXX.id.au ==== Building list for XXXXX ==== Found 0 quarantined e-mails ==== Building list for XXXXX.id.au ==== Found 2539 quarantined e-mails Notice: Only variable references should be returned by reference in /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on line 376 Notice: Only variable references should be returned by reference in /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on line 417 Notice: Only variable references should be returned by reference in /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on line 594 ==== Sent e-mail to shaun@XXXXX.id.au root@filter1 [/usr/mailwatch/tools]# Thanks Shaun _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Bernard.Lheureux@ibsbe.be Sent: Monday, 20 March 2006 8:29 PM To: mailscanner@lists.mailscanner.info Subject: (no subject) I wanted to know if there was a solution for the problem of "removed carriage returns" in attached text files passing through a MailScanner configured as a gateway with CentOS 4.2 ans Sendmail with ClamAV and Sophos. I have read in the mailinglist that it should be a perl bug but in which module, and how to fix it ? Do you have an idea where I could point my searches to ? Best regards / Vriendelijke groeten / Cordialement, --- Bernard Lheureux Consultant / System Engineer - Networking Team IBS TECHNOLOGY AND SERVICES Leuvense Steenweg, 643 1930 Zaventem - Belgium Phone: +32-(0)2-723.91.11 Fax: +32-(0)2-723.92.99 http://www.ibsts.be ---------------------------------------------------------------------------- - This message has been scanned for viruses and malicious content by MailShield http://www.mailshield.com.au --------------------------------------------------------------------------------------------------- MailShield E-mail Anti-Virus, Anti-Spam and Content Filtering Service. http://www.mailshield.com.au -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060320/b3c30965/attachment.html From ugob at camo-route.com Mon Mar 20 10:30:23 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Mon Mar 20 10:31:30 2006 Subject: OT: All processes of Sendmail stuck... DDOS? Message-ID: <441E843F.8090903@camo-route.com> Hi, I used to have 30 sendmail processes max, but raised it to 100 yesterday because almost all of the 30 processes were "busy" waiting for input from other servers. I also reduced the timeout value for the "TO" command. 2 kind of entries show up in "ps aux | grep sendmail": sendmail: server h090.n068.nhk.or.jp [133.127.68.90] cmd read or sendmail: server nat.resnet.mc.edu [64.246.212.52] startup Most of our MX's are having this problem. Using a mix of Greet pause, connexion throttling, greylisting, RBLs. The number of connexions rejected by sendmail by these different processes have known a very significant increase lately. Before implementing Greylisting, MailScanner was processing ~ 100 000 msg/day max on all of our servers. Now all the log entries for rejected connexions by sendmail totals ~ 400 000/ day, and it doesn't look like it si going to stop. We are not getting complaints (yet), and the ressources seems to be able to cope with the problem without significant problems. Anyone experiencing the same thing? Any solution? Regards, Ugo From glenn.steen at gmail.com Mon Mar 20 11:23:37 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 20 11:23:40 2006 Subject: Split the mails In-Reply-To: <441E08E9.8000501@enitech.com.au> References: <000101c649da$b4b09f50$3004010a@martinhlaptop> <441E08E9.8000501@enitech.com.au> Message-ID: <223f97700603200323p6f2c92c6y@mail.gmail.com> On 20/03/06, Peter Russell wrote: > It isnt possible on Posthfix unless some one write a script to do it as > a filter in Postfix...but i am sure that as soon as it is written the > functionality of postfix will change and break it. Actually, it should be possible to do with Postfix, but the problem is that that split would happen _after_ MS reinjects the mails into the incoming queue... So it'd be a bit pointless. What one *could* do (if one feels up to it) is to implement a kind of dual-PF setup where the first just fronts, splits and passes on to the second... that would use the HOLD thing as usual... Not really a nice solution, but perhaps workable, if one *really* needs this. The flow would be something like: [OTHER HOST] -> PF1 -> PF2 -> MS -> PF2 -> [DESTINATION] (slight shudder) > If i hadnt already begun with postfix i would ahve learnt Exim - one day! > (snip) Now now, calm down. Take a deep breath... Look in the mirror and repeat after me "Postfix is good for me... Postfix is good for me ....":-):-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From res at ausics.net Mon Mar 20 11:27:53 2006 From: res at ausics.net (Res) Date: Mon Mar 20 11:28:01 2006 Subject: OT: All processes of Sendmail stuck... DDOS? In-Reply-To: <441E843F.8090903@camo-route.com> References: <441E843F.8090903@camo-route.com> Message-ID: Hi, On Mon, 20 Mar 2006, Ugo Bellavance wrote: > Most of our MX's are having this problem. > Using a mix of Greet pause, connexion throttling, greylisting, RBLs. Ensure the ident time is 1-3 seconds Greet pause, mostly you can get away with setting of 2000 Greylisting... is not really good idea on busy servers, its also very time consuming with those with many MX's, might take an hour or so for mail to get received. RBL's, here might be the problem, try manual lookups on somthing on each RBL used, maybe there is one with problem. > The number of connexions rejected by sendmail by these different processes > have known a very significant increase lately. Before implementing > Greylisting, MailScanner was processing ~ 100 000 msg/day max on all of our > servers. Now all the log entries for rejected connexions by sendmail totals > ~ 400 000/ day, and it doesn't look like it si going to stop. not suprised, dump it and fast! > > We are not getting complaints (yet), and the ressources seems to be able to > cope with the problem without significant problems. > your lucky, we have users who like to email themselves if it doesnt arrive within 30 seconds they ring the support desk :) -- Cheers Res From ugob at camo-route.com Mon Mar 20 12:39:07 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Mon Mar 20 12:39:24 2006 Subject: OT: All processes of Sendmail stuck... DDOS? In-Reply-To: References: <441E843F.8090903@camo-route.com> Message-ID: Res wrote: > Hi, > > On Mon, 20 Mar 2006, Ugo Bellavance wrote: > >> Most of our MX's are having this problem. >> Using a mix of Greet pause, connexion throttling, greylisting, RBLs. > > Ensure the ident time is 1-3 seconds Will check. > > Greet pause, mostly you can get away with setting of 2000 We use a slightly higher value. > > Greylisting... is not really good idea on busy servers, its also very > time consuming with those with many MX's, might take an hour or so for > mail to get received. No problem with many MX's, the milter syncs the records. We had some ajustments to make for big ISP servers which run their queue only once every 1 or 2 hours, but the rest is ok. > > RBL's, here might be the problem, try manual lookups on somthing on each > RBL used, maybe there is one with problem. We found out that the problem was milter-ahead, caused by a destination server not responding. > >> The number of connexions rejected by sendmail by these different >> processes have known a very significant increase lately. Before >> implementing > >> Greylisting, MailScanner was processing ~ 100 000 msg/day max on all >> of our servers. Now all the log entries for rejected connexions by >> sendmail totals ~ 400 000/ day, and it doesn't look like it si going >> to stop. > > not suprised, dump it and fast! > >> >> We are not getting complaints (yet), and the ressources seems to be >> able to cope with the problem without significant problems. >> > > your lucky, we have users who like to email themselves if it doesnt > arrive within 30 seconds they ring the support desk :) It was the week end. Not too bad :). Should be fixed early this morning. > > From ugob at camo-route.com Mon Mar 20 13:07:52 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Mon Mar 20 13:08:12 2006 Subject: SA DomainKeys plugin Message-ID: Hi, Anyone tried the "experimental" plugin for DomainKeys in SpamAssassin? Must be usefull to detect forged yahoo addresses... I've seen in the announcement that in SA 3.1.1 they support the new Mail::DomainKeys API, which seems to have changed a lot (from 0.18->.080) Regards, Ugo From rob at thehostmasters.com Mon Mar 20 14:21:21 2006 From: rob at thehostmasters.com (Rob) Date: Mon Mar 20 14:21:27 2006 Subject: Upgrade only mailscanner & SA on Debian with apt-get? Message-ID: <00a801c64c29$8fe3d100$6400a8c0@flex.com> Hello all... Hope your weekends were good... I want to upgrade to one of the latest Mailscanners and SA... according to my Debian i am running.... Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name Version Description +++-==============-==============-============================================ ii mailscanner 4.41.3-2 email virus scanner and spam tagger ii spamassassin 3.1.0a-1.dirk.31.1 Perl-based spam filter using text analysis ii spamc 3.1.0a-1.dirk.31.1 Client for SpamAssassin spam filtering daemon How can i upgrade just these packages? My applogies if this is off topic a bit.... Thanks and have a great day! Rob.. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060320/dbfd0f95/attachment.html From P.G.M.Peters at utwente.nl Mon Mar 20 15:18:45 2006 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Mon Mar 20 15:18:49 2006 Subject: From line has () In-Reply-To: <6.2.1.2.2.20060316081303.01e62008@pop.mail.yahoo.com> References: <6.2.1.2.2.20060316081303.01e62008@pop.mail.yahoo.com> Message-ID: <441EC7D5.7070100@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hermit921 wrote on 16-3-2006 17:17: > I got a little more information late yesterday. If there is a > syntactically valid email address after the (), the message is > accepted. So just the presence of () is not the complete criteria. > From: brgg works > From: (brgg) fails > From: (brgg) berby@sony.com works > The Exchange people here are trying to figure out if they can do > anything about this. In this case Exchange seems to be correct. A From: header can't be empty. Although it can contain an empty address (<>). The () denotes a comment so From: (dfdfa) is identical to just From:. - -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEHsfVelLo80lrIdIRAkkaAJ9WrrD73vBzEJGYDec3Sj/HmQQCpACfdUgS i/Rm62HFZ+7KDwFJKb/JrzA= =pLwK -----END PGP SIGNATURE----- From glenn.steen at gmail.com Mon Mar 20 16:30:12 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 20 16:30:14 2006 Subject: Upgrade only mailscanner & SA on Debian with apt-get? In-Reply-To: <00a801c64c29$8fe3d100$6400a8c0@flex.com> References: <00a801c64c29$8fe3d100$6400a8c0@flex.com> Message-ID: <223f97700603200830w440d50d5x@mail.gmail.com> On 20/03/06, Rob wrote: > > Hello all... Hope your weekends were good... > > > > I want to upgrade to one of the latest Mailscanners and SA... according to > my Debian i am running.... > > Desired=Unknown/Install/Remove/Purge/Hold > | > Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed > |/ Err?=(none)/Hold/Reinst-required/X=both-problems > (Status,Err: uppercase=bad) > ||/ Name Version Description > +++-==============-==============-============================================ > ii mailscanner 4.41.3-2 email virus scanner and spam tagger > ii spamassassin 3.1.0a-1.dirk.31.1 Perl-based > spam filter using text analysis > ii spamc 3.1.0a-1.dirk.31.1 Client for > SpamAssassin spam filtering daemon > > > > How can i upgrade just these packages? > > My applogies if this is off topic a bit.... > > Thanks and have a great day! > > Rob.. To go to the latest you need go (litteraly) to the source... Which means to use Julians packages, more or less. Never ever install a source package "over" a package-managed package. Backup your settings (See the MAQ/Wiki for what needs be saved for MS), erase those packages, get the MS and ClamAV+SA package from www.mailscanner.info and follow the install instructions (in the tarball/MAQ/Wiki), and manually "copy over" your config(s)... And say "bye-bye" to apt for those subsystems:-). Do read the MAQ (http://wiki.mailscanner.info/doku.php?id=maq:index) and install/upgrade parts under documentation, there is much good info there. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rob at thehostmasters.com Mon Mar 20 17:30:19 2006 From: rob at thehostmasters.com (Rob Morin) Date: Mon Mar 20 17:30:28 2006 Subject: Upgrade only mailscanner & SA on Debian with apt-get? References: <00a801c64c29$8fe3d100$6400a8c0@flex.com> <441EE57E.4040007@lists.mailscanner.info> Message-ID: <015d01c64c43$f5f48380$6400a8c0@flex.com> Oooo... scary.... Not sure if anythign would get mucked up... :( stewy:/home/rob# apt-get -s install mailscanner Reading Package Lists... Done Building Dependency Tree... Done The following extra packages will be installed: libc6 libc6-dev libdb4.4 libdbd-sqlite3-perl libmime-perl libperl-dev libperl5.8 libsqlite3-0 locales perl perl-base perl-modules Suggested packages: glibc-doc libnet-ldap-perl unrar-nonfree f-prot-installer libterm-readline-gnu-perl libterm-readline-perl-perl Recommended packages: tnef ncftp perl-doc The following packages will be REMOVED: base-config The following NEW packages will be installed: libdb4.4 libdbd-sqlite3-perl libsqlite3-0 The following packages will be upgraded: libc6 libc6-dev libmime-perl libperl-dev libperl5.8 locales mailscanner perl perl-base perl-modules 10 upgraded, 3 newly installed, 1 to remove and 356 not upgraded. Remv base-config (2.76 Debian:testing) Inst libc6-dev [2.3.2.ds1-22] (2.3.6-3 Debian:testing) [] Inst locales [2.3.2.ds1-22] (2.3.6-3 Debian:testing) [] Inst libc6 [2.3.2.ds1-22] (2.3.6-3 Debian:testing) Conf libc6 (2.3.6-3 Debian:testing) Inst perl-modules [5.8.7-3] (5.8.8-2 Debian:testing) [] Inst libdb4.4 (4.4.20-3 Debian:testing) [] Inst libperl-dev [5.8.7-3] (5.8.8-2 Debian:testing) [] Inst libperl5.8 [5.8.7-3] (5.8.8-2 Debian:testing) [] Inst perl-base [5.8.7-3] (5.8.8-2 Debian:testing) [liburi-perl perl ] Conf perl-base (5.8.8-2 Debian:testing) [liburi-perl perl ] Inst perl [5.8.7-3] (5.8.8-2 Debian:testing) Inst libmime-perl [5.417-1] (5.419-1 Debian:testing) Inst libsqlite3-0 (3.2.8-1 Debian:testing) Inst libdbd-sqlite3-perl (1.11-1 Debian:testing) Inst mailscanner [4.41.3-2] (4.51.5-1 Debian:testing) Conf libc6-dev (2.3.6-3 Debian:testing) Conf locales (2.3.6-3 Debian:testing) Conf libdb4.4 (4.4.20-3 Debian:testing) Conf perl (5.8.8-2 Debian:testing) Conf perl-modules (5.8.8-2 Debian:testing) Conf libperl5.8 (5.8.8-2 Debian:testing) Conf libperl-dev (5.8.8-2 Debian:testing) Conf libmime-perl (5.419-1 Debian:testing) Conf libsqlite3-0 (3.2.8-1 Debian:testing) Conf libdbd-sqlite3-perl (1.11-1 Debian:testing) Conf mailscanner (4.51.5-1 Debian:testing) ----- Original Message ----- From: "MailScanner discussion" To: Sent: Monday, March 20, 2006 12:25 PM Subject: Re: Upgrade only mailscanner & SA on Debian with apt-get? > Rob wrote: >> Hello all... Hope your weekends were good... >> >> I want to upgrade to one of the latest Mailscanners and SA... according >> to my Debian i am running.... >> Desired=Unknown/Install/Remove/Purge/Hold >> | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed >> |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: >> uppercase=bad) >> ||/ Name Version Description >> +++-==============-==============-============================================ >> ii mailscanner 4.41.3-2 email virus scanner and spam tagger >> ii spamassassin 3.1.0a-1.dirk.31.1 >> Perl-based spam filter using text analysis >> ii spamc 3.1.0a-1.dirk.31.1 Client >> for SpamAssassin spam filtering daemon >> How can i upgrade just these packages? >> My applogies if this is off topic a bit.... >> Thanks and have a great day! >> Rob.. > Assuming the packages you want are available in the repositories, but you > just want to upgrade mailscanner et al rather than the full whack, apt-get > install mailscanner spamassassin spamc will just upgrade those three > packages if there are newer versions available. > > Failing that, you either need the source, or to pin your distro to pull > from stable normally but from testing etc if you force the option to get > newer packages. > > Regards, > > Alex > From strydom.dave at gmail.com Mon Mar 20 18:37:23 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Mon Mar 20 18:37:27 2006 Subject: MailWatch Problem - Does not send emails. In-Reply-To: <200603200956.k2K9uU12011317@bkserver.blacknight.ie> References: <200603200956.k2K9uU12011317@bkserver.blacknight.ie> Message-ID: you using php-4.4.0 aren't you? go to those lines in the mime.php and remove the '&' from those lines. Dave On 3/20/06, ShaunM [MailShield] wrote: > > > > Hi, > > > > Does anyone know why this is happening? I have asked this question on the > mailwatch lists and had no > response. I am in dire need to send out reports and for some reason I have > been rattling my brain > trying to fix this. I have not been successful. > > > > It happens when I try to send reports... It does not send the email although > it says it has as shown below. > > > > > > root@filter1 [/usr/mailwatch/tools]# ./quarantine_report.php > > > > === Generating report for XXXXX type=D > > ==== Recipient e-mail address is shaun@XXXXX.id.au ==== Building list for > XXXXX ==== Found 0 quarantined e-mails ==== Building list for XXXXX.id.au > ==== Found 2539 quarantined e-mails > > > > Notice: Only variable references should be returned by reference in > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > line 376 > > > > Notice: Only variable references should be returned by reference in > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > line 417 > > > > Notice: Only variable references should be returned by reference in > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > line 594 > > > > ==== Sent e-mail to shaun@XXXXX.id.au > > > > root@filter1 [/usr/mailwatch/tools]# > > > > > > > > Thanks > > Shaun > > > > > > > > > > ________________________________ > > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Bernard.Lheureux@ibsbe.be > Sent: Monday, 20 March 2006 8:29 PM > To: mailscanner@lists.mailscanner.info > Subject: (no subject) > > > > > I wanted to know if there was a solution for the problem of "removed > carriage returns" in attached text files passing through a MailScanner > configured as a gateway with CentOS 4.2 ans Sendmail with ClamAV and Sophos. > I have read in the mailinglist that it should be a perl bug but in which > module, and how to fix it ? > Do you have an idea where I could point my searches to ? > > Best regards / Vriendelijke groeten / Cordialement, > > --- > Bernard Lheureux > Consultant / System Engineer - Networking Team > > IBS TECHNOLOGY AND SERVICES > Leuvense Steenweg, 643 > 1930 Zaventem - Belgium > Phone: +32-(0)2-723.91.11 Fax: +32-(0)2-723.92.99 > http://www.ibsts.be > > > ----------------------------------------------------------------------------- > This message has been scanned for viruses and malicious content by > MailShield > http://www.mailshield.com.au > > > ----------------------------------------------------------------------------- > This message has been scanned for viruses and malicious content by > MailShield > http://www.mailshield.com.au > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From smcguane at mailshield.com.au Mon Mar 20 21:53:02 2006 From: smcguane at mailshield.com.au (ShaunM [MailShield]) Date: Mon Mar 20 21:53:12 2006 Subject: MailWatch Problem - Does not send emails. In-Reply-To: Message-ID: <200603202153.k2KLr9AD020602@bkserver.blacknight.ie> What program will tell me which line im at when editing? Vi and nano don't. Thanks Shaun -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave Strydom Sent: Tuesday, 21 March 2006 5:37 AM To: MailScanner discussion Subject: Re: MailWatch Problem - Does not send emails. you using php-4.4.0 aren't you? go to those lines in the mime.php and remove the '&' from those lines. Dave On 3/20/06, ShaunM [MailShield] wrote: > > > > Hi, > > > > Does anyone know why this is happening? I have asked this question on the > mailwatch lists and had no > response. I am in dire need to send out reports and for some reason I have > been rattling my brain > trying to fix this. I have not been successful. > > > > It happens when I try to send reports... It does not send the email although > it says it has as shown below. > > > > > > root@filter1 [/usr/mailwatch/tools]# ./quarantine_report.php > > > > === Generating report for XXXXX type=D > > ==== Recipient e-mail address is shaun@XXXXX.id.au ==== Building list for > XXXXX ==== Found 0 quarantined e-mails ==== Building list for XXXXX.id.au > ==== Found 2539 quarantined e-mails > > > > Notice: Only variable references should be returned by reference in > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > line 376 > > > > Notice: Only variable references should be returned by reference in > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > line 417 > > > > Notice: Only variable references should be returned by reference in > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > line 594 > > > > ==== Sent e-mail to shaun@XXXXX.id.au > > > > root@filter1 [/usr/mailwatch/tools]# > > > > > > > > Thanks > > Shaun > > > > > > > > > > ________________________________ > > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Bernard.Lheureux@ibsbe.be > Sent: Monday, 20 March 2006 8:29 PM > To: mailscanner@lists.mailscanner.info > Subject: (no subject) > > > > > I wanted to know if there was a solution for the problem of "removed > carriage returns" in attached text files passing through a MailScanner > configured as a gateway with CentOS 4.2 ans Sendmail with ClamAV and Sophos. > I have read in the mailinglist that it should be a perl bug but in which > module, and how to fix it ? > Do you have an idea where I could point my searches to ? > > Best regards / Vriendelijke groeten / Cordialement, > > --- > Bernard Lheureux > Consultant / System Engineer - Networking Team > > IBS TECHNOLOGY AND SERVICES > Leuvense Steenweg, 643 > 1930 Zaventem - Belgium > Phone: +32-(0)2-723.91.11 Fax: +32-(0)2-723.92.99 > http://www.ibsts.be > > > ---------------------------------------------------------------------------- - > This message has been scanned for viruses and malicious content by > MailShield > http://www.mailshield.com.au > > > ---------------------------------------------------------------------------- - > This message has been scanned for viruses and malicious content by > MailShield > http://www.mailshield.com.au > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website!


---------------------------------------------------------------------------- -
This message has been scanned for viruses and malicious content by MailShield
http://www.mailshield.com.au



-----------------------------------------------------------------------------
This message has been scanned for viruses and malicious content by MailShield
http://www.mailshield.com.au
From paul at welshfamily.com Mon Mar 20 21:57:16 2006 From: paul at welshfamily.com (Paul Welsh) Date: Mon Mar 20 21:57:29 2006 Subject: Moving bayes database In-Reply-To: <1137114165.20488.14.camel@localhost.localdomain> Message-ID: <200603202157.k2KLvJIv003078@mail.espmail.net> Hi Everyone Is it possible to move my bayes database from my old to my new server? If so, how? I'm running SpamAssassin 3.1.0 on my current server but have version 3.1.1 on my new server. From jaearick at colby.edu Mon Mar 20 22:01:27 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon Mar 20 22:05:25 2006 Subject: MailWatch Problem - Does not send emails. In-Reply-To: <200603202153.k2KLr9AD020602@bkserver.blacknight.ie> References: <200603202153.k2KLr9AD020602@bkserver.blacknight.ie> Message-ID: What???!!! Of course vi will tell you. control-g at whatever line you are on. Or if you want to see all lines, :set number will do it. Jeff Earickson On Tue, 21 Mar 2006, ShaunM [MailShield] wrote: > Date: Tue, 21 Mar 2006 08:53:02 +1100 > From: "ShaunM [MailShield]" > Reply-To: MailScanner discussion > To: 'MailScanner discussion' > Subject: RE: MailWatch Problem - Does not send emails. > > What program will tell me which line im at when editing? > > Vi and nano don't. > > Thanks > Shaun > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave > Strydom > Sent: Tuesday, 21 March 2006 5:37 AM > To: MailScanner discussion > Subject: Re: MailWatch Problem - Does not send emails. > > you using php-4.4.0 aren't you? > > go to those lines in the mime.php and remove the '&' from those lines. > > Dave > > On 3/20/06, ShaunM [MailShield] wrote: >> >> >> >> Hi, >> >> >> >> Does anyone know why this is happening? I have asked this question on the >> mailwatch lists and had no >> response. I am in dire need to send out reports and for some reason I > have >> been rattling my brain >> trying to fix this. I have not been successful. >> >> >> >> It happens when I try to send reports... It does not send the email > although >> it says it has as shown below. >> >> >> >> >> >> root@filter1 [/usr/mailwatch/tools]# ./quarantine_report.php >> >> >> >> === Generating report for XXXXX type=D >> >> ==== Recipient e-mail address is shaun@XXXXX.id.au ==== Building list > for >> XXXXX ==== Found 0 quarantined e-mails ==== Building list for > XXXXX.id.au >> ==== Found 2539 quarantined e-mails >> >> >> >> Notice: Only variable references should be returned by reference in >> /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on >> line 376 >> >> >> >> Notice: Only variable references should be returned by reference in >> /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on >> line 417 >> >> >> >> Notice: Only variable references should be returned by reference in >> /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on >> line 594 >> >> >> >> ==== Sent e-mail to shaun@XXXXX.id.au >> >> >> >> root@filter1 [/usr/mailwatch/tools]# >> >> >> >> >> >> >> >> Thanks >> >> Shaun >> >> >> >> >> >> >> >> >> >> ________________________________ >> >> >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On >> Behalf Of Bernard.Lheureux@ibsbe.be >> Sent: Monday, 20 March 2006 8:29 PM >> To: mailscanner@lists.mailscanner.info >> Subject: (no subject) >> >> >> >> >> I wanted to know if there was a solution for the problem of "removed >> carriage returns" in attached text files passing through a MailScanner >> configured as a gateway with CentOS 4.2 ans Sendmail with ClamAV and > Sophos. >> I have read in the mailinglist that it should be a perl bug but in which >> module, and how to fix it ? >> Do you have an idea where I could point my searches to ? >> >> Best regards / Vriendelijke groeten / Cordialement, >> >> --- >> Bernard Lheureux >> Consultant / System Engineer - Networking Team >> >> IBS TECHNOLOGY AND SERVICES >> Leuvense Steenweg, 643 >> 1930 Zaventem - Belgium >> Phone: +32-(0)2-723.91.11 Fax: +32-(0)2-723.92.99 >> http://www.ibsts.be >> >> >> > ---------------------------------------------------------------------------- > - >> This message has been scanned for viruses and malicious content by >> MailShield >> http://www.mailshield.com.au >> >> >> > ---------------------------------------------------------------------------- > - >> This message has been scanned for viruses and malicious content by >> MailShield >> http://www.mailshield.com.au >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > >
>
>
> ---------------------------------------------------------------------------- > -
> This message has been scanned for viruses and malicious content by > MailShield
> size="2" face="Arial, Helvetica, > sans-serif">http://www.mailshield.com.au color="#44a82e" face="Arial, Helvetica, > sans-serif">
>
> > > > > > >
>
>
> -----------------------------------------------------------------------------
> This message has been scanned for viruses and malicious content by MailShield
> http://www.mailshield.com.au
>
> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mailscanner at yeticomputers.com Mon Mar 20 22:07:16 2006 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Mon Mar 20 22:07:25 2006 Subject: MailWatch Problem - Does not send emails. In-Reply-To: <200603202153.k2KLr9AD020602@bkserver.blacknight.ie> References: <200603202153.k2KLr9AD020602@bkserver.blacknight.ie> Message-ID: <441F2794.3090605@yeticomputers.com> Hitting CTRL-C in nano should show the line number near the bottom of the page. ShaunM [MailShield] wrote: >What program will tell me which line im at when editing? > >Vi and nano don't. > > From john at jolet.net Mon Mar 20 22:14:46 2006 From: john at jolet.net (John Jolet) Date: Mon Mar 20 22:14:48 2006 Subject: MailWatch Problem - Does not send emails. In-Reply-To: <441F2794.3090605@yeticomputers.com> References: <200603202153.k2KLr9AD020602@bkserver.blacknight.ie> <441F2794.3090605@yeticomputers.com> Message-ID: On Mar 20, 2006, at 4:07 PM, Rick Chadderdon wrote: > Hitting CTRL-C in nano should show the line number near the bottom of > the page. > > ShaunM [MailShield] wrote: > >> What program will tell me which line im at when editing? >> >> Vi and nano don't. >> >> control-g in vim will do the same. From dyioulos at firstbhph.com Mon Mar 20 22:32:52 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Mon Mar 20 22:33:10 2006 Subject: MailWatch Problem - Does not send emails. In-Reply-To: <200603202153.k2KLr9AD020602@bkserver.blacknight.ie> References: <200603202153.k2KLr9AD020602@bkserver.blacknight.ie> Message-ID: <200603201732.53363.dyioulos@firstbhph.com> vi should. Look at the bottom of the editing screen. You should see the file name number of lines and number of characters on the left, and the line and column your cursor are in on the right (as in 3,1). HTH Dimitri On Monday March 20 2006 4:53 pm, ShaunM [MailShield] wrote: > What program will tell me which line im at when editing? > > Vi and nano don't. > > Thanks > Shaun > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave > Strydom > Sent: Tuesday, 21 March 2006 5:37 AM > To: MailScanner discussion > Subject: Re: MailWatch Problem - Does not send emails. > > you using php-4.4.0 aren't you? > > go to those lines in the mime.php and remove the '&' from those lines. > > Dave > > On 3/20/06, ShaunM [MailShield] wrote: > > Hi, > > > > > > > > Does anyone know why this is happening? I have asked this question on the > > mailwatch lists and had no > > response. I am in dire need to send out reports and for some reason I > > have > > > been rattling my brain > > trying to fix this. I have not been successful. > > > > > > > > It happens when I try to send reports... It does not send the email > > although > > > it says it has as shown below. > > > > > > > > > > > > root@filter1 [/usr/mailwatch/tools]# ./quarantine_report.php > > > > > > > > === Generating report for XXXXX type=D > > > > ==== Recipient e-mail address is shaun@XXXXX.id.au ==== Building list > > for > > > XXXXX ==== Found 0 quarantined e-mails ==== Building list for > > XXXXX.id.au > > > ==== Found 2539 quarantined e-mails > > > > > > > > Notice: Only variable references should be returned by reference in > > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > > line 376 > > > > > > > > Notice: Only variable references should be returned by reference in > > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > > line 417 > > > > > > > > Notice: Only variable references should be returned by reference in > > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > > line 594 > > > > > > > > ==== Sent e-mail to shaun@XXXXX.id.au > > > > > > > > root@filter1 [/usr/mailwatch/tools]# > > > > > > > > > > > > > > > > Thanks > > > > Shaun > > > > > > > > > > > > > > > > > > > > ________________________________ > > > > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Bernard.Lheureux@ibsbe.be > > Sent: Monday, 20 March 2006 8:29 PM > > To: mailscanner@lists.mailscanner.info > > Subject: (no subject) > > > > > > > > > > I wanted to know if there was a solution for the problem of "removed > > carriage returns" in attached text files passing through a MailScanner > > configured as a gateway with CentOS 4.2 ans Sendmail with ClamAV and > > Sophos. > > > I have read in the mailinglist that it should be a perl bug but in which > > module, and how to fix it ? > > Do you have an idea where I could point my searches to ? > > > > Best regards / Vriendelijke groeten / Cordialement, > > > > --- > > Bernard Lheureux > > Consultant / System Engineer - Networking Team > > > > IBS TECHNOLOGY AND SERVICES > > Leuvense Steenweg, 643 > > 1930 Zaventem - Belgium > > Phone: +32-(0)2-723.91.11 Fax: +32-(0)2-723.92.99 > > http://www.ibsts.be > > --------------------------------------------------------------------------- >- - > > > This message has been scanned for viruses and malicious content by > > MailShield > > http://www.mailshield.com.au > > --------------------------------------------------------------------------- >- - > > > This message has been scanned for viruses and malicious content by > > MailShield > > http://www.mailshield.com.au > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > >
>
>
> --------------------------------------------------------------------------- >- -
> This message has been scanned for viruses and malicious content by > MailShield
> size="2" face="Arial, Helvetica, > sans-serif">http://www.mailshield.com.au color="#44a82e" face="Arial, Helvetica, > sans-serif">
>
> > > > > > >
>
>
> --------------------------------------------------------------------------- >--
This message has been scanned for viruses and malicious content by > MailShield
color="#44a82e" size="2" face="Arial, Helvetica, > sans-serif">http://www.mailshield.com.au color="#44a82e" face="Arial, Helvetica, sans-serif">
>
> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Mon Mar 20 22:32:16 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Mar 20 22:33:14 2006 Subject: Movin