From alex at nkpanama.com Wed Mar 1 00:35:03 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Mar 1 00:34:31 2006 Subject: OT: building a new MS machine and stuck at the firewall In-Reply-To: <4404A315.4010806@taz-mania.com> References: <440361DC.2070604@ecs.soton.ac.uk> <4403821F.4030503@taz-mania.com> <7EE0254D-DDB1-4E52-A7E1-B78C6CF89C47@ecs.soton.ac.uk> <4404A315.4010806@taz-mania.com> Message-ID: <4404EC37.6090908@nkpanama.com> service iptables stop service iptables save service iptables start That should do it. Dennis Willson wrote: > My comment about being new to managing Linux was really more targeted > to the original poster who said: > > "Well I thought that I was not a newbie, but I am already stuck and > having not did anything but install CentOS 4.2. > > I opted to enable the firewall during the setup, and now I do not even > know how to turn it off let alone configure the iptables, as it seems > that I need to do. I searched and searched and I really just want to > turn it off because it is not directly on the net. > > Any simple command ex: service firewall stop chkconfig firewall or > something to turn it off?" > > > It wasn't really meant to be directed at you... Sorry > Dennis > > > Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> >> >> On 27 Feb 2006, at 22:50, Dennis Willson wrote: >> >> >> >>> If you're new to managing Linux, >>> >> >> Yeah, a bit, only been doing it since we first opened our public >> 24x7 Linux lab back in 1993. >> >> :-) >> >> Thanks for the thought though ;-> >> >> >> >>> Webmin can make life a lot easier. You can also sometimes learn a >>> few things by looking at the config files before and after you do >>> something in Webmin to understand what the configs are really doing. >>> >>> Dennis >>> >>> Julian Field wrote: >>> >>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> >>>> >>>> Joshua Hirsh wrote: >>>> >>>> >>>>>> Any simple command ex: service firewall stop chkconfig firewall or >>>>>> something to turn it off? >>>>>> >>>>>> >>>>> Hi Billy, >>>>> >>>>> You have a few options: >>>>> >>>>> 1) type 'setup' as root and disable the firewall from there >>>>> 2) type 'service iptables stop', and 'chkconfig iptables off' >>>>> (this disabled the firewall startup script) >>>>> 3) for a temporary removal until next reboot, type 'iptables - F' >>>>> (this flushes out the iptables rules) >>>>> >>>>> >>>> Once you've got iptables in, how do you configure it? >>>> Presumably there are some reasonable firewall configuration tools >>>> included with RHEL/CentOS? >>>> I've always just done it the hard way, any time I've needed it >>>> (which is rarely, we have FW-1 connected to an active IDS), but >>>> there must be an easy way. >>>> >>>> - -- Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> Professional Support Services at www.MailScanner.biz >>>> MailScanner thanks transtec Computers for their support >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: PGP Desktop 9.0.5 (Build 5050) >>>> >>>> iQA/AwUBRANh3RH2WUcUFbZUEQLNAQCg9nXA4V/l/WAU1w57bqtLnBVr8pwAoK4x >>>> ZXeOnpzopydwEmppc7JBgj1m >>>> =lGQH >>>> -----END PGP SIGNATURE----- >>>> >>>> >>>> >>> -- >>> >>> ---------------------------------- >>> Dennis Willson >>> mailto:taz@taz-mania.com >>> http://www.taz-mania.com >>> >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> - -- Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.5 (Build 5050) >> >> iQEVAwUBRAQWwvw32o+k+q+hAQE6oAf/T+xeRlFNT077Mn5R0E4fU2iliTH/f8Ma >> ipbTFnbx4tlhM4j8atIaGcXwobUaJPt1KJ/7GElraGprdVFnzao6xbg0tUzVUJJg >> X1PuXfcGJOkhOLB7iAEKag3TgpUg3vmqdPT5bWFow/xorDmoBRe3Ep46hQD54ivg >> aAn63zXhyQooZshl4STLV34uUOXkdZUfS7DzRbwXA+ebdxcaIdzg7nsisY0SQAfx >> +N8pJkX93tLEks9owdikP+VLEgusrPwRNbUvDd3uGecvkCJ9crdlCLA3g3ixwqQA >> I9mC2EMrm/4M471pmKB2gVArF1uKdzntjaC+gFakNaoeUhJeTlbmDg== >> =lKOL >> -----END PGP SIGNATURE----- >> >> >> > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From brent.addis at pronet.co.nz Wed Mar 1 02:14:16 2006 From: brent.addis at pronet.co.nz (Brent Addis) Date: Wed Mar 1 02:15:00 2006 Subject: Mailscanner silently dying.... In-Reply-To: <4F411340-FE78-4306-8578-7D5883D508BF@ecs.soton.ac.uk> References: <007401c63c72$09467ab0$6400a8c0@flex.com> <4F411340-FE78-4306-8578-7D5883D508BF@ecs.soton.ac.uk> Message-ID: <44050378.4030708@pronet.co.nz> Will the next version fix the exim issues 4.50 introduced that I reported a couple of weeks ago? I would really like to upgrade. Julian Field wrote: > You need to run it in debug mode. You don't appear to have a recent > version, you are 10 months out of date. Please upgrade to the latest > release (new one out tomorrow) and then run "MailScanner --debug" and > see if it produces any error messages. > > On 28 Feb 2006, at 14:19, Rob wrote: > >> Mailscanner is quietly dying..... >> >> not much in the logs >> >> You can see it was going fine till 15:46, then my script restarted it >> at 16:27 >> >> I am on Debian Sarge, with Postfix SA Clamd >> >> Any ideas? >> >> Thanks... >> >> >> Feb 27 15:46:50 stewy MailScanner[8361]: HTML-Form tag found in >> message 8FEF8C285.59CF8 from subscription@businessinformationgroup.ca >> Feb 27 15:46:51 stewy MailScanner[8361]: Requeue: 8FEF8C285.59CF8 to >> 29822C298 >> >> >> Feb 27 16:27:49 stewy MailScanner[27971]: MailScanner E-Mail Virus >> Scanner version 4.41.3 starting... >> Feb 27 16:27:49 stewy MailScanner[27971]: Read 120 hostnames from the >> phishing whitelist >> Feb 27 16:27:51 stewy MailScanner[27971]: Enabling SpamAssassin >> auto-whitelist functionality... >> Feb 27 16:27:56 stewy MailScanner[27971]: Using locktype = flock >> Feb 27 16:27:56 stewy MailScanner[27971]: New Batch: Found 116 >> messages waiting >> Feb 27 16:27:56 stewy MailScanner[27971]: New Batch: Scanning 30 >> messages, 1357348 bytes >> Feb 27 16:27:56 stewy MailScanner[27971]: Spam Checks: Starting >> >> >> >> Rob... >> http://www.stupidguytalk.org >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > From ganci at nurdog.com Wed Mar 1 02:59:52 2006 From: ganci at nurdog.com (Paul R. Ganci) Date: Wed Mar 1 03:00:09 2006 Subject: File type rules Message-ID: <44050E28.3020401@nurdog.com> I have been trying to turn off the damn RTF rules and have yet to be successful. From my filename.rules.conf I commented out: # JKF 11/01/2006 Another Microsoft security vulnerability #deny winmail\.dat$ Windows security vulnerability No Outlook Rich Text Format messages due to security hole, use HTML instead From my filetype.rules.conf I commented out: #deny TNEF Windows security vulnerability No Outlook Rich Text Format messages due to security hole, use HTML instead #deny Transport Neutral Encapsulation Format Windows security vulnerability No Outlook Rich Text Format messages due to security hole, use HTML instead and yet MailScanner continues to block these: Feb 7 14:31:49 mx02 MailScanner[32634]: Virus and Content Scanning: Starting Feb 7 14:31:52 mx02 MailScanner[32701]: Expanding TNEF archive at /var/spool/MailScanner/incoming/32701/k17LV2EK006288/winmail.dat Feb 7 14:31:52 mx02 MailScanner[32701]: Virus and Content Scanning: Starting Feb 7 14:31:55 mx02 MailScanner[32701]: Filename Checks: Windows security vulnerability (k17LV2EK006288 winmail.dat) Feb 7 14:31:55 mx02 MailScanner[32701]: Other Checks: Found 1 problems Feb 7 14:31:56 mx02 MailScanner[32701]: Saved infected "winmail.dat" to /var/spool/MailScanner/quarantine/20060207/k17LV2EK006288 Yes, I restarted MailScanner after changing these rules. Please, what do I have to do to get MailScanner to stop blocking these? Thanks. -- Paul (ganci@nurdog.com) From ganci at nurdog.com Wed Mar 1 07:16:54 2006 From: ganci at nurdog.com (Paul R. Ganci) Date: Wed Mar 1 07:17:08 2006 Subject: File type rules In-Reply-To: <44050E28.3020401@nurdog.com> References: <44050E28.3020401@nurdog.com> Message-ID: <44054A66.3020201@nurdog.com> Paul R. Ganci wrote: > I have been trying to turn off the damn RTF rules and have yet to be > successful. From my filename.rules.conf I commented out: Folks, please accept my apologies ... MailScanner is working appropriately. I didn't check the log file date against the date I actually commented out the MailScanner config lines. Sorry my bad. -- Paul (ganci@nurdog.com) From MailScanner at ecs.soton.ac.uk Wed Mar 1 08:34:00 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 1 08:34:11 2006 Subject: [Fwd: Re: exim4 / mailscanner 4.50.15 spool issues] In-Reply-To: <43FAC147.3090001@pronet.co.nz> References: <43FAC147.3090001@pronet.co.nz> Message-ID: <92E6528D-CA95-47FA-8BAD-526DDB9683E9@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 21 Feb 2006, at 07:29, Brent Addis wrote: > Koopmann, Jan-Peter wrote: >> On Tuesday, February 21, 2006 1:04 AM Brent Addis wrote: >> >>> I have built a new server from scratch, instralled 4.50 and am still >>> getting this problem. Has anybody seen it at all? >>> It seems totally random. only 6 out of every 1500 happens. All seem >>> to be just text based messages with nothing odd. >>> I would really like to be use 4.50 in production but that's a no go >>> until this is sorted. >> >> First: I can confirm the problem. I am seeing the exact same >> thing. Julian. >> Something in 4.49 or 4.50 broke exim support a bit. Sometimes -H >> files are >> left in the incoming spool whereas the -D files are gone. Actually >> I have >> yet to debug if the message itself was delivered correctly. >> >> @Brent: Currently I do not think this is a showstopper. You can >> periodically >> run a small script deleting all -H files whithout corresponding -D >> files. >> Not nice but it works. >> > I believe it is. the mail does not seem to arrive at the other end. > I end up having to attach the original message to a new mail and > send it. I have had to turn on quarantine all mail just for this > reason. > > > I am seeing it in the outgoing spool queue not the incoming I think this is a locking problem. Check "Lock Type =" and see if your Exim is using the same locking type. I haven't changed the default lock type for exim. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAVcfPw32o+k+q+hAQFSoggAtqLbo7Lsw8mxcPrIk214L9c9AxncNyYQ WJ/UaNxyxP9F9Ivnxw5c67BlOrHAlom47fCsjMo0JsfyQnTLZCAHOvAYvy2D2zK3 jqy3X4h1gxRCprZfz4xF+kqJ764t8z2EPsOkDEGLOwBq5f0CDe2uCEgWDxp33eKK ZX0EL1n9ykydVOXVHLriUc8mfbx1S++80d2MNP41tx9h0dHJQ5+o9Hg5nyf1c9h0 D+69UmO4DRCjtYG91Pp0gtcImuBtO9il6Ou40pdQnvWvoCX1IrZFAf5y4oyCSz5a 6XRao4nuUzDMHsHdW5/aU2DURwcAnQL8QwuJ1EoU2DD2BBB6iuYESw== =yFJq -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Mar 1 08:51:49 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 1 08:51:59 2006 Subject: MailScanner ANNOUNCE: 4.51 released Message-ID: <25EB4DFC-F1C1-4377-A1B4-37F57B788AF8@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- I have just release 4.51. A quiet month this time, compared to January! There is just one major addition this month, an option "Use TNEF Contents". - -- You can set this to "no", "add" or "replace". - -- Unless you set it to "no", the attachments contained within the winmail.dat file, present in TNEF "Outlook Rich Text Format" messages, will be expanded and attached to the message as new attachments. - -- If you set it to "replace" the original winmail.dat file will then be removed, leaving the message the same size as when it arrived, which is important to users with slow connections or tight quotas. Download it as usual from www.mailscanner.info. The full Change Log is this: * New Features and Improvements * - - Syntax checking of Spam Actions (and its brothers) at run time. Message will be delivered if an error is found. - - Improved detection of Solaris GCC in the installers. - - New option "Use TNEF Contents" allows you to add the contents of winmail.dat attachments to messages in TNEF format. This means that users not running Microsoft Outlook can read attachments put there by badly-configured Outlook or Exchange systems. Valid values are "no", "add" or "replace" which do pretty much what they say. Explanations are in MailScanner.conf. - - Improved PID handling in sendmail on SuSE systems. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAVgp/w32o+k+q+hAQE77Qf9Ff8WOGBubUblCItP3yqq1mqP7kbmfQpm vgfLN9Abrp7wNeEkO6Xbk+Aa7WqU0P02/1u7IKXHC7H6qy2L44pJ1jykcOIRrwt5 KxB0rL2EQiOqikptvH5F9kehbmvCShu2d51G/xXiaoRqXTgadF6SUPR22VqW8glV PFnpxTvulY4kHxsR2cCXT2dsACsLn7RpttpKYTmwdl9xfSTJbmWxqsM+FZmoKrTA Wd7tI/5Jo/69Eq1KQBsjzzAwliuQUedr1ohXlQbkKbW8Oge8kvFif7MBPljx3i8f +AoXZpvycxJro5Qeq7LBIulxCPT33CkWp7vDzZZawqd9oPyb4/FiDg== =cQVP -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Wed Mar 1 14:47:32 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 1 14:47:35 2006 Subject: Mailscanner silently dying.... In-Reply-To: <007401c63c72$09467ab0$6400a8c0@flex.com> References: <007401c63c72$09467ab0$6400a8c0@flex.com> Message-ID: <223f97700603010647n38f3aa9fs@mail.gmail.com> On 28/02/06, Rob wrote: > > > > Mailscanner is quietly dying..... > > not much in the logs > > You can see it was going fine till 15:46, then my script restarted it at > 16:27 > > I am on Debian Sarge, with Postfix SA Clamd > > Any ideas? > > Thanks... > > > Feb 27 15:46:50 stewy MailScanner[8361]: HTML-Form tag found in message > 8FEF8C285.59CF8 from > subscription@businessinformationgroup.ca > Feb 27 15:46:51 stewy MailScanner[8361]: Requeue: 8FEF8C285.59CF8 to > 29822C298 > > > Feb 27 16:27:49 stewy MailScanner[27971]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Feb 27 16:27:49 stewy MailScanner[27971]: Read 120 hostnames from the > phishing whitelist > Feb 27 16:27:51 stewy MailScanner[27971]: Enabling SpamAssassin > auto-whitelist functionality... > Feb 27 16:27:56 stewy MailScanner[27971]: Using locktype = flock > Feb 27 16:27:56 stewy MailScanner[27971]: New Batch: Found 116 messages > waiting > Feb 27 16:27:56 stewy MailScanner[27971]: New Batch: Scanning 30 messages, > 1357348 bytes > Feb 27 16:27:56 stewy MailScanner[27971]: Spam Checks: Starting > IIRC this is due to some "gunk" files getting dumped into the hold queue (tnef crap, was it?). I'm pretty certain that an upgrade will fix your problems... And you could probably fix it by fiddling with what TNEF expander you use.... Search the list from about 8-10 minths back, and you'll probably see several similar errors reported (I'm too lazy....:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rob at thehostmasters.com Wed Mar 1 15:02:28 2006 From: rob at thehostmasters.com (Rob) Date: Wed Mar 1 15:02:35 2006 Subject: Mailscanner silently dying.... References: <007401c63c72$09467ab0$6400a8c0@flex.com> <223f97700603010647n38f3aa9fs@mail.gmail.com> Message-ID: <006001c63d41$28972340$6400a8c0@flex.com> Hashanaha, thanks for the reply, i guess i should upgrade as i am few versions back.... It's just 99.9% of the time Mailscanner works flawlessly! :) its only once in a while something weird happens like this.... I am wondering how i should update.upgrade, i installed with apt-get, but no newer version are released yet, well as per my sources list which is below.... dpkg reports my version as............ ii mailscanner 4.41.3-2 email virus scanner and spam tagger My sources list deb http://ftp.ndlug.nd.edu/mirrors/debian/ stable main deb-src http://ftp.ndlug.nd.edu/mirrors/debian/ stable main deb http://security.debian.org/ stable/updates main Thanks for everyone's help... Have a super day to all... Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Glenn Steen" To: "MailScanner discussion" Sent: Wednesday, March 01, 2006 9:47 AM Subject: Re: Mailscanner silently dying.... On 28/02/06, Rob wrote: > > > > Mailscanner is quietly dying..... > > not much in the logs > > You can see it was going fine till 15:46, then my script restarted it at > 16:27 > > I am on Debian Sarge, with Postfix SA Clamd > > Any ideas? > > Thanks... > > > Feb 27 15:46:50 stewy MailScanner[8361]: HTML-Form tag found in message > 8FEF8C285.59CF8 from > subscription@businessinformationgroup.ca > Feb 27 15:46:51 stewy MailScanner[8361]: Requeue: 8FEF8C285.59CF8 to > 29822C298 > > > Feb 27 16:27:49 stewy MailScanner[27971]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Feb 27 16:27:49 stewy MailScanner[27971]: Read 120 hostnames from the > phishing whitelist > Feb 27 16:27:51 stewy MailScanner[27971]: Enabling SpamAssassin > auto-whitelist functionality... > Feb 27 16:27:56 stewy MailScanner[27971]: Using locktype = flock > Feb 27 16:27:56 stewy MailScanner[27971]: New Batch: Found 116 messages > waiting > Feb 27 16:27:56 stewy MailScanner[27971]: New Batch: Scanning 30 messages, > 1357348 bytes > Feb 27 16:27:56 stewy MailScanner[27971]: Spam Checks: Starting > IIRC this is due to some "gunk" files getting dumped into the hold queue (tnef crap, was it?). I'm pretty certain that an upgrade will fix your problems... And you could probably fix it by fiddling with what TNEF expander you use.... Search the list from about 8-10 minths back, and you'll probably see several similar errors reported (I'm too lazy....:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From brent.bolin at gmail.com Wed Mar 1 15:29:34 2006 From: brent.bolin at gmail.com (BB) Date: Wed Mar 1 15:29:38 2006 Subject: I need help. I'm out of time and out of patients Message-ID: <787dcac20603010729j6b716e7etcbec96ebe357f0f@mail.gmail.com> The last two weeks have kinda sucked. Got engaged for the first time on valentines day, got laid off on Friday. Do you know what I mean ? I would ask this in the MailScanner group but the list has been screwed up for ever. Bassiclly I wan't to allow all outbound file attachments. This is a FreeBSD box In the past I have configured "filename.rules" like this to allow releases from the mailwatch html interface - From: 127.0.0.1 /usr/local/etc/MailScanner/filename.rules.allowall.conf FromOrTo: default /usr/local/etc/MailScanner/filename.rules.conf filename.rules.allow.conf is this - allow .* - - What is the syntax to allow rfc1918 networks 192.168 192.168.11.0/24 192.168.0.0/16 Thanks...btb -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060301/1c416f55/attachment.html From martinh at solid-state-logic.com Wed Mar 1 15:47:19 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Mar 1 15:47:27 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: <787dcac20603010729j6b716e7etcbec96ebe357f0f@mail.gmail.com> Message-ID: <016501c63d47$6c169730$3004010a@martinhlaptop> HI This is the phishing net firing, not the filename checks.... Change this setting to "no".. Also Find Numeric Phishing = yes -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of BB > Sent: 01 March 2006 15:30 > To: mailscanner@lists.mailscanner.info > Subject: I need help. I'm out of time and out of patients > > The last two weeks have kinda sucked. > > Got engaged for the first time on valentines day, got laid off on Friday. > Do you know what I mean ? > > I would ask this in the MailScanner group but the list has been screwed up > for ever. > > Bassiclly I wan't to allow all outbound file attachments. > > This is a FreeBSD box > > In the past I have configured "filename.rules" like this to allow releases > from the mailwatch html interface - > > From: MailScanner warning: numerical links are often malicious: 127.0.0.1 > > /usr/local/etc/MailScanner/filename.rules.allowall.conf > FromOrTo: default /usr/local/etc/MailScanner/filename.rules.conf > > > filename.rules.allow.conf is this - > > allow .* - - > > > What is the syntax to allow rfc1918 networks > > 192.168 > MailScanner warning: numerical links are often malicious: 192.168.11.0/24 > > MailScanner warning: numerical links are often malicious: 192.168.0.0/16 > > > Thanks...btb > > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Wed Mar 1 15:50:50 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 1 15:51:01 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: <787dcac20603010729j6b716e7etcbec96ebe357f0f@mail.gmail.com> References: <787dcac20603010729j6b716e7etcbec96ebe357f0f@mail.gmail.com> Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 487 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060301/e7907d86/PGP.bin From MailScanner at ecs.soton.ac.uk Wed Mar 1 15:52:40 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 1 15:52:52 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: <016501c63d47$6c169730$3004010a@martinhlaptop> References: <016501c63d47$6c169730$3004010a@martinhlaptop> Message-ID: <305DB571-DFEA-498B-9204-38214CB45490@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- I suspect the phishing net comments were added by the MailScanner that protects the mailing list, and weren't in his original text. On 1 Mar 2006, at 15:47, Martin Hepworth wrote: > HI > > This is the phishing net firing, not the filename checks.... > > Change this setting to "no".. > > Also Find Numeric Phishing = yes > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of BB >> Sent: 01 March 2006 15:30 >> To: mailscanner@lists.mailscanner.info >> Subject: I need help. I'm out of time and out of patients >> >> The last two weeks have kinda sucked. >> >> Got engaged for the first time on valentines day, got laid off on >> Friday. >> Do you know what I mean ? >> >> I would ask this in the MailScanner group but the list has been >> screwed up >> for ever. >> >> Bassiclly I wan't to allow all outbound file attachments. >> >> This is a FreeBSD box >> >> In the past I have configured "filename.rules" like this to allow >> releases >> from the mailwatch html interface - >> >> From: MailScanner warning: numerical links are often malicious: >> 127.0.0.1 >> >> /usr/local/etc/MailScanner/filename.rules.allowall.conf >> FromOrTo: default /usr/local/etc/MailScanner/filename.rules.conf >> >> >> filename.rules.allow.conf is this - >> >> allow .* - - >> >> >> What is the syntax to allow rfc1918 networks >> >> 192.168 >> MailScanner warning: numerical links are often malicious: >> 192.168.11.0/24 >> >> MailScanner warning: numerical links are often malicious: >> 192.168.0.0/16 >> >> >> Thanks...btb >> >> > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAXDS/w32o+k+q+hAQGoNwgAuB/SoCBVuPwM0v/CBeLCpJBIRKlONFYh pHkUJQAjj/NYmDUvl6038c4WmkLwjjVK6G2pqc9fh9wghI0OHCn38Umx0tzwTOof o6rCZ80MY8bI/y2/dsfroBYTpF+bU6BDTp4EL6liAas/EEV0/K70Zwp0+wRqfHLZ ISrxWiIhnUD+GonmzNCkCNqrRIj7V97H26JCDPBsDljC8RXQn3eMkurqs9MOYsXc h5izKAFOfxk3tN1Krwum7/c6o2saSP75Cm321cnPBqobN2YIFz61FVNCi7JyoNd4 P5k2UMSCgKmPBzAuQaZHaYiB+ND5XN9+IQEbTl4KvDhCDe6e7e7MrQ== =NGcL -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ryan at marinocrane.com Wed Mar 1 16:02:27 2006 From: ryan at marinocrane.com (Ryan Pitt) Date: Wed Mar 1 16:02:32 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: <787dcac20603010729j6b716e7etcbec96ebe357f0f@mail.gmail.com> References: <787dcac20603010729j6b716e7etcbec96ebe357f0f@mail.gmail.com> Message-ID: <4405C593.2030905@marinocrane.com> On the bright side.... Congratulations on your engagement!! BB wrote: > The last two weeks have kinda sucked. > > Got engaged for the first time on valentines day, got laid off on > Friday. Do you know what I mean ? > > I would ask this in the MailScanner group but the list has been > screwed up for ever. > > Bassiclly I wan't to allow all outbound file attachments. > > This is a FreeBSD box > > In the past I have configured "filename.rules" like this to allow > releases from the mailwatch html interface - > > From: *MailScanner warning: numerical links are often malicious:* > 127.0.0.1 > /usr/local/etc/MailScanner/filename.rules.allowall.conf > FromOrTo: default /usr/local/etc/MailScanner/filename.rules.conf > > > filename.rules.allow.conf is this - > > allow .* - - > > > What is the syntax to allow rfc1918 networks > > 192.168 > *MailScanner warning: numerical links are often malicious:* > 192.168.11.0/24 > *MailScanner warning: numerical links are often malicious:* > 192.168.0.0/16 > > Thanks...btb > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060301/a6e7476d/attachment.html From ugob at camo-route.com Wed Mar 1 16:00:53 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Wed Mar 1 16:03:06 2006 Subject: Chinese e-mail Message-ID: Hi, Would it be dangerous to have a mailscanner server processing chinese people while most of its traffic is french and english? I know bayes would be effective, but... anything else I should check? Regards, Ugo From brent.bolin at gmail.com Wed Mar 1 16:14:27 2006 From: brent.bolin at gmail.com (BB) Date: Wed Mar 1 16:14:31 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: <305DB571-DFEA-498B-9204-38214CB45490@ecs.soton.ac.uk> References: <016501c63d47$6c169730$3004010a@martinhlaptop> <305DB571-DFEA-498B-9204-38214CB45490@ecs.soton.ac.uk> Message-ID: <787dcac20603010814u153babf3t27f60e84e90f7e56@mail.gmail.com> Thanks Julian As my new wife tobe would say - Your not getting older, your getting longer. btb On 3/1/06, Julian Field wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > I suspect the phishing net comments were added by the MailScanner > that protects the mailing list, and weren't in his original text. > > On 1 Mar 2006, at 15:47, Martin Hepworth wrote: > > > HI > > > > This is the phishing net firing, not the filename checks.... > > > > Change this setting to "no".. > > > > Also Find Numeric Phishing = yes > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of BB > >> Sent: 01 March 2006 15:30 > >> To: mailscanner@lists.mailscanner.info > >> Subject: I need help. I'm out of time and out of patients > >> > >> The last two weeks have kinda sucked. > >> > >> Got engaged for the first time on valentines day, got laid off on > >> Friday. > >> Do you know what I mean ? > >> > >> I would ask this in the MailScanner group but the list has been > >> screwed up > >> for ever. > >> > >> Bassiclly I wan't to allow all outbound file attachments. > >> > >> This is a FreeBSD box > >> > >> In the past I have configured "filename.rules" like this to allow > >> releases > >> from the mailwatch html interface - > >> > >> From: MailScanner warning: numerical links are often malicious: > >> 127.0.0.1 > >> > >> /usr/local/etc/MailScanner/filename.rules.allowall.conf > >> FromOrTo: default /usr/local/etc/MailScanner/filename.rules.conf > >> > >> > >> filename.rules.allow.conf is this - > >> > >> allow .* - - > >> > >> > >> What is the syntax to allow rfc1918 networks > >> > >> 192.168 > >> MailScanner warning: numerical links are often malicious: > >> 192.168.11.0/24 > >> > >> MailScanner warning: numerical links are often malicious: > >> 192.168.0.0/16 > >> > >> > >> Thanks...btb > >> > >> > > > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQEVAwUBRAXDS/w32o+k+q+hAQGoNwgAuB/SoCBVuPwM0v/CBeLCpJBIRKlONFYh > pHkUJQAjj/NYmDUvl6038c4WmkLwjjVK6G2pqc9fh9wghI0OHCn38Umx0tzwTOof > o6rCZ80MY8bI/y2/dsfroBYTpF+bU6BDTp4EL6liAas/EEV0/K70Zwp0+wRqfHLZ > ISrxWiIhnUD+GonmzNCkCNqrRIj7V97H26JCDPBsDljC8RXQn3eMkurqs9MOYsXc > h5izKAFOfxk3tN1Krwum7/c6o2saSP75Cm321cnPBqobN2YIFz61FVNCi7JyoNd4 > P5k2UMSCgKmPBzAuQaZHaYiB+ND5XN9+IQEbTl4KvDhCDe6e7e7MrQ== > =NGcL > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060301/274970d5/attachment.html From MailScanner at ecs.soton.ac.uk Wed Mar 1 16:16:03 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 1 16:16:15 2006 Subject: Chinese e-mail In-Reply-To: References: Message-ID: <11BAA984-2637-485D-ABC4-5C4DC0F4E062@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Check out ok_locales in spam.assassin.prefs.conf. The default value is "all" according to man Mail::SpamAssassin::Conf. On 1 Mar 2006, at 16:00, Ugo Bellavance wrote: > Hi, > > Would it be dangerous to have a mailscanner server processing > chinese people while most of its traffic is french and english? I > know bayes would be effective, but... anything else I should check? > > Regards, > > Ugo > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAXIxvw32o+k+q+hAQEMIwf/bcaCfIxh2pUquMDsI3MsgDjxnOh+QCh4 A40j4EMIa/vV3krsnBnKioEoWMiTBGE54Q2gTef7s4Cza61tUK5VqYRjijSjElCn lZc8UFCPAolYSmFABJ6X3VrL20C/c2aI6PtOEODwFuHSpAOhuEHHj9Bb3CunvJ/3 AaeKbDUSU191+FvOmmQhGmtXOp4YR8tHKhAnP7vYXN7MJpVt8oK67NpCUlhepukj FmZhoiRFFVsxbHeY16OY74uHa9w8YMuDamT1vxgCjiIgANGxUQ0QwwNMMwQevswj ULjEU9ipggJ4wRHTXbApFIosB4+6FXEo4BtQk6h4gAfbLhgs5fjvjQ== =oRfA -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From campbell at cnpapers.com Wed Mar 1 16:24:57 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Mar 1 16:25:11 2006 Subject: I need help. I'm out of time and out of patients References: <016501c63d47$6c169730$3004010a@martinhlaptop><305DB571-DFEA-498B-9204-38214CB45490@ecs.soton.ac.uk> <787dcac20603010814u153babf3t27f60e84e90f7e56@mail.gmail.com> Message-ID: <003401c63d4c$ae89c0b0$0705000a@DDF5DW71> I can't wait to see the postings as replys to this one. Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: BB To: MailScanner discussion Sent: Wednesday, March 01, 2006 11:14 AM Subject: Re: I need help. I'm out of time and out of patients Thanks Julian As my new wife tobe would say - Your not getting older, your getting longer. btb On 3/1/06, Julian Field < MailScanner@ecs.soton.ac.uk> wrote: -----BEGIN PGP SIGNED MESSAGE----- I suspect the phishing net comments were added by the MailScanner that protects the mailing list, and weren't in his original text. On 1 Mar 2006, at 15:47, Martin Hepworth wrote: > HI > > This is the phishing net firing, not the filename checks.... > > Change this setting to "no".. > > Also Find Numeric Phishing = yes > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of BB >> Sent: 01 March 2006 15:30 >> To: mailscanner@lists.mailscanner.info >> Subject: I need help. I'm out of time and out of patients >> >> The last two weeks have kinda sucked. >> >> Got engaged for the first time on valentines day, got laid off on >> Friday. >> Do you know what I mean ? >> >> I would ask this in the MailScanner group but the list has been >> screwed up >> for ever. >> >> Bassiclly I wan't to allow all outbound file attachments. >> >> This is a FreeBSD box >> >> In the past I have configured "filename.rules" like this to allow >> releases >> from the mailwatch html interface - >> >> From: MailScanner warning: numerical links are often malicious: >> 127.0.0.1 >> >> /usr/local/etc/MailScanner/filename.rules.allowall.conf >> FromOrTo: default /usr/local/etc/MailScanner/filename.rules.conf >> >> >> filename.rules.allow.conf is this - >> >> allow .* - - >> >> >> What is the syntax to allow rfc1918 networks >> >> 192.168 >> MailScanner warning: numerical links are often malicious: >> 192.168.11.0/24 >> >> MailScanner warning: numerical links are often malicious: >> 192.168.0.0/16 >> < http://192.168.0.0/16> >> >> Thanks...btb >> >> > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAXDS/w32o+k+q+hAQGoNwgAuB/SoCBVuPwM0v/CBeLCpJBIRKlONFYh pHkUJQAjj/NYmDUvl6038c4WmkLwjjVK6G2pqc9fh9wghI0OHCn38Umx0tzwTOof o6rCZ80MY8bI/y2/dsfroBYTpF+bU6BDTp4EL6liAas/EEV0/K70Zwp0+wRqfHLZ ISrxWiIhnUD+GonmzNCkCNqrRIj7V97H26JCDPBsDljC8RXQn3eMkurqs9MOYsXc h5izKAFOfxk3tN1Krwum7/c6o2saSP75Cm321cnPBqobN2YIFz61FVNCi7JyoNd4 P5k2UMSCgKmPBzAuQaZHaYiB+ND5XN9+IQEbTl4KvDhCDe6e7e7MrQ== =NGcL -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ------------------------------------------------------------------------------ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060301/15c6f1ad/attachment.html From alex at nkpanama.com Wed Mar 1 16:26:07 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Mar 1 16:30:44 2006 Subject: Chinese e-mail In-Reply-To: References: Message-ID: <4405CB1F.4040803@nkpanama.com> I would stick to having it process their e-mail. The Dept. of Immigration should take care of chinese people - or french and english people for that matter. ;) Ugo Bellavance wrote: > Hi, > > Would it be dangerous to have a mailscanner server processing > chinese people while most of its traffic is french and english? I > know bayes would be effective, but... anything else I should check? > > Regards, > > Ugo > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From matt at coders.co.uk Wed Mar 1 16:31:30 2006 From: matt at coders.co.uk (Matt Hampton) Date: Wed Mar 1 16:31:27 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: <003401c63d4c$ae89c0b0$0705000a@DDF5DW71> References: <016501c63d47$6c169730$3004010a@martinhlaptop><305DB571-DFEA-498B-9204-38214CB45490@ecs.soton.ac.uk> <787dcac20603010814u153babf3t27f60e84e90f7e56@mail.gmail.com> <003401c63d4c$ae89c0b0$0705000a@DDF5DW71> Message-ID: <4405CC62.1000708@coders.co.uk> Steve Campbell wrote: > I can't wait to see the postings as replys to this one. >>> Your not getting older, your getting longer. But that would childish. matt From martinh at solid-state-logic.com Wed Mar 1 16:32:08 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Mar 1 16:33:17 2006 Subject: Chinese e-mail In-Reply-To: Message-ID: <019201c63d4d$ca4fee90$3004010a@martinhlaptop> Ugo I do quite a bit of Japanese, French, German, Russian/Polish etc with my setup which is predominately English otherwise. No problem I know of -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ugo Bellavance > Sent: 01 March 2006 16:01 > To: mailscanner@lists.mailscanner.info > Subject: Chinese e-mail > > Hi, > > Would it be dangerous to have a mailscanner server processing > chinese > people while most of its traffic is french and english? I know bayes > would be effective, but... anything else I should check? > > Regards, > > Ugo > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From jaearick at colby.edu Wed Mar 1 16:37:55 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Mar 1 16:38:13 2006 Subject: 4.51.4: security concerns, TNEF question Message-ID: Julian, Whilst staring at the new logging additions to TNEF.pm, I noticed the lines: system("rm -rf /tmp/tnef.$$"); Harrumph. I would recommend replacing this with an unlink() call instead (use -U for directory, or unlink() and rmdir()). It would save the cost of a fork() and exec() to create a subshell. Security-wise, I also get nervous when I do not see a full pathname for "rm" in code that runs as root. Likewise, I spotted similar relative-path system() calls in f-prot-autoupdate (wget, cp, unzip) rav-autoupdate (chmod) vexira-autoupdate (wget) Maybe you would want to replace the "system($rm..." calls elsewhere (eg, sophos-autoupdate) with similar unlink() calls? On another note, I see the syslogging for "added TNEF contents" in TNEF.pm, but no "replaced TNEF contents" anywhere. Is there syslogging of a "replace TNEF" event? Jeff Earickson Colby College From brendan at chard.net Wed Mar 1 17:08:09 2006 From: brendan at chard.net (Brendan Chard | Chard.Net) Date: Wed Mar 1 17:09:14 2006 Subject: Exim Custom Router Message-ID: <033201c63d52$b9001200$a000a8c0@sangria> I see in the wiki documentation how to set up a custom router for one domain in exim. How can I make it work if I want the custom router to handle 3 domains. So basically... custom_router: driver = manualroute domains = domain1.com domain2.com domain3.com transport = remote_smtp route_list = "* mailserver.com" Will this work? -Brendan Chard brendan@chard.net Chard.Net Putting Professionals Online Website Design | Hosting | Maintenance ph: 1.800.741.8034 fax: 1.888.605.0495 web: http://www.chard.net From ssilva at sgvwater.com Wed Mar 1 17:55:05 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 1 17:57:22 2006 Subject: Mailscanner silently dying.... In-Reply-To: <006001c63d41$28972340$6400a8c0@flex.com> References: <007401c63c72$09467ab0$6400a8c0@flex.com> <223f97700603010647n38f3aa9fs@mail.gmail.com> <006001c63d41$28972340$6400a8c0@flex.com> Message-ID: Rob spake the following on 3/1/2006 7:02 AM: > Hashanaha, thanks for the reply, i guess i should upgrade as i am few > versions back.... It's just 99.9% of the time Mailscanner works flawlessly! > > :) > > its only once in a while something weird happens like this.... > > I am wondering how i should update.upgrade, i installed with apt-get, > but no newer version are released yet, well as per my sources list which > is below.... > > dpkg reports my version as............ ii mailscanner > 4.41.3-2 email virus scanner and spam tagger > > My sources list > > deb http://ftp.ndlug.nd.edu/mirrors/debian/ stable main > deb-src http://ftp.ndlug.nd.edu/mirrors/debian/ stable main > deb http://security.debian.org/ stable/updates main Even Debian unstable is only at 4.46.2-3. If that is current enough, you can get it from http://packages.debian.org/unstable/mail/mailscanner.html. If you want the newest, you will have to "use the source". From joshua.hirsh at partnersolutions.ca Wed Mar 1 18:06:55 2006 From: joshua.hirsh at partnersolutions.ca (Joshua Hirsh) Date: Wed Mar 1 18:06:58 2006 Subject: 4.51.4: security concerns, TNEF question Message-ID: > Harrumph. I would recommend replacing this with an unlink() > call instead (use -U for directory, or unlink() and rmdir()). > It would save the cost of a fork() and exec() to create a subshell. > Security-wise, I also get nervous when I do not see a full pathname > for "rm" in code that runs as root. Hi Jeff, Although I do agree with you over the use of unlink compared to forking to rm, the PATH is already sanitized by MailScanner. In the main program, you'll find this line: $ENV{PATH}="/sbin:/bin:/usr/sbin:/usr/bin"; So the path to rm is indeed sanitized. I'm not sure if this is being done for the AV helper scripts though. Cheers, -Joshua From ssilva at sgvwater.com Wed Mar 1 18:07:05 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 1 18:10:23 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: <787dcac20603010814u153babf3t27f60e84e90f7e56@mail.gmail.com> References: <016501c63d47$6c169730$3004010a@martinhlaptop> <305DB571-DFEA-498B-9204-38214CB45490@ecs.soton.ac.uk> <787dcac20603010814u153babf3t27f60e84e90f7e56@mail.gmail.com> Message-ID: BB spake the following on 3/1/2006 8:14 AM: > Thanks Julian > > As my new wife to be would say - > > Your not getting older, your getting longer. Or as my current wife says; "Shut up and roll over, you're snoring!" See what you have to look forward to ;-) From jaearick at colby.edu Wed Mar 1 18:26:18 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Mar 1 18:26:25 2006 Subject: 4.51.4: security concerns, TNEF question In-Reply-To: References: Message-ID: All, Good, that makes me feel better security-wise. Unlink() would be rippin fast compared to system(), just decrement the link count in the kernel, done. No overhead. A nanosecond here, a nanosecond there, pretty soon you have a billable hour! Jeff Earickson Colby College On Wed, 1 Mar 2006, Joshua Hirsh wrote: > Date: Wed, 1 Mar 2006 13:06:55 -0500 > From: Joshua Hirsh > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: RE: 4.51.4: security concerns, TNEF question > >> Harrumph. I would recommend replacing this with an unlink() >> call instead (use -U for directory, or unlink() and rmdir()). >> It would save the cost of a fork() and exec() to create a subshell. >> Security-wise, I also get nervous when I do not see a full pathname >> for "rm" in code that runs as root. > > > Hi Jeff, > > Although I do agree with you over the use of unlink compared to forking to rm, the PATH is already sanitized by MailScanner. In the main program, you'll find this line: > > $ENV{PATH}="/sbin:/bin:/usr/sbin:/usr/bin"; > > So the path to rm is indeed sanitized. I'm not sure if this is being done for the AV helper scripts though. > > > Cheers, > -Joshua > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Wed Mar 1 18:26:51 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 1 18:26:56 2006 Subject: 4.51.4: security concerns, TNEF question In-Reply-To: References: Message-ID: <4405E76B.9050805@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeff A. Earickson wrote: > Julian, > > Whilst staring at the new logging additions to TNEF.pm, I > noticed the lines: > > system("rm -rf /tmp/tnef.$$"); > > Harrumph. I would recommend replacing this with an unlink() > call instead (use -U for directory, or unlink() and rmdir()). It would > save the cost of a fork() and exec() to create a subshell. > Security-wise, I also get nervous when I do not see a full pathname > for "rm" in code that runs as root. As someone else has already pointed out, the $PATH is fixed at startup, so this is pretty safe. To emulate "rm -rf" in Perl, I will have to do quite a clever tree walk, as I don't want to follow soft or hard links. "rm -rf" solves a non-trivial problem, and I don't like reinventing the wheel. Is it really that bad? > > Likewise, I spotted similar relative-path system() calls in > > f-prot-autoupdate (wget, cp, unzip) > rav-autoupdate (chmod) > vexira-autoupdate (wget) > > Maybe you would want to replace the "system($rm..." calls elsewhere > (eg, sophos-autoupdate) with similar unlink() calls? I will have to take a look at these. It depends what the rm options given are. > > On another note, I see the syslogging for "added TNEF contents" > in TNEF.pm, but no "replaced TNEF contents" anywhere. Is there > syslogging of a "replace TNEF" event? If the TNEF contents have been successfully extracted, then the winmail.dat file is deleted elsewhere. Try taking a look in Message.pm (I think). Grep for winmail.dat and you should find it, or else 'foundtnefattachments'. The TNEF contents are added in 1 place. If successful and what the user wanted, then the winmail.dat file is deleted later. It's around line 1569 in Message.pm. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAXnbBH2WUcUFbZUEQK65gCfSViMc/t/CmzHJIrRc3XAQGoN2hoAoJo5 3yJWWTXHSjfaSxc8+7CsStRX =CUGh -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Mar 1 18:29:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 1 18:29:35 2006 Subject: Mailscanner silently dying.... In-Reply-To: References: <007401c63c72$09467ab0$6400a8c0@flex.com> <223f97700603010647n38f3aa9fs@mail.gmail.com> <006001c63d41$28972340$6400a8c0@flex.com> Message-ID: <4405E80B.5000402@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > Rob spake the following on 3/1/2006 7:02 AM: > >> Hashanaha, thanks for the reply, i guess i should upgrade as i am few >> versions back.... It's just 99.9% of the time Mailscanner works flawlessly! >> >> :) >> >> its only once in a while something weird happens like this.... >> >> I am wondering how i should update.upgrade, i installed with apt-get, >> but no newer version are released yet, well as per my sources list which >> is below.... >> >> dpkg reports my version as............ ii mailscanner >> 4.41.3-2 email virus scanner and spam tagger >> >> My sources list >> >> deb http://ftp.ndlug.nd.edu/mirrors/debian/ stable main >> deb-src http://ftp.ndlug.nd.edu/mirrors/debian/ stable main >> deb http://security.debian.org/ stable/updates main >> > Even Debian unstable is only at 4.46.2-3. If that is current enough, you can > get it from http://packages.debian.org/unstable/mail/mailscanner.html. > If you want the newest, you will have to "use the source". > Can anyone come up with some good uses for "www.UseTheSource.info" and/or "www.UseTheSource.biz"? I registered them a little while ago. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAXoDBH2WUcUFbZUEQKYRQCgoy0T0Rm71Z25Nk1BR8S7tX7MbHIAoNaG g76TeWdH8ycCXGhAqFqPK7Vo =zmcs -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Mar 1 18:30:15 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 1 18:30:18 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: References: <016501c63d47$6c169730$3004010a@martinhlaptop> <305DB571-DFEA-498B-9204-38214CB45490@ecs.soton.ac.uk> <787dcac20603010814u153babf3t27f60e84e90f7e56@mail.gmail.com> Message-ID: <4405E837.4010905@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > BB spake the following on 3/1/2006 8:14 AM: > >> Thanks Julian >> >> As my new wife to be would say - >> >> Your not getting older, your getting longer. >> > Or as my current wife says; > "Shut up and roll over, you're snoring!" > See what you have to look forward to ;-) > Fortunately I'm not married, so don't suffer that problem :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAXoNxH2WUcUFbZUEQKXVQCdH7skv9X1cni+Q9oJdpHsOotFlRwAmwZm +zPJm+wVIHdeYqTQ5dzEyDWT =TfbZ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jaearick at colby.edu Wed Mar 1 18:50:52 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Mar 1 18:50:59 2006 Subject: 4.51.4: security concerns, TNEF question In-Reply-To: <4405E76B.9050805@ecs.soton.ac.uk> References: <4405E76B.9050805@ecs.soton.ac.uk> Message-ID: On Wed, 1 Mar 2006, Julian Field wrote: >> Whilst staring at the new logging additions to TNEF.pm, I >> noticed the lines: >> >> system("rm -rf /tmp/tnef.$$"); >> >> Harrumph. I would recommend replacing this with an unlink() >> call instead (use -U for directory, or unlink() and rmdir()). It would >> save the cost of a fork() and exec() to create a subshell. >> Security-wise, I also get nervous when I do not see a full pathname >> for "rm" in code that runs as root. > As someone else has already pointed out, the $PATH is fixed at startup, > so this is pretty safe. > > To emulate "rm -rf" in Perl, I will have to do quite a clever tree walk, > as I don't want to follow soft or hard links. "rm -rf" solves a > non-trivial problem, and I don't like reinventing the wheel. Is it > really that bad? I have to concede your point. Going back and looking at the perldoc for unlink() I now realize that the "-U" is not an arg to unlink() but an arg to perl itself as in "do Unsafe things as root". Yikes. >> >> Likewise, I spotted similar relative-path system() calls in >> >> f-prot-autoupdate (wget, cp, unzip) >> rav-autoupdate (chmod) >> vexira-autoupdate (wget) >> >> Maybe you would want to replace the "system($rm..." calls elsewhere >> (eg, sophos-autoupdate) with similar unlink() calls? > I will have to take a look at these. It depends what the rm options > given are. >> >> On another note, I see the syslogging for "added TNEF contents" >> in TNEF.pm, but no "replaced TNEF contents" anywhere. Is there >> syslogging of a "replace TNEF" event? > If the TNEF contents have been successfully extracted, then the > winmail.dat file is deleted elsewhere. Try taking a look in Message.pm > (I think). Grep for winmail.dat and you should find it, or else > 'foundtnefattachments'. The TNEF contents are added in 1 place. If > successful and what the user wanted, then the winmail.dat file is > deleted later. It's around line 1569 in Message.pm. Ok, confusion on my part. The one example that I have seen go by this morning since upgrading is: Mar 1 12:14:36 basalt sendmail[3845]: [ID 801593 mail.info] k21HERwo003845: from=, size=36670, class=-60, nrcpts=1, msgid=<775EC5882A29A34DBC4F95D80DDF61FE01757CCD@s31xe5.systems.smu.edu>, proto=SMTP, daemon=MTA, relay=n27.bullet.scd.yahoo.com [66.94.237.56] Mar 1 12:14:49 basalt <22>MailScanner[14496]: Expanding TNEF archive at /tmp/14496/k21HERwo003845/winmail.dat Mar 1 12:14:49 basalt <22>MailScanner[14496]: Message k21HERwo003845 added TNEF contents image.jpg Mar 1 12:14:51 basalt sendmail[4123]: [ID 801593 mail.info] k21HERwo003845: to=, delay=00:00:16, xdelay=00:00:00, mailer=local, pri=264670, dsn=2.0.0, stat=Sent Mar 1 12:14:51 basalt sendmail[4123]: [ID 801593 mail.info] k21HERwo003845: done; delay=00:00:16, ntries=1 I just have to know that "added" means "replaced" in my case. I look forward to this new feature solving my headaches with remote Exchange users. Many thanks! Jeff Earickson Colby College From ssilva at sgvwater.com Wed Mar 1 18:48:36 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 1 18:59:43 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: <4405E837.4010905@ecs.soton.ac.uk> References: <016501c63d47$6c169730$3004010a@martinhlaptop> <305DB571-DFEA-498B-9204-38214CB45490@ecs.soton.ac.uk> <787dcac20603010814u153babf3t27f60e84e90f7e56@mail.gmail.com> <4405E837.4010905@ecs.soton.ac.uk> Message-ID: Julian Field spake the following on 3/1/2006 10:30 AM: > > > Scott Silva wrote: >>> BB spake the following on 3/1/2006 8:14 AM: >>> >>>> Thanks Julian >>>> >>>> As my new wife to be would say - >>>> >>>> Your not getting older, your getting longer. >>>> >>> Or as my current wife says; >>> "Shut up and roll over, you're snoring!" >>> See what you have to look forward to ;-) >>> > Fortunately I'm not married, so don't suffer that problem :-) > "Marriage is an institution. So is a prison!" From mailscanner at eliquid.com Wed Mar 1 19:20:27 2006 From: mailscanner at eliquid.com (Wess Bechard) Date: Wed Mar 1 19:20:08 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: References: <016501c63d47$6c169730$3004010a@martinhlaptop> <305DB571-DFEA-498B-9204-38214CB45490@ecs.soton.ac.uk> <787dcac20603010814u153babf3t27f60e84e90f7e56@mail.gmail.com> <4405E837.4010905@ecs.soton.ac.uk> Message-ID: <4405F3FB.4040606@eliquid.com> Funny, these little quips. I am getting married on Tiesday :) Scott Silva wrote: > Julian Field spake the following on 3/1/2006 10:30 AM: > >> Scott Silva wrote: >> >>>> BB spake the following on 3/1/2006 8:14 AM: >>>> >>>> >>>>> Thanks Julian >>>>> >>>>> As my new wife to be would say - >>>>> >>>>> Your not getting older, your getting longer. >>>>> >>>>> >>>> Or as my current wife says; >>>> "Shut up and roll over, you're snoring!" >>>> See what you have to look forward to ;-) >>>> >>>> >> Fortunately I'm not married, so don't suffer that problem :-) >> >> > "Marriage is an institution. So is a prison!" > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060301/4a07ecd3/attachment.html From jase at sensis.com Wed Mar 1 19:25:25 2006 From: jase at sensis.com (Desai, Jason) Date: Wed Mar 1 19:25:46 2006 Subject: Exim Custom Router Message-ID: <1951DC816E1A9F469307B05FA183F438210E9C@corpatsmail1.corp.sensis.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Brendan Chard | Chard.Net > Sent: Wednesday, March 01, 2006 12:08 PM > To: 'MailScanner discussion' > Subject: Exim Custom Router > > I see in the wiki documentation how to set up a custom router > for one domain > in exim. How can I make it work if I want the custom router > to handle 3 > domains. > > So basically... > > custom_router: > driver = manualroute > domains = domain1.com domain2.com domain3.com > transport = remote_smtp > route_list = "* mailserver.com" > > Will this work? I think you will need to separate them with colons. domains = domain1.com : domain2.com : domain3.com See http://exim.org/exim-html-4.60/doc/html/spec.html/ch10.html for more info. I suggest you create a temporary exim config file and make your changes to it. You can test which router will be used with something like: exim4 -C /path/to/temp/exim/config -bt user@domain1.com Jase From dyioulos at firstbhph.com Wed Mar 1 19:27:14 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Wed Mar 1 19:27:18 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: <4405F3FB.4040606@eliquid.com> References: <016501c63d47$6c169730$3004010a@martinhlaptop> <4405F3FB.4040606@eliquid.com> Message-ID: <200603011427.15253.dyioulos@firstbhph.com> So, there's still time to talk you out of it. Dimitri On Wednesday March 01 2006 2:20 pm, Wess Bechard wrote: > Funny, these little quips. I am getting married on Tiesday :) > > Scott Silva wrote: > > Julian Field spake the following on 3/1/2006 10:30 AM: > >> Scott Silva wrote: > >>>> BB spake the following on 3/1/2006 8:14 AM: > >>>>> Thanks Julian > >>>>> > >>>>> As my new wife to be would say - > >>>>> > >>>>> Your not getting older, your getting longer. > >>>> > >>>> Or as my current wife says; > >>>> "Shut up and roll over, you're snoring!" > >>>> See what you have to look forward to ;-) > >> > >> Fortunately I'm not married, so don't suffer that problem :-) > > > > "Marriage is an institution. So is a prison!" -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at eliquid.com Wed Mar 1 19:30:37 2006 From: mailscanner at eliquid.com (Wess Bechard) Date: Wed Mar 1 19:30:11 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: <200603011427.15253.dyioulos@firstbhph.com> References: <016501c63d47$6c169730$3004010a@martinhlaptop> <4405F3FB.4040606@eliquid.com> <200603011427.15253.dyioulos@firstbhph.com> Message-ID: <4405F65D.3020002@eliquid.com> lmao... Actually, I leave for the Dominican Republic on Friday, so tickets paid for, luggage packed... Thanks anyways... heh Dimitri Yioulos wrote: > So, there's still time to talk you out of it. > > Dimitri > > > On Wednesday March 01 2006 2:20 pm, Wess Bechard wrote: > >> Funny, these little quips. I am getting married on Tiesday :) >> >> Scott Silva wrote: >> >>> Julian Field spake the following on 3/1/2006 10:30 AM: >>> >>>> Scott Silva wrote: >>>> >>>>>> BB spake the following on 3/1/2006 8:14 AM: >>>>>> >>>>>>> Thanks Julian >>>>>>> >>>>>>> As my new wife to be would say - >>>>>>> >>>>>>> Your not getting older, your getting longer. >>>>>>> >>>>>> Or as my current wife says; >>>>>> "Shut up and roll over, you're snoring!" >>>>>> See what you have to look forward to ;-) >>>>>> >>>> Fortunately I'm not married, so don't suffer that problem :-) >>>> >>> "Marriage is an institution. So is a prison!" >>> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060301/fa13e116/attachment.html From yan at neverneverland.f9.co.uk Wed Mar 1 19:32:53 2006 From: yan at neverneverland.f9.co.uk (YAN) Date: Wed Mar 1 19:31:01 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: Message-ID: <20060301193059.MFIT1217.aamta11-winn.ispmail.ntl.com@connie> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Scott Silva > Sent: 01 March 2006 18:49 > To: mailscanner@lists.mailscanner.info > Subject: Re: I need help. I'm out of time and out of patients > > Julian Field spake the following on 3/1/2006 10:30 AM: > > > > > > Scott Silva wrote: > >>> BB spake the following on 3/1/2006 8:14 AM: > >>> > >>>> Thanks Julian > >>>> > >>>> As my new wife to be would say - > >>>> > >>>> Your not getting older, your getting longer. > >>>> > >>> Or as my current wife says; > >>> "Shut up and roll over, you're snoring!" > >>> See what you have to look forward to ;-) > >>> > > Fortunately I'm not married, so don't suffer that problem :-) > > > "Marriage is an institution. So is a prison!" Yeah but prison you get time off for good behaviour From Kevin_Miller at ci.juneau.ak.us Wed Mar 1 19:38:47 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Mar 1 19:38:58 2006 Subject: I need help. I'm out of time and out of patients Message-ID: > Funny, these little quips. I am getting married on Tiesday :) Don't let 'em scare you. I left on my honeymoon almost 19 years ago and it still hasn't ended. Marry the right gal, treat her right, and LIFE IS GOOD! Spoiled and loving it... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From drew at themarshalls.co.uk Wed Mar 1 20:05:11 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Wed Mar 1 20:05:19 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: <20060301193059.MFIT1217.aamta11-winn.ispmail.ntl.com@connie> References: <20060301193059.MFIT1217.aamta11-winn.ispmail.ntl.com@connie> Message-ID: On 1 Mar 2006, at 19:32, YAN wrote: >> "Marriage is an institution. So is a prison!" > > Yeah but prison you get time off for good behaviour And marriage is the only institution where you get early release for bad behaviour :-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From richard.thomas at psysolutions.com Wed Mar 1 20:18:27 2006 From: richard.thomas at psysolutions.com (Richard Thomas) Date: Wed Mar 1 20:19:34 2006 Subject: Don't understand this match Message-ID: <44060193.3040109@psysolutions.com> I'm not understanding why a certain filename has triggered the "Attempt to hide real filename extension" rule. The filename is Shortcut 29 t.xls The rule is \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ As I understand it, that should match a period, followed by an alpha, followed by two or three alphnumerics, any amount of whitespace and then another period then an alphanumeric three character alphanumeric extension all of this being at the end of the filename. The filename in question has only one period. Of course, I'm not sure which particular version of regular expressions MailScanner uses (maybe the period is the "match any character" period. Is there a bug in the regexp? Is this actually a valid match? Is this just a case of "upgrade to the latest"? Possibly I am just wildly out of date :) Thanks Rich -- MIS Department | Psychiatric Solutions Inc |Phone: +1 615 312 5787 840 Crescent Ctr Dr | |Fax: +1 615 312 5711 Suite 460 +---------------------------+---------------------- Franklin, TN 37067 |Support: helpdesk@psysolutions.com +1 615 312 5888 From ssilva at sgvwater.com Wed Mar 1 20:21:03 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 1 20:23:02 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: <4405F3FB.4040606@eliquid.com> References: <016501c63d47$6c169730$3004010a@martinhlaptop> <305DB571-DFEA-498B-9204-38214CB45490@ecs.soton.ac.uk> <787dcac20603010814u153babf3t27f60e84e90f7e56@mail.gmail.com> <4405E837.4010905@ecs.soton.ac.uk> <4405F3FB.4040606@eliquid.com> Message-ID: Wess Bechard spake the following on 3/1/2006 11:20 AM: > Funny, these little quips. I am getting married on Tiesday :) > > Scott Silva wrote: >> Julian Field spake the following on 3/1/2006 10:30 AM: >> >>> Scott Silva wrote: >>> >>>>> BB spake the following on 3/1/2006 8:14 AM: >>>>> >>>>> >>>>>> Thanks Julian >>>>>> >>>>>> As my new wife to be would say - >>>>>> >>>>>> Your not getting older, your getting longer. >>>>>> >>>>>> >>>>> Or as my current wife says; >>>>> "Shut up and roll over, you're snoring!" >>>>> See what you have to look forward to ;-) >>>>> >>>>> >>> Fortunately I'm not married, so don't suffer that problem :-) >>> >>> >> "Marriage is an institution. So is a prison!" >> >> Run Forrest, Run!!!!! From mailscanner at eliquid.com Wed Mar 1 20:24:45 2006 From: mailscanner at eliquid.com (Wess Bechard) Date: Wed Mar 1 20:24:19 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: References: Message-ID: <4406030D.3010801@eliquid.com> I hear you, we've been together for going on 8 years now, since grade 9. Kevin Miller wrote: >> Funny, these little quips. I am getting married on Tiesday :) >> > > Don't let 'em scare you. I left on my honeymoon almost 19 years ago and > it still hasn't ended. Marry the right gal, treat her right, and LIFE > IS GOOD! > > Spoiled and loving it... > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060301/f96bc763/attachment.html From ssilva at sgvwater.com Wed Mar 1 20:23:41 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 1 20:32:01 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: References: Message-ID: Kevin Miller spake the following on 3/1/2006 11:38 AM: >> Funny, these little quips. I am getting married on Tiesday :) > > Don't let 'em scare you. I left on my honeymoon almost 19 years ago and > it still hasn't ended. Marry the right gal, treat her right, and LIFE > IS GOOD! > > Spoiled and loving it... > Go ahead, rub it in! Next you will tell us that your servers never crash, and your users never ask stupid questions! ;-) From MailScanner at ecs.soton.ac.uk Wed Mar 1 20:51:13 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 1 20:51:17 2006 Subject: Don't understand this match In-Reply-To: <44060193.3040109@psysolutions.com> References: <44060193.3040109@psysolutions.com> Message-ID: <44060941.60707@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Richard Thomas wrote: > I'm not understanding why a certain filename has triggered the "Attempt > to hide real filename extension" rule. The filename is > > Shortcut 29 t.xls > > The rule is \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ > > As I understand it, that should match a period, followed by an alpha, > followed by two or three alphnumerics, any amount of whitespace and > then another period then an alphanumeric three character alphanumeric > extension all of this being at the end of the filename. > > The filename in question has only one period. > > Of course, I'm not sure which particular version of regular > expressions MailScanner uses (maybe the period is the "match any > character" period. It uses Perl's regular expressions. In all regular expressions that I know of, an unescaped "." means match "any single character". > > Is there a bug in the regexp? Is this actually a valid match? Is this > just a case of "upgrade to the latest"? Possibly I am just wildly out > of date :) This regexp is just fine, it has been there for several years without any changes whatsoever. I wrote it carefully and got it right first time. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAYJQhH2WUcUFbZUEQLIugCgpWQ7nWF+qLZVixRS0jzdoNitJBEAoIw+ 6iyApxbzbUb/iANO+wFwgW7D =o6hB -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dave.list at pixelhammer.com Wed Mar 1 21:03:08 2006 From: dave.list at pixelhammer.com (DAve) Date: Wed Mar 1 21:03:18 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: References: Message-ID: <44060C0C.2090200@pixelhammer.com> Kevin Miller wrote: >> Funny, these little quips. I am getting married on Tiesday :) > > Don't let 'em scare you. I left on my honeymoon almost 19 years ago and > it still hasn't ended. Marry the right gal, treat her right, and LIFE > IS GOOD! > > Spoiled and loving it... > > ...Kevin I hear ya, we just celebrated 20 years. She still is the best friend I have. DAve -- This message was checked by forty monkeys and found to not contain any SPAM whatsoever. Your monkeys may vary From richard.thomas at psysolutions.com Wed Mar 1 21:07:11 2006 From: richard.thomas at psysolutions.com (Richard Thomas) Date: Wed Mar 1 21:08:19 2006 Subject: Don't understand this match In-Reply-To: <44060941.60707@ecs.soton.ac.uk> References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> Message-ID: <44060CFF.9000400@psysolutions.com> Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > > > >Richard Thomas wrote: > > >>I'm not understanding why a certain filename has triggered the "Attempt >>to hide real filename extension" rule. The filename is >> >>Shortcut 29 t.xls >> >>The rule is \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ >> >> > >This regexp is just fine, it has been there for several years without >any changes whatsoever. I wrote it carefully and got it right first time. > > OK. I guess I need to scratch my head on why it is matching that filename then. Rich -- MIS Department | Psychiatric Solutions Inc |Phone: +1 615 312 5787 840 Crescent Ctr Dr | |Fax: +1 615 312 5711 Suite 460 +---------------------------+---------------------- Franklin, TN 37067 |Support: helpdesk@psysolutions.com +1 615 312 5888 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060301/63d986c8/smime.bin From Kevin_Miller at ci.juneau.ak.us Wed Mar 1 21:14:05 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Mar 1 21:14:09 2006 Subject: I need help. I'm out of time and out of patients Message-ID: Scott Silva wrote: > Go ahead, rub it in! > Next you will tell us that your servers never crash, Well, not my Linux servers! > and your users never ask stupid questions! ;-) Um, ya got me on that one... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From richard.thomas at psysolutions.com Wed Mar 1 21:16:09 2006 From: richard.thomas at psysolutions.com (Richard Thomas) Date: Wed Mar 1 21:17:36 2006 Subject: Don't understand this match In-Reply-To: <44060941.60707@ecs.soton.ac.uk> References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> Message-ID: <44060F19.3070407@psysolutions.com> Julian Field wrote: > >This regexp is just fine, it has been there for several years without >any changes whatsoever. I wrote it carefully and got it right first time. > > OK, based on that, I dug a little deeper... It *is* a dodgy filename Content-Type: application/vnd.ms-excel; name="Shortcut (2) to Copy of PayrollTFC (version 2) 3.lnk.xls" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="Shortcut (2) to Copy of PayrollTFC (version 2) 3.lnk.xls" But MailScanner is reporting the filename as beign the valid one Warning: This message has had one or more attachments removed Warning: (Shortcut 29 t.xls). Warning: Please read the "PsySolutions-Attachment-Warning.txt" attachment(s) for more information. ------------------------------------------------------------------------ This is a message from the MailScanner E-Mail Virus Protection Service ---------------------------------------------------------------------- The original e-mail attachment "Shortcut 29 t.xls" is on the list of unacceptable attachments for this site and has been replaced by this warning message. If you wish to receive a copy of the original attachment, please e-mail helpdesk and include the whole of this message in your request. Alternatively, you can call them, with the contents of this message to hand when you call. At Wed Mar 1 12:44:39 2006 the virus scanner said: MailScanner: Attempt to hide real filename extension (Shortcut 29 t.xls) Again, we may just be behind the times. Rich -- MIS Department | Psychiatric Solutions Inc |Phone: +1 615 312 5787 840 Crescent Ctr Dr | |Fax: +1 615 312 5711 Suite 460 +---------------------------+---------------------- Franklin, TN 37067 |Support: helpdesk@psysolutions.com +1 615 312 5888 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060301/fbb877df/attachment.html From Denis.Beauchemin at USherbrooke.ca Wed Mar 1 21:17:50 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Mar 1 21:18:39 2006 Subject: Don't understand this match In-Reply-To: <44060193.3040109@psysolutions.com> References: <44060193.3040109@psysolutions.com> Message-ID: <44060F7E.3020406@USherbrooke.ca> Richard Thomas wrote: > I'm not understanding why a certain filename has triggered the "Attempt > to hide real filename extension" rule. The filename is > > Shortcut 29 t.xls > > The rule is \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ > > As I understand it, that should match a period, followed by an alpha, > followed by two or three alphnumerics, any amount of whitespace and > then another period then an alphanumeric three character alphanumeric > extension all of this being at the end of the filename. > > The filename in question has only one period. > > Of course, I'm not sure which particular version of regular > expressions MailScanner uses (maybe the period is the "match any > character" period. > > Is there a bug in the regexp? Is this actually a valid match? Is this > just a case of "upgrade to the latest"? Possibly I am just wildly out > of date :) > > Thanks > > Rich Rich, I tested it at http://www.quanetic.com/regex.php and it didn't match. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060301/27888090/smime.bin From MailScanner at ecs.soton.ac.uk Wed Mar 1 21:26:28 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 1 21:26:34 2006 Subject: Don't understand this match In-Reply-To: <44060F19.3070407@psysolutions.com> References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> <44060F19.3070407@psysolutions.com> Message-ID: <44061184.50003@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Richard Thomas wrote: > Julian Field wrote: >> >> This regexp is just fine, it has been there for several years without >> any changes whatsoever. I wrote it carefully and got it right first time. >> > > OK, based on that, I dug a little deeper... > > It *is* a dodgy filename > > Content-Type: application/vnd.ms-excel; > name="Shortcut (2) to Copy of PayrollTFC (version 2) > 3.lnk.xls" > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; > filename="Shortcut (2) to Copy of PayrollTFC (version 2) > 3.lnk.xls" > > > But MailScanner is reporting the filename as beign the valid one > > Warning: This message has had one or more attachments removed > Warning: (Shortcut 29 t.xls). > Warning: Please read the "PsySolutions-Attachment-Warning.txt" attachment(s) > for more information. > > > > > ------------------------------------------------------------------------ > > This is a message from the MailScanner E-Mail Virus Protection Service > ---------------------------------------------------------------------- > The original e-mail attachment "Shortcut 29 t.xls" > is on the list of unacceptable attachments for this site and has been > replaced by this warning message. > > If you wish to receive a copy of the original attachment, please > e-mail helpdesk and include the whole of this message > in your request. Alternatively, you can call them, with > the contents of this message to hand when you call. > > At Wed Mar 1 12:44:39 2006 the virus scanner said: > MailScanner: Attempt to hide real filename extension (Shortcut 29 t.xls) > > > Again, we may just be behind the times. It santises the filenames before logging them or outputting them in any way. One way it does this is by shortening them, except for the last filename extension. So you won't always see the full original filename. This is to stop exploits based on the reporting of filenames (imagine if you made up a filename that contained MIME boundaries, newline characters and a complete MIME attachment). It never ever outputs raw data based on the input data without sanitising it in some form. This is a fundamental anti-attack method I use. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAYRhBH2WUcUFbZUEQLiCACcCGkCBFRhSqjABCPo9GDHWeH/c5gAoIcF 8xpMgnHDBPnXiUU1o3aKJ4Qd =N+OX -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Wed Mar 1 22:27:50 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 1 22:28:21 2006 Subject: Don't understand this match In-Reply-To: <44060F19.3070407@psysolutions.com> References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> <44060F19.3070407@psysolutions.com> Message-ID: Richard Thomas spake the following on 3/1/2006 1:16 PM: > Julian Field wrote: >> >> This regexp is just fine, it has been there for several years without >> any changes whatsoever. I wrote it carefully and got it right first time. >> > > OK, based on that, I dug a little deeper... > > It *is* a dodgy filename > > Content-Type: application/vnd.ms-excel; > name="Shortcut (2) to Copy of PayrollTFC (version 2) 3.lnk.xls" > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; > filename="Shortcut (2) to Copy of PayrollTFC (version 2) > 3.lnk.xls" > > > But MailScanner is reporting the filename as beign the valid one > > Warning: This message has had one or more attachments removed > Warning: (Shortcut 29 t.xls). > Warning: Please read the "PsySolutions-Attachment-Warning.txt" attachment(s) > for more information. The warning message generates a "sanitized" filename. It is shortened, and some of what makes it invalid is truncated/removed. From richard.thomas at psysolutions.com Wed Mar 1 22:33:01 2006 From: richard.thomas at psysolutions.com (Richard Thomas) Date: Wed Mar 1 22:34:12 2006 Subject: Don't understand this match In-Reply-To: <44061184.50003@ecs.soton.ac.uk> References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> <44060F19.3070407@psysolutions.com> <44061184.50003@ecs.soton.ac.uk> Message-ID: <4406211D.6070207@psysolutions.com> Julian Field wrote: > >It santises the filenames before logging them or outputting them in any way. >One way it does this is by shortening them, except for the last filename >extension. >So you won't always see the full original filename. This is to stop >exploits based on the reporting of filenames (imagine if you made up a >filename that contained MIME boundaries, newline characters and a >complete MIME attachment). It never ever outputs raw data based on the >input data without sanitising it in some form. > >This is a fundamental anti-attack method I use. > > OK, I understand the reasoning behind that. The problem is then I guess that it obscures the reason the file was blocked in the first place. Not that I'm complaining :) Just wondering if there might be some way to reconcile the two issues. (For now, I may just make the reject reason more explicit). Thanks Rich -- MIS Department | Psychiatric Solutions Inc |Phone: +1 615 312 5787 840 Crescent Ctr Dr | |Fax: +1 615 312 5711 Suite 460 +---------------------------+---------------------- Franklin, TN 37067 |Support: helpdesk@psysolutions.com +1 615 312 5888 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060301/4cbf9adb/smime.bin From linux_spartacus at yahoo.com Thu Mar 2 01:30:28 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Thu Mar 2 01:30:37 2006 Subject: MailScanner Ports ? In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580B5DD18F@isabella.herefordshire.gov.uk> Message-ID: <20060302013028.91340.qmail@web35609.mail.mud.yahoo.com> Guys, Sorry for the long delay. Just change our provider thats why it took me some time to get back on the track.My question is what ports does MailScanner used for updating antivirus for ClamAV and updating Spam List for spamassassin. This is a stand alone mail server no dns and no other services just purely mail server.Of course i already open 25 and 110 for SMTP and POP3services.Does ClamAV and Spamassasin used other ports for updates ??? "Randal, Phil" wrote: We've got no power here at the moment (apart from our comms room) so I'll have to look at it when I'm on a PC whith a proper keyboard and mouse and not this laptop :-) Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: 24 February 2006 12:10 > To: MailScanner discussion > Subject: Re: MailScanner Ports ? > > -----BEGIN PGP SIGNED MESSAGE----- > > Is this in the wiki? If not, please can you add it! > > On 24 Feb 2006, at 10:42, Randal, Phil wrote: > > > Razor: 7/tcp and 2703/tcp (outgoing) > > > > Pyzor: 24441/udp (outgoing) > > > > DCC: 6277/udp (outgoing) > > > > ntp: 123/udp (outgoing) (you do want the > server time to be > > correct, don't you?) > > > > ssh: 22/tcp (incoming) > > > > smtp: 25/tcp (in and out and shake it all about) > > > > dns: 53/tcp and 53/udp (outgoing) (you need both) > > > > http: 80/tcp (outgoing) used by freshclam > (and incoming if > > you run mailwatch) > > > > Cheers, > > > > Phil > > > > ---- > > Phil Randal > > Network Engineer > > Herefordshire Council > > Hereford, UK > > > > > > > > > > ________________________________ > > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of spart > > cus > > Sent: 24 February 2006 00:22 > > To: MailScanner > > Cc: jcb@dreamvsat.ph > > Subject: MailScanner Ports ? > > > > > > Hi guys, > > im securing my mail server.Just want to ask what port > does MS uses ? > > Like for updating viruses(CLamAV) and spamlists (SpamAssassin). I > > already open ports 25; and 110, what else ? > > tnx > > > > > > > > > > ________________________________ > > > > Yahoo! Mail > > Use Photomail > > > > photomail > > .mail.yahoo.com> to share photos without annoying attachments. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store PGP > footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQEVAwUBQ/73rvw32o+k+q+hAQEviQf/eBr1kwi7eO6qLyV3xbNgcm2/etTa4tze > n/C4WRdzGFE07jLyp3T7vt9FqRXJqaU1Zra5vlJbTN7cP1SC2AGHvRy47ZUZRGSW > UItMBw9onbFmh+aC1KbWb+2IlqSPMOWd3bHCfgJi2E/BOM3qMa0MlSCOn1spLuDz > RhCppYeY/LU9Qj4hHr9lflwa1QIcbreXN2GgEkipiQFlyW3V/jL6BVB58d7R7Fxb > BhCQI7/e4DGHDr1ccZ2mo0D6TcJisPqtEp8M8QVTclDKpMCTT36NeiF4DomVK8iW > CoeQiP1G45aMR71xWR+H+1I2zOoVXiSEDxZlZfZ1FJ+6GPtYw1H6rg== > =Qcnh > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --------------------------------- Relax. Yahoo! Mail virus scanning helps detect nasty viruses! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060301/158d4ad0/attachment-0001.html From jon.bates at summitmotors.com.au Thu Mar 2 03:16:45 2006 From: jon.bates at summitmotors.com.au (Jon Bates) Date: Thu Mar 2 03:16:59 2006 Subject: Carriage returns removed from text files Message-ID: <200603020315.k223FvXl027247@summitmotors.com.au> Using MailScanner 4.50.14 + Sendmail + Spamassassin Issue: A user sends a properly formatted text file (paragraphed etc) as an attachment to an email. The receiver gets the email with the attachment, but the text file has been reformatted. All of the carriage returns are removed, and replaced with rectangle-like symbols, and all of the text appears on a single line. This happens with every single text file I have tried. I've tried removing users from the content scanning in the hope that this is what is causing the issues, but nothing works. Does anyone have any idea what could be wrong? Thanks - Jon Bates ----------- This message has been scanned for viruses and inappropriate content or attachments as deemed by Summit Investment Australia P/L and is believed to be clean. Although Summit Investment Australia has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. All messages scanned by MailScanner From nats at sscrmnl.edu.ph Thu Mar 2 06:57:00 2006 From: nats at sscrmnl.edu.ph (Jose Nathaniel G. Nengasca) Date: Thu Mar 2 06:57:01 2006 Subject: Localmailer or from localhost being scanned Message-ID: <3E61AA43.9000000@sscrmnl.edu.ph> Hi, It seems that MailScanner is scanning localhost mails, how can change this behavior? TIA Nats -- All messages that are coming from this domain is certified to be virus and spam free. If ever you have received any virus infected content or spam, please report it to the internet administrator of this domain nats@sscrmnl.edu.ph From glenn.steen at gmail.com Thu Mar 2 07:57:07 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 2 07:57:11 2006 Subject: MailScanner Ports ? In-Reply-To: <20060302013028.91340.qmail@web35609.mail.mud.yahoo.com> References: <86144ED6CE5B004DA23E1EAC0B569B580B5DD18F@isabella.herefordshire.gov.uk> <20060302013028.91340.qmail@web35609.mail.mud.yahoo.com> Message-ID: <223f97700603012357m5559ac5ep@mail.gmail.com> On 02/03/06, spart cus wrote: > Guys, > Sorry for the long delay. Just change our provider thats why it took me > some time to get back on the track.My question is what ports does > MailScanner used for updating antivirus for ClamAV and updating Spam List > for spamassassin. This is a stand alone mail server no dns and no other > services just purely mail server.Of course i already open 25 and 110 for > SMTP and POP3services.Does ClamAV and Spamassasin used other ports for > updates ??? freshclam uses DNS (port 53/udp ... and you should open tcp too, perhaps) to check current versions on the cvd files, and use HTTP (port 80/tcp) to download them, when needed. I imagine (not at a box ATM) that the phishing whitelist is gotten with a wget or curl, which implies HTTP...:-). Spam list .... Is that "updated"? Checking RBLs is done via DNS, so .... that's back to port 53... Note that you only need these "from the inside->out", so to speak. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Mar 2 08:04:26 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 2 08:04:28 2006 Subject: Carriage returns removed from text files In-Reply-To: <200603020315.k223FvXl027247@summitmotors.com.au> References: <200603020315.k223FvXl027247@summitmotors.com.au> Message-ID: <223f97700603020004t6fcb575fo@mail.gmail.com> On 02/03/06, Jon Bates wrote: > > Using MailScanner 4.50.14 + Sendmail + Spamassassin > > Issue: > > A user sends a properly formatted text file (paragraphed etc) as an > attachment to an email. The receiver gets the email with the attachment, but > the text file has been reformatted. All of the carriage returns are removed, > and replaced with rectangle-like symbols, and all of the text appears on a > single line. This happens with every single text file I have tried. > > I've tried removing users from the content scanning in the hope that this is > what is causing the issues, but nothing works. > > Does anyone have any idea what could be wrong? > > Thanks > > - Jon Bates Hi Jon, IIRC this is due to a not-that-easy-to-get-at bug in a supporting perl module, and affects all messages that MailScanner rewrites in some way (like your spiffy "company disclaimer" below). So a simple thing to test is to make a ruleset exception to adding that ... Might make a difference). At least that is what my feeble memory is telling me, I might be completely wrong too...:-) > > ----------- > > This message has been scanned for viruses and inappropriate content or > attachments as deemed by Summit Investment Australia P/L and is believed to be > clean. > > Although Summit Investment Australia has taken reasonable precautions to > ensure no viruses are present in this email, the company cannot accept > responsibility for any loss or damage arising from the use of this email or > attachments. > > All messages scanned by MailScanner > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From pete at enitech.com.au Thu Mar 2 08:07:18 2006 From: pete at enitech.com.au (Pete Russell) Date: Thu Mar 2 08:07:31 2006 Subject: No Longer Fnishes Scans Message-ID: <4406A7B6.7090301@enitech.com.au> For some reason today, without any inereference MailScanner startred accepted new mail but none would ever be delivered and after MS restarts we would see the be;loe logs. Anyone got any ideas on how to get mail moving again? I changed Use Spamassassin to no and it continues to use SpamAssassin - so i have left the MS service stopped and fallen back to anothyer server - but this is not ideal Appreciate ANY suggestions Pete Mar 2 18:36:09 car-mbus-sw1 MailScanner[2775]: Using locktype = flock Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: New Batch: Found 133 messages waiting Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: New Batch: Scanning 30 messages, 151525 bytes Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: Spam Checks: Starting Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: Using locktype = flock Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: New Batch: Found 133 messages waiting Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: New Batch: Scanning 30 messages, 5408558 bytes Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: Spam Checks: Starting Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: Using locktype = flock Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: New Batch: Found 133 messages waiting Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: New Batch: Scanning 13 messages, 140946 bytes In the LINT test i see - so i found the rule and remmed it out of the local.cf 4200] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i 0.00038 [4200] warn: config: warning: description exists for non-existent rule ONTIME_HOSTING, 33.38069 After that i retest and find [4609] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i 0.00067 [4609] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xa83c010) implements 'finish_parsing_end' 54.86721 Any ideas what would cause this and any suggestions on whatr to try next? From m.lingen at ooms.com Thu Mar 2 08:19:52 2006 From: m.lingen at ooms.com (Marco Lingen) Date: Thu Mar 2 08:20:28 2006 Subject: Problem with disarmed mail Message-ID: Hello, I'am trying to allow html mail from some adresses. So i changed the following lines in the MailScanner.conf: Allow IFrame Tags = /etc/MailScanner/rules/html.rules Allow Form Tags = /etc/MailScanner/rules/html.rules Allow Script Tags = /etc/MailScanner/rules/html.rules Allow WebBugs = /etc/MailScanner/rules/html.rules Allow Object Codebase Tags = /etc/MailScanner/rules/html.rulesl And html.rules looks like : # Rules om HTML mail uit te sluiten van scan From: propertynl@mailitdirect.com yes From: vgm-nieuwsbrief@sdu.nl yes From: *@novell.com yes From: linuxnews@novell.com yes From: zwmag@novell.com yes From: gwmaglist@novell.com yes From: *@list.novell.com yes FromOrTo: default disarm The strange thing is that in MailWatch it looks like the html mail is passing without being disarmed but in the user mailbox it is disarmed. What could i be doing wrong here? Marco ------------------------------------------------------------------. De informatie verzonden met dit e-mail bericht is uitsluitend bestemd voor de geadresseerde. Gebruik van deze informatie door anderen dan de geadresseerde is niet toegestaan. Aan de inhoud van deze e-mail kunnen geen rechten worden ontleend. ------------------------------------------------------------------. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060302/bf6feced/attachment.html From shuttlebox at gmail.com Thu Mar 2 08:35:11 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 2 08:35:15 2006 Subject: Don't understand this match In-Reply-To: <4406211D.6070207@psysolutions.com> References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> <44060F19.3070407@psysolutions.com> <44061184.50003@ecs.soton.ac.uk> <4406211D.6070207@psysolutions.com> Message-ID: <625385e30603020035r35828166v3ed39870e8d97140@mail.gmail.com> On 3/1/06, Richard Thomas wrote: > OK, I understand the reasoning behind that. The problem is then I guess > that it obscures the reason the file was blocked in the first place. Not > that I'm complaining :) Just wondering if there might be some way to > reconcile the two issues. (For now, I may just make the reject reason > more explicit). I also got some questions from users regarding this so I just added "(filename may be shortened)" or somthing similar to the reports. -- /peter From shuttlebox at gmail.com Thu Mar 2 08:35:53 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 2 08:35:56 2006 Subject: Localmailer or from localhost being scanned In-Reply-To: <3E61AA43.9000000@sscrmnl.edu.ph> References: <3E61AA43.9000000@sscrmnl.edu.ph> Message-ID: <625385e30603020035y6cbc971x3c5cd87bc5243d6f@mail.gmail.com> On 3/2/03, Jose Nathaniel G. Nengasca wrote: > Hi, > > It seems that MailScanner is scanning localhost mails, how can change > this behavior? Use a ruleset for "Scan Messages". -- /peter From MailScanner at ecs.soton.ac.uk Thu Mar 2 08:38:17 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 08:38:29 2006 Subject: Don't understand this match In-Reply-To: <4406211D.6070207@psysolutions.com> References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> <44060F19.3070407@psysolutions.com> <44061184.50003@ecs.soton.ac.uk> <4406211D.6070207@psysolutions.com> Message-ID: <8408E28D-277B-4553-91F1-E2CAEE463FCE@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 1 Mar 2006, at 22:33, Richard Thomas wrote: > Julian Field wrote: > >> >> It santises the filenames before logging them or outputting them >> in any way. >> One way it does this is by shortening them, except for the last >> filename extension. >> So you won't always see the full original filename. This is to >> stop exploits based on the reporting of filenames (imagine if you >> made up a filename that contained MIME boundaries, newline >> characters and a complete MIME attachment). It never ever outputs >> raw data based on the input data without sanitising it in some form. >> >> This is a fundamental anti-attack method I use. >> > OK, I understand the reasoning behind that. The problem is then I > guess that it obscures the reason the file was blocked in the first > place. Not that I'm complaining :) Just wondering if there might be > some way to reconcile the two issues. Not that I have found. > (For now, I may just make the reject reason more explicit). That's my preferred solution. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAau/vw32o+k+q+hAQF39AgAqe34fCCOHUXzwmYWY8PZikr3IdXidbHT wsrN39mHvALbIh82RmVUioJdRCknsL6smJXGquhJZGPHZAVZwwdidDdCx7Xsoz2Z ltVyHGHnVG8LOqMnkG4t97oZXWgRUNtcoLRbUwz4ZlUtWojrSy0i7v+8Vmg2h566 o6tcAUTn9xEaBEBru5jaQFiYg4JDjKp0qJJoiFMiKiswIk5YSgroRmeL5QMKJkuu B8iGZJ9FvSPVSHdVR6baGEflwIfEr+4WrGVwqkZoHkMnN8JFF6xxXZZc8jDgJLkl cinILIHu+AOlSmarFuy7W8QHraMnLj49NeeP+ftalwawsiTON3dDwA== =6B92 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From evanderleun at hal9000.nl Thu Mar 2 09:06:56 2006 From: evanderleun at hal9000.nl (Erik van der Leun) Date: Thu Mar 2 09:07:14 2006 Subject: spam detected but not tagged In-Reply-To: <625385e30602280442j2ee126a9rd0b6261a44a9e062@mail.gmail.com> References: <625385e30602280442j2ee126a9rd0b6261a44a9e062@mail.gmail.com> Message-ID: X-MailScanner-Spamcheck: geen spam, X-MailScanner-SpamScore: 17 This is really all it writes about spam in headers... It detects, but doesn't take action... I //solved// the matter by disabling SA cache by the way... Thanks On Tue, 28 Feb 2006, shuttlebox wrote: > On 2/28/06, Erik van der Leun wrote: > Hi, > > Another issue I fail to understand... > > Since I've recently upgraded MailScanner to 4.50.15.1 and added > pyzor, razor2 checks, it sometimes occurs that spam is detected > well, but not tagged as spam. > > In the mailheaders, I even see the spamscore, but the mail is > not treated as spam... just sent through the regular way. > > No spam subject tag is added either. > > Any thoughts? Post some headers and maybe some log snippets, otherwise it's hard to help. -- /peter From MailScanner at ecs.soton.ac.uk Thu Mar 2 09:14:20 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 09:14:32 2006 Subject: spam detected but not tagged In-Reply-To: References: <625385e30602280442j2ee126a9rd0b6261a44a9e062@mail.gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I think this is another Perl bug, I've seen this exact behaviour several times before. The problem is that I cannot reproduce it and so I'm not sure where to put the workaround. On 2 Mar 2006, at 09:06, Erik van der Leun wrote: > > > X-MailScanner-Spamcheck: geen spam, X-MailScanner-SpamScore: 17 > > This is really all it writes about spam in headers... > It detects, but doesn't take action... > > I //solved// the matter by disabling SA cache by the way... > > Thanks > > On Tue, 28 Feb 2006, shuttlebox wrote: > >> On 2/28/06, Erik van der Leun wrote: >> Hi, >> >> Another issue I fail to understand... >> >> Since I've recently upgraded MailScanner to 4.50.15.1 and added >> pyzor, razor2 checks, it sometimes occurs that spam is detected >> well, but not tagged as spam. >> >> In the mailheaders, I even see the spamscore, but the mail is >> not treated as spam... just sent through the regular way. >> >> No spam subject tag is added either. >> >> Any thoughts? > > Post some headers and maybe some log snippets, otherwise it's hard > to help. > > -- > /peter > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAa3bvw32o+k+q+hAQFi7gf+LtYg2RiXrU9UoiUxuCAXA7hFpjC3myvp PztKGD5eR4ugCLVgUtbnNxW/SopngLMsNr52sq7wcebMfFBRlGFNcKnV1TBb9KNA RsVGoqCkNdF1XgyvKx18rOAAm31/wWCh8Cf+R5F1IbJo36uRYbR3uRvHu1P+VREo /VgQp3h35XlnJBVnCr50NpHG7pM6h+LXf353qOorlOKDmmF3NZjnkf1ly59LLY7z fRvoccgy3dw/+LXJzeky07bzoE0Cv2PXs6FrGeCB6himnDfxv5eoWAy8OL73Tgci bn/vkBRiVS31JXU1byf9pZiAcFWhAFYEaCu9LCvCpluP96MoYGGpBg== =9NCk -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Thu Mar 2 09:18:27 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Mar 2 09:18:34 2006 Subject: MailScanner Ports ? Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580B5DD72D@isabella.herefordshire.gov.uk> ClamAV uses http on port 80. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of spart cus Sent: 02 March 2006 01:30 To: MailScanner discussion Subject: RE: MailScanner Ports ? Guys, Sorry for the long delay. Just change our provider thats why it took me some time to get back on the track.My question is what ports does MailScanner used for updating antivirus for ClamAV and updating Spam List for spamassassin. This is a stand alone mail server no dns and no other services just purely mail server.Of course i already open 25 and 110 for SMTP and POP3services.Does ClamAV and Spamassasin used other ports for updates ??? "Randal, Phil" wrote: We've got no power here at the moment (apart from our comms room) so I'll have to look at it when I'm on a PC whith a proper keyboard and mouse and not this laptop :-) Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: 24 February 2006 12:10 > To: MailScanner discussion > Subject: Re: MailScanner Ports ? > > -----BEGIN PGP SIGNED MESSAGE----- > > Is this in the wiki? If not, please can you add it! > > On 24 Feb 2006, at 10:42, Randal, Phil wrote: > > > Razor: 7/tcp and 2703/tcp (outgoing) > > > > Pyzor: 24441/udp (outgoing) > > > > DCC: 6277/udp (outgoing) > > > > ntp: 123/udp (outgoing) (you do want the > server time to be > > correct, don't you?) > > > > ssh: 22/tcp (incoming) > > > > smtp: 25/tcp (in and out and shake it all about) > > > > dns: 53/tcp and 53/udp (outgoing) (you need both) > > > > http: 80/tcp (outgoing) us! ed by freshclam > (and incoming if > > you run mailwatch) > > > > Cheers, > > > > Phil > > > > ---- > > Phil Randal > > Network Engineer > > Herefordshire Council > > Hereford, UK > > > > > > > > > > ________________________________ > > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of spart > > cus > > Sent: 24 February 2006 00:22 > > To: MailScanner > > Cc: jcb@dreamvsat.ph > > Subject: MailScanner Ports ? > > > > > > Hi guys, > > im securing my mail server.Just want to ask what port > does MS uses ? > > Like for updating viruses(CLamAV) and spamlists (SpamAssassin). I > > already open ports 25; and 110, ! what else ? > > tnx > > > > > > > > > > ________________________________ > > > > Yahoo! Mail > > Use Photomail > > > > photomail > > .mail.yahoo.com> to share photos without annoying attachments. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store PGP > footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQEVAwUBQ/73rvw32o+k+q+hAQEviQf/eBr1kwi7eO6qLyV3xbNgcm2/etTa4tze > n/C4WRdzGFE07jLyp3T7vt9FqRXJqaU1Zra5vlJbTN7cP1SC2AGHvRy47ZUZRGSW > UItMBw9onbFmh+aC1KbWb+2IlqSPMOWd3bHCfgJi2E/BOM3qMa0MlSCOn1spLuDz > RhCppYeY/LU9Qj4hHr9lflwa1QIcbreXN2GgEkipiQFlyW3V/jL6BVB58d7R7Fxb > BhCQI7/e4DGHDr1ccZ2mo0D6TcJisPqtEp8M8QVTclDKpMCTT36NeiF4DomVK8iW > CoeQiP1G45aMR71xWR+H+1I2zOoVXiSEDxZlZfZ1FJ+6GPtYw1H6rg== > =Qcnh > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner develo! pment - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! _____ Relax. Yahoo! Mail virus scanning helps detect nasty viruses! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060302/464814d8/attachment.html From shuttlebox at gmail.com Thu Mar 2 09:35:11 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 2 09:35:15 2006 Subject: Number of messages in a batch Message-ID: <625385e30603020135x7852e4fav129174bff6a540f1@mail.gmail.com> I asked for this during Julian's vacation so I try again... I think the timings of the batch is interesting but it's hard to connect it to the number of messages in that batch, especially when parsing the logs with scripts. I use the default max batch size of 30 messages but during normal load MS starts processing a batch with typically 1-5 messages. I would like this log line: Batch processed in 9.58 seconds ...to look like this or similar: Batch (24 messages) processed in 9.58 seconds Then it would be easy to see the throughput speed. Would that be easy to implement? Is that info available at the time the log line is written? -- /peter From MailScanner at ecs.soton.ac.uk Thu Mar 2 09:49:15 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 09:49:28 2006 Subject: Number of messages in a batch In-Reply-To: <625385e30603020135x7852e4fav129174bff6a540f1@mail.gmail.com> References: <625385e30603020135x7852e4fav129174bff6a540f1@mail.gmail.com> Message-ID: Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 487 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060302/4528e26c/PGP.bin From strydom.dave at gmail.com Thu Mar 2 09:54:22 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Thu Mar 2 09:54:25 2006 Subject: spam detected but not tagged In-Reply-To: References: <625385e30602280442j2ee126a9rd0b6261a44a9e062@mail.gmail.com> Message-ID: yeah this is related to the same problem as mine (just checked the headers of those messages) Dave On 3/2/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > I think this is another Perl bug, I've seen this exact behaviour > several times before. The problem is that I cannot reproduce it and > so I'm not sure where to put the workaround. > > On 2 Mar 2006, at 09:06, Erik van der Leun wrote: > > > > > > > X-MailScanner-Spamcheck: geen spam, X-MailScanner-SpamScore: 17 > > > > This is really all it writes about spam in headers... > > It detects, but doesn't take action... > > > > I //solved// the matter by disabling SA cache by the way... > > > > Thanks > > > > On Tue, 28 Feb 2006, shuttlebox wrote: > > > >> On 2/28/06, Erik van der Leun wrote: > >> Hi, > >> > >> Another issue I fail to understand... > >> > >> Since I've recently upgraded MailScanner to 4.50.15.1 and added > >> pyzor, razor2 checks, it sometimes occurs that spam is detected > >> well, but not tagged as spam. > >> > >> In the mailheaders, I even see the spamscore, but the mail is > >> not treated as spam... just sent through the regular way. > >> > >> No spam subject tag is added either. > >> > >> Any thoughts? > > > > Post some headers and maybe some log snippets, otherwise it's hard > > to help. > > > > -- > > /peter > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQEVAwUBRAa3bvw32o+k+q+hAQFi7gf+LtYg2RiXrU9UoiUxuCAXA7hFpjC3myvp > PztKGD5eR4ugCLVgUtbnNxW/SopngLMsNr52sq7wcebMfFBRlGFNcKnV1TBb9KNA > RsVGoqCkNdF1XgyvKx18rOAAm31/wWCh8Cf+R5F1IbJo36uRYbR3uRvHu1P+VREo > /VgQp3h35XlnJBVnCr50NpHG7pM6h+LXf353qOorlOKDmmF3NZjnkf1ly59LLY7z > fRvoccgy3dw/+LXJzeky07bzoE0Cv2PXs6FrGeCB6himnDfxv5eoWAy8OL73Tgci > bn/vkBRiVS31JXU1byf9pZiAcFWhAFYEaCu9LCvCpluP96MoYGGpBg== > =9NCk > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From shuttlebox at gmail.com Thu Mar 2 10:07:25 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 2 10:07:28 2006 Subject: Number of messages in a batch In-Reply-To: References: <625385e30603020135x7852e4fav129174bff6a540f1@mail.gmail.com> Message-ID: <625385e30603020207q442a2ca0ude429654d2ac18a4@mail.gmail.com> On 3/2/06, Julian Field wrote: > Patch for MessageBatch.pm is attached. Works like a charm! Thank you Julian. Will it be included in the next release? -- /peter From strydom.dave at gmail.com Thu Mar 2 10:14:05 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Thu Mar 2 10:14:07 2006 Subject: spam detected but not tagged In-Reply-To: References: <625385e30602280442j2ee126a9rd0b6261a44a9e062@mail.gmail.com> Message-ID: I have an idea (it may be stupid though) Correct me if I am wrong but, If a message gets a hit from the spamassassin.cache.db then it is definately spam? If the above is right, can you do not put a additional check in the code, that check if the message got a spam hit from the spamassassin.cache.db, and if it did mark it as spam (regard of the output it gets from the hit) Because as you see from this: Feb 28 09:05:42 Cerberus MailScanner[22928]: SpamAssassin cache hit for message 1FDyvT-0006SE-Nn Feb 28 09:05:42 Cerberus MailScanner[22928]: Message 1FDyvT-0006SE-Nn from 220.104.253.235 (cleopatr@akeva.com) to xxxxxxxxxx.com is not spam, It got a hit from the database, (this is where it gets the score of 19 or whatever) but then mailscanner says it's not spam. Could you not code it so it does this: " if spamassassin cache hit then is definately spam. or am I way off the ball here? Dave ================== On 3/2/06, Dave Strydom wrote: > yeah this is related to the same problem as mine (just checked the > headers of those messages) > > Dave > > On 3/2/06, Julian Field wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > > > I think this is another Perl bug, I've seen this exact behaviour > > several times before. The problem is that I cannot reproduce it and > > so I'm not sure where to put the workaround. > > > > On 2 Mar 2006, at 09:06, Erik van der Leun wrote: > > > > > > > > > > > X-MailScanner-Spamcheck: geen spam, X-MailScanner-SpamScore: 17 > > > > > > This is really all it writes about spam in headers... > > > It detects, but doesn't take action... > > > > > > I //solved// the matter by disabling SA cache by the way... > > > > > > Thanks > > > > > > On Tue, 28 Feb 2006, shuttlebox wrote: > > > > > >> On 2/28/06, Erik van der Leun wrote: > > >> Hi, > > >> > > >> Another issue I fail to understand... > > >> > > >> Since I've recently upgraded MailScanner to 4.50.15.1 and added > > >> pyzor, razor2 checks, it sometimes occurs that spam is detected > > >> well, but not tagged as spam. > > >> > > >> In the mailheaders, I even see the spamscore, but the mail is > > >> not treated as spam... just sent through the regular way. > > >> > > >> No spam subject tag is added either. > > >> > > >> Any thoughts? > > > > > > Post some headers and maybe some log snippets, otherwise it's hard > > > to help. > > > > > > -- > > > /peter > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > - -- > > Julian Field > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP Desktop 9.0.5 (Build 5050) > > > > iQEVAwUBRAa3bvw32o+k+q+hAQFi7gf+LtYg2RiXrU9UoiUxuCAXA7hFpjC3myvp > > PztKGD5eR4ugCLVgUtbnNxW/SopngLMsNr52sq7wcebMfFBRlGFNcKnV1TBb9KNA > > RsVGoqCkNdF1XgyvKx18rOAAm31/wWCh8Cf+R5F1IbJo36uRYbR3uRvHu1P+VREo > > /VgQp3h35XlnJBVnCr50NpHG7pM6h+LXf353qOorlOKDmmF3NZjnkf1ly59LLY7z > > fRvoccgy3dw/+LXJzeky07bzoE0Cv2PXs6FrGeCB6himnDfxv5eoWAy8OL73Tgci > > bn/vkBRiVS31JXU1byf9pZiAcFWhAFYEaCu9LCvCpluP96MoYGGpBg== > > =9NCk > > -----END PGP SIGNATURE----- > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > From MailScanner at ecs.soton.ac.uk Thu Mar 2 11:04:52 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 11:05:02 2006 Subject: Number of messages in a batch In-Reply-To: <625385e30603020207q442a2ca0ude429654d2ac18a4@mail.gmail.com> References: <625385e30603020135x7852e4fav129174bff6a540f1@mail.gmail.com> <625385e30603020207q442a2ca0ude429654d2ac18a4@mail.gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 2 Mar 2006, at 10:07, shuttlebox wrote: > On 3/2/06, Julian Field wrote: >> Patch for MessageBatch.pm is attached. > > Works like a charm! Thank you Julian. Will it be included in the > next release? Yes. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAbRV/w32o+k+q+hAQHJvwf/emVDGoO2xehIqAO9QrdRd2IUzV7mZDtB WD4ZSsUN3h6yK4SB1PUHmfAFju6WR+zDtpN5zWvI99Q3KJT7vFshE1d5AVaY9LDH wm905OCmA7wvuUALcvlWaP7425O8B92zxKaoZ1a9LLEZZ0dartkYsXTRRayUCC7E XmUH7l5qiByoxwxL/MygVLxAF6gvDXLQ0CxltcRvCHmr2CAHOXFRyDWEp5p8n5Re MxEZEnOFh8OFbgZPo4f7GgW6H5LNRQMNtthyKyfG6zFRokXw7/CQpyYx74ccH7Dr 99qc3MSMaz99k2paY5ZrfH1IjrLgrhNbf/A5BR4fqXchqPlJ5cJ8MQ== =zjJU -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 2 11:05:52 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 11:06:00 2006 Subject: spam detected but not tagged In-Reply-To: References: <625385e30602280442j2ee126a9rd0b6261a44a9e062@mail.gmail.com> Message-ID: <0063F38B-C9E0-4312-BCDC-1AD02517BF96@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 2 Mar 2006, at 10:14, Dave Strydom wrote: > I have an idea (it may be stupid though) > > Correct me if I am wrong but, If a message gets a hit from the > spamassassin.cache.db then it is definately spam? No, it caches negative results (briefly) too. > If the above is right, can you do not put a additional check in the > code, that check if the message got a spam hit from the > spamassassin.cache.db, and if it did mark it as spam (regard of the > output it gets from the hit) > > Because as you see from this: > > Feb 28 09:05:42 Cerberus MailScanner[22928]: SpamAssassin cache hit > for message 1FDyvT-0006SE-Nn > Feb 28 09:05:42 Cerberus MailScanner[22928]: Message 1FDyvT-0006SE-Nn > from 220.104.253.235 (cleopatr@akeva.com) to xxxxxxxxxx.com is not > spam, > > It got a hit from the database, (this is where it gets the score of 19 > or whatever) but then mailscanner says it's not spam. Could you not > code it so it does this: " > > if spamassassin cache hit then > is definately spam. > > or am I way off the ball here? > > Dave > > > ================== > On 3/2/06, Dave Strydom wrote: >> yeah this is related to the same problem as mine (just checked the >> headers of those messages) >> >> Dave >> >> On 3/2/06, Julian Field wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> >>> I think this is another Perl bug, I've seen this exact behaviour >>> several times before. The problem is that I cannot reproduce it and >>> so I'm not sure where to put the workaround. >>> >>> On 2 Mar 2006, at 09:06, Erik van der Leun wrote: >>> >>>> >>>> >>>> X-MailScanner-Spamcheck: geen spam, X-MailScanner-SpamScore: 17 >>>> >>>> This is really all it writes about spam in headers... >>>> It detects, but doesn't take action... >>>> >>>> I //solved// the matter by disabling SA cache by the way... >>>> >>>> Thanks >>>> >>>> On Tue, 28 Feb 2006, shuttlebox wrote: >>>> >>>>> On 2/28/06, Erik van der Leun wrote: >>>>> Hi, >>>>> >>>>> Another issue I fail to understand... >>>>> >>>>> Since I've recently upgraded MailScanner to 4.50.15.1 and added >>>>> pyzor, razor2 checks, it sometimes occurs that spam is detected >>>>> well, but not tagged as spam. >>>>> >>>>> In the mailheaders, I even see the spamscore, but the mail is >>>>> not treated as spam... just sent through the regular way. >>>>> >>>>> No spam subject tag is added either. >>>>> >>>>> Any thoughts? >>>> >>>> Post some headers and maybe some log snippets, otherwise it's hard >>>> to help. >>>> >>>> -- >>>> /peter >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> - -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.0.5 (Build 5050) >>> >>> iQEVAwUBRAa3bvw32o+k+q+hAQFi7gf+LtYg2RiXrU9UoiUxuCAXA7hFpjC3myvp >>> PztKGD5eR4ugCLVgUtbnNxW/SopngLMsNr52sq7wcebMfFBRlGFNcKnV1TBb9KNA >>> RsVGoqCkNdF1XgyvKx18rOAAm31/wWCh8Cf+R5F1IbJo36uRYbR3uRvHu1P+VREo >>> /VgQp3h35XlnJBVnCr50NpHG7pM6h+LXf353qOorlOKDmmF3NZjnkf1ly59LLY7z >>> fRvoccgy3dw/+LXJzeky07bzoE0Cv2PXs6FrGeCB6himnDfxv5eoWAy8OL73Tgci >>> bn/vkBRiVS31JXU1byf9pZiAcFWhAFYEaCu9LCvCpluP96MoYGGpBg== >>> =9NCk >>> -----END PGP SIGNATURE----- >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAbRkfw32o+k+q+hAQG/9Qf9EAMWyAyQHJlgzqc8Je/k5RaabY3j3hlN 5mg1wIDtgfrvea8eLKORXXDCWr+S6YBSxWdiSHKw3PTXAu6feKR8Ccw3rvLNuAXk qC+qf7q9Ux/5Kr2CuXG8N6YLZniazcvgzQNI31BGm3/aMuDL+yLY6Z49UziBt4RG z78MoI2Y7RQXlH5zjIHgcwlVu35LAhEpG+OE+uqr6hNYD+wADzEBrIApVHP9sYuq pyDBc6aBfRqvYedbKoNXvrNSm6TLt3g84bW7ggXFiAlE6bH77IWBG7xCKMs/Fafm Q04cC15JTdjIytaA6EF5e9e2cgzttSNCGFKN042aVAGRUAMOS6QcZg== =MLCZ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From pete at enitech.com.au Thu Mar 2 11:17:45 2006 From: pete at enitech.com.au (Pete Russell) Date: Thu Mar 2 11:17:54 2006 Subject: No Longer Fnishes Scans - Resolved In-Reply-To: <4406A7B6.7090301@enitech.com.au> References: <4406A7B6.7090301@enitech.com.au> Message-ID: <4406D459.7030400@enitech.com.au> It was caused by a rule from rulesdujour called Blacklist - it had a grown to a crazy size, deleted and retried and all was well :) Pete Russell wrote: > For some reason today, without any inereference MailScanner startred > accepted new mail but none would ever be delivered and after MS restarts > we would see the be;loe logs. Anyone got any ideas on how to get mail > moving again? > > I changed Use Spamassassin to no and it continues to use SpamAssassin - > so i have left the MS service stopped and fallen back to anothyer server > - but this is not ideal > > Appreciate ANY suggestions > Pete > > Mar 2 18:36:09 car-mbus-sw1 MailScanner[2775]: Using locktype = flock > Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: New Batch: Found 133 > messages waiting > Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: New Batch: Scanning 30 > messages, 151525 bytes > Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: Spam Checks: Starting > Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: Using locktype = flock > Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: New Batch: Found 133 > messages waiting > Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: New Batch: Scanning 30 > messages, 5408558 bytes > Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: Spam Checks: Starting > Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: Using locktype = flock > Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: New Batch: Found 133 > messages waiting > Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: New Batch: Scanning 13 > messages, 140946 bytes > > > In the LINT test i see - so i found the rule and remmed it out of the > local.cf > > 4200] dbg: config: adding redirector regex: > m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i 0.00038 > [4200] warn: config: warning: description exists for non-existent rule > ONTIME_HOSTING, 33.38069 > > After that i retest and find > > [4609] dbg: config: adding redirector regex: > m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i 0.00067 > [4609] dbg: plugin: > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xa83c010) implements > 'finish_parsing_end' 54.86721 > > > Any ideas what would cause this and any suggestions on whatr to try next? From strydom.dave at gmail.com Thu Mar 2 11:20:25 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Thu Mar 2 11:20:28 2006 Subject: spam detected but not tagged In-Reply-To: <0063F38B-C9E0-4312-BCDC-1AD02517BF96@ecs.soton.ac.uk> References: <625385e30602280442j2ee126a9rd0b6261a44a9e062@mail.gmail.com> <0063F38B-C9E0-4312-BCDC-1AD02517BF96@ecs.soton.ac.uk> Message-ID: As a work around for the moment, i've just disabled using the Spamassassin.cache.db if there is anything you would like me to test on my side, please let me know. Dave On 3/2/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > On 2 Mar 2006, at 10:14, Dave Strydom wrote: > > > I have an idea (it may be stupid though) > > > > Correct me if I am wrong but, If a message gets a hit from the > > spamassassin.cache.db then it is definately spam? > > No, it caches negative results (briefly) too. > > > If the above is right, can you do not put a additional check in the > > code, that check if the message got a spam hit from the > > spamassassin.cache.db, and if it did mark it as spam (regard of the > > output it gets from the hit) > > > > Because as you see from this: > > > > Feb 28 09:05:42 Cerberus MailScanner[22928]: SpamAssassin cache hit > > for message 1FDyvT-0006SE-Nn > > Feb 28 09:05:42 Cerberus MailScanner[22928]: Message 1FDyvT-0006SE-Nn > > from 220.104.253.235 (cleopatr@akeva.com) to xxxxxxxxxx.com is not > > spam, > > > > It got a hit from the database, (this is where it gets the score of 19 > > or whatever) but then mailscanner says it's not spam. Could you not > > code it so it does this: " > > > > if spamassassin cache hit then > > is definately spam. > > > > or am I way off the ball here? > > > > Dave > > > > > > ================== > > On 3/2/06, Dave Strydom wrote: > >> yeah this is related to the same problem as mine (just checked the > >> headers of those messages) > >> > >> Dave > >> > >> On 3/2/06, Julian Field wrote: > >>> -----BEGIN PGP SIGNED MESSAGE----- > >>> > >>> I think this is another Perl bug, I've seen this exact behaviour > >>> several times before. The problem is that I cannot reproduce it and > >>> so I'm not sure where to put the workaround. > >>> > >>> On 2 Mar 2006, at 09:06, Erik van der Leun wrote: > >>> > >>>> > >>>> > >>>> X-MailScanner-Spamcheck: geen spam, X-MailScanner-SpamScore: 17 > >>>> > >>>> This is really all it writes about spam in headers... > >>>> It detects, but doesn't take action... > >>>> > >>>> I //solved// the matter by disabling SA cache by the way... > >>>> > >>>> Thanks > >>>> > >>>> On Tue, 28 Feb 2006, shuttlebox wrote: > >>>> > >>>>> On 2/28/06, Erik van der Leun wrote: > >>>>> Hi, > >>>>> > >>>>> Another issue I fail to understand... > >>>>> > >>>>> Since I've recently upgraded MailScanner to 4.50.15.1 and added > >>>>> pyzor, razor2 checks, it sometimes occurs that spam is detected > >>>>> well, but not tagged as spam. > >>>>> > >>>>> In the mailheaders, I even see the spamscore, but the mail is > >>>>> not treated as spam... just sent through the regular way. > >>>>> > >>>>> No spam subject tag is added either. > >>>>> > >>>>> Any thoughts? > >>>> > >>>> Post some headers and maybe some log snippets, otherwise it's hard > >>>> to help. > >>>> > >>>> -- > >>>> /peter > >>>> -- > >>>> MailScanner mailing list > >>>> mailscanner@lists.mailscanner.info > >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>> > >>>> Before posting, read http://wiki.mailscanner.info/posting > >>>> > >>>> Support MailScanner development - buy the book off the website! > >>> > >>> - -- > >>> Julian Field > >>> www.MailScanner.info > >>> Buy the MailScanner book at www.MailScanner.info/store > >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>> > >>> > >>> -----BEGIN PGP SIGNATURE----- > >>> Version: PGP Desktop 9.0.5 (Build 5050) > >>> > >>> iQEVAwUBRAa3bvw32o+k+q+hAQFi7gf+LtYg2RiXrU9UoiUxuCAXA7hFpjC3myvp > >>> PztKGD5eR4ugCLVgUtbnNxW/SopngLMsNr52sq7wcebMfFBRlGFNcKnV1TBb9KNA > >>> RsVGoqCkNdF1XgyvKx18rOAAm31/wWCh8Cf+R5F1IbJo36uRYbR3uRvHu1P+VREo > >>> /VgQp3h35XlnJBVnCr50NpHG7pM6h+LXf353qOorlOKDmmF3NZjnkf1ly59LLY7z > >>> fRvoccgy3dw/+LXJzeky07bzoE0Cv2PXs6FrGeCB6himnDfxv5eoWAy8OL73Tgci > >>> bn/vkBRiVS31JXU1byf9pZiAcFWhAFYEaCu9LCvCpluP96MoYGGpBg== > >>> =9NCk > >>> -----END PGP SIGNATURE----- > >>> > >>> -- > >>> This message has been scanned for viruses and > >>> dangerous content by MailScanner, and is > >>> believed to be clean. > >>> > >>> -- > >>> MailScanner mailing list > >>> mailscanner@lists.mailscanner.info > >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>> > >>> Before posting, read http://wiki.mailscanner.info/posting > >>> > >>> Support MailScanner development - buy the book off the website! > >>> > >> > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQEVAwUBRAbRkfw32o+k+q+hAQG/9Qf9EAMWyAyQHJlgzqc8Je/k5RaabY3j3hlN > 5mg1wIDtgfrvea8eLKORXXDCWr+S6YBSxWdiSHKw3PTXAu6feKR8Ccw3rvLNuAXk > qC+qf7q9Ux/5Kr2CuXG8N6YLZniazcvgzQNI31BGm3/aMuDL+yLY6Z49UziBt4RG > z78MoI2Y7RQXlH5zjIHgcwlVu35LAhEpG+OE+uqr6hNYD+wADzEBrIApVHP9sYuq > pyDBc6aBfRqvYedbKoNXvrNSm6TLt3g84bW7ggXFiAlE6bH77IWBG7xCKMs/Fafm > Q04cC15JTdjIytaA6EF5e9e2cgzttSNCGFKN042aVAGRUAMOS6QcZg== > =MLCZ > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From martinh at solid-state-logic.com Thu Mar 2 11:21:23 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Mar 2 11:21:39 2006 Subject: No Longer Fnishes Scans - Resolved In-Reply-To: <4406D459.7030400@enitech.com.au> Message-ID: <00d301c63deb$702e01b0$3004010a@martinhlaptop> Pete The blacklist SA rule has been retired for many many moons. The URI-RBL's are the replacement for this... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Pete Russell > Sent: 02 March 2006 11:18 > To: MailScanner discussion > Subject: Re: No Longer Fnishes Scans - Resolved > > It was caused by a rule from rulesdujour called Blacklist - it had a > grown to a crazy size, deleted and retried and all was well :) > > > Pete Russell wrote: > > For some reason today, without any inereference MailScanner startred > > accepted new mail but none would ever be delivered and after MS restarts > > we would see the be;loe logs. Anyone got any ideas on how to get mail > > moving again? > > > > I changed Use Spamassassin to no and it continues to use SpamAssassin - > > so i have left the MS service stopped and fallen back to anothyer server > > - but this is not ideal > > > > Appreciate ANY suggestions > > Pete > > > > Mar 2 18:36:09 car-mbus-sw1 MailScanner[2775]: Using locktype = flock > > Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: New Batch: Found 133 > > messages waiting > > Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: New Batch: Scanning 30 > > messages, 151525 bytes > > Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: Spam Checks: Starting > > Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: Using locktype = flock > > Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: New Batch: Found 133 > > messages waiting > > Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: New Batch: Scanning 30 > > messages, 5408558 bytes > > Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: Spam Checks: Starting > > Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: Using locktype = flock > > Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: New Batch: Found 133 > > messages waiting > > Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: New Batch: Scanning 13 > > messages, 140946 bytes > > > > > > In the LINT test i see - so i found the rule and remmed it out of the > > local.cf > > > > 4200] dbg: config: adding redirector regex: > > m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i 0.00038 > > [4200] warn: config: warning: description exists for non-existent rule > > ONTIME_HOSTING, 33.38069 > > > > After that i retest and find > > > > [4609] dbg: config: adding redirector regex: > > m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i 0.00067 > > [4609] dbg: plugin: > > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xa83c010) implements > > 'finish_parsing_end' 54.86721 > > > > > > Any ideas what would cause this and any suggestions on whatr to try > next? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From pete at enitech.com.au Thu Mar 2 11:46:51 2006 From: pete at enitech.com.au (Pete Russell) Date: Thu Mar 2 11:46:58 2006 Subject: No Longer Fnishes Scans - Resolved In-Reply-To: <00d301c63deb$702e01b0$3004010a@martinhlaptop> References: <00d301c63deb$702e01b0$3004010a@martinhlaptop> Message-ID: <4406DB2B.3080107@enitech.com.au> Thanks - any chance you could share you list of trusted rulesets with me? assuming yours is maintained and up to date? ThanksPete TRUSTED_RULESETS="TRIPWIRE SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 SARE_EVILNUMBERS2 SARE_BML SARE_OEM SARE_HEADER SARE_HTML0 SARE_RANDOM SARE_REDIRECT_POST300 SARE_FRAUD BOGUSVIRUS SARE_BAYES_POISON_NXM SARE_ADULT SARE_SPOOF SARE_SPECIFIC SARE_UNSUB SARE_URI0 SARE_URI1 SARE_OBFU0 SARE_GENLSUBJ0 ZMI_GERMAN" Martin Hepworth wrote: > Pete > > The blacklist SA rule has been retired for many many moons. The URI-RBL's > are the replacement for this... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >>-----Original Message----- >>From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>bounces@lists.mailscanner.info] On Behalf Of Pete Russell >>Sent: 02 March 2006 11:18 >>To: MailScanner discussion >>Subject: Re: No Longer Fnishes Scans - Resolved >> >>It was caused by a rule from rulesdujour called Blacklist - it had a >>grown to a crazy size, deleted and retried and all was well :) >> >> >>Pete Russell wrote: >> >>>For some reason today, without any inereference MailScanner startred >>>accepted new mail but none would ever be delivered and after MS restarts >>>we would see the be;loe logs. Anyone got any ideas on how to get mail >>>moving again? >>> >>>I changed Use Spamassassin to no and it continues to use SpamAssassin - >>>so i have left the MS service stopped and fallen back to anothyer server >>>- but this is not ideal >>> >>>Appreciate ANY suggestions >>>Pete >>> >>>Mar 2 18:36:09 car-mbus-sw1 MailScanner[2775]: Using locktype = flock >>>Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: New Batch: Found 133 >>>messages waiting >>>Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: New Batch: Scanning 30 >>>messages, 151525 bytes >>>Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: Spam Checks: Starting >>>Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: Using locktype = flock >>>Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: New Batch: Found 133 >>>messages waiting >>>Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: New Batch: Scanning 30 >>>messages, 5408558 bytes >>>Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: Spam Checks: Starting >>>Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: Using locktype = flock >>>Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: New Batch: Found 133 >>>messages waiting >>>Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: New Batch: Scanning 13 >>>messages, 140946 bytes >>> >>> >>>In the LINT test i see - so i found the rule and remmed it out of the >>>local.cf >>> >>>4200] dbg: config: adding redirector regex: >>>m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i 0.00038 >>>[4200] warn: config: warning: description exists for non-existent rule >>>ONTIME_HOSTING, 33.38069 >>> >>>After that i retest and find >>> >>>[4609] dbg: config: adding redirector regex: >>>m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i 0.00067 >>>[4609] dbg: plugin: >>>Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xa83c010) implements >>>'finish_parsing_end' 54.86721 >>> >>> >>>Any ideas what would cause this and any suggestions on whatr to try >> >>next? >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > From martinh at solid-state-logic.com Thu Mar 2 12:03:56 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Mar 2 12:04:06 2006 Subject: No Longer Fnishes Scans - Resolved In-Reply-To: <4406DB2B.3080107@enitech.com.au> Message-ID: <00e201c63df1$61ea1020$3004010a@martinhlaptop> Pete 1st thing, make sure you RDJ is up to date!!! TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS EVILNUMBERS1 EVILNUMBERS2 SARE_RANDOM RANDOMVAL BOGUSVIRUS SARE_ADULT SARE_BML SARE_URI0 SARE_URI1 SARE_URI3 SARE_URI_ENG SARE_SPOOF SARE_BAYES_POISON_NXM SARE_OEM SARE_RANDOM SARE_HEADER0 SARE_HEADER2 SARE_CODING SARE_SPECIFIC SARE_REDIRECT_POST300 SARE_GENLSUBJ SARE_UNSUB SARE_OBFU SARE_OBFU2 SARE_OBFU3 SARE_WHITELIST SARE_WHITELIST_SPF SARE_WHITELIST_RCVDZMI_GERMAN FVGT_meta FVGT_body FVGT_headers FVGT_rawbody FVGT_subject FVGT_uri JG_badhosts JG_body JG_from JG_german JG_header JG_nazi JG_rawbody JG_subject JG_to SARE_STOCKS"; The JG ones are ones I load extra and aren't in the standard RDJ config....for the FVGT configs see the RDJ web site ... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Pete Russell > Sent: 02 March 2006 11:47 > To: MailScanner discussion > Subject: Re: No Longer Fnishes Scans - Resolved > > Thanks - any chance you could share you list of trusted rulesets with > me? assuming yours is maintained and up to date? > > ThanksPete > > TRUSTED_RULESETS="TRIPWIRE SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 > SARE_EVILNUMBERS2 SARE_BML SARE_OEM SARE_HEADER SARE_HTML0 SARE_RANDOM > SARE_REDIRECT_POST300 SARE_FRAUD BOGUSVIRUS SARE_BAYES_POISON_NXM > SARE_ADULT SARE_SPOOF SARE_SPECIFIC SARE_UNSUB SARE_URI0 SARE_URI1 > SARE_OBFU0 SARE_GENLSUBJ0 ZMI_GERMAN" > > > Martin Hepworth wrote: > > Pete > > > > The blacklist SA rule has been retired for many many moons. The URI- > RBL's > > are the replacement for this... > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > >>-----Original Message----- > >>From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >>bounces@lists.mailscanner.info] On Behalf Of Pete Russell > >>Sent: 02 March 2006 11:18 > >>To: MailScanner discussion > >>Subject: Re: No Longer Fnishes Scans - Resolved > >> > >>It was caused by a rule from rulesdujour called Blacklist - it had a > >>grown to a crazy size, deleted and retried and all was well :) > >> > >> > >>Pete Russell wrote: > >> > >>>For some reason today, without any inereference MailScanner startred > >>>accepted new mail but none would ever be delivered and after MS > restarts > >>>we would see the be;loe logs. Anyone got any ideas on how to get mail > >>>moving again? > >>> > >>>I changed Use Spamassassin to no and it continues to use SpamAssassin - > >>>so i have left the MS service stopped and fallen back to anothyer > server > >>>- but this is not ideal > >>> > >>>Appreciate ANY suggestions > >>>Pete > >>> > >>>Mar 2 18:36:09 car-mbus-sw1 MailScanner[2775]: Using locktype = flock > >>>Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: New Batch: Found 133 > >>>messages waiting > >>>Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: New Batch: Scanning 30 > >>>messages, 151525 bytes > >>>Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: Spam Checks: Starting > >>>Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: Using locktype = flock > >>>Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: New Batch: Found 133 > >>>messages waiting > >>>Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: New Batch: Scanning 30 > >>>messages, 5408558 bytes > >>>Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: Spam Checks: Starting > >>>Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: Using locktype = flock > >>>Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: New Batch: Found 133 > >>>messages waiting > >>>Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: New Batch: Scanning 13 > >>>messages, 140946 bytes > >>> > >>> > >>>In the LINT test i see - so i found the rule and remmed it out of the > >>>local.cf > >>> > >>>4200] dbg: config: adding redirector regex: > >>>m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i 0.00038 > >>>[4200] warn: config: warning: description exists for non-existent rule > >>>ONTIME_HOSTING, 33.38069 > >>> > >>>After that i retest and find > >>> > >>>[4609] dbg: config: adding redirector regex: > >>>m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i 0.00067 > >>>[4609] dbg: plugin: > >>>Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xa83c010) implements > >>>'finish_parsing_end' 54.86721 > >>> > >>> > >>>Any ideas what would cause this and any suggestions on whatr to try > >> > >>next? > >>-- > >>MailScanner mailing list > >>mailscanner@lists.mailscanner.info > >>http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >>Before posting, read http://wiki.mailscanner.info/posting > >> > >>Support MailScanner development - buy the book off the website! > > > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From strydom.dave at gmail.com Thu Mar 2 13:42:29 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Thu Mar 2 13:42:33 2006 Subject: Don't understand this match In-Reply-To: <8408E28D-277B-4553-91F1-E2CAEE463FCE@ecs.soton.ac.uk> References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> <44060F19.3070407@psysolutions.com> <44061184.50003@ecs.soton.ac.uk> <4406211D.6070207@psysolutions.com> <8408E28D-277B-4553-91F1-E2CAEE463FCE@ecs.soton.ac.uk> Message-ID: I gave up on this rule in my mailscanner, because i have clients sending emails that contain like whatever.xls.zip which are legit files, since we do about 80 000 emails a day across 3 scanning servers, it's annoying to backtrack and release legit files that get caught by this rule, so i eventually removed the rule and just put some trust in the virus scanning. Infact i edited a whole bunch of stuff in the filename.rules.conf and filetype.rules.conf because some of the defaults are just not suitable in the shared hosting enviroment. Dave On 3/2/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > On 1 Mar 2006, at 22:33, Richard Thomas wrote: > > > Julian Field wrote: > > > >> > >> It santises the filenames before logging them or outputting them > >> in any way. > >> One way it does this is by shortening them, except for the last > >> filename extension. > >> So you won't always see the full original filename. This is to > >> stop exploits based on the reporting of filenames (imagine if you > >> made up a filename that contained MIME boundaries, newline > >> characters and a complete MIME attachment). It never ever outputs > >> raw data based on the input data without sanitising it in some form. > >> > >> This is a fundamental anti-attack method I use. > >> > > OK, I understand the reasoning behind that. The problem is then I > > guess that it obscures the reason the file was blocked in the first > > place. Not that I'm complaining :) Just wondering if there might be > > some way to reconcile the two issues. > > Not that I have found. > > > (For now, I may just make the reject reason more explicit). > > That's my preferred solution. > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQEVAwUBRAau/vw32o+k+q+hAQF39AgAqe34fCCOHUXzwmYWY8PZikr3IdXidbHT > wsrN39mHvALbIh82RmVUioJdRCknsL6smJXGquhJZGPHZAVZwwdidDdCx7Xsoz2Z > ltVyHGHnVG8LOqMnkG4t97oZXWgRUNtcoLRbUwz4ZlUtWojrSy0i7v+8Vmg2h566 > o6tcAUTn9xEaBEBru5jaQFiYg4JDjKp0qJJoiFMiKiswIk5YSgroRmeL5QMKJkuu > B8iGZJ9FvSPVSHdVR6baGEflwIfEr+4WrGVwqkZoHkMnN8JFF6xxXZZc8jDgJLkl > cinILIHu+AOlSmarFuy7W8QHraMnLj49NeeP+ftalwawsiTON3dDwA== > =6B92 > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From alex at nkpanama.com Thu Mar 2 13:51:18 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Mar 2 13:51:28 2006 Subject: Don't understand this match In-Reply-To: References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> <44060F19.3070407@psysolutions.com> <44061184.50003@ecs.soton.ac.uk> <4406211D.6070207@psysolutions.com> <8408E28D-277B-4553-91F1-E2CAEE463FCE@ecs.soton.ac.uk> Message-ID: <4406F856.2000001@nkpanama.com> You could keep the rule and set "allowed filenames", or you could add "allow .xls ... blabla" before the double extension matching rules. Dave Strydom wrote: > I gave up on this rule in my mailscanner, because i have clients > sending emails that contain like whatever.xls.zip which are legit > files, since we do about 80 000 emails a day across 3 scanning > servers, it's annoying to backtrack and release legit files that get > caught by this rule, so i eventually removed the rule and just put > some trust in the virus scanning. > > Infact i edited a whole bunch of stuff in the filename.rules.conf and > filetype.rules.conf because some of the defaults are just not suitable > in the shared hosting enviroment. > > Dave > > On 3/2/06, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> >> >> On 1 Mar 2006, at 22:33, Richard Thomas wrote: >> >> >>> Julian Field wrote: >>> >>> >>>> It santises the filenames before logging them or outputting them >>>> in any way. >>>> One way it does this is by shortening them, except for the last >>>> filename extension. >>>> So you won't always see the full original filename. This is to >>>> stop exploits based on the reporting of filenames (imagine if you >>>> made up a filename that contained MIME boundaries, newline >>>> characters and a complete MIME attachment). It never ever outputs >>>> raw data based on the input data without sanitising it in some form. >>>> >>>> This is a fundamental anti-attack method I use. >>>> >>>> >>> OK, I understand the reasoning behind that. The problem is then I >>> guess that it obscures the reason the file was blocked in the first >>> place. Not that I'm complaining :) Just wondering if there might be >>> some way to reconcile the two issues. >>> >> Not that I have found. >> >> >>> (For now, I may just make the reject reason more explicit). >>> >> That's my preferred solution. >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.5 (Build 5050) >> >> iQEVAwUBRAau/vw32o+k+q+hAQF39AgAqe34fCCOHUXzwmYWY8PZikr3IdXidbHT >> wsrN39mHvALbIh82RmVUioJdRCknsL6smJXGquhJZGPHZAVZwwdidDdCx7Xsoz2Z >> ltVyHGHnVG8LOqMnkG4t97oZXWgRUNtcoLRbUwz4ZlUtWojrSy0i7v+8Vmg2h566 >> o6tcAUTn9xEaBEBru5jaQFiYg4JDjKp0qJJoiFMiKiswIk5YSgroRmeL5QMKJkuu >> B8iGZJ9FvSPVSHdVR6baGEflwIfEr+4WrGVwqkZoHkMnN8JFF6xxXZZc8jDgJLkl >> cinILIHu+AOlSmarFuy7W8QHraMnLj49NeeP+ftalwawsiTON3dDwA== >> =6B92 >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From MailScanner at ecs.soton.ac.uk Thu Mar 2 14:17:57 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 14:18:06 2006 Subject: Don't understand this match In-Reply-To: References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> <44060F19.3070407@psysolutions.com> <44061184.50003@ecs.soton.ac.uk> <4406211D.6070207@psysolutions.com> <8408E28D-277B-4553-91F1-E2CAEE463FCE@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- The default settings I provide are just what I consider to be a pretty good set that should be mostly okay, for most people, most of the time. Obviously if they aren't right for you, then just change them, that's why it is all configurable :-) When I first wrote the filename.rules.conf file, I put in the double file extension trap as an example of what could do done, beyond just matching simple extension names. I didn't realise how important it became for most sites. On 2 Mar 2006, at 13:42, Dave Strydom wrote: > I gave up on this rule in my mailscanner, because i have clients > sending emails that contain like whatever.xls.zip which are legit > files, since we do about 80 000 emails a day across 3 scanning > servers, it's annoying to backtrack and release legit files that get > caught by this rule, so i eventually removed the rule and just put > some trust in the virus scanning. > > Infact i edited a whole bunch of stuff in the filename.rules.conf and > filetype.rules.conf because some of the defaults are just not suitable > in the shared hosting enviroment. > > Dave > > On 3/2/06, Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> >> >> On 1 Mar 2006, at 22:33, Richard Thomas wrote: >> >>> Julian Field wrote: >>> >>>> >>>> It santises the filenames before logging them or outputting them >>>> in any way. >>>> One way it does this is by shortening them, except for the last >>>> filename extension. >>>> So you won't always see the full original filename. This is to >>>> stop exploits based on the reporting of filenames (imagine if you >>>> made up a filename that contained MIME boundaries, newline >>>> characters and a complete MIME attachment). It never ever outputs >>>> raw data based on the input data without sanitising it in some >>>> form. >>>> >>>> This is a fundamental anti-attack method I use. >>>> >>> OK, I understand the reasoning behind that. The problem is then I >>> guess that it obscures the reason the file was blocked in the first >>> place. Not that I'm complaining :) Just wondering if there might be >>> some way to reconcile the two issues. >> >> Not that I have found. >> >>> (For now, I may just make the reject reason more explicit). >> >> That's my preferred solution. >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.5 (Build 5050) >> >> iQEVAwUBRAau/vw32o+k+q+hAQF39AgAqe34fCCOHUXzwmYWY8PZikr3IdXidbHT >> wsrN39mHvALbIh82RmVUioJdRCknsL6smJXGquhJZGPHZAVZwwdidDdCx7Xsoz2Z >> ltVyHGHnVG8LOqMnkG4t97oZXWgRUNtcoLRbUwz4ZlUtWojrSy0i7v+8Vmg2h566 >> o6tcAUTn9xEaBEBru5jaQFiYg4JDjKp0qJJoiFMiKiswIk5YSgroRmeL5QMKJkuu >> B8iGZJ9FvSPVSHdVR6baGEflwIfEr+4WrGVwqkZoHkMnN8JFF6xxXZZc8jDgJLkl >> cinILIHu+AOlSmarFuy7W8QHraMnLj49NeeP+ftalwawsiTON3dDwA== >> =6B92 >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAb+mPw32o+k+q+hAQH1Jgf+LonselRrBN+DC1oRRKcvKvJXIsIPLxds BRnbjEB0LNFHRUcV7kqouiR9t9sVJbmf3EaouKFMTLX943x3xmCT4WeEOKo1M2uI iX2WXAFpe1wggdklvfPTDzKXCZVLz9YfVk32jBwA3rmJJ8NoMCa8C4a09QjiZD2Y 4i0tRDwLMpFTBAhxFjbScMmtWqHJK11vseRiggI7nBt7EO3zCqxSNhuJMiAgeYow CCbEsF/V395PFDuRiiAMWwNlpnOg1ByouZsAONNJKf/RJQ9wsoFDxpvh1DToF2p6 9nJPn9UaqXqJwUMFICpYX7ElqaRs8DKlg+XQz3IsO1oFFzF86GUFgw== =axqG -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Thu Mar 2 14:43:23 2006 From: rcooper at dwford.com (Rick Cooper) Date: Thu Mar 2 14:43:51 2006 Subject: Don't understand this match In-Reply-To: Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Dave > Strydom > Sent: Thursday, March 02, 2006 8:42 AM > To: MailScanner discussion > Subject: Re: Don't understand this match > > > I gave up on this rule in my mailscanner, because i have clients > sending emails that contain like whatever.xls.zip which are legit > files, since we do about 80 000 emails a day across 3 scanning > servers, it's annoying to backtrack and release legit files that get > caught by this rule, so i eventually removed the rule and just put > some trust in the virus scanning. > > Infact i edited a whole bunch of stuff in the filename.rules.conf and > filetype.rules.conf because some of the defaults are just not suitable > in the shared hosting enviroment. > I too had a bunch of venders that sent various files with double+ dots so added an accept rule ahead of the deny rules like: accept \.(xls|pdf|doc|zip)$ So those would get through so long as they *ended* with an acceptable extention. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From cobalt-users1 at fishnet.co.uk Thu Mar 2 15:06:38 2006 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Thu Mar 2 15:06:50 2006 Subject: Changing MailScanner local7 syslog messages to another facility Message-ID: <440709FE.30530.23A4932D@cobalt-users1.fishnet.co.uk> Hi, I get these messages in my /var/log/boot.log ( local use 7 ): Mar 2 12:36:18 bob MailScanner: succeeded Mar 2 12:40:02 bob last message repeated 5 times Mar 2 12:45:03 bob last message repeated 3 times Mar 2 12:50:02 bob last message repeated 3 times Mar 2 12:55:03 bob last message repeated 3 times Mar 2 13:00:03 bob last message repeated 3 times Mar 2 13:05:02 bob last message repeated 3 times Is it possible to change this to another syslog facility? In MailScanner.conf I have: Syslog Facility = local0 to keep MailScanner messages separate from sendmail messages but it still places these messages in the boot.log. TIA for any assistance Ian -- From bpumphrey at WoodMacLaw.com Thu Mar 2 15:09:22 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Thu Mar 2 15:09:26 2006 Subject: Telnet to port 25 fails Message-ID: <04D932B0071FE34FA63EBB1977B48D15DCB6BB@woodenex.woodmaclaw.local> Hello everyone! Well I have gotten some ground on my new install and I cannot connect to my machine through telnet 25. I was going through the WIKI at this page: http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot :mta:connexion That is a really good page to use for testing but it has no solutions for if the telnet fails. I will copy and paste my entire typed log for what I have done. It gets pretty specific with what errors and commands that I used. I figure the next time that I install these completed notes will help me. I also went to search the mailing list archives. I could not find a search. I know that the list was put on a different server. So I guess that there is no search on the new one of I just could not find it. Here is the big o log... Warning, its pretty long. To get to the point skip near the end. Please tell me if this log may be a helpful informal post when it is all said and done, and I can email the completed log after I am all finished. -------------------------------------------------------------------- - Installed CentOS with spamassassion (version?), mysql (version?), - Downloaded MailScanner 4.50.15-1 - Ran install.sh Error: [root@WoodenMS2 MailScanner-4.50.15-1]# ./install.sh Good. You have the patch command. Your /usr/src/redhat, /usr/src/RPM or /usr/src/packages tree is missing. If you have access to an RPM called rpm-build or rpmbuild then install it first and come back and try again. - 1 hour later I got rpm-build installed [root@WoodenMS2 install]# rpm -ivh rpm-build* warning: rpm-build-4.3.3-11_nonptl.i386.rpm: V3 DSA signature: NOKEY, key ID 443 e1821 Preparing... ########################################### [100%] 1:rpm-build ########################################### [100%] - ran ./install.sh from the MailScanner directory - got another error: [root@WoodenMS2 MailScanner-4.50.15-1]# ./install.sh Good. You have the patch command. Good, you have /usr/src/redhat in place. Writing a .rpmmacros file in your home directory to stop unpackaged files breaking the build process. You can delete it once MailScanner is installed if you want to. Adding to the .rpmmacros file in your home directory to stop RPM trying to be too clever finding Perl requirements. You can delete it once MailScanner is installed if you want to. Good, you appear to only have 1 copy of Perl installed. I think you are running on RedHat Linux, Mandrake Linux or SuSE Linux. You must have the following RPM packages installed before you try and do anything else: binutils glibc-devel gcc make You are missing at least 1 of these. Please install them all (Read the manuals if you do not know how to do this). Then come back and run this install.sh script again. - Next day After spending a few hours trying to get the packages, I started from scratch and reinstalled CentOS 4.2 with the development tools. - OS is installed - Created a user at the console - Ran the program Putty to ssh into the machine - logged in as the user - ran su - and logged in as root - downloaded mailscanner useing wget - now looking for the command to untar a tar.gz file - Found the command and used tar -zxvf MailScanner* - Running ./install.sh install is running ok - MailScanner install done. Said spamassassin was not found and it was not installed. - downloaded = spamassassin 3.1.0 wget http://apache.hoxt.com/spamassassin/source/Mail-SpamAssassin-3.1.0.tar.g z mailwatch 1.0.3 wget http://internap.dl.sourceforge.net/sourceforge/mailwatch/mailwatch-1.0.3 .tar.gz clamav .88 wget http://superb.dl.sourceforge.net/sourceforge/clamav/clamav-0.88.tar.gz bitdefender8 wget http://www.bitdefender.com/site/Download/downloadFile/340/EN/ pyzor 0.4.0 wget http://umn.dl.sourceforge.net/sourceforge/pyzor/pyzor-0.4.0.tar.bz2 php 5.1.2 wget http://us3.php.net/get/php-5.1.2.tar.gz/from/this/mirror - installed spamassassin tar -zxvf Mail-SpamAssassin* cd Mail*Spam* perl Makefile.PL got errors about modules needed. Went to http://svn.apache.org/repos/asf/spamassassin/branches/3.1/INSTALL and got information REQUIRED module missing: Digest::SHA1 optional module missing: Net::DNS optional module missing: Mail::SPF::Query optional module missing: IP::Country optional module missing: Razor2 optional module missing: Net::Ident optional module missing: IO::Socket::INET6 optional module missing: IO::Socket::SSL optional module missing: Archive::Tar optional module missing: IO::Zlib perl -MCPAN -e shell o conf prerequisites_policy ask install Digest::SHA1 install NET::DNS install Mail::SPF::Query install IP::Country install Razor2 got error: cpan> install Razor2 Warning: Cannot install Razor2, don't know what it is. Try the command i /Razor2/ to find objects with matching identifiers. install Net::Ident install IO::Socket::INET6 ( I don't know really why I installed this) install Archive::Tar install IO:Zlib returned: IO::Zlib is up to date. quit perl Makefile.PL (lets try spamassassin again shall we) returned: optional module missing: Razor2 optional module missing: Net::Ident optional module missing: IO::Socket::INET6 optional module missing: IO::Socket::SSL warning: some functionality may not be available, please read the above report before continuing! Checking if your kit is complete... Looks good Writing Makefile for Mail::SpamAssassin Makefile written by ExtUtils::MakeMaker 6.17 perl -MCPAN -e shell i /Razor2/ Returned: Module id = Mail::SpamAssassin::Plugin::Razor2 CPAN_USERID JMASON (Justin Mason ) CPAN_VERSION undef CPAN_FILE J/JM/JMASON/Mail-SpamAssassin-3.1.0.tar.gz INST_FILE (not installed) install Mail::spamAssassin::Plugin::Razor2 perl Makefile.PL Returned: optional module missing: Razor2 optional module missing: Net::Ident optional module missing: IO::Socket::INET6 optional module missing: IO::Socket::SSL Taking a guess that it needs a reboot to get Razor2 and INET6 in action, I will reboot using shutdown -r now - Next day - After the reboot it says razor is not there but I will continue and worry about that later. - Logged into old MailScanner machine and copied over the MailScanner.conf preferences Note I did not just copy over the file changed: Organization stuff at the beginning Quarantine User = root Quarantine group = apache Quarantine permissions = 0660 Quarantine whole message = yes Spam List = ORDB-RBL SBL+XBL Required SpamAssin Score = 5 High ScpamAssassin Score 7.2 Rebuild Bayes Every = 432000 Spam Actions = store deliver header "X-Spam-Status: Yes" High Scoring Spam Actions = store delete header "X-spam-Status: yes" Non Spam Actions = store deliver header "X-Spam-Status: No" Log Spedd = yes Log Spam = yes Log non Spam = yes - I then restart the MailScanner service like so service MailScanner restart && tail -f /var/log/maillog - I checked the log for errors Getting error about no virus scanners installed Getting notice that I do have virus scanners installed also Value of bayesrebuild cannot be a ruleset, only a simple value - I had an error in my Rebuild Bayes Every = ... I had 432000 432000 432000 and more instances instead of just one 432000. I changed it to just 432000 - I restarted MailScanner using the above method and checked the log Still getting the virus scanners message. One saying that I have them installed and one saying that I do not. I will worry about this later. - Copied text from the old /etc/mail/access file to the new server - created /etc/mail/relay-domains on the new machien and put in: woodmaclaw.com www.woodmaclaw.com woodmclaw.com www.woodmclaw.com - edited /etc/mail/mailertable. put in: woodmaclaw.com esmtp:[10.1.1.22] www.woodmaclaw.com esmtp:[10.1.1.22] woodmclaw.com esmtp:[10.1.1.22] www.woodmclaw.com esmtp:[10.1.1.22] - I fowarded some mail to the new machien and the log had not picked up anything - Restart MailScanner - Tried the command telnet IPADDRESS 25 and it is not running as the dos box just does not show it. - restarted the machine - From strydom.dave at gmail.com Thu Mar 2 15:12:53 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Thu Mar 2 15:12:55 2006 Subject: Don't understand this match In-Reply-To: References: Message-ID: Thats not a bad idea, thanks for that Rick. Dave On 3/2/06, Rick Cooper wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Dave > > Strydom > > Sent: Thursday, March 02, 2006 8:42 AM > > To: MailScanner discussion > > Subject: Re: Don't understand this match > > > > > > I gave up on this rule in my mailscanner, because i have clients > > sending emails that contain like whatever.xls.zip which are legit > > files, since we do about 80 000 emails a day across 3 scanning > > servers, it's annoying to backtrack and release legit files that get > > caught by this rule, so i eventually removed the rule and just put > > some trust in the virus scanning. > > > > Infact i edited a whole bunch of stuff in the filename.rules.conf and > > filetype.rules.conf because some of the defaults are just not suitable > > in the shared hosting enviroment. > > > > I too had a bunch of venders that sent various files with double+ dots so > added an accept rule ahead of the deny rules like: > > accept \.(xls|pdf|doc|zip)$ > > So those would get through so long as they *ended* with an acceptable > extention. > > Rick > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Thu Mar 2 15:21:23 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 15:21:37 2006 Subject: Changing MailScanner local7 syslog messages to another facility In-Reply-To: <440709FE.30530.23A4932D@cobalt-users1.fishnet.co.uk> References: <440709FE.30530.23A4932D@cobalt-users1.fishnet.co.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- You need to configure your syslogd, which is controlled by /etc/ syslog.conf. On 2 Mar 2006, at 15:06, Ian wrote: > Hi, > > I get these messages in my /var/log/boot.log ( local use 7 ): > > Mar 2 12:36:18 bob MailScanner: succeeded > Mar 2 12:40:02 bob last message repeated 5 times > Mar 2 12:45:03 bob last message repeated 3 times > Mar 2 12:50:02 bob last message repeated 3 times > Mar 2 12:55:03 bob last message repeated 3 times > Mar 2 13:00:03 bob last message repeated 3 times > Mar 2 13:05:02 bob last message repeated 3 times > > Is it possible to change this to another syslog facility? > > In MailScanner.conf I have: > > Syslog Facility = local0 > > to keep MailScanner messages separate from sendmail messages but it > still places these > messages in the boot.log. > > TIA for any assistance > > Ian > -- > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAcNdvw32o+k+q+hAQHDRAf9ElVPPTy49Sz/7OYhseEIbVh7Mq2lHXlT mpNsf3z3V0+JvEQMSllgGh5+VP/WaYpuL3ZSXeHLfCmyUuj+5owovJBvwwW14K2B NG3wXmVE5yyszTtQUWGCNgJhRmHAF+sKhSZp/O4NlrsXpj91nwN+TQ3488Ljjume wAXxmN0LVHpsP42i2D6qTrBeOf/VDoUOH+qTTpvJ3mKuJ06k34OlNrwlirvo4Org Lh7KoljR1gnR5MpLeQrygkuH4u4N6vu0PIBYYoeUBjdjSNi8xy7zCwWkogLM4tQj MeEX5WYztsQHCKEdH4tBBjyYm99fIoYwFTRnsgAP4WTe+Clg4mo4YQ== =BQoU -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From strydom.dave at gmail.com Thu Mar 2 15:23:41 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Thu Mar 2 15:23:45 2006 Subject: Don't understand this match In-Reply-To: References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> <44060F19.3070407@psysolutions.com> <44061184.50003@ecs.soton.ac.uk> <4406211D.6070207@psysolutions.com> <8408E28D-277B-4553-91F1-E2CAEE463FCE@ecs.soton.ac.uk> Message-ID: Don't get me wrong, I'm not complaining about it at all :) On 3/2/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > The default settings I provide are just what I consider to be a > pretty good set that should be mostly okay, for most people, most of > the time. Obviously if they aren't right for you, then just change > them, that's why it is all configurable :-) > > When I first wrote the filename.rules.conf file, I put in the double > file extension trap as an example of what could do done, beyond just > matching simple extension names. I didn't realise how important it > became for most sites. > > On 2 Mar 2006, at 13:42, Dave Strydom wrote: > > > I gave up on this rule in my mailscanner, because i have clients > > sending emails that contain like whatever.xls.zip which are legit > > files, since we do about 80 000 emails a day across 3 scanning > > servers, it's annoying to backtrack and release legit files that get > > caught by this rule, so i eventually removed the rule and just put > > some trust in the virus scanning. > > > > Infact i edited a whole bunch of stuff in the filename.rules.conf and > > filetype.rules.conf because some of the defaults are just not suitable > > in the shared hosting enviroment. > > > > Dave > > > > On 3/2/06, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> > >> > >> On 1 Mar 2006, at 22:33, Richard Thomas wrote: > >> > >>> Julian Field wrote: > >>> > >>>> > >>>> It santises the filenames before logging them or outputting them > >>>> in any way. > >>>> One way it does this is by shortening them, except for the last > >>>> filename extension. > >>>> So you won't always see the full original filename. This is to > >>>> stop exploits based on the reporting of filenames (imagine if you > >>>> made up a filename that contained MIME boundaries, newline > >>>> characters and a complete MIME attachment). It never ever outputs > >>>> raw data based on the input data without sanitising it in some > >>>> form. > >>>> > >>>> This is a fundamental anti-attack method I use. > >>>> > >>> OK, I understand the reasoning behind that. The problem is then I > >>> guess that it obscures the reason the file was blocked in the first > >>> place. Not that I'm complaining :) Just wondering if there might be > >>> some way to reconcile the two issues. > >> > >> Not that I have found. > >> > >>> (For now, I may just make the reject reason more explicit). > >> > >> That's my preferred solution. > >> - -- > >> Julian Field > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >> > >> -----BEGIN PGP SIGNATURE----- > >> Version: PGP Desktop 9.0.5 (Build 5050) > >> > >> iQEVAwUBRAau/vw32o+k+q+hAQF39AgAqe34fCCOHUXzwmYWY8PZikr3IdXidbHT > >> wsrN39mHvALbIh82RmVUioJdRCknsL6smJXGquhJZGPHZAVZwwdidDdCx7Xsoz2Z > >> ltVyHGHnVG8LOqMnkG4t97oZXWgRUNtcoLRbUwz4ZlUtWojrSy0i7v+8Vmg2h566 > >> o6tcAUTn9xEaBEBru5jaQFiYg4JDjKp0qJJoiFMiKiswIk5YSgroRmeL5QMKJkuu > >> B8iGZJ9FvSPVSHdVR6baGEflwIfEr+4WrGVwqkZoHkMnN8JFF6xxXZZc8jDgJLkl > >> cinILIHu+AOlSmarFuy7W8QHraMnLj49NeeP+ftalwawsiTON3dDwA== > >> =6B92 > >> -----END PGP SIGNATURE----- > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQEVAwUBRAb+mPw32o+k+q+hAQH1Jgf+LonselRrBN+DC1oRRKcvKvJXIsIPLxds > BRnbjEB0LNFHRUcV7kqouiR9t9sVJbmf3EaouKFMTLX943x3xmCT4WeEOKo1M2uI > iX2WXAFpe1wggdklvfPTDzKXCZVLz9YfVk32jBwA3rmJJ8NoMCa8C4a09QjiZD2Y > 4i0tRDwLMpFTBAhxFjbScMmtWqHJK11vseRiggI7nBt7EO3zCqxSNhuJMiAgeYow > CCbEsF/V395PFDuRiiAMWwNlpnOg1ByouZsAONNJKf/RJQ9wsoFDxpvh1DToF2p6 > 9nJPn9UaqXqJwUMFICpYX7ElqaRs8DKlg+XQz3IsO1oFFzF86GUFgw== > =axqG > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From matt at coders.co.uk Thu Mar 2 15:26:24 2006 From: matt at coders.co.uk (Matt Hampton) Date: Thu Mar 2 15:26:20 2006 Subject: Telnet to port 25 fails In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15DCB6BB@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15DCB6BB@woodenex.woodmaclaw.local> Message-ID: <44070EA0.2000107@coders.co.uk> Billy A. Pumphrey wrote: > - Tried the command telnet IPADDRESS 25 and it is not running as the dos > box just does not show it. I am guessing that you are running sendmail...... >From the box itself try "telnet 127.0.0.1 25" I am guessing this is going to work. By default sendmail now ships NOT listening to external connections. You will need to modify your sendmail configuration (edit the /etc/mail/sendmail.mc and then run make in the /etc/mail directory) matt From strydom.dave at gmail.com Thu Mar 2 15:30:16 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Thu Mar 2 15:30:42 2006 Subject: No Longer Fnishes Scans In-Reply-To: <4406A7B6.7090301@enitech.com.au> References: <4406A7B6.7090301@enitech.com.au> Message-ID: I had this problem a while back, I found that if i disabled the TNEF stuff, it started working like a charm. Expand TNEF = no Deliver Unparsable TNEF = yes Try it and let me know, also try this: Spam Checks = no Dave On 3/2/06, Pete Russell wrote: > For some reason today, without any inereference MailScanner startred > accepted new mail but none would ever be delivered and after MS restarts > we would see the be;loe logs. Anyone got any ideas on how to get mail > moving again? > > I changed Use Spamassassin to no and it continues to use SpamAssassin - > so i have left the MS service stopped and fallen back to anothyer server > - but this is not ideal > > Appreciate ANY suggestions > Pete > > Mar 2 18:36:09 car-mbus-sw1 MailScanner[2775]: Using locktype = flock > Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: New Batch: Found 133 > messages waiting > Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: New Batch: Scanning 30 > messages, 151525 bytes > Mar 2 18:36:10 car-mbus-sw1 MailScanner[2775]: Spam Checks: Starting > Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: Using locktype = flock > Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: New Batch: Found 133 > messages waiting > Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: New Batch: Scanning 30 > messages, 5408558 bytes > Mar 2 18:36:13 car-mbus-sw1 MailScanner[2786]: Spam Checks: Starting > Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: Using locktype = flock > Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: New Batch: Found 133 > messages waiting > Mar 2 18:36:24 car-mbus-sw1 MailScanner[2780]: New Batch: Scanning 13 > messages, 140946 bytes > > > In the LINT test i see - so i found the rule and remmed it out of the > local.cf > > 4200] dbg: config: adding redirector regex: > m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i 0.00038 > [4200] warn: config: warning: description exists for non-existent rule > ONTIME_HOSTING, 33.38069 > > After that i retest and find > > [4609] dbg: config: adding redirector regex: > m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i 0.00067 > [4609] dbg: plugin: > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xa83c010) implements > 'finish_parsing_end' 54.86721 > > > Any ideas what would cause this and any suggestions on whatr to try next? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From jaearick at colby.edu Thu Mar 2 15:40:33 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Mar 2 15:40:45 2006 Subject: Number of messages in a batch In-Reply-To: References: <625385e30603020135x7852e4fav129174bff6a540f1@mail.gmail.com> Message-ID: Julian, A great addition! Works, many thanks. Jeff Earickson Colby College On Thu, 2 Mar 2006, Julian Field wrote: > Date: Thu, 2 Mar 2006 09:49:15 +0000 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: Number of messages in a batch > > Patch for MessageBatch.pm is attached. > > From shrek-m at gmx.de Thu Mar 2 15:42:53 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Thu Mar 2 15:43:00 2006 Subject: Telnet to port 25 fails In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15DCB6BB@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15DCB6BB@woodenex.woodmaclaw.local> Message-ID: <4407127D.2010907@gmx.de> On 02.03.2006 16:09, Billy A. Pumphrey wrote: >Well I have gotten some ground on my new install and I cannot connect to >my machine through telnet 25. > > # lsof -nPi :25 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME sendmail 5427 root 3u IPv4 12244 TCP 127.0.0.1:25 (LISTEN) sendmail 5427 root 5u IPv4 12245 TCP 192.168.0.10:25 (LISTEN) # grep ^DAEMON /etc/mail/sendmail.mc DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl DAEMON_OPTIONS(`Port=smtp,Addr=192.168.0.10, Name=MTA')dnl [...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................] From john at jolet.net Thu Mar 2 15:52:52 2006 From: john at jolet.net (John Jolet) Date: Thu Mar 2 15:52:56 2006 Subject: Telnet to port 25 fails In-Reply-To: <4407127D.2010907@gmx.de> References: <04D932B0071FE34FA63EBB1977B48D15DCB6BB@woodenex.woodmaclaw.local> <4407127D.2010907@gmx.de> Message-ID: On Mar 2, 2006, at 9:42 AM, shrek-m@gmx.de wrote: > On 02.03.2006 16:09, Billy A. Pumphrey wrote: > >> Well I have gotten some ground on my new install and I cannot >> connect to >> my machine through telnet 25. >> > > # lsof -nPi :25 > COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME > sendmail 5427 root 3u IPv4 12244 TCP 127.0.0.1:25 (LISTEN) > sendmail 5427 root 5u IPv4 12245 TCP 192.168.0.10:25 > (LISTEN) > > > # grep ^DAEMON /etc/mail/sendmail.mc > DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl > DAEMON_OPTIONS(`Port=smtp,Addr=192.168.0.10, Name=MTA')dnl > if it's truly listening, but you can't connect from external...see if you can telnet localhost 25. sounds like a firewall problem or a route problem. From shuttlebox at gmail.com Thu Mar 2 15:57:11 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 2 15:57:14 2006 Subject: Number of messages in a batch In-Reply-To: References: <625385e30603020135x7852e4fav129174bff6a540f1@mail.gmail.com> Message-ID: <625385e30603020757l48327b40j55f7588f025b3662@mail.gmail.com> On 3/2/06, Jeff A. Earickson wrote: > Julian, > > A great addition! Works, many thanks. > > Jeff Earickson > Colby College Somehow I knew you would like it. :-) -- /peter From alex at nkpanama.com Thu Mar 2 16:00:10 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Mar 2 16:00:23 2006 Subject: Don't understand this match In-Reply-To: References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> <44060F19.3070407@psysolutions.com> <44061184.50003@ecs.soton.ac.uk> <4406211D.6070207@psysolutions.com> <8408E28D-277B-4553-91F1-E2CAEE463FCE@ecs.soton.ac.uk> Message-ID: <4407168A.1090504@nkpanama.com> Me neither! ;) Specially since everything's SO configurable! Dave Strydom wrote: > Don't get me wrong, I'm not complaining about it at all :) > > On 3/2/06, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> >> The default settings I provide are just what I consider to be a >> pretty good set that should be mostly okay, for most people, most of >> the time. Obviously if they aren't right for you, then just change >> them, that's why it is all configurable :-) >> >> When I first wrote the filename.rules.conf file, I put in the double >> file extension trap as an example of what could do done, beyond just >> matching simple extension names. I didn't realise how important it >> became for most sites. >> >> On 2 Mar 2006, at 13:42, Dave Strydom wrote: >> >> >>> I gave up on this rule in my mailscanner, because i have clients >>> sending emails that contain like whatever.xls.zip which are legit >>> files, since we do about 80 000 emails a day across 3 scanning >>> servers, it's annoying to backtrack and release legit files that get >>> caught by this rule, so i eventually removed the rule and just put >>> some trust in the virus scanning. >>> >>> Infact i edited a whole bunch of stuff in the filename.rules.conf and >>> filetype.rules.conf because some of the defaults are just not suitable >>> in the shared hosting enviroment. >>> >>> Dave >>> >>> On 3/2/06, Julian Field wrote: >>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> >>>> >>>> On 1 Mar 2006, at 22:33, Richard Thomas wrote: >>>> >>>> >>>>> Julian Field wrote: >>>>> >>>>> >>>>>> It santises the filenames before logging them or outputting them >>>>>> in any way. >>>>>> One way it does this is by shortening them, except for the last >>>>>> filename extension. >>>>>> So you won't always see the full original filename. This is to >>>>>> stop exploits based on the reporting of filenames (imagine if you >>>>>> made up a filename that contained MIME boundaries, newline >>>>>> characters and a complete MIME attachment). It never ever outputs >>>>>> raw data based on the input data without sanitising it in some >>>>>> form. >>>>>> >>>>>> This is a fundamental anti-attack method I use. >>>>>> >>>>>> >>>>> OK, I understand the reasoning behind that. The problem is then I >>>>> guess that it obscures the reason the file was blocked in the first >>>>> place. Not that I'm complaining :) Just wondering if there might be >>>>> some way to reconcile the two issues. >>>>> >>>> Not that I have found. >>>> >>>> >>>>> (For now, I may just make the reject reason more explicit). >>>>> >>>> That's my preferred solution. >>>> - -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: PGP Desktop 9.0.5 (Build 5050) >>>> >>>> iQEVAwUBRAau/vw32o+k+q+hAQF39AgAqe34fCCOHUXzwmYWY8PZikr3IdXidbHT >>>> wsrN39mHvALbIh82RmVUioJdRCknsL6smJXGquhJZGPHZAVZwwdidDdCx7Xsoz2Z >>>> ltVyHGHnVG8LOqMnkG4t97oZXWgRUNtcoLRbUwz4ZlUtWojrSy0i7v+8Vmg2h566 >>>> o6tcAUTn9xEaBEBru5jaQFiYg4JDjKp0qJJoiFMiKiswIk5YSgroRmeL5QMKJkuu >>>> B8iGZJ9FvSPVSHdVR6baGEflwIfEr+4WrGVwqkZoHkMnN8JFF6xxXZZc8jDgJLkl >>>> cinILIHu+AOlSmarFuy7W8QHraMnLj49NeeP+ftalwawsiTON3dDwA== >>>> =6B92 >>>> -----END PGP SIGNATURE----- >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.5 (Build 5050) >> >> iQEVAwUBRAb+mPw32o+k+q+hAQH1Jgf+LonselRrBN+DC1oRRKcvKvJXIsIPLxds >> BRnbjEB0LNFHRUcV7kqouiR9t9sVJbmf3EaouKFMTLX943x3xmCT4WeEOKo1M2uI >> iX2WXAFpe1wggdklvfPTDzKXCZVLz9YfVk32jBwA3rmJJ8NoMCa8C4a09QjiZD2Y >> 4i0tRDwLMpFTBAhxFjbScMmtWqHJK11vseRiggI7nBt7EO3zCqxSNhuJMiAgeYow >> CCbEsF/V395PFDuRiiAMWwNlpnOg1ByouZsAONNJKf/RJQ9wsoFDxpvh1DToF2p6 >> 9nJPn9UaqXqJwUMFICpYX7ElqaRs8DKlg+XQz3IsO1oFFzF86GUFgw== >> =axqG >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From bpumphrey at WoodMacLaw.com Thu Mar 2 16:01:07 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Thu Mar 2 16:01:14 2006 Subject: Telnet to port 25 fails Message-ID: <04D932B0071FE34FA63EBB1977B48D15DCB75F@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Matt Hampton > Sent: Thursday, March 02, 2006 10:26 AM > To: MailScanner discussion > Subject: Re: Telnet to port 25 fails > > Billy A. Pumphrey wrote: > > > - Tried the command telnet IPADDRESS 25 and it is not running as the dos > > box just does not show it. > > > > I am guessing that you are running sendmail...... > > >From the box itself try "telnet 127.0.0.1 25" > > I am guessing this is going to work. > > By default sendmail now ships NOT listening to external connections. > You will need to modify your sendmail configuration (edit the > /etc/mail/sendmail.mc and then run make in the /etc/mail directory) > > matt > That was it. Man you guys are good. Thank you From hermit921 at yahoo.com Thu Mar 2 16:46:35 2006 From: hermit921 at yahoo.com (hermit921) Date: Thu Mar 2 16:46:08 2006 Subject: CLSID matching In-Reply-To: <6.2.1.2.2.20060224122329.0319fed0@pop.mail.yahoo.com> References: <43D7B0C6.4030009@pixelhammer.com> <43D7B4E9.3080601@ecs.soton.ac.uk> <6.2.1.2.2.20060224122329.0319fed0@pop.mail.yahoo.com> Message-ID: <6.2.1.2.2.20060302084546.01e07ad0@pop.mail.yahoo.com> I was looking in the filenames file at the CLSID line. Doesn't this match any file name containing that 25 character string in {}, not just ending in that string? hermit921 # Deny filenames ending with CLSID's deny \{[a-hA-H0-9-]{25,}\} Filename trying to hide its real type Files containing CLSID's are trying to hide their real type From rcooper at dwford.com Thu Mar 2 17:02:13 2006 From: rcooper at dwford.com (Rick Cooper) Date: Thu Mar 2 17:02:35 2006 Subject: CLSID matching In-Reply-To: <6.2.1.2.2.20060302084546.01e07ad0@pop.mail.yahoo.com> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of > hermit921 > Sent: Thursday, March 02, 2006 11:47 AM > To: MailScanner discussion > Subject: Re: CLSID matching > > > I was looking in the filenames file at the CLSID line. Doesn't > this match > any file name containing that 25 character string in {}, not just > ending in > that string? > > hermit921 > > > # Deny filenames ending with CLSID's > deny \{[a-hA-H0-9-]{25,}\} Filename trying to hide its real > type Files > containing CLSID's are trying to hide their real type > > Technically yes, but I cannot imagine someone naming a file with: {ABCDEF012345679-ABCDEF01} anywhere in the file name,but it should be deny \.\{[a-hA-H0-9-]{25,}\}$ for the vulernability to work (IIRC) Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shrek-m at gmx.de Thu Mar 2 17:33:46 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Thu Mar 2 17:33:54 2006 Subject: Telnet to port 25 fails In-Reply-To: <44070EA0.2000107@coders.co.uk> References: <04D932B0071FE34FA63EBB1977B48D15DCB6BB@woodenex.woodmaclaw.local> <44070EA0.2000107@coders.co.uk> Message-ID: <44072C7A.7010102@gmx.de> On 02.03.2006 16:26, Matt Hampton wrote: >By default sendmail now ships NOT listening to external connections. > > now == a very long time, iirc since rhl7.x http://www.seifried.org/security/os/linux/redhat/20011031-rh72-sendmail.html This has got to be one of the worst and best features about Red Hat Linux 7.2. Getting sendmail to listen to things other then itself (localhost) http://www.europe.redhat.com/documentation/rhl7.3/rhl-rg-en-7.3/s1-email-sendmail.php3 *Important The default sendmail.cf does not allow sendmail to accept network connections from any host other than the local computer. If you want to configure sendmail as a server for other clients, please edit /etc/mail/sendmail.mc and change DAEMON_OPTIONS to also listen on network devices or comment out this option all together. Then regenerate /etc/sendmail.cf by running: -- shrek-m * From rcooper at dwford.com Thu Mar 2 18:08:35 2006 From: rcooper at dwford.com (Rick Cooper) Date: Thu Mar 2 18:09:01 2006 Subject: CLSID matching In-Reply-To: <6.2.1.2.2.20060302084546.01e07ad0@pop.mail.yahoo.com> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of > hermit921 > Sent: Thursday, March 02, 2006 11:47 AM > To: MailScanner discussion > Subject: Re: CLSID matching > > > I was looking in the filenames file at the CLSID line. Doesn't > this match > any file name containing that 25 character string in {}, not just > ending in > that string? > > hermit921 > > > # Deny filenames ending with CLSID's > deny \{[a-hA-H0-9-]{25,}\} Filename trying to hide its real > type Files > containing CLSID's are trying to hide their real type Not to beat a dead horse, but I was thinking after that last post and if you want to get technically correct a CLSID is a string of five groups of Hex number groups in the format of 8-4-4-12 such as {00020812-0000-0000-C000-000000000046} for the microsoft excel application. So a properly formatted CLSID detection regex would be: deny \.\{[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{ 12}\}$ or I guess you could shorten it to: deny \.\{[a-fA-F0-9]{8}(?:-[a-fA-F0-9]{4}){3}-[a-fA-F0-9]{12}\}$ Rick Cooper -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From matt at coders.co.uk Thu Mar 2 18:11:24 2006 From: matt at coders.co.uk (Matt Hampton) Date: Thu Mar 2 18:11:21 2006 Subject: Telnet to port 25 fails In-Reply-To: <44072C7A.7010102@gmx.de> References: <04D932B0071FE34FA63EBB1977B48D15DCB6BB@woodenex.woodmaclaw.local> <44070EA0.2000107@coders.co.uk> <44072C7A.7010102@gmx.de> Message-ID: <4407354C.9050405@coders.co.uk> shrek-m@gmx.de wrote: > On 02.03.2006 16:26, Matt Hampton wrote: > >> By default sendmail now ships NOT listening to external connections. >> >> > > now == a very long time, iirc since rhl7.x I have used my own MC files since rh6 so please forgive me ;-) From jd at bentecmed.com Thu Mar 2 18:24:24 2006 From: jd at bentecmed.com (JD Doelitzsch) Date: Thu Mar 2 18:28:29 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: <4405E837.4010905@ecs.soton.ac.uk> Message-ID: Why is it that im not married and I still suffer that problem?? -JD -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian Field Sent: Wednesday, March 01, 2006 10:30 AM To: MailScanner discussion Subject: Re: I need help. I'm out of time and out of patients -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > BB spake the following on 3/1/2006 8:14 AM: > >> Thanks Julian >> >> As my new wife to be would say - >> >> Your not getting older, your getting longer. >> > Or as my current wife says; > "Shut up and roll over, you're snoring!" > See what you have to look forward to ;-) > Fortunately I'm not married, so don't suffer that problem :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAXoNxH2WUcUFbZUEQKXVQCdH7skv9X1cni+Q9oJdpHsOotFlRwAmwZm +zPJm+wVIHdeYqTQ5dzEyDWT =TfbZ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 2 18:29:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 18:29:26 2006 Subject: CLSID matching In-Reply-To: References: Message-ID: <44073981.5050305@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Agreed, but my simple one is faster and close enough. I've never had a report of a false alarm. If it ain't broke (or anyone is reporting it as broke) then I see no point in fixing it :-) Rick Cooper wrote: >> I was looking in the filenames file at the CLSID line. Doesn't >> this match >> any file name containing that 25 character string in {}, not just >> ending in >> that string? >> >> hermit921 >> >> >> # Deny filenames ending with CLSID's >> deny \{[a-hA-H0-9-]{25,}\} Filename trying to hide its real >> type Files >> containing CLSID's are trying to hide their real type >> > > Not to beat a dead horse, but I was thinking after that last post and if you > want to get technically correct a CLSID is a string of five groups of Hex > number groups in the format of 8-4-4-12 such as > {00020812-0000-0000-C000-000000000046} for the microsoft excel application. > So a properly formatted CLSID detection regex would be: > > deny > \.\{[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{ > 12}\}$ > > or I guess you could shorten it to: deny > \.\{[a-fA-F0-9]{8}(?:-[a-fA-F0-9]{4}){3}-[a-fA-F0-9]{12}\}$ > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAc5ghH2WUcUFbZUEQJHEACg271hYPMuQ+6Rhux56Q4etwhmzyMAoLPo eTq4ckQA0LVroYNokcAiOpkh =xfaU -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hermit921 at yahoo.com Thu Mar 2 18:40:04 2006 From: hermit921 at yahoo.com (hermit921) Date: Thu Mar 2 18:39:26 2006 Subject: CLSID matching In-Reply-To: <44073981.5050305@ecs.soton.ac.uk> References: <44073981.5050305@ecs.soton.ac.uk> Message-ID: <6.2.1.2.2.20060302103844.02b3afd0@pop.mail.yahoo.com> Back to my original question. Does this expression match anywhere in the file name or match only as the end of the file name? The comments say one thing but I read it as the other. hermit921 At 10:29 AM 3/2/2006, Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Agreed, but my simple one is faster and close enough. I've never had a >report of a false alarm. If it ain't broke (or anyone is reporting it as >broke) then I see no point in fixing it :-) > >Rick Cooper wrote: > >> I was looking in the filenames file at the CLSID line. Doesn't this match > >> any file name containing that 25 character string in {}, not just > ending in > >> that string? > >> > >> hermit921 > >> > >> > >> # Deny filenames ending with CLSID's > >> deny \{[a-hA-H0-9-]{25,}\} Filename trying to hide its real > >> type Files > >> containing CLSID's are trying to hide their real type > >> > > > > Not to beat a dead horse, but I was thinking after that last post and > if you > > want to get technically correct a CLSID is a string of five groups of Hex > > number groups in the format of 8-4-4-12 such as > > {00020812-0000-0000-C000-000000000046} for the microsoft excel application. > > So a properly formatted CLSID detection regex would be: > > > > deny > > > \.\{[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{ > > 12}\}$ > > > > or I guess you could shorten it to: deny > > \.\{[a-fA-F0-9]{8}(?:-[a-fA-F0-9]{4}){3}-[a-fA-F0-9]{12}\}$ > > >- -- >Julian Field From rcooper at dwford.com Thu Mar 2 19:01:14 2006 From: rcooper at dwford.com (Rick Cooper) Date: Thu Mar 2 19:01:33 2006 Subject: CLSID matching In-Reply-To: <6.2.1.2.2.20060302103844.02b3afd0@pop.mail.yahoo.com> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of > hermit921 > Sent: Thursday, March 02, 2006 1:40 PM > To: MailScanner discussion > Subject: Re: CLSID matching > > > Back to my original question. Does this expression match anywhere in the > file name or match only as the end of the file name? The > comments say one > thing but I read it as the other. > yes -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From combs at magnet.fsu.edu Thu Mar 2 19:10:39 2006 From: combs at magnet.fsu.edu (Tom Combs) Date: Thu Mar 2 19:10:44 2006 Subject: move attachments from email to web? Message-ID: <4407432F.8060001@magnet.fsu.edu> Hi, This is off topic but given the experience of this group, I thought I'd ask... I'd like to be able to scrub large attachments from email, converting them to html and making them accessible via a provided URL. Does anyone have any experience with this? If so, how do you do it? Thanks, Tom Combs -- Tom Combs E-mail: combs@magnet.fsu.edu National High Magnetic Field Laboratory Phone: (850) 644-1657 1800 E. Paul Dirac Drive Tallahassee, FL 32310 From martelm at quark.vsc.edu Thu Mar 2 19:11:04 2006 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Thu Mar 2 19:11:12 2006 Subject: Problem with "Use TNEF Contents" ? Message-ID: <70AB70562F9AC762534846D5@[192.168.1.230]> Greetings! I love the new version. :) However, I'm seeing an oddity. On messages that contain winmail.dat attachments, the contents appear to be added to the message, even though the setting in the config file is replace. Am I reading this wrong ? Replace indicates that it should remove the winmail.dat. I've included the section of my .conf file and the output of MailScanner --lint and MailScanner -v Thanks! # Expand TNEF attachments using an external program (or a Perl module)? # This should be "yes" unless the scanner you are using (Sophos, McAfee) has # the facility built-in. However, if you set it to "no", then the filenames # within the TNEF attachment will not be checked against the filename rules. Expand TNEF = yes # When the TNEF (winmail.dat) attachments are expanded, should the # attachments contained in there be added to the list of attachments in # the message? # If you set this to "add" or "replace" then recipients of messages sent # in "Outlook Rich Text Format" (TNEF) will be able to read the attachments # if they are not using Microsoft Outlook. # # no => Leave winmail.dat TNEF attachments alone. # add => Add the contents of winmail.dat as extra attachments, but also # still include the winmail.dat file itself. This will result in # TNEF messages being doubled in size. # replace => Replace the winmail.dat TNEF attachment with the files it # contains, and delete the original winmail.dat file itself. # This means the message stays the same size, but is usable by # non-Outlook recipients. # # This can also be the filename of a ruleset. #Use TNEF Contents = replace Use TNEF Contents = replace [root@hemlock etc]# /opt/MailScanner/bin/MailScanner --lint Read 710 hostnames from the phishing whitelist Config: calling custom init function MailWatchLogging Cannot write pid file , No such file or directory at /opt/MailScanner/bin/MailScanner line 1238 Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamav mcafee bitdefender f-prot" Found these virus scanners installed: bitdefender, f-prot, clamav, mcafee [root@hemlock etc]# /opt/MailScanner/bin/MailScanner -v Running on Linux hemlock.vsc.edu 2.4.20-28.7smp #1 SMP Thu Dec 18 11:18:31 EST 2003 i686 unknown This is Red Hat Linux release 7.3 (Valhalla) This is Perl version 5.008006 (5.8.6) This is MailScanner version 4.51.4 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.16 File::Temp 1.32 HTML::Entities 3.48 HTML::Parser 2.35 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.03 MIME::QuotedPrint 5.419 MIME::Tools 0.11 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.811 DB_File 1.11 DBD::SQLite 1.50 DBI 1.08 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 0.44 Inline missing Mail::ClamAV 3.001000 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.18 Net::CIDR::Lite 0.48 Net::DNS 0.32 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.2 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 From hermit921 at yahoo.com Thu Mar 2 19:12:58 2006 From: hermit921 at yahoo.com (hermit921) Date: Thu Mar 2 19:12:30 2006 Subject: CLSID matching In-Reply-To: References: <6.2.1.2.2.20060302103844.02b3afd0@pop.mail.yahoo.com> Message-ID: <6.2.1.2.2.20060302110856.02b4ab20@pop.mail.yahoo.com> At 11:01 AM 3/2/2006, Rick Cooper wrote: > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of > > hermit921 > > Sent: Thursday, March 02, 2006 1:40 PM > > To: MailScanner discussion > > Subject: Re: CLSID matching > > > > > > Back to my original question. Does this expression match anywhere in the > > file name or match only as the end of the file name? The comments say one > > thing but I read it as the other. > > > >yes Yes - it matches the end OR Yes - it matches anywhere ??? From MailScanner at ecs.soton.ac.uk Thu Mar 2 19:14:56 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 19:15:02 2006 Subject: CLSID matching In-Reply-To: References: Message-ID: <44074430.4010602@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rick Cooper wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of >> hermit921 >> Sent: Thursday, March 02, 2006 1:40 PM >> To: MailScanner discussion >> Subject: Re: CLSID matching >> >> >> Back to my original question. Does this expression match anywhere in the >> file name or match only as the end of the file name? The >> comments say one >> thing but I read it as the other. >> >> > > yes > Either or? And the answer is "yes". Hmmm.... The expression matches anywhere in the filename, not just at the end. I decided to make it more general in case there later appeared any other vulnerabilities of a similar type, and as I said it has never caused a false alarm that I know of. (Apologies for lousy grammar!) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAdEMRH2WUcUFbZUEQIbiQCeLPX1co/lewYF3mhBisu5CDr2RMYAniDM YMSaU/NxnHJCNcod/6m3sju1 =QEry -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Thu Mar 2 19:20:36 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 2 19:20:39 2006 Subject: CLSID matching In-Reply-To: <6.2.1.2.2.20060302110856.02b4ab20@pop.mail.yahoo.com> References: <6.2.1.2.2.20060302103844.02b3afd0@pop.mail.yahoo.com> <6.2.1.2.2.20060302110856.02b4ab20@pop.mail.yahoo.com> Message-ID: <223f97700603021120m319c914bu@mail.gmail.com> On 02/03/06, hermit921 wrote: > At 11:01 AM 3/2/2006, Rick Cooper wrote: > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of > > > hermit921 > > > Sent: Thursday, March 02, 2006 1:40 PM > > > To: MailScanner discussion > > > Subject: Re: CLSID matching > > > > > > > > > Back to my original question. Does this expression match anywhere in the > > > file name or match only as the end of the file name? The comments say one > > > thing but I read it as the other. > > > > > > >yes > > Yes - it matches the end > OR > Yes - it matches anywhere > > ??? > > It's not anchored, so it is the latter. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Thu Mar 2 19:28:41 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 19:28:46 2006 Subject: move attachments from email to web? In-Reply-To: <4407432F.8060001@magnet.fsu.edu> References: <4407432F.8060001@magnet.fsu.edu> Message-ID: <44074769.3000403@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We have a quarantine retrieval system here which puts quarantined attachments on a website. It isn't quite what you want, but might help. How would you move the attachments to a website? It is quite possible to process the message to remove attachments bigger than a certain size and copy them somewhere, but you have the whole security problem to be aware of. Just generate a random URL? When would you delete the file? It's got to hang around for quite a while. You would replace the attachment with a text attachment containing the URL for the file. It sounds an interesting project to write, and I am quite willing to help. Things are pretty quiet right now (he says, cursing himself into a month like January!). If you can expand the spec, that would help. We could have a directory and ownership and permissions supplied, and a random directory name containing the files attached to a particular message that are over a certain size. So supply: Directory name Owner Group Permissions I then create a random directory name (based on the message queue id for simplicity) and move the attachments into there. I then replace the attachments one at a time with text/plain or text/html attachments directing the user to click on a link to download the attachment, whose filename will be the sanitised original attachment name. How does that sound? A nice little project that would be particularly useful to users with slow connections who are using POP and have a tight mail quota. It effectively moves their mail quota into web server space, but that's not my problem :-) Tom Combs wrote: > Hi, This is off topic but given the experience of this group, I thought > I'd ask... > I'd like to be able to scrub large attachments from email, converting > them to > html and making them accessible via a provided URL. Does anyone have > any experience with this? If so, how do you do it? > > Thanks, Tom Combs > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAdHaRH2WUcUFbZUEQKhZQCg01pHDCNjEBTmkUajsX6kVh+fmREAnjsr 7MPNu3Pd6wmpzz7dGOA7nqOD =Mm2O -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 2 19:30:53 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 19:30:58 2006 Subject: Problem with "Use TNEF Contents" ? In-Reply-To: <70AB70562F9AC762534846D5@[192.168.1.230]> References: <70AB70562F9AC762534846D5@[192.168.1.230]> Message-ID: <440747ED.3060409@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Are the TNEF attachments called exactly "winmail.dat"? I didn't see this during testing. Is anyone else seeing this too? Michael H. Martel wrote: > Greetings! > > I love the new version. :) However, I'm seeing an oddity. On > messages that contain winmail.dat attachments, the contents appear to > be added to the message, even though the setting in the config file is > replace. > > Am I reading this wrong ? Replace indicates that it should remove the > winmail.dat. > > I've included the section of my .conf file and the output of > MailScanner --lint and MailScanner -v > > Thanks! > > # Expand TNEF attachments using an external program (or a Perl module)? > # This should be "yes" unless the scanner you are using (Sophos, > McAfee) has > # the facility built-in. However, if you set it to "no", then the > filenames > # within the TNEF attachment will not be checked against the filename > rules. > Expand TNEF = yes > > # When the TNEF (winmail.dat) attachments are expanded, should the > # attachments contained in there be added to the list of attachments in > # the message? > # If you set this to "add" or "replace" then recipients of messages sent > # in "Outlook Rich Text Format" (TNEF) will be able to read the > attachments > # if they are not using Microsoft Outlook. > # > # no => Leave winmail.dat TNEF attachments alone. > # add => Add the contents of winmail.dat as extra attachments, but > also > # still include the winmail.dat file itself. This will > result in > # TNEF messages being doubled in size. > # replace => Replace the winmail.dat TNEF attachment with the files it > # contains, and delete the original winmail.dat file itself. > # This means the message stays the same size, but is usable by > # non-Outlook recipients. > # > # This can also be the filename of a ruleset. > #Use TNEF Contents = replace > Use TNEF Contents = replace > > > > [root@hemlock etc]# /opt/MailScanner/bin/MailScanner --lint > Read 710 hostnames from the phishing whitelist > Config: calling custom init function MailWatchLogging > Cannot write pid file , No such file or directory at > /opt/MailScanner/bin/MailScanner line 1238 > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > > MailScanner.conf says "Virus Scanners = clamav mcafee bitdefender f-prot" > Found these virus scanners installed: bitdefender, f-prot, clamav, mcafee > [root@hemlock etc]# /opt/MailScanner/bin/MailScanner -v > Running on > Linux hemlock.vsc.edu 2.4.20-28.7smp #1 SMP Thu Dec 18 11:18:31 EST > 2003 i686 unknown > This is Red Hat Linux release 7.3 (Valhalla) > This is Perl version 5.008006 (5.8.6) > > This is MailScanner version 4.51.4 > Module versions are: > 1.00 AnyDBM_File > 1.16 Archive::Zip > 1.03 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.16 File::Temp > 1.32 HTML::Entities > 3.48 HTML::Parser > 2.35 HTML::TokeParser > 1.21 IO > 1.10 IO::File > 1.123 IO::Pipe > 1.71 Mail::Header > 3.05 MIME::Base64 > 5.419 MIME::Decoder > 5.419 MIME::Decoder::UU > 5.419 MIME::Head > 5.419 MIME::Parser > 3.03 MIME::QuotedPrint > 5.419 MIME::Tools > 0.11 Net::CIDR > 1.08 POSIX > 1.77 Socket > 0.05 Sys::Syslog > 1.86 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.811 DB_File > 1.11 DBD::SQLite > 1.50 DBI > 1.08 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.10 Digest::SHA1 > 0.44 Inline > missing Mail::ClamAV > 3.001000 Mail::SpamAssassin > 1.997 Mail::SPF::Query > 0.18 Net::CIDR::Lite > 0.48 Net::DNS > 0.32 Net::LDAP > 1.94 Parse::RecDescent > missing SAVI > 1.2 Sys::Hostname::Long > 2.42 Test::Harness > 0.47 Test::Simple > 1.95 Text::Balanced > 1.35 URI > > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAdH7hH2WUcUFbZUEQKUhACfQWkLDMQwNxcGinETbj584XIQ78wAn1qy jSn2x2GWDsnDJFspwFebgLGc =72Hm -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martelm at quark.vsc.edu Thu Mar 2 20:10:05 2006 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Thu Mar 2 20:10:12 2006 Subject: Problem with "Use TNEF Contents" ? In-Reply-To: <440747ED.3060409@ecs.soton.ac.uk> References: <70AB70562F9AC762534846D5@[192.168.1.230]> <440747ED.3060409@ecs.soton.ac.uk> Message-ID: <7DEA7B9070E0DA1ADFD40645@[192.168.1.230]> --On Thursday, March 02, 2006 7:30 PM +0000 Julian Field wrote: > Are the TNEF attachments called exactly "winmail.dat"? > I didn't see this during testing. > Is anyone else seeing this too? yes. I see this in the logfile ... Mar 2 12:33:24 hemlock MailScanner[16846]: Spam Checks completed at 2149 bytes per second Mar 2 12:33:24 hemlock MailScanner[16846]: Expanding TNEF archive at /var/spool/MailScanner/incoming/16846/k22HXLrb025432/winmail.dat Mar 2 12:33:24 hemlock MailScanner[16846]: Message k22HXLrb025432 added TNEF contents msg-16846-641.txt Mar 2 12:33:24 hemlock MailScanner[16846]: Virus and Content Scanning: Starting The appropriate section of the raw message ... ------_=_NextPart_001_01C63E1F.5F720AE6 Content-Type: application/ms-tnef; name="winmail.dat" Content-Transfer-Encoding: base64 Headers from the mailbox seen here ... >From VSCHelpDesk@lsc.vsc.edu Thu Mar 2 12:33:27 2006 Return-Path: Received: from hemlock.vsc.edu (hemlock.vsc.edu [155.42.1.71]) by sage.vsc.edu (8.11.6/8.11.6) with ESMTP id k22HXR925783 for ; Thu, 2 Mar 2006 12:33:27 -0500 Received: from willow.vsc.edu (willow.vsc.edu [155.42.1.118]) by hemlock.vsc.edu (8.12.11/8.12.11) with ESMTP id k22HXLrb025432; Thu, 2 Mar 2006 12:33:21 -0500 Received: from lsc.vsc.edu (email.lsc.vsc.edu [155.42.122.21]) by willow.vsc.edu (8.12.8/8.12.8) with ESMTP id k22HX9Na020591 for ; Thu, 2 Mar 2006 12:33:09 -0500 X-MIMEOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C63E1F.5F720AE6" Subject: New WO# 8566 - Double booking error Date: Thu, 2 Mar 2006 12:33:09 -0500 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: New WO# 8566 - Double booking error Thread-Index: AcY+H19ySzaP8y/lS4WBQYOaqZ/DBA== From: "VSCHelpDesk" To: X-willow-MailScanner-Information: Please contact the helpdesk for more information X-willow-MailScanner: Found to be clean X-VermontStateColleges-MailScanner-Information: Please contact the helpdesk for more information X-VermontStateColleges-MailScanner: Found to be clean X-MailScanner-From: vschelpdesk@lsc.vsc.edu Status: RO X-Status: X-Keywords: X-UID: 169 Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 From glenn.steen at gmail.com Thu Mar 2 21:13:33 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 2 21:13:35 2006 Subject: move attachments from email to web? In-Reply-To: <44074769.3000403@ecs.soton.ac.uk> References: <4407432F.8060001@magnet.fsu.edu> <44074769.3000403@ecs.soton.ac.uk> Message-ID: <223f97700603021313q1b0aa00at@mail.gmail.com> On 02/03/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > We have a quarantine retrieval system here which puts quarantined > attachments on a website. It isn't quite what you want, but might help. > > How would you move the attachments to a website? It is quite possible to > process the message to remove attachments bigger than a certain size and > copy them somewhere, but you have the whole security problem to be aware > of. Just generate a random URL? When would you delete the file? It's got > to hang around for quite a while. You would replace the attachment with > a text attachment containing the URL for the file. > > It sounds an interesting project to write, and I am quite willing to > help. Things are pretty quiet right now (he says, cursing himself into a > month like January!). > > If you can expand the spec, that would help. > We could have a directory and ownership and permissions supplied, and a > random directory name containing the files attached to a particular > message that are over a certain size. > So supply: > Directory name > Owner > Group > Permissions > > I then create a random directory name (based on the message queue id for > simplicity) and move the attachments into there. I then replace the > attachments one at a time with text/plain or text/html attachments > directing the user to click on a link to download the attachment, whose > filename will be the sanitised original attachment name. > > How does that sound? > A nice little project that would be particularly useful to users with > slow connections who are using POP and have a tight mail quota. It > effectively moves their mail quota into web server space, but that's not > my problem :-) Wouldn't this best be solved by just let it degrade to the problem of "shoving the attachments into the quarantine, possibly notifying the recipient, then handling everything concerning the web view/release from within MailWatch"? Perhaps not as fun a project:-) -- Glenn > Tom Combs wrote: > > Hi, This is off topic but given the experience of this group, I thought > > I'd ask... > > I'd like to be able to scrub large attachments from email, converting > > them to > > html and making them accessible via a provided URL. Does anyone have > > any experience with this? If so, how do you do it? > > > > Thanks, Tom Combs > > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQA/AwUBRAdHaRH2WUcUFbZUEQKhZQCg01pHDCNjEBTmkUajsX6kVh+fmREAnjsr > 7MPNu3Pd6wmpzz7dGOA7nqOD > =Mm2O > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martelm at quark.vsc.edu Thu Mar 2 21:24:55 2006 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Thu Mar 2 21:25:08 2006 Subject: Perl Version Message-ID: <0308C6BA41495C21B60FE34F@[192.168.1.230]> Is anyone running MailScanner with Perl 5.8.8 ? Any issues ? I figured I'd ask before upgrading from 5.8.6 to 5.8.8. Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 From mikej at rogers.com Thu Mar 2 21:33:45 2006 From: mikej at rogers.com (Mike Jakubik) Date: Thu Mar 2 21:33:59 2006 Subject: Perl Version In-Reply-To: <0308C6BA41495C21B60FE34F@[192.168.1.230]> References: <0308C6BA41495C21B60FE34F@[192.168.1.230]> Message-ID: <440764B9.6090005@rogers.com> Michael H. Martel wrote: > Is anyone running MailScanner with Perl 5.8.8 ? Any issues ? > > I figured I'd ask before upgrading from 5.8.6 to 5.8.8. Works fine here: root@mail:~# MailScanner -v Running on FreeBSD mail.spam.local 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #0: Wed Mar 1 00:53:03 EST 2006 root@mail.spam.local:/usr/obj/usr/src/sys/SPAM i386 This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.50.15 From drew at themarshalls.co.uk Thu Mar 2 21:34:08 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Thu Mar 2 21:34:14 2006 Subject: Perl Version In-Reply-To: <0308C6BA41495C21B60FE34F@[192.168.1.230]> References: <0308C6BA41495C21B60FE34F@[192.168.1.230]> Message-ID: <7B395F7F-22B0-4552-833F-00FAAA79AAA5@themarshalls.co.uk> On 2 Mar 2006, at 21:24, Michael H. Martel wrote: > Is anyone running MailScanner with Perl 5.8.8 ? Any issues ? Yes and no, in that order. Or at least not that I have seen Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From Mailscanner at mailing.kaufland-informationssysteme.com Thu Mar 2 21:41:40 2006 From: Mailscanner at mailing.kaufland-informationssysteme.com (Matthias Sutter) Date: Thu Mar 2 21:41:43 2006 Subject: Spam Policy per user In-Reply-To: <44033D05.9060403@ecs.soton.ac.uk> References: <440335F1.3080508@mailing.kaufland-informationssysteme.com> <44033D05.9060403@ecs.soton.ac.uk> Message-ID: <44076694.1040501@mailing.kaufland-informationssysteme.com> Hi, i have some questions regarding the spam arguments. Where I have to define the different arguments. In the Custom Functions? Is it possible to include the RBLs or DCC ? Thanks Matthias Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > > > >Matthias Sutter wrote: > > >>Hi, >> >>our mailscanner installation work very well but now we should >>implement a function that the user have the option to change the Spam >>properties/handling. >>For example there are 3 lists off users: >> >>the first - the user should get no Spam >> >> >Spam Actions = delete >High Scoring Spam Actions = delete > > >>the second - the user get no high score Spam and all others are marked >>in the subject line >> >> >Spam Actions = deliver >High Scoring Spam Actions = delete > > >>and the last and default - no Spam detection and filter is active. >> >> >Spam Actions = deliver >High Scoring Spam Actions = deliver > >All you need to do is write a bit of support for some sort of backend >with a Custom Function for "Spam Actions" and "High Scoring Spam >Actions" to produce either the "deliver" or "delete" actions as appropriate. > >Once you have some sort of a DB backend to store the data in, this is >only a few lines of code to do the Custom Functions required. >No huge job. > > >>Can I build this scenario with mailscanner ? >> >>Thanks in advance >>Matthias >> >> > >- -- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.0.5 (Build 5050) > >iQA/AwUBRAM9BRH2WUcUFbZUEQKxlwCbB3WOv8v+GwuejKfI0ieCuI4Y2S8AoMBp >2qNMSBvnWtYZFzl7dP5s7S8F >=dqo/ >-----END PGP SIGNATURE----- > > > From ugob at camo-route.com Thu Mar 2 22:33:10 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Thu Mar 2 22:33:45 2006 Subject: Chinese e-mail In-Reply-To: <019201c63d4d$ca4fee90$3004010a@martinhlaptop> References: <019201c63d4d$ca4fee90$3004010a@martinhlaptop> Message-ID: Martin Hepworth wrote: > Ugo > > I do quite a bit of Japanese, French, German, Russian/Polish etc with my > setup which is predominately English otherwise. No problem I know of > did you edit the locales settings in SA? > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Ugo Bellavance >> Sent: 01 March 2006 16:01 >> To: mailscanner@lists.mailscanner.info >> Subject: Chinese e-mail >> >> Hi, >> >> Would it be dangerous to have a mailscanner server processing >> chinese >> people while most of its traffic is french and english? I know bayes >> would be effective, but... anything else I should check? >> >> Regards, >> >> Ugo >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > From MailScanner at ecs.soton.ac.uk Thu Mar 2 22:50:03 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 22:50:10 2006 Subject: Problem with "Use TNEF Contents" ? In-Reply-To: <7DEA7B9070E0DA1ADFD40645@[192.168.1.230]> References: <70AB70562F9AC762534846D5@[192.168.1.230]> <440747ED.3060409@ecs.soton.ac.uk> <7DEA7B9070E0DA1ADFD40645@[192.168.1.230]> Message-ID: <4407769B.5060808@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fixed. Released 4.51.5. Will announce next. Michael H. Martel wrote: > --On Thursday, March 02, 2006 7:30 PM +0000 Julian Field > wrote: > >> Are the TNEF attachments called exactly "winmail.dat"? >> I didn't see this during testing. >> Is anyone else seeing this too? > > yes. I see this in the logfile ... > > Mar 2 12:33:24 hemlock MailScanner[16846]: Spam Checks completed at > 2149 bytes per second > > Mar 2 12:33:24 hemlock MailScanner[16846]: Expanding TNEF archive at > /var/spool/MailScanner/incoming/16846/k22HXLrb025432/winmail.dat > > Mar 2 12:33:24 hemlock MailScanner[16846]: Message k22HXLrb025432 > added TNEF contents msg-16846-641.txt > > Mar 2 12:33:24 hemlock MailScanner[16846]: Virus and Content > Scanning: Starting > > > The appropriate section of the raw message ... > > > ------_=_NextPart_001_01C63E1F.5F720AE6 > Content-Type: application/ms-tnef; > name="winmail.dat" > Content-Transfer-Encoding: base64 > > > > Headers from the mailbox seen here ... > >> From VSCHelpDesk@lsc.vsc.edu Thu Mar 2 12:33:27 2006 > Return-Path: > Received: from hemlock.vsc.edu (hemlock.vsc.edu [155.42.1.71]) > by sage.vsc.edu (8.11.6/8.11.6) with ESMTP id k22HXR925783 > for ; Thu, 2 Mar 2006 12:33:27 -0500 > Received: from willow.vsc.edu (willow.vsc.edu [155.42.1.118]) > by hemlock.vsc.edu (8.12.11/8.12.11) with ESMTP id k22HXLrb025432; > Thu, 2 Mar 2006 12:33:21 -0500 > Received: from lsc.vsc.edu (email.lsc.vsc.edu [155.42.122.21]) > by willow.vsc.edu (8.12.8/8.12.8) with ESMTP id k22HX9Na020591 > for ; Thu, 2 Mar 2006 12:33:09 -0500 > X-MIMEOLE: Produced By Microsoft Exchange V6.5 > Content-class: urn:content-classes:message > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="----_=_NextPart_001_01C63E1F.5F720AE6" > Subject: New WO# 8566 - Double booking error > Date: Thu, 2 Mar 2006 12:33:09 -0500 > Message-ID: > X-MS-Has-Attach: > X-MS-TNEF-Correlator: > > Thread-Topic: New WO# 8566 - Double booking error > Thread-Index: AcY+H19ySzaP8y/lS4WBQYOaqZ/DBA== > From: "VSCHelpDesk" > To: > X-willow-MailScanner-Information: Please contact the helpdesk for more > information > X-willow-MailScanner: Found to be clean > X-VermontStateColleges-MailScanner-Information: Please contact the > helpdesk for more information > X-VermontStateColleges-MailScanner: Found to be clean > X-MailScanner-From: vschelpdesk@lsc.vsc.edu > Status: RO > X-Status: > X-Keywords: > X-UID: 169 > > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAd2nBH2WUcUFbZUEQLcWACgyeIL8YPDE9i6Z5PwCsK4TEXhOqMAmQFJ O0l0PxLW9wXqw9mBoRcy4EjB =bBBH -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 2 22:51:08 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 22:51:12 2006 Subject: RELEASED 4.51.5 -- Re: Problem with "Use TNEF Contents" ? In-Reply-To: <7DEA7B9070E0DA1ADFD40645@[192.168.1.230]> References: <70AB70562F9AC762534846D5@[192.168.1.230]> <440747ED.3060409@ecs.soton.ac.uk> <7DEA7B9070E0DA1ADFD40645@[192.168.1.230]> Message-ID: <440776DC.7090703@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have fixed this problem and released 4.51.5 to address this issue, it's serious enough to warrant a replacement release. Michael H. Martel wrote: > --On Thursday, March 02, 2006 7:30 PM +0000 Julian Field > wrote: > >> Are the TNEF attachments called exactly "winmail.dat"? >> I didn't see this during testing. >> Is anyone else seeing this too? > > yes. I see this in the logfile ... > > Mar 2 12:33:24 hemlock MailScanner[16846]: Spam Checks completed at > 2149 bytes per second > > Mar 2 12:33:24 hemlock MailScanner[16846]: Expanding TNEF archive at > /var/spool/MailScanner/incoming/16846/k22HXLrb025432/winmail.dat > > Mar 2 12:33:24 hemlock MailScanner[16846]: Message k22HXLrb025432 > added TNEF contents msg-16846-641.txt > > Mar 2 12:33:24 hemlock MailScanner[16846]: Virus and Content > Scanning: Starting > > > The appropriate section of the raw message ... > > > ------_=_NextPart_001_01C63E1F.5F720AE6 > Content-Type: application/ms-tnef; > name="winmail.dat" > Content-Transfer-Encoding: base64 > > > > Headers from the mailbox seen here ... > >> From VSCHelpDesk@lsc.vsc.edu Thu Mar 2 12:33:27 2006 > Return-Path: > Received: from hemlock.vsc.edu (hemlock.vsc.edu [155.42.1.71]) > by sage.vsc.edu (8.11.6/8.11.6) with ESMTP id k22HXR925783 > for ; Thu, 2 Mar 2006 12:33:27 -0500 > Received: from willow.vsc.edu (willow.vsc.edu [155.42.1.118]) > by hemlock.vsc.edu (8.12.11/8.12.11) with ESMTP id k22HXLrb025432; > Thu, 2 Mar 2006 12:33:21 -0500 > Received: from lsc.vsc.edu (email.lsc.vsc.edu [155.42.122.21]) > by willow.vsc.edu (8.12.8/8.12.8) with ESMTP id k22HX9Na020591 > for ; Thu, 2 Mar 2006 12:33:09 -0500 > X-MIMEOLE: Produced By Microsoft Exchange V6.5 > Content-class: urn:content-classes:message > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="----_=_NextPart_001_01C63E1F.5F720AE6" > Subject: New WO# 8566 - Double booking error > Date: Thu, 2 Mar 2006 12:33:09 -0500 > Message-ID: > X-MS-Has-Attach: > X-MS-TNEF-Correlator: > > Thread-Topic: New WO# 8566 - Double booking error > Thread-Index: AcY+H19ySzaP8y/lS4WBQYOaqZ/DBA== > From: "VSCHelpDesk" > To: > X-willow-MailScanner-Information: Please contact the helpdesk for more > information > X-willow-MailScanner: Found to be clean > X-VermontStateColleges-MailScanner-Information: Please contact the > helpdesk for more information > X-VermontStateColleges-MailScanner: Found to be clean > X-MailScanner-From: vschelpdesk@lsc.vsc.edu > Status: RO > X-Status: > X-Keywords: > X-UID: 169 > > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAd23BH2WUcUFbZUEQJb6QCffXg7i7T07VYsXyeab9gmGAqAf5IAoOZa g5/0+uF2kx9hrc12O323lzSo =EJYP -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 2 22:56:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 2 22:56:40 2006 Subject: Released 4.51.5 Message-ID: <44077823.5060200@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Due to problems with "Use TNEF Contents = replace" not working as advertised, I have released 4.51.5 which should fix this problem. 4.51.4 did not properly delete the winmail.dat file from the message. I have completely rewritten the code that does this and it seems to be a lot more robust now. This release also incidentally adds 2 fixes/features: - - Logging of batch timing includes number of messages in batch. - - Pid File error produced with "MailScanner --lint" is fixed. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAd4IxH2WUcUFbZUEQI0owCcDuRHOS20pjqBKQc4m01sPvzT5JYAoMRd Xk8yWJUYfprJYaD6cQhC6OZ6 =KmHr -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From brent.addis at pronet.co.nz Thu Mar 2 23:10:43 2006 From: brent.addis at pronet.co.nz (Brent Addis) Date: Thu Mar 2 23:11:25 2006 Subject: Released 4.51.5 In-Reply-To: <44077823.5060200@ecs.soton.ac.uk> References: <44077823.5060200@ecs.soton.ac.uk> Message-ID: <44077B73.4070406@pronet.co.nz> gah. 2 minutes after I spend 20 minutes updating to the last release. guess I get to do it again :) Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Due to problems with "Use TNEF Contents = replace" not working as > advertised, I have released 4.51.5 which should fix this problem. > > 4.51.4 did not properly delete the winmail.dat file from the message. I > have completely rewritten the code that does this and it seems to be a > lot more robust now. > > This release also incidentally adds 2 fixes/features: > - - Logging of batch timing includes number of messages in batch. > - - Pid File error produced with "MailScanner --lint" is fixed. > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQA/AwUBRAd4IxH2WUcUFbZUEQI0owCcDuRHOS20pjqBKQc4m01sPvzT5JYAoMRd > Xk8yWJUYfprJYaD6cQhC6OZ6 > =KmHr > -----END PGP SIGNATURE----- > > From steve.swaney at fsl.com Thu Mar 2 23:42:51 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Mar 2 23:42:55 2006 Subject: Released 4.51.5 In-Reply-To: <44077B73.4070406@pronet.co.nz> Message-ID: <0d1501c63e53$052e5cd0$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Brent Addis > Sent: Thursday, March 02, 2006 6:11 PM > To: MailScanner discussion > Subject: Re: Released 4.51.5 > > gah. > > 2 minutes after I spend 20 minutes updating to the last release. > > guess I get to do it again :) > Brent, 30 second download Type 3 lines Have a drink or whatever while Julian's script does all the work Type 4 more lines Check things out - couple of minutes Have another drink or whatever I don't feel too bad for you but then I was just about to download and start testing then the announcement came out :) I maybe all the MailScanner knew how easy it is to upgrade, the list could stop supporting MailScanner 4.3x and earlier ;) All the best, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From ssilva at sgvwater.com Thu Mar 2 23:43:40 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Mar 2 23:44:07 2006 Subject: I need help. I'm out of time and out of patients In-Reply-To: References: <4405E837.4010905@ecs.soton.ac.uk> Message-ID: JD Doelitzsch spake the following on 3/2/2006 10:24 AM: > Why is it that im not married and I still suffer that problem?? > The snoring, or someone telling you to rollover? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From brent.addis at pronet.co.nz Thu Mar 2 23:55:51 2006 From: brent.addis at pronet.co.nz (Brent Addis) Date: Thu Mar 2 23:56:21 2006 Subject: Released 4.51.5 In-Reply-To: <0d1501c63e53$052e5cd0$287ba8c0@office.fsl> References: <0d1501c63e53$052e5cd0$287ba8c0@office.fsl> Message-ID: <44078607.10407@pronet.co.nz> It was an upgrade from version .38, I upgraded the config manually due to the leap. Nothing against the upgrade script code, I just feel safer doing that myself :> Stephen Swaney wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Brent Addis >> Sent: Thursday, March 02, 2006 6:11 PM >> To: MailScanner discussion >> Subject: Re: Released 4.51.5 >> >> gah. >> >> 2 minutes after I spend 20 minutes updating to the last release. >> >> guess I get to do it again :) >> >> > Brent, > > 30 second download > Type 3 lines > Have a drink or whatever while Julian's script does all the work > Type 4 more lines > > Check things out - couple of minutes > > Have another drink or whatever > > I don't feel too bad for you but then I was just about to download and start > testing then the announcement came out :) > > I maybe all the MailScanner knew how easy it is to upgrade, the list could > stop supporting MailScanner 4.3x and earlier ;) > > All the best, > > Steve > > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > > -- From steve.swaney at fsl.com Fri Mar 3 00:11:48 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Fri Mar 3 00:11:51 2006 Subject: Released 4.51.5 In-Reply-To: <44078607.10407@pronet.co.nz> Message-ID: <0d1b01c63e57$105635c0$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Brent Addis > Sent: Thursday, March 02, 2006 6:56 PM > To: MailScanner discussion > Subject: Re: Released 4.51.5 > > It was an upgrade from version .38, I upgraded the config manually due > to the leap. Nothing against the upgrade script code, I just feel safer > doing that myself :> > But you've already done the heavy lifting :) Upgrading from 4.51-4 to 4.51-5 should be as simple as using the install.sh script. I don't think you'd even have to run the upgrade_MailScanner script but it can't hurt. Some of the comments might have changed but I don't think there were any added configuration options. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com > > Stephen Swaney wrote: > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Brent Addis > >> Sent: Thursday, March 02, 2006 6:11 PM > >> To: MailScanner discussion > >> Subject: Re: Released 4.51.5 > >> > >> gah. > >> > >> 2 minutes after I spend 20 minutes updating to the last release. > >> > >> guess I get to do it again :) > >> > >> > > Brent, > > > > 30 second download > > Type 3 lines > > Have a drink or whatever while Julian's script does all the work > > Type 4 more lines > > > > Check things out - couple of minutes > > > > Have another drink or whatever > > > > I don't feel too bad for you but then I was just about to download and > start > > testing then the announcement came out :) > > > > I maybe all the MailScanner knew how easy it is to upgrade, the list > could > > stop supporting MailScanner 4.3x and earlier ;) > > > > All the best, > > > > Steve > > > > > > Stephen Swaney > > Fort Systems Ltd. > > stephen.swaney@fsl.com > > www.fsl.com > > > > > > > -- > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From bsnottum at hotmail.com Fri Mar 3 13:12:08 2006 From: bsnottum at hotmail.com (=?iso-8859-1?B?Qmr4cm4tU3ZlcnJlIE74dHR1bQ==?=) Date: Fri Mar 3 13:12:14 2006 Subject: Help - user error caused mailscanner to stop working Message-ID: Hallo! I have a mailserver running squirrelmail. I use mailscanner on a seperate machine as mailgateway and all the other stuff mailscanner so wonderfully does. A collegue of mine - it is true, it was not me!! - really messed things up today. He made changes into the sendmail configuration file - I do not think it was in either of the two that mailscanner creates - and restarted sendmail itself, not via mailscanner! Stupid ass!! Excuse my language. No no mail passes thruough the mailgateway. I have tried to stop the instance of sendmail that he started and then restarted mailscanner - but it does not help. I am running mailscanner Version 1.1-4 BETA on an fc2 server with sendmail on the mailgateway. Anyone that can help me on this?? Sincerely Bjorn From drew at themarshalls.co.uk Fri Mar 3 13:26:58 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Mar 3 13:27:11 2006 Subject: Phishing Safe Sites List Auto Update Message-ID: <54312.194.70.180.170.1141392418.squirrel@webmail.r-bit.net> I don't remember this being answered before but how often is the master phishing safe sites list updated? I just want to ensure that my cron job is set to sensible time period. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From MailScanner at ecs.soton.ac.uk Fri Mar 3 13:30:58 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 3 13:31:08 2006 Subject: Phishing Safe Sites List Auto Update In-Reply-To: <54312.194.70.180.170.1141392418.squirrel@webmail.r-bit.net> References: <54312.194.70.180.170.1141392418.squirrel@webmail.r-bit.net> Message-ID: <229C40A0-C6DC-4467-8900-5B7ADDFF0329@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Usually not more than once a week at most. On 3 Mar 2006, at 13:26, Drew Marshall wrote: > I don't remember this being answered before but how often is the > master > phishing safe sites list updated? I just want to ensure that my > cron job > is set to sensible time period. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAhFFfw32o+k+q+hAQER6Qf/VvxJq+X2Ou4AUQD20F7PYTAGtg8nuchc YB16Wt4tubQXqDLk8VhubaqlAxL+P4T6BlnCZzCqHtcR7UJDJ4sGmhYWe9a/wgLO LYfsCwNv1yrlgr0fesIBHlQqgAk4UrzKgfJBM/+MxaJ7Rx67WRkWbLaTsl5fpFC/ 7FqJpfKzSuBsd3M2taAx2+hWTW5oP5vgUoSJJ5OlBJA/AbwyDHC+5K2hXvVt9PWL Xpe47YK7Mbb4wSio34s10yQuBqeof7u/tIooHJoyvNO2hGzJz7PFweg4ehCMZO9e f5KhSvaWxKLLduSd6T0UuWRZbIi+I37hDw3wJFw1isoegQywOQl09g== =K5FD -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From drew at themarshalls.co.uk Fri Mar 3 13:42:54 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Mar 3 13:43:09 2006 Subject: Phishing Safe Sites List Auto Update In-Reply-To: <229C40A0-C6DC-4467-8900-5B7ADDFF0329@ecs.soton.ac.uk> References: <54312.194.70.180.170.1141392418.squirrel@webmail.r-bit.net> <229C40A0-C6DC-4467-8900-5B7ADDFF0329@ecs.soton.ac.uk> Message-ID: <54682.194.70.180.170.1141393374.squirrel@webmail.r-bit.net> On Fri, March 3, 2006 13:30, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Usually not more than once a week at most. Thanks. I'll adjust my cron job to every 10 days or so. That should be fine and keep my (And your!!) load down a little bit. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From steve.swaney at fsl.com Fri Mar 3 13:50:30 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Fri Mar 3 13:50:34 2006 Subject: Virus alert Message-ID: <0fb101c63ec9$6fbfd7b0$287ba8c0@office.fsl> We're seeing a ton of these at many sites here in the US right now. Looks like they started overnight. --------------------------- The following e-mails were found to have: Bad Filename Detected Sender: dax@039.com IP Address: 59.2.134.56 Recipient: falesejo@lewisu.edu Subject: MessageID: k23D3uTH027733 Quarantine: /var/spool/MailScanner/quarantine/20060303/k23D3uTH027733 Report: MailScanner: No programs allowed (msg-22172-24.txt) --------------------------- The files all have names similar to msg-22172-24.txt file shows: # file msg-22172-24.txt msg-22172-24.txt: MIPSEL-BE MIPS-III ECOFF executable not stripped - version 0.0 BitDefender and ClamAV scans do NOT detect a virus. Stephen Swaney Fort Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 stephen.swaney@fsl.com www.fsl.com From gmatt at nerc.ac.uk Fri Mar 3 13:52:59 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Fri Mar 3 13:53:24 2006 Subject: Phishing Safe Sites List Auto Update In-Reply-To: <229C40A0-C6DC-4467-8900-5B7ADDFF0329@ecs.soton.ac.uk> References: <54312.194.70.180.170.1141392418.squirrel@webmail.r-bit.net> <229C40A0-C6DC-4467-8900-5B7ADDFF0329@ecs.soton.ac.uk> Message-ID: <1141393980.7317.12.camel@lea.nerc-wallingford.ac.uk> On Fri, 2006-03-03 at 13:30 +0000, Julian Field wrote: > Usually not more than once a week at most. shouldnt the cron job go into /etc/cron.weekly instead of /etc/cron.daily then? GREG > On 3 Mar 2006, at 13:26, Drew Marshall wrote: > > > I don't remember this being answered before but how often is the > > master > > phishing safe sites list updated? I just want to ensure that my > > cron job > > is set to sensible time period. -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From joshua.hirsh at partnersolutions.ca Fri Mar 3 13:56:19 2006 From: joshua.hirsh at partnersolutions.ca (Joshua Hirsh) Date: Fri Mar 3 13:56:23 2006 Subject: OT: (\x01)BOUNDARY_OUTLOOK Messages? Message-ID: Hi List, I've been seeing quite a few messages come through lately that only contain the word BOUNDARY_OUTLOOK, with a single character at the start of the word (\x01) (file picks it up as MIPSEL-BE MIPS-III ECOFF executable not stripped, so they're blocked). Is this scrap from some type of broken virus? Google doesn't really offer up anything on this.. -Joshua From shuttlebox at gmail.com Fri Mar 3 13:57:33 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Mar 3 13:57:37 2006 Subject: Help - user error caused mailscanner to stop working In-Reply-To: References: Message-ID: <625385e30603030557k487a801fo931f36b8f6236e4f@mail.gmail.com> On 3/3/06, Bj?rn-Sverre N?ttum wrote: > No no mail passes thruough the mailgateway. I have tried to stop the > instance of sendmail that he started and then restarted mailscanner - but it > does not help. Doesn't he know what changes he did so you/he can reverse them? Didn't he save the original files with different names before he changed them? Don't you have backups from yesterday? > I am running mailscanner Version 1.1-4 BETA on an fc2 server with sendmail > on the mailgateway. Anyone that can help me on this?? Sounds quite old. ;-) -- /peter From martinh at solid-state-logic.com Fri Mar 3 13:58:50 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Mar 3 13:58:58 2006 Subject: (\x01)BOUNDARY_OUTLOOK Messages? In-Reply-To: Message-ID: <001101c63eca$9981e2e0$3004010a@martinhlaptop> Had a few of these this morning - seem to have stopped now..maybe broken spammer?!!? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Joshua Hirsh > Sent: 03 March 2006 13:56 > To: MailScanner discussion > Subject: OT: (\x01)BOUNDARY_OUTLOOK Messages? > > Hi List, > > I've been seeing quite a few messages come through lately that only > contain the word BOUNDARY_OUTLOOK, with a single character at the start of > the word (\x01) (file picks it up as MIPSEL-BE MIPS-III ECOFF executable > not stripped, so they're blocked). > > > Is this scrap from some type of broken virus? > > > Google doesn't really offer up anything on this.. > > > -Joshua > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From joshua.hirsh at partnersolutions.ca Fri Mar 3 13:59:16 2006 From: joshua.hirsh at partnersolutions.ca (Joshua Hirsh) Date: Fri Mar 3 13:59:19 2006 Subject: Virus alert Message-ID: > We're seeing a ton of these at many sites here in the US > right now. Looks like they started overnight. > > --------------------------- > The following e-mails were found to have: Bad Filename Detected > > Sender: dax@039.com > IP Address: 59.2.134.56 > Recipient: falesejo@lewisu.edu > Subject: > MessageID: k23D3uTH027733 > Quarantine: /var/spool/MailScanner/quarantine/20060303/k23D3uTH027733 > Report: MailScanner: No programs allowed (msg-22172-24.txt) > --------------------------- Hi Stephen, I've been seeing these for atleast a week (see my last message to the list). Mostly from Chinese or European source addresses. They're picked up as executables (but really they aren't) because the payload starts with HEX character 01, followed by the word "BOUNDARY_OUTLOOK". -Joshua From shuttlebox at gmail.com Fri Mar 3 13:59:31 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Mar 3 13:59:33 2006 Subject: Phishing Safe Sites List Auto Update In-Reply-To: <1141393980.7317.12.camel@lea.nerc-wallingford.ac.uk> References: <54312.194.70.180.170.1141392418.squirrel@webmail.r-bit.net> <229C40A0-C6DC-4467-8900-5B7ADDFF0329@ecs.soton.ac.uk> <1141393980.7317.12.camel@lea.nerc-wallingford.ac.uk> Message-ID: <625385e30603030559y58b756dby57a207bb5e9c747b@mail.gmail.com> On 3/3/06, Greg Matthews wrote: > On Fri, 2006-03-03 at 13:30 +0000, Julian Field wrote: > > Usually not more than once a week at most. > > shouldnt the cron job go into /etc/cron.weekly instead > of /etc/cron.daily then? Well, then you might have to wait a week before you get the update. -- /peter From drew at themarshalls.co.uk Fri Mar 3 14:04:10 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Mar 3 14:04:25 2006 Subject: Virus alert In-Reply-To: <0fb101c63ec9$6fbfd7b0$287ba8c0@office.fsl> References: <0fb101c63ec9$6fbfd7b0$287ba8c0@office.fsl> Message-ID: <54861.194.70.180.170.1141394650.squirrel@webmail.r-bit.net> On Fri, March 3, 2006 13:50, Stephen Swaney wrote: > We're seeing a ton of these at many sites here in the US right now. Looks > like they started overnight. > > --------------------------- > The following e-mails were found to have: Bad Filename Detected > > Sender: dax@039.com > IP Address: 59.2.134.56 > Recipient: falesejo@lewisu.edu > Subject: > MessageID: k23D3uTH027733 > Quarantine: /var/spool/MailScanner/quarantine/20060303/k23D3uTH027733 > Report: MailScanner: No programs allowed (msg-22172-24.txt) > --------------------------- > > The files all have names similar to msg-22172-24.txt > > file shows: > # file msg-22172-24.txt > msg-22172-24.txt: MIPSEL-BE MIPS-III ECOFF executable not stripped - > version > 0.0 Yes, I have seen one these too. Having one of those days I haven't had time to look at it any further to investigate if the .txt file really is any thing dodgy or just has an unfortunate string of characters. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From t.d.lee at durham.ac.uk Fri Mar 3 14:05:59 2006 From: t.d.lee at durham.ac.uk (David Lee) Date: Fri Mar 3 14:09:41 2006 Subject: Phishing Safe Sites List Auto Update In-Reply-To: <229C40A0-C6DC-4467-8900-5B7ADDFF0329@ecs.soton.ac.uk> References: <54312.194.70.180.170.1141392418.squirrel@webmail.r-bit.net> <229C40A0-C6DC-4467-8900-5B7ADDFF0329@ecs.soton.ac.uk> Message-ID: On Fri, 3 Mar 2006, Julian Field wrote: > On 3 Mar 2006, at 13:26, Drew Marshall wrote: > > > I don't remember this being answered before but how often is the > > master > > phishing safe sites list updated? I just want to ensure that my > > cron job > > is set to sensible time period. > > Usually not more than once a week at most. Julian: How is progress with the idea we discussed (with my "proof of concept" demonstration) of also offering the phishing whitelist via a DNS zone (analogous to RBL mechanisms)? Best wishes. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : Durham University : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From MailScanner at ecs.soton.ac.uk Fri Mar 3 14:19:22 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 3 14:19:37 2006 Subject: Phishing Safe Sites List Auto Update In-Reply-To: References: <54312.194.70.180.170.1141392418.squirrel@webmail.r-bit.net> <229C40A0-C6DC-4467-8900-5B7ADDFF0329@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 3 Mar 2006, at 14:05, David Lee wrote: > On Fri, 3 Mar 2006, Julian Field wrote: > >> On 3 Mar 2006, at 13:26, Drew Marshall wrote: >> >>> I don't remember this being answered before but how often is the >>> master >>> phishing safe sites list updated? I just want to ensure that my >>> cron job >>> is set to sensible time period. >> >> Usually not more than once a week at most. > > Julian: How is progress with the idea we discussed (with my "proof of > concept" demonstration) of also offering the phishing whitelist via > a DNS > zone (analogous to RBL mechanisms)? By not doing it at the time, I am now doomed to have to support the current system forever anyway. Adding a DNS zone to it will add a 2nd system I have to support. The list is pretty stable now, so people for whom the wget doesn't work will get an update when they upgrade MailScanner anyway. I don't think it needs any form of rapid update system, weekly or even monthly will do now. Sorry I didn't take more effort at the time, it's all a bit late now :-( - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAhQbPw32o+k+q+hAQGEfQf/RLBKlO9bx3QPFjpm1+Nush0w2gLI0Ig+ v7b+plUqK/MEzreZEI1lgHd1Gs2bXMInP3Ag+PU6cYv728JAgisprlqkyamsAhwQ LiCyGmpjxfMLSheujHwGhf83XFzlHvroajJEppWtw9CKid8HS+0qXnfexIqidrsR Xfcrsg0tw0rulJfXkZZiFIFuQjE3jlHAjisNiAu/ChUb9usJ7fUUIvOhRgaUrWL6 ZdyjMKHdR7Tr6KiYM5k4qDW9ZJgoSskVHHW2sJ8Pa4Ku9R/2Nx5FicbKMmwGNDLT uVWetEeEHXAtAZ4x0Yxls29XRf4VGiC/ax4u3GEwfDIYc/7U4NF8Cg== =XNtm -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ebruce at hpmich.com Fri Mar 3 14:39:16 2006 From: ebruce at hpmich.com (Ed Bruce) Date: Fri Mar 3 14:39:27 2006 Subject: (\x01)BOUNDARY_OUTLOOK Messages? In-Reply-To: <001101c63eca$9981e2e0$3004010a@martinhlaptop> References: <001101c63eca$9981e2e0$3004010a@martinhlaptop> Message-ID: <44085514.10306@hpmich.com> Martin Hepworth wrote: > Had a few of these this morning - seem to have stopped now..maybe broken > spammer?!!? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Joshua Hirsh >> Sent: 03 March 2006 13:56 >> To: MailScanner discussion >> Subject: OT: (\x01)BOUNDARY_OUTLOOK Messages? >> >> Hi List, >> >> I've been seeing quite a few messages come through lately that only >> contain the word BOUNDARY_OUTLOOK, with a single character at the start of >> the word (\x01) (file picks it up as MIPSEL-BE MIPS-III ECOFF executable >> not stripped, so they're blocked). >> >> >> Is this scrap from some type of broken virus? >> >> >> Google doesn't really offer up anything on this.. >> >> >> >> I got a few today also, but I've seen this in the past. I was wondering what they were also. -- This message, including any attachments, is intended solely for the use of the named recipients(s) and may contain confidential and/or privileged information. Any unauthorized review, use, disclosure or distribution of this communication is expressly prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy any and all copies of the original message. Thank you for your cooperation. -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. From christian at jarnas.no Fri Mar 3 14:54:07 2006 From: christian at jarnas.no (=?iso-8859-1?Q?Christian_Jarn=E6s?=) Date: Fri Mar 3 14:53:30 2006 Subject: OT maybe? Forward some, and relay all other Message-ID: <020b01c63ed2$54f71110$0201110a@morbido> Hi! I am using Centos 4.2, MailScanner 4.50.14 and Sendmail 8.13.1 I have relay.mydomain.com that is my MailScanner box and where the MX for mydomain.com points towards. exchange.mydomain.com is where a want to relay all other emails outside.mydomain.com is an external mail server and receives MX outside.mydomain.com I wish that some email accounts for instance hans@mydomain.com is forwarded to hans@outside.mydomain.com, per@mydomain.com is forwarded to per@outside.mydomain.com, etc All other email that is not defined i wish to relay to my exchange.mydomain.com box Sendmail setup as of now: /etc/mail/access mydomain.com RELAY /etc/mail/mailertable mydomain.com esmtp:[exchange.mydomain.com] So the thinkable solution for me would be if it worked add mydomain.com to local-host-names in virtualusertable hans@mydomain.com hans@outside.mydomain.com per@mydomain.com per@outside.mydomain.com @pbl.no esmtp:[exchange.mydomain.com] So is there something in Sendmail or MailScanner that can do this? I know I can RELAY all email to the exchange box and then forward to per@outside.mydomain.com , but that is my last resort. Best Regards Christian -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060303/ac3ce948/attachment.html From richard.thomas at psysolutions.com Fri Mar 3 15:14:47 2006 From: richard.thomas at psysolutions.com (Richard Thomas) Date: Fri Mar 3 15:16:27 2006 Subject: Don't understand this match In-Reply-To: References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> <44060F19.3070407@psysolutions.com> <44061184.50003@ecs.soton.ac.uk> <4406211D.6070207@psysolutions.com> <8408E28D-277B-4553-91F1-E2CAEE463FCE@ecs.soton.ac.uk> Message-ID: <44085D67.6060903@psysolutions.com> Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >The default settings I provide are just what I consider to be a >pretty good set that should be mostly okay, for most people, most of >the time. Obviously if they aren't right for you, then just change >them, that's why it is all configurable :-) > >When I first wrote the filename.rules.conf file, I put in the double >file extension trap as an example of what could do done, beyond just >matching simple extension names. I didn't realise how important it >became for most sites. > > I know it saved us big time not so long ago. We occasionally get people asking us to remove this rule but we have fairly solid reasons not to. The virus scan is great but the scanners will often be behind the viruses by enough that a lot of damage can be done. Rich -- MIS Department | Psychiatric Solutions Inc |Phone: +1 615 312 5787 840 Crescent Ctr Dr | |Fax: +1 615 312 5711 Suite 460 +---------------------------+---------------------- Franklin, TN 37067 |Support: helpdesk@psysolutions.com +1 615 312 5888 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060303/d5971fe7/smime.bin From Kevin_Miller at ci.juneau.ak.us Fri Mar 3 16:12:35 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Mar 3 16:12:44 2006 Subject: What is nobody doing? Message-ID: I posted the following a month ago, but didn't receive any responses so thought I'd try again. Is anyone else seeing this behavior? I'd hazard a guess that it's something in the bayes cache mechanism. Thanks. Kevin Miller wrote: > Since I upgraded one of my machines the other day (from 4.33 to 4.50.? > beta) my /var/log/messages has been filling up with the messages > below. I opened two term windows, one running 'tail -f /var/log/mail' > and the other running 'tail -f /var/log/messges' then watched to see > what it was happening. > > /var/log/messages: > ================== > Feb 2 08:18:23 mail3 su: (to nobody) root on none > Feb 2 08:18:23 mail3 su: pam_unix2: session started for user nobody, > service su > Feb 2 08:18:23 mail3 su: pam_unix2: session finished for user nobody, > service su > > /var/log/mail: > ============== > Feb 2 08:18:21 mail3 sendmail-in[6185]: k12HIK0g006185: > to=, delay=00:00:00, mailer=esmtp, > pri=33805, stat=queued > Feb 2 08:18:22 mail3 MailScanner[5160]: New Batch: Scanning 1 > messages, 4424 bytes > > Normally I see a few 'session started for user nobody' when updatedb > runs, but these are happening everytime new mail arrives. The su > seems to happen just after the message is queued, that is between the > first and second lines in the mail log. Is this expected behavior? > Why does root need to su to nobody to do whatever it's doing, when it > never had to before? ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From bpumphrey at WoodMacLaw.com Fri Mar 3 16:12:48 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Fri Mar 3 16:12:52 2006 Subject: Transfering settings and files from one machine to another Message-ID: <04D932B0071FE34FA63EBB1977B48D15DCBBF7@woodenex.woodmaclaw.local> I need to tranfer my bayes database and mysql stuff to the new machine. I suppose I would need to transfer the quarantine also. Here is my problem: I can't see to know how to transfer them. The way that I got by in the past was to ftp the files to a web site and then use wget on the other machine to get the file. So I go the long way around. On the bayes files, since they are bigger I figure bout time I realize how to use ftp. I got the server started on the old machine (ftp). I can connect to the old machine form the new machine. I go to the directory and try to get the files. Get bayes_toks, etc. I get an error Faile to open file. Thinking a permission issue. I chown the remote files to bpumphrey (the ftp user that I am logged into) and chmod the files to 777. Still the error. Any guidance is appreciated. Also, I really have no clue on where to start for moving the mysql database. Thank you From rob at robhq.com Fri Mar 3 16:35:31 2006 From: rob at robhq.com (rob) Date: Fri Mar 3 16:28:15 2006 Subject: Transfering settings and files from one machine to another In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15DCBBF7@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15DCBBF7@woodenex.woodmaclaw.local> Message-ID: <20060303163356.M31925@robhq.com> What flavor of OS is this on? When I build a new machine, I use scp to get my files over to the new server, aka: service mysqld stop scp /var/lib/mysql/database_name root@ipaddress:/var/lib/mysql/ the fire up mysql on the new box. On Fri, 3 Mar 2006 11:12:48 -0500, Billy A. Pumphrey wrote > I need to tranfer my bayes database and mysql stuff to the new machine. > I suppose I would need to transfer the quarantine also. Here is my > problem: > > I can't see to know how to transfer them. > > The way that I got by in the past was to ftp the files to a web site and > then use wget on the other machine to get the file. So I go the long > way around. On the bayes files, since they are bigger I figure bout > time I realize how to use ftp. > > I got the server started on the old machine (ftp). I can connect to the > old machine form the new machine. I go to the directory and try to get > the files. Get bayes_toks, etc. > > I get an error Faile to open file. Thinking a permission issue. I > chown the remote files to bpumphrey (the ftp user that I am logged into) > and chmod the files to 777. Still the error. Any guidance is > appreciated. > > Also, I really have no clue on where to start for moving the mysql > database. > > Thank you > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. -- Open WebMail Project (http://openwebmail.org) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Mar 3 16:35:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 3 16:36:04 2006 Subject: What is nobody doing? In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 3 Mar 2006, at 16:12, Kevin Miller wrote: > I posted the following a month ago, but didn't receive any > responses so > thought I'd try again. Is anyone else seeing this behavior? I'd > hazard > a guess that it's something in the bayes cache mechanism. > > Thanks. > > Kevin Miller wrote: >> Since I upgraded one of my machines the other day (from 4.33 to >> 4.50.? >> beta) my /var/log/messages has been filling up with the messages >> below. I opened two term windows, one running 'tail -f /var/log/mail' >> and the other running 'tail -f /var/log/messges' then watched to see >> what it was happening. >> >> /var/log/messages: >> ================== >> Feb 2 08:18:23 mail3 su: (to nobody) root on none >> Feb 2 08:18:23 mail3 su: pam_unix2: session started for user nobody, >> service su >> Feb 2 08:18:23 mail3 su: pam_unix2: session finished for user >> nobody, >> service su >> >> /var/log/mail: >> ============== >> Feb 2 08:18:21 mail3 sendmail-in[6185]: k12HIK0g006185: >> to=, delay=00:00:00, mailer=esmtp, >> pri=33805, stat=queued >> Feb 2 08:18:22 mail3 MailScanner[5160]: New Batch: Scanning 1 >> messages, 4424 bytes >> >> Normally I see a few 'session started for user nobody' when updatedb >> runs, but these are happening everytime new mail arrives. The su >> seems to happen just after the message is queued, that is between the >> first and second lines in the mail log. Is this expected behavior? >> Why does root need to su to nobody to do whatever it's doing, when it >> never had to before? This may be caused by sendmail changing its username when it tries to deliver mail, but I've never seen this before. MailScanner doesn't change its username when running sendmail at all, so I don't see how this is connected. As for the /var/log/mail extract, this is perfectly normal. Sendmail queues 1 incoming message into /var/spool/mqueue.in, which MailScanner is then picking up as a new batch (a batch of 1 message because there was only 1 message ready for processing when MailScanner looked at the queue). You would expect to see this for every new message that comes into your system. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAhwbfw32o+k+q+hAQFXbgf/T40G/1cBnSR1zKPEuFQ4kCUbl1kWWNWs Cqhz2u72ByRX4ftiGGHP+QO5GP4dv40hC4oLVNr4+nEOnhcsJTjtygK6Zud3Kei8 0qIfoKAPQYcVs30SnZ3G0b1oazWpZtXBa298m2jWn1yWurMfGFZf8vhcxJ+tCcfh t2ugoy4zhfUgFZW7C/oB04VjA0GeOcDsY+ppo5lKVxE3eFawM5CrYLggNoCfhDU1 xri24WfFjeu6lsfeqwg9sW7vJ/pcYsmJyTF245wyLsdiMrKE4ky0trh2FNwRdSdd 2eRaHuaaVOtQAMRZAwjuRPxjV8DUmSUNbvMcrR8rAxrsjcdXOyi0+Q== =lm/i -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From tac.forums at gmail.com Fri Mar 3 16:51:39 2006 From: tac.forums at gmail.com (TAC Forums) Date: Fri Mar 3 16:51:41 2006 Subject: Fwd: New Batch: Found 1768 messages waiting In-Reply-To: References: Message-ID: Hi I noticed that on our server for the past two days the load average has increased quite a bit. This I guess is because of a lot of messages coming in which needs to be scanned. My query - Will increasing my server's memory from 256 MB to 512 MB help reduce the load average? Regards -- TAC Support Team From martinh at solid-state-logic.com Fri Mar 3 16:55:26 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Mar 3 16:55:35 2006 Subject: New Batch: Found 1768 messages waiting In-Reply-To: Message-ID: <001101c63ee3$46f5f3e0$3004010a@martinhlaptop> Oh Yes - in fact I'd stuff in as much ram as you can... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of TAC Forums > Sent: 03 March 2006 16:52 > To: MailScanner discussion > Subject: Fwd: New Batch: Found 1768 messages waiting > > Hi > > I noticed that on our server for the past two days the load average > has increased quite a bit. This I guess is because of a lot of > messages coming in which needs to be scanned. > > My query - Will increasing my server's memory from 256 MB to 512 MB > help reduce the load average? > > Regards > -- > TAC Support Team > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From mdchaney at michaelchaney.com Fri Mar 3 16:56:20 2006 From: mdchaney at michaelchaney.com (Michael Chaney) Date: Fri Mar 3 17:00:12 2006 Subject: Don't understand this match In-Reply-To: <44085D67.6060903@psysolutions.com> References: <44060193.3040109@psysolutions.com> <44060941.60707@ecs.soton.ac.uk> <44060F19.3070407@psysolutions.com> <44061184.50003@ecs.soton.ac.uk> <4406211D.6070207@psysolutions.com> <8408E28D-277B-4553-91F1-E2CAEE463FCE@ecs.soton.ac.uk> <44085D67.6060903@psysolutions.com> Message-ID: <20060303165620.GB30437@michaelchaney.com> On Fri, Mar 03, 2006 at 09:14:47AM -0600, Richard Thomas wrote: > I know it saved us big time not so long ago. We occasionally get people > asking us to remove this rule but we have fairly solid reasons not to. > The virus scan is great but the scanners will often be behind the > viruses by enough that a lot of damage can be done. Not sure if you're using clamav, but if not, you should install it. I actually use it exclusively now and it's been quite some time since I had a virus slip through. Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From drew at themarshalls.co.uk Fri Mar 3 16:59:08 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Mar 3 17:00:53 2006 Subject: Fwd: New Batch: Found 1768 messages waiting In-Reply-To: References: Message-ID: <55397.194.70.180.170.1141405148.squirrel@webmail.r-bit.net> On Fri, March 3, 2006 16:51, TAC Forums wrote: > Hi > > I noticed that on our server for the past two days the load average > has increased quite a bit. This I guess is because of a lot of > messages coming in which needs to be scanned. > > My query - Will increasing my server's memory from 256 MB to 512 MB > help reduce the load average? With that number of messages waiting and only 256Mb of RAM your machine will be almost at a stand still I would have thought. How many children are you running as doubling the RAM should mean you can increase the child processes? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From dnsadmin at 1bigthink.com Fri Mar 3 17:06:28 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Fri Mar 3 17:06:35 2006 Subject: Transfering settings and files from one machine to another In-Reply-To: <20060303163356.M31925@robhq.com> References: <04D932B0071FE34FA63EBB1977B48D15DCBBF7@woodenex.woodmaclaw.local> <20060303163356.M31925@robhq.com> Message-ID: <6.2.3.4.0.20060303120415.0a0d5238@mxt.1bigthink.com> At 11:35 AM 3/3/2006, you wrote: >What flavor of OS is this on? When I build a new machine, I use scp >to get my files >over to the new server, aka: > >service mysqld stop >scp /var/lib/mysql/database_name root@ipaddress:/var/lib/mysql/ >the fire up mysql on the new box. > >On Fri, 3 Mar 2006 11:12:48 -0500, Billy A. Pumphrey wrote > > I need to tranfer my bayes database and mysql stuff to the new machine. > > I suppose I would need to transfer the quarantine also. Here is my > > problem: > > > > I can't see to know how to transfer them. > > > > The way that I got by in the past was to ftp the files to a web site and > > then use wget on the other machine to get the file. So I go the long > > way around. On the bayes files, since they are bigger I figure bout > > time I realize how to use ftp. > > > > I got the server started on the old machine (ftp). I can connect to the > > old machine form the new machine. I go to the directory and try to get > > the files. Get bayes_toks, etc. > > > > I get an error Faile to open file. Thinking a permission issue. I > > chown the remote files to bpumphrey (the ftp user that I am logged into) > > and chmod the files to 777. Still the error. Any guidance is > > appreciated. > > > > Also, I really have no clue on where to start for moving the mysql > > database. > > While the above will work for the same version of MySQL across the servers, if you have differing versions, you should use mysqldump to dump the SQL code and modify the textfile for compatibility issues :^)! mysql dump -u root -p mydatabase > mydatabase.sql Cheers, Glenn From tac.forums at gmail.com Fri Mar 3 17:15:54 2006 From: tac.forums at gmail.com (TAC Forums) Date: Fri Mar 3 17:15:56 2006 Subject: Fwd: New Batch: Found 1768 messages waiting In-Reply-To: <55397.194.70.180.170.1141405148.squirrel@webmail.r-bit.net> References: <55397.194.70.180.170.1141405148.squirrel@webmail.r-bit.net> Message-ID: > With that number of messages waiting and only 256Mb of RAM your machine > will be almost at a stand still I would have thought. How many children > are you running as doubling the RAM should mean you can increase the child > processes? > > Drew The server is a Cobalt RaQ 550 which has a P-III processor (1 GHz) and I've configured it to run only one child process. How much do you suggest I should increase it to? From drew at themarshalls.co.uk Fri Mar 3 17:33:44 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Mar 3 17:34:02 2006 Subject: Fwd: New Batch: Found 1768 messages waiting In-Reply-To: References: <55397.194.70.180.170.1141405148.squirrel@webmail.r-bit.net> Message-ID: <55572.194.70.180.170.1141407224.squirrel@webmail.r-bit.net> On Fri, March 3, 2006 17:15, TAC Forums wrote: >> With that number of messages waiting and only 256Mb of RAM your machine >> will be almost at a stand still I would have thought. How many children >> are you running as doubling the RAM should mean you can increase the >> child >> processes? >> >> Drew > > > The server is a Cobalt RaQ 550 which has a P-III processor (1 GHz) and > I've configured it to run only one child process. How much do you > suggest I should increase it to? On similar equipment with nothing else running I have run 2 processes but have slightly reduced the batch size to 20 to try to speed things up. However, I would strongly recommend you throw as much RAM as you can in and then look to increase the children accordingly e.g. 512Mb say 4 children, 1Gb the full 5 with a batch size of 30. Also have a look at any large add on SA rules you have added and either remove and replace them (e.g. Big Evil) or temporarily move them and replace them once your message queues drop. Also make sure you are running a caching name server either on the machine or very locally (e.g. same subnet) as this will speed up RBL and other DNS associated look ups. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From martinh at solid-state-logic.com Fri Mar 3 17:36:31 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Mar 3 17:36:40 2006 Subject: Fwd: New Batch: Found 1768 messages waiting In-Reply-To: Message-ID: <001701c63ee9$02793dc0$3004010a@martinhlaptop> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of TAC Forums > Sent: 03 March 2006 17:16 > To: MailScanner discussion > Subject: Re: Fwd: New Batch: Found 1768 messages waiting > > > With that number of messages waiting and only 256Mb of RAM your machine > > will be almost at a stand still I would have thought. How many children > > are you running as doubling the RAM should mean you can increase the > child > > processes? > > > > Drew > > > The server is a Cobalt RaQ 550 which has a P-III processor (1 GHz) and > I've configured it to run only one child process. How much do you > suggest I should increase it to? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! AS much as you can squeeze into the thing.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From dnsadmin at 1bigthink.com Fri Mar 3 17:54:34 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Fri Mar 3 17:54:48 2006 Subject: Fwd: New Batch: Found 1768 messages waiting In-Reply-To: <001701c63ee9$02793dc0$3004010a@martinhlaptop> References: <001701c63ee9$02793dc0$3004010a@martinhlaptop> Message-ID: <6.2.3.4.0.20060303125249.0671c900@mxt.1bigthink.com> Skipped content of type multipart/alternative From bpumphrey at WoodMacLaw.com Fri Mar 3 18:02:45 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Fri Mar 3 18:02:48 2006 Subject: Transfering settings and files from one machine to another Message-ID: <04D932B0071FE34FA63EBB1977B48D15DCBCE3@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of rob > Sent: Friday, March 03, 2006 11:36 AM > To: MailScanner discussion > Subject: Re: Transfering settings and files from one machine to another > > What flavor of OS is this on? When I build a new machine, I use scp to > get my files > over to the new server, aka: > > service mysqld stop > scp /var/lib/mysql/database_name root@ipaddress:/var/lib/mysql/ > the fire up mysql on the new box. It is Cent OS 4.2 From mailscanner-list at okla.com Fri Mar 3 18:40:19 2006 From: mailscanner-list at okla.com (Tracy Greggs) Date: Fri Mar 3 18:37:23 2006 Subject: Fwd: New Batch: Found 1768 messages waiting In-Reply-To: <6.2.3.4.0.20060303125249.0671c900@mxt.1bigthink.com> Message-ID: <002501c63ef1$ef8e2af0$6701a8c0@tgdesktop> I would have to second the vote for Crucial. Hate to plug vendors as well, but certainly a great choice. Tracy _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of dnsadmin 1bigthink.com Sent: Friday, March 03, 2006 11:55 AM To: MailScanner discussion Subject: RE: Fwd: New Batch: Found 1768 messages waiting At 12:36 PM 3/3/2006, you wrote: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of TAC Forums > Sent: 03 March 2006 17:16 > To: MailScanner discussion > Subject: Re: Fwd: New Batch: Found 1768 messages waiting > > > With that number of messages waiting and only 256Mb of RAM your machine > > will be almost at a stand still I would have thought. How many children > > are you running as doubling the RAM should mean you can increase the > child > > processes? > > > > Drew > > > The server is a Cobalt RaQ 550 which has a P-III processor (1 GHz) and > I've configured it to run only one child process. How much do you > suggest I should increase it to? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! AS much as you can squeeze into the thing.. The Cobalt maxes out at 512MB, I think. You can look up maximum amount and type SDRAM replacement at www.crucial.com. Sorry, not an advertising plug! You can buy the ram elsewhere! Thanks, Glenn -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060303/de9f5a9c/attachment.html From ssilva at sgvwater.com Fri Mar 3 18:38:34 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 3 18:39:41 2006 Subject: Help - user error caused mailscanner to stop working In-Reply-To: <625385e30603030557k487a801fo931f36b8f6236e4f@mail.gmail.com> References: <625385e30603030557k487a801fo931f36b8f6236e4f@mail.gmail.com> Message-ID: shuttlebox spake the following on 3/3/2006 5:57 AM: > On 3/3/06, Bj?rn-Sverre N?ttum wrote: >> No no mail passes thruough the mailgateway. I have tried to stop the >> instance of sendmail that he started and then restarted mailscanner - but it >> does not help. > > Doesn't he know what changes he did so you/he can reverse them? Didn't > he save the original files with different names before he changed > them? Don't you have backups from yesterday? > >> I am running mailscanner Version 1.1-4 BETA on an fc2 server with sendmail >> on the mailgateway. Anyone that can help me on this?? > > Sounds quite old. ;-) The 1.1-4 BETA is the version of the Webmin module for MailScanner, not the version of MailScanner itself. IMHO you need a backup of the relevant files, an idea of his changes, or a big LART to strike him with. "Friends don't let friends admin their servers if they don't know what they are doing." From Kevin_Miller at ci.juneau.ak.us Fri Mar 3 18:47:18 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Mar 3 18:47:22 2006 Subject: What is nobody doing? Message-ID: Julian Field wrote: > This may be caused by sendmail changing its username when it tries to > deliver mail, but I've never seen this before. MailScanner doesn't > change its username when running sendmail at all, so I don't see how > this is connected. I don't either, that's why I asked. Seems really strange to me. > As for the /var/log/mail extract, this is perfectly normal. Sendmail > queues 1 incoming message into /var/spool/mqueue.in, which > MailScanner is then picking up as a new batch (a batch of 1 message > because there was only 1 message ready for processing when > MailScanner looked at the queue). You would expect to see this for > every new message that comes into your system. Right, I understand that I get those messages for each message. What I was trying to say is when I was tailing them with the -f option (two windows open), the entry in message always occurred between the two entries in mail. Don't know why the timing is off - but watching it on the screen, IIFC I'd see the first entry in mail, then the entry in message hot on it's heels, followed by the 2nd entry in mail. The main point was that it occurs when mail arrives so it has something to do w/MailScanner or sendmail. MailScanner was updated, but sendmail didn't change so the likely culprit (it seems to me) was MailScanner. It doesn't seem to be causing problems - just makes logrotate work a little harder I suppose. Maybe it's a SuSEism? I'll be updating several servers in the near future, with clean installs (OS on up) so I'll see what happens on them. Thanks for the reply Julian... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From ssilva at sgvwater.com Fri Mar 3 18:42:33 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 3 18:52:32 2006 Subject: OT: (\x01)BOUNDARY_OUTLOOK Messages? In-Reply-To: References: Message-ID: Joshua Hirsh spake the following on 3/3/2006 5:56 AM: > Hi List, > > I've been seeing quite a few messages come through lately that only contain the word BOUNDARY_OUTLOOK, with a single character at the start of the word (\x01) (file picks it up as MIPSEL-BE MIPS-III ECOFF executable not stripped, so they're blocked). > > > Is this scrap from some type of broken virus? > > > Google doesn't really offer up anything on this.. > > > -Joshua I have been seeing these for about a week, and can't find anything relevant on Google. Seems harmless, probably some spammer has broke his flamethrower. From lhaig at haigmail.com Fri Mar 3 21:33:36 2006 From: lhaig at haigmail.com (Lance Haig) Date: Fri Mar 3 21:33:39 2006 Subject: Going to try upgrading again. Message-ID: <4408B630.8070409@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I had trouble with 4.50.14 and long batch processing. I am going to try with 4.51.4 and see how things go. Thanks Lance -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFECLYwM4kHBIBZ61gRAmcPAJ4yVv4it9sG+slhaW3QjLGO9LlbjQCgjxuh VKX1yIsOPe0XtQ4VD+nlrtU= =y4Us -----END PGP SIGNATURE----- From pal at hkskole.no Fri Mar 3 21:39:46 2006 From: pal at hkskole.no (pal@hkskole.no) Date: Fri Mar 3 21:39:54 2006 Subject: stopping spam from own domain Message-ID: <59736.80.213.185.76.1141421986.squirrel@hkskole.no> Running Mailscanner version 4.44.6 and latest version of sendmail on Fedora core 3, I have a problem with a lot of spam sent to my domain. The spam mail are recognized as sent from my own domain, with fake sender and fake receiver addresses. My domain is example.com, and the mail are sent to george@example.com from admin@example.com. This is of cource not true. How can I get rid of these mails? -- P?l Monstad From dhawal at netmagicsolutions.com Fri Mar 3 21:51:29 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Mar 3 21:51:34 2006 Subject: Going to try upgrading again. In-Reply-To: <4408B630.8070409@haigmail.com> References: <4408B630.8070409@haigmail.com> Message-ID: <20060303215129.25859.qmail@mymail.netmagicians.com> Lance Haig writes: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I had trouble with 4.50.14 and long batch processing. > > I am going to try with 4.51.4 and see how things go. 4.51.5-1 ought to the right version to use.. there is atleast one small but significant FIX included (see the changelog for more details).. - dhawal > Thanks > > Lance > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFECLYwM4kHBIBZ61gRAmcPAJ4yVv4it9sG+slhaW3QjLGO9LlbjQCgjxuh > VKX1yIsOPe0XtQ4VD+nlrtU= > =y4Us > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From lhaig at haigmail.com Fri Mar 3 22:38:29 2006 From: lhaig at haigmail.com (Lance Haig) Date: Fri Mar 3 22:38:31 2006 Subject: Going to try upgrading again. In-Reply-To: <20060303215129.25859.qmail@mymail.netmagicians.com> References: <4408B630.8070409@haigmail.com> <20060303215129.25859.qmail@mymail.netmagicians.com> Message-ID: <4408C565.80200@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Loads of perl errors when running the install I am running on SUSE 9.3 Here are some of the errors is this bad? Lance Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_NW5.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_OS2.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Packlist.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_QNX.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Manifest.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_VMS.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_VOS.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Command.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Mksymlists.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Mkbootstrap.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_Unix.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Liblist.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_BeOS.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_Cygwin.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Installed.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Command/MM.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Liblist/Kid.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/FAQ.pod Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/bytes.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/Tutorial.pod Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/vmsish.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/Config.pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man1/instmodsh.1 Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_VMS.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_OS2.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Command::MM.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::testlib.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Liblist.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_VOS.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MY.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Mkbootstrap.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MakeMaker::Tutorial.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_QNX.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Packlist.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MakeMaker::Config.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Mksymlists.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_DOS.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MakeMaker::FAQ.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MakeMaker.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Install.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MakeMaker::bytes.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_Any.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_BeOS.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Command.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_Win32.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_Unix.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_Cygwin.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_Win95.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Installed.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_UWIN.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_MacOS.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MakeMaker::vmsish.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_AIX.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_NW5.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Manifest.3pm Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/bin/instmodsh Writing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/i586-linux-thread-multi/auto/ExtUtils/MakeMaker/.packlist Appending installation info to /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/i586-linux-thread-multi/perllocal.pod + '[' -x /usr/lib/rpm/brp-compress ']' + /usr/lib/rpm/brp-compress + find /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr -type f -print + sed 's@^/var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root@@g' + grep -v perllocal.pod + grep -v '\.packlist' ++ cat ExtUtils-MakeMaker-6.30-filelist + '[' '/usr/bin/instmodsh /usr/lib/perl5/5.8.6/ExtUtils/MM_MacOS.pm /usr/lib/perl5/5.8.6/ExtUtils/MM.pm /usr/lib/perl5/5.8.6/ExtUtils/MY.pm /usr/lib/perl5/5.8.6/ExtUtils/testlib.pm /usr/lib/perl5/5.8.6/ExtUtils/Install.pm /usr/lib/perl5/5.8.6/ExtUtils/MM_AIX.pm /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker.pm /usr/lib/perl5/5.8.6/ExtUtils/MM_DOS.pm /usr/lib/perl5/5.8.6/ExtUtils/MM_Any.pm /usr/lib/perl5/5.8.6/ExtUtils/Command/MM.pm /usr/lib/perl5/5.8.6/ExtUtils/MANIFEST.SKIP /usr/lib/perl5/5.8.6/ExtUtils/MM_Win32.pm /usr/lib/perl5/5.8.6/ExtUtils/MM_Win95.pm /usr/lib/perl5/5.8.6/ExtUtils/MM_UWIN.pm /usr/lib/perl5/5.8.6/ExtUtils/MM_NW5.pm /usr/lib/perl5/5.8.6/ExtUtils/MM_OS2.pm /usr/lib/perl5/5.8.6/ExtUtils/Packlist.pm /usr/lib/perl5/5.8.6/ExtUtils/MM_QNX.pm /usr/lib/perl5/5.8.6/ExtUtils/Manifest.pm /usr/lib/perl5/5.8.6/ExtUtils/MM_VMS.pm /usr/lib/perl5/5.8.6/ExtUtils/MM_VOS.pm /usr/lib/perl5/5.8.6/ExtUtils/Liblist/Kid.pm /usr/lib/perl5/5.8.6/ExtUtils/Command.pm /usr/lib/perl5/5.8.6/ExtUtils/Mksymlists.pm /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/FAQ.pod /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/bytes.pm /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/Tutorial.pod /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/vmsish.pm /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/Config.pm /usr/lib/perl5/5.8.6/ExtUtils/Mkbootstrap.pm /usr/lib/perl5/5.8.6/ExtUtils/MM_Unix.pm /usr/lib/perl5/5.8.6/ExtUtils/Liblist.pm /usr/lib/perl5/5.8.6/ExtUtils/MM_BeOS.pm /usr/lib/perl5/5.8.6/ExtUtils/MM_Cygwin.pm /usr/lib/perl5/5.8.6/ExtUtils/Installed.pm /usr/share/man/man1/instmodsh.1.gz /usr/share/man/man3/ExtUtils::MM_BeOS.3pm.gz /usr/share/man/man3/ExtUtils::MM_QNX.3pm.gz /usr/share/man/man3/ExtUtils::Manifest.3pm.gz /usr/share/man/man3/ExtUtils::MakeMaker::Tutorial.3pm.gz /usr/share/man/man3/ExtUtils::MM_MacOS.3pm.gz /usr/share/man/man3/ExtUtils::MM_AIX.3pm.gz /usr/share/man/man3/ExtUtils::Liblist.3pm.gz /usr/share/man/man3/ExtUtils::Packlist.3pm.gz /usr/share/man/man3/ExtUtils::MM_Any.3pm.gz /usr/share/man/man3/ExtUtils::MakeMaker::vmsish.3pm.gz /usr/share/man/man3/ExtUtils::Installed.3pm.gz /usr/share/man/man3/ExtUtils::MM_DOS.3pm.gz /usr/share/man/man3/ExtUtils::MM_NW5.3pm.gz /usr/share/man/man3/ExtUtils::MM.3pm.gz /usr/share/man/man3/ExtUtils::Install.3pm.gz /usr/share/man/man3/ExtUtils::Command.3pm.gz /usr/share/man/man3/ExtUtils::MM_Unix.3pm.gz /usr/share/man/man3/ExtUtils::MM_Win32.3pm.gz /usr/share/man/man3/ExtUtils::MakeMaker::Config.3pm.gz /usr/share/man/man3/ExtUtils::Mkbootstrap.3pm.gz /usr/share/man/man3/ExtUtils::testlib.3pm.gz /usr/share/man/man3/ExtUtils::Command::MM.3pm.gz /usr/share/man/man3/ExtUtils::MM_OS2.3pm.gz /usr/share/man/man3/ExtUtils::MakeMaker::FAQ.3pm.gz /usr/share/man/man3/ExtUtils::MY.3pm.gz /usr/share/man/man3/ExtUtils::Mksymlists.3pm.gz /usr/share/man/man3/ExtUtils::MM_Win95.3pm.gz /usr/share/man/man3/ExtUtils::MM_VMS.3pm.gz /usr/share/man/man3/ExtUtils::MM_Cygwin.3pm.gz /usr/share/man/man3/ExtUtils::MakeMaker.3pm.gz /usr/share/man/man3/ExtUtils::MM_UWIN.3pm.gz /usr/share/man/man3/ExtUtils::MakeMaker::bytes.3pm.gz /usr/share/man/man3/ExtUtils::MM_VOS.3pm.gzX' = X ']' + RPM_BUILD_ROOT=/var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root + export RPM_BUILD_ROOT + test -x /usr/sbin/Check -a 0 = 0 -o -x /usr/sbin/Check -a '!' -z /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root + echo 'I call /usr/sbin/Check...' I call /usr/sbin/Check... + /usr/sbin/Check + /usr/lib/rpm/brp-compress + /usr/lib/rpm/brp-symlink Processing files: perl-ExtUtils-MakeMaker-6.30-1 Finding Provides: /usr/lib/rpm/find-provides Finding Requires: /usr/lib/rpm/find-requires Provides: perl(DynaLoader) perl(ExtUtils::Command) = 1.09 perl(ExtUtils::Command::MM) = 0.05 perl(ExtUtils::Install) = 1.33 perl(ExtUtils::Install::Warn) perl(ExtUtils::Installed) = 0.08 perl(ExtUtils::Liblist) = 1.01 perl(ExtUtils::Liblist::Kid) = 1.30 perl(ExtUtils::MM) = 0.05 perl(ExtUtils::MM_AIX) = 0.03 perl(ExtUtils::MM_Any) = 0.13 perl(ExtUtils::MM_BeOS) = 1.05 perl(ExtUtils::MM_Cygwin) = 1.08 perl(ExtUtils::MM_DOS) = 0.02 perl(ExtUtils::MM_MacOS) = 1.08 perl(ExtUtils::MM_NW5) = 2.08 perl(ExtUtils::MM_OS2) = 1.05 perl(ExtUtils::MM_QNX) = 0.02 perl(ExtUtils::MM_UWIN) = 0.02 perl(ExtUtils::MM_Unix) = 1.50 perl(ExtUtils::MM_VMS) = 5.73 perl(ExtUtils::MM_VOS) = 0.02 perl(ExtUtils::MM_Win32) = 1.12 perl(ExtUtils::MM_Win95) = 0.04 perl(ExtUtils::MY) = 0.01 perl(ExtUtils::MakeMaker) = 6.30 perl(ExtUtils::MakeMaker::Config) = 0.02 perl(ExtUtils::MakeMaker::_version) perl(ExtUtils::MakeMaker::bytes) = 0.01 perl(ExtUtils::MakeMaker::vmsish) = 0.01 perl(ExtUtils::Manifest) = 1.46 perl(ExtUtils::Mkbootstrap) = 1.15 perl(ExtUtils::Mksymlists) = 1.19 perl(ExtUtils::Packlist) = 0.04 perl(ExtUtils::testlib) = 1.15 perl(MM) perl(MY) perl(main) Requires(rpmlib): rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(VersionedDependencies) <= 3.0.3-1 Requires: /usr/bin/perl Checking for unpackaged file(s): /usr/lib/rpm/check-files /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root warning: Installed (but unpackaged) file(s) found: /usr/lib/perl5/5.8.6/i586-linux-thread-multi/auto/ExtUtils/MakeMaker/.packlist /usr/lib/perl5/5.8.6/i586-linux-thread-multi/perllocal.pod Wrote: /usr/src/packages/RPMS/noarch/perl-ExtUtils-MakeMaker-6.30-1.noarch.rpm Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.88750 + umask 022 + cd /usr/src/packages/BUILD + cd ExtUtils-MakeMaker-6.30 + rm -rf /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root + exit 0 Executing(--clean): /bin/sh -e /var/tmp/rpm-tmp.88750 + umask 022 + cd /usr/src/packages/BUILD + rm -rf ExtUtils-MakeMaker-6.30 + exit 0 Do not worry too much about errors from the next command. It is quite likely that some of the Perl modules are already installed on your system. The important ones are HTML-Parser and MIME-tools. Preparing... ########################################### [100%] package perl-ExtUtils-MakeMaker-6.30-1 is already installed file /usr/bin/instmodsh from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/Command.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/Command/MM.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/Install.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/Liblist/Kid.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MANIFEST.SKIP from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MM.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MM_Any.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MM_BeOS.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MM_Cygwin.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MM_MacOS.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MM_NW5.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MM_OS2.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MM_Unix.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MM_VMS.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MM_Win32.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MM_Win95.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/FAQ.pod from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/Tutorial.pod from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/bytes.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/vmsish.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/Manifest.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/lib/perl5/5.8.6/ExtUtils/Packlist.pm from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::Command.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::Command::MM.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::Install.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::Installed.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::Liblist.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MM.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MM_Any.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MM_BeOS.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MM_Cygwin.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MM_DOS.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MM_MacOS.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MM_NW5.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MM_OS2.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MM_UWIN.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MM_Unix.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MM_VMS.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MM_Win32.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MM_Win95.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MY.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MakeMaker.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MakeMaker::FAQ.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MakeMaker::Tutorial.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MakeMaker::bytes.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::MakeMaker::vmsish.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::Manifest.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::Mkbootstrap.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::Mksymlists.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::Packlist.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 file /usr/share/man/man3/ExtUtils::testlib.3pm.gz from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 Dhawal Doshy wrote: > Lance Haig writes: >> 4.51.5-1 ought to the right version to use.. there is atleast one small >> but significant FIX included (see the changelog for more details).. >> - dhawal > Thanks > Lance - -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFECMVlM4kHBIBZ61gRAhLwAJ955pZiIsbidEPAYB0lc5I0SH21NACffMA4 Z5hvyD35sWF/J88hf7xYBpQ= =G20E -----END PGP SIGNATURE----- From sergey at dorokhov.com Fri Mar 3 22:29:44 2006 From: sergey at dorokhov.com (Sergey Dorokhov) Date: Fri Mar 3 22:41:29 2006 Subject: Filetypes inside archive files. Message-ID: Hello all. Mailscanner is doing pretty good job by filtering dangerous attachments (EXE, COM and etc.). But in the same time I want to allow these types of files to be sent inside archives (ZIP, ARJ and etc.). It seems that I can?t find any info in old postings or docs. I can allow to send any filetypes without ZIPping it but I want to allow EXE files ONLY inside archive but still deny them if they are attached as is. I would appreciate if someone will share their knowledge. Thanks in advance, Sergey From drew at themarshalls.co.uk Fri Mar 3 23:04:36 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Mar 3 23:05:19 2006 Subject: Filetypes inside archive files. In-Reply-To: References: Message-ID: <5F440CC6-0A6D-4E32-BAC6-DC9666A7E0C5@themarshalls.co.uk> On 3 Mar 2006, at 22:29, Sergey Dorokhov wrote: > Hello all. > Mailscanner is doing pretty good job by filtering dangerous > attachments (EXE, > COM and etc.). But in the same time I want to allow these types of > files to be > sent inside archives (ZIP, ARJ and etc.). It seems that I can?t > find any info > in old postings or docs. > I can allow to send any filetypes without ZIPping it but I want to > allow EXE > files ONLY inside archive but still deny them if they are attached > as is. > > I would appreciate if someone will share their knowledge. > Thanks in advance, > Sergey Have a look at the section: # The maximum depth to which zip archives will be unpacked, to allow for # checking filenames and filetypes within zip archives. # # Note: This setting does *not* affect virus scanning in archives at all. # # To disable this feature set this to 0. # A common useful setting is this option = 0, and Allow Password- Protected # Archives = no. That block password-protected archives but does not do # any filename/filetype checks on the files within the archive. # This can also be the filename of a ruleset. Maximum Archive Depth = 0 in MailScanner.conf Set it to 0 (As above) and it will do exactly what you want. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From ssilva at sgvwater.com Fri Mar 3 23:13:52 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 3 23:14:06 2006 Subject: Fwd: New Batch: Found 1768 messages waiting In-Reply-To: <6.2.3.4.0.20060303125249.0671c900@mxt.1bigthink.com> References: <001701c63ee9$02793dc0$3004010a@martinhlaptop> <6.2.3.4.0.20060303125249.0671c900@mxt.1bigthink.com> Message-ID: dnsadmin 1bigthink.com spake the following on 3/3/2006 9:54 AM: > At 12:36 PM 3/3/2006, you wrote: > > > > >> > -----Original Message----- >> > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> > bounces@lists.mailscanner.info] On Behalf Of TAC Forums >> > Sent: 03 March 2006 17:16 >> > To: MailScanner discussion >> > Subject: Re: Fwd: New Batch: Found 1768 messages waiting >> > >> > > With that number of messages waiting and only 256Mb of RAM your >> machine >> > > will be almost at a stand still I would have thought. How many >> children >> > > are you running as doubling the RAM should mean you can increase the >> > child >> > > processes? >> > > >> > > Drew >> > >> > >> > The server is a Cobalt RaQ 550 which has a P-III processor (1 GHz) and >> > I've configured it to run only one child process. How much do you >> > suggest I should increase it to? >> > -- >> > MailScanner mailing list >> > mailscanner@lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> >> AS much as you can squeeze into the thing.. > > The Cobalt maxes out at 512MB, I think. You can look up maximum amount > and type SDRAM replacement at www.crucial.com . > > Sorry, not an advertising plug! You can buy the ram elsewhere! > > Thanks, > Glenn > Crucial lists a 1 gig module for that system, but it is pricey ($414 US) I suppose you could fit 2 of them, as I can't remember how many slots the 550 has. But you have invested close to a grand in an older system, that you could invest into a new 1u system that will run rings around the RAQ. From ssilva at sgvwater.com Fri Mar 3 23:22:22 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 3 23:22:43 2006 Subject: Filetypes inside archive files. In-Reply-To: References: Message-ID: Sergey Dorokhov spake the following on 3/3/2006 2:29 PM: > Hello all. > Mailscanner is doing pretty good job by filtering dangerous attachments (EXE, > COM and etc.). But in the same time I want to allow these types of files to be > sent inside archives (ZIP, ARJ and etc.). It seems that I can?t find any info > in old postings or docs. > I can allow to send any filetypes without ZIPping it but I want to allow EXE > files ONLY inside archive but still deny them if they are attached as is. > > I would appreciate if someone will share their knowledge. > Thanks in advance, > Sergey > # The maximum depth to which zip archives will be unpacked, to allow for # checking filenames and filetypes within zip archives. # # Note: This setting does *not* affect virus scanning in archives at all. # # To disable this feature set this to 0. # A common useful setting is this option = 0, and Allow Password-Protected # Archives = no. That block password-protected archives but does not do # any filename/filetype checks on the files within the archive. # This can also be the filename of a ruleset. Maximum Archive Depth = 0 From root at doctor.nl2k.ab.ca Fri Mar 3 23:56:03 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Fri Mar 3 23:56:17 2006 Subject: Released 4.51.5 In-Reply-To: <44077823.5060200@ecs.soton.ac.uk> References: <44077823.5060200@ecs.soton.ac.uk> Message-ID: <20060303235603.GB27763@doctor.nl2k.ab.ca> On Thu, Mar 02, 2006 at 10:56:35PM +0000, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Due to problems with "Use TNEF Contents = replace" not working as > advertised, I have released 4.51.5 which should fix this problem. > > 4.51.4 did not properly delete the winmail.dat file from the message. I > have completely rewritten the code that does this and it seems to be a > lot more robust now. > > This release also incidentally adds 2 fixes/features: > - - Logging of batch timing includes number of messages in batch. > - - Pid File error produced with "MailScanner --lint" is fixed. > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQA/AwUBRAd4IxH2WUcUFbZUEQI0owCcDuRHOS20pjqBKQc4m01sPvzT5JYAoMRd > Xk8yWJUYfprJYaD6cQhC6OZ6 > =KmHr > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > While we are at it, I can list the up to date perl modules: Archive-Zip-1.16 Compress-Zlib-1.41 Convert-BinHex-1.119 (probably no longer mailtained) Convert-TNEF-0.17 (probably no longer mailtained) DBD-SQLite-1.11 (recent) DBI-1.50 (recent) ExtUtils-MakeMaker-6.30 (recent) File-Spec had now been incorporated in PathTools-3.16 File-Temp-0.16 Getopt-Long-2.35 (current) HTML-Parser-3.50 (recently changed) HTML-Tagset-3.10 (current) IO-stringy-2.110 (current) MIME-Base64-3.07 (current) MIME-tools-5.419 (cuurent) MailTools-1.74 (recently changed) Net-CIDR-0.11 (recent) Storable-2.15 Time-HiRes-1.87 (recently changed) TimeDate-1.16 (current) tnef-1.3.4 (current) I try to keep up to date. Julian, when I try to update via your script, the whole procedure breaks apart. Is there an explanation? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From devonharding at gmail.com Sat Mar 4 02:44:57 2006 From: devonharding at gmail.com (Devon Harding) Date: Sat Mar 4 02:45:00 2006 Subject: MailScanner & DoS Message-ID: <2baac6140603031844oce6d652x3e0ab68faef5a32b@mail.gmail.com> For some reason, I can't seem to stop hackers from performaing DoS against my IPCop fw & MailScanner server. I get alot of these in my /var/log/maillog and the boxes get locked up: Mar 1 20:12:48 mars sendmail[27017]: k220vlXF027017: 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Mar 1 20:12:48 mars sendmail[27019]: k220vmrk027019: 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Mar 1 20:12:48 mars sendmail[27018]: k220vlM8027018: 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Mar 1 20:12:49 mars sendmail[27020]: k220vm8s027020: 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Mar 1 20:12:49 mars sendmail[27023]: k220vngJ027023: 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Mar 1 20:12:49 mars sendmail[27021]: k220vmjG027021: 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA What can I do? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060303/69901cea/attachment.html From cstone at axint.net Sat Mar 4 03:01:37 2006 From: cstone at axint.net (Chris Stone) Date: Sat Mar 4 03:03:26 2006 Subject: MailScanner & DoS In-Reply-To: <2baac6140603031844oce6d652x3e0ab68faef5a32b@mail.gmail.com> References: <2baac6140603031844oce6d652x3e0ab68faef5a32b@mail.gmail.com> Message-ID: <200603032001.37639@cs.axint.net> Try using something like the NJABL_DYNBLOCK rbl to block such cable/dsl users from connecting...... On Friday 03 March 2006 07:44 pm, Devon Harding wrote: > For some reason, I can't seem to stop hackers from performaing DoS against > my IPCop fw & MailScanner server. I get alot of these in my > /var/log/maillog and the boxes get locked up: > > Mar 1 20:12:48 mars sendmail[27017]: k220vlXF027017: > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA > Mar 1 20:12:48 mars sendmail[27019]: k220vmrk027019: > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA > Mar 1 20:12:48 mars sendmail[27018]: k220vlM8027018: > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA > Mar 1 20:12:49 mars sendmail[27020]: k220vm8s027020: > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA > Mar 1 20:12:49 mars sendmail[27023]: k220vngJ027023: > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA > Mar 1 20:12:49 mars sendmail[27021]: k220vmjG027021: > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA > > What can I do? From devonharding at gmail.com Sat Mar 4 06:21:23 2006 From: devonharding at gmail.com (Devon Harding) Date: Sat Mar 4 06:21:27 2006 Subject: MailScanner & DoS In-Reply-To: <200603032001.37639@cs.axint.net> References: <2baac6140603031844oce6d652x3e0ab68faef5a32b@mail.gmail.com> <200603032001.37639@cs.axint.net> Message-ID: <2baac6140603032221g77096ba4ob13b57bf180f68cc@mail.gmail.com> Yea, but I want this to be for every one, not just cable users On 3/3/06, Chris Stone wrote: > > Try using something like the NJABL_DYNBLOCK rbl to block such cable/dsl > users > from connecting...... > > On Friday 03 March 2006 07:44 pm, Devon Harding wrote: > > For some reason, I can't seem to stop hackers from performaing DoS > against > > my IPCop fw & MailScanner server. I get alot of these in my > > /var/log/maillog and the boxes get locked up: > > > > Mar 1 20:12:48 mars sendmail[27017]: k220vlXF027017: > > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > > MAIL/EXPN/VRFY/ETRN during connection to MTA > > Mar 1 20:12:48 mars sendmail[27019]: k220vmrk027019: > > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > > MAIL/EXPN/VRFY/ETRN during connection to MTA > > Mar 1 20:12:48 mars sendmail[27018]: k220vlM8027018: > > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > > MAIL/EXPN/VRFY/ETRN during connection to MTA > > Mar 1 20:12:49 mars sendmail[27020]: k220vm8s027020: > > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > > MAIL/EXPN/VRFY/ETRN during connection to MTA > > Mar 1 20:12:49 mars sendmail[27023]: k220vngJ027023: > > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > > MAIL/EXPN/VRFY/ETRN during connection to MTA > > Mar 1 20:12:49 mars sendmail[27021]: k220vmjG027021: > > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > > MAIL/EXPN/VRFY/ETRN during connection to MTA > > > > What can I do? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060304/ebe83f54/attachment.html From remy at unix-asp.com Sat Mar 4 09:04:10 2006 From: remy at unix-asp.com (Remy de Ruysscher) Date: Sat Mar 4 09:04:44 2006 Subject: MailScanner very memory intensive? In-Reply-To: References: <2baac6140603031844oce6d652x3e0ab68faef5a32b@mail.gmail.com> Message-ID: <200603040904.k2494huB017391@bkserver.blacknight.ie> Hi all, What is the typical MailScanner memory usage (on FreeBSD)? I found my server to use 1,5Gb of memory just for MailScanner! Furthermore it's processing queues very slowly (possibly due to disk swapping). I have 2Gb installed (P4 - 3.0Ghz). Any ideas to improve memory usage? last pid: 72681; load averages: 0.12, 0.09, 0.06 up 1+01:56:38 09:58:39 97 processes: 1 starting, 1 running, 95 sleeping CPU states: 0.0% user, 0.0% nice, 0.0% system, 0.7% interrupt, 99.3% idle Mem: 1354M Active, 340M Inact, 185M Wired, 54M Cache, 112M Buf, 70M Free Swap: 4096M Total, 613M Used, 3483M Free, 14% Inuse PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND 891 squid 1 76 0 39316K 23064K select 1:41 0.00% squid 602 www 1 20 0 27172K 14116K lockf 1:39 0.00% httpd 1054 www 1 79 0 26644K 13548K select 1:33 0.00% httpd 604 www 1 20 0 26716K 13404K lockf 1:32 0.00% httpd 603 www 1 20 0 26576K 13296K lockf 1:32 0.00% httpd 606 www 1 76 0 26528K 13244K select 1:32 0.00% httpd 1841 www 1 20 0 27044K 14024K lockf 1:32 0.00% httpd 1875 www 1 20 0 30044K 15028K lockf 1:29 0.00% httpd 1097 www 1 20 0 32184K 15784K lockf 1:27 0.00% httpd 5675 www 1 20 0 26384K 13292K lockf 1:19 0.00% httpd 738 mysql 18 20 0 98M 5476K kserel 0:51 0.00% mysqld 60795 postfix 1 8 0 470M 210M nanslp 0:50 0.00% perl5.8.8 68200 postfix 1 8 0 470M 378M nanslp 0:49 0.00% perl5.8.8 53602 postfix 1 8 0 470M 55660K nanslp 0:49 0.00% perl5.8.8 69900 postfix 1 8 0 470M 389M nanslp 0:48 0.00% perl5.8.8 72078 postfix 1 8 0 470M 389M nanslp 0:48 0.00% perl5.8.8 829 privoxy 3 20 0 5628K 2376K kserel 0:39 0.00% privoxy bash-2.05b# /usr/local/sbin/MailScanner --version Running on FreeBSD unix-asp.com 6.0-RELEASE-p5 FreeBSD 6.0-RELEASE-p5 #16: Thu Mar 2 07:59:26 CET 2006 root@unix-asp.com:/usr/obj/usr/src/sys/DEFIANT i386 This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.50.15 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.04 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.16 File::Temp 1.32 HTML::Entities 3.50 HTML::Parser 2.35 HTML::TokeParser 1.22 IO 1.13 IO::File 1.13 IO::Pipe 1.74 Mail::Header 3.07 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.07 MIME::QuotedPrint 5.419 MIME::Tools 0.11 Net::CIDR 1.09 POSIX 1.78 Socket 0.13 Sys::Syslog 1.87 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.814 DB_File 1.11 DBD::SQLite 1.50 DBI 1.14 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.001000 Mail::SpamAssassin 1.999001 Mail::SPF::Query 0.20 Net::CIDR::Lite 0.57 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.56 Test::Harness 0.62 Test::Simple 1.95 Text::Balanced 1.35 URI # System settings # --------------- # # How many MailScanner processes do you want to run at a time? # There is no point increasing this figure if your MailScanner server # is happily keeping up with your mail traffic. # If you are running on a server with more than 1 CPU, or you have a # high mail load (and/or slow DNS lookups) then you should see better # performance if you increase this figure. # If you are running on a small system with limited RAM, you should # note that each child takes just over 20MB. # # As a rough guide, try 5 children per CPU. But read the notes above. Max Children = 5 From shuttlebox at gmail.com Sat Mar 4 09:13:53 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Sat Mar 4 09:13:57 2006 Subject: MailScanner very memory intensive? In-Reply-To: <200603040904.k2494huB017391@bkserver.blacknight.ie> References: <2baac6140603031844oce6d652x3e0ab68faef5a32b@mail.gmail.com> <200603040904.k2494huB017391@bkserver.blacknight.ie> Message-ID: <625385e30603040113j28a93285uf5787c49e061ab94@mail.gmail.com> On 3/4/06, Remy de Ruysscher wrote: > 60795 postfix 1 8 0 470M 210M nanslp 0:50 0.00% perl5.8.8 > 68200 postfix 1 8 0 470M 378M nanslp 0:49 0.00% perl5.8.8 > 53602 postfix 1 8 0 470M 55660K nanslp 0:49 0.00% perl5.8.8 > 69900 postfix 1 8 0 470M 389M nanslp 0:48 0.00% perl5.8.8 > 72078 postfix 1 8 0 470M 389M nanslp 0:48 0.00% perl5.8.8 If those are your MS processes something looks very wrong. Depending on how much rules I use in SA my processes use 25-40 MB of memory per child. Yours are more than 10 times that! You're not using the BigEvil rules are you? -- /peter From dhawal at netmagicsolutions.com Sat Mar 4 09:24:19 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Sat Mar 4 09:24:34 2006 Subject: Going to try upgrading again. In-Reply-To: <4408C565.80200@haigmail.com> References: <4408B630.8070409@haigmail.com> <20060303215129.25859.qmail@mymail.netmagicians.com> <4408C565.80200@haigmail.com> Message-ID: <44095CC3.9090209@netmagicsolutions.com> Lance Haig wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Loads of perl errors when running the install > > I am running on SUSE 9.3 > > Here are some of the errors > > is this bad? ExtUtils-MakeMaker is a part of perl on most linux distributions for some time now.. so there is nothing to worry about. The MailScanner installer also clearly indicates the same.. Can anyone report a linux distro which doesn't bundle ExtUtils-MakeMaker along with perl? Julian if possible, how about skipping this for the RPM based install.sh? - dhawal > Lance > > > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_NW5.pm > Installing > Do not worry too much about errors from the next command. > It is quite likely that some of the Perl modules are > already installed on your system. > > The important ones are HTML-Parser and MIME-tools. > > Preparing... ########################################### > [100%] > package perl-ExtUtils-MakeMaker-6.30-1 is already installed > file /usr/bin/instmodsh from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 From remy at unix-asp.com Sat Mar 4 09:50:24 2006 From: remy at unix-asp.com (Remy de Ruysscher) Date: Sat Mar 4 09:50:55 2006 Subject: MailScanner very memory intensive? In-Reply-To: References: <2baac6140603031844oce6d652x3e0ab68faef5a32b@mail.gmail.com> <200603040904.k2494huB017391@bkserver.blacknight.ie> Message-ID: <200603040950.k249orZ1018728@bkserver.blacknight.ie> Hi, No BigEvil rules are decrepated I believe. I do a.o. have these SA rules: -rw-r--r-- 1 root wheel 24298 Oct 5 22:00 70_sare_evilnum0.cf -rw-r--r-- 1 root wheel 1574 Jun 2 2005 70_sare_evilnum1.cf -rw-r--r-- 1 root wheel 6970 Jun 2 2005 70_sare_evilnum2.cf On Sat, March 4, 2006 10:13, shuttlebox wrote: > On 3/4/06, Remy de Ruysscher wrote: >> 60795 postfix 1 8 0 470M 210M nanslp 0:50 0.00% >> perl5.8.8 >> 68200 postfix 1 8 0 470M 378M nanslp 0:49 0.00% >> perl5.8.8 >> 53602 postfix 1 8 0 470M 55660K nanslp 0:49 0.00% >> perl5.8.8 >> 69900 postfix 1 8 0 470M 389M nanslp 0:48 0.00% >> perl5.8.8 >> 72078 postfix 1 8 0 470M 389M nanslp 0:48 0.00% >> perl5.8.8 > > If those are your MS processes something looks very wrong. Depending > on how much rules I use in SA my processes use 25-40 MB of memory per > child. Yours are more than 10 times that! > > You're not using the BigEvil rules are you? > > -- > /peter > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Met vriendelijk groet / kind regards, Remy de Ruysscher remy@unix-asp.com From james at grayonline.id.au Sat Mar 4 14:35:15 2006 From: james at grayonline.id.au (James Gray) Date: Sat Mar 4 14:35:46 2006 Subject: OT: (\x01)BOUNDARY_OUTLOOK Messages? In-Reply-To: References: Message-ID: <200603050135.21772.james@grayonline.id.au> On Sat, 4 Mar 2006 00:56, Joshua Hirsh wrote: > I've been seeing quite a few messages come through lately that only > contain the word BOUNDARY_OUTLOOK, with a single character at the start > of the word (\x01) (file picks it up as MIPSEL-BE MIPS-III ECOFF > executable not stripped, so they're blocked). > > Is this scrap from some type of broken virus? > > Google doesn't really offer up anything on this.. > > -Joshua Ditto here. Got a couple of them about a week ago, and a few more the other day. I've compared the binary between a few of the messages and it's been different each time. I also fired a (zipped) copy off to a friend who is a bit of a hardware hacker and couldn't find anything that even vaugley resembled assembly etc for any CPU's he's played with (which is many - embedded stuff up to Intel/Sparc/Motorola/AMD/etc). In short - they seem harmless. Usual disclaimers apply though. James -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060305/e636c613/attachment.bin From MailScanner at ecs.soton.ac.uk Sat Mar 4 16:16:32 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 4 16:16:36 2006 Subject: stopping spam from own domain In-Reply-To: <59736.80.213.185.76.1141421986.squirrel@hkskole.no> References: <59736.80.213.185.76.1141421986.squirrel@hkskole.no> Message-ID: <4409BD60.5050008@ecs.soton.ac.uk> pal@hkskole.no wrote: > Running Mailscanner version 4.44.6 and latest version of sendmail on > Fedora core 3, I have a problem with a lot of spam sent to my domain. The > spam mail are recognized as sent from my own domain, with fake sender and > fake receiver addresses. > > My domain is example.com, and the mail are sent to george@example.com from > admin@example.com. This is of cource not true. > > How can I get rid of these mails? > Are the envelope addresses these too? Or is it just the headers? You can make MailScanner add the From and To addresses from the envelope (look for "Envelope From" and "Envelope To" in MailScanner.conf and you'll find the find them). If they match, then you could choose to reject messages (or better just drop them) with a ruleset expressions like "From example.com and To example.com" in an appropriate ruleset for an option like "Is Definitely Spam" and then make definite spam high-scoring and then delete high-scoring spam. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Mar 4 16:18:41 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 4 16:18:47 2006 Subject: Going to try upgrading again. In-Reply-To: <4408C565.80200@haigmail.com> References: <4408B630.8070409@haigmail.com> <20060303215129.25859.qmail@mymail.netmagicians.com> <4408C565.80200@haigmail.com> Message-ID: <4409BDE1.9020800@ecs.soton.ac.uk> That's just install.sh trying to install a package which is already installed, possibly by some other route such as your OS distribution or CPAN. Ignore these. Lance Haig wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Loads of perl errors when running the install > > I am running on SUSE 9.3 > > Here are some of the errors > > is this bad? > > Lance > > > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_NW5.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_OS2.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Packlist.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_QNX.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Manifest.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_VMS.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_VOS.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Command.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Mksymlists.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Mkbootstrap.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_Unix.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Liblist.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_BeOS.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_Cygwin.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Installed.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Command/MM.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/Liblist/Kid.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/FAQ.pod > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/bytes.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/Tutorial.pod > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/vmsish.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/Config.pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man1/instmodsh.1 > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_VMS.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_OS2.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Command::MM.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::testlib.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Liblist.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_VOS.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MY.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Mkbootstrap.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MakeMaker::Tutorial.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_QNX.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Packlist.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MakeMaker::Config.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Mksymlists.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_DOS.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MakeMaker::FAQ.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MakeMaker.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Install.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MakeMaker::bytes.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_Any.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_BeOS.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Command.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_Win32.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_Unix.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_Cygwin.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_Win95.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Installed.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_UWIN.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_MacOS.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MakeMaker::vmsish.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_AIX.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::MM_NW5.3pm > Installing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/share/man/man3/ExtUtils::Manifest.3pm > Installing /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/bin/instmodsh > Writing > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/i586-linux-thread-multi/auto/ExtUtils/MakeMaker/.packlist > Appending installation info to > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/i586-linux-thread-multi/perllocal.pod > + '[' -x /usr/lib/rpm/brp-compress ']' > + /usr/lib/rpm/brp-compress > + find /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr -type f -print > + sed 's@^/var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root@@g' > + grep -v perllocal.pod > + grep -v '\.packlist' > ++ cat ExtUtils-MakeMaker-6.30-filelist > + '[' '/usr/bin/instmodsh > /usr/lib/perl5/5.8.6/ExtUtils/MM_MacOS.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM.pm > /usr/lib/perl5/5.8.6/ExtUtils/MY.pm > /usr/lib/perl5/5.8.6/ExtUtils/testlib.pm > /usr/lib/perl5/5.8.6/ExtUtils/Install.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM_AIX.pm > /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM_DOS.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM_Any.pm > /usr/lib/perl5/5.8.6/ExtUtils/Command/MM.pm > /usr/lib/perl5/5.8.6/ExtUtils/MANIFEST.SKIP > /usr/lib/perl5/5.8.6/ExtUtils/MM_Win32.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM_Win95.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM_UWIN.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM_NW5.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM_OS2.pm > /usr/lib/perl5/5.8.6/ExtUtils/Packlist.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM_QNX.pm > /usr/lib/perl5/5.8.6/ExtUtils/Manifest.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM_VMS.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM_VOS.pm > /usr/lib/perl5/5.8.6/ExtUtils/Liblist/Kid.pm > /usr/lib/perl5/5.8.6/ExtUtils/Command.pm > /usr/lib/perl5/5.8.6/ExtUtils/Mksymlists.pm > /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/FAQ.pod > /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/bytes.pm > /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/Tutorial.pod > /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/vmsish.pm > /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/Config.pm > /usr/lib/perl5/5.8.6/ExtUtils/Mkbootstrap.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM_Unix.pm > /usr/lib/perl5/5.8.6/ExtUtils/Liblist.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM_BeOS.pm > /usr/lib/perl5/5.8.6/ExtUtils/MM_Cygwin.pm > /usr/lib/perl5/5.8.6/ExtUtils/Installed.pm > /usr/share/man/man1/instmodsh.1.gz > /usr/share/man/man3/ExtUtils::MM_BeOS.3pm.gz > /usr/share/man/man3/ExtUtils::MM_QNX.3pm.gz > /usr/share/man/man3/ExtUtils::Manifest.3pm.gz > /usr/share/man/man3/ExtUtils::MakeMaker::Tutorial.3pm.gz > /usr/share/man/man3/ExtUtils::MM_MacOS.3pm.gz > /usr/share/man/man3/ExtUtils::MM_AIX.3pm.gz > /usr/share/man/man3/ExtUtils::Liblist.3pm.gz > /usr/share/man/man3/ExtUtils::Packlist.3pm.gz > /usr/share/man/man3/ExtUtils::MM_Any.3pm.gz > /usr/share/man/man3/ExtUtils::MakeMaker::vmsish.3pm.gz > /usr/share/man/man3/ExtUtils::Installed.3pm.gz > /usr/share/man/man3/ExtUtils::MM_DOS.3pm.gz > /usr/share/man/man3/ExtUtils::MM_NW5.3pm.gz > /usr/share/man/man3/ExtUtils::MM.3pm.gz > /usr/share/man/man3/ExtUtils::Install.3pm.gz > /usr/share/man/man3/ExtUtils::Command.3pm.gz > /usr/share/man/man3/ExtUtils::MM_Unix.3pm.gz > /usr/share/man/man3/ExtUtils::MM_Win32.3pm.gz > /usr/share/man/man3/ExtUtils::MakeMaker::Config.3pm.gz > /usr/share/man/man3/ExtUtils::Mkbootstrap.3pm.gz > /usr/share/man/man3/ExtUtils::testlib.3pm.gz > /usr/share/man/man3/ExtUtils::Command::MM.3pm.gz > /usr/share/man/man3/ExtUtils::MM_OS2.3pm.gz > /usr/share/man/man3/ExtUtils::MakeMaker::FAQ.3pm.gz > /usr/share/man/man3/ExtUtils::MY.3pm.gz > /usr/share/man/man3/ExtUtils::Mksymlists.3pm.gz > /usr/share/man/man3/ExtUtils::MM_Win95.3pm.gz > /usr/share/man/man3/ExtUtils::MM_VMS.3pm.gz > /usr/share/man/man3/ExtUtils::MM_Cygwin.3pm.gz > /usr/share/man/man3/ExtUtils::MakeMaker.3pm.gz > /usr/share/man/man3/ExtUtils::MM_UWIN.3pm.gz > /usr/share/man/man3/ExtUtils::MakeMaker::bytes.3pm.gz > /usr/share/man/man3/ExtUtils::MM_VOS.3pm.gzX' = X ']' > + RPM_BUILD_ROOT=/var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root > + export RPM_BUILD_ROOT > + test -x /usr/sbin/Check -a 0 = 0 -o -x /usr/sbin/Check -a '!' -z > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root > + echo 'I call /usr/sbin/Check...' > I call /usr/sbin/Check... > + /usr/sbin/Check > + /usr/lib/rpm/brp-compress > + /usr/lib/rpm/brp-symlink > Processing files: perl-ExtUtils-MakeMaker-6.30-1 > Finding Provides: /usr/lib/rpm/find-provides > Finding Requires: /usr/lib/rpm/find-requires > Provides: perl(DynaLoader) perl(ExtUtils::Command) = 1.09 > perl(ExtUtils::Command::MM) = 0.05 perl(ExtUtils::Install) = 1.33 > perl(ExtUtils::Install::Warn) perl(ExtUtils::Installed) = 0.08 > perl(ExtUtils::Liblist) = 1.01 perl(ExtUtils::Liblist::Kid) = 1.30 > perl(ExtUtils::MM) = 0.05 perl(ExtUtils::MM_AIX) = 0.03 > perl(ExtUtils::MM_Any) = 0.13 perl(ExtUtils::MM_BeOS) = 1.05 > perl(ExtUtils::MM_Cygwin) = 1.08 perl(ExtUtils::MM_DOS) = 0.02 > perl(ExtUtils::MM_MacOS) = 1.08 perl(ExtUtils::MM_NW5) = 2.08 > perl(ExtUtils::MM_OS2) = 1.05 perl(ExtUtils::MM_QNX) = 0.02 > perl(ExtUtils::MM_UWIN) = 0.02 perl(ExtUtils::MM_Unix) = 1.50 > perl(ExtUtils::MM_VMS) = 5.73 perl(ExtUtils::MM_VOS) = 0.02 > perl(ExtUtils::MM_Win32) = 1.12 perl(ExtUtils::MM_Win95) = 0.04 > perl(ExtUtils::MY) = 0.01 perl(ExtUtils::MakeMaker) = 6.30 > perl(ExtUtils::MakeMaker::Config) = 0.02 > perl(ExtUtils::MakeMaker::_version) perl(ExtUtils::MakeMaker::bytes) = > 0.01 perl(ExtUtils::MakeMaker::vmsish) = 0.01 perl(ExtUtils::Manifest) = > 1.46 perl(ExtUtils::Mkbootstrap) = 1.15 perl(ExtUtils::Mksymlists) = > 1.19 perl(ExtUtils::Packlist) = 0.04 perl(ExtUtils::testlib) = 1.15 > perl(MM) perl(MY) perl(main) > Requires(rpmlib): rpmlib(PayloadFilesHavePrefix) <= 4.0-1 > rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(VersionedDependencies) <= > 3.0.3-1 > Requires: /usr/bin/perl > Checking for unpackaged file(s): /usr/lib/rpm/check-files > /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root > warning: Installed (but unpackaged) file(s) found: > > /usr/lib/perl5/5.8.6/i586-linux-thread-multi/auto/ExtUtils/MakeMaker/.packlist > /usr/lib/perl5/5.8.6/i586-linux-thread-multi/perllocal.pod > Wrote: > /usr/src/packages/RPMS/noarch/perl-ExtUtils-MakeMaker-6.30-1.noarch.rpm > Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.88750 > + umask 022 > + cd /usr/src/packages/BUILD > + cd ExtUtils-MakeMaker-6.30 > + rm -rf /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root > + exit 0 > Executing(--clean): /bin/sh -e /var/tmp/rpm-tmp.88750 > + umask 022 > + cd /usr/src/packages/BUILD > + rm -rf ExtUtils-MakeMaker-6.30 > + exit 0 > > > > > Do not worry too much about errors from the next command. > It is quite likely that some of the Perl modules are > already installed on your system. > > The important ones are HTML-Parser and MIME-tools. > > Preparing... ########################################### > [100%] > package perl-ExtUtils-MakeMaker-6.30-1 is already installed > file /usr/bin/instmodsh from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/Command.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/Command/MM.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/Install.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/Liblist/Kid.pm from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MANIFEST.SKIP from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MM.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MM_Any.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MM_BeOS.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MM_Cygwin.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MM_MacOS.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MM_NW5.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MM_OS2.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MM_Unix.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MM_VMS.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MM_Win32.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MM_Win95.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/FAQ.pod from > install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from > package perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/Tutorial.pod from > install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from > package perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/bytes.pm from > install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from > package perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/MakeMaker/vmsish.pm from > install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from > package perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/Manifest.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/lib/perl5/5.8.6/ExtUtils/Packlist.pm from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::Command.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::Command::MM.3pm.gz from > install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from > package perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::Install.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::Installed.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::Liblist.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MM.3pm.gz from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MM_Any.3pm.gz from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MM_BeOS.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MM_Cygwin.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MM_DOS.3pm.gz from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MM_MacOS.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MM_NW5.3pm.gz from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MM_OS2.3pm.gz from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MM_UWIN.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MM_Unix.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MM_VMS.3pm.gz from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MM_Win32.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MM_Win95.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MY.3pm.gz from install of > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MakeMaker.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MakeMaker::FAQ.3pm.gz from > install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from > package perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MakeMaker::Tutorial.3pm.gz > from install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from > package perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MakeMaker::bytes.3pm.gz from > install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from > package perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::MakeMaker::vmsish.3pm.gz from > install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from > package perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::Manifest.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::Mkbootstrap.3pm.gz from > install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from > package perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::Mksymlists.3pm.gz from > install of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from > package perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::Packlist.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > file /usr/share/man/man3/ExtUtils::testlib.3pm.gz from install > of perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > > > Dhawal Doshy wrote: > >> Lance Haig writes: >> >>> 4.51.5-1 ought to the right version to use.. there is atleast one small >>> but significant FIX included (see the changelog for more details).. >>> - dhawal >>> >> Thanks >> Lance >> > - -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > Before posting, read http://wiki.mailscanner.info/posting > Support MailScanner development - buy the book off the website! > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFECMVlM4kHBIBZ61gRAhLwAJ955pZiIsbidEPAYB0lc5I0SH21NACffMA4 > Z5hvyD35sWF/J88hf7xYBpQ= > =G20E > -----END PGP SIGNATURE----- > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Mar 4 16:21:53 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 4 16:21:57 2006 Subject: Released 4.51.5 In-Reply-To: <20060303235603.GB27763@doctor.nl2k.ab.ca> References: <44077823.5060200@ecs.soton.ac.uk> <20060303235603.GB27763@doctor.nl2k.ab.ca> Message-ID: <4409BEA1.4070606@ecs.soton.ac.uk> Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > On Thu, Mar 02, 2006 at 10:56:35PM +0000, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Due to problems with "Use TNEF Contents = replace" not working as >> advertised, I have released 4.51.5 which should fix this problem. >> >> 4.51.4 did not properly delete the winmail.dat file from the message. I >> have completely rewritten the code that does this and it seems to be a >> lot more robust now. >> >> This release also incidentally adds 2 fixes/features: >> - - Logging of batch timing includes number of messages in batch. >> - - Pid File error produced with "MailScanner --lint" is fixed. >> >> >> > While we are at it, I can list the up to date perl modules: > > Archive-Zip-1.16 > Compress-Zlib-1.41 > Convert-BinHex-1.119 (probably no longer mailtained) > Convert-TNEF-0.17 (probably no longer mailtained) > DBD-SQLite-1.11 (recent) > DBI-1.50 (recent) > ExtUtils-MakeMaker-6.30 (recent) > File-Spec had now been incorporated in PathTools-3.16 > File-Temp-0.16 > Getopt-Long-2.35 (current) > HTML-Parser-3.50 (recently changed) > HTML-Tagset-3.10 (current) > IO-stringy-2.110 (current) > MIME-Base64-3.07 (current) > MIME-tools-5.419 (cuurent) > MailTools-1.74 (recently changed) > Net-CIDR-0.11 (recent) > Storable-2.15 > Time-HiRes-1.87 (recently changed) > TimeDate-1.16 (current) > tnef-1.3.4 (current) > > I try to keep up to date. Julian, when I try to update via > your script, the whole procedure breaks apart. > > Is there an explanation? > I don't guarantee that the versions of modules I ship are the most up to date. But I do know that they all work together well. Every now and then people release code that doesn't work perfectly (I'm as bad at that as everyone else) so using the versions I ship will save you a lot of testing as they are known to work well with MailScanner. Feel free to live on the bleeding edge, but don't blame me if you get cut! :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Mar 4 16:27:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 4 16:27:40 2006 Subject: MailScanner very memory intensive? In-Reply-To: <200603040950.k249orZ1018728@bkserver.blacknight.ie> References: <2baac6140603031844oce6d652x3e0ab68faef5a32b@mail.gmail.com> <200603040904.k2494huB017391@bkserver.blacknight.ie> <200603040950.k249orZ1018728@bkserver.blacknight.ie> Message-ID: <4409BFF7.8030001@ecs.soton.ac.uk> Take out all your extra rulesets, upgrade to the latest SpamAssassin (using my easy to install http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz package) and then only add rulesets using Rules_Du_Jour once you are sure everything is working nicely. My normal advice is 1Gb per CPU, as long as the machine isn't doing much else. You can watch to see your actual disk swapping use using the "vmstat" command. A common command for this is "vmstat 5" and the man page for vmstat will tell you what all the columns mean. You are probably looking for "si" and "so" or "pi" and "po". Remy de Ruysscher wrote: > Hi, > > No BigEvil rules are decrepated I believe. I do a.o. have these SA rules: > > -rw-r--r-- 1 root wheel 24298 Oct 5 22:00 70_sare_evilnum0.cf > -rw-r--r-- 1 root wheel 1574 Jun 2 2005 70_sare_evilnum1.cf > -rw-r--r-- 1 root wheel 6970 Jun 2 2005 70_sare_evilnum2.cf > > > On Sat, March 4, 2006 10:13, shuttlebox wrote: > >> On 3/4/06, Remy de Ruysscher wrote: >> >>> 60795 postfix 1 8 0 470M 210M nanslp 0:50 0.00% >>> perl5.8.8 >>> 68200 postfix 1 8 0 470M 378M nanslp 0:49 0.00% >>> perl5.8.8 >>> 53602 postfix 1 8 0 470M 55660K nanslp 0:49 0.00% >>> perl5.8.8 >>> 69900 postfix 1 8 0 470M 389M nanslp 0:48 0.00% >>> perl5.8.8 >>> 72078 postfix 1 8 0 470M 389M nanslp 0:48 0.00% >>> perl5.8.8 >>> >> If those are your MS processes something looks very wrong. Depending >> on how much rules I use in SA my processes use 25-40 MB of memory per >> child. Yours are more than 10 times that! >> >> You're not using the BigEvil rules are you? >> >> -- >> /peter >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > > Met vriendelijk groet / kind regards, > Remy de Ruysscher > > remy@unix-asp.com > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Mar 4 16:30:00 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 4 16:30:03 2006 Subject: Going to try upgrading again. In-Reply-To: <44095CC3.9090209@netmagicsolutions.com> References: <4408B630.8070409@haigmail.com> <20060303215129.25859.qmail@mymail.netmagicians.com> <4408C565.80200@haigmail.com> <44095CC3.9090209@netmagicsolutions.com> Message-ID: <4409C088.1050104@ecs.soton.ac.uk> Dhawal Doshy wrote: > Lance Haig wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Loads of perl errors when running the install >> >> I am running on SUSE 9.3 >> >> Here are some of the errors >> >> is this bad? > > ExtUtils-MakeMaker is a part of perl on most linux distributions for > some time now.. so there is nothing to worry about. The MailScanner > installer also clearly indicates the same.. > > Can anyone report a linux distro which doesn't bundle > ExtUtils-MakeMaker along with perl? > > Julian if possible, how about skipping this for the RPM based install.sh? RAQs don't include a recent-enough version, and there are still quite a lot of them out there. If you use Perl 5.8 then you're fine, but I think most earlier versions need upgrading. If this module is too old, then you will get some *very* strange errors later in the installation which are hard to diagnose, so I make sure it's up to date enough not to cause problems later in a few of the other modules that happen to use recently-added features in it. > > - dhawal > >> Lance >> >> >> Installing >> /var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr/lib/perl5/5.8.6/ExtUtils/MM_NW5.pm >> >> Installing >> Do not worry too much about errors from the next command. >> It is quite likely that some of the Perl modules are >> already installed on your system. >> >> The important ones are HTML-Parser and MIME-tools. >> >> Preparing... ########################################### >> [100%] >> package perl-ExtUtils-MakeMaker-6.30-1 is already installed >> file /usr/bin/instmodsh from install of >> perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package >> perl-5.8.6-5.3 -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Mar 4 16:32:34 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 4 16:32:38 2006 Subject: OT: (\x01)BOUNDARY_OUTLOOK Messages? In-Reply-To: <200603050135.21772.james@grayonline.id.au> References: <200603050135.21772.james@grayonline.id.au> Message-ID: <4409C122.50704@ecs.soton.ac.uk> James Gray wrote: > On Sat, 4 Mar 2006 00:56, Joshua Hirsh wrote: > >> I've been seeing quite a few messages come through lately that only >> contain the word BOUNDARY_OUTLOOK, with a single character at the start >> of the word (\x01) (file picks it up as MIPSEL-BE MIPS-III ECOFF >> executable not stripped, so they're blocked). >> >> Is this scrap from some type of broken virus? >> >> Google doesn't really offer up anything on this.. >> >> -Joshua >> > > Ditto here. Got a couple of them about a week ago, and a few more the other > day. I've compared the binary between a few of the messages and it's been > different each time. I also fired a (zipped) copy off to a friend who is a > bit of a hardware hacker and couldn't find anything that even vaugley > resembled assembly etc for any CPU's he's played with (which is many - > embedded stuff up to Intel/Sparc/Motorola/AMD/etc). > > In short - they seem harmless. Usual disclaimers apply though. > I have seen this once myself too. I added a "COFF executable" "allow" rule to filetype.rules.conf. Would people like me to add that to the distribution? Real COFF executables are pretty harmless as far as I know, but I'm sure someone will correct me. Does anyone use COFF any more? Most systems now use ELF instead. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Sat Mar 4 14:50:29 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Mar 4 16:32:49 2006 Subject: stopping spam from own domain In-Reply-To: <59736.80.213.185.76.1141421986.squirrel@hkskole.no> References: <59736.80.213.185.76.1141421986.squirrel@hkskole.no> Message-ID: <223f97700603040650i1390da86k@mail.gmail.com> On 03/03/06, pal@hkskole.no wrote: > Running Mailscanner version 4.44.6 and latest version of sendmail on > Fedora core 3, I have a problem with a lot of spam sent to my domain. The > spam mail are recognized as sent from my own domain, with fake sender and > fake receiver addresses. > > My domain is example.com, and the mail are sent to george@example.com from > admin@example.com. This is of cource not true. > > How can I get rid of these mails? > -- > P?l Monstad In Postfix (if you had used that MTA) this is rather easy: Just set up appropriate restrictions for the helo_restrictions and sender_restrictions ... a RE map matching your domain and returning a "REJECT you are not me" would handle it nicely (in fact, this is precisely what I do:-). I'm not current on other MTAs, but imagine something can be done there too. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Sat Mar 4 17:00:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 4 17:00:27 2006 Subject: Fwd: New Batch: Found 1768 messages waiting In-Reply-To: References: <001701c63ee9$02793dc0$3004010a@martinhlaptop> <6.2.3.4.0.20060303125249.0671c900@mxt.1bigthink.com> Message-ID: <4409C7A5.6030002@ecs.soton.ac.uk> Scott Silva wrote: >> Crucial lists a 1 gig module for that system, but it is pricey ($414 US) >> I suppose you could fit 2 of them, as I can't remember how many slots the 550 >> has. But you have invested close to a grand in an older system, that you could >> invest into a new 1u system that will run rings around the RAQ. >> I would go for a shared server (or even a dedicated one) from Blacknight Solutions. It will have plenty of power and would be a much better way of investing money than trying to upgrade an old and under-powered raq. Raqs have had their day now, I wouldn't advise pouring any money into them. Give Blacknight a shout and talk to them about getting a server from them. I use Blacknight for all sorts of things now, and they have proved themselves to be very good and very reliable. The tech support is excellent and the prices are good too. They host this mailing list, mailscanner.biz, emailscanner.info (a mirror site for mailscanner.info if I hit problems in Southampton) and jules.fm. They also host a load of other domains for me (39 last count I think) and I have never had a single problem with them. Highly recommended! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Sat Mar 4 15:03:34 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Mar 4 17:40:07 2006 Subject: Fwd: New Batch: Found 1768 messages waiting In-Reply-To: <6.2.3.4.0.20060303125249.0671c900@mxt.1bigthink.com> References: <001701c63ee9$02793dc0$3004010a@martinhlaptop> <6.2.3.4.0.20060303125249.0671c900@mxt.1bigthink.com> Message-ID: <223f97700603040703k2ef2925o@mail.gmail.com> On 03/03/06, dnsadmin 1bigthink.com wrote: > At 12:36 PM 3/3/2006, you wrote: > > > > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of TAC Forums > > Sent: 03 March 2006 17:16 > > To: MailScanner discussion > > Subject: Re: Fwd: New Batch: Found 1768 messages waiting > > > > > With that number of messages waiting and only 256Mb of RAM your machine > > > will be almost at a stand still I would have thought. How many children > > > are you running as doubling the RAM should mean you can increase the > > child > > > processes? > > > > > > Drew > > > > > > The server is a Cobalt RaQ 550 which has a P-III processor (1 GHz) and > > I've configured it to run only one child process. How much do you > > suggest I should increase it to? > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read > http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > AS much as you can squeeze into the thing.. > > The Cobalt maxes out at 512MB, I think. You can look up maximum amount and > type SDRAM replacement at www.crucial.com. > > Sorry, not an advertising plug! You can buy the ram elsewhere! > > Thanks, > Glenn According to http://www.ec.kingston.com/ecom/configurator/modelsinfo.asp?SysID=11839&mfr=Sun&model=Cobalt+RaQ+550+Series&Sys=11839-Sun-Cobalt+RaQ+550+Series&distributor=0&submit1=Search (this isn't a plug either!) it should do at least 1GiB, possibly even 2.... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From nerijus at users.sourceforge.net Sat Mar 4 17:35:31 2006 From: nerijus at users.sourceforge.net (Nerijus Baliunas) Date: Sat Mar 4 17:43:07 2006 Subject: OT: (\x01)BOUNDARY_OUTLOOK Messages? In-Reply-To: <4409C122.50704@ecs.soton.ac.uk> References: <200603050135.21772.james@grayonline.id.au> <4409C122.50704@ecs.soton.ac.uk> Message-ID: <20060304173826.F1D8CEF50@mx.dtiltas.lt> On Sat, 04 Mar 2006 16:32:34 +0000 Julian Field wrote: > I have seen this once myself too. I added a "COFF executable" "allow" > rule to filetype.rules.conf. Would people like me to add that to the > distribution? No. Why make COFF an exception? There are thousands of filetypes in the universe... > Real COFF executables are pretty harmless as far as I > know, but I'm sure someone will correct me. Does anyone use COFF any > more? Most systems now use ELF instead. I never saw ELF attached to the email neither. Regards, Nerijus From glenn.steen at gmail.com Sat Mar 4 15:16:17 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Mar 4 17:53:39 2006 Subject: Fwd: New Batch: Found 1768 messages waiting In-Reply-To: References: <001701c63ee9$02793dc0$3004010a@martinhlaptop> <6.2.3.4.0.20060303125249.0671c900@mxt.1bigthink.com> Message-ID: <223f97700603040716y4bb68a77y@mail.gmail.com> On 04/03/06, Scott Silva wrote: > dnsadmin 1bigthink.com spake the following on 3/3/2006 9:54 AM: > > At 12:36 PM 3/3/2006, you wrote: > > > > > > > > > >> > -----Original Message----- > >> > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> > bounces@lists.mailscanner.info] On Behalf Of TAC Forums > >> > Sent: 03 March 2006 17:16 > >> > To: MailScanner discussion > >> > Subject: Re: Fwd: New Batch: Found 1768 messages waiting > >> > > >> > > With that number of messages waiting and only 256Mb of RAM your > >> machine > >> > > will be almost at a stand still I would have thought. How many > >> children > >> > > are you running as doubling the RAM should mean you can increase the > >> > child > >> > > processes? > >> > > > >> > > Drew > >> > > >> > > >> > The server is a Cobalt RaQ 550 which has a P-III processor (1 GHz) and > >> > I've configured it to run only one child process. How much do you > >> > suggest I should increase it to? > >> > -- > >> > MailScanner mailing list > >> > mailscanner@lists.mailscanner.info > >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > > >> > Before posting, read http://wiki.mailscanner.info/posting > >> > > >> > Support MailScanner development - buy the book off the website! > >> > >> AS much as you can squeeze into the thing.. > > > > The Cobalt maxes out at 512MB, I think. You can look up maximum amount > > and type SDRAM replacement at www.crucial.com . > > > > Sorry, not an advertising plug! You can buy the ram elsewhere! > > > > Thanks, > > Glenn > > > Crucial lists a 1 gig module for that system, but it is pricey ($414 US) > I suppose you could fit 2 of them, as I can't remember how many slots the 550 > has. But you have invested close to a grand in an older system, that you could > invest into a new 1u system that will run rings around the RAQ. > That is steep. Perhaps it's time I actually did a plug for kingston parts then....:-).Getting 2 512 MiB capsules or one 1 Gib ... would set you back far elss if you use the kingston "work-alike-replacements". It's been quite a while since when the use of kingston memory prompted the phrase "do a double-kingston" ... meaning the act of punching the power button twice (effecting a power reset), after the machine had gone bonkers on the shoddy memory:-). They're much better now ... has been using kingston and viking memoryextensively for the past 5-10 years without any more problem than originals would've. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From remy at unix-asp.com Sat Mar 4 21:08:53 2006 From: remy at unix-asp.com (Remy de Ruysscher) Date: Sat Mar 4 21:09:08 2006 Subject: MailScanner very memory intensive? In-Reply-To: References: <2baac6140603031844oce6d652x3e0ab68faef5a32b@mail.gmail.com> <200603040904.k2494huB017391@bkserver.blacknight.ie> <200603040950.k249orZ1018728@bkserver.blacknight.ie> Message-ID: <200603042109.k24L95eR028945@bkserver.blacknight.ie> Hi Julian, Thanks, I found out that SA is indeed using large amounts of memory, by disabling SA in MS. I have cleaned up my SA rules (4.9Mb total in rules), used only a few of the rules mentioned on rulesemporium, but still MS is using around 950Mb with 5 childs. bash-2.05b# spamassassin --version SpamAssassin version 3.1.0 running on Perl version 5.8.8 The server is not heavy used, only for mail gateway and some firewalling/routing. Any more suggestions? Regards, Remy. On Sat, March 4, 2006 17:27, Julian Field wrote: > Take out all your extra rulesets, upgrade to the latest SpamAssassin > (using my easy to install > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz > package) and then only add rulesets using Rules_Du_Jour once you are > sure everything is working nicely. > > My normal advice is 1Gb per CPU, as long as the machine isn't doing much > else. You can watch to see your actual disk swapping use using the > "vmstat" command. A common command for this is "vmstat 5" and the man > page for vmstat will tell you what all the columns mean. You are > probably looking for "si" and "so" or "pi" and "po". > > Remy de Ruysscher wrote: >> Hi, >> >> No BigEvil rules are decrepated I believe. I do a.o. have these SA >> rules: >> >> -rw-r--r-- 1 root wheel 24298 Oct 5 22:00 70_sare_evilnum0.cf >> -rw-r--r-- 1 root wheel 1574 Jun 2 2005 70_sare_evilnum1.cf >> -rw-r--r-- 1 root wheel 6970 Jun 2 2005 70_sare_evilnum2.cf >> >> >> On Sat, March 4, 2006 10:13, shuttlebox wrote: >> >>> On 3/4/06, Remy de Ruysscher wrote: >>> >>>> 60795 postfix 1 8 0 470M 210M nanslp 0:50 0.00% >>>> perl5.8.8 >>>> 68200 postfix 1 8 0 470M 378M nanslp 0:49 0.00% >>>> perl5.8.8 >>>> 53602 postfix 1 8 0 470M 55660K nanslp 0:49 0.00% >>>> perl5.8.8 >>>> 69900 postfix 1 8 0 470M 389M nanslp 0:48 0.00% >>>> perl5.8.8 >>>> 72078 postfix 1 8 0 470M 389M nanslp 0:48 0.00% >>>> perl5.8.8 >>>> >>> If those are your MS processes something looks very wrong. Depending >>> on how much rules I use in SA my processes use 25-40 MB of memory per >>> child. Yours are more than 10 times that! >>> >>> You're not using the BigEvil rules are you? >>> >>> -- >>> /peter >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> >> Met vriendelijk groet / kind regards, >> Remy de Ruysscher >> >> remy@unix-asp.com >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Met vriendelijk groet / kind regards, Remy de Ruysscher remy@unix-asp.com From root at doctor.nl2k.ab.ca Sun Mar 5 00:31:48 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Sun Mar 5 00:31:55 2006 Subject: Released 4.51.5 In-Reply-To: <4409BEA1.4070606@ecs.soton.ac.uk> References: <44077823.5060200@ecs.soton.ac.uk> <20060303235603.GB27763@doctor.nl2k.ab.ca> <4409BEA1.4070606@ecs.soton.ac.uk> Message-ID: <20060305003148.GE20698@doctor.nl2k.ab.ca> On Sat, Mar 04, 2006 at 04:21:53PM +0000, Julian Field wrote: > Dave Shariff Yadallee - System Administrator a.k.a. The Root of the > Problem wrote: > >On Thu, Mar 02, 2006 at 10:56:35PM +0000, Julian Field wrote: > > > >>-----BEGIN PGP SIGNED MESSAGE----- > >>Hash: SHA1 > >> > >>Due to problems with "Use TNEF Contents = replace" not working as > >>advertised, I have released 4.51.5 which should fix this problem. > >> > >>4.51.4 did not properly delete the winmail.dat file from the message. I > >>have completely rewritten the code that does this and it seems to be a > >>lot more robust now. > >> > >>This release also incidentally adds 2 fixes/features: > >>- - Logging of batch timing includes number of messages in batch. > >>- - Pid File error produced with "MailScanner --lint" is fixed. > >> > >> > >> > >While we are at it, I can list the up to date perl modules: > > > >Archive-Zip-1.16 > >Compress-Zlib-1.41 > >Convert-BinHex-1.119 (probably no longer mailtained) > >Convert-TNEF-0.17 (probably no longer mailtained) > >DBD-SQLite-1.11 (recent) > > DBI-1.50 (recent) > >ExtUtils-MakeMaker-6.30 (recent) > >File-Spec had now been incorporated in PathTools-3.16 > > File-Temp-0.16 > >Getopt-Long-2.35 (current) > >HTML-Parser-3.50 (recently changed) > > HTML-Tagset-3.10 (current) > >IO-stringy-2.110 (current) > >MIME-Base64-3.07 (current) > > MIME-tools-5.419 (cuurent) > >MailTools-1.74 (recently changed) > >Net-CIDR-0.11 (recent) > >Storable-2.15 > >Time-HiRes-1.87 (recently changed) > >TimeDate-1.16 (current) > >tnef-1.3.4 (current) > > > >I try to keep up to date. Julian, when I try to update via > >your script, the whole procedure breaks apart. > > > >Is there an explanation? > > > I don't guarantee that the versions of modules I ship are the most up to > date. But I do know that they all work together well. Every now and then > people release code that doesn't work perfectly (I'm as bad at that as > everyone else) so using the versions I ship will save you a lot of > testing as they are known to work well with MailScanner. > > Feel free to live on the bleeding edge, but don't blame me if you get cut! > :-) > Well, I can always go one step back if they are incorrect. So far, I have 0 hiccups to reports and I am using perl 5.8.8 on BSD/OS 4.3.1 > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From admin at thenamegame.com Sun Mar 5 05:06:58 2006 From: admin at thenamegame.com (Michael S.) Date: Sun Mar 5 05:07:20 2006 Subject: BASTED Geocities spam from Brazil Message-ID: <200603050507.k2557HKB020651@bkserver.blacknight.ie> We currently have the follow rules in place to stop these bloody Geocites spam messages; # Geocities Crap uri PROLO_PUBWEB_UKGEO_CHECK1 /^http:\/\/.*\.geocities\.com\// score PROLO_PUBWEB_UKGEO_CHECK1 8.0 describe PROLO_PUBWEB_UKGEO_CHECK1 PROLO_PUBWEB_UKGEO_CHECK1, Body The problem is, geocities.com.br spam is on the rise and all of those are being delivered. Can somebody rewrite the rules above to include geocities.* and geocities.*.* I think it would help a lot of people here. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060305/335a9a93/attachment.html From raymond at prolocation.net Sun Mar 5 09:25:27 2006 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Sun Mar 5 09:26:11 2006 Subject: BASTED Geocities spam from Brazil In-Reply-To: <200603050507.k2557HKB020651@bkserver.blacknight.ie> References: <200603050507.k2557HKB020651@bkserver.blacknight.ie> Message-ID: Hi! > uri PROLO_PUBWEB_UKGEO_CHECK1 /^http:\/\/.*\.geocities\.com\// > score PROLO_PUBWEB_UKGEO_CHECK1 8.0 > describe PROLO_PUBWEB_UKGEO_CHECK1 PROLO_PUBWEB_UKGEO_CHECK1, Body > > The problem is, geocities.com.br spam is on the rise and all of those are > being delivered. You are using a old version of the rule ;) uri PROLO_PUBWEB_GEOSPAM /^http:\/\/((asia|br|ar|it|uk|sg|ca|www|au|in|mx|de|es)\.)?geocities(\.yahoo)?\.com(\.br)?\// score PROLO_PUBWEB_GEOSPAM 12.0 describe PROLO_PUBWEB_GEOSPAM PROLO_PUBWEB_GEO, Body Bye, Raymond. From ljosnet at gmail.com Sun Mar 5 12:51:04 2006 From: ljosnet at gmail.com (emm1) Date: Sun Mar 5 12:51:07 2006 Subject: Problem with MailScanner 4.50 on FreeBSD Message-ID: <910ee2ac0603050451o21928685uda5ea65323a7b4c@mail.gmail.com> Hello, after I upgraded to 4.50 on my FreeBSD 5.4, I noticed there is a change in mailscanner.sh and mta.sh. After reading about it and setting mailscanner_enable="YES" and mta_enable="YES" in rc.conf , the following error occurs when I try to start the MTA: Recipient names must be specified. What is the problem? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060305/bee18905/attachment.html From root at doctor.nl2k.ab.ca Sun Mar 5 13:06:07 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Sun Mar 5 13:06:14 2006 Subject: BASTED Geocities spam from Brazil In-Reply-To: <200603050507.k2557HKB020651@bkserver.blacknight.ie> References: <200603050507.k2557HKB020651@bkserver.blacknight.ie> Message-ID: <20060305130607.GA7932@doctor.nl2k.ab.ca> On Sun, Mar 05, 2006 at 12:06:58AM -0500, Michael S. wrote: > We currently have the follow rules in place to stop these bloody Geocites > spam messages; > > > > # Geocities Crap > > uri PROLO_PUBWEB_UKGEO_CHECK1 /^http:\/\/.*\.geocities\.com\// > > score PROLO_PUBWEB_UKGEO_CHECK1 8.0 > > describe PROLO_PUBWEB_UKGEO_CHECK1 PROLO_PUBWEB_UKGEO_CHECK1, Body > > > > The problem is, geocities.com.br spam is on the rise and all of those are > being delivered. > > > > Can somebody rewrite the rules above to include geocities.* and > geocities.*.* > > > > I think it would help a lot of people here. > > > > Thank you. > In which file does this go into? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From raymond at prolocation.net Sun Mar 5 13:09:56 2006 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Sun Mar 5 13:10:40 2006 Subject: BASTED Geocities spam from Brazil In-Reply-To: <20060305130607.GA7932@doctor.nl2k.ab.ca> References: <200603050507.k2557HKB020651@bkserver.blacknight.ie> <20060305130607.GA7932@doctor.nl2k.ab.ca> Message-ID: Hi! >> # Geocities Crap >> >> uri PROLO_PUBWEB_UKGEO_CHECK1 /^http:\/\/.*\.geocities\.com\// >> >> score PROLO_PUBWEB_UKGEO_CHECK1 8.0 >> >> describe PROLO_PUBWEB_UKGEO_CHECK1 PROLO_PUBWEB_UKGEO_CHECK1, Body >> The problem is, geocities.com.br spam is on the rise and all of those are >> being delivered. >> Can somebody rewrite the rules above to include geocities.* and >> geocities.*.* >> >> I think it would help a lot of people here. > In which file does this go into? Usually somewhere in /etyc/mail/spamassassin ... Most people use local.cf or a custom .cf Bye, Raymond. From james at grayonline.id.au Sun Mar 5 22:16:23 2006 From: james at grayonline.id.au (James Gray) Date: Sun Mar 5 22:39:11 2006 Subject: BASTED Geocities spam from Brazil In-Reply-To: References: <200603050507.k2557HKB020651@bkserver.blacknight.ie> Message-ID: <200603060916.25440.james@grayonline.id.au> On Sunday 05 March 2006 20:25, Raymond Dijkxhoorn wrote: > Hi! > > > uri PROLO_PUBWEB_UKGEO_CHECK1 /^http:\/\/.*\.geocities\.com\// > > score PROLO_PUBWEB_UKGEO_CHECK1 8.0 > > describe PROLO_PUBWEB_UKGEO_CHECK1 PROLO_PUBWEB_UKGEO_CHECK1, Body > > > > The problem is, geocities.com.br spam is on the rise and all of those are > > being delivered. > > You are using a old version of the rule ;) > > uri PROLO_PUBWEB_GEOSPAM > /^http:\/\/((asia|br|ar|it|uk|sg|ca|www|au|in|mx|de|es)\.)?geocities(\.yaho >o)?\.com(\.br)?\// score PROLO_PUBWEB_GEOSPAM 12.0 Nice. BTW, you can reduce the memory footprint fairly significantly if you don't plan to reuse any of the matches in the () (which this rule doesn't). I offer the following memory-friendly version: /^http:\/\/((?:asia|br|ar|it|uk|sg|ca|www|au|in|mx|de|es)\.)?geocities(?: \.yahoo)?\.com(?:\.br)?\// (?:foo) = less memory than (foo) coz Perl doesn't remember the match which means you also can't use $1/$2 etc to repeat the match. My explanation might be lacking a little technical-correctness, but I saw noticeable (15-20%) improvements in memory footprint by rewriting all my rules that didn't require repeat pattern matches using the (?:foo) syntax. I've got a lot of rules though! YMMV and usual disclaimers apply :) Cheers, James -- I don't know half of you half as well as I should like; and I like less than half of you half as well as you deserve. -- J. R. R. Tolkien -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060306/f7895102/attachment.bin From jon.bates at summitmotors.com.au Sun Mar 5 23:02:40 2006 From: jon.bates at summitmotors.com.au (Jon Bates) Date: Sun Mar 5 23:02:53 2006 Subject: Carriage returns removed from text files Message-ID: <200603052301.k25N1X1u009558@summitmotors.com.au> Thanks very much for your reply Glenn. You were right. I turned off the inline signature feature and this has fixed the problem. Now to see if there is a newer fixed version of the Perl module that is causing the problem! I'll post again if I find a resolution. Thanks again Glenn. > Hi Jon, > IIRC this is due to a not-that-easy-to-get-at bug in a supporting perl module, and affects all messages that MailScanner rewrites in some way (like your > spiffy "company disclaimer" below). So a simple thing to test is to make a ruleset exception to adding that ... Might make a difference). At least that > is what my feeble memory is telling me, I might be completely wrong too...:-) > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se From devonharding at gmail.com Mon Mar 6 01:36:03 2006 From: devonharding at gmail.com (Devon Harding) Date: Mon Mar 6 01:36:06 2006 Subject: MailScanner & DoS In-Reply-To: <2baac6140603032221g77096ba4ob13b57bf180f68cc@mail.gmail.com> References: <2baac6140603031844oce6d652x3e0ab68faef5a32b@mail.gmail.com> <200603032001.37639@cs.axint.net> <2baac6140603032221g77096ba4ob13b57bf180f68cc@mail.gmail.com> Message-ID: <2baac6140603051736y6696a517x3364d5710e9773ef@mail.gmail.com> How can I limit concurrent connections from specific IP's with MailScanner? On 3/4/06, Devon Harding wrote: > > Yea, but I want this to be for every one, not just cable users > > > On 3/3/06, Chris Stone wrote: > > > > Try using something like the NJABL_DYNBLOCK rbl to block such cable/dsl > > users > > from connecting...... > > > > On Friday 03 March 2006 07:44 pm, Devon Harding wrote: > > > For some reason, I can't seem to stop hackers from performaing DoS > > against > > > my IPCop fw & MailScanner server. I get alot of these in my > > > /var/log/maillog and the boxes get locked up: > > > > > > Mar 1 20:12:48 mars sendmail[27017]: k220vlXF027017: > > > 69-165-202-64.miamfl.adelphia.net [ 69.165.202.64] did not issue > > > MAIL/EXPN/VRFY/ETRN during connection to MTA > > > Mar 1 20:12:48 mars sendmail[27019]: k220vmrk027019: > > > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > > > MAIL/EXPN/VRFY/ETRN during connection to MTA > > > Mar 1 20:12:48 mars sendmail[27018]: k220vlM8027018: > > > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > > > MAIL/EXPN/VRFY/ETRN during connection to MTA > > > Mar 1 20:12:49 mars sendmail[27020]: k220vm8s027020: > > > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > > > MAIL/EXPN/VRFY/ETRN during connection to MTA > > > Mar 1 20:12:49 mars sendmail[27023]: k220vngJ027023: > > > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > > > MAIL/EXPN/VRFY/ETRN during connection to MTA > > > Mar 1 20:12:49 mars sendmail[27021]: k220vmjG027021: > > > 69-165-202-64.miamfl.adelphia.net [69.165.202.64] did not issue > > > MAIL/EXPN/VRFY/ETRN during connection to MTA > > > > > > What can I do? > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060305/f54c9f06/attachment.html From mikej at rogers.com Mon Mar 6 02:20:40 2006 From: mikej at rogers.com (Mike Jakubik) Date: Mon Mar 6 02:20:24 2006 Subject: MailScanner & DoS In-Reply-To: <2baac6140603051736y6696a517x3364d5710e9773ef@mail.gmail.com> References: <2baac6140603031844oce6d652x3e0ab68faef5a32b@mail.gmail.com> <200603032001.37639@cs.axint.net> <2baac6140603032221g77096ba4ob13b57bf180f68cc@mail.gmail.com> <2baac6140603051736y6696a517x3364d5710e9773ef@mail.gmail.com> Message-ID: <440B9C78.5090202@rogers.com> Devon Harding wrote: > How can I limit concurrent connections from specific IP's with > MailScanner? You can't, mail scanner is not a mail server. From steve.swaney at fsl.com Mon Mar 6 02:21:33 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Mon Mar 6 02:21:36 2006 Subject: MailScanner & DoS In-Reply-To: <2baac6140603051736y6696a517x3364d5710e9773ef@mail.gmail.com> Message-ID: <046101c640c4$aff89770$287ba8c0@office.fsl> ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Devon Harding Sent: Sunday, March 05, 2006 8:36 PM To: MailScanner discussion Subject: Re: MailScanner & DoS How can I limit concurrent connections from specific IP's with MailScanner? On 3/4/06, Devon Harding wrote: Yea, but I want this to be for every one, not just cable users On 3/3/06, Chris Stone < cstone@axint.net> wrote: Try using something like the NJABL_DYNBLOCK rbl to block such cable/dsl users from connecting...... On Friday 03 March 2006 07:44 pm, Devon Harding wrote: > For some reason, I can't seem to stop hackers from performaing DoS against > my IPCop fw & MailScanner server.??I get alot of these in my > /var/log/maillog and the boxes get locked up: > > Mar??1 20:12:48 mars sendmail[27017]: k220vlXF027017: > 69-165-202-64.miamfl.adelphia.net [MailScanner warning: numerical links are often malicious: 69.165.202.64] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA > Mar??1 20:12:48 mars sendmail[27019]: k220vmrk027019: > 69-165-202-64.miamfl.adelphia.net [MailScanner warning: numerical links are often malicious: 69.165.202.64] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA > Mar??1 20:12:48 mars sendmail[27018]: k220vlM8027018: > 69-165-202-64.miamfl.adelphia.net [MailScanner warning: numerical links are often malicious: 69.165.202.64] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA > Mar??1 20:12:49 mars sendmail[27020]: k220vm8s027020: > 69-165-202-64.miamfl.adelphia.net [MailScanner warning: numerical links are often malicious: 69.165.202.64] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA > Mar??1 20:12:49 mars sendmail[27023]: k220vngJ027023: > 69-165-202-64.miamfl.adelphia.net [MailScanner warning: numerical links are often malicious: 69.165.202.64] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA > Mar??1 20:12:49 mars sendmail[27021]: k220vmjG027021: > 69-165-202-64.miamfl.adelphia.net [MailScanner warning: numerical links are often malicious: 69.165.202.64] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA > > What can I do? That's a job for your MTA not MailScanner :) If you're using a recent version of sendmail, 8.13.x, it's pretty easy. Check out: http://www.technoids.org/dossed.html Hope this helps, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From linux_spartacus at yahoo.com Mon Mar 6 02:47:22 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Mon Mar 6 02:47:24 2006 Subject: how to allow zip files ? Message-ID: <20060306024722.62699.qmail@web35605.mail.mud.yahoo.com> hi guys, im having some trouble here. my clients usually send bitmap files and now MS automatically removes it. Then i tried zipping them still they cant send the attachment. How can i allow zipped files to be send or zipped files with password only? tnx --------------------------------- Yahoo! Mail Bring photos to life! New PhotoMail makes sharing a breeze. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060305/bf377c6c/attachment.html From lox at birdy.nc Mon Mar 6 03:19:03 2006 From: lox at birdy.nc (Laurent Dinclaux) Date: Mon Mar 6 03:19:27 2006 Subject: MailScanner SMTP question Message-ID: <440BAA27.2030201@birdy.nc> Hello, I know I should buy the book and I certainly will, but I would like to know where is MailScanner "sitting" in a SMTP transaction. I mean, is MailScanner able to reject a mail at SMTP level, before downloading it and wasting bandwidth? Best regards -- Laurent Dinclaux Birdy Communication Responsable D?veloppement lox@birdy.nc Mobile : +687 849 272 T?l/fax : +687 278 888 From Jeff.Mills at versacold.com.au Mon Mar 6 03:41:12 2006 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Mon Mar 6 03:41:42 2006 Subject: MailScanner SMTP question Message-ID: <197F21E06E4D2A478519EA9078D6AA1C01B0AD15@poclexch.AU.POCOLD.POCL> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf > Of Laurent > Dinclaux > Sent: Monday, 6 March 2006 2:19 PM > To: MailScanner discussion > Subject: MailScanner SMTP question > > I mean, is MailScanner able to reject a mail at SMTP level, before > downloading it and wasting bandwidth? > MailScanner sits between an external MTA and your "real" mail system. MailScanner does not handle SMTP. You may be able to configure your MTA to reject certain mail at SMTP level, but this is not MailScanner. If you want a system like that, you could try Messagewall. *** "This company is now part of the Versacold Holdings Corp. and is no longer owned by or affiliated with the P&O Group" *** Please update your address books: Was: firstname.lastname@pocold.com.au Now: firstname.lastname@versacold.com.au ************** www.versacold.com ************** From lox at birdy.nc Mon Mar 6 03:53:00 2006 From: lox at birdy.nc (Laurent Dinclaux) Date: Mon Mar 6 03:53:22 2006 Subject: MailScanner SMTP question In-Reply-To: <197F21E06E4D2A478519EA9078D6AA1C01B0AD15@poclexch.AU.POCOLD.POCL> References: <197F21E06E4D2A478519EA9078D6AA1C01B0AD15@poclexch.AU.POCOLD.POCL> Message-ID: <440BB21C.90400@birdy.nc> Jeff Mills a ?crit : > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf >> Of Laurent >> Dinclaux >> Sent: Monday, 6 March 2006 2:19 PM >> To: MailScanner discussion >> Subject: MailScanner SMTP question >> > >> I mean, is MailScanner able to reject a mail at SMTP level, before >> downloading it and wasting bandwidth? >> > > > MailScanner sits between an external MTA and your "real" mail system. > MailScanner does not handle SMTP. > You may be able to configure your MTA to reject certain mail at SMTP level, but this is not MailScanner. > If you want a system like that, you could try Messagewall. Thanks From james at grayonline.id.au Mon Mar 6 03:54:22 2006 From: james at grayonline.id.au (James Gray) Date: Mon Mar 6 03:55:10 2006 Subject: MailScanner SMTP question In-Reply-To: <440BAA27.2030201@birdy.nc> References: <440BAA27.2030201@birdy.nc> Message-ID: <200603061454.27783.james@grayonline.id.au> On Monday 06 March 2006 14:19, Laurent Dinclaux wrote: > Hello, > > I know I should buy the book and I certainly will, but I would like to > know where is MailScanner "sitting" in a SMTP transaction. > I mean, is MailScanner able to reject a mail at SMTP level, before > downloading it and wasting bandwidth? No. Mailscanner sits between two MTA queues: Internet -> Incoming MTA -> MailScanner -> Outgoing MTA It's important to note the MTA's DON'T interact with each other or MailScanner. All three processes operate independantly although all rely on each other. Here's a better overview: http://www.fsl.com/Fortress_SMGateway_Architecture_Diagram.pdf Specifically, look at Figure 2 on page 3. Cheers, James -- List at least two alternate dates. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060306/181f90dd/attachment.bin From james at grayonline.id.au Mon Mar 6 03:57:11 2006 From: james at grayonline.id.au (James Gray) Date: Mon Mar 6 03:57:51 2006 Subject: MailScanner SMTP question In-Reply-To: <440BAA27.2030201@birdy.nc> References: <440BAA27.2030201@birdy.nc> Message-ID: <200603061457.12576.james@grayonline.id.au> On Monday 06 March 2006 14:19, Laurent Dinclaux wrote: > Hello, > > I know I should buy the book and I certainly will, but I would like to > know where is MailScanner "sitting" in a SMTP transaction. > I mean, is MailScanner able to reject a mail at SMTP level, before > downloading it and wasting bandwidth? ...and here's just a plain-old JPEG of the MailScanner process: http://www.hitechsavvy.com/downloads/MailScanner_Process_Overview_v3.jpg Amazing what you can turn up on Google with "MailScanner Diagram" :) HTH, James -- You can never tell which way the train went by looking at the tracks. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060306/1bcc466c/attachment.bin From tristan at witenko.com Mon Mar 6 05:23:59 2006 From: tristan at witenko.com (Tristan Rhodes) Date: Mon Mar 6 05:20:12 2006 Subject: VMware Virtual Appliance Challenge: Create a MailScanner-based email gateway Message-ID: <440BC76F.3050305@witenko.com> "VMware invites you to put your skills to the test, go head-to-head with your peers, and develop the best virtual appliance the industry has ever seen. Using open source or freely distributable components and/or your own code, create the most inventive and useful virtual appliance and win the $100,000 first prize!" (http://www.vmware.com/vmtn/appliances/challenge/) This would be a great opportunity for a team of MailScanner users/developers to create an email gateway appliance based on MailScanner. The idea is to create a pre-configured Linux distribution that includes all the pieces of a filtering email gateway appliance. This might include a SMTP server, MailScanner, SpamAssassin, ClamAV, MailWatch, etc. The appliance would be most successful if every aspect of it could be managed from a web-interface. This includes configuring the MTA, MailScanner, installing security updates, starting/stopping the services, adding/removing users, and perhaps more. I hope some of you find this interesting and create a team to enter the competition. Tristan Rhodes From strydom.dave at gmail.com Mon Mar 6 06:31:57 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Mon Mar 6 06:32:00 2006 Subject: MailScanner SMTP question In-Reply-To: <200603061457.12576.james@grayonline.id.au> References: <440BAA27.2030201@birdy.nc> <200603061457.12576.james@grayonline.id.au> Message-ID: what you are looking for is exim-config http://www.jcdigita.com/eximconfig/ I use that with my MailScanner, i find it works the best. Dave On 3/6/06, James Gray wrote: > On Monday 06 March 2006 14:19, Laurent Dinclaux wrote: > > Hello, > > > > I know I should buy the book and I certainly will, but I would like to > > know where is MailScanner "sitting" in a SMTP transaction. > > I mean, is MailScanner able to reject a mail at SMTP level, before > > downloading it and wasting bandwidth? > > ...and here's just a plain-old JPEG of the MailScanner process: > > http://www.hitechsavvy.com/downloads/MailScanner_Process_Overview_v3.jpg > > Amazing what you can turn up on Google with "MailScanner Diagram" :) > > HTH, > > James > -- > You can never tell which way the train went by looking at the tracks. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > From Jan-Peter.Koopmann at seceidos.de Mon Mar 6 07:44:46 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Mon Mar 6 07:44:57 2006 Subject: Problem with MailScanner 4.50 on FreeBSD Message-ID: On Sonntag, 5. M?rz 2006 1:51 emm1 wrote: > setting mailscanner_enable="YES" and mta_enable="YES" in rc.conf , > the following error occurs when I try to start the MTA: Have you set the other mta_ parameters in rc.conf as well? Regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060306/1dc6fe79/smime.bin From ljosnet at gmail.com Mon Mar 6 08:35:15 2006 From: ljosnet at gmail.com (emm1) Date: Mon Mar 6 08:35:19 2006 Subject: Problem with MailScanner 4.50 on FreeBSD In-Reply-To: References: Message-ID: <910ee2ac0603060035p5878659fi8840257ed78a84ae@mail.gmail.com> Yeah, I've tried many things. Still it has the same problem. :) On 3/6/06, Koopmann, Jan-Peter wrote: > > On Sonntag, 5. M?rz 2006 1:51 emm1 wrote: > > > setting mailscanner_enable="YES" and mta_enable="YES" in rc.conf , > > the following error occurs when I try to start the MTA: > > Have you set the other mta_ parameters in rc.conf as well? > > Regards, > JP > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060306/7ad9377b/attachment.html From MailScanner at ecs.soton.ac.uk Mon Mar 6 08:38:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 6 08:38:43 2006 Subject: how to allow zip files ? In-Reply-To: <20060306024722.62699.qmail@web35605.mail.mud.yahoo.com> References: <20060306024722.62699.qmail@web35605.mail.mud.yahoo.com> Message-ID: <64EE87EF-586C-4B83-921F-85BD886C5FA7@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 6 Mar 2006, at 02:47, spart cus wrote: > hi guys, > im having some trouble here. my clients usually send bitmap files > and now MS automatically removes it. Then i tried zipping them > still they cant send the attachment. How can i allow zipped files > to be send or zipped files with password only? Remove the line from filename.rules.conf that is blocking them. Easy :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAv1Dfw32o+k+q+hAQHfbwf8CKKzCAyz0k0YUw+amGAymj5lyFs/MLtY YnGsF9aKct+PRT5r3NpCHlRe6GRBpRWh3JGbY8iwbDEJ/ZExZqf+wgCUZPbxh9zY hNLcmkdvyCzU4Za/37VfShsre4gZKWHFZ7kBlWWfnixEz9+N88Cx8ooexo5LRIsm 5NXl9qd7XAjVgqWKk8LYLocE+r6KvtlM5A7yzQX7d0QAPEYPqzdmDOK1g5LGBv0G +Jgm9mWcnI0w30IA7Cc4bcKUOuzaxtPlcdYLlUUXjgB+C7WswUc7WVgHm7FMZf40 aaCnktAYF7whi6t/Jnwo+BeDC0SHBTJ7JlGZuxD5wU3V8Q5R+BlCRg== =VX39 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solid-state-logic.com Mon Mar 6 09:04:10 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Mar 6 09:04:28 2006 Subject: MailScanner SMTP question In-Reply-To: <440BAA27.2030201@birdy.nc> Message-ID: <011e01c640fc$f046dcf0$3004010a@martinhlaptop> Hi Other people have answered about the way MS works.. But in answer to you final question, no it can't reject at smtp connect time. BUT what I do it reject all non-valid email addresses at smtp time, I drop about 70% of my inbound email that way. How you do this is MTA and local setup dependant (ie if you run Active Directory you can get many MTA to query that on the fly, or you have to rely on separate files of valid addresses etc etc). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Laurent Dinclaux > Sent: 06 March 2006 03:19 > To: MailScanner discussion > Subject: MailScanner SMTP question > > Hello, > > I know I should buy the book and I certainly will, but I would like to > know where is MailScanner "sitting" in a SMTP transaction. > I mean, is MailScanner able to reject a mail at SMTP level, before > downloading it and wasting bandwidth? > > Best regards > > -- > Laurent Dinclaux > Birdy Communication > Responsable D?veloppement > lox@birdy.nc > > Mobile : +687 849 272 > T?l/fax : +687 278 888 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Mon Mar 6 11:00:29 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 6 11:00:46 2006 Subject: MailScanner SMTP question In-Reply-To: <440BAA27.2030201@birdy.nc> References: <440BAA27.2030201@birdy.nc> Message-ID: <7C42FF8F-3C08-4962-8D54-3546FB53AC15@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- The one thing you can do to alleviate this with MailScanner is to use the "IPBlock" code within CustomConfig.pm. It only works with sendmail, if I remember correctly. You can put the maximum limit of email messages per hour that you accept from a domain or a block of IP addresses. Once it gets more messages that that from an address (or IP) it starts telling sendmail to block mail from that address. Once an hour the counters are reset. Not many people use this, which is why it isn't a core feature, but the person who asked me to write it makes great use of it. Fundamentally, this is really a job for you MTA, and not MailScanner at all. If you are using sendmail, then there are milters such as milter-ahead which will check the addresses it receives are real on your system, and rejects all messages that are being delivered to non- existent addresses. It is a lot faster than you might think it would be, as it does lots of caching, and it will reject a message long before the content of the message is transmitted. Thoroughly recommended. There are mailing list postings and Wiki pages that will tell you how to do something similar on other MTAs. On 6 Mar 2006, at 03:19, Laurent Dinclaux wrote: > Hello, > > I know I should buy the book and I certainly will, but I would like > to know where is MailScanner "sitting" in a SMTP transaction. > I mean, is MailScanner able to reject a mail at SMTP level, before > downloading it and wasting bandwidth? > > Best regards > > -- > Laurent Dinclaux > Birdy Communication > Responsable D?veloppement > lox@birdy.nc > > Mobile : +687 849 272 > T?l/fax : +687 278 888 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAwWT/w32o+k+q+hAQH02gf+IBGzHmB0qm/Fuhv+/NSJhhXPUm9FcDL+ Svvu0JJg58rOU+igVQc8I+RESfiT5sPVs3OhSqRzCSAldjTCdxW8zyYbKroWdJPg 0ec5WHSZofsZem4fngQ4dzNKDQq13cHE42iDQbLQoJa1XgyFnbtcKQAOA4B/jPbG rsUpS/bc8RfqRD93ZrbqaeYPP7X8t0icI6EU1vzqSOcHmvMxBEzrd0OZScWuaMLQ I0810vqv8J4YiL6dZjw7DdVUDyqi8DEFRYbd1OAoA40K7BDlRGdGVPy4IkKkqzJB 9jSjYOn5n+yNla4xx2EBAmcSD90qz8S5QfgQ5PgRcrK3eN2yWXuj3w== =rp3E -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve.swaney at fsl.com Mon Mar 6 13:52:01 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Mon Mar 6 13:52:05 2006 Subject: MailScanner SMTP question In-Reply-To: <440BAA27.2030201@birdy.nc> Message-ID: <04e301c64125$25055660$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Laurent Dinclaux > Sent: Sunday, March 05, 2006 10:19 PM > To: MailScanner discussion > Subject: MailScanner SMTP question > > Hello, > > I know I should buy the book and I certainly will, but I would like to > know where is MailScanner "sitting" in a SMTP transaction. > I mean, is MailScanner able to reject a mail at SMTP level, before > downloading it and wasting bandwidth? > > Best regards > > -- > Laurent Dinclaux > Birdy Communication > Responsable D?veloppement > lox@birdy.nc The MailScanner manual available on our web site: http://www.fsl.com/support/MailScanner-Manual-Version-1.0.1.pdf Has a MailScanner Process Flow diagram on page two. It needs to be updated to show the new cache checking process added in version 4.50. That check will be added just as the message is picked up from the incoming queue and before any other check are performed. The cache will be updated with the checksum and score after the message finishes the SpamAssassin checks. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From jaearick at colby.edu Mon Mar 6 15:44:58 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon Mar 6 15:45:16 2006 Subject: BASTED Geocities spam from Brazil In-Reply-To: References: <200603050507.k2557HKB020651@bkserver.blacknight.ie> Message-ID: Raymond, Did this rule come from someplace else, or did you cook it up? Jeff Earickson Colby College On Sun, 5 Mar 2006, Raymond Dijkxhoorn wrote: > Date: Sun, 5 Mar 2006 10:25:27 +0100 (CET) > From: Raymond Dijkxhoorn > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: BASTED Geocities spam from Brazil > > Hi! > >> uri PROLO_PUBWEB_UKGEO_CHECK1 /^http:\/\/.*\.geocities\.com\// >> score PROLO_PUBWEB_UKGEO_CHECK1 8.0 >> describe PROLO_PUBWEB_UKGEO_CHECK1 PROLO_PUBWEB_UKGEO_CHECK1, Body >> >> The problem is, geocities.com.br spam is on the rise and all of those are >> being delivered. > > You are using a old version of the rule ;) > > uri PROLO_PUBWEB_GEOSPAM > /^http:\/\/((asia|br|ar|it|uk|sg|ca|www|au|in|mx|de|es)\.)?geocities(\.yahoo)?\.com(\.br)?\// > score PROLO_PUBWEB_GEOSPAM 12.0 > describe PROLO_PUBWEB_GEOSPAM PROLO_PUBWEB_GEO, Body > > Bye, > Raymond. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From raymond at prolocation.net Mon Mar 6 15:50:07 2006 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Mon Mar 6 15:50:07 2006 Subject: BASTED Geocities spam from Brazil In-Reply-To: References: <200603050507.k2557HKB020651@bkserver.blacknight.ie> Message-ID: Hi Jeff, > Did this rule come from someplace else, or did you cook it up? >> uri PROLO_PUBWEB_GEOSPAM >> /^http:\/\/((asia|br|ar|it|uk|sg|ca|www|au|in|mx|de|es)\.)?geocities(\.yahoo)?\.com(\.br)?\// >> score PROLO_PUBWEB_GEOSPAM 12.0 describe PROLO_PUBWEB_GEOSPAM >> PROLO_PUBWEB_GEO, Body Its a combi, you can find a somehow altered one inside SARE also. Bye, Raymond. From bpumphrey at WoodMacLaw.com Mon Mar 6 16:40:12 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Mon Mar 6 16:40:16 2006 Subject: Now... My linux machine will not boot - stuck at starting MailScanner Message-ID: <04D932B0071FE34FA63EBB1977B48D15DCC0ED@woodenex.woodmaclaw.local> Now I did it. I rebooted my machine trying to get DCC installed and it will not go past the "Starting MailScanner:" screen. I tried shutting it down and turning it back on again, I figured that it would not work and it did not help. The last things that I did were: - Downloaded DCC from http://www.dcc-servers.net/dcc/ - Installed using http://flakshack.com/anti-spam/wiki/index.php?page=Installing+DCC - I keep getting: [7382] warn: config: failed to parse line, skipping: dcc_path /usr/local/bin/dccproc On a spamassassin lint test - I checked the DCC install using: http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamass assin:plugins:dcc:dccifd_install&s=dcc After the reboot step from the link above, this happened. Any ideas? Thank you From nate.olson at ndsu.edu Mon Mar 6 16:51:59 2006 From: nate.olson at ndsu.edu (Nathan Olson) Date: Mon Mar 6 16:52:02 2006 Subject: Now... My linux machine will not boot - stuck at starting MailScanner In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15DCC0ED@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15DCC0ED@woodenex.woodmaclaw.local> Message-ID: <8f54b4330603060851l77fd735drd3f9b4c442c95115@mail.gmail.com> Type 'single' at the linux: boot prompt (LILO) or edit your GRUB boot line to include it. Be prepared to provide the root password. /sbin/service MailScanner stop /sbin/chkconfig MailScanner off reboot (or telinit). Nate From rpoe at plattesheriff.org Mon Mar 6 16:52:34 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Mon Mar 6 16:52:48 2006 Subject: Now... My linux machine will not boot - stuck at starting MailScanner In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15DCC0ED@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15DCC0ED@woodenex.woodmaclaw.local> Message-ID: <440C1472.65ED.00A2.0@plattesheriff.org> boot into single mode, disable the service reboot regularly???? as a linux semi-noob, that's the first step i'd try >>> bpumphrey@WoodMacLaw.com 3/6/2006 10:40:12 AM >>> Now I did it. I rebooted my machine trying to get DCC installed and it will not go past the "Starting MailScanner:" screen. I tried shutting it down and turning it back on again, I figured that it would not work and it did not help. The last things that I did were: - Downloaded DCC from http://www.dcc-servers.net/dcc/ - Installed using http://flakshack.com/anti-spam/wiki/index.php?page=Installing+DCC - I keep getting: [7382] warn: config: failed to parse line, skipping: dcc_path /usr/local/bin/dccproc On a spamassassin lint test - I checked the DCC install using: http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamass assin:plugins:dcc:dccifd_install&s=dcc After the reboot step from the link above, this happened. Any ideas? Thank you -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From damian at workgroupsolutions.com Mon Mar 6 18:22:50 2006 From: damian at workgroupsolutions.com (Damian Mendoza) Date: Mon Mar 6 18:22:57 2006 Subject: MailScanner halts, dies, stops randomly about once a month Message-ID: <0C941442AC84A8449448BA2207DD4F4D0CCB91@core01.workgroupsolutions.com> Hi, I've been fighting this problem for months now on multiple installations where MailScanner stops even running the latest version 4.5-15 and SA 3.1. I'm using Fedora Core 1 with sendmail 8.13, ClamAV and F-Prot, 512MB memory to 1GB memory, happens more on busy servers with a load of 2.50 or higher. I restart MailScanner and everything starts working again. One installation was down for 16 hours then the automatic MailScanner restart got everything going again. Most lockups are down until I manually restart MailScanner. I thought the default MailScanner restart was every four hours and not sure why that does not always get everything going again. When the problem occurs a "telnet to localhost port 25" on the server results in "connection refused" Any advice will be greatly appreciated. The following is a maillog file with connection refused at the bottom of the file and valid message processed just before the problem occurred: Mar 4 02:12:50 spamgate MailScanner[6207]: Message k247CkSA014987 from 66.129.64.140 (norberto@bresnan.net) to bbsjax.com is spam, Spam Assassin (score=68.8, required 8, autolearn=spam, BAYES_99 3.50, DATE_IN_FUTURE_12_24 3.03, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, RAZOR2 _CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_IN_CHINA 8.00, RCVD_IN_SBL 0.11, SARE_RECV_IP_061172 1.67, SARE_SPEC_LEO_PHARM 1.67, URIB L_AB_SURBL 8.00, URIBL_BLACK 6.00, URIBL_JP_SURBL 8.00, URIBL_OB_SURBL 8.00, URIBL_SBL 1.00, URIBL_SPAMCOP_SURBL 8.00, URIBL_WS_SURBL 8. 00) Mar 4 02:12:52 spamgate MailScanner[6207]: Spam Checks: Found 1 spam messages Mar 4 02:12:52 spamgate MailScanner[6207]: Spam Actions: message k247CkSA014987 actions are store Mar 4 02:12:52 spamgate MailScanner[6207]: Virus and Content Scanning: Starting Mar 4 02:13:22 spamgate sendmail[15021]: k247DLYO015021: from=, size=489, class=0, nrcpts=1, msgid=<200603040820.k248 K0JU026126@localhost.localdomain>, proto=SMTP, daemon=MTA, relay=nsc69.38.18-110.newsouth.net [69.38.18.110] Mar 4 02:13:22 spamgate sendmail[15021]: k247DLYO015021: to=, delay=00:00:00, mailer=esmtp, pri=30489, stat=queued Mar 4 02:13:22 spamgate sendmail[15022]: k247DMbc015022: from=, size=940, class=0, nrcpts=1, msgid=<200603040910.k249 A0x07541@vfcprimary.mem.sysco.com>, proto=SMTP, daemon=MTA, relay=smtpout.sysco.com [129.41.168.196] Mar 4 02:13:22 spamgate sendmail[15022]: k247DMbc015022: to=, delay=00:00:00, mailer=esmtp, pri=30940, stat=queued Mar 4 02:13:22 spamgate MailScanner[6207]: New Batch: Scanning 2 messages, 2455 bytes Mar 4 02:13:22 spamgate MailScanner[6207]: Spam Checks: Starting Mar 4 02:13:28 spamgate MailScanner[6207]: Virus and Content Scanning: Starting Mar 4 02:13:30 spamgate MailScanner[6207]: Uninfected: Delivered 2 messages Mar 4 02:13:30 spamgate sendmail[15051]: k247DLYO015021: to=, delay=00:00:08, xdelay=00:00:00, mailer=esmtp, pri=1204 89, relay=[192.168.1.17] [192.168.1.17], dsn=2.0.0, stat=Sent ( <200603040820.k248K0JU026126@localhost.localdomain> Queued mail for deli very) Mar 4 02:13:30 spamgate sendmail[15051]: k247DMbc015022: to=, delay=00:00:08, xdelay=00:00:00, mailer=esmtp, pri=1209 40, relay=[192.168.1.17] [192.168.1.17], dsn=2.0.0, stat=Sent ( <200603040910.k249A0x07541@vfcprimary.mem.sysco.com> Queued mail for del ivery) Mar 4 02:15:01 spamgate MailScanner[6673]: MailScanner child caught a SIGHUP Mar 4 02:15:01 spamgate MailScanner[6673]: Config: calling custom end function MailWatchLogging Mar 4 02:15:01 spamgate MailScanner[6673]: Disconnected from the database Mar 4 02:15:01 spamgate MailScanner[6207]: MailScanner child caught a SIGHUP Mar 4 02:15:01 spamgate MailScanner[6207]: Config: calling custom end function MailWatchLogging Mar 4 02:15:01 spamgate MailScanner[6207]: Disconnected from the database Mar 4 02:15:01 spamgate MailScanner[6425]: MailScanner child caught a SIGHUP Mar 4 02:15:01 spamgate MailScanner[6425]: Config: calling custom end function MailWatchLogging Mar 4 02:15:01 spamgate MailScanner[6425]: Disconnected from the database Mar 4 02:15:01 spamgate MailScanner[6186]: MailScanner child caught a SIGHUP Mar 4 02:15:01 spamgate MailScanner[6186]: Config: calling custom end function MailWatchLogging Mar 4 02:15:01 spamgate MailScanner[6186]: Disconnected from the database Mar 4 02:15:01 spamgate MailScanner[6601]: MailScanner child caught a SIGHUP Mar 4 02:15:01 spamgate MailScanner[6601]: Config: calling custom end function MailWatchLogging Mar 4 02:15:01 spamgate MailScanner[6601]: Disconnected from the database Mar 4 02:16:20 spamgate sendmail[15192]: alias database /etc/aliases rebuilt by root Mar 4 02:16:20 spamgate sendmail[15192]: /etc/aliases: 63 aliases, longest 10 bytes, 625 bytes total Mar 4 02:16:20 spamgate sm-msp-queue[15202]: starting daemon (8.13.1): queueing@00:15:00 Mar 4 02:16:20 spamgate sendmail[15207]: starting daemon (8.13.1): queueing@00:15:00 Mar 4 02:16:26 spamgate MailScanner[15228]: MailScanner E-Mail Virus Scanner version 4.45.4 starting... Mar 4 02:16:26 spamgate MailScanner[15228]: Config: calling custom init function MailWatchLogging Mar 4 02:16:28 spamgate MailScanner[15228]: Initialising database connection Mar 4 02:16:28 spamgate MailScanner[15228]: Finished initialising database connection Mar 4 02:16:36 spamgate MailScanner[15228]: Using locktype = posix Mar 4 02:16:36 spamgate MailScanner[15228]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Mar 4 02:16:37 spamgate MailScanner[15241]: MailScanner E-Mail Virus Scanner version 4.45.4 starting... Mar 4 02:16:37 spamgate MailScanner[15241]: Config: calling custom init function MailWatchLogging Mar 4 02:16:38 spamgate MailScanner[15241]: Initialising database connection Mar 4 02:16:39 spamgate MailScanner[15241]: Finished initialising database connection Mar 4 02:16:46 spamgate MailScanner[15241]: Using locktype = posix Mar 4 02:16:46 spamgate MailScanner[15241]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Mar 4 02:16:48 spamgate MailScanner[15250]: MailScanner E-Mail Virus Scanner version 4.45.4 starting... Mar 4 02:16:48 spamgate MailScanner[15250]: Config: calling custom init function MailWatchLogging Mar 4 02:16:49 spamgate MailScanner[15250]: Initialising database connection Mar 4 02:16:50 spamgate MailScanner[15250]: Finished initialising database connection Mar 4 02:16:57 spamgate MailScanner[15250]: Using locktype = posix Mar 4 02:16:57 spamgate MailScanner[15250]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Mar 4 02:16:59 spamgate MailScanner[15259]: MailScanner E-Mail Virus Scanner version 4.45.4 starting... Mar 4 02:16:59 spamgate MailScanner[15259]: Config: calling custom init function MailWatchLogging Mar 4 02:17:00 spamgate MailScanner[15259]: Initialising database connection Mar 4 02:17:01 spamgate MailScanner[15259]: Finished initialising database connection Mar 4 02:17:08 spamgate MailScanner[15259]: Using locktype = posix Mar 4 02:17:08 spamgate MailScanner[15259]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Mar 4 02:17:10 spamgate MailScanner[15266]: MailScanner E-Mail Virus Scanner version 4.45.4 starting... Mar 4 02:17:10 spamgate MailScanner[15266]: Config: calling custom init function MailWatchLogging Mar 4 02:17:11 spamgate MailScanner[15266]: Initialising database connection Mar 4 02:17:12 spamgate MailScanner[15266]: Finished initialising database connection Mar 4 02:17:20 spamgate MailScanner[15266]: Using locktype = posix Mar 4 02:17:20 spamgate MailScanner[15266]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Mar 4 02:48:59 spamgate sendmail[13327]: k246mxvT013327: timeout waiting for input from savingsfare.com during server cmd read Mar 4 03:00:05 spamgate sendmail[14073]: k24704lw014073: timeout waiting for input from c-68-50-207-165.hsd1.md.comcast.net during serv er cmd read Mar 4 03:00:05 spamgate sendmail[14073]: k24704lw014073: c-68-50-207-165.hsd1.md.comcast.net [68.50.207.165] did not issue MAIL/EXPN/VR FY/ETRN during connection to MTA Mar 4 03:01:00 spamgate update.virus.scanners: Delaying cron job up to 600 seconds Mar 4 03:04:22 spamgate update.virus.scanners: Found clamav installed Mar 4 03:04:22 spamgate update.virus.scanners: Running autoupdate for clamav Mar 4 03:04:23 spamgate freshclam[16700]: Daemon started. Mar 4 03:04:23 spamgate freshclam[16700]: ClamAV update process started at Sat Mar 4 03:04:23 2006 Mar 4 03:04:23 spamgate freshclam[16700]: WARNING: Your ClamAV installation is OUTDATED! Mar 4 03:04:23 spamgate freshclam[16700]: WARNING: Local version: 0.87.1 Recommended version: 0.88 Mar 4 03:04:23 spamgate freshclam[16700]: DON'T PANIC! Read http://www.clamav.net/faq.html Mar 4 03:04:23 spamgate freshclam[16700]: main.cvd is up to date (version: 36, sigs: 44686, f-level: 7, builder: tkojm) Mar 4 03:04:23 spamgate freshclam[16700]: WARNING: Your ClamAV installation is OUTDATED! Mar 4 03:04:23 spamgate freshclam[16700]: WARNING: Current functionality level = 6, recommended = 7 Mar 4 03:04:23 spamgate freshclam[16700]: DON'T PANIC! Read http://www.clamav.net/faq.html Mar 4 03:04:23 spamgate freshclam[16700]: daily.cvd is up to date (version: 1313, sigs: 1082, f-level: 7, builder: diego) Mar 4 03:04:23 spamgate freshclam[16700]: WARNING: Your ClamAV installation is OUTDATED! Mar 4 03:04:23 spamgate freshclam[16700]: WARNING: Current functionality level = 6, recommended = 7 Mar 4 03:04:23 spamgate freshclam[16700]: DON'T PANIC! Read http://www.clamav.net/faq.html Mar 4 03:04:23 spamgate ClamAV-autoupdate[16699]: ClamAV did not need updating Mar 4 03:04:23 spamgate update.virus.scanners: Found f-prot installed Mar 4 03:04:23 spamgate update.virus.scanners: Running autoupdate for f-prot Mar 4 03:04:23 spamgate F-Prot autoupdate[16723]: F-Prot did not need updating. Mar 4 03:04:23 spamgate update.virus.scanners: Found generic installed Mar 4 03:04:23 spamgate update.virus.scanners: Running autoupdate for generic Mar 4 03:24:32 spamgate sendmail[12216]: k246OTIC012216: timeout waiting for input from [61.50.157.158] during message collect Mar 4 03:24:32 spamgate sendmail[12216]: k246OTIC012216: from=, size=1330, class=0, nrcpts=1, msgid=<001b01c63f54 $34187a79$e15a323d@klck>, proto=SMTP, daemon=MTA, relay=[61.50.157.158] Mar 4 03:24:32 spamgate sendmail[12216]: k246OTIC012216: to=, delay=02:00:01, pri=31330, stat=timeout waiting for i nput during message collect Mar 4 04:01:00 spamgate update.virus.scanners: Delaying cron job up to 600 seconds Mar 4 04:02:05 spamgate sendmail[17089]: k24925kl017089: from=root, size=6613, class=0, nrcpts=1, msgid=<200603040902.k24925kl017089@sp amgate.bbsjax.com>, relay=root@localhost Mar 4 04:02:05 spamgate sendmail[17089]: k24925kl017089: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pr i=36613, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1] Regards, Damian -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060306/a9c363a4/attachment.html From shuttlebox at gmail.com Mon Mar 6 18:34:42 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Mar 6 18:34:46 2006 Subject: MailScanner halts, dies, stops randomly about once a month In-Reply-To: <0C941442AC84A8449448BA2207DD4F4D0CCB91@core01.workgroupsolutions.com> References: <0C941442AC84A8449448BA2207DD4F4D0CCB91@core01.workgroupsolutions.com> Message-ID: <625385e30603061034y79b84af1h397c5468515d699c@mail.gmail.com> On 3/6/06, Damian Mendoza wrote: > When the problem occurs a "telnet to localhost port 25" on the server > results in "connection refused" It's Sendmail that answers that call, not MS so you have a problem before MS. -- /peter From sysadmin at aismedia.com Mon Mar 6 18:35:19 2006 From: sysadmin at aismedia.com (Syadmin) Date: Mon Mar 6 18:35:41 2006 Subject: MailScanner halts, dies, stops randomly about once a month In-Reply-To: <0C941442AC84A8449448BA2207DD4F4D0CCB91@core01.workgroupsolutions.com> Message-ID: <001301c6414c$b8a0be60$1300a8c0@aismediaw.atlp.aismedia.com> What else is going on on that server when this happens? What is the load? What do you do to "fix" the error? Do you know that the mailscanner restart script is NOT running? Have you checked the cron log (/var/log/cron)? -Grant _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Mendoza Sent: Monday, March 06, 2006 1:23 PM To: mailscanner@lists.mailscanner.info Subject: MailScanner halts, dies, stops randomly about once a month Hi, I've been fighting this problem for months now on multiple installations where MailScanner stops even running the latest version 4.5-15 and SA 3.1. I'm using Fedora Core 1 with sendmail 8.13, ClamAV and F-Prot, 512MB memory to 1GB memory, happens more on busy servers with a load of 2.50 or higher. I restart MailScanner and everything starts working again. One installation was down for 16 hours then the automatic MailScanner restart got everything going again. Most lockups are down until I manually restart MailScanner. I thought the default MailScanner restart was every four hours and not sure why that does not always get everything going again. When the problem occurs a "telnet to localhost port 25" on the server results in "connection refused" Any advice will be greatly appreciated. The following is a maillog file with connection refused at the bottom of the file and valid message processed just before the problem occurred: Mar 4 02:12:50 spamgate MailScanner[6207]: Message k247CkSA014987 from 66.129.64.140 (norberto@bresnan.net) to bbsjax.com is spam, Spam Assassin (score=68.8, required 8, autolearn=spam, BAYES_99 3.50, DATE_IN_FUTURE_12_24 3.03, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, RAZOR2 _CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_IN_CHINA 8.00, RCVD_IN_SBL 0.11, SARE_RECV_IP_061172 1.67, SARE_SPEC_LEO_PHARM 1.67, URIB L_AB_SURBL 8.00, URIBL_BLACK 6.00, URIBL_JP_SURBL 8.00, URIBL_OB_SURBL 8.00, URIBL_SBL 1.00, URIBL_SPAMCOP_SURBL 8.00, URIBL_WS_SURBL 8. 00) Mar 4 02:12:52 spamgate MailScanner[6207]: Spam Checks: Found 1 spam messages Mar 4 02:12:52 spamgate MailScanner[6207]: Spam Actions: message k247CkSA014987 actions are store Mar 4 02:12:52 spamgate MailScanner[6207]: Virus and Content Scanning: Starting Mar 4 02:13:22 spamgate sendmail[15021]: k247DLYO015021: from=, size=489, class=0, nrcpts=1, msgid=<200603040820.k248 K0JU026126@localhost.localdomain>, proto=SMTP, daemon=MTA, relay=nsc69.38.18-110.newsouth.net [69.38.18.110] Mar 4 02:13:22 spamgate sendmail[15021]: k247DLYO015021: to=, delay=00:00:00, mailer=esmtp, pri=30489, stat=queued Mar 4 02:13:22 spamgate sendmail[15022]: k247DMbc015022: from=, size=940, class=0, nrcpts=1, msgid=<200603040910.k249 A0x07541@vfcprimary.mem.sysco.com>, proto=SMTP, daemon=MTA, relay=smtpout.sysco.com [129.41.168.196] Mar 4 02:13:22 spamgate sendmail[15022]: k247DMbc015022: to=, delay=00:00:00, mailer=esmtp, pri=30940, stat=queued Mar 4 02:13:22 spamgate MailScanner[6207]: New Batch: Scanning 2 messages, 2455 bytes Mar 4 02:13:22 spamgate MailScanner[6207]: Spam Checks: Starting Mar 4 02:13:28 spamgate MailScanner[6207]: Virus and Content Scanning: Starting Mar 4 02:13:30 spamgate MailScanner[6207]: Uninfected: Delivered 2 messages Mar 4 02:13:30 spamgate sendmail[15051]: k247DLYO015021: to=, delay=00:00:08, xdelay=00:00:00, mailer=esmtp, pri=1204 89, relay=[192.168.1.17] [192.168.1.17], dsn=2.0.0, stat=Sent ( <200603040820.k248K0JU026126@localhost.localdomain> Queued mail for deli very) Mar 4 02:13:30 spamgate sendmail[15051]: k247DMbc015022: to=, delay=00:00:08, xdelay=00:00:00, mailer=esmtp, pri=1209 40, relay=[192.168.1.17] [192.168.1.17], dsn=2.0.0, stat=Sent ( <200603040910.k249A0x07541@vfcprimary.mem.sysco.com> Queued mail for del ivery) Mar 4 02:15:01 spamgate MailScanner[6673]: MailScanner child caught a SIGHUP Mar 4 02:15:01 spamgate MailScanner[6673]: Config: calling custom end function MailWatchLogging Mar 4 02:15:01 spamgate MailScanner[6673]: Disconnected from the database Mar 4 02:15:01 spamgate MailScanner[6207]: MailScanner child caught a SIGHUP Mar 4 02:15:01 spamgate MailScanner[6207]: Config: calling custom end function MailWatchLogging Mar 4 02:15:01 spamgate MailScanner[6207]: Disconnected from the database Mar 4 02:15:01 spamgate MailScanner[6425]: MailScanner child caught a SIGHUP Mar 4 02:15:01 spamgate MailScanner[6425]: Config: calling custom end function MailWatchLogging Mar 4 02:15:01 spamgate MailScanner[6425]: Disconnected from the database Mar 4 02:15:01 spamgate MailScanner[6186]: MailScanner child caught a SIGHUP Mar 4 02:15:01 spamgate MailScanner[6186]: Config: calling custom end function MailWatchLogging Mar 4 02:15:01 spamgate MailScanner[6186]: Disconnected from the database Mar 4 02:15:01 spamgate MailScanner[6601]: MailScanner child caught a SIGHUP Mar 4 02:15:01 spamgate MailScanner[6601]: Config: calling custom end function MailWatchLogging Mar 4 02:15:01 spamgate MailScanner[6601]: Disconnected from the database Mar 4 02:16:20 spamgate sendmail[15192]: alias database /etc/aliases rebuilt by root Mar 4 02:16:20 spamgate sendmail[15192]: /etc/aliases: 63 aliases, longest 10 bytes, 625 bytes total Mar 4 02:16:20 spamgate sm-msp-queue[15202]: starting daemon (8.13.1): queueing@00:15:00 Mar 4 02:16:20 spamgate sendmail[15207]: starting daemon (8.13.1): queueing@00:15:00 Mar 4 02:16:26 spamgate MailScanner[15228]: MailScanner E-Mail Virus Scanner version 4.45.4 starting... Mar 4 02:16:26 spamgate MailScanner[15228]: Config: calling custom init function MailWatchLogging Mar 4 02:16:28 spamgate MailScanner[15228]: Initialising database connection Mar 4 02:16:28 spamgate MailScanner[15228]: Finished initialising database connection Mar 4 02:16:36 spamgate MailScanner[15228]: Using locktype = posix Mar 4 02:16:36 spamgate MailScanner[15228]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Mar 4 02:16:37 spamgate MailScanner[15241]: MailScanner E-Mail Virus Scanner version 4.45.4 starting... Mar 4 02:16:37 spamgate MailScanner[15241]: Config: calling custom init function MailWatchLogging Mar 4 02:16:38 spamgate MailScanner[15241]: Initialising database connection Mar 4 02:16:39 spamgate MailScanner[15241]: Finished initialising database connection Mar 4 02:16:46 spamgate MailScanner[15241]: Using locktype = posix Mar 4 02:16:46 spamgate MailScanner[15241]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Mar 4 02:16:48 spamgate MailScanner[15250]: MailScanner E-Mail Virus Scanner version 4.45.4 starting... Mar 4 02:16:48 spamgate MailScanner[15250]: Config: calling custom init function MailWatchLogging Mar 4 02:16:49 spamgate MailScanner[15250]: Initialising database connection Mar 4 02:16:50 spamgate MailScanner[15250]: Finished initialising database connection Mar 4 02:16:57 spamgate MailScanner[15250]: Using locktype = posix Mar 4 02:16:57 spamgate MailScanner[15250]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Mar 4 02:16:59 spamgate MailScanner[15259]: MailScanner E-Mail Virus Scanner version 4.45.4 starting... Mar 4 02:16:59 spamgate MailScanner[15259]: Config: calling custom init function MailWatchLogging Mar 4 02:17:00 spamgate MailScanner[15259]: Initialising database connection Mar 4 02:17:01 spamgate MailScanner[15259]: Finished initialising database connection Mar 4 02:17:08 spamgate MailScanner[15259]: Using locktype = posix Mar 4 02:17:08 spamgate MailScanner[15259]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Mar 4 02:17:10 spamgate MailScanner[15266]: MailScanner E-Mail Virus Scanner version 4.45.4 starting... Mar 4 02:17:10 spamgate MailScanner[15266]: Config: calling custom init function MailWatchLogging Mar 4 02:17:11 spamgate MailScanner[15266]: Initialising database connection Mar 4 02:17:12 spamgate MailScanner[15266]: Finished initialising database connection Mar 4 02:17:20 spamgate MailScanner[15266]: Using locktype = posix Mar 4 02:17:20 spamgate MailScanner[15266]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Mar 4 02:48:59 spamgate sendmail[13327]: k246mxvT013327: timeout waiting for input from savingsfare.com during server cmd read Mar 4 03:00:05 spamgate sendmail[14073]: k24704lw014073: timeout waiting for input from c-68-50-207-165.hsd1.md.comcast.net during serv er cmd read Mar 4 03:00:05 spamgate sendmail[14073]: k24704lw014073: c-68-50-207-165.hsd1.md.comcast.net [68.50.207.165] did not issue MAIL/EXPN/VR FY/ETRN during connection to MTA Mar 4 03:01:00 spamgate update.virus.scanners: Delaying cron job up to 600 seconds Mar 4 03:04:22 spamgate update.virus.scanners: Found clamav installed Mar 4 03:04:22 spamgate update.virus.scanners: Running autoupdate for clamav Mar 4 03:04:23 spamgate freshclam[16700]: Daemon started. Mar 4 03:04:23 spamgate freshclam[16700]: ClamAV update process started at Sat Mar 4 03:04:23 2006 Mar 4 03:04:23 spamgate freshclam[16700]: WARNING: Your ClamAV installation is OUTDATED! Mar 4 03:04:23 spamgate freshclam[16700]: WARNING: Local version: 0.87.1 Recommended version: 0.88 Mar 4 03:04:23 spamgate freshclam[16700]: DON'T PANIC! Read http://www.clamav.net/faq.html Mar 4 03:04:23 spamgate freshclam[16700]: main.cvd is up to date (version: 36, sigs: 44686, f-level: 7, builder: tkojm) Mar 4 03:04:23 spamgate freshclam[16700]: WARNING: Your ClamAV installation is OUTDATED! Mar 4 03:04:23 spamgate freshclam[16700]: WARNING: Current functionality level = 6, recommended = 7 Mar 4 03:04:23 spamgate freshclam[16700]: DON'T PANIC! Read http://www.clamav.net/faq.html Mar 4 03:04:23 spamgate freshclam[16700]: daily.cvd is up to date (version: 1313, sigs: 1082, f-level: 7, builder: diego) Mar 4 03:04:23 spamgate freshclam[16700]: WARNING: Your ClamAV installation is OUTDATED! Mar 4 03:04:23 spamgate freshclam[16700]: WARNING: Current functionality level = 6, recommended = 7 Mar 4 03:04:23 spamgate freshclam[16700]: DON'T PANIC! Read http://www.clamav.net/faq.html Mar 4 03:04:23 spamgate ClamAV-autoupdate[16699]: ClamAV did not need updating Mar 4 03:04:23 spamgate update.virus.scanners: Found f-prot installed Mar 4 03:04:23 spamgate update.virus.scanners: Running autoupdate for f-prot Mar 4 03:04:23 spamgate F-Prot autoupdate[16723]: F-Prot did not need updating. Mar 4 03:04:23 spamgate update.virus.scanners: Found generic installed Mar 4 03:04:23 spamgate update.virus.scanners: Running autoupdate for generic Mar 4 03:24:32 spamgate sendmail[12216]: k246OTIC012216: timeout waiting for input from [61.50.157.158] during message collect Mar 4 03:24:32 spamgate sendmail[12216]: k246OTIC012216: from=, size=1330, class=0, nrcpts=1, msgid=<001b01c63f54 $34187a79$e15a323d@klck>, proto=SMTP, daemon=MTA, relay=[61.50.157.158] Mar 4 03:24:32 spamgate sendmail[12216]: k246OTIC012216: to=, delay=02:00:01, pri=31330, stat=timeout waiting for i nput during message collect Mar 4 04:01:00 spamgate update.virus.scanners: Delaying cron job up to 600 seconds Mar 4 04:02:05 spamgate sendmail[17089]: k24925kl017089: from=root, size=6613, class=0, nrcpts=1, msgid=<200603040902.k24925kl017089@sp amgate.bbsjax.com>, relay=root@localhost Mar 4 04:02:05 spamgate sendmail[17089]: k24925kl017089: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pr i=36613, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1] Regards, Damian -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060306/9a396ad4/attachment-0001.html From damian at workgroupsolutions.com Mon Mar 6 18:54:31 2006 From: damian at workgroupsolutions.com (Damian Mendoza) Date: Mon Mar 6 18:54:36 2006 Subject: MailScanner halts, dies, stops randomly about once a month Message-ID: <0C941442AC84A8449448BA2207DD4F4D0CCB95@core01.workgroupsolutions.com> Thanks Grant, I will look a lot closer at sendmail, now that you mention it I'm running a beta version of sendmail. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shuttlebox Sent: Monday, March 06, 2006 10:35 AM To: MailScanner discussion Subject: Re: MailScanner halts, dies, stops randomly about once a month On 3/6/06, Damian Mendoza wrote: > When the problem occurs a "telnet to localhost port 25" on the server > results in "connection refused" It's Sendmail that answers that call, not MS so you have a problem before MS. -- /peter -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From shrek-m at gmx.de Mon Mar 6 21:11:05 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Mon Mar 6 21:11:16 2006 Subject: Now... My linux machine will not boot - stuck at starting MailScanner In-Reply-To: <440C1472.65ED.00A2.0@plattesheriff.org> References: <04D932B0071FE34FA63EBB1977B48D15DCC0ED@woodenex.woodmaclaw.local> <440C1472.65ED.00A2.0@plattesheriff.org> Message-ID: <440CA569.90106@gmx.de> On 06.03.2006 17:52, Rob Poe wrote: >boot into single mode, > > as a semi-noob i would try the "interactive mode" at least under redhat/fedora $ grep interactive /etc/rc.sysinit echo -en $"\t\tPress 'I' to enter interactive startup." start MailScanner ? no logon as root and fix the problem or ... >... disable the service >reboot regularly???? > >as a linux semi-noob, that's the first step i'd try > -- shrek-m From bpumphrey at WoodMacLaw.com Mon Mar 6 21:35:29 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Mon Mar 6 21:35:32 2006 Subject: --lint test and DCC Message-ID: <04D932B0071FE34FA63EBB1977B48D15DCC325@woodenex.woodmaclaw.local> I am having a heck of a time getting the lint test to return without the error: [4456] warn: config: failed to parse line, skipping: dcc_path /usr/local/bin/dccproc I have tried all of the instruction in http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamass assin:plugins:dcc:dccifd_install&s=dcc#extra If I insert the cline dcc_home /var/dcc I get another parse line error, skipping: dcc_home /var/dcc. Any help is appreciated. Thank you From nate.olson at ndsu.edu Mon Mar 6 21:48:41 2006 From: nate.olson at ndsu.edu (Nathan Olson) Date: Mon Mar 6 21:48:54 2006 Subject: --lint test and DCC In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15DCC325@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15DCC325@woodenex.woodmaclaw.local> Message-ID: <8f54b4330603061348g379090aagb691323a85d59eab@mail.gmail.com> Does the SpamAssassin DCC plugin successfully load? If not, it doesn't know what dcc_path is. Nate From nate.olson at ndsu.edu Mon Mar 6 22:27:39 2006 From: nate.olson at ndsu.edu (Nathan Olson) Date: Mon Mar 6 22:27:43 2006 Subject: Custom Function question. Message-ID: <8f54b4330603061427n5dbaf506lfd7642e635c9d7b9@mail.gmail.com> Can you use a Custom Function for the value of 'High Scoring Spam Actions'? The Custom Function documentation says values must be returned in MailScanner's internal format. I can't find any internal format information for 'delete' (for example) in CustomDefs.pm Nate From nate.olson at ndsu.edu Mon Mar 6 22:28:45 2006 From: nate.olson at ndsu.edu (Nathan Olson) Date: Mon Mar 6 22:28:47 2006 Subject: Custom Function question. In-Reply-To: <8f54b4330603061427n5dbaf506lfd7642e635c9d7b9@mail.gmail.com> References: <8f54b4330603061427n5dbaf506lfd7642e635c9d7b9@mail.gmail.com> Message-ID: <8f54b4330603061428p680300d5y8524132a3714146a@mail.gmail.com> I meant ConfigDefs.pl, not CustomDefs.pm. Sorry about that. Nate From nate.olson at ndsu.edu Mon Mar 6 22:39:32 2006 From: nate.olson at ndsu.edu (Nathan Olson) Date: Mon Mar 6 22:39:35 2006 Subject: Custom Function question. In-Reply-To: <8f54b4330603061428p680300d5y8524132a3714146a@mail.gmail.com> References: <8f54b4330603061427n5dbaf506lfd7642e635c9d7b9@mail.gmail.com> <8f54b4330603061428p680300d5y8524132a3714146a@mail.gmail.com> Message-ID: <8f54b4330603061439k6a9d6fe1s1961c7315094c43b@mail.gmail.com> Aaannnddd nevermind. Apologies, Nate From lox at birdy.nc Mon Mar 6 23:50:14 2006 From: lox at birdy.nc (Laurent Dinclaux) Date: Mon Mar 6 23:57:18 2006 Subject: MailScanner SMTP question In-Reply-To: References: <440BAA27.2030201@birdy.nc> <200603061457.12576.james@grayonline.id.au> Message-ID: <440CCAB6.8020706@birdy.nc> > what you are looking for is exim-config http://www.jcdigita.com/eximconfig/ Thanks a lot but I use sendmail... Best regards -- Laurent Dinclaux From bpumphrey at WoodMacLaw.com Tue Mar 7 05:01:03 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Tue Mar 7 05:01:41 2006 Subject: --lint test and DCC References: <04D932B0071FE34FA63EBB1977B48D15DCC325@woodenex.woodmaclaw.local> <8f54b4330603061348g379090aagb691323a85d59eab@mail.gmail.com> Message-ID: <04D932B0071FE34FA63EBB1977B48D155E06D6@woodenex.woodmaclaw.local> ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Nathan Olson Sent: Mon 3/6/2006 4:48 PM To: MailScanner discussion Subject: Re: --lint test and DCC Does the SpamAssassin DCC plugin successfully load? If not, it doesn't know what dcc_path is. Nate -- I am not sure how to test it. I installed it and it seemed successfully. How do I see if it loads or not? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 3456 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060307/f053ac6f/attachment.bin From Jan-Peter.Koopmann at seceidos.de Tue Mar 7 07:24:43 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Tue Mar 7 07:25:01 2006 Subject: Problem with MailScanner 4.50 on FreeBSD Message-ID: Many things does not have to be the "right" things. :-) Show me all your mta related rc.conf settings if possible. Oh and could you possibly use text instead of HTML? Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060307/eb2e20f2/smime.bin From mikej at rogers.com Tue Mar 7 08:17:15 2006 From: mikej at rogers.com (Mike Jakubik) Date: Tue Mar 7 08:17:08 2006 Subject: Problem with MailScanner 4.50 on FreeBSD In-Reply-To: <910ee2ac0603050451o21928685uda5ea65323a7b4c@mail.gmail.com> References: <910ee2ac0603050451o21928685uda5ea65323a7b4c@mail.gmail.com> Message-ID: <440D418B.8070209@rogers.com> emm1 wrote: > > Hello, after I upgraded to 4.50 on my FreeBSD 5.4, I noticed there is > a change in mailscanner.sh and mta.sh. After reading about it and > setting mailscanner_enable="YES" and mta_enable="YES" in rc.conf , the > following error occurs when I try to start the MTA: > I find it much easier and better to use the system (sendmail) or rc (postfix, etc) based startup, instead of this mta script. From Jan-Peter.Koopmann at seceidos.de Tue Mar 7 08:37:42 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Tue Mar 7 08:37:51 2006 Subject: Problem with MailScanner 4.50 on FreeBSD Message-ID: On Tuesday, March 07, 2006 9:17 AM Mike Jakubik wrote: > I find it much easier and better to use the system (sendmail) or rc > (postfix, etc) based startup, instead of this mta script. Help me improve please. What could I do to make the mta.sh script easier? Personally I think it is easier to use mta.sh, especially with Exim. Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060307/97929013/smime.bin From glenn.steen at gmail.com Tue Mar 7 15:10:32 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 7 15:10:35 2006 Subject: --lint test and DCC In-Reply-To: <04D932B0071FE34FA63EBB1977B48D155E06D6@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15DCC325@woodenex.woodmaclaw.local> <8f54b4330603061348g379090aagb691323a85d59eab@mail.gmail.com> <04D932B0071FE34FA63EBB1977B48D155E06D6@woodenex.woodmaclaw.local> Message-ID: <223f97700603070710x79925742h@mail.gmail.com> On 07/03/06, Billy A. Pumphrey wrote: > > > ________________________________ > > From: mailscanner-bounces@lists.mailscanner.info on behalf of Nathan Olson > Sent: Mon 3/6/2006 4:48 PM > To: MailScanner discussion > Subject: Re: --lint test and DCC > > > > Does the SpamAssassin DCC plugin successfully load? > If not, it doesn't know what dcc_path is. > > Nate > -- > I am not sure how to test it. I installed it and it seemed successfully. How do I see if it loads or not? > > # spamassassin --lint -D 2>&1 | less -e .... [27249] dbg: config: read file /root/.spamassassin/user_prefs [27249] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC [27249] dbg: dcc: network tests on, registering DCC [27249] dbg: plugin: registered Mail::SpamAssassin::Plugin::DCC=HASH(0x85a1294) .... At least for SA 3.1.0 (assumes a loadplugin thingy in one of the .pre files). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From algorges at gmail.com Tue Mar 7 15:28:39 2006 From: algorges at gmail.com (ASA) Date: Tue Mar 7 15:26:46 2006 Subject: Phishing site Message-ID: <002001c641fb$d0e345b0$1401a8c0@asanote> This attachment email is never captured by the phishing filter. what could be made so that it was captured? -------------- next part -------------- An embedded message was scrubbed... From: "Spc urgente!" Subject: Ped?ncia spc Date: Tue, 7 Mar 2006 12:05:51 -0300 (BRT) Size: 6675 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060307/9c5524e7/iso-8859-1QPedEAncia_spc.mht From samp at arial-concept.com Tue Mar 7 15:56:58 2006 From: samp at arial-concept.com (Sam Przyswa) Date: Tue Mar 7 15:57:11 2006 Subject: Whitelist from RDNS - DNS Hostname from IP Message-ID: <440DAD4A.5030806@arial-concept.com> Hi, Is it possible to validate some whitelist DNS to enable sites as whitelisted as RDNS - DNS Hostname from IP ? Thanks in advance for your reply. Sam. -- Sam Przyswa - Chef de projet Arial Concept - Int???rateur Internet 36, rue de Turin - 75008 - Paris - France Tel: 01 40 54 86 04 - 0870 444 596 - Fax: 01 40 54 83 01 Skype ID: arial-concept Web: http://www.arial-concept.com - Email: Info@arial-concept.com -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. MailScanner remercie transtec pour son soutien. From hermit921 at yahoo.com Tue Mar 7 16:42:55 2006 From: hermit921 at yahoo.com (hermit921) Date: Tue Mar 7 16:42:16 2006 Subject: CLSID matching In-Reply-To: <44074430.4010602@ecs.soton.ac.uk> References: <44074430.4010602@ecs.soton.ac.uk> Message-ID: <6.2.1.2.2.20060307084017.01de9070@pop.mail.yahoo.com> Then I have a minor request. Can you change this comment line: # Deny filenames ending with CLSID's into this comment line: # Deny filenames containing CLSID's Thanks, hermit921 At 11:14 AM 3/2/2006, Julian Field wrote: > >> -----Original Message----- > >> > >> > >> Back to my original question. Does this expression match anywhere in the > >> file name or match only as the end of the file name? The comments say one > >> thing but I read it as the other. > >> >The expression matches anywhere in the filename, not just at the end. I >decided to make it more general in case there later appeared any other >vulnerabilities of a similar type, and as I said it has never caused a >false alarm that I know of. (Apologies for lousy grammar!) > >Julian Field From MailScanner at ecs.soton.ac.uk Tue Mar 7 19:32:23 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 7 19:32:26 2006 Subject: {Disarmed} Phishing site In-Reply-To: <002001c641fb$d0e345b0$1401a8c0@asanote> References: <002001c641fb$d0e345b0$1401a8c0@asanote> Message-ID: <440DDFC7.6090200@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Which of the links is not taking you to where it says? What does the link say? Where does it take you? ASA wrote: > > This attachment email is never captured by the phishing filter. > what could be made so that it was captured? > > ------------------------------------------------------------------------ > > Subject: > Ped?ncia spc > From: > "Spc urgente!" > Date: > Tue, 7 Mar 2006 12:05:51 -0300 (BRT) > To: > juridico.spc@spc.com.br > > To: > juridico.spc@spc.com.br > > > > > > > / *Notifica??o*/ > > /Comunicamos que seu * (C**PF**/ > CNPJ)* consta > em nossos cadastros por motivo de pend?ncias financeiras, com a > institui??o abaixo relacionada./ > > /Akiyoshi Executivo Central de Cobran?as > - Total de > Pend?ncias: *R$ 1.647,91* / > > /Para sua seguran?a e praticidade e necess?rio baixar o arquivo do > relat?rio de pend?ncias. / > > /Relat?rio de Pend?ncias Financeiras/ > > /* Verifique Pend?ncias > */ > > /Se voc? efetuou a regulariza??o, favor desconsiderar. / > > /Manoel Rocha Heidi > Diretor / > > > > > Copyright ? 2003 Lume Servi?os de Tecnologia Ltda. Todos os direitos > reservados > > ------------------------------------------------------------------------ > Esta mensagem foi verificada pelo Sistema NetUno. > NetUno Internet - http://www.netuno.com.br > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRA3fyBH2WUcUFbZUEQLd7ACggbFBvGYoTHvqshAkeqPzCbvlkzcAoJTE Lmqndm517dLTATW7xNXmWzWZ =hDFy -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Cleveland at winnefox.org Tue Mar 7 19:46:35 2006 From: Cleveland at winnefox.org (Jody Cleveland) Date: Tue Mar 7 19:41:06 2006 Subject: How to block all email sent to a specific email address? Message-ID: <9720CA43F755A148BF65B6618B90CB941A5BB0@magneto.wals.local> Hello, Is it possible to create a rule that would blacklist all mail coming in for a specific email address? Kind of like blacklist *@* to *@xavier.winnefox.org? - jody From Kevin_Miller at ci.juneau.ak.us Tue Mar 7 19:53:10 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Mar 7 19:53:17 2006 Subject: How to block all email sent to a specific email address? Message-ID: Jody Cleveland wrote: > Hello, > > Is it possible to create a rule that would blacklist all mail coming > in for a specific email address? > > Kind of like blacklist *@* to *@xavier.winnefox.org? > > - jody Of course. If you're using Sendmail, look into the access file. You can block it at the MTA level there. I'm sure you can do it w/other MTAs as well, but not sure how. In MailScanner look in the rules directory at spam.blacklist.rules (IIFC. There's examples in there... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From combs at magnet.fsu.edu Tue Mar 7 22:08:46 2006 From: combs at magnet.fsu.edu (Tom Combs) Date: Tue Mar 7 22:08:55 2006 Subject: Log rotation question Message-ID: <440E046E.10907@magnet.fsu.edu> Hello All, I'm working on my logrotate configuration under RHEL 3 to rotate my sendmail and mailscanner logs. Is it recommended to stop the sendmail and MS processes before doing the rotation of the logs? I would think that this would be a good practice if not actually a requirement. My only concern is that the nefu process monitor will see that sendmail/ms is down and send a page, not a good thing. Thanks! -- Tom Combs E-mail: combs@magnet.fsu.edu National High Magnetic Field Laboratory Phone: (850) 644-1657 1800 E. Paul Dirac Drive Tallahassee, FL 32310 From mailstodevi at yahoo.com Wed Mar 8 04:09:44 2006 From: mailstodevi at yahoo.com (Devi S) Date: Wed Mar 8 04:10:03 2006 Subject: bad filename detected: condition to trigger In-Reply-To: <20060120132952.13244.qmail@web50610.mail.yahoo.com> Message-ID: <20060308040944.73483.qmail@web50611.mail.yahoo.com> hi all, In my filename.rules.conf I have denied access to .msg and .zip (and to many other extensions). I also have a ruleset that when a mail is sent from my server tmon.com the filename and filetype rules should not be checked. Now, the problem is when a user from tmon.com is sending a mail with attachment .zip the file is not blocked becuase of the ruleset and this behaviour is correct. But when the user sends a mail with .msg attachment the file is blocked. This looks strange for me. Am I missing something in my configuration? Please advice. Thank you. Regards Devi S. Our greatest glory is not in never falling- but in rising every time we fall - Confucius --------------------------------- Yahoo! Mail Bring photos to life! New PhotoMail makes sharing a breeze. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060307/d1b9f7cb/attachment.html From MailScanner at ecs.soton.ac.uk Wed Mar 8 08:49:09 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 8 08:49:22 2006 Subject: Log rotation question In-Reply-To: <440E046E.10907@magnet.fsu.edu> References: <440E046E.10907@magnet.fsu.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- service MailScanner reload will do MailScanner, and the code for sendmail should already be in the logrotate configuration. On 7 Mar 2006, at 22:08, Tom Combs wrote: > Hello All, > > I'm working on my logrotate configuration under RHEL 3 to rotate my > sendmail and mailscanner logs. Is it recommended to stop the sendmail > and MS processes before doing the rotation of the logs? I would > think > that this would be a good practice if not actually a requirement. > My only > concern is that the nefu process monitor will see that sendmail/ms > is down > and send a page, not a good thing. Thanks! > > -- > Tom Combs E-mail: > combs@magnet.fsu.edu > National High Magnetic Field Laboratory Phone: (850) 644-1657 > 1800 E. Paul Dirac Drive Tallahassee, FL 32310 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRA6aifw32o+k+q+hAQFzWAf+JF3F+8sSvPiggZNL8cM6j2fDyMXS1kQm gapKbDT/pjuYv9hzykjEbpDEXix4sVZBEJz1gnS6q/KwclLhDK7aYysCxSyw59lz hlHhARynW3ujPkdS6Xef5pLB0mWnf/MM8Ze/4HJIcxmqdqmsGy4oEo6AxMjreg1a r20t/ux9BqNPjMysCCgzdQ6AysmDYWp4bnjDgfOaAUWPcO/L3VFCZ07gtddmw9cC GcM9Q+Sp8ymtLIssa8EpRg+sFNuaNMxPUkHqi+QpzarbbUP14DQR9dTwYPhZkY79 GPcf/XJgRj8hOLGFTlPx4TNzF2MyZLUbGpckoE1E7IZG5EbXExS3sQ== =wMf5 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From campbell at cnpapers.com Wed Mar 8 13:56:43 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Mar 8 13:57:02 2006 Subject: Yahoo suggestions Message-ID: <005b01c642b8$220b2810$0705000a@DDF5DW71> I work at a newspaper, and it seem that many vaild contributors have and use yahoo accounts. After checking the logs, I find that about 99.9999999% emails sent from yahoo accounts are truly spam, but there is that small percentage that needs to get through. (Of course, these are always sent and blocked on deadline, so they say) My problem is that all of these yahoo mailings seem to be hit by the same common rules like FORGED_YAHOO_RCVD and NO_REAL_NAME and the like even though these are valid yahoo accounts. I realize that yahoo must be doing some non-standard manipulations, but how do others deal with this other than whitelisting accounts as I get called? My MS is a little bit old, but do the newer versions deal with this or is this something that will just have to be? I certainly don't want to whitelist the entire yahoo.com domain! Thanks Steve Campbell campbell@cnpapers.com Charleston Newspapers From DrewB at united-systems.com Wed Mar 8 14:13:36 2006 From: DrewB at united-systems.com (Drew Burchett) Date: Wed Mar 8 14:13:47 2006 Subject: Yahoo suggestions Message-ID: <1E75E79B854C814784D0E8C5BA55AF76BB0FEA@uss2k01.united-systems.local> One of the things that I do to help the situation is to enable smtpd_recipient_restrictions in postfix. I have the following restrictions set: permit_mynetworks, check_sender_access hash:/etc/postfix/db/senderWhitelist, reject_unauth_destination, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unauth_pipelining, reject_unverified_sender, reject_rbl_client relays.ordb.org, reject_rbl_client opm.blitzed.org, reject_rbl_client list.dsbl.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rhsbl_client blackhole.securitysage.com, reject_rhsbl_sender blackhole.securitysage.com, permit The one that helps the most in this case is the reject_unverified_sender, which makes sure the email account exists at the sender's end before accepting the email. I also use the check_sender_access as a form of whitelist for emails from a specific domain or user that I don't want to get caught by the other checks. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Campbell Sent: Wednesday, March 08, 2006 7:57 AM To: MailScanner mailing list Subject: Yahoo suggestions I work at a newspaper, and it seem that many vaild contributors have and use yahoo accounts. After checking the logs, I find that about 99.9999999% emails sent from yahoo accounts are truly spam, but there is that small percentage that needs to get through. (Of course, these are always sent and blocked on deadline, so they say) My problem is that all of these yahoo mailings seem to be hit by the same common rules like FORGED_YAHOO_RCVD and NO_REAL_NAME and the like even though these are valid yahoo accounts. I realize that yahoo must be doing some non-standard manipulations, but how do others deal with this other than whitelisting accounts as I get called? My MS is a little bit old, but do the newer versions deal with this or is this something that will just have to be? I certainly don't want to whitelist the entire yahoo.com domain! Thanks Steve Campbell campbell@cnpapers.com Charleston Newspapers -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean. From murat at mems.eee.metu.edu.tr Wed Mar 8 14:28:14 2006 From: murat at mems.eee.metu.edu.tr (murat@mems.eee.metu.edu.tr) Date: Wed Mar 8 14:28:37 2006 Subject: Mailscanner hangs after a while Message-ID: <2520.144.122.166.61.1141828094.squirrel@www.mems.eee.metu.edu.tr> Dear all, I have recently installed mailscanner on postfix by following the nice tutorial on debian-administration.org: http://www.debian-administration.org/articles/172 (Secure Spam/Virus filtering system with Debian and MailScanner). I recently recognized that, Mailscanner works well for a while, and then does not scan the mails in the queue. After I restart the mailscanner, it works well again for a while. There is nothing related to this in the log files. Everything seems to be working without errors. How can I solve this problem? My web search says that there are other people facing the same problem, but I could not found any good response to those. Thanks in advance. OS: Debian sarge. Mailscanner version is 4.41.3-2 From DrewB at united-systems.com Wed Mar 8 14:38:46 2006 From: DrewB at united-systems.com (Drew Burchett) Date: Wed Mar 8 14:38:54 2006 Subject: Mailscanner hangs after a while Message-ID: <1E75E79B854C814784D0E8C5BA55AF76BBACAB@uss2k01.united-systems.local> It's hard to tell without some log output, but when this happened to me, it was caused by configuration errors. Specifically, I had misconfigured mysql access and that was killing the processes. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of murat@mems.eee.metu.edu.tr Sent: Wednesday, March 08, 2006 8:28 AM To: mailscanner@lists.mailscanner.info Subject: Mailscanner hangs after a while Dear all, I have recently installed mailscanner on postfix by following the nice tutorial on debian-administration.org: http://www.debian-administration.org/articles/172 (Secure Spam/Virus filtering system with Debian and MailScanner). I recently recognized that, Mailscanner works well for a while, and then does not scan the mails in the queue. After I restart the mailscanner, it works well again for a while. There is nothing related to this in the log files. Everything seems to be working without errors. How can I solve this problem? My web search says that there are other people facing the same problem, but I could not found any good response to those. Thanks in advance. OS: Debian sarge. Mailscanner version is 4.41.3-2 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean. From rcooper at dwford.com Wed Mar 8 14:54:14 2006 From: rcooper at dwford.com (Rick Cooper) Date: Wed Mar 8 14:59:27 2006 Subject: Just a test Message-ID: Haven't recieved anything from the list since yesterday afternoon, just checking Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gmatt at nerc.ac.uk Wed Mar 8 15:03:41 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Wed Mar 8 15:03:58 2006 Subject: feature request Message-ID: <1141830221.16260.21.camel@lea.nerc-wallingford.ac.uk> Someone must have asked for this before... can the bitdefender AV produce similar log messages to Sophos and Clam? eg Bitdefender::INFECTED:: :: .// instead of: /:infected: cheer GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From rcooper at dwford.com Wed Mar 8 15:05:18 2006 From: rcooper at dwford.com (Rick Cooper) Date: Wed Mar 8 15:05:46 2006 Subject: Just a test In-Reply-To: Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Rick > Cooper > Sent: Wednesday, March 08, 2006 9:54 AM > To: MailScanner List > Subject: Just a test > > > Haven't recieved anything from the list since yesterday afternoon, just > checking > > Rick > My bad, I hadn't updated the skipblock for the new list server in ExiBlock so it was firewalled yesterday because of this: exim_mainlog: 2006-03-07 10:29:18 1FGe7R-0003Bd-QY H=bkserver.blacknight.ie [83.98.166.45] F= rejected after DATA: [T=rcooper@dwford.com] This message contains Virus (CLAMAV found it): ( Trojan.Bancos-479 ). Denied! which results in a 1 week firewall status Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Wed Mar 8 15:13:30 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 8 15:13:32 2006 Subject: Phishing site In-Reply-To: <002001c641fb$d0e345b0$1401a8c0@asanote> References: <002001c641fb$d0e345b0$1401a8c0@asanote> Message-ID: <223f97700603080713ja070335k@mail.gmail.com> On 07/03/06, ASA wrote: > > This attachment email is never captured by the phishing filter. > > what could be made so that it was captured? > > > > > > > > > > > Notifica??o > > Comunicamos que seu (CPF/CNPJ) consta em nossos cadastros por motivo de pend?ncias financeiras, com a institui??o abaixo relacionada. > > Akiyoshi Executivo Central de Cobran?as - Total de Pend?ncias: R$ 1.647,91 > > Para sua seguran?a e praticidade e necess?rio baixar o arquivo do relat?rio de pend?ncias. > Relat?rio de Pend?ncias Financeiras > > Verifique Pend?ncias > > Se voc? efetuou a regulariza??o, favor desconsiderar. > > Manoel Rocha Heidi > Diretor > > > Copyright (c) 2003 Lume Servi?os de Tecnologia Ltda. Todos os direitos reservados > > ________________________________ Esta mensagem foi verificada pelo Sistema NetUno. > NetUno Internet - http://www.netuno.com.br > > > Well... Strictly speaking, this isn't what the phishing net is out to counter (obfuscation of the destination address in the URL ... They don't do that, now do they?). You can report this message to ClamAV so that they will be able to identify it as phishing in the future. Or see to it that it get detected as spam (the usual things). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Mar 8 15:28:32 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 8 15:28:34 2006 Subject: Mailscanner hangs after a while In-Reply-To: <2520.144.122.166.61.1141828094.squirrel@www.mems.eee.metu.edu.tr> References: <2520.144.122.166.61.1141828094.squirrel@www.mems.eee.metu.edu.tr> Message-ID: <223f97700603080728r71318ed8m@mail.gmail.com> On 08/03/06, murat@mems.eee.metu.edu.tr wrote: > Dear all, > I have recently installed mailscanner on postfix by following the nice > tutorial on debian-administration.org: > http://www.debian-administration.org/articles/172 (Secure Spam/Virus > filtering system with Debian and MailScanner). > > I recently recognized that, Mailscanner works well for a while, and then > does not scan the mails in the queue. After I restart the mailscanner, it > works well again for a while. There is nothing related to this in the log > files. Everything seems to be working without errors. > > How can I solve this problem? My web search says that there are other > people facing the same problem, but I could not found any good response to > those. > > Thanks in advance. > > OS: Debian sarge. Mailscanner version is 4.41.3-2 > > You shouldn't use the debian package, it is quite old and crusty. Use the source instead, as found on the mailscnner site (and use install.sh, the wiki and the MAQ to get it set up correctly). I suspect you are getting some stray (non mail) files in the hold queue, which is confuusing MailScanner a bit... TNEF expander related IIRC. If you use the latest MS, this problem will likely just go away. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From bpumphrey at WoodMacLaw.com Wed Mar 8 15:50:40 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Wed Mar 8 15:50:44 2006 Subject: --lint test and DCC Message-ID: <04D932B0071FE34FA63EBB1977B48D15E1A0DE@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Glenn Steen > Sent: Tuesday, March 07, 2006 10:11 AM > To: MailScanner discussion > Subject: Re: --lint test and DCC > > On 07/03/06, Billy A. Pumphrey wrote: > > > > > > ________________________________ > > > > From: mailscanner-bounces@lists.mailscanner.info on behalf of Nathan > Olson > > Sent: Mon 3/6/2006 4:48 PM > > To: MailScanner discussion > > Subject: Re: --lint test and DCC > > > > > > > > Does the SpamAssassin DCC plugin successfully load? > > If not, it doesn't know what dcc_path is. > > > > Nate > > -- > > I am not sure how to test it. I installed it and it seemed > successfully. How do I see if it loads or not? > > > > > > # spamassassin --lint -D 2>&1 | less -e > .... > [27249] dbg: config: read file /root/.spamassassin/user_prefs > [27249] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC > [27249] dbg: dcc: network tests on, registering DCC > [27249] dbg: plugin: registered > Mail::SpamAssassin::Plugin::DCC=HASH(0x85a1294) > .... > At least for SA 3.1.0 (assumes a loadplugin thingy in one of the .pre > files). > > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- Whewww.... Man I am lost on this DCC thing. I got it going on my last machine but this time around is a different story. I am so confused with reading the different documentation. I have been using this one today: http://www.rhyolite.com/anti-spam/dcc/dcc-tree/INSTALL.html when I do a ./configure for dcc I get the error: look for sendmail milter library in ./../sendmail/obj.Linux.2.6.9-22.ELsmp.i686 *** cannot build dccm without sendmail headers in ./../sendmail and libraries in ./../sendmail/obj.Linux.2.6.9-22.ELsmp.i686 *** checking for Rsendto... (cached) no creating ./config.status I am guessing this is bad since it needs the milter. I have sendmail version 8.13 which automatically has milter support built in right? [root@WoodenMS2 dcc-1.3.30]# sendmail -bs 220 WoodenMS2.woodmaclaw.local ESMTP Sendmail 8.13.1/8.13.1/Submit; Wed, 8 Mar 2006 09:47:23 -0500 I have read that whole page and I am just confused on how to get it working. It says that I need to put the client files in /var/dcc but they are already in there. Says that I need to edit sendmail.cf to make sure that cdd starts before sendmail. ?? Can someone one give me in English what I need to do to make sure that my DCC is working? I have figured out that I do not need the DCC server. My sendmail version is listed above. Thank you From shuttlebox at gmail.com Wed Mar 8 16:02:31 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Mar 8 16:02:34 2006 Subject: --lint test and DCC In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15E1A0DE@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15E1A0DE@woodenex.woodmaclaw.local> Message-ID: <625385e30603080802l14ef2dffud844c761940f3018@mail.gmail.com> On 3/8/06, Billy A. Pumphrey wrote: > Whewww.... Man I am lost on this DCC thing. I got it going on my last > machine but this time around is a different story. > > I am so confused with reading the different documentation. > I have been using this one today: > http://www.rhyolite.com/anti-spam/dcc/dcc-tree/INSTALL.html > > when I do a ./configure for dcc I get the error: > look for sendmail milter library in > ./../sendmail/obj.Linux.2.6.9-22.ELsmp.i686 > *** cannot build dccm without sendmail headers in ./../sendmail > and libraries in > ./../sendmail/obj.Linux.2.6.9-22.ELsmp.i686 *** > checking for Rsendto... (cached) no > creating ./config.status > > I am guessing this is bad since it needs the milter. I have sendmail > version 8.13 which automatically has milter support built in right? > [root@WoodenMS2 dcc-1.3.30]# sendmail -bs > 220 WoodenMS2.woodmaclaw.local ESMTP Sendmail 8.13.1/8.13.1/Submit; Wed, > 8 Mar 2006 09:47:23 -0500 Why don't you issue ./configure --help to see the available options? Then you will see how to disable the milter part and more. Sendmail is usually packaged in several parts and you don't have all of them installed. It might be a lot easier to find a prebuilt package of DCC. -- /peter From TasNYC at TasNYC.com Wed Mar 8 16:14:36 2006 From: TasNYC at TasNYC.com (Taso Chatziantoniou) Date: Wed Mar 8 16:15:12 2006 Subject: Does spamassassin cache database lower the amount of spamassassin timeouts? Message-ID: MailScanner version 4.48.4 SpamAssassin version 3.1.0 SpamAssassin Timeout = 60 Has anyone seen a significant decline in spamassassin time out after upgrading to 4.5x? Since the new version of Mailscanner uses SpamAssassin cache database i am guessing this would help. We are currently running six Mailscanner boxes that receive about 30,000 to 50,000 emails each everyday. We get about 270-280 Spamassassin time outs (as per logwatch) which, considered the amount of mail we get is not bad at all. The problem with this is that 270 emails which could be sent to multiple email addresses can be sent to potentially alot more people then that. When we have users send us spam submissions a bulk of the headers that we get indicate that spamassassin timed out. Also one other question .. Does anyone know of a good site or forum that we can submit sample spams to help us figure out a way to block them. We keep getting these stock html image only files with bayes poisining on the bottom that we cannot seem to find a pattern to to block. This is my first post, please let me know if i am doing anything wrong Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060308/4f5f2e43/attachment.html From Denis.Beauchemin at USherbrooke.ca Wed Mar 8 16:21:15 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Mar 8 16:21:43 2006 Subject: DCC problem with 1.3.30 and solution Message-ID: <440F047B.1070309@USherbrooke.ca> Hello all, Last week-end my DCC was updated (through /etc/cron.weekly/updatedcc) to version 1.3.30. After that no DCC request came through. The problem was as follows: * cdcc stats sendto(dcc1.dcc-servers.net (2001:888:20ee::6277,6277)): Network is unreachable * or in my maillog, I had tons of: Mar 8 04:06:42 smtpe2 dccifd[19156]: sendto(dcc1.dcc-servers.net (2001:888:20ee::6277,6277)): Network is unreachable I corrected the problem this way: * cdcc 'ipv6 off' * cd /var/dcc * mv dcc_conf dcc_conf.20060308 * mv dcc_conf-new dcc_conf * vi dcc_conf : DCCD_ARGS="-4" * ./libexec/rcDCC restart After that I was able to use DCC again: * cdcc stats cdcc stats dcc1.dcc-servers.net 208.201.249.233,512 server-ID 1117 /var/dcc/map 11:10:28 version 2.3.28 tracing ANON CLNT 38928381 hash entries 14024515 used 933924096 DB bytes 101 ms delay 2914788 NOPs 146 ADMN 41696 query >10400 clients since 16:00:19 2689504 reports 7690>10 5757>100 5724>1000 5724 many answers 1341526>10 1221833>100 1085258>1000 989116 many 0 bad IDs 0 passwds 8 error responses 52256 retransmitted 0 answers rate-limited 11186 anonymous 0 rejected reports flood on 4 streams 4 out active 4 in 9862809 total flooded in 3322165 accepted 130578 stale 6411951 dup 0 white 0 delete 6122091 reports added between Mar 07 16:00:19.593181 PST and Mar 08 08:10:28 38 no reputation 120>0% 112>10% 94>20% 88>30% 74>60% Don't know why this happened. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060308/d3dee322/smime.bin From gmatt at nerc.ac.uk Wed Mar 8 16:41:59 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Wed Mar 8 16:42:09 2006 Subject: free bitdefender worth it? Message-ID: <1141836119.22652.18.camel@lea.nerc-wallingford.ac.uk> is the free linux version of bitdefender maintained? I mention this because in a quick test, the latest version failed to detect Worm.SomeFool.P (ClamAV). Checking on http://virusscan.jotti.org/ and their version of bitdefender picks it up as Win32.Netsky.P@mm Most of the engines on this site pick it up as a Netsky trojan. my bitdefender is 7.1-3, the site above doesnt provide version numbers but I suspect version 9 pro. I tested by: /opt/bdc/bdc /folder/full/of/junk/df* clamscan --infected /folder/full/of/junk/df* GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From bpumphrey at WoodMacLaw.com Wed Mar 8 16:53:12 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Wed Mar 8 16:53:15 2006 Subject: --lint test and DCC Message-ID: <04D932B0071FE34FA63EBB1977B48D15E1A199@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of shuttlebox > Sent: Wednesday, March 08, 2006 11:03 AM > To: MailScanner discussion > Subject: Re: --lint test and DCC > > On 3/8/06, Billy A. Pumphrey wrote: > > Whewww.... Man I am lost on this DCC thing. I got it going on my last > > machine but this time around is a different story. > > > > I am so confused with reading the different documentation. > > I have been using this one today: > > http://www.rhyolite.com/anti-spam/dcc/dcc-tree/INSTALL.html > > > > when I do a ./configure for dcc I get the error: > > look for sendmail milter library in > > ./../sendmail/obj.Linux.2.6.9-22.ELsmp.i686 > > *** cannot build dccm without sendmail headers in ./../sendmail > > and libraries in > > ./../sendmail/obj.Linux.2.6.9-22.ELsmp.i686 *** > > checking for Rsendto... (cached) no > > creating ./config.status > > > > I am guessing this is bad since it needs the milter. I have sendmail > > version 8.13 which automatically has milter support built in right? > > [root@WoodenMS2 dcc-1.3.30]# sendmail -bs > > 220 WoodenMS2.woodmaclaw.local ESMTP Sendmail 8.13.1/8.13.1/Submit; Wed, > > 8 Mar 2006 09:47:23 -0500 > > Why don't you issue ./configure --help to see the available options? > Then you will see how to disable the milter part and more. > > Sendmail is usually packaged in several parts and you don't have all > of them installed. It might be a lot easier to find a prebuilt package > of DCC. > > -- > /peter > -- Isn't the milter part required for it to work good? From shuttlebox at gmail.com Wed Mar 8 17:15:25 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Mar 8 17:15:29 2006 Subject: --lint test and DCC In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15E1A199@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15E1A199@woodenex.woodmaclaw.local> Message-ID: <625385e30603080915g27eafca5m33627a23562bec1c@mail.gmail.com> On 3/8/06, Billy A. Pumphrey wrote: > Isn't the milter part required for it to work good? No, how would you use it with other MTA:s than Sendmail then? You only need dccproc. Less is more. -- /peter From MailScanner at ecs.soton.ac.uk Wed Mar 8 17:25:29 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 8 17:25:42 2006 Subject: feature request In-Reply-To: <1141830221.16260.21.camel@lea.nerc-wallingford.ac.uk> References: <1141830221.16260.21.camel@lea.nerc-wallingford.ac.uk> Message-ID: <42410328-0E00-4692-B325-4AAA42A653C6@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 8 Mar 2006, at 15:03, Greg Matthews wrote: > Someone must have asked for this before... can the bitdefender AV > produce similar log messages to Sophos and Clam? eg > Bitdefender::INFECTED:: :: .// > > instead of: > > /:infected: No, because the lines generated by the Sophos and Clam *module-based* virus scanners are in a form I created, as the parser works nicely with a clean format like that. For all other scanners, I just use the output format generated by the scanners. By definition the module- based scanners don't have any output format, and I needed to generate some output to make them work the same way as all the executable- based scanners. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRA8TkPw32o+k+q+hAQFZ8ggAhO+yA/pBEJix1YGUefqnwXKdsYagiWbm /8/8TndQTDK6f9nYzcyADo143SRBXsp1an1uhVOh54oUZBXJ4odRDP7swe0UoX85 P9hMbsJtRhyTpAzWT//NqPojAeKN3xcmYYcNPLMw3ghxz0VMC5KaeOV+d+ObZaam LGNJF9hYiR17EsWZpS0OQlLVedLaRjc+NYU/svmBKcDOpnuqt7Bp8Xm+96dpJWj9 OURBdbcMhA+Cv7dF8ZuXEs86YsJNOLP0YCIms+OEtaMvjcnAME2RsG8/ZbNZWmaL vGFC9lmYx4Pfy8LrOsE7WhCaxzTm66wCxl8iqEVfzIK5KcyRhUxhZA== =ifWU -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ugob at camo-route.com Wed Mar 8 17:27:04 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Wed Mar 8 17:27:11 2006 Subject: free bitdefender worth it? In-Reply-To: <1141836119.22652.18.camel@lea.nerc-wallingford.ac.uk> References: <1141836119.22652.18.camel@lea.nerc-wallingford.ac.uk> Message-ID: <440F13E8.7090908@camo-route.com> Greg Matthews wrote: > is the free linux version of bitdefender maintained? I mention this > because in a quick test, the latest version failed to detect > Worm.SomeFool.P (ClamAV). Yes it is worth it. Did you check the date of the signatures with bdc --info ? > > Checking on http://virusscan.jotti.org/ and their version of bitdefender > picks it up as Win32.Netsky.P@mm Most of the engines on this site pick > it up as a Netsky trojan. > > my bitdefender is 7.1-3, the site above doesnt provide version numbers > but I suspect version 9 pro. > > I tested by: > /opt/bdc/bdc /folder/full/of/junk/df* > clamscan --infected /folder/full/of/junk/df* > > GREG From MailScanner at ecs.soton.ac.uk Wed Mar 8 17:29:24 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 8 17:29:36 2006 Subject: Does spamassassin cache database lower the amount of spamassassin timeouts? In-Reply-To: References: Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 487 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060308/b149abc0/PGP.bin From MailScanner at ecs.soton.ac.uk Wed Mar 8 17:32:52 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 8 17:33:00 2006 Subject: free bitdefender worth it? In-Reply-To: <1141836119.22652.18.camel@lea.nerc-wallingford.ac.uk> References: <1141836119.22652.18.camel@lea.nerc-wallingford.ac.uk> Message-ID: <36387C00-E514-45E9-B916-300533F0A076@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 8 Mar 2006, at 16:41, Greg Matthews wrote: > is the free linux version of bitdefender maintained? As far as I am aware, yes. > I mention this > because in a quick test, the latest version failed to detect > Worm.SomeFool.P (ClamAV). > > Checking on http://virusscan.jotti.org/ and their version of > bitdefender > picks it up as Win32.Netsky.P@mm Most of the engines on this site pick > it up as a Netsky trojan. > > my bitdefender is 7.1-3, the site above doesnt provide version numbers > but I suspect version 9 pro. > > I tested by: > /opt/bdc/bdc /folder/full/of/junk/df* You are expecting it to be able to directly decode email message encodings, which I don't think bitdefender can do. Try scanning the real files, not the email messages which contain them. > clamscan --infected /folder/full/of/junk/df* ClamAV can decode email messages itself, so I would expect a much higher success rate. You are using bitdefender in a way it is not designed to work. Scan files, not email messages. Either that, or just plug it in to MailScanner and let it scan the infected messages with both scanners, and see what reports it generates. Reports from all scanners are included, not just the first one that found a virus.bsite! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRA8VRvw32o+k+q+hAQGGiwf/QVcodv6tH+/sFcIiD+kdp4WW4rP/FMxN 9DDhFH2qtLZUDsWtz69N9idjcvkEaX8mKIaeqaNgY201Y1YuL7HiA5bCvQQV31Zq 8+pvsIeSq6XAyDHvXjjzVaM50b7XYFAKRHf5ww0w9mGbL6iUzzV5uIIaatOsQf/B Tb/ae7DEx2iYw+xbrlRGl80yjzQQimy8UqL83yjbkaQGIbobGvzQJuRwMtCRM9G+ FjpZ03JspGkbK0hjYeBYkXHB7kMxwH8TCSL+FXlcw5XKltOk95bZ0/OnnI4G1jGz RR0pChA4l6oYTQ5G3s5WhJUY4ZSMrXvZFgPB9FU1N7vYL3xk6QVoLQ== =Twkr -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ugob at camo-route.com Wed Mar 8 17:27:04 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Wed Mar 8 17:36:48 2006 Subject: free bitdefender worth it? In-Reply-To: <1141836119.22652.18.camel@lea.nerc-wallingford.ac.uk> References: <1141836119.22652.18.camel@lea.nerc-wallingford.ac.uk> Message-ID: <440F13E8.7090908@camo-route.com> Greg Matthews wrote: > is the free linux version of bitdefender maintained? I mention this > because in a quick test, the latest version failed to detect > Worm.SomeFool.P (ClamAV). Yes it is worth it. Did you check the date of the signatures with bdc --info ? > > Checking on http://virusscan.jotti.org/ and their version of bitdefender > picks it up as Win32.Netsky.P@mm Most of the engines on this site pick > it up as a Netsky trojan. > > my bitdefender is 7.1-3, the site above doesnt provide version numbers > but I suspect version 9 pro. > > I tested by: > /opt/bdc/bdc /folder/full/of/junk/df* > clamscan --infected /folder/full/of/junk/df* > > GREG From gmatt at nerc.ac.uk Wed Mar 8 17:36:48 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Wed Mar 8 17:37:17 2006 Subject: free bitdefender worth it? In-Reply-To: <440F13E8.7090908@camo-route.com> References: <1141836119.22652.18.camel@lea.nerc-wallingford.ac.uk> <440F13E8.7090908@camo-route.com> Message-ID: <1141839409.22652.29.camel@lea.nerc-wallingford.ac.uk> On Wed, 2006-03-08 at 12:27 -0500, Ugo Bellavance wrote: > Greg Matthews wrote: > > is the free linux version of bitdefender maintained? I mention this > > because in a quick test, the latest version failed to detect > > Worm.SomeFool.P (ClamAV). > > Yes it is worth it. > > Did you check the date of the signatures with > > bdc --info well, I only see a build date: # /opt/bdc/bdc --info BDC/Linux-Console v7.1 (build 2559) (i386) (Jul 6 2005 16:28:53) Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved. Engine signatures: 300785 Scan engines: 13 Archive engines: 39 Unpack engines: 4 Mail engines: 6 System engines: 0 G -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From Stephane.Lentz at ansf.alcatel.fr Wed Mar 8 16:46:29 2006 From: Stephane.Lentz at ansf.alcatel.fr (Stephane Lentz) Date: Wed Mar 8 17:51:23 2006 Subject: free bitdefender worth it? In-Reply-To: <1141836119.22652.18.camel@lea.nerc-wallingford.ac.uk> References: <1141836119.22652.18.camel@lea.nerc-wallingford.ac.uk> Message-ID: <20060308164629.GA1473@star> On Wed, Mar 08, 2006 at 04:41:59PM +0000, Greg Matthews wrote: > is the free linux version of bitdefender maintained? I mention this > because in a quick test, the latest version failed to detect > Worm.SomeFool.P (ClamAV). > > .... > my bitdefender is 7.1-3, the site above doesnt provide version numbers > but I suspect version 9 pro. > > I tested by: > /opt/bdc/bdc /folder/full/of/junk/df* > clamscan --infected /folder/full/of/junk/df* > > GREG > -- With Bitdefender 7.0 I used : /opt/bdc/bdc --mail --arc --all files* to properly scan messages in archives/mailboxes Regards, SL/ From ebruce at hpmich.com Wed Mar 8 17:51:27 2006 From: ebruce at hpmich.com (Ed Bruce) Date: Wed Mar 8 17:52:00 2006 Subject: free bitdefender worth it? In-Reply-To: <36387C00-E514-45E9-B916-300533F0A076@ecs.soton.ac.uk> References: <1141836119.22652.18.camel@lea.nerc-wallingford.ac.uk> <36387C00-E514-45E9-B916-300533F0A076@ecs.soton.ac.uk> Message-ID: <440F199F.5010506@hpmich.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > > On 8 Mar 2006, at 16:41, Greg Matthews wrote: > >>> is the free linux version of bitdefender maintained? > > As far as I am aware, yes. > >>> I mention this because in a quick test, the latest version >>> failed to detect Worm.SomeFool.P (ClamAV). >>> >>> Checking on http://virusscan.jotti.org/ and their version of >>> bitdefender picks it up as Win32.Netsky.P@mm Most of the >>> engines on this site > pick >>> it up as a Netsky trojan. >>> >>> my bitdefender is 7.1-3, the site above doesnt provide version > numbers >>> but I suspect version 9 pro. >>> >>> I tested by: /opt/bdc/bdc /folder/full/of/junk/df* > > You are expecting it to be able to directly decode email message > encodings, which I don't think bitdefender can do. Try scanning the > real files, not the email messages which contain them. > >>> clamscan --infected /folder/full/of/junk/df* > > ClamAV can decode email messages itself, so I would expect a much > higher success rate. > > You are using bitdefender in a way it is not designed to work. Scan > files, not email messages. Either that, or just plug it in to > MailScanner and let it scan the infected messages with both > scanners, and see what reports it generates. Reports from all > scanners are included, not just the first one that found a > virus.bsite! > I like to scan my archives regularly with both BitDefender and ClamAV. I have a script that invokes BitDefender like this: bdc --arc --mail --files With this it scans archived, email, and files. later, -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEDxmeN/bGi28P8iQRAiJxAKCh7R3JjsFkZKV36SEoP6S+jG3PjwCfSzi/ 2oGy10hKrpuvEBDhAKpIqlY= =cGs0 -----END PGP SIGNATURE----- -- This message, including any attachments, is intended solely for the use of the named recipients(s) and may contain confidential and/or privileged information. Any unauthorized review, use, disclosure or distribution of this communication is expressly prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy any and all copies of the original message. Thank you for your cooperation. -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. From gborders at jlewiscooper.com Wed Mar 8 17:54:53 2006 From: gborders at jlewiscooper.com (Greg Borders) Date: Wed Mar 8 17:58:05 2006 Subject: Perls of wisdom? Message-ID: <440F1A6D.1070708@jlewiscooper.com> Performed my upgrade from last stable Feb. release 4.50.14-1 to the new 4.51.5-1 last night on my Redhat Ent. 4 box. Got some odd perl program missing in INC path errors. For some reason my install has some programs in a path that doesn't match my current version. Perhaps the install.sh put some things in the wrong places? I'm running [root@mail /]# perl -v This is perl, v5.8.5 built for i386-linux-thread-multi yet there are some files located in a 5.8.6 folder..... [root@mail /]# slocate 5.8.6 /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.6/Mail /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer/smtp.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer/qmail.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer/rfc822.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer/testfile.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer/sendmail.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Filter.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Field.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Send.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Address.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Field /usr/lib/perl5/vendor_perl/5.8.6/Mail/Field/Date.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Field/AddrList.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Header.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Cap.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Internet.pm /usr/lib/perl5/vendor_perl/5.8.6/Mail/Util.pm /usr/lib/perl5/vendor_perl/5.8.6/auto /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/_prephdr.al /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/smtpsend.al /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/nntppost.al /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/reply.al /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/unescape_from.al /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/send.al /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/autosplit.ix /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/sign.al /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/add_signature.al /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/escape_from.al /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Util /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Util/read_mbox.al /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Util/autosplit.ix /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Util/maildomain.al /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Util/mailaddress.al I copied over the ones it wanted/complained were missing from the path, from the 5.8.6 to the 5.8.5 folder; and it's working fine now, but my question is where did this 5.8.6 folder come from? Any ideas folks? Sincerely, Greg Borders Sys. Admin. JLC Co. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Mar 8 18:29:23 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 8 18:29:24 2006 Subject: Perls of wisdom? In-Reply-To: <440F1A6D.1070708@jlewiscooper.com> References: <440F1A6D.1070708@jlewiscooper.com> Message-ID: <440F2283.8050600@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Have you got 2 copies of Perl installed somehow? Check /usr/bin/perl -v versus /usr/local/bin/perl -v That's the most likely cause. Greg Borders wrote: > Performed my upgrade from last stable Feb. release 4.50.14-1 to the > new 4.51.5-1 last night on my Redhat Ent. 4 box. > Got some odd perl program missing in INC path errors. > For some reason my install has some programs in a path that doesn't > match my current version. Perhaps the install.sh put some things in > the wrong places? > I'm running > > [root@mail /]# perl -v > This is perl, v5.8.5 built for i386-linux-thread-multi > > yet there are some files located in a 5.8.6 folder..... > > > [root@mail /]# slocate 5.8.6 > /usr/lib/perl5/vendor_perl/5.8.6 > /usr/lib/perl5/vendor_perl/5.8.6/Mail > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer/smtp.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer/qmail.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer/rfc822.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer/testfile.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer/sendmail.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Filter.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Field.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Send.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Address.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Field > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Field/Date.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Field/AddrList.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Header.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Cap.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Mailer.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Internet.pm > /usr/lib/perl5/vendor_perl/5.8.6/Mail/Util.pm > /usr/lib/perl5/vendor_perl/5.8.6/auto > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/_prephdr.al > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/smtpsend.al > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/nntppost.al > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/reply.al > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/unescape_from.al > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/send.al > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/autosplit.ix > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/sign.al > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/add_signature.al > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Internet/escape_from.al > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Util > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Util/read_mbox.al > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Util/autosplit.ix > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Util/maildomain.al > /usr/lib/perl5/vendor_perl/5.8.6/auto/Mail/Util/mailaddress.al > > I copied over the ones it wanted/complained were missing from the > path, from the 5.8.6 to the 5.8.5 folder; and it's working fine now, > but my question is where did this 5.8.6 folder come from? > Any ideas folks? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRA8ihBH2WUcUFbZUEQICawCg+5HlBXwHcgOXTsH0a7DV6Yxy/MMAmQHt UsV5B3DIiNoC4VfZcQXZXiCo =oDR0 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Wed Mar 8 18:33:46 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 8 18:38:17 2006 Subject: MailScanner SMTP question In-Reply-To: <7C42FF8F-3C08-4962-8D54-3546FB53AC15@ecs.soton.ac.uk> References: <440BAA27.2030201@birdy.nc> <7C42FF8F-3C08-4962-8D54-3546FB53AC15@ecs.soton.ac.uk> Message-ID: Julian Field spake the following on 3/6/2006 3:00 AM: > The one thing you can do to alleviate this with MailScanner is to use > the "IPBlock" code within CustomConfig.pm. It only works with > sendmail, if I remember correctly. You can put the maximum limit of > email messages per hour that you accept from a domain or a block of > IP addresses. Once it gets more messages that that from an address > (or IP) it starts telling sendmail to block mail from that address. > Once an hour the counters are reset. > > Not many people use this, which is why it isn't a core feature, but > the person who asked me to write it makes great use of it. > > Fundamentally, this is really a job for you MTA, and not MailScanner > at all. If you are using sendmail, then there are milters such as > milter-ahead which will check the addresses it receives are real on > your system, and rejects all messages that are being delivered to non- > existent addresses. It is a lot faster than you might think it would > be, as it does lots of caching, and it will reject a message long > before the content of the message is transmitted. Thoroughly > recommended. There are mailing list postings and Wiki pages that will > tell you how to do something similar on other MTAs. > > On 6 Mar 2006, at 03:19, Laurent Dinclaux wrote: Is there a free equivalent to Milter-ahead? Or does my copy I got "before" it wasn't free still work? I have thought about implementing it, although I would prefer LDAP (just don't have the time to get it working). Now if I could find something to migrate a system from the old password/shadow combination to LDAP, the world would be a better place! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mkettler at evi-inc.com Wed Mar 8 18:41:43 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Mar 8 18:41:57 2006 Subject: Does spamassassin cache database lower the amount of spamassassin timeouts? In-Reply-To: References: Message-ID: <440F2567.8000103@evi-inc.com> Taso Chatziantoniou wrote: > > Also one other question .. > Does anyone know of a good site or forum that we can submit sample spams > to help us figure out a way to block them. We keep getting these stock > html image only files with bayes poisining on the bottom that we cannot > seem to find a pattern to to block. Generally the best place for that would be on the spamassassin-users mailing list. If possible, extract the offending message as a raw mime.822 file (ie: full email with all headers and mime segments) and attach it to your posting. That said, in general a lot of the image-based spams are best dealt with by these methods: Razor - razor's e4 engine does it's hashing on a per-mime-segment basis, so it can realize the image is spam even if the body text keeps changing. URIBLs - if the HTML has any link back to the website. DNSBLs - a lot of these are sent via infected hosts listed in XBL. Bayes training - some folks try to avoid training spam containing poison.. Don't. Train it all, let the statistics handle it. As long as you're training a reasonable amount of nonspam, SA's chi-squared combinining is VERY resistant to training this kind of spam causing FPs. On the other hand, not training it is a sure-fire way to give the spams a good chance slip by as a FN. If there's a particular kind of image-only spam involved, some of the SARE rulesets can be helpful. I personally like the following SARE rulesets and use them on my production systems: 70_sare_adult.cf 70_sare_evilnum0.cf 70_sare_genlsubj0.cf 70_sare_html0.cf 70_sare_obfu0.cf 70_sare_random.cf 70_sare_specific.cf 70_sare_stocks.cf 70_sare_uri0.cf 99_sare_fraud_post25x.cf From brendan at chard.net Wed Mar 1 17:06:06 2006 From: brendan at chard.net (Brendan Chard | Chard.Net) Date: Wed Mar 8 18:44:26 2006 Subject: Exim Custom Router Message-ID: <033101c63d52$6fa3dba0$a000a8c0@sangria> I see in the wiki documentation how to set up a custom router for one domain in exim. How can I make it work if I want the custom router to handle 3 domains. So basically... custom_router: driver = manualroute domains = domain1.com domain2.com domain3.com transport = remote_smtp route_list = "* mailserver.com" Will this work? -Brendan Chard brendan@chard.net Chard.Net Putting Professionals Online Website Design | Hosting | Maintenance ph: 1.800.741.8034 fax: 1.888.605.0495 web: http://www.chard.net From johnh at vrml.k12.la.us Mon Mar 6 20:13:37 2006 From: johnh at vrml.k12.la.us (johnh) Date: Wed Mar 8 18:44:29 2006 Subject: 4.51.5 on RH7.3 Message-ID: <440C97F0.7769B98E@vrml.k12.la.us> ON an Redhat 7.3 with rpm -q perl perl-5.6.1-38.0.7.3.3.legacy UP ' ing 4.40 to 4.51 MailScanner: Can't locate DBI.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib/perl5/5.6.1/i386-linux /usr/lib/perl5/5.6.1 /usr/lib/perl5/site_perl/5.6.1/i386-linux /usr/lib/perl5/site_perl/5.6.1 /usr/lib/perl5/site_perl/5.6.0/i386-linux /usr/lib/perl5/site_perl/5.6.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.6.1/i386-linux /usr/lib/perl5/vendor_perl/5.6.1 /usr/lib/perl5/vendor_perl . /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/SA.pm line 41. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/SA.pm line 41. Compilation failed in require at /usr/sbin/MailScanner line 79. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. [root@vpsd7 MailScanner-4.51.5-1]# rpmbuild --rebuild perl-DBI-1.50-2.src.rpm Installing perl-DBI-1.50-2.src.rpm Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.64002 + umask 022 + cd /usr/src/redhat/BUILD + cd /usr/src/redhat/BUILD + rm -rf DBI-1.50 + /bin/gzip -dc /usr/src/redhat/SOURCES/DBI-1.50.tar.gz + tar -xf - + STATUS=0 + '[' 0 -ne 0 ']' + cd DBI-1.50 ++ /usr/bin/id -u + '[' 0 = 0 ']' + /bin/chown -Rhf root . ++ /usr/bin/id -u + '[' 0 = 0 ']' + /bin/chgrp -Rhf root . + /bin/chmod -Rf a+rX,g-w,o-w . + exit 0 Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.94788 + umask 022 + cd /usr/src/redhat/BUILD + cd DBI-1.50 + CFLAGS=-O2 -march=i386 -mcpu=i686 + perl Makefile.PL PREFIX=/var/tmp/perl-DBI-1.50-2-root/usr Can't locate Test/More.pm in @INC __________ ^^^^^^^^^^^^______________ (@INC contains: lib /usr/lib/perl5/5.6.1/i386-linux /usr/lib/perl5/5.6.1 /usr/lib/perl5/site_perl/5.6.1/i386-linux /usr/lib/perl5/site_perl/5.6.1 /usr/lib/perl5/site_perl/5.6.0/i386-linux /usr/lib/perl5/site_perl/5.6.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.6.1/i386-linux /usr/lib/perl5/vendor_perl/5.6.1 /usr/lib/perl5/vendor_perl .) at Makefile.PL line 36. BEGIN failed--compilation aborted at Makefile.PL line 36. error: Bad exit status from /var/tmp/rpm-tmp.94788 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.94788 (%build) From MailScanner at ecs.soton.ac.uk Wed Mar 8 19:15:16 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 8 19:15:16 2006 Subject: MailScanner SMTP question In-Reply-To: References: <440BAA27.2030201@birdy.nc> <7C42FF8F-3C08-4962-8D54-3546FB53AC15@ecs.soton.ac.uk> Message-ID: <440F2D44.5040202@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > Julian Field spake the following on 3/6/2006 3:00 AM: > >> The one thing you can do to alleviate this with MailScanner is to use >> the "IPBlock" code within CustomConfig.pm. It only works with >> sendmail, if I remember correctly. You can put the maximum limit of >> email messages per hour that you accept from a domain or a block of >> IP addresses. Once it gets more messages that that from an address >> (or IP) it starts telling sendmail to block mail from that address. >> Once an hour the counters are reset. >> >> Not many people use this, which is why it isn't a core feature, but >> the person who asked me to write it makes great use of it. >> >> Fundamentally, this is really a job for you MTA, and not MailScanner >> at all. If you are using sendmail, then there are milters such as >> milter-ahead which will check the addresses it receives are real on >> your system, and rejects all messages that are being delivered to non- >> existent addresses. It is a lot faster than you might think it would >> be, as it does lots of caching, and it will reject a message long >> before the content of the message is transmitted. Thoroughly >> recommended. There are mailing list postings and Wiki pages that will >> tell you how to do something similar on other MTAs. >> >> On 6 Mar 2006, at 03:19, Laurent Dinclaux wrote: >> > Is there a free equivalent to Milter-ahead? Or does my copy I got "before" it > wasn't free still work? He doesn't charge much, does he? I thought it was something like a nominal $99? How much is your time worth implementing something else? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRA8tRBH2WUcUFbZUEQLi5wCg8IKKCMYwZeIh72uzGml9yD+9asYAmwdy es4fC3jcccM6C/0Zb0FqERaU =0KMk -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Mar 8 19:38:06 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 8 19:38:08 2006 Subject: Does spamassassin cache database lower the amount of spamassassin timeouts? In-Reply-To: <440F2567.8000103@evi-inc.com> References: <440F2567.8000103@evi-inc.com> Message-ID: <440F329E.801@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matt Kettler wrote: > Taso Chatziantoniou wrote: > > >> Also one other question .. >> Does anyone know of a good site or forum that we can submit sample spams >> to help us figure out a way to block them. We keep getting these stock >> html image only files with bayes poisining on the bottom that we cannot >> seem to find a pattern to to block. >> > > Generally the best place for that would be on the spamassassin-users mailing list. > > If possible, extract the offending message as a raw mime.822 file (ie: full > email with all headers and mime segments) and attach it to your posting. > > That said, in general a lot of the image-based spams are best dealt with by > these methods: > > Razor - razor's e4 engine does it's hashing on a per-mime-segment basis, so it > can realize the image is spam even if the body text keeps changing. > > URIBLs - if the HTML has any link back to the website. > > DNSBLs - a lot of these are sent via infected hosts listed in XBL. > > Bayes training - some folks try to avoid training spam containing poison.. > Don't. Train it all, let the statistics handle it. As long as you're training a > reasonable amount of nonspam, SA's chi-squared combinining is VERY resistant to > training this kind of spam causing FPs. On the other hand, not training it is a > sure-fire way to give the spams a good chance slip by as a FN. > > If there's a particular kind of image-only spam involved, some of the SARE > rulesets can be helpful. I personally like the following SARE rulesets and use > them on my production systems: > > > 70_sare_adult.cf > 70_sare_evilnum0.cf > 70_sare_genlsubj0.cf > 70_sare_html0.cf > 70_sare_obfu0.cf > 70_sare_random.cf > 70_sare_specific.cf > 70_sare_stocks.cf > 70_sare_uri0.cf > 99_sare_fraud_post25x.cf > Thanks for publishing your list. I was missing obfu0 and stocks, and have a particular problem with stocks at the moment. Hopefully this will improve things somewhat. Cheers! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRA8ynxH2WUcUFbZUEQIBUQCeLuOUS1cH1wVsIfxYwUc7YrLqCXMAoPbe imYc83/Dq/3dLGqKq/NYozt0 =ET+T -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Kevin_Miller at ci.juneau.ak.us Wed Mar 8 19:44:28 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Mar 8 19:44:35 2006 Subject: MailScanner SMTP question Message-ID: I think it's 99 quid - still a bargain in the grand scheme of things... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Wednesday, March 08, 2006 10:15 AM To: MailScanner discussion Subject: Re: MailScanner SMTP question -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > Julian Field spake the following on 3/6/2006 3:00 AM: > >> The one thing you can do to alleviate this with MailScanner is to use >> the "IPBlock" code within CustomConfig.pm. It only works with >> sendmail, if I remember correctly. You can put the maximum limit of >> email messages per hour that you accept from a domain or a block of >> IP addresses. Once it gets more messages that that from an address >> (or IP) it starts telling sendmail to block mail from that address. >> Once an hour the counters are reset. >> >> Not many people use this, which is why it isn't a core feature, but >> the person who asked me to write it makes great use of it. >> >> Fundamentally, this is really a job for you MTA, and not MailScanner >> at all. If you are using sendmail, then there are milters such as >> milter-ahead which will check the addresses it receives are real on >> your system, and rejects all messages that are being delivered to non- >> existent addresses. It is a lot faster than you might think it would >> be, as it does lots of caching, and it will reject a message long >> before the content of the message is transmitted. Thoroughly >> recommended. There are mailing list postings and Wiki pages that will >> tell you how to do something similar on other MTAs. >> >> On 6 Mar 2006, at 03:19, Laurent Dinclaux wrote: >> > Is there a free equivalent to Milter-ahead? Or does my copy I got "before" it > wasn't free still work? He doesn't charge much, does he? I thought it was something like a nominal $99? How much is your time worth implementing something else? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRA8tRBH2WUcUFbZUEQLi5wCg8IKKCMYwZeIh72uzGml9yD+9asYAmwdy es4fC3jcccM6C/0Zb0FqERaU =0KMk -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ugob at camo-route.com Wed Mar 8 20:29:31 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Wed Mar 8 20:30:34 2006 Subject: Yahoo suggestions In-Reply-To: <005b01c642b8$220b2810$0705000a@DDF5DW71> References: <005b01c642b8$220b2810$0705000a@DDF5DW71> Message-ID: Steve Campbell wrote: > I work at a newspaper, and it seem that many vaild contributors have and > use yahoo accounts. After checking the logs, I find that about > 99.9999999% emails sent from yahoo accounts are truly spam, but there is > that small percentage that needs to get through. (Of course, these are > always sent and blocked on deadline, so they say) > > My problem is that all of these yahoo mailings seem to be hit by the > same common rules like FORGED_YAHOO_RCVD and NO_REAL_NAME > and the like even though these are valid yahoo accounts. I realize that > yahoo must be doing some non-standard manipulations, but how do others > deal with this other than whitelisting accounts as I get called? > > My MS is a little bit old, but do the newer versions deal with this or > is this something that will just have to be? I certainly don't want to > whitelist the entire yahoo.com domain! You may want to try the (experimental) DomainKeys support in SpamAssassin. hth > > Thanks > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > > From pete at enitech.com.au Wed Mar 8 20:36:18 2006 From: pete at enitech.com.au (Peter Russell) Date: Wed Mar 8 20:36:29 2006 Subject: Mailscanner hangs after a while In-Reply-To: <2520.144.122.166.61.1141828094.squirrel@www.mems.eee.metu.edu.tr> References: <2520.144.122.166.61.1141828094.squirrel@www.mems.eee.metu.edu.tr> Message-ID: <440F4042.5070006@enitech.com.au> > > I recently recognized that, Mailscanner works well for a while, and then > does not scan the mails in the queue. After I restart the mailscanner, it > works well again for a while. There is nothing related to this in the log > files. Everything seems to be working without errors. The exact same thing happens to me all the time. I kinda gave up trying to troubleshoot it because it so disruptive and cron a service restart. Not a very graceful solution...but a necessary one. From Jan-Peter.Koopmann at seceidos.de Wed Mar 8 20:39:04 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Wed Mar 8 20:39:08 2006 Subject: FreeBSD port / mta.in script Message-ID: Hello all, due to an error during a port commit the mta.sh script examples are not complete for sendmail. This is what you want in rc.conf for the mta.sh script to work with sendmail: mta_enable="YES" mta_type="sendmail" mta_profiles="incoming outgoing submitqueue" mta_incoming_flags="-L sm-mta-in -bd -OPrivacyOptions=noetrn -OQueueDirectory=/var/spool/mqueue.in -ODeliveryMode=queueonly" mta_incoming_pidfile="/var/run/sendmail_in.pid" mta_incoming_configfile="/etc/mail/sendmail.cf" mta_outgoing_flags="-L sm-mta-out -q15m" mta_outgoing_pidfile="/var/run/sendmail_out.pid" mta_outgoing_configfile="/etc/mail/sendmail.cf" mta_submitqueue_flags="-L sm-msp-queue -Ac -q15m" mta_submitqueue_pidfile="/var/spool/clientmqueue/sm-client.pid" mta_submitqueue_configfile="/etc/mail/submit.cf" This will be fixed in the next version. Sorry for the trouble, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060308/17835dad/smime.bin From mikej at rogers.com Wed Mar 8 21:02:59 2006 From: mikej at rogers.com (Mike Jakubik) Date: Wed Mar 8 21:02:44 2006 Subject: FreeBSD port / mta.in script In-Reply-To: References: Message-ID: <440F4683.2000302@rogers.com> Koopmann, Jan-Peter wrote: > Hello all, > > due to an error during a port commit the mta.sh script examples are not > complete for sendmail. This is what you want in rc.conf for the mta.sh > script to work with sendmail: > Jan-Peter, What is the advantage of using this mta.sh script? I have always used the system to start the MTA (postfix in my case), and have had no problems. From campbell at cnpapers.com Wed Mar 8 21:16:47 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Mar 8 21:16:57 2006 Subject: Yahoo suggestions References: <005b01c642b8$220b2810$0705000a@DDF5DW71> Message-ID: <001c01c642f5$9b8d3060$0705000a@DDF5DW71> ----- Original Message ----- From: "Ugo Bellavance" To: Sent: Wednesday, March 08, 2006 3:29 PM Subject: Re: Yahoo suggestions > Steve Campbell wrote: >> I work at a newspaper, and it seem that many vaild contributors have and >> use yahoo accounts. After checking the logs, I find that about >> 99.9999999% emails sent from yahoo accounts are truly spam, but there is >> that small percentage that needs to get through. (Of course, these are >> always sent and blocked on deadline, so they say) >> >> My problem is that all of these yahoo mailings seem to be hit by the same >> common rules like FORGED_YAHOO_RCVD and NO_REAL_NAME >> and the like even though these are valid yahoo accounts. I realize that >> yahoo must be doing some non-standard manipulations, but how do others >> deal with this other than whitelisting accounts as I get called? >> >> My MS is a little bit old, but do the newer versions deal with this or is >> this something that will just have to be? I certainly don't want to >> whitelist the entire yahoo.com domain! > > You may want to try the (experimental) DomainKeys support in SpamAssassin. Ugo, Where do I find out what this does? The SpamAssassin website only lists: This is the DomainKeys plugin and it needs lots more documentation. for a Description. What are domainkeys? Thanks all for the help so far, BTW, I'm using Sendmail Steve Campbell campbell@cnpapers.com Charleston Newspapers > > hth > >> >> Thanks >> >> Steve Campbell >> campbell@cnpapers.com >> Charleston Newspapers >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From campbell at cnpapers.com Wed Mar 8 21:20:14 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Mar 8 21:20:24 2006 Subject: Yahoo suggestions References: <005b01c642b8$220b2810$0705000a@DDF5DW71> Message-ID: <002101c642f6$176f8390$0705000a@DDF5DW71> Never mind, I remembered what it was and am now reading how it's supposed to be used. Steve ----- Original Message ----- From: "Ugo Bellavance" To: Sent: Wednesday, March 08, 2006 3:29 PM Subject: Re: Yahoo suggestions > Steve Campbell wrote: >> I work at a newspaper, and it seem that many vaild contributors have and >> use yahoo accounts. After checking the logs, I find that about >> 99.9999999% emails sent from yahoo accounts are truly spam, but there is >> that small percentage that needs to get through. (Of course, these are >> always sent and blocked on deadline, so they say) >> >> My problem is that all of these yahoo mailings seem to be hit by the same >> common rules like FORGED_YAHOO_RCVD and NO_REAL_NAME >> and the like even though these are valid yahoo accounts. I realize that >> yahoo must be doing some non-standard manipulations, but how do others >> deal with this other than whitelisting accounts as I get called? >> >> My MS is a little bit old, but do the newer versions deal with this or is >> this something that will just have to be? I certainly don't want to >> whitelist the entire yahoo.com domain! > > You may want to try the (experimental) DomainKeys support in SpamAssassin. > > hth > >> >> Thanks >> >> Steve Campbell >> campbell@cnpapers.com >> Charleston Newspapers >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From gborders at jlewiscooper.com Wed Mar 8 21:24:38 2006 From: gborders at jlewiscooper.com (Greg Borders) Date: Wed Mar 8 21:27:54 2006 Subject: Perls of wisdom? In-Reply-To: <440F2283.8050600@ecs.soton.ac.uk> References: <440F1A6D.1070708@jlewiscooper.com> <440F2283.8050600@ecs.soton.ac.uk> Message-ID: <440F4B96.40101@jlewiscooper.com> Doesn't seem like it has more than one install:: [root@mail MailScanner]# /usr/bin/perl -v This is perl, v5.8.5 built for i386-linux-thread-multi [root@mail MailScanner]# /usr/local/bin/perl -v -bash: /usr/local/bin/perl: No such file or directory [root@mail MailScanner]# rpm -q perl perl-5.8.5-24.RHEL4 Quite perplexing...I wonder if I move all this 5.8.6 stuff into the 5.8.5 will break anything, or should I just leave it alone? Perhaps some CPAN update dropped it in there for some reason.. I'm grasping at straws here. Thanks for the reply Julian. ^_^ Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Have you got 2 copies of Perl installed somehow? Check > /usr/bin/perl -v > versus > /usr/local/bin/perl -v > > That's the most likely cause. > > Greg Borders wrote: > >> Performed my upgrade from last stable Feb. release 4.50.14-1 to the >> new 4.51.5-1 last night on my Redhat Ent. 4 box. >> Got some odd perl program missing in INC path errors. > -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve.swaney at fsl.com Wed Mar 8 21:47:41 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Mar 8 21:47:46 2006 Subject: MailScanner SMTP question In-Reply-To: <440F2D44.5040202@ecs.soton.ac.uk> Message-ID: <080101c642f9$ed1a1fc0$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Wednesday, March 08, 2006 2:15 PM > To: MailScanner discussion > Subject: Re: MailScanner SMTP question > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Scott Silva wrote: > > Julian Field spake the following on 3/6/2006 3:00 AM: > > > >> The one thing you can do to alleviate this with MailScanner is to use > >> the "IPBlock" code within CustomConfig.pm. It only works with > >> sendmail, if I remember correctly. You can put the maximum limit of > >> email messages per hour that you accept from a domain or a block of > >> IP addresses. Once it gets more messages that that from an address > >> (or IP) it starts telling sendmail to block mail from that address. > >> Once an hour the counters are reset. > >> > >> Not many people use this, which is why it isn't a core feature, but > >> the person who asked me to write it makes great use of it. > >> > >> Fundamentally, this is really a job for you MTA, and not MailScanner > >> at all. If you are using sendmail, then there are milters such as > >> milter-ahead which will check the addresses it receives are real on > >> your system, and rejects all messages that are being delivered to non- > >> existent addresses. It is a lot faster than you might think it would > >> be, as it does lots of caching, and it will reject a message long > >> before the content of the message is transmitted. Thoroughly > >> recommended. There are mailing list postings and Wiki pages that will > >> tell you how to do something similar on other MTAs. > >> > >> On 6 Mar 2006, at 03:19, Laurent Dinclaux wrote: > >> > > Is there a free equivalent to Milter-ahead? Or does my copy I got > "before" it > > wasn't free still work? > He doesn't charge much, does he? I thought it was something like a > nominal $99? How much is your time worth implementing something else? > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support It's well worth 90 euros. You get a permanent site license to use on all systems on you site and free updates :) I haven't fond anything else with the same features and as reliable for free. If you bought Milter-ahead 1.0, 1.1 is now available for free download for the Snertsoft site www.snertsoft.com Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From ajos1 at onion.demon.co.uk Wed Mar 8 22:36:13 2006 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Wed Mar 8 22:36:30 2006 Subject: phishing local file... Message-ID: - Every night.. my phishing.safe.sites.conf is updated... and I want to leave it that way... because I do not have to worry about it. I would like an additional 'local version' of the file... in which I can stick in 5 or 6 entries particular to my own situation... I have tried reading the documentation... and I cannot find out what I have to do... to have an additional local version of: phishing.safe.sites.conf Can someone point me in the right direction? Thanks in Advance, Ajos1. Basically I need to reduce down some of these messages... for our most common links... "MailScanner has detected a possible fraud attempt from "mail.whatever-mymachine-is-called.uk" claiming to be www.cancer.org.uk" From nerijus at users.sourceforge.net Wed Mar 8 23:15:18 2006 From: nerijus at users.sourceforge.net (Nerijus Baliunas) Date: Wed Mar 8 23:20:17 2006 Subject: phishing local file... In-Reply-To: References: Message-ID: <20060308231813.51208BAD0@mx.dtiltas.lt> On Wed, 08 Mar 2006 22:36:13 (GMT/BST) ajos1@onion.demon.co.uk wrote: > I would like an additional 'local version' of the file... in which I can stick in 5 or 6 entries particular to my own situation... I have tried reading the documentation... and I cannot find out what I have to do... to have an additional local version of: phishing.safe.sites.conf You can change update_phishing_sites cron script to add your local changes to phishing.safe.sites.conf after the update. Regards, Nerijus From Edge at twu.ca Wed Mar 8 23:23:37 2006 From: Edge at twu.ca (Richard Edge) Date: Wed Mar 8 23:21:57 2006 Subject: I need help. I'm out of time and out of patients Message-ID: Well said Kevin. Same here and coming up on 30 years. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kevin Miller Sent: Wednesday, March 01, 2006 11:39 AM To: MailScanner discussion Subject: RE: I need help. I'm out of time and out of patients > Funny, these little quips. I am getting married on Tiesday :) Don't let 'em scare you. I left on my honeymoon almost 19 years ago and it still hasn't ended. Marry the right gal, treat her right, and LIFE IS GOOD! Spoiled and loving it... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4610 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060308/9c8113ac/smime.bin From ssilva at sgvwater.com Thu Mar 9 00:16:48 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Mar 9 00:17:02 2006 Subject: How to block all email sent to a specific email address? In-Reply-To: <9720CA43F755A148BF65B6618B90CB941A5BB0@magneto.wals.local> References: <9720CA43F755A148BF65B6618B90CB941A5BB0@magneto.wals.local> Message-ID: Jody Cleveland spake the following on 3/7/2006 11:46 AM: > Hello, > > Is it possible to create a rule that would blacklist all mail coming in > for a specific email address? > > Kind of like blacklist *@* to *@xavier.winnefox.org? > > - jody userdel xavier will block all the mail ;-) From ssilva at sgvwater.com Thu Mar 9 00:40:26 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Mar 9 00:40:56 2006 Subject: 4.51.5 on RH7.3 In-Reply-To: <440C97F0.7769B98E@vrml.k12.la.us> References: <440C97F0.7769B98E@vrml.k12.la.us> Message-ID: johnh spake the following on 3/6/2006 12:13 PM: > ON an Redhat 7.3 > > with rpm -q perl > perl-5.6.1-38.0.7.3.3.legacy > > > UP ' ing 4.40 to 4.51 <> You are going to have to move away from RedHat 7.3. Even Fedora Legacy will stop supporting it pretty soon. From ajos1 at onion.demon.co.uk Thu Mar 9 03:27:37 2006 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Thu Mar 9 03:27:55 2006 Subject: phishing local file... Message-ID: - A simple solution... which I shall do... BUT... I have been doing some tests... am I right in thinking... that... *.sonicbadger.com will NOT match sonicbadger.com So to cover ALL bases... you actually need 2 lines in the file... sonicbadger.com *.sonicbadger.com -----Original Message----- From: nerijus@users.sourceforge.net Dateoid: Thu, 9 Mar 2006 01:15:18 +0200 Subject: ajos1 - Re: phishing local file... You can change update_phishing_sites cron script to add your local changes to phishing.safe.sites.conf after the update. Regards, Nerijus == ===================================================================== = = "A committee of one... gets things done." = = "It is always sunny in my life..." - Ajos1 = = "We asked the National Association of Estate Agents for a comment, = but unusually for estate agents, they were lost for words." - BBC = = Need help dealing with Parking Tickets, Bailiffs, Capita or NTL... = Call... +44 8457 90 90 90 http://www.samaritans.org/ ===================================================================== From ajos1 at onion.demon.co.uk Thu Mar 9 03:43:03 2006 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Thu Mar 9 03:43:20 2006 Subject: {Spam?} Errors in PHISHING file on my server... Message-ID: Please note this is before I started playing with them! I notice that my phishing file has some errors in it... from the past... and I am just letting you know... just in case they have appeared on other systems... looks like the update program may have gone potty in the past?! --- SNIP START--- ^M #00 #01 This file contains the list of all the sites which can be safely #02 ignored in the "phishing fraud" checks. --- SNIP END--- ### THEN FURTHER DOWN ### --- SNIP START--- *.workopolis.com *.xerox.com 360.ruk1.net ^M ^M ^M ^M aaa.ishayafa.info aacrapps.aacr.org --- SNIP END--- == ===================================================================== = = "A committee of one... gets things done." = = "It is always sunny in my life..." - Ajos1 = = "We asked the National Association of Estate Agents for a comment, = but unusually for estate agents, they were lost for words." - BBC = = Need help dealing with Parking Tickets, Bailiffs, Capita or NTL... = Call... +44 8457 90 90 90 http://www.samaritans.org/ ===================================================================== From ajos1 at onion.demon.co.uk Thu Mar 9 04:00:44 2006 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Thu Mar 9 04:01:02 2006 Subject: errors with phishing.safe.sites.conf.master Message-ID: - errors with phishing.safe.sites.conf.master... creating long term corruption... In : /usr/sbin/update_phishing_sites wget http://www.mailscanner.info/phishing.safe.sites.conf.master Works... okay.... BUT... curl -O http://www.mailscanner.info/phishing.safe.sites.conf.master downloads a file like this... 302 Found

Found

The document has moved here.

Apache/2.0.46 (Red Hat) Server at www.mailscanner.info Port 80
From Jan-Peter.Koopmann at seceidos.de Thu Mar 9 06:47:19 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Thu Mar 9 06:47:31 2006 Subject: FreeBSD port / mta.in script Message-ID: On Wednesday, March 08, 2006 10:03 PM Mike Jakubik wrote: > What is the advantage of using this mta.sh script? I have always used > the system to start the MTA (postfix in my case), and have had no > problems. If you use the system to startup your MTA the way you like it, you are of course free to do so and will not have any disadvantages. At the time the mta script was originally written there was no easy way to fire up the necessary MTA instanced from rc.conf alone (at least not for exim). If this is the case now and the script is obsolete: Fine with me. All I need then are detailed instructions for all MTAs under FreeBSD and I will get rid off the script. It is simply a way to ensure that the MTA in use is called the way that MailScanner needs it to be. Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060309/7b614191/smime.bin From MailScanner at ecs.soton.ac.uk Thu Mar 9 09:23:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 9 09:23:36 2006 Subject: phishing local file... In-Reply-To: References: Message-ID: <1480686C-129B-4701-A7A2-85ECBE1EC798@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- If you use my cron job for updating the phishing.safe.sites.conf file, you should find that your local changes are kept when the update happens. So you should be able to just add your own entries and they should stay in there, the new version of the file will just get wrapped into the mix. Please test this with the update_phishing_sites command and let me know if this is not working. On 8 Mar 2006, at 22:36, ajos1@onion.demon.co.uk wrote: > - > > Every night.. my phishing.safe.sites.conf is updated... and I > want to leave it that way... because I do not have to worry about it. > > I would like an additional 'local version' of the file... in which > I can stick in 5 or 6 entries particular to my own situation... I > have tried reading the documentation... and I cannot find out what > I have to do... to have an additional local version of: > phishing.safe.sites.conf > > Can someone point me in the right direction? > > Thanks in Advance, Ajos1. > > > Basically I need to reduce down some of these messages... for our > most common links... > > "MailScanner has detected a possible fraud attempt from > "mail.whatever-mymachine-is-called.uk" claiming to be > www.cancer.org.uk" > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRA/0DPw32o+k+q+hAQG80AgAgrl5pwKo9hgWoQ0xZJcIQ9ak8AMDidie RN4OTVGTW20dbTjL1d5i4rrXnHbQH7wzvS4B3H3QXVhXDn/SyaO1U9Fia+Fgu+uZ gJvemQcWOou5aRqxJceNH9R9bEbwvROpNdSDrJILqxbbZX4xkL4HzyolbpxTm+l+ ZtFs1UUEIsxGcsvGa6MYi+gXHS0xGrUAK4qK/uWF1eMEUyh2/1R6rG5LAIVC3Jky SpVeCLA3/JQkqCrUoX3SbXPl+6uMubmvCiiSTMlbqEHwMHChSdmRmW1nK4gsZ+0o fx2Yr5sV0Gi3soRd2w8LaQMBWGFH4kl+LhK6t6Qhd9PtHY3zjehkHQ== =qlMM -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 9 09:25:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 9 09:25:43 2006 Subject: errors with phishing.safe.sites.conf.master In-Reply-To: References: Message-ID: <4173913A-0E5A-4970-95B1-7914A3536CD1@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Now you know why I didn't use curl. And the update_phishing_sites script is a whole lot more clever than just a call to wget! On 9 Mar 2006, at 04:00, ajos1@onion.demon.co.uk wrote: > - > > errors with phishing.safe.sites.conf.master... creating long term > corruption... > > In : /usr/sbin/update_phishing_sites > > wget http://www.mailscanner.info/phishing.safe.sites.conf.master > > Works... okay.... BUT... > > curl -O http://www.mailscanner.info/phishing.safe.sites.conf.master > > downloads a file like this... > > > > 302 Found > >

Found

>

The document has moved here.

>
>
Apache/2.0.46 (Red Hat) Server at www.mailscanner.info > Port 80
> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRA/0jPw32o+k+q+hAQFjzgf/aPhDOqGmRlkHkYZezYbkRzJF/DrZiUxT rikRW3+M4hBmQnAMgdEMKIuKbeOXeWVycsifgWiGbQJ6pzxy/Iz657xooV9dIa75 1Ffm/FtAeRMziqaTpQ2e6VOtTeNnOqW6zVCKIDLvHCt5cKFmOZZJDuVDIJGGM6wv ytWJE8qO/S3i/QgIEoUO6PTCrwWEgMoW2mPBvNQSC9VktRwQud/VHmtXQePOanwb wHouwKuZw8XylLKfIFJ32baP68BBfXLfuBvaTo3VNnZGJoudsKkabWEiGn/8ySBT oNNdYLExvWj3jZwh3Uou4s7x7+lTwKquKFr7WCI50udGxXVZegeG8A== =MZBz -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 9 09:35:58 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 9 09:36:08 2006 Subject: errors with phishing.safe.sites.conf.master In-Reply-To: <4173913A-0E5A-4970-95B1-7914A3536CD1@ecs.soton.ac.uk> References: <4173913A-0E5A-4970-95B1-7914A3536CD1@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 9 Mar 2006, at 09:25, Julian Field wrote: > * PGP Signed: 03/09/06 at 09:25:32 > > Now you know why I didn't use curl. Accuracy check: Now you know why I didn't *intend* to use curl. Hopefully you have wget installed! Sorry about that. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRA/3APw32o+k+q+hAQHY3Af/WwaVkQBKxUQBQBvHL7dc3HRVAEneYckA 09B2Nx3ob7fYHVEnz1bYgI/iZ6dkyrAgmxkkRhBWuWUXA4F9JIPBI2ufmdqZD5ap dllnrsxVHuEDxnCWeAhpay4aA0SNO/ICPX9kDKw00iI91wKoeYVSaeJElUlcWKqR 06IsDA/BHb79Sj8BwD54liJ7BX1s5cA1fwNla6jN1owJrnStRjxnNs0HbJYoh867 z4lGM/s3HJY2dWf7suHTb7v9pJU5q+nRj//CjwczduR7Zl7+hwDKhHcVsV8OmTOr 9E58/4Waev22W1ljikcbTmvxuA+hgKsUr34bxWHdUSTrr/8m4NUe7g== =ARbX -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From murat at mems.eee.metu.edu.tr Thu Mar 9 09:42:22 2006 From: murat at mems.eee.metu.edu.tr (Murat Tepegoz) Date: Thu Mar 9 09:42:30 2006 Subject: Filter by subject Message-ID: <440FF87E.6010707@mems.eee.metu.edu.tr> Hi all, I know that it is possible to filter or prevent filtering of a mail with a certain email adress or domain (From/To). I wonder if it is possible to pass filtering for the mails which provide a certain criteria in the subject. In other words, what I want to do is this: - If subject contains "XX" do not filter the message, let it go - Otherwise apply normal filtering mechanism. Is it possible? thanks in advance -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060309/f89d908d/attachment.html From raymond at prolocation.net Thu Mar 9 09:44:44 2006 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Thu Mar 9 09:44:45 2006 Subject: Filter by subject In-Reply-To: <440FF87E.6010707@mems.eee.metu.edu.tr> References: <440FF87E.6010707@mems.eee.metu.edu.tr> Message-ID: Hi! > I know that it is possible to filter or prevent filtering of a mail with a > certain email adress or domain (From/To). > I wonder if it is possible to pass filtering for the mails which provide a > certain criteria in the subject. > > In other words, what I want to do is this: > - If subject contains "XX" do not filter the message, let it go > - Otherwise apply normal filtering mechanism. Make some spamassassin rules for this ... pretty simple i think. Bye, Raymond. From darren at torsion.co.uk Thu Mar 9 10:50:16 2006 From: darren at torsion.co.uk (Darren Walker) Date: Thu Mar 9 10:50:22 2006 Subject: Older version and huge problem In-Reply-To: Message-ID: <005f01c64367$404ae360$6501a8c0@lappy> Hi We have tried in vain to update a Cobalt Qube 3 to the latest version of Mailscanner without success. The Qube developed a problem and needed to be re-installed. Originally Mailscanner and F-prot were running on it which were installed about 2-3 years ago. The problem is that we cannot update the version of perl without loosing the GUI. We have completely reformatted and re-installed the whole qube from fresh, and tried to install all the various perl modules by hand, but whatever we do we cannot get mailscanner to run successfully, the output is missing module x or y or z or some other problem. We have spent 4 days trying to get it to work and basically given up. We have ended up re-installing version 3.271 on a fresh installation of the Qube and it works except for a huge problem. The client has f-prot but the version originally installed we are not sure of- but the new version gives the following error ---------SNIP------- Mar 9 10:48:30 qube in.qpopper[14592]: (v?) POP login by user "dscott" at (192.9.200.147) 192.9.200.147 Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Search: .". Please mail the author of MailScanner Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Action: Report only". Please mail the author of MailScanner Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Files: "Dumb" scan of all files". Please mail the author of MailScanner Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Switches: -ARCHIVE -PACKED -SERVER -OLD". Please mail the author of MailScanner Mar 9 10:48:31 qube mailscanner[14388]: Scanned 1 messages, 1737 bytes in 3 seconds---------SNIP------- Is there anything we can do to sort this out Im not sure that mailscanner is now running the virus scan correctly- or is it that it just cannot run certain aspects of it. I don't know if I can download an older version of f-prot. Any help would be much appreciated Thanks Darren -- This message has been scanned for viruses and dangerous content by Torsion Internet Ltd, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 9 11:19:45 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 9 11:19:58 2006 Subject: Older version and huge problem In-Reply-To: <005f01c64367$404ae360$6501a8c0@lappy> References: <005f01c64367$404ae360$6501a8c0@lappy> Message-ID: <3A08B6DC-0898-4AEB-9D40-DB2A60FBA87E@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- For 3.27 to work properly, you need a version of F-Prot from back then too. And that won't recognise much in the way of recent viruses. Sorry, but the world has moved on since the days of Cobalt Qube systems, no-one that I know of properly supports them any more. I certainly don't provide any support on MailScanner version 3 any more, I haven't supported it for a couple of years now at least. On 9 Mar 2006, at 10:50, Darren Walker wrote: > > Hi > > We have tried in vain to update a Cobalt Qube 3 to the latest > version of > Mailscanner without success. The Qube developed a problem and > needed to be > re-installed. Originally Mailscanner and F-prot were running on it > which > were installed about 2-3 years ago. > The problem is that we cannot update the version of perl without > loosing the > GUI. We have completely reformatted and re-installed the whole qube > from > fresh, and tried to install all the various perl modules by hand, but > whatever we do we cannot get mailscanner to run successfully, the > output is > missing module x or y or z or some other problem. We have spent 4 days > trying to get it to work and basically given up. > > We have ended up re-installing version 3.271 on a fresh > installation of the > Qube and it works except for a huge problem. The client has f-prot > but the > version originally installed we are not sure of- but the new > version gives > the following error > > ---------SNIP------- > > Mar 9 10:48:30 qube in.qpopper[14592]: (v?) POP login by user > "dscott" at > (192.9.200.147) 192.9.200.147 > Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in > MailScanner's F-Prot output parser, or F-Prot's output format has > changed! > F-Prot said this "Search: .". Please mail the author of MailScanner > Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in > MailScanner's F-Prot output parser, or F-Prot's output format has > changed! > F-Prot said this "Action: Report only". Please mail the author of > MailScanner > Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in > MailScanner's F-Prot output parser, or F-Prot's output format has > changed! > F-Prot said this "Files: "Dumb" scan of all files". Please mail the > author > of MailScanner > Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in > MailScanner's F-Prot output parser, or F-Prot's output format has > changed! > F-Prot said this "Switches: -ARCHIVE -PACKED -SERVER -OLD". Please > mail the > author of MailScanner > Mar 9 10:48:31 qube mailscanner[14388]: Scanned 1 messages, 1737 > bytes in 3 > seconds---------SNIP------- > > Is there anything we can do to sort this out Im not sure that > mailscanner is > now running the virus scan correctly- or is it that it just cannot run > certain aspects of it. I don't know if I can download an older > version of > f-prot. > > Any help would be much appreciated > Thanks > > Darren > > > > > -- > This message has been scanned for viruses and > dangerous content by Torsion Internet Ltd, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRBAPVPw32o+k+q+hAQENSQgAoXr+lPG9FoMtcRG7zWgQe5OAmAO/Azo1 ANy43yUri1QyB6beyMC4geFoJYM5Q95AEX/I3HBIRPZWapen8S4sBPyjDr8EURzI ArFKC/22WM4Ne539QUfnFljmo0OuX/Bb19dbvWUHuZfHRRqPCw3LdsG0W7BlJOfZ U9LKJBvKgffwM9F2i6xNzG8A595M3JFCK9W+SpPdPrICIOlUPYZvs6a1AaihM1SZ hRTyOSnN5M2mThtXucrL9mZVbYfzJioxSqmXVPUN1HPDjr8W0nzp3KDkDJJTKljx 45VyIOUEQ12FHCGe7HD++cWN3AlFoujnQbYHNJnpyMBfEglJA6V+7g== =LJCg -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Q.G.Campbell at newcastle.ac.uk Thu Mar 9 11:26:28 2006 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Thu Mar 9 11:26:35 2006 Subject: Errors in 4.51.5 'spam.assassin.prefs.conf'? Message-ID: <4165CF7A7F12DE4B96622CCBB90586470661DB07@largo.campus.ncl.ac.uk> It appears that the list of RBL sites in 'spam.assassin.prefs.conf' (4.51.5) is both incorrect and incomplete as the corresponding entries have different labels in the /usr/share/spamassassin/*.cf files. The file 'spam.assassin.prefs.conf' says: #score RCVD_IN_BL_SPAMCOP_NET 4 # These next 3 will cost you money, see mailscanner.conf. #score RCVD_IN_RBL 10 #score RCVD_IN_RSS 1 #score RCVD_IN_DUL 1 It should probably say: #score RCVD_IN_BL_SPAMCOP_NET 4 # These next 3 will cost you money, see mailscanner.conf. #score RCVD_IN_MAPS_RBL 10 #score RCVD_IN_MAPS_DUL 1 #score RCVD_IN_MAPS_RSS 1 #score RCVD_IN_MAPS_NML 1 (?) Have I missed something? I also have a related question: If I have SpamAssassin run RBL checks but set certain RBL rule scores to '0', does this disable those particular RBL checks so they are not carried out? In my case I use MAPS+ and Spamhaus SBL-XBL in Sendmail so have disabled these and all other RBL checks in MailScanner. I want SpamAssassin to use all the RBL rules it has _except_ the MAPS and Spamhaus ones. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ Any opinion expressed above is mine. The University can get its own. From housey at sme-ecom.co.uk Thu Mar 9 11:33:20 2006 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Thu Mar 9 11:33:33 2006 Subject: Older version and huge problem In-Reply-To: <005f01c64367$404ae360$6501a8c0@lappy> Message-ID: Have you tried this http://www.depopo.net/idx/0/160/article/ (Qube3 Perl 5.8.x upgrader) and this http://www.depopo.net/idx/22/159/article/ (Mailscanner 4 for the Qube) I used some stuff from this site quite some time ago to upgrade perl on a Raq 4 without breaking the interface, maybe worth a go. Cheers Paul -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Darren Walker Sent: 09 March 2006 10:50 To: 'MailScanner discussion' Subject: Older version and huge problem Hi We have tried in vain to update a Cobalt Qube 3 to the latest version of Mailscanner without success. The Qube developed a problem and needed to be re-installed. Originally Mailscanner and F-prot were running on it which were installed about 2-3 years ago. The problem is that we cannot update the version of perl without loosing the GUI. We have completely reformatted and re-installed the whole qube from fresh, and tried to install all the various perl modules by hand, but whatever we do we cannot get mailscanner to run successfully, the output is missing module x or y or z or some other problem. We have spent 4 days trying to get it to work and basically given up. We have ended up re-installing version 3.271 on a fresh installation of the Qube and it works except for a huge problem. The client has f-prot but the version originally installed we are not sure of- but the new version gives the following error ---------SNIP------- Mar 9 10:48:30 qube in.qpopper[14592]: (v?) POP login by user "dscott" at (192.9.200.147) 192.9.200.147 Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Search: .". Please mail the author of MailScanner Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Action: Report only". Please mail the author of MailScanner Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Files: "Dumb" scan of all files". Please mail the author of MailScanner Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Switches: -ARCHIVE -PACKED -SERVER -OLD". Please mail the author of MailScanner Mar 9 10:48:31 qube mailscanner[14388]: Scanned 1 messages, 1737 bytes in 3 seconds---------SNIP------- Is there anything we can do to sort this out Im not sure that mailscanner is now running the virus scan correctly- or is it that it just cannot run certain aspects of it. I don't know if I can download an older version of f-prot. Any help would be much appreciated Thanks Darren -- This message has been scanned for viruses and dangerous content by Torsion Internet Ltd, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This message has been scanned for unacceptable content by 'VITANIUM' the industry leading email virus and content management service from Vitanium Systems. Contact details are available at www.vitanium.com. From darren at torsion.co.uk Thu Mar 9 11:38:46 2006 From: darren at torsion.co.uk (Darren Walker) Date: Thu Mar 9 11:38:50 2006 Subject: Older version and huge problem In-Reply-To: <3A08B6DC-0898-4AEB-9D40-DB2A60FBA87E@ecs.soton.ac.uk> Message-ID: <006501c6436e$06c5aec0$6501a8c0@lappy> Hi Julian, Thanks for your response. I fully understand that it is an old piece of kit, unfortunately convincing a client is sometimes more difficult, when they expect things to run for ever. I also fully understand that you can't support version 3 too. Could you tell me if it is at least scanning the files properly and removing viruses that it is aware of? - or is it just going through the motions? Thanks Darren -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 09 March 2006 11:20 To: MailScanner discussion Subject: Re: Older version and huge problem -----BEGIN PGP SIGNED MESSAGE----- For 3.27 to work properly, you need a version of F-Prot from back then too. And that won't recognise much in the way of recent viruses. Sorry, but the world has moved on since the days of Cobalt Qube systems, no-one that I know of properly supports them any more. I certainly don't provide any support on MailScanner version 3 any more, I haven't supported it for a couple of years now at least. On 9 Mar 2006, at 10:50, Darren Walker wrote: > > Hi > > We have tried in vain to update a Cobalt Qube 3 to the latest > version of > Mailscanner without success. The Qube developed a problem and > needed to be > re-installed. Originally Mailscanner and F-prot were running on it > which > were installed about 2-3 years ago. > The problem is that we cannot update the version of perl without > loosing the > GUI. We have completely reformatted and re-installed the whole qube > from > fresh, and tried to install all the various perl modules by hand, but > whatever we do we cannot get mailscanner to run successfully, the > output is > missing module x or y or z or some other problem. We have spent 4 days > trying to get it to work and basically given up. > > We have ended up re-installing version 3.271 on a fresh > installation of the > Qube and it works except for a huge problem. The client has f-prot > but the > version originally installed we are not sure of- but the new > version gives > the following error > > ---------SNIP------- > > Mar 9 10:48:30 qube in.qpopper[14592]: (v?) POP login by user > "dscott" at > (192.9.200.147) 192.9.200.147 > Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in > MailScanner's F-Prot output parser, or F-Prot's output format has > changed! > F-Prot said this "Search: .". Please mail the author of MailScanner > Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in > MailScanner's F-Prot output parser, or F-Prot's output format has > changed! > F-Prot said this "Action: Report only". Please mail the author of > MailScanner > Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in > MailScanner's F-Prot output parser, or F-Prot's output format has > changed! > F-Prot said this "Files: "Dumb" scan of all files". Please mail the > author > of MailScanner > Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in > MailScanner's F-Prot output parser, or F-Prot's output format has > changed! > F-Prot said this "Switches: -ARCHIVE -PACKED -SERVER -OLD". Please > mail the > author of MailScanner > Mar 9 10:48:31 qube mailscanner[14388]: Scanned 1 messages, 1737 > bytes in 3 > seconds---------SNIP------- > > Is there anything we can do to sort this out Im not sure that > mailscanner is > now running the virus scan correctly- or is it that it just cannot run > certain aspects of it. I don't know if I can download an older > version of > f-prot. > > Any help would be much appreciated > Thanks > > Darren > > > > > -- > This message has been scanned for viruses and > dangerous content by Torsion Internet Ltd, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRBAPVPw32o+k+q+hAQENSQgAoXr+lPG9FoMtcRG7zWgQe5OAmAO/Azo1 ANy43yUri1QyB6beyMC4geFoJYM5Q95AEX/I3HBIRPZWapen8S4sBPyjDr8EURzI ArFKC/22WM4Ne539QUfnFljmo0OuX/Bb19dbvWUHuZfHRRqPCw3LdsG0W7BlJOfZ U9LKJBvKgffwM9F2i6xNzG8A595M3JFCK9W+SpPdPrICIOlUPYZvs6a1AaihM1SZ hRTyOSnN5M2mThtXucrL9mZVbYfzJioxSqmXVPUN1HPDjr8W0nzp3KDkDJJTKljx 45VyIOUEQ12FHCGe7HD++cWN3AlFoujnQbYHNJnpyMBfEglJA6V+7g== =LJCg -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Torsion Internet Ltd, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Torsion Internet Ltd, and is believed to be clean. From ajos1 at onion.demon.co.uk Thu Mar 9 11:45:48 2006 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Thu Mar 9 11:45:58 2006 Subject: phishing local file... Message-ID: - I just checked to source... and see what it is meant to do... It works... so I will do it this way... [ ... from some point in the past 3 machines have a blank line or some code that should not be in it... so I have started with a clean new site file... as from last night ... ] -----Original Message----- From: MailScanner discussion Message-ID: <006601c6436f$38a66e60$6501a8c0@lappy> Hi Paul, Thanks. Yeah we tried that- installing a second version of Perl - and Mailscanner then allows you to ignore the two versions, the problem is getting the modules to run/install properly through CPAN- however many we install there is always a problem afterwards when we start up Mailscanner. What we found was a couple of times the GUI would open without a password, but when you clicked on a user you couldn't modify anything, or the menus on the left wouldn't work and so on. After 4 days of continuously trying we have just had to call it a day. It actually seems to be working but I just don't know if it is removing any viruses- that's the problem I have now. I am trying to locate an old version of f-prot. Thanks Darren -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Houselander Sent: 09 March 2006 11:33 To: MailScanner discussion Subject: RE: Older version and huge problem Have you tried this http://www.depopo.net/idx/0/160/article/ (Qube3 Perl 5.8.x upgrader) and this http://www.depopo.net/idx/22/159/article/ (Mailscanner 4 for the Qube) I used some stuff from this site quite some time ago to upgrade perl on a Raq 4 without breaking the interface, maybe worth a go. Cheers Paul -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Darren Walker Sent: 09 March 2006 10:50 To: 'MailScanner discussion' Subject: Older version and huge problem Hi We have tried in vain to update a Cobalt Qube 3 to the latest version of Mailscanner without success. The Qube developed a problem and needed to be re-installed. Originally Mailscanner and F-prot were running on it which were installed about 2-3 years ago. The problem is that we cannot update the version of perl without loosing the GUI. We have completely reformatted and re-installed the whole qube from fresh, and tried to install all the various perl modules by hand, but whatever we do we cannot get mailscanner to run successfully, the output is missing module x or y or z or some other problem. We have spent 4 days trying to get it to work and basically given up. We have ended up re-installing version 3.271 on a fresh installation of the Qube and it works except for a huge problem. The client has f-prot but the version originally installed we are not sure of- but the new version gives the following error ---------SNIP------- Mar 9 10:48:30 qube in.qpopper[14592]: (v?) POP login by user "dscott" at (192.9.200.147) 192.9.200.147 Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Search: .". Please mail the author of MailScanner Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Action: Report only". Please mail the author of MailScanner Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Files: "Dumb" scan of all files". Please mail the author of MailScanner Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Switches: -ARCHIVE -PACKED -SERVER -OLD". Please mail the author of MailScanner Mar 9 10:48:31 qube mailscanner[14388]: Scanned 1 messages, 1737 bytes in 3 seconds---------SNIP------- Is there anything we can do to sort this out Im not sure that mailscanner is now running the virus scan correctly- or is it that it just cannot run certain aspects of it. I don't know if I can download an older version of f-prot. Any help would be much appreciated Thanks Darren -- This message has been scanned for viruses and dangerous content by Torsion Internet Ltd, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This message has been scanned for unacceptable content by 'VITANIUM' the industry leading email virus and content management service from Vitanium Systems. Contact details are available at www.vitanium.com. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Torsion Internet Ltd, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Torsion Internet Ltd, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 9 11:48:12 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 9 11:48:22 2006 Subject: Older version and huge problem In-Reply-To: <006501c6436e$06c5aec0$6501a8c0@lappy> References: <006501c6436e$06c5aec0$6501a8c0@lappy> Message-ID: <7FCE0966-1D13-492A-9323-0BCCE4708670@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 9 Mar 2006, at 11:38, Darren Walker wrote: > Thanks for your response. I fully understand that it is an old > piece of kit, > unfortunately convincing a client is sometimes more difficult, when > they > expect things to run for ever. I also fully understand that you can't > support version 3 too. > > Could you tell me if it is at least scanning the files properly and > removing > viruses that it is aware of? - or is it just going through the > motions? Sorry, I honestly haven't got a clue. I suggest you try it with a copy of the Eicar test file (www.eicar.org). > > Thanks > > Darren > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Julian > Field > Sent: 09 March 2006 11:20 > To: MailScanner discussion > Subject: Re: Older version and huge problem > > * PGP Signed by an unmatched address: 03/09/06 at 11:19:48 > > For 3.27 to work properly, you need a version of F-Prot from back > then too. And that won't recognise much in the way of recent viruses. > Sorry, but the world has moved on since the days of Cobalt Qube > systems, no-one that I know of properly supports them any more. > > I certainly don't provide any support on MailScanner version 3 any > more, I haven't supported it for a couple of years now at least. > > On 9 Mar 2006, at 10:50, Darren Walker wrote: > >> >> Hi >> >> We have tried in vain to update a Cobalt Qube 3 to the latest >> version of >> Mailscanner without success. The Qube developed a problem and >> needed to be >> re-installed. Originally Mailscanner and F-prot were running on it >> which >> were installed about 2-3 years ago. >> The problem is that we cannot update the version of perl without >> loosing the >> GUI. We have completely reformatted and re-installed the whole qube >> from >> fresh, and tried to install all the various perl modules by hand, but >> whatever we do we cannot get mailscanner to run successfully, the >> output is >> missing module x or y or z or some other problem. We have spent 4 >> days >> trying to get it to work and basically given up. >> >> We have ended up re-installing version 3.271 on a fresh >> installation of the >> Qube and it works except for a huge problem. The client has f-prot >> but the >> version originally installed we are not sure of- but the new >> version gives >> the following error >> >> ---------SNIP------- >> >> Mar 9 10:48:30 qube in.qpopper[14592]: (v?) POP login by user >> "dscott" at >> (192.9.200.147) 192.9.200.147 >> Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in >> MailScanner's F-Prot output parser, or F-Prot's output format has >> changed! >> F-Prot said this "Search: .". Please mail the author of MailScanner >> Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in >> MailScanner's F-Prot output parser, or F-Prot's output format has >> changed! >> F-Prot said this "Action: Report only". Please mail the author of >> MailScanner >> Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in >> MailScanner's F-Prot output parser, or F-Prot's output format has >> changed! >> F-Prot said this "Files: "Dumb" scan of all files". Please mail the >> author >> of MailScanner >> Mar 9 10:48:31 qube mailscanner[14388]: Either you've found a bug in >> MailScanner's F-Prot output parser, or F-Prot's output format has >> changed! >> F-Prot said this "Switches: -ARCHIVE -PACKED -SERVER -OLD". Please >> mail the >> author of MailScanner >> Mar 9 10:48:31 qube mailscanner[14388]: Scanned 1 messages, 1737 >> bytes in 3 >> seconds---------SNIP------- >> >> Is there anything we can do to sort this out Im not sure that >> mailscanner is >> now running the virus scan correctly- or is it that it just cannot >> run >> certain aspects of it. I don't know if I can download an older >> version of >> f-prot. >> >> Any help would be much appreciated >> Thanks >> >> Darren >> >> >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by Torsion Internet Ltd, and is >> believed to be clean. >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > * Julian Field > * 0xA4FAAFA1 (L) > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by Torsion Internet Ltd, and is > believed to be clean. > > > > -- > This message has been scanned for viruses and > dangerous content by Torsion Internet Ltd, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRBAV/vw32o+k+q+hAQF5nAf/a0KO6yFvOAxA4ubOPTmp7JY+TugGAWF0 sBHXz5pMINzGTDaumUyPp5rLUASWHA9x6aV/rAmVYTiJzsHtuxKMKhJ9y3nxDvqo HfDoSif98N1wQzp/ztLT0Jfye2cH+MN22JHEC8cdS8+YMHWSAz8Own8p6mkBSEFd t/uMOVeYmHrH83T4u9jDb/34l28ee8736i0jR/wnbf66OFCwml6dWB6/Di9HIVTS Lfo8J0olh2CClAX9pxPUuhq5gAjQw7WKiUxj0FsPOYD/OTnnB58AQii1F5vay47q 9rv0GSOBxPxUwVI9v/B0OTyVi/U9unkqfy7J2wPYktfTgr+8yadK2Q== =wYwO -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gmatt at nerc.ac.uk Thu Mar 9 12:03:26 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Mar 9 12:03:35 2006 Subject: free bitdefender worth it? In-Reply-To: <20060308164629.GA1473@star> References: <1141836119.22652.18.camel@lea.nerc-wallingford.ac.uk> <20060308164629.GA1473@star> Message-ID: <1141905807.14611.13.camel@lea.nerc-wallingford.ac.uk> As a few of you have pointed out, and as I discovered before reading this thread this morning, I need the "--mail" switch to scan these files. With this, it is discovering a whole slew of viruses in mail received at my blackhole server.... thanks for the help G On Wed, 2006-03-08 at 17:46 +0100, Stephane Lentz wrote: > With Bitdefender 7.0 I used : > /opt/bdc/bdc --mail --arc --all files* > > to properly scan messages in archives/mailboxes > > Regards, > > SL/ -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From richard.siddall at elirion.net Thu Mar 9 12:35:17 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Thu Mar 9 12:35:47 2006 Subject: Older version and huge problem In-Reply-To: <006601c6436f$38a66e60$6501a8c0@lappy> References: <006601c6436f$38a66e60$6501a8c0@lappy> Message-ID: <44102105.803@elirion.net> Darren Walker wrote: > Hi Paul, > > Thanks. Yeah we tried that- installing a second version of Perl - and > Mailscanner then allows you to ignore the two versions, the problem is > getting the modules to run/install properly through CPAN- however many we > install there is always a problem afterwards when we start up Mailscanner. > What we found was a couple of times the GUI would open without a password, > but when you clicked on a user you couldn't modify anything, or the menus on > the left wouldn't work and so on. > Darren, MailScanner worked on a RaQ up to at least version 4.31. Perhaps Julian can find an old (i.e. Perl 5.005 compatible) copy for you to try on the Qube. Regards, Richard Siddall From algorges at gmail.com Thu Mar 9 12:50:59 2006 From: algorges at gmail.com (ASA) Date: Thu Mar 9 12:49:05 2006 Subject: JavaScript Message-ID: <001201c64378$1f016740$1401a8c0@asanote> What does that message? Mar 8 14:03:59 mx MailScanner[26505]: Found phishing fraud from JavaScript claiming to be www.hermes.com.br in 1FB54215ED3.6EF7F Mar 8 14:03:59 mx MailScanner[26505]: Found phishing fraud from JavaScript claiming to be www.malhassanremo.com.br in 1FB54215ED3.6EF7F From samp at arial-concept.com Thu Mar 9 13:22:09 2006 From: samp at arial-concept.com (Sam Przyswa) Date: Thu Mar 9 13:42:44 2006 Subject: Whitelist Message-ID: <44102C01.9090208@arial-concept.com> Hi, How to put whitelist DNS in /etc/MailScanner/spam.lists.conf as RDNS ? Thanks for your reply. Sam. -- Sam Przyswa - Chef de projet Arial Concept - Int???rateur Internet 36, rue de Turin - 75008 - Paris - France Tel: 01 40 54 86 04 - 0870 444 596 - Fax: 01 40 54 83 01 Skype ID: arial-concept Web: http://www.arial-concept.com - Email: Info@arial-concept.com -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. MailScanner remercie transtec pour son soutien. From samp at arial-concept.com Thu Mar 9 13:30:17 2006 From: samp at arial-concept.com (Sam Przyswa) Date: Thu Mar 9 13:59:34 2006 Subject: Bonded Sender Message-ID: <44102DE9.3070404@arial-concept.com> Hi, Does MailScanner can handle the Bonded Sender WL (http://bondedsender.org/bondedsender/technical.php) or how to implement it ? Sam. -- Sam Przyswa - Chef de projet Arial Concept - Int???rateur Internet 36, rue de Turin - 75008 - Paris - France Tel: 01 40 54 86 04 - 0870 444 596 - Fax: 01 40 54 83 01 Skype ID: arial-concept Web: http://www.arial-concept.com - Email: Info@arial-concept.com -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. MailScanner remercie transtec pour son soutien. From ugob at camo-route.com Thu Mar 9 14:04:52 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Thu Mar 9 14:08:01 2006 Subject: Does spamassassin cache database lower the amount of spamassassin timeouts? In-Reply-To: References: Message-ID: Taso Chatziantoniou wrote: > MailScanner version 4.48.4 > SpamAssassin version 3.1.0 > SpamAssassin Timeout = 60 > > > Has anyone seen a significant decline in spamassassin time out after > upgrading to 4.5x? > Since the new version of Mailscanner uses SpamAssassin cache database i > am guessing this would help. > > We are currently running six Mailscanner boxes that receive about 30,000 > to 50,000 emails each everyday. > We get about 270-280 Spamassassin time outs (as per logwatch) which, > considered the amount of mail we get is not bad at all. > The problem with this is that 270 emails which could be sent to multiple > email addresses can be sent to potentially alot more people then that. > When we have users send us spam submissions a bulk of the headers that > we get indicate that spamassassin timed out. What hardware? What MTA? You should probably try to tweak your MTA. Use milter-ahead, or other sendmail anti-spam features (throttling, greet pause). There might be other features for your MTA if it is not Sendmail. You may also try greylisting, at least for your most spammed users. Make sure you read about these before implementing them. > > This is my first post, please let me know if i am doing anything wrong > Thanks > One little thing: avoid posting in HTML. Regards, Ugo From shuttlebox at gmail.com Thu Mar 9 14:23:46 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 9 14:23:49 2006 Subject: Bonded Sender In-Reply-To: <44102DE9.3070404@arial-concept.com> References: <44102DE9.3070404@arial-concept.com> Message-ID: <625385e30603090623j618561f2j4c577f72773439fb@mail.gmail.com> On 3/9/06, Sam Przyswa wrote: > Hi, > > Does MailScanner can handle the Bonded Sender WL > (http://bondedsender.org/bondedsender/technical.php) or how to implement > it ? SpamAssassin supports it by default. # Bonded Sender: http://www.bondedsender.com/ score RCVD_IN_BSP_OTHER 0 -0.1 0 -0.1 score RCVD_IN_BSP_TRUSTED 0 -4.3 0 -4.3 -- /peter From darren at torsion.co.uk Thu Mar 9 14:32:07 2006 From: darren at torsion.co.uk (Darren Walker) Date: Thu Mar 9 14:32:10 2006 Subject: Older version and huge problem In-Reply-To: <44102105.803@elirion.net> Message-ID: <00ad01c64386$3e2441c0$6501a8c0@lappy> HI Richard, I have given in - basically I tried the latest version and just worked back from there until I managed to get one to work- all the versions are on the download page, so they were quite easy to work back from. Im sure that somehow we managed to get v4 working on it before the problem but I just cant work out how we did it and I cant afford to spend any more time on it. Thanks for your all your help - I managed to find an old copy of f-prot and installed that along with version 3.27. It seems to be working but it wont scan inside any zip files- which is a bit of a problem, but beggars cant be choosers... Thanks once again Darren -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Richard Siddall Sent: 09 March 2006 12:35 To: MailScanner discussion Subject: Re: Older version and huge problem Darren Walker wrote: > Hi Paul, > > Thanks. Yeah we tried that- installing a second version of Perl - and > Mailscanner then allows you to ignore the two versions, the problem is > getting the modules to run/install properly through CPAN- however many we > install there is always a problem afterwards when we start up Mailscanner. > What we found was a couple of times the GUI would open without a password, > but when you clicked on a user you couldn't modify anything, or the menus on > the left wouldn't work and so on. > Darren, MailScanner worked on a RaQ up to at least version 4.31. Perhaps Julian can find an old (i.e. Perl 5.005 compatible) copy for you to try on the Qube. Regards, Richard Siddall -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Torsion Internet Ltd, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Torsion Internet Ltd, and is believed to be clean. From KLekas at foxriver.com Thu Mar 9 14:35:14 2006 From: KLekas at foxriver.com (Kosta Lekas) Date: Thu Mar 9 14:35:25 2006 Subject: password protected files? Message-ID: <8D8A77DC1FA09546936E74FC3EEC627A3B1F5A@FREXGENEVA-01.frfr.foxriver.com> I am aware of the option to block password protected archives, is there a way to block password protected files? Kosta -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060309/94aa109f/attachment.html From shuttlebox at gmail.com Thu Mar 9 14:42:54 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 9 14:42:57 2006 Subject: password protected files? In-Reply-To: <8D8A77DC1FA09546936E74FC3EEC627A3B1F5A@FREXGENEVA-01.frfr.foxriver.com> References: <8D8A77DC1FA09546936E74FC3EEC627A3B1F5A@FREXGENEVA-01.frfr.foxriver.com> Message-ID: <625385e30603090642x5a66a983s536c67f53870e8f0@mail.gmail.com> On 3/9/06, Kosta Lekas wrote: > > I am aware of the option to block password protected archives, is there a > way to block password protected files? If they have a different file type than the non-protected file, then yes. Otherwise you have to rely on your virus scanner, Clam can block protected archives, maybe there's scanners that have more options. Do you have any examples of files you want to block? -- /peter From gmatt at nerc.ac.uk Thu Mar 9 14:43:25 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Mar 9 14:43:34 2006 Subject: message vs attachment size Message-ID: <1141915405.14611.23.camel@lea.nerc-wallingford.ac.uk> Cant find this in the book or google: does the "maximum message size" include the whole message including attachments? or are maximum message size and maximum attachment size mutually exclusive? ie if I set maximum message size to be 15MB will it stop attachments of 20MB? cheer GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From MailScanner at ecs.soton.ac.uk Thu Mar 9 14:47:39 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 9 14:47:59 2006 Subject: password protected files? In-Reply-To: <8D8A77DC1FA09546936E74FC3EEC627A3B1F5A@FREXGENEVA-01.frfr.foxriver.com> References: <8D8A77DC1FA09546936E74FC3EEC627A3B1F5A@FREXGENEVA-01.frfr.foxriver.com> Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 487 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060309/75837a29/PGP.bin From MailScanner at ecs.soton.ac.uk Thu Mar 9 14:52:28 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 9 14:52:38 2006 Subject: message vs attachment size In-Reply-To: <1141915405.14611.23.camel@lea.nerc-wallingford.ac.uk> References: <1141915405.14611.23.camel@lea.nerc-wallingford.ac.uk> Message-ID: <97F72773-634A-44A4-8F2E-FE89A3A716A4@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 9 Mar 2006, at 14:43, Greg Matthews wrote: > Cant find this in the book or google: > > does the "maximum message size" include the whole message including > attachments? Yes. > or are maximum message size and maximum attachment size > mutually exclusive? No. > ie if I set maximum message size to be 15MB will it stop > attachments of > 20MB? Yes. It's very simple, the message size is the size of the file containing the body of the text, for MTA's that have 2 files per message (sendmail and Exim). For MTA's that have 1 file per message (Postfix and ZMailer) it is simply the size of the file representing the entire message including headers and envelope data. Yes, I know that makes the figure slightly different for different MTA's with the same mesage. But people only ever use it as an approximate figure, e.g. 10MB. No-one cares if it is 10MB + 100 bytes or 10MB - 100 bytes. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRBBBLvw32o+k+q+hAQGzSAgAg9Tmxx8eIAqed4eOlCldFCLJKDJyteYL 6F2lGUyW1y6SgxkEJe1s5Fm7hvHWG9OGVc8PpGLpgxX7PnpGdIvpIUtuXswoQQ5H 9pep7NwiTFIifFZhsYY24bJA/3oYG7BQDfHEQzinGYsf/OVPJbyXrx557TeQjkTB ejZz0LuQb4u920p21730SiF0L0x2sygskfMlc2c8kyNzCYtNPjyVB+0uMFzdsH3Q SpjkElzP4X2a+k3MTp27sqg52sksOmrf9guOjdnMc/+kCGi4LNoNoVCmTmOefyeO bFLynrr/5wKDAEWDOCV3G0l7zQfHSJn2eM4s458DYR7GxAZZl/MzPg== =nzJA -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mikej at rogers.com Thu Mar 9 14:58:18 2006 From: mikej at rogers.com (Mike Jakubik) Date: Thu Mar 9 14:57:50 2006 Subject: FreeBSD port / mta.in script In-Reply-To: References: Message-ID: <4410428A.9000206@rogers.com> Koopmann, Jan-Peter wrote: > If you use the system to startup your MTA the way you like it, you are of > course free to do so and will not have any disadvantages. At the time the > mta script was originally written there was no easy way to fire up the > necessary MTA instanced from rc.conf alone (at least not for exim). If this > is the case now and the script is obsolete: Fine with me. All I need then > are detailed instructions for all MTAs under FreeBSD and I will get rid off > the script. > > It is simply a way to ensure that the MTA in use is called the way that > MailScanner needs it to be. > Understood. While im not sure about other MTA's, postfix has a RCng style startup script. So you just disable sendmail in rc.conf, and add a postfix_enable="YES". From KLekas at foxriver.com Thu Mar 9 15:05:40 2006 From: KLekas at foxriver.com (Kosta Lekas) Date: Thu Mar 9 15:05:50 2006 Subject: password protected files? Message-ID: <8D8A77DC1FA09546936E74FC3EEC627A3B1F5C@FREXGENEVA-01.frfr.foxriver.com> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shuttlebox Sent: Thursday, March 09, 2006 8:43 AM To: MailScanner discussion Subject: Re: password protected files? On 3/9/06, Kosta Lekas wrote: > > I am aware of the option to block password protected archives, is there a > way to block password protected files? If they have a different file type than the non-protected file, then yes. Otherwise you have to rely on your virus scanner, Clam can block protected archives, maybe there's scanners that have more options. Do you have any examples of files you want to block? -- /peter -- I've seen some excel spread sheets coming in that are password protected. But in general I want to block all and any password protected file types. I am running clamavmodule. Kosta From shuttlebox at gmail.com Thu Mar 9 15:15:07 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 9 15:15:10 2006 Subject: password protected files? In-Reply-To: <8D8A77DC1FA09546936E74FC3EEC627A3B1F5C@FREXGENEVA-01.frfr.foxriver.com> References: <8D8A77DC1FA09546936E74FC3EEC627A3B1F5C@FREXGENEVA-01.frfr.foxriver.com> Message-ID: <625385e30603090715p773c483j24c02fe94b9b4825@mail.gmail.com> On 3/9/06, Kosta Lekas wrote: > I've seen some excel spread sheets coming in that are password > protected. But in general I want to block all and any password protected > file types. I am running clamavmodule. Test the protected files with the file command, if they identify themselves as something different than the unprotected file you can add them to filetype.rules.conf. And Julian answered that Sophos can do this too. -- /peter From Jan-Peter.Koopmann at seceidos.de Thu Mar 9 15:29:23 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Thu Mar 9 15:29:41 2006 Subject: FreeBSD port / mta.in script Message-ID: On Thursday, March 09, 2006 3:58 PM Mike Jakubik wrote: > Understood. While im not sure about other MTA's, postfix has a RCng > style startup script. So you just disable sendmail in rc.conf, and > add a postfix_enable="YES". sendmail and exim have that as well. But the standard exim mta script will not launch all instanced necessary for mailscanner (incoming, outgoing, submit). Nor will the standard sendmail RCng script. I am not sure about postfix or how exactly postfix works with MailScanner so I can only speek for the other two. Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060309/51f89f67/smime.bin From mikej at rogers.com Thu Mar 9 15:38:56 2006 From: mikej at rogers.com (Mike Jakubik) Date: Thu Mar 9 15:38:25 2006 Subject: FreeBSD port / mta.in script In-Reply-To: References: Message-ID: <44104C10.3050602@rogers.com> Koopmann, Jan-Peter wrote: > sendmail and exim have that as well. But the standard exim mta script will > not launch all instanced necessary for mailscanner (incoming, outgoing, > submit). Nor will the standard sendmail RCng script. I am not sure about > postfix or how exactly postfix works with MailScanner so I can only speek > for the other two. > > Kind regards, > JP > Postfix starts up everything that is needed. It doesn't have separate commands that you need to start for queues to work, thats just silly. With postfix, we specify a rule to put all incoming mail in the hold queue, which mailscanner scans and then transfers to postfix incoming queue, where postfix picks it up and sends it on its way. From Jan-Peter.Koopmann at seceidos.de Thu Mar 9 15:54:29 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Thu Mar 9 15:54:44 2006 Subject: FreeBSD port / mta.in script Message-ID: On Thursday, March 09, 2006 4:39 PM Mike Jakubik wrote: > Postfix starts up everything that is needed. It doesn't have separate > commands that you need to start for queues to work, thats just silly. > With postfix, we specify a rule to put all incoming mail in the hold > queue, which mailscanner scans and then transfers to postfix incoming > queue, where postfix picks it up and sends it on its way. Which explains why you (Postfix) do not need the mta.sh script and others (Exim, sendmail) may find it useful since it will start the necessary instances for them. :-) That should answer the original question. Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060309/81a4068e/smime.bin From Kevin_Miller at ci.juneau.ak.us Thu Mar 9 15:59:20 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Mar 9 15:59:23 2006 Subject: message vs attachment size Message-ID: Julian Field wrote: > It's very simple, the message size is the size of the file containing > the body of the text, for MTA's that have 2 files per message > (sendmail and Exim). For MTA's that have 1 file per message (Postfix > and ZMailer) it is simply the size of the file representing the > entire message including headers and envelope data. > > Yes, I know that makes the figure slightly different for different > MTA's with the same mesage. But people only ever use it as an > approximate figure, e.g. 10MB. No-one cares if it is 10MB + 100 bytes > or 10MB - 100 bytes. Just to elaborate a bit, it may also be worth noting that when an attachment is encoded there is about a 25% increase in filesize so if someone asks what your limit is and you say 10 MB, from a practical standpoint they may only be able to attach a 7.5 MB doc. Of course, anybody sending 7.5 - 10 MB files should be fed to the sharks, but that's a different rant... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From samp at arial-concept.com Thu Mar 9 15:51:23 2006 From: samp at arial-concept.com (Sam Przyswa) Date: Thu Mar 9 16:12:46 2006 Subject: Bonded Sender In-Reply-To: <625385e30603090623j618561f2j4c577f72773439fb@mail.gmail.com> References: <44102DE9.3070404@arial-concept.com> <625385e30603090623j618561f2j4c577f72773439fb@mail.gmail.com> Message-ID: <44104EFB.2070303@arial-concept.com> shuttlebox a ?crit : >On 3/9/06, Sam Przyswa wrote: > > >>Hi, >> >>Does MailScanner can handle the Bonded Sender WL >>(http://bondedsender.org/bondedsender/technical.php) or how to implement >>it ? >> >> > >SpamAssassin supports it by default. > ># Bonded Sender: http://www.bondedsender.com/ >score RCVD_IN_BSP_OTHER 0 -0.1 0 -0.1 >score RCVD_IN_BSP_TRUSTED 0 -4.3 0 -4.3 > > Ok but at this time only the blacklists used on MailScanner are active even the host address is in whitelist, or perhaps I have missed something... Thanks for your help. Sam. -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. MailScanner remercie transtec pour son soutien. From cobalt-users1 at fishnet.co.uk Thu Mar 9 17:14:28 2006 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Thu Mar 9 17:14:38 2006 Subject: HTML image only spam and OCR In-Reply-To: Message-ID: <44106274.27869.3E09DC@cobalt-users1.fishnet.co.uk> On 8 Mar 2006 at 11:14, Taso Chatziantoniou wrote: > Also one other question .. > Does anyone know of a good site or forum that we can submit sample spams to help us figure > out a way to block them. We keep getting these stock html image only files with bayes poisining > on the bottom that we cannot seem to find a pattern to to block. Hi, After reading this bit I had though about maybe using ocr when these types of messages are found. A (not-so) quick experiment using netpbm and gocr on a linux machine here produces some ASCII output from one of these gif images. The question is: how can I get MailScanner / SpamAssassin to use this method? The command line I am using is: giftopnm test.gif | gocr - which then produces the text on stdout. Thoughts anyone? Ian -- From max at kipness.com Thu Mar 9 18:03:28 2006 From: max at kipness.com (Max Kipness) Date: Thu Mar 9 18:03:43 2006 Subject: Fwd: Latest RBLs to use Message-ID: <166e673e4aaef0d83043c42e601b294e@localhost> Hello - I'm in the process of installing the latest version of MailScanner. I haven't set one up in a while and was wondering which ones people are using nowadays. Years ago I think I had setup a long list of them. With SURBL is this necessary now? Or just let SpamAssassin handle it? Thanks, Max -- Thanks, Max From mkettler at evi-inc.com Thu Mar 9 18:12:55 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Mar 9 18:13:05 2006 Subject: Fwd: Latest RBLs to use In-Reply-To: <166e673e4aaef0d83043c42e601b294e@localhost> References: <166e673e4aaef0d83043c42e601b294e@localhost> Message-ID: <44107027.4080102@evi-inc.com> Max Kipness wrote: > Hello - > > I'm in the process of installing the latest version of MailScanner. I haven't > set one up in a while and was wondering which ones people are using nowadays. > Years ago I think I had setup a long list of them. With SURBL is this necessary > now? Or just let SpamAssassin handle it? IMHO, it's never been a good idea to use RBLs at the MailScanner or MTA level. However, that belief comes from never finding a RBL with a S/O greater than or equal to five-nines (>99.999% of matching email is spam, and <0.001% is nonspam). I'm generally quite averse to FPs, and adding another source of them on top of the occasional SA FP is troublesome. That said, XBL does have an impressive S/O in the SA development testing. SBL and DSBL also perform fairly well, though not as well as XBL. (take a look at STATISTICS-set1.txt and STATISTICS-set3.txt out of the SA tarball sometime) From shuttlebox at gmail.com Thu Mar 9 18:32:43 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 9 18:32:46 2006 Subject: HTML image only spam and OCR In-Reply-To: <44106274.27869.3E09DC@cobalt-users1.fishnet.co.uk> References: <44106274.27869.3E09DC@cobalt-users1.fishnet.co.uk> Message-ID: <625385e30603091032x11f05c70s47939511b3b45487@mail.gmail.com> On 3/9/06, Ian wrote: > Hi, > > After reading this bit I had though about maybe using ocr when these types of messages are > found. > > A (not-so) quick experiment using netpbm and gocr on a linux machine here produces some > ASCII output from one of these gif images. > > The question is: how can I get MailScanner / SpamAssassin to use this method? > > The command line I am using is: > > > giftopnm test.gif | gocr - > > > which then produces the text on stdout. > > Thoughts anyone? MS supports both a custom spam scanner and a generic virus scanner. Look in MailScanner.conf for more info. -- /peter From TasNYC at TasNYC.com Thu Mar 9 18:41:35 2006 From: TasNYC at TasNYC.com (Taso Chatziantoniou) Date: Thu Mar 9 18:42:11 2006 Subject: How to block all email sent to a specific email address? References: <9720CA43F755A148BF65B6618B90CB941A5BB0@magneto.wals.local> Message-ID: you can add a line like this to your blacklist or whitelist ruleset From: blockemail@example.com and To: youremail@example.com yes The problem that i am running into with this as a whitelist rule (probably the same for blacklist) is that if you just whitelist to youremail@example.com and the email was sent to or cced to youremail@example.com and youremail2@example.com and youemail3@example.com and so on it will get whitelisted for all of them. does anyone know a way around that? if your not sure what i am asking, here is another example I have a user named foo and he wants to be exluded from the spam filter altogether because of too many false positives so i add this line to my whitelist To: foo@foobar.com yes Problem with this is if a spam email was sent to foo, mike, harry, bob, jane, frank since foo is in the whitelist all these people will receive this spam messege no matter the spamassassin score. not sure if we have any other way around that problem -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info on behalf of Scott Silva Sent: Wed 3/8/2006 7:16 PM To: mailscanner@lists.mailscanner.info Subject: Re: How to block all email sent to a specific email address? Jody Cleveland spake the following on 3/7/2006 11:46 AM: > Hello, > > Is it possible to create a rule that would blacklist all mail coming in > for a specific email address? > > Kind of like blacklist *@* to *@xavier.winnefox.org? > > - jody userdel xavier will block all the mail ;-) -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060309/2035f447/attachment.html From john.french at emich.edu Thu Mar 9 18:48:52 2006 From: john.french at emich.edu (jf) Date: Thu Mar 9 18:46:35 2006 Subject: 4.51.5 scanning messages multiple times Message-ID: <44107894.8000104@emich.edu> I am running MailScanner 4.51.5 (recently upgraded from 4.50.15) on 4 RedHat AS4 boxes with the same hardware. The sendmail and MailScanner configuration files are identical, and the load is distributed to all four with a content switch. Three of the boxes are working fine, but on one of the boxes messages are being scanned several times before being delivered. This is happening with almost every message on that server. Only one message is delivered, but it is scanned many times. The only other difference I can find between this server and the three others is that on this one, I see lots of "[MailScanner] " processes, where the other servers have none. The only semi-relevant archived suggestions I can find deal with duplicate deliveries and the lock type. The lock type is set to posix on all four servers. Changing it to flock does not remove the behavior. Below is a log excerpt showing this problem occurring with one message. If anyone has any suggestions, I'd appreciate them. --- start example log ------------------- Mar 9 04:42:30 mailforward-d sendmail[22343]: k299gIL0022343: from=, size=2312, class=0, nrcpts=1, msgid=< 200603090941.k299fL1f089152@ns1.maxmailer.net>, proto=ESMTP, daemon=MTA, relay=ns1.maxmailer.net [216.171.216.248] Mar 9 04:42:30 mailforward-d sendmail[22343]: k299gIL0022343: to=, delay=00:00:00, mailer=esmtp, pri=32312, st at=queued Mar 9 04:57:46 mailforward-d MailScanner[31296]: SpamAssassin cache hit for message k299gIL0022343 Mar 9 04:57:46 mailforward-d MailScanner[31296]: Message k299gIL0022343 from 216.171.216.248 (u789mobs@maxmailer.net) to emich.edu is spam, SpamAssassin (score=6.005, required 5, URIBL_JP_SURBL 2.46, URIBL_OB_SURBL 3.21, unsub13 0.33) Mar 9 04:57:46 mailforward-d MailScanner[31296]: Spam Actions: message k299gIL0022343 actions are deliver Mar 9 04:57:57 mailforward-d MailScanner[31587]: SpamAssassin cache hit for message k299gIL0022343 Mar 9 04:57:57 mailforward-d MailScanner[31587]: Message k299gIL0022343 from 216.171.216.248 (u789mobs@maxmailer.net) to emich.edu is spam, SpamAssassin (score=6.005, required 5, URIBL_JP_SURBL 2.46, URIBL_OB_SURBL 3.21, unsub13 0.33) ... (same thing goes on for a bit) Mar 9 05:05:16 mailforward-d sendmail[2722]: k299gIL0022343: to=, delay=00:22:47, xdelay=00:00:00, mailer=esmtp, pri=122312, relay=server.emich.edu. [serverip], dsn=2.0.0, stat=Sent (Ok.) --- end example log ------------------- From jaearick at colby.edu Thu Mar 9 19:02:19 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Mar 9 19:02:33 2006 Subject: sendmail/MS multiple outbound queues? Message-ID: Gang, My setup: MS 4.51.5, sendmail, Solaris 9. I would like to use sendmail queuegroups on my *outbound* email, and I'm puzzled how to set up MS and sendmail. After MS grabs a message out of mqueue.in and processes it, I would like /var/spool/mqueue to have fastq and slowq directories, with different characteristics. Something like (in my sendmail.mc file): FEATURE(`queuegroup') QUEUE_GROUP(`fastq', `Path=/var/spool/mqueue/fastq, I=10m, R=10') QUEUE_GROUP(`slowq', `Path=/var/spool/mqueue/slowq, I=2h') With an entry in my access.db file of: QGRP:colby.edu fastq I see the "Outgoing Queue Dir" item in MailScanner.conf, but how would MailScanner know how to sort my outbound mail into different queues? I want my local to-be-delivered email in a different queue than outbound internet email. Thanks for any clues here! Jeff Earickson Colby College From MailScanner at ecs.soton.ac.uk Thu Mar 9 19:10:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 9 19:10:47 2006 Subject: 4.51.5 scanning messages multiple times In-Reply-To: <44107894.8000104@emich.edu> References: <44107894.8000104@emich.edu> Message-ID: <44107DA7.3020801@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Have you run MailScanner in debug mode? Does it produce any errors? There are reasons why messages can be dropped from a batch, but there are very few with sendmail, it's only Postfix which does it (intentionally, to allow scanning later). If you are using sendmail 8.13 and upwards you should use Lock Type = posix, before 8.13 you should use Lock Type = flock. Differing locking will cause problems like this. You say the 4 boxes are setup identically, but they are behaving differently, which tends to imply they aren't actually the same :-) jf wrote: > I am running MailScanner 4.51.5 (recently upgraded from 4.50.15) on 4 > RedHat AS4 boxes with the same hardware. The sendmail and MailScanner > configuration files are identical, and the load is distributed to all > four with a content switch. Three of the boxes are working fine, but on > one of the boxes messages are being scanned several times before being > delivered. This is happening with almost every message on that server. > Only one message is delivered, but it is scanned many times. > > The only other difference I can find between this server and the three > others is that on this one, I see lots of "[MailScanner] " > processes, where the other servers have none. > > The only semi-relevant archived suggestions I can find deal with > duplicate deliveries and the lock type. The lock type is set to posix > on all four servers. Changing it to flock does not remove the behavior. > > Below is a log excerpt showing this problem occurring with one message. > > If anyone has any suggestions, I'd appreciate them. > > --- start example log ------------------- > Mar 9 04:42:30 mailforward-d sendmail[22343]: k299gIL0022343: > from=, size=2312, class=0, nrcpts=1, msgid=< > 200603090941.k299fL1f089152@ns1.maxmailer.net>, proto=ESMTP, daemon=MTA, > relay=ns1.maxmailer.net [216.171.216.248] > Mar 9 04:42:30 mailforward-d sendmail[22343]: k299gIL0022343: > to=, delay=00:00:00, mailer=esmtp, pri=32312, st > at=queued > Mar 9 04:57:46 mailforward-d MailScanner[31296]: SpamAssassin cache hit > for message k299gIL0022343 > Mar 9 04:57:46 mailforward-d MailScanner[31296]: Message k299gIL0022343 > from 216.171.216.248 (u789mobs@maxmailer.net) to emich.edu is spam, > SpamAssassin (score=6.005, required 5, URIBL_JP_SURBL 2.46, > URIBL_OB_SURBL 3.21, unsub13 0.33) > Mar 9 04:57:46 mailforward-d MailScanner[31296]: Spam Actions: message > k299gIL0022343 actions are deliver > Mar 9 04:57:57 mailforward-d MailScanner[31587]: SpamAssassin cache hit > for message k299gIL0022343 > Mar 9 04:57:57 mailforward-d MailScanner[31587]: Message k299gIL0022343 > from 216.171.216.248 (u789mobs@maxmailer.net) to emich.edu is spam, > SpamAssassin (score=6.005, required 5, URIBL_JP_SURBL 2.46, > URIBL_OB_SURBL 3.21, unsub13 0.33) > > ... (same thing goes on for a bit) > > Mar 9 05:05:16 mailforward-d sendmail[2722]: k299gIL0022343: > to=, delay=00:22:47, xdelay=00:00:00, mailer=esmtp, > pri=122312, relay=server.emich.edu. [serverip], dsn=2.0.0, stat=Sent (Ok.) > --- end example log ------------------- > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRBB9rhH2WUcUFbZUEQKTiwCgoLyRbgQ3eONUo7PZU2jFUjdMbc4AnRmn w1r4ViBP5r5CJO1mMKfCSFZ2 =zVbR -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 9 19:13:13 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 9 19:13:12 2006 Subject: sendmail/MS multiple outbound queues? In-Reply-To: References: Message-ID: <44107E49.7080203@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeff A. Earickson wrote: > Gang, > > My setup: MS 4.51.5, sendmail, Solaris 9. I would like to use > sendmail queuegroups on my *outbound* email, and I'm puzzled how > to set up MS and sendmail. After MS grabs a message out of > mqueue.in and processes it, I would like /var/spool/mqueue > to have fastq and slowq directories, with different characteristics. > Something like (in my sendmail.mc file): > > FEATURE(`queuegroup') > QUEUE_GROUP(`fastq', `Path=/var/spool/mqueue/fastq, I=10m, R=10') > QUEUE_GROUP(`slowq', `Path=/var/spool/mqueue/slowq, I=2h') > > With an entry in my access.db file of: > > QGRP:colby.edu fastq > > I see the "Outgoing Queue Dir" item in MailScanner.conf, but how > would MailScanner know how to sort my outbound mail into different > queues? Easy. Use a ruleset to set the outgoing queue directory. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRBB+ShH2WUcUFbZUEQIEEgCfSFk9UfRhoW339mJ8aOBC5rtArKkAoJHM +01ZXPWezCxqk82mwpnHtdkt =sHB/ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jaearick at colby.edu Thu Mar 9 19:25:39 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Mar 9 19:25:48 2006 Subject: persistent queue runner for sendmail Message-ID: Julian, Referring to: http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml (which may be old), you have "sendmail -q15m" for the processing of post-MS email. Wouldn't it be better to use persistent queue runner, "sendmail -qp" instead. See the Bat Book, sect 6.1.1 and the O'Reilly sendmail cookbook, section 9.5. I've just made this change, comments please... Jeff Earickson colby College From MailScanner at ecs.soton.ac.uk Thu Mar 9 19:33:23 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 9 19:33:24 2006 Subject: persistent queue runner for sendmail In-Reply-To: References: Message-ID: <44108303.40402@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeff A. Earickson wrote: > Julian, > > Referring to: > > http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml > > (which may be old), you have "sendmail -q15m" for the processing > of post-MS email. Wouldn't it be better to use persistent queue > runner, "sendmail -qp" instead. See the Bat Book, sect 6.1.1 > and the O'Reilly sendmail cookbook, section 9.5. I've just > made this change, comments please... But sendmail -q15m is a persistent queue-runner, is it not? I don't have the bat book to hand (which edition anyway?) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRBCDBBH2WUcUFbZUEQIcwQCg2ovoYwoPhg2CzO/+YllPIfSJMusAn2f1 jJNeQQ/GsaRpRmOxp9KaRcn2 =o9ER -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From john.french at emich.edu Thu Mar 9 19:37:15 2006 From: john.french at emich.edu (jf) Date: Thu Mar 9 19:34:59 2006 Subject: *****SPAM***** Re: 4.51.5 scanning messages multiple times In-Reply-To: <44107DA7.3020801@ecs.soton.ac.uk> References: <44107894.8000104@emich.edu> <44107DA7.3020801@ecs.soton.ac.uk> Message-ID: <441083EB.8050102@emich.edu> Debug mode produces the usual EOCD signature messages and errors like the one below. During this debug session, duplicate scans were logged again (so if there was another message that would pop up during this problem, it should have this time). read-open /var/spool/MailScanner/incoming/16041/k24MxfOU003753/winmail.dat: No such file or directory at /usr/lib/perl5/site_perl/5.8.5/MIME/Body.pm line 435. All boxes are running sendmail 8.13.1; the sendmail.cf, access, MailScanner.conf files do not produce output when they are diff-compared to the other boxes. I've also compared the rc/init.d directories for differences in startup scripts to no avail. I guess I'm primarily fishing for more files to compare. Is there another log that might have relevant messages? Julian Field wrote: > Have you run MailScanner in debug mode? Does it produce any errors? > There are reasons why messages can be dropped from a batch, but there > are very few with sendmail, it's only Postfix which does it > (intentionally, to allow scanning later). > > If you are using sendmail 8.13 and upwards you should use Lock Type = > posix, before 8.13 you should use Lock Type = flock. > > Differing locking will cause problems like this. > > You say the 4 boxes are setup identically, but they are behaving > differently, which tends to imply they aren't actually the same :-) > > jf wrote: >>> I am running MailScanner 4.51.5 (recently upgraded from 4.50.15) on 4 >>> RedHat AS4 boxes with the same hardware. The sendmail and MailScanner >>> configuration files are identical, and the load is distributed to all >>> four with a content switch. Three of the boxes are working fine, but on >>> one of the boxes messages are being scanned several times before being >>> delivered. This is happening with almost every message on that server. >>> Only one message is delivered, but it is scanned many times. >>> >>> The only other difference I can find between this server and the three >>> others is that on this one, I see lots of "[MailScanner] " >>> processes, where the other servers have none. >>> >>> The only semi-relevant archived suggestions I can find deal with >>> duplicate deliveries and the lock type. The lock type is set to posix >>> on all four servers. Changing it to flock does not remove the behavior. >>> >>> Below is a log excerpt showing this problem occurring with one message. >>> >>> If anyone has any suggestions, I'd appreciate them. >>> >>> --- start example log ------------------- >>> Mar 9 04:42:30 mailforward-d sendmail[22343]: k299gIL0022343: >>> from=, size=2312, class=0, nrcpts=1, msgid=< >>> 200603090941.k299fL1f089152@ns1.maxmailer.net>, proto=ESMTP, daemon=MTA, >>> relay=ns1.maxmailer.net [216.171.216.248] >>> Mar 9 04:42:30 mailforward-d sendmail[22343]: k299gIL0022343: >>> to=, delay=00:00:00, mailer=esmtp, pri=32312, st >>> at=queued >>> Mar 9 04:57:46 mailforward-d MailScanner[31296]: SpamAssassin cache hit >>> for message k299gIL0022343 >>> Mar 9 04:57:46 mailforward-d MailScanner[31296]: Message k299gIL0022343 >>> from 216.171.216.248 (u789mobs@maxmailer.net) to emich.edu is spam, >>> SpamAssassin (score=6.005, required 5, URIBL_JP_SURBL 2.46, >>> URIBL_OB_SURBL 3.21, unsub13 0.33) >>> Mar 9 04:57:46 mailforward-d MailScanner[31296]: Spam Actions: message >>> k299gIL0022343 actions are deliver >>> Mar 9 04:57:57 mailforward-d MailScanner[31587]: SpamAssassin cache hit >>> for message k299gIL0022343 >>> Mar 9 04:57:57 mailforward-d MailScanner[31587]: Message k299gIL0022343 >>> from 216.171.216.248 (u789mobs@maxmailer.net) to emich.edu is spam, >>> SpamAssassin (score=6.005, required 5, URIBL_JP_SURBL 2.46, >>> URIBL_OB_SURBL 3.21, unsub13 0.33) >>> >>> ... (same thing goes on for a bit) >>> >>> Mar 9 05:05:16 mailforward-d sendmail[2722]: k299gIL0022343: >>> to=, delay=00:22:47, xdelay=00:00:00, mailer=esmtp, >>> pri=122312, relay=server.emich.edu. [serverip], dsn=2.0.0, stat=Sent (Ok.) >>> --- end example log ------------------- >>> > From jaearick at colby.edu Thu Mar 9 19:40:14 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Mar 9 19:40:34 2006 Subject: persistent queue runner for sendmail In-Reply-To: <44108303.40402@ecs.soton.ac.uk> References: <44108303.40402@ecs.soton.ac.uk> Message-ID: I was looking at Edition 3 of the Bat Book and Edition 1 of the Bat Cookbook. Persistent queue runners came along in sendmail 8.12. Most people on this list probably run 8.12 or 8.13, right? Jeff On Thu, 9 Mar 2006, Julian Field wrote: > Date: Thu, 09 Mar 2006 19:33:23 +0000 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: persistent queue runner for sendmail > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Jeff A. Earickson wrote: >> Julian, >> >> Referring to: >> >> http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml >> >> (which may be old), you have "sendmail -q15m" for the processing >> of post-MS email. Wouldn't it be better to use persistent queue >> runner, "sendmail -qp" instead. See the Bat Book, sect 6.1.1 >> and the O'Reilly sendmail cookbook, section 9.5. I've just >> made this change, comments please... > But sendmail -q15m is a persistent queue-runner, is it not? I don't have > the bat book to hand (which edition anyway?) > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQA/AwUBRBCDBBH2WUcUFbZUEQIcwQCg2ovoYwoPhg2CzO/+YllPIfSJMusAn2f1 > jJNeQQ/GsaRpRmOxp9KaRcn2 > =o9ER > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Thu Mar 9 19:59:12 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 9 19:59:13 2006 Subject: persistent queue runner for sendmail In-Reply-To: References: <44108303.40402@ecs.soton.ac.uk> Message-ID: <44108910.4070804@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Persistent queue runners of the "sendmail -q15m" type were certainly in 8.9 and I suspect long before that. Jeff A. Earickson wrote: > I was looking at Edition 3 of the Bat Book and Edition 1 of the Bat > Cookbook. Persistent queue runners came along in sendmail 8.12. > Most people on this list probably run 8.12 or 8.13, right? > > Jeff > > On Thu, 9 Mar 2006, Julian Field wrote: > >> Date: Thu, 09 Mar 2006 19:33:23 +0000 >> From: Julian Field >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Re: persistent queue runner for sendmail >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Jeff A. Earickson wrote: >>> Julian, >>> >>> Referring to: >>> >>> http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml >>> >>> (which may be old), you have "sendmail -q15m" for the processing >>> of post-MS email. Wouldn't it be better to use persistent queue >>> runner, "sendmail -qp" instead. See the Bat Book, sect 6.1.1 >>> and the O'Reilly sendmail cookbook, section 9.5. I've just >>> made this change, comments please... >> But sendmail -q15m is a persistent queue-runner, is it not? I don't have >> the bat book to hand (which edition anyway?) >> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.5 (Build 5050) >> >> iQA/AwUBRBCDBBH2WUcUFbZUEQIcwQCg2ovoYwoPhg2CzO/+YllPIfSJMusAn2f1 >> jJNeQQ/GsaRpRmOxp9KaRcn2 >> =o9ER >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRBCJERH2WUcUFbZUEQL28ACg30opASQYyiwGwxTrBAQYnX378tMAnRF0 JRofPjmOETrOOJU8/P4mAFmA =EyQ8 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 9 20:00:33 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 9 20:00:32 2006 Subject: *****SPAM***** Re: 4.51.5 scanning messages multiple times In-Reply-To: <441083EB.8050102@emich.edu> References: <44107894.8000104@emich.edu> <44107DA7.3020801@ecs.soton.ac.uk> <441083EB.8050102@emich.edu> Message-ID: <44108961.9050903@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aha! We have an error message. Please can you send me one of the messages producing this error? jf wrote: > Debug mode produces the usual EOCD signature messages and errors like > the one below. During this debug session, duplicate scans were logged > again (so if there was another message that would pop up during this > problem, it should have this time). > > read-open > /var/spool/MailScanner/incoming/16041/k24MxfOU003753/winmail.dat: No > such file or directory at /usr/lib/perl5/site_perl/5.8.5/MIME/Body.pm > line 435. > > All boxes are running sendmail 8.13.1; the sendmail.cf, access, > MailScanner.conf files do not produce output when they are diff-compared > to the other boxes. I've also compared the rc/init.d directories for > differences in startup scripts to no avail. > > I guess I'm primarily fishing for more files to compare. Is there > another log that might have relevant messages? > > Julian Field wrote: > >> Have you run MailScanner in debug mode? Does it produce any errors? >> There are reasons why messages can be dropped from a batch, but there >> are very few with sendmail, it's only Postfix which does it >> (intentionally, to allow scanning later). >> >> If you are using sendmail 8.13 and upwards you should use Lock Type = >> posix, before 8.13 you should use Lock Type = flock. >> >> Differing locking will cause problems like this. >> >> You say the 4 boxes are setup identically, but they are behaving >> differently, which tends to imply they aren't actually the same :-) >> >> jf wrote: >> >>>> I am running MailScanner 4.51.5 (recently upgraded from 4.50.15) on 4 >>>> RedHat AS4 boxes with the same hardware. The sendmail and MailScanner >>>> configuration files are identical, and the load is distributed to all >>>> four with a content switch. Three of the boxes are working fine, but on >>>> one of the boxes messages are being scanned several times before being >>>> delivered. This is happening with almost every message on that server. >>>> Only one message is delivered, but it is scanned many times. >>>> >>>> The only other difference I can find between this server and the three >>>> others is that on this one, I see lots of "[MailScanner] " >>>> processes, where the other servers have none. >>>> >>>> The only semi-relevant archived suggestions I can find deal with >>>> duplicate deliveries and the lock type. The lock type is set to posix >>>> on all four servers. Changing it to flock does not remove the behavior. >>>> >>>> Below is a log excerpt showing this problem occurring with one message. >>>> >>>> If anyone has any suggestions, I'd appreciate them. >>>> >>>> --- start example log ------------------- >>>> Mar 9 04:42:30 mailforward-d sendmail[22343]: k299gIL0022343: >>>> from=, size=2312, class=0, nrcpts=1, msgid=< >>>> 200603090941.k299fL1f089152@ns1.maxmailer.net>, proto=ESMTP, daemon=MTA, >>>> relay=ns1.maxmailer.net [216.171.216.248] >>>> Mar 9 04:42:30 mailforward-d sendmail[22343]: k299gIL0022343: >>>> to=, delay=00:00:00, mailer=esmtp, pri=32312, st >>>> at=queued >>>> Mar 9 04:57:46 mailforward-d MailScanner[31296]: SpamAssassin cache hit >>>> for message k299gIL0022343 >>>> Mar 9 04:57:46 mailforward-d MailScanner[31296]: Message k299gIL0022343 >>>> from 216.171.216.248 (u789mobs@maxmailer.net) to emich.edu is spam, >>>> SpamAssassin (score=6.005, required 5, URIBL_JP_SURBL 2.46, >>>> URIBL_OB_SURBL 3.21, unsub13 0.33) >>>> Mar 9 04:57:46 mailforward-d MailScanner[31296]: Spam Actions: message >>>> k299gIL0022343 actions are deliver >>>> Mar 9 04:57:57 mailforward-d MailScanner[31587]: SpamAssassin cache hit >>>> for message k299gIL0022343 >>>> Mar 9 04:57:57 mailforward-d MailScanner[31587]: Message k299gIL0022343 >>>> from 216.171.216.248 (u789mobs@maxmailer.net) to emich.edu is spam, >>>> SpamAssassin (score=6.005, required 5, URIBL_JP_SURBL 2.46, >>>> URIBL_OB_SURBL 3.21, unsub13 0.33) >>>> >>>> ... (same thing goes on for a bit) >>>> >>>> Mar 9 05:05:16 mailforward-d sendmail[2722]: k299gIL0022343: >>>> to=, delay=00:22:47, xdelay=00:00:00, mailer=esmtp, >>>> pri=122312, relay=server.emich.edu. [serverip], dsn=2.0.0, stat=Sent (Ok.) >>>> --- end example log ------------------- >>>> >>>> - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRBCJYhH2WUcUFbZUEQIXpQCgjHeSFdLsCtOENITkd/5nVOsR0mAAmwRp EIeUCSvawEyrw0yaQGXk2ToE =47Qh -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Thu Mar 9 20:14:00 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Mar 9 20:15:22 2006 Subject: message vs attachment size In-Reply-To: References: Message-ID: Kevin Miller spake the following on 3/9/2006 7:59 AM: > Julian Field wrote: > >> It's very simple, the message size is the size of the file containing >> the body of the text, for MTA's that have 2 files per message >> (sendmail and Exim). For MTA's that have 1 file per message (Postfix >> and ZMailer) it is simply the size of the file representing the >> entire message including headers and envelope data. >> >> Yes, I know that makes the figure slightly different for different >> MTA's with the same mesage. But people only ever use it as an >> approximate figure, e.g. 10MB. No-one cares if it is 10MB + 100 bytes >> or 10MB - 100 bytes. > > Just to elaborate a bit, it may also be worth noting that when an > attachment is encoded there is about a 25% increase in filesize so if > someone asks what your limit is and you say 10 MB, from a practical > standpoint they may only be able to attach a 7.5 MB doc. Of course, > anybody sending 7.5 - 10 MB files should be fed to the sharks, but > that's a different rant... > > ...Kevin Our execs routinely send 25 to 30 MB files to and from lawyers. It is easier on my paycheck to just let them do it, then to get them to learn something different. From Kevin_Miller at ci.juneau.ak.us Thu Mar 9 20:47:08 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Mar 9 20:47:17 2006 Subject: message vs attachment size Message-ID: Scott Silva wrote: >> standpoint they may only be able to attach a 7.5 MB doc. Of course, >> anybody sending 7.5 - 10 MB files should be fed to the sharks, but >> that's a different rant... >> >> ...Kevin > Our execs routinely send 25 to 30 MB files to and from lawyers. It is > easier on my paycheck to just let them do it, then to get them to > learn something different. Ah. Feeding sharks to the sharks would be unethical... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From ssilva at sgvwater.com Thu Mar 9 20:48:12 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Mar 9 20:48:43 2006 Subject: *****SPAM***** Re: 4.51.5 scanning messages multiple times In-Reply-To: <441083EB.8050102@emich.edu> References: <44107894.8000104@emich.edu> <44107DA7.3020801@ecs.soton.ac.uk> <441083EB.8050102@emich.edu> Message-ID: jf spake the following on 3/9/2006 11:37 AM: > Debug mode produces the usual EOCD signature messages and errors like > the one below. During this debug session, duplicate scans were logged > again (so if there was another message that would pop up during this > problem, it should have this time). > > read-open > /var/spool/MailScanner/incoming/16041/k24MxfOU003753/winmail.dat: No > such file or directory at /usr/lib/perl5/site_perl/5.8.5/MIME/Body.pm > line 435. > > All boxes are running sendmail 8.13.1; the sendmail.cf, access, > MailScanner.conf files do not produce output when they are diff-compared > to the other boxes. I've also compared the rc/init.d directories for > differences in startup scripts to no avail. > > I guess I'm primarily fishing for more files to compare. Is there > another log that might have relevant messages? > Try a ; MailScanner --v and compare the output. Maybe a module didn't install. From jaearick at colby.edu Thu Mar 9 21:27:39 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Mar 9 21:31:19 2006 Subject: persistent queue runner for sendmail In-Reply-To: <44108910.4070804@ecs.soton.ac.uk> References: <44108303.40402@ecs.soton.ac.uk> <44108910.4070804@ecs.soton.ac.uk> Message-ID: The -qp option for queue runners only appeared in sendmail 8.12. I got a ruleset written to split my outbound queues into fast (local domain) and slow (everything else), changed my init.d sendmail script to do: /usr/lib/sendmail -qp -OQueueDirectory=/var/spool/mqueue/fastq /usr/lib/sendmail -qp -OQueueDirectory=/var/spool/mqueue/slowq for processing of my two queues, everything is working great. Why didn't I split my queues earlier? Doh! Jeff Earickson Colby College On Thu, 9 Mar 2006, Julian Field wrote: > Date: Thu, 09 Mar 2006 19:59:12 +0000 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: persistent queue runner for sendmail > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Persistent queue runners of the "sendmail -q15m" type were certainly in > 8.9 and I suspect long before that. > > Jeff A. Earickson wrote: >> I was looking at Edition 3 of the Bat Book and Edition 1 of the Bat >> Cookbook. Persistent queue runners came along in sendmail 8.12. >> Most people on this list probably run 8.12 or 8.13, right? >> >> Jeff >> >> On Thu, 9 Mar 2006, Julian Field wrote: >> >>> Date: Thu, 09 Mar 2006 19:33:23 +0000 >>> From: Julian Field >>> Reply-To: MailScanner discussion >>> To: MailScanner discussion >>> Subject: Re: persistent queue runner for sendmail >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> >>> >>> Jeff A. Earickson wrote: >>>> Julian, >>>> >>>> Referring to: >>>> >>>> http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml >>>> >>>> (which may be old), you have "sendmail -q15m" for the processing >>>> of post-MS email. Wouldn't it be better to use persistent queue >>>> runner, "sendmail -qp" instead. See the Bat Book, sect 6.1.1 >>>> and the O'Reilly sendmail cookbook, section 9.5. I've just >>>> made this change, comments please... >>> But sendmail -q15m is a persistent queue-runner, is it not? I don't have >>> the bat book to hand (which edition anyway?) >>> >>> - -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.0.5 (Build 5050) >>> >>> iQA/AwUBRBCDBBH2WUcUFbZUEQIcwQCg2ovoYwoPhg2CzO/+YllPIfSJMusAn2f1 >>> jJNeQQ/GsaRpRmOxp9KaRcn2 >>> =o9ER >>> -----END PGP SIGNATURE----- >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQA/AwUBRBCJERH2WUcUFbZUEQL28ACg30opASQYyiwGwxTrBAQYnX378tMAnRF0 > JRofPjmOETrOOJU8/P4mAFmA > =EyQ8 > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From shuttlebox at gmail.com Thu Mar 9 22:15:51 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 9 22:15:54 2006 Subject: How to block all email sent to a specific email address? In-Reply-To: References: <9720CA43F755A148BF65B6618B90CB941A5BB0@magneto.wals.local> Message-ID: <625385e30603091415k35ce106ta3e0bc815f4f4522@mail.gmail.com> On 3/9/06, Taso Chatziantoniou wrote: > Problem with this is if a spam email was sent to foo, mike, harry, bob, > jane, frank since foo is in the whitelist > all these people will receive this spam messege no matter the spamassassin > score. > not sure if we have any other way around that problem Most MTA:s support recipient splitting which will solve your problem. Note that it increases load on the server though. -- /peter From marco at unixpsycho.com Fri Mar 10 00:08:05 2006 From: marco at unixpsycho.com (uNiX pSyChO) Date: Fri Mar 10 00:08:39 2006 Subject: persistent queue runner for sendmail In-Reply-To: References: <44108303.40402@ecs.soton.ac.uk> <44108910.4070804@ecs.soton.ac.uk> Message-ID: Jeff A. Earickson wrote: > The -qp option for queue runners only appeared in sendmail 8.12. > > I got a ruleset written to split my outbound queues into fast > (local domain) and slow (everything else), changed my init.d > sendmail script to do: > > /usr/lib/sendmail -qp -OQueueDirectory=/var/spool/mqueue/fastq > /usr/lib/sendmail -qp -OQueueDirectory=/var/spool/mqueue/slowq > > for processing of my two queues, everything is working great. > Why didn't I split my queues earlier? Doh! urr? there looks to be something missing. it looks like you just created 2 identical queues. from what i remember you can configure each queue to have different properties, if indeed you wanted a "slow" and "fast" queue. From azher at niit.edu.pk Fri Mar 10 03:06:23 2006 From: azher at niit.edu.pk (Azher Amin) Date: Fri Mar 10 03:06:30 2006 Subject: MailScanner and Quota Message-ID: <4410ED2F.90001@niit.edu.pk> Hi Julian, I have bee using MailScanner for a long time and its really impressive to me. I am managing multiple mail servers running Sendmail and MailScanner together on RedHat and Debian. I am facing a bit problem so i hope you or some other can help me. Disk space for my users (i.e. home dirs) are well managed thru linux quota, however the emails once processed by MailScanner go into /var/spool/mail/. Most of the users (above 600) are not cleaning up their inbox i.e. /var/spool/mail/, and thus i am always getting in the problem of reduced disk space. Is their any piece of code that (with the help of sendmail or MailScanner) sum up the home dir size and the existing /var/spool/mail/ and then respond with an error to remote MTA that this user is out of quota, otherwise accept the email. Look forward to get the solution. Regards Azher From jaearick at colby.edu Fri Mar 10 03:14:05 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri Mar 10 03:30:50 2006 Subject: fast/slow queues for outbound email In-Reply-To: References: <44108303.40402@ecs.soton.ac.uk> <44108910.4070804@ecs.soton.ac.uk> Message-ID: On Thu, 9 Mar 2006, uNiX pSyChO wrote: > Jeff A. Earickson wrote: >> >> I got a ruleset written to split my outbound queues into fast >> (local domain) and slow (everything else), changed my init.d >> sendmail script to do: >> >> /usr/lib/sendmail -qp -OQueueDirectory=/var/spool/mqueue/fastq >> /usr/lib/sendmail -qp -OQueueDirectory=/var/spool/mqueue/slowq >> >> for processing of my two queues, everything is working great. >> Why didn't I split my queues earlier? Doh! > > urr? > > there looks to be something missing. it looks like you just created 2 > identical queues. from what i remember you can configure each queue to have > different properties, if indeed you wanted a "slow" and "fast" queue. > Ahhh, but the magic comes in the MS ruleset. Julian's code is so cool and flexible for me to do this. I set this in my Mailscanner.conf: Outgoing Queue Dir = %localrules-dir%/outqueue.rules and the ruleset looks like: To: @colby.edu /var/spool/mqueue/fastq To: @basalt.colby.edu /var/spool/mqueue/fastq From: @facebook.com /var/spool/mqueue/slowq FromOrTo: default /var/spool/mqueue/slowq Stuff to be locally delivered at my domain goes in the fast queue, other stuff goes in the slowq. Ok, so I hate facebook and they go in the slow queue. The only puzzlement is unqualified addresses, eg "joeblow" instead of "joeblow@colby.edu". They end up in the slow queue. Any Regex dudes out there who could suggest a To: rule for this? Jeff Earickson Colby College From matt at coders.co.uk Fri Mar 10 07:23:39 2006 From: matt at coders.co.uk (Matt Hampton) Date: Fri Mar 10 07:23:44 2006 Subject: MailScanner and Quota In-Reply-To: <4410ED2F.90001@niit.edu.pk> References: <4410ED2F.90001@niit.edu.pk> Message-ID: <4411297B.6030109@coders.co.uk> Azher Amin wrote: > Disk space for my users (i.e. home dirs) are well managed thru linux > quota, however the emails once processed by MailScanner go into > /var/spool/mail/. Most of the users (above 600) are not cleaning > up their inbox i.e. /var/spool/mail/, and thus i am always > getting in the problem of reduced disk space. Is their any piece of code > that (with the help of sendmail or MailScanner) sum up the home dir size > and the existing /var/spool/mail/ and then respond with an error > to remote MTA that this user is out of quota, otherwise accept the email. Why not move the mailbox into the home directory? http://www.yapd.net/howto.php?HOWTO=2 matt From rborland at medsch.uz.ac.zw Fri Mar 10 08:59:57 2006 From: rborland at medsch.uz.ac.zw (Rob Borland) Date: Fri Mar 10 08:56:38 2006 Subject: Does spamassassin cache database lower the amount of spamassassin timeouts? In-Reply-To: <200603091914.k29JCIU8015995@bkserver.blacknight.ie> References: <200603091914.k29JCIU8015995@bkserver.blacknight.ie> Message-ID: <4411400D.80703@medsch.uz.ac.zw> >> We are currently running six Mailscanner boxes that receive about 30,000 >> to 50,000 emails each everyday. >> We get about 270-280 Spamassassin time outs (as per logwatch) which, >> considered the amount of mail we get is not bad at all. I was getting many timeouts on much lower volumes of mail than this. I have eliminated them completely after receiving advice on the list to set the following options: "Rebuild Bayes Every 86400" in MailScanner.conf. "bayes_auto_expire 0" in /etc/mail/spamassassin/local.cf. Clearly the timeouts were occurring during Bayes rebuilds. Leaving this process to MailScanner to handle fixed the problem entirely. Regards, Rob -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solid-state-logic.com Fri Mar 10 09:02:16 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Mar 10 09:02:26 2006 Subject: Latest RBLs to use In-Reply-To: <166e673e4aaef0d83043c42e601b294e@localhost> Message-ID: <005701c64421$54442740$3004010a@martinhlaptop> Max You'll still need a load of the SARE rules (and others) in addition to the URI_RBLS (I've got extra URI-RBL's over the normal SA supplied as well). I also find DCC pyzor useful too. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Max Kipness > Sent: 09 March 2006 18:03 > To: mailscanner@lists.mailscanner.info > Subject: Fwd: Latest RBLs to use > > > Hello - > > I'm in the process of installing the latest version of MailScanner. I > haven't > set one up in a while and was wondering which ones people are using > nowadays. > Years ago I think I had setup a long list of them. With SURBL is this > necessary > now? Or just let SpamAssassin handle it? > > Thanks, > Max > -- > Thanks, > > Max > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Fri Mar 10 09:37:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 10 09:38:05 2006 Subject: Does spamassassin cache database lower the amount of spamassassin timeouts? In-Reply-To: <440F2567.8000103@evi-inc.com> References: <440F2567.8000103@evi-inc.com> Message-ID: <909816BF-9E39-45E9-9777-4DF802D733B4@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 8 Mar 2006, at 18:41, Matt Kettler wrote: > If there's a particular kind of image-only spam involved, some of > the SARE > rulesets can be helpful. I personally like the following SARE > rulesets and use > them on my production systems: > > > 70_sare_adult.cf > 70_sare_evilnum0.cf > 70_sare_genlsubj0.cf > 70_sare_html0.cf > 70_sare_obfu0.cf > 70_sare_random.cf > 70_sare_specific.cf > 70_sare_stocks.cf > 70_sare_uri0.cf > 99_sare_fraud_post25x.cf Many thanks for posting that. I added obfu0 and stocks to my setups and they have helped enormously! No spam whatsoever this morning. :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRBFI9vw32o+k+q+hAQFWwwf/UEhaaYHiEKr7xEjrCRJDc+fZgyf5yNHq rRbp8EpVqF2DFBPXqB/gkzkeh8WQxnKjwJuuCNZhMs5z714VR7QOGYf5XTmGC7Fw ATjav0p9vxosJVzr/ROpzDiD4MWg/KR9/3KBKW/QYJWK4JfvZ6at93CWgLKNcvXr tVi2jMVuTQXrgO+Cw1Ip0A7jP5upho3UNbzyxRY/JJ7CCVhCPRrm0ThtmEoRuar2 ukcln2Jc1SqTBG3SfDw5EWXqW6l8WKgn0g/yKc/jWaWK/l62GbBCQTjX/vdLwlyY s03TwfLY8HNOKmlqLmmULU6C0IBV3SC1CvOJDu8PcUn9VIAnDMjr4g== =v0WR -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From strydom.dave at gmail.com Fri Mar 10 09:51:40 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Fri Mar 10 09:51:43 2006 Subject: Does spamassassin cache database lower the amount of spamassassin timeouts? In-Reply-To: <909816BF-9E39-45E9-9777-4DF802D733B4@ecs.soton.ac.uk> References: <440F2567.8000103@evi-inc.com> <909816BF-9E39-45E9-9777-4DF802D733B4@ecs.soton.ac.uk> Message-ID: Julian, Doesn't your lint test time go through the roof when you add those files? Currently my lint test takes 2.3sec to complete. Dave On 3/10/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > On 8 Mar 2006, at 18:41, Matt Kettler wrote: > > > If there's a particular kind of image-only spam involved, some of > > the SARE > > rulesets can be helpful. I personally like the following SARE > > rulesets and use > > them on my production systems: > > > > > > 70_sare_adult.cf > > 70_sare_evilnum0.cf > > 70_sare_genlsubj0.cf > > 70_sare_html0.cf > > 70_sare_obfu0.cf > > 70_sare_random.cf > > 70_sare_specific.cf > > 70_sare_stocks.cf > > 70_sare_uri0.cf > > 99_sare_fraud_post25x.cf > > Many thanks for posting that. I added obfu0 and stocks to my setups > and they have helped enormously! No spam whatsoever this morning. > :-) > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQEVAwUBRBFI9vw32o+k+q+hAQFWwwf/UEhaaYHiEKr7xEjrCRJDc+fZgyf5yNHq > rRbp8EpVqF2DFBPXqB/gkzkeh8WQxnKjwJuuCNZhMs5z714VR7QOGYf5XTmGC7Fw > ATjav0p9vxosJVzr/ROpzDiD4MWg/KR9/3KBKW/QYJWK4JfvZ6at93CWgLKNcvXr > tVi2jMVuTQXrgO+Cw1Ip0A7jP5upho3UNbzyxRY/JJ7CCVhCPRrm0ThtmEoRuar2 > ukcln2Jc1SqTBG3SfDw5EWXqW6l8WKgn0g/yKc/jWaWK/l62GbBCQTjX/vdLwlyY > s03TwfLY8HNOKmlqLmmULU6C0IBV3SC1CvOJDu8PcUn9VIAnDMjr4g== > =v0WR > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From strydom.dave at gmail.com Fri Mar 10 09:55:02 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Fri Mar 10 09:55:05 2006 Subject: MailScanner and Quota In-Reply-To: <4411297B.6030109@coders.co.uk> References: <4410ED2F.90001@niit.edu.pk> <4411297B.6030109@coders.co.uk> Message-ID: mv /var/spool/mail /home/ ln -sf /home/mail /var/spool/mail On 3/10/06, Matt Hampton wrote: > Azher Amin wrote: > > Disk space for my users (i.e. home dirs) are well managed thru linux > > quota, however the emails once processed by MailScanner go into > > /var/spool/mail/. Most of the users (above 600) are not cleaning > > up their inbox i.e. /var/spool/mail/, and thus i am always > > getting in the problem of reduced disk space. Is their any piece of code > > that (with the help of sendmail or MailScanner) sum up the home dir size > > and the existing /var/spool/mail/ and then respond with an error > > to remote MTA that this user is out of quota, otherwise accept the email. > > Why not move the mailbox into the home directory? > > http://www.yapd.net/howto.php?HOWTO=2 > > matt > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From gmatt at nerc.ac.uk Fri Mar 10 10:01:18 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Fri Mar 10 10:01:32 2006 Subject: sendmail/MS multiple outbound queues? In-Reply-To: <44107E49.7080203@ecs.soton.ac.uk> References: <44107E49.7080203@ecs.soton.ac.uk> Message-ID: <1141984878.15297.9.camel@lea.nerc-wallingford.ac.uk> On Thu, 2006-03-09 at 19:13 +0000, Julian Field wrote: > Easy. Use a ruleset to set the outgoing queue directory. except I've never got this to work, MS just seems to spread all the mail around the queue directories regardless of my rules. For instance I have in MailScanner.conf: Outgoing Queue Dir = %rules-dir%/outgoing.queue.dir.rules and the outgoing.queue.dir.rules file looks like: To: *@bgs.ac.uk /var/spool/mqueue/qBGS # To: *@bas.ac.uk /var/spool/mqueue/qBAS # To: *@nerc.ac.uk /var/spool/mqueue/qGROUPWISE To: *@ceh.ac.uk /var/spool/mqueue/qGROUPWISE To: *@wpo.nerc.ac.uk /var/spool/mqueue/qGROUPWISE # To: *@soc.soton.ac.uk /var/spool/mqueue/qSOC To: *@noc.soton.ac.uk /var/spool/mqueue/qSOC # FromOrTo: default /var/spool/mqueue/qDEFAULT The whitespace is all tabs in the actual file. When I look at the qf files in these directories, they dont correspond to the expected destination addresses. The directories seem to be used randomly. GREG > > - -- > Julian Field -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From jaesquibal at meridiantelekoms.com Fri Mar 10 10:02:36 2006 From: jaesquibal at meridiantelekoms.com (Joey Esquibal) Date: Fri Mar 10 10:02:57 2006 Subject: MailScanner and Quota References: <4410ED2F.90001@niit.edu.pk> <4411297B.6030109@coders.co.uk> Message-ID: <004901c64429$c1fdc720$103ca8c0@joeyae> Put your spool mails inside each user's homedir by using procmail. Implications would be you will need to recompile your POP3 server to locate the spool mails in user's homedir. Regards, Joey ----- Original Message ----- From: "Dave Strydom" To: "MailScanner discussion" Sent: Friday, March 10, 2006 5:55 PM Subject: Re: MailScanner and Quota > mv /var/spool/mail /home/ > ln -sf /home/mail /var/spool/mail > > > On 3/10/06, Matt Hampton wrote: >> Azher Amin wrote: >> > Disk space for my users (i.e. home dirs) are well managed thru linux >> > quota, however the emails once processed by MailScanner go into >> > /var/spool/mail/. Most of the users (above 600) are not cleaning >> > up their inbox i.e. /var/spool/mail/, and thus i am always >> > getting in the problem of reduced disk space. Is their any piece of >> > code >> > that (with the help of sendmail or MailScanner) sum up the home dir >> > size >> > and the existing /var/spool/mail/ and then respond with an error >> > to remote MTA that this user is out of quota, otherwise accept the >> > email. >> >> Why not move the mailbox into the home directory? >> >> http://www.yapd.net/howto.php?HOWTO=2 >> >> matt >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Fri Mar 10 10:06:06 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 10 10:06:16 2006 Subject: Does spamassassin cache database lower the amount of spamassassin timeouts? In-Reply-To: References: <440F2567.8000103@evi-inc.com> <909816BF-9E39-45E9-9777-4DF802D733B4@ecs.soton.ac.uk> Message-ID: <2022C194-AAF8-4A1A-A4BC-C9F3AD16F6C4@ecs.soton.ac.uk> I haven't timed it before I installed the files, and they are production systems so I don't want to play with them. But they aren't very big rulesets compared to the header sets. On 10 Mar 2006, at 09:51, Dave Strydom wrote: > Julian, > > Doesn't your lint test time go through the roof when you add those > files? > > Currently my lint test takes 2.3sec to complete. > > Dave > > On 3/10/06, Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> >> >> On 8 Mar 2006, at 18:41, Matt Kettler wrote: >> >>> If there's a particular kind of image-only spam involved, some of >>> the SARE >>> rulesets can be helpful. I personally like the following SARE >>> rulesets and use >>> them on my production systems: >>> >>> >>> 70_sare_adult.cf >>> 70_sare_evilnum0.cf >>> 70_sare_genlsubj0.cf >>> 70_sare_html0.cf >>> 70_sare_obfu0.cf >>> 70_sare_random.cf >>> 70_sare_specific.cf >>> 70_sare_stocks.cf >>> 70_sare_uri0.cf >>> 99_sare_fraud_post25x.cf >> >> Many thanks for posting that. I added obfu0 and stocks to my setups >> and they have helped enormously! No spam whatsoever this morning. >> :-) >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From strydom.dave at gmail.com Fri Mar 10 10:19:28 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Fri Mar 10 10:19:31 2006 Subject: Does spamassassin cache database lower the amount of spamassassin timeouts? In-Reply-To: <2022C194-AAF8-4A1A-A4BC-C9F3AD16F6C4@ecs.soton.ac.uk> References: <440F2567.8000103@evi-inc.com> <909816BF-9E39-45E9-9777-4DF802D733B4@ecs.soton.ac.uk> <2022C194-AAF8-4A1A-A4BC-C9F3AD16F6C4@ecs.soton.ac.uk> Message-ID: Apparently not... I just got 2.03657 with the following loaded: 70_sare_adult.cf 70_sc_top200.cf 70_sare_stocks.cf 70_sare_specific.cf 70_sare_spoof.cf 70_sare_random.cf Dave On 3/10/06, Julian Field wrote: > I haven't timed it before I installed the files, and they are > production systems so I don't want to play with them. But they aren't > very big rulesets compared to the header sets. > > > On 10 Mar 2006, at 09:51, Dave Strydom wrote: > > > Julian, > > > > Doesn't your lint test time go through the roof when you add those > > files? > > > > Currently my lint test takes 2.3sec to complete. > > > > Dave > > > > On 3/10/06, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> > >> > >> On 8 Mar 2006, at 18:41, Matt Kettler wrote: > >> > >>> If there's a particular kind of image-only spam involved, some of > >>> the SARE > >>> rulesets can be helpful. I personally like the following SARE > >>> rulesets and use > >>> them on my production systems: > >>> > >>> > >>> 70_sare_adult.cf > >>> 70_sare_evilnum0.cf > >>> 70_sare_genlsubj0.cf > >>> 70_sare_html0.cf > >>> 70_sare_obfu0.cf > >>> 70_sare_random.cf > >>> 70_sare_specific.cf > >>> 70_sare_stocks.cf > >>> 70_sare_uri0.cf > >>> 99_sare_fraud_post25x.cf > >> > >> Many thanks for posting that. I added obfu0 and stocks to my setups > >> and they have helped enormously! No spam whatsoever this morning. > >> :-) > >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From marlo at raidbr.com.br Fri Mar 10 12:01:27 2006 From: marlo at raidbr.com.br (marlo - raidbr) Date: Fri Mar 10 12:01:26 2006 Subject: Mailscanner + postgresql Message-ID: <1141992087.6834.4.camel@localhost.localdomain> Staff, howto of mailscanner with prostgresql alguem knows some. From jaearick at colby.edu Fri Mar 10 15:16:04 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri Mar 10 16:05:28 2006 Subject: sendmail/MS multiple outbound queues? In-Reply-To: <1141984878.15297.9.camel@lea.nerc-wallingford.ac.uk> References: <44107E49.7080203@ecs.soton.ac.uk> <1141984878.15297.9.camel@lea.nerc-wallingford.ac.uk> Message-ID: Greg, What may be going on is the issue of multiple recipients in the To: line with different domains. I found a message in my fast queue this morning going to a (nonresponsive) outside domain, where I want only "@colby.edu" messages in that queue. Checking the syslogs, I found that the original message was going to: To: user1@colby.edu, user2@colby.edu, user3@slowhost.com After the queue runner did its thing, the message got delivered to the two local addresses fast, but the message hung around in the fast queue still trying to deliver to slowhost.com. From a "mailq" point of view, all I saw later was a single recipient message in the "wrong" queue. This is probably what you see too. Jeff Earickson Colby College On Fri, 10 Mar 2006, Greg Matthews wrote: > Date: Fri, 10 Mar 2006 10:01:18 +0000 > From: Greg Matthews > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: sendmail/MS multiple outbound queues? > > On Thu, 2006-03-09 at 19:13 +0000, Julian Field wrote: >> Easy. Use a ruleset to set the outgoing queue directory. > > except I've never got this to work, MS just seems to spread all the mail > around the queue directories regardless of my rules. For instance I have > in MailScanner.conf: > > Outgoing Queue Dir = %rules-dir%/outgoing.queue.dir.rules > > and the outgoing.queue.dir.rules file looks like: > > To: *@bgs.ac.uk /var/spool/mqueue/qBGS > # > To: *@bas.ac.uk /var/spool/mqueue/qBAS > # > To: *@nerc.ac.uk /var/spool/mqueue/qGROUPWISE > To: *@ceh.ac.uk /var/spool/mqueue/qGROUPWISE > To: *@wpo.nerc.ac.uk /var/spool/mqueue/qGROUPWISE > # > To: *@soc.soton.ac.uk /var/spool/mqueue/qSOC > To: *@noc.soton.ac.uk /var/spool/mqueue/qSOC > # > FromOrTo: default /var/spool/mqueue/qDEFAULT > > The whitespace is all tabs in the actual file. When I look at the qf > files in these directories, they dont correspond to the expected > destination addresses. The directories seem to be used randomly. > > GREG > >> >> - -- >> Julian Field > > -- > Greg Matthews 01491 692445 > Head of UNIX/Linux, iTSS Wallingford > > > -- > This message (and any attachments) is for the recipient only. NERC > is subject to the Freedom of Information Act 2000 and the contents > of this email and any reply you make may be disclosed by NERC unless > it is exempt from release under the Act. Any material supplied to > NERC may be stored in an electronic records management system. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mkettler at evi-inc.com Fri Mar 10 16:43:23 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Mar 10 16:43:43 2006 Subject: Does spamassassin cache database lower the amount of spamassassin timeouts? In-Reply-To: <909816BF-9E39-45E9-9777-4DF802D733B4@ecs.soton.ac.uk> References: <440F2567.8000103@evi-inc.com> <909816BF-9E39-45E9-9777-4DF802D733B4@ecs.soton.ac.uk> Message-ID: <4411ACAB.1010106@evi-inc.com> Julian Field wrote: > > On 8 Mar 2006, at 18:41, Matt Kettler wrote: > >>> If there's a particular kind of image-only spam involved, some of >>> the SARE >>> rulesets can be helpful. I personally like the following SARE >>> rulesets and use >>> them on my production systems: > > Many thanks for posting that. I added obfu0 and stocks to my setups > and they have helped enormously! No spam whatsoever this morning. > :-) You're welcome Julian.. I'm glad to have returned a small favor to someone who wrote such a handy piece of software that makes my life easier :) From gmatt at nerc.ac.uk Fri Mar 10 16:53:11 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Fri Mar 10 16:53:19 2006 Subject: sendmail/MS multiple outbound queues? In-Reply-To: References: <44107E49.7080203@ecs.soton.ac.uk> <1141984878.15297.9.camel@lea.nerc-wallingford.ac.uk> Message-ID: <1142009591.17913.44.camel@lea.nerc-wallingford.ac.uk> On Fri, 2006-03-10 at 10:16 -0500, Jeff A. Earickson wrote: > Greg, > > What may be going on is the issue of multiple recipients in the > To: line with different domains. I found a message in my fast queue > this morning going to a (nonresponsive) outside domain, where I > want only "@colby.edu" messages in that queue. Checking the > syslogs, I found that the original message was going to: > > To: user1@colby.edu, user2@colby.edu, user3@slowhost.com > > After the queue runner did its thing, the message got delivered to > the two local addresses fast, but the message hung around in > the fast queue still trying to deliver to slowhost.com. From a > "mailq" point of view, all I saw later was a single recipient > message in the "wrong" queue. This is probably what you see too. hmmm... this definitely matches some cases that I see. I think I see what the problem is now, most of the messages are non-delivery messages. These must be generated automatically by sendmail and therefore dont follow the rules (and dont get logged to mailwatch). Apologies for blaming MS for this! G > > Jeff Earickson > Colby College -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From doc at maddoc.net Fri Mar 10 20:30:49 2006 From: doc at maddoc.net (Doc Schneider) Date: Fri Mar 10 20:30:55 2006 Subject: Does spamassassin cache database lower the amount of spamassassin timeouts? In-Reply-To: <909816BF-9E39-45E9-9777-4DF802D733B4@ecs.soton.ac.uk> References: <440F2567.8000103@evi-inc.com> <909816BF-9E39-45E9-9777-4DF802D733B4@ecs.soton.ac.uk> Message-ID: <4411E1F9.40405@maddoc.net> Julian Field wrote: > On 8 Mar 2006, at 18:41, Matt Kettler wrote: > >> If there's a particular kind of image-only spam involved, some of >> the SARE >> rulesets can be helpful. I personally like the following SARE >> rulesets and use >> them on my production systems: >> >> >> 70_sare_adult.cf >> 70_sare_evilnum0.cf >> 70_sare_genlsubj0.cf >> 70_sare_html0.cf >> 70_sare_obfu0.cf >> 70_sare_random.cf >> 70_sare_specific.cf >> 70_sare_stocks.cf >> 70_sare_uri0.cf >> 99_sare_fraud_post25x.cf > > Many thanks for posting that. I added obfu0 and stocks to my setups > and they have helped enormously! No spam whatsoever this morning. > :-) > Man here I go to all the work of maintaining the 70_sare_stocks.cf and you just found it! HAR! Glad to hear it is working for you, though, Julian. -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From ssilva at sgvwater.com Fri Mar 10 21:58:34 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 10 22:01:41 2006 Subject: MailScanner and Quota In-Reply-To: <004901c64429$c1fdc720$103ca8c0@joeyae> References: <4410ED2F.90001@niit.edu.pk> <4411297B.6030109@coders.co.uk> <004901c64429$c1fdc720$103ca8c0@joeyae> Message-ID: Joey Esquibal spake the following on 3/10/2006 2:02 AM: > Put your spool mails inside each user's homedir by using procmail. > Implications would be you will need to recompile your POP3 server to > locate the spool mails in user's homedir. Or use something like dovecot, with a configuration file that lets you set this. From ka at pacific.net Fri Mar 10 23:05:48 2006 From: ka at pacific.net (Ken A) Date: Fri Mar 10 23:02:59 2006 Subject: HTML image only spam and OCR In-Reply-To: <625385e30603091032x11f05c70s47939511b3b45487@mail.gmail.com> References: <44106274.27869.3E09DC@cobalt-users1.fishnet.co.uk> <625385e30603091032x11f05c70s47939511b3b45487@mail.gmail.com> Message-ID: <4412064C.80800@pacific.net> Why not use a checksum of the image attached, assuming the spammers don't customize images for each recipient, you should be able to use DCC, razor, pyzor type approach to block these if you just look at the .gif attachments separate from the bayes poison. You'd probably FP on some commonly used 'stationary' if you aren't careful though. The MailScanner custom scanner interface is an ideal place to plug in such a thing. Ken Pacific.Net shuttlebox wrote: > On 3/9/06, Ian wrote: >> Hi, >> >> After reading this bit I had though about maybe using ocr when these types of messages are >> found. >> >> A (not-so) quick experiment using netpbm and gocr on a linux machine here produces some >> ASCII output from one of these gif images. >> >> The question is: how can I get MailScanner / SpamAssassin to use this method? >> >> The command line I am using is: >> >> >> giftopnm test.gif | gocr - >> >> >> which then produces the text on stdout. >> >> Thoughts anyone? > > MS supports both a custom spam scanner and a generic virus scanner. > Look in MailScanner.conf for more info. > > -- > /peter From basement_mobile2004 at yahoo.com Sat Mar 11 00:26:08 2006 From: basement_mobile2004 at yahoo.com (Anakin SkyWalker) Date: Sat Mar 11 00:26:10 2006 Subject: Big Loads Message-ID: <20060311002608.58633.qmail@web60022.mail.yahoo.com> We have a busy mail server (150K msgs/day). Spamassassin is not a option for us even with newer versions because it slows down the scan processes in such a way that the incoming queue goes high quickly. We're using MailScanner for 2 years now and we're glad it exists. But sometimes even with no third part software for spam checks (SA), it slows down the machine and the queues go up again. Of course it only happens when we're getting massive spam attacks. We're looking for a solution and we do want to use SpamAssassin. Anyone with a similar problem to exchange tips, or even experienced users that know how to deal with such problems? Thank you. --------------------------------- Yahoo! Mail Use Photomail to share photos without annoying attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060310/406a0e4f/attachment.html From billox at billox.com Sat Mar 11 00:41:48 2006 From: billox at billox.com (James Page) Date: Sat Mar 11 00:41:44 2006 Subject: Big Loads In-Reply-To: <20060311002608.58633.qmail@web60022.mail.yahoo.com> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> Message-ID: <44121CCC.7010405@billox.com> Use more than one MailScanner server and round robin on the address record. James Anakin SkyWalker wrote: > We have a busy mail server (150K msgs/day). Spamassassin is not a > option for us even with newer versions because it slows down the scan > processes in such a way that the incoming queue goes high quickly. > We're using MailScanner for 2 years now and we're glad it exists. But > sometimes even with no third part software for spam checks (SA), it > slows down the machine and the queues go up again. Of course it only > happens when we're getting massive spam attacks. > We're looking for a solution and we do want to use SpamAssassin. > Anyone with a similar problem to exchange tips, or even experienced > users that know how to deal with such problems? > > Thank you. > > ------------------------------------------------------------------------ > Yahoo! Mail > Use Photomail > > to share photos without annoying attachments. From ka at pacific.net Sat Mar 11 00:48:37 2006 From: ka at pacific.net (Ken A) Date: Sat Mar 11 00:45:47 2006 Subject: Big Loads In-Reply-To: <20060311002608.58633.qmail@web60022.mail.yahoo.com> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> Message-ID: <44121E65.10608@pacific.net> Is this a dedicated MailScanner/SA box? Have you consulted the MAQ about performance issues? You should be able to run SA unless your hardware is obsolete or you've insufficient RAM. http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips We run 3 MailScanner/SA with lots of SARE rules, dccifd and rbl checks in SA. The boxes are all dual 2+ ghz xeons with 1-2gb of ram. One of them also runs DCCD (a real ram memory hog) and even it can push through 150K messages a day if it has to. Your MTA should give you some protection from "Massive SPAM attacks" as well. Darth Sidious (it must be friday) Pacific.Net Anakin SkyWalker wrote: > We have a busy mail server (150K msgs/day). Spamassassin is not a > option for us even with newer versions because it slows down the scan > processes in such a way that the incoming queue goes high quickly. > We're using MailScanner for 2 years now and we're glad it exists. But > sometimes even with no third part software for spam checks (SA), it > slows down the machine and the queues go up again. Of course it only > happens when we're getting massive spam attacks. We're looking for a > solution and we do want to use SpamAssassin. Anyone with a similar > problem to exchange tips, or even experienced users that know how to > deal with such problems? > > Thank you. > > --------------------------------- Yahoo! Mail Use Photomail to share > photos without annoying attachments. > From michele at blacknight.ie Sat Mar 11 00:48:50 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Sat Mar 11 00:48:52 2006 Subject: Big Loads In-Reply-To: <20060311002608.58633.qmail@web60022.mail.yahoo.com> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> Message-ID: <44121E72.8080606@blacknight.ie> Install more RAM? Upgrade the server? -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Fax. +353 (0) 59 9164239 From mkettler at evi-inc.com Sat Mar 11 01:02:01 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Sat Mar 11 01:02:25 2006 Subject: Big Loads In-Reply-To: <44121E65.10608@pacific.net> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <44121E65.10608@pacific.net> Message-ID: <44122189.1010808@evi-inc.com> Ken A wrote: > > Is this a dedicated MailScanner/SA box? > > Have you consulted the MAQ about performance issues? You should be able > to run SA unless your hardware is obsolete or you've insufficient RAM. > > http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips Side note that's not in the optimization_tips document. If you run a large volume site MailScanner 4.50 and up feature a spamassassin result-cache which can help considerably with the load. If you're running on low-end hardware, you can also gain a lot of speed in SA, at the expense of missing more spam, by disabling:AWL, bayes, and network checks. Without any of these, a stock SA 3.1.0 runs pretty fast and light. From alex at nkpanama.com Sat Mar 11 01:16:33 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sat Mar 11 01:16:41 2006 Subject: Big Loads In-Reply-To: <44121E72.8080606@blacknight.ie> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <44121E72.8080606@blacknight.ie> Message-ID: <441224F1.3090403@nkpanama.com> Implement greylisting? DNS caching? Separating the MTA box from the MS box? Michele Neylon:: Blacknight.ie wrote: > Install more RAM? > Upgrade the server? > > > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From tac.forums at gmail.com Sat Mar 11 07:40:35 2006 From: tac.forums at gmail.com (TAC Forums) Date: Sat Mar 11 07:40:38 2006 Subject: Fwd: New Batch: Found 1768 messages waiting In-Reply-To: <001701c63ee9$02793dc0$3004010a@martinhlaptop> References: <001701c63ee9$02793dc0$3004010a@martinhlaptop> Message-ID: > AS much as you can squeeze into the thing.. Hi everyone, Just performed the upgrade from 256 to 512 MB RAM and it's doing just superb. We'll wait and watch till monday / tuesday to see if the load still is high and if it needs to be pushed to 1 GB. Thanks for the responses on this one. Wish I had asked earlier and done the upgrade a long time ago. Regards Rishi From mbneto at gmail.com Sat Mar 11 20:22:33 2006 From: mbneto at gmail.com (mbneto) Date: Sat Mar 11 20:22:37 2006 Subject: Big Loads In-Reply-To: <44121E72.8080606@blacknight.ie> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <44121E72.8080606@blacknight.ie> Message-ID: <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> Hi, Is there any tool or command that allows me to determine which part is the bottleneck in a busy system such as the one described? It could be the processor speed, the IO, the bus, memory etc. Adding more memory just to find out that the problem is the processor speed will do not good :) On 3/10/06, Michele Neylon:: Blacknight.ie wrote: > Install more RAM? > Upgrade the server? > > > > -- > Mr Michele Neylon > Blacknight Solutions > Quality Business Hosting & Colocation > http://www.blacknight.ie/ > Tel. 1850 927 280 > Intl. +353 (0) 59 9183072 > Fax. +353 (0) 59 9164239 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Sat Mar 11 20:22:44 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 11 20:23:44 2006 Subject: 4.51.6: Messages getting stuck in incoming queue with 4.51.5? Message-ID: <44133194.1010202@ecs.soton.ac.uk> Some of you have experienced problems with occasional messages getting stuck in the incoming queue with the latest version, when you have Use TNEF Contents = replace set in MailScanner.conf. This happened with messages that are delivery error report messages that contain the whole of the failed message. Fortunately these are pretty rare these days as most MTAs open quote the headers, or the first few lines of the message. I have found and fixed the bug, now I actually have a copy of a message that suffers from the problem! I have released 4.51.6 to fix this bug. It is only worth upgrading if you are using 4.51 and are suffering from this problem. The new feature was introduced in 4.51 so there's no need to upgrade unless you are already running 4.51. Sorry about this, but I wanted to get the fix out now rather than leaving it till the start of April. My set of test messages didn't include a message with exactly the right MIME structure to show this bug. :-( Many apologies. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From matt at coders.co.uk Sat Mar 11 20:33:26 2006 From: matt at coders.co.uk (Matt Hampton) Date: Sat Mar 11 20:33:20 2006 Subject: Big Loads In-Reply-To: <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <44121E72.8080606@blacknight.ie> <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> Message-ID: <44133416.7060300@coders.co.uk> mbneto wrote: > Hi, > > Is there any tool or command that allows me to determine which part is > the bottleneck in a busy system such as the one described? > It could be the processor speed, the IO, the bus, memory etc. > > Adding more memory just to find out that the problem is the processor > speed will do not good :) > vmstat is good for this sort of thing. Check how many page faults (si,so) you are getting and that will be a good indication that you need more memory. the CPU section will show how heavily loaded the box is processor wise. matt From MailScanner at ecs.soton.ac.uk Sat Mar 11 20:33:37 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 11 20:33:45 2006 Subject: Big Loads In-Reply-To: <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <44121E72.8080606@blacknight.ie> <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> Message-ID: <44133421.4030303@ecs.soton.ac.uk> What is the current spec, and how many messages are you trying to put through it? You can check CPU load with "top", check for swapping with "vmstat 5", check for RAM usage with "top". mbneto wrote: > Hi, > > Is there any tool or command that allows me to determine which part is > the bottleneck in a busy system such as the one described? > It could be the processor speed, the IO, the bus, memory etc. > > Adding more memory just to find out that the problem is the processor > speed will do not good :) > > On 3/10/06, Michele Neylon:: Blacknight.ie wrote: > >> Install more RAM? >> Upgrade the server? >> >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mbneto at gmail.com Sat Mar 11 20:35:30 2006 From: mbneto at gmail.com (mbneto) Date: Sat Mar 11 20:35:33 2006 Subject: Big Loads In-Reply-To: <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <44121E72.8080606@blacknight.ie> <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> Message-ID: <5cf776b80603111235o60d012bfrf85fd28c32f28c44@mail.gmail.com> James, But how about the actual delivery of the message? If you have different/separate machines doing the scanning process where the MTA would deliver the message after the scan process? On 3/11/06, mbneto wrote: > Hi, > > Is there any tool or command that allows me to determine which part is > the bottleneck in a busy system such as the one described? > It could be the processor speed, the IO, the bus, memory etc. > > Adding more memory just to find out that the problem is the processor > speed will do not good :) > > On 3/10/06, Michele Neylon:: Blacknight.ie wrote: > > Install more RAM? > > Upgrade the server? > > > > > > > > -- > > Mr Michele Neylon > > Blacknight Solutions > > Quality Business Hosting & Colocation > > http://www.blacknight.ie/ > > Tel. 1850 927 280 > > Intl. +353 (0) 59 9183072 > > Fax. +353 (0) 59 9164239 > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > From mkettler at evi-inc.com Sat Mar 11 20:45:56 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Sat Mar 11 20:46:04 2006 Subject: Big Loads In-Reply-To: <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <44121E72.8080606@blacknight.ie> <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> Message-ID: <44133704.80303@evi-inc.com> mbneto wrote: > Hi, > > Is there any tool or command that allows me to determine which part is > the bottleneck in a busy system such as the one described? > It could be the processor speed, the IO, the bus, memory etc. > > Adding more memory just to find out that the problem is the processor > speed will do not good :) free will give you a good idea as to how much memory is in use, etc. top will give you a good idea of CPU usage, and has some of the memory info that free displays. From jon at radel.com Sat Mar 11 20:59:15 2006 From: jon at radel.com (Jon Radel) Date: Sat Mar 11 20:59:25 2006 Subject: Big Loads In-Reply-To: <44133704.80303@evi-inc.com> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <44121E72.8080606@blacknight.ie> <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> <44133704.80303@evi-inc.com> Message-ID: <44133A23.9010107@radel.com> Matt Kettler wrote: > free will give you a good idea as to how much memory is in use, etc. This all assuming that Anakin Skywalker and/or mbneto (are they actually the same anonymous author?) are actually running Linux. I checked every message in this thread and it appears that he / they never bothered saying. (My apologies if I missed something.) To whomever you are: free is lovely on Linux, but is unlikely to give you joy on, just for example, FreeBSD or Solaris. Giving us some hint as to what OS you're running on what hardware will greatly increase the probability that somebody can give useful advice specific to your situation. --Jon Radel jon@radel.com From shrek-m at gmx.de Sat Mar 11 21:14:50 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Sat Mar 11 21:14:53 2006 Subject: Big Loads In-Reply-To: <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <44121E72.8080606@blacknight.ie> <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> Message-ID: <44133DCA.80101@gmx.de> On 11.03.2006 21:22, mbneto wrote: >Is there any tool or command that allows me to determine which part is >the bottleneck in a busy system such as the one described? >It could be the processor speed, the IO, the bus, memory etc. > >Adding more memory just to find out that the problem is the processor >speed will do not good :) > under fedora core 3 i find these progs useful eg. $ top $ iostat 2 $ vmstat 2 these are from which package and which other progs exist ? $ rpm -qf `which iostat` sysstat-5.0.5-1 $ rpm -qlf `which iostat` | grep bin /usr/bin/iostat /usr/bin/mpstat /usr/bin/sar $ rpm -qf `which vmstat` procps-3.2.3-5.3 $ rpm -qlf `which vmstat` | grep bin /bin/ps /sbin/sysctl /usr/bin/free /usr/bin/pgrep /usr/bin/pkill /usr/bin/pmap /usr/bin/skill /usr/bin/slabtop /usr/bin/snice /usr/bin/tload /usr/bin/top /usr/bin/uptime /usr/bin/vmstat /usr/bin/w /usr/bin/watch -- shrek-m From mbneto at gmail.com Mon Mar 13 01:29:45 2006 From: mbneto at gmail.com (mbneto) Date: Mon Mar 13 01:29:48 2006 Subject: Big Loads In-Reply-To: <44133A23.9010107@radel.com> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <44121E72.8080606@blacknight.ie> <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> <44133704.80303@evi-inc.com> <44133A23.9010107@radel.com> Message-ID: <5cf776b80603121729q5e2cdb51i1c220e64e708cfe7@mail.gmail.com> Matt, I use Linux (Fedora distro to be more precise) and face the same problem. Actually what I am more interested is trying to find out is how to proper determine the bottleneck in order to deploy a solution. This can be an upgrade or adding a second/third server to balance things out. A more "standard" solution that I've read is to use 2 servers : one to perform the scanning and the second to provide storage (as a NFS server) so when the MTA delivers the message locally it is actually drops it at another server. On 3/11/06, Jon Radel wrote: > > Matt Kettler wrote: > > > free will give you a good idea as to how much memory is in use, etc. > > This all assuming that Anakin Skywalker and/or mbneto (are they actually > the same anonymous author?) are actually running Linux. I checked every > message in this thread and it appears that he / they never bothered > saying. (My apologies if I missed something.) > > To whomever you are: free is lovely on Linux, but is unlikely to give > you joy on, just for example, FreeBSD or Solaris. Giving us some hint > as to what OS you're running on what hardware will greatly increase the > probability that somebody can give useful advice specific to your situation. > > --Jon Radel > jon@radel.com > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From carl.andrews at crackerbarrel.com Mon Mar 13 14:26:08 2006 From: carl.andrews at crackerbarrel.com (Carl Andrews) Date: Mon Mar 13 14:34:02 2006 Subject: "Phishing Arms race" - isc.sans.org In-Reply-To: <5cf776b80603121729q5e2cdb51i1c220e64e708cfe7@mail.gmail.com> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <44121E72.8080606@blacknight.ie> <5cf776b80603111222w225d1694p5cc205e9add50046@mail.gmail.com> <44133704.80303@evi-inc.com> <44133A23.9010107@radel.com> <5cf776b80603121729q5e2cdb51i1c220e64e708cfe7@mail.gmail.com> Message-ID: <1142259968.15077.22.camel@localhost.localdomain> Good article about new tactics. http://isc.sans.org/diary.php?storyid=1183 From jchezny at northcarolina.edu Mon Mar 13 15:44:23 2006 From: jchezny at northcarolina.edu (jchezny@northcarolina.edu) Date: Mon Mar 13 15:44:26 2006 Subject: MailScanner logging double entries Message-ID: <1142264663.44159357314c1@webmail.northcarolina.edu> Hi, Can someone tell my why there are double log entries in maillog? I upgraded to 4.51.6-1 this morning. I'm sure I missed something in the configs. Here's my setup: OS: RHEL4 MailScanner: 4.51.6-1 Spamassassin: 3.1.1 MailWatch: 1.0.3 AV: ClamAV 0.88 F-prot: 4.5.4 Logging example: Mar 13 10:26:05 MailScanner[23474]: New Batch: Scanning 1 messages... Mar 13 10:26:05 MailScanner[23474]: New Batch: Scanning 1 messages... . . Mar 13 10:26:05 MailScanner[23474]: Spam Checks: Starting Mar 13 10:26:05 MailScanner[23474]: Spam Checks: Starting . . Mar 13 10:26:05 MailScanner[23474]: Spam Checks completed at... Mar 13 10:26:05 MailScanner[23474]: Spam Checks completed at... . . Mar 13 10:26:06 MailScanner[23474]: Requeue: C60AF7D07.DEEB1 to 859E97D08 Mar 13 10:26:06 MailScanner[23474]: Requeue: C60AF7D07.DEEB1 to 859E97D08 . . Mar 13 10:26:06 postfix/qmgr[23340]: 859E97D08: from=... Mar 13 10:26:06 postfix/qmgr[23340]: 859E97D08: from=... . . Mar 13 10:26:06 MailScanner[23474]: Virus Processing completed at 272012 bytes per second Mar 13 10:26:06 MailScanner[23474]: Virus Processing completed at 272012 bytes per second . . Mar 13 10:26:06 MailScanner[23474]: Batch (1 message) processed in 1.11 seconds Mar 13 10:26:06 MailScanner[23474]: Batch (1 message) processed in 1.11 seconds . . Mar 13 10:26:06 MailScanner[23474]: "Always Looked Up Last" took 0.00 seconds Mar 13 10:26:06 MailScanner[23474]: "Always Looked Up Last" took 0.00 seconds ---------------------------------------------------------------- This message was sent with UNC-GA Webmail http://webmail.northcarolina.edu From Denis.Beauchemin at USherbrooke.ca Mon Mar 13 15:47:00 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Mar 13 15:47:26 2006 Subject: Big Loads In-Reply-To: <20060311002608.58633.qmail@web60022.mail.yahoo.com> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> Message-ID: <441593F4.6020500@USherbrooke.ca> Anakin SkyWalker wrote: > We have a busy mail server (150K msgs/day). Spamassassin is not a > option for us even with newer versions because it slows down the scan > processes in such a way that the incoming queue goes high quickly. > We're using MailScanner for 2 years now and we're glad it exists. But > sometimes even with no third part software for spam checks (SA), it > slows down the machine and the queues go up again. Of course it only > happens when we're getting massive spam attacks. > We're looking for a solution and we do want to use SpamAssassin. > Anyone with a similar problem to exchange tips, or even experienced > users that know how to deal with such problems? > > Thank you. > > ------------------------------------------------------------------------ If you use sendmail you can use IPBlock (part of MS) to help reduce the spam attacks' effectiveness. I default to 50 msgs/hour. I have put higher limits for known servers. I also use milter-greylist (if I get more than 200 messages waiting in my mailq) and many sendmail limits. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060313/a1a38ce4/smime.bin From gavin at netergy.com Mon Mar 13 15:51:02 2006 From: gavin at netergy.com (Gavin Nelmes-Crocker) Date: Mon Mar 13 15:51:07 2006 Subject: 4.51.6: Messages getting stuck in incoming queue with 4.51.5? In-Reply-To: <44133194.1010202@ecs.soton.ac.uk> References: <44133194.1010202@ecs.soton.ac.uk> Message-ID: <441594E6.2050006@netergy.com> Julian Field wrote: > Some of you have experienced problems with occasional messages getting > stuck in the incoming queue with the latest version, when you have > Use TNEF Contents = replace > set in MailScanner.conf. > > This happened with messages that are delivery error report messages that > contain the whole of the failed message. Fortunately these are pretty > rare these days as most MTAs open quote the headers, or the first few > lines of the message. > > I have found and fixed the bug, now I actually have a copy of a message > that suffers from the problem! > > I have released 4.51.6 to fix this bug. It is only worth upgrading if > you are using 4.51 and are suffering from this problem. The new feature > was introduced in 4.51 so there's no need to upgrade unless you are > already running 4.51. Thanks Julian Will the update process those messages that are waiting - I've just noticed it has 85 messages waiting for no obvious reason other than this. Regards Gavin From MailScanner at ecs.soton.ac.uk Mon Mar 13 16:04:49 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 13 16:05:01 2006 Subject: MailScanner logging double entries In-Reply-To: <1142264663.44159357314c1@webmail.northcarolina.edu> References: <1142264663.44159357314c1@webmail.northcarolina.edu> Message-ID: I would suspect your /etc/syslog.conf. Do you have 2 lines which match mail.info? On 13 Mar 2006, at 15:44, jchezny@northcarolina.edu wrote: > Hi, > Can someone tell my why there are double log entries in maillog? I > upgraded to > 4.51.6-1 this morning. I'm sure I missed something in the configs. > Here's my > setup: > > OS: RHEL4 > MailScanner: 4.51.6-1 > Spamassassin: 3.1.1 > MailWatch: 1.0.3 > AV: > ClamAV 0.88 > F-prot: 4.5.4 > > > Logging example: > Mar 13 10:26:05 MailScanner[23474]: New Batch: Scanning 1 > messages... > Mar 13 10:26:05 MailScanner[23474]: New Batch: Scanning 1 > messages... > . > . > Mar 13 10:26:05 MailScanner[23474]: Spam Checks: Starting > Mar 13 10:26:05 MailScanner[23474]: Spam Checks: Starting > . > . > Mar 13 10:26:05 MailScanner[23474]: Spam Checks completed at... > Mar 13 10:26:05 MailScanner[23474]: Spam Checks completed at... > . > . > > Mar 13 10:26:06 MailScanner[23474]: Requeue: C60AF7D07.DEEB1 to > 859E97D08 > Mar 13 10:26:06 MailScanner[23474]: Requeue: C60AF7D07.DEEB1 to > 859E97D08 > . > . > Mar 13 10:26:06 postfix/qmgr[23340]: 859E97D08: > from=... > Mar 13 10:26:06 postfix/qmgr[23340]: 859E97D08: > from=... > . > . > Mar 13 10:26:06 MailScanner[23474]: Virus Processing completed at > 272012 bytes > per second > Mar 13 10:26:06 MailScanner[23474]: Virus Processing completed at > 272012 bytes > per second > . > . > Mar 13 10:26:06 MailScanner[23474]: Batch (1 message) processed > in 1.11 > seconds > Mar 13 10:26:06 MailScanner[23474]: Batch (1 message) processed > in 1.11 > seconds > . > . > Mar 13 10:26:06 MailScanner[23474]: "Always Looked Up Last" took > 0.00 seconds > Mar 13 10:26:06 MailScanner[23474]: "Always Looked Up Last" took > 0.00 seconds > > > > ---------------------------------------------------------------- > This message was sent with UNC-GA Webmail http:// > webmail.northcarolina.edu > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Mar 13 16:05:33 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 13 16:05:43 2006 Subject: 4.51.6: Messages getting stuck in incoming queue with 4.51.5? In-Reply-To: <441594E6.2050006@netergy.com> References: <44133194.1010202@ecs.soton.ac.uk> <441594E6.2050006@netergy.com> Message-ID: <438B9BC1-CDE0-4E17-86A5-EC4307025974@ecs.soton.ac.uk> On 13 Mar 2006, at 15:51, Gavin Nelmes-Crocker wrote: > > > Julian Field wrote: >> Some of you have experienced problems with occasional messages >> getting stuck in the incoming queue with the latest version, when >> you have >> Use TNEF Contents = replace >> set in MailScanner.conf. >> This happened with messages that are delivery error report >> messages that contain the whole of the failed message. Fortunately >> these are pretty rare these days as most MTAs open quote the >> headers, or the first few lines of the message. >> I have found and fixed the bug, now I actually have a copy of a >> message that suffers from the problem! >> I have released 4.51.6 to fix this bug. It is only worth upgrading >> if you are using 4.51 and are suffering from this problem. The new >> feature was introduced in 4.51 so there's no need to upgrade >> unless you are already running 4.51. > > Thanks Julian > > Will the update process those messages that are waiting - I've just > noticed it has 85 messages waiting for no obvious reason other than > this. Yes. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jchezny at northcarolina.edu Mon Mar 13 16:12:54 2006 From: jchezny at northcarolina.edu (jchezny@northcarolina.edu) Date: Mon Mar 13 16:12:56 2006 Subject: MailScanner logging double entries (resolved) In-Reply-To: References: <1142264663.44159357314c1@webmail.northcarolina.edu> Message-ID: <1142266374.44159a06338bd@webmail.northcarolina.edu> Quoting Julian Field : > I would suspect your /etc/syslog.conf. Do you have 2 lines which > match mail.info? > > On 13 Mar 2006, at 15:44, jchezny@northcarolina.edu wrote: > > > Hi, > > Can someone tell my why there are double log entries in maillog? I > > upgraded to > > 4.51.6-1 this morning. I'm sure I missed something in the configs. > > Here's my > > setup: > > > > OS: RHEL4 > > MailScanner: 4.51.6-1 > > Spamassassin: 3.1.1 > > MailWatch: 1.0.3 > > AV: > > ClamAV 0.88 > > F-prot: 4.5.4 > > > > > > Logging example: > > Mar 13 10:26:05 MailScanner[23474]: New Batch: Scanning 1 > > messages... > > Mar 13 10:26:05 MailScanner[23474]: New Batch: Scanning 1 > > messages... > > . > > . > > Mar 13 10:26:05 MailScanner[23474]: Spam Checks: Starting > > Mar 13 10:26:05 MailScanner[23474]: Spam Checks: Starting > > . > > . > > Mar 13 10:26:05 MailScanner[23474]: Spam Checks completed at... > > Mar 13 10:26:05 MailScanner[23474]: Spam Checks completed at... > > . > > . > > > > Mar 13 10:26:06 MailScanner[23474]: Requeue: C60AF7D07.DEEB1 to > > 859E97D08 > > Mar 13 10:26:06 MailScanner[23474]: Requeue: C60AF7D07.DEEB1 to > > 859E97D08 > > . > > . > > Mar 13 10:26:06 postfix/qmgr[23340]: 859E97D08: > > from=... > > Mar 13 10:26:06 postfix/qmgr[23340]: 859E97D08: > > from=... > > . > > . > > Mar 13 10:26:06 MailScanner[23474]: Virus Processing completed at > > 272012 bytes > > per second > > Mar 13 10:26:06 MailScanner[23474]: Virus Processing completed at > > 272012 bytes > > per second > > . > > . > > Mar 13 10:26:06 MailScanner[23474]: Batch (1 message) processed > > in 1.11 > > seconds > > Mar 13 10:26:06 MailScanner[23474]: Batch (1 message) processed > > in 1.11 > > seconds > > . > > . > > Mar 13 10:26:06 MailScanner[23474]: "Always Looked Up Last" took > > 0.00 seconds > > Mar 13 10:26:06 MailScanner[23474]: "Always Looked Up Last" took > > 0.00 seconds > > > > > > > > ---------------------------------------------------------------- > > This message was sent with UNC-GA Webmail http:// > > webmail.northcarolina.edu > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Removing the additional line in /etc/syslogd did the trick. Thanks, Julian. ---------------------------------------------------------------- This message was sent with UNC-GA Webmail http://webmail.northcarolina.edu From samp at arial-concept.com Mon Mar 13 16:17:40 2006 From: samp at arial-concept.com (Sam Przyswa) Date: Mon Mar 13 16:18:13 2006 Subject: Bonded Sender In-Reply-To: <625385e30603090623j618561f2j4c577f72773439fb@mail.gmail.com> References: <44102DE9.3070404@arial-concept.com> <625385e30603090623j618561f2j4c577f72773439fb@mail.gmail.com> Message-ID: <44159B24.4060406@arial-concept.com> shuttlebox a ?crit : >On 3/9/06, Sam Przyswa wrote: > > >>Hi, >> >>Does MailScanner can handle the Bonded Sender WL >>(http://bondedsender.org/bondedsender/technical.php) or how to implement >>it ? >> >> > >SpamAssassin supports it by default. > ># Bonded Sender: http://www.bondedsender.com/ > > I added this in my user pref config file: >score RCVD_IN_BSP_OTHER 0 -0.1 0 -0.1 >score RCVD_IN_BSP_TRUSTED 0 -4.3 0 -4.3 > > But I have the SORBS-DNSBL enabled in may MailScanner.conf does the Bonded whitelist will work ? Thanks for your help. Sam. -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. MailScanner remercie transtec pour son soutien. From linux_spartacus at yahoo.com Tue Mar 14 00:04:28 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Tue Mar 14 00:04:31 2006 Subject: How to whitelist my clietns ? Message-ID: <20060314000428.12521.qmail@web35604.mail.mud.yahoo.com> hi guys, ive recently noticed that one my clients using the name SysAd on his email client is being detected as spam.How can i manually tell my MS not to tagged this client ? thanks --------------------------------- Yahoo! Travel Find great deals to the top 10 hottest destinations! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060313/f531d27f/attachment.html From alex at nkpanama.com Tue Mar 14 00:04:20 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Mar 14 00:04:37 2006 Subject: Big Loads In-Reply-To: <441593F4.6020500@USherbrooke.ca> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <441593F4.6020500@USherbrooke.ca> Message-ID: <44160884.3010306@nkpanama.com> Any good FAQ entries you might recommend on using IPBlock? Denis Beauchemin wrote: > Anakin SkyWalker wrote: > >> We have a busy mail server (150K msgs/day). Spamassassin is not a >> option for us even with newer versions because it slows down the scan >> processes in such a way that the incoming queue goes high quickly. >> We're using MailScanner for 2 years now and we're glad it exists. But >> sometimes even with no third part software for spam checks (SA), it >> slows down the machine and the queues go up again. Of course it only >> happens when we're getting massive spam attacks. >> We're looking for a solution and we do want to use SpamAssassin. >> Anyone with a similar problem to exchange tips, or even experienced >> users that know how to deal with such problems? >> >> Thank you. >> >> ------------------------------------------------------------------------ > > > If you use sendmail you can use IPBlock (part of MS) to help reduce > the spam attacks' effectiveness. I default to 50 msgs/hour. I have > put higher limits for known servers. > > I also use milter-greylist (if I get more than 200 messages waiting in > my mailq) and many sendmail limits. > > Denis > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From alex at nkpanama.com Tue Mar 14 01:31:26 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Mar 14 01:32:04 2006 Subject: How to whitelist my clietns ? In-Reply-To: <20060314000428.12521.qmail@web35604.mail.mud.yahoo.com> References: <20060314000428.12521.qmail@web35604.mail.mud.yahoo.com> Message-ID: <44161CEE.3060808@nkpanama.com> Use a ruleset. spart cus wrote: > hi guys, > ive recently noticed that one my clients using the name SysAd on his > email client is being detected as spam.How can i manually tell my MS > not to tagged this client ? > > thanks > > ------------------------------------------------------------------------ > Yahoo! Travel > Find great deals > > to the top 10 hottest destinations! -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060313/9a6ffc3b/attachment.html From linux_spartacus at yahoo.com Tue Mar 14 01:38:36 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Tue Mar 14 01:38:40 2006 Subject: How to whitelist my clietns ? In-Reply-To: <44161CEE.3060808@nkpanama.com> Message-ID: <20060314013836.20321.qmail@web35612.mail.mud.yahoo.com> Im not really very familiar with this.Can you give me some guidelines? Alex Neuman van der Hans wrote: Use a ruleset. spart cus wrote: hi guys, ive recently noticed that one my clients using the name SysAd on his email client is being detected as spam.How can i manually tell my MS not to tagged this client ? thanks --------------------------------- Yahoo! Travel Find great deals to the top 10 hottest destinations! -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --------------------------------- Yahoo! Travel Find great deals to the top 10 hottest destinations! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060313/23ee5149/attachment.html From alex at nkpanama.com Tue Mar 14 01:47:46 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Mar 14 01:47:57 2006 Subject: How to whitelist my clietns ? In-Reply-To: <20060314013836.20321.qmail@web35612.mail.mud.yahoo.com> References: <20060314013836.20321.qmail@web35612.mail.mud.yahoo.com> Message-ID: <441620C2.5020108@nkpanama.com> Sure. Read the part about rulesets in the configuration file. spart cus wrote: > Im not really very familiar with this.Can you give me some guidelines? > > */Alex Neuman van der Hans /* wrote: > > Use a ruleset. > > spart cus wrote: >> hi guys, >> ive recently noticed that one my clients using the name SysAd on >> his email client is being detected as spam.How can i manually >> tell my MS not to tagged this client ? >> >> thanks >> ------------------------------------------------------------------------ >> Yahoo! Travel >> Find great deals >> >> to the top 10 hottest destinations! > > -- > > Alex Neuman van der Hans > N&K Technology Consultants > Tel. +507 214-9002 - http://nkpanama.com/ > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > ------------------------------------------------------------------------ > Yahoo! Travel > Find great deals > > to the top 10 hottest destinations! -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060313/5969cbe1/attachment.html From alex at nkpanama.com Tue Mar 14 01:56:41 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Mar 14 01:56:48 2006 Subject: How to whitelist my clietns ? In-Reply-To: <441620C2.5020108@nkpanama.com> References: <20060314013836.20321.qmail@web35612.mail.mud.yahoo.com> <441620C2.5020108@nkpanama.com> Message-ID: <441622D9.4030505@nkpanama.com> But seriously... You should really do your homework before asking questions like that. It's like asking "how do I drive the car in reverse?", which makes it appear as if perhaps you shouldn't be behind the wheel. In any case, look to http://wiki.mailscanner.info/posting before posting. The option you're looking for is in mailscanner.conf, and it's called "is definitely not spam =" and it's set to %rules-dir%/spam.whitelist.rules - which means you should edit that file in order to add your client to the "it's definitely not spam" category. It reads by default: "FromOrTo: default no" - which means the default is "no, I don't think of anything at all as 'not spam'" You should add (before this line) a line that says: From: myclient@hisdomain.com yes So that it marks him as not spam... But that brings you the problem of people POSING as him, impersonating his e-mail address. You should *really* look into the REASON why they're being marked as SPAM and correct it, otherwise you're just not doing anything about it. In any case, you should really buy the book or read the FAQ/MAQ/Wiki. I've had all my clients buy the book (there are three, I think, that already sent for it, the others are on their way), and I've heard from one of my clients that already has the book that it's an excellent read. Alex Neuman van der Hans wrote: > Sure. Read the part about rulesets in the configuration file. > > spart cus wrote: >> Im not really very familiar with this.Can you give me some guidelines? >> >> */Alex Neuman van der Hans /* wrote: >> >> Use a ruleset. >> >> spart cus wrote: >>> hi guys, >>> ive recently noticed that one my clients using the name SysAd on >>> his email client is being detected as spam.How can i manually >>> tell my MS not to tagged this client ? >>> >>> thanks >>> ------------------------------------------------------------------------ >>> Yahoo! Travel >>> Find great deals >>> >>> to the top 10 hottest destinations! >> >> -- >> >> Alex Neuman van der Hans >> N&K Technology Consultants >> Tel. +507 214-9002 - http://nkpanama.com/ >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> ------------------------------------------------------------------------ >> Yahoo! Travel >> Find great deals >> >> to the top 10 hottest destinations! > > -- > > Alex Neuman van der Hans > N&K Technology Consultants > Tel. +507 214-9002 - http://nkpanama.com/ -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ Alex Neuman van der Hans wrote: > Sure. Read the part about rulesets in the configuration file. > > spart cus wrote: >> Im not really very familiar with this.Can you give me some guidelines? >> >> */Alex Neuman van der Hans /* wrote: >> >> Use a ruleset. >> >> spart cus wrote: >>> hi guys, >>> ive recently noticed that one my clients using the name SysAd on >>> his email client is being detected as spam.How can i manually >>> tell my MS not to tagged this client ? >>> >>> thanks >>> ------------------------------------------------------------------------ >>> Yahoo! Travel >>> Find great deals >>> >>> to the top 10 hottest destinations! >> >> -- >> >> Alex Neuman van der Hans >> N&K Technology Consultants >> Tel. +507 214-9002 - http://nkpanama.com/ >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> ------------------------------------------------------------------------ >> Yahoo! Travel >> Find great deals >> >> to the top 10 hottest destinations! > > -- > > Alex Neuman van der Hans > N&K Technology Consultants > Tel. +507 214-9002 - http://nkpanama.com/ -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060313/8bc8fef4/attachment.html From taz at taz-mania.com Tue Mar 14 02:26:24 2006 From: taz at taz-mania.com (Dennis Willson) Date: Tue Mar 14 02:26:31 2006 Subject: How to whitelist my clietns ? In-Reply-To: <20060314000428.12521.qmail@web35604.mail.mud.yahoo.com> References: <20060314000428.12521.qmail@web35604.mail.mud.yahoo.com> Message-ID: <441629D0.3020706@taz-mania.com> You should consider installing Mailwatch. Then whitelisting and blacklisting are simple web gui operations. spart cus wrote: > hi guys, > ive recently noticed that one my clients using the name SysAd on his > email client is being detected as spam.How can i manually tell my MS > not to tagged this client ? > > thanks > > ------------------------------------------------------------------------ > Yahoo! Travel > Find great deals > > to the top 10 hottest destinations! -- Dennis Willson (taz@taz-mania.com) Owner, Operator of Kepnet Internet Services http://www.kepnet.com -------------- next part -------------- A non-text attachment was scrubbed... Name: taz.vcf Type: text/x-vcard Size: 229 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060313/6464ffc5/taz.vcf From alex at nkpanama.com Tue Mar 14 02:34:39 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Mar 14 02:34:44 2006 Subject: How to whitelist my clietns ? In-Reply-To: <441629D0.3020706@taz-mania.com> References: <20060314000428.12521.qmail@web35604.mail.mud.yahoo.com> <441629D0.3020706@taz-mania.com> Message-ID: <44162BBF.1000408@nkpanama.com> I think many will agree that if he hasn't read through the config file yet and found out about rulesets, MailWatch is a little bit too much right now. He should first get acquainted with rulesets manually and then progress to MailWatch. It's surprising how well MailScanner can work without user intervention; I wouldn't be able to guess how long this particular installation has been running without using rulesets. I'm guessing it's not using spamassassin, or using it in a limited fashion (no razor/pyzor/dcc). Even still it works very well "out-of-the-box", specially with Julian's SA-Clamav installer. Dennis Willson wrote: > You should consider installing Mailwatch. Then whitelisting and > blacklisting are simple web gui operations. > > spart cus wrote: > >> hi guys, >> ive recently noticed that one my clients using the name SysAd on his >> email client is being detected as spam.How can i manually tell my MS >> not to tagged this client ? >> >> thanks >> >> ------------------------------------------------------------------------ >> Yahoo! Travel >> Find great deals >> >> to the top 10 hottest destinations! > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From alex at nkpanama.com Tue Mar 14 02:39:28 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Mar 14 02:39:33 2006 Subject: install.sh wishlist Message-ID: <44162CE0.2040107@nkpanama.com> I've used clamav-milter on every server I've installed/maintained, and I always have to edit install.sh to add "--enable-milter" to be able to update it. I also search&replace all the "sleep 2"s and "sleep 5"s with "sleep 0", comment them out, or remove them altogether. Makes for a quicker install, and the script is mature enough not to break. Could there be an "--enable-milter" option, or something that would detect the existence of clamav-milter (perhaps a ps -ax | grep clamav-milter) and add it to the ./configure line? Perhaps a "--super-fast" that would preclude the "sleep"s? Just my 2c... -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From ecj at telpacific.com.au Tue Mar 14 04:38:20 2006 From: ecj at telpacific.com.au (DOODS) Date: Tue Mar 14 04:38:50 2006 Subject: Filtering Then Forwarding Message-ID: <34160.203.88.231.8.1142311100.squirrel@203.88.231.8> Hello All. I need a quick help. I would like to do a filtering based on the from and to headers and then forward emails to a specific email address if matched. To be more detailed: Condition: and Action: Forward to user3@domain3.com We're running MailScanner and Exim with MySQL. I have been googling since this morning and can't find the answer that I need. I hope someone can help. Thanks in advance. Now it's back to googling for me... Cheers, DOODS From MailScanner at ecs.soton.ac.uk Tue Mar 14 10:11:45 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 14 10:11:52 2006 Subject: install.sh wishlist In-Reply-To: <44162CE0.2040107@nkpanama.com> References: <44162CE0.2040107@nkpanama.com> Message-ID: On 14 Mar 2006, at 02:39, Alex Neuman van der Hans wrote: > I've used clamav-milter on every server I've installed/maintained, > and I always have to edit install.sh to add "--enable-milter" to be > able to update it. But a large amount of users don't want the milter. > I also search&replace all the "sleep 2"s and "sleep 5"s with "sleep > 0", comment them out, or remove them altogether. Makes for a > quicker install, and the script is mature enough not to break. Try "./install fast" :-) > > Could there be an "--enable-milter" option, or something that would > detect the existence of clamav-milter (perhaps a ps -ax | grep > clamav-milter) and add it to the ./configure line? That's a possibility. > Perhaps a "--super-fast" that would preclude the "sleep"s? > > Just my 2c... All contributions welcome. > > -- > > Alex Neuman van der Hans > N&K Technology Consultants > Tel. +507 214-9002 - http://nkpanama.com/ > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Mar 14 10:13:53 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 14 10:14:01 2006 Subject: Filtering Then Forwarding In-Reply-To: <34160.203.88.231.8.1142311100.squirrel@203.88.231.8> References: <34160.203.88.231.8.1142311100.squirrel@203.88.231.8> Message-ID: <0AD3AC49-C650-4234-BD9C-A930ED229F0F@ecs.soton.ac.uk> Use a ruleset on the "Non-Spam Actions", "Spam Actions" and "High- Scoring Spam Actions" which says something like this: From: user1@domain1.com and To: *@domain2.com forward user3@domain3.com FromOrTo: default deliver On 14 Mar 2006, at 04:38, DOODS wrote: > > Hello All. > I need a quick help. I would like to do a filtering based on the > from and > to headers and then forward emails to a specific email address if > matched. > To be more detailed: > > Condition: and > Action: Forward to user3@domain3.com > > We're running MailScanner and Exim with MySQL. I have been googling > since > this morning and can't find the answer that I need. I hope someone can > help. > Thanks in advance. > Now it's back to googling for me... > > Cheers, -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve.swaney at fsl.com Tue Mar 14 13:56:48 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Tue Mar 14 13:54:50 2006 Subject: Filtering Then Forwarding In-Reply-To: <34160.203.88.231.8.1142311100.squirrel@203.88.231.8> Message-ID: <084f01c6476f$23d2fe50$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of DOODS > Sent: Monday, March 13, 2006 11:38 PM > To: mailscanner@lists.mailscanner.info > Subject: Filtering Then Forwarding > > > Hello All. > I need a quick help. I would like to do a filtering based on the from and > to headers and then forward emails to a specific email address if matched. > To be more detailed: > > Condition: and > Action: Forward to user3@domain3.com > > We're running MailScanner and Exim with MySQL. I have been googling since > this morning and can't find the answer that I need. I hope someone can > help. > Thanks in advance. > Now it's back to googling for me... > > Cheers, > DOODS > You pretty much wrote the rule yourself. Create a rule set for Non Spam Actions (and Spam Actions and High Spam Actions if necessary): From: user1@domain1.com and To: *@domain2.com forward user3@domain3.com delete FromOrTo: default deliver Each rule above should be entered on a single line. I believe this is in the Example and Readme files in the rules directory. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From Denis.Beauchemin at USherbrooke.ca Tue Mar 14 14:16:08 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Mar 14 14:17:49 2006 Subject: Big Loads In-Reply-To: <44160884.3010306@nkpanama.com> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <441593F4.6020500@USherbrooke.ca> <44160884.3010306@nkpanama.com> Message-ID: <4416D028.3030600@USherbrooke.ca> Alex Neuman van der Hans wrote: > Any good FAQ entries you might recommend on using IPBlock? The comments in the /usr/lib/MailScanner/MailScanner/CustomConfig.pm file are pretty much what you will need. Don't forget the crontab job unless you want to block offending IPs forever. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060314/d9d44e15/smime.bin From samp at arial-concept.com Tue Mar 14 14:49:12 2006 From: samp at arial-concept.com (Sam Przyswa) Date: Tue Mar 14 14:49:27 2006 Subject: Rules precedence Message-ID: <4416D7E8.8010108@arial-concept.com> Hi, What is the rules precedence if I use for example the SORBS-DNSBL in MailScanner.conf and SpamAssassin with a -100.000 score rule with a whitelist Bonded Sender program ? Sam. -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. MailScanner remercie transtec pour son soutien. From jaearick at colby.edu Tue Mar 14 14:50:52 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Tue Mar 14 15:02:18 2006 Subject: Big Loads In-Reply-To: <4416D028.3030600@USherbrooke.ca> References: <20060311002608.58633.qmail@web60022.mail.yahoo.com> <441593F4.6020500@USherbrooke.ca> <44160884.3010306@nkpanama.com> <4416D028.3030600@USherbrooke.ca> Message-ID: See the following: http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/234.html and http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/239.html Jeff Earickson Colby College On Tue, 14 Mar 2006, Denis Beauchemin wrote: > Date: Tue, 14 Mar 2006 09:16:08 -0500 > From: Denis Beauchemin > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: Big Loads > > Alex Neuman van der Hans wrote: > >> Any good FAQ entries you might recommend on using IPBlock? > > The comments in the /usr/lib/MailScanner/MailScanner/CustomConfig.pm file are > pretty much what you will need. Don't forget the crontab job unless you want > to block offending IPs forever. > > Denis > > -- > _ > ?v? Denis Beauchemin, analyste > /(_)\ Universit? de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x2252 F: 819.821.8045 > > > From shuttlebox at gmail.com Tue Mar 14 15:51:13 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Mar 14 15:51:17 2006 Subject: Problem with MIME multipart/related Message-ID: <625385e30603140751r720b3d68t909ba12e76b43fb5@mail.gmail.com> I have a problem with mail sent from some kind of medical appliance. I get a "Could not analyze message" report and the message gets quarantined. This is the only log line from MailScanner: Mar 13 13:50:21 ajax MailScanner[25733]: Saved entire message to /queues/MailScanner/quarantine/20060313/k2DCoIjU028388 The message passes a Sendmail server before it so the problem must be related to MS having problems unpacking the MIME structure. I called the company and they were pretty much clueless but admitted that other customers had varying problems looking at the mails. They contain HTML with image tags and some customers saw it properly and others only saw the text and no images. This is the last part of the qf-file. Is it the two semicolons after multipart/related that is the problem (syntax error) or doesn't MS support this content type? I don't know how common it is. H??X-Mailer: CytoMailer1.0 H??MIME-Version: 1.0 H??Content-Type: multipart/related;; boundary=WC_MAIL_PaRt_BoUnDaRy_05151998 . -- /peter From KLekas at foxriver.com Tue Mar 14 16:04:40 2006 From: KLekas at foxriver.com (Kosta Lekas) Date: Tue Mar 14 16:04:53 2006 Subject: spamassassin timeouts help Message-ID: <8D8A77DC1FA09546936E74FC3EEC627A3B1FDE@FREXGENEVA-01.frfr.foxriver.com> Hi everyone, I would like to figure out how to prevent or minimize spamassassin timeouts. Problem is I'm not exactly sure what causes it to time out in the first place (if someone can explain it to me that would be great). I have 3 MailScanner gateways running on different DMZ's, MX01, MX02, and MX03. 1. MX01 is used primarily for mail archiving relay to IronMountain. I have an internal MS Exchange server, anything sent or received by any of my users is archived to archiveaddress@ironmountain.com; It is relayed from Exchange box to MX01 and then to IronMountain's SMTP servers. MX01 is also a backup MX listed in my public mx pool with a high weight so I do see a lot of spammers trying to hit it. This guy processes an average of 2500 messages a day and 1/80 mails get spamassassin timeouts on this relay. 2. MX02 is my outgoing (internet bound relay) as well as my primary incoming mail server listed with the lowest weight in public DNS. This guy processes an average of 1200 messages a day and 1/190 mails get spamassassin timeouts on this relay. 3. MX03 is a backup relay for internetbound and incoming and is listed in public DNS with a higher weight that MX02 so I do see a lot of spammers try to hit it. This guy processes only 120 messages a day and 1/10 mails get spamassassin timeouts on this relay. What is getting me is the low amount of messages that MX03 is receiving but yet is having so many spamassassin timeouts. Most of the spam that gets thru has come from MX03 and from examination of the headers I can see that spamassassin timed out, but it does catch about 50 a day. Why so many timeouts on this guy. I have included some log entries at the end of this email. On All 3 relays: Max Spam List Timeouts = 7 Spam List Timeouts History = 10 Max SpamAssassin Timeouts = 10 SpamAssassin Timeouts History = 30 Max Custom Spam Scanner Timeouts = 10 MCP Max SpamAssassin Timeouts = 20 The only thing different on MX03 is that I am using the latest MailScanner with the feature "Cache SpamAssassin Results = yes" Here are the Specs for all three relays as you can see MX02 has the best hardware, MX03 comes in second and then MX01. MX01 specs: 1 CPU Pentium 3, 1.4GHz, 500MB of ram Red Hat Enterprise Linux WS release 4 (Nahant Update 2) Perl version 5.008005 (5.8.5) MailScanner version 4.42.9 postfix-2.1.5-4.2.RHEL4 spamassassin-3.0.4-1_25.el4.at (using DCC) clamav-0.87-1.2.el4.rf MX02 specs: Dual Xeon, 3.2GHz, 4GB of ram Red Hat Enterprise Linux WS release 4 (Nahant Update 2) Perl version 5.008005 (5.8.5) MailScanner version 4.45.4 postfix-2.1.5-4.2.RHEL4 spamassassin-3.0.4-1.el4 (using DCC) clamav-0.87-1.2.el4.rf MX03 specs: Dual Xeon, 2.8GHz, 2G of ram Fedora Core release 4 (Stentz) Perl version 5.008006 (5.8.6) MailScanner version 4.51.4 postfix-2.2.2-2 spamassassin-3.0.4-2.fc4 (using DCC, using spamassassin cache feature) clamav-0.88-1.fc4 (using clamavmodule) Here are some log entries from MX03 showing the timeouts: /var/log/maillog:Mar 12 04:17:23 MX03 MailScanner[19465]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 12 04:17:24 MX03 MailScanner[19465]: Message B083647F8F.C006E from 218.18.181.156 (aostos@abt.com.tr) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 12 04:20:10 MX03 MailScanner[19578]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 12 04:20:11 MX03 MailScanner[19578]: Message BDC6747F8F.7787A from 59.5.144.136 (snd_pcm_hw_params_set_period_size_first@glennedward.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 12 09:22:06 MX03 MailScanner[19522]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 12 09:22:08 MX03 MailScanner[19522]: Message 90FC847F8F.4E65E from 59.37.63.81 (gustavo_woodscy@lycos.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 12 12:58:47 MX03 MailScanner[22385]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 12 12:58:48 MX03 MailScanner[22385]: Message E7D6947F80.842A4 from 66.215.18.215 (hugh@paramed.biz) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 12 13:39:04 MX03 MailScanner[19470]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 12 13:39:05 MX03 MailScanner[19470]: Message C111847F83.490CD from 127.0.0.1 (root@mydomain.com) to mydomain.com is not spam (whitelisted), SpamAssassin (timed out) /var/log/maillog:Mar 12 13:46:23 MX03 MailScanner[23571]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 12 13:46:24 MX03 MailScanner[23571]: Message 5658947F85.94B60 from 68.164.134.210 (stitti@bhb.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 12 13:53:51 MX03 MailScanner[28831]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 12 13:53:53 MX03 MailScanner[28831]: Message 6731247F85.D2DA7 from 203.210.151.43 (cmzcuoniucu@hotmail.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 12 14:00:28 MX03 MailScanner[23788]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 12 14:00:29 MX03 MailScanner[23788]: Message E04A347F8A.4DAC5 from 200.165.21.104 (lnpykciriii@hotmail.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 12 15:45:25 MX03 MailScanner[9593]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 12 15:45:26 MX03 MailScanner[9593]: Message CC93847F88.B0E03 from 80.108.24.113 (plsnutrionists@mdgekko.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 12 19:09:09 MX03 MailScanner[13504]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 12 19:09:10 MX03 MailScanner[13504]: Message CC63347F8F.EEFAC from 200.113.75.224 (jvyxcjyidqa@hotmail.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 12 21:07:08 MX03 MailScanner[25699]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 12 21:07:09 MX03 MailScanner[25699]: Message 7D7F647F94.91C50 from 58.168.170.253 (i_golodnikov@inbox.ru) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 12 21:07:15 MX03 MailScanner[12264]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 12 21:07:16 MX03 MailScanner[12264]: Message 619A447F9A.40F2D from 58.168.170.253 (donoghue.laginaqa4@gmail.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 12 21:15:18 MX03 MailScanner[20260]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 12 21:15:19 MX03 MailScanner[20260]: Message 8C0BF47F8F.33EA1 from 222.109.255.235 (info@mydomain.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 13 04:03:31 MX03 MailScanner[15384]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 13 04:03:32 MX03 MailScanner[15384]: Message 852C947F8F.2A2E0 from 127.0.0.1 (root@mydomain.com) to MX03.mydomain.com,root is not spam (whitelisted), SpamAssassin (timed out) /var/log/maillog:Mar 13 04:36:53 MX03 MailScanner[19666]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 13 04:36:54 MX03 MailScanner[19666]: Message 782C047F8F.16EAF from 222.67.132.244 (xaviert@methodistemail.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 13 04:37:33 MX03 MailScanner[13163]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 13 04:37:35 MX03 MailScanner[13163]: Message D990D47F95.A54A4 from 83.35.242.23 (wzjgjztcpeo@hotmail.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 13 08:38:49 MX03 MailScanner[15435]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 13 08:38:50 MX03 MailScanner[15435]: Message 5715F47F8F.6E0A8 from 218.13.88.109 (carls2@yahoo.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 13 09:09:20 MX03 MailScanner[15142]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 13 09:09:21 MX03 MailScanner[15142]: Message 6F64047F8F.ACCA1 from 84.72.68.253 (john@eu-vest.biz) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 13 09:59:44 MX03 MailScanner[15689]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 13 09:59:45 MX03 MailScanner[15689]: Message 8704F47F8E.4A095 from 221.158.30.189 (sherrietomlinsonnm@visuallink.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 13 10:19:36 MX03 MailScanner[29901]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 13 10:19:38 MX03 MailScanner[29901]: Message D6DF047F8E.86E7D from 216.222.251.75 (danosusu@hearngroup.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 13 10:30:43 MX03 MailScanner[29902]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 13 10:30:44 MX03 MailScanner[29902]: Message 4902E47F8E.39042 from 82.246.244.31 (toiubpvcbdttm@math-info.univ-paris5.fr) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 13 16:56:59 MX03 MailScanner[31306]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 13 16:57:01 MX03 MailScanner[31306]: Message BE6C947F8F.4CBDE from 70.92.73.132 (richard@guitarra.biz) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 13 18:26:02 MX03 MailScanner[31312]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 13 18:26:04 MX03 MailScanner[31312]: Message 4D6BF47F6E.8DA38 from 69.143.26.250 (henry@pradella.biz) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 13 18:27:43 MX03 MailScanner[31263]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 13 18:27:44 MX03 MailScanner[31263]: Message EF85B47F97.9CD6C from 24.0.25.137 (john@pistonheads.biz) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 14 01:57:42 MX03 MailScanner[3814]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 14 01:57:43 MX03 MailScanner[3814]: Message 70D2347F90.0A30B from 58.33.193.13 (susanah@gay-mail.net) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 14 04:03:30 MX03 MailScanner[3863]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 14 04:03:31 MX03 MailScanner[3863]: Message E442347F90.0CEF2 from 127.0.0.1 (root@mydomain.com) to MX03.mydomain.com,root is not spam (whitelisted), SpamAssassin (timed out) /var/log/maillog:Mar 14 06:49:58 MX03 MailScanner[3684]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 14 06:49:59 MX03 MailScanner[3684]: Message 62A5B47F8F.5D1D9 from 85.216.44.205 (mmwlpmfvsjb@hotmail.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 14 08:11:33 MX03 MailScanner[7162]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 14 08:11:34 MX03 MailScanner[7162]: Message 8B70847F8F.4FE93 from 222.191.167.14 (wierzbicki@bluehyppo.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog:Mar 14 08:34:25 MX03 MailScanner[3672]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog:Mar 14 08:34:27 MX03 MailScanner[3672]: Message CE81647F8F.CF604 from 221.14.241.74 (zdtdvqmgqus@subt-16.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog.1:Mar 9 08:01:46 MX03 MailScanner[2030]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog.1:Mar 9 08:01:47 MX03 MailScanner[2030]: Message 67CA447FA7.9BA57 from 201.138.198.234 (chenchen@0733.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog.1:Mar 9 08:02:05 MX03 MailScanner[2379]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog.1:Mar 9 08:02:08 MX03 MailScanner[2379]: Message B26FA47FC0.CB827 from 211.196.198.72 (j_maldonado_fr@netscape.net) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog.1:Mar 10 04:07:45 MX03 MailScanner[3572]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog.1:Mar 10 08:01:07 MX03 MailScanner[3572]: Message B0C4C47F90.E284C from 221.152.17.195 (bourqfried@dawgrock.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog.1:Mar 10 08:19:04 MX03 MailScanner[2126]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog.1:Mar 10 08:19:05 MX03 MailScanner[2126]: Message 19E6747F89.D3A88 from 83.94.161.243 (certain588@gmail.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog.1:Mar 10 08:19:46 MX03 MailScanner[2476]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog.1:Mar 10 08:19:48 MX03 MailScanner[2476]: Message E6FE147F6E.EFDBC from 83.94.161.243 (phelan.humphry75t@gmail.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog.1:Mar 11 15:29:48 MX03 MailScanner[19464]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog.1:Mar 11 15:29:55 MX03 MailScanner[19464]: Message C768447F8A.3C3C1 from 200.149.217.102 (bzn@0733.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog.1:Mar 11 15:44:40 MX03 MailScanner[19473]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog.1:Mar 11 15:44:41 MX03 MailScanner[19473]: Message D9DB447F8D.32594 from 81.193.12.243 (surlesu@is.titech.ac.jp) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog.1:Mar 11 17:19:13 MX03 MailScanner[19467]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog.1:Mar 11 17:19:14 MX03 MailScanner[19467]: Message 2F2E347F8E.71F12 from 69.201.205.193 (gilbert@first2office.biz) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog.1:Mar 12 01:06:39 MX03 MailScanner[19514]: SpamAssassin timed out and was killed, failure 1 of 10 /var/log/maillog.1:Mar 12 01:06:40 MX03 MailScanner[19514]: Message 1452A47F92.DFF53 from 222.137.180.247 (fgwabrmvom@laptopcentral.com) to mydomain.com is not spam, SpamAssassin (timed out) /var/log/maillog.1:Mar 12 03:13:26 MX03 MailScanner[19467]: SpamAssassin timed out and was killed, failure 2 of 10 /var/log/maillog.1:Mar 12 03:13:27 MX03 MailScanner[19467]: Message 437B147F94.66F30 from 221.202.59.26 (billiessewell_lp@flash.net) to mydomain.com is not spam, SpamAssassin (timed out) Thanks, kosta -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060314/61b7a50e/attachment.html From MailScanner at ecs.soton.ac.uk Tue Mar 14 16:11:44 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 14 16:11:55 2006 Subject: Problem with MIME multipart/related In-Reply-To: <625385e30603140751r720b3d68t909ba12e76b43fb5@mail.gmail.com> References: <625385e30603140751r720b3d68t909ba12e76b43fb5@mail.gmail.com> Message-ID: <4648312B-58BD-48F5-868C-FBAB506C845D@ecs.soton.ac.uk> Please post a zip of a complete message, so we can give it a try. On 14 Mar 2006, at 15:51, shuttlebox wrote: > I have a problem with mail sent from some kind of medical appliance. I > get a "Could not analyze message" report and the message gets > quarantined. This is the only log line from MailScanner: > > Mar 13 13:50:21 ajax MailScanner[25733]: Saved entire message to > /queues/MailScanner/quarantine/20060313/k2DCoIjU028388 > > The message passes a Sendmail server before it so the problem must be > related to MS having problems unpacking the MIME structure. I called > the company and they were pretty much clueless but admitted that other > customers had varying problems looking at the mails. They contain HTML > with image tags and some customers saw it properly and others only saw > the text and no images. > > This is the last part of the qf-file. Is it the two semicolons after > multipart/related that is the problem (syntax error) or doesn't MS > support this content type? I don't know how common it is. > > H??X-Mailer: CytoMailer1.0 > H??MIME-Version: 1.0 > H??Content-Type: multipart/related;; > boundary=WC_MAIL_PaRt_BoUnDaRy_05151998 > . -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Tue Mar 14 16:34:35 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Mar 14 16:34:44 2006 Subject: Rules precedence In-Reply-To: <4416D7E8.8010108@arial-concept.com> References: <4416D7E8.8010108@arial-concept.com> Message-ID: <4416F09B.8000608@evi-inc.com> Sam Przyswa wrote: > Hi, > > What is the rules precedence if I use for example the SORBS-DNSBL in > MailScanner.conf and SpamAssassin with a -100.000 score rule with a > whitelist Bonded Sender program ? > MailScanner.conf trumps any spamassassin score. If you don't *explicitly* trust a DNSBL, do not put it in your MailScanner.conf, let spamassassin run it and factor it into it's scoring instead. From taz at taz-mania.com Tue Mar 14 16:55:54 2006 From: taz at taz-mania.com (Dennis Willson) Date: Tue Mar 14 16:55:59 2006 Subject: spamassassin timeouts help In-Reply-To: <8D8A77DC1FA09546936E74FC3EEC627A3B1FDE@FREXGENEVA-01.frfr.foxriver.com> References: <8D8A77DC1FA09546936E74FC3EEC627A3B1FDE@FREXGENEVA-01.frfr.foxriver.com> Message-ID: <4416F59A.7050900@taz-mania.com> When I see large amounts of SpamAssassin timeouts is when one or more of the DNSBLs are not responding (happens occasionally). The the wait time builds up and causes SpamAssassin to timeout. Also if you local recursive DNS server (used by your gateways) is slow doing lookups that could be a problem too. Kosta Lekas wrote: > Hi everyone, > > I would like to figure out how to prevent or minimize spamassassin > timeouts. Problem is I?m not exactly sure what causes it to time out > in the first place (if someone can explain it to me that would be > great). I have 3 MailScanner gateways running on different DMZ?s, > MX01, MX02, and MX03. > > 1. MX01 is used primarily for mail archiving relay to IronMountain. I > have an internal MS Exchange server, anything sent or received by any > of my users is archived to archiveaddress@ironmountain.com > ; It is relayed from Exchange > box to MX01 and then to IronMountain?s SMTP servers. MX01 is also a > backup MX listed in my public mx pool with a high weight so I do see a > lot of spammers trying to hit it. This guy processes an average of > 2500 messages a day and 1/80 mails get spamassassin timeouts on this > relay. > > 2. MX02 is my outgoing (internet bound relay) as well as my primary > incoming mail server listed with the lowest weight in public DNS. This > guy processes an average of 1200 messages a day and 1/190 mails get > spamassassin timeouts on this relay. > > 3. MX03 is a backup relay for internetbound and incoming and is listed > in public DNS with a higher weight that MX02 so I do see a lot of > spammers try to hit it. This guy processes only 120 messages a day and > 1/10 mails get spamassassin timeouts on this relay. > > What is getting me is the low amount of messages that MX03 is > receiving but yet is having so many spamassassin timeouts. Most of the > spam that gets thru has come from MX03 and from examination of the > headers I can see that spamassassin timed out, but it does catch about > 50 a day. Why so many timeouts on this guy. I have included some log > entries at the end of this email. > > On All 3 relays: > > Max Spam List Timeouts = 7 > > Spam List Timeouts History = 10 > > Max SpamAssassin Timeouts = 10 > > SpamAssassin Timeouts History = 30 > > Max Custom Spam Scanner Timeouts = 10 > > MCP Max SpamAssassin Timeouts = 20 > > The only thing different on MX03 is that I am using the latest > MailScanner with the feature ?Cache SpamAssassin Results = yes? > > Here are the Specs for all three relays as you can see MX02 has the > best hardware, MX03 comes in second and then MX01. > > MX01 specs: > > 1 CPU Pentium 3, 1.4GHz, 500MB of ram > > Red Hat Enterprise Linux WS release 4 (Nahant Update 2) > > Perl version 5.008005 (5.8.5) > > MailScanner version 4.42.9 > > postfix-2.1.5-4.2.RHEL4 > > spamassassin-3.0.4-1_25.el4.at (using DCC) > > clamav-0.87-1.2.el4.rf > > MX02 specs: > > Dual Xeon, 3.2GHz, 4GB of ram > > Red Hat Enterprise Linux WS release 4 (Nahant Update 2) > > Perl version 5.008005 (5.8.5) > > MailScanner version 4.45.4 > > postfix-2.1.5-4.2.RHEL4 > > spamassassin-3.0.4-1.el4 (using DCC) > > clamav-0.87-1.2.el4.rf > > MX03 specs: > > Dual Xeon, 2.8GHz, 2G of ram > > Fedora Core release 4 (Stentz) > > Perl version 5.008006 (5.8.6) > > MailScanner version 4.51.4 > > postfix-2.2.2-2 > > spamassassin-3.0.4-2.fc4 (using DCC, using spamassassin cache feature) > > clamav-0.88-1.fc4 (using clamavmodule) > > Here are some log entries from MX03 showing the timeouts: > > /var/log/maillog:Mar 12 04:17:23 MX03 MailScanner[19465]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 12 04:17:24 MX03 MailScanner[19465]: Message > B083647F8F.C006E from 218.18.181.156 (aostos@abt.com.tr) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 12 04:20:10 MX03 MailScanner[19578]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 12 04:20:11 MX03 MailScanner[19578]: Message > BDC6747F8F.7787A from 59.5.144.136 > (snd_pcm_hw_params_set_period_size_first@glennedward.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 12 09:22:06 MX03 MailScanner[19522]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 12 09:22:08 MX03 MailScanner[19522]: Message > 90FC847F8F.4E65E from 59.37.63.81 (gustavo_woodscy@lycos.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 12 12:58:47 MX03 MailScanner[22385]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 12 12:58:48 MX03 MailScanner[22385]: Message > E7D6947F80.842A4 from 66.215.18.215 (hugh@paramed.biz) to mydomain.com > is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 12 13:39:04 MX03 MailScanner[19470]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 12 13:39:05 MX03 MailScanner[19470]: Message > C111847F83.490CD from 127.0.0.1 (root@mydomain.com) to mydomain.com is > not spam (whitelisted), SpamAssassin (timed out) > > /var/log/maillog:Mar 12 13:46:23 MX03 MailScanner[23571]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 12 13:46:24 MX03 MailScanner[23571]: Message > 5658947F85.94B60 from 68.164.134.210 (stitti@bhb.com) to mydomain.com > is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 12 13:53:51 MX03 MailScanner[28831]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 12 13:53:53 MX03 MailScanner[28831]: Message > 6731247F85.D2DA7 from 203.210.151.43 (cmzcuoniucu@hotmail.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 12 14:00:28 MX03 MailScanner[23788]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 12 14:00:29 MX03 MailScanner[23788]: Message > E04A347F8A.4DAC5 from 200.165.21.104 (lnpykciriii@hotmail.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 12 15:45:25 MX03 MailScanner[9593]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 12 15:45:26 MX03 MailScanner[9593]: Message > CC93847F88.B0E03 from 80.108.24.113 (plsnutrionists@mdgekko.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 12 19:09:09 MX03 MailScanner[13504]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 12 19:09:10 MX03 MailScanner[13504]: Message > CC63347F8F.EEFAC from 200.113.75.224 (jvyxcjyidqa@hotmail.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 12 21:07:08 MX03 MailScanner[25699]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 12 21:07:09 MX03 MailScanner[25699]: Message > 7D7F647F94.91C50 from 58.168.170.253 (i_golodnikov@inbox.ru) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 12 21:07:15 MX03 MailScanner[12264]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 12 21:07:16 MX03 MailScanner[12264]: Message > 619A447F9A.40F2D from 58.168.170.253 (donoghue.laginaqa4@gmail.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 12 21:15:18 MX03 MailScanner[20260]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 12 21:15:19 MX03 MailScanner[20260]: Message > 8C0BF47F8F.33EA1 from 222.109.255.235 (info@mydomain.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 13 04:03:31 MX03 MailScanner[15384]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 13 04:03:32 MX03 MailScanner[15384]: Message > 852C947F8F.2A2E0 from 127.0.0.1 (root@mydomain.com) to > MX03.mydomain.com,root is not spam (whitelisted), SpamAssassin (timed out) > > /var/log/maillog:Mar 13 04:36:53 MX03 MailScanner[19666]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 13 04:36:54 MX03 MailScanner[19666]: Message > 782C047F8F.16EAF from 222.67.132.244 (xaviert@methodistemail.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 13 04:37:33 MX03 MailScanner[13163]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 13 04:37:35 MX03 MailScanner[13163]: Message > D990D47F95.A54A4 from 83.35.242.23 (wzjgjztcpeo@hotmail.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 13 08:38:49 MX03 MailScanner[15435]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 13 08:38:50 MX03 MailScanner[15435]: Message > 5715F47F8F.6E0A8 from 218.13.88.109 (carls2@yahoo.com) to mydomain.com > is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 13 09:09:20 MX03 MailScanner[15142]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 13 09:09:21 MX03 MailScanner[15142]: Message > 6F64047F8F.ACCA1 from 84.72.68.253 (john@eu-vest.biz) to mydomain.com > is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 13 09:59:44 MX03 MailScanner[15689]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 13 09:59:45 MX03 MailScanner[15689]: Message > 8704F47F8E.4A095 from 221.158.30.189 > (sherrietomlinsonnm@visuallink.com) to mydomain.com is not spam, > SpamAssassin (timed out) > > /var/log/maillog:Mar 13 10:19:36 MX03 MailScanner[29901]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 13 10:19:38 MX03 MailScanner[29901]: Message > D6DF047F8E.86E7D from 216.222.251.75 (danosusu@hearngroup.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 13 10:30:43 MX03 MailScanner[29902]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 13 10:30:44 MX03 MailScanner[29902]: Message > 4902E47F8E.39042 from 82.246.244.31 > (toiubpvcbdttm@math-info.univ-paris5.fr) to mydomain.com is not spam, > SpamAssassin (timed out) > > /var/log/maillog:Mar 13 16:56:59 MX03 MailScanner[31306]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 13 16:57:01 MX03 MailScanner[31306]: Message > BE6C947F8F.4CBDE from 70.92.73.132 (richard@guitarra.biz) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 13 18:26:02 MX03 MailScanner[31312]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 13 18:26:04 MX03 MailScanner[31312]: Message > 4D6BF47F6E.8DA38 from 69.143.26.250 (henry@pradella.biz) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 13 18:27:43 MX03 MailScanner[31263]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 13 18:27:44 MX03 MailScanner[31263]: Message > EF85B47F97.9CD6C from 24.0.25.137 (john@pistonheads.biz) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 14 01:57:42 MX03 MailScanner[3814]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 14 01:57:43 MX03 MailScanner[3814]: Message > 70D2347F90.0A30B from 58.33.193.13 (susanah@gay-mail.net) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 14 04:03:30 MX03 MailScanner[3863]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 14 04:03:31 MX03 MailScanner[3863]: Message > E442347F90.0CEF2 from 127.0.0.1 (root@mydomain.com) to > MX03.mydomain.com,root is not spam (whitelisted), SpamAssassin (timed out) > > /var/log/maillog:Mar 14 06:49:58 MX03 MailScanner[3684]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 14 06:49:59 MX03 MailScanner[3684]: Message > 62A5B47F8F.5D1D9 from 85.216.44.205 (mmwlpmfvsjb@hotmail.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 14 08:11:33 MX03 MailScanner[7162]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 14 08:11:34 MX03 MailScanner[7162]: Message > 8B70847F8F.4FE93 from 222.191.167.14 (wierzbicki@bluehyppo.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog:Mar 14 08:34:25 MX03 MailScanner[3672]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog:Mar 14 08:34:27 MX03 MailScanner[3672]: Message > CE81647F8F.CF604 from 221.14.241.74 (zdtdvqmgqus@subt-16.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog.1:Mar 9 08:01:46 MX03 MailScanner[2030]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog.1:Mar 9 08:01:47 MX03 MailScanner[2030]: Message > 67CA447FA7.9BA57 from 201.138.198.234 (chenchen@0733.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog.1:Mar 9 08:02:05 MX03 MailScanner[2379]: SpamAssassin > timed out and was killed, failure 1 of 10 > > /var/log/maillog.1:Mar 9 08:02:08 MX03 MailScanner[2379]: Message > B26FA47FC0.CB827 from 211.196.198.72 (j_maldonado_fr@netscape.net) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog.1:Mar 10 04:07:45 MX03 MailScanner[3572]: > SpamAssassin timed out and was killed, failure 1 of 10 > > /var/log/maillog.1:Mar 10 08:01:07 MX03 MailScanner[3572]: Message > B0C4C47F90.E284C from 221.152.17.195 (bourqfried@dawgrock.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog.1:Mar 10 08:19:04 MX03 MailScanner[2126]: > SpamAssassin timed out and was killed, failure 1 of 10 > > /var/log/maillog.1:Mar 10 08:19:05 MX03 MailScanner[2126]: Message > 19E6747F89.D3A88 from 83.94.161.243 (certain588@gmail.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog.1:Mar 10 08:19:46 MX03 MailScanner[2476]: > SpamAssassin timed out and was killed, failure 1 of 10 > > /var/log/maillog.1:Mar 10 08:19:48 MX03 MailScanner[2476]: Message > E6FE147F6E.EFDBC from 83.94.161.243 (phelan.humphry75t@gmail.com) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog.1:Mar 11 15:29:48 MX03 MailScanner[19464]: > SpamAssassin timed out and was killed, failure 1 of 10 > > /var/log/maillog.1:Mar 11 15:29:55 MX03 MailScanner[19464]: Message > C768447F8A.3C3C1 from 200.149.217.102 (bzn@0733.com) to mydomain.com > is not spam, SpamAssassin (timed out) > > /var/log/maillog.1:Mar 11 15:44:40 MX03 MailScanner[19473]: > SpamAssassin timed out and was killed, failure 1 of 10 > > /var/log/maillog.1:Mar 11 15:44:41 MX03 MailScanner[19473]: Message > D9DB447F8D.32594 from 81.193.12.243 (surlesu@is.titech.ac.jp) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog.1:Mar 11 17:19:13 MX03 MailScanner[19467]: > SpamAssassin timed out and was killed, failure 1 of 10 > > /var/log/maillog.1:Mar 11 17:19:14 MX03 MailScanner[19467]: Message > 2F2E347F8E.71F12 from 69.201.205.193 (gilbert@first2office.biz) to > mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog.1:Mar 12 01:06:39 MX03 MailScanner[19514]: > SpamAssassin timed out and was killed, failure 1 of 10 > > /var/log/maillog.1:Mar 12 01:06:40 MX03 MailScanner[19514]: Message > 1452A47F92.DFF53 from 222.137.180.247 (fgwabrmvom@laptopcentral.com) > to mydomain.com is not spam, SpamAssassin (timed out) > > /var/log/maillog.1:Mar 12 03:13:26 MX03 MailScanner[19467]: > SpamAssassin timed out and was killed, failure 2 of 10 > > /var/log/maillog.1:Mar 12 03:13:27 MX03 MailScanner[19467]: Message > 437B147F94.66F30 from 221.202.59.26 (billiessewell_lp@flash.net) to > mydomain.com is not spam, SpamAssassin (timed out) > > Thanks, > > kosta > -- Dennis Willson (taz@taz-mania.com) Owner, Operator of Kepnet Internet Services http://www.kepnet.com -------------- next part -------------- A non-text attachment was scrubbed... Name: taz.vcf Type: text/x-vcard Size: 229 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060314/fbd24670/taz.vcf From shuttlebox at gmail.com Tue Mar 14 16:59:57 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Mar 14 17:00:00 2006 Subject: Problem with MIME multipart/related In-Reply-To: <4648312B-58BD-48F5-868C-FBAB506C845D@ecs.soton.ac.uk> References: <625385e30603140751r720b3d68t909ba12e76b43fb5@mail.gmail.com> <4648312B-58BD-48F5-868C-FBAB506C845D@ecs.soton.ac.uk> Message-ID: <625385e30603140859s3cb94af2wb9533868a9fbce98@mail.gmail.com> On 3/14/06, Julian Field wrote: > Please post a zip of a complete message, so we can give it a try. I can't post the complete message here, for all I know it could contain someones x-ray pictures showing a tumor or something. I have to check with the client if I'm allowed to send you the files off list. Would that be OK? -- /peter From MailScanner at ecs.soton.ac.uk Tue Mar 14 17:12:54 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 14 17:13:00 2006 Subject: Problem with MIME multipart/related In-Reply-To: <625385e30603140859s3cb94af2wb9533868a9fbce98@mail.gmail.com> References: <625385e30603140751r720b3d68t909ba12e76b43fb5@mail.gmail.com> <4648312B-58BD-48F5-868C-FBAB506C845D@ecs.soton.ac.uk> <625385e30603140859s3cb94af2wb9533868a9fbce98@mail.gmail.com> Message-ID: <4416F996.901@ecs.soton.ac.uk> shuttlebox wrote: > On 3/14/06, Julian Field wrote: > >> Please post a zip of a complete message, so we can give it a try. >> > > I can't post the complete message here, for all I know it could > contain someones x-ray pictures showing a tumor or something. I have > to check with the client if I'm allowed to send you the files off > list. Would that be OK? > That would be fine. Definitely send it off-list. I won't publish the message or even look at the attachments it contains, I am only interested in its ability to disassemble the message, I don't need to look at the attachments to study that. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From leah at frauerpower.com Tue Mar 14 18:31:16 2006 From: leah at frauerpower.com (Leah Cunningham) Date: Tue Mar 14 18:19:56 2006 Subject: Archive only non spam tagged messages Message-ID: <200603141331.16951.leah@frauerpower.com> I'm using the Archive setting and was wondering if anyone has a way to set it to only archive messages that are not tagged as spam specifically? It seems to grab everything by default. Maybe someone has a plugin or hook function that would do it? -- Leah Cunningham : d416-585-9971x692 : d416-703-5977 : m416-559-6511 Frauerpower! Co. : www.frauerpower.com : Toronto, ON Canada From DrewB at united-systems.com Tue Mar 14 18:49:41 2006 From: DrewB at united-systems.com (Drew Burchett) Date: Tue Mar 14 18:50:04 2006 Subject: Archive only non spam tagged messages Message-ID: <1E75E79B854C814784D0E8C5BA55AF76BBAD1B@uss2k01.united-systems.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Leah Cunningham > Sent: Tuesday, March 14, 2006 12:31 PM > To: MailScanner discussion > Subject: Archive only non spam tagged messages > > I'm using the Archive setting and was wondering if anyone has a way to set > it > to only archive messages that are not tagged as spam specifically? It > seems > to grab everything by default. Maybe someone has a plugin or hook > function > that would do it? > -- I don't know that there's any existing way to do that because I think that MailScanner archives all of it before it's ever categorized. However, when I was training my Bayesian filter, I wrote a script that would take the MailScanner archives, use SpamAssassin to tag them as spam or not spam and then run them through sa-learn. It's not perfect, but I can provide it if you'd like (and if you can give me a day or so to dig it back out of wherever I dumped it). -- CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean. From ssilva at sgvwater.com Tue Mar 14 22:41:19 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 14 22:43:03 2006 Subject: install.sh wishlist In-Reply-To: References: <44162CE0.2040107@nkpanama.com> Message-ID: Julian Field spake the following on 3/14/2006 2:11 AM: > > On 14 Mar 2006, at 02:39, Alex Neuman van der Hans wrote: > >> I've used clamav-milter on every server I've installed/maintained, and >> I always have to edit install.sh to add "--enable-milter" to be able >> to update it. > > But a large amount of users don't want the milter. > >> I also search&replace all the "sleep 2"s and "sleep 5"s with "sleep >> 0", comment them out, or remove them altogether. Makes for a quicker >> install, and the script is mature enough not to break. > > Try "./install fast" :-) > >> >> Could there be an "--enable-milter" option, or something that would >> detect the existence of clamav-milter (perhaps a ps -ax | grep >> clamav-milter) and add it to the ./configure line? > > That's a possibility. > >> Perhaps a "--super-fast" that would preclude the "sleep"s? >> >> Just my 2c... > > All contributions welcome. Especially monetary ones ;-) From nauman at worldcall.net.pk Wed Mar 15 09:40:37 2006 From: nauman at worldcall.net.pk (Muhammad Nauman) Date: Wed Mar 15 09:40:46 2006 Subject: Help About MailScannerers Stages. References: <44162CE0.2040107@nkpanama.com> Message-ID: <002001c64814$875135f0$23c051cb@noc> Hi All, I m new to this Tools and i have found it really Userful. I have my Mail server on Fedora Core 3 . With Lattest Sendmail With Lattest ClamAV and Lattest MailScanner. I Used the Package ClamAv+SA available on the MailScanner Site with was really easily installed. While Monitoring the SPAM mails on the server , It does catches many of them easily , but some still passes through. I wanna debug the stages of MailScanner so i can trace and fix that problem . Further more - it is also marking my local Mails as Spam - how can i clear it Thankx in Advacne. Nauman From samp at arial-concept.com Wed Mar 15 09:56:04 2006 From: samp at arial-concept.com (Sam Przyswa) Date: Wed Mar 15 09:56:13 2006 Subject: Rules precedence In-Reply-To: <4416F09B.8000608@evi-inc.com> References: <4416D7E8.8010108@arial-concept.com> <4416F09B.8000608@evi-inc.com> Message-ID: <4417E4B4.2010806@arial-concept.com> Matt Kettler a ?crit : >Sam Przyswa wrote: > > >>Hi, >> >>What is the rules precedence if I use for example the SORBS-DNSBL in >>MailScanner.conf and SpamAssassin with a -100.000 score rule with a >>whitelist Bonded Sender program ? >> >> >> > >MailScanner.conf trumps any spamassassin score. > >If you don't *explicitly* trust a DNSBL, do not put it in your MailScanner.conf, >let spamassassin run it and factor it into it's scoring instead. > > I have to much false positive with hotmail.com and hotmail.fr I try only spamassassin. Thanks. Sam. -- Sam Przyswa - Chef de projet Arial Concept - Int???rateur Internet 36, rue de Turin - 75008 - Paris - France Tel: 01 40 54 86 04 - 0870 444 596 - Fax: 01 40 54 83 01 Skype ID: arial-concept Web: http://www.arial-concept.com - Email: Info@arial-concept.com -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. MailScanner remercie transtec pour son soutien. From roger at rudnick.com.br Wed Mar 15 12:07:39 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Wed Mar 15 12:07:46 2006 Subject: Spamassassin 3.1.1 References: <005b01c642b8$220b2810$0705000a@DDF5DW71> <002101c642f6$176f8390$0705000a@DDF5DW71> Message-ID: <020e01c64829$0ed1b040$0600a8c0@roger> Anyone running SpamAssassin 3.1.1 with MailScanner? Any problems? I'm considering an upgrade... Regards Roger Jochem From jaearick at colby.edu Wed Mar 15 12:21:27 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Mar 15 12:24:09 2006 Subject: Spamassassin 3.1.1 In-Reply-To: <020e01c64829$0ed1b040$0600a8c0@roger> References: <005b01c642b8$220b2810$0705000a@DDF5DW71> <002101c642f6$176f8390$0705000a@DDF5DW71> <020e01c64829$0ed1b040$0600a8c0@roger> Message-ID: upgraded to SA 3.1.1 a couple of days ago with MS 4.51.6, no problems here (Solaris 9). Jeff Earickson Colby College On Wed, 15 Mar 2006, Roger Jochem wrote: > Date: Wed, 15 Mar 2006 09:07:39 -0300 > From: Roger Jochem > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Spamassassin 3.1.1 > > Anyone running SpamAssassin 3.1.1 with MailScanner? Any problems? I'm > considering an upgrade... > > Regards > > Roger Jochem > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From alex at nkpanama.com Wed Mar 15 12:29:01 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Mar 15 12:29:07 2006 Subject: Help About MailScannerers Stages. In-Reply-To: <002001c64814$875135f0$23c051cb@noc> References: <44162CE0.2040107@nkpanama.com> <002001c64814$875135f0$23c051cb@noc> Message-ID: <4418088D.8090608@nkpanama.com> Muhammad Nauman wrote: > Hi All, > > I m new to this Tools and i have found it really Userful. > > I have my Mail server on Fedora Core 3 . > With Lattest Sendmail > With Lattest ClamAV > and Lattest MailScanner. > You should really use specific version numbers; your definition of latest could be different from others' point of view. > I Used the Package ClamAv+SA available on the MailScanner Site with > was really easily installed. > > While Monitoring the SPAM mails on the server , It does catches many > of them easily , but some still passes through. I wanna debug the > stages of MailScanner so i can trace and fix that problem . It's not a problem you fix by debugging or tracing. You have to look through the configuration file and pay attention to parameters such as "use spamassassin", the spam scores (which you can make higher or lower depending on your particular mail flow). You should also enable any auxiliary tools for spamassassin that you can (such as Razor, Pyzor and DCC) so that it can make a better analysis. > > Further more - it is also marking my local Mails as Spam - how can i > clear it > You don't clear it; you add your local IP addresses to a whitelist, or disable spam checks for your specific internal IP addresses using rulesets. You shouldn't whitelist names or domains, because those can usually be easily falsified. > Thankx in Advacne. > > Nauman > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From alex at nkpanama.com Wed Mar 15 12:29:43 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Mar 15 12:29:47 2006 Subject: Spamassassin 3.1.1 In-Reply-To: References: <005b01c642b8$220b2810$0705000a@DDF5DW71> <002101c642f6$176f8390$0705000a@DDF5DW71> <020e01c64829$0ed1b040$0600a8c0@roger> Message-ID: <441808B7.5000109@nkpanama.com> Working great on several servers here. Jeff A. Earickson wrote: > upgraded to SA 3.1.1 a couple of days ago with MS 4.51.6, no problems > here (Solaris 9). > > Jeff Earickson > Colby College > > On Wed, 15 Mar 2006, Roger Jochem wrote: > >> Date: Wed, 15 Mar 2006 09:07:39 -0300 >> From: Roger Jochem >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Spamassassin 3.1.1 >> >> Anyone running SpamAssassin 3.1.1 with MailScanner? Any problems? I'm >> considering an upgrade... >> >> Regards >> >> Roger Jochem -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From alex at nkpanama.com Wed Mar 15 12:33:07 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Mar 15 12:33:11 2006 Subject: spamassassin timeouts help In-Reply-To: <4416F59A.7050900@taz-mania.com> References: <8D8A77DC1FA09546936E74FC3EEC627A3B1FDE@FREXGENEVA-01.frfr.foxriver.com> <4416F59A.7050900@taz-mania.com> Message-ID: <44180983.4000203@nkpanama.com> Or Dennis Willson wrote: > When I see large amounts of SpamAssassin timeouts is when one or more > of the DNSBLs are not responding (happens occasionally). The the wait > time builds up and causes SpamAssassin to timeout. Also if you local > recursive DNS server (used by your gateways) is slow doing lookups > that could be a problem too. > Looks more like he *doesn't* have a local recursive DNS server. He could set one up, and/or use local caching DNS for all three boxes. -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From ecj at telpacific.com.au Wed Mar 15 13:14:42 2006 From: ecj at telpacific.com.au (DOODS) Date: Wed Mar 15 13:15:10 2006 Subject: Filtering Then Forwarding In-Reply-To: <084f01c6476f$23d2fe50$287ba8c0@office.fsl> References: <34160.203.88.231.8.1142311100.squirrel@203.88.231.8> <084f01c6476f$23d2fe50$287ba8c0@office.fsl> Message-ID: <12387.138.130.86.215.1142428482.squirrel@138.130.86.215> Thanks for this Stephen and Julian. I tried applying this but then I discovered it doesn't work with our setup. Our MailScanner is on another server and EXIM/IMAP on another. So what happens is that emails sent to other domains that are also hosted on the same server get delivered locally and thus the rules don't get applied. Is there an extra setting that I can do (or perhaps a setting on Exim)? Thanks a lot in advance for any help guys. > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of DOODS >> Sent: Monday, March 13, 2006 11:38 PM >> To: mailscanner@lists.mailscanner.info >> Subject: Filtering Then Forwarding >> >> >> Hello All. >> I need a quick help. I would like to do a filtering based on the from >> and >> to headers and then forward emails to a specific email address if >> matched. >> To be more detailed: >> >> Condition: and >> Action: Forward to user3@domain3.com >> >> We're running MailScanner and Exim with MySQL. I have been googling >> since >> this morning and can't find the answer that I need. I hope someone can >> help. >> Thanks in advance. >> Now it's back to googling for me... >> >> Cheers, >> DOODS >> > > You pretty much wrote the rule yourself. Create a rule set for Non Spam > Actions (and Spam Actions and High Spam Actions if necessary): > > From: user1@domain1.com and To: *@domain2.com forward user3@domain3.com > delete > FromOrTo: default deliver > > Each rule above should be entered on a single line. > > I believe this is in the Example and Readme files in the rules directory. > > Steve > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Cheers, DOODS From tallett at ocvc.ac.uk Wed Mar 15 15:26:04 2006 From: tallett at ocvc.ac.uk (Trevor Allett) Date: Wed Mar 15 15:26:17 2006 Subject: datfiles {OCVC Scanned} Message-ID: <287C63D91CBD264B9C56BB36F7DEF5832C80CF@ox01.occ.local> Hi list, I have been left a mailscanner server. It keeps filling up with dat files (/usr/local/uvscan/datfiles/44xx/) 270 directories, each weighing in at 8MB or so. Am I right in assuming I can delete these as they are old datfiles from MacAfee. And that I can delete all but the latest. The hard drive gets filled up in a matter of a week or so... Cheers for the help ~~~~~~~~~~~~~~~~~~~~~~ Trevor Allett IT Services, Banbury Campus Oxford and Cherwell Valley College Phone 50350 -- Notice: The contents of this message are confidential and may be legally privileged. If you are not the intended recipient any disclosure, copying, printing or distribution of the contents is prohibited and may be unlawful. If you have received this message in error please inform the sender and remove it from your system. Any views or opinions expressed in this message are the responsibility of the originator and do not necessarily reflect those of Oxford and Cherwell Valley College, unless explicitly stated otherwise. This message has been scanned at the Oxford and Cherwell Valley College email gateway using MailScanner (www.mailscanner.info) and is believed to be free of viruses and dangerous content. You are advised, however, to carry out your own checks before opening any attachment(s). -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060315/4c800124/attachment.html From steve.swaney at fsl.com Wed Mar 15 15:58:07 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Mar 15 15:56:08 2006 Subject: Spamassassin 3.1.1 In-Reply-To: Message-ID: <04ec01c64849$4040f850$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jeff A. Earickson > Sent: Wednesday, March 15, 2006 7:21 AM > To: MailScanner discussion > Subject: Re: Spamassassin 3.1.1 > > upgraded to SA 3.1.1 a couple of days ago with MS 4.51.6, no problems > here (Solaris 9). > > Jeff Earickson > Colby College > Ditto here. It's an easy upgrade from 3.0.1 and I didn't see that any changes were necessary to the existing configuration but the UPGRADE file only referred to SpamAssassin 3.0.1. The Changes file seem to show many, many "fixes" but I can't find documentation that parallels Julian's really complete Change Logs :( Anyone know of any major improvements or added functionally in 3.1.1? Thanks, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From prandal at herefordshire.gov.uk Wed Mar 15 15:52:07 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Mar 15 16:00:35 2006 Subject: datfiles {OCVC Scanned} Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580BB19FBB@isabella.herefordshire.gov.uk> You can tweak /usr/lib/MailScanner/mcafee-autoupdate to fix this. Near the top, make sure OPTS="-d" Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Trevor Allett Sent: 15 March 2006 15:26 To: mailscanner@lists.mailscanner.info Subject: datfiles {OCVC Scanned} Hi list, I have been left a mailscanner server. It keeps filling up with dat files (/usr/local/uvscan/datfiles/44xx/) 270 directories, each weighing in at 8MB or so. Am I right in assuming I can delete these as they are old datfiles from MacAfee. And that I can delete all but the latest. The hard drive gets filled up in a matter of a week or so... Cheers for the help ~~~~~~~~~~~~~~~~~~~~~~ Trevor Allett IT Services, Banbury Campus Oxford and Cherwell Valley College Phone 50350 -- Notice: The information in this message is confidential and may be legally privileged. If you are not the intended recipient any disclosure, copying, printing or distribution of the contents is prohibited and may be unlawful. If you have received this message in error please inform the sender and remove it from your system. Any views or opinions expressed in this message are the responsibility of the originator and do not necessarily reflect those of Oxford and Cherwell Valley College, unless explicitly stated otherwise. This message has been scanned at the Oxford and Cherwell Valley College email gateway using MailScanner (www.mailscanner.info) and is believed to be free of viruses and dangerous content. You are advised, however, to carry out your own checks before opening any attachment(s). -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060315/41a80e1e/attachment.html From ssilva at sgvwater.com Wed Mar 15 16:01:39 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 15 16:02:10 2006 Subject: datfiles {OCVC Scanned} In-Reply-To: <287C63D91CBD264B9C56BB36F7DEF5832C80CF@ox01.occ.local> References: <287C63D91CBD264B9C56BB36F7DEF5832C80CF@ox01.occ.local> Message-ID: Trevor Allett spake the following on 3/15/2006 7:26 AM: > Hi list, > I have been left a mailscanner server. It keeps filling up with dat > files (/usr/local/uvscan/datfiles/44xx/) 270 directories, each weighing > in at 8MB or so. Am I right in assuming I can delete these as they are > old datfiles from MacAfee. And that I can delete all but the latest. The > hard drive gets filled up in a matter of a week or so? > > Cheers for the help You should be able to delete the oldest of them easily. You might want to keep a weeks worth, just in case you need to go back. From housey at sme-ecom.co.uk Wed Mar 15 16:05:56 2006 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Wed Mar 15 16:06:09 2006 Subject: UTF8 Message-ID: Hi Im running MailScanner on Fedora Core 2 (Perl version 5.8.3) and CentOS 4.2 (Perl version 5.8.5) Is it necessary on these systems to remove references to UTF-8 in /etc/sysconfig/i18n? I was reading this http://wiki.apache.org/spamassassin/Utf8Performance?highlight=%28UTF%29 and can remember quite a bit of chat on the list about it but was not sure if it was no longer an issue? Kind Regards Paul From Denis.Beauchemin at USherbrooke.ca Wed Mar 15 16:29:45 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Mar 15 16:30:12 2006 Subject: UTF8 In-Reply-To: References: Message-ID: <441840F9.6050403@USherbrooke.ca> Paul Houselander a ?crit : > Hi > > Im running MailScanner on Fedora Core 2 (Perl version 5.8.3) and CentOS 4.2 > (Perl version 5.8.5) > > Is it necessary on these systems to remove references to UTF-8 in > /etc/sysconfig/i18n? > > I was reading this > > http://wiki.apache.org/spamassassin/Utf8Performance?highlight=%28UTF%29 > > and can remember quite a bit of chat on the list about it but was not sure > if it was no longer an issue? > > Kind Regards > > Paul > > Paul, I'm running on RHEL4 servers with LANG="en_US.UTF-8" with no problems. Some Perl modules may not like UTF8 when installing. Just make sure to "export LANG=C" before installing them. If you use Julian's install script, I believe this is taken care of automatically. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060315/9ef8ed6c/smime.bin From nerijus at users.sourceforge.net Wed Mar 15 16:33:27 2006 From: nerijus at users.sourceforge.net (Nerijus Baliunas) Date: Wed Mar 15 16:40:19 2006 Subject: Spamassassin 3.1.1 In-Reply-To: <04ec01c64849$4040f850$287ba8c0@office.fsl> References: <04ec01c64849$4040f850$287ba8c0@office.fsl> Message-ID: <20060315163751.0A306BB4D@mx.dtiltas.lt> On Wed, 15 Mar 2006 10:58:07 -0500 Stephen Swaney wrote: > Ditto here. It's an easy upgrade from 3.0.1 and I didn't see that any > changes were necessary to the existing configuration but the UPGRADE file > only referred to SpamAssassin 3.0.1. > > The Changes file seem to show many, many "fixes" but I can't find > documentation that parallels Julian's really complete Change Logs :( > > Anyone know of any major improvements or added functionally in 3.1.1? http://freshmeat.net/projects/spamassassin/?branch_id=15434&release_id=222150 Regards, Nerijus From gmatt at nerc.ac.uk Wed Mar 15 16:46:09 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Wed Mar 15 16:46:25 2006 Subject: mime and end-of-line encoding Message-ID: <1142441170.19493.52.camel@lea.nerc-wallingford.ac.uk> Has the problem with EOL encoding and "sign clean messages" got any nearer to a fix? This was last mentioned around the 2nd of february after a couple of threads on the issue (Attachment Warnings - End of Line Behavior Changed (CR, LF) and Problem With PDF Files - SOLVED) I have had to implement message signing as part of our Freedom of Infomation (FOI) policy and I've received my first complaint from a user about lines running together. She is using the Eudora mail client. I got the impression that the problem was "hard", but I also got the impression that it wasnt clear where the problem or solution exactly lay, this appeared to be conpounded by the MIME::Tools developer going awol. Is there any update? Any workaround other than "turn off message signing"? respectfully GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From DrewB at united-systems.com Wed Mar 15 18:04:51 2006 From: DrewB at united-systems.com (Drew Burchett) Date: Wed Mar 15 18:05:07 2006 Subject: Archive only non spam tagged messages Message-ID: <1E75E79B854C814784D0E8C5BA55AF76BB0FF4@uss2k01.united-systems.local> > -----Original Message----- > From: Leah Cunningham [mailto:leah@frauerpower.com] > Sent: Tuesday, March 14, 2006 2:04 PM > To: Drew Burchett > Subject: Re: Archive only non spam tagged messages > > On Tuesday 14 March 2006 13:49, you wrote: > > I don't know that there's any existing way to do that because I think > > that MailScanner archives all of it before it's ever categorized. > > However, when I was training my Bayesian filter, I wrote a script that > > would take the MailScanner archives, use SpamAssassin to tag them as > > spam or not spam and then run them through sa-learn. It's not perfect, > > but I can provide it if you'd like (and if you can give me a day or so > > to dig it back out of wherever I dumped it). > > That sounds like it would be useful, I'd appreciate it. > > -- > Leah Cunningham : d416-585-9971x692 : d416-703-5977 : m416-559-6511 > Frauerpower! Co. : www.frauerpower.com : Toronto, ON Canada You can download this script at http://www.united-systems.com/sortspam.pl. Before running the script, open it and change $rootdir to point to whichever directory contains your archive. I've been too busy to change it so that it reads an argument from the command line. Please be warned before using this that it simply uses SpamAssassin to classify the mail before feeding it into sa-learn, so if SpamAssassin is already misclassifying them, it will do the same through this script. -- CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean. From hermit921 at yahoo.com Wed Mar 15 21:06:57 2006 From: hermit921 at yahoo.com (hermit921) Date: Wed Mar 15 21:06:10 2006 Subject: From line has () Message-ID: <6.2.1.2.2.20060315130655.036d05a8@pop.mail.yahoo.com> Just ran into an odd problem. The new Exchange server here seems to reject any message with parentheses () in the body From line. It rejects as "sender denied", after the entire message has been seen by Exchange, as soon as I type in the period. OK, idiot misleading error message, but I want to know if this violates any of the smtp RFCs? Or is anyone unfortunate enough to know if this is an Exchange configuration setting? hermit921 From james at grayonline.id.au Wed Mar 15 22:24:16 2006 From: james at grayonline.id.au (James Gray) Date: Wed Mar 15 22:24:49 2006 Subject: To whitelist or not... Message-ID: <200603160924.21258.james@grayonline.id.au> Hi All, Here's the situation. We don't do any spam scanning in MailScanner (RBL's etc) - we handle all spam filtering in SpamAssassin. MailScanner then does all the virus/attachment/phishing/etc checks. Up until recently, we've been adding addresses to the spam.whitelist.rules to exempt messages from being flagged as spam. We don't deliver spamassassin reports in the headers so the only thing this did was add to our rule hit counts in MailWatch. I've done an experiment. I've created a rule set for the "Use SpamAssassin" config option and moved a few of the whitelisted addresses into there with a "no" action. IOW, the "use.sa.rules" file looks like this: From: whitelist_add1@domain no From: whitelist_add2@another-domain no FromOrTo: default yes We get a LOT of mail from these whitelisted addresses (they are notifications and messages generated by our systems and our customers' systems) and consequently add a nontrivial amount of load. My thinking is that by stopping them from going through SpamAssassin I'll reduce the load, and still achieve the desired effect of "whitelisting" them. I still want the virus/attachment/etc checking done, just none of the spam stuff. It appears to be working as I want but I'm not sure if I've missed something important. Have I missed something? Or is this a reasonable approach? Cheers. James -- The joys of love made her human and the agonies of love destroyed her. -- Spock, "Requiem for Methuselah", stardate 5842.8 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060316/9007338f/attachment.bin From james at grayonline.id.au Wed Mar 15 22:28:02 2006 From: james at grayonline.id.au (James Gray) Date: Wed Mar 15 22:28:26 2006 Subject: From line has () In-Reply-To: <6.2.1.2.2.20060315130655.036d05a8@pop.mail.yahoo.com> References: <6.2.1.2.2.20060315130655.036d05a8@pop.mail.yahoo.com> Message-ID: <200603160928.02767.james@grayonline.id.au> On Thu, 16 Mar 2006 08:06, hermit921 wrote: > Just ran into an odd problem. The new Exchange server here seems to > reject any message with parentheses () in the body From line. It rejects > as "sender denied", after the entire message has been seen by Exchange, > as soon as I type in the period. OK, idiot misleading error message, but > I want to know if this violates any of the smtp RFCs? Or is anyone > unfortunate enough to know if this is an Exchange configuration setting? > > hermit921 The way I read RFC822 (and 2822) is that if an MTA is going to reject a message it should do so as early in the transaction as possible. It should never accept a message it will not deliver. So, if Exchange is dropping the message after the final "dot+" due to a malformed or rejected address, it should have done it during the "MAIL FROM:" or "RCPT TO:" stage. IOW, I believe this violates the RFC. But hey, it's Micrsoft - since when to THEY care about published standards?!? Cheers, James -- joeyh: I was down since midmorning yesterday and pacbell said this morning that AT&T was to blame and almost all of the state was down dunno why people insist the internet can survive a nuclear holocaust when it can't survive a backhoe -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060316/41884628/attachment.bin From jethro.binks at strath.ac.uk Wed Mar 15 22:34:44 2006 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Wed Mar 15 22:34:45 2006 Subject: From line has () In-Reply-To: <200603160928.02767.james@grayonline.id.au> References: <6.2.1.2.2.20060315130655.036d05a8@pop.mail.yahoo.com> <200603160928.02767.james@grayonline.id.au> Message-ID: <20060315223212.C84236@defjam.cc.strath.ac.uk> On Thu, 16 Mar 2006, James Gray wrote: > On Thu, 16 Mar 2006 08:06, hermit921 wrote: > > Just ran into an odd problem. The new Exchange server here seems to > > reject any message with parentheses () in the body From line. It rejects > > as "sender denied", after the entire message has been seen by Exchange, > > as soon as I type in the period. OK, idiot misleading error message, but > > I want to know if this violates any of the smtp RFCs? Or is anyone > > unfortunate enough to know if this is an Exchange configuration setting? > > > > hermit921 > > The way I read RFC822 (and 2822) is that if an MTA is going to reject a > message it should do so as early in the transaction as possible. It > should never accept a message it will not deliver. So, if Exchange is > dropping the message after the final "dot+" due to a malformed or > rejected address, it should have done it during the "MAIL FROM:" or > "RCPT TO:" stage. IOW, I believe this violates the RFC. But hey, it's > Micrsoft - since when to THEY care about published standards?!? That's nonesense, and even if you believed it, it bears no relation to his original question. He said the problem was in the 'body From', which is part of the DATA of the message, which is what is being received right before the +CR. So it couldn't reject it any sooner on that basis, regardless of what the RFC says. It is quite common to defer rejecting an email until right to the end of the SMTP transaction, and required if the reason for rejecting might be related to the actual content of the email, rather than the envelope information. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From ugob at camo-route.com Thu Mar 16 01:19:57 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Thu Mar 16 01:20:11 2006 Subject: To whitelist or not... In-Reply-To: <200603160924.21258.james@grayonline.id.au> References: <200603160924.21258.james@grayonline.id.au> Message-ID: James Gray wrote: > Hi All, > > Here's the situation. We don't do any spam scanning in MailScanner (RBL's > etc) - we handle all spam filtering in SpamAssassin. MailScanner then does > all the virus/attachment/phishing/etc checks. > > Up until recently, we've been adding addresses to the spam.whitelist.rules > to exempt messages from being flagged as spam. We don't deliver > spamassassin reports in the headers so the only thing this did was add to > our rule hit counts in MailWatch. > > I've done an experiment. I've created a rule set for the "Use SpamAssassin" > config option and moved a few of the whitelisted addresses into there with > a "no" action. IOW, the "use.sa.rules" file looks like this: > From: whitelist_add1@domain no > From: whitelist_add2@another-domain no > FromOrTo: default yes > > We get a LOT of mail from these whitelisted addresses (they are > notifications and messages generated by our systems and our customers' > systems) and consequently add a nontrivial amount of load. > > My thinking is that by stopping them from going through SpamAssassin I'll > reduce the load, and still achieve the desired effect of "whitelisting" > them. I still want the virus/attachment/etc checking done, just none of > the spam stuff. It appears to be working as I want but I'm not sure if > I've missed something important. > > Have I missed something? Or is this a reasonable approach? I think it is reasonable. You may be more secure if you'd add one condition to your ruleset: the IP of their server. This way, you reduce the risk of getting spam with a forged address (using your clients). In the end, your users will tell you if it has negative effect on spam-filtering results. You could use only IP's for e-mail generated from your systems. Of course, if one of your systems gets compromised and start sending spam, you have less chance noticing it. There are other means of lowering your load (using rbls, greylisting, etc) but this one may make sense for you and other people. > > Cheers. > > James > From nathan at tcpnetworks.net Thu Mar 16 02:22:10 2006 From: nathan at tcpnetworks.net (Nathan Johanson) Date: Thu Mar 16 02:22:14 2006 Subject: OT: Need Help with Sendmail Issue Message-ID: <0D358E80F09E374486987C6A7E0D0B640E0CE8@exch-mail.in.tcpnetworks.com> Hello all, I apologize for posting a sendmail-only topic to the MailScanner list, but I figured this list has a signifigant amount of collective Sendmail knowledge (and everyone is so helpful). I have a server running RHEL 3.x with the latest versions of MailScanner, SpamAssassin, Clam, etc. It's using the stock RPM of Sendmail version 8.12.11. The system is configured to filter and forward mail to an internal Exchange Server, with corresponding entries in the mailertable and relay-domains files. It properly accepts mail for the domains in question and routes them to the internal system - no problem. The issue lies with mail sent to local accounts, such as root, postmaster, or any other account I create locally. This means that my logwatch mailings, cron logs, etc. --anything addressed to root are not delivered and get dumped in /etc/mail/clientmqueue. Here is an excerpt from the maillogs when I try sending an email to root, using something like "mail root" from the command line. I have already confirmed that the root and postmaster aliases are active... the root alias is redirected to another email account tech@somedomain.org (sending email directly to this account works just fine). I've done this sort of thing on several servers w/out issue. The /var/ partition isn't full and I don't think it's a permissions problem. I have some experience with Sendmail, but I'm not a guru by any stretch. I'm pretty much out of ideas at this point, so I'm hoping one of you may have some suggestions. smtp.somedomain.org is the host name of the server in question. What's particularly odd is that it returns a "DSN: User unknown" when sending to root@localhost. I just don't get it. Thanks in advance! Mar 15 14:36:53 smtp sendmail[2133]: k2FMarkG002133: from=root, size=34, class=0, nrcpts=1, msgid=<200603152 236.k2FMarkG002133@smtp.somedomain.org>, relay=root@localhost Mar 15 14:36:53 smtp sendmail[2135]: k2FMarmW002135: ruleset=check_rcpt, arg1=, relay= smtp.somedomain.org [127.0.0.1], reject=550 5.0.0 ... User Unknown Mar 15 14:36:53 smtp sendmail[2133]: k2FMarkG002133: to=root@localhost, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30034, relay=[127.0.0.1] [127.0.0.1], dsn=5.0.0, stat=User unknown Mar 15 14:36:53 smtp sendmail[2135]: k2FMarmW002135: from=, size=34, class=0, nrcpts=0 , proto=ESMTP, daemon=MTA, relay=smtp.somedomain.org [127.0.0.1] Mar 15 14:36:53 smtp sendmail[2133]: k2FMarkG002133: k2FMarkH002133: DSN: User unknown Mar 15 14:36:53 smtp sendmail[2135]: k2FMarmY002135: ruleset=check_rcpt, arg1=, relay= smtp.somedomain.org [127.0.0.1], reject=550 5.0.0 ... User Unknown Mar 15 14:36:53 smtp sendmail[2133]: k2FMarkH002133: to=root, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31058, relay=[127.0.0.1] [127.0.0.1], dsn=5.0.0, stat=User unknown Mar 15 14:36:53 smtp sendmail[2135]: k2FMarmY002135: from=<>, size=1058, class=0, nrcpts=0, proto=ESMTP, dae mon=MTA, relay=smtp.somedomain.org [127.0.0.1] Mar 15 14:36:53 smtp sendmail[2133]: k2FMarkH002133: k2FMarkI002133: return to sender: User unknown Mar 15 14:36:53 smtp sendmail[2135]: k2FMarma002135: ruleset=check_rcpt, arg1=, relay=smtp.somedomain.org [127.0.0.1], reject=550 5.0.0 ... User Unknown Mar 15 14:36:53 smtp sendmail[2133]: k2FMarkI002133: to=postmaster, delay=00:00:00, xdelay=00:00:00, mailer= relay, pri=32082, relay=[127.0.0.1] [127.0.0.1], dsn=5.0.0, stat=User unknown Mar 15 14:36:53 smtp sendmail[2135]: k2FMarma002135: from=<>, size=2082, class=0, nrcpts=0, proto=ESMTP, dae mon=MTA, relay=smtp.somedomain.org [127.0.0.1] Mar 15 14:36:53 smtp sendmail[2133]: k2FMarkH002133: Losing ./qfk2FMarkH002133: savemail panic Mar 15 14:36:53 smtp sendmail[2133]: k2FMarkH002133: SYSERR(root): savemail: cannot save rejected email anyw here Sincerely - Nathan From alex at nkpanama.com Thu Mar 16 02:53:00 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Mar 16 02:53:06 2006 Subject: OT: Need Help with Sendmail Issue In-Reply-To: <0D358E80F09E374486987C6A7E0D0B640E0CE8@exch-mail.in.tcpnetworks.com> References: <0D358E80F09E374486987C6A7E0D0B640E0CE8@exch-mail.in.tcpnetworks.com> Message-ID: <4418D30C.9050504@nkpanama.com> Do you have root@ and the other bouncing addresses in your mailertable as well? Nathan Johanson wrote: > Exchange Server, with corresponding entries in the mailertable and > relay-domains files. It properly accepts mail for the domains in > > (snip) > Sincerely - Nathan > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From ugob at camo-route.com Thu Mar 16 05:32:45 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Thu Mar 16 05:33:03 2006 Subject: spamassassin timeouts help In-Reply-To: <8D8A77DC1FA09546936E74FC3EEC627A3B1FDE@FREXGENEVA-01.frfr.foxriver.com> References: <8D8A77DC1FA09546936E74FC3EEC627A3B1FDE@FREXGENEVA-01.frfr.foxriver.com> Message-ID: Kosta Lekas wrote: > Hi everyone, > > I would like to figure out how to prevent or minimize spamassassin > timeouts. Problem is I?m not exactly sure what causes it to time out in > the first place (if someone can explain it to me that would be great). I > have 3 MailScanner gateways running on different DMZ?s, MX01, MX02, and > MX03. > http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:performance http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mailscanner http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:spamassassin:timeouts May not help performance, but you should think about upgrading SpamAssassin and ClamAV to the latest version. > 1. MX01 is used primarily for mail archiving relay to IronMountain. I > have an internal MS Exchange server, anything sent or received by any of > my users is archived to archiveaddress@ironmountain.com > ; It is relayed from Exchange > box to MX01 and then to IronMountain?s SMTP servers. MX01 is also a > backup MX listed in my public mx pool with a high weight so I do see a > lot of spammers trying to hit it. This guy processes an average of 2500 > messages a day and 1/80 mails get spamassassin timeouts on this relay. > > > > 2. MX02 is my outgoing (internet bound relay) as well as my primary > incoming mail server listed with the lowest weight in public DNS. This > guy processes an average of 1200 messages a day and 1/190 mails get > spamassassin timeouts on this relay. > > > > 3. MX03 is a backup relay for internetbound and incoming and is listed > in public DNS with a higher weight that MX02 so I do see a lot of > spammers try to hit it. This guy processes only 120 messages a day and > 1/10 mails get spamassassin timeouts on this relay. > > > > What is getting me is the low amount of messages that MX03 is receiving > but yet is having so many spamassassin timeouts. Most of the spam that > gets thru has come from MX03 and from examination of the headers I can > see that spamassassin timed out, but it does catch about 50 a day. Why > so many timeouts on this guy. I have included some log entries at the > end of this email. > > > > On All 3 relays: > > Max Spam List Timeouts = 7 > > Spam List Timeouts History = 10 > > Max SpamAssassin Timeouts = 10 > > SpamAssassin Timeouts History = 30 > > Max Custom Spam Scanner Timeouts = 10 > > MCP Max SpamAssassin Timeouts = 20 > > > > The only thing different on MX03 is that I am using the latest > MailScanner with the feature ?Cache SpamAssassin Results = yes? > > > > Here are the Specs for all three relays as you can see MX02 has the best > hardware, MX03 comes in second and then MX01. > > > > MX01 specs: > > 1 CPU Pentium 3, 1.4GHz, 500MB of ram > > Red Hat Enterprise Linux WS release 4 (Nahant Update 2) > > Perl version 5.008005 (5.8.5) > > MailScanner version 4.42.9 > > postfix-2.1.5-4.2.RHEL4 > > spamassassin-3.0.4-1_25.el4.at (using DCC) > > clamav-0.87-1.2.el4.rf > > > > MX02 specs: > > Dual Xeon, 3.2GHz, 4GB of ram > > Red Hat Enterprise Linux WS release 4 (Nahant Update 2) > > Perl version 5.008005 (5.8.5) > > MailScanner version 4.45.4 > > postfix-2.1.5-4.2.RHEL4 > > spamassassin-3.0.4-1.el4 (using DCC) > > clamav-0.87-1.2.el4.rf > > > > MX03 specs: > > Dual Xeon, 2.8GHz, 2G of ram > > Fedora Core release 4 (Stentz) > > Perl version 5.008006 (5.8.6) > > MailScanner version 4.51.4 > > postfix-2.2.2-2 > > spamassassin-3.0.4-2.fc4 (using DCC, using spamassassin cache feature) > > clamav-0.88-1.fc4 (using clamavmodule) > From craig at csfs.co.za Thu Mar 16 06:11:06 2006 From: craig at csfs.co.za (Craig Retief (CSFS)) Date: Thu Mar 16 06:11:20 2006 Subject: Spamassassin 3.1.1 In-Reply-To: <20060315163751.0A306BB4D@mx.dtiltas.lt> Message-ID: On Wed, 15 Mar 2006 10:58:07 -0500 Stephen Swaney wrote: > Ditto here. It's an easy upgrade from 3.0.1 and I didn't see that any > changes were necessary to the existing configuration but the UPGRADE file > only referred to SpamAssassin 3.0.1. > > The Changes file seem to show many, many "fixes" but I can't find > documentation that parallels Julian's really complete Change Logs :( > > Anyone know of any major improvements or added functionally in 3.1.1? One improvement that I have noticed is that I don't get the DomainKeys perl warning any more when I do the spamassassin lint test. ;) Craig From mailscanner at PDSCC.COM Thu Mar 16 06:59:24 2006 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Thu Mar 16 07:01:00 2006 Subject: mail queue size errors Message-ID: <200603191825.KAA06932@sheridan.sibble.net> Running MS mailscanner-4.49.7-1 on Centos 4.2 with postfix. This was a new box that was built to replace an older 4.2.x version of MS on Mandrake 9.2. I migrated the configuration from the old box and did an upgrade on the new box, however, even though we have no size restrictions on attachements in MailScanner.conf, anything around 10mb or larger is getting bounced. With some testing, I see the following in the logs on the MS machine. Mar 15 22:23:12 mailscan2 postfix/cleanup[23774]: warning: C7D6D14EBEF: queue file size limit exceeded I've checked the list archives at Gmane, but nothing useful found. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From lhaig at haigmail.com Thu Mar 16 07:25:24 2006 From: lhaig at haigmail.com (Lance Haig) Date: Thu Mar 16 07:25:28 2006 Subject: Does this error from debug mean anything? Message-ID: <441912E4.3020501@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I was reading through the performance post earlier and wanted to check my system to see how it performed. so I did the hdparm thing to see if my disk IO was the problem this is the result mailhost:~ # /sbin/hdparm -tT /dev/sda /dev/sda: /dev/sda: Timing cached reads: 4048 MB in 2.00 seconds = 2023.30 MB/sec Timing buffered disk reads: 100 MB in 3.17 seconds = 31.59 MB/sec mailhost:~ # I then setup Mailscanner to run in debug for mailscanner and spamassassin, I watched the message being proccessed and this is the only error I found. Ignore errors about failing to find EOCD signature commit ineffective with AutoCommit enabled at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 35. Commmit ineffective while AutoCommit is on at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 35. I ran a check_Mailscanner and these are the errors I found Use of uninitialized value in hash element at /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received.pm line 320, line 4. Use of uninitialized value in hash element at /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received.pm line 321, line 4. Use of uninitialized value in hash element at /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received.pm line 320, line 4. Use of uninitialized value in hash element at /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received.pm line 321, line 4. Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received.pm line 225, line 4. Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received.pm line 227, line 4. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received.pm line 228, line 4. format error: file is too short at /usr/sbin/MailScanner line 780 commit ineffective with AutoCommit enabled at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 34. Commmit ineffective while AutoCommit is on at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 34. Has this been seen before? Thanks Lance -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEGRLkM4kHBIBZ61gRArfdAJ9mhqZjfvapGMUdXoiKjROgvTRI+gCfcQIP R7ggwRNsysiRsexWr1L8J0k= =7vrY -----END PGP SIGNATURE----- From support-lists at petdoctors.co.uk Thu Mar 16 08:39:32 2006 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Mar 16 08:39:51 2006 Subject: Spamassassin 3.1.1 In-Reply-To: Message-ID: <00a101c648d5$270068d0$04000100@support01> Working OK on three sites, but on one I am now getting: Apart from SpamAssassin, we are running razor and clamAV but none of the other AV/spam tools listed. ***NOTICE***: spamassassin --lint failed. This means that you have an error somwhere in your SpamAssassin configuration. To determine what the problem is, please run 'spamassassin --lint' from a shell and notice the error messages it prints. For more (debug) information, add the -D switch to the command. Usually the problem will be found in local.cf, user_prefs, or some custom rulelset found in /etc/mail/spamassassin. Here are the errors that 'spamassassin --lint' reported: failed to create instance of plugin Mail::SpamAssassin::Plugin::Pyzor: Can't locate object method "register_commands" via package "Mail::SpamAssassin::Conf::Parser" at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/Pyzor.pm line 162. failed to create instance of plugin Mail::SpamAssassin::Plugin::SpamCop: Can't locate object method "register_commands" via package "Mail::SpamAssassin::Conf::Parser" at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/SpamCop.pm line 155. failed to create instance of plugin Mail::SpamAssassin::Plugin::AWL: Can't locate object method "register_commands" via package "Mail::SpamAssassin::Conf::Parser" at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/AWL.pm line 313. failed to create instance of plugin Mail::SpamAssassin::Plugin::AutoLearnThreshold: Can't locate object method "register_commands" via package "Mail::SpamAssassin::Conf::Parser" at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/AutoLearnThreshold.p m line 115. failed to create instance of plugin Mail::SpamAssassin::Plugin::WhiteListSubject: Can't locate object method "register_commands" via package "Mail::SpamAssassin::Conf::Parser" at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/WhiteListSubject.pm line 103. failed to create instance of plugin Mail::SpamAssassin::Plugin::MIMEHeader: Can't locate object method "register_commands" via package "Mail::SpamAssassin::Conf::Parser" at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/MIMEHeader.pm line 142. failed to create instance of plugin Mail::SpamAssassin::Plugin::ReplaceTags: Can't locate object method "register_commands" via package "Mail::SpamAssassin::Conf::Parser" at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/ReplaceTags.pm line 262. configuration file "/usr/share/spamassassin/20_advance_fee.cf" requires version 3.001000 of SpamAssassin, but this is code version 3.000005. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 332. configuration file "/usr/share/spamassassin/20_net_tests.cf" requires version 3.001000 of SpamAssassin, but this is code version 3.000005. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 332. config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@nytimes.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@amazon.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@*.amazon.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@amazon.co.uk config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@*.amazon.co.uk config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@ora.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@*.ora.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@bn.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@mypoints.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@*.mypoints.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@paypal.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@ebay.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@foolsubs.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@match.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@walmart.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@securityfocus.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@mediaunspun.imakenews.net config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@bdcimail.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@silicon.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@newsletter.online.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@enews.buy.com config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@palm.m0.net config: SpamAssassin failed to parse line, skipping: def_whitelist_from_spf *@handspring.4at1.com invalid rule: NK_SCAM_LOTTO1 Failed to run __ENV_AND_HDR_FROM_MATCH SpamAssassin test, skipping: (Can't locate object method "check_for_matching_env_and_hdr_from" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2341. ) Failed to run USER_IN_DEF_SPF_WL SpamAssassin test, skipping: (Can't locate object method "check_for_def_spf_whitelist_from" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2341. ) Failed to run USER_IN_SPF_WHITELIST SpamAssassin test, skipping: (Can't locate object method "check_for_spf_whitelist_from" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2341. ) lint: 29 issues detected. please rerun with debug enabled for more information. From support-lists at petdoctors.co.uk Thu Mar 16 09:16:47 2006 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Mar 16 09:16:59 2006 Subject: Spamassassin 3.1.1 In-Reply-To: <00a101c648d5$270068d0$04000100@support01> Message-ID: <00ba01c648da$5b3d6b20$04000100@support01> Further to my previous, I have now reinstalled SpamAssassin (and ClamAV) from Julian's package and the new --lint now mentions a typo in one of my rules (extra space!). Fixing this (and reinstalling) has made most of the other errors go away, except for the following: [15709] warn: config: failed to parse line, skipping: razor_config /var/spool/MailScanner/spamassassin This refers to a line in /etc/mail/spamassassin/mailscanner.cf... razor_config /var/spool/MailScanner/spamassassin Yes, we are running razor - at least I installed it about a year ago and I've had no problems since. If I look in /var/spool/MailScanner/spamassassin all I can see is 4 bayes files - is something (now!?) missing? Thoughts anyone? Thanks From martinh at solid-state-logic.com Thu Mar 16 10:00:41 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Mar 16 10:01:09 2006 Subject: Does this error from debug mean anything? In-Reply-To: <441912E4.3020501@haigmail.com> Message-ID: <007001c648e0$7db8e020$3004010a@martinhlaptop> Lance Check the spamassassin config is OK.. spamassassin -D --lint Looks like you may have a syntax error in an SA rule.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Lance Haig > Sent: 16 March 2006 07:25 > To: MailScanner discussion > Subject: Does this error from debug mean anything? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > I was reading through the performance post earlier and wanted to check > my system to see how it performed. > > so I did the hdparm thing to see if my disk IO was the problem this is > the result > > mailhost:~ # /sbin/hdparm -tT /dev/sda /dev/sda: > > /dev/sda: > Timing cached reads: 4048 MB in 2.00 seconds = 2023.30 MB/sec > Timing buffered disk reads: 100 MB in 3.17 seconds = 31.59 MB/sec > mailhost:~ # > > I then setup Mailscanner to run in debug for mailscanner and > spamassassin, I watched the message being proccessed and this is the > only error I found. > > Ignore errors about failing to find EOCD signature > commit ineffective with AutoCommit enabled at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 35. > Commmit ineffective while AutoCommit is on at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 35. > > > I ran a check_Mailscanner and these are the errors I found > > > > Use of uninitialized value in hash element at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 320, line 4. > Use of uninitialized value in hash element at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 321, line 4. > Use of uninitialized value in hash element at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 320, line 4. > Use of uninitialized value in hash element at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 321, line 4. > Use of uninitialized value in pattern match (m//) at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 225, line 4. > Use of uninitialized value in pattern match (m//) at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 227, line 4. > Use of uninitialized value in concatenation (.) or string at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 228, line 4. > > > format error: file is too short > at /usr/sbin/MailScanner line 780 > > > commit ineffective with AutoCommit enabled at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 34. > Commmit ineffective while AutoCommit is on at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 34. > > > > Has this been seen before? > > Thanks > > Lance > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFEGRLkM4kHBIBZ61gRArfdAJ9mhqZjfvapGMUdXoiKjROgvTRI+gCfcQIP > R7ggwRNsysiRsexWr1L8J0k= > =7vrY > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From drew at themarshalls.co.uk Thu Mar 16 11:22:36 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Thu Mar 16 11:22:45 2006 Subject: mail queue size errors In-Reply-To: <200603191825.KAA06932@sheridan.sibble.net> References: <200603191825.KAA06932@sheridan.sibble.net> Message-ID: <40372.194.70.180.170.1142508156.squirrel@webmail.r-bit.net> On Thu, March 16, 2006 06:59, Harondel J. Sibble wrote: > Running MS mailscanner-4.49.7-1 on Centos 4.2 with postfix. This was a > new > box that was built to replace an older 4.2.x version of MS on Mandrake > 9.2. > > I migrated the configuration from the old box and did an upgrade on the > new > box, however, even though we have no size restrictions on attachements in > MailScanner.conf, anything around 10mb or larger is getting bounced. With > some testing, I see the following in the logs on the MS machine. > > Mar 15 22:23:12 mailscan2 postfix/cleanup[23774]: warning: C7D6D14EBEF: > queue > file size limit exceeded This is not a MailScanner error but a Postfix one. Check main.cf for message_size_limit option and adjust accordingly. This happens when a mail server that doesn't understand ESMTP (Where the message size parameter is checked) sends a file. In plain SMTP the message size parameter is not checked and relies on the MTA bouncing the message. I would guess the incoming MTA is an unpatched qMail server. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From linux_spartacus at yahoo.com Thu Mar 16 12:20:21 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Thu Mar 16 12:20:53 2006 Subject: How to whitelist my clietns ? In-Reply-To: <441622D9.4030505@nkpanama.com> Message-ID: <20060316122027.71372.qmail@web35604.mail.mud.yahoo.com> Alex Neuman van der Hans wrote: But seriously... You should really do your homework before asking questions like that. It's like asking "how do I drive the car in reverse?", which makes it appear as if perhaps you shouldn't be behind the wheel. In any case, look to http://wiki.mailscanner.info/posting before posting. The option you're looking for is in mailscanner.conf, and it's called "is definitely not spam =" and it's set to %rules-dir%/spam.whitelist.rules - which means you should edit that file in order to add your client to the "it's definitely not spam" category. It reads by default: "FromOrTo: default no" - which means the default is "no, I don't think of anything at all as 'not spam'" You should add (before this line) a line that says: From: myclient@hisdomain.com yes So that it marks him as not spam... But that brings you the problem of people POSING as him, impersonating his e-mail address. You should *really* look into the REASON why they're being marked as SPAM and correct it, otherwise you're just not doing anything about it. In any case, you should really buy the book or read the FAQ/MAQ/Wiki. I've had all my clients buy the book (there are three, I think, that already sent for it, the others are on their way), and I've heard from one of my clients that already has the book that it's an excellent read. Alex Neuman van der Hans wrote: Sure. Read the part about rulesets in the configuration file. spart cus wrote: Im not really very familiar with this.Can you give me some guidelines? Alex Neuman van der Hans wrote: Use a ruleset. spart cus wrote: hi guys, ive recently noticed that one my clients using the name SysAd on his email client is being detected as spam.How can i manually tell my MS not to tagged this client ? thanks --------------------------------- Yahoo! Travel Find great deals to the top 10 hottest destinations! -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --------------------------------- Yahoo! Travel Find great deals to the top 10 hottest destinations! -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ Alex Neuman van der Hans wrote: Sure. Read the part about rulesets in the configuration file. spart cus wrote: Im not really very familiar with this.Can you give me some guidelines? Alex Neuman van der Hans wrote: Use a ruleset. spart cus wrote: hi guys, ive recently noticed that one my clients using the name SysAd on his email client is being detected as spam.How can i manually tell my MS not to tagged this client ? thanks --------------------------------- Yahoo! Travel Find great deals to the top 10 hottest destinations! -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --------------------------------- Yahoo! Travel Find great deals to the top 10 hottest destinations! -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! thanks for the reply. i already read it and found out that i dont have anything listed on my spam.whitelist.rules here's what i want to do. 1. Allow SysAd sender (From) 2. Deny Sportal.com (From) FromorTo: SysAd yes FromorTo: Sportal.com no FromorTo: default no is this correct ? to check if i understand it correctly thanks. --------------------------------- Yahoo! Travel Find great deals to the top 10 hottest destinations! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060316/c340dcf0/attachment.html From james at grayonline.id.au Thu Mar 16 13:32:02 2006 From: james at grayonline.id.au (James Gray) Date: Thu Mar 16 13:32:31 2006 Subject: From line has () In-Reply-To: <20060315223212.C84236@defjam.cc.strath.ac.uk> References: <6.2.1.2.2.20060315130655.036d05a8@pop.mail.yahoo.com> <200603160928.02767.james@grayonline.id.au> <20060315223212.C84236@defjam.cc.strath.ac.uk> Message-ID: <200603170032.06538.james@grayonline.id.au> On Thu, 16 Mar 2006 09:34, Jethro R Binks wrote: > On Thu, 16 Mar 2006, James Gray wrote: > > On Thu, 16 Mar 2006 08:06, hermit921 wrote: > > > Just ran into an odd problem. The new Exchange server here seems to > > > reject any message with parentheses () in the body From line. It > > > rejects as "sender denied", after the entire message has been seen by > > > Exchange, as soon as I type in the period. OK, idiot misleading > > > error message, but I want to know if this violates any of the smtp > > > RFCs? Or is anyone unfortunate enough to know if this is an Exchange > > > configuration setting? > > > > > > hermit921 > > > > The way I read RFC822 (and 2822) is that if an MTA is going to reject a > > message it should do so as early in the transaction as possible. It > > should never accept a message it will not deliver. So, if Exchange is > > dropping the message after the final "dot+" due to a malformed or > > rejected address, it should have done it during the "MAIL FROM:" or > > "RCPT TO:" stage. IOW, I believe this violates the RFC. But hey, it's > > Micrsoft - since when to THEY care about published standards?!? > > That's nonesense, and even if you believed it, it bears no relation to > his original question. Erm, read RFC2821 specifically section 3.3. (Paraphrasing) Messages should be rejected as soon as possible. However, I did misread to OP's question, and I accept that this, and my earlier comments, have nothing to do with their problem. > He said the problem was in the 'body From', which is part of the DATA of > the message, which is what is being received right before the +CR. > So it couldn't reject it any sooner on that basis, regardless of what the > RFC says. In fact, the RFC says it SHOULDN'T process any actions based on the DATA section until the transaction is terminated with the "." sequence. But that wasn't what I was referring to - I was specifically commenting on the envelope addresses - as I said, my bad; I misread the OP's question. > It is quite common to defer rejecting an email until right to the end of > the SMTP transaction, and required if the reason for rejecting might be > related to the actual content of the email, rather than the envelope > information. Half right. If an MTA is going to reject a message based on the envelope info, it should return an error (5xx) after either the MAIL or RCPT commands (RFC2821). Rejecting based on the body/DATA can ONLY be done after the DATA is terminated with "." (again, RFC2821). Now to answer the OP's question. Sorry, it looks like Exchange actually does something with the "From:" header that is preventing it from accepting a message. This doesn't violate the RFC because the "From:" header is conmtained in the DATA section and Exchange shouldn't do anything until it is properly terminated with the ".". Best bet would be to dig around the support site at MS. Sorry :( Cheers, James -- Due to lack of disk space, this fortune database has been discontinued. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060317/aa517977/attachment.bin From Peter.Bates at lshtm.ac.uk Thu Mar 16 13:56:30 2006 From: Peter.Bates at lshtm.ac.uk (Peter Bates) Date: Thu Mar 16 13:57:00 2006 Subject: Spamassassin 3.1.1 In-Reply-To: <00ba01c648da$5b3d6b20$04000100@support01> References: <00a101c648d5$270068d0$04000100@support01> <00ba01c648da$5b3d6b20$04000100@support01> Message-ID: <44196E8E0200007600003D4D@193.63.251.15> Hello all... > support-lists@petdoctors.co.uk 16/03/06 09:16:47 >>> >[15709] warn: config: failed to parse line, skipping: razor_config >/var/spool/MailScanner/spamassassin >This refers to a line in /etc/mail/spamassassin/mailscanner.cf... >razor_config /var/spool/MailScanner/spamassassin Well, if it's anything like mine (mind you, I haven't updated to SA 3.1.1 yet), I have: razor_config /var/spool/MailScanner/spamassassin/razor/razor-agent.conf i.e. pointing to an actual file, not a directory. That file then contains: razorhome=/var/spool/MailScanner/spamassassin/razor ... which I always thought was a bit odd, but I get no errors from --lint. ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 From Denis.Beauchemin at USherbrooke.ca Thu Mar 16 14:07:00 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Mar 16 14:07:16 2006 Subject: Phishing fraud undetected Message-ID: <44197104.2000108@USherbrooke.ca> Hello all, This morning I came across the following HTML code that was not picked up by MS: > To ensure that your service is not interrupted, > > please update > your account information today > color="#000099"> > href=" https://www.paypal.com/cgi-bin/webscr?cmd=_login-run"> > > > > href="http://lasvegasy.web.lowfathost.com/PayPal-Update/PayPal/update.htm"> > by > > clicking > here. I find it strange that there are 2 in a row but the second one is clearly a phishing attempt. Is it because the URL does not start with www? I'm using MS 4.50.10-1. Thanks! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060316/95a3d3ee/smime.bin From tallett at ocvc.ac.uk Thu Mar 16 14:22:07 2006 From: tallett at ocvc.ac.uk (Trevor Allett) Date: Thu Mar 16 14:22:17 2006 Subject: byes_toks.expireXXX files {OCVC Scanned} Message-ID: <287C63D91CBD264B9C56BB36F7DEF5832C80D1@ox01.occ.local> Hi list, As previously stated I have inherited a pair of MailScanners, the previous admin left. On one of them I have been having a problem with disk space, the problem seems to be the "bayes_toks.expire" files (at /root/.spamassassin/), 5GBs of them. The fix, as I understand it, is; (How do I control the bayes database from growing out of control right now?) Stop MS. Delete all files except bayes_journal, bayes_seen and bayes_toks. Now run "sa-learn --force-expire". ...am I correct? How do I "Stop MS"? and will the Directory fill up again? BTW Thanks for previous help with the DAT files. ------------------------------------ Trevor Allett. IT Services Officer Oxford and Cherwell Valley College Oxfordshire - UK -- Notice: The contents of this message are confidential and may be legally privileged. If you are not the intended recipient any disclosure, copying, printing or distribution of the contents is prohibited and may be unlawful. If you have received this message in error please inform the sender and remove it from your system. Any views or opinions expressed in this message are the responsibility of the originator and do not necessarily reflect those of Oxford and Cherwell Valley College, unless explicitly stated otherwise. This message has been scanned at the Oxford and Cherwell Valley College email gateway using MailScanner (www.mailscanner.info) and is believed to be free of viruses and dangerous content. You are advised, however, to carry out your own checks before opening any attachment(s). From jethro.binks at strath.ac.uk Thu Mar 16 14:26:47 2006 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Thu Mar 16 14:26:49 2006 Subject: From line has () In-Reply-To: <200603170032.06538.james@grayonline.id.au> References: <6.2.1.2.2.20060315130655.036d05a8@pop.mail.yahoo.com> <200603160928.02767.james@grayonline.id.au> <20060315223212.C84236@defjam.cc.strath.ac.uk> <200603170032.06538.james@grayonline.id.au> Message-ID: <20060316140416.R88337@defjam.cc.strath.ac.uk> On Fri, 17 Mar 2006, James Gray wrote: > > > The way I read RFC822 (and 2822) is that if an MTA is going to reject a > > > message it should do so as early in the transaction as possible. It > > > should never accept a message it will not deliver. So, if Exchange is > > > dropping the message after the final "dot+" due to a malformed or > > > rejected address, it should have done it during the "MAIL FROM:" or > > > "RCPT TO:" stage. IOW, I believe this violates the RFC. But hey, it's > > > Micrsoft - since when to THEY care about published standards?!? > > > > That's nonesense, and even if you believed it, it bears no relation to > > his original question. > > Erm, read RFC2821 specifically section 3.3. (Paraphrasing) Messages > should be rejected as soon as possible. However, I did misread to OP's > question, and I accept that this, and my earlier comments, have nothing > to do with their problem. You said "I believe this violates the RFC". It doesn't. The RFC advises that you SHOULD do something a particular way, but does not forbid you from doing it another way if you have strong reasons for doing so, as per the terminology of section 2.3. One of these strong reasons might be that for logging and tracking purposes you want to record more information about the message content. However the RFC does point out, late in that section, "Using a "550 mailbox not found" (or equivalent) reply code after the data are accepted makes it difficult or impossible for the client to determine which recipients failed." Another strong reason would be if your site policy states that you may find some DATA content objectionable (including mangled header content) and reject on that basis: "The DATA command can fail at only two points in the protocol exchange: ... - If the verb is initially accepted and the 354 reply issued, the DATA command should fail only if ... or if the server determines that the message should be rejected for policy or other reasons. " > > It is quite common to defer rejecting an email until right to the end of > > the SMTP transaction, and required if the reason for rejecting might be > > related to the actual content of the email, rather than the envelope > > information. > > Half right. If an MTA is going to reject a message based on the > envelope info, it should return an error (5xx) after either the MAIL or > RCPT commands (RFC2821). It should, but for one reason or another, you may decide you don't want to do it that way. And as I said, it is not uncommon to do so, and the RFC does not forbid it if you have good enough reasons for your own satisfaction (noting the disadvantages the RFC mentions). > Rejecting based on the body/DATA can ONLY be done after the DATA is > terminated with "." (again, RFC2821). Of course. When I said "right to the end of the SMTP transaction", I did in fact mean "at the end of the DATA phase". Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From joshua.hirsh at partnersolutions.ca Thu Mar 16 14:34:13 2006 From: joshua.hirsh at partnersolutions.ca (Joshua Hirsh) Date: Thu Mar 16 14:34:17 2006 Subject: From line has () Message-ID: Hi Hermit.. > Just ran into an odd problem. The new Exchange server here > seems to reject any message with parentheses () in the body From line. All RFC's and finger pointing aside.. Exchange 2003 doesn't do this by default. Check your configuration, specifically at the mailbox restrictions that you may have setup. If you have restrictions set as to who can email certain addresses in your domain, this would cause the same results as your problem. This configuration is found in your user configuration in AD, under 'Exchange General' and 'Delivery Restrictions'. Good luck.. -Joshua From bpumphrey at WoodMacLaw.com Thu Mar 16 14:43:27 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Thu Mar 16 14:43:30 2006 Subject: byes_toks.expireXXX files {OCVC Scanned} Message-ID: <04D932B0071FE34FA63EBB1977B48D15E5D4B4@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Trevor Allett > Sent: Thursday, March 16, 2006 9:22 AM > To: mailscanner@lists.mailscanner.info > Subject: byes_toks.expireXXX files {OCVC Scanned} > > Hi list, > As previously stated I have inherited a pair of MailScanners, the > previous admin left. On one of them I have been having a problem with > disk space, the problem seems to be the "bayes_toks.expire" files (at > /root/.spamassassin/), 5GBs of them. The fix, as I understand it, is; > > (How do I control the bayes database from growing out of control right > now?) > > Stop MS. Delete all files except bayes_journal, bayes_seen and > bayes_toks. Now run "sa-learn --force-expire". > > ...am I correct? How do I "Stop MS"? and will the Directory fill up > again? > > BTW Thanks for previous help with the DAT files. > > ------------------------------------ > Trevor Allett. > IT Services Officer > Oxford and Cherwell Valley College > Oxfordshire - UK > It sounds like you are new to MailScanner as I once was. I too came to a company with a MailScanner machine and had no idea of how it ran or to use it. I seen another post that you did and you were referred to the documentation. There is plenty of documentation and you should read it, but I know that it can get confusing. To answer your question: To stop mailscanner: service MailScanner stop To restart it: service MailScanner restart How do you see if it is working correctly? Get in the habit of typing this every time you restart MailScanner, service MailScanner restart && tail -f /var/log/maillog Since MailScanner logs to the default sendmail log, it is best to check that log to see if MailScanner is giving any errors. It is the best starting point to see what is wrong. The tail command will refresh the log and you can see it in real time. You can look at the log not in real time by: vi /var/log/maillog Search the internet for the various vi commands. Vi will let you edit files and so forth. Not too simple but when you learn the commands it is easy. I think most people recommend another program but vi will work if you want to use it. In the /etc/MailScanner/MailScanner.conf file there is a option that you should change to help these files. Here is what mine is set to (I had this same question in the past). Default was 0 Rebuild Bayes Every = 432000 So to do it.... vi /etc/MailScanner/MailScanner.conf Type "/" to search.. so / Type "Rebuild Bayes" Hit enter This will take you to the setting Hit "i" to insert Use the arrow keys to change the value. Do not use the num pad Hit "esc" when done The to save type ":wq" then hit enter. For humor you can read the following. We had a power failure once. After that no one was getting external email. I remembered that there was a company deskpro 500mhz computer sitting underneath a server that was our exchange server. Oh, I wonder what that machine does. It turned out to be the MailScanner machine. Whewww... Then I started messing with it, screwed it up and had to rebuild it. So started my Linux career, which is barley past newbie even still. Hope that helps. From shuttlebox at gmail.com Thu Mar 16 14:44:05 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 16 14:44:08 2006 Subject: byes_toks.expireXXX files {OCVC Scanned} In-Reply-To: <287C63D91CBD264B9C56BB36F7DEF5832C80D1@ox01.occ.local> References: <287C63D91CBD264B9C56BB36F7DEF5832C80D1@ox01.occ.local> Message-ID: <625385e30603160644y8587e21wddd49ad76a945b6d@mail.gmail.com> On 3/16/06, Trevor Allett wrote: > ...am I correct? How do I "Stop MS"? and will the Directory fill up > again? Are you on some kind of Red Hat derived Linux or something else? You should have scripts in /etc/init.d to control MailScanner. With the Red Hat stuff you can try "service MailScanner stop". Worst case: pkill MailScanner. Do you know what version of MailScanner and related software you have? Maybe you should plan an upgrade to get current. -- /peter From dnsadmin at 1bigthink.com Thu Mar 16 15:33:57 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Thu Mar 16 15:34:14 2006 Subject: Phishing fraud undetected In-Reply-To: <44197104.2000108@USherbrooke.ca> References: <44197104.2000108@USherbrooke.ca> Message-ID: <6.2.3.4.0.20060316103205.05592970@mxt.1bigthink.com> At 09:07 AM 3/16/2006, you wrote: >Hello all, > >This morning I came across the following HTML code that was not >picked up by MS: > >>To ensure that your service is not interrupted, >> >>please update >>your account information today> >>color="#000099">> >>href=" https://www.paypal.com/cgi-bin/webscr?cmd=_login-run"> >> >> > >>href="http://lasvegasy.web.lowfathost.com/PayPal-Update/PayPal/update.htm"> >>by >>clicking >>here. > >I find it strange that there are 2 in a row but the >second one is clearly a phishing attempt. Is it because the URL >does not start with www? > >I'm using MS 4.50.10-1. > >Thanks! > >Denis Hello Denis, Report to http://cgi.clamav.net/sendvirus.cgi They've accepted and incorporated my phishing reports in the past. Cheers, Glenn From prandal at herefordshire.gov.uk Thu Mar 16 16:01:38 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Mar 16 16:06:32 2006 Subject: Phishing fraud undetected Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580BB1A10B@isabella.herefordshire.gov.uk> Steve Basford has a ClamAV phishing database over at http://www.sanesecurity.com/clamav/ Dennis Davis at the University of Bath wrote a script to fetch it - here's my version: ------------------ #!/bin/sh # Shell script to fetch and update Steve Basford's anti-phishing # database. Note this is fetched via HTTP. So we'll need to set a # proxy on machines that don't have direct web access. # # DHD March 2006 set -a # probably not needed. curl=/usr/bin/curl mv=/bin/mv rm=/bin/rm #http_proxy='wwwcache.bath.ac.uk:3128' # Proxy set. #DHD#http_proxy= # No proxy. tmpbase=/tmp tmpdir=$tmpbase/anti-phishing.$$ clamdir=/usr/local/share/clamav phish_db=phish.ndb phish_reference=$clamdir/$phish_db phish_file=http://www.sanesecurity.com/clamav/$phish_db mkdir $tmpdir || exit 1 trap "$rm -rf $tmpdir; trap 0" 0 1 2 15 cd $tmpdir || exit 1 $curl --compressed -x "$http_proxy" -O -R -s \ -z $phish_reference $phish_file if [ -s $tmpdir/$phish_db ] then $mv -f $tmpdir/$phish_db $clamdir service MailScanner reload fi exit 0 ------------------ Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of dnsadmin 1bigthink.com > Sent: 16 March 2006 15:34 > To: MailScanner discussion > Subject: Re: Phishing fraud undetected > > At 09:07 AM 3/16/2006, you wrote: > > >Hello all, > > > >This morning I came across the following HTML code that was > not picked > >up by MS: > > > >>To ensure that your service is not interrupted, > >> > >>please update > >>your account information today >> > >>color="#000099"> >> > >>href=" https://www.paypal.com/cgi-bin/webscr?cmd=_login-run"> > >> > >> >> > >>href="http://lasvegasy.web.lowfathost.com/PayPal-Update/PayP al/update. > >>htm"> by > >>clicking here. > > > >I find it strange that there are 2 in a row but > the second > >one is clearly a phishing attempt. Is it because the URL does not > >start with www? > > > >I'm using MS 4.50.10-1. > > > >Thanks! > > > >Denis > Hello Denis, > > Report to http://cgi.clamav.net/sendvirus.cgi > > They've accepted and incorporated my phishing reports in the past. > > Cheers, > Glenn > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From hermit921 at yahoo.com Thu Mar 16 16:17:23 2006 From: hermit921 at yahoo.com (hermit921) Date: Thu Mar 16 16:16:28 2006 Subject: From line has () In-Reply-To: References: Message-ID: <6.2.1.2.2.20060316081303.01e62008@pop.mail.yahoo.com> At 06:34 AM 3/16/2006, Joshua Hirsh wrote: >Hi Hermit.. > > > > Just ran into an odd problem. The new Exchange server here > > seems to reject any message with parentheses () in the body From line. > > > All RFC's and finger pointing aside.. Exchange 2003 doesn't do this by > default. Check your configuration, specifically at the mailbox > restrictions that you may have setup. If you have restrictions set as to > who can email certain addresses in your domain, this would cause the same > results as your problem. > > This configuration is found in your user configuration in AD, under > 'Exchange General' and 'Delivery Restrictions'. > > Good luck.. > >-Joshua >-- I got a little more information late yesterday. If there is a syntactically valid email address after the (), the message is accepted. So just the presence of () is not the complete criteria. From: brgg works From: (brgg) fails From: (brgg) berby@sony.com works The Exchange people here are trying to figure out if they can do anything about this. hermit921 From lhaig at haigmail.com Thu Mar 16 16:21:22 2006 From: lhaig at haigmail.com (Lance Haig) Date: Thu Mar 16 16:21:28 2006 Subject: Does this error from debug mean anything? In-Reply-To: <007001c648e0$7db8e020$3004010a@martinhlaptop> References: <007001c648e0$7db8e020$3004010a@martinhlaptop> Message-ID: <44199082.5070505@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 great thanks I will have a look Lance Martin Hepworth wrote: > Lance > > Check the spamassassin config is OK.. > > > spamassassin -D --lint > > > Looks like you may have a syntax error in an SA rule.. > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Lance Haig >> Sent: 16 March 2006 07:25 >> To: MailScanner discussion >> Subject: Does this error from debug mean anything? >> > Hi, > > I was reading through the performance post earlier and wanted to check > my system to see how it performed. > > so I did the hdparm thing to see if my disk IO was the problem this is > the result > > mailhost:~ # /sbin/hdparm -tT /dev/sda /dev/sda: > > /dev/sda: > Timing cached reads: 4048 MB in 2.00 seconds = 2023.30 MB/sec > Timing buffered disk reads: 100 MB in 3.17 seconds = 31.59 MB/sec > mailhost:~ # > > I then setup Mailscanner to run in debug for mailscanner and > spamassassin, I watched the message being proccessed and this is the > only error I found. > > Ignore errors about failing to find EOCD signature > commit ineffective with AutoCommit enabled at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 35. > Commmit ineffective while AutoCommit is on at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 35. > > > I ran a check_Mailscanner and these are the errors I found > > > > Use of uninitialized value in hash element at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 320, line 4. > Use of uninitialized value in hash element at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 321, line 4. > Use of uninitialized value in hash element at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 320, line 4. > Use of uninitialized value in hash element at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 321, line 4. > Use of uninitialized value in pattern match (m//) at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 225, line 4. > Use of uninitialized value in pattern match (m//) at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 227, line 4. > Use of uninitialized value in concatenation (.) or string at > /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Message/Metadata/Received > .pm > line 228, line 4. > > > format error: file is too short > at /usr/sbin/MailScanner line 780 > > > commit ineffective with AutoCommit enabled at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 34. > Commmit ineffective while AutoCommit is on at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 34. > > > > Has this been seen before? > > Thanks > > Lance - -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner >> Before posting, read http://wiki.mailscanner.info/posting >> Support MailScanner development - buy the book off the website! > ********************************************************************** > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > ********************************************************************** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEGZCCM4kHBIBZ61gRAmowAJ9J2sZGPZQUTUA/90z6EQ3Wz6mV9QCeO84n coyWlrofz6chvE4q4A4k/bc= =k4+S -----END PGP SIGNATURE----- From mailscanner at pdscc.com Thu Mar 16 18:14:19 2006 From: mailscanner at pdscc.com (Harondel J. Sibble) Date: Thu Mar 16 18:25:35 2006 Subject: mail queue size errors In-Reply-To: <40372.194.70.180.170.1142508156.squirrel@webmail.r-bit.net> References: <200603191825.KAA06932@sheridan.sibble.net> Message-ID: <200603200550.VAA09961@sheridan.sibble.net> On 16 Mar 2006 at 11:22, Drew Marshall wrote: > This is not a MailScanner error but a Postfix one. Check main.cf for > message_size_limit option and adjust accordingly. That doesn't exist in the main.cf on this box :-( Ahh.... the default for that setting is 10mb... I've defined it for 40mb and it seems to be working fine now. Thanks > server that doesn't understand ESMTP (Where the message size parameter is > checked) sends a file. In plain SMTP the message size parameter is not > checked and relies on the MTA bouncing the message. Thanks, I was wondering about that, it's been a while since I looked at the smtp vs. esmtp features. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From ssilva at sgvwater.com Thu Mar 16 18:29:59 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Mar 16 18:31:21 2006 Subject: byes_toks.expireXXX files {OCVC Scanned} In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15E5D4B4@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15E5D4B4@woodenex.woodmaclaw.local> Message-ID: Billy A. Pumphrey spake the following on 3/16/2006 6:43 AM: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Trevor Allett >> Sent: Thursday, March 16, 2006 9:22 AM >> To: mailscanner@lists.mailscanner.info >> Subject: byes_toks.expireXXX files {OCVC Scanned} >> >> Hi list, >> As previously stated I have inherited a pair of MailScanners, the >> previous admin left. On one of them I have been having a problem with >> disk space, the problem seems to be the "bayes_toks.expire" files (at >> /root/.spamassassin/), 5GBs of them. The fix, as I understand it, is; >> >> (How do I control the bayes database from growing out of control right >> now?) >> >> Stop MS. Delete all files except bayes_journal, bayes_seen and >> bayes_toks. Now run "sa-learn --force-expire". >> >> ...am I correct? How do I "Stop MS"? and will the Directory fill up >> again? >> >> BTW Thanks for previous help with the DAT files. >> >> ------------------------------------ >> Trevor Allett. >> IT Services Officer >> Oxford and Cherwell Valley College >> Oxfordshire - UK >> > > It sounds like you are new to MailScanner as I once was. I too came to > a company with a MailScanner machine and had no idea of how it ran or to > use it. > > I seen another post that you did and you were referred to the > documentation. There is plenty of documentation and you should read it, > but I know that it can get confusing. To answer your question: > > To stop mailscanner: > service MailScanner stop > > To restart it: > service MailScanner restart > > How do you see if it is working correctly? > Get in the habit of typing this every time you restart MailScanner, > service MailScanner restart && tail -f /var/log/maillog > > Since MailScanner logs to the default sendmail log, it is best to check > that log to see if MailScanner is giving any errors. It is the best > starting point to see what is wrong. The tail command will refresh the > log and you can see it in real time. You can look at the log not in > real time by: > vi /var/log/maillog less /var/log/maillog is probably a better option here. Wouldn't want to accidentally slime the logfile with something that has the potential to "save". > Search the internet for the various vi commands. Vi will let you edit > files and so forth. Not too simple but when you learn the commands it > is easy. I think most people recommend another program but vi will work > if you want to use it. > > In the /etc/MailScanner/MailScanner.conf file there is a option that you > should change to help these files. Here is what mine is set to (I had > this same question in the past). Default was 0 > Rebuild Bayes Every = 432000 > > So to do it.... > vi /etc/MailScanner/MailScanner.conf > Type "/" to search.. so > / > Type "Rebuild Bayes" > Hit enter > This will take you to the setting > Hit "i" to insert > Use the arrow keys to change the value. Do not use the num pad > Hit "esc" when done > The to save type ":wq" then hit enter. > > > > > > > For humor you can read the following. > We had a power failure once. After that no one was getting external > email. I remembered that there was a company deskpro 500mhz computer > sitting underneath a server that was our exchange server. Oh, I wonder > what that machine does. It turned out to be the MailScanner machine. > Whewww... > > Then I started messing with it, screwed it up and had to rebuild it. So > started my Linux career, which is barley past newbie even still. > > > Hope that helps. From alex at nkpanama.com Thu Mar 16 19:30:56 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Mar 16 19:31:15 2006 Subject: How to whitelist my clietns ? In-Reply-To: <20060316122027.71372.qmail@web35604.mail.mud.yahoo.com> References: <20060316122027.71372.qmail@web35604.mail.mud.yahoo.com> Message-ID: <4419BCF0.7030100@nkpanama.com> It is correct... spart cus wrote: > > here's what i want to do. > 1. Allow SysAd sender (From) > 2. Deny Sportal.com (From) > > FromorTo: SysAd yes > FromorTo: &nb! sp; Sportal.com no > FromorTo: default no > > is this correct ? to check if i understand it correctly > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From combs at magnet.fsu.edu Thu Mar 16 21:24:20 2006 From: combs at magnet.fsu.edu (Tom Combs) Date: Thu Mar 16 21:24:29 2006 Subject: vacation response and spam Message-ID: <4419D784.9040807@magnet.fsu.edu> Hi, I'd like to get my sendmail vacation response not to send a vacation message to spammers, which is usually a bogus address that bounces back. I believe the best way to do this is via procmail: send the email to the user and then if the email is not tagged as spam by MailScanner, run it through the vacation program. My procmail is not up to snuff so I have been struggling to get it to work without success. Is anyone doing something similiar and be will to share your procmail recipe? Thanks, Tom -- Tom Combs E-mail: combs@magnet.fsu.edu National High Magnetic Field Laboratory Phone: (850) 644-1657 1800 E. Paul Dirac Drive Tallahassee, FL 32310 From ka at pacific.net Thu Mar 16 21:50:02 2006 From: ka at pacific.net (Ken A) Date: Thu Mar 16 21:47:10 2006 Subject: MailScannerWebBug is not an image.. Message-ID: <4419DD8A.5000704@pacific.net> In Message.PM: $output .= ' I'm getting a lot of reject messages for files with long names. The few I looked at appear to be those spams with a gif image attached, but it looks like they have quite a few random words as the file name. Any way to work around this without disabling the long file name rule? Report: MailScanner: Very long filenames are good signs of attacks against Microsoft e-mail packages (salesgirl coba.gif) Here is part of the quarantined message Content-Type: image/gif; name="salesgirl cobalt conakry infamy incompressible tool annoyance breadboard coleus orient cistern meg goldstine henbane scurrilous inexperience oldy utah printmake yonkers promenade causal retrofitting come markovian promisc uity anomalous raccoon gravestone dredge duel .gif" From linux_spartacus at yahoo.com Fri Mar 17 01:02:28 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Fri Mar 17 01:02:31 2006 Subject: How to whitelist my clietns ? In-Reply-To: <4419BCF0.7030100@nkpanama.com> Message-ID: <20060317010228.9861.qmail@web35609.mail.mud.yahoo.com> Alex Neuman van der Hans wrote: It is correct... spart cus wrote: > > here's what i want to do. > 1. Allow SysAd sender (From) > 2. Deny Sportal.com (From) > > FromorTo: SysAd yes > FromorTo: &nb! sp; Sportal.com no > FromorTo: default no > > is this correct ? to check if i understand it correctly > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Thanks. It is possible to create a ruleset for whitelist and blacklist. Is this also correct? Is Definitely Not Spam = whitelist.rules Is Definitely Spam = blacklist.rules whitelist.rules FromorTo: SysAd yes FromorTo: default no blacklist.rules FromorTo: Sportal.com yes FromorTo: default no Do i always need to put the last line "FromorTo: default no" on both .rules? Another thing does spamassassin use port 53 ? i only open ports 25,110,80 for my mail server. Im using ClamAv and Spamassassin. many thanks. --------------------------------- Yahoo! Mail Use Photomail to share photos without annoying attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060316/4930c1be/attachment.html From james at grayonline.id.au Fri Mar 17 05:40:24 2006 From: james at grayonline.id.au (James Gray) Date: Fri Mar 17 07:50:27 2006 Subject: From line has () In-Reply-To: <20060316140416.R88337@defjam.cc.strath.ac.uk> References: <6.2.1.2.2.20060315130655.036d05a8@pop.mail.yahoo.com> <200603170032.06538.james@grayonline.id.au> <20060316140416.R88337@defjam.cc.strath.ac.uk> Message-ID: <200603171640.26200.james@grayonline.id.au> On Fri, 17 Mar 2006 01:26 am, Jethro R Binks wrote: > On Fri, 17 Mar 2006, James Gray wrote: > > > > The way I read RFC822 (and 2822) is that if an MTA is going to reject > > > > a message it should do so as early in the transaction as possible. > > > > It should never accept a message it will not deliver. So, if > > > > Exchange is dropping the message after the final "dot+" due to a > > > > malformed or rejected address, it should have done it during the > > > > "MAIL FROM:" or "RCPT TO:" stage. IOW, I believe this violates the > > > > RFC. But hey, it's Micrsoft - since when to THEY care about > > > > published standards?!? > > > > > > That's nonesense, and even if you believed it, it bears no relation to > > > his original question. > > > > Erm, read RFC2821 specifically section 3.3. (Paraphrasing) Messages > > should be rejected as soon as possible. However, I did misread to OP's > > question, and I accept that this, and my earlier comments, have nothing > > to do with their problem. > > You said "I believe this violates the RFC". That comment was based on the (incorrect) interpretation of the OP's question - ie, the problem was in the envelope addresses. After correcting myself, you want to beat me over the head with my first response? Sigh - see below for my last comment. > It doesn't. The RFC advises that you SHOULD do something a particular way, > but does not forbid you from doing it another way if you have strong reasons > for doing so Really? I hadn't realised the RFC's WEREN'T ratified ISO/IETF/IEEE standards. Thanks for pointing that out. BTW, did you know the sky is blue on a clear day? > , as per the terminology of section 2.3. One of these strong reasons might > be that for logging and tracking purposes you want to record more > information about the message content. However the RFC does point out, late > in that section, "Using a "550 mailbox not found" (or equivalent) reply code > after the data are accepted makes it difficult or impossible for the client > to determine which recipients failed." Which is exactly the reason why most MTA's don't behave that way. > Another strong reason would be if your site policy states that you may > find some DATA content objectionable (including mangled header content) > and reject on that basis: Yep. That's what I said. If you want to reject a message based on the body content or (non-envelope) headers, you have to wait until after the DATA section is finished. Just so you don't get confused (and start flaming me again): my initial response regarding Exchange's compliance with the RFC's was based on the incorrect assumption the error was in the envelope "MAIL FROM" but wasn't being rejected until after the DATA section. As you have stated, whilst that behaviour is not "violating" the RFC per se (hard to violate something that isn't necessarily enforceable), it DOES make your MTA quite difficult to communicate with from a client's perspective. Now before you throw my own contradiction back in my face: I used the term "violate" in my original to suggest "does not follow the accepted normal MTA behaviour as outlined in the RFC's". You can't really (literally) "violate" ANY RFC as they are not ratified standards. RFC's may form the basis for an ISO/IETF/IEEE standard, but the RFC itself is not enforceable. Any admin knows that. Having re-read the OP's question, the problem is in the value of the "From:" header, not the "MAIL FROM:" envelope address. The "From:" header lives in the DATA section, so it's obvious that the MTA can't reject based on that header until AFTER the ".". Cheers, James -- "Life sucks, but it's better than the alternative." -- Peter da Silva -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060317/307d33b9/attachment-0001.bin From james at grayonline.id.au Fri Mar 17 05:54:48 2006 From: james at grayonline.id.au (James Gray) Date: Fri Mar 17 07:50:44 2006 Subject: To whitelist or not... In-Reply-To: References: <200603160924.21258.james@grayonline.id.au> Message-ID: <200603171654.50101.james@grayonline.id.au> On Thu, 16 Mar 2006 12:19 pm, Ugo Bellavance wrote: > James Gray wrote: > > I've done an experiment. I've created a rule set for the "Use > > SpamAssassin" config option and moved a few of the whitelisted addresses > > into there with a "no" action. IOW, the "use.sa.rules" file looks like > > this: > > From: whitelist_add1@domain no > > From: whitelist_add2@another-domain no > > FromOrTo: default yes > > I think it is reasonable. > > You may be more secure if you'd add one condition to your ruleset: the > IP of their server. This way, you reduce the risk of getting spam with > a forged address (using your clients). Good point. The problem is some of the senders (like hp.com) have so many MTA's that messages come from, it's going to be hard to include them all. It *would* be the ideal though. I'll definitely do it for our internal machines (all the senders will be in very well defined private subnets). > In the end, your users will tell you if it has negative effect on > spam-filtering results. Indeed they will :) > You could use only IP's for e-mail generated from your systems. Of > course, if one of your systems gets compromised and start sending spam, > you have less chance noticing it. True, but the internal machines are fairly well controlled and firewalled VM's. So if a machine gets 0wn3d (highly unlikely) we can simply hose the image and restore a known working one :) Gotta love virtualisation! > There are other means of lowering your load (using rbls, greylisting, etc) > but this one may make sense for you and other people. Thanks Ugo. I've done a lot of performance tuning on our MailScanner boxes. The problem is that they are running on "superseded" hardware[1] - mail gateways are very non-glamourous boxes that don't attract a lot of budget (mail is merely a tool - not our business focus). We make do, but anything to reduce unnecessary load is a Good Thing(tm). Thanks, James [1] Superseded but still server class kit (not PC's or anything dinky like that). All are P3/Xeon > 1GHz boxes with lots of ECC RAM and SCSI drives on Gigabit links. I'd really like some Sun or Opteron kit though :) -- I've Been Moved! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060317/99bd0336/attachment.bin From thomas.zajic at rockstarvienna.com Fri Mar 17 08:28:38 2006 From: thomas.zajic at rockstarvienna.com (Thomas Zajic) Date: Fri Mar 17 08:28:56 2006 Subject: Free versions of milter-sender and milter-ahead? Message-ID: <20060317082838.GA11919@thomas.rockstarvienna.local> Hi, I'm looking for free versions/clones/workalikes of SnertSoft's milter-sender and milter-ahead. While I certainly don't have a problem with commerical products and/or shelling out 340 ? for those milter site licenses for our MailScanner installation at work, I'd prefer free (beer & speech) solutions for my home setup. SnertSoft's download page[1] doesn't seem to provide free home/personal versions of milter-sender and milter-ahead. [1] http://www.snertsoft.com/download.php The only thing I came up with so far is Spamilter[2], which seems to include something resembling milter-sender. The Python Milters project[3] doesn't seem to have any appropriate milter modules for this at all. [2] http://www.wanlink.com/spamilter/ [3] http://www.bmsi.com/python/milter.html Given that other free MTAs like Exim include this out of the box (it's called sender/recipient callout[4] there), I'm surprised about the lack of freely available Sendmail solutions. Or am I missing something here? :-) [4] http://www.exim.org/exim-html-4.20/doc/html/spec_37.html#SECT37.13 Thanks in advance for any hints/pointers/advice! -- ----------------------------- Thomas Zajic senior system administrator ROCKSTAR VIENNA www.rockstarvienna.com *** Please be aware that all content of this email *** *** plus its attachments are strictly confidential *** From matt at coders.co.uk Fri Mar 17 08:33:47 2006 From: matt at coders.co.uk (Matt Hampton) Date: Fri Mar 17 08:33:42 2006 Subject: Free versions of milter-sender and milter-ahead? In-Reply-To: <20060317082838.GA11919@thomas.rockstarvienna.local> References: <20060317082838.GA11919@thomas.rockstarvienna.local> Message-ID: <441A746B.1000604@coders.co.uk> Thomas Zajic wrote: > Hi, > > I'm looking for free versions/clones/workalikes of SnertSoft's > milter-sender and milter-ahead. While I certainly don't have a > problem with commerical products and/or shelling out 340 ? for > those milter site licenses for our MailScanner installation at > work, I'd prefer free (beer & speech) solutions for my home > setup. SnertSoft's download page[1] doesn't seem to provide > free home/personal versions of milter-sender and milter-ahead. Try googling for mailfromd - free version of milter-sender. matt From jethro.binks at strath.ac.uk Fri Mar 17 08:48:41 2006 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Fri Mar 17 08:48:46 2006 Subject: From line has () In-Reply-To: <200603171640.26200.james@grayonline.id.au> References: <6.2.1.2.2.20060315130655.036d05a8@pop.mail.yahoo.com> <200603170032.06538.james@grayonline.id.au> <20060316140416.R88337@defjam.cc.strath.ac.uk> <200603171640.26200.james@grayonline.id.au> Message-ID: <20060317082348.L88337@defjam.cc.strath.ac.uk> On Fri, 17 Mar 2006, James Gray wrote: > > It doesn't. The RFC advises that you SHOULD do something a particular > > way, but does not forbid you from doing it another way if you have > > strong reasons for doing so > > > Really? I hadn't realised the RFC's WEREN'T ratified ISO/IETF/IEEE standards. > Thanks for pointing that out. BTW, did you know the sky is blue on a clear > day? > We are only speaking of the context of the RFCs, and the Terminology of section 2.3 employed by them. MAY SHOULD MUST etc all have particular meanings, and it is that context I say 'forbid'. SHOULD in the RFC means "you really should do this, unless you've really thought about what will happen". Not "the IEEE will spank your ass if you don't". Amusing though that might be. In summary, I use the term 'forbid' here in the same context as you use the term 'violate', below. > Just so you don't get confused (and start flaming me again): my initial > response regarding Exchange's compliance with the RFC's was based on the > incorrect assumption the error was in the envelope "MAIL FROM" but > wasn't being rejected until after the DATA section. As you have stated, > whilst that behaviour is not "violating" the RFC per se (hard to violate > something that isn't necessarily enforceable), it DOES make your MTA > quite difficult to communicate with from a client's perspective. > > Now before you throw my own contradiction back in my face: I used > theterm "violate" in my original to suggest "does not follow the > accepted normal MTA behaviour as outlined in the RFC's". You can't > really (literally) "violate" ANY RFC as they are not ratified standards. > RFC's may form the basis for an ISO/IETF/IEEE standard, but the RFC > itself is not enforceable. Any admin knows that. I am not flaming, I am clarifying and correcting (but some might say not enough clarity of my own). If some guidance tells you should do something, and you claim to be compliant with it, and then do something it tells you not to do, then it's a violation, regardless of how enforceable it is! If the RFC one claims to follow says MUST NOT and one does, then it has been violated. Not that there is much anyone can do about it, except to tell you so and not exchange mail with you (in this case). Hence the existence of DNSBLs that list 'non-RFC compliance' of various sorts (to bring this vaguely back to relevance to this list). Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From alex at nkpanama.com Fri Mar 17 13:40:22 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Mar 17 13:40:34 2006 Subject: MailScannerWebBug is not an image.. In-Reply-To: <4419DD8A.5000704@pacific.net> References: <4419DD8A.5000704@pacific.net> Message-ID: <441ABC46.6060305@nkpanama.com> IANAP but... How about ? Ken A wrote: > In Message.PM: > > $output .= ' > Some users read mail via a webmail interface. > And so Apache logs fill up with 404's looking for MailScannerWebBug.. :-\ > > Is there a simple solution to this problem? > > Too bad there's not a blank.gif built into browsers and email clients > that can be used for this purpose? We have an about:blank for web pages, > so why not a blank.gif.. All these web developers across the planet > wasting time creating small blank gif images.. > > Any thoughts? > > Thanks, > Ken A > Pacific.Net > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From alex at nkpanama.com Fri Mar 17 13:45:26 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Mar 17 13:45:34 2006 Subject: How to whitelist my clietns ? In-Reply-To: <20060317010228.9861.qmail@web35609.mail.mud.yahoo.com> References: <20060317010228.9861.qmail@web35609.mail.mud.yahoo.com> Message-ID: <441ABD76.9060606@nkpanama.com> Yes. It helps if you read it out loud, as if you were explaining it to someone else. "If so and so, YES it's whitelisted. If it doesn't hit any rules, NO it's not whitelisted." - and the blacklist reads: "If it's so and so, then YES it's blacklisted, but if it doesn't hit any rules, then NO it isn't blacklisted." spart cus wrote: > > > */Alex Neuman van der Hans /* wrote: > > It is correct... > > spart cus wrote: > > > > here's what i want to do. > > 1. Allow SysAd sender (From) > > 2. Deny Sportal.com (From) > > > > FromorTo: SysAd yes > > FromorTo: &nb! sp; Sportal.com no > > FromorTo: default no > > > > is this correct ? to check if i understand it correctly > > > > -- > > Alex Neuman van der Hans > N&K Technology Consultants > Tel. +507 214-9002 - http://nkpanama.com/ > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the websi! te! > > Thanks. It is possible to create a ruleset for whitelist and > blacklist. Is this also correct? > > Is Definitely Not Spam = whitelist.rules > Is Definitely Spam = blacklist.rules > > whitelist.rules > FromorTo: SysAd yes > FromorTo: default no > > blacklist.rules > FromorTo: Sportal.com yes > FromorTo: default no > > Do i always need to put the last line "FromorTo: default > no" on both .rules? > > Another thing does spamassassin use port 53 ? i only open ports > 25,110,80 for my mail server. Im using ClamAv and Spamassassin. > > many thanks. > > ------------------------------------------------------------------------ > Yahoo! Mail > Use Photomail > > to share photos without annoying attachments. -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060317/c4b2f1e5/attachment.html From root at doctor.nl2k.ab.ca Fri Mar 17 14:19:23 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Fri Mar 17 14:20:10 2006 Subject: Free versions of milter-sender and milter-ahead? In-Reply-To: <441A746B.1000604@coders.co.uk> References: <20060317082838.GA11919@thomas.rockstarvienna.local> <441A746B.1000604@coders.co.uk> Message-ID: <20060317141923.GA346@doctor.nl2k.ab.ca> On Fri, Mar 17, 2006 at 08:33:47AM +0000, Matt Hampton wrote: > Thomas Zajic wrote: > > Hi, > > > > I'm looking for free versions/clones/workalikes of SnertSoft's > > milter-sender and milter-ahead. While I certainly don't have a > > problem with commerical products and/or shelling out 340 ??? for > > those milter site licenses for our MailScanner installation at > > work, I'd prefer free (beer & speech) solutions for my home > > setup. SnertSoft's download page[1] doesn't seem to provide > > free home/personal versions of milter-sender and milter-ahead. > > Try googling for mailfromd - free version of milter-sender. > URL: http://puszcza.gnu.org.ua/projects/mailfromd/ > matt > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From richard.siddall at elirion.net Fri Mar 17 14:26:56 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Fri Mar 17 14:27:18 2006 Subject: MailScannerWebBug is not an image.. In-Reply-To: <441ABC46.6060305@nkpanama.com> References: <4419DD8A.5000704@pacific.net> <441ABC46.6060305@nkpanama.com> Message-ID: <441AC730.1060706@elirion.net> Alex Neuman van der Hans wrote: > IANAP but... > > How about ? > How about a 1x1 image attached to the message? Probably hard to implement if the message is text/html with no MIME boundaries. Richard. From Mailscanner at mailing.kaufland-informationssysteme.com Fri Mar 17 15:29:57 2006 From: Mailscanner at mailing.kaufland-informationssysteme.com (Matthias Sutter) Date: Fri Mar 17 15:30:36 2006 Subject: Split the mails Message-ID: <441AD5F5.7040200@mailing.kaufland-informationssysteme.com> I make several Spam actions for different users. But if a mail contains several receiver only the first rule work. Now is it possible to split into several mails for each receiver? Or is there an other - may cooler way? Matthias From thomas.zajic at rockstarvienna.com Fri Mar 17 15:48:23 2006 From: thomas.zajic at rockstarvienna.com (Thomas Zajic) Date: Fri Mar 17 15:48:30 2006 Subject: Free versions of milter-sender and milter-ahead? In-Reply-To: <441A746B.1000604@coders.co.uk> References: <20060317082838.GA11919@thomas.rockstarvienna.local> <441A746B.1000604@coders.co.uk> Message-ID: <20060317154822.GC13532@thomas.rockstarvienna.local> * Matt Hampton , 17/03/2006, 08:33 > Try googling for mailfromd - free version of milter-sender. Thanks, looks good - now let's see if I can get it to do what I want. :-) -- ----------------------------- Thomas Zajic senior system administrator ROCKSTAR VIENNA www.rockstarvienna.com *** Please be aware that all content of this email *** *** plus its attachments are strictly confidential *** From thomas.zajic at rockstarvienna.com Fri Mar 17 15:49:14 2006 From: thomas.zajic at rockstarvienna.com (Thomas Zajic) Date: Fri Mar 17 15:49:54 2006 Subject: Free versions of milter-sender and milter-ahead? In-Reply-To: <20060317141923.GA346@doctor.nl2k.ab.ca> References: <20060317082838.GA11919@thomas.rockstarvienna.local> <441A746B.1000604@coders.co.uk> <20060317141923.GA346@doctor.nl2k.ab.ca> Message-ID: <20060317154914.GD13532@thomas.rockstarvienna.local> * Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem , 17/03/2006, 07:19 > URL: http://puszcza.gnu.org.ua/projects/mailfromd/ Thanks, found it already! Just didn't have time to reply before ... -- ----------------------------- Thomas Zajic senior system administrator ROCKSTAR VIENNA www.rockstarvienna.com *** Please be aware that all content of this email *** *** plus its attachments are strictly confidential *** From martinh at solid-state-logic.com Fri Mar 17 15:51:50 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Mar 17 15:51:58 2006 Subject: Split the mails In-Reply-To: <441AD5F5.7040200@mailing.kaufland-informationssysteme.com> Message-ID: <000101c649da$b4b09f50$3004010a@martinhlaptop> Matthias Only possible if you're running sendmail or exim. Basically you have to get the MTa to split the 1 email with many recipients into many emails with 1 recipient. There's instructions on how to do this for sendmail and exim in this file... http://www.fsl.com/support/QuarantineReport.tar.gz -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Matthias Sutter > Sent: 17 March 2006 15:30 > To: MailScanner discussion > Subject: Split the mails > > I make several Spam actions for different users. > But if a mail contains several receiver only the first rule work. > > Now is it possible to split into several mails for each receiver? > > Or is there an other - may cooler way? > > Matthias > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From bpumphrey at WoodMacLaw.com Fri Mar 17 16:01:38 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Fri Mar 17 16:01:41 2006 Subject: By what means do you backup your mailscanner things? Message-ID: <04D932B0071FE34FA63EBB1977B48D15EBA466@woodenex.woodmaclaw.local> I am looking at how to backup the files. Here is what I have in mind, and I am positive that is it not the best and easiest way. Here is how to backup the MailScanner machine to /home/bpumphrey/backup. 1. Delete the backup folder rm -r -f /home/bpumphrey/backup 1) Make the backup folder mkdir /home/bpumphrey/backup 2) Folder - /etc/mail cp -R -f /etc/mail /home/bpumphrey/backup 3) Folder - /etc/mailScanner cp -R -f /etc/MailScanner /home/bpumphrey/backup 4) Database - mailscanner mysqldump mailscanner > /home/bpumphrey/backup/mailscanner.txt 5) .fetchmail stuff cp /home/spam/.fetchmailrc /home/bpumphrey/backup 6) Quarantine Directory tar cf /home/bpumphrey/backup/quarantine.tar /var/spool/MailScanner/quarantine or cp -r /var/spool/MailScanner/quarantine /home/bpumphrey/backup/quarantine 7) Tar the file tar cf /home/bpumphrey/WoodenMS2.Backup.tar /home/bpumphrey/backup 8) FTP the file to another machine From ka at pacific.net Fri Mar 17 17:07:51 2006 From: ka at pacific.net (Ken A) Date: Fri Mar 17 17:04:56 2006 Subject: By what means do you backup your mailscanner things? In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15EBA466@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15EBA466@woodenex.woodmaclaw.local> Message-ID: <441AECE7.9010506@pacific.net> rsync is a nice tool for backup purposes. It saves time and bandwidth and has lots of cool switches for backup jobs like this. Our backup jobs all run from one server and look like this: day=`date +"%u"` outpath="/backup/daily/$day" limit="--bwlimit=1500" # mailscanner box server="mailscannerbox" paths="/etc/mail /etc/MailScanner /var/spool/rbldnsd /usr/local/src" for path in $paths; do rsync -az --timeout=240 --log-format="%f %l" --delete $limit \ $server:/$path $outpath/$server; done; # other server server="otherbox" .... The backup box is loaded with disk space and is secure behind a firewall, since the box has to have ssh keys to access the other boxes as root. The advantage is that all file transfers are encrypted and this centralizes all the backup jobs into a few scripts on one box. Ken Billy A. Pumphrey wrote: > I am looking at how to backup the files. Here is what I have in mind, > and I am positive that is it not the best and easiest way. > > Here is how to backup the MailScanner machine to /home/bpumphrey/backup. > > 1. Delete the backup folder > rm -r -f /home/bpumphrey/backup > > 1) Make the backup folder > mkdir /home/bpumphrey/backup > > 2) Folder - /etc/mail > cp -R -f /etc/mail /home/bpumphrey/backup > > 3) Folder - /etc/mailScanner > cp -R -f /etc/MailScanner /home/bpumphrey/backup > > 4) Database - mailscanner > mysqldump mailscanner > /home/bpumphrey/backup/mailscanner.txt > > 5) .fetchmail stuff > cp /home/spam/.fetchmailrc /home/bpumphrey/backup > > 6) Quarantine Directory > tar cf /home/bpumphrey/backup/quarantine.tar > /var/spool/MailScanner/quarantine > or > cp -r /var/spool/MailScanner/quarantine > /home/bpumphrey/backup/quarantine > > 7) Tar the file > tar cf /home/bpumphrey/WoodenMS2.Backup.tar /home/bpumphrey/backup > > 8) FTP the file to another machine From ssilva at sgvwater.com Fri Mar 17 17:51:57 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 17 17:52:22 2006 Subject: To whitelist or not... In-Reply-To: <200603171654.50101.james@grayonline.id.au> References: <200603160924.21258.james@grayonline.id.au> <200603171654.50101.james@grayonline.id.au> Message-ID: James Gray spake the following on 3/16/2006 9:54 PM: > On Thu, 16 Mar 2006 12:19 pm, Ugo Bellavance wrote: >> James Gray wrote: >>> I've done an experiment. I've created a rule set for the "Use >>> SpamAssassin" config option and moved a few of the whitelisted addresses >>> into there with a "no" action. IOW, the "use.sa.rules" file looks like >>> this: >>> From: whitelist_add1@domain no >>> From: whitelist_add2@another-domain no >>> FromOrTo: default yes >> I think it is reasonable. >> >> You may be more secure if you'd add one condition to your ruleset: the >> IP of their server. This way, you reduce the risk of getting spam with >> a forged address (using your clients). > > Good point. The problem is some of the senders (like hp.com) have so many > MTA's that messages come from, it's going to be hard to include them all. It > *would* be the ideal though. I'll definitely do it for our internal machines > (all the senders will be in very well defined private subnets). > >> In the end, your users will tell you if it has negative effect on >> spam-filtering results. > > Indeed they will :) > >> You could use only IP's for e-mail generated from your systems. Of >> course, if one of your systems gets compromised and start sending spam, >> you have less chance noticing it. > > True, but the internal machines are fairly well controlled and firewalled > VM's. So if a machine gets 0wn3d (highly unlikely) we can simply hose the > image and restore a known working one :) Gotta love virtualisation! > >> There are other means of lowering your load (using rbls, greylisting, etc) >> but this one may make sense for you and other people. > > Thanks Ugo. I've done a lot of performance tuning on our MailScanner boxes. > The problem is that they are running on "superseded" hardware[1] - mail > gateways are very non-glamourous boxes that don't attract a lot of budget > (mail is merely a tool - not our business focus). We make do, but anything > to reduce unnecessary load is a Good Thing(tm). > > Thanks, > > James > [1] Superseded but still server class kit (not PC's or anything dinky like > that). All are P3/Xeon > 1GHz boxes with lots of ECC RAM and SCSI drives on > Gigabit links. I'd really like some Sun or Opteron kit though :) > Too bad there isn't an option to whitelist by domain name IF the mail comes from proper MX servers, or valid SPF records. IE ... From: hp.com and valid_mx no or something like that. From steve.swaney at fsl.com Fri Mar 17 18:32:36 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Fri Mar 17 18:30:39 2006 Subject: By what means do you backup your mailscanner things? In-Reply-To: <441AECE7.9010506@pacific.net> Message-ID: <037c01c649f1$2a3d6350$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ken A > Sent: Friday, March 17, 2006 12:08 PM > To: MailScanner discussion > Subject: Re: By what means do you backup your mailscanner things? > > rsync is a nice tool for backup purposes. It saves time and bandwidth > and has lots of cool switches for backup jobs like this. Our backup jobs > all run from one server and look like this: > > day=`date +"%u"` > outpath="/backup/daily/$day" > limit="--bwlimit=1500" > > # mailscanner box > server="mailscannerbox" > paths="/etc/mail /etc/MailScanner /var/spool/rbldnsd /usr/local/src" > for path in $paths; > do rsync -az --timeout=240 --log-format="%f %l" --delete $limit \ > $server:/$path $outpath/$server; > done; > > # other server > server="otherbox" > .... > > > The backup box is loaded with disk space and is secure behind a > firewall, since the box has to have ssh keys to access the other boxes > as root. The advantage is that all file transfers are encrypted and this > centralizes all the backup jobs into a few scripts on one box. > > Ken > And can be very secure when used with keychains: http://www.gentoo.org/proj/en/keychain/index.xml Also see http://www-128.ibm.com/developerworks/library/l-keyc2/ Just setup keychains between the systems and then add rsync -az -e --timeout=240 --log-format="%f %l" --delete $limit Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From paul at welshfamily.com Fri Mar 17 23:08:43 2006 From: paul at welshfamily.com (Paul Welsh) Date: Fri Mar 17 23:11:40 2006 Subject: Default MTA for various distros In-Reply-To: <1137114165.20488.14.camel@localhost.localdomain> Message-ID: <200603172308.k2HN8ltS029547@mail.espmail.net> I'm shortly to buid a mail server that will be housed in an office and protected by a separate firewall. Once again, I have to choose which distro to go with. It boils down to CentOS or Debian because security patches will be available for these for the longest time (CentOS 4 till Feb 2012 and for Debian "about one year after the next stable distribution has been released"). OpenSUSE will be updated for 2 years. CentOS is therefore my preferred choice. I'm pretty sure that Debian uses Exim as its default MTA. CentOS uses, I believe, Sendmail but also has Postfix and Exim installed. SUSE uses Postfix by default. RH9 is the distro I have most experience of, though I am in the process of configuring CentOS running Exim (it comes with the DirectAdmin control panel) and it hasn't been too much of a headache so far. However, from my experience with MailScanner and Exim, I gained the strong impression that MailScanner's "default" MTA is Sendmail. So, when all's said and done I think CentOS + Sendmail is my favoured combination. Anyone think that's a mistake? From steve.swaney at fsl.com Fri Mar 17 23:35:17 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Fri Mar 17 23:33:19 2006 Subject: Default MTA for various distros In-Reply-To: <200603172308.k2HN8ltS029547@mail.espmail.net> Message-ID: <048901c64a1b$72d7de40$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Paul Welsh > Sent: Friday, March 17, 2006 6:09 PM > To: 'MailScanner discussion' > Subject: Default MTA for various distros > > I'm shortly to buid a mail server that will be housed in an office and > protected by a separate firewall. Once again, I have to choose which > distro > to go with. It boils down to CentOS or Debian because security patches > will > be available for these for the longest time (CentOS 4 till Feb 2012 and > for > Debian "about one year after the next stable distribution has been > released"). OpenSUSE will be updated for 2 years. CentOS is therefore my > preferred choice. > > I'm pretty sure that Debian uses Exim as its default MTA. CentOS uses, I > believe, Sendmail but also has Postfix and Exim installed. SUSE uses > Postfix by default. > > RH9 is the distro I have most experience of, though I am in the process of > configuring CentOS running Exim (it comes with the DirectAdmin control > panel) and it hasn't been too much of a headache so far. > > However, from my experience with MailScanner and Exim, I gained the strong > impression that MailScanner's "default" MTA is Sendmail. > > So, when all's said and done I think CentOS + Sendmail is my favoured > combination. Anyone think that's a mistake? > Paul, The "right" distro is the one you're most comfortable with. We use primarily CentOS and sendmail and have no problems. We like sendmail because we use milters very effectively. We're doing some testing on various milters now that we hope to be able to share with the list as soon as we're done testing. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From ka at pacific.net Sat Mar 18 00:48:50 2006 From: ka at pacific.net (Ken A) Date: Sat Mar 18 00:45:54 2006 Subject: By what means do you backup your mailscanner things? In-Reply-To: <037c01c649f1$2a3d6350$287ba8c0@office.fsl> References: <037c01c649f1$2a3d6350$287ba8c0@office.fsl> Message-ID: <441B58F2.6060805@pacific.net> Stephen Swaney wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Ken A >> Sent: Friday, March 17, 2006 12:08 PM >> To: MailScanner discussion >> Subject: Re: By what means do you backup your mailscanner things? >> >> rsync is a nice tool for backup purposes. It saves time and bandwidth >> and has lots of cool switches for backup jobs like this. Our backup jobs >> all run from one server and look like this: >> >> day=`date +"%u"` >> outpath="/backup/daily/$day" >> limit="--bwlimit=1500" >> >> # mailscanner box >> server="mailscannerbox" >> paths="/etc/mail /etc/MailScanner /var/spool/rbldnsd /usr/local/src" >> for path in $paths; >> do rsync -az --timeout=240 --log-format="%f %l" --delete $limit \ >> $server:/$path $outpath/$server; >> done; >> >> # other server >> server="otherbox" >> .... >> >> >> The backup box is loaded with disk space and is secure behind a >> firewall, since the box has to have ssh keys to access the other boxes >> as root. The advantage is that all file transfers are encrypted and this >> centralizes all the backup jobs into a few scripts on one box. >> >> Ken >> > > And can be very secure when used with keychains: > http://www.gentoo.org/proj/en/keychain/index.xml > > Also see http://www-128.ibm.com/developerworks/library/l-keyc2/ That's good stuff! Thanks, Ken A Pacific.Net > Just setup keychains between the systems and then add > > rsync -az -e --timeout=240 --log-format="%f %l" --delete $limit > > Steve > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > From john at jolet.net Sat Mar 18 02:50:21 2006 From: john at jolet.net (John Jolet) Date: Sat Mar 18 02:50:27 2006 Subject: Default MTA for various distros In-Reply-To: <048901c64a1b$72d7de40$287ba8c0@office.fsl> References: <048901c64a1b$72d7de40$287ba8c0@office.fsl> Message-ID: <03D09D57-D63A-4434-98B7-896DDD0B4018@jolet.net> > Paul, > > The "right" distro is the one you're most comfortable with. > > We use primarily CentOS and sendmail and have no problems. We like > sendmail > because we use milters very effectively. We're doing some testing > on various > milters now that we hope to be able to share with the list as soon > as we're > done testing. and I prefer gentoo with postfix. I find the configuration of sendmail unnecessarily byzantine. I started on sendmail years ago and fled to postfix at the first opportunity. I don't run mailscanner in production yet, but my co-worker has run it quite well with postfix. I think mta is a more critical choice for you than distro. everyone is going to support sendmail and exim and postfix. (btw, we're switching from exim to postfix on most of our production boxes). Of course, as the quote above says.....the right distro is the one you're most comfortable with. Most of them have both pros and cons...which is why there are so many :) From dmehler26 at woh.rr.com Sat Mar 18 06:47:52 2006 From: dmehler26 at woh.rr.com (Dave) Date: Sat Mar 18 06:57:16 2006 Subject: CentOS4 MailScanner virtual users and webmail solutions References: <4410ED2F.90001@niit.edu.pk> Message-ID: <001101c64a57$e1b518f0$0200a8c0@satellite> Hello, First of all thank you greatly for the rpm of MailScanner it installed just fine on a CentOS4.x server. We've got an old sendmail box running on fc2 that we're going to be upgrading to postfix running on CentOS4. We host literally hundreds of domains, some with a single user others with multiple users. Currently our sendmail setup has each user with a Unix account, needless to say our password files are huge. We don't have a lot of overlap between usernames, i.e. we don't have two user1 users so currently that isn't an issue. I'm wondering given our setup, which would be better virtual alias or virtual mailbox domains? I'm leaning toward virtual mailbox, but would appreciate some practical experiences. In addition, a majority of our user's either get their mail via pop, i think now is the good time to add authenticated smtp with tls for this, and others prefer a webmail solution. We use usermin, (I did not set that up) and i want to move away from this. I'm thinking squirrelmail, but am not sure if it'll work with our virtual mailbox domains. Finally we'll be adding a web control panel so user's can administer more of their own accounts, plesk i was last told. I'm looking for any compatibility issues i might encounter with all this, any practical user experiences with this or similar setups, and any alternative webmail or setups to consider. I am particularly nervous about moving the customers away from sendmail, as i don't know it at all and not sure how it's set up, though i'll be relieved when it is done. We're also doing MailScanner and antispam and antivirus, i'd prefer to stick with rpms as much as possible to keep consistency with packages. Thanks a lot. Dave. From drew at themarshalls.co.uk Sat Mar 18 11:22:39 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Sat Mar 18 11:22:49 2006 Subject: CentOS4 MailScanner virtual users and webmail solutions In-Reply-To: <001101c64a57$e1b518f0$0200a8c0@satellite> References: <4410ED2F.90001@niit.edu.pk> <001101c64a57$e1b518f0$0200a8c0@satellite> Message-ID: <3F014E7F-5B85-48D9-9D0B-AABFE4C02778@themarshalls.co.uk> On 18 Mar 2006, at 06:47, Dave wrote: > Hello, > First of all thank you greatly for the rpm of MailScanner it > installed just fine on a CentOS4.x server. > We've got an old sendmail box running on fc2 that we're going to be > upgrading to postfix running on CentOS4. We host literally hundreds of > domains, some with a single user others with multiple users. > Currently our > sendmail setup has each user with a Unix account, needless to say our > password files are huge. We don't have a lot of overlap between > usernames, > i.e. we don't have two user1 users so currently that isn't an > issue. I'm > wondering given our setup, which would be better virtual alias or > virtual > mailbox domains? > I'm leaning toward virtual mailbox, but would appreciate > some practical experiences. It all depends if you want Postfix to deliver the mail locally or forward it to another box for POP/ IMAP collection. If Postfix is doing the delivery then it's virtual mailboxes, if not then aliases. The difference is (Or should be!) in the map table mailboxes looks like user@domain /domain/user(/) the trainling slash depends if you are using maildir or traditional unix mailboxes. > In addition, a majority of our user's either get > their mail via pop, i think now is the good time to add > authenticated smtp > with tls for this, and others prefer a webmail solution. Why not do both? If you base the POP/ IMAP and SMTP Auth around a MySQL database it's easy enough to maintain too. > We use usermin, (I > did not set that up) and i want to move away from this. I'm thinking > squirrelmail, but am not sure if it'll work with our virtual > mailbox domains. No problems with Squirrel mail with virtual domains. That bit is down to the IMAP server to sort out. Have a look here http://www.gentoo.org/doc/en/virt-mail-howto.xml and here http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/html/ index.html for some ideas. While not written for CentOS you will get the idea :-) One small gotcha to watch out for. You can't use virtual alias addresses in MailScanner as these are aliased by the Trivial Rewrite service, which happens before MailScanner sees the message. This means that if MailScanner tries to send mail to one of these users it will bounce as the alias hasn't been 'resolved' so there is no such user (e.g. warning notices go to postmaster@vdomain which is an alias for user@vdomain. The resolution from postmaster to user happens before MailScanner so if MailScanner sends mail to that address the Postfix delivery process doesn't know what to do with that message) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From shuttlebox at gmail.com Sat Mar 18 13:12:33 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Sat Mar 18 13:12:36 2006 Subject: Default MTA for various distros In-Reply-To: <200603172308.k2HN8ltS029547@mail.espmail.net> References: <1137114165.20488.14.camel@localhost.localdomain> <200603172308.k2HN8ltS029547@mail.espmail.net> Message-ID: <625385e30603180512l3b7db763re87bfa05f0be95f5@mail.gmail.com> On 3/18/06, Paul Welsh wrote: > It boils down to CentOS or Debian because security patches will > be available for these for the longest time (CentOS 4 till Feb 2012 and for > Debian "about one year after the next stable distribution has been > released"). OpenSUSE will be updated for 2 years. CentOS is therefore my > preferred choice. Does that really matter? Will you be on release 4 for the next six years? It takes 30 minutes to upgrade. -- /peter From jrudd at ucsc.edu Sat Mar 18 17:05:54 2006 From: jrudd at ucsc.edu (John Rudd) Date: Sat Mar 18 17:12:06 2006 Subject: Default MTA for various distros In-Reply-To: <625385e30603180512l3b7db763re87bfa05f0be95f5@mail.gmail.com> References: <1137114165.20488.14.camel@localhost.localdomain> <200603172308.k2HN8ltS029547@mail.espmail.net> <625385e30603180512l3b7db763re87bfa05f0be95f5@mail.gmail.com> Message-ID: <5cb5d92c316acbd24b1fa50e6f849881@ucsc.edu> On Mar 18, 2006, at 5:12 AM, shuttlebox wrote: > On 3/18/06, Paul Welsh wrote: >> It boils down to CentOS or Debian because security patches will >> be available for these for the longest time (CentOS 4 till Feb 2012 >> and for >> Debian "about one year after the next stable distribution has been >> released"). OpenSUSE will be updated for 2 years. CentOS is >> therefore my >> preferred choice. > > Does that really matter? Will you be on release 4 for the next six > years? It takes 30 minutes to upgrade. > Only if you consider the most trivial aspects of an upgrade. In reality, in a non-trivial environment, it can take months to go from the start of an upgrade process to the completion of an upgrade. In that kind of environment, it can be nice to know that you wont have to put one of those processes on your todo list for a few years. From shuttlebox at gmail.com Sat Mar 18 23:04:00 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Sat Mar 18 23:04:05 2006 Subject: Default MTA for various distros In-Reply-To: <5cb5d92c316acbd24b1fa50e6f849881@ucsc.edu> References: <1137114165.20488.14.camel@localhost.localdomain> <200603172308.k2HN8ltS029547@mail.espmail.net> <625385e30603180512l3b7db763re87bfa05f0be95f5@mail.gmail.com> <5cb5d92c316acbd24b1fa50e6f849881@ucsc.edu> Message-ID: <625385e30603181504j2201b3eds19584f87ebff80be@mail.gmail.com> On 3/18/06, John Rudd wrote: > Only if you consider the most trivial aspects of an upgrade. > > In reality, in a non-trivial environment, it can take months to go from > the start of an upgrade process to the completion of an upgrade. In > that kind of environment, it can be nice to know that you wont have to > put one of those processes on your todo list for a few years. On an RPM based system for example an upgrade of OS release is not much more than a regular upgrade of packages. Do you do that every other year as well? I use test systems so I know what to expect, that can take some time but the actual upgrades don't take more than 30 minutes. I think it's no biggie doing an OS upgrade more often than every six years no matter how many and complex servers one has. -- /peter From mkettler at evi-inc.com Sun Mar 19 00:21:49 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Sun Mar 19 00:22:06 2006 Subject: Long filename rule misfire? Message-ID: <441CA41D.7010200@evi-inc.com> I had the "Very long filename" rule from filename.rules.conf fire off today. Strangely, the file it complained about is only 18 characters long.. "xxxxxxx intuit.gif" (first part of filename censored, appears to be a person's surname). Anyone ever see this behavior? >From the report: Report: MailScanner: Very long filenames are good signs of attacks against Microsoft e-mail packages (xxxxxxx intuit.gif) And upon checking in the quarantine, that is the filename it trapped and left in the quarantine. Odd. Checking filename.rules.conf, it's still the 150 character rule: # grep "Very long" filename.rules.conf deny .{150,} Very long filename, possible OE attack Very long filenames are good signs of attacks against Microsoft e-mail packages Version info: #MailScanner -v Running on Linux xanadu.evi-inc.com 2.4.27-grsec #2 Thu Aug 26 14:32:13 EDT 2004 i686 i686 i386 GNU/Linux This is Red Hat Linux release 9 (Shrike) This is Perl version 5.008000 (5.8.0) This is MailScanner version 4.50.15 Module versions are: 1.71 Mail::Header 3.05 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.03 MIME::QuotedPrint 5.419 MIME::Tools From dhawal at netmagicsolutions.com Sun Mar 19 07:22:48 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Sun Mar 19 07:22:54 2006 Subject: Long filename rule misfire? In-Reply-To: <441CA41D.7010200@evi-inc.com> References: <441CA41D.7010200@evi-inc.com> Message-ID: <20060319072248.15170.qmail@mymail.netmagicians.com> Matt Kettler writes: > > I had the "Very long filename" rule from filename.rules.conf fire off today. > > Strangely, the file it complained about is only 18 characters long.. > "xxxxxxx intuit.gif" (first part of filename censored, appears to be a person's > surname). > > Anyone ever see this behavior? Matt, This was recently discussed.. mailscanner will sanitize the filename in the report. It would be advisable to double check the length of the file name in question (either somewhere in the logs or by asking the sender). regards, - dhawal >>From the report: > > Report: MailScanner: Very long filenames are good signs of attacks against > Microsoft e-mail packages (xxxxxxx intuit.gif) > > > And upon checking in the quarantine, that is the filename it trapped and left in > the quarantine. Odd. > > > Checking filename.rules.conf, it's still the 150 character rule: > > # grep "Very long" filename.rules.conf > deny .{150,} Very long filename, possible OE attack > Very long filenames are good signs of attacks > against Microsoft e-mail packages > > > Version info: > > #MailScanner -v > Running on > Linux xanadu.evi-inc.com 2.4.27-grsec #2 Thu Aug 26 14:32:13 EDT 2004 i686 i686 > i386 GNU/Linux > This is Red Hat Linux release 9 (Shrike) > This is Perl version 5.008000 (5.8.0) > > This is MailScanner version 4.50.15 > Module versions are: > > 1.71 Mail::Header > 3.05 MIME::Base64 > 5.419 MIME::Decoder > 5.419 MIME::Decoder::UU > 5.419 MIME::Head > 5.419 MIME::Parser > 3.03 MIME::QuotedPrint > 5.419 MIME::Tools > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! **************** CAUTION - Disclaimer ***************** This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail requesting deletion of the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. NetMagic Solutions Pvt. Ltd. has taken every reasonable precaution to minimize the risk of virus infection & spam, but is not liable for any damage, you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. NetMagic Solutions Pvt. Ltd. reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the NetMagic Solutions Pvt. Ltd.'s e-mail system. ***************** End of Disclaimer ******************* From shuttlebox at gmail.com Sun Mar 19 15:04:40 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Sun Mar 19 15:04:44 2006 Subject: Long filename rule misfire? In-Reply-To: <20060319072248.15170.qmail@mymail.netmagicians.com> References: <441CA41D.7010200@evi-inc.com> <20060319072248.15170.qmail@mymail.netmagicians.com> Message-ID: <625385e30603190704q3ea29096t8d372ec55eb95378@mail.gmail.com> On 3/19/06, Dhawal Doshy wrote: > This was recently discussed.. mailscanner will sanitize the filename in the > report. It would be advisable to double check the length of the file name in > question (either somewhere in the logs or by asking the sender). I think the only place the original file name appears is in the queue files themselves. For Sendmail I look in the df-file. -- /peter From ssilva at sgvwater.com Sun Mar 19 15:40:40 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Sun Mar 19 15:41:09 2006 Subject: Long filename rule misfire? In-Reply-To: <441CA41D.7010200@evi-inc.com> References: <441CA41D.7010200@evi-inc.com> Message-ID: Matt Kettler spake the following on 3/18/2006 4:21 PM: > I had the "Very long filename" rule from filename.rules.conf fire off today. > > Strangely, the file it complained about is only 18 characters long.. > "xxxxxxx intuit.gif" (first part of filename censored, appears to be a person's > surname). > > Anyone ever see this behavior? > > >>From the report: > > Report: MailScanner: Very long filenames are good signs of attacks against > Microsoft e-mail packages (xxxxxxx intuit.gif) > > > And upon checking in the quarantine, that is the filename it trapped and left in > the quarantine. Odd. > > > Checking filename.rules.conf, it's still the 150 character rule: > > # grep "Very long" filename.rules.conf > deny .{150,} Very long filename, possible OE attack > Very long filenames are good signs of attacks > against Microsoft e-mail packages > > > Version info: > > #MailScanner -v > Running on > Linux xanadu.evi-inc.com 2.4.27-grsec #2 Thu Aug 26 14:32:13 EDT 2004 i686 i686 > i386 GNU/Linux > This is Red Hat Linux release 9 (Shrike) > This is Perl version 5.008000 (5.8.0) > > This is MailScanner version 4.50.15 > Module versions are: > > 1.71 Mail::Header > 3.05 MIME::Base64 > 5.419 MIME::Decoder > 5.419 MIME::Decoder::UU > 5.419 MIME::Head > 5.419 MIME::Parser > 3.03 MIME::QuotedPrint > 5.419 MIME::Tools > > > I have been getting a few of these. It is some sort of spam message attempt to get past filtering IMHO. From mailscanner at yeticomputers.com Sun Mar 19 18:48:50 2006 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Sun Mar 19 18:49:09 2006 Subject: FreeBSD 6 - update_virus_scanners weirdness Message-ID: <441DA792.9000504@yeticomputers.com> FreeBSD 6.0 MailScanner 4.51.6 Perl 5.8.8 This is a freshly built server, starting from a minimal FreeBSD 6.0 install. I installed MailScanner from ports after manually downloading MailScanner-install-4.51.6-1.tar.gz and fixing up the port to reflect the newer version of the file. If update_virus_scanners (or even update_virus_scanners.cron) is run manually (as root), everything works fine. If either is launched as a cron job (as root), the f-prot autoupdater fails with the error: "Updates download from http://updates.f-prot.com failed. Suspect server could not be reached," The f-prot-autoupdate script also works fine if run directly. I installed the systutils/rc_subr port since update_virus_scanners.cron used it. Also installed are clamav and bitdefender, and their updates seem to work fine from the cron job. I disabled the ipfilter firewall for testing, but the problem still occurs. There is no proxy server. MailScanner is working great, as always. Anyone have an idea what's happening here? From steve.swaney at fsl.com Sun Mar 19 19:14:30 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Sun Mar 19 19:12:36 2006 Subject: FreeBSD 6 - update_virus_scanners weirdness In-Reply-To: <441DA792.9000504@yeticomputers.com> Message-ID: <022101c64b89$5b176360$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rick Chadderdon > Sent: Sunday, March 19, 2006 1:49 PM > To: MailScanner discussion > Subject: FreeBSD 6 - update_virus_scanners weirdness > > FreeBSD 6.0 > MailScanner 4.51.6 > Perl 5.8.8 > > This is a freshly built server, starting from a minimal FreeBSD 6.0 > install. I installed MailScanner from ports after manually downloading > MailScanner-install-4.51.6-1.tar.gz and fixing up the port to reflect > the newer version of the file. > > If update_virus_scanners (or even update_virus_scanners.cron) is run > manually (as root), everything works fine. If either is launched as a > cron job (as root), the f-prot autoupdater fails with the error: > "Updates download from http://updates.f-prot.com failed. Suspect server > could not be reached," The f-prot-autoupdate script also works fine if > run directly. I installed the systutils/rc_subr port since > update_virus_scanners.cron used it. Also installed are clamav and > bitdefender, and their updates seem to work fine from the cron job. I > disabled the ipfilter firewall for testing, but the problem still > occurs. There is no proxy server. MailScanner is working great, as > always. > > Anyone have an idea what's happening here? > -- This is not a MailScanner problem. Cron jobs run in a different, normally more restricted, environment than root's normal shell. Setup a cron job that just runs `printenv` and compare that with the results of running `printenv` from a normal root shell. Hope this helps, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From mailscanner at yeticomputers.com Sun Mar 19 19:29:10 2006 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Sun Mar 19 19:29:16 2006 Subject: FreeBSD 6 - update_virus_scanners weirdness In-Reply-To: <022101c64b89$5b176360$287ba8c0@office.fsl> References: <022101c64b89$5b176360$287ba8c0@office.fsl> Message-ID: <441DB106.7000409@yeticomputers.com> Thanks, Stephen. I thought it might be an environment problem, but printenv never even crossed my mind. In my defense, I was working on this thing into the wee hours... That doesn't excuse this morning, though. :) This showed me the way... wget wasn't in the limited path of the cron job. Rick Stephen Swaney wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Rick Chadderdon >> Sent: Sunday, March 19, 2006 1:49 PM >> To: MailScanner discussion >> Subject: FreeBSD 6 - update_virus_scanners weirdness >> >> FreeBSD 6.0 >> MailScanner 4.51.6 >> Perl 5.8.8 >> >> This is a freshly built server, starting from a minimal FreeBSD 6.0 >> install. I installed MailScanner from ports after manually downloading >> MailScanner-install-4.51.6-1.tar.gz and fixing up the port to reflect >> the newer version of the file. >> >> If update_virus_scanners (or even update_virus_scanners.cron) is run >> manually (as root), everything works fine. If either is launched as a >> cron job (as root), the f-prot autoupdater fails with the error: >> "Updates download from http://updates.f-prot.com failed. Suspect server >> could not be reached," The f-prot-autoupdate script also works fine if >> run directly. I installed the systutils/rc_subr port since >> update_virus_scanners.cron used it. Also installed are clamav and >> bitdefender, and their updates seem to work fine from the cron job. I >> disabled the ipfilter firewall for testing, but the problem still >> occurs. There is no proxy server. MailScanner is working great, as >> always. >> >> Anyone have an idea what's happening here? >> -- >> > > This is not a MailScanner problem. Cron jobs run in a different, normally > more restricted, environment than root's normal shell. > > Setup a cron job that just runs `printenv` and compare that with the results > of running `printenv` from a normal root shell. > > Hope this helps, > > Steve > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060319/c06a3236/attachment.html From jrudd at ucsc.edu Sun Mar 19 21:51:13 2006 From: jrudd at ucsc.edu (John Rudd) Date: Sun Mar 19 21:56:22 2006 Subject: Default MTA for various distros In-Reply-To: <625385e30603181504j2201b3eds19584f87ebff80be@mail.gmail.com> References: <1137114165.20488.14.camel@localhost.localdomain> <200603172308.k2HN8ltS029547@mail.espmail.net> <625385e30603180512l3b7db763re87bfa05f0be95f5@mail.gmail.com> <5cb5d92c316acbd24b1fa50e6f849881@ucsc.edu> <625385e30603181504j2201b3eds19584f87ebff80be@mail.gmail.com> Message-ID: <1104855869faeb06054b288f85dc0415@ucsc.edu> On Mar 18, 2006, at 3:04 PM, shuttlebox wrote: > On 3/18/06, John Rudd wrote: >> Only if you consider the most trivial aspects of an upgrade. >> >> In reality, in a non-trivial environment, it can take months to go >> from >> the start of an upgrade process to the completion of an upgrade. In >> that kind of environment, it can be nice to know that you wont have to >> put one of those processes on your todo list for a few years. > > On an RPM based system for example an upgrade of OS release is not > much more than a regular upgrade of packages. Do you do that every > other year as well? > > I use test systems so I know what to expect, that can take some time > but the actual upgrades don't take more than 30 minutes. > > I think it's no biggie doing an OS upgrade more often than every six > years no matter how many and complex servers one has. I, in fact, have systems on my network (but not my personal responsibility area) which haven't been updated in any form in 6 years, because the vendor stopped supplying any kind of updates or patches for them. The service they provide is too mission critical to retire them, and the software they use cannot be put on a different platform. There is a project here working to migrate them to something else, but until that's 100% finished (and the scope is significant) and fully tested, the fact remains that they're mission critical. Like I said, in a non-trivial environment, these things can happen, and they matter. From pete at enitech.com.au Mon Mar 20 01:44:09 2006 From: pete at enitech.com.au (Peter Russell) Date: Mon Mar 20 01:44:22 2006 Subject: Split the mails In-Reply-To: <000101c649da$b4b09f50$3004010a@martinhlaptop> References: <000101c649da$b4b09f50$3004010a@martinhlaptop> Message-ID: <441E08E9.8000501@enitech.com.au> It isnt possible on Posthfix unless some one write a script to do it as a filter in Postfix...but i am sure that as soon as it is written the functionality of postfix will change and break it. If i hadnt already begun with postfix i would ahve learnt Exim - one day! Martin Hepworth wrote: > Matthias > > Only possible if you're running sendmail or exim. > > Basically you have to get the MTa to split the 1 email with many recipients > into many emails with 1 recipient. > > There's instructions on how to do this for sendmail and exim in this > file... > > http://www.fsl.com/support/QuarantineReport.tar.gz > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >>-----Original Message----- >>From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>bounces@lists.mailscanner.info] On Behalf Of Matthias Sutter >>Sent: 17 March 2006 15:30 >>To: MailScanner discussion >>Subject: Split the mails >> >>I make several Spam actions for different users. >>But if a mail contains several receiver only the first rule work. >> >>Now is it possible to split into several mails for each receiver? >> >>Or is there an other - may cooler way? >> >>Matthias >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > From Bernard.Lheureux at ibsbe.be Mon Mar 20 09:29:06 2006 From: Bernard.Lheureux at ibsbe.be (Bernard.Lheureux@ibsbe.be) Date: Mon Mar 20 09:29:00 2006 Subject: (no subject) Message-ID: I wanted to know if there was a solution for the problem of "removed carriage returns" in attached text files passing through a MailScanner configured as a gateway with CentOS 4.2 ans Sendmail with ClamAV and Sophos. I have read in the mailinglist that it should be a perl bug but in which module, and how to fix it ? Do you have an idea where I could point my searches to ? Best regards / Vriendelijke groeten / Cordialement, --- Bernard Lheureux Consultant / System Engineer - Networking Team IBS TECHNOLOGY AND SERVICES Leuvense Steenweg, 643 1930 Zaventem - Belgium Phone: +32-(0)2-723.91.11 Fax: +32-(0)2-723.92.99 http://www.ibsts.be -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060320/df3ac9e1/attachment.html From Bernard.Lheureux at ibsbe.be Mon Mar 20 09:41:30 2006 From: Bernard.Lheureux at ibsbe.be (Bernard.Lheureux@ibsbe.be) Date: Mon Mar 20 09:41:22 2006 Subject: Problem of removed carriage return on attached txt-files Message-ID: I wanted to know if there was a solution for the problem of "removed carriage returns" in attached text files passing through a MailScanner configured as a gateway with CentOS 4.2 ans Sendmail with ClamAV and Sophos. I have read in the mailinglist that it should be a perl bug but in which module, and how to fix it ? Do you have an idea where I could point my searches to ? Best regards / Vriendelijke groeten / Cordialement, --- Bernard Lheureux Consultant / System Engineer - Networking Team IBS TECHNOLOGY AND SERVICES Leuvense Steenweg, 643 1930 Zaventem - Belgium Phone: +32-(0)2-723.91.11 Fax: +32-(0)2-723.92.99 http://www.ibsts.be -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060320/f2fabe1a/attachment.html From smcguane at mailshield.com.au Mon Mar 20 09:56:22 2006 From: smcguane at mailshield.com.au (ShaunM [MailShield]) Date: Mon Mar 20 09:56:32 2006 Subject: MailWatch Problem - Does not send emails. In-Reply-To: Message-ID: <200603200956.k2K9uU12011317@bkserver.blacknight.ie> Hi, Does anyone know why this is happening? I have asked this question on the mailwatch lists and had no response. I am in dire need to send out reports and for some reason I have been rattling my brain trying to fix this. I have not been successful. It happens when I try to send reports... It does not send the email although it says it has as shown below. root@filter1 [/usr/mailwatch/tools]# ./quarantine_report.php === Generating report for XXXXX type=D ==== Recipient e-mail address is shaun@XXXXX.id.au ==== Building list for XXXXX ==== Found 0 quarantined e-mails ==== Building list for XXXXX.id.au ==== Found 2539 quarantined e-mails Notice: Only variable references should be returned by reference in /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on line 376 Notice: Only variable references should be returned by reference in /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on line 417 Notice: Only variable references should be returned by reference in /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on line 594 ==== Sent e-mail to shaun@XXXXX.id.au root@filter1 [/usr/mailwatch/tools]# Thanks Shaun _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Bernard.Lheureux@ibsbe.be Sent: Monday, 20 March 2006 8:29 PM To: mailscanner@lists.mailscanner.info Subject: (no subject) I wanted to know if there was a solution for the problem of "removed carriage returns" in attached text files passing through a MailScanner configured as a gateway with CentOS 4.2 ans Sendmail with ClamAV and Sophos. I have read in the mailinglist that it should be a perl bug but in which module, and how to fix it ? Do you have an idea where I could point my searches to ? Best regards / Vriendelijke groeten / Cordialement, --- Bernard Lheureux Consultant / System Engineer - Networking Team IBS TECHNOLOGY AND SERVICES Leuvense Steenweg, 643 1930 Zaventem - Belgium Phone: +32-(0)2-723.91.11 Fax: +32-(0)2-723.92.99 http://www.ibsts.be ---------------------------------------------------------------------------- - This message has been scanned for viruses and malicious content by MailShield http://www.mailshield.com.au --------------------------------------------------------------------------------------------------- MailShield E-mail Anti-Virus, Anti-Spam and Content Filtering Service. http://www.mailshield.com.au -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060320/b3c30965/attachment.html From ugob at camo-route.com Mon Mar 20 10:30:23 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Mon Mar 20 10:31:30 2006 Subject: OT: All processes of Sendmail stuck... DDOS? Message-ID: <441E843F.8090903@camo-route.com> Hi, I used to have 30 sendmail processes max, but raised it to 100 yesterday because almost all of the 30 processes were "busy" waiting for input from other servers. I also reduced the timeout value for the "TO" command. 2 kind of entries show up in "ps aux | grep sendmail": sendmail: server h090.n068.nhk.or.jp [133.127.68.90] cmd read or sendmail: server nat.resnet.mc.edu [64.246.212.52] startup Most of our MX's are having this problem. Using a mix of Greet pause, connexion throttling, greylisting, RBLs. The number of connexions rejected by sendmail by these different processes have known a very significant increase lately. Before implementing Greylisting, MailScanner was processing ~ 100 000 msg/day max on all of our servers. Now all the log entries for rejected connexions by sendmail totals ~ 400 000/ day, and it doesn't look like it si going to stop. We are not getting complaints (yet), and the ressources seems to be able to cope with the problem without significant problems. Anyone experiencing the same thing? Any solution? Regards, Ugo From glenn.steen at gmail.com Mon Mar 20 11:23:37 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 20 11:23:40 2006 Subject: Split the mails In-Reply-To: <441E08E9.8000501@enitech.com.au> References: <000101c649da$b4b09f50$3004010a@martinhlaptop> <441E08E9.8000501@enitech.com.au> Message-ID: <223f97700603200323p6f2c92c6y@mail.gmail.com> On 20/03/06, Peter Russell wrote: > It isnt possible on Posthfix unless some one write a script to do it as > a filter in Postfix...but i am sure that as soon as it is written the > functionality of postfix will change and break it. Actually, it should be possible to do with Postfix, but the problem is that that split would happen _after_ MS reinjects the mails into the incoming queue... So it'd be a bit pointless. What one *could* do (if one feels up to it) is to implement a kind of dual-PF setup where the first just fronts, splits and passes on to the second... that would use the HOLD thing as usual... Not really a nice solution, but perhaps workable, if one *really* needs this. The flow would be something like: [OTHER HOST] -> PF1 -> PF2 -> MS -> PF2 -> [DESTINATION] (slight shudder) > If i hadnt already begun with postfix i would ahve learnt Exim - one day! > (snip) Now now, calm down. Take a deep breath... Look in the mirror and repeat after me "Postfix is good for me... Postfix is good for me ....":-):-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From res at ausics.net Mon Mar 20 11:27:53 2006 From: res at ausics.net (Res) Date: Mon Mar 20 11:28:01 2006 Subject: OT: All processes of Sendmail stuck... DDOS? In-Reply-To: <441E843F.8090903@camo-route.com> References: <441E843F.8090903@camo-route.com> Message-ID: Hi, On Mon, 20 Mar 2006, Ugo Bellavance wrote: > Most of our MX's are having this problem. > Using a mix of Greet pause, connexion throttling, greylisting, RBLs. Ensure the ident time is 1-3 seconds Greet pause, mostly you can get away with setting of 2000 Greylisting... is not really good idea on busy servers, its also very time consuming with those with many MX's, might take an hour or so for mail to get received. RBL's, here might be the problem, try manual lookups on somthing on each RBL used, maybe there is one with problem. > The number of connexions rejected by sendmail by these different processes > have known a very significant increase lately. Before implementing > Greylisting, MailScanner was processing ~ 100 000 msg/day max on all of our > servers. Now all the log entries for rejected connexions by sendmail totals > ~ 400 000/ day, and it doesn't look like it si going to stop. not suprised, dump it and fast! > > We are not getting complaints (yet), and the ressources seems to be able to > cope with the problem without significant problems. > your lucky, we have users who like to email themselves if it doesnt arrive within 30 seconds they ring the support desk :) -- Cheers Res From ugob at camo-route.com Mon Mar 20 12:39:07 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Mon Mar 20 12:39:24 2006 Subject: OT: All processes of Sendmail stuck... DDOS? In-Reply-To: References: <441E843F.8090903@camo-route.com> Message-ID: Res wrote: > Hi, > > On Mon, 20 Mar 2006, Ugo Bellavance wrote: > >> Most of our MX's are having this problem. >> Using a mix of Greet pause, connexion throttling, greylisting, RBLs. > > Ensure the ident time is 1-3 seconds Will check. > > Greet pause, mostly you can get away with setting of 2000 We use a slightly higher value. > > Greylisting... is not really good idea on busy servers, its also very > time consuming with those with many MX's, might take an hour or so for > mail to get received. No problem with many MX's, the milter syncs the records. We had some ajustments to make for big ISP servers which run their queue only once every 1 or 2 hours, but the rest is ok. > > RBL's, here might be the problem, try manual lookups on somthing on each > RBL used, maybe there is one with problem. We found out that the problem was milter-ahead, caused by a destination server not responding. > >> The number of connexions rejected by sendmail by these different >> processes have known a very significant increase lately. Before >> implementing > >> Greylisting, MailScanner was processing ~ 100 000 msg/day max on all >> of our servers. Now all the log entries for rejected connexions by >> sendmail totals ~ 400 000/ day, and it doesn't look like it si going >> to stop. > > not suprised, dump it and fast! > >> >> We are not getting complaints (yet), and the ressources seems to be >> able to cope with the problem without significant problems. >> > > your lucky, we have users who like to email themselves if it doesnt > arrive within 30 seconds they ring the support desk :) It was the week end. Not too bad :). Should be fixed early this morning. > > From ugob at camo-route.com Mon Mar 20 13:07:52 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Mon Mar 20 13:08:12 2006 Subject: SA DomainKeys plugin Message-ID: Hi, Anyone tried the "experimental" plugin for DomainKeys in SpamAssassin? Must be usefull to detect forged yahoo addresses... I've seen in the announcement that in SA 3.1.1 they support the new Mail::DomainKeys API, which seems to have changed a lot (from 0.18->.080) Regards, Ugo From rob at thehostmasters.com Mon Mar 20 14:21:21 2006 From: rob at thehostmasters.com (Rob) Date: Mon Mar 20 14:21:27 2006 Subject: Upgrade only mailscanner & SA on Debian with apt-get? Message-ID: <00a801c64c29$8fe3d100$6400a8c0@flex.com> Hello all... Hope your weekends were good... I want to upgrade to one of the latest Mailscanners and SA... according to my Debian i am running.... Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name Version Description +++-==============-==============-============================================ ii mailscanner 4.41.3-2 email virus scanner and spam tagger ii spamassassin 3.1.0a-1.dirk.31.1 Perl-based spam filter using text analysis ii spamc 3.1.0a-1.dirk.31.1 Client for SpamAssassin spam filtering daemon How can i upgrade just these packages? My applogies if this is off topic a bit.... Thanks and have a great day! Rob.. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060320/dbfd0f95/attachment.html From P.G.M.Peters at utwente.nl Mon Mar 20 15:18:45 2006 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Mon Mar 20 15:18:49 2006 Subject: From line has () In-Reply-To: <6.2.1.2.2.20060316081303.01e62008@pop.mail.yahoo.com> References: <6.2.1.2.2.20060316081303.01e62008@pop.mail.yahoo.com> Message-ID: <441EC7D5.7070100@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hermit921 wrote on 16-3-2006 17:17: > I got a little more information late yesterday. If there is a > syntactically valid email address after the (), the message is > accepted. So just the presence of () is not the complete criteria. > From: brgg works > From: (brgg) fails > From: (brgg) berby@sony.com works > The Exchange people here are trying to figure out if they can do > anything about this. In this case Exchange seems to be correct. A From: header can't be empty. Although it can contain an empty address (<>). The () denotes a comment so From: (dfdfa) is identical to just From:. - -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEHsfVelLo80lrIdIRAkkaAJ9WrrD73vBzEJGYDec3Sj/HmQQCpACfdUgS i/Rm62HFZ+7KDwFJKb/JrzA= =pLwK -----END PGP SIGNATURE----- From glenn.steen at gmail.com Mon Mar 20 16:30:12 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 20 16:30:14 2006 Subject: Upgrade only mailscanner & SA on Debian with apt-get? In-Reply-To: <00a801c64c29$8fe3d100$6400a8c0@flex.com> References: <00a801c64c29$8fe3d100$6400a8c0@flex.com> Message-ID: <223f97700603200830w440d50d5x@mail.gmail.com> On 20/03/06, Rob wrote: > > Hello all... Hope your weekends were good... > > > > I want to upgrade to one of the latest Mailscanners and SA... according to > my Debian i am running.... > > Desired=Unknown/Install/Remove/Purge/Hold > | > Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed > |/ Err?=(none)/Hold/Reinst-required/X=both-problems > (Status,Err: uppercase=bad) > ||/ Name Version Description > +++-==============-==============-============================================ > ii mailscanner 4.41.3-2 email virus scanner and spam tagger > ii spamassassin 3.1.0a-1.dirk.31.1 Perl-based > spam filter using text analysis > ii spamc 3.1.0a-1.dirk.31.1 Client for > SpamAssassin spam filtering daemon > > > > How can i upgrade just these packages? > > My applogies if this is off topic a bit.... > > Thanks and have a great day! > > Rob.. To go to the latest you need go (litteraly) to the source... Which means to use Julians packages, more or less. Never ever install a source package "over" a package-managed package. Backup your settings (See the MAQ/Wiki for what needs be saved for MS), erase those packages, get the MS and ClamAV+SA package from www.mailscanner.info and follow the install instructions (in the tarball/MAQ/Wiki), and manually "copy over" your config(s)... And say "bye-bye" to apt for those subsystems:-). Do read the MAQ (http://wiki.mailscanner.info/doku.php?id=maq:index) and install/upgrade parts under documentation, there is much good info there. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rob at thehostmasters.com Mon Mar 20 17:30:19 2006 From: rob at thehostmasters.com (Rob Morin) Date: Mon Mar 20 17:30:28 2006 Subject: Upgrade only mailscanner & SA on Debian with apt-get? References: <00a801c64c29$8fe3d100$6400a8c0@flex.com> <441EE57E.4040007@lists.mailscanner.info> Message-ID: <015d01c64c43$f5f48380$6400a8c0@flex.com> Oooo... scary.... Not sure if anythign would get mucked up... :( stewy:/home/rob# apt-get -s install mailscanner Reading Package Lists... Done Building Dependency Tree... Done The following extra packages will be installed: libc6 libc6-dev libdb4.4 libdbd-sqlite3-perl libmime-perl libperl-dev libperl5.8 libsqlite3-0 locales perl perl-base perl-modules Suggested packages: glibc-doc libnet-ldap-perl unrar-nonfree f-prot-installer libterm-readline-gnu-perl libterm-readline-perl-perl Recommended packages: tnef ncftp perl-doc The following packages will be REMOVED: base-config The following NEW packages will be installed: libdb4.4 libdbd-sqlite3-perl libsqlite3-0 The following packages will be upgraded: libc6 libc6-dev libmime-perl libperl-dev libperl5.8 locales mailscanner perl perl-base perl-modules 10 upgraded, 3 newly installed, 1 to remove and 356 not upgraded. Remv base-config (2.76 Debian:testing) Inst libc6-dev [2.3.2.ds1-22] (2.3.6-3 Debian:testing) [] Inst locales [2.3.2.ds1-22] (2.3.6-3 Debian:testing) [] Inst libc6 [2.3.2.ds1-22] (2.3.6-3 Debian:testing) Conf libc6 (2.3.6-3 Debian:testing) Inst perl-modules [5.8.7-3] (5.8.8-2 Debian:testing) [] Inst libdb4.4 (4.4.20-3 Debian:testing) [] Inst libperl-dev [5.8.7-3] (5.8.8-2 Debian:testing) [] Inst libperl5.8 [5.8.7-3] (5.8.8-2 Debian:testing) [] Inst perl-base [5.8.7-3] (5.8.8-2 Debian:testing) [liburi-perl perl ] Conf perl-base (5.8.8-2 Debian:testing) [liburi-perl perl ] Inst perl [5.8.7-3] (5.8.8-2 Debian:testing) Inst libmime-perl [5.417-1] (5.419-1 Debian:testing) Inst libsqlite3-0 (3.2.8-1 Debian:testing) Inst libdbd-sqlite3-perl (1.11-1 Debian:testing) Inst mailscanner [4.41.3-2] (4.51.5-1 Debian:testing) Conf libc6-dev (2.3.6-3 Debian:testing) Conf locales (2.3.6-3 Debian:testing) Conf libdb4.4 (4.4.20-3 Debian:testing) Conf perl (5.8.8-2 Debian:testing) Conf perl-modules (5.8.8-2 Debian:testing) Conf libperl5.8 (5.8.8-2 Debian:testing) Conf libperl-dev (5.8.8-2 Debian:testing) Conf libmime-perl (5.419-1 Debian:testing) Conf libsqlite3-0 (3.2.8-1 Debian:testing) Conf libdbd-sqlite3-perl (1.11-1 Debian:testing) Conf mailscanner (4.51.5-1 Debian:testing) ----- Original Message ----- From: "MailScanner discussion" To: Sent: Monday, March 20, 2006 12:25 PM Subject: Re: Upgrade only mailscanner & SA on Debian with apt-get? > Rob wrote: >> Hello all... Hope your weekends were good... >> >> I want to upgrade to one of the latest Mailscanners and SA... according >> to my Debian i am running.... >> Desired=Unknown/Install/Remove/Purge/Hold >> | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed >> |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: >> uppercase=bad) >> ||/ Name Version Description >> +++-==============-==============-============================================ >> ii mailscanner 4.41.3-2 email virus scanner and spam tagger >> ii spamassassin 3.1.0a-1.dirk.31.1 >> Perl-based spam filter using text analysis >> ii spamc 3.1.0a-1.dirk.31.1 Client >> for SpamAssassin spam filtering daemon >> How can i upgrade just these packages? >> My applogies if this is off topic a bit.... >> Thanks and have a great day! >> Rob.. > Assuming the packages you want are available in the repositories, but you > just want to upgrade mailscanner et al rather than the full whack, apt-get > install mailscanner spamassassin spamc will just upgrade those three > packages if there are newer versions available. > > Failing that, you either need the source, or to pin your distro to pull > from stable normally but from testing etc if you force the option to get > newer packages. > > Regards, > > Alex > From strydom.dave at gmail.com Mon Mar 20 18:37:23 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Mon Mar 20 18:37:27 2006 Subject: MailWatch Problem - Does not send emails. In-Reply-To: <200603200956.k2K9uU12011317@bkserver.blacknight.ie> References: <200603200956.k2K9uU12011317@bkserver.blacknight.ie> Message-ID: you using php-4.4.0 aren't you? go to those lines in the mime.php and remove the '&' from those lines. Dave On 3/20/06, ShaunM [MailShield] wrote: > > > > Hi, > > > > Does anyone know why this is happening? I have asked this question on the > mailwatch lists and had no > response. I am in dire need to send out reports and for some reason I have > been rattling my brain > trying to fix this. I have not been successful. > > > > It happens when I try to send reports... It does not send the email although > it says it has as shown below. > > > > > > root@filter1 [/usr/mailwatch/tools]# ./quarantine_report.php > > > > === Generating report for XXXXX type=D > > ==== Recipient e-mail address is shaun@XXXXX.id.au ==== Building list for > XXXXX ==== Found 0 quarantined e-mails ==== Building list for XXXXX.id.au > ==== Found 2539 quarantined e-mails > > > > Notice: Only variable references should be returned by reference in > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > line 376 > > > > Notice: Only variable references should be returned by reference in > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > line 417 > > > > Notice: Only variable references should be returned by reference in > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > line 594 > > > > ==== Sent e-mail to shaun@XXXXX.id.au > > > > root@filter1 [/usr/mailwatch/tools]# > > > > > > > > Thanks > > Shaun > > > > > > > > > > ________________________________ > > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Bernard.Lheureux@ibsbe.be > Sent: Monday, 20 March 2006 8:29 PM > To: mailscanner@lists.mailscanner.info > Subject: (no subject) > > > > > I wanted to know if there was a solution for the problem of "removed > carriage returns" in attached text files passing through a MailScanner > configured as a gateway with CentOS 4.2 ans Sendmail with ClamAV and Sophos. > I have read in the mailinglist that it should be a perl bug but in which > module, and how to fix it ? > Do you have an idea where I could point my searches to ? > > Best regards / Vriendelijke groeten / Cordialement, > > --- > Bernard Lheureux > Consultant / System Engineer - Networking Team > > IBS TECHNOLOGY AND SERVICES > Leuvense Steenweg, 643 > 1930 Zaventem - Belgium > Phone: +32-(0)2-723.91.11 Fax: +32-(0)2-723.92.99 > http://www.ibsts.be > > > ----------------------------------------------------------------------------- > This message has been scanned for viruses and malicious content by > MailShield > http://www.mailshield.com.au > > > ----------------------------------------------------------------------------- > This message has been scanned for viruses and malicious content by > MailShield > http://www.mailshield.com.au > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From smcguane at mailshield.com.au Mon Mar 20 21:53:02 2006 From: smcguane at mailshield.com.au (ShaunM [MailShield]) Date: Mon Mar 20 21:53:12 2006 Subject: MailWatch Problem - Does not send emails. In-Reply-To: Message-ID: <200603202153.k2KLr9AD020602@bkserver.blacknight.ie> What program will tell me which line im at when editing? Vi and nano don't. Thanks Shaun -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave Strydom Sent: Tuesday, 21 March 2006 5:37 AM To: MailScanner discussion Subject: Re: MailWatch Problem - Does not send emails. you using php-4.4.0 aren't you? go to those lines in the mime.php and remove the '&' from those lines. Dave On 3/20/06, ShaunM [MailShield] wrote: > > > > Hi, > > > > Does anyone know why this is happening? I have asked this question on the > mailwatch lists and had no > response. I am in dire need to send out reports and for some reason I have > been rattling my brain > trying to fix this. I have not been successful. > > > > It happens when I try to send reports... It does not send the email although > it says it has as shown below. > > > > > > root@filter1 [/usr/mailwatch/tools]# ./quarantine_report.php > > > > === Generating report for XXXXX type=D > > ==== Recipient e-mail address is shaun@XXXXX.id.au ==== Building list for > XXXXX ==== Found 0 quarantined e-mails ==== Building list for XXXXX.id.au > ==== Found 2539 quarantined e-mails > > > > Notice: Only variable references should be returned by reference in > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > line 376 > > > > Notice: Only variable references should be returned by reference in > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > line 417 > > > > Notice: Only variable references should be returned by reference in > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > line 594 > > > > ==== Sent e-mail to shaun@XXXXX.id.au > > > > root@filter1 [/usr/mailwatch/tools]# > > > > > > > > Thanks > > Shaun > > > > > > > > > > ________________________________ > > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Bernard.Lheureux@ibsbe.be > Sent: Monday, 20 March 2006 8:29 PM > To: mailscanner@lists.mailscanner.info > Subject: (no subject) > > > > > I wanted to know if there was a solution for the problem of "removed > carriage returns" in attached text files passing through a MailScanner > configured as a gateway with CentOS 4.2 ans Sendmail with ClamAV and Sophos. > I have read in the mailinglist that it should be a perl bug but in which > module, and how to fix it ? > Do you have an idea where I could point my searches to ? > > Best regards / Vriendelijke groeten / Cordialement, > > --- > Bernard Lheureux > Consultant / System Engineer - Networking Team > > IBS TECHNOLOGY AND SERVICES > Leuvense Steenweg, 643 > 1930 Zaventem - Belgium > Phone: +32-(0)2-723.91.11 Fax: +32-(0)2-723.92.99 > http://www.ibsts.be > > > ---------------------------------------------------------------------------- - > This message has been scanned for viruses and malicious content by > MailShield > http://www.mailshield.com.au > > > ---------------------------------------------------------------------------- - > This message has been scanned for viruses and malicious content by > MailShield > http://www.mailshield.com.au > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website!


---------------------------------------------------------------------------- -
This message has been scanned for viruses and malicious content by MailShield
http://www.mailshield.com.au


-----------------------------------------------------------------------------
This message has been scanned for viruses and malicious content by MailShield
http://www.mailshield.com.au
 From paul at welshfamily.com Mon Mar 20 21:57:16 2006 From: paul at welshfamily.com (Paul Welsh) Date: Mon Mar 20 21:57:29 2006 Subject: Moving bayes database In-Reply-To: <1137114165.20488.14.camel@localhost.localdomain> Message-ID: <200603202157.k2KLvJIv003078@mail.espmail.net> Hi Everyone Is it possible to move my bayes database from my old to my new server? If so, how? I'm running SpamAssassin 3.1.0 on my current server but have version 3.1.1 on my new server. From jaearick at colby.edu Mon Mar 20 22:01:27 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon Mar 20 22:05:25 2006 Subject: MailWatch Problem - Does not send emails. In-Reply-To: <200603202153.k2KLr9AD020602@bkserver.blacknight.ie> References: <200603202153.k2KLr9AD020602@bkserver.blacknight.ie> Message-ID: What???!!! Of course vi will tell you. control-g at whatever line you are on. Or if you want to see all lines, :set number will do it. Jeff Earickson On Tue, 21 Mar 2006, ShaunM [MailShield] wrote: > Date: Tue, 21 Mar 2006 08:53:02 +1100 > From: "ShaunM [MailShield]" > Reply-To: MailScanner discussion > To: 'MailScanner discussion' > Subject: RE: MailWatch Problem - Does not send emails. > > What program will tell me which line im at when editing? > > Vi and nano don't. > > Thanks > Shaun > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave > Strydom > Sent: Tuesday, 21 March 2006 5:37 AM > To: MailScanner discussion > Subject: Re: MailWatch Problem - Does not send emails. > > you using php-4.4.0 aren't you? > > go to those lines in the mime.php and remove the '&' from those lines. > > Dave > > On 3/20/06, ShaunM [MailShield] wrote: >> >> >> >> Hi, >> >> >> >> Does anyone know why this is happening? I have asked this question on the >> mailwatch lists and had no >> response. I am in dire need to send out reports and for some reason I > have >> been rattling my brain >> trying to fix this. I have not been successful. >> >> >> >> It happens when I try to send reports... It does not send the email > although >> it says it has as shown below. >> >> >> >> >> >> root@filter1 [/usr/mailwatch/tools]# ./quarantine_report.php >> >> >> >> === Generating report for XXXXX type=D >> >> ==== Recipient e-mail address is shaun@XXXXX.id.au ==== Building list > for >> XXXXX ==== Found 0 quarantined e-mails ==== Building list for > XXXXX.id.au >> ==== Found 2539 quarantined e-mails >> >> >> >> Notice: Only variable references should be returned by reference in >> /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on >> line 376 >> >> >> >> Notice: Only variable references should be returned by reference in >> /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on >> line 417 >> >> >> >> Notice: Only variable references should be returned by reference in >> /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on >> line 594 >> >> >> >> ==== Sent e-mail to shaun@XXXXX.id.au >> >> >> >> root@filter1 [/usr/mailwatch/tools]# >> >> >> >> >> >> >> >> Thanks >> >> Shaun >> >> >> >> >> >> >> >> >> >> ________________________________ >> >> >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On >> Behalf Of Bernard.Lheureux@ibsbe.be >> Sent: Monday, 20 March 2006 8:29 PM >> To: mailscanner@lists.mailscanner.info >> Subject: (no subject) >> >> >> >> >> I wanted to know if there was a solution for the problem of "removed >> carriage returns" in attached text files passing through a MailScanner >> configured as a gateway with CentOS 4.2 ans Sendmail with ClamAV and > Sophos. >> I have read in the mailinglist that it should be a perl bug but in which >> module, and how to fix it ? >> Do you have an idea where I could point my searches to ? >> >> Best regards / Vriendelijke groeten / Cordialement, >> >> --- >> Bernard Lheureux >> Consultant / System Engineer - Networking Team >> >> IBS TECHNOLOGY AND SERVICES >> Leuvense Steenweg, 643 >> 1930 Zaventem - Belgium >> Phone: +32-(0)2-723.91.11 Fax: +32-(0)2-723.92.99 >> http://www.ibsts.be >> >> >> > ---------------------------------------------------------------------------- > - >> This message has been scanned for viruses and malicious content by >> MailShield >> http://www.mailshield.com.au >> >> >> > ---------------------------------------------------------------------------- > - >> This message has been scanned for viruses and malicious content by >> MailShield >> http://www.mailshield.com.au >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > >
>
>
> ---------------------------------------------------------------------------- > -
> This message has been scanned for viruses and malicious content by > MailShield
> size="2" face="Arial, Helvetica, > sans-serif">http://www.mailshield.com.au color="#44a82e" face="Arial, Helvetica, > sans-serif">
> > > > > > > >
>
>
> -----------------------------------------------------------------------------
> This message has been scanned for viruses and malicious content by MailShield
> http://www.mailshield.com.au
> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mailscanner at yeticomputers.com Mon Mar 20 22:07:16 2006 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Mon Mar 20 22:07:25 2006 Subject: MailWatch Problem - Does not send emails. In-Reply-To: <200603202153.k2KLr9AD020602@bkserver.blacknight.ie> References: <200603202153.k2KLr9AD020602@bkserver.blacknight.ie> Message-ID: <441F2794.3090605@yeticomputers.com> Hitting CTRL-C in nano should show the line number near the bottom of the page. ShaunM [MailShield] wrote: >What program will tell me which line im at when editing? > >Vi and nano don't. > > From john at jolet.net Mon Mar 20 22:14:46 2006 From: john at jolet.net (John Jolet) Date: Mon Mar 20 22:14:48 2006 Subject: MailWatch Problem - Does not send emails. In-Reply-To: <441F2794.3090605@yeticomputers.com> References: <200603202153.k2KLr9AD020602@bkserver.blacknight.ie> <441F2794.3090605@yeticomputers.com> Message-ID: On Mar 20, 2006, at 4:07 PM, Rick Chadderdon wrote: > Hitting CTRL-C in nano should show the line number near the bottom of > the page. > > ShaunM [MailShield] wrote: > >> What program will tell me which line im at when editing? >> >> Vi and nano don't. >> >> control-g in vim will do the same. From dyioulos at firstbhph.com Mon Mar 20 22:32:52 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Mon Mar 20 22:33:10 2006 Subject: MailWatch Problem - Does not send emails. In-Reply-To: <200603202153.k2KLr9AD020602@bkserver.blacknight.ie> References: <200603202153.k2KLr9AD020602@bkserver.blacknight.ie> Message-ID: <200603201732.53363.dyioulos@firstbhph.com> vi should. Look at the bottom of the editing screen. You should see the file name number of lines and number of characters on the left, and the line and column your cursor are in on the right (as in 3,1). HTH Dimitri On Monday March 20 2006 4:53 pm, ShaunM [MailShield] wrote: > What program will tell me which line im at when editing? > > Vi and nano don't. > > Thanks > Shaun > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave > Strydom > Sent: Tuesday, 21 March 2006 5:37 AM > To: MailScanner discussion > Subject: Re: MailWatch Problem - Does not send emails. > > you using php-4.4.0 aren't you? > > go to those lines in the mime.php and remove the '&' from those lines. > > Dave > > On 3/20/06, ShaunM [MailShield] wrote: > > Hi, > > > > > > > > Does anyone know why this is happening? I have asked this question on the > > mailwatch lists and had no > > response. I am in dire need to send out reports and for some reason I > > have > > > been rattling my brain > > trying to fix this. I have not been successful. > > > > > > > > It happens when I try to send reports... It does not send the email > > although > > > it says it has as shown below. > > > > > > > > > > > > root@filter1 [/usr/mailwatch/tools]# ./quarantine_report.php > > > > > > > > === Generating report for XXXXX type=D > > > > ==== Recipient e-mail address is shaun@XXXXX.id.au ==== Building list > > for > > > XXXXX ==== Found 0 quarantined e-mails ==== Building list for > > XXXXX.id.au > > > ==== Found 2539 quarantined e-mails > > > > > > > > Notice: Only variable references should be returned by reference in > > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > > line 376 > > > > > > > > Notice: Only variable references should be returned by reference in > > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > > line 417 > > > > > > > > Notice: Only variable references should be returned by reference in > > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > > line 594 > > > > > > > > ==== Sent e-mail to shaun@XXXXX.id.au > > > > > > > > root@filter1 [/usr/mailwatch/tools]# > > > > > > > > > > > > > > > > Thanks > > > > Shaun > > > > > > > > > > > > > > > > > > > > ________________________________ > > > > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Bernard.Lheureux@ibsbe.be > > Sent: Monday, 20 March 2006 8:29 PM > > To: mailscanner@lists.mailscanner.info > > Subject: (no subject) > > > > > > > > > > I wanted to know if there was a solution for the problem of "removed > > carriage returns" in attached text files passing through a MailScanner > > configured as a gateway with CentOS 4.2 ans Sendmail with ClamAV and > > Sophos. > > > I have read in the mailinglist that it should be a perl bug but in which > > module, and how to fix it ? > > Do you have an idea where I could point my searches to ? > > > > Best regards / Vriendelijke groeten / Cordialement, > > > > --- > > Bernard Lheureux > > Consultant / System Engineer - Networking Team > > > > IBS TECHNOLOGY AND SERVICES > > Leuvense Steenweg, 643 > > 1930 Zaventem - Belgium > > Phone: +32-(0)2-723.91.11 Fax: +32-(0)2-723.92.99 > > http://www.ibsts.be > > --------------------------------------------------------------------------- >- - > > > This message has been scanned for viruses and malicious content by > > MailShield > > http://www.mailshield.com.au > > --------------------------------------------------------------------------- >- - > > > This message has been scanned for viruses and malicious content by > > MailShield > > http://www.mailshield.com.au > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > >
>
>
> --------------------------------------------------------------------------- >- -
> This message has been scanned for viruses and malicious content by > MailShield
> size="2" face="Arial, Helvetica, > sans-serif">http://www.mailshield.com.au color="#44a82e" face="Arial, Helvetica, > sans-serif">
> > > > > > > >
>
>
> --------------------------------------------------------------------------- >--
This message has been scanned for viruses and malicious content by > MailShield
color="#44a82e" size="2" face="Arial, Helvetica, > sans-serif">http://www.mailshield.com.au color="#44a82e" face="Arial, Helvetica, sans-serif">
> > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Mon Mar 20 22:32:16 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Mar 20 22:33:14 2006 Subject: Moving bayes database In-Reply-To: <200603202157.k2KLvJIv003078@mail.espmail.net> References: <1137114165.20488.14.camel@localhost.localdomain> <200603202157.k2KLvJIv003078@mail.espmail.net> Message-ID: Paul Welsh spake the following on 3/20/2006 1:57 PM: > Hi Everyone > Is it possible to move my bayes database from my old to my new server? If > so, how? I'm running SpamAssassin 3.1.0 on my current server but have > version 3.1.1 on my new server. > I have just done it. I just stopped MailScanner on the old server, rsync'd the files to the new server and started MailScanner on the new server. But I named the new server the same as the old server, but I don't think it matters. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From smcguane at mailshield.com.au Tue Mar 21 02:43:01 2006 From: smcguane at mailshield.com.au (ShaunM [MailShield]) Date: Tue Mar 21 02:43:11 2006 Subject: MailWatch Problem - Does not send emails. In-Reply-To: Message-ID: <200603210243.k2L2h8QP024915@bkserver.blacknight.ie> Heyas, Thanks for that I didn't know that little trick. However there is no & on any of those lines. Anyone know what else it will be ? Thanks Shaun -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave Strydom Sent: Tuesday, 21 March 2006 5:37 AM To: MailScanner discussion Subject: Re: MailWatch Problem - Does not send emails. you using php-4.4.0 aren't you? go to those lines in the mime.php and remove the '&' from those lines. Dave On 3/20/06, ShaunM [MailShield] wrote: > > > > Hi, > > > > Does anyone know why this is happening? I have asked this question on the > mailwatch lists and had no > response. I am in dire need to send out reports and for some reason I have > been rattling my brain > trying to fix this. I have not been successful. > > > > It happens when I try to send reports... It does not send the email although > it says it has as shown below. > > > > > > root@filter1 [/usr/mailwatch/tools]# ./quarantine_report.php > > > > === Generating report for XXXXX type=D > > ==== Recipient e-mail address is shaun@XXXXX.id.au ==== Building list for > XXXXX ==== Found 0 quarantined e-mails ==== Building list for XXXXX.id.au > ==== Found 2539 quarantined e-mails > > > > Notice: Only variable references should be returned by reference in > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > line 376 > > > > Notice: Only variable references should be returned by reference in > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > line 417 > > > > Notice: Only variable references should be returned by reference in > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > line 594 > > > > ==== Sent e-mail to shaun@XXXXX.id.au > > > > root@filter1 [/usr/mailwatch/tools]# > > > > > > > > Thanks > > Shaun > > > > > > > > > > ________________________________ > > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Bernard.Lheureux@ibsbe.be > Sent: Monday, 20 March 2006 8:29 PM > To: mailscanner@lists.mailscanner.info > Subject: (no subject) > > > > > I wanted to know if there was a solution for the problem of "removed > carriage returns" in attached text files passing through a MailScanner > configured as a gateway with CentOS 4.2 ans Sendmail with ClamAV and Sophos. > I have read in the mailinglist that it should be a perl bug but in which > module, and how to fix it ? > Do you have an idea where I could point my searches to ? > > Best regards / Vriendelijke groeten / Cordialement, > > --- > Bernard Lheureux > Consultant / System Engineer - Networking Team > > IBS TECHNOLOGY AND SERVICES > Leuvense Steenweg, 643 > 1930 Zaventem - Belgium > Phone: +32-(0)2-723.91.11 Fax: +32-(0)2-723.92.99 > http://www.ibsts.be > > > ---------------------------------------------------------------------------- - > This message has been scanned for viruses and malicious content by > MailShield > http://www.mailshield.com.au > > > ---------------------------------------------------------------------------- - > This message has been scanned for viruses and malicious content by > MailShield > http://www.mailshield.com.au > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website!


---------------------------------------------------------------------------- -
This message has been scanned for viruses and malicious content by MailShield
http://www.mailshield.com.au


-----------------------------------------------------------------------------
This message has been scanned for viruses and malicious content by MailShield
http://www.mailshield.com.au
 From brose at med.wayne.edu Tue Mar 21 02:57:53 2006 From: brose at med.wayne.edu (Rose, Bobby) Date: Tue Mar 21 02:57:57 2006 Subject: Filetype/MailScanner bug Message-ID: <8F2A53954C22554EB75D9643FCCE0C6B48865D@MED-CORE03-MS1.med.wayne.edu> Since the "Use TNEF Contents" function in the latest version, I've come across a pseudo bug. It's really not a bug since both file and MailScanner are doing exactly what they're supposed to. If "Use TNEF Contents" is yes and a plain text message or rtf formatted message is processed, there is a potential for file to misinterpret a text message as an incorrect filetype because of string of text being in the correct byte position that magic is expecting for a particular filetype. It was stumbled upon by a one of our researchers who received a "No QuickTime movies allowed (msg-19905-304.txt)" warning from mail server. After investigation it turned out that the word "free" was in the 4th byte position which is also a magic signature for quicktime. I've been able to dupe by sending a plain-text and an rtf formatted message with "RE: freezer emergency" as the first line in the message body. Any ideas for a fix to have MailScanner ignore a misdiagnosis by file without compromising security. \.txt$ is allowed in my filenames rule file so that currently can't be used to offset. -=Bobby From taz at taz-mania.com Tue Mar 21 03:00:02 2006 From: taz at taz-mania.com (Dennis Willson) Date: Tue Mar 21 03:00:18 2006 Subject: MailWatch Problem - Does not send emails. In-Reply-To: <200603201732.53363.dyioulos@firstbhph.com> References: <200603202153.k2KLr9AD020602@bkserver.blacknight.ie> <200603201732.53363.dyioulos@firstbhph.com> Message-ID: <441F6C32.6080009@taz-mania.com> nano will tell you what line you're on if you hit Ctl-c Dimitri Yioulos wrote: >vi should. Look at the bottom of the editing screen. You should see the file >name number of lines and number of characters on the left, and the line and >column your cursor are in on the right (as in 3,1). > >HTH > >Dimitri > > >On Monday March 20 2006 4:53 pm, ShaunM [MailShield] wrote: > > >>What program will tell me which line im at when editing? >> >>Vi and nano don't. >> >>Thanks >>Shaun >> >>-----Original Message----- >>From: mailscanner-bounces@lists.mailscanner.info >>[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave >>Strydom >>Sent: Tuesday, 21 March 2006 5:37 AM >>To: MailScanner discussion >>Subject: Re: MailWatch Problem - Does not send emails. >> >>you using php-4.4.0 aren't you? >> >>go to those lines in the mime.php and remove the '&' from those lines. >> >>Dave >> >>On 3/20/06, ShaunM [MailShield] wrote: >> >> >>>Hi, >>> >>> >>> >>>Does anyone know why this is happening? I have asked this question on the >>>mailwatch lists and had no >>> response. I am in dire need to send out reports and for some reason I >>> >>> >>have >> >> >> >>>been rattling my brain >>> trying to fix this. I have not been successful. >>> >>> >>> >>>It happens when I try to send reports... It does not send the email >>> >>> >>although >> >> >> >>>it says it has as shown below. >>> >>> >>> >>> >>> >>>root@filter1 [/usr/mailwatch/tools]# ./quarantine_report.php >>> >>> >>> >>> === Generating report for XXXXX type=D >>> >>> ==== Recipient e-mail address is shaun@XXXXX.id.au ==== Building list >>> >>> >>for >> >> >> >>>XXXXX ==== Found 0 quarantined e-mails ==== Building list for >>> >>> >>XXXXX.id.au >> >> >> >>>==== Found 2539 quarantined e-mails >>> >>> >>> >>>Notice: Only variable references should be returned by reference in >>>/usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on >>>line 376 >>> >>> >>> >>>Notice: Only variable references should be returned by reference in >>>/usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on >>>line 417 >>> >>> >>> >>>Notice: Only variable references should be returned by reference in >>>/usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on >>>line 594 >>> >>> >>> >>> ==== Sent e-mail to shaun@XXXXX.id.au >>> >>> >>> >>>root@filter1 [/usr/mailwatch/tools]# >>> >>> >>> >>> >>> >>> >>> >>>Thanks >>> >>>Shaun >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> ________________________________ >>> >>> >>>From: mailscanner-bounces@lists.mailscanner.info >>>[mailto:mailscanner-bounces@lists.mailscanner.info] On >>>Behalf Of Bernard.Lheureux@ibsbe.be >>> Sent: Monday, 20 March 2006 8:29 PM >>> To: mailscanner@lists.mailscanner.info >>> Subject: (no subject) >>> >>> >>> >>> >>> I wanted to know if there was a solution for the problem of "removed >>>carriage returns" in attached text files passing through a MailScanner >>>configured as a gateway with CentOS 4.2 ans Sendmail with ClamAV and >>> >>> >>Sophos. >> >> >> >>> I have read in the mailinglist that it should be a perl bug but in which >>>module, and how to fix it ? >>> Do you have an idea where I could point my searches to ? >>> >>> Best regards / Vriendelijke groeten / Cordialement, >>> >>> --- >>> Bernard Lheureux >>> Consultant / System Engineer - Networking Team >>> >>>IBS TECHNOLOGY AND SERVICES >>> Leuvense Steenweg, 643 >>> 1930 Zaventem - Belgium >>> Phone: +32-(0)2-723.91.11 Fax: +32-(0)2-723.92.99 >>> http://www.ibsts.be >>> >>> >>--------------------------------------------------------------------------- >>- - >> >> >> >>> This message has been scanned for viruses and malicious content by >>>MailShield >>> http://www.mailshield.com.au >>> >>> >>--------------------------------------------------------------------------- >>- - >> >> >> >>> This message has been scanned for viruses and malicious content by >>>MailShield >>> http://www.mailshield.com.au >>> >>>-- >>>MailScanner mailing list >>>mailscanner@lists.mailscanner.info >>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>>Before posting, read http://wiki.mailscanner.info/posting >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! >> >>
>>
>>
>>--------------------------------------------------------------------------- >>- -
>>This message has been scanned for viruses and malicious content by >>MailShield
>>>size="2" face="Arial, Helvetica, >>sans-serif">http://www.mailshield.com.au>color="#44a82e" face="Arial, Helvetica, >>sans-serif">
>> >> >> >> >> >> >> >>
>>
>>
>>--------------------------------------------------------------------------- >>--
This message has been scanned for viruses and malicious content by >>MailShield
>color="#44a82e" size="2" face="Arial, Helvetica, >>sans-serif">http://www.mailshield.com.au>color="#44a82e" face="Arial, Helvetica, sans-serif">
>> >> >> >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! >> >> > > > -- Dennis Willson (taz@taz-mania.com) Owner, Operator of Kepnet Internet Services http://www.kepnet.com -------------- next part -------------- A non-text attachment was scrubbed... Name: taz.vcf Type: text/x-vcard Size: 229 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060320/dff8c5ff/taz.vcf From joshua.hirsh at partnersolutions.ca Tue Mar 21 03:09:05 2006 From: joshua.hirsh at partnersolutions.ca (Joshua Hirsh) Date: Tue Mar 21 03:09:09 2006 Subject: Moving bayes database Message-ID: -- Scott Silva Wrote -- > I have just done it. I just stopped MailScanner on the old > server, rsync'd the files to the new server and started > MailScanner on the new server. But I named the new server > the same as the old server, but I don't think it matters. I normally use the sa-learn command to backup and restore the Bayes database between new servers, but I suspect the rsync method works equally well, as long as MailScanner is turned off when you copy it. These are the two commands that I would normally use: sa-learn --dbpath /var/spool/MailScanner/SpamAssassin/ --backup > bayes_db-20060320.out sa-learn --dbpath /var/spool/MailScanner/SpamAssassin/ --restore bayes_db-20050517.out Cheers, -Joshua From glenn.steen at gmail.com Tue Mar 21 11:24:29 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 21 11:24:32 2006 Subject: Filetype/MailScanner bug In-Reply-To: <8F2A53954C22554EB75D9643FCCE0C6B48865D@MED-CORE03-MS1.med.wayne.edu> References: <8F2A53954C22554EB75D9643FCCE0C6B48865D@MED-CORE03-MS1.med.wayne.edu> Message-ID: <223f97700603210324x59365425m@mail.gmail.com> On 21/03/06, Rose, Bobby wrote: > Since the "Use TNEF Contents" function in the latest version, I've come > across a pseudo bug. It's really not a bug since both file and > MailScanner are doing exactly what they're supposed to. > > If "Use TNEF Contents" is yes and a plain text message or rtf formatted > message is processed, there is a potential for file to misinterpret a > text message as an incorrect filetype because of string of text being in > the correct byte position that magic is expecting for a particular > filetype. > > It was stumbled upon by a one of our researchers who received a "No > QuickTime movies allowed (msg-19905-304.txt)" warning from mail server. > After investigation it turned out that the word "free" was in the 4th > byte position which is also a magic signature for quicktime. I've been > able to dupe by sending a plain-text and an rtf formatted message with > "RE: freezer emergency" as the first line in the message body. > > Any ideas for a fix to have MailScanner ignore a misdiagnosis by file > without compromising security. \.txt$ is allowed in my filenames rule > file so that currently can't be used to offset. > > -=Bobby Best "solution" (aside from not trusting file with this at all) is to make file better.... I'm sure you can improve on the simplistic "free in the fourth position" check. Or just reewmove that line from your magic file. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From brose at med.wayne.edu Tue Mar 21 13:33:50 2006 From: brose at med.wayne.edu (Rose, Bobby) Date: Tue Mar 21 13:33:59 2006 Subject: Filetype/MailScanner bug Message-ID: <8F2A53954C22554EB75D9643FCCE0C6B48865F@MED-CORE03-MS1.med.wayne.edu> But you miss my point. A lot of filetypes that file and magic detects is based on the same methodology and even though the odds could be against it, if it happens with the word "free" being in the fourth byte position, the same could occur with anything in the magic file when a text file is passed thru it. Plus the magic file is based off work and discovery of the internet community over many years. If there was a better signature, I'm sure someone would have added it to the file. At http://www.garykessler.net/library/file_sigs.html which is dated 12/20/2005 and the last comment line says "free" is the most common signature of a quicktime file. Maybe a better question should whether the txt file that tnef extracts to msg-*.txt should even be passed thru file to avoid a misdiagnosis. That reduces the chances while maintaining a greater level of intended security wanted by the admin. -=B -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Tuesday, March 21, 2006 6:24 AM To: MailScanner discussion Subject: Re: Filetype/MailScanner bug On 21/03/06, Rose, Bobby wrote: > Since the "Use TNEF Contents" function in the latest version, I've > come across a pseudo bug. It's really not a bug since both file and > MailScanner are doing exactly what they're supposed to. > > If "Use TNEF Contents" is yes and a plain text message or rtf > formatted message is processed, there is a potential for file to > misinterpret a text message as an incorrect filetype because of string > of text being in the correct byte position that magic is expecting for > a particular filetype. > > It was stumbled upon by a one of our researchers who received a "No > QuickTime movies allowed (msg-19905-304.txt)" warning from mail server. > After investigation it turned out that the word "free" was in the 4th > byte position which is also a magic signature for quicktime. I've > been able to dupe by sending a plain-text and an rtf formatted message > with > "RE: freezer emergency" as the first line in the message body. > > Any ideas for a fix to have MailScanner ignore a misdiagnosis by file > without compromising security. \.txt$ is allowed in my filenames rule > file so that currently can't be used to offset. > > -=Bobby Best "solution" (aside from not trusting file with this at all) is to make file better.... I'm sure you can improve on the simplistic "free in the fourth position" check. Or just reewmove that line from your magic file. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From strydom.dave at gmail.com Tue Mar 21 13:59:42 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Tue Mar 21 13:59:48 2006 Subject: MailWatch Problem - Does not send emails. In-Reply-To: <200603202153.k2KLr9AD020602@bkserver.blacknight.ie> References: <200603202153.k2KLr9AD020602@bkserver.blacknight.ie> Message-ID: In nano open the file and press: Ctrl+W, Ctrl+T and put in the line number, and then press enter this will take you to that line. Dave On 3/20/06, ShaunM [MailShield] wrote: > What program will tell me which line im at when editing? > > Vi and nano don't. > > Thanks > Shaun > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave > Strydom > Sent: Tuesday, 21 March 2006 5:37 AM > To: MailScanner discussion > Subject: Re: MailWatch Problem - Does not send emails. > > you using php-4.4.0 aren't you? > > go to those lines in the mime.php and remove the '&' from those lines. > > Dave > > On 3/20/06, ShaunM [MailShield] wrote: > > > > > > > > Hi, > > > > > > > > Does anyone know why this is happening? I have asked this question on the > > mailwatch lists and had no > > response. I am in dire need to send out reports and for some reason I > have > > been rattling my brain > > trying to fix this. I have not been successful. > > > > > > > > It happens when I try to send reports... It does not send the email > although > > it says it has as shown below. > > > > > > > > > > > > root@filter1 [/usr/mailwatch/tools]# ./quarantine_report.php > > > > > > > > === Generating report for XXXXX type=D > > > > ==== Recipient e-mail address is shaun@XXXXX.id.au ==== Building list > for > > XXXXX ==== Found 0 quarantined e-mails ==== Building list for > XXXXX.id.au > > ==== Found 2539 quarantined e-mails > > > > > > > > Notice: Only variable references should be returned by reference in > > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > > line 376 > > > > > > > > Notice: Only variable references should be returned by reference in > > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > > line 417 > > > > > > > > Notice: Only variable references should be returned by reference in > > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > > line 594 > > > > > > > > ==== Sent e-mail to shaun@XXXXX.id.au > > > > > > > > root@filter1 [/usr/mailwatch/tools]# > > > > > > > > > > > > > > > > Thanks > > > > Shaun > > > > > > > > > > > > > > > > > > > > ________________________________ > > > > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Bernard.Lheureux@ibsbe.be > > Sent: Monday, 20 March 2006 8:29 PM > > To: mailscanner@lists.mailscanner.info > > Subject: (no subject) > > > > > > > > > > I wanted to know if there was a solution for the problem of "removed > > carriage returns" in attached text files passing through a MailScanner > > configured as a gateway with CentOS 4.2 ans Sendmail with ClamAV and > Sophos. > > I have read in the mailinglist that it should be a perl bug but in which > > module, and how to fix it ? > > Do you have an idea where I could point my searches to ? > > > > Best regards / Vriendelijke groeten / Cordialement, > > > > --- > > Bernard Lheureux > > Consultant / System Engineer - Networking Team > > > > IBS TECHNOLOGY AND SERVICES > > Leuvense Steenweg, 643 > > 1930 Zaventem - Belgium > > Phone: +32-(0)2-723.91.11 Fax: +32-(0)2-723.92.99 > > http://www.ibsts.be > > > > > > > ---------------------------------------------------------------------------- > - > > This message has been scanned for viruses and malicious content by > > MailShield > > http://www.mailshield.com.au > > > > > > > ---------------------------------------------------------------------------- > - > > This message has been scanned for viruses and malicious content by > > MailShield > > http://www.mailshield.com.au > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > >
>
>
> ---------------------------------------------------------------------------- > -
> This message has been scanned for viruses and malicious content by > MailShield
> size="2" face="Arial, Helvetica, > sans-serif">http://www.mailshield.com.au color="#44a82e" face="Arial, Helvetica, > sans-serif">
> > > > > > > >
>
>
> -----------------------------------------------------------------------------
> This message has been scanned for viruses and malicious content by MailShield
> http://www.mailshield.com.au
> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From penguin at dhcp.net Tue Mar 21 14:03:02 2006 From: penguin at dhcp.net (Arnim Eijkhoudt) Date: Tue Mar 21 14:03:11 2006 Subject: MailWatch Problem - Does not send emails. In-Reply-To: References: <200603202153.k2KLr9AD020602@bkserver.blacknight.ie> Message-ID: <44200796.2080404@dhcp.net> Hi, For nano, you can also press CTRL-C to see the character (cursor position), line, word, etc. you're currently editing. Arnim. Dave Strydom wrote: > In nano open the file and press: > > Ctrl+W, Ctrl+T and put in the line number, and then press enter > this will take you to that line. > > Dave > > On 3/20/06, ShaunM [MailShield] wrote: > >>What program will tell me which line im at when editing? >> >>Vi and nano don't. >> >>Thanks >>Shaun >> >>-----Original Message----- >>From: mailscanner-bounces@lists.mailscanner.info >>[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave >>Strydom >>Sent: Tuesday, 21 March 2006 5:37 AM >>To: MailScanner discussion >>Subject: Re: MailWatch Problem - Does not send emails. >> >>you using php-4.4.0 aren't you? >> >>go to those lines in the mime.php and remove the '&' from those lines. >> >>Dave >> >>On 3/20/06, ShaunM [MailShield] wrote: >> >>> >>> >>>Hi, >>> >>> >>> >>>Does anyone know why this is happening? I have asked this question on the >>>mailwatch lists and had no >>> response. I am in dire need to send out reports and for some reason I >> >>have >> >>>been rattling my brain >>> trying to fix this. I have not been successful. >>> >>> >>> >>>It happens when I try to send reports... It does not send the email >> >>although >> >>>it says it has as shown below. >>> >>> >>> >>> >>> >>>root@filter1 [/usr/mailwatch/tools]# ./quarantine_report.php >>> >>> >>> >>> === Generating report for XXXXX type=D >>> >>> ==== Recipient e-mail address is shaun@XXXXX.id.au ==== Building list >> >>for >> >>>XXXXX ==== Found 0 quarantined e-mails ==== Building list for >> >>XXXXX.id.au >> >>>==== Found 2539 quarantined e-mails >>> >>> >>> >>>Notice: Only variable references should be returned by reference in >>>/usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on >>>line 376 >>> >>> >>> >>>Notice: Only variable references should be returned by reference in >>>/usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on >>>line 417 >>> >>> >>> >>>Notice: Only variable references should be returned by reference in >>>/usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on >>>line 594 >>> >>> >>> >>> ==== Sent e-mail to shaun@XXXXX.id.au >>> >>> >>> >>>root@filter1 [/usr/mailwatch/tools]# >>> >>> >>> >>> >>> >>> >>> >>>Thanks >>> >>>Shaun >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> ________________________________ >>> >>> >>>From: mailscanner-bounces@lists.mailscanner.info >>>[mailto:mailscanner-bounces@lists.mailscanner.info] On >>>Behalf Of Bernard.Lheureux@ibsbe.be >>> Sent: Monday, 20 March 2006 8:29 PM >>> To: mailscanner@lists.mailscanner.info >>> Subject: (no subject) >>> >>> >>> >>> >>> I wanted to know if there was a solution for the problem of "removed >>>carriage returns" in attached text files passing through a MailScanner >>>configured as a gateway with CentOS 4.2 ans Sendmail with ClamAV and >> >>Sophos. >> >>> I have read in the mailinglist that it should be a perl bug but in which >>>module, and how to fix it ? >>> Do you have an idea where I could point my searches to ? >>> >>> Best regards / Vriendelijke groeten / Cordialement, >>> >>> --- >>> Bernard Lheureux >>> Consultant / System Engineer - Networking Team >>> >>>IBS TECHNOLOGY AND SERVICES >>> Leuvense Steenweg, 643 >>> 1930 Zaventem - Belgium >>> Phone: +32-(0)2-723.91.11 Fax: +32-(0)2-723.92.99 >>> http://www.ibsts.be >>> >>> >>> >> >>---------------------------------------------------------------------------- >>- >> >>> This message has been scanned for viruses and malicious content by >>>MailShield >>> http://www.mailshield.com.au >>> >>> >>> >> >>---------------------------------------------------------------------------- >>- >> >>> This message has been scanned for viruses and malicious content by >>>MailShield >>> http://www.mailshield.com.au >>> >>>-- >>>MailScanner mailing list >>>mailscanner@lists.mailscanner.info >>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>>Before posting, read http://wiki.mailscanner.info/posting >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >> >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! >> >>
>>
>>
>>---------------------------------------------------------------------------- >>-
>>This message has been scanned for viruses and malicious content by >>MailShield
>>>size="2" face="Arial, Helvetica, >>sans-serif">http://www.mailshield.com.au>color="#44a82e" face="Arial, Helvetica, >>sans-serif">
>> >> >> >> >> >> >> >>
>>
>>
>>-----------------------------------------------------------------------------
>>This message has been scanned for viruses and malicious content by MailShield
>>http://www.mailshield.com.au
>> >> >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From john at omegadata.no Tue Mar 21 14:06:43 2006 From: john at omegadata.no (John Berntsen) Date: Tue Mar 21 14:06:52 2006 Subject: SV: MailWatch Problem - Does not send emails. Message-ID: or press : and "se nu" and enter and you have line numbers in vi John -----Opprinnelig melding----- Fra: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] P? vegne av Dave Strydom Sendt: 21. mars 2006 15:00 Til: MailScanner discussion Emne: Re: MailWatch Problem - Does not send emails. In nano open the file and press: Ctrl+W, Ctrl+T and put in the line number, and then press enter this will take you to that line. Dave On 3/20/06, ShaunM [MailShield] wrote: > What program will tell me which line im at when editing? > > Vi and nano don't. > > Thanks > Shaun From KLekas at foxriver.com Tue Mar 21 14:30:12 2006 From: KLekas at foxriver.com (Kosta Lekas) Date: Tue Mar 21 14:30:23 2006 Subject: copying bayes DB to other servers Message-ID: <8D8A77DC1FA09546936E74FC3EEC627A3B20E7@FREXGENEVA-01.frfr.foxriver.com> I have 3 MailScanner gateways; On all three I am using a shared bayes directory. I do most of the learning on one and then copy my bayes files to the others. Is this a good practice or am I asking for trouble. Kosta -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060321/d948b8de/attachment.html From mike at vesol.com Tue Mar 21 14:46:15 2006 From: mike at vesol.com (Mike Kercher) Date: Tue Mar 21 14:46:33 2006 Subject: copying bayes DB to other servers Message-ID: I have my bayes in mysql. Makes sharing it amongst servers quite simple. ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kosta Lekas Sent: Tuesday, March 21, 2006 8:30 AM To: mailscanner@lists.mailscanner.info Subject: copying bayes DB to other servers I have 3 MailScanner gateways; On all three I am using a shared bayes directory. I do most of the learning on one and then copy my bayes files to the others. Is this a good practice or am I asking for trouble. Kosta From bhoppe at ti.com Tue Mar 21 15:56:40 2006 From: bhoppe at ti.com (Brandon Hoppe) Date: Tue Mar 21 15:56:56 2006 Subject: How do I block a domain from the recieved portion of headers Message-ID: <200603211556.k2LFueGZ000940@dlep30.itg.ti.com> A virus on a users machine from an outside domain keeps sending email to a user on my domain. MailScanner is detecting the virus and removing it. But the problem is that I get these emails atleast once an hour. It always comes from the same place. It disguises itself as though the email comes from my domain, but the full headers shows it comes from another domain. For example: Full headers are: Return-Path: Received: from test-domain.com (cpe-24-170-49-168.stx.res.rr.com [24.170.49.168]) My domain is named test-domain.com. I am not on RoadRunner so the rr.com address above is where its originating from. What?s the best way to go about blocking this domain or sub-domain so that I stop receiving the notices of detected virus emails from MailScanner. Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060321/5b698278/attachment.html From campbell at cnpapers.com Tue Mar 21 16:11:04 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Tue Mar 21 16:11:27 2006 Subject: How do I block a domain from the recieved portion of headers References: <200603211556.k2LFueGZ000940@dlep30.itg.ti.com> Message-ID: <002301c64d02$0dccb270$0705000a@DDF5DW71> I would say the best way is, in order of preference, is: Block the sending IP at a firewall Block the sending IP in your MTA Block the sending IP in your spam.blacklist rules There are probably a lot more, but these are just the ones I usually use. The preference is based on resources your system would use. Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: Brandon Hoppe To: mailscanner@lists.mailscanner.info Sent: Tuesday, March 21, 2006 10:56 AM Subject: How do I block a domain from the recieved portion of headers A virus on a users machine from an outside domain keeps sending email to a user on my domain. MailScanner is detecting the virus and removing it. But the problem is that I get these emails atleast once an hour. It always comes from the same place. It disguises itself as though the email comes from my domain, but the full headers shows it comes from another domain. For example: Full headers are: Return-Path: Received: from test-domain.com (cpe-24-170-49-168.stx.res.rr.com [24.170.49.168]) My domain is named test-domain.com. I am not on RoadRunner so the rr.com address above is where its originating from. What's the best way to go about blocking this domain or sub-domain so that I stop receiving the notices of detected virus emails from MailScanner. Thanks. ------------------------------------------------------------------------------ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060321/73c4b853/attachment.html From glenn.steen at gmail.com Tue Mar 21 16:49:16 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 21 16:49:20 2006 Subject: Filetype/MailScanner bug In-Reply-To: <8F2A53954C22554EB75D9643FCCE0C6B48865F@MED-CORE03-MS1.med.wayne.edu> References: <8F2A53954C22554EB75D9643FCCE0C6B48865F@MED-CORE03-MS1.med.wayne.edu> Message-ID: <223f97700603210849r4d058ff7s@mail.gmail.com> On 21/03/06, Rose, Bobby wrote: > But you miss my point. A lot of filetypes that file and magic detects > is based on the same methodology and even though the odds could be > against it, if it happens with the word "free" being in the fourth byte > position, the same could occur with anything in the magic file when a > text file is passed thru it. I wouldn't call my standpoint missing the point exactly:-) This is exactly why you should take a long hard think-session on whether to use file/filtype checking at all. > Plus the magic file is based off work and discovery of the internet > community over many years. If there was a better signature, I'm sure > someone would have added it to the file. At > http://www.garykessler.net/library/file_sigs.html which is dated > 12/20/2005 and the last comment line says "free" is the most common > signature of a quicktime file. Ah, yes... but the file command has a rather significant difference when used as usually done, contra what it's like in MS... Namely a human to interprete the results.... MS is a bit more ... litteral. > Maybe a better question should whether the txt file that tnef extracts > to msg-*.txt should even be passed thru file to avoid a misdiagnosis. > That reduces the chances while maintaining a greater level of intended > security wanted by the admin. > Perhaps, but if one wants filetype checks on all attachments, why should these not be subject to the checks? One could easily envision some crafty type exploiting such a "hole":-)... > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn > Steen > Sent: Tuesday, March 21, 2006 6:24 AM > To: MailScanner discussion > Subject: Re: Filetype/MailScanner bug > > On 21/03/06, Rose, Bobby wrote: > > Since the "Use TNEF Contents" function in the latest version, I've > > come across a pseudo bug. It's really not a bug since both file and > > MailScanner are doing exactly what they're supposed to. > > > > If "Use TNEF Contents" is yes and a plain text message or rtf > > formatted message is processed, there is a potential for file to > > misinterpret a text message as an incorrect filetype because of string > > > of text being in the correct byte position that magic is expecting for > > > a particular filetype. > > > > It was stumbled upon by a one of our researchers who received a "No > > QuickTime movies allowed (msg-19905-304.txt)" warning from mail > server. > > After investigation it turned out that the word "free" was in the 4th > > byte position which is also a magic signature for quicktime. I've > > been able to dupe by sending a plain-text and an rtf formatted message > > > with > > "RE: freezer emergency" as the first line in the message body. > > > > Any ideas for a fix to have MailScanner ignore a misdiagnosis by file > > without compromising security. \.txt$ is allowed in my filenames rule > > > file so that currently can't be used to offset. > > > > -=Bobby > > Best "solution" (aside from not trusting file with this at all) is to > make file better.... I'm sure you can improve on the simplistic "free in > the fourth position" check. > Or just reewmove that line from your magic file. > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From smcguane at mailshield.com.au Tue Mar 21 22:09:50 2006 From: smcguane at mailshield.com.au (ShaunM [MailShield]) Date: Tue Mar 21 22:09:56 2006 Subject: MailWatch Problem - Does not send emails. In-Reply-To: Message-ID: <200603212209.k2LM9sHo006187@bkserver.blacknight.ie> Heyas, Thanks for that I didn't know that little trick. However there is no & on any of those lines. Anyone know what else it will be ? Thanks Shaun -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of John Berntsen Sent: Wednesday, 22 March 2006 1:07 AM To: MailScanner discussion Subject: SV: MailWatch Problem - Does not send emails. or press : and "se nu" and enter and you have line numbers in vi John -----Opprinnelig melding----- Fra: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] P? vegne av Dave Strydom Sendt: 21. mars 2006 15:00 Til: MailScanner discussion Emne: Re: MailWatch Problem - Does not send emails. In nano open the file and press: Ctrl+W, Ctrl+T and put in the line number, and then press enter this will take you to that line. Dave On 3/20/06, ShaunM [MailShield] wrote: > What program will tell me which line im at when editing? > > Vi and nano don't. > > Thanks > Shaun -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website!


---------------------------------------------------------------------------- -
This message has been scanned for viruses and malicious content by MailShield
http://www.mailshield.com.au


-----------------------------------------------------------------------------
This message has been scanned for viruses and malicious content by MailShield
http://www.mailshield.com.au
 From maillists at conactive.com Wed Mar 22 01:30:45 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Mar 22 01:30:56 2006 Subject: Obscure sendmail error after installing latest MS Message-ID: I installed 4.51.6 today on a CentOS 4.3 system. So far everything seems to be fine, but I'm getting this error when starting the service: incoming sendmail: Warning: Cannot use HostStatusDirectory = .hoststat: No such file or directory So it comes from sendmail, but it's not clear why it happens. The directory indeed didn't exist in /var/spool/mqueue on CentOS, so I created it and I can see that sendmail uses it just fine and mail comes in. But the error doesn't go away. Also, I don't get this error when starting the sendmail service by its own, only when starting MailScanner (which then starts sendmail). The error isn't written to the mail log, only to the console. I think this is some permission/user-related race-condition error. Like MS doesn't start it with sufficient priviledges. Any hints? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From linux_spartacus at yahoo.com Wed Mar 22 07:32:28 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Wed Mar 22 07:32:31 2006 Subject: Problem on whitelist/blacklist rules Message-ID: <20060322073228.40143.qmail@web35608.mail.mud.yahoo.com> Hi guys, Im trying to simulate the whitelist and blacklist rules for my MS. I tried configuring my Is Definitely Not a Spam with this whitelist.rules. From: test@domain.com no From: allow@domain.com yes From: default no This should result to tagging the sender test@domain.com as Spam. But it is not successful. What seems to be lacking here ? tia --------------------------------- Yahoo! Mail Bring photos to life! New PhotoMail makes sharing a breeze. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060321/f88fcec9/attachment.html From glenn.steen at gmail.com Wed Mar 22 08:37:37 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 22 08:37:41 2006 Subject: Obscure sendmail error after installing latest MS In-Reply-To: References: Message-ID: <223f97700603220037u4253a1bdi@mail.gmail.com> On 22/03/06, Kai Schaetzl wrote: > I installed 4.51.6 today on a CentOS 4.3 system. So far everything seems > to be fine, but I'm getting this error when starting the service: > > incoming sendmail: Warning: Cannot use HostStatusDirectory = .hoststat: No > such file or directory > > So it comes from sendmail, but it's not clear why it happens. The > directory indeed didn't exist in /var/spool/mqueue on CentOS, so I created > it and I can see that sendmail uses it just fine and mail comes in. But > the error doesn't go away. Also, I don't get this error when starting the > sendmail service by its own, only when starting MailScanner (which then > starts sendmail). The error isn't written to the mail log, only to the > console. > I think this is some permission/user-related race-condition error. Like MS > doesn't start it with sufficient priviledges. > > Any hints? > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > Not being a sendmail guru, but... Logically, this seems to be a difference between the two queues then... Do you have it in both mqueue and mqueue.in? Same perms/owner? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ebruce at hpmich.com Wed Mar 22 13:57:31 2006 From: ebruce at hpmich.com (Ed Bruce) Date: Wed Mar 22 13:57:52 2006 Subject: How do I block a domain from the recieved portion of headers In-Reply-To: <200603211556.k2LFueGZ000940@dlep30.itg.ti.com> References: <200603211556.k2LFueGZ000940@dlep30.itg.ti.com> Message-ID: <442157CB.7040509@hpmich.com> Brandon Hoppe wrote: > > A virus on a users machine from an outside domain keeps sending email > to a user on my domain. MailScanner is detecting the virus and > removing it. But the problem is that I get these emails atleast once > an hour. It always comes from the same place. It disguises itself as > though the email comes from my domain, but the full headers shows it > comes from another domain. For example: > > > > > > Full headers are: > > Return-Path: > Received: from test-domain.com (cpe-24-170-49-168.stx.res.rr.com > [24.170.49.168]) > > > > > > My domain is named test-domain.com. I am not on RoadRunner so the > rr.com address above is where its originating from. > > > > What's the best way to go about blocking this domain or sub-domain so > that I stop receiving the notices of detected virus emails from > MailScanner. > > > What MTA are you using. I'm using PostFix and have a check_helo_access rule that rejects email falsely claiming to be from within my domain. -- This message, including any attachments, is intended solely for the use of the named recipients(s) and may contain confidential and/or privileged information. Any unauthorized review, use, disclosure or distribution of this communication is expressly prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy any and all copies of the original message. Thank you for your cooperation. -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060322/08869bba/attachment.html From ebruce at hpmich.com Wed Mar 22 14:04:29 2006 From: ebruce at hpmich.com (Ed Bruce) Date: Wed Mar 22 14:04:46 2006 Subject: How do I block a domain from the recieved portion of headers In-Reply-To: <442157CB.7040509@hpmich.com> References: <200603211556.k2LFueGZ000940@dlep30.itg.ti.com> <442157CB.7040509@hpmich.com> Message-ID: <4421596D.1070209@hpmich.com> Ed Bruce wrote: > > What MTA are you using. I'm using PostFix and have a check_helo_access > rule that rejects email falsely claiming to be from within my domain. > The ol reply to myself problem. Forgot that I also have a check_sender_access with smtpd_helo_restrictions. -- This message, including any attachments, is intended solely for the use of the named recipients(s) and may contain confidential and/or privileged information. Any unauthorized review, use, disclosure or distribution of this communication is expressly prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy any and all copies of the original message. Thank you for your cooperation. -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060322/73b7c4ee/attachment.html From campbell at cnpapers.com Wed Mar 22 14:06:10 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Mar 22 14:06:20 2006 Subject: Problem on whitelist/blacklist rules References: <20060322073228.40143.qmail@web35608.mail.mud.yahoo.com> Message-ID: <006a01c64db9$c5e33c50$0705000a@DDF5DW71> No, you're overlooking the blacklist part. The whitelist "no" parm you used for "test" indicates that it is not whitelisted and must go through the normal steps of any other email. You need to add test to the blacklist to make it definitely spam. You should use your example in a circumstance where you might whitelist an entire domain, but want only the "test" address "not" to be whitelisted. For example: In whitelist file FromOrTo: test@domain.com no FromOrTo: *@domain.com yes In blacklist file FromOrTo: test@domain.com yes This would exclude the "test" address from whitelisting but whitelist everyone else in that domain . The blacklist would make "test" definitely spam. The "no" in the white/black list is used mostly for exclusions, the "yes" is for inclusion, for the white or black list file it is inside of. By removing both entries above from the whitelist and keeping the blacklist rule, you would be changing the strategy only for the *@domain.com , as now everyone but "test" would be required to pass your rules before it is delivered. As stands above, everyone but "test" automatically passes. Clear? or more confusing? Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: spart cus To: MailScanner Sent: Wednesday, March 22, 2006 2:32 AM Subject: Problem on whitelist/blacklist rules Hi guys, Im trying to simulate the whitelist and blacklist rules for my MS. I tried configuring my Is Definitely Not a Spam with this whitelist.rules. From: test@domain.com no From: allow@domain.com yes From: default no This should result to tagging the sender test@domain.com as Spam. But it is not successful. What seems to be lacking here ? tia ------------------------------------------------------------------------------ Yahoo! Mail Bring photos to life! New PhotoMail makes sharing a breeze. ------------------------------------------------------------------------------ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060322/84d53ee2/attachment.html From jaearick at colby.edu Wed Mar 22 14:21:29 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Mar 22 14:24:14 2006 Subject: ipfauth - controlling TCP connections in auth rules (fwd) Message-ID: Julian et al, This is from the author of ipfilter, a kernel-level firewall code for Solaris, BSD and other UNIX systems. I have used ipfilter for a long time on my Solaris boxes and it is great. This is probably of interest to the MailScanner community too. Jeff Earickson Colby College ---------- Forwarded message ---------- Date: Sun, 19 Mar 2006 09:41:19 +1100 (EST) From: Darren Reed To: ipfilter@coombs.anu.edu.au Subject: ipfauth - controlling TCP connections in auth rules For a while now I've been thinking about using IPFilter and auth rules combat the problem of spam. In the last two weeks I've written a tool (and debugged ipf :) to give me some ability in this area. The idea behind using ipfauth is that real mail servers will retry in sending an email. This paradigm seems to work well (for now) but in looking at my logs, I can see spam software reconnecting within an hour or so (whether or not it is the same spam, I do not know.) To this end ipfauth lets you define queues to put hosts in that attempt to connect, with the pause timeout and open window behing individually seperate. It also allows the number of connections made during the window to be defined. During the 'pause timeout' remote nodes cannot connect ("Connection refuse".) I took this path because if email is spam I don't want to waste _any_ of my resources (TCP socket, disk, CPU, etc) dealing with it if I can help it. The configuration is currently all with IP addreses, no hostnames are currently looked up except to see if a host is in a black list map (these too can be defined.) So far this is all pretty ordinary, I suppose. The next part I want to do is to make it possible to learn about whether a host is good or bad. For this it allows you open up "voting" sockets using either TCP or unix domain sockets. In the tar ball is a perl script called "addvote.pl" that can connect to the daemon and send a "black" or "white" vote command. There is no security in the protocol (yet) because it is largely experimental at this stage. The idea is that it should be simple enough for any spam-filtering software (like spamassassin, etc) to easily send a vote saying "good" or "bad" back to ipfauth. My setup is to use a heavily modified version of smap that receives an email (after the connection has been allowed by ipfauth) and it then passes it through spamassassin. If the verdict returned from that exercise (or any of its other checks) is that the email is a spam, it sends a "black" vote back to ipfauth for the originating IP address. Likewise if smap successfully delivers it locally, it sends a "white" vote to ipfauth. At present no amount of black votes will over ride a host explicitly allowed or in a white list. So anyway, this can be downloaded from: http://coombs.anu.edu.au/~avalon/ipfauth_1_2.tgz It's very rough, no docs and is very experimental. I'm curious about how well the voting will improve things (or make them worse in terms of false positives.) It does require IPFilter 4.1.11 to work (although it may also on 3.4.xx - have not tried.) Darren From A.Barker at ucl.ac.uk Wed Mar 22 15:26:24 2006 From: A.Barker at ucl.ac.uk (A.Barker@ucl.ac.uk) Date: Wed Mar 22 15:26:30 2006 Subject: Problem with MailScanner/DBD-SQLite on Solaris 8 Message-ID: <200603221526.k2MFQPA08585@sun-226.is-eisd.ucl.ac.uk> Is anyone else having problems installing MailScanner (4.51.6-1) on Solaris 8 due to DBD-SQLite ? There is an entry about this in the MAQ, which fixes the undefined symbol problem, but a 'make test' then fails with: t/00basic...............ok t/01logon...............ok t/02cr_table............DBD::SQLite::db do failed: not an error(21) at dbdimp.c line 398 at t/02cr_table.t line 10. DBD::SQLite::st execute failed: not an error(21) at dbdimp.c line 398 at t/02cr_table.t line 12. # Failed test 2 in t/02cr_table.t at line 12 # Failed test 3 in t/02cr_table.t at line 14 ... This is with DBD-SQLite-1.11. Adrian Barker, Information Systems University College London, Gower Street, London WC1E 6BT External phone: (+44) 020 7679 2795, Fax (+44) 20 7388 5406 Internal phone: x 32795 Email: A.Barker@ucl.ac.uk From steve.swaney at fsl.com Wed Mar 22 15:34:01 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Mar 22 15:34:04 2006 Subject: ipfauth - controlling TCP connections in auth rules (fwd) In-Reply-To: Message-ID: <078b01c64dc6$0b9deb80$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jeff A. Earickson > Sent: Wednesday, March 22, 2006 9:21 AM > To: mailscanner mailing list > Subject: ipfauth - controlling TCP connections in auth rules (fwd) > > Julian et al, > > This is from the author of ipfilter, a kernel-level firewall code > for Solaris, BSD and other UNIX systems. I have used ipfilter for > a long time on my Solaris boxes and it is great. This is probably > of interest to the MailScanner community too. > > Jeff Earickson > Colby College > > ---------- Forwarded message ---------- > Date: Sun, 19 Mar 2006 09:41:19 +1100 (EST) > From: Darren Reed > To: ipfilter@coombs.anu.edu.au > Subject: ipfauth - controlling TCP connections in auth rules > > > For a while now I've been thinking about using IPFilter and auth rules > combat the problem of spam. In the last two weeks I've written a tool > (and debugged ipf :) to give me some ability in this area. > > The idea behind using ipfauth is that real mail servers will retry in > sending an email. This paradigm seems to work well (for now) but in > looking at my logs, I can see spam software reconnecting within an > hour or so (whether or not it is the same spam, I do not know.) > > To this end ipfauth lets you define queues to put hosts in that attempt > to connect, with the pause timeout and open window behing individually > seperate. It also allows the number of connections made during the > window to be defined. During the 'pause timeout' remote nodes cannot > connect ("Connection refuse".) I took this path because if email is > spam I don't want to waste _any_ of my resources (TCP socket, disk, > CPU, etc) dealing with it if I can help it. > > The configuration is currently all with IP addreses, no hostnames are > currently looked up except to see if a host is in a black list map > (these too can be defined.) > > So far this is all pretty ordinary, I suppose. > > The next part I want to do is to make it possible to learn about > whether a host is good or bad. For this it allows you open up > "voting" sockets using either TCP or unix domain sockets. In the > tar ball is a perl script called "addvote.pl" that can connect to > the daemon and send a "black" or "white" vote command. There is no > security in the protocol (yet) because it is largely experimental > at this stage. The idea is that it should be simple enough for any > spam-filtering software (like spamassassin, etc) to easily send a > vote saying "good" or "bad" back to ipfauth. > > My setup is to use a heavily modified version of smap that receives > an email (after the connection has been allowed by ipfauth) and it > then passes it through spamassassin. If the verdict returned from > that exercise (or any of its other checks) is that the email is a > spam, it sends a "black" vote back to ipfauth for the originating > IP address. Likewise if smap successfully delivers it locally, > it sends a "white" vote to ipfauth. At present no amount of black > votes will over ride a host explicitly allowed or in a white list. > > So anyway, this can be downloaded from: > > http://coombs.anu.edu.au/~avalon/ipfauth_1_2.tgz > > It's very rough, no docs and is very experimental. I'm curious > about how well the voting will improve things (or make them > worse in terms of false positives.) It does require IPFilter > 4.1.11 to work (although it may also on 3.4.xx - have not tried.) > > Darren Just some thoughts. If the SpamAssassin MySQL lite DB store the IP of the message, this process would only need to query the SpamAssassin MySQL lite DB to find out what SpamAssassin thinks about the message. Might also be an alternate way to Implement the IPBlock Custom function. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From ljosnet at gmail.com Wed Mar 22 15:34:12 2006 From: ljosnet at gmail.com (emm1) Date: Wed Mar 22 15:34:48 2006 Subject: Blocking specific words with MailScanner/SpamAssassin Message-ID: <910ee2ac0603220734i43821c5dr5f7ab9ec12d75090@mail.gmail.com> I have been getting alot of specific SPAM lately and I was wondering if it is possible to block those mails by blocking specific words found in them? Thanks! From ljosnet at gmail.com Wed Mar 22 15:34:12 2006 From: ljosnet at gmail.com (emm1) Date: Wed Mar 22 15:34:53 2006 Subject: Blocking specific words with MailScanner/SpamAssassin Message-ID: <910ee2ac0603220734i43821c5dr5f7ab9ec12d75090@mail.gmail.com> I have been getting alot of specific SPAM lately and I was wondering if it is possible to block those mails by blocking specific words found in them? Thanks! From shuttlebox at gmail.com Wed Mar 22 15:44:24 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Mar 22 15:44:55 2006 Subject: Problem with MailScanner/DBD-SQLite on Solaris 8 In-Reply-To: <200603221526.k2MFQPA08585@sun-226.is-eisd.ucl.ac.uk> References: <200603221526.k2MFQPA08585@sun-226.is-eisd.ucl.ac.uk> Message-ID: <625385e30603220744w578c6a5bw5fb22cbe9639c2a8@mail.gmail.com> On 3/22/06, A.Barker@ucl.ac.uk wrote: > Is anyone else having problems installing MailScanner (4.51.6-1) on > Solaris 8 due to DBD-SQLite ? There is an entry about this in the MAQ, > which fixes the undefined symbol problem, but a 'make test' then fails > with: > > t/00basic...............ok > t/01logon...............ok > t/02cr_table............DBD::SQLite::db do failed: not an error(21) at dbdimp.c line 398 at t/02cr_table.t line 10. > DBD::SQLite::st execute failed: not an error(21) at dbdimp.c line 398 at t/02cr_table.t line 12. > # Failed test 2 in t/02cr_table.t at line 12 > # Failed test 3 in t/02cr_table.t at line 14 > ... > > This is with DBD-SQLite-1.11. I got stuck with the undefined symbol problem as well but the MAQ entry fixed it for me. Thanks to whoever wrote it (don't remember now). t/02cr_table............ok All tests successful. This is perl, v5.8.5 built for sun4-solaris Are you using Solaris 8's ancient Perl? I'm using one from Sun Freeware. -- /peter From shuttlebox at gmail.com Wed Mar 22 15:47:14 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Mar 22 15:47:22 2006 Subject: Blocking specific words with MailScanner/SpamAssassin In-Reply-To: <910ee2ac0603220734i43821c5dr5f7ab9ec12d75090@mail.gmail.com> References: <910ee2ac0603220734i43821c5dr5f7ab9ec12d75090@mail.gmail.com> Message-ID: <625385e30603220747j6b96c3fu21093dc82233b9e2@mail.gmail.com> On 3/22/06, emm1 wrote: > I have been getting alot of specific SPAM lately and I was wondering > if it is possible to block those mails by blocking specific words > found in them? Yes. Read Matt Kettler's guide and you will be writing your own SpamAssassin rules in no time. http://mywebpages.comcast.net/mkettler/sa/SA-rules-howto.txt -- /peter From martinh at solid-state-logic.com Wed Mar 22 15:47:36 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Mar 22 15:48:19 2006 Subject: Blocking specific words with MailScanner/SpamAssassin In-Reply-To: <910ee2ac0603220734i43821c5dr5f7ab9ec12d75090@mail.gmail.com> Message-ID: <004801c64dc7$f15c8180$3004010a@martinhlaptop> Can you pastebin an example of this spam (full headers etc). I'll run it over my system and I'll see if any of my many many extra Rules I have on my system. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of emm1 > Sent: 22 March 2006 15:34 > To: MailScanner discussion > Subject: Blocking specific words with MailScanner/SpamAssassin > > I have been getting alot of specific SPAM lately and I was wondering > if it is possible to block those mails by blocking specific words > found in them? > > Thanks! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From ljosnet at gmail.com Wed Mar 22 15:56:44 2006 From: ljosnet at gmail.com (emm1) Date: Wed Mar 22 15:56:47 2006 Subject: Blocking specific words with MailScanner/SpamAssassin In-Reply-To: <004801c64dc7$f15c8180$3004010a@martinhlaptop> References: <910ee2ac0603220734i43821c5dr5f7ab9ec12d75090@mail.gmail.com> <004801c64dc7$f15c8180$3004010a@martinhlaptop> Message-ID: <910ee2ac0603220756p796e0731x6cf05593f413d88b@mail.gmail.com> It seems to be a some kind of picture. Here is the picture itself, http://www.matrix.is/spam.bmp Here is the header: Microsoft Mail Internet Headers Version 2.0 Received: from avscan.nwc.is ([213.181.100.88]) by secure.nwc.local with Microsoft SMTPSVC(6.0.3790.1830); Wed, 22 Mar 2006 15:22:47 +0000 Received: from piechut-xp.asta-net.com.pl (86-63-96-42.asta-net.com.pl [86.63.96.42]) by avscan.nwc.is (8.13.4/8.13.4) with SMTP id k2MFONMQ026078 for ; Wed, 22 Mar 2006 15:24:30 GMT Message-ID: <001401c64dc4$b1e9dbe0$2a603f56@piechutxp> From: "ezuexnyltef" To: info@netsamskipti.is Subject: Fw: ezuexnyltef Date: Wed, 22 Mar 2006 16:24:22 -0000 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0010_01C64DCD.13AE43E0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Netsamskipti-MailScanner-Information: Please contact the ISP for more information X-Netsamskipti-MailScanner: Found to be clean X-Netsamskipti-MailScanner-SpamScore: s X-Netsamskipti-MailScanner-From: ezuexnyltef@aes.com X-Spam-Status: No Return-Path: ezuexnyltef@aes.com X-OriginalArrivalTime: 22 Mar 2006 15:22:48.0015 (UTC) FILETIME=[79DDDDF0:01C64DC4] ------=_NextPart_000_0010_01C64DCD.13AE43E0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0011_01C64DCD.13AE43E0" ------=_NextPart_001_0011_01C64DCD.13AE43E0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable ------=_NextPart_001_0011_01C64DCD.13AE43E0 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable ------=_NextPart_001_0011_01C64DCD.13AE43E0-- ------=_NextPart_000_0010_01C64DCD.13AE43E0 Content-Type: image/gif; name="godljpfccvkvdmt.gif" Content-Transfer-Encoding: base64 Content-ID: <000f01c64dc4$b1e9dbe0$2a603f56@piechutxp> ------=_NextPart_000_0010_01C64DCD.13AE43E0-- On 3/22/06, Martin Hepworth wrote: > > Can you pastebin an example of this spam (full headers etc). > > I'll run it over my system and I'll see if any of my many many extra Rules I > have on my system. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of emm1 > > Sent: 22 March 2006 15:34 > > To: MailScanner discussion > > Subject: Blocking specific words with MailScanner/SpamAssassin > > > > I have been getting alot of specific SPAM lately and I was wondering > > if it is possible to block those mails by blocking specific words > > found in them? > > > > Thanks! > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From bhoppe at ti.com Wed Mar 22 17:10:28 2006 From: bhoppe at ti.com (Brandon Hoppe) Date: Wed Mar 22 17:10:45 2006 Subject: How do I block a domain from the recieved portion of headers In-Reply-To: <442157CB.7040509@hpmich.com> Message-ID: <200603221710.k2MHAS3m001374@dlep30.itg.ti.com> I'm using sendmail on Solaris 9. I like the way you mention better. I'll have to see if sendmail has such a rule. What MTA are you using. I'm using PostFix and have a check_helo_access rule that rejects email falsely claiming to be from within my domain. The ol reply to myself problem. Forgot that I also have a check_sender_access with smtpd_helo_restrictions. -- This message, including any attachments, is intended solely for the use of the named recipients(s) and may contain confidential and/or privileged information. Any unauthorized review, use, disclosure or distribution of this communication is expressly prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy any and all copies of the original message. Thank you for your cooperation. -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060322/25ec90ae/attachment.html From maillists at conactive.com Wed Mar 22 17:17:11 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Mar 22 17:17:21 2006 Subject: Obscure sendmail error after installing latest MS In-Reply-To: <223f97700603220037u4253a1bdi@mail.gmail.com> References: <223f97700603220037u4253a1bdi@mail.gmail.com> Message-ID: Glenn Steen wrote on Wed, 22 Mar 2006 09:37:37 +0100: > Not being a sendmail guru, but... Logically, this seems to be a > difference between the two queues then... Do you have it in both > mqueue and mqueue.in? Same perms/owner? Right on the mark, Glenn. Of course, like queue/.hoststat, it didn't exist. (And it doesn't get used, it seems it just needs to exist.) It's been a while since I set up a new MailScanner. I wonder why it was missing on this system. Is this normal for CentOS? This is the first time I'm installing MailScanner on a CentOS system, I never hit this problem on Suse. However, now I get the next problem: can not chdir(/var/spool/clientmqueue/): Permission denied That is owned by smmsp and 770. Making it 777 doesn't help. ps says that the incoming sendmail is running as root like the Queue runner instance. If I remember right clientmqueue gets only used when a local program calls sendmail as a client to inject mail directly. I compared the MailScanner and sendmail init scripts and found that sendmail only starts sm-client when there's no pid file for it (do i need to understand that?). As expected, after removing the pid file I get the same error when starting sendmail. I'm going to ask on the CentOS list how I get sm-client running on CentOS. Of course, if anyone here already knows the answer ... I don't remember that I have seen such problems with CentOS described here. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mstandish at gmail.com Wed Mar 22 18:07:09 2006 From: mstandish at gmail.com (Matt Standish) Date: Wed Mar 22 17:58:10 2006 Subject: Perl Module for Spam Actions In-Reply-To: References: <223f97700603220037u4253a1bdi@mail.gmail.com> Message-ID: <4421924D.1080302@gmail.com> Not wanting to reinvent the wheel.. Has anyone written a .pm for dealing with the Spam Actions option? I have a few domains and I would like to make this option available via database. Anyone have a repository where we can share stuff like this? Other than Mailwatch? From MailScanner at ecs.soton.ac.uk Wed Mar 22 18:34:12 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 22 18:34:20 2006 Subject: Perl Module for Spam Actions In-Reply-To: <4421924D.1080302@gmail.com> References: <223f97700603220037u4253a1bdi@mail.gmail.com> <4421924D.1080302@gmail.com> Message-ID: <442198A4.4000200@ecs.soton.ac.uk> What sort of feature are you looking for? You can write a Spam Actions custom function that had some side-effects if you want to do that. Matt Standish wrote: > Not wanting to reinvent the wheel.. Has anyone written a .pm for > dealing with the Spam Actions option? I have a few domains and I > would like to make this option available via database. > > Anyone have a repository where we can share stuff like this? Other > than Mailwatch? > > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ugob at camo-route.com Wed Mar 22 18:55:27 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Wed Mar 22 18:56:13 2006 Subject: Sendmail Vulnerability: critical Message-ID: https://rhn.redhat.com/errata/RHSA-2006-0264.html From steve.swaney at fsl.com Wed Mar 22 19:16:54 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Mar 22 19:17:16 2006 Subject: Sendmail Vulnerability: critical In-Reply-To: Message-ID: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl> Ugo, Right now we can only update red hat systems that are registered to run up2date. I'll leep and eye out for the CentOS patches and I'll build a new sendmail-8.13.6 rpms for The 3.0 systems we've updated to sendmail-8.13.x. More to follow, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ugo Bellavance > Sent: Wednesday, March 22, 2006 1:55 PM > To: mailscanner@lists.mailscanner.info > Subject: Sendmail Vulnerability: critical > > https://rhn.redhat.com/errata/RHSA-2006-0264.html > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From dmehler26 at woh.rr.com Wed Mar 22 19:23:39 2006 From: dmehler26 at woh.rr.com (Dave) Date: Wed Mar 22 19:33:06 2006 Subject: Sendmail Vulnerability: critical References: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl> Message-ID: <002301c64de6$1fc15aa0$0200a8c0@satellite> Hello, I'm extremely concerned about this sendmail vulnerability, i've heard of it now through this forum and on a FreeBSD security list. The fbsd boxes i'm not concerned with, we don't use sendmail on them, but on an rh9, and two fc3 boxes we do use sendmail from rpm's along with MailScanner. I did not set this up, and i am not a sendmail guru, and i'm concerned that correcting this issue maybreak functionality for customers. Any updated rpms i'd appreciate. Thanks. Dave. ----- Original Message ----- From: "Stephen Swaney" To: "'MailScanner discussion'" Cc: Sent: Wednesday, March 22, 2006 2:16 PM Subject: RE: Sendmail Vulnerability: critical > Ugo, > > Right now we can only update red hat systems that are registered to run > up2date. > > I'll leep and eye out for the CentOS patches and I'll build a new > sendmail-8.13.6 rpms for The 3.0 systems we've updated to sendmail-8.13.x. > > > More to follow, > > Steve > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Ugo Bellavance >> Sent: Wednesday, March 22, 2006 1:55 PM >> To: mailscanner@lists.mailscanner.info >> Subject: Sendmail Vulnerability: critical >> >> https://rhn.redhat.com/errata/RHSA-2006-0264.html >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Wed Mar 22 19:38:26 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Mar 22 19:38:40 2006 Subject: How do I block a domain from the recieved portion of headers In-Reply-To: <200603221710.k2MHAS3m001374@dlep30.itg.ti.com> Message-ID: <0b3201c64de8$36247c30$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Brandon Hoppe > Sent: Wednesday, March 22, 2006 12:10 PM > To: 'MailScanner discussion' > Subject: RE: How do I block a domain from the recieved portion of headers > > I'm using sendmail on Solaris 9. > > I like the way you mention better. I'll have to see if sendmail has such a > rule. > > What MTA are you using. I'm using PostFix and have a check_helo_access > rule that rejects email falsely claiming to be from within my domain. > > The ol reply to myself problem. Forgot that I also have a > check_sender_access with smtpd_helo_restrictions. > Look at adding bogus HELO checking to sendmail. Download: http://www.cs.niu.edu/~rickert/cf/hack/block_bad_helo.m4 Install the contents as /usr/share/sendmail-cf/hack/block_bad_helo.m4 Then add the line below line to the top of your sendmail.mc file right after the line "include(`/usr/share/sendmail-cf/m4/cf.m4')dnl": Here is the line to add: include(`/usr/share/sendmail-cf/hack/block_bad_helo.m4')dnl: The rebuild your sendmail.cf file: m4 sendmail.mc > sendmail.cf Then restart MailScanner. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From oliver at linux-kernel.at Wed Mar 22 19:42:55 2006 From: oliver at linux-kernel.at (Oliver Falk) Date: Wed Mar 22 19:43:19 2006 Subject: Sendmail Vulnerability: critical In-Reply-To: <002301c64de6$1fc15aa0$0200a8c0@satellite> References: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl> <002301c64de6$1fc15aa0$0200a8c0@satellite> Message-ID: <4421A8BF.6010004@linux-kernel.at> Try my SRPM. It should work fine on rh8 - fc5/devel and also on CentOS >= 3. http://filelister.linux-kernel.at/mod_perl?current=/packages/lkernAT/SRPMS -of Dave wrote: > Hello, > I'm extremely concerned about this sendmail vulnerability, i've heard > of it now through this forum and on a FreeBSD security list. The fbsd > boxes i'm not concerned with, we don't use sendmail on them, but on an > rh9, and two fc3 boxes we do use sendmail from rpm's along with > MailScanner. I did not set this up, and i am not a sendmail guru, and > i'm concerned that correcting this issue maybreak functionality for > customers. Any updated rpms i'd appreciate. > Thanks. > Dave. > > ----- Original Message ----- From: "Stephen Swaney" > To: "'MailScanner discussion'" > Cc: > Sent: Wednesday, March 22, 2006 2:16 PM > Subject: RE: Sendmail Vulnerability: critical > > >> Ugo, >> >> Right now we can only update red hat systems that are registered to run >> up2date. >> >> I'll leep and eye out for the CentOS patches and I'll build a new >> sendmail-8.13.6 rpms for The 3.0 systems we've updated to >> sendmail-8.13.x. >> >> >> More to follow, >> >> Steve >> >> Stephen Swaney >> Fort Systems Ltd. >> stephen.swaney@fsl.com >> www.fsl.com >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Ugo Bellavance >>> Sent: Wednesday, March 22, 2006 1:55 PM >>> To: mailscanner@lists.mailscanner.info >>> Subject: Sendmail Vulnerability: critical >>> >>> https://rhn.redhat.com/errata/RHSA-2006-0264.html >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > From mkettler at evi-inc.com Wed Mar 22 19:43:22 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Mar 22 19:43:46 2006 Subject: Blocking specific words with MailScanner/SpamAssassin In-Reply-To: <625385e30603220747j6b96c3fu21093dc82233b9e2@mail.gmail.com> References: <910ee2ac0603220734i43821c5dr5f7ab9ec12d75090@mail.gmail.com> <625385e30603220747j6b96c3fu21093dc82233b9e2@mail.gmail.com> Message-ID: <4421A8DA.5030300@evi-inc.com> shuttlebox wrote: > On 3/22/06, emm1 wrote: >> I have been getting alot of specific SPAM lately and I was wondering >> if it is possible to block those mails by blocking specific words >> found in them? > > Yes. Read Matt Kettler's guide and you will be writing your own > SpamAssassin rules in no time. > > http://mywebpages.comcast.net/mkettler/sa/SA-rules-howto.txt > That version is valid, but it's outdated. Check the version of this document that's on the spamassassin official wiki: http://wiki.apache.org/spamassassin/WritingRules Of course, that version has been edited by many people, (mostly Justin, Dan and AltGrendel) and updated significantly from my original text. From rpoe at plattesheriff.org Wed Mar 22 19:51:36 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Wed Mar 22 19:52:01 2006 Subject: Sendmail Vulnerability: critical In-Reply-To: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl> References: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl> Message-ID: <4421566B.65ED.00A2.0@plattesheriff.org> I ran a yum update, got the new sendmail rpms (and 4.3, i think too for our 4.3 boxen) .. looks like centos was right on it.. >>> steve.swaney@fsl.com 3/22/2006 1:16:54 PM >>> Ugo, Right now we can only update red hat systems that are registered to run up2date. I'll leep and eye out for the CentOS patches and I'll build a new sendmail-8.13.6 rpms for The 3.0 systems we've updated to sendmail-8.13.x. More to follow, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ugo Bellavance > Sent: Wednesday, March 22, 2006 1:55 PM > To: mailscanner@lists.mailscanner.info > Subject: Sendmail Vulnerability: critical > > https://rhn.redhat.com/errata/RHSA-2006-0264.html > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From shrek-m at gmx.de Wed Mar 22 20:01:44 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Wed Mar 22 20:01:47 2006 Subject: Sendmail Vulnerability: critical In-Reply-To: <002301c64de6$1fc15aa0$0200a8c0@satellite> References: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl> <002301c64de6$1fc15aa0$0200a8c0@satellite> Message-ID: <4421AD28.2040103@gmx.de> On 22.03.2006 20:23, Dave wrote: > I'm extremely concerned about this sendmail vulnerability, i've heard > of it now through this forum and on a FreeBSD security list. The fbsd > boxes i'm not concerned with, we don't use sendmail on them, but on an > rh9, and two fc3 boxes we do use sendmail from rpm's along with > MailScanner. I did not set this up, and i am not a sendmail guru, and > i'm concerned that correcting this issue maybreak functionality for > customers. Any updated rpms i'd appreciate. for rhl9, fc3 you should know fedoralegacy http://fedoralegacy.org/updates/RH9/ http://fedoralegacy.org/updates/FC3/ for fc4, fc5 new sendmail rpms are available http://download.fedora.redhat.com/pub/fedora/linux/core/updates/ http://fedoraproject.org/infofeed/ March 22, 2006 sendmail - 8.13.6-0.FC4.1.i386 -- shrek-m From shrek-m at gmx.de Wed Mar 22 20:25:39 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Wed Mar 22 20:25:46 2006 Subject: Sendmail Vulnerability: critical In-Reply-To: <004801c64dec$0d815c40$0200a8c0@satellite> References: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl> <002301c64de6$1fc15aa0$0200a8c0@satellite> <4421AD28.2040103@gmx.de> <004801c64dec$0d815c40$0200a8c0@satellite> Message-ID: <4421B2C3.6060308@gmx.de> On 22.03.2006 21:06, Dave wrote: > Thank you for those links. I did not know of that information though i > was panicking about the rh9 box. I also didn't know fc3 was no longer > maintained, this also concerns me. None of our new boxes will be fc, > they'll be CentOS, but in the meantime i have to keep these machines > going at least for a while longer. I was wondering if you have any > rh9/fc3 or other legacy machines we also hava a 7.3 box, and use the > legacy updates page? no. > What i was wondering i'm not really enthused about downloading those > updates individually, i was wondering if you had a yum setup for them > or up2date? If so, can i see your configs? http://fedoralegacy.org/docs/ http://fedoralegacy.org/docs/yum-rh7x.php http://fedoralegacy.org/docs/yum-rh9.php http://fedoralegacy.org/docs/yum-fc3.php -- shrek-m From glenn.steen at gmail.com Wed Mar 22 20:33:21 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 22 20:33:30 2006 Subject: How do I block a domain from the recieved portion of headers In-Reply-To: <4421596D.1070209@hpmich.com> References: <200603211556.k2LFueGZ000940@dlep30.itg.ti.com> <442157CB.7040509@hpmich.com> <4421596D.1070209@hpmich.com> Message-ID: <223f97700603221233i7cb32edfm@mail.gmail.com> On 22/03/06, Ed Bruce wrote: > Ed Bruce wrote: > > What MTA are you using. I'm using PostFix and have a check_helo_access rule > that rejects email falsely claiming to be from within my domain. > > The ol reply to myself problem. Forgot that I also have a > check_sender_access with smtpd_helo_restrictions. > The "reply-to-myself" is mandatory... Otherwise, how would we know you really are a PF user/admin:-):-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mkettler at evi-inc.com Wed Mar 22 20:48:14 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Mar 22 20:48:31 2006 Subject: Sendmail Vulnerability: critical In-Reply-To: <4421AD28.2040103@gmx.de> References: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl> <002301c64de6$1fc15aa0$0200a8c0@satellite> <4421AD28.2040103@gmx.de> Message-ID: <4421B80E.70400@evi-inc.com> shrek-m@gmx.de wrote: > On 22.03.2006 20:23, Dave wrote: > >> I'm extremely concerned about this sendmail vulnerability, i've heard >> of it now through this forum and on a FreeBSD security list. The fbsd >> boxes i'm not concerned with, we don't use sendmail on them, but on an >> rh9, and two fc3 boxes we do use sendmail from rpm's along with >> MailScanner. I did not set this up, and i am not a sendmail guru, and >> i'm concerned that correcting this issue maybreak functionality for >> customers. Any updated rpms i'd appreciate. > > > for rhl9, fc3 you should know fedoralegacy > http://fedoralegacy.org/updates/RH9/ > http://fedoralegacy.org/updates/FC3/ > Yep, although legacy packages for RH9 and FC3 have not yet been published. However, that is where they'll be published. It's also worth considering the legacy build of yum. It is pre-configured to get packages from this repository. To get it dig down into the correct processor platform and get the yum RPM from: http://download.fedoralegacy.org/redhat/9/legacy-utils/ http://download.fedoralegacy.org/fedora/3/legacy-utils/ You'll also want to do an rpm --import on the key found at: http://www.fedoralegacy.org/FEDORA-LEGACY-GPG-KEY From drew at themarshalls.co.uk Wed Mar 22 20:57:45 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Wed Mar 22 20:57:54 2006 Subject: How do I block a domain from the recieved portion of headers In-Reply-To: <223f97700603221233i7cb32edfm@mail.gmail.com> References: <200603211556.k2LFueGZ000940@dlep30.itg.ti.com> <442157CB.7040509@hpmich.com> <4421596D.1070209@hpmich.com> <223f97700603221233i7cb32edfm@mail.gmail.com> Message-ID: <4D676B85-25A7-4114-98CB-77DB5DA4D181@themarshalls.co.uk> On 22 Mar 2006, at 20:33, Glenn Steen wrote: > On 22/03/06, Ed Bruce wrote: >> Ed Bruce wrote: >> >> What MTA are you using. I'm using PostFix and have a >> check_helo_access rule >> that rejects email falsely claiming to be from within my domain. >> >> The ol reply to myself problem. Forgot that I also have a >> check_sender_access with smtpd_helo_restrictions. >> > The "reply-to-myself" is mandatory... Otherwise, how would we know you > really are a PF user/admin:-):-) Indeed. I think you will find you 'compile' that 'feature' while building Postfix :-) make --with_self_reply_to_discussions --with_ability_to_spout_rubbish make install :-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From bhoppe at ti.com Wed Mar 22 21:00:17 2006 From: bhoppe at ti.com (Brandon Hoppe) Date: Wed Mar 22 21:00:30 2006 Subject: How do I block a domain from the recieved portion of headers In-Reply-To: <0b3201c64de8$36247c30$287ba8c0@office.fsl> References: <0b3201c64de8$36247c30$287ba8c0@office.fsl> Message-ID: <4421BAE1.7030001@ti.com> >Look at adding bogus HELO checking to sendmail. Download: > >http://www.cs.niu.edu/~rickert/cf/hack/block_bad_helo.m4 > >Install the contents as /usr/share/sendmail-cf/hack/block_bad_helo.m4 > >Then add the line below line to the top of your sendmail.mc file right after >the line "include(`/usr/share/sendmail-cf/m4/cf.m4')dnl": > >Here is the line to add: > >include(`/usr/share/sendmail-cf/hack/block_bad_helo.m4')dnl: > >The rebuild your sendmail.cf file: > > m4 sendmail.mc > sendmail.cf > >Then restart MailScanner. > Ok, i've created the block_bad_helo.m4 file under /sendmail/cf/m4 Now, in my sendmail.mc file, I didn't have the include line of cf.m4. I'm on sendmail 8.13.3 currently. This is my current sendmail.mc file: divert(-1) divert(0)dnl VERSIONID(`$Id: generic-solaris.mc,v 8.13 2001/06/27 21:46:30 gshapiro Exp $') OSTYPE(solaris2)dnl DOMAIN(generic)dnl define(`confAUTH_OPTIONS', `A')dnl define(`confAUTH_MECHANISMS',`LOGIN PLAIN')dnl define(`SMART_HOST', `outgoing.verizon.net') TRUST_AUTH_MECH(`LOGIN PLAIN')dnl FEATURE(`virtusertable', `dbm /etc/mail/virtusertable')dnl FEATURE(`authinfo', `dbm /etc/mail/authinfo')dnl FEATURE(`masquerade_envelope')dnl FEATURE(dnsbl)dnl FEATURE(`dnsbl', `sbl.spamhaus.org', `Spam blocked see: http://spamhaus.org/')dnl FEATURE(`dnsbl', `bl.spamcop.net', `"Spam blocked see: http://spamcop.net/bl.shtml?"$&{client_addr}')dnl FEATURE(`dnsbl', `relays.ordb.org', `"550 Email rejected due to sending server misconfiguration"')dnl MAILER(local)dnl MAILER(smtp)dnl Now, I wasn't sure where to put it so I added these two lines after the divert(-1) line: include(`../m4/cf.m4')dnl include(`../m4/block_bad_helo.m4')dnl and restarted sendmail. When I send an email to my account, I get a return message that says: (reason: 554 5.3.5 Infinite loop in ruleset Local_check_rcpt, rule 2) Am I placing the include of the m4 files incorrectly? From res at ausics.net Wed Mar 22 21:21:57 2006 From: res at ausics.net (Res) Date: Wed Mar 22 21:22:11 2006 Subject: Sendmail Vulnerability: critical In-Reply-To: References: Message-ID: This is announced from Sendmail Cons. all users should upgrade to 8.13.6 asap regardless of what distro you use its not just a RH thing. On Wed, 22 Mar 2006, Ugo Bellavance wrote: > https://rhn.redhat.com/errata/RHSA-2006-0264.html > > -- Cheers Res From mikej at rogers.com Wed Mar 22 21:25:01 2006 From: mikej at rogers.com (Mike Jakubik) Date: Wed Mar 22 21:24:56 2006 Subject: Sendmail Vulnerability: critical In-Reply-To: References: Message-ID: <4421C0AD.9030805@rogers.com> Ugo Bellavance wrote: > https://rhn.redhat.com/errata/RHSA-2006-0264.html > Thats why you use postfix. From dmehler26 at woh.rr.com Wed Mar 22 21:24:18 2006 From: dmehler26 at woh.rr.com (Dave) Date: Wed Mar 22 21:33:44 2006 Subject: Sendmail Vulnerability: critical References: <4421C0AD.9030805@rogers.com> Message-ID: <009401c64df6$facab500$0200a8c0@satellite> amen to that. ----- Original Message ----- From: "Mike Jakubik" To: "MailScanner discussion" Sent: Wednesday, March 22, 2006 4:25 PM Subject: Re: Sendmail Vulnerability: critical > Ugo Bellavance wrote: >> https://rhn.redhat.com/errata/RHSA-2006-0264.html >> > > Thats why you use postfix. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From listacct at tulsaconnect.com Wed Mar 22 21:55:55 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Wed Mar 22 21:55:59 2006 Subject: Sendmail Vulnerability: critical In-Reply-To: <4421C0AD.9030805@rogers.com> References: <4421C0AD.9030805@rogers.com> Message-ID: <4421C7EB.4070603@tulsaconnect.com> Mike Jakubik wrote: > Ugo Bellavance wrote: >> https://rhn.redhat.com/errata/RHSA-2006-0264.html >> > > Thats why you use postfix. > Or exim :-) -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From ugob at camo-route.com Wed Mar 22 22:10:50 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Wed Mar 22 22:11:41 2006 Subject: Sendmail Vulnerability: critical In-Reply-To: <4421C7EB.4070603@tulsaconnect.com> References: <4421C0AD.9030805@rogers.com> <4421C7EB.4070603@tulsaconnect.com> Message-ID: TCIS List Acct wrote: > > > Mike Jakubik wrote: >> Ugo Bellavance wrote: >>> https://rhn.redhat.com/errata/RHSA-2006-0264.html >>> >> >> Thats why you use postfix. >> > > Or exim :-) > Please don't start an MTA war... From linux_spartacus at yahoo.com Wed Mar 22 23:53:24 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Wed Mar 22 23:53:28 2006 Subject: Problem on whitelist/blacklist rules In-Reply-To: <006a01c64db9$c5e33c50$0705000a@DDF5DW71> Message-ID: <20060322235324.55652.qmail@web35607.mail.mud.yahoo.com> Steve Campbell wrote: No, you're overlooking the blacklist part. The whitelist "no" parm you used for "test" indicates that it is not whitelisted and must go through the normal steps of any other email. You need to add test to the blacklist to make it definitely spam. You should use your example in a circumstance where you might whitelist an entire domain, but want only the "test" address "not" to be whitelisted. For example: In whitelist file FromOrTo: test@domain.com no FromOrTo: *@domain.com yes In blacklist file FromOrTo: test@domain.com yes This would exclude the "test" address from whitelisting but whitelist everyone else in that domain . The blacklist would make "test" definitely spam. The "no" in the white/black list is used mostly for exclusions, the "yes" is for inclusion, for the white or black list file it is inside of. By removing both entries above from the whitelist and keeping the blacklist rule, you would be changing the strategy only for the *@domain.com , as now everyone but "test" would be required to pass your rules before it is delivered. As stands above, everyone but "test" automatically passes. Clear? or more confusing? Steve Campbell campbell@cnpapers.com Charleston Newspapers Hi Steve, Got some part of it. Since im getting some spam mails, i just want to block certain sender. If thats the case then i would just add it on the blacklilst file. Is this correct ? In blacklist file FromOrTo: test@domain.com yes # blacklist this sender FromOrTo: default no >>> ? Do i have to put these on the last line of my blacklist.rules ??? tia --------------------------------- New Yahoo! Messenger with Voice. Call regular phones from your PC and save big. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060322/dca0e091/attachment.html From maillists at conactive.com Thu Mar 23 00:31:16 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Mar 23 00:31:26 2006 Subject: Sendmail Vulnerability: critical In-Reply-To: <4421A8BF.6010004@linux-kernel.at> References: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl> <002301c64de6$1fc15aa0$0200a8c0@satellite> <4421A8BF.6010004@linux-kernel.at> Message-ID: Oliver Falk wrote on Wed, 22 Mar 2006 20:42:55 +0100: > Try my SRPM. It should work fine on rh8 - fc5/devel and also on CentOS >= 3. > > http://filelister.linux-kernel.at/mod_perl?current=/packages/lkernAT/SRPMS Any chance that it also builds fine on Suse 9.0 or 8.2? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From Kevin_Miller at ci.juneau.ak.us Thu Mar 23 00:52:15 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Mar 23 00:52:24 2006 Subject: Sendmail Vulnerability: critical Message-ID: Kai Schaetzl wrote: > Oliver Falk wrote on Wed, 22 Mar 2006 20:42:55 +0100: > >> Try my SRPM. It should work fine on rh8 - fc5/devel and also on >> CentOS >= 3. >> >> http://filelister.linux-kernel.at/mod_perl?current=/packages/lkernAT/SRP MS > > Any chance that it also builds fine on Suse 9.0 or 8.2? SuSE had a patch out this morning which I applied... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From Kevin_Miller at ci.juneau.ak.us Thu Mar 23 00:57:57 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Mar 23 00:58:00 2006 Subject: Sendmail Vulnerability: critical Message-ID: Kevin Miller wrote: >> Any chance that it also builds fine on Suse 9.0 or 8.2? > > SuSE had a patch out this morning which I applied... Opps, missed dthe 9.0 or 8.2 part. Sorry... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From smcguane at mailshield.com.au Thu Mar 23 02:53:17 2006 From: smcguane at mailshield.com.au (ShaunM [MailShield]) Date: Thu Mar 23 02:53:21 2006 Subject: MailWatch Problem - Does not send emails. In-Reply-To: Message-ID: <200603230253.k2N2rJjx028559@bkserver.blacknight.ie> Can anyone help me with this please? There is no & on the lines mentioned and I still get the below errors. Thanks Shaun Reply to >Shaun > >you using php-4.4.0 aren't you? > >go to those lines in the mime.php and remove the '&' from those lines. > >Dave > Hi, > > > > Does anyone know why this is happening? I have asked this question on the > mailwatch lists and had no > response. I am in dire need to send out reports and for some reason I have > been rattling my brain > trying to fix this. I have not been successful. > > > > It happens when I try to send reports... It does not send the email although > it says it has as shown below. > > > > > > root@filter1 [/usr/mailwatch/tools]# ./quarantine_report.php > > > > === Generating report for XXXXX type=D > > ==== Recipient e-mail address is shaun@XXXXX.id.au ==== Building list for > XXXXX ==== Found 0 quarantined e-mails ==== Building list for XXXXX.id.au > ==== Found 2539 quarantined e-mails > > > > Notice: Only variable references should be returned by reference in > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > line 376 > > > > Notice: Only variable references should be returned by reference in > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > line 417 > > > > Notice: Only variable references should be returned by reference in > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > line 594 > > > > ==== Sent e-mail to shaun@XXXXX.id.au > > > > root@filter1 [/usr/mailwatch/tools]# > > > > > > > > Thanks > > Shaun > > > > > > > > > > ________________________________ > > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Bernard.Lheureux@ibsbe.be > Sent: Monday, 20 March 2006 8:29 PM > To: mailscanner@lists.mailscanner.info > Subject: (no subject) > > > > > I wanted to know if there was a solution for the problem of "removed > carriage returns" in attached text files passing through a MailScanner > configured as a gateway with CentOS 4.2 ans Sendmail with ClamAV and Sophos. > I have read in the mailinglist that it should be a perl bug but in which > module, and how to fix it ? > Do you have an idea where I could point my searches to ? > > Best regards / Vriendelijke groeten / Cordialement, > > --- > Bernard Lheureux > Consultant / System Engineer - Networking Team > > IBS TECHNOLOGY AND SERVICES > Leuvense Steenweg, 643 > 1930 Zaventem - Belgium > Phone: +32-(0)2-723.91.11 Fax: +32-(0)2-723.92.99 > http://www.ibsts.be > > > ---------------------------------------------------------------------------- - > This message has been scanned for viruses and malicious content by > MailShield > http://www.mailshield.com.au > > > ---------------------------------------------------------------------------- - > This message has been scanned for viruses and malicious content by > MailShield > http://www.mailshield.com.au > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website!


---------------------------------------------------------------------------- -
This message has been scanned for viruses and malicious content by MailShield
http://www.mailshield.com.au


-----------------------------------------------------------------------------
This message has been scanned for viruses and malicious content by MailShield
http://www.mailshield.com.au
 From dmehler26 at woh.rr.com Thu Mar 23 04:53:57 2006 From: dmehler26 at woh.rr.com (Dave) Date: Thu Mar 23 05:03:31 2006 Subject: Sendmail Vulnerability: critical References: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl> <002301c64de6$1fc15aa0$0200a8c0@satellite> <4421AD28.2040103@gmx.de> <004801c64dec$0d815c40$0200a8c0@satellite> <4421B2C3.6060308@gmx.de> Message-ID: <012901c64e35$cbdc1830$0200a8c0@satellite> Hi, Thanks for the links. The fc3 link does not contain a sendmail update, any idea on why or when i might be able to get it? Thanks. Dave. ----- Original Message ----- From: To: Sent: Wednesday, March 22, 2006 3:25 PM Subject: Re: Sendmail Vulnerability: critical > On 22.03.2006 21:06, Dave wrote: > >> Thank you for those links. I did not know of that information though i >> was panicking about the rh9 box. I also didn't know fc3 was no longer >> maintained, this also concerns me. None of our new boxes will be fc, >> they'll be CentOS, but in the meantime i have to keep these machines >> going at least for a while longer. I was wondering if you have any >> rh9/fc3 or other legacy machines we also hava a 7.3 box, and use the >> legacy updates page? > > > no. > >> What i was wondering i'm not really enthused about downloading those >> updates individually, i was wondering if you had a yum setup for them or >> up2date? If so, can i see your configs? > > > http://fedoralegacy.org/docs/ > http://fedoralegacy.org/docs/yum-rh7x.php > http://fedoralegacy.org/docs/yum-rh9.php > http://fedoralegacy.org/docs/yum-fc3.php > > -- > shrek-m > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From strydom.dave at gmail.com Thu Mar 23 05:49:18 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Thu Mar 23 05:49:21 2006 Subject: MailWatch Problem - Does not send emails. In-Reply-To: <200603230253.k2N2rJjx028559@bkserver.blacknight.ie> References: <200603230253.k2N2rJjx028559@bkserver.blacknight.ie> Message-ID: Hi Shaun, Please email me that mime.php file. Dave On 3/23/06, ShaunM [MailShield] wrote: > Can anyone help me with this please? > > There is no & on the lines mentioned and I still get the below errors. > > Thanks > Shaun > > > > Reply to > >Shaun > > > >you using php-4.4.0 aren't you? > > > >go to those lines in the mime.php and remove the '&' from those lines. > > > >Dave > > > > > Hi, > > > > > > > > Does anyone know why this is happening? I have asked this question on the > > mailwatch lists and had no > > response. I am in dire need to send out reports and for some reason I > have > > been rattling my brain > > trying to fix this. I have not been successful. > > > > > > > > It happens when I try to send reports... It does not send the email > although > > it says it has as shown below. > > > > > > > > > > > > root@filter1 [/usr/mailwatch/tools]# ./quarantine_report.php > > > > > > > > === Generating report for XXXXX type=D > > > > ==== Recipient e-mail address is shaun@XXXXX.id.au ==== Building list > for > > XXXXX ==== Found 0 quarantined e-mails ==== Building list for > XXXXX.id.au > > ==== Found 2539 quarantined e-mails > > > > > > > > Notice: Only variable references should be returned by reference in > > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > > line 376 > > > > > > > > Notice: Only variable references should be returned by reference in > > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > > line 417 > > > > > > > > Notice: Only variable references should be returned by reference in > > /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on > > line 594 > > > > > > > > ==== Sent e-mail to shaun@XXXXX.id.au > > > > > > > > root@filter1 [/usr/mailwatch/tools]# > > > > > > > > > > > > > > > > Thanks > > > > Shaun > > > > > > > > > > > > > > > > > > > > ________________________________ > > > > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Bernard.Lheureux@ibsbe.be > > Sent: Monday, 20 March 2006 8:29 PM > > To: mailscanner@lists.mailscanner.info > > Subject: (no subject) > > > > > > > > > > I wanted to know if there was a solution for the problem of "removed > > carriage returns" in attached text files passing through a MailScanner > > configured as a gateway with CentOS 4.2 ans Sendmail with ClamAV and > Sophos. > > I have read in the mailinglist that it should be a perl bug but in which > > module, and how to fix it ? > > Do you have an idea where I could point my searches to ? > > > > Best regards / Vriendelijke groeten / Cordialement, > > > > --- > > Bernard Lheureux > > Consultant / System Engineer - Networking Team > > > > IBS TECHNOLOGY AND SERVICES > > Leuvense Steenweg, 643 > > 1930 Zaventem - Belgium > > Phone: +32-(0)2-723.91.11 Fax: +32-(0)2-723.92.99 > > http://www.ibsts.be > > > > > > > ---------------------------------------------------------------------------- > - > > This message has been scanned for viruses and malicious content by > > MailShield > > http://www.mailshield.com.au > > > > > > > ---------------------------------------------------------------------------- > - > > This message has been scanned for viruses and malicious content by > > MailShield > > http://www.mailshield.com.au > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > >
>
>
> ---------------------------------------------------------------------------- > -
> This message has been scanned for viruses and malicious content by > MailShield
> size="2" face="Arial, Helvetica, > sans-serif">http://www.mailshield.com.au color="#44a82e" face="Arial, Helvetica, > sans-serif">
> > > > > > > >
>
>
> -----------------------------------------------------------------------------
> This message has been scanned for viruses and malicious content by MailShield
> http://www.mailshield.com.au
> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From james at grayonline.id.au Thu Mar 23 06:24:01 2006 From: james at grayonline.id.au (James Gray) Date: Thu Mar 23 06:24:37 2006 Subject: Sendmail Vulnerability: critical In-Reply-To: <4421566B.65ED.00A2.0@plattesheriff.org> References: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl> <4421566B.65ED.00A2.0@plattesheriff.org> Message-ID: <200603231724.07131.james@grayonline.id.au> On Thu, 23 Mar 2006 06:51, Rob Poe wrote: > I ran a yum update, got the new sendmail rpms (and 4.3, i think too for > our 4.3 boxen) .. looks like centos was right on it.. Hmm, I ran the same update here and here's what RPM reports: rpm -qa|grep sendmail ; uname -a ; cat /etc/redhat-release sendmail-devel-8.13.1-2 sendmail-8.13.1-2 sendmail-cf-8.13.1-2 Linux clacks.ocs.au.com 2.6.9-34.EL #1 Wed Mar 8 00:07:35 CST 2006 i686 i686 i386 GNU/Linux CentOS release 4.3 (Final) Seems CentOS 4.3 is still on Sendmail 8.13.1. No idea if the 8.13.6 patch has been back-ported though. Still the SRPM from here: ftp://linux-kernel.at/packages/lkernAT/SRPMS/sendmail-8.13.6-1.src.rpm Does compile on CentOS 4.3. Just did it :) Cheers, James -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060323/1591fc73/attachment.bin From james at grayonline.id.au Thu Mar 23 06:27:41 2006 From: james at grayonline.id.au (James Gray) Date: Thu Mar 23 06:27:57 2006 Subject: Sendmail Vulnerability: critical In-Reply-To: References: <4421C7EB.4070603@tulsaconnect.com> Message-ID: <200603231727.42368.james@grayonline.id.au> On Thu, 23 Mar 2006 09:10, Ugo Bellavance wrote: > TCIS List Acct wrote: > > Mike Jakubik wrote: > >> Ugo Bellavance wrote: > >>> https://rhn.redhat.com/errata/RHSA-2006-0264.html > >> > >> Thats why you use postfix. > > > > Or exim :-) > > Please don't start an MTA war... Awww :( But I didn't get throw flaming arrows at the Qmail crowd ;) James -- Each new user of a new system uncovers a new class of bugs. -- Kernighan -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060323/6e76d2e8/attachment.bin From shrek-m at gmx.de Thu Mar 23 06:29:31 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Thu Mar 23 06:29:39 2006 Subject: Sendmail Vulnerability: critical In-Reply-To: <012901c64e35$cbdc1830$0200a8c0@satellite> References: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl> <002301c64de6$1fc15aa0$0200a8c0@satellite> <4421AD28.2040103@gmx.de> <004801c64dec$0d815c40$0200a8c0@satellite> <4421B2C3.6060308@gmx.de> <012901c64e35$cbdc1830$0200a8c0@satellite> Message-ID: <4422404B.2070004@gmx.de> On 23.03.2006 05:53, Dave wrote: > Thanks for the links. The fc3 link does not contain a sendmail update, > any idea on why or when i might be able to get it? not really http://www.redhat.com/archives/fedora-legacy-list/2006-March/msg00158.html /From/: Jesse Keating /Date/: Wed, 22 Mar 2006 14:43:08 -0800 /Subject/: Re: US-CERT Technical Cyber Security Alert TA06-081A -- Sendmail Race Condition Vulnerability (fwd) We are working on some fixed packages. fedora-legacy-list http://www.redhat.com/archives/fedora-legacy-list/2006-March/date.html fedora-legacy-announce https://www.redhat.com/archives/fedora-legacy-announce/2006-March/date.html -- shrek-m From shrek-m at gmx.de Thu Mar 23 06:41:24 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Thu Mar 23 06:41:28 2006 Subject: Sendmail Vulnerability: critical In-Reply-To: <200603231724.07131.james@grayonline.id.au> References: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl> <4421566B.65ED.00A2.0@plattesheriff.org> <200603231724.07131.james@grayonline.id.au> Message-ID: <44224314.5010003@gmx.de> On 23.03.2006 07:24, James Gray wrote: >On Thu, 23 Mar 2006 06:51, Rob Poe wrote: > > >>I ran a yum update, got the new sendmail rpms (and 4.3, i think too for >>our 4.3 boxen) .. looks like centos was right on it.. >> >> > >Hmm, I ran the same update here and here's what RPM reports: > >rpm -qa|grep sendmail ; uname -a ; cat /etc/redhat-release >sendmail-devel-8.13.1-2 >sendmail-8.13.1-2 >sendmail-cf-8.13.1-2 >Linux clacks.ocs.au.com 2.6.9-34.EL #1 Wed Mar 8 00:07:35 CST 2006 i686 i686 >i386 GNU/Linux >CentOS release 4.3 (Final) > >Seems CentOS 4.3 is still on Sendmail 8.13.1. No idea if the 8.13.6 patch >has been back-ported though. > > `rpm -q --changelog` should tell you for what you are looking eg. -------- $ rpm -qp --changelog http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/i386//sendmail-8.13.6-0.FC4.1.i386.rpm | head * Mi M?r 22 2006 Thomas Woerner 8.13.6-0.FC4.1 - new version 8.13.6 (fixes VU#834865) - dropped libmilter-sigwait patch (fixed in 8.13.6) - fixed selinuxenabled path in initscript - appended 'dnl' to cert tags in sendmail.mc - fixed email address in changelog * Sa Mai 07 2005 Thomas Woerner 8.13.4-2 -------- >Still the SRPM from here: >ftp://linux-kernel.at/packages/lkernAT/SRPMS/sendmail-8.13.6-1.src.rpm > >Does compile on CentOS 4.3. Just did it :) > > -- shrek-m From martinh at solid-state-logic.com Thu Mar 23 08:59:55 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Mar 23 09:00:20 2006 Subject: Sendmail Vulnerability: critical In-Reply-To: Message-ID: <005401c64e58$2b02f320$3004010a@martinhlaptop> Nice to have a choice isn't it - ie not stuck with software from a single supplier..(avoids the word vendor as exim etc are OSS) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ugo Bellavance > Sent: 22 March 2006 22:11 > To: mailscanner@lists.mailscanner.info > Subject: Re: Sendmail Vulnerability: critical > > TCIS List Acct wrote: > > > > > > Mike Jakubik wrote: > >> Ugo Bellavance wrote: > >>> https://rhn.redhat.com/errata/RHSA-2006-0264.html > >>> > >> > >> Thats why you use postfix. > >> > > > > Or exim :-) > > > > Please don't start an MTA war... > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From andoni.auzmendi at robertwalters.com Thu Mar 23 09:15:24 2006 From: andoni.auzmendi at robertwalters.com (Andoni Auzmendi) Date: Thu Mar 23 09:16:07 2006 Subject: Sendmail Vulnerability: critical Message-ID: <1A8B0BB098059B42BCFF0EB7E2E62FD06F6019@PAT.internal.robertwalters.com> I'd rather have critical software compiled from source than packages as I don't get tied up to distributions life cycles. It is more work but I can keep critical services up to date even on unsupported distributions. Andoni -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: 23 March 2006 09:00 To: 'MailScanner discussion' Subject: RE: Sendmail Vulnerability: critical Nice to have a choice isn't it - ie not stuck with software from a single supplier..(avoids the word vendor as exim etc are OSS) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ugo Bellavance > Sent: 22 March 2006 22:11 > To: mailscanner@lists.mailscanner.info > Subject: Re: Sendmail Vulnerability: critical > > TCIS List Acct wrote: > > > > > > Mike Jakubik wrote: > >> Ugo Bellavance wrote: > >>> https://rhn.redhat.com/errata/RHSA-2006-0264.html > >>> > >> > >> Thats why you use postfix. > >> > > > > Or exim :-) > > > > Please don't start an MTA war... > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** From hoff.milo at gmail.com Thu Mar 23 09:37:15 2006 From: hoff.milo at gmail.com (Milo Hoffman) Date: Thu Mar 23 09:37:20 2006 Subject: Open redirectors of dictionary.com Message-ID: <78312c170603230137l1be3e2d0h7d074ede836d2695@mail.gmail.com> hi I am not sure whether you guys are aware of this, I just found some open redirectors of reference.com and this can be possibly exploited by spammers. http://thesaurus.reference.com/go/http://www.google.com http://dictionary.reference.com/go/http://www.google.com http://www.reference.com/go/http://www.google.com The links above happily redirect you to google.com or any other site you wish to. A colleague of mine has already written to Reference.com guys about this. Would advise you guys to keep a watch on this redirectors :) Milo -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060323/d127bb71/attachment.html From wmcdonald at gmail.com Thu Mar 23 10:38:26 2006 From: wmcdonald at gmail.com (Will McDonald) Date: Thu Mar 23 10:38:30 2006 Subject: Sendmail Vulnerability: critical In-Reply-To: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl> References: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl> Message-ID: <1f8fae340603230238y67c947b0m@mail.gmail.com> On 22/03/06, Stephen Swaney wrote: > Ugo, > > Right now we can only update red hat systems that are registered to run > up2date. > > I'll leep and eye out for the CentOS patches and I'll build a new > sendmail-8.13.6 rpms for The 3.0 systems we've updated to sendmail-8.13.x. CentOS users, check which mirror your using/syncing from. We've been using Sunsite UK, checking for updates today I noticed they're still on CentOS4.2 and don't have the Sendmail updates. Mirrorservice.org had CentOS 4.3 and the latest updates. Will. From martinh at solid-state-logic.com Thu Mar 23 10:49:36 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Mar 23 10:49:45 2006 Subject: Sendmail Vulnerability: critical In-Reply-To: <1f8fae340603230238y67c947b0m@mail.gmail.com> Message-ID: <00a101c64e67$7a876750$3004010a@martinhlaptop> Aha I wondered what had happened to the Univ of Kent mirror site after they lost the JISC funding.....much better than the 'new' mirror.ac.uk... Ta -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Will McDonald > Sent: 23 March 2006 10:38 > To: MailScanner discussion > Subject: Re: Sendmail Vulnerability: critical > > On 22/03/06, Stephen Swaney wrote: > > Ugo, > > > > Right now we can only update red hat systems that are registered to run > > up2date. > > > > I'll leep and eye out for the CentOS patches and I'll build a new > > sendmail-8.13.6 rpms for The 3.0 systems we've updated to sendmail- > 8.13.x. > > CentOS users, check which mirror your using/syncing from. We've been > using Sunsite UK, checking for updates today I noticed they're still > on CentOS4.2 and don't have the Sendmail updates. Mirrorservice.org > had CentOS 4.3 and the latest updates. > > Will. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From roger at rudnick.com.br Thu Mar 23 11:34:52 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Thu Mar 23 11:35:24 2006 Subject: Sendmail References: <44060193.3040109@psysolutions.com><44060941.60707@ecs.soton.ac.uk><44060F19.3070407@psysolutions.com><44061184.50003@ecs.soton.ac.uk><4406211D.6070207@psysolutions.com><8408E28D-277B-4553-91F1-E2CAEE463FCE@ecs.soton.ac.uk> Message-ID: <028601c64e6d$cdfcdae0$0600a8c0@roger> I'm trying to upgrade Sendmail from 8.13.1 to 8.13.6, but when I try to run the rpm --upgrade, I receive the following message: postfix conflicts with sendmail.8.13.6-1 A month ago I upgraded from sendmail 8.11 to 8.13.1 with no problem at all... How can I solve this? Regards Roger Jochem From dmehler26 at woh.rr.com Thu Mar 23 11:49:10 2006 From: dmehler26 at woh.rr.com (Dave) Date: Thu Mar 23 11:58:42 2006 Subject: Sendmail Vulnerability: critical References: <00a101c64e67$7a876750$3004010a@martinhlaptop> Message-ID: <01e601c64e6f$ccf20fb0$0200a8c0@satellite> Hello, I'm checking the fedoralegacy site for sendmail rpms i can get via yum and am not seeing them. Does anyone know of a yum repository that has rh9, to fc3 updated sendmail rpms? Thanks. Dave. ----- Original Message ----- From: "Martin Hepworth" To: "'MailScanner discussion'" Sent: Thursday, March 23, 2006 5:49 AM Subject: RE: Sendmail Vulnerability: critical > Aha > > I wondered what had happened to the Univ of Kent mirror site after they > lost > the JISC funding.....much better than the 'new' mirror.ac.uk... > > > Ta > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Will McDonald >> Sent: 23 March 2006 10:38 >> To: MailScanner discussion >> Subject: Re: Sendmail Vulnerability: critical >> >> On 22/03/06, Stephen Swaney wrote: >> > Ugo, >> > >> > Right now we can only update red hat systems that are registered to >> > run >> > up2date. >> > >> > I'll leep and eye out for the CentOS patches and I'll build a new >> > sendmail-8.13.6 rpms for The 3.0 systems we've updated to sendmail- >> 8.13.x. >> >> CentOS users, check which mirror your using/syncing from. We've been >> using Sunsite UK, checking for updates today I noticed they're still >> on CentOS4.2 and don't have the Sendmail updates. Mirrorservice.org >> had CentOS 4.3 and the latest updates. >> >> Will. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Thu Mar 23 12:35:27 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Mar 23 12:35:31 2006 Subject: Sendmail In-Reply-To: <028601c64e6d$cdfcdae0$0600a8c0@roger> Message-ID: <147e01c64e76$4471e460$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Roger Jochem > Sent: Thursday, March 23, 2006 6:35 AM > To: MailScanner discussion > Subject: Sendmail > > I'm trying to upgrade Sendmail from 8.13.1 to 8.13.6, but when I try to > run > the rpm --upgrade, I receive the following message: > > postfix conflicts with sendmail.8.13.6-1 > > A month ago I upgraded from sendmail 8.11 to 8.13.1 with no problem at > all... How can I solve this? > > Regards > > Roger Jochem > Try: rpm -e --nodeps postfix Then try the upgrade. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From campbell at cnpapers.com Thu Mar 23 13:53:17 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Mar 23 13:53:32 2006 Subject: Problem on whitelist/blacklist rules References: <20060322235324.55652.qmail@web35607.mail.mud.yahoo.com> Message-ID: <008301c64e81$25584f50$0705000a@DDF5DW71> Yes, that's right. Just add the sender to the blacklist file. The last line should be the default line in both files. I've seen different opinions on where it can be placed, but I always thought the lists were a "first find" type search-and-match, so the default makes sense at the end. Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: spart cus To: MailScanner discussion Sent: Wednesday, March 22, 2006 6:53 PM Subject: Re: Problem on whitelist/blacklist rules Steve Campbell wrote: No, you're overlooking the blacklist part. The whitelist "no" parm you used for "test" indicates that it is not whitelisted and must go through the normal steps of any other email. You need to add test to the blacklist to make it definitely spam. You should use your example in a circumstance where you might whitelist an entire domain, but want only the "test" address "not" to be whitelisted. For example: In whiteli! st file FromOrTo: test@domain.com no FromOrTo: *@domain.com yes In blacklist file FromOrTo: test@domain.com yes This would exclude the "test" address from whitelisting but whitelist everyone else in that domain . The blacklist would make "test" definitely spam. The "no" in the white/black list is used mostly for exclusions, the "yes" is for inclusion, for the white or black list file it is inside of. By removing both entries above from the whitelist and keeping the blacklist rule, you would be changing the strategy only for the *@domain.com , as now everyone but "test" would be required to pass your rules before it is delivered. As stands above, everyone but "test" automatically passes. Clear? or more confusing? Steve Campbell campbell@cnpapers.com Charleston Newspapers Hi Steve, Got some part of it. Since im getting some spam mails, i just want to block certain sender. If thats the case then i would just add it on the blacklil! st file. Is this correct ? In blacklist file FromOrTo: test@domain.com yes # blacklist this sender FromOrTo: default no >>> ? Do i have to put these on the last line of my blacklist.rules ??? tia ------------------------------------------------------------------------------ New Yahoo! Messenger with Voice. Call regular phones from your PC and save big. ------------------------------------------------------------------------------ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060323/c32df59f/attachment.html From MailScanner at ecs.soton.ac.uk Thu Mar 23 14:13:36 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 23 14:13:46 2006 Subject: Problem on whitelist/blacklist rules In-Reply-To: <008301c64e81$25584f50$0705000a@DDF5DW71> References: <20060322235324.55652.qmail@web35607.mail.mud.yahoo.com> <008301c64e81$25584f50$0705000a@DDF5DW71> Message-ID: <3A57BAB1-706D-4CB6-B03E-AD3ECBA23B3E@ecs.soton.ac.uk> It actually doesn't matter where the "default" rule is placed, but it makes more logical sense to put it at the end, unless you're auto- generating the rulesets. For all other rules, the order *does* matter, it's only the default rule that can be put anywhere. On 23 Mar 2006, at 13:53, Steve Campbell wrote: > Yes, that's right. Just add the sender to the blacklist file. > > The last line should be the default line in both files. I've seen > different opinions on where it can be placed, but I always thought > the lists were a "first find" type search-and-match, so the default > makes sense at the end. > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > > ----- Original Message ----- > From: spart cus > To: MailScanner discussion > Sent: Wednesday, March 22, 2006 6:53 PM > Subject: Re: Problem on whitelist/blacklist rules > > > > Steve Campbell wrote: > No, you're overlooking the blacklist part. The whitelist "no" parm > you used for "test" indicates that it is not whitelisted and must > go through the normal steps of any other email. You need to add > test to the blacklist to make it definitely spam. > > You should use your example in a circumstance where you might > whitelist an entire domain, but want only the "test" address "not" > to be whitelisted. For example: > > In whiteli! st file > FromOrTo: test@domain.com no > FromOrTo: *@domain.com yes > > In blacklist file > FromOrTo: test@domain.com yes > > This would exclude the "test" address from whitelisting but > whitelist everyone else in that domain . The blacklist would make > "test" definitely spam. The "no" in the white/black list is used > mostly for exclusions, the "yes" is for inclusion, for the white or > black list file it is inside of. > > By removing both entries above from the whitelist and keeping the > blacklist rule, you would be changing the strategy only for the > *@domain.com , as now everyone but "test" would be required to pass > your rules before it is delivered. As stands above, everyone but > "test" automatically passes. > > Clear? or more confusing? > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > > > Hi Steve, > Got some part of it. Since im getting some spam mails, i just want > to block certain sender. If thats the case then i would just add it > on the blacklil! st file. Is this correct ? > > In blacklist file > FromOrTo: test@domain.com yes # blacklist this sender > FromOrTo: default no >>> ? Do i have to > put these on the last line of my blacklist.rules ??? > > tia > > > > New Yahoo! Messenger with Voice. Call regular phones from your PC > and save big. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060323/63688c92/attachment.html From listacct at tulsaconnect.com Thu Mar 23 14:18:54 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Thu Mar 23 14:18:56 2006 Subject: Sendmail Vulnerability: critical In-Reply-To: References: <4421C0AD.9030805@rogers.com> <4421C7EB.4070603@tulsaconnect.com> Message-ID: <4422AE4E.6090909@tulsaconnect.com> Ugo Bellavance wrote: > TCIS List Acct wrote: >> >> >> Mike Jakubik wrote: >>> Ugo Bellavance wrote: >>>> https://rhn.redhat.com/errata/RHSA-2006-0264.html >>>> >>> >>> Thats why you use postfix. >>> >> >> Or exim :-) >> > > Please don't start an MTA war... > OS/2! :P -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From maillists at conactive.com Thu Mar 23 14:31:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Mar 23 14:31:31 2006 Subject: MS logs to two facilities Message-ID: I changed the logging facility in MailScanner.conf to local1. I changed syslog.conf. I restarted both servers several times. I get logging now to *both* logs /var/maillog and /var/log/mailscanner.log. It seems that MS is now logging to the mail *and* local1 facilities instead of just local1. Is this something special with local? I did this in the past and it worked fine. I didn't use a local facility, though, but "abused" news. This is latest MailScanner on CentOS 4.3. I changed to news, still the same problem. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From realmcking at gmail.com Thu Mar 23 14:39:08 2006 From: realmcking at gmail.com (Mark McCoy) Date: Thu Mar 23 14:39:10 2006 Subject: Open redirectors of dictionary.com In-Reply-To: <78312c170603230137l1be3e2d0h7d074ede836d2695@mail.gmail.com> References: <78312c170603230137l1be3e2d0h7d074ede836d2695@mail.gmail.com> Message-ID: Thanks for the notice... On 3/23/06, Milo Hoffman wrote: > hi > > I am not sure whether you guys are aware of this, I just found some open > redirectors of reference.com and this can be possibly exploited by spammers. > > http://thesaurus.reference.com/go/http://www.google.com > http://dictionary.reference.com/go/http://www.google.com > http://www.reference.com/go/http://www.google.com > > The links above happily redirect you to google.com or any other site you > wish to. A colleague of mine has already written to Reference.com guys about > this. Would advise you guys to keep a watch on this redirectors :) > > Milo > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- Mark McCoy -- Professional Unix geek "On two occasions I have been asked, 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. " -- Charles Babbage From prandal at herefordshire.gov.uk Thu Mar 23 14:43:57 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Mar 23 14:44:23 2006 Subject: Sendmail Vulnerability: critical Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580C07441F@isabella.herefordshire.gov.uk> The fedoralegacy.org updates-testing yum repository has them. There are also a bunch of 8.13.6 RPMs for RH9, FC 1,2,3,4,5, RHEL 3,4 over at http://www.city-fan.org/ftp/contrib/mail/ Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave > Sent: 23 March 2006 11:49 > To: MailScanner discussion > Subject: Re: Sendmail Vulnerability: critical > > Hello, > I'm checking the fedoralegacy site for sendmail rpms i > can get via yum > and am not seeing them. Does anyone know of a yum repository > that has rh9, > to fc3 updated sendmail rpms? > Thanks. > Dave. > > ----- Original Message ----- > From: "Martin Hepworth" > To: "'MailScanner discussion'" > Sent: Thursday, March 23, 2006 5:49 AM > Subject: RE: Sendmail Vulnerability: critical > > > > Aha > > > > I wondered what had happened to the Univ of Kent mirror > site after they > > lost > > the JISC funding.....much better than the 'new' mirror.ac.uk... > > > > > > Ta > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Will McDonald > >> Sent: 23 March 2006 10:38 > >> To: MailScanner discussion > >> Subject: Re: Sendmail Vulnerability: critical > >> > >> On 22/03/06, Stephen Swaney wrote: > >> > Ugo, > >> > > >> > Right now we can only update red hat systems that are > registered to > >> > run > >> > up2date. > >> > > >> > I'll leep and eye out for the CentOS patches and I'll build a new > >> > sendmail-8.13.6 rpms for The 3.0 systems we've updated > to sendmail- > >> 8.13.x. > >> > >> CentOS users, check which mirror your using/syncing from. > We've been > >> using Sunsite UK, checking for updates today I noticed > they're still > >> on CentOS4.2 and don't have the Sendmail updates. Mirrorservice.org > >> had CentOS 4.3 and the latest updates. > >> > >> Will. > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error > please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Thu Mar 23 14:45:09 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 23 14:45:17 2006 Subject: MS logs to two facilities In-Reply-To: References: Message-ID: <0A607BC6-EC1B-42DA-9724-5D6A1C63CE92@ecs.soton.ac.uk> Check that either a facility or priority is not set up to log in both places, that's the most common cause of multiple logging, just duff syslog.conf files. On 23 Mar 2006, at 14:31, Kai Schaetzl wrote: > I changed the logging facility in MailScanner.conf to local1. I > changed > syslog.conf. I restarted both servers several times. I get logging > now to > *both* logs /var/maillog and /var/log/mailscanner.log. It seems > that MS is > now logging to the mail *and* local1 facilities instead of just > local1. Is > this something special with local? > I did this in the past and it worked fine. I didn't use a local > facility, > though, but "abused" news. > This is latest MailScanner on CentOS 4.3. > I changed to news, still the same problem. > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From PHachey at city.cornwall.on.ca Thu Mar 23 14:49:17 2006 From: PHachey at city.cornwall.on.ca (Philip Hachey) Date: Thu Mar 23 14:49:23 2006 Subject: MailScanner ANNOUNCE: 4.51 released In-Reply-To: <4EA68E2E-6D53-4110-9686-11B60DE9D83A@ecs.soton.ac.uk> Message-ID: I'm finally getting around to the March MS update, and wow! mailscanner-announce-bounces@lists.mailscanner.info wrote on 2006-03-01 03:52:12: --SNIP-- > - - New option "Use TNEF Contents" allows you to add the contents of > winmail.dat > attachments to messages in TNEF format. This means that users not > running > Microsoft Outlook can read attachments put there by badly-configured > Outlook or Exchange systems. Valid values are "no", "add" or > "replace" which > do pretty much what they say. Explanations are in MailScanner.conf. SWEET! What a great idea! Much kudos! From MailScanner at ecs.soton.ac.uk Thu Mar 23 14:55:19 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 23 14:55:28 2006 Subject: MailScanner ANNOUNCE: 4.51 released In-Reply-To: References: Message-ID: <782C6E20-CBBD-4B86-95A9-75A2E8D3C465@ecs.soton.ac.uk> Glad you like it. :-) On 23 Mar 2006, at 14:49, Philip Hachey wrote: > I'm finally getting around to the March MS update, and wow! > > mailscanner-announce-bounces@lists.mailscanner.info wrote on > 2006-03-01 > 03:52:12: > --SNIP-- >> - - New option "Use TNEF Contents" allows you to add the contents of >> winmail.dat >> attachments to messages in TNEF format. This means that users not >> running >> Microsoft Outlook can read attachments put there by badly- >> configured >> Outlook or Exchange systems. Valid values are "no", "add" or >> "replace" which >> do pretty much what they say. Explanations are in >> MailScanner.conf. > > SWEET! What a great idea! Much kudos! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mgt at stellarcore.net Thu Mar 23 15:15:39 2006 From: mgt at stellarcore.net (Mike Tremaine) Date: Thu Mar 23 15:15:52 2006 Subject: Sendmail Vulnerability: critical In-Reply-To: <200603231204.k2NC4FXF003778@bkserver.blacknight.ie> References: <200603231204.k2NC4FXF003778@bkserver.blacknight.ie> Message-ID: <1143126939.3332.12.camel@dwarfstar.stellarcore.net> > On 23.03.2006 07:24, James Gray wrote: > > >On Thu, 23 Mar 2006 06:51, Rob Poe wrote: > > > > > >>I ran a yum update, got the new sendmail rpms (and 4.3, i think too for > >>our 4.3 boxen) .. looks like centos was right on it.. > >> > >> > > > >Hmm, I ran the same update here and here's what RPM reports: > > > >rpm -qa|grep sendmail ; uname -a ; cat /etc/redhat-release > >sendmail-devel-8.13.1-2 > >sendmail-8.13.1-2 > >sendmail-cf-8.13.1-2 > >Linux clacks.ocs.au.com 2.6.9-34.EL #1 Wed Mar 8 00:07:35 CST 2006 i686 i686 > >i386 GNU/Linux > >CentOS release 4.3 (Final) > > > >Seems CentOS 4.3 is still on Sendmail 8.13.1. No idea if the 8.13.6 patch > >has been back-ported though. > > > > > > `rpm -q --changelog` should tell you for what you are looking > The Centos4.x sendmail 8.13.1-3 has the fixes. As stated do a "rpm -q -- changelog sendmail | less" and you'll see * Mon Mar 20 2006 Thomas Woerner 8.13.1-3.RHEL4.3 - fixed another time_t timeout problem in the VU patch in usersmtp.c * Sat Mar 18 2006 Thomas Woerner 8.13.1-3.RHEL4.2 - fixed adaption failure in VU#834865 * Mon Mar 13 2006 Thomas Woerner 8.13.1-3.RHEL4.1 - fixed VU#834865 (#184465) Nice turn around time by the Centos people. I had this rolled out across all servers well before dinner. -Mike From maillists at conactive.com Thu Mar 23 15:49:46 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Mar 23 15:49:58 2006 Subject: MS logs to two facilities In-Reply-To: References: <0A607BC6-EC1B-42DA-9724-5D6A1C63CE92@ecs.soton.ac.uk> Message-ID: Kai Schaetzl wrote on Thu, 23 Mar 2006 16:13:29 +0100: > > Check that either a facility or priority is not set up to log in both > > places, that's the most common cause of multiple logging, just duff > > syslog.conf files. > > That's what's in there, nothing else for mail or news: > > mail.* -/var/log/maillog > news.* -/var/log/mailscanner.log Sorry, I didn't intend to send to you directly, forget it! Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Thu Mar 23 15:49:46 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Mar 23 15:50:00 2006 Subject: MS logs to two facilities In-Reply-To: <0A607BC6-EC1B-42DA-9724-5D6A1C63CE92@ecs.soton.ac.uk> References: <0A607BC6-EC1B-42DA-9724-5D6A1C63CE92@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Thu, 23 Mar 2006 14:45:09 +0000: > Check that either a facility or priority is not set up to log in both > places, that's the most common cause of multiple logging, just duff > syslog.conf files. Sorry, I confused my shell aliases. Actually, it is logging to messages (not to mail) and to mailscanner.log. That's a syslog issue then, I'll try with news.none for messages. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From roger at rudnick.com.br Thu Mar 23 15:57:10 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Thu Mar 23 15:57:28 2006 Subject: Sendmail References: <44060193.3040109@psysolutions.com><44060941.60707@ecs.soton.ac.uk><44060F19.3070407@psysolutions.com><44061184.50003@ecs.soton.ac.uk><4406211D.6070207@psysolutions.com><8408E28D-277B-4553-91F1-E2CAEE463FCE@ecs.soton.ac.uk> <028601c64e6d$cdfcdae0$0600a8c0@roger> Message-ID: <049f01c64e92$71f9dcf0$0600a8c0@roger> I'll already solved it... Postfix should not be installed in my server, it is not used anyway... I removed it and no the upgrade runned fine... Regards Roger Jochem ----- Original Message ----- From: "Roger Jochem" To: "MailScanner discussion" Sent: Thursday, March 23, 2006 8:34 AM Subject: Sendmail > I'm trying to upgrade Sendmail from 8.13.1 to 8.13.6, but when I try to > run the rpm --upgrade, I receive the following message: > > postfix conflicts with sendmail.8.13.6-1 > > A month ago I upgraded from sendmail 8.11 to 8.13.1 with no problem at > all... How can I solve this? > > Regards > > Roger Jochem > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From paul at welshfamily.com Thu Mar 23 21:40:19 2006 From: paul at welshfamily.com (Paul Welsh) Date: Thu Mar 23 21:41:37 2006 Subject: Sendmail Vulnerability: critical In-Reply-To: <200603231204.k2NC4FXH003778@bkserver.blacknight.ie> Message-ID: <200603232141.k2NLePf2010846@bkserver.blacknight.ie> > Date: Thu, 23 Mar 2006 06:49:10 -0500 > From: "Dave" > Subject: Re: Sendmail Vulnerability: critical > I'm checking the fedoralegacy site for sendmail rpms i > can get via yum > and am not seeing them. Does anyone know of a yum repository > that has rh9, > to fc3 updated sendmail rpms? > Thanks. > Dave. I'm in the same position, Dave. My current (but soon to be replaced) server is running RH9. I just installed the legacy yum (thanks Matt Kettler for pointing this out) but on running yum update I find I've a list of 85 updates which I'm loathe to install on a live server unless they're absolutely critical - see http://www.secondarymail.net/updates.txt for the list yum presented to me. I reckon my best option is to wait for the updated Sendmail to be put on http://download.fedoralegacy.org/redhat/9/updates/i386/ and use the "yum install " option to install just the updated Sendmail. Does that make sense? From hermit921 at yahoo.com Thu Mar 23 22:28:23 2006 From: hermit921 at yahoo.com (hermit921) Date: Thu Mar 23 22:27:19 2006 Subject: grep filters to block open relay In-Reply-To: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl> References: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl> Message-ID: <6.2.1.2.2.20060323142212.037a7a60@pop.mail.yahoo.com> My company put in an Exchange server, which got listed as an open relay. They can't or won't configure Exchange to accept mail only if the recipient address is valid, and they won't put MailScanner in front of Exchange to do that. Please accept this, don't comment, move on. To block open relay functionality, they put pattern matching into place, so destination email addresses such as the ones used by relay-test.mail-abuse.org are rejected. I had never heard of this approach before. It blocks some legitimate email, of course. Is this a common practice, or even a rare practice? Any background information is appreciated. hermit921 From john at jolet.net Thu Mar 23 22:33:04 2006 From: john at jolet.net (John Jolet) Date: Thu Mar 23 22:33:00 2006 Subject: grep filters to block open relay In-Reply-To: <6.2.1.2.2.20060323142212.037a7a60@pop.mail.yahoo.com> References: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl> <6.2.1.2.2.20060323142212.037a7a60@pop.mail.yahoo.com> Message-ID: On Mar 23, 2006, at 4:28 PM, hermit921 wrote: > My company put in an Exchange server, which got listed as an open > relay. They can't or won't configure Exchange to accept mail only > if the recipient address is valid, and they won't put MailScanner > in front of Exchange to do that. Please accept this, don't > comment, move on. > > To block open relay functionality, they put pattern matching into > place, so destination email addresses such as the ones used by > relay-test.mail-abuse.org are rejected. I had never heard of this > approach before. It blocks some legitimate email, of course. Is > this a common practice, or even a rare practice? Any background > information is appreciated. > > hermit921 I know you can't "fix" the problem....you might mention to them that blocking relay REPORTING addresses might keep them off the black list, but WON'T stop the spammers looking for open relays...and that the legal liability of having that stuff contain THEIR headers is significant. especially since the've been notified and KNOW they are running an open relay. I would think whoever the compliance officer is would want to know about that...... on topic, that method is going to not be common practice as most of US would prefer to fix the underlying problem, as opposed to putting polarized lenses on it. From cstone at axint.net Thu Mar 23 22:37:13 2006 From: cstone at axint.net (Chris Stone) Date: Thu Mar 23 22:39:57 2006 Subject: Sendmail Vulnerability: critical In-Reply-To: <200603232141.k2NLePf2010846@bkserver.blacknight.ie> References: <200603232141.k2NLePf2010846@bkserver.blacknight.ie> Message-ID: <200603231537.13814@cs.axint.net> > I'm in the same position, Dave. My current (but soon to be replaced) > server is running RH9. I just installed the legacy yum (thanks Matt > Kettler for pointing this out) but on running yum update I find I've a list > of 85 updates which I'm loathe to install on a live server unless they're > absolutely critical - see http://www.secondarymail.net/updates.txt for the > list yum presented to me. > > I reckon my best option is to wait for the updated Sendmail to be put on > http://download.fedoralegacy.org/redhat/9/updates/i386/ and use the "yum > install " option to install just the updated Sendmail. I just updated a RH9 system using the 8.13.6 RPMs from http://www.city-fan.org/ftp/contrib/mail/?C=N;O=A. And this was one that had the sendmail 8.12.x installed and then 8.13.3 installed top of it compiled from source. Didn't want to recompile from source for this one so just used the RPM from city-fan and ran it with rpm -Uvh and it's working fine. Chris From hermit921 at yahoo.com Thu Mar 23 22:44:09 2006 From: hermit921 at yahoo.com (hermit921) Date: Thu Mar 23 22:43:11 2006 Subject: grep filters to block open relay In-Reply-To: References: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl> <6.2.1.2.2.20060323142212.037a7a60@pop.mail.yahoo.com> Message-ID: <6.2.1.2.2.20060323144104.03a81658@pop.mail.yahoo.com> At 02:33 PM 3/23/2006, John Jolet wrote: >On Mar 23, 2006, at 4:28 PM, hermit921 wrote: > >>My company put in an Exchange server, which got listed as an open >>relay. They can't or won't configure Exchange to accept mail only >>if the recipient address is valid, and they won't put MailScanner >>in front of Exchange to do that. Please accept this, don't >>comment, move on. >> >>To block open relay functionality, they put pattern matching into >>place, so destination email addresses such as the ones used by >>relay-test.mail-abuse.org are rejected. I had never heard of this >>approach before. It blocks some legitimate email, of course. Is >>this a common practice, or even a rare practice? Any background >>information is appreciated. >> >>hermit921 >I know you can't "fix" the problem....you might mention to them that >blocking relay REPORTING addresses might keep them off the black >list, but WON'T stop the spammers looking for open relays...and that >the legal liability of having that stuff contain THEIR headers is >significant. especially since the've been notified and KNOW they are >running an open relay. I would think whoever the compliance officer >is would want to know about that...... > >on topic, that method is going to not be common practice as most of >US would prefer to fix the underlying problem, as opposed to putting >polarized lenses on it. They are not blocking reporting addresses, they are blocking email addresses in the format used to test an open relay. For instance, to block user%ibm.com@sun.com they might block anything with a % character followed by an @ character, with any character allowed in the three other spots. I don't know if this example is accurate, but you get the general idea. hermit921 From richard.siddall at elirion.net Thu Mar 23 22:54:49 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Thu Mar 23 22:56:02 2006 Subject: Sendmail Vulnerability: critical In-Reply-To: <200603232141.k2NLePf2010846@bkserver.blacknight.ie> References: <200603232141.k2NLePf2010846@bkserver.blacknight.ie> Message-ID: <44232739.2070200@elirion.net> Paul Welsh wrote: > I'm in the same position, Dave. My current (but soon to be replaced) server > is running RH9. I just installed the legacy yum (thanks Matt Kettler for > pointing this out) but on running yum update I find I've a list of 85 > updates which I'm loathe to install on a live server unless they're > absolutely critical - see http://www.secondarymail.net/updates.txt for the > list yum presented to me. > > I reckon my best option is to wait for the updated Sendmail to be put on > http://download.fedoralegacy.org/redhat/9/updates/i386/ and use the "yum > install " option to install just the updated Sendmail. > > Does that make sense? > Paul, I believe you can do yum update which should let you apply the 85 updates in a controlled fashion. Also, to update sendmail yum update sendmail Regards, Richard Siddall From john at jolet.net Thu Mar 23 23:08:34 2006 From: john at jolet.net (John Jolet) Date: Thu Mar 23 23:08:30 2006 Subject: grep filters to block open relay In-Reply-To: <6.2.1.2.2.20060323144104.03a81658@pop.mail.yahoo.com> References: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl> <6.2.1.2.2.20060323142212.037a7a60@pop.mail.yahoo.com> <6.2.1.2.2.20060323144104.03a81658@pop.mail.yahoo.com> Message-ID: <5585A8B8-DF1C-4873-83F4-B3ED80801BEB@jolet.net> > > They are not blocking reporting addresses, they are blocking email > addresses in the format used to test an open relay. For instance, > to block user%ibm.com@sun.com they might block anything with a % > character followed by an @ character, with any character allowed in > the three other spots. I don't know if this example is accurate, > but you get the general idea. > > hermit921 > sure, but it's going to be just as ineffective, and just as legally lethal in the long run.... From mkettler at evi-inc.com Thu Mar 23 23:20:18 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Mar 23 23:20:34 2006 Subject: Sendmail Vulnerability: critical In-Reply-To: <200603232141.k2NLePf2010846@bkserver.blacknight.ie> References: <200603232141.k2NLePf2010846@bkserver.blacknight.ie> Message-ID: <44232D32.7000600@evi-inc.com> Paul Welsh wrote: > I'm in the same position, Dave. My current (but soon to be replaced) server > is running RH9. I just installed the legacy yum (thanks Matt Kettler for > pointing this out) but on running yum update I find I've a list of 85 > updates which I'm loathe to install on a live server unless they're > absolutely critical - see http://www.secondarymail.net/updates.txt for the > list yum presented to me. > > I reckon my best option is to wait for the updated Sendmail to be put on > http://download.fedoralegacy.org/redhat/9/updates/i386/ and use the "yum > install " option to install just the updated Sendmail. > > Does that make sense? Yes, but you really should consider as many of those updates as possible. AFAIK Fedora legacy *ONLY* issues critical updates for RH9, nearly all of which are security related. The only non-security one I know of is the latest glibc package (released today) appears to be adjustments for new daylight savings time rules for countries where DST rules have changed or are going to change soon: http://www.redhat.com/archives/fedora-legacy-list/2006-March/msg00172.html My general policy on updates is: 1) make sure update is a security update on http://fedoralegacy.org/updates/RH9/ 2) Find out if I'm actually using the affected package. If I am not using it, I try to uninstall it with rpm -e, and I'll cascade along deps and uninstall any deps that I'm not using either in an effort to just remove the affected package. 3) If I find that I am using the package, or a package that I am using depends on it, and it's a security update, I apply it. I'm currently running with all the updates applied (including the non-critical glibc one), with no troubles. From maillists at conactive.com Fri Mar 24 00:31:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Mar 24 00:31:32 2006 Subject: grep filters to block open relay In-Reply-To: <6.2.1.2.2.20060323142212.037a7a60@pop.mail.yahoo.com> References: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl> <6.2.1.2.2.20060323142212.037a7a60@pop.mail.yahoo.com> Message-ID: Hermit921 wrote on Thu, 23 Mar 2006 14:28:23 -0800: > They can't or won't configure Exchange to accept mail only if the > recipient address is valid AFAIK, Exchange *can* be configured to not be an open relay. > user%ibm.com@sun.com The relay tests don't work this way. They will try to send email with some tricks to addresses that are not on your machine. This includes tricks like the above. But accepting and dropping such a mail will possibly not get you on such a list. Only if that mail is received in their spamtrap then you qualify as an open relay, just accepting and not forwarding it is fine. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From james at grayonline.id.au Thu Mar 23 22:02:48 2006 From: james at grayonline.id.au (James Gray) Date: Fri Mar 24 00:53:45 2006 Subject: Sendmail Vulnerability: critical In-Reply-To: <1f8fae340603230238y67c947b0m@mail.gmail.com> References: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl> <1f8fae340603230238y67c947b0m@mail.gmail.com> Message-ID: <200603240902.49982.james@grayonline.id.au> On Thu, 23 Mar 2006 09:38 pm, Will McDonald wrote: > On 22/03/06, Stephen Swaney wrote: > > Ugo, > > > > Right now we can only update red hat systems that are registered to run > > up2date. > > > > I'll leep and eye out for the CentOS patches and I'll build a new > > sendmail-8.13.6 rpms for The 3.0 systems we've updated to > > sendmail-8.13.x. > > CentOS users, check which mirror your using/syncing from. We've been > using Sunsite UK, checking for updates today I noticed they're still > on CentOS4.2 and don't have the Sendmail updates. Mirrorservice.org > had CentOS 4.3 and the latest updates. Given that CentOS is derived from RHEL, I thought I'd mention that RHEL only got updates about 12 hours ago for Sendmail (notified via RedHat Network - RHN). It may take a little longer to filter through the CentOS mirrors. Also the 8.13.6 srpm I compiled yesterday for CentOS 4.3 has performed without a hitch - including milter-greylist. Just in case anyone is interested. Cheers, James -- Sex, Drugs & Linux Rules -- MaDsen Wikholm, mwikholm@at8.abo.fi -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060324/d148fb30/attachment.bin From hermit921 at yahoo.com Fri Mar 24 01:03:07 2006 From: hermit921 at yahoo.com (hermit921) Date: Fri Mar 24 01:02:06 2006 Subject: grep filters to block open relay In-Reply-To: References: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl> <6.2.1.2.2.20060323142212.037a7a60@pop.mail.yahoo.com> Message-ID: <6.2.1.2.2.20060323165453.026bb798@pop.mail.yahoo.com> At 04:31 PM 3/23/2006, Kai Schaetzl wrote: >Hermit921 wrote on Thu, 23 Mar 2006 14:28:23 -0800: > > > They can't or won't configure Exchange to accept mail only if the > > recipient address is valid > >AFAIK, Exchange *can* be configured to not be an open relay. > > > user%ibm.com@sun.com > >The relay tests don't work this way. They will try to send email with some >tricks to addresses that are not on your machine. This includes tricks >like the above. But accepting and dropping such a mail will possibly not >get you on such a list. Only if that mail is received in their spamtrap >then you qualify as an open relay, just accepting and not forwarding it is >fine. > >Kai The actual address (slightly edited) used was "marvin@marvin.tester.org"@mydomain.com and that mail got returned to the sender at tester.org. Therefore it is an open relay. What the Exchange admins did (after they got listed as an open relay) is reject any message that matches some character pattern that would catch this email address. Don't ask me how silly this is - I feel like screaming. I just want to know if anyone else has ever heard of this type of filtering being done. hermit921 From steve.swaney at fsl.com Fri Mar 24 02:27:52 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Fri Mar 24 02:27:56 2006 Subject: grep filters to block open relay In-Reply-To: Message-ID: <03e901c64eea$8dafcba0$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Kai Schaetzl > Sent: Thursday, March 23, 2006 7:31 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: grep filters to block open relay > > Hermit921 wrote on Thu, 23 Mar 2006 14:28:23 -0800: > > > They can't or won't configure Exchange to accept mail only if the > > recipient address is valid > > AFAIK, Exchange *can* be configured to not be an open relay. > > > user%ibm.com@sun.com > > The relay tests don't work this way. They will try to send email with some > tricks to addresses that are not on your machine. This includes tricks > like the above. But accepting and dropping such a mail will possibly not > get you on such a list. Only if that mail is received in their spamtrap > then you qualify as an open relay, just accepting and not forwarding it is > fine. > > Kai Actually Exchange before Exchange 2003 cannot be configured to reject email for unknown users :( The default install of Exchange 2003 also accepts email for unknown users and then sends a: "Sorry, I'm so brain dead that I'll accept email for any address at this domain but the user you tried to send email to, Viagra@mysillydomain.com, doesn't have an account on this server so I'm sending you this useless message that will sit in my outbound queue for 5 days wasting my resources, because the address I'm trying to send to is bogus and won't accept the message" Message back to the sender of the dictionary attack. It's not even easy to find out how to configure Exchange 2003 to correctly reject email for unknown users. That why we put "Milter-ahead and Exchange settings" on our web site: http://www.fsl.com/support/Milter-Ahead-Exchange-Settings.pdf I'm not a Microsoft Exchange hater. A lot of companies use it for the very good reason it does a lot of things very well; if you have the money and resources to run it. The last firm I consulted for had +100 Exchange servers and an entire 22,000 sq. ft. floor of MS Exchange administrators. But I would never connect an Exchange server directly to the Internet. I came to start FSL after many years of consulting with large Wall Street Investment houses and I can assure you that: 1. Most Wall Street firms use Exchange 2. None of their Exchange servers are directly connected to the Internet 3. They all behind Unix/Linux gateways There is a reason for this. These firms have a lot of money to protect and most of their administrators are pretty good, pretty smart people :) G'night Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From ugob at camo-route.com Fri Mar 24 03:52:24 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Fri Mar 24 03:52:45 2006 Subject: grep filters to block open relay In-Reply-To: <03e901c64eea$8dafcba0$287ba8c0@office.fsl> References: <03e901c64eea$8dafcba0$287ba8c0@office.fsl> Message-ID: Stephen Swaney wrote: > > "Sorry, I'm so brain dead that I'll accept email for any address at this > domain but the user you tried to send email to, Viagra@mysillydomain.com, > doesn't have an account on this server so I'm sending you this useless > message that will sit in my outbound queue for 5 days wasting my resources, > because the address I'm trying to send to is bogus and won't accept the > message" LOL! From dhawal at netmagicsolutions.com Fri Mar 24 08:39:22 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Mar 24 08:39:29 2006 Subject: grep filters to block open relay In-Reply-To: <6.2.1.2.2.20060323165453.026bb798@pop.mail.yahoo.com> References: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl> <6.2.1.2.2.20060323142212.037a7a60@pop.mail.yahoo.com> <6.2.1.2.2.20060323165453.026bb798@pop.mail.yahoo.com> Message-ID: <20060324083922.3092.qmail@mymail.netmagicians.com> hermit921 writes: [SNIP] > > Don't ask me how silly this is - I feel like screaming. > I just want to know if anyone else has ever heard of this type of > filtering being done. qmail has a patch to specifically block these kind of patterns.. silly yes, but some open-relay (ordb or dsbl i can't remember) test would get my qmail servers listed for this very reason. (this was years back and i am not sure if this is still the case) - dhawal **************** CAUTION - Disclaimer ***************** This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail requesting deletion of the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. NetMagic Solutions Pvt. Ltd. has taken every reasonable precaution to minimize the risk of virus infection & spam, but is not liable for any damage, you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. NetMagic Solutions Pvt. Ltd. reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the NetMagic Solutions Pvt. Ltd.'s e-mail system. ***************** End of Disclaimer ******************* From housey at sme-ecom.co.uk Fri Mar 24 09:04:49 2006 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Fri Mar 24 09:05:03 2006 Subject: Sendmail Upgrade Message-ID: Hi I upgraded sendmail on my Fedora Core 2 system to 8.13.6, I was on 8.12..... Ive noticed this morning that Mailscanner is saying "New Batch Found 150 messages waiting" and doesnt seem to decrease. I took a look in /var/spool/mqueue.in and can see I have lots of qf files with no matching df. I thought this could be due to my "Lock Type" setting in MailScanner.conf, I have it set to Lock Type = and the comments say it defaults to posix which should be ok for 8.13? Any ideas? Kind Regards Paul From housey at sme-ecom.co.uk Fri Mar 24 09:56:30 2006 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Fri Mar 24 09:56:33 2006 Subject: Sendmail Upgrade In-Reply-To: Message-ID: Emm just noticed the maillog was saying "Using locktype = flock" Ive just changed MailScanner.conf to Lock Type = posix and the maillog is now saying "Using locktype = posix" The comments in the conf file say its posix by default - I didnt have it set and it seemed to default to flock. Anway seems to be ok now. Paul -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Paul Houselander Sent: 24 March 2006 09:05 To: MailScanner Mailing List Subject: Sendmail Upgrade Hi I upgraded sendmail on my Fedora Core 2 system to 8.13.6, I was on 8.12..... Ive noticed this morning that Mailscanner is saying "New Batch Found 150 messages waiting" and doesnt seem to decrease. I took a look in /var/spool/mqueue.in and can see I have lots of qf files with no matching df. I thought this could be due to my "Lock Type" setting in MailScanner.conf, I have it set to Lock Type = and the comments say it defaults to posix which should be ok for 8.13? Any ideas? Kind Regards Paul -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This message has been scanned for unacceptable content by 'VITANIUM' the industry leading email virus and content management service from Vitanium Systems. Contact details are available at www.vitanium.com. From roger at rudnick.com.br Fri Mar 24 10:23:02 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Fri Mar 24 10:23:12 2006 Subject: Sendmail Upgrade, other problem References: Message-ID: <00c201c64f2c$ef3e2320$0600a8c0@roger> After the sendmail upgrade to 8.13.6, some of my messages come with no body, and the text "<<< No Message Collected >>>" in the body... They appear twice in the users inbox, one with this body, and one ok message (with the original body). In Mailwatch this messages appear with two times the header info. Very strange... Anybody facing the same problem, or maybe could give some ideas of what's causing that? Regards Roger Jochem From shrek-m at gmx.de Fri Mar 24 10:36:12 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Fri Mar 24 10:36:25 2006 Subject: Sendmail Upgrade In-Reply-To: References: Message-ID: <4423CB9C.6040404@gmx.de> On 24.03.2006 10:04, Paul Houselander wrote: >I upgraded sendmail on my Fedora Core 2 system > how ? >to 8.13.6, > from where ? > I was on 8.12..... > > ---- $ wget -cr http://download.fedoralegacy.org/fedora/2/updates/i386/sendmail-8.12.11-4.26.legacy.i386.rpm $ rpm -qp --changelog --nosignature download.fedoralegacy.org/fedora/2/updates/i386/sendmail-8.12.11-4.26.legacy.i386.rpm | head * Mi M?r 22 2006 Jesse Keating - 8.12.11-4.26.legacy - fixed VU#834865 (#186277) * Fr Apr 16 2004 Dan Walsh 8.12.11-4.6 - Fix selinuxenabled location * Do Apr 08 2004 Dan Walsh 8.12.11-4.5 ---- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=186277 >I thought this could be due to my "Lock Type" setting in MailScanner.conf, > mailscanner 0.0.0-0 ? > I have it set to >Lock Type = >and the comments say it defaults to posix which should be ok for 8.13? > > my fc3 sendmail @home ---- /etc/MailScanner/MailScanner.conf ---- # How to lock spool files. # Don't set this unless you *know* you need to. # For sendmail, it defaults to "flock". # For sendmail 8.13 onwards, you will probably need to change it to posix. # For Exim, it defaults to "posix". # No other type is implemented. Lock Type = -------- $ rpm -q mailscanner sendmail mailscanner-4.50.15-1 sendmail-8.13.1-2 has no problems. >Any ideas? > # LANG=C chkconfig sendmail --list sendmail 0:off 1:off 2:off 3:off 4:off 5:off 6:off *.rpmsave *.rpmnew config-files # tail -f /var/log/messages # tail -f /var/log/maillog # service sendmail stop # service MailScanner stop # service MailScanner start -- shrek-m From housey at sme-ecom.co.uk Fri Mar 24 10:39:07 2006 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Fri Mar 24 10:39:14 2006 Subject: Sendmail Upgrade, other problem In-Reply-To: <00c201c64f2c$ef3e2320$0600a8c0@roger> Message-ID: Could be the same problem I posted about this morning. Check your maillog - do a grep for "locktype" If its says "flock" you need to change the "Lock Type" directive in MailScanner.conf Change it to Lock Type = posix 8.13 uses posix and according to the comments in the conf 8.12 and older used flock. Paul -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Roger Jochem Sent: 24 March 2006 10:23 To: MailScanner discussion Subject: Sendmail Upgrade, other problem After the sendmail upgrade to 8.13.6, some of my messages come with no body, and the text "<<< No Message Collected >>>" in the body... They appear twice in the users inbox, one with this body, and one ok message (with the original body). In Mailwatch this messages appear with two times the header info. Very strange... Anybody facing the same problem, or maybe could give some ideas of what's causing that? Regards Roger Jochem -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This message has been scanned for unacceptable content by 'VITANIUM' the industry leading email virus and content management service from Vitanium Systems. Contact details are available at www.vitanium.com. From roger at rudnick.com.br Fri Mar 24 10:54:13 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Fri Mar 24 10:54:24 2006 Subject: Sendmail Upgrade, other problem References: Message-ID: <018b01c64f31$4a0bd8c0$0600a8c0@roger> It says "posix". And I upgraded from 8.13.1 to 8.13.6. My lock type was already in posix in 8.13.1, and working fine... ----- Original Message ----- From: "Paul Houselander" To: "MailScanner discussion" Sent: Friday, March 24, 2006 7:39 AM Subject: RE: Sendmail Upgrade, other problem > Could be the same problem I posted about this morning. > > Check your maillog - do a grep for "locktype" > > If its says "flock" you need to change the "Lock Type" directive in > MailScanner.conf > > Change it to > > Lock Type = posix > > 8.13 uses posix and according to the comments in the conf 8.12 and older > used flock. > > Paul > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Roger > Jochem > Sent: 24 March 2006 10:23 > To: MailScanner discussion > Subject: Sendmail Upgrade, other problem > > > After the sendmail upgrade to 8.13.6, some of my messages come with no > body, > and the text "<<< No Message Collected >>>" in the body... They appear > twice > in the users inbox, one with this body, and one ok message (with the > original body). > > In Mailwatch this messages appear with two times the header info. Very > strange... > > Anybody facing the same problem, or maybe could give some ideas of what's > causing that? > > Regards > > Roger Jochem > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > This message has been scanned for unacceptable content by 'VITANIUM' > the industry leading email virus and content management service from > Vitanium Systems. Contact details are available at www.vitanium.com. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From housey at sme-ecom.co.uk Fri Mar 24 11:05:49 2006 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Fri Mar 24 11:05:51 2006 Subject: Sendmail Upgrade In-Reply-To: <4423CB9C.6040404@gmx.de> Message-ID: http://www.city-fan.org/ftp/contrib/mail/ Was posted by someone yesterday, donwloaded them and just did an rpm -Uvh sendmail* and went on without any problems, tested quite ab bit of a test system first though. Paul -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of shrek-m@gmx.de Sent: 24 March 2006 10:36 To: MailScanner discussion Subject: Re: Sendmail Upgrade On 24.03.2006 10:04, Paul Houselander wrote: >I upgraded sendmail on my Fedora Core 2 system > how ? >to 8.13.6, > from where ? > I was on 8.12..... > > ---- $ wget -cr http://download.fedoralegacy.org/fedora/2/updates/i386/sendmail-8.12.11-4.26 .legacy.i386.rpm $ rpm -qp --changelog --nosignature download.fedoralegacy.org/fedora/2/updates/i386/sendmail-8.12.11-4.26.legacy .i386.rpm | head * Mi M?r 22 2006 Jesse Keating - 8.12.11-4.26.legacy - fixed VU#834865 (#186277) * Fr Apr 16 2004 Dan Walsh 8.12.11-4.6 - Fix selinuxenabled location * Do Apr 08 2004 Dan Walsh 8.12.11-4.5 ---- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=186277 >I thought this could be due to my "Lock Type" setting in MailScanner.conf, > mailscanner 0.0.0-0 ? > I have it set to >Lock Type = >and the comments say it defaults to posix which should be ok for 8.13? > > my fc3 sendmail @home ---- /etc/MailScanner/MailScanner.conf ---- # How to lock spool files. # Don't set this unless you *know* you need to. # For sendmail, it defaults to "flock". # For sendmail 8.13 onwards, you will probably need to change it to posix. # For Exim, it defaults to "posix". # No other type is implemented. Lock Type = -------- $ rpm -q mailscanner sendmail mailscanner-4.50.15-1 sendmail-8.13.1-2 has no problems. >Any ideas? > # LANG=C chkconfig sendmail --list sendmail 0:off 1:off 2:off 3:off 4:off 5:off 6:off *.rpmsave *.rpmnew config-files # tail -f /var/log/messages # tail -f /var/log/maillog # service sendmail stop # service MailScanner stop # service MailScanner start -- shrek-m -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This message has been scanned for unacceptable content by 'VITANIUM' the industry leading email virus and content management service from Vitanium Systems. Contact details are available at www.vitanium.com. From maillists at conactive.com Fri Mar 24 11:31:15 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Mar 24 11:31:19 2006 Subject: grep filters to block open relay In-Reply-To: <6.2.1.2.2.20060323165453.026bb798@pop.mail.yahoo.com> References: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl> <6.2.1.2.2.20060323142212.037a7a60@pop.mail.yahoo.com> <6.2.1.2.2.20060323165453.026bb798@pop.mail.yahoo.com> Message-ID: Hermit921 wrote on Thu, 23 Mar 2006 17:03:07 -0800: > and that mail got returned to the sender at tester.org. Therefore it is an > open relay. Of course, but that is not what you said earlier. You just said you (your vendor) accepted them, nothing about forwarding. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Fri Mar 24 12:31:39 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Mar 24 12:31:43 2006 Subject: grep filters to block open relay In-Reply-To: <03e901c64eea$8dafcba0$287ba8c0@office.fsl> References: <03e901c64eea$8dafcba0$287ba8c0@office.fsl> Message-ID: Stephen Swaney wrote on Thu, 23 Mar 2006 21:27:52 -0500: > Actually Exchange before Exchange 2003 cannot be configured to reject email > for unknown users :( I wrote "can be configured to not be an open relay" ;-) Just accepting unknown users in the domain isn't an open relay. That Exchange isn't a product one likes to administer is for sure, f.i. older versions of Exchange tried by default to forward external non-envelope (!) addresses. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Fri Mar 24 12:31:39 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Mar 24 12:31:46 2006 Subject: Sendmail Upgrade, other problem In-Reply-To: <018b01c64f31$4a0bd8c0$0600a8c0@roger> References: <018b01c64f31$4a0bd8c0$0600a8c0@roger> Message-ID: Roger Jochem wrote on Fri, 24 Mar 2006 07:54:13 -0300: > It says "posix". > > And I upgraded from 8.13.1 to 8.13.6. My lock type was already in posix in > 8.13.1, and working fine... so far flock and 8.13 works fone for me on a (at the moment) low traffic machine. Does the problem display only with higher volume? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From martin.lyberg at gmail.com Fri Mar 24 13:43:09 2006 From: martin.lyberg at gmail.com (Martin) Date: Fri Mar 24 13:43:12 2006 Subject: Headers appearing in body of mail?! Message-ID: Hi, I'm experimenting with an installation of Mailscanner + Clamav + Postfix + SpamAssassin on Debian. The machine acts as a gateway to our internal Exchangeserver. For some odd reason, all mails get the following added to the body instead of the header: "X-MailScanner-Information Please contact the ISP for more information X-ID-MailScanner: Found to be clean X-ID-MailScanner-From: myemail@com X-Spam-Status: No testing...testing.." I don't know where to start troubleshooting this issue. Any advice? Thanks in advance. Martin From MailScanner at ecs.soton.ac.uk Fri Mar 24 13:59:17 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 24 13:59:26 2006 Subject: Headers appearing in body of mail?! In-Reply-To: References: Message-ID: <9C79F0BD-8883-48CC-9EB6-3B4D18647C43@ecs.soton.ac.uk> Look at your header definitions in MailScanner.conf. The X- MailScanner-Information header is missing its trailing ":". Also make sure your %org-name% doesn't have any spaces in it. On 24 Mar 2006, at 13:43, Martin wrote: > Hi, > > I'm experimenting with an installation of Mailscanner + Clamav + > Postfix + SpamAssassin on Debian. > > The machine acts as a gateway to our internal Exchangeserver. For some > odd reason, all mails get the following added to the body instead of > the header: > > "X-MailScanner-Information Please contact the ISP for more information > X-ID-MailScanner: Found to be clean > X-ID-MailScanner-From: myemail@com > X-Spam-Status: No > > testing...testing.." > > I don't know where to start troubleshooting this issue. Any advice? > > Thanks in advance. > > Martin > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martin.lyberg at gmail.com Fri Mar 24 14:59:28 2006 From: martin.lyberg at gmail.com (Martin) Date: Fri Mar 24 14:59:31 2006 Subject: Headers appearing in body of mail?! In-Reply-To: <9C79F0BD-8883-48CC-9EB6-3B4D18647C43@ecs.soton.ac.uk> References: <9C79F0BD-8883-48CC-9EB6-3B4D18647C43@ecs.soton.ac.uk> Message-ID: Julian, Ah.. Thanks alot! The trailing ":" was the problem. Now it's working as it should. Dunno why it was missing though, i haven't changed it. Anyway, everything's working now. Thank you! On 3/24/06, Julian Field wrote: > Look at your header definitions in MailScanner.conf. The X- > MailScanner-Information header is missing its trailing ":". > > Also make sure your %org-name% doesn't have any spaces in it. > > On 24 Mar 2006, at 13:43, Martin wrote: > > > Hi, > > > > I'm experimenting with an installation of Mailscanner + Clamav + > > Postfix + SpamAssassin on Debian. > > > > The machine acts as a gateway to our internal Exchangeserver. For some > > odd reason, all mails get the following added to the body instead of > > the header: > > > > "X-MailScanner-Information Please contact the ISP for more information > > X-ID-MailScanner: Found to be clean > > X-ID-MailScanner-From: myemail@com > > X-Spam-Status: No > > > > testing...testing.." > > > > I don't know where to start troubleshooting this issue. Any advice? > > > > Thanks in advance. > > > > Martin > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From tdeering at comcast.net Fri Mar 24 16:01:04 2006 From: tdeering at comcast.net (tdeering@comcast.net) Date: Fri Mar 24 16:01:09 2006 Subject: Exim process problem Message-ID: <032420061601.8033.442417C00009AEED00001F6122007613940902079D0A0A0B9B@comcast.net> I am having a problem when MailScanner is restarted that only one of the exim processes is stopped. Once mailscanner restarts I now how one inbound exim process and two outbound processes. Each time that MailScanner is restarted it will add another outbound process, but not stop the original outbound process. If I manually stop MailScanner twice then start it again this does not happen. Any ideas as to why this process does not stop when restarting MailScanner? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060324/914fff52/attachment.html From sadattipu at arsk.net Sun Mar 12 06:32:32 2006 From: sadattipu at arsk.net (sadattipu@arsk.net) Date: Fri Mar 24 16:19:17 2006 Subject: Process did not exit cleanly, returned 255 with signal 0 Message-ID: HI, i m getting this msg in /var/log/message root: Process did not exit cleanly, returned 255 with signal 0 Can anyone help? Tipu -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From info at w4r.nl Mon Mar 13 12:06:43 2006 From: info at w4r.nl (Roger Berger) Date: Fri Mar 24 16:19:21 2006 Subject: Freebsd-sendmail upgrade problem Message-ID: <006e01c64696$997f3fd0$2201a8c0@WERKSTATION1> Hi there, I upgraded this morning from 4.49.5 to 4.50_15 from ports on freebsd 4.10. After the upgrade I am not able to start sendmail any more with /usr/local/etc/rc.d/mta.sh start I get this error: s1# /usr/local/etc/rc.d/mta.sh restart ===> mta profile: incoming You must define a configuration file (mta_incoming_configfile) ===> mta profile: outgoing You must define a configuration file (mta_outgoing_configfile) ===> mta profile: submitqueue You must define a configuration file (mta_submitqueue_configfile) I put this in my /etc/rc.conf sendmail_enable="NONE" mailscanner_enable="YES" mailscanner_configfile="/usr/local/etc/MailScanner/MailScanner.conf" mailscanner_pidfile="/var/run/MailScanner.pid" mta_enable="YES" mta_type="sendmail" mta_configfile="/etc/mail/sendmail.cf" mta_profiles="incoming outgoing submitqueue" mta_incoming_flags="-L sm-mta-in -bd -OPrivacyOptions=noetrn -OQueueDirectory=/var/spool/mqueue.in -ODeliveryMode=queueonly" mta_incoming_pidfile="/var/run/sendmail_in.pid" mta_outgoing_flags="-L sm-mta-out -q15m" mta_outgoing_pidfile="/var/run/sendmail_out.pid" mta_submitqueue_flags="-L sm-msp-queue -Ac -q15m" mta_submitqueue_pidfile="/var/spool/clientmqueue/sm-client.pid" Like suggested in the mta.sh and several docs in the port and /usr/local/share/doc/MailScanner dirs. Where should I define these configfiles and how should they look like? Thanks, Roger From info at w4r.nl Mon Mar 13 13:18:04 2006 From: info at w4r.nl (Roger Berger) Date: Fri Mar 24 16:19:25 2006 Subject: Freebsd-sendmail upgrade problem (SOLVED!) Message-ID: <007401c646a0$91e14890$2201a8c0@WERKSTATION1> OK, I found a message from the maintainer that there was a bug in this port and how to correct it. Works great now. Thanks, Roger From jkf at ecs.soton.ac.uk Sun Mar 19 21:40:49 2006 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 24 16:19:30 2006 Subject: Archive only non spam tagged messages In-Reply-To: <200603141331.16951.leah@frauerpower.com> References: <200603141331.16951.leah@frauerpower.com> Message-ID: <441DCFE1.1090808@ecs.soton.ac.uk> You just need a custom function which does a sub ArchiveNonSpam { my($this) = shift; @{$this->{archiveplaces}} = () unless @{$this->{archiveplaces}}; push @{$this->{archiveplaces}}, "/your/path/to/archive/to" unless $this->{isspam}; } Leah Cunningham wrote: > I'm using the Archive setting and was wondering if anyone has a way to set it > to only archive messages that are not tagged as spam specifically? It seems > to grab everything by default. Maybe someone has a plugin or hook function > that would do it? > -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From A.Barker at ucl.ac.uk Wed Mar 22 16:59:26 2006 From: A.Barker at ucl.ac.uk (Adrian Barker) Date: Fri Mar 24 16:19:36 2006 Subject: Problem with MailScanner/DBD-SQLite on Solaris 8 In-Reply-To: <200603221526.k2MFQPA08585@sun-226.is-eisd.ucl.ac.uk> References: <200603221526.k2MFQPA08585@sun-226.is-eisd.ucl.ac.uk> Message-ID: <4421826E.2010600@ucl.ac.uk> A.Barker@ucl.ac.uk wrote: > Is anyone else having problems installing MailScanner (4.51.6-1) on > Solaris 8 due to DBD-SQLite ? There is an entry about this in the > MAQ, which fixes the undefined symbol problem, but a 'make test' then > fails with: > > t/00basic...............ok t/01logon...............ok > t/02cr_table............DBD::SQLite::db do failed: not an error(21) > at dbdimp.c line 398 at t/02cr_table.t line 10. DBD::SQLite::st > execute failed: not an error(21) at dbdimp.c line 398 at > t/02cr_table.t line 12. # Failed test 2 in t/02cr_table.t at line 12 > # Failed test 3 in t/02cr_table.t at line 14 ... > > > This is with DBD-SQLite-1.11. > > > Adrian Barker, Information Systems University College London, Gower > Street, London WC1E 6BT External phone: (+44) 020 7679 2795, Fax > (+44) 20 7388 5406 Internal phone: x 32795 Email: A.Barker@ucl.ac.uk > A solution to this problem has been found at: http://www.mail-archive.com/sqlite-users@sqlite.org/msg13591.html which states: > You'll need to go into dbdimp.c and change the two calls to > sqlite3_prepare() so that the third argument is -1 rather than zero. > This is due to the change in check-in 3047. Adrian Barker, University College London. From barismunir at barkombilgisayar.com.tr Wed Mar 22 22:33:56 2006 From: barismunir at barkombilgisayar.com.tr (=?ISO-8859-1?Q?Baris_M=FCnir?=) Date: Fri Mar 24 16:19:40 2006 Subject: Email missing for some of recipients References: <00af01c63819$46e2e2d0$8d00a8c0@HITHKG.hankyu.com.hk> <20060223043305.6946.qmail@web50610.mail.yahoo.com> Message-ID: <00b901c64e00$b51cfc20$0201a8c0@baris> hi, i am using MailScanner/Postfix and i have same problems too..... If a mail is sent to three persons two will receive it one will not receive it. What is this? is it a bug? ----- Original Message ----- From: Devi S Newsgroups: gmane.mail.virus.mailscanner Sent: Thursday, February 23, 2006 6:33 AM Subject: Re: Email missing for some of recipients Terry WONG/ Hankyu HKG wrote: Hello, I'm using Mailscanner 4.40.11-1 on Redhat Linux 9. I often having trouble on lost email messages. Usually the email will be send to several users and CC several users too. I saw in the Mailwatch showing the message were successfully deliver to those users. However, some users complains they haven't got such message while some of them have. I suspect this situation was caused by the Mailscanner overloaded. Would anyone having the same problem could give me some hints to solve this problem? Thanks!! Terry, The same whimsical problem I am also facing. Are! you using sendmail? Are your users using Microsoft Outlook 2003? These are my findings but i have not solved the problem but avoided it, 1. Mail sent in HTML format from Microsoft outlook 2003 are the candidate for these "missing mails" 2. If a mail is sent to three persons two will receive it one will not receive it 3. I stopped MailScanner and tried sending the mail, again the user who didn't receive the mail still didn't receive it. 4. The message id of these mails are very lenghty. 5. If the users send the same mail in RTF format the mails reaches the user without any issue 6. Not all mails sent in HTML format will get missed, meaning some will reach SAFELY So I advised my user group not to use HTML format while sending mails instead use RTF format. After this t he situation is fairly under control. No one has complained of missing mails. But I am su! re I have not solved the problem but avoided it! Regards Devi S. Our greatest glory is not in never falling- but in rising every time we fall - Confucius ------------------------------------------------------------------------------ What are the most popular cars? Find out at Yahoo! Autos ------------------------------------------------------------------------------ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060323/51ac5115/attachment.html From tromas at dc-co.com Thu Mar 23 12:00:01 2006 From: tromas at dc-co.com (Massimo Trovato) Date: Fri Mar 24 16:19:43 2006 Subject: Mailscanner + Sendmail Message-ID: I have insert in MailScanner.conf Max Children = 5 but start only 1 service and sometime the only service running go down. Do you have idea ? root 4951 0.0 0.9 24380 19384 ? Ss 12:15 0:00 MailScanner: starting child root 4952 0.0 1.4 36376 29248 ? S 12:15 0:01 MailScanner: waiting for messages root 6818 3.8 0.0 0 0 ? Z 12:45 0:01 [MailScanner] root 6827 5.1 0.0 0 0 ? Z 12:46 0:01 [MailScanner] root 6865 7.8 0.0 0 0 ? Z 12:46 0:01 [MailScanner] root 6890 16.4 0.0 0 0 ? Z 12:46 0:01 [MailScanner] root 4924 0.0 0.1 8012 3352 ? Ss 12:15 0:00 sendmail: accepting connections smmsp 4928 0.0 0.1 6576 2596 ? Ss 12:15 0:00 sendmail: Queue runner@00:15:00 for /var/spool/clientmqueue root 4933 0.0 0.1 8224 2704 ? Ss 12:15 0:00 sendmail: Queue runner@00:15:00 for /var/spool/mqueue Regards Massimo Trovato -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060323/76a1bb00/attachment.html From bburns at aeroflex.com Fri Mar 24 02:53:47 2006 From: bburns at aeroflex.com (bburns@aeroflex.com) Date: Fri Mar 24 16:19:46 2006 Subject: Sendmail Vulnerability: critical In-Reply-To: <200603240902.49982.james@grayonline.id.au> References: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl><1f8fae340603230238y67c947b0m@mail.gmail.com> <200603240902.49982.james@grayonline.id.au> Message-ID: <55497.24.184.86.155.1143168827.squirrel@webmail.aeroflex.com> re: sendmail on older versions of RedHat Did anyone try the old "errata" trick? 1) install the sendmail source from a currently maintained version of RedHat/Fedora 2) change the errata variable in the specfile as described here: http://www.zlatkovic.com/sendmail.en.html 3)cd to the directory containing SPEC files and... > rpmbuild -ba sendmail*.spec 4)cd to the directory that newly built RPMS reside in and... > rpm -ivh sendmail*.rpm I don't have an older RedHat that needs a sendmail update right now, but I'm curious to hear if this method still works. -Bill > On Thu, 23 Mar 2006 09:38 pm, Will McDonald wrote: >> On 22/03/06, Stephen Swaney wrote: >> > Ugo, >> > >> > Right now we can only update red hat systems that are registered to >> run >> > up2date. >> > >> > I'll leep and eye out for the CentOS patches and I'll build a new >> > sendmail-8.13.6 rpms for The 3.0 systems we've updated to >> > sendmail-8.13.x. >> >> CentOS users, check which mirror your using/syncing from. We've been >> using Sunsite UK, checking for updates today I noticed they're still >> on CentOS4.2 and don't have the Sendmail updates. Mirrorservice.org >> had CentOS 4.3 and the latest updates. > > Given that CentOS is derived from RHEL, I thought I'd mention that RHEL > only > got updates about 12 hours ago for Sendmail (notified via RedHat Network - > RHN). It may take a little longer to filter through the CentOS mirrors. > > Also the 8.13.6 srpm I compiled yesterday for CentOS 4.3 has performed > without > a hitch - including milter-greylist. Just in case anyone is interested. > > Cheers, > > James > -- > Sex, Drugs & Linux Rules > -- MaDsen Wikholm, mwikholm@at8.abo.fi > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Notice: This e-mail is intended solely for use of the individual or entity to which it is addressed and may contain information that is proprietary, privileged, company confidential and/or exempt from disclosure under applicable law. If the reader is not the intended recipient or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. This communication may also contain data subject to the International Traffic in Arms Regulations or U.S. Export Administration Regulations and cannot be disseminated, distributed or copied to foreign nationals, residing in the U.S. or abroad, without the prior approval of the U.S. Department of State or appropriate export licensing authority. If you have received this communication in error, please notify the sender by reply e-mail or collect telephone call and delete or destroy all copies of this e-mail message, any physical copies made of this e-mail message and/or any file attachment(s). From MailScanner at ecs.soton.ac.uk Fri Mar 24 09:10:38 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 24 16:25:13 2006 Subject: Sendmail Upgrade In-Reply-To: References: Message-ID: <55CA72E9-5763-4F3D-8C88-9F2F8E40619B@ecs.soton.ac.uk> On 24 Mar 2006, at 09:04, Paul Houselander wrote: > Hi > > I upgraded sendmail on my Fedora Core 2 system to 8.13.6, I was on > 8.12..... > > Ive noticed this morning that Mailscanner is saying > > "New Batch Found 150 messages waiting" > > and doesnt seem to decrease. > > I took a look in /var/spool/mqueue.in and can see I have lots of qf > files > with no matching df. > > I thought this could be due to my "Lock Type" setting in > MailScanner.conf, I > have it set to > > Lock Type = > > and the comments say it defaults to posix which should be ok for 8.13? That's all quite correct. The orphaned qf files are no use to you, so you might as well delete them and clean up your queue. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Fri Mar 24 16:31:20 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Mar 24 16:31:24 2006 Subject: Mailscanner + Sendmail In-Reply-To: References: Message-ID: Massimo Trovato wrote on Thu, 23 Mar 2006 13:00:01 +0100: > Do you have idea ? First thing: look in the logs. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From bhoppe at ti.com Fri Mar 24 16:31:40 2006 From: bhoppe at ti.com (Brandon Hoppe) Date: Fri Mar 24 16:32:04 2006 Subject: How do I block a domain from the recieved portion of headers In-Reply-To: <4421BAE1.7030001@ti.com> References: <0b3201c64de8$36247c30$287ba8c0@office.fsl> <4421BAE1.7030001@ti.com> Message-ID: <44241EEC.3070608@ti.com> Brandon Hoppe wrote: > >> Look at adding bogus HELO checking to sendmail. Download: >> >> http://www.cs.niu.edu/~rickert/cf/hack/block_bad_helo.m4 >> >> Install the contents as /usr/share/sendmail-cf/hack/block_bad_helo.m4 >> >> Then add the line below line to the top of your sendmail.mc file >> right after >> the line "include(`/usr/share/sendmail-cf/m4/cf.m4')dnl": >> >> Here is the line to add: >> >> include(`/usr/share/sendmail-cf/hack/block_bad_helo.m4')dnl: >> >> The rebuild your sendmail.cf file: >> >> m4 sendmail.mc > sendmail.cf >> >> Then restart MailScanner. >> > Ok, i've created the block_bad_helo.m4 file under > /sendmail/cf/m4 > > Now, in my sendmail.mc file, I didn't have the include line of cf.m4. > I'm on sendmail 8.13.3 currently. This is my current sendmail.mc file: > > divert(-1) > divert(0)dnl > VERSIONID(`$Id: generic-solaris.mc,v 8.13 2001/06/27 21:46:30 gshapiro > Exp $') > OSTYPE(solaris2)dnl > DOMAIN(generic)dnl > define(`confAUTH_OPTIONS', `A')dnl > define(`confAUTH_MECHANISMS',`LOGIN PLAIN')dnl > define(`SMART_HOST', `outgoing.verizon.net') > TRUST_AUTH_MECH(`LOGIN PLAIN')dnl > FEATURE(`virtusertable', `dbm /etc/mail/virtusertable')dnl > FEATURE(`authinfo', `dbm /etc/mail/authinfo')dnl > FEATURE(`masquerade_envelope')dnl > FEATURE(dnsbl)dnl > FEATURE(`dnsbl', `sbl.spamhaus.org', `Spam blocked see: > http://spamhaus.org/')dnl > FEATURE(`dnsbl', `bl.spamcop.net', `"Spam blocked see: > http://spamcop.net/bl.shtml?"$&{client_addr}')dnl > FEATURE(`dnsbl', `relays.ordb.org', `"550 Email rejected due to > sending server misconfiguration"')dnl > MAILER(local)dnl > MAILER(smtp)dnl > > > Now, I wasn't sure where to put it so I added these two lines after > the divert(-1) line: > > include(`../m4/cf.m4')dnl > include(`../m4/block_bad_helo.m4')dnl > > and restarted sendmail. When I send an email to my account, I get a > return message that says: > > (reason: 554 5.3.5 Infinite loop in ruleset Local_check_rcpt, rule 2) > > > Am I placing the include of the m4 files incorrectly? > > Any ideas on what I did incorrectly on the above? From glenn.steen at gmail.com Fri Mar 24 16:35:35 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Mar 24 16:35:38 2006 Subject: grep filters to block open relay In-Reply-To: <6.2.1.2.2.20060323165453.026bb798@pop.mail.yahoo.com> References: <0b0d01c64de5$3764cbc0$287ba8c0@office.fsl> <6.2.1.2.2.20060323142212.037a7a60@pop.mail.yahoo.com> <6.2.1.2.2.20060323165453.026bb798@pop.mail.yahoo.com> Message-ID: <223f97700603240835o4ba7c6fcn@mail.gmail.com> On 24/03/06, hermit921 wrote: > At 04:31 PM 3/23/2006, Kai Schaetzl wrote: > >Hermit921 wrote on Thu, 23 Mar 2006 14:28:23 -0800: > > > > > They can't or won't configure Exchange to accept mail only if the > > > recipient address is valid > > > >AFAIK, Exchange *can* be configured to not be an open relay. > > > > > user%ibm.com@sun.com > > > >The relay tests don't work this way. They will try to send email with some > >tricks to addresses that are not on your machine. This includes tricks > >like the above. But accepting and dropping such a mail will possibly not > >get you on such a list. Only if that mail is received in their spamtrap > >then you qualify as an open relay, just accepting and not forwarding it is > >fine. > > > >Kai > > The actual address (slightly edited) used was > "marvin@marvin.tester.org"@mydomain.com > and that mail got returned to the sender at tester.org. Therefore it is an > open relay. > > What the Exchange admins did (after they got listed as an open relay) is > reject any message that matches some character pattern that would catch > this email address. > > Don't ask me how silly this is - I feel like screaming. > I just want to know if anyone else has ever heard of this type of filtering > being done. > > hermit921 Only by idiots. Sorry, no better way to put it... And I strongly suspect we all join in that sentiment... It's like curing an ailing heart by removing it. Sigh. Apart from the good laugh Steve gave you (yeah, I've peeked through the thread:), the M-Sexchange settings he has should be a good start for educating your exch-admins. That and a large blunt object (If you live near Stockholm, I can loan you my LART... It's a very nice sledgehammer:). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From richard.siddall at elirion.net Fri Mar 24 16:45:33 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Fri Mar 24 16:46:09 2006 Subject: How do I block a domain from the recieved portion of headers In-Reply-To: <44241EEC.3070608@ti.com> References: <0b3201c64de8$36247c30$287ba8c0@office.fsl> <4421BAE1.7030001@ti.com> <44241EEC.3070608@ti.com> Message-ID: <4424222D.2060901@elirion.net> Brandon Hoppe wrote: [snip] >>> http://www.cs.niu.edu/~rickert/cf/hack/block_bad_helo.m4 >>> >>> Install the contents as /usr/share/sendmail-cf/hack/block_bad_helo.m4 [snip] >> Now, I wasn't sure where to put it so I added these two lines after >> the divert(-1) line: >> >> include(`../m4/cf.m4')dnl >> include(`../m4/block_bad_helo.m4')dnl [snip] > Any ideas on what I did incorrectly on the above? > Brandon, Try taking out the two include lines and putting a line HACK(`block_bad_helo')dnl in your .mc file between the last FEATURE and the first MAILER. I haven't tried this, but I think it should work if you've put block_bad_helo.m4 in the right directory. Regards, Richard Siddall From MailScanner at ecs.soton.ac.uk Fri Mar 24 17:24:20 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 24 17:24:27 2006 Subject: List of TLDs and country-wide SLDs? Message-ID: Somewhere, there is a file on the web that contains all the top level domain names (com, net, org, info, biz, all the country codes, etc...). But it also lists all the country-wide second level domain names that are used by all the countries around the world, such as .org.uk, .com.es, etc.... It has been mentioned here before but I can't find it. Can anyone point me in the right direction please? I would like to improve the phishing net by using it. Thanks folks. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve.swaney at fsl.com Fri Mar 24 17:30:24 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Fri Mar 24 17:30:26 2006 Subject: How do I block a domain from the recieved portion of headers In-Reply-To: <44241EEC.3070608@ti.com> Message-ID: <07bd01c64f68$a2351a20$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Brandon Hoppe > Sent: Friday, March 24, 2006 11:32 AM > To: MailScanner discussion > Subject: Re: How do I block a domain from the recieved portion of headers > > > > Brandon Hoppe wrote: > > > > >> Look at adding bogus HELO checking to sendmail. Download: > >> > >> http://www.cs.niu.edu/~rickert/cf/hack/block_bad_helo.m4 > >> > >> Install the contents as /usr/share/sendmail-cf/hack/block_bad_helo.m4 > >> > >> Then add the line below line to the top of your sendmail.mc file > >> right after > >> the line "include(`/usr/share/sendmail-cf/m4/cf.m4')dnl": > >> > >> Here is the line to add: > >> > >> include(`/usr/share/sendmail-cf/hack/block_bad_helo.m4')dnl: > >> > >> The rebuild your sendmail.cf file: > >> > >> m4 sendmail.mc > sendmail.cf > >> > >> Then restart MailScanner. > >> > > Ok, i've created the block_bad_helo.m4 file under > > /sendmail/cf/m4 > > > > Now, in my sendmail.mc file, I didn't have the include line of cf.m4. > > I'm on sendmail 8.13.3 currently. This is my current sendmail.mc file: > > > > divert(-1) > > divert(0)dnl > > VERSIONID(`$Id: generic-solaris.mc,v 8.13 2001/06/27 21:46:30 gshapiro > > Exp $') > > OSTYPE(solaris2)dnl > > DOMAIN(generic)dnl > > define(`confAUTH_OPTIONS', `A')dnl > > define(`confAUTH_MECHANISMS',`LOGIN PLAIN')dnl > > define(`SMART_HOST', `outgoing.verizon.net') > > TRUST_AUTH_MECH(`LOGIN PLAIN')dnl > > FEATURE(`virtusertable', `dbm /etc/mail/virtusertable')dnl > > FEATURE(`authinfo', `dbm /etc/mail/authinfo')dnl > > FEATURE(`masquerade_envelope')dnl > > FEATURE(dnsbl)dnl > > FEATURE(`dnsbl', `sbl.spamhaus.org', `Spam blocked see: > > http://spamhaus.org/')dnl > > FEATURE(`dnsbl', `bl.spamcop.net', `"Spam blocked see: > > http://spamcop.net/bl.shtml?"$&{client_addr}')dnl > > FEATURE(`dnsbl', `relays.ordb.org', `"550 Email rejected due to > > sending server misconfiguration"')dnl > > MAILER(local)dnl > > MAILER(smtp)dnl > > > > > > Now, I wasn't sure where to put it so I added these two lines after > > the divert(-1) line: > > > > include(`../m4/cf.m4')dnl > > include(`../m4/block_bad_helo.m4')dnl > > > > and restarted sendmail. When I send an email to my account, I get a > > return message that says: > > > > (reason: 554 5.3.5 Infinite loop in ruleset Local_check_rcpt, rule 2) > > > > > > Am I placing the include of the m4 files incorrectly? > > > > > > Any ideas on what I did incorrectly on the above? > here's where the line resides in my sendmail.mc file: divert(-1)dnl dnl # dnl # This is the sendmail macro config file for m4. If you make changes to dnl # /etc/mail/sendmail.mc, you will need to regenerate the dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is dnl # installed and then performing a dnl # dnl # make -C /etc/mail dnl # include(`/usr/share/sendmail-cf/m4/cf.m4')dnl include(`/usr/share/sendmail-cf/hack/block_bad_helo.m4')dnl VERSIONID(`@(#)sendmail.mc 1.00 (Berkeley) 12/03/99') OSTYPE(`linux')dnl -----------snip--------------- Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From MailScanner at ecs.soton.ac.uk Fri Mar 24 17:32:38 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 24 17:32:45 2006 Subject: List of TLDs and country-wide SLDs? In-Reply-To: References: Message-ID: I think I have found the right file eventually. http://spamcheck.freeapp.net/two-level-tlds It's just plain text which is nice :-) On 24 Mar 2006, at 17:24, Julian Field wrote: > Somewhere, there is a file on the web that contains all the top > level domain names (com, net, org, info, biz, all the country > codes, etc...). But it also lists all the country-wide second level > domain names that are used by all the countries around the world, > such as .org.uk, .com.es, etc.... > > It has been mentioned here before but I can't find it. > > Can anyone point me in the right direction please? I would like to > improve the phishing net by using it. > > Thanks folks. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve.swaney at fsl.com Fri Mar 24 17:36:29 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Fri Mar 24 17:36:33 2006 Subject: List of TLDs and country-wide SLDs? In-Reply-To: Message-ID: <07bf01c64f69$7c610010$287ba8c0@office.fsl> Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Friday, March 24, 2006 12:24 PM > To: MailScanner mailing list > Subject: List of TLDs and country-wide SLDs? > > Somewhere, there is a file on the web that contains all the top level > domain names (com, net, org, info, biz, all the country codes, > etc...). But it also lists all the country-wide second level domain > names that are used by all the countries around the world, such > as .org.uk, .com.es, etc.... > > It has been mentioned here before but I can't find it. > > Can anyone point me in the right direction please? I would like to > improve the phishing net by using it. > > Thanks folks. > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 I think you're looking for the GeoIP database: http://www.thecodeproject.com/asp/geoip.asp Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From ajos1 at onion.demon.co.uk Fri Mar 24 17:58:08 2006 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Fri Mar 24 17:58:23 2006 Subject: Installation Problem Message-ID: - My system is: MIME-tools-5.420 But when I try to install... mailscanner-4.51.6-1 ... I get... [root@www mailscanner]# rpm -Uvh mailscanner-4.51.6-1.noarch.rpm error: Failed dependencies: perl-MIME-tools >= 5.412 is needed by mailscanner-4.51.6-1.noarch == ===================================================================== = = "A committee of one... gets things done." = = "It is always sunny in my life..." - Ajos1 = = "When I win the lottery, I am going to become a Peer..." - Ajos1 = = Need help dealing with Parking Tickets, Bailiffs, Capita or NTL... = Call... +44 8457 90 90 90 http://www.samaritans.org/ = ===================================================================== From jaearick at colby.edu Fri Mar 24 17:54:44 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri Mar 24 18:00:01 2006 Subject: List of TLDs and country-wide SLDs? In-Reply-To: References: Message-ID: I would also suggest: http://www.iana.org/assignments/ipv4-address-space and http://ip.ludost.net/ Jeff Earickson Colby College On Fri, 24 Mar 2006, Julian Field wrote: > Date: Fri, 24 Mar 2006 17:24:20 +0000 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner mailing list > Subject: List of TLDs and country-wide SLDs? > > Somewhere, there is a file on the web that contains all the top level domain > names (com, net, org, info, biz, all the country codes, etc...). But it also > lists all the country-wide second level domain names that are used by all the > countries around the world, such as .org.uk, .com.es, etc.... > > It has been mentioned here before but I can't find it. > > Can anyone point me in the right direction please? I would like to improve > the phishing net by using it. > > Thanks folks. > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From prandal at herefordshire.gov.uk Fri Mar 24 18:05:16 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Mar 24 18:05:28 2006 Subject: Installation Problem Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580C0745A4@isabella.herefordshire.gov.uk> Any reason why you're not using the install.sh script? Use that and it should sort your problem. Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of ajos1@onion.demon.co.uk > Sent: 24 March 2006 17:58 > To: mailscanner@lists.mailscanner.info > Subject: Installation Problem > > - > > My system is: > > MIME-tools-5.420 > > But when I try to install... mailscanner-4.51.6-1 ... I get... > > [root@www mailscanner]# rpm -Uvh mailscanner-4.51.6-1.noarch.rpm > error: Failed dependencies: > perl-MIME-tools >= 5.412 is needed by > mailscanner-4.51.6-1.noarch > > == > ===================================================================== > = > = "A committee of one... gets things done." > = > = "It is always sunny in my life..." - Ajos1 > = > = "When I win the lottery, I am going to become a Peer..." - Ajos1 > = > = Need help dealing with Parking Tickets, Bailiffs, Capita or NTL... > = Call... +44 8457 90 90 90 http://www.samaritans.org/ > = > ===================================================================== > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From maillists at conactive.com Fri Mar 24 18:59:40 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Mar 24 18:59:44 2006 Subject: List of TLDs and country-wide SLDs? In-Reply-To: References: Message-ID: Julian Field wrote on Fri, 24 Mar 2006 17:24:20 +0000: > It has been mentioned here before but I can't find it. Haven't seen it. There are two lists right behind the first two links at http://www.iana.org/, but not a simple text listing. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From bhoppe at ti.com Fri Mar 24 19:53:44 2006 From: bhoppe at ti.com (Brandon Hoppe) Date: Fri Mar 24 19:53:59 2006 Subject: How do I block a domain from the recieved portion of headers In-Reply-To: <07bd01c64f68$a2351a20$287ba8c0@office.fsl> Message-ID: <200603241953.k2OJriCr007756@dlep30.itg.ti.com> > > here's where the line resides in my sendmail.mc file: > > divert(-1)dnl > dnl # > dnl # This is the sendmail macro config file for m4. If you make changes > to > dnl # /etc/mail/sendmail.mc, you will need to regenerate the > dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf > package > is > dnl # installed and then performing a > dnl # > dnl # make -C /etc/mail > dnl # > include(`/usr/share/sendmail-cf/m4/cf.m4')dnl > include(`/usr/share/sendmail-cf/hack/block_bad_helo.m4')dnl > VERSIONID(`@(#)sendmail.mc 1.00 (Berkeley) 12/03/99') > OSTYPE(`linux')dnl > -----------snip--------------- > > Steve Steve, Ok, I moved my include lines just before the VERSIONID line. I now am able to receive email. I let y'all know if it starts blocking the fake domain email. Thanks From KLekas at foxriver.com Fri Mar 24 20:57:11 2006 From: KLekas at foxriver.com (Kosta Lekas) Date: Fri Mar 24 20:57:22 2006 Subject: bayes on MySQL problem Message-ID: <8D8A77DC1FA09546936E74FC3EEC627A3B217E@FREXGENEVA-01.frfr.foxriver.com> I moved my local bayes to a remote mysql. When I lint the rule set as root on my MS gateway everything is good (output below): spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint [11229] dbg: bayes: using username: root [11229] dbg: bayes: database connection established [11229] dbg: bayes: found bayes db version 3 [11229] dbg: bayes: Using userid: 1 [11229] dbg: bayes: corpus size: nspam = 2042, nham = 1857 [11229] dbg: bayes: tok_get_all: token count: 20 [11229] dbg: bayes: cannot use bayes on this message; not enough usable tokens found [11229] dbg: bayes: not scoring message, returning undef But with MailScanner debug on I see problems when running as postfix: [11285] dbg: bayes: database connection established [11285] dbg: bayes: found bayes db version 3 [11285] dbg: bayes: unable to initialize database for postfix user, aborting! [11285] dbg: bayes: not scoring message, returning undef [11285] dbg: bayes: opportunistic call attempt failed, DB not readable I followed the wiki http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/390.html I have set in my spam.assassin .prefs.conf: bayes_store_module Mail::SpamAssassin::BayesStore::SQL bayes_sql_dsn DBI:mysql:sa_bayes:remoteMysqlBox bayes_sql_username sa_user bayes_sql_password sa_password Can someone please tell me what I am doing wrong. Kosta Lekas FREXE 630.482.7142 - office 630.885.9355 - mobile 630.232.6074 - fax -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060324/c4a87946/attachment.html From mkettler at evi-inc.com Fri Mar 24 21:19:13 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Mar 24 21:19:25 2006 Subject: bayes on MySQL problem In-Reply-To: <8D8A77DC1FA09546936E74FC3EEC627A3B217E@FREXGENEVA-01.frfr.foxriver.com> References: <8D8A77DC1FA09546936E74FC3EEC627A3B217E@FREXGENEVA-01.frfr.foxriver.com> Message-ID: <44246251.5030903@evi-inc.com> Kosta Lekas wrote: > I moved my local bayes to a remote mysql. When I lint the rule set as > root on my MS gateway everything is good (output below): > > spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint What version of MailScanner are you on? You shouldn't need to pass -p to spamassassin anymore. There should be a /etc/mail/spamassassin/mailscanner.cf which is a symlink to spam.assassin.prefs.conf. > > [11229] dbg: bayes: using username: root > > [11229] dbg: bayes: database connection established > > [11229] dbg: bayes: found bayes db version 3 > > [11229] dbg: bayes: Using userid: 1 > > [11229] dbg: bayes: corpus size: nspam = 2042, nham = 1857 > > [11229] dbg: bayes: tok_get_all: token count: 20 > > [11229] dbg: bayes: cannot use bayes on this message; not enough usable > tokens found > > [11229] dbg: bayes: not scoring message, returning undef > > > > > > But with MailScanner debug on I see problems when running as postfix: > > [11285] dbg: bayes: database connection established > > [11285] dbg: bayes: found bayes db version 3 > > [11285] dbg: bayes: unable to initialize database for postfix user, > aborting! > > [11285] dbg: bayes: not scoring message, returning undef > > [11285] dbg: bayes: opportunistic call attempt failed, DB not readable > > > > I followed the wiki > http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/390.html > > > > I have set in my spam.assassin .prefs.conf: > > bayes_store_module Mail::SpamAssassin::BayesStore::SQL > bayes_sql_dsn DBI:mysql:*sa_bayes:remoteMysqlBox* > bayes_sql_username *sa_user* > bayes_sql_password *sa_password* > > > > Can someone please tell me what I am doing wrong. You're using two different users. To spamassassin, bayes databases are stored in SQL with a different table per-user that EXECUTES spamassassin. In your one test, you're running as root, thus it's going to look in root's table. In the other test, you're running as postfix, so it is going to look in the table for the postfix user. I would suggest adding: bayes_sql_override_username root To your config. Note that "bayes_sql_username" sets the username that SA authenticates to bayes with. This option sets what email "username" SA is going to be using, thus which table it will use. From KLekas at foxriver.com Fri Mar 24 21:34:10 2006 From: KLekas at foxriver.com (Kosta Lekas) Date: Fri Mar 24 21:34:22 2006 Subject: bayes on MySQL problem Message-ID: <8D8A77DC1FA09546936E74FC3EEC627A3B2181@FREXGENEVA-01.frfr.foxriver.com> That worked, thanks. Kosta Lekas Fox River Financial Resources 630.482.7142 - office 630.885.9355 - mobile 630.232.6074 - fax -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Kettler Sent: Friday, March 24, 2006 3:19 PM To: MailScanner discussion Subject: Re: bayes on MySQL problem Kosta Lekas wrote: > I moved my local bayes to a remote mysql. When I lint the rule set as > root on my MS gateway everything is good (output below): > > spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint What version of MailScanner are you on? You shouldn't need to pass -p to spamassassin anymore. There should be a /etc/mail/spamassassin/mailscanner.cf which is a symlink to spam.assassin.prefs.conf. > > [11229] dbg: bayes: using username: root > > [11229] dbg: bayes: database connection established > > [11229] dbg: bayes: found bayes db version 3 > > [11229] dbg: bayes: Using userid: 1 > > [11229] dbg: bayes: corpus size: nspam = 2042, nham = 1857 > > [11229] dbg: bayes: tok_get_all: token count: 20 > > [11229] dbg: bayes: cannot use bayes on this message; not enough usable > tokens found > > [11229] dbg: bayes: not scoring message, returning undef > > > > > > But with MailScanner debug on I see problems when running as postfix: > > [11285] dbg: bayes: database connection established > > [11285] dbg: bayes: found bayes db version 3 > > [11285] dbg: bayes: unable to initialize database for postfix user, > aborting! > > [11285] dbg: bayes: not scoring message, returning undef > > [11285] dbg: bayes: opportunistic call attempt failed, DB not readable > > > > I followed the wiki > http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/390.html > > > > I have set in my spam.assassin .prefs.conf: > > bayes_store_module Mail::SpamAssassin::BayesStore::SQL > bayes_sql_dsn DBI:mysql:*sa_bayes:remoteMysqlBox* > bayes_sql_username *sa_user* > bayes_sql_password *sa_password* > > > > Can someone please tell me what I am doing wrong. You're using two different users. To spamassassin, bayes databases are stored in SQL with a different table per-user that EXECUTES spamassassin. In your one test, you're running as root, thus it's going to look in root's table. In the other test, you're running as postfix, so it is going to look in the table for the postfix user. I would suggest adding: bayes_sql_override_username root To your config. Note that "bayes_sql_username" sets the username that SA authenticates to bayes with. This option sets what email "username" SA is going to be using, thus which table it will use. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From john at katy.com Fri Mar 24 21:57:54 2006 From: john at katy.com (John Schmerold) Date: Fri Mar 24 21:58:31 2006 Subject: Mailscanner / Mailwatch Installation Message-ID: <44246B62.7080301@katy.com> I do not want to turn this post into any kind of holy war within the group, however I really need to get a couple Mailscanner boxes on-line and I want to use Mailwatch to monitor & maintain the servers. Here's my problem: I have never managed to install Linux, Mailscanner & Mailwatch without fighting odd dependency issues (I hate hate hate CPAN -it never works, I always get odd dependency errors) I'm partial to Red Hat type installs because I've been tinkering with various distros for 8 years, I kinda like SUSE because it seems like the most professional distro (no holy wars please). However I really don't care what I use, I just want to burn a DVD or CD, install Linux, do a YUM (or equivalent) update, install a couple AV applications, install spamassassin, install mailscanner using install.sh, install mailwatch using instructions at: http://tinyurl.com/hnnfm Based on the mailwatch web-site, I suspect I should use Centos 3.6 Server distribution, anyone find that something else works flawless &/or better? TIA From steve.swaney at fsl.com Fri Mar 24 22:12:22 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Fri Mar 24 22:12:25 2006 Subject: Mailscanner / Mailwatch Installation In-Reply-To: <44246B62.7080301@katy.com> Message-ID: <093601c64f90$065cfc80$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of John Schmerold > Sent: Friday, March 24, 2006 4:58 PM > To: MailScanner discussion > Subject: Mailscanner / Mailwatch Installation > > I do not want to turn this post into any kind of holy war within the > group, however I really need to get a couple Mailscanner boxes on-line > and I want to use Mailwatch to monitor & maintain the servers. > > Here's my problem: I have never managed to install Linux, Mailscanner & > Mailwatch without fighting odd dependency issues (I hate hate hate CPAN > -it never works, I always get odd dependency errors) > > I'm partial to Red Hat type installs because I've been tinkering with > various distros for 8 years, I kinda like SUSE because it seems like the > most professional distro (no holy wars please). > > However I really don't care what I use, I just want to burn a DVD or CD, > install Linux, do a YUM (or equivalent) update, install a couple AV > applications, install spamassassin, install mailscanner using > install.sh, install mailwatch using instructions at: > http://tinyurl.com/hnnfm > > Based on the mailwatch web-site, I suspect I should use Centos 3.6 > Server distribution, anyone find that something else works flawless &/or > better? > > TIA CentOS 4.3 :) Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From rob at robhq.com Sat Mar 25 04:21:08 2006 From: rob at robhq.com (Rob Freeman) Date: Sat Mar 25 04:21:14 2006 Subject: Mailscanner / Mailwatch Installation In-Reply-To: <44246B62.7080301@katy.com> References: <44246B62.7080301@katy.com> Message-ID: <4424C534.2060408@robhq.com> Install centos 4.3 yum update configure sendmail install mailscanner use that great spamassassin / clamav install script from julian on the mailscanner website ( Is a great way to get around using CPAN) Install DCC / pyzor / razor from the mailscanner wiki documentation disable yum update from installing an older version of spamassassin by editing /etc/yum.conf to exclude=spamassassin add your custom spamassasin rules aka like rules_da_jour script add any other anti virus programs you own or free like bitdefender install mailwatch Just a brief overview off the top of my head on what I do to get it going. John Schmerold wrote: > I do not want to turn this post into any kind of holy war within the > group, however I really need to get a couple Mailscanner boxes on-line > and I want to use Mailwatch to monitor & maintain the servers. > > Here's my problem: I have never managed to install Linux, Mailscanner > & Mailwatch without fighting odd dependency issues (I hate hate hate > CPAN -it never works, I always get odd dependency errors) > > I'm partial to Red Hat type installs because I've been tinkering with > various distros for 8 years, I kinda like SUSE because it seems like > the most professional distro (no holy wars please). > > However I really don't care what I use, I just want to burn a DVD or > CD, install Linux, do a YUM (or equivalent) update, install a couple > AV applications, install spamassassin, install mailscanner using > install.sh, install mailwatch using instructions at: > http://tinyurl.com/hnnfm > > Based on the mailwatch web-site, I suspect I should use Centos 3.6 > Server distribution, anyone find that something else works flawless > &/or better? > > TIA From bhoppe at ti.com Sat Mar 25 16:36:02 2006 From: bhoppe at ti.com (Brandon Hoppe) Date: Sat Mar 25 16:36:23 2006 Subject: How do I block a domain from the recieved portion of headers In-Reply-To: <200603241953.k2OJriCr007756@dlep30.itg.ti.com> Message-ID: <200603251636.k2PGaCf3026171@dlep30.itg.ti.com> > -----Original Message----- > > here's where the line resides in my sendmail.mc file: > > > > divert(-1)dnl > > dnl # > > dnl # This is the sendmail macro config file for m4. If you make changes > > to > > dnl # /etc/mail/sendmail.mc, you will need to regenerate the > > dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf > > package > > is > > dnl # installed and then performing a > > dnl # > > dnl # make -C /etc/mail > > dnl # > > include(`/usr/share/sendmail-cf/m4/cf.m4')dnl > > include(`/usr/share/sendmail-cf/hack/block_bad_helo.m4')dnl > > VERSIONID(`@(#)sendmail.mc 1.00 (Berkeley) 12/03/99') > > OSTYPE(`linux')dnl > > -----------snip--------------- > > > > Steve > > Steve, > > Ok, I moved my include lines just before the VERSIONID line. I now am able > to receive email. I let y'all know if it starts blocking the fake domain > email. > > Thanks Well, I still receive email that fakes the sending domain to look like mine. Is there a way to test to make sure the block script is working? The full headers are below again: Return-Path: Received: from mydom.com (cpe-24-170-49-168.stx.res.rr.com [24.170.49.168]) by mailhost.mydom.com (8.13.3/8.13.3) with ESMTP id k2PEpEsT014729 for ; Sat, 25 Mar 2006 08:51:15 -0600 (CST) Message-Id: <200603251451.k2PEpEsT014729@mailhost.adoy.com> From: webmaster@mydom.com To: user@mydom.com Subject: Warning Message: Your services near to be closed. Date: Sat, 25 Mar 2006 08:55:21 -0600 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0001_C604B19B.06FDF7BD" X-Priority: 3 X-MSMail-Priority: Normal From lists at masonc.com Sat Mar 25 17:52:36 2006 From: lists at masonc.com (Chris Mason (Lists)) Date: Sat Mar 25 17:52:42 2006 Subject: Blacklist on email to Message-ID: <44258364.8070402@masonc.com> I find I am getting dictionary attacks on my own domain, they will try every known first name at masonc.com. As there is only three users on this domain, I would like to blacklist anyone who emails any of the common names they try to guess. Is there any way to do this? -- Chris Mason NetConcepts (264) 497-5670 Fax: (264) 497-8463 Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271 Cell: 264-235-5670 Yahoo IM: netconcepts_anguilla@yahoo.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Mar 25 18:08:10 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 25 18:08:17 2006 Subject: Beta 4.52.1 released Message-ID: <4425870A.4020307@ecs.soton.ac.uk> I have just released a new beta version 4.52.1. There is 1 new feature in this release, but it will be important to some of you, so please read on. It affects the phishing net, and may give you pretty good protection against phishing scams, while having a much lower false alarm rate than the full phishing net code that has been there so far. You can now set "Use Stricter Phishing Net = no" which will make the phishing net just check the name of the company owning the website, along with any country code of course. There is a configuration file containing a list of all the 2nd and 3rd level domain names in use by all countries, it lists domain endings such as "org.uk" which are used by a country to describe a whole type of websites within their country. So if the website is "www.hello.company.com" it knows to check just company.com, whereas given "www.byebye.charity.org.uk" it will check charity.org.uk. The configuration file "Country Sub-Domains List" lists all the entries required for this to work in any country, 1 per line. You shouldn't need to touch this file. I hope you find this new feature useful, and it may enable some of you (particularly large ISPs) to provide your customers and users with a high level of protection against phishing scams. Let me know how you get on. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Mar 25 18:12:22 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 25 18:12:33 2006 Subject: Blacklist on email to In-Reply-To: <44258364.8070402@masonc.com> References: <44258364.8070402@masonc.com> Message-ID: <44258806.4040900@ecs.soton.ac.uk> Do this sort of thing in your MTA, it will reject them as early as possible and thus save your computing resources as best as you can. Chris Mason (Lists) wrote: > I find I am getting dictionary attacks on my own domain, they will try > every known first name at masonc.com. As there is only three users on > this domain, I would like to blacklist anyone who emails any of the > common names they try to guess. Is there any way to do this? > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ka at pacific.net Sat Mar 25 22:11:14 2006 From: ka at pacific.net (Ken A) Date: Sat Mar 25 22:11:20 2006 Subject: Beta 4.52.1 released In-Reply-To: <4425870A.4020307@ecs.soton.ac.uk> References: <4425870A.4020307@ecs.soton.ac.uk> Message-ID: <4425C002.2070606@pacific.net> Julian, That sounds like a nice improvement. I had turned off the phishing code due to false positives with it, but will give it a shot with "Use Stricter Phishing Net = no". If I have Phishing Modify Subject = no, and Highlight Phishing Fraud = no, what does MailScanner do when it finds a phishing attempt? I'm hoping the answer is "nothing but log it", so that I can use this configuration for testing. Thanks, Ken A Pacific.Net Julian Field wrote: > I have just released a new beta version 4.52.1. > > There is 1 new feature in this release, but it will be important to some > of you, so please read on. It affects the phishing net, and may give you > pretty good protection against phishing scams, while having a much lower > false alarm rate than the full phishing net code that has been there so > far. > > You can now set "Use Stricter Phishing Net = no" which will make the > phishing net just check the name of the company owning the website, along > with any country code of course. There is a configuration file containing > a list of all the 2nd and 3rd level domain names in use by all countries, > it lists domain endings such as "org.uk" which are used by a country to > describe a whole type of websites within their country. So if the website > is "www.hello.company.com" it knows to check just company.com, whereas > given "www.byebye.charity.org.uk" it will check charity.org.uk. > The configuration file "Country Sub-Domains List" lists all the entries > required for this to work in any country, 1 per line. You shouldn't need > to touch this file. > > I hope you find this new feature useful, and it may enable some of you > (particularly large ISPs) to provide your customers and users with a > high level of protection against phishing scams. > > Let me know how you get on. > From maillists at conactive.com Sat Mar 25 22:27:57 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Mar 25 22:28:02 2006 Subject: Whitelisting outgoing mail? Message-ID: I would like to whitelist or at least not spamcheck (but viruscheck) mail which is delivered via SMTP AUTH, so "quasi originating" from the machine, but not coming from 127.0.0.1 (so whitelisting localhost is mute). Is there a way to do this? Not within MailScanner, right? At the moment I see two external alternatives: - send over a machine with no MailScanner - tell to use MSA port 587 and run a different queue for it Is the latter a proven way to do this? If so, I'd be grateful if someone can spare me looking up what I have to do for adding another queue for this ;-) Other solutions? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From lists at masonc.com Sat Mar 25 22:47:44 2006 From: lists at masonc.com (Chris Mason (Lists)) Date: Sat Mar 25 22:47:53 2006 Subject: Blacklist on email to In-Reply-To: <44258806.4040900@ecs.soton.ac.uk> References: <44258364.8070402@masonc.com> <44258806.4040900@ecs.soton.ac.uk> Message-ID: <4425C890.7000606@masonc.com> Julian Field wrote: > Do this sort of thing in your MTA, it will reject them as early as > possible and thus save your computing resources as best as you can. > Good thinking!...how? -- Chris Mason NetConcepts (264) 497-5670 Fax: (264) 497-8463 Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271 Cell: 264-235-5670 Yahoo IM: netconcepts_anguilla@yahoo.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Sat Mar 25 23:04:49 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Sat Mar 25 23:04:58 2006 Subject: Blacklist on email to In-Reply-To: <4425C890.7000606@masonc.com> References: <44258364.8070402@masonc.com> <44258806.4040900@ecs.soton.ac.uk> <4425C890.7000606@masonc.com> Message-ID: <4425CC91.104@evi-inc.com> Chris Mason (Lists) wrote: > Julian Field wrote: >> Do this sort of thing in your MTA, it will reject them as early as >> possible and thus save your computing resources as best as you can. >> > Good thinking!...how? > What MTA are you using? (answer varies considerably depending on MTA). Also, are you forwarding to an internal mailserver, or is delivery to mboxes handled on your MailScanner system? From strydom.dave at gmail.com Sun Mar 26 05:15:14 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Sun Mar 26 05:15:18 2006 Subject: Mailscanner / Mailwatch Installation In-Reply-To: <4424C534.2060408@robhq.com> References: <44246B62.7080301@katy.com> <4424C534.2060408@robhq.com> Message-ID: This is why I love Gentoo, just emerge everything u need. Dave On 3/25/06, Rob Freeman wrote: > Install centos 4.3 > > yum update > > configure sendmail > > install mailscanner > > use that great spamassassin / clamav install script from julian on the > mailscanner website ( Is a great way to get around using CPAN) > > Install DCC / pyzor / razor from the mailscanner wiki documentation > > disable yum update from installing an older version of spamassassin by > editing /etc/yum.conf to exclude=spamassassin > > add your custom spamassasin rules aka like rules_da_jour script > > add any other anti virus programs you own or free like bitdefender > > install mailwatch > > Just a brief overview off the top of my head on what I do to get it going. > > > > John Schmerold wrote: > > I do not want to turn this post into any kind of holy war within the > > group, however I really need to get a couple Mailscanner boxes on-line > > and I want to use Mailwatch to monitor & maintain the servers. > > > > Here's my problem: I have never managed to install Linux, Mailscanner > > & Mailwatch without fighting odd dependency issues (I hate hate hate > > CPAN -it never works, I always get odd dependency errors) > > > > I'm partial to Red Hat type installs because I've been tinkering with > > various distros for 8 years, I kinda like SUSE because it seems like > > the most professional distro (no holy wars please). > > > > However I really don't care what I use, I just want to burn a DVD or > > CD, install Linux, do a YUM (or equivalent) update, install a couple > > AV applications, install spamassassin, install mailscanner using > > install.sh, install mailwatch using instructions at: > > http://tinyurl.com/hnnfm > > > > Based on the mailwatch web-site, I suspect I should use Centos 3.6 > > Server distribution, anyone find that something else works flawless > > &/or better? > > > > TIA > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From lists at masonc.com Sun Mar 26 10:39:16 2006 From: lists at masonc.com (Chris Mason (Lists)) Date: Sun Mar 26 10:39:24 2006 Subject: Blacklist on email to In-Reply-To: <4425CC91.104@evi-inc.com> References: <44258364.8070402@masonc.com> <44258806.4040900@ecs.soton.ac.uk> <4425C890.7000606@masonc.com> <4425CC91.104@evi-inc.com> Message-ID: <44266144.5070804@masonc.com> Matt Kettler wrote: > > What MTA are you using? > > (answer varies considerably depending on MTA). > Sendmail > Also, are you forwarding to an internal mailserver, or is delivery to mboxes > handled on your MailScanner system? > Mail is first delivered to local mbox without any MailScanner involvement, then fetched with fetchmail to internal server and that's where I use MailScanner, clamav, spamassassin. I do this because I don't want to bog down my dedicated server with MailScanner, the main job of the server is web serving, and because the bandwidth to my internal mail server is not great, so I don't want all the spammers trying to send mail to it. I do first level spam blocking on the dedicated server using blackhole lists only. If I can block the dictionary attacks there, I can cut down on some more of the load and bandwidth usage. I am using apf as a firewall so, if there was a way to pass the ip of the sending server as a variable, I could do a 'apf -d senderip' which would block it forever. -- Chris Mason NetConcepts (264) 497-5670 Fax: (264) 497-8463 Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271 Cell: 264-235-5670 Yahoo IM: netconcepts_anguilla@yahoo.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From h.swensson at hccnet.nl Sun Mar 26 14:04:08 2006 From: h.swensson at hccnet.nl (Herman Swensson) Date: Sun Mar 26 14:04:13 2006 Subject: (no subject) In-Reply-To: <001201c64378$1f016740$1401a8c0@asanote> Message-ID: <200603261304.k2QD4BZm006175@smtp30.hccnet.nl> Hello, When starting MailScanner I Get the next error Starting MailScanner daemons: incoming postfix: [ OK ] outgoing postfix: [ OK ] MailScanner: Can't locate MIME/Parser.pm in @INC (@INC contains: /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /usr/lib/MailScanner/5.8.0 /usr/lib/MailScanner /usr/lib/perl5/5.8.3/i386-linux-thread-multi /usr/lib/perl5/5.8.3 /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl . /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /usr/lib/MailScanner/5.8.0 /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 41. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 41. Compilation failed in require at /usr/sbin/MailScanner line 76. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 76. When I search for Parser.pm I get the next result: /usr/lib/mrtg2/Pod/Parser.pm /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Conf/Parser.pm /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi/HTML/Parser.pm /usr/lib/perl5/5.8.3/Pod/Parser.pm /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi/XML/Parser.pm /usr/lib/perl5/vendor_perl/5.8.3/XML/Checker/Parser.pm /usr/lib/perl5/vendor_perl/5.8.3/XML/XQL/Parser.pm /usr/lib/perl5/vendor_perl/5.8.5/MIME/Parser.pm /root/.cpan/build/MIME-tools-5.420/lib/MIME/Parser.pm /root/.cpan/build/MIME-tools-5.420/blib/lib/MIME/Parser.pm So there is a Parser.pm only MailScanner can't find it, I think Must I change the path or must I do something else ??? Regards Herman -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 From MailScanner at ecs.soton.ac.uk Sun Mar 26 16:12:20 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 26 16:12:29 2006 Subject: Beta 4.52.1 released In-Reply-To: <4425C002.2070606@pacific.net> References: <4425870A.4020307@ecs.soton.ac.uk> <4425C002.2070606@pacific.net> Message-ID: <4426AF54.3040309@ecs.soton.ac.uk> I think the answer is "nothing but log it", but test it out and let me know. Ken A wrote: > Julian, > That sounds like a nice improvement. I had turned off the phishing > code due to false positives with it, but will give it a shot with "Use > Stricter Phishing Net = no". > > If I have Phishing Modify Subject = no, and Highlight Phishing Fraud = > no, what does MailScanner do when it finds a phishing attempt? I'm > hoping the answer is "nothing but log it", so that I can use this > configuration for testing. > > Thanks, > Ken A > Pacific.Net > > Julian Field wrote: >> I have just released a new beta version 4.52.1. >> >> There is 1 new feature in this release, but it will be important to >> some of you, so please read on. It affects the phishing net, and may >> give you pretty good protection against phishing scams, while having >> a much lower false alarm rate than the full phishing net code that >> has been there so far. >> >> You can now set "Use Stricter Phishing Net = no" which will make the >> phishing net just check the name of the company owning the website, >> along >> with any country code of course. There is a configuration file >> containing >> a list of all the 2nd and 3rd level domain names in use by all >> countries, >> it lists domain endings such as "org.uk" which are used by a country to >> describe a whole type of websites within their country. So if the >> website >> is "www.hello.company.com" it knows to check just company.com, whereas >> given "www.byebye.charity.org.uk" it will check charity.org.uk. >> The configuration file "Country Sub-Domains List" lists all the entries >> required for this to work in any country, 1 per line. You shouldn't >> need >> to touch this file. >> >> I hope you find this new feature useful, and it may enable some of >> you (particularly large ISPs) to provide your customers and users >> with a high level of protection against phishing scams. >> >> Let me know how you get on. >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Mar 26 16:16:04 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 26 16:16:13 2006 Subject: (no subject) In-Reply-To: <200603261304.k2QD4BZm006175@smtp30.hccnet.nl> References: <200603261304.k2QD4BZm006175@smtp30.hccnet.nl> Message-ID: <4426B034.5010506@ecs.soton.ac.uk> Do MailScanner --version and show us the output. Did you use the./install.sh script to install MailScanner? Herman Swensson wrote: > Hello, > > > When starting MailScanner I Get the next error > > Starting MailScanner daemons: > incoming postfix: [ OK ] > outgoing postfix: [ OK ] > MailScanner: Can't locate MIME/Parser.pm in @INC (@INC contains: > /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi > /usr/lib/MailScanner/5.8.3 > /usr/lib/MailScanner/i386-linux-thread-multi > /usr/lib/MailScanner/5.8.2 > /usr/lib/MailScanner/5.8.1 > /usr/lib/MailScanner/5.8.0 > /usr/lib/MailScanner > /usr/lib/perl5/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/5.8.3 > /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.3 > /usr/lib/perl5/site_perl/5.8.2 > /usr/lib/perl5/site_perl/5.8.1 > /usr/lib/perl5/site_perl/5.8.0 > /usr/lib/perl5/site_perl > /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 > /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 > /usr/lib/perl5/vendor_perl > . /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi > /usr/lib/MailScanner/5.8.3 > /usr/lib/MailScanner/i386-linux-thread-multi > /usr/lib/MailScanner/5.8.2 > /usr/lib/MailScanner/5.8.1 > /usr/lib/MailScanner/5.8.0 > /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line > 41. > BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 41. > Compilation failed in require at /usr/sbin/MailScanner line 76. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 76. > > When I search for Parser.pm I get the next result: > /usr/lib/mrtg2/Pod/Parser.pm > /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Conf/Parser.pm > /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi/HTML/Parser.pm > /usr/lib/perl5/5.8.3/Pod/Parser.pm > /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi/XML/Parser.pm > /usr/lib/perl5/vendor_perl/5.8.3/XML/Checker/Parser.pm > /usr/lib/perl5/vendor_perl/5.8.3/XML/XQL/Parser.pm > /usr/lib/perl5/vendor_perl/5.8.5/MIME/Parser.pm > /root/.cpan/build/MIME-tools-5.420/lib/MIME/Parser.pm > /root/.cpan/build/MIME-tools-5.420/blib/lib/MIME/Parser.pm > > So there is a Parser.pm only MailScanner can't find it, I think > Must I change the path or must I do something else ??? > > > > Regards > > Herman > > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Sun Mar 26 16:31:20 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Mar 26 16:31:26 2006 Subject: Blacklist on email to In-Reply-To: <44266144.5070804@masonc.com> References: <44258364.8070402@masonc.com> <44258806.4040900@ecs.soton.ac.uk> <4425C890.7000606@masonc.com> <4425CC91.104@evi-inc.com> <44266144.5070804@masonc.com> Message-ID: Chris Mason (Lists) wrote on Sun, 26 Mar 2006 05:39:16 -0400: > Sendmail Then you want to use the access.db. If you don't know what this is, install Webmin and administer it that way. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From h.swensson at hccnet.nl Sun Mar 26 17:10:58 2006 From: h.swensson at hccnet.nl (Herman Swensson) Date: Sun Mar 26 17:11:04 2006 Subject: FW: Message-ID: <200603261611.k2QGB2Pb023749@smtp30.hccnet.nl> [root@server root]# MailScanner --version Can't locate MIME/Parser.pm in @INC (@INC contains: /usr/lib/MailScanner/5.8.3/i 386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/i386-linu x-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /usr/lib/Ma ilScanner/5.8.0 /usr/lib/MailScanner /usr/lib/perl5/5.8.3/i386-linux-thread-mult i /usr/lib/perl5/5.8.3 /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /u sr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5. 8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-mul ti /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/ site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib /perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8. 2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-mul ti /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendo r_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 / usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl . /usr/lib/MailScanne r/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/ i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /u sr/lib/MailScanner/5.8.0 /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScann er/MCPMessage.pm line 41. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/MCPMessage .pm line 41. Yes I have used the ./instal.sh script and Mailscanner was function good. See some messages from /var/log/maillog Mar 25 00:34:13 server MailScanner[7181]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Mar 25 00:34:13 server MailScanner[7181]: Read 711 hostnames from the phishing whitelist Mar 25 00:34:14 server MailScanner[7158]: New Batch: Scanning 11 messages, 379336 bytes Mar 25 00:34:14 server MailScanner[7181]: WARNING: You are trying to use the SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not properly installed! Mar 25 00:34:15 server MailScanner[7181]: Enabling SpamAssassin auto-whitelist functionality... Mar 25 00:34:20 server MailScanner[7181]: Using locktype = flock Mar 25 00:34:29 server MailScanner[7158]: Virus and Content Scanning: Starting Mar 25 00:34:33 server MailScanner[7349]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Mar 25 00:34:33 server MailScanner[7349]: Read 711 hostnames from the phishing whitelist Mar 25 00:34:33 server MailScanner[6963]: New Batch: Scanning 11 messages, 379336 bytes Mar 25 00:34:35 server MailScanner[7349]: WARNING: You are trying to use the SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not properly installed! Mar 25 00:34:35 server MailScanner[7349]: Enabling SpamAssassin auto-whitelist functionality... Mar 25 00:34:41 server MailScanner[7349]: Using locktype = flock Mar 25 00:34:48 server MailScanner[6963]: Virus and Content Scanning: Starting Mar 25 00:34:48 server MailScanner[7349]: MailScanner child caught a SIGHUP Regards Herman -----Oorspronkelijk bericht----- Van: Herman Swensson [mailto:h.swensson@hccnet.nl] Verzonden: zondag 26 maart 2006 15:04 Aan: 'MailScanner discussion' Onderwerp: Hello, When starting MailScanner I Get the next error Starting MailScanner daemons: incoming postfix: [ OK ] outgoing postfix: [ OK ] MailScanner: Can't locate MIME/Parser.pm in @INC (@INC contains: /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /usr/lib/MailScanner/5.8.0 /usr/lib/MailScanner /usr/lib/perl5/5.8.3/i386-linux-thread-multi /usr/lib/perl5/5.8.3 /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl . /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /usr/lib/MailScanner/5.8.0 /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 41. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 41. Compilation failed in require at /usr/sbin/MailScanner line 76. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 76. When I search for Parser.pm I get the next result: /usr/lib/mrtg2/Pod/Parser.pm /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Conf/Parser.pm /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi/HTML/Parser.pm /usr/lib/perl5/5.8.3/Pod/Parser.pm /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi/XML/Parser.pm /usr/lib/perl5/vendor_perl/5.8.3/XML/Checker/Parser.pm /usr/lib/perl5/vendor_perl/5.8.3/XML/XQL/Parser.pm /usr/lib/perl5/vendor_perl/5.8.5/MIME/Parser.pm /root/.cpan/build/MIME-tools-5.420/lib/MIME/Parser.pm /root/.cpan/build/MIME-tools-5.420/blib/lib/MIME/Parser.pm So there is a Parser.pm only MailScanner can't find it, I think Must I change the path or must I do something else ??? Regards Herman -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 From MailScanner at ecs.soton.ac.uk Sun Mar 26 17:57:46 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 26 17:57:53 2006 Subject: FW: In-Reply-To: <200603261611.k2QGB2Pb023749@smtp30.hccnet.nl> References: <200603261611.k2QGB2Pb023749@smtp30.hccnet.nl> Message-ID: <4426C80A.8070106@ecs.soton.ac.uk> You haven't got 2 versions of Perl installed have you? One in /usr/bin and one in /usr/local/bin by any chance? It obviously installed into 1 it isn't using when run. Herman Swensson wrote: > [root@server root]# MailScanner --version > Can't locate MIME/Parser.pm in @INC (@INC contains: > /usr/lib/MailScanner/5.8.3/i > 386-linux-thread-multi /usr/lib/MailScanner/5.8.3 > /usr/lib/MailScanner/i386-linu > x-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 > /usr/lib/Ma > ilScanner/5.8.0 /usr/lib/MailScanner > /usr/lib/perl5/5.8.3/i386-linux-thread-mult > i /usr/lib/perl5/5.8.3 > /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /u > sr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5. > 8.1/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-mul > ti /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 > /usr/lib/perl5/ > site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl > /usr/lib > /perl5/vendor_perl/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8. > 2/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-mul > ti /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/vendo > r_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 > /usr/lib/perl5/vendor_perl/5.8.1 / > usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl . > /usr/lib/MailScanne > r/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 > /usr/lib/MailScanner/ > i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 > /usr/lib/MailScanner/5.8.1 /u > sr/lib/MailScanner/5.8.0 /usr/lib/MailScanner) at > /usr/lib/MailScanner/MailScann > er/MCPMessage.pm line 41. > BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/MCPMessage > .pm line 41. > > Yes I have used the ./instal.sh script and Mailscanner was function good. > See some messages from /var/log/maillog > > Mar 25 00:34:13 server MailScanner[7181]: MailScanner E-Mail Virus Scanner > version 4.51.5 starting... > Mar 25 00:34:13 server MailScanner[7181]: Read 711 hostnames from the > phishing whitelist > Mar 25 00:34:14 server MailScanner[7158]: New Batch: Scanning 11 messages, > 379336 bytes > Mar 25 00:34:14 server MailScanner[7181]: WARNING: You are trying to use the > SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not > properly installed! > Mar 25 00:34:15 server MailScanner[7181]: Enabling SpamAssassin > auto-whitelist functionality... > Mar 25 00:34:20 server MailScanner[7181]: Using locktype = flock > Mar 25 00:34:29 server MailScanner[7158]: Virus and Content Scanning: > Starting > Mar 25 00:34:33 server MailScanner[7349]: MailScanner E-Mail Virus Scanner > version 4.51.5 starting... > Mar 25 00:34:33 server MailScanner[7349]: Read 711 hostnames from the > phishing whitelist > Mar 25 00:34:33 server MailScanner[6963]: New Batch: Scanning 11 messages, > 379336 bytes > Mar 25 00:34:35 server MailScanner[7349]: WARNING: You are trying to use the > SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not > properly installed! > Mar 25 00:34:35 server MailScanner[7349]: Enabling SpamAssassin > auto-whitelist functionality... > Mar 25 00:34:41 server MailScanner[7349]: Using locktype = flock > Mar 25 00:34:48 server MailScanner[6963]: Virus and Content Scanning: > Starting > Mar 25 00:34:48 server MailScanner[7349]: MailScanner child caught a SIGHUP > > Regards > > Herman > -----Oorspronkelijk bericht----- > Van: Herman Swensson [mailto:h.swensson@hccnet.nl] > Verzonden: zondag 26 maart 2006 15:04 > Aan: 'MailScanner discussion' > Onderwerp: > > Hello, > > > When starting MailScanner I Get the next error > > Starting MailScanner daemons: > incoming postfix: [ OK ] > outgoing postfix: [ OK ] > MailScanner: Can't locate MIME/Parser.pm in @INC (@INC contains: > /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi > /usr/lib/MailScanner/5.8.3 > /usr/lib/MailScanner/i386-linux-thread-multi > /usr/lib/MailScanner/5.8.2 > /usr/lib/MailScanner/5.8.1 > /usr/lib/MailScanner/5.8.0 > /usr/lib/MailScanner > /usr/lib/perl5/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/5.8.3 > /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.3 > /usr/lib/perl5/site_perl/5.8.2 > /usr/lib/perl5/site_perl/5.8.1 > /usr/lib/perl5/site_perl/5.8.0 > /usr/lib/perl5/site_perl > /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 > /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 > /usr/lib/perl5/vendor_perl > . /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi > /usr/lib/MailScanner/5.8.3 > /usr/lib/MailScanner/i386-linux-thread-multi > /usr/lib/MailScanner/5.8.2 > /usr/lib/MailScanner/5.8.1 > /usr/lib/MailScanner/5.8.0 > /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line > 41. > BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 41. > Compilation failed in require at /usr/sbin/MailScanner line 76. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 76. > > When I search for Parser.pm I get the next result: > /usr/lib/mrtg2/Pod/Parser.pm > /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Conf/Parser.pm > /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi/HTML/Parser.pm > /usr/lib/perl5/5.8.3/Pod/Parser.pm > /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi/XML/Parser.pm > /usr/lib/perl5/vendor_perl/5.8.3/XML/Checker/Parser.pm > /usr/lib/perl5/vendor_perl/5.8.3/XML/XQL/Parser.pm > /usr/lib/perl5/vendor_perl/5.8.5/MIME/Parser.pm > /root/.cpan/build/MIME-tools-5.420/lib/MIME/Parser.pm > /root/.cpan/build/MIME-tools-5.420/blib/lib/MIME/Parser.pm > > So there is a Parser.pm only MailScanner can't find it, I think > Must I change the path or must I do something else ??? > > > > Regards > > Herman > > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Sun Mar 26 18:24:52 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Sun Mar 26 18:25:00 2006 Subject: Blacklist on email to In-Reply-To: <44266144.5070804@masonc.com> References: <44258364.8070402@masonc.com> <44258806.4040900@ecs.soton.ac.uk> <4425C890.7000606@masonc.com> <4425CC91.104@evi-inc.com> <44266144.5070804@masonc.com> Message-ID: <4426CE64.9050000@evi-inc.com> Chris Mason (Lists) wrote: > Matt Kettler wrote: >> >> What MTA are you using? >> >> (answer varies considerably depending on MTA). >> > Sendmail If you're doing local mailboxes with sendmail, it should already be verifying a valid recipient at delivery time. As for the dictionary attacks, sendmail has a really neat feature that kills these off quick: Add this section to your /etc/mail/sendmail.mc: dnl #after 5 consecutive invalid recipients, start slowing them down with dnl #1 second sleeps. This kills most dictionary attackers and they drop dnl connection when the sleeps start. define(`confBAD_RCPT_THROTTLE',5) Then rebuild sendmail.cf based on the instructions that should be at the top of sendmail.mc. (some platforms have a makefile so you just use "make", others you have to pump it through m4) From maillists at conactive.com Sun Mar 26 18:31:20 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Mar 26 18:31:26 2006 Subject: In-Reply-To: <200603261611.k2QGB2Pb023749@smtp30.hccnet.nl> References: <200603261611.k2QGB2Pb023749@smtp30.hccnet.nl> Message-ID: I'm missing the question, a subject or an existing thread ;-) Are you sure you wanted to send this to the list? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From h.swensson at hccnet.nl Sun Mar 26 18:35:29 2006 From: h.swensson at hccnet.nl (Herman Swensson) Date: Sun Mar 26 18:35:36 2006 Subject: FW: Message-ID: <200603261735.k2QHZX44020065@smtp30.hccnet.nl> How do I check if there are 2 versions of Perl installed -----Oorspronkelijk bericht----- Van: Herman Swensson [mailto:h.swensson@hccnet.nl] Verzonden: zondag 26 maart 2006 18:11 Aan: 'mailscanner@lists.mailscanner.info' Onderwerp: FW: [root@server root]# MailScanner --version Can't locate MIME/Parser.pm in @INC (@INC contains: /usr/lib/MailScanner/5.8.3/i 386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/i386-linu x-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /usr/lib/Ma ilScanner/5.8.0 /usr/lib/MailScanner /usr/lib/perl5/5.8.3/i386-linux-thread-mult i /usr/lib/perl5/5.8.3 /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /u sr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5. 8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-mul ti /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/ site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib /perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8. 2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-mul ti /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendo r_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 / usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl . /usr/lib/MailScanne r/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/ i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /u sr/lib/MailScanner/5.8.0 /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScann er/MCPMessage.pm line 41. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/MCPMessage .pm line 41. Yes I have used the ./instal.sh script and Mailscanner was function good. See some messages from /var/log/maillog Mar 25 00:34:13 server MailScanner[7181]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Mar 25 00:34:13 server MailScanner[7181]: Read 711 hostnames from the phishing whitelist Mar 25 00:34:14 server MailScanner[7158]: New Batch: Scanning 11 messages, 379336 bytes Mar 25 00:34:14 server MailScanner[7181]: WARNING: You are trying to use the SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not properly installed! Mar 25 00:34:15 server MailScanner[7181]: Enabling SpamAssassin auto-whitelist functionality... Mar 25 00:34:20 server MailScanner[7181]: Using locktype = flock Mar 25 00:34:29 server MailScanner[7158]: Virus and Content Scanning: Starting Mar 25 00:34:33 server MailScanner[7349]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Mar 25 00:34:33 server MailScanner[7349]: Read 711 hostnames from the phishing whitelist Mar 25 00:34:33 server MailScanner[6963]: New Batch: Scanning 11 messages, 379336 bytes Mar 25 00:34:35 server MailScanner[7349]: WARNING: You are trying to use the SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not properly installed! Mar 25 00:34:35 server MailScanner[7349]: Enabling SpamAssassin auto-whitelist functionality... Mar 25 00:34:41 server MailScanner[7349]: Using locktype = flock Mar 25 00:34:48 server MailScanner[6963]: Virus and Content Scanning: Starting Mar 25 00:34:48 server MailScanner[7349]: MailScanner child caught a SIGHUP Regards Herman -----Oorspronkelijk bericht----- Van: Herman Swensson [mailto:h.swensson@hccnet.nl] Verzonden: zondag 26 maart 2006 15:04 Aan: 'MailScanner discussion' Onderwerp: Hello, When starting MailScanner I Get the next error Starting MailScanner daemons: incoming postfix: [ OK ] outgoing postfix: [ OK ] MailScanner: Can't locate MIME/Parser.pm in @INC (@INC contains: /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /usr/lib/MailScanner/5.8.0 /usr/lib/MailScanner /usr/lib/perl5/5.8.3/i386-linux-thread-multi /usr/lib/perl5/5.8.3 /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl . /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /usr/lib/MailScanner/5.8.0 /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 41. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 41. Compilation failed in require at /usr/sbin/MailScanner line 76. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 76. When I search for Parser.pm I get the next result: /usr/lib/mrtg2/Pod/Parser.pm /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Conf/Parser.pm /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi/HTML/Parser.pm /usr/lib/perl5/5.8.3/Pod/Parser.pm /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi/XML/Parser.pm /usr/lib/perl5/vendor_perl/5.8.3/XML/Checker/Parser.pm /usr/lib/perl5/vendor_perl/5.8.3/XML/XQL/Parser.pm /usr/lib/perl5/vendor_perl/5.8.5/MIME/Parser.pm /root/.cpan/build/MIME-tools-5.420/lib/MIME/Parser.pm /root/.cpan/build/MIME-tools-5.420/blib/lib/MIME/Parser.pm So there is a Parser.pm only MailScanner can't find it, I think Must I change the path or must I do something else ??? Regards Herman -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 From MailScanner at ecs.soton.ac.uk Sun Mar 26 19:22:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 26 19:22:35 2006 Subject: FW: In-Reply-To: <200603261735.k2QHZX44020065@smtp30.hccnet.nl> References: <200603261735.k2QHZX44020065@smtp30.hccnet.nl> Message-ID: <4426DBDD.4030600@ecs.soton.ac.uk> ls -l /usr/bin/perl /usr/local/bin/perl Herman Swensson wrote: > How do I check if there are 2 versions of Perl installed > > > -----Oorspronkelijk bericht----- > Van: Herman Swensson [mailto:h.swensson@hccnet.nl] > Verzonden: zondag 26 maart 2006 18:11 > Aan: 'mailscanner@lists.mailscanner.info' > Onderwerp: FW: > > [root@server root]# MailScanner --version > Can't locate MIME/Parser.pm in @INC (@INC contains: > /usr/lib/MailScanner/5.8.3/i > 386-linux-thread-multi /usr/lib/MailScanner/5.8.3 > /usr/lib/MailScanner/i386-linu > x-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 > /usr/lib/Ma > ilScanner/5.8.0 /usr/lib/MailScanner > /usr/lib/perl5/5.8.3/i386-linux-thread-mult > i /usr/lib/perl5/5.8.3 > /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /u > sr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5. > 8.1/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-mul > ti /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 > /usr/lib/perl5/ > site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl > /usr/lib > /perl5/vendor_perl/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8. > 2/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-mul > ti /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/vendo > r_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 > /usr/lib/perl5/vendor_perl/5.8.1 / > usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl . > /usr/lib/MailScanne > r/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 > /usr/lib/MailScanner/ > i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 > /usr/lib/MailScanner/5.8.1 /u > sr/lib/MailScanner/5.8.0 /usr/lib/MailScanner) at > /usr/lib/MailScanner/MailScann > er/MCPMessage.pm line 41. > BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/MCPMessage > .pm line 41. > > Yes I have used the ./instal.sh script and Mailscanner was function good. > See some messages from /var/log/maillog > > Mar 25 00:34:13 server MailScanner[7181]: MailScanner E-Mail Virus Scanner > version 4.51.5 starting... > Mar 25 00:34:13 server MailScanner[7181]: Read 711 hostnames from the > phishing whitelist > Mar 25 00:34:14 server MailScanner[7158]: New Batch: Scanning 11 messages, > 379336 bytes > Mar 25 00:34:14 server MailScanner[7181]: WARNING: You are trying to use the > SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not > properly installed! > Mar 25 00:34:15 server MailScanner[7181]: Enabling SpamAssassin > auto-whitelist functionality... > Mar 25 00:34:20 server MailScanner[7181]: Using locktype = flock > Mar 25 00:34:29 server MailScanner[7158]: Virus and Content Scanning: > Starting > Mar 25 00:34:33 server MailScanner[7349]: MailScanner E-Mail Virus Scanner > version 4.51.5 starting... > Mar 25 00:34:33 server MailScanner[7349]: Read 711 hostnames from the > phishing whitelist > Mar 25 00:34:33 server MailScanner[6963]: New Batch: Scanning 11 messages, > 379336 bytes > Mar 25 00:34:35 server MailScanner[7349]: WARNING: You are trying to use the > SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not > properly installed! > Mar 25 00:34:35 server MailScanner[7349]: Enabling SpamAssassin > auto-whitelist functionality... > Mar 25 00:34:41 server MailScanner[7349]: Using locktype = flock > Mar 25 00:34:48 server MailScanner[6963]: Virus and Content Scanning: > Starting > Mar 25 00:34:48 server MailScanner[7349]: MailScanner child caught a SIGHUP > > Regards > > Herman > -----Oorspronkelijk bericht----- > Van: Herman Swensson [mailto:h.swensson@hccnet.nl] > Verzonden: zondag 26 maart 2006 15:04 > Aan: 'MailScanner discussion' > Onderwerp: > > Hello, > > > When starting MailScanner I Get the next error > > Starting MailScanner daemons: > incoming postfix: [ OK ] > outgoing postfix: [ OK ] > MailScanner: Can't locate MIME/Parser.pm in @INC (@INC contains: > /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi > /usr/lib/MailScanner/5.8.3 > /usr/lib/MailScanner/i386-linux-thread-multi > /usr/lib/MailScanner/5.8.2 > /usr/lib/MailScanner/5.8.1 > /usr/lib/MailScanner/5.8.0 > /usr/lib/MailScanner > /usr/lib/perl5/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/5.8.3 > /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.3 > /usr/lib/perl5/site_perl/5.8.2 > /usr/lib/perl5/site_perl/5.8.1 > /usr/lib/perl5/site_perl/5.8.0 > /usr/lib/perl5/site_perl > /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 > /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 > /usr/lib/perl5/vendor_perl > . /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi > /usr/lib/MailScanner/5.8.3 > /usr/lib/MailScanner/i386-linux-thread-multi > /usr/lib/MailScanner/5.8.2 > /usr/lib/MailScanner/5.8.1 > /usr/lib/MailScanner/5.8.0 > /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line > 41. > BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 41. > Compilation failed in require at /usr/sbin/MailScanner line 76. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 76. > > When I search for Parser.pm I get the next result: > /usr/lib/mrtg2/Pod/Parser.pm > /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Conf/Parser.pm > /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi/HTML/Parser.pm > /usr/lib/perl5/5.8.3/Pod/Parser.pm > /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi/XML/Parser.pm > /usr/lib/perl5/vendor_perl/5.8.3/XML/Checker/Parser.pm > /usr/lib/perl5/vendor_perl/5.8.3/XML/XQL/Parser.pm > /usr/lib/perl5/vendor_perl/5.8.5/MIME/Parser.pm > /root/.cpan/build/MIME-tools-5.420/lib/MIME/Parser.pm > /root/.cpan/build/MIME-tools-5.420/blib/lib/MIME/Parser.pm > > So there is a Parser.pm only MailScanner can't find it, I think > Must I change the path or must I do something else ??? > > > > Regards > > Herman > > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From itdept at fractalweb.com Sun Mar 26 20:28:03 2006 From: itdept at fractalweb.com (Chris Yuzik) Date: Sun Mar 26 20:28:26 2006 Subject: MailScanner doesn't start sendmail on new box Message-ID: <4426EB43.6000305@fractalweb.com> Hi Everyone, I'm in the process of transitioning to a new "temporary" box until our super server is ready to deploy. Existing box is running Fedora Core 1 with Ensim Pro 3.7; new temp box is running Fedora Core 2 with Ensim Pro 4.1. Hard disk is failing on old box, which is the reason for the emergency transition. Problem is, when MailScanner starts, it doesn't start up sendmail. From what I can tell, it doesn't even try. I get: # service MailScanner start Starting MailScanner: [ OK ] # Needless to say, right now nothing is listening on port 25 for connections. Although this might significantly cut down on spam, it's not ideal. heh Obviously, if I start the sendmail service first, then start MailScanner, the mail bypasses MailScanner altogether (sure is fast though :-) I've banged my head against my keyboard for a while now. HELLLLLP! Thanks, Chris From h.swensson at hccnet.nl Sun Mar 26 20:32:01 2006 From: h.swensson at hccnet.nl (Herman Swensson) Date: Sun Mar 26 20:32:10 2006 Subject: FW: Message-ID: <200603261932.k2QJW50w001092@smtp30.hccnet.nl> [root@server root]# ls -l /usr/bin/perl /usr/local/bin/perl ls: /usr/local/bin/perl: Onbekend bestand of map -rwxr-xr-x 2 root root 12392 apr 15 2004 /usr/bin/perl -----Oorspronkelijk bericht----- Van: Herman Swensson [mailto:h.swensson@hccnet.nl] Verzonden: zondag 26 maart 2006 19:35 Aan: 'mailscanner@lists.mailscanner.info' Onderwerp: FW: How do I check if there are 2 versions of Perl installed -----Oorspronkelijk bericht----- Van: Herman Swensson [mailto:h.swensson@hccnet.nl] Verzonden: zondag 26 maart 2006 18:11 Aan: 'mailscanner@lists.mailscanner.info' Onderwerp: FW: [root@server root]# MailScanner --version Can't locate MIME/Parser.pm in @INC (@INC contains: /usr/lib/MailScanner/5.8.3/i 386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/i386-linu x-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /usr/lib/Ma ilScanner/5.8.0 /usr/lib/MailScanner /usr/lib/perl5/5.8.3/i386-linux-thread-mult i /usr/lib/perl5/5.8.3 /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /u sr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5. 8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-mul ti /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/ site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib /perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8. 2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-mul ti /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendo r_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 / usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl . /usr/lib/MailScanne r/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/ i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /u sr/lib/MailScanner/5.8.0 /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScann er/MCPMessage.pm line 41. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/MCPMessage .pm line 41. Yes I have used the ./instal.sh script and Mailscanner was function good. See some messages from /var/log/maillog Mar 25 00:34:13 server MailScanner[7181]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Mar 25 00:34:13 server MailScanner[7181]: Read 711 hostnames from the phishing whitelist Mar 25 00:34:14 server MailScanner[7158]: New Batch: Scanning 11 messages, 379336 bytes Mar 25 00:34:14 server MailScanner[7181]: WARNING: You are trying to use the SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not properly installed! Mar 25 00:34:15 server MailScanner[7181]: Enabling SpamAssassin auto-whitelist functionality... Mar 25 00:34:20 server MailScanner[7181]: Using locktype = flock Mar 25 00:34:29 server MailScanner[7158]: Virus and Content Scanning: Starting Mar 25 00:34:33 server MailScanner[7349]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Mar 25 00:34:33 server MailScanner[7349]: Read 711 hostnames from the phishing whitelist Mar 25 00:34:33 server MailScanner[6963]: New Batch: Scanning 11 messages, 379336 bytes Mar 25 00:34:35 server MailScanner[7349]: WARNING: You are trying to use the SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not properly installed! Mar 25 00:34:35 server MailScanner[7349]: Enabling SpamAssassin auto-whitelist functionality... Mar 25 00:34:41 server MailScanner[7349]: Using locktype = flock Mar 25 00:34:48 server MailScanner[6963]: Virus and Content Scanning: Starting Mar 25 00:34:48 server MailScanner[7349]: MailScanner child caught a SIGHUP Regards Herman -----Oorspronkelijk bericht----- Van: Herman Swensson [mailto:h.swensson@hccnet.nl] Verzonden: zondag 26 maart 2006 15:04 Aan: 'MailScanner discussion' Onderwerp: Hello, When starting MailScanner I Get the next error Starting MailScanner daemons: incoming postfix: [ OK ] outgoing postfix: [ OK ] MailScanner: Can't locate MIME/Parser.pm in @INC (@INC contains: /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /usr/lib/MailScanner/5.8.0 /usr/lib/MailScanner /usr/lib/perl5/5.8.3/i386-linux-thread-multi /usr/lib/perl5/5.8.3 /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl . /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /usr/lib/MailScanner/5.8.0 /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 41. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 41. Compilation failed in require at /usr/sbin/MailScanner line 76. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 76. When I search for Parser.pm I get the next result: /usr/lib/mrtg2/Pod/Parser.pm /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Conf/Parser.pm /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi/HTML/Parser.pm /usr/lib/perl5/5.8.3/Pod/Parser.pm /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi/XML/Parser.pm /usr/lib/perl5/vendor_perl/5.8.3/XML/Checker/Parser.pm /usr/lib/perl5/vendor_perl/5.8.3/XML/XQL/Parser.pm /usr/lib/perl5/vendor_perl/5.8.5/MIME/Parser.pm /root/.cpan/build/MIME-tools-5.420/lib/MIME/Parser.pm /root/.cpan/build/MIME-tools-5.420/blib/lib/MIME/Parser.pm So there is a Parser.pm only MailScanner can't find it, I think Must I change the path or must I do something else ??? Regards Herman -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 From MailScanner at ecs.soton.ac.uk Sun Mar 26 20:51:03 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 26 20:51:12 2006 Subject: FW: In-Reply-To: <200603261932.k2QJW50w001092@smtp30.hccnet.nl> References: <200603261932.k2QJW50w001092@smtp30.hccnet.nl> Message-ID: <4426F0A7.5030108@ecs.soton.ac.uk> In which case try re-running the ./install.sh. Tell me if it thinks all the modules are already installed, or whether it re-installs them all. Herman Swensson wrote: > [root@server root]# ls -l /usr/bin/perl /usr/local/bin/perl > ls: /usr/local/bin/perl: Onbekend bestand of map > -rwxr-xr-x 2 root root 12392 apr 15 2004 /usr/bin/perl > > -----Oorspronkelijk bericht----- > Van: Herman Swensson [mailto:h.swensson@hccnet.nl] > Verzonden: zondag 26 maart 2006 19:35 > Aan: 'mailscanner@lists.mailscanner.info' > Onderwerp: FW: > > How do I check if there are 2 versions of Perl installed > > > -----Oorspronkelijk bericht----- > Van: Herman Swensson [mailto:h.swensson@hccnet.nl] > Verzonden: zondag 26 maart 2006 18:11 > Aan: 'mailscanner@lists.mailscanner.info' > Onderwerp: FW: > > [root@server root]# MailScanner --version > Can't locate MIME/Parser.pm in @INC (@INC contains: > /usr/lib/MailScanner/5.8.3/i > 386-linux-thread-multi /usr/lib/MailScanner/5.8.3 > /usr/lib/MailScanner/i386-linu > x-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 > /usr/lib/Ma > ilScanner/5.8.0 /usr/lib/MailScanner > /usr/lib/perl5/5.8.3/i386-linux-thread-mult > i /usr/lib/perl5/5.8.3 > /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /u > sr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5. > 8.1/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-mul > ti /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 > /usr/lib/perl5/ > site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl > /usr/lib > /perl5/vendor_perl/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8. > 2/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-mul > ti /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/vendo > r_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 > /usr/lib/perl5/vendor_perl/5.8.1 / > usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl . > /usr/lib/MailScanne > r/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 > /usr/lib/MailScanner/ > i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 > /usr/lib/MailScanner/5.8.1 /u > sr/lib/MailScanner/5.8.0 /usr/lib/MailScanner) at > /usr/lib/MailScanner/MailScann > er/MCPMessage.pm line 41. > BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/MCPMessage > .pm line 41. > > Yes I have used the ./instal.sh script and Mailscanner was function good. > See some messages from /var/log/maillog > > Mar 25 00:34:13 server MailScanner[7181]: MailScanner E-Mail Virus Scanner > version 4.51.5 starting... > Mar 25 00:34:13 server MailScanner[7181]: Read 711 hostnames from the > phishing whitelist > Mar 25 00:34:14 server MailScanner[7158]: New Batch: Scanning 11 messages, > 379336 bytes > Mar 25 00:34:14 server MailScanner[7181]: WARNING: You are trying to use the > SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not > properly installed! > Mar 25 00:34:15 server MailScanner[7181]: Enabling SpamAssassin > auto-whitelist functionality... > Mar 25 00:34:20 server MailScanner[7181]: Using locktype = flock > Mar 25 00:34:29 server MailScanner[7158]: Virus and Content Scanning: > Starting > Mar 25 00:34:33 server MailScanner[7349]: MailScanner E-Mail Virus Scanner > version 4.51.5 starting... > Mar 25 00:34:33 server MailScanner[7349]: Read 711 hostnames from the > phishing whitelist > Mar 25 00:34:33 server MailScanner[6963]: New Batch: Scanning 11 messages, > 379336 bytes > Mar 25 00:34:35 server MailScanner[7349]: WARNING: You are trying to use the > SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not > properly installed! > Mar 25 00:34:35 server MailScanner[7349]: Enabling SpamAssassin > auto-whitelist functionality... > Mar 25 00:34:41 server MailScanner[7349]: Using locktype = flock > Mar 25 00:34:48 server MailScanner[6963]: Virus and Content Scanning: > Starting > Mar 25 00:34:48 server MailScanner[7349]: MailScanner child caught a SIGHUP > > Regards > > Herman > -----Oorspronkelijk bericht----- > Van: Herman Swensson [mailto:h.swensson@hccnet.nl] > Verzonden: zondag 26 maart 2006 15:04 > Aan: 'MailScanner discussion' > Onderwerp: > > Hello, > > > When starting MailScanner I Get the next error > > Starting MailScanner daemons: > incoming postfix: [ OK ] > outgoing postfix: [ OK ] > MailScanner: Can't locate MIME/Parser.pm in @INC (@INC contains: > /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi > /usr/lib/MailScanner/5.8.3 > /usr/lib/MailScanner/i386-linux-thread-multi > /usr/lib/MailScanner/5.8.2 > /usr/lib/MailScanner/5.8.1 > /usr/lib/MailScanner/5.8.0 > /usr/lib/MailScanner > /usr/lib/perl5/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/5.8.3 > /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.3 > /usr/lib/perl5/site_perl/5.8.2 > /usr/lib/perl5/site_perl/5.8.1 > /usr/lib/perl5/site_perl/5.8.0 > /usr/lib/perl5/site_perl > /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 > /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 > /usr/lib/perl5/vendor_perl > . /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi > /usr/lib/MailScanner/5.8.3 > /usr/lib/MailScanner/i386-linux-thread-multi > /usr/lib/MailScanner/5.8.2 > /usr/lib/MailScanner/5.8.1 > /usr/lib/MailScanner/5.8.0 > /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line > 41. > BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 41. > Compilation failed in require at /usr/sbin/MailScanner line 76. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 76. > > When I search for Parser.pm I get the next result: > /usr/lib/mrtg2/Pod/Parser.pm > /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Conf/Parser.pm > /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi/HTML/Parser.pm > /usr/lib/perl5/5.8.3/Pod/Parser.pm > /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi/XML/Parser.pm > /usr/lib/perl5/vendor_perl/5.8.3/XML/Checker/Parser.pm > /usr/lib/perl5/vendor_perl/5.8.3/XML/XQL/Parser.pm > /usr/lib/perl5/vendor_perl/5.8.5/MIME/Parser.pm > /root/.cpan/build/MIME-tools-5.420/lib/MIME/Parser.pm > /root/.cpan/build/MIME-tools-5.420/blib/lib/MIME/Parser.pm > > So there is a Parser.pm only MailScanner can't find it, I think > Must I change the path or must I do something else ??? > > > > Regards > > Herman > > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From itdept at fractalweb.com Sun Mar 26 21:11:03 2006 From: itdept at fractalweb.com (Chris Yuzik) Date: Sun Mar 26 21:11:34 2006 Subject: MailScanner doesn't start sendmail on new box In-Reply-To: <4426EB43.6000305@fractalweb.com> References: <4426EB43.6000305@fractalweb.com> Message-ID: <4426F557.2050003@fractalweb.com> Chris Yuzik wrote: > Hi Everyone, > > I'm in the process of transitioning to a new "temporary" box until our > super server is ready to deploy. Existing box is running Fedora Core 1 > with Ensim Pro 3.7; new temp box is running Fedora Core 2 with Ensim Pro > 4.1. Hard disk is failing on old box, which is the reason for the > emergency transition. > > Problem is, when MailScanner starts, it doesn't start up sendmail. From > what I can tell, it doesn't even try. I get: > > # service MailScanner start > Starting MailScanner: [ OK ] > # > > Needless to say, right now nothing is listening on port 25 for > connections. Although this might significantly cut down on spam, it's > not ideal. heh > > Obviously, if I start the sendmail service first, then start > MailScanner, the mail bypasses MailScanner altogether (sure is fast > though :-) > > I've banged my head against my keyboard for a while now. HELLLLLP! > > Thanks, > Chris > > Also, FWIW, if I type "service sendmail start" I get the following: # service sendmail start Starting sendmail: [ OK ] Starting sm-client: [ OK ] Chris From h.swensson at hccnet.nl Sun Mar 26 21:25:54 2006 From: h.swensson at hccnet.nl (Herman Swensson) Date: Sun Mar 26 21:26:00 2006 Subject: FW: Message-ID: <200603262025.k2QKPwVG005886@smtp30.hccnet.nl> When I rerun ./install.sh then most modules are instaled, but a few are again installed. And I get several errors -----Oorspronkelijk bericht----- Van: Herman Swensson [mailto:h.swensson@hccnet.nl] Verzonden: zondag 26 maart 2006 21:32 Aan: 'mailscanner@lists.mailscanner.info' Onderwerp: FW: [root@server root]# ls -l /usr/bin/perl /usr/local/bin/perl ls: /usr/local/bin/perl: Onbekend bestand of map -rwxr-xr-x 2 root root 12392 apr 15 2004 /usr/bin/perl -----Oorspronkelijk bericht----- Van: Herman Swensson [mailto:h.swensson@hccnet.nl] Verzonden: zondag 26 maart 2006 19:35 Aan: 'mailscanner@lists.mailscanner.info' Onderwerp: FW: How do I check if there are 2 versions of Perl installed -----Oorspronkelijk bericht----- Van: Herman Swensson [mailto:h.swensson@hccnet.nl] Verzonden: zondag 26 maart 2006 18:11 Aan: 'mailscanner@lists.mailscanner.info' Onderwerp: FW: [root@server root]# MailScanner --version Can't locate MIME/Parser.pm in @INC (@INC contains: /usr/lib/MailScanner/5.8.3/i 386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/i386-linu x-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /usr/lib/Ma ilScanner/5.8.0 /usr/lib/MailScanner /usr/lib/perl5/5.8.3/i386-linux-thread-mult i /usr/lib/perl5/5.8.3 /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /u sr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5. 8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-mul ti /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/ site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib /perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8. 2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-mul ti /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendo r_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 / usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl . /usr/lib/MailScanne r/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/ i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /u sr/lib/MailScanner/5.8.0 /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScann er/MCPMessage.pm line 41. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/MCPMessage .pm line 41. Yes I have used the ./instal.sh script and Mailscanner was function good. See some messages from /var/log/maillog Mar 25 00:34:13 server MailScanner[7181]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Mar 25 00:34:13 server MailScanner[7181]: Read 711 hostnames from the phishing whitelist Mar 25 00:34:14 server MailScanner[7158]: New Batch: Scanning 11 messages, 379336 bytes Mar 25 00:34:14 server MailScanner[7181]: WARNING: You are trying to use the SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not properly installed! Mar 25 00:34:15 server MailScanner[7181]: Enabling SpamAssassin auto-whitelist functionality... Mar 25 00:34:20 server MailScanner[7181]: Using locktype = flock Mar 25 00:34:29 server MailScanner[7158]: Virus and Content Scanning: Starting Mar 25 00:34:33 server MailScanner[7349]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Mar 25 00:34:33 server MailScanner[7349]: Read 711 hostnames from the phishing whitelist Mar 25 00:34:33 server MailScanner[6963]: New Batch: Scanning 11 messages, 379336 bytes Mar 25 00:34:35 server MailScanner[7349]: WARNING: You are trying to use the SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not properly installed! Mar 25 00:34:35 server MailScanner[7349]: Enabling SpamAssassin auto-whitelist functionality... Mar 25 00:34:41 server MailScanner[7349]: Using locktype = flock Mar 25 00:34:48 server MailScanner[6963]: Virus and Content Scanning: Starting Mar 25 00:34:48 server MailScanner[7349]: MailScanner child caught a SIGHUP Regards Herman -----Oorspronkelijk bericht----- Van: Herman Swensson [mailto:h.swensson@hccnet.nl] Verzonden: zondag 26 maart 2006 15:04 Aan: 'MailScanner discussion' Onderwerp: Hello, When starting MailScanner I Get the next error Starting MailScanner daemons: incoming postfix: [ OK ] outgoing postfix: [ OK ] MailScanner: Can't locate MIME/Parser.pm in @INC (@INC contains: /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /usr/lib/MailScanner/5.8.0 /usr/lib/MailScanner /usr/lib/perl5/5.8.3/i386-linux-thread-multi /usr/lib/perl5/5.8.3 /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl . /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /usr/lib/MailScanner/5.8.0 /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 41. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 41. Compilation failed in require at /usr/sbin/MailScanner line 76. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 76. When I search for Parser.pm I get the next result: /usr/lib/mrtg2/Pod/Parser.pm /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Conf/Parser.pm /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi/HTML/Parser.pm /usr/lib/perl5/5.8.3/Pod/Parser.pm /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi/XML/Parser.pm /usr/lib/perl5/vendor_perl/5.8.3/XML/Checker/Parser.pm /usr/lib/perl5/vendor_perl/5.8.3/XML/XQL/Parser.pm /usr/lib/perl5/vendor_perl/5.8.5/MIME/Parser.pm /root/.cpan/build/MIME-tools-5.420/lib/MIME/Parser.pm /root/.cpan/build/MIME-tools-5.420/blib/lib/MIME/Parser.pm So there is a Parser.pm only MailScanner can't find it, I think Must I change the path or must I do something else ??? Regards Herman -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 From MailScanner at ecs.soton.ac.uk Sun Mar 26 21:34:33 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 26 21:34:40 2006 Subject: FW: In-Reply-To: <200603262025.k2QKPwVG005886@smtp30.hccnet.nl> References: <200603262025.k2QKPwVG005886@smtp30.hccnet.nl> Message-ID: <4426FAD9.4030004@ecs.soton.ac.uk> Do you get anything different with ./install.sh --perl=/usr/bin/perl ? Herman Swensson wrote: > When I rerun ./install.sh then most modules are instaled, but a few are > again installed. > And I get several errors > > > > > -----Oorspronkelijk bericht----- > Van: Herman Swensson [mailto:h.swensson@hccnet.nl] > Verzonden: zondag 26 maart 2006 21:32 > Aan: 'mailscanner@lists.mailscanner.info' > Onderwerp: FW: > > [root@server root]# ls -l /usr/bin/perl /usr/local/bin/perl > ls: /usr/local/bin/perl: Onbekend bestand of map > -rwxr-xr-x 2 root root 12392 apr 15 2004 /usr/bin/perl > > -----Oorspronkelijk bericht----- > Van: Herman Swensson [mailto:h.swensson@hccnet.nl] > Verzonden: zondag 26 maart 2006 19:35 > Aan: 'mailscanner@lists.mailscanner.info' > Onderwerp: FW: > > How do I check if there are 2 versions of Perl installed > > > -----Oorspronkelijk bericht----- > Van: Herman Swensson [mailto:h.swensson@hccnet.nl] > Verzonden: zondag 26 maart 2006 18:11 > Aan: 'mailscanner@lists.mailscanner.info' > Onderwerp: FW: > > [root@server root]# MailScanner --version > Can't locate MIME/Parser.pm in @INC (@INC contains: > /usr/lib/MailScanner/5.8.3/i > 386-linux-thread-multi /usr/lib/MailScanner/5.8.3 > /usr/lib/MailScanner/i386-linu > x-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 > /usr/lib/Ma > ilScanner/5.8.0 /usr/lib/MailScanner > /usr/lib/perl5/5.8.3/i386-linux-thread-mult > i /usr/lib/perl5/5.8.3 > /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /u > sr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5. > 8.1/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-mul > ti /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 > /usr/lib/perl5/ > site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl > /usr/lib > /perl5/vendor_perl/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8. > 2/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-mul > ti /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/vendo > r_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 > /usr/lib/perl5/vendor_perl/5.8.1 / > usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl . > /usr/lib/MailScanne > r/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 > /usr/lib/MailScanner/ > i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 > /usr/lib/MailScanner/5.8.1 /u > sr/lib/MailScanner/5.8.0 /usr/lib/MailScanner) at > /usr/lib/MailScanner/MailScann > er/MCPMessage.pm line 41. > BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/MCPMessage > .pm line 41. > > Yes I have used the ./instal.sh script and Mailscanner was function good. > See some messages from /var/log/maillog > > Mar 25 00:34:13 server MailScanner[7181]: MailScanner E-Mail Virus Scanner > version 4.51.5 starting... > Mar 25 00:34:13 server MailScanner[7181]: Read 711 hostnames from the > phishing whitelist > Mar 25 00:34:14 server MailScanner[7158]: New Batch: Scanning 11 messages, > 379336 bytes > Mar 25 00:34:14 server MailScanner[7181]: WARNING: You are trying to use the > SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not > properly installed! > Mar 25 00:34:15 server MailScanner[7181]: Enabling SpamAssassin > auto-whitelist functionality... > Mar 25 00:34:20 server MailScanner[7181]: Using locktype = flock > Mar 25 00:34:29 server MailScanner[7158]: Virus and Content Scanning: > Starting > Mar 25 00:34:33 server MailScanner[7349]: MailScanner E-Mail Virus Scanner > version 4.51.5 starting... > Mar 25 00:34:33 server MailScanner[7349]: Read 711 hostnames from the > phishing whitelist > Mar 25 00:34:33 server MailScanner[6963]: New Batch: Scanning 11 messages, > 379336 bytes > Mar 25 00:34:35 server MailScanner[7349]: WARNING: You are trying to use the > SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not > properly installed! > Mar 25 00:34:35 server MailScanner[7349]: Enabling SpamAssassin > auto-whitelist functionality... > Mar 25 00:34:41 server MailScanner[7349]: Using locktype = flock > Mar 25 00:34:48 server MailScanner[6963]: Virus and Content Scanning: > Starting > Mar 25 00:34:48 server MailScanner[7349]: MailScanner child caught a SIGHUP > > Regards > > Herman > -----Oorspronkelijk bericht----- > Van: Herman Swensson [mailto:h.swensson@hccnet.nl] > Verzonden: zondag 26 maart 2006 15:04 > Aan: 'MailScanner discussion' > Onderwerp: > > Hello, > > > When starting MailScanner I Get the next error > > Starting MailScanner daemons: > incoming postfix: [ OK ] > outgoing postfix: [ OK ] > MailScanner: Can't locate MIME/Parser.pm in @INC (@INC contains: > /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi > /usr/lib/MailScanner/5.8.3 > /usr/lib/MailScanner/i386-linux-thread-multi > /usr/lib/MailScanner/5.8.2 > /usr/lib/MailScanner/5.8.1 > /usr/lib/MailScanner/5.8.0 > /usr/lib/MailScanner > /usr/lib/perl5/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/5.8.3 > /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.3 > /usr/lib/perl5/site_perl/5.8.2 > /usr/lib/perl5/site_perl/5.8.1 > /usr/lib/perl5/site_perl/5.8.0 > /usr/lib/perl5/site_perl > /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 > /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 > /usr/lib/perl5/vendor_perl > . /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi > /usr/lib/MailScanner/5.8.3 > /usr/lib/MailScanner/i386-linux-thread-multi > /usr/lib/MailScanner/5.8.2 > /usr/lib/MailScanner/5.8.1 > /usr/lib/MailScanner/5.8.0 > /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line > 41. > BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 41. > Compilation failed in require at /usr/sbin/MailScanner line 76. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 76. > > When I search for Parser.pm I get the next result: > /usr/lib/mrtg2/Pod/Parser.pm > /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Conf/Parser.pm > /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi/HTML/Parser.pm > /usr/lib/perl5/5.8.3/Pod/Parser.pm > /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi/XML/Parser.pm > /usr/lib/perl5/vendor_perl/5.8.3/XML/Checker/Parser.pm > /usr/lib/perl5/vendor_perl/5.8.3/XML/XQL/Parser.pm > /usr/lib/perl5/vendor_perl/5.8.5/MIME/Parser.pm > /root/.cpan/build/MIME-tools-5.420/lib/MIME/Parser.pm > /root/.cpan/build/MIME-tools-5.420/blib/lib/MIME/Parser.pm > > So there is a Parser.pm only MailScanner can't find it, I think > Must I change the path or must I do something else ??? > > > > Regards > > Herman > > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From h.swensson at hccnet.nl Sun Mar 26 21:46:52 2006 From: h.swensson at hccnet.nl (Herman Swensson) Date: Sun Mar 26 21:46:58 2006 Subject: Message-ID: <200603262046.k2QKku5H020181@smtp30.hccnet.nl> [root@server MailScanner-4.51.5-1]# ./install.sh --perl=/usr/bin/perl Good. You have the patch command. Good, you have /usr/src/redhat in place. Good, unpackaged files will not break the build process. Good, far-too-clever Perl requirements will be ignored. install.sh: error: unrecognized option: --perl=/usr/bin/perl Try `./install.sh --help' for more information. -----Oorspronkelijk bericht----- Van: Herman Swensson [mailto:h.swensson@hccnet.nl] Verzonden: zondag 26 maart 2006 22:26 Aan: 'mailscanner@lists.mailscanner.info' Onderwerp: FW: When I rerun ./install.sh then most modules are instaled, but a few are again installed. And I get several errors -----Oorspronkelijk bericht----- Van: Herman Swensson [mailto:h.swensson@hccnet.nl] Verzonden: zondag 26 maart 2006 21:32 Aan: 'mailscanner@lists.mailscanner.info' Onderwerp: FW: [root@server root]# ls -l /usr/bin/perl /usr/local/bin/perl ls: /usr/local/bin/perl: Onbekend bestand of map -rwxr-xr-x 2 root root 12392 apr 15 2004 /usr/bin/perl -----Oorspronkelijk bericht----- Van: Herman Swensson [mailto:h.swensson@hccnet.nl] Verzonden: zondag 26 maart 2006 19:35 Aan: 'mailscanner@lists.mailscanner.info' Onderwerp: FW: How do I check if there are 2 versions of Perl installed -----Oorspronkelijk bericht----- Van: Herman Swensson [mailto:h.swensson@hccnet.nl] Verzonden: zondag 26 maart 2006 18:11 Aan: 'mailscanner@lists.mailscanner.info' Onderwerp: FW: [root@server root]# MailScanner --version Can't locate MIME/Parser.pm in @INC (@INC contains: /usr/lib/MailScanner/5.8.3/i 386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/i386-linu x-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /usr/lib/Ma ilScanner/5.8.0 /usr/lib/MailScanner /usr/lib/perl5/5.8.3/i386-linux-thread-mult i /usr/lib/perl5/5.8.3 /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /u sr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5. 8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-mul ti /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/ site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib /perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8. 2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-mul ti /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendo r_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 / usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl . /usr/lib/MailScanne r/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/ i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /u sr/lib/MailScanner/5.8.0 /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScann er/MCPMessage.pm line 41. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/MCPMessage .pm line 41. Yes I have used the ./instal.sh script and Mailscanner was function good. See some messages from /var/log/maillog Mar 25 00:34:13 server MailScanner[7181]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Mar 25 00:34:13 server MailScanner[7181]: Read 711 hostnames from the phishing whitelist Mar 25 00:34:14 server MailScanner[7158]: New Batch: Scanning 11 messages, 379336 bytes Mar 25 00:34:14 server MailScanner[7181]: WARNING: You are trying to use the SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not properly installed! Mar 25 00:34:15 server MailScanner[7181]: Enabling SpamAssassin auto-whitelist functionality... Mar 25 00:34:20 server MailScanner[7181]: Using locktype = flock Mar 25 00:34:29 server MailScanner[7158]: Virus and Content Scanning: Starting Mar 25 00:34:33 server MailScanner[7349]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Mar 25 00:34:33 server MailScanner[7349]: Read 711 hostnames from the phishing whitelist Mar 25 00:34:33 server MailScanner[6963]: New Batch: Scanning 11 messages, 379336 bytes Mar 25 00:34:35 server MailScanner[7349]: WARNING: You are trying to use the SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not properly installed! Mar 25 00:34:35 server MailScanner[7349]: Enabling SpamAssassin auto-whitelist functionality... Mar 25 00:34:41 server MailScanner[7349]: Using locktype = flock Mar 25 00:34:48 server MailScanner[6963]: Virus and Content Scanning: Starting Mar 25 00:34:48 server MailScanner[7349]: MailScanner child caught a SIGHUP Regards Herman -----Oorspronkelijk bericht----- Van: Herman Swensson [mailto:h.swensson@hccnet.nl] Verzonden: zondag 26 maart 2006 15:04 Aan: 'MailScanner discussion' Onderwerp: Hello, When starting MailScanner I Get the next error Starting MailScanner daemons: incoming postfix: [ OK ] outgoing postfix: [ OK ] MailScanner: Can't locate MIME/Parser.pm in @INC (@INC contains: /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /usr/lib/MailScanner/5.8.0 /usr/lib/MailScanner /usr/lib/perl5/5.8.3/i386-linux-thread-multi /usr/lib/perl5/5.8.3 /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl . /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /usr/lib/MailScanner/5.8.0 /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 41. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 41. Compilation failed in require at /usr/sbin/MailScanner line 76. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 76. When I search for Parser.pm I get the next result: /usr/lib/mrtg2/Pod/Parser.pm /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Conf/Parser.pm /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi/HTML/Parser.pm /usr/lib/perl5/5.8.3/Pod/Parser.pm /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi/XML/Parser.pm /usr/lib/perl5/vendor_perl/5.8.3/XML/Checker/Parser.pm /usr/lib/perl5/vendor_perl/5.8.3/XML/XQL/Parser.pm /usr/lib/perl5/vendor_perl/5.8.5/MIME/Parser.pm /root/.cpan/build/MIME-tools-5.420/lib/MIME/Parser.pm /root/.cpan/build/MIME-tools-5.420/blib/lib/MIME/Parser.pm So there is a Parser.pm only MailScanner can't find it, I think Must I change the path or must I do something else ??? Regards Herman -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 From jason.broome at freecom.net Sun Mar 26 21:47:52 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 21:47:54 2006 Subject: [Scanned by Freecom.net] Message-ID: <880455162@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From jason.broome at freecom.net Sun Mar 26 21:51:37 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 21:51:38 2006 Subject: [Scanned by Freecom.net] Message-ID: <880455282@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From jason.broome at freecom.net Sun Mar 26 21:54:06 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 21:54:09 2006 Subject: [Scanned by Freecom.net] Message-ID: <880455363@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From jason.broome at freecom.net Sun Mar 26 21:56:28 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 21:56:29 2006 Subject: [Scanned by Freecom.net] Message-ID: <880455438@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From h.swensson at hccnet.nl Sun Mar 26 21:57:25 2006 From: h.swensson at hccnet.nl (Herman Swensson) Date: Sun Mar 26 21:57:30 2006 Subject: FW: Message-ID: <200603262057.k2QKvSdT026443@smtp30.hccnet.nl> [root@server MailScanner-4.51.5-1]# ./install.sh --perl=/usr/bin/perl Good. You have the patch command. Good, you have /usr/src/redhat in place. Good, unpackaged files will not break the build process. Good, far-too-clever Perl requirements will be ignored. install.sh: error: unrecognized option: --perl=/usr/bin/perl Try `./install.sh --help' for more information. -----Oorspronkelijk bericht----- Van: Herman Swensson [mailto:h.swensson@hccnet.nl] Verzonden: zondag 26 maart 2006 22:26 Aan: 'mailscanner@lists.mailscanner.info' Onderwerp: FW: When I rerun ./install.sh then most modules are instaled, but a few are again installed. And I get several errors -----Oorspronkelijk bericht----- Van: Herman Swensson [mailto:h.swensson@hccnet.nl] Verzonden: zondag 26 maart 2006 21:32 Aan: 'mailscanner@lists.mailscanner.info' Onderwerp: FW: [root@server root]# ls -l /usr/bin/perl /usr/local/bin/perl ls: /usr/local/bin/perl: Onbekend bestand of map -rwxr-xr-x 2 root root 12392 apr 15 2004 /usr/bin/perl -----Oorspronkelijk bericht----- Van: Herman Swensson [mailto:h.swensson@hccnet.nl] Verzonden: zondag 26 maart 2006 19:35 Aan: 'mailscanner@lists.mailscanner.info' Onderwerp: FW: How do I check if there are 2 versions of Perl installed -----Oorspronkelijk bericht----- Van: Herman Swensson [mailto:h.swensson@hccnet.nl] Verzonden: zondag 26 maart 2006 18:11 Aan: 'mailscanner@lists.mailscanner.info' Onderwerp: FW: [root@server root]# MailScanner --version Can't locate MIME/Parser.pm in @INC (@INC contains: /usr/lib/MailScanner/5.8.3/i 386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/i386-linu x-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /usr/lib/Ma ilScanner/5.8.0 /usr/lib/MailScanner /usr/lib/perl5/5.8.3/i386-linux-thread-mult i /usr/lib/perl5/5.8.3 /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /u sr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5. 8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-mul ti /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/ site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib /perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8. 2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-mul ti /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendo r_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 / usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl . /usr/lib/MailScanne r/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/ i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /u sr/lib/MailScanner/5.8.0 /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScann er/MCPMessage.pm line 41. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/MCPMessage .pm line 41. Yes I have used the ./instal.sh script and Mailscanner was function good. See some messages from /var/log/maillog Mar 25 00:34:13 server MailScanner[7181]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Mar 25 00:34:13 server MailScanner[7181]: Read 711 hostnames from the phishing whitelist Mar 25 00:34:14 server MailScanner[7158]: New Batch: Scanning 11 messages, 379336 bytes Mar 25 00:34:14 server MailScanner[7181]: WARNING: You are trying to use the SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not properly installed! Mar 25 00:34:15 server MailScanner[7181]: Enabling SpamAssassin auto-whitelist functionality... Mar 25 00:34:20 server MailScanner[7181]: Using locktype = flock Mar 25 00:34:29 server MailScanner[7158]: Virus and Content Scanning: Starting Mar 25 00:34:33 server MailScanner[7349]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Mar 25 00:34:33 server MailScanner[7349]: Read 711 hostnames from the phishing whitelist Mar 25 00:34:33 server MailScanner[6963]: New Batch: Scanning 11 messages, 379336 bytes Mar 25 00:34:35 server MailScanner[7349]: WARNING: You are trying to use the SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not properly installed! Mar 25 00:34:35 server MailScanner[7349]: Enabling SpamAssassin auto-whitelist functionality... Mar 25 00:34:41 server MailScanner[7349]: Using locktype = flock Mar 25 00:34:48 server MailScanner[6963]: Virus and Content Scanning: Starting Mar 25 00:34:48 server MailScanner[7349]: MailScanner child caught a SIGHUP Regards Herman -----Oorspronkelijk bericht----- Van: Herman Swensson [mailto:h.swensson@hccnet.nl] Verzonden: zondag 26 maart 2006 15:04 Aan: 'MailScanner discussion' Onderwerp: Hello, When starting MailScanner I Get the next error Starting MailScanner daemons: incoming postfix: [ OK ] outgoing postfix: [ OK ] MailScanner: Can't locate MIME/Parser.pm in @INC (@INC contains: /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /usr/lib/MailScanner/5.8.0 /usr/lib/MailScanner /usr/lib/perl5/5.8.3/i386-linux-thread-multi /usr/lib/perl5/5.8.3 /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl . /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /usr/lib/MailScanner/5.8.0 /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 41. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 41. Compilation failed in require at /usr/sbin/MailScanner line 76. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 76. When I search for Parser.pm I get the next result: /usr/lib/mrtg2/Pod/Parser.pm /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Conf/Parser.pm /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi/HTML/Parser.pm /usr/lib/perl5/5.8.3/Pod/Parser.pm /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi/XML/Parser.pm /usr/lib/perl5/vendor_perl/5.8.3/XML/Checker/Parser.pm /usr/lib/perl5/vendor_perl/5.8.3/XML/XQL/Parser.pm /usr/lib/perl5/vendor_perl/5.8.5/MIME/Parser.pm /root/.cpan/build/MIME-tools-5.420/lib/MIME/Parser.pm /root/.cpan/build/MIME-tools-5.420/blib/lib/MIME/Parser.pm So there is a Parser.pm only MailScanner can't find it, I think Must I change the path or must I do something else ??? Regards Herman -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 24-3-2006 From jason.broome at freecom.net Sun Mar 26 21:58:33 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 21:58:34 2006 Subject: [Scanned by Freecom.net] Message-ID: <880455504@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From mike at vesol.com Sun Mar 26 21:59:24 2006 From: mike at vesol.com (Mike Kercher) Date: Sun Mar 26 21:59:40 2006 Subject: [Scanned by Freecom.net] Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Jason Broome > Sent: Sunday, March 26, 2006 2:48 PM > To: mailscanner@lists.mailscanner.info > Subject: RE: [Scanned by Freecom.net] > > I'm currently on annual leave and will return to work on > Monday 3rd April 2006. If you require Technical Support > please call 08708 800100 (option 2). > > Regards > > Jason Broome > 3rd Line Operations > Freecom.net > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Ugh...how annoying! OOM & a modified subject to boot! Julian, please hit this guy with a clue stick and unsub him. Mike From jason.broome at freecom.net Sun Mar 26 22:01:08 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 22:01:11 2006 Subject: FW: [Scanned by Freecom.net] Message-ID: <880455716@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From jason.broome at freecom.net Sun Mar 26 22:03:06 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 22:03:08 2006 Subject: [Scanned by Freecom.net] Message-ID: <880455779@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From jason.broome at freecom.net Sun Mar 26 22:05:15 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 22:05:17 2006 Subject: [Scanned by Freecom.net] Message-ID: <880455847@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From jason.broome at freecom.net Sun Mar 26 22:07:41 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 22:07:44 2006 Subject: FW: [Scanned by Freecom.net] Message-ID: <880455924@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From drew at themarshalls.co.uk Sun Mar 26 22:07:53 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Sun Mar 26 22:08:04 2006 Subject: [Scanned by Freecom.net] In-Reply-To: <880455504@mail.freecom.net> References: <880455504@mail.freecom.net> Message-ID: <0ED789F4-9297-4E5F-94FB-34D7EA0E52E2@themarshalls.co.uk> On 26 Mar 2006, at 21:58, Jason Broome wrote: > I?m currently on annual leave and will return to work on Monday 3rd > April 2006. If you require Technical Support please call 08708 > 800100 (option 2). Kinda got the hint the first time :-) Jules could you work some magic please? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From doc at maddoc.net Sun Mar 26 22:08:55 2006 From: doc at maddoc.net (Doc Schneider) Date: Sun Mar 26 22:09:00 2006 Subject: [Scanned by Freecom.net] In-Reply-To: <880455504@mail.freecom.net> References: <880455504@mail.freecom.net> Message-ID: <442702E7.9080707@maddoc.net> Jason Broome wrote: > I?m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). > > Regards > > Jason Broome > 3rd Line Operations > Freecom.net Can one of the list admins please unsub this person or else put them on no mail. Geez.... must have been in a hurry to go on his annual leave. -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From jason.broome at freecom.net Sun Mar 26 22:09:32 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 22:09:33 2006 Subject: [Scanned by Freecom.net] Message-ID: <880455984@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From jason.broome at freecom.net Sun Mar 26 22:11:54 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 22:11:56 2006 Subject: [Scanned by Freecom.net] Message-ID: <880456059@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From jason.broome at freecom.net Sun Mar 26 22:14:17 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 22:14:19 2006 Subject: FW: [Scanned by Freecom.net] Message-ID: <880456136@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From jason.broome at freecom.net Sun Mar 26 22:16:19 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 22:16:21 2006 Subject: [Scanned by Freecom.net] Message-ID: <880456201@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From jason.broome at freecom.net Sun Mar 26 22:18:44 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 22:18:46 2006 Subject: [Scanned by Freecom.net] Message-ID: <880456278@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From jason.broome at freecom.net Sun Mar 26 22:21:02 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 22:21:03 2006 Subject: [Scanned by Freecom.net] Message-ID: <880456353@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From jason.broome at freecom.net Sun Mar 26 22:23:15 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 22:23:17 2006 Subject: [Scanned by Freecom.net] Message-ID: <880456423@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From jason.broome at freecom.net Sun Mar 26 22:25:09 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 22:25:12 2006 Subject: FW: [Scanned by Freecom.net] Message-ID: <880456484@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From jason.broome at freecom.net Sun Mar 26 22:27:37 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 22:27:38 2006 Subject: [Scanned by Freecom.net] Message-ID: <880456562@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From jason.broome at freecom.net Sun Mar 26 22:29:30 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 22:29:33 2006 Subject: [Scanned by Freecom.net] Message-ID: <880456623@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From jason.broome at freecom.net Sun Mar 26 22:32:09 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 22:32:11 2006 Subject: [Scanned by Freecom.net] Message-ID: <880456708@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From jason.broome at freecom.net Sun Mar 26 22:34:56 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 22:34:57 2006 Subject: [Scanned by Freecom.net] Message-ID: <880456796@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From jason.broome at freecom.net Sun Mar 26 22:37:21 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 22:37:23 2006 Subject: FW: [Scanned by Freecom.net] Message-ID: <880456874@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From jason.broome at freecom.net Sun Mar 26 22:41:20 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 22:41:22 2006 Subject: [Scanned by Freecom.net] Message-ID: <880457002@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From lists at masonc.com Sun Mar 26 22:41:56 2006 From: lists at masonc.com (Chris Mason (Lists)) Date: Sun Mar 26 22:42:08 2006 Subject: Blacklist on email to In-Reply-To: References: <44258364.8070402@masonc.com> <44258806.4040900@ecs.soton.ac.uk> <4425C890.7000606@masonc.com> <4425CC91.104@evi-inc.com> <44266144.5070804@masonc.com> Message-ID: <44270AA4.2010900@masonc.com> Kai Schaetzl wrote: > > Then you want to use the access.db. If you don't know what this is, > install Webmin and administer it that way. > > Kai > > I know what it is. The access db is a way to manually block senders, which is not what I asked for. Anyway, I found a script that did what I was looking for, modified it, integrated it into the apf firewall so that the ip of spammers trying a dictionary name attack (or rumplestiltskin if you want to correct name) were added to the block list of the firewall. It's working beautifully now, I've blocked 10 spam relays today already, which is probably 1,000 pcs spam. This form of spam attack was driving me nuts, for some reason they like my masonc.com domain. I'm happy to share the method with anyone who is interested. -- Chris Mason NetConcepts (264) 497-5670 Fax: (264) 497-8463 Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271 Cell: 264-235-5670 Yahoo IM: netconcepts_anguilla@yahoo.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Sun Mar 26 22:43:06 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Sun Mar 26 22:43:20 2006 Subject: Broken vacation rule [Scanned by Freecom.net] In-Reply-To: <442702E7.9080707@maddoc.net> References: <880455504@mail.freecom.net> <442702E7.9080707@maddoc.net> Message-ID: <44270AEA.9080001@evi-inc.com> Doc Schneider wrote: > Jason Broome wrote: >> I?m currently on annual leave and will return to work on Monday 3rd >> April 2006. If you require Technical Support please call 08708 800100 >> (option 2). >> >> Regards >> >> Jason Broome >> 3rd Line Operations >> Freecom.net > > Can one of the list admins please unsub this person or else put them on > no mail. Geez.... must have been in a hurry to go on his annual leave. And one wonders why so many people despise lists which insert a "Reply-To" header that points back to the list.. Too many *CENSORED* out there that think "reply" is an appropriate behavior for a vacation rule. Of course, if we're lucky someone will spamcop freecom.net's mailservers. (Spamcop DOES accept reports for broken vacation rules, which this clearly is, and it was done by a systems admin who should know better. While I hate to see companies listed because some *CENSORED* in marketing crafted up his own vacation rule without following procedure, I don't have any sympathy for freecom if they get listed for this.) From jason.broome at freecom.net Sun Mar 26 22:43:29 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 22:43:31 2006 Subject: [Scanned by Freecom.net] Message-ID: <880457070@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From jason.broome at freecom.net Sun Mar 26 22:45:49 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 22:45:50 2006 Subject: [Scanned by Freecom.net] Message-ID: <880457144@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From jason.broome at freecom.net Sun Mar 26 22:48:00 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 22:48:02 2006 Subject: [Scanned by Freecom.net] Message-ID: <880457216@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From jason.broome at freecom.net Sun Mar 26 22:50:06 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 22:50:08 2006 Subject: FW: [Scanned by Freecom.net] Message-ID: <880457283@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From shrek-m at gmx.de Sun Mar 26 22:50:58 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Sun Mar 26 22:51:00 2006 Subject: please unsubscribe (was RE: [Scanned by Freecom.net]) Message-ID: <44270CC2.1090409@gmx.de> I?m currently on annual leave and will return to work on Monday 3rd April 2006. please unsubscribe jason.broome@freecom.net -- shrek-m From jason.broome at freecom.net Sun Mar 26 22:52:40 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 22:52:42 2006 Subject: [Scanned by Freecom.net] Message-ID: <880457364@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From jason.broome at freecom.net Sun Mar 26 22:55:20 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 22:55:22 2006 Subject: Blacklist on email to [Scanned by Freecom.net] Message-ID: <880457450@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From jason.broome at freecom.net Sun Mar 26 22:57:28 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 22:57:31 2006 Subject: Broken vacation rule [Scanned by Freecom.net] Message-ID: <880457518@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From jason.broome at freecom.net Sun Mar 26 22:59:27 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 22:59:29 2006 Subject: [Scanned by Freecom.net] Message-ID: <880457581@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From raymond at prolocation.net Sun Mar 26 23:00:58 2006 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Sun Mar 26 23:00:55 2006 Subject: Broken vacation rule [Scanned by Freecom.net] In-Reply-To: <44270AEA.9080001@evi-inc.com> References: <880455504@mail.freecom.net> <442702E7.9080707@maddoc.net> <44270AEA.9080001@evi-inc.com> Message-ID: Hi! > And one wonders why so many people despise lists which insert a "Reply-To" > header that points back to the list.. > > Too many *CENSORED* out there that think "reply" is an appropriate behavior for > a vacation rule. > > Of course, if we're lucky someone will spamcop freecom.net's mailservers. > > (Spamcop DOES accept reports for broken vacation rules, which this clearly is, > and it was done by a systems admin who should know better. While I hate to see > companies listed because some *CENSORED* in marketing crafted up his own > vacation rule without following procedure, I don't have any sympathy for freecom > if they get listed for this.) About to write a small .cf for SA to crap this out ;) hahahaha. .... Bye, Raymond. From jason.broome at freecom.net Sun Mar 26 23:01:42 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 23:01:44 2006 Subject: [Scanned by Freecom.net] Message-ID: <880457781@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From MailScanner at ecs.soton.ac.uk Sun Mar 26 23:03:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 26 23:03:19 2006 Subject: In-Reply-To: <200603262046.k2QKku5H020181@smtp30.hccnet.nl> References: <200603262046.k2QKku5H020181@smtp30.hccnet.nl> Message-ID: <44270F9F.9040005@ecs.soton.ac.uk> Aha, you get some errors! What packages are causing the errors? Also, go through /etc/sysconfig/i18n file and remove all mention of UTF8. Then logout, login again and run the ./install.sh again. This may well reduce the number of errors a lot. Herman Swensson wrote: > [root@server MailScanner-4.51.5-1]# ./install.sh --perl=/usr/bin/perl > > Good. You have the patch command. > > Good, you have /usr/src/redhat in place. > > Good, unpackaged files will not break the build process. > Good, far-too-clever Perl requirements will be ignored. > install.sh: error: unrecognized option: --perl=/usr/bin/perl > Try `./install.sh --help' for more information. > > -----Oorspronkelijk bericht----- > Van: Herman Swensson [mailto:h.swensson@hccnet.nl] > Verzonden: zondag 26 maart 2006 22:26 > Aan: 'mailscanner@lists.mailscanner.info' > Onderwerp: FW: > > When I rerun ./install.sh then most modules are instaled, but a few are > again installed. > And I get several errors > > > > > -----Oorspronkelijk bericht----- > Van: Herman Swensson [mailto:h.swensson@hccnet.nl] > Verzonden: zondag 26 maart 2006 21:32 > Aan: 'mailscanner@lists.mailscanner.info' > Onderwerp: FW: > > [root@server root]# ls -l /usr/bin/perl /usr/local/bin/perl > ls: /usr/local/bin/perl: Onbekend bestand of map > -rwxr-xr-x 2 root root 12392 apr 15 2004 /usr/bin/perl > > -----Oorspronkelijk bericht----- > Van: Herman Swensson [mailto:h.swensson@hccnet.nl] > Verzonden: zondag 26 maart 2006 19:35 > Aan: 'mailscanner@lists.mailscanner.info' > Onderwerp: FW: > > How do I check if there are 2 versions of Perl installed > > > -----Oorspronkelijk bericht----- > Van: Herman Swensson [mailto:h.swensson@hccnet.nl] > Verzonden: zondag 26 maart 2006 18:11 > Aan: 'mailscanner@lists.mailscanner.info' > Onderwerp: FW: > > [root@server root]# MailScanner --version > Can't locate MIME/Parser.pm in @INC (@INC contains: > /usr/lib/MailScanner/5.8.3/i > 386-linux-thread-multi /usr/lib/MailScanner/5.8.3 > /usr/lib/MailScanner/i386-linu > x-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 > /usr/lib/Ma > ilScanner/5.8.0 /usr/lib/MailScanner > /usr/lib/perl5/5.8.3/i386-linux-thread-mult > i /usr/lib/perl5/5.8.3 > /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /u > sr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5. > 8.1/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-mul > ti /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 > /usr/lib/perl5/ > site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl > /usr/lib > /perl5/vendor_perl/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8. > 2/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-mul > ti /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/vendo > r_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 > /usr/lib/perl5/vendor_perl/5.8.1 / > usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl . > /usr/lib/MailScanne > r/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 > /usr/lib/MailScanner/ > i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 > /usr/lib/MailScanner/5.8.1 /u > sr/lib/MailScanner/5.8.0 /usr/lib/MailScanner) at > /usr/lib/MailScanner/MailScann > er/MCPMessage.pm line 41. > BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/MCPMessage > .pm line 41. > > Yes I have used the ./instal.sh script and Mailscanner was function good. > See some messages from /var/log/maillog > > Mar 25 00:34:13 server MailScanner[7181]: MailScanner E-Mail Virus Scanner > version 4.51.5 starting... > Mar 25 00:34:13 server MailScanner[7181]: Read 711 hostnames from the > phishing whitelist > Mar 25 00:34:14 server MailScanner[7158]: New Batch: Scanning 11 messages, > 379336 bytes > Mar 25 00:34:14 server MailScanner[7181]: WARNING: You are trying to use the > SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not > properly installed! > Mar 25 00:34:15 server MailScanner[7181]: Enabling SpamAssassin > auto-whitelist functionality... > Mar 25 00:34:20 server MailScanner[7181]: Using locktype = flock > Mar 25 00:34:29 server MailScanner[7158]: Virus and Content Scanning: > Starting > Mar 25 00:34:33 server MailScanner[7349]: MailScanner E-Mail Virus Scanner > version 4.51.5 starting... > Mar 25 00:34:33 server MailScanner[7349]: Read 711 hostnames from the > phishing whitelist > Mar 25 00:34:33 server MailScanner[6963]: New Batch: Scanning 11 messages, > 379336 bytes > Mar 25 00:34:35 server MailScanner[7349]: WARNING: You are trying to use the > SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not > properly installed! > Mar 25 00:34:35 server MailScanner[7349]: Enabling SpamAssassin > auto-whitelist functionality... > Mar 25 00:34:41 server MailScanner[7349]: Using locktype = flock > Mar 25 00:34:48 server MailScanner[6963]: Virus and Content Scanning: > Starting > Mar 25 00:34:48 server MailScanner[7349]: MailScanner child caught a SIGHUP > > Regards > > Herman > -----Oorspronkelijk bericht----- > Van: Herman Swensson [mailto:h.swensson@hccnet.nl] > Verzonden: zondag 26 maart 2006 15:04 > Aan: 'MailScanner discussion' > Onderwerp: > > Hello, > > > When starting MailScanner I Get the next error > > Starting MailScanner daemons: > incoming postfix: [ OK ] > outgoing postfix: [ OK ] > MailScanner: Can't locate MIME/Parser.pm in @INC (@INC contains: > /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi > /usr/lib/MailScanner/5.8.3 > /usr/lib/MailScanner/i386-linux-thread-multi > /usr/lib/MailScanner/5.8.2 > /usr/lib/MailScanner/5.8.1 > /usr/lib/MailScanner/5.8.0 > /usr/lib/MailScanner > /usr/lib/perl5/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/5.8.3 > /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.3 > /usr/lib/perl5/site_perl/5.8.2 > /usr/lib/perl5/site_perl/5.8.1 > /usr/lib/perl5/site_perl/5.8.0 > /usr/lib/perl5/site_perl > /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 > /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 > /usr/lib/perl5/vendor_perl > . /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi > /usr/lib/MailScanner/5.8.3 > /usr/lib/MailScanner/i386-linux-thread-multi > /usr/lib/MailScanner/5.8.2 > /usr/lib/MailScanner/5.8.1 > /usr/lib/MailScanner/5.8.0 > /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line > 41. > BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 41. > Compilation failed in require at /usr/sbin/MailScanner line 76. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 76. > > When I search for Parser.pm I get the next result: > /usr/lib/mrtg2/Pod/Parser.pm > /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Conf/Parser.pm > /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi/HTML/Parser.pm > /usr/lib/perl5/5.8.3/Pod/Parser.pm > /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi/XML/Parser.pm > /usr/lib/perl5/vendor_perl/5.8.3/XML/Checker/Parser.pm > /usr/lib/perl5/vendor_perl/5.8.3/XML/XQL/Parser.pm > /usr/lib/perl5/vendor_perl/5.8.5/MIME/Parser.pm > /root/.cpan/build/MIME-tools-5.420/lib/MIME/Parser.pm > /root/.cpan/build/MIME-tools-5.420/blib/lib/MIME/Parser.pm > > So there is a Parser.pm only MailScanner can't find it, I think > Must I change the path or must I do something else ??? > > > > Regards > > Herman > > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jason.broome at freecom.net Sun Mar 26 23:03:42 2006 From: jason.broome at freecom.net (Jason Broome) Date: Sun Mar 26 23:03:44 2006 Subject: [Scanned by Freecom.net] Message-ID: <880457845@mail.freecom.net> I’m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net From MailScanner at ecs.soton.ac.uk Sun Mar 26 23:05:18 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 26 23:05:24 2006 Subject: [Scanned by Freecom.net] In-Reply-To: <880455363@mail.freecom.net> References: <880455363@mail.freecom.net> Message-ID: <4427101E.3070404@ecs.soton.ac.uk> I have suspended this guy's membership until he gets his dumb auto-responder fixed and can prove it. Jason Broome wrote: > I?m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). > > Regards > > Jason Broome > 3rd Line Operations > Freecom.net > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jaearick at colby.edu Sun Mar 26 23:04:20 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Sun Mar 26 23:06:08 2006 Subject: [Scanned by Freecom.net] In-Reply-To: <880457144@mail.freecom.net> References: <880457144@mail.freecom.net> Message-ID: Julian, Please boot this guy off the list. I've recieved a ton of these things this afternoon. Jeff Earickson Colby College On Sun, 26 Mar 2006, Jason Broome wrote: > Date: Sun, 26 Mar 2006 22:45:49 +0100 > From: Jason Broome > Reply-To: MailScanner discussion > To: mailscanner@lists.mailscanner.info > Subject: RE: [Scanned by Freecom.net] > > I?m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). > > Regards > > Jason Broome > 3rd Line Operations > Freecom.net > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Sun Mar 26 23:09:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 26 23:09:19 2006 Subject: FW: [Scanned by Freecom.net] In-Reply-To: <880457283@mail.freecom.net> References: <880457283@mail.freecom.net> Message-ID: <44271107.8070000@ecs.soton.ac.uk> I have completely unsubscribed him. Jason Broome wrote: > I?m currently on annual leave and will return to work on Monday 3rd April 2006. If you require Technical Support please call 08708 800100 (option 2). > > Regards > > Jason Broome > 3rd Line Operations > Freecom.net > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From michele at blacknight.ie Sun Mar 26 23:22:06 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Sun Mar 26 23:22:06 2006 Subject: Broken vacation rule [Scanned by Freecom.net] In-Reply-To: References: <880455504@mail.freecom.net> <442702E7.9080707@maddoc.net> <44270AEA.9080001@evi-inc.com> Message-ID: <4427140E.8000502@blacknight.ie> Raymond Dijkxhoorn wrote: > > About to write a small .cf for SA to crap this out ;) hahahaha. .... Please post it :) . -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From maillists at conactive.com Sun Mar 26 23:31:17 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Mar 26 23:31:25 2006 Subject: MailScanner doesn't start sendmail on new box In-Reply-To: <4426EB43.6000305@fractalweb.com> References: <4426EB43.6000305@fractalweb.com> Message-ID: Chris Yuzik wrote on Sun, 26 Mar 2006 11:28:03 -0800: > I've banged my head against my keyboard for a while now. HELLLLLP! You want to check the init script of MailScanner. Also, did the install.sh run thru without a problem? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mkettler at evi-inc.com Sun Mar 26 23:45:37 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Sun Mar 26 23:45:45 2006 Subject: Broken vacation rule [Scanned by Freecom.net] In-Reply-To: <4427140E.8000502@blacknight.ie> References: <880455504@mail.freecom.net> <442702E7.9080707@maddoc.net> <44270AEA.9080001@evi-inc.com> <4427140E.8000502@blacknight.ie> Message-ID: <44271991.7040406@evi-inc.com> Michele Neylon:: Blacknight.ie wrote: > Raymond Dijkxhoorn wrote: > >> About to write a small .cf for SA to crap this out ;) hahahaha. .... > Please post it :) > . blacklist_from jason.broome@freecom.net Sure it won't ONLY match the vacation responses, but any resulting collateral damage is well deserved. From steve.swaney at fsl.com Mon Mar 27 01:20:02 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Mon Mar 27 01:20:06 2006 Subject: FW: [Scanned by Freecom.net] In-Reply-To: <880456484@mail.freecom.net> Message-ID: <0f0901c65134$30ba68f0$287ba8c0@office.fsl> Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jason Broome > Sent: Sunday, March 26, 2006 4:25 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: FW: [Scanned by Freecom.net] > > I'm currently on annual leave and will return to work on Monday 3rd April > 2006. If you require Technical Support please call 08708 800100 (option > 2). > > Regards > > Jason Broome Actually I'll feel better after I write a little program that will dial Technical Support at 08708 800100 and leave a loud prerecorded message telling then to turn off Jason's dam? vacation every time one of these messages hits my mailbox :) To bad he didn't leave a fax number too. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From james at grayonline.id.au Mon Mar 27 02:35:48 2006 From: james at grayonline.id.au (James Gray) Date: Mon Mar 27 02:36:15 2006 Subject: FW: [Scanned by Freecom.net] In-Reply-To: <0f0901c65134$30ba68f0$287ba8c0@office.fsl> References: <0f0901c65134$30ba68f0$287ba8c0@office.fsl> Message-ID: <200603271235.52057.james@grayonline.id.au> On Mon, 27 Mar 2006 11:20 am, Stephen Swaney wrote: > Actually I'll feel better after I write a little program that will dial > Technical Support at 08708 800100 and leave a loud prerecorded message > telling then to turn off Jason's dam? vacation every time one of these > messages hits my mailbox :) To bad he didn't leave a fax number too. > > Steve http://www.freecom.net/contact.cfm Fax: 08708 800 101 Snail Mail: Freecom.net Ltd Unit 3 Castle Court Castlegate Way Dudley DY1 4RD HTH James -- Q: What do you get when you cross a mobster with an international standard? A: You get someone who makes you an offer that you can't understand! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060327/92a83f1c/attachment.bin From smcguane at mailshield.com.au Mon Mar 27 04:03:15 2006 From: smcguane at mailshield.com.au (ShaunM [MailShield]) Date: Mon Mar 27 04:03:27 2006 Subject: Attn : Problem still not resolved with sending reports In-Reply-To: <200603271235.52057.james@grayonline.id.au> Message-ID: <200603270303.k2R33PPq029962@bkserver.blacknight.ie> Hey, I am still having problems with mailwatch and pulling reports out and emailing them. I have tried to get this working and I have emailed both the mailwatch discussion group and the mailscanner discussion group. However the responses I have so far have not sorted out the problem nor has it got even close...... The error is the following root@filter1 [/usr/mailwatch/tools]# ./quarantine_report.php === Generating report for xxxx type=D ==== Recipient e-mail address is xxxx@xxxxx.id.au ==== Building list for xxxxx ==== Found 0 quarantined e-mails ==== Building list for xxxxx.com.au ==== Found 2531 quarantined e-mails Notice: Only variables should be assigned by reference in /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on line 516 Notice: Only variables should be assigned by reference in /usr/local/apache/htdocs/mailscanner/pear/Mail/mime.php on line 518 ==== Sent e-mail to xxxx@xxxxx.id.au root@filter1 [/usr/mailwatch/tools]# Please advise of what to do anyone? Thanks Shaun -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of James Gray Sent: Monday, 27 March 2006 12:36 PM To: mailscanner@lists.mailscanner.info Subject: Re: FW: [Scanned by Freecom.net] On Mon, 27 Mar 2006 11:20 am, Stephen Swaney wrote: > Actually I'll feel better after I write a little program that will dial > Technical Support at 08708 800100 and leave a loud prerecorded message > telling then to turn off Jason's dam? vacation every time one of these > messages hits my mailbox :) To bad he didn't leave a fax number too. > > Steve http://www.freecom.net/contact.cfm Fax: 08708 800 101 Snail Mail: Freecom.net Ltd Unit 3 Castle Court Castlegate Way Dudley DY1 4RD HTH James -- Q: What do you get when you cross a mobster with an international standard? A: You get someone who makes you an offer that you can't understand! --------------------------------------------------------------------------------------------------------- This message has been scanned for viruses and malicious content by MailShield http://www.mailshield.com.au From Yusuf.Ahmed at aot.com.au Mon Mar 27 07:39:49 2006 From: Yusuf.Ahmed at aot.com.au (Yusuf Ahmed) Date: Mon Mar 27 07:40:18 2006 Subject: Geoip database updating problem Message-ID: <442788B5.4030704@aot.com.au> Hi, Any suggestions on why I keep getting this error when updating the GeoIP database from mailwatch: --- Downloading file, please wait.... Error executing query: Access denied for user 'mailwatch'@'localhost' (using password: YES) SQL: LOAD DATA INFILE '/var/www/html/mailscanner/temp/GeoIPCountryWhois.csv' INTO TABLE geoip_country FIELDS TERMINATED BY ',' ENCLOSED BY '"' --- I have granted permission to mailwatch to access the mailscanner database but am still having probs. Any ideas on what else may cause this would be awesome. Cheers. Yus. From glenn.steen at gmail.com Mon Mar 27 08:54:44 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 27 08:54:47 2006 Subject: Geoip database updating problem In-Reply-To: <442788B5.4030704@aot.com.au> References: <442788B5.4030704@aot.com.au> Message-ID: <223f97700603262354w29514d4ax@mail.gmail.com> On 27/03/06, Yusuf Ahmed wrote: > Hi, > > Any suggestions on why I keep getting this error when updating the GeoIP > database from mailwatch: > > --- > Downloading file, please wait.... > Error executing query: > > Access denied for user 'mailwatch'@'localhost' (using password: YES) > > SQL: > > LOAD DATA INFILE '/var/www/html/mailscanner/temp/GeoIPCountryWhois.csv' > INTO > TABLE geoip_country FIELDS TERMINATED BY ',' ENCLOSED BY '"' > --- > > I have granted permission to mailwatch to access the mailscanner > database but am still having probs. Any ideas on what else may cause > this would be awesome. > > Cheers. > > Yus. > Try looking through the MailWatch mailingh list archives, this has been covered (with some solutions) a number of times... there;). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From linux_spartacus at yahoo.com Mon Mar 27 11:17:13 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Mon Mar 27 11:17:16 2006 Subject: Connection Timeout After 7 Download Messages Message-ID: <20060327101713.64579.qmail@web35614.mail.mud.yahoo.com> Hi guys, Some of my clients are complaining that theyre outlook client suddenly looses connection or timed out after 7 messages. I think maybe due to the lenght of time that the server did not response with the request. I tried to restart the MS then some of my clients got their message. The following hour the same scenario happens. Anyone encounter these problem ? --------------------------------- New Yahoo! Messenger with Voice. Call regular phones from your PC and save big. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060327/3a9d07a5/attachment.html From martinh at solid-state-logic.com Mon Mar 27 11:25:50 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Mar 27 11:25:59 2006 Subject: Connection Timeout After 7 Download Messages In-Reply-To: <20060327101713.64579.qmail@web35614.mail.mud.yahoo.com> Message-ID: <00a101c65188$d20d31c0$3004010a@martinhlaptop> Hi Nothing to do with MailScanner, this is down to whatever imap/pop server is running on the server. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of spart cus > Sent: 27 March 2006 11:17 > To: MailScanner > Subject: Connection Timeout After 7 Download Messages > > Hi guys, > Some of my clients are complaining that theyre outlook client suddenly > looses connection or timed out after 7 messages. I think maybe due to the > lenght of time that the server did not response with the request. I tried > to restart the MS then some of my clients got their message. The following > hour the same scenario happens. Anyone encounter these problem ? > > ________________________________ > > New Yahoo! Messenger with Voice. Call regular phones from your PC > evt=39666/*http://beta.messenger.yahoo.com> and save big. ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From maillists at conactive.com Mon Mar 27 11:31:18 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Mar 27 11:31:28 2006 Subject: Blacklist on email to In-Reply-To: <44270AA4.2010900@masonc.com> References: <44258364.8070402@masonc.com> <44258806.4040900@ecs.soton.ac.uk> <4425C890.7000606@masonc.com> <4425CC91.104@evi-inc.com> <44266144.5070804@masonc.com> <44270AA4.2010900@masonc.com> Message-ID: Chris Mason (Lists) wrote on Sun, 26 Mar 2006 17:41:56 -0400: > The access db is a way to manually block senders, > which is not what I asked for. You asked for blocking senders. That is just what access.db is for. Of course, you can move that to the firewall, so the SMTP has less to do, but you didn't say you want to block before SMTP. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From kevind at go2.ie Mon Mar 27 11:31:30 2006 From: kevind at go2.ie (Kevin Dermody) Date: Mon Mar 27 11:31:43 2006 Subject: Connection Timeout After 7 Download Messages In-Reply-To: <20060327101713.64579.qmail@web35614.mail.mud.yahoo.com> References: <20060327101713.64579.qmail@web35614.mail.mud.yahoo.com> Message-ID: <4427BF02.2030806@go2.ie> Check the mail that it's getting stuck at? Is it always the same mail? We occasionally have a problem where it will freeze on a particular mail. It's a problem where by certain broken headers freeze outlook. Generally they mails are spam and can just be removed which will clear things up. You might want to keep a copy of the mail and try see why it's breaking things and if it can be filtered in future. Just one possibility! Kevin Dermody Go2web Ltd. spart cus wrote: > Hi guys, > Some of my clients are complaining that theyre outlook client suddenly > looses connection or timed out after 7 messages. I think maybe due to > the lenght of time that the server did not response with the request. I > tried to restart the MS then some of my clients got their message. The > following hour the same scenario happens. Anyone encounter these problem ? > > ------------------------------------------------------------------------ > New Yahoo! Messenger with Voice. Call regular phones from your PC > > and save big. > From MailScanner at ecs.soton.ac.uk Fri Mar 24 09:10:38 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 27 12:17:31 2006 Subject: Sendmail Upgrade In-Reply-To: References: Message-ID: <55CA72E9-5763-4F3D-8C88-9F2F8E40619B@ecs.soton.ac.uk> On 24 Mar 2006, at 09:04, Paul Houselander wrote: > Hi > > I upgraded sendmail on my Fedora Core 2 system to 8.13.6, I was on > 8.12..... > > Ive noticed this morning that Mailscanner is saying > > "New Batch Found 150 messages waiting" > > and doesnt seem to decrease. > > I took a look in /var/spool/mqueue.in and can see I have lots of qf > files > with no matching df. > > I thought this could be due to my "Lock Type" setting in > MailScanner.conf, I > have it set to > > Lock Type = > > and the comments say it defaults to posix which should be ok for 8.13? That's all quite correct. The orphaned qf files are no use to you, so you might as well delete them and clean up your queue. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Mon Mar 27 12:31:24 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Mar 27 12:31:32 2006 Subject: Connection Timeout After 7 Download Messages In-Reply-To: <00a101c65188$d20d31c0$3004010a@martinhlaptop> References: <00a101c65188$d20d31c0$3004010a@martinhlaptop> Message-ID: Martin Hepworth wrote on Mon, 27 Mar 2006 11:25:50 +0100: > Nothing to do with MailScanner, this is down to whatever imap/pop server is > running on the server. Or an Outlook problem. Outlook is well known for connection issues. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From lists at masonc.com Mon Mar 27 13:32:29 2006 From: lists at masonc.com (Chris Mason (Lists)) Date: Mon Mar 27 13:32:35 2006 Subject: Blacklist on email to In-Reply-To: References: <44258364.8070402@masonc.com> <44258806.4040900@ecs.soton.ac.uk> <4425C890.7000606@masonc.com> <4425CC91.104@evi-inc.com> <44266144.5070804@masonc.com> <44270AA4.2010900@masonc.com> Message-ID: <4427DB5D.5070101@masonc.com> Kai Schaetzl wrote: > > You asked for blocking senders. That is just what access.db is for. Of > course, you can move that to the firewall, so the SMTP has less to do, but > you didn't say you want to block before SMTP. > > Kai > > You are still missing the point. I was looking for an _automated_ way to block dictionary spam attacks. And I found a way. About 90% of the mail delivery attempts to my server are dictionary, stopping the spam hosts is very effective. I found a script that does it very well. -- Chris Mason NetConcepts (264) 497-5670 Fax: (264) 497-8463 Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271 Cell: 264-235-5670 Yahoo IM: netconcepts_anguilla@yahoo.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From richard.gray at dns.co.uk Mon Mar 27 13:50:37 2006 From: richard.gray at dns.co.uk (Gray, Richard) Date: Mon Mar 27 13:50:43 2006 Subject: Blacklist on email to Message-ID: Might I ask what the solution was (or where you found the script)? R > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Chris Mason (Lists) > Sent: 27 March 2006 13:32 > To: MailScanner discussion > Subject: Re: Blacklist on email to [..] > You are still missing the point. I was looking for an > _automated_ way to block dictionary spam attacks. > And I found a way. > > About 90% of the mail delivery attempts to my server are > dictionary, stopping the spam hosts is very effective. > I found a script that does it very well. [..] ----------------------- This email from dns has been validated by dnsMSS(TM) Managed Email Security and is free from all known viruses. For further information contact email-integrity@dns.co.uk From paul at welshfamily.com Mon Mar 27 14:16:41 2006 From: paul at welshfamily.com (Paul Welsh) Date: Mon Mar 27 14:15:57 2006 Subject: Sendmail patch breaks plain text auth Message-ID: <9d8a284d324009566cb8f0b8de7cf5d7@81.19.57.146> At the weekend I updated my RH9 Sendmail to the patched version using the Fedora Legacy update. I now have Sendmail 8.12.11.20060308/8.12.8. Only problem is that smtp authentication no longer works. Has anyone else had this problem and if so, do they have a solution handy? ________________________________________________ Message sent using UebiMiau 2.7.9 From alex at nkpanama.com Mon Mar 27 15:11:31 2006 From: alex at nkpanama.com (Alex Neuman) Date: Mon Mar 27 15:12:38 2006 Subject: Blacklist on email to In-Reply-To: References: Message-ID: <4427F293.8000508@nkpanama.com> Yeah, thanks for sharing! ;) Gray, Richard wrote: > Might I ask what the solution was (or where you found the script)? > > R > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Chris Mason (Lists) >> Sent: 27 March 2006 13:32 >> To: MailScanner discussion >> Subject: Re: Blacklist on email to >> > [..] > >> You are still missing the point. I was looking for an >> _automated_ way to block dictionary spam attacks. >> And I found a way. >> >> About 90% of the mail delivery attempts to my server are >> dictionary, stopping the spam hosts is very effective. >> I found a script that does it very well. >> > [..] > > ----------------------- > This email from dns has been validated by dnsMSS(TM) Managed Email Security and is free from all known viruses. > > For further information contact email-integrity@dns.co.uk > > > From alex at nkpanama.com Mon Mar 27 15:12:21 2006 From: alex at nkpanama.com (Alex Neuman) Date: Mon Mar 27 15:13:22 2006 Subject: Sendmail patch breaks plain text auth In-Reply-To: <9d8a284d324009566cb8f0b8de7cf5d7@81.19.57.146> References: <9d8a284d324009566cb8f0b8de7cf5d7@81.19.57.146> Message-ID: <4427F2C5.5020009@nkpanama.com> Paul Welsh wrote: > At the weekend I updated my RH9 Sendmail to the patched version using the > Fedora Legacy update. I now have Sendmail 8.12.11.20060308/8.12.8. > > Only problem is that smtp authentication no longer works. Has anyone else > had this problem and if so, do they have a solution handy? > > ________________________________________________ > Message sent using UebiMiau 2.7.9 > > > Maybe you need to patch/update/restart saslauthd? From john at katy.com Mon Mar 27 16:12:15 2006 From: john at katy.com (John Schmerold) Date: Mon Mar 27 16:12:33 2006 Subject: Blacklist on email to In-Reply-To: <44270AA4.2010900@masonc.com> References: <44258364.8070402@masonc.com> <44258806.4040900@ecs.soton.ac.uk> <4425C890.7000606@masonc.com> <4425CC91.104@evi-inc.com> <44266144.5070804@masonc.com> <44270AA4.2010900@masonc.com> Message-ID: <442800CF.4030103@katy.com> Please add me to the list of those interested in your script. Chris Mason (Lists) wrote: > Kai Schaetzl wrote: > >> >> Then you want to use the access.db. If you don't know what this is, >> install Webmin and administer it that way. >> >> Kai >> >> > > I know what it is. The access db is a way to manually block senders, > which is not what I asked for. > > Anyway, I found a script that did what I was looking for, modified it, > integrated it into the apf firewall so that the ip of spammers trying > a dictionary name attack (or rumplestiltskin if you want to correct > name) were added to the block list of the firewall. It's working > beautifully now, I've blocked 10 spam relays today already, which is > probably 1,000 pcs spam. > This form of spam attack was driving me nuts, for some reason they > like my masonc.com domain. > I'm happy to share the method with anyone who is interested. > From lists at masonc.com Mon Mar 27 16:27:49 2006 From: lists at masonc.com (Chris Mason (Lists)) Date: Mon Mar 27 16:27:58 2006 Subject: Blacklist on email to In-Reply-To: <442800CF.4030103@katy.com> References: <44258364.8070402@masonc.com> <44258806.4040900@ecs.soton.ac.uk> <4425C890.7000606@masonc.com> <4425CC91.104@evi-inc.com> <44266144.5070804@masonc.com> <44270AA4.2010900@masonc.com> <442800CF.4030103@katy.com> Message-ID: <44280475.4090301@masonc.com> John Schmerold wrote: > Please add me to the list of those interested in your script. > > I published it on my website: You can read it by visiting this link: http://www.anguillaguide.com/article/articleview/3420 -- Chris Mason NetConcepts (264) 497-5670 Fax: (264) 497-8463 Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271 Cell: 264-235-5670 Yahoo IM: netconcepts_anguilla@yahoo.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Mon Mar 27 16:31:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Mar 27 16:31:26 2006 Subject: Blacklist on email to In-Reply-To: <4427DB5D.5070101@masonc.com> References: <44258364.8070402@masonc.com> <44258806.4040900@ecs.soton.ac.uk> <4425C890.7000606@masonc.com> <4425CC91.104@evi-inc.com> <44266144.5070804@masonc.com> <44270AA4.2010900@masonc.com> <4427DB5D.5070101@masonc.com> Message-ID: Chris Mason (Lists) wrote on Mon, 27 Mar 2006 08:32:29 -0400: > You are still missing the point. I was looking for an _automated_ way to > block dictionary spam attacks. Yes, that's very clear from your posting on the CentOS mailing list which I saw today, it wasn't clear from your posting(s) here. And, you very clearly told us "Good thinking!...how?" in your answer to Julian which made very clear that you didn't know how to do it on MTA level. So, you got answers about that. And now you complain? Next time just make your "desire" more clear ;-) Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From ka at pacific.net Mon Mar 27 18:00:09 2006 From: ka at pacific.net (Ken A) Date: Mon Mar 27 17:57:07 2006 Subject: Beta 4.52.1 released In-Reply-To: <4426AF54.3040309@ecs.soton.ac.uk> References: <4425870A.4020307@ecs.soton.ac.uk> <4425C002.2070606@pacific.net> <4426AF54.3040309@ecs.soton.ac.uk> Message-ID: <44281A19.6040601@pacific.net> Julian Field wrote: > I think the answer is "nothing but log it", but test it out and let me > know. Looks like there may be a parsing problem in the phishing code. MailScanner logs this: Found phishing fraud from www.bizrate.com claiming to be www.foralimitedtime,getupto30%%offonalldwellbeddingandpillowsatwrapables.com.payo in k2RGgTj4022846 Here's the html in the email that triggered this: For a limited time, get up to 30% off on all Dwell Bedding and Pillows at Wrapables.com. Pay only $5 to ship everything! Click now and save! Thanks, Ken Anderson Pacific.Net > Ken A wrote: >> Julian, >> That sounds like a nice improvement. I had turned off the phishing >> code due to false positives with it, but will give it a shot with "Use >> Stricter Phishing Net = no". >> >> If I have Phishing Modify Subject = no, and Highlight Phishing Fraud = >> no, what does MailScanner do when it finds a phishing attempt? I'm >> hoping the answer is "nothing but log it", so that I can use this >> configuration for testing. >> >> Thanks, >> Ken A >> Pacific.Net >> >> Julian Field wrote: >>> I have just released a new beta version 4.52.1. >>> >>> There is 1 new feature in this release, but it will be important to >>> some of you, so please read on. It affects the phishing net, and may >>> give you pretty good protection against phishing scams, while having >>> a much lower false alarm rate than the full phishing net code that >>> has been there so far. >>> >>> You can now set "Use Stricter Phishing Net = no" which will make the >>> phishing net just check the name of the company owning the website, >>> along >>> with any country code of course. There is a configuration file >>> containing >>> a list of all the 2nd and 3rd level domain names in use by all >>> countries, >>> it lists domain endings such as "org.uk" which are used by a country to >>> describe a whole type of websites within their country. So if the >>> website >>> is "www.hello.company.com" it knows to check just company.com, whereas >>> given "www.byebye.charity.org.uk" it will check charity.org.uk. >>> The configuration file "Country Sub-Domains List" lists all the entries >>> required for this to work in any country, 1 per line. You shouldn't >>> need >>> to touch this file. >>> >>> I hope you find this new feature useful, and it may enable some of >>> you (particularly large ISPs) to provide your customers and users >>> with a high level of protection against phishing scams. >>> >>> Let me know how you get on. >>> > From MailScanner at ecs.soton.ac.uk Mon Mar 27 18:26:28 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 27 18:26:36 2006 Subject: Beta 4.52.1 released In-Reply-To: <44281A19.6040601@pacific.net> References: <4425870A.4020307@ecs.soton.ac.uk> <4425C002.2070606@pacific.net> <4426AF54.3040309@ecs.soton.ac.uk> <44281A19.6040601@pacific.net> Message-ID: <44282044.2060008@ecs.soton.ac.uk> The parser is failing to stop at the .com. It cannot be perfect as it is a "Natural Language" problem which are notoriously hard to solve. However, I'll take a look at the parser and see if I can catch this one. Ken A wrote: > > > Julian Field wrote: >> I think the answer is "nothing but log it", but test it out and let >> me know. > > Looks like there may be a parsing problem in the phishing code. > MailScanner logs this: > > Found phishing fraud from www.bizrate.com claiming to be > www.foralimitedtime,getupto30%%offonalldwellbeddingandpillowsatwrapables.com.payo > in k2RGgTj4022846 > > Here's the html in the email that triggered this: > > For a limited time, get up to 30% off > on all Dwell Bedding and Pillows at Wrapables.com. Pay only $5 to ship > everything! Click now and save! > > Thanks, > > Ken Anderson > Pacific.Net > > > >> Ken A wrote: >>> Julian, >>> That sounds like a nice improvement. I had turned off the phishing >>> code due to false positives with it, but will give it a shot with >>> "Use Stricter Phishing Net = no". >>> >>> If I have Phishing Modify Subject = no, and Highlight Phishing Fraud >>> = no, what does MailScanner do when it finds a phishing attempt? I'm >>> hoping the answer is "nothing but log it", so that I can use this >>> configuration for testing. >>> >>> Thanks, >>> Ken A >>> Pacific.Net >>> >>> Julian Field wrote: >>>> I have just released a new beta version 4.52.1. >>>> >>>> There is 1 new feature in this release, but it will be important to >>>> some of you, so please read on. It affects the phishing net, and >>>> may give you pretty good protection against phishing scams, while >>>> having a much lower false alarm rate than the full phishing net >>>> code that has been there so far. >>>> >>>> You can now set "Use Stricter Phishing Net = no" which will make the >>>> phishing net just check the name of the company owning the >>>> website, along >>>> with any country code of course. There is a configuration file >>>> containing >>>> a list of all the 2nd and 3rd level domain names in use by all >>>> countries, >>>> it lists domain endings such as "org.uk" which are used by a >>>> country to >>>> describe a whole type of websites within their country. So if the >>>> website >>>> is "www.hello.company.com" it knows to check just company.com, >>>> whereas >>>> given "www.byebye.charity.org.uk" it will check charity.org.uk. >>>> The configuration file "Country Sub-Domains List" lists all the >>>> entries >>>> required for this to work in any country, 1 per line. You >>>> shouldn't need >>>> to touch this file. >>>> >>>> I hope you find this new feature useful, and it may enable some of >>>> you (particularly large ISPs) to provide your customers and users >>>> with a high level of protection against phishing scams. >>>> >>>> Let me know how you get on. >>>> >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jaearick at colby.edu Mon Mar 27 18:53:39 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon Mar 27 18:56:35 2006 Subject: Beta 4.52.1 released In-Reply-To: <44282044.2060008@ecs.soton.ac.uk> References: <4425870A.4020307@ecs.soton.ac.uk> <4425C002.2070606@pacific.net> <4426AF54.3040309@ecs.soton.ac.uk> <44281A19.6040601@pacific.net> <44282044.2060008@ecs.soton.ac.uk> Message-ID: Julian, Any chance that you would consider making the "--keep-comments" option of bin/upgrade_MailScanner_conf the default action? Jeff Earickson Colby College From jstork at pbco.ca Mon Mar 27 19:06:00 2006 From: jstork at pbco.ca (Johnny Stork) Date: Mon Mar 27 19:08:15 2006 Subject: Forwaring Mail Message-ID: <13833015.1143482760532.JavaMail.root@pbco-server3.pbco.ca> I am trying to determine if there is a way to get sendmail to forward all mail to a particular user, to another account? The problem here is that the user is not a local user so the use of a .forward file wont work. Here is our setup. server1 Gateway SMTP server which receives all external mail, runs it through MailScanner and then through a mailertable entry, routes everything coming in to the pbco.ca domain, over to an internal mail server (server2) running Scalix. The Scalix server does not have, nor require that a local user name exists as it handles all accounts. I need to disable a user on the Scalix server, and so need to re-route/forward this persons mail at the gateway, server1 before it is sent to server2 by the mailertable entry. Server1 runs Sendmail, MailScanner and MailWatch. Is this possible without creating a user on server1? _______________________________ Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office 604-806-8840 From john at jolet.net Mon Mar 27 19:15:57 2006 From: john at jolet.net (John Jolet) Date: Mon Mar 27 19:15:39 2006 Subject: Forwaring Mail In-Reply-To: <13833015.1143482760532.JavaMail.root@pbco-server3.pbco.ca> References: <13833015.1143482760532.JavaMail.root@pbco-server3.pbco.ca> Message-ID: <5C426B54-C585-439F-9D25-1A3235739CAD@jolet.net> On Mar 27, 2006, at 12:06 PM, Johnny Stork wrote: > I am trying to determine if there is a way to get > > sendmail to forward all mail to a particular user, > > to another account? The problem here is that the > > user is not a local user so the use of a .forward > > file wont work. Here is our setup. put an alias in /etc/aliases, or /etc/mail/aliases, depending on your distro....format is localusername: guy@someother.domain don't forget to run newaliases command. From stork at openenterprise.ca Mon Mar 27 20:39:11 2006 From: stork at openenterprise.ca (Johnny Stork) Date: Mon Mar 27 20:39:24 2006 Subject: Forwaring Mail In-Reply-To: <5C426B54-C585-439F-9D25-1A3235739CAD@jolet.net> Message-ID: This has to work without the existence of a local user name so an alias wont work as it requires a local user on the machine. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] > Sent: Monday, March 27, 2006 10:16 AM > To: MailScanner discussion > Subject: Re: Forwaring Mail > > > > On Mar 27, 2006, at 12:06 PM, Johnny Stork wrote: > > > I am trying to determine if there is a way to get > > > > sendmail to forward all mail to a particular user, > > > > to another account? The problem here is that the > > > > user is not a local user so the use of a .forward > > > > file wont work. Here is our setup. > put an alias in /etc/aliases, or /etc/mail/aliases, depending > on your > distro....format is > localusername: guy@someother.domain > > don't forget to run newaliases command. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From john at jolet.net Mon Mar 27 20:44:29 2006 From: john at jolet.net (John Jolet) Date: Mon Mar 27 20:44:12 2006 Subject: Forwaring Mail In-Reply-To: References: Message-ID: <45006D99-8B37-4BE3-9482-FD3B28129BC2@jolet.net> On Mar 27, 2006, at 1:39 PM, Johnny Stork wrote: > This has to work without the existence of a local user name so an > alias wont work as it requires a local user on the machine. > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] >> Sent: Monday, March 27, 2006 10:16 AM >> To: MailScanner discussion >> Subject: Re: Forwaring Mail >> >> >> >> On Mar 27, 2006, at 12:06 PM, Johnny Stork wrote: >> >>> I am trying to determine if there is a way to get >>> >>> sendmail to forward all mail to a particular user, >>> >>> to another account? The problem here is that the >>> >>> user is not a local user so the use of a .forward >>> >>> file wont work. Here is our setup. >> put an alias in /etc/aliases, or /etc/mail/aliases, depending >> on your >> distro....format is >> localusername: guy@someother.domain Ah, I guess I didn't get that part. stupid me, as it says it right up there! From rpoe at plattesheriff.org Mon Mar 27 20:49:22 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Mon Mar 27 20:49:38 2006 Subject: Forwaring Mail In-Reply-To: References: <5C426B54-C585-439F-9D25-1A3235739CAD@jolet.net> Message-ID: <4427ED66.65ED.00A2.0@plattesheriff.org> /etc/mail/virtusertable user@domain.com user@otherdomain.com makemap hash virtusertable.db < virtusertable >>> stork@openenterprise.ca 3/27/2006 1:39 PM >>> This has to work without the existence of a local user name so an alias wont work as it requires a local user on the machine. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] > Sent: Monday, March 27, 2006 10:16 AM > To: MailScanner discussion > Subject: Re: Forwaring Mail > > > > On Mar 27, 2006, at 12:06 PM, Johnny Stork wrote: > > > I am trying to determine if there is a way to get > > > > sendmail to forward all mail to a particular user, > > > > to another account? The problem here is that the > > > > user is not a local user so the use of a .forward > > > > file wont work. Here is our setup. > put an alias in /etc/aliases, or /etc/mail/aliases, depending > on your > distro....format is > localusername: guy@someother.domain > > don't forget to run newaliases command. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mkettler at evi-inc.com Mon Mar 27 20:51:09 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Mar 27 20:51:24 2006 Subject: Forwaring Mail In-Reply-To: References: Message-ID: <4428422D.8040603@evi-inc.com> Johnny Stork wrote: > This has to work without the existence of a local user name so an alias wont work as it requires a local user on the machine. No it doesn't. From mkettler at evi-inc.com Mon Mar 27 20:56:36 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Mar 27 20:56:47 2006 Subject: Forwaring Mail In-Reply-To: <4428422D.8040603@evi-inc.com> References: <4428422D.8040603@evi-inc.com> Message-ID: <44284374.4020507@evi-inc.com> Matt Kettler wrote: > Johnny Stork wrote: >> This has to work without the existence of a local user name so an alias wont work as it requires a local user on the machine. > > No it doesn't. Let me clarify.. No, aliases do NOT require the existence of a local username. I do this ALL the time, and I have over 100 aliases with no matching local user account. From tjones at isthmus.com Mon Mar 27 21:02:00 2006 From: tjones at isthmus.com (Thom Jones) Date: Mon Mar 27 21:02:16 2006 Subject: Forwaring Mail In-Reply-To: <45006D99-8B37-4BE3-9482-FD3B28129BC2@jolet.net> Message-ID: <200603272002.k2RK24Fa007401@mail.isthmus.com> > > > This has to work without the existence of a local user name so an > > alias wont work as it requires a local user on the machine. > > I've got quite a few aliases set up that have no local user associated with them. so, in the /etc/aliases file: fakeusername: user@domain.com, anotheruser@another.com and then run newaliases. Works great! From john at jolet.net Mon Mar 27 21:15:05 2006 From: john at jolet.net (John Jolet) Date: Mon Mar 27 21:14:47 2006 Subject: Forwaring Mail In-Reply-To: <44284374.4020507@evi-inc.com> References: <4428422D.8040603@evi-inc.com> <44284374.4020507@evi-inc.com> Message-ID: On Mar 27, 2006, at 1:56 PM, Matt Kettler wrote: > Matt Kettler wrote: >> Johnny Stork wrote: >>> This has to work without the existence of a local user name so an >>> alias wont work as it requires a local user on the machine. >> >> No it doesn't. > > Let me clarify.. No, aliases do NOT require the existence of a > local username. > > I do this ALL the time, and I have over 100 aliases with no > matching local user > account. i just put pete: john@jolet.net in my aliases file. forwarded to me just fine. From johnm at advocap.org Mon Mar 27 22:29:40 2006 From: johnm at advocap.org (John McMonagle) Date: Mon Mar 27 22:29:55 2006 Subject: Mailscanner stops working after a few hours. Message-ID: <44285944.8090100@advocap.org> Using postfix and mailscanner on debian sarge. postfix 2.1.5-9 mailscanner 4.41.3-2 Setup from the instructions the Mailscanner web page. I noticed that messages are keep going into /var/spool/postfix/hold but mailscanner quits processing them. Mailscanner is running yet. I'm guessing it's quiting at about the 4 hour time period that mailscanner process are restarted. /etc/init.d/mailscanner restart gets it going again. Otherwise seems to work fine. Log of the last message the worked: Mar 27 11:09:38 mail postfix/smtpd[30785]: 6B081E00DC: client=ptx-120-27.prizeamerica2.com[207.115.120.27] Mar 27 11:09:39 mail postfix/cleanup[30787]: 6B081E00DC: hold: header Received: from ptx-120-27.prizeamerica2.com (ptx-120-27.prizeamerica2.com [207.115.120 .27])??by mail.advocap.org (Postfix) with ESMTP id 6B081E00DC??for ; Mon, 27 Mar 2006 11:09:38 from ptx-120-27.prizeamerica2.com[207.115 .120.27]; from= to= proto=ESMTP helo= Mar 27 11:09:39 mail postfix/cleanup[30787]: 6B081E00DC: message-id=<20060327170938.6B081E00DC@mail.advocap.org> Mar 27 11:09:41 mail cyrus/imapd[30780]: accepted connection Mar 27 11:09:41 mail MailScanner[25532]: New Batch: Scanning 1 messages, 3534 bytes Mar 27 11:09:43 mail cyrus/imapd[29882]: login: localhost[127.0.0.1] mailadm plaintext Mar 27 11:09:43 mail MailScanner[25532]: Spam Checks: Found 1 spam messages Mar 27 11:09:43 mail MailScanner[25532]: Virus and Content Scanning: Starting Mar 27 11:09:44 mail postfix/smtpd[30785]: disconnect from ptx-120-27.prizeamerica2.com[207.115.120.27] Mar 27 11:09:44 mail MailScanner[25532]: MailScanner child dying of old age Mar 27 11:09:44 mail MailScanner[30859]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Mar 27 11:09:44 mail MailScanner[30859]: Read 120 hostnames from the phishing whitelist Mar 27 11:09:46 mail MailScanner[30859]: Using locktype = flock The message before this was not spam and delivered OK. Here is the next 2 messages and mailscanner does not start: Mar 27 11:11:19 mail postfix/smtpd[30785]: E3E2CE00E6: client=backup.dotnet.com[216.127.196.18] Mar 27 11:11:20 mail postfix/cleanup[30871]: E3E2CE00E6: hold: header Received: from hamburg.dotnet.com (backup.dotnet.com [216.127.196.18])??by mail.advoca p.org (Postfix) with ESMTP id E3E2CE00E6??for ; Mon, 27 Mar 2006 11:11:19 -0600 (CST) from backup.dotnet.com[216.127.196.18]; from= to= proto=ESMTP helo= Mar 27 11:11:20 mail postfix/cleanup[30871]: E3E2CE00E6: hold: header Received: from 216-127-207-249.strgbay.dcwis.com ([216.127.207.249] helo=homee677adc14 2)??by hamburg.dotnet.com with smtp (Exim 3.33 #1)??id 1FNvFe-0004rq-00; Mon, 27 Mar 2006 11:11:34 -0600 from backup.dotnet.com[216.127.196.18]; from= to= proto=ESMTP helo= Mar 27 11:11:20 mail postfix/cleanup[30871]: E3E2CE00E6: message-id=<000701c651c1$7e74a730$0201a8c0@homee677adc142> Mar 27 11:11:20 mail postfix/smtpd[30785]: disconnect from backup.dotnet.com[216.127.196.18] Mar 27 11:11:39 mail postfix/smtpd[30785]: connect from fondy.advocap.org[192.168.2.1] Mar 27 11:11:39 mail postfix/smtpd[30785]: C8F5CE00E7: client=fondy.advocap.org[192.168.2.1] Mar 27 11:11:39 mail postfix/cleanup[30871]: C8F5CE00E7: hold: header Received: from fondy.advocap.org (fondy.advocap.org [192.168.2.1])??by mail.advocap.or g (Postfix) with ESMTP id C8F5CE00E7??for ; Mon, 27 Mar 2006 11:11:39 -0600 (CST) from fondy.advocap.org[192.168.2.1]; from= to= proto=ESMTP helo= Mar 27 11:11:39 mail postfix/cleanup[30871]: C8F5CE00E7: hold: header Received: by fondy.advocap.org (Postfix, from userid 2072)??id 1FC74440A9; Mon, 27 Mar 2006 11:12:07 -0600 (CST) from fondy.advocap.org[192.168.2.1]; from= to= proto=ESMTP helo= Mar 27 11:11:39 mail postfix/cleanup[30871]: C8F5CE00E7: hold: header Received: from localhost (localhost [127.0.0.1])??by fondy.advocap.org (Postfix) with ESMTP id 12BC1440A6??for ; Mon, 27 Mar 2006 11:12:07 -0600 (CST) from fondy.advocap.org[192.168.2.1]; from= to= proto=ESMTP helo= Mar 27 11:11:39 mail postfix/cleanup[30871]: C8F5CE00E7: message-id= Mar 27 11:11:39 mail postfix/smtpd[30785]: disconnect from fondy.advocap.org[192.168.2.1] I saved listing of hold before restarting mailscanner and the 2 messages above were in hold and were the oldest messages. Any idea what the problem is? Thanks John -------------- next part -------------- A non-text attachment was scrubbed... Name: johnm.vcf Type: text/x-vcard Size: 250 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060327/e7dc8420/johnm.vcf From stork at openenterprise.ca Mon Mar 27 22:33:53 2006 From: stork at openenterprise.ca (Johnny Stork) Date: Mon Mar 27 22:34:00 2006 Subject: Forwaring Mail In-Reply-To: Message-ID: My mistake everyone. I used webmin to add an alias using a full username@domain and it rejected it but simply using the prefix (username) worked fine and although their is no corresponding local user, it does work fine, as you all told me. Thanks again for the quick solution !! > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] > Sent: Monday, March 27, 2006 12:15 PM > To: MailScanner discussion > Subject: Re: Forwaring Mail > > > > On Mar 27, 2006, at 1:56 PM, Matt Kettler wrote: > > > Matt Kettler wrote: > >> Johnny Stork wrote: > >>> This has to work without the existence of a local user > name so an > >>> alias wont work as it requires a local user on the machine. > >> > >> No it doesn't. > > > > Let me clarify.. No, aliases do NOT require the existence of a > > local username. > > > > I do this ALL the time, and I have over 100 aliases with no > > matching local user > > account. > i just put pete: john@jolet.net in my aliases file. > forwarded to me > just fine. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From linux_spartacus at yahoo.com Tue Mar 28 01:50:22 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Tue Mar 28 01:50:26 2006 Subject: Connection Timeout After 7 Download Messages In-Reply-To: <4427BF02.2030806@go2.ie> Message-ID: <20060328005023.53267.qmail@web35613.mail.mud.yahoo.com> Kevin Dermody wrote: Check the mail that it's getting stuck at? Is it always the same mail? We occasionally have a problem where it will freeze on a particular mail. It's a problem where by certain broken headers freeze outlook. Generally they mails are spam and can just be removed which will clear things up. You might want to keep a copy of the mail and try see why it's breaking things and if it can be filtered in future. Just one possibility! Kevin Dermody Go2web Ltd. spart cus wrote: > Hi guys, > Some of my clients are complaining that theyre outlook client suddenly > looses connection or timed out after 7 messages. I think maybe due to > the lenght of time that the server did not response with the request. I > tried to restart the MS then some of my clients got their message. The > following hour the same scenario happens. Anyone encounter these problem ? > > ------------------------------------------------------------------------ > New Yahoo! Messenger with Voice. Call regular phones from your PC > > > and save big. > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Some of my clients are also complaining about the same email.The mails are dated 3 weeks ago and they still getting the same emails. Is this a virus ? --------------------------------- New Yahoo! Messenger with Voice. Call regular phones from your PC and save big. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060327/7a3f1751/attachment.html From ugob at camo-route.com Tue Mar 28 01:57:29 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Tue Mar 28 01:57:39 2006 Subject: Connection Timeout After 7 Download Messages In-Reply-To: <20060328005023.53267.qmail@web35613.mail.mud.yahoo.com> References: <4427BF02.2030806@go2.ie> <20060328005023.53267.qmail@web35613.mail.mud.yahoo.com> Message-ID: <442889F9.8070904@camo-route.com> spart cus wrote: > > > */Kevin Dermody /* wrote: > > Check the mail that it's getting stuck at? Is it always the same mail? > > We occasionally have a problem where it will freeze on a particular > mail. It's a problem where by certain broken headers freeze outlook. > Generally they mails are spam and can just be removed which will clear > things up. > > You might want to keep a copy of the mail and try see why it's breaking > things and if it can be filtered in future. > > Just one possibility! > > Kevin Dermody > Go2web Ltd. > > spart cus wrote: > > Hi guys, > > Some of my clients are complaining that theyre outlook client > suddenly > > looses connection or timed out after 7 messages. I think maybe > due to > > the lenght o f time that the server did not response with the > request. I > > tried to restart the! MS then some of my clients got their > message. The > > following hour the same scenario happens. Anyone encounter these > problem ? > > > > > ------------------------------------------------------------------------ > > New Yahoo! Messenger with Voice. Call regular phones from your PC > > > > > and save big. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Some of my clients are also complaining about the same email.The mails > are dated 3 weeks ago and they still getting the same emails. Is this a > vir us ? How would we know? Most likely they download messages and the connexion gets interrupted before the pop server receives the command to mark it as read or delete it. You should really look at the pop/imap side, using the mailing list for the product you're using. > > ------------------------------------------------------------------------ > New Yahoo! Messenger with Voice. Call regular phones from your PC > > and save big. > From ugob at camo-route.com Tue Mar 28 01:57:29 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Tue Mar 28 01:57:56 2006 Subject: Connection Timeout After 7 Download Messages In-Reply-To: <20060328005023.53267.qmail@web35613.mail.mud.yahoo.com> References: <4427BF02.2030806@go2.ie> <20060328005023.53267.qmail@web35613.mail.mud.yahoo.com> Message-ID: <442889F9.8070904@camo-route.com> spart cus wrote: > > > */Kevin Dermody /* wrote: > > Check the mail that it's getting stuck at? Is it always the same mail? > > We occasionally have a problem where it will freeze on a particular > mail. It's a problem where by certain broken headers freeze outlook. > Generally they mails are spam and can just be removed which will clear > things up. > > You might want to keep a copy of the mail and try see why it's breaking > things and if it can be filtered in future. > > Just one possibility! > > Kevin Dermody > Go2web Ltd. > > spart cus wrote: > > Hi guys, > > Some of my clients are complaining that theyre outlook client > suddenly > > looses connection or timed out after 7 messages. I think maybe > due to > > the lenght o f time that the server did not response with the > request. I > > tried to restart the! MS then some of my clients got their > message. The > > following hour the same scenario happens. Anyone encounter these > problem ? > > > > > ------------------------------------------------------------------------ > > New Yahoo! Messenger with Voice. Call regular phones from your PC > > > > > and save big. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Some of my clients are also complaining about the same email.The mails > are dated 3 weeks ago and they still getting the same emails. Is this a > vir us ? How would we know? Most likely they download messages and the connexion gets interrupted before the pop server receives the command to mark it as read or delete it. You should really look at the pop/imap side, using the mailing list for the product you're using. > > ------------------------------------------------------------------------ > New Yahoo! Messenger with Voice. Call regular phones from your PC > > and save big. > From ugob at camo-route.com Tue Mar 28 01:58:25 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Tue Mar 28 02:01:41 2006 Subject: Sendmail patch breaks plain text auth In-Reply-To: <4427F2C5.5020009@nkpanama.com> References: <9d8a284d324009566cb8f0b8de7cf5d7@81.19.57.146> <4427F2C5.5020009@nkpanama.com> Message-ID: Alex Neuman wrote: > Paul Welsh wrote: >> At the weekend I updated my RH9 Sendmail to the patched version using the >> Fedora Legacy update. I now have Sendmail 8.12.11.20060308/8.12.8. >> >> Only problem is that smtp authentication no longer works. Has anyone >> else >> had this problem and if so, do they have a solution handy? >> >> ________________________________________________ >> Message sent using UebiMiau 2.7.9 >> >> >> > Maybe you need to patch/update/restart saslauthd? Did you copy your .rpmnew files over the original? Anything in the logs? From linux_spartacus at yahoo.com Tue Mar 28 03:06:22 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Tue Mar 28 03:06:26 2006 Subject: Message Doubles Message-ID: <20060328020622.99917.qmail@web35615.mail.mud.yahoo.com> Hi guys, I know i've read this problem before.Though im not using the MS yet. But know im currently experiencing this with some of my clients. How can i check this out. tia --------------------------------- New Yahoo! Messenger with Voice. Call regular phones from your PC and save big. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060327/aec126f7/attachment.html From mkettler at evi-inc.com Tue Mar 28 04:00:43 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Mar 28 04:00:59 2006 Subject: Message Doubles In-Reply-To: <20060328020622.99917.qmail@web35615.mail.mud.yahoo.com> References: <20060328020622.99917.qmail@web35615.mail.mud.yahoo.com> Message-ID: <4428A6DB.4080905@evi-inc.com> spart cus wrote: > Hi guys, > I know i've read this problem before.Though im not using the MS yet. But > know im currently experiencing this with some of my clients. How can i > check this out. Start off by comparing Message-ID: headers.. If the message is a dupe occurring at the MTA layer, they should be the same. If they're different, some piece of software that thinks it's at the client level re-generated the message (ie: a auto-forwarder rule in a client). Follow up with comparing the path in the Received: headers. Do they differ at all? If so, one of the servers involved in the difference is responsible. From Brad at beckenhauer.com Tue Mar 28 05:08:49 2006 From: Brad at beckenhauer.com (Brad Beckenhauer) Date: Tue Mar 28 05:09:01 2006 Subject: Stopping Directory Harvest Attacks Message-ID: <1143518929.23342.36.camel@brad.beckenhauer.com> Hello all, First off my disclaimer... I'm not a programmer and this script is one of my first perl writing ventures. A guys gotta start somewhere! I was getting hammered with DHA (Directory Harvest Attacks) and decided to write my own. Given that stopping DHA attacks has come up a couple of times on this forum, I hope that some of you will find this useful and a starting place to develop this script further. Julian, I thought it would be cool to use some of your phishing logic to re-write the code to use a database instead. This perl script parses the mail.logs looking for multiple rejections from the same IP Address. Presume this is a Directory harvest Attack if the number of occurances of an IP Address is above the user defined limit of $SCORE, then create an iptables DROP statement for that IP Address. Each time the script is run, it will remove the previous iptables entries, rescan the mail.log and add new entries. If an IP offender no longer appears in the mail.log, then they are dropped off the blocked "list". This works great a a cron job every hour and if you roll your mail logs daily the offending IP address is dropped off the list. Again, it's far from perfect, feel free to adapt it if you like it, but please share with the rest of us. #!/usr/bin/perl # # harvest.pl # # version 1.0 # Date: 10 September 2005 # # Find possible email "directory harvest attacks" from mail.logs # # Copyright: # This program is free software; you can redistribute it # and modify it under the terms of the GNU General Public # License as published by the Free Software Foundation. # # This program is distributed WITHOUT ANY WARRANTY; without even # the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. # # Purpose: # Parses the mail.logs looking for multiple rejections from the same # IP Address. Presume this is a Directory harvest Attack if the # number of occurances of an IP Address is above the # user defined limit of $SCORE, then create an iptables DROP # statement for that IP Address. Each time the script is run, it will # remove the previous iptables entries, rescan the mail.log and add # new entries. If an IP offender no longer appears in the mail.log, # then they are dropped off the blocked "list". # # Rotating your email logs Daily helps keep the list cleaner. # # When executed, this perl script 'harvest.pl will create two output # files in the current directory: # # iptables.sh Contains the iptables entires to be added to iptables # iptables-undo.sh Removes all entries created in the last run. # # # Idea and initial code by: Brad Beckenhauer # # Credits: David Kirby. # # # This is the threshhold for the number of times an # IP Address with a 550 error can occur in the mail logs before # being added to the block list. # SCORE should be set high enough that deleted user accounts # on your system do not "trigger" a false block. $SCORE=10; # Turn on console output, Shows what IP Addresses will be blocked. $DEBUG=1; # read input from the /var/log/mail.log file foreach $log () { open(FILE,$log); while () { chomp; # Remove newlines # create list of 55x errors # 554 needs to be fixed to make sure that 'found' is numeric if (/\]: 554 Service unavail/) { push @found, $_; } # create list of 450 errors if (/\]: 450 Client host rejected\ $iplist{$b}; } (keys %iplist); # Print a report to console if ( $DEBUG ) { printf "%-15s %-5s\n","\nIP Address"," Count"; printf "%-15s %-5s\n","---------------","-----"; } open( OUT, ">>/usr/local/sbin/dha.sh" ); if ( \! -f "/usr/local/sbin/dha-undo.sh" ) { print OUT "#!/bin/sh\n"; } close(OUT); # if the undo file exists, do this routine if ( -f "/usr/local/sbin/dha-undo.sh" ){ # if ( $DEBUG ) { print " Undo file exists, reading it\n"; } open(UNDO, "/usr/local/sbin/dha-undo.sh") || die " can't open iptables-undo.sh"; open(OUT, ">/usr/local/sbin/dha.sh") || die " can't open iptables.sh"; # read in the undo file and send it to the OUT file while ( ) { # need to SKIP the first two lines of the input # as they contain header print OUT $_ ; } close(UNDO); close(OUT); } else { if ( $DEBUG ) { print "Undo file does not exist, creating\n"; } } # create a new BLANK file w/headers to "undo" the # new entries added to the table open( OUT, ">/usr/local/sbin/dha-undo.sh" ); print OUT "#!/bin/sh\n"; close(OUT); # open for append the iptables file for new IPs that exceed SCORE open( NEW, ">>/usr/local/s/dha.sh" ); open( UNDO, ">>/usr/local/sbin/dha-undo.sh" ); # loop for each IP address found and add it to the tables. foreach $ip (@iplist) { if ($iplist{$ip} >= $SCORE ) { print NEW "iptables -A INPUT -s $ip -p tcp -m tcp --dport 25 -j DROP\n"; print UNDO "iptables -D INPUT -s $ip -p tcp -m tcp --dport 25 -j DROP\n"; if ( $DEBUG ) { printf "%15s\t%5d\n",$ip,$iplist{$ip}; } } } if ( $DEBUG ) { printf "\nrun /usr/local/sbin/dha.sh to ADD these entries to the firewall\n"; printf "run /usr/local/sbin/dha-undo.sh to REMOVE all entries from the firewall\n\n"; } close(NEW); close(UNDO); chmod 0755, '/usr/local/sbin/dha-undo.sh'; chmod 0755, '/usr/local/sbin/dha.sh'; From Yusuf.Ahmed at aot.com.au Tue Mar 28 07:28:30 2006 From: Yusuf.Ahmed at aot.com.au (Yusuf Ahmed) Date: Tue Mar 28 07:29:13 2006 Subject: Quarantine all email Message-ID: <4428D78E.4010409@aot.com.au> Hi there, I remember changing something so that all email (clean and marked as spam etc) is stored in quarantine. I have this set up on one mailscanner box and want to do the same for a new box I have put together. But for the life of me I can not remember where this setting is. I have compared mailscanner.conf and other config files between the two boxes but can't seem to remember what it is. Did some google searches and looked through the archives but couldn't find what I needed. Or ...more likely..I'm completely overlooking it. Can someone please point out what line it is and what file it is located in. Cheers. Yus. From tenderby at mailwash.com.au Tue Mar 28 07:36:32 2006 From: tenderby at mailwash.com.au (Tony Enderby) Date: Tue Mar 28 07:35:30 2006 Subject: Quarantine all email In-Reply-To: <4428D78E.4010409@aot.com.au> References: <4428D78E.4010409@aot.com.au> Message-ID: <4428D970.4050100@mailwash.com.au> Make one of the actions for non spam "store" i.e store deliver Tony. Yusuf Ahmed wrote: > Hi there, > > I remember changing something so that all email (clean and marked as > spam etc) is stored in quarantine. I have this set up on one > mailscanner box and want to do the same for a new box I have put > together. But for the life of me I can not remember where this setting > is. I have compared mailscanner.conf and other config files between > the two boxes but can't seem to remember what it is. > > Did some google searches and looked through the archives but couldn't > find what I needed. Or ...more likely..I'm completely overlooking it. > Can someone please point out what line it is and what file it is > located in. > > Cheers. > > Yus. > From MailScanner at ecs.soton.ac.uk Tue Mar 28 08:16:05 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 28 08:16:17 2006 Subject: Message Doubles In-Reply-To: <4428A6DB.4080905@evi-inc.com> References: <20060328020622.99917.qmail@web35615.mail.mud.yahoo.com> <4428A6DB.4080905@evi-inc.com> Message-ID: What OS are you using? What MTA are you using and what version? What version of MailScanner are you using? What is your "Lock Type = " set to in MailScanner.conf? On 28 Mar 2006, at 04:00, Matt Kettler wrote: > spart cus wrote: >> Hi guys, >> I know i've read this problem before.Though im not using the MS >> yet. But >> know im currently experiencing this with some of my clients. How >> can i >> check this out. > > Start off by comparing Message-ID: headers.. If the message is a > dupe occurring > at the MTA layer, they should be the same. If they're different, > some piece of > software that thinks it's at the client level re-generated the > message (ie: a > auto-forwarder rule in a client). > > Follow up with comparing the path in the Received: headers. Do they > differ at > all? If so, one of the servers involved in the difference is > responsible. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Mar 28 08:18:36 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 28 08:18:45 2006 Subject: Stopping Directory Harvest Attacks In-Reply-To: <1143518929.23342.36.camel@brad.beckenhauer.com> References: <1143518929.23342.36.camel@brad.beckenhauer.com> Message-ID: <3C3AC3D2-544A-450D-BAE8-9F6877D1BDF7@ecs.soton.ac.uk> On 28 Mar 2006, at 05:08, Brad Beckenhauer wrote: > print OUT "#!/bin/sh\n"; > print OUT "#!/bin/sh\n"; Can I run and hide yet? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From frank.jahn at robbe.com Tue Mar 28 08:42:21 2006 From: frank.jahn at robbe.com (Frank Jahn) Date: Tue Mar 28 08:43:29 2006 Subject: Allow encrypted program in archive Message-ID: <10eb01c6523b$25fb92b0$7702a8c0@werk.robbe.de> Hello, how can i allow encrypted programs in archives? MailScanner reports: could be a suspicious file (encrypted program in archive) Archives are allowed in my MailScanner.conf. How can i setup this in filetype.rules.conf or filename.rules.conf best regards Frank From shuttlebox at gmail.com Tue Mar 28 08:53:06 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Mar 28 08:53:09 2006 Subject: Allow encrypted program in archive In-Reply-To: <10eb01c6523b$25fb92b0$7702a8c0@werk.robbe.de> References: <10eb01c6523b$25fb92b0$7702a8c0@werk.robbe.de> Message-ID: <625385e30603272353n4e0abe05r5a60637f2f33acd@mail.gmail.com> On 3/28/06, Frank Jahn wrote: > Hello, > > how can i allow encrypted programs in archives? > > MailScanner reports: > > could be a suspicious file (encrypted program in archive) > > Archives are allowed in my MailScanner.conf. How can i setup this in > filetype.rules.conf or filename.rules.conf I don't recognize the text. What is reporting it? MailScanner itself or one or your virus scanners? -- /peter From glenn.steen at gmail.com Tue Mar 28 09:20:12 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 28 09:20:16 2006 Subject: Mailscanner stops working after a few hours. In-Reply-To: <44285944.8090100@advocap.org> References: <44285944.8090100@advocap.org> Message-ID: <223f97700603280020y68d34611j78bcf4d10e89a646@mail.gmail.com> On 27/03/06, John McMonagle wrote: > Using postfix and mailscanner on debian sarge. > postfix 2.1.5-9 > mailscanner 4.41.3-2 > > Setup from the instructions the Mailscanner web page. > > I noticed that messages are keep going into > /var/spool/postfix/hold but mailscanner quits processing them. > Mailscanner is running yet. > I'm guessing it's quiting at about the 4 hour time period that > mailscanner process are restarted. > /etc/init.d/mailscanner restart gets it going again. > Otherwise seems to work fine. > > Log of the last message the worked: > Mar 27 11:09:38 mail postfix/smtpd[30785]: 6B081E00DC: > client=ptx-120-27.prizeamerica2.com[207.115.120.27] > Mar 27 11:09:39 mail postfix/cleanup[30787]: 6B081E00DC: hold: header > Received: from ptx-120-27.prizeamerica2.com > (ptx-120-27.prizeamerica2.com [207.115.120 > .27])??by mail.advocap.org (Postfix) with ESMTP id 6B081E00DC??for > ; Mon, 27 Mar 2006 11:09:38 from > ptx-120-27.prizeamerica2.com[207.115 > .120.27]; from= > to= proto=ESMTP helo= > Mar 27 11:09:39 mail postfix/cleanup[30787]: 6B081E00DC: > message-id=<20060327170938.6B081E00DC@mail.advocap.org> > Mar 27 11:09:41 mail cyrus/imapd[30780]: accepted connection > Mar 27 11:09:41 mail MailScanner[25532]: New Batch: Scanning 1 messages, > 3534 bytes > Mar 27 11:09:43 mail cyrus/imapd[29882]: login: localhost[127.0.0.1] > mailadm plaintext > Mar 27 11:09:43 mail MailScanner[25532]: Spam Checks: Found 1 spam messages > Mar 27 11:09:43 mail MailScanner[25532]: Virus and Content Scanning: > Starting > Mar 27 11:09:44 mail postfix/smtpd[30785]: disconnect from > ptx-120-27.prizeamerica2.com[207.115.120.27] > Mar 27 11:09:44 mail MailScanner[25532]: MailScanner child dying of old age > Mar 27 11:09:44 mail MailScanner[30859]: MailScanner E-Mail Virus > Scanner version 4.41.3 starting... > Mar 27 11:09:44 mail MailScanner[30859]: Read 120 hostnames from the > phishing whitelist > Mar 27 11:09:46 mail MailScanner[30859]: Using locktype = flock > > The message before this was not spam and delivered OK. > > Here is the next 2 messages and mailscanner does not start: > Mar 27 11:11:19 mail postfix/smtpd[30785]: E3E2CE00E6: > client=backup.dotnet.com[216.127.196.18] > Mar 27 11:11:20 mail postfix/cleanup[30871]: E3E2CE00E6: hold: header > Received: from hamburg.dotnet.com (backup.dotnet.com > [216.127.196.18])??by mail.advoca > p.org (Postfix) with ESMTP id E3E2CE00E6??for ; Mon, > 27 Mar 2006 11:11:19 -0600 (CST) from backup.dotnet.com[216.127.196.18]; > from= are@dotnet.com> to= proto=ESMTP > helo= > Mar 27 11:11:20 mail postfix/cleanup[30871]: E3E2CE00E6: hold: header > Received: from 216-127-207-249.strgbay.dcwis.com ([216.127.207.249] > helo=homee677adc14 > 2)??by hamburg.dotnet.com with smtp (Exim 3.33 #1)??id 1FNvFe-0004rq-00; > Mon, 27 Mar 2006 11:11:34 -0600 from backup.dotnet.com[216.127.196.18]; > from= re@dotnet.com> to= proto=ESMTP helo= > Mar 27 11:11:20 mail postfix/cleanup[30871]: E3E2CE00E6: > message-id=<000701c651c1$7e74a730$0201a8c0@homee677adc142> > Mar 27 11:11:20 mail postfix/smtpd[30785]: disconnect from > backup.dotnet.com[216.127.196.18] > Mar 27 11:11:39 mail postfix/smtpd[30785]: connect from > fondy.advocap.org[192.168.2.1] > Mar 27 11:11:39 mail postfix/smtpd[30785]: C8F5CE00E7: > client=fondy.advocap.org[192.168.2.1] > Mar 27 11:11:39 mail postfix/cleanup[30871]: C8F5CE00E7: hold: header > Received: from fondy.advocap.org (fondy.advocap.org [192.168.2.1])??by > mail.advocap.or > g (Postfix) with ESMTP id C8F5CE00E7??for ; Mon, 27 > Mar 2006 11:11:39 -0600 (CST) from fondy.advocap.org[192.168.2.1]; > from= ocap.org> to= proto=ESMTP helo= > Mar 27 11:11:39 mail postfix/cleanup[30871]: C8F5CE00E7: hold: header > Received: by fondy.advocap.org (Postfix, from userid 2072)??id > 1FC74440A9; Mon, 27 Mar > 2006 11:12:07 -0600 (CST) from fondy.advocap.org[192.168.2.1]; > from= to= proto=ESMTP > helo= > Mar 27 11:11:39 mail postfix/cleanup[30871]: C8F5CE00E7: hold: header > Received: from localhost (localhost [127.0.0.1])??by fondy.advocap.org > (Postfix) with > ESMTP id 12BC1440A6??for ; Mon, 27 Mar 2006 > 11:12:07 -0600 (CST) from fondy.advocap.org[192.168.2.1]; > from= to= elam@advocap.org> proto=ESMTP helo= > Mar 27 11:11:39 mail postfix/cleanup[30871]: C8F5CE00E7: > message-id= > Mar 27 11:11:39 mail postfix/smtpd[30785]: disconnect from > fondy.advocap.org[192.168.2.1] > > I saved listing of hold before restarting mailscanner and the 2 messages > above were in hold and were the oldest messages. > > Any idea what the problem is? > > Thanks > > John > Are there any _other_ files than queue files in hold? That has been known to make MS ... throttle.... IIRC has to do with the tnef decoder bit. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From frank.jahn at robbe.com Tue Mar 28 12:27:10 2006 From: frank.jahn at robbe.com (Frank Jahn) Date: Tue Mar 28 12:28:50 2006 Subject: AW: Allow encrypted program in archive In-Reply-To: <625385e30603272353n4e0abe05r5a60637f2f33acd@mail.gmail.com> Message-ID: <11dd01c6525a$8df05530$7702a8c0@werk.robbe.de> > -----Urspr?ngliche Nachricht----- > Von: shuttlebox [mailto:shuttlebox@gmail.com] > Gesendet: Dienstag, 28. M?rz 2006 09:53 > An: MailScanner discussion > Betreff: Re: Allow encrypted program in archive > > On 3/28/06, Frank Jahn wrote: > > Hello, > > > > how can i allow encrypted programs in archives? > > > > MailScanner reports: > > > > could be a suspicious file (encrypted program in archive) > > > > Archives are allowed in my MailScanner.conf. How can i setup this in > > filetype.rules.conf or filename.rules.conf > > I don't recognize the text. What is reporting it? MailScanner itself > or one or your virus scanners? > > -- > /peter > > The report comes from F-prot. From martinh at solid-state-logic.com Tue Mar 28 12:43:22 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Mar 28 12:43:28 2006 Subject: Allow encrypted program in archive In-Reply-To: <11dd01c6525a$8df05530$7702a8c0@werk.robbe.de> Message-ID: <007b01c6525c$d1032170$3004010a@martinhlaptop> Hmm Maybe Jules needs to add in an "Allowed F-Prot Error Messages" setting like the one for Sophos??? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Frank Jahn > Sent: 28 March 2006 12:27 > To: 'MailScanner discussion' > Subject: AW: Allow encrypted program in archive > > > > -----Urspr?ngliche Nachricht----- > > Von: shuttlebox [mailto:shuttlebox@gmail.com] > > Gesendet: Dienstag, 28. M?rz 2006 09:53 > > An: MailScanner discussion > > Betreff: Re: Allow encrypted program in archive > > > > On 3/28/06, Frank Jahn wrote: > > > Hello, > > > > > > how can i allow encrypted programs in archives? > > > > > > MailScanner reports: > > > > > > could be a suspicious file (encrypted program in archive) > > > > > > Archives are allowed in my MailScanner.conf. How can i setup this in > > > filetype.rules.conf or filename.rules.conf > > > > I don't recognize the text. What is reporting it? MailScanner itself > > or one or your virus scanners? > > > > -- > > /peter > > > > > The report comes from F-prot. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From shuttlebox at gmail.com Tue Mar 28 12:46:12 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Mar 28 12:46:15 2006 Subject: Allow encrypted program in archive In-Reply-To: <11dd01c6525a$8df05530$7702a8c0@werk.robbe.de> References: <625385e30603272353n4e0abe05r5a60637f2f33acd@mail.gmail.com> <11dd01c6525a$8df05530$7702a8c0@werk.robbe.de> Message-ID: <625385e30603280346m5eb3a5bck5d39a0658bcf1429@mail.gmail.com> On 3/28/06, Frank Jahn wrote: > The report comes from F-prot. That's what I thought, that it came from a virus scanner I mean. I don't use F-prot myself but maybe there's a commandline option for this that you can add to the script MS uses. Clam has one. -- /peter From steve.swaney at fsl.com Tue Mar 28 13:59:53 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Tue Mar 28 13:59:56 2006 Subject: Message Doubles In-Reply-To: <4428A6DB.4080905@evi-inc.com> Message-ID: <157501c65267$817c6480$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Matt Kettler > Sent: Monday, March 27, 2006 10:01 PM > To: MailScanner discussion > Subject: Re: Message Doubles > > spart cus wrote: > > Hi guys, > > I know i've read this problem before.Though im not using the MS yet. But > > know im currently experiencing this with some of my clients. How can i > > check this out. > > Start off by comparing Message-ID: headers.. If the message is a dupe > occurring > at the MTA layer, they should be the same. If they're different, some > piece of > software that thinks it's at the client level re-generated the message > (ie: a > auto-forwarder rule in a client). > > Follow up with comparing the path in the Received: headers. Do they differ > at > all? If so, one of the servers involved in the difference is responsible. > -- I believe this may be happening at two of our sites. One runs: SuSE 8.0 MailScanner version 4.51.6 sendmail-8.12.6-210 Lock Type = flock The other runs: CentOS release 3.6 MailScanner version 4.51.6 sendmail-8.13.1-3.RHEL4.3 Lock Type = posix Log messages indicate that sendmail attempts to deliver the message over and over but apparently never receives and acknowledgement of delivery from the client. A typical log entry: Mar 27 12:03:08 smzz sendmail[20642]: k2OL5BPX014779: to=, delay=2+19:57:57, xdelay=00:10:23, mailer=smtp, pri=23836807, relay=[66.1.1.5] [66.1.1.5], dsn=4.0.0, stat=Deferred: 451 Timeout waiting for client input This message keeps repeating until the message is manually deleted from the outbound mail queue. The recipient gets a copy of the message every time delivery is attempted. I have copies of the qf and df files for two of these messages. A quick scan of the messages does not reveal anything obviously amiss to me. I'm not yet 100% convinced it's a MailScanner problem. Other software / hardware could be intercepting the receiver's acknowledgement. At the SuSE site the problem hasn't occurred since we turned off the PIX "sendmail helper" function but since the problem occurs rarely, it just might be too early to tell. At the CentOS site, turning off the PIX at the receiving end (if in fact this was done correctly) did not solve the problem. Still it's interesting that PIX was involved in both receiving sites. Still this problem did start about the same time the TNEF code was added to MailScanner. We've been trouble shooting it on our own as we did not originally think it was caused by MailScanner. Because of this new list thread and the differences in sendmail versions and OS versions at the troubled sites I'm beginning to wonder. If anyone would like copies of these "repeating" messages please email me off list. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From steve.swaney at fsl.com Tue Mar 28 15:37:21 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Tue Mar 28 15:37:24 2006 Subject: Message Doubles Message-ID: <15af01c65275$1f52d010$287ba8c0@office.fsl> > -----Original Message----- > From: Stephen Swaney [mailto:steve.swaney@fsl.com] > Sent: Tuesday, March 28, 2006 8:00 AM > To: 'MailScanner discussion' > Subject: RE: Message Doubles > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Matt Kettler > > Sent: Monday, March 27, 2006 10:01 PM > > To: MailScanner discussion > > Subject: Re: Message Doubles > > > > spart cus wrote: > > > Hi guys, > > > I know i've read this problem before.Though im not using the MS yet. > But > > > know im currently experiencing this with some of my clients. How can i > > > check this out. > > > > Start off by comparing Message-ID: headers.. If the message is a dupe > > occurring > > at the MTA layer, they should be the same. If they're different, some > > piece of > > software that thinks it's at the client level re-generated the message > > (ie: a > > auto-forwarder rule in a client). > > > > Follow up with comparing the path in the Received: headers. Do they > differ > > at > > all? If so, one of the servers involved in the difference is > responsible. > > -- > > I believe this may be happening at two of our sites. One runs: > > SuSE 8.0 > MailScanner version 4.51.6 > sendmail-8.12.6-210 > Lock Type = flock > > The other runs: > > CentOS release 3.6 > MailScanner version 4.51.6 > sendmail-8.13.1-3.RHEL4.3 > Lock Type = posix > > Log messages indicate that sendmail attempts to deliver the message over > and over but apparently never receives and acknowledgement of delivery > from the client. A typical log entry: > > Mar 27 12:03:08 smzz sendmail[20642]: k2OL5BPX014779: > to=, delay=2+19:57:57, xdelay=00:10:23, mailer=smtp, > pri=23836807, relay=[66.1.1.5] [66.1.1.5], dsn=4.0.0, stat=Deferred: 451 > Timeout waiting for client input > > This message keeps repeating until the message is manually deleted from > the outbound mail queue. The recipient gets a copy of the message every > time delivery is attempted. > > I have copies of the qf and df files for two of these messages. A quick > scan of the messages does not reveal anything obviously amiss to me. > > I'm not yet 100% convinced it's a MailScanner problem. Other software / > hardware could be intercepting the receiver's acknowledgement. At the SuSE > site the problem hasn't occurred since we turned off the PIX "sendmail > helper" function but since the problem occurs rarely, it just might be too > early to tell. > > At the CentOS site, turning off the PIX at the receiving end (if in fact > this was done correctly) did not solve the problem. Still it's interesting > that PIX was involved in both receiving sites. > > Still this problem did start about the same time the TNEF code was added > to MailScanner. We've been trouble shooting it on our own as we did not > originally think it was caused by MailScanner. Because of this new list > thread and the differences in sendmail versions and OS versions at the > troubled sites I'm beginning to wonder. > > If anyone would like copies of these "repeating" messages please email me > off list. > > Steve Replying to my own message but further investigation shows that the client did NOT correctly configure the PIX server on the receiving end of the problem message. I suggest that you check for a banner similar to: Connected to mail.xxxx.com (68.1.1.166). Escape character is '^]'. 220 **************************************************************************** ************************************************** When you telnet to port 25 on the receiving system. This is a PIX connection Try turning off this protocol. It appears to have little if any security value. Please see: http://www.issociate.de/board/post/195084/SMTP_Fixup_--_On_or_Off???.html Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From alex at nkpanama.com Tue Mar 28 15:45:49 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Mar 28 15:47:18 2006 Subject: Message Doubles In-Reply-To: <15af01c65275$1f52d010$287ba8c0@office.fsl> References: <15af01c65275$1f52d010$287ba8c0@office.fsl> Message-ID: <44294C1D.60205@nkpanama.com> Stephen Swaney wrote: > I suggest that you check for a banner similar to: > > Connected to mail.xxxx.com (68.1.1.166). > Escape character is '^]'. > 220 > **************************************************************************** > ************************************************** > > When you telnet to port 25 on the receiving system. This is a PIX connection > > Try turning off this protocol. It appears to have little if any security > value. Please see: > > http://www.issociate.de/board/post/195084/SMTP_Fixup_--_On_or_Off???.html > > I have had several clients with this problem. I've had to explain to them how this breaks everything from AUTH to RBL's to RFC's and a bunch of other TLA's and FLA's. From h.swensson at hccnet.nl Tue Mar 28 20:17:12 2006 From: h.swensson at hccnet.nl (Herman Swensson) Date: Tue Mar 28 20:17:18 2006 Subject: Can't locate MIME/Parser.pm in @INC Message-ID: <200603281917.k2SJHGtn019326@smtp30.hccnet.nl> I have still the same problem and I am not able to start MailScanner In spite of the new install command: ./install.sh --perl=/usr/bin/perl Good. You have the patch command. Good, you have /usr/src/redhat in place. Good, unpackaged files will not break the build process. Good, far-too-clever Perl requirements will be ignored. install.sh: error: unrecognized option: --perl=/usr/bin/perl Try `./install.sh --help' for more information. How must I go further Regards Herman -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.2/293 - Release Date: 26-3-2006 From MailScanner at ecs.soton.ac.uk Tue Mar 28 21:10:19 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 28 21:10:27 2006 Subject: Can't locate MIME/Parser.pm in @INC In-Reply-To: <200603281917.k2SJHGtn019326@smtp30.hccnet.nl> References: <200603281917.k2SJHGtn019326@smtp30.hccnet.nl> Message-ID: <4429982B.1070809@ecs.soton.ac.uk> What version of MailScanner are you trying to install? What does it say when you do "./install.sh --help" as directed? Herman Swensson wrote: > I have still the same problem and I am not able to start MailScanner > In spite of the new install command: > > ./install.sh --perl=/usr/bin/perl > > Good. You have the patch command. > > Good, you have /usr/src/redhat in place. > > Good, unpackaged files will not break the build process. > Good, far-too-clever Perl requirements will be ignored. > install.sh: error: unrecognized option: --perl=/usr/bin/perl Try > `./install.sh --help' for more information. > > > How must I go further > > Regards > > Herman > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Mar 28 21:22:42 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 28 21:22:51 2006 Subject: Can't locate MIME/Parser.pm in @INC In-Reply-To: <4429982B.1070809@ecs.soton.ac.uk> References: <200603281917.k2SJHGtn019326@smtp30.hccnet.nl> <4429982B.1070809@ecs.soton.ac.uk> Message-ID: <44299B12.1020204@ecs.soton.ac.uk> If you want a helping hand and can mail me remote access details and root pw then let me know (off-list!) Julian Field wrote: > What version of MailScanner are you trying to install? What does it > say when you do "./install.sh --help" as directed? > > Herman Swensson wrote: >> I have still the same problem and I am not able to start MailScanner >> In spite of the new install command: >> >> ./install.sh --perl=/usr/bin/perl >> >> Good. You have the patch command. >> >> Good, you have /usr/src/redhat in place. >> >> Good, unpackaged files will not break the build process. >> Good, far-too-clever Perl requirements will be ignored. >> install.sh: error: unrecognized option: --perl=/usr/bin/perl Try >> `./install.sh --help' for more information. >> >> >> How must I go further >> >> Regards >> Herman >> >> > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From h.swensson at hccnet.nl Tue Mar 28 22:03:11 2006 From: h.swensson at hccnet.nl (Herman Swensson) Date: Tue Mar 28 22:03:13 2006 Subject: Can't locate MIME/Parser.pm in @INC In-Reply-To: <4429982B.1070809@ecs.soton.ac.uk> Message-ID: <200603282103.k2SL3BLm019550@smtp30.hccnet.nl> I am using MS 4.51.5-1 ./install.sh --help Good. You have the patch command. Good, you have /usr/src/redhat in place. Good, unpackaged files will not break the build process. Good, far-too-clever Perl requirements will be ignored. Usage: ./install.sh [OPTION]... [VAR=VALUE]... -h, --help display this help and exit nodeps ignore dependencies when installing MailScanner ignore-perl ignore perl versions check fast do not wait for long during installation -----Oorspronkelijk bericht----- Van: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Namens Julian Field Verzonden: dinsdag 28 maart 2006 22:10 Aan: MailScanner discussion Onderwerp: Re: Can't locate MIME/Parser.pm in @INC What version of MailScanner are you trying to install? What does it say when you do "./install.sh --help" as directed? Herman Swensson wrote: > I have still the same problem and I am not able to start MailScanner > In spite of the new install command: > > ./install.sh --perl=/usr/bin/perl > > Good. You have the patch command. > > Good, you have /usr/src/redhat in place. > > Good, unpackaged files will not break the build process. > Good, far-too-clever Perl requirements will be ignored. > install.sh: error: unrecognized option: --perl=/usr/bin/perl Try > `./install.sh --help' for more information. > > > How must I go further > > Regards > > Herman > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.2/293 - Release Date: 26-3-2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.2/293 - Release Date: 26-3-2006 From michele at blacknight.ie Tue Mar 28 22:07:31 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Tue Mar 28 22:07:33 2006 Subject: Can't locate MIME/Parser.pm in @INC In-Reply-To: <200603282103.k2SL3BLm019550@smtp30.hccnet.nl> References: <200603282103.k2SL3BLm019550@smtp30.hccnet.nl> Message-ID: <4429A593.9000304@blacknight.ie> You can always find a few grumpy types in the #mailscanner channel on freenode if you need help :) -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From jchezny at northcarolina.edu Tue Mar 28 22:19:17 2006 From: jchezny at northcarolina.edu (jchezny@northcarolina.edu) Date: Tue Mar 28 22:19:19 2006 Subject: MCP checking in log file; not enabled in conf Message-ID: <1143580757.4429a8550dafb@webmail.northcarolina.edu> Folks, Can anyone tell me why I see evidence of MCP checking in the maillog; even though MCP Checks = no in MailScanner.conf? Relevant snippets from maillog and conf included: Maillog: MailScanner[23557]: MCP Checks completed at 6095460 bytes per second MailScanner.conf: # Configuration directory containing files related to MCP # (Message Content Protection) # %mcp-dir% = /etc/MailScanner/mcp MCP Checks = no Warm regards, -jc ---------------------------------------------------------------- This message was sent with UNC-GA Webmail http://webmail.northcarolina.edu From Yusuf.Ahmed at aot.com.au Tue Mar 28 23:28:27 2006 From: Yusuf.Ahmed at aot.com.au (Yusuf Ahmed) Date: Tue Mar 28 23:29:35 2006 Subject: Quarantine all email In-Reply-To: <4428D970.4050100@mailwash.com.au> References: <4428D78E.4010409@aot.com.au> <4428D970.4050100@mailwash.com.au> Message-ID: <4429B88B.6060406@aot.com.au> thats the one!! thanks Tony. Tony Enderby wrote: > Make one of the actions for non spam "store" > > i.e store deliver > > Tony. > > > Yusuf Ahmed wrote: > >> Hi there, >> >> I remember changing something so that all email (clean and marked as >> spam etc) is stored in quarantine. I have this set up on one >> mailscanner box and want to do the same for a new box I have put >> together. But for the life of me I can not remember where this >> setting is. I have compared mailscanner.conf and other config files >> between the two boxes but can't seem to remember what it is. >> >> Did some google searches and looked through the archives but couldn't >> find what I needed. Or ...more likely..I'm completely overlooking it. >> Can someone please point out what line it is and what file it is >> located in. >> >> Cheers. >> >> Yus. >> -- Regards, ----------------------------------- Yusuf Ahmed IT Helpdesk Administrator The AOT Group P/L Level 8, 420 St. Kilda Road Melbourne, Victoria 3004, AUSTRALIA Tel: +61 3 9867 7233 Fax: +61 3 9867 7244 =================================== From jaearick at colby.edu Tue Mar 28 23:33:16 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Tue Mar 28 23:36:46 2006 Subject: Stopping Directory Harvest Attacks In-Reply-To: <1143518929.23342.36.camel@brad.beckenhauer.com> References: <1143518929.23342.36.camel@brad.beckenhauer.com> Message-ID: Doesn't Julian's IPBlock feature kind of do the same thing??? Jeff Earickson Colby College On Mon, 27 Mar 2006, Brad Beckenhauer wrote: > Date: Mon, 27 Mar 2006 22:08:49 -0600 > From: Brad Beckenhauer > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Stopping Directory Harvest Attacks > > Hello all, > > First off my disclaimer... I'm not a programmer and this script is one > of my first perl writing ventures. A guys gotta start somewhere! I was > getting hammered with DHA (Directory Harvest Attacks) and decided to > write my own. Given that stopping DHA attacks has come up a couple of > times on this forum, I hope that some of you will find this useful and > a starting place to develop this script further. > > Julian, I thought it would be cool to use some of your phishing logic > to re-write the code to use a database instead. > > This perl script parses the mail.logs looking for multiple rejections > from the same IP Address. Presume this is a Directory harvest Attack if > the number of occurances of an IP Address is above the user defined > limit of $SCORE, then create an iptables DROP statement for that IP > Address. Each time the script is run, it will remove the previous > iptables entries, rescan the mail.log and add new entries. If an IP > offender no longer appears in the mail.log, then they are dropped off > the blocked "list". This works great a a cron job every hour and if you > roll your mail logs daily the offending IP address is dropped off the > list. > > Again, it's far from perfect, feel free to adapt it if you like it, but > please share with the rest of us. > > #!/usr/bin/perl > # > # harvest.pl > # > # version 1.0 > # Date: 10 September 2005 > # > # Find possible email "directory harvest attacks" from mail.logs > # > # Copyright: > # This program is free software; you can redistribute it > # and modify it under the terms of the GNU General Public > # License as published by the Free Software Foundation. > # > # This program is distributed WITHOUT ANY WARRANTY; without even > # the implied warranty of MERCHANTABILITY or FITNESS FOR A > # PARTICULAR PURPOSE. > # > # Purpose: > # Parses the mail.logs looking for multiple rejections from the same > # IP Address. Presume this is a Directory harvest Attack if the > # number of occurances of an IP Address is above the > # user defined limit of $SCORE, then create an iptables DROP > # statement for that IP Address. Each time the script is run, it will > # remove the previous iptables entries, rescan the mail.log and add > # new entries. If an IP offender no longer appears in the mail.log, > # then they are dropped off the blocked "list". > # > # Rotating your email logs Daily helps keep the list cleaner. > # > # When executed, this perl script 'harvest.pl will create two output > # files in the current directory: > # > # iptables.sh Contains the iptables entires to be added to iptables > # iptables-undo.sh Removes all entries created in the last run. > # > # > # Idea and initial code by: Brad Beckenhauer > # > # Credits: David Kirby. > # > # > > # This is the threshhold for the number of times an > # IP Address with a 550 error can occur in the mail logs before > # being added to the block list. > # SCORE should be set high enough that deleted user accounts > # on your system do not "trigger" a false block. > $SCORE=10; > > # Turn on console output, Shows what IP Addresses will be blocked. > $DEBUG=1; > > # read input from the /var/log/mail.log file > foreach $log () { > open(FILE,$log); > while () { > chomp; # Remove newlines > # create list of 55x errors > # 554 needs to be fixed to make sure that 'found' is numeric > if (/\]: 554 Service unavail/) { push @found, $_; } > # create list of 450 errors > if (/\]: 450 Client host rejected\ } > close(FILE); > } > > # parse list of 55x errors, extracting each IP > foreach $entry (@found) { > ($ip)=$entry=~/.*\[.+?\].*\[(.*)\]/; > $iplist{$ip}++; # count each IP found > } > > # sort list of IPs ascending by number of occurances > @iplist=sort { $iplist{$a} <=> $iplist{$b}; } (keys %iplist); > > # Print a report to console > if ( $DEBUG ) { > printf "%-15s %-5s\n","\nIP Address"," Count"; > printf "%-15s %-5s\n","---------------","-----"; > } > > open( OUT, ">>/usr/local/sbin/dha.sh" ); > if ( \! -f "/usr/local/sbin/dha-undo.sh" ) { > print OUT "#!/bin/sh\n"; > } > close(OUT); > > # if the undo file exists, do this routine > if ( -f "/usr/local/sbin/dha-undo.sh" ){ > # if ( $DEBUG ) { print " Undo file exists, reading it\n"; } > open(UNDO, "/usr/local/sbin/dha-undo.sh") || die " can't open > iptables-undo.sh"; > open(OUT, ">/usr/local/sbin/dha.sh") || die " can't open > iptables.sh"; > > # read in the undo file and send it to the OUT file > while ( ) { > # need to SKIP the first two lines of the input > # as they contain header > print OUT $_ ; > } > close(UNDO); > close(OUT); > } else { > if ( $DEBUG ) { print "Undo file does not exist, creating\n"; } > } > > # create a new BLANK file w/headers to "undo" the > # new entries added to the table > open( OUT, ">/usr/local/sbin/dha-undo.sh" ); > print OUT "#!/bin/sh\n"; > close(OUT); > > # open for append the iptables file for new IPs that exceed SCORE > open( NEW, ">>/usr/local/s/dha.sh" ); > open( UNDO, ">>/usr/local/sbin/dha-undo.sh" ); > > # loop for each IP address found and add it to the tables. > foreach $ip (@iplist) { > if ($iplist{$ip} >= $SCORE ) { > print NEW "iptables -A INPUT -s $ip -p tcp -m tcp --dport 25 -j > DROP\n"; > print UNDO "iptables -D INPUT -s $ip -p tcp -m tcp --dport 25 -j > DROP\n"; > if ( $DEBUG ) { printf "%15s\t%5d\n",$ip,$iplist{$ip}; } > } > } > > if ( $DEBUG ) { > printf "\nrun /usr/local/sbin/dha.sh to ADD these entries to the > firewall\n"; > printf "run /usr/local/sbin/dha-undo.sh to REMOVE all entries from > the firewall\n\n"; > } > > close(NEW); > close(UNDO); > chmod 0755, '/usr/local/sbin/dha-undo.sh'; > chmod 0755, '/usr/local/sbin/dha.sh'; > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From Brad at beckenhauer.com Wed Mar 29 00:31:09 2006 From: Brad at beckenhauer.com (Brad Beckenhauer) Date: Wed Mar 29 00:31:18 2006 Subject: Stopping Directory Harvest Attacks In-Reply-To: References: <1143518929.23342.36.camel@brad.beckenhauer.com> Message-ID: <1143588670.18378.13.camel@brad.beckenhauer.com> Yes, They are similar. The IPBlock code allows you to specify the ip address/net blocks in advance and blocks them at the MTA (and it works very well). The concept behind this script is to sample your mail logs via a cron job for Directory Harvest Attacks (DHA's) in progress ( The harvester might not be in the IPBlock database) and then block them via iptables. You could adapt the code to add an entry to the MTA. On Tue, 2006-03-28 at 17:33 -0500, Jeff A. Earickson wrote: > Doesn't Julian's IPBlock feature kind of do the same thing??? > > Jeff Earickson > Colby College > > On Mon, 27 Mar 2006, Brad Beckenhauer wrote: > > > Date: Mon, 27 Mar 2006 22:08:49 -0600 > > From: Brad Beckenhauer > > Reply-To: MailScanner discussion > > To: MailScanner discussion > > Subject: Stopping Directory Harvest Attacks > > > > Hello all, > > > > First off my disclaimer... I'm not a programmer and this script is one > > of my first perl writing ventures. A guys gotta start somewhere! I was > > getting hammered with DHA (Directory Harvest Attacks) and decided to > > write my own. Given that stopping DHA attacks has come up a couple of > > times on this forum, I hope that some of you will find this useful and > > a starting place to develop this script further. > > > > Julian, I thought it would be cool to use some of your phishing logic > > to re-write the code to use a database instead. > > > > This perl script parses the mail.logs looking for multiple rejections > > from the same IP Address. Presume this is a Directory harvest Attack if > > the number of occurances of an IP Address is above the user defined > > limit of $SCORE, then create an iptables DROP statement for that IP > > Address. Each time the script is run, it will remove the previous > > iptables entries, rescan the mail.log and add new entries. If an IP > > offender no longer appears in the mail.log, then they are dropped off > > the blocked "list". This works great a a cron job every hour and if you > > roll your mail logs daily the offending IP address is dropped off the > > list. > > > > Again, it's far from perfect, feel free to adapt it if you like it, but > > please share with the rest of us. > > > > #!/usr/bin/perl > > # > > # harvest.pl > > # > > # version 1.0 > > # Date: 10 September 2005 > > # > > # Find possible email "directory harvest attacks" from mail.logs > > # > > # Copyright: > > # This program is free software; you can redistribute it > > # and modify it under the terms of the GNU General Public > > # License as published by the Free Software Foundation. > > # > > # This program is distributed WITHOUT ANY WARRANTY; without even > > # the implied warranty of MERCHANTABILITY or FITNESS FOR A > > # PARTICULAR PURPOSE. > > # > > # Purpose: > > # Parses the mail.logs looking for multiple rejections from the same > > # IP Address. Presume this is a Directory harvest Attack if the > > # number of occurances of an IP Address is above the > > # user defined limit of $SCORE, then create an iptables DROP > > # statement for that IP Address. Each time the script is run, it will > > # remove the previous iptables entries, rescan the mail.log and add > > # new entries. If an IP offender no longer appears in the mail.log, > > # then they are dropped off the blocked "list". > > # > > # Rotating your email logs Daily helps keep the list cleaner. > > # > > # When executed, this perl script 'harvest.pl will create two output > > # files in the current directory: > > # > > # iptables.sh Contains the iptables entires to be added to iptables > > # iptables-undo.sh Removes all entries created in the last run. > > # > > # > > # Idea and initial code by: Brad Beckenhauer > > # > > # Credits: David Kirby. > > # > > # > > > > # This is the threshhold for the number of times an > > # IP Address with a 550 error can occur in the mail logs before > > # being added to the block list. > > # SCORE should be set high enough that deleted user accounts > > # on your system do not "trigger" a false block. > > $SCORE=10; > > > > # Turn on console output, Shows what IP Addresses will be blocked. > > $DEBUG=1; > > > > # read input from the /var/log/mail.log file > > foreach $log () { > > open(FILE,$log); > > while () { > > chomp; # Remove newlines > > # create list of 55x errors > > # 554 needs to be fixed to make sure that 'found' is numeric > > if (/\]: 554 Service unavail/) { push @found, $_; } > > # create list of 450 errors > > if (/\]: 450 Client host rejected\ > } > > close(FILE); > > } > > > > # parse list of 55x errors, extracting each IP > > foreach $entry (@found) { > > ($ip)=$entry=~/.*\[.+?\].*\[(.*)\]/; > > $iplist{$ip}++; # count each IP found > > } > > > > # sort list of IPs ascending by number of occurances > > @iplist=sort { $iplist{$a} <=> $iplist{$b}; } (keys %iplist); > > > > # Print a report to console > > if ( $DEBUG ) { > > printf "%-15s %-5s\n","\nIP Address"," Count"; > > printf "%-15s %-5s\n","---------------","-----"; > > } > > > > open( OUT, ">>/usr/local/sbin/dha.sh" ); > > if ( \! -f "/usr/local/sbin/dha-undo.sh" ) { > > print OUT "#!/bin/sh\n"; > > } > > close(OUT); > > > > # if the undo file exists, do this routine > > if ( -f "/usr/local/sbin/dha-undo.sh" ){ > > # if ( $DEBUG ) { print " Undo file exists, reading it\n"; } > > open(UNDO, "/usr/local/sbin/dha-undo.sh") || die " can't open > > iptables-undo.sh"; > > open(OUT, ">/usr/local/sbin/dha.sh") || die " can't open > > iptables.sh"; > > > > # read in the undo file and send it to the OUT file > > while ( ) { > > # need to SKIP the first two lines of the input > > # as they contain header > > print OUT $_ ; > > } > > close(UNDO); > > close(OUT); > > } else { > > if ( $DEBUG ) { print "Undo file does not exist, creating\n"; } > > } > > > > # create a new BLANK file w/headers to "undo" the > > # new entries added to the table > > open( OUT, ">/usr/local/sbin/dha-undo.sh" ); > > print OUT "#!/bin/sh\n"; > > close(OUT); > > > > # open for append the iptables file for new IPs that exceed SCORE > > open( NEW, ">>/usr/local/s/dha.sh" ); > > open( UNDO, ">>/usr/local/sbin/dha-undo.sh" ); > > > > # loop for each IP address found and add it to the tables. > > foreach $ip (@iplist) { > > if ($iplist{$ip} >= $SCORE ) { > > print NEW "iptables -A INPUT -s $ip -p tcp -m tcp --dport 25 -j > > DROP\n"; > > print UNDO "iptables -D INPUT -s $ip -p tcp -m tcp --dport 25 -j > > DROP\n"; > > if ( $DEBUG ) { printf "%15s\t%5d\n",$ip,$iplist{$ip}; } > > } > > } > > > > if ( $DEBUG ) { > > printf "\nrun /usr/local/sbin/dha.sh to ADD these entries to the > > firewall\n"; > > printf "run /usr/local/sbin/dha-undo.sh to REMOVE all entries from > > the firewall\n\n"; > > } > > > > close(NEW); > > close(UNDO); > > chmod 0755, '/usr/local/sbin/dha-undo.sh'; > > chmod 0755, '/usr/local/sbin/dha.sh'; > > > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > From list at wcstc.com Wed Mar 29 00:40:31 2006 From: list at wcstc.com (Myron Williams) Date: Wed Mar 29 00:40:42 2006 Subject: Sendmail patch breaks plain text auth In-Reply-To: <9d8a284d324009566cb8f0b8de7cf5d7@81.19.57.146> References: <9d8a284d324009566cb8f0b8de7cf5d7@81.19.57.146> Message-ID: <62296.12.42.147.37.1143589231.squirrel@webmail.wcstc.com> I had the same problem but fixed it by doing the following. # vi /usr/lib/sasl2/smtpd.conf (it should say pwcheck_method: saslauthd) # vi /etc/sysconfig/saslauthd (it should say MECH=pam) Then run: alternatives --config mta and set it to sendmail restart/start saslauthd Myron Systems Administrator EZNetTools > At the weekend I updated my RH9 Sendmail to the patched version using the > Fedora Legacy update. I now have Sendmail 8.12.11.20060308/8.12.8. > > Only problem is that smtp authentication no longer works. Has anyone else > had this problem and if so, do they have a solution handy? > > ________________________________________________ > Message sent using UebiMiau 2.7.9 > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From linux_spartacus at yahoo.com Wed Mar 29 01:41:30 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Wed Mar 29 01:41:34 2006 Subject: Message Doubles In-Reply-To: <4428A6DB.4080905@evi-inc.com> Message-ID: <20060329004130.40057.qmail@web35609.mail.mud.yahoo.com> Matt Kettler wrote: spart cus wrote: > Hi guys, > I know i've read this problem before.Though im not using the MS yet. But > know im currently experiencing this with some of my clients. How can i > check this out. Start off by comparing Message-ID: headers.. If the message is a dupe occurring at the MTA layer, they should be the same. If they're different, some piece of software that thinks it's at the client level re-generated the message (ie: a auto-forwarder rule in a client). Follow up with comparing the path in the Received: headers. Do they differ at all? If so, one of the servers involved in the difference is responsible. -- HI Matt, just check the Message-ID Headers and they are the same. It seems it is really on the MTA problem? How can i further check these ? tnx --------------------------------- Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060328/4d2210ee/attachment.html From linux_spartacus at yahoo.com Wed Mar 29 01:47:24 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Wed Mar 29 01:47:42 2006 Subject: Message Doubles In-Reply-To: Message-ID: <20060329004724.51051.qmail@web35606.mail.mud.yahoo.com> Im using Centos 4.2 Postfix for MTA, Dovecot for POP3. MS 4.50.14-1 Lock Type = # no configured. Julian Field wrote: What OS are you using? What MTA are you using and what version? What version of MailScanner are you using? What is your "Lock Type = " set to in MailScanner.conf? On 28 Mar 2006, at 04:00, Matt Kettler wrote: > spart cus wrote: >> Hi guys, >> I know i've read this problem before.Though im not using the MS >> yet. But >> know im currently experiencing this with some of my clients. How >> can i >> check this out. > > Start off by comparing Message-ID: headers.. If the message is a > dupe occurring > at the MTA layer, they should be the same. If they're different, > some piece of > software that thinks it's at the client level re-generated the > message (ie: a > auto-forwarder rule in a client). > > Follow up with comparing the path in the Received: headers. Do they > differ at > all? If so, one of the servers involved in the difference is > responsible. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --------------------------------- Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2?/min or less. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060328/a718a605/attachment.html From Yusuf.Ahmed at aot.com.au Wed Mar 29 02:07:19 2006 From: Yusuf.Ahmed at aot.com.au (Yusuf Ahmed) Date: Wed Mar 29 02:08:39 2006 Subject: Quarantine section not appearing in mailwatch Message-ID: <4429DDC7.2090004@aot.com.au> Hi, When I click on the Quarantine link in mailwatch and select a particular email that I wish to release from quarantine, I am missing the section at the bottom that says "Quarantine". I have a feeling this has something to do with permissions but not sure where. Wondering if someone can point me in the right direction whetehr it is a permissions issue or not. Cheers. MailScanner 4.50.15 Regards, Yus. From tobias.axelsson at vxu.se Wed Mar 29 07:41:18 2006 From: tobias.axelsson at vxu.se (Tobias Axelsson) Date: Wed Mar 29 07:41:30 2006 Subject: Max connections /host Message-ID: <007001c652fb$c8d8d400$a7422fc2@TAXBRBR> Hi I know this is little off-topic, but I need to ask someone with good knowledge of sendmail :) There is a bunch of viruses that connects to sendmail as many times as it can and remain the connections until it times out. This can temporary cause stop in mail-in. (Running 3 machines that accept 140 connections each) A good solotions on this could be to set a "Maxconnectionsperhost"-variable, but I have'nt found any. Please help me all sendmail.cf-gurus outthere. Regards Tobias postmaster @vxu.se -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060329/e38eff8e/attachment.html From nats at sscrmnl.edu.ph Wed Mar 29 07:53:02 2006 From: nats at sscrmnl.edu.ph (Jose Nathaniel G. Nengasca) Date: Wed Mar 29 07:53:20 2006 Subject: [Fwd: do you want to invest money ?] - MailScanner did not detect? Message-ID: <442A2ECE.2080902@sscrmnl.edu.ph> Seems that MailScanner didnt detected this? is this new type of scam? pls help.. -- All messages that are coming from this domain is certified to be virus and spam free. If ever you have received any virus infected content or spam, please report it to the internet administrator of this domain nats@sscrmnl.edu.ph -------------- next part -------------- An embedded message was scrubbed... From: "Siegfried Blair" Subject: do you want to invest money ? Date: Tue, 28 Mar 2006 19:49:48 +0100 Size: 2368 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060329/080d1e62/doyouwanttoinvestmoney.mht From drew at themarshalls.co.uk Wed Mar 29 08:37:14 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Wed Mar 29 08:37:28 2006 Subject: Message Doubles In-Reply-To: <20060329004724.51051.qmail@web35606.mail.mud.yahoo.com> References: <20060329004724.51051.qmail@web35606.mail.mud.yahoo.com> Message-ID: <62755.194.70.180.170.1143617834.squirrel@webmail.r-bit.net> On Wed, March 29, 2006 01:47, spart cus wrote: > Im using Centos 4.2 > Postfix for MTA, Dovecot for POP3. > MS 4.50.14-1 > Lock Type = # no configured. Could you post some logs of a duplicated message? I assume you are using the hold queue method for Postfix? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From norbert.schmidt at is-teledata.com Wed Mar 29 08:48:45 2006 From: norbert.schmidt at is-teledata.com (Norbert Schmidt) Date: Wed Mar 29 08:49:00 2006 Subject: Mailscanner stops working after a few hours. In-Reply-To: <223f97700603280020y68d34611j78bcf4d10e89a646@mail.gmail.com> Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4104 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060329/56931e43/smime-0001.bin From MailScanner at ecs.soton.ac.uk Wed Mar 29 09:03:47 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 29 09:04:02 2006 Subject: MCP checking in log file; not enabled in conf In-Reply-To: <1143580757.4429a8550dafb@webmail.northcarolina.edu> References: <1143580757.4429a8550dafb@webmail.northcarolina.edu> Message-ID: Don't worry, that extra logging line is a (very tiny) bugette. On 28 Mar 2006, at 22:19, jchezny@northcarolina.edu wrote: > Folks, > Can anyone tell me why I see evidence of MCP checking in the > maillog; even > though MCP Checks = no in MailScanner.conf? Relevant snippets from > maillog and > conf included: > > > Maillog: MailScanner[23557]: MCP Checks completed at 6095460 bytes > per second > > MailScanner.conf: > # Configuration directory containing files related to MCP > # (Message Content Protection) > # %mcp-dir% = /etc/MailScanner/mcp > > MCP Checks = no > > > Warm regards, > > -jc > > ---------------------------------------------------------------- > This message was sent with UNC-GA Webmail http:// > webmail.northcarolina.edu > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solid-state-logic.com Wed Mar 29 09:12:53 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Mar 29 09:13:00 2006 Subject: [Fwd: do you want to invest money ?] - MailScanner did not detect? In-Reply-To: <442A2ECE.2080902@sscrmnl.edu.ph> Message-ID: <003601c65308$93da2a30$3004010a@martinhlaptop> Jose Works fine for me - here's the spamassassin rules that hit.. Content analysis details: (65.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 NO_RELAYS Informational: message was not relayed via SMTP 2.5 MISSING_HB_SEP Missing blank line between message header and body 2.3 MANGLED_FREE BODY: mangled free 2.3 MANGLED_LIST BODY: mangled list 2.3 MANGLED_OFF BODY: mangled off 2.3 MANGLED_DOMAIN BODY: mangled domain 1.0 SARE_OBFUMONEY2 BODY: masked spam word(s) 2.3 MANGLED_FORM BODY: mangled form 2.3 MANGLED_FROM BODY: mangled from 2.3 MANGLED_VISIT BODY: mangled visit 2.3 MANGLED_ACCNT BODY: mangled account(s) 2.3 MANGLED_TEXT BODY: mangled text 2.3 MANGLED_LOOK BODY: mangled look(s) 2.3 MANGLED_WANT BODY: mangled want 2.3 MANGLED_SPAM BODY: mangled spam 2.3 MANGLED_PRIOR BODY: mangled prior 2.3 MANGLED_PLEASE BODY: mangled please 2.3 MANGLED_TRNFER BODY: mangled TRANSFER 2.3 MANGLED_LOW BODY: mangled low 2.3 MANGLED_MONEY BODY: mangled money 2.3 MANGLED_TOOL BODY: mangled tool 5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 0.9991] 0.5 SARE_HTML_MLINE_HTTP RAW: MULTI-line http 1.8 MISSING_SUBJECT Missing Subject: header 1.7 SARE_OBFU_VISIT2 found apparent obfuscation of word used in spam 5.8 BODY_OBFU_WINDOWS Attempt to obfuscated the word 'windows' 1.0 UOLCC_DOWN Drugs downwards 0.1 TO_CC_NONE No To: or Cc: header 2.5 FM_NO_FROM_OR_TO FM_NO_FROM_OR_TO -0.0 NO_RECEIVED Informational: message has no Received headers 0.5 FM_NO_TO FM_NO_TO 1.1 FM_MULTI_ODD2 FM_MULTI_ODD2 You'll find the MANGLED rules in http://www.rulesemporium.com/other-rules.htm/mangled.cf There's loads of other useful SA rules at that site too.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jose Nathaniel G. Nengasca > Sent: 29 March 2006 07:53 > To: MailScanner discussion > Subject: [Fwd: do you want to invest money ?] - MailScanner did not > detect? > > Seems that MailScanner didnt detected this? is this new type of scam? > pls help.. > > -- > All messages that are coming from this domain > is certified to be virus and spam free. If > ever you have received any virus infected > content or spam, please report it to the > internet administrator of this domain > nats@sscrmnl.edu.ph ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From linux_spartacus at yahoo.com Wed Mar 29 09:13:34 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Wed Mar 29 09:13:37 2006 Subject: Message Doubles In-Reply-To: <62755.194.70.180.170.1143617834.squirrel@webmail.r-bit.net> Message-ID: <20060329081334.44034.qmail@web35602.mail.mud.yahoo.com> How can i filter the logs for these ? Lots of logs on my maillog. I even geting some 3 to 4 messages with the same Message-ID. And for postfix. header_checks to hold. Thanks. Drew Marshall wrote: On Wed, March 29, 2006 01:47, spart cus wrote: > Im using Centos 4.2 > Postfix for MTA, Dovecot for POP3. > MS 4.50.14-1 > Lock Type = # no configured. Could you post some logs of a duplicated message? I assume you are using the hold queue method for Postfix? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --------------------------------- New Yahoo! Messenger with Voice. Call regular phones from your PC and save big. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060329/9b30c6ae/attachment.html From drew at themarshalls.co.uk Wed Mar 29 09:24:59 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Wed Mar 29 09:25:05 2006 Subject: Message Doubles In-Reply-To: <20060329081334.44034.qmail@web35602.mail.mud.yahoo.com> References: <62755.194.70.180.170.1143617834.squirrel@webmail.r-bit.net> <20060329081334.44034.qmail@web35602.mail.mud.yahoo.com> Message-ID: <62932.194.70.180.170.1143620699.squirrel@webmail.r-bit.net> On Wed, March 29, 2006 09:13, spart cus wrote: > How can i filter the logs for these ? Lots of logs on my maillog. I even > geting some 3 to 4 messages with the same Message-ID. And for postfix. > header_checks to hold. > Thanks. grep the maillog for the message id would be a start (#grep A12DE3901C /var/log/maillog) but as the message id changes through the MailScanner process (It's logged) I would really like to see all the logs for the period of time that the duplicated message was processed e.g. 11:05:13 -> 11:06:23 to show the message being received by Postfix, held, processed my MailScanner, passed to Cyrus for delivery (I think that was the POP server you said you were using). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From linux_spartacus at yahoo.com Wed Mar 29 09:49:40 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Wed Mar 29 09:49:44 2006 Subject: Message Doubles In-Reply-To: <62932.194.70.180.170.1143620699.squirrel@webmail.r-bit.net> Message-ID: <20060329084940.75886.qmail@web35614.mail.mud.yahoo.com> Drew Marshall wrote: On Wed, March 29, 2006 09:13, spart cus wrote: > How can i filter the logs for these ? Lots of logs on my maillog. I even > geting some 3 to 4 messages with the same Message-ID. And for postfix. > header_checks to hold. > Thanks. grep the maillog for the message id would be a start (#grep A12DE3901C /var/log/maillog) but as the message id changes through the MailScanner process (It's logged) I would really like to see all the logs for the period of time that the duplicated message was processed e.g. 11:05:13 -> 11:06:23 to show the message being received by Postfix, held, processed my MailScanner, passed to Cyrus for delivery (I think that was the POP server you said you were using). Drew Here's one of the logs that produces the same email. 028e01c6537e$4aed2cc0$1a01a8c0@globalknfb8aba 028301c6537e$3c71bf30$1a01a8c0@globalknfb8aba [root@mail log]# cat maillog |grep globalknowledge@pldtdsl.net Mar 29 13:02:01 mail postfix/cleanup[32433]: 236D8362639: hold: header Received\ : from exsmtp02.epldt.local (exsmtp02.epldt.biz [203.131.76.231])??by mail.drea\ m.ph (Postfix) with ESMTP id 236D8362639??for ; Wed, 29 \ Mar 2006 13:02:01 +0800 (PHT) from exsmtp02.epldt.biz[203.131.76.231]; from= to= proto=ESMTP helo= Mar 29 13:02:01 mail postfix/cleanup[32433]: 236D8362639: hold: header Received\ : from globalknfb8aba ([58.69.89.211]) by exsmtp02.epldt.local with Microsoft S\ MTPSVC(6.0.3790.211);?? Wed, 29 Mar 2006 12:50:59 +0800 from exsmtp02.epldt.biz\ [203.131.76.231]; from= to= pro\ to=ESMTP helo= Mar 29 13:02:13 mail postfix/qmgr[2148]: 16C0F362643: from=, size=31958, nrcpt=1 (queue active) Mar 29 13:22:24 mail postfix/cleanup[327]: 3047D362639: hold: header Received: \ from exsmtp01.epldt.local (exsmtp01.epldt.biz [203.131.76.230])??by mail.dream.\ com.ph (Postfix) with ESMTP id 3047D362639??for ; Wed, 29 Ma\ r 2006 13:22:24 +0800 (PHT) from exsmtp01.epldt.biz[203.131.76.230]; from= to= proto=ESMTP helo= References: <62932.194.70.180.170.1143620699.squirrel@webmail.r-bit.net> <20060329084940.75886.qmail@web35614.mail.mud.yahoo.com> Message-ID: <63251.194.70.180.170.1143625527.squirrel@webmail.r-bit.net> On Wed, March 29, 2006 09:49, spart cus wrote: > Here's one of the logs that produces the same email. > > 028e01c6537e$4aed2cc0$1a01a8c0@globalknfb8aba > 028301c6537e$3c71bf30$1a01a8c0@globalknfb8aba > > [root@mail log]# cat maillog |grep globalknowledge@pldtdsl.net > Mar 29 13:02:01 mail postfix/cleanup[32433]: 236D8362639: hold: header > Received\ > : from exsmtp02.epldt.local (exsmtp02.epldt.biz [203.131.76.231])??by > mail.drea\ > m.ph (Postfix) with ESMTP id 236D8362639??for ; Wed, 29 \ > Mar 2006 13:02:01 +0800 (PHT) from exsmtp02.epldt.biz[203.131.76.231]; > from= obalknowledge@pldtdsl.net> to= proto=ESMTP > helo= ldt.local> > Mar 29 13:02:01 mail postfix/cleanup[32433]: 236D8362639: hold: header > Received\ > : from globalknfb8aba ([58.69.89.211]) by exsmtp02.epldt.local with > Microsoft S\ > MTPSVC(6.0.3790.211);?? Wed, 29 Mar 2006 12:50:59 +0800 from > exsmtp02.epldt.biz\ > [203.131.76.231]; from= > to= pro\ > to=ESMTP helo= > Mar 29 13:02:13 mail postfix/qmgr[2148]: 16C0F362643: > from= tdsl.net>, size=31958, nrcpt=1 (queue active) > Mar 29 13:22:24 mail postfix/cleanup[327]: 3047D362639: hold: header > Received: \ > from exsmtp01.epldt.local (exsmtp01.epldt.biz [203.131.76.230])??by > mail.dream.\ > com.ph (Postfix) with ESMTP id 3047D362639??for ; Wed, 29 > Ma\ > r 2006 13:22:24 +0800 (PHT) from exsmtp01.epldt.biz[203.131.76.230]; > from= alknowledge@pldtdsl.net> to= proto=ESMTP > helo= ----:%%-F1 Untitled 1~ > (Fundamental)--L1--Top---------------------------- These look like seperate messages. Look at the times in the logs, 20 minutes a part. A better check would be if I could see the whole log for 13:02:01 -> 13:04:00 and 13:22:24 -> 13:24:00 This should show the first delivery and then the second. The problem is that Postfix can and does reuse it's message ids as they are based on inode numbers. If your /var/spool/postfix partition is a bit small/ full it will reuse the numbers faster. The theory goes that Cyrus should be using unique message ids so there is no duplication. I know Postfix generates another id when it delivers the mail it's self (To unix mailbox or maildir) as opposed to handing off the the Cyrus delivery agent. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From steve.swaney at fsl.com Wed Mar 29 12:25:16 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Mar 29 12:25:20 2006 Subject: Max connections /host In-Reply-To: <007001c652fb$c8d8d400$a7422fc2@TAXBRBR> Message-ID: <18ff01c65323$7494afe0$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Tobias Axelsson > Sent: Wednesday, March 29, 2006 1:41 AM > To: MailScanner discussion > Subject: Max connections /host > > > > Hi > > I know this is little off-topic, but I need to ask someone with good > knowledge of sendmail :) > > There is a bunch of viruses that connects to sendmail as many times as it > can and remain the connections until it times out. This can temporary > cause stop in mail-in. (Running 3 machines that accept 140 connections > each) > > A good solotions on this could be to set a "Maxconnectionsperhost"- > variable, but I have'nt found any. > > Please help me all sendmail.cf-gurus outthere. > > Regards > > Tobias > postmaster > @vxu.se Tobias, Take a look at: Help! My Mail Server Is Being DoSsed!: http://www.technoids.org/dossed.html Best site we've found so far that describes: 1. Limiting the Rate of Incoming Connections 1.1. The ratecontrol Feature 1.2. The Connection Rate Throttle 2. Limiting Simultaneous Connections with the conncontrol Feature 3. Thwarting Dictionary Attacks 3.1. Limiting the Number of Recipients per Message 3.2. Reacting to "Bad" Recipients 4. Blocking Slammers with the greet_pause Feature 5. Other Ways to Protect your sendmail Server Most of these features only work with Sendmail-8.13.x. We've found these techniques to be very effective. Hope this helps, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From paul at welshfamily.com Wed Mar 29 12:54:06 2006 From: paul at welshfamily.com (Paul Welsh) Date: Wed Mar 29 12:53:21 2006 Subject: Sendmail patch breaks plain text auth Message-ID: <658a1173e44cc6be0efde28b1b6f7b43@81.19.57.146> Thanks for everyone's help on this. I found the Howto on this page http://www.falkotimme.com/howtos/sendmail_smtp_auth_tls very useful. In fact, I was so pleased to be able to fix the problem that I sent the author a donation; he saved my bacon! --------- Original Message -------- From: mailscanner@lists.mailscanner.info To: "mailscanner@lists.mailscanner.info" Subject: MailScanner Digest, Vol 3, Issue 49 Date: 29/03/06 10:01 Date: Tue, 28 Mar 2006 16:40:31 -0700 (MST) From: "Myron Williams" Subject: Re: Sendmail patch breaks plain text auth To: "MailScanner discussion" Message-ID: <62296.12.42.147.37.1143589231.squirrel@webmail.wcstc.com> Content-Type: text/plain;charset=iso-8859-1 I had the same problem but fixed it by doing the following. # vi /usr/lib/sasl2/smtpd.conf (it should say pwcheck_method: saslauthd) # vi /etc/sysconfig/saslauthd (it should say MECH=pam) Then run: alternatives --config mta and set it to sendmail restart/start saslauthd Myron Systems Administrator EZNetTools ________________________________________________ Message sent using UebiMiau 2.7.9 From ryanw at falsehope.com Wed Mar 29 13:29:07 2006 From: ryanw at falsehope.com (Ryan Weaver) Date: Wed Mar 29 13:29:34 2006 Subject: Sendmail patch breaks plain text auth In-Reply-To: <658a1173e44cc6be0efde28b1b6f7b43@81.19.57.146> Message-ID: <004301c6532c$62610630$a566a8c0@corporate.grantgeo.com> I ran into that problem as well on Red Hat 9, but fixed it by merely copying /etc/pam.d/smtp.sendmail to /etc/pam.d/smtp. Sorry for missing this thread and not speaking up sooner, it's been hectic around here. Thanks, Ryan ----Original Message---- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Welsh Sent: Wednesday, March 29, 2006 5:54 AM To: mailscanner@lists.mailscanner.info Subject: Re: Sendmail patch breaks plain text auth > Thanks for everyone's help on this. I found the Howto on this page > http://www.falkotimme.com/howtos/sendmail_smtp_auth_tls very useful. > In fact, I was so pleased to be able to fix the problem that I sent > the author a donation; he saved my bacon! > > --------- Original Message -------- > From: mailscanner@lists.mailscanner.info > To: "mailscanner@lists.mailscanner.info" > > Subject: MailScanner Digest, Vol 3, Issue 49 > Date: 29/03/06 10:01 > > Date: Tue, 28 Mar 2006 16:40:31 -0700 (MST) > From: "Myron Williams" > Subject: Re: Sendmail patch breaks plain text auth > To: "MailScanner discussion" > Message-ID: <62296.12.42.147.37.1143589231.squirrel@webmail.wcstc.com> > Content-Type: text/plain;charset=iso-8859-1 > > I had the same problem but fixed it by doing the following. > > # vi /usr/lib/sasl2/smtpd.conf > (it should say pwcheck_method: saslauthd) > > # vi /etc/sysconfig/saslauthd > (it should say MECH=pam) > > Then run: > alternatives --config mta > and set it to sendmail > > restart/start saslauthd > > Myron > Systems Administrator > EZNetTools > > > ________________________________________________ > Message sent using UebiMiau 2.7.9 From linux_spartacus at yahoo.com Wed Mar 29 14:13:42 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Wed Mar 29 14:13:46 2006 Subject: Message Doubles In-Reply-To: <63251.194.70.180.170.1143625527.squirrel@webmail.r-bit.net> Message-ID: <20060329131342.15354.qmail@web35610.mail.mud.yahoo.com> Drew Marshall wrote: On Wed, March 29, 2006 09:49, spart cus wrote: > Here's one of the logs that produces the same email. > > 028e01c6537e$4aed2cc0$1a01a8c0@globalknfb8aba > 028301c6537e$3c71bf30$1a01a8c0@globalknfb8aba > > [root@mail log]# cat maillog |grep globalknowledge@pldtdsl.net > Mar 29 13:02:01 mail postfix/cleanup[32433]: 236D8362639: hold: header > Received\ > : from exsmtp02.epldt.local (exsmtp02.epldt.biz [203.131.76.231])??by > mail.drea\ > m.ph (Postfix) with ESMTP id 236D8362639??for ; Wed, 29 \ > Mar 2006 13:02:01 +0800 (PHT) from exsmtp02.epldt.biz[203.131.76.231]; > from= > obalknowledge@pldtdsl.net> to= proto=ESMTP > helo= > ldt.local> > Mar 29 13:02:01 mail postfix/cleanup[32433]: 236D8362639: hold: header > Received\ > : from globalknfb8aba ([58.69.89.211]) by exsmtp02.epldt.local with > Microsoft S\ > MTPSVC(6.0.3790.211);?? Wed, 29 Mar 2006 12:50:59 +0800 from > exsmtp02.epldt.biz\ > [203.131.76.231]; from= > to= pro\ > to=ESMTP helo= > Mar 29 13:02:13 mail postfix/qmgr[2148]: 16C0F362643: > from= > tdsl.net>, size=31958, nrcpt=1 (queue active) > Mar 29 13:22:24 mail postfix/cleanup[327]: 3047D362639: hold: header > Received: \ > from exsmtp01.epldt.local (exsmtp01.epldt.biz [203.131.76.230])??by > mail.dream.\ > com.ph (Postfix) with ESMTP id 3047D362639??for ; Wed, 29 > Ma\ > r 2006 13:22:24 +0800 (PHT) from exsmtp01.epldt.biz[203.131.76.230]; > from= > alknowledge@pldtdsl.net> to= proto=ESMTP > helo= > ----:%%-F1 Untitled 1~ > (Fundamental)--L1--Top---------------------------- These look like seperate messages. Look at the times in the logs, 20 minutes a part. A better check would be if I could see the whole log for 13:02:01 -> 13:04:00 and 13:22:24 -> 13:24:00 This should show the first delivery and then the second. The problem is that Postfix can and does reuse it's message ids as they are based on inode numbers. If your /var/spool/postfix partition is a bit small/ full it will reuse the numbers faster. The theory goes that Cyrus should be using unique message ids so there is no duplication. I know Postfix generates another id when it delivers the mail it's self (To unix mailbox or maildir) as opposed to handing off the the Cyrus delivery agent. Drew Hi Drew, What specific things should i look on the logs. Im getting 4 emails with the same message id. And im using dovecot for my pop3 services. Like for example , i have these email tag as spam but i received 4 times with the same message id. is there something wrong with my postfix and Mailscanner? --------------------------------- Blab-away for as little as 1?/min. Make PC-to-Phone Calls using Yahoo! Messenger with Voice. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060329/305f04b7/attachment.html From drew at themarshalls.co.uk Wed Mar 29 14:37:24 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Wed Mar 29 14:37:37 2006 Subject: Message Doubles In-Reply-To: <20060329131342.15354.qmail@web35610.mail.mud.yahoo.com> References: <63251.194.70.180.170.1143625527.squirrel@webmail.r-bit.net> <20060329131342.15354.qmail@web35610.mail.mud.yahoo.com> Message-ID: <64893.194.70.180.170.1143639444.squirrel@webmail.r-bit.net> On Wed, March 29, 2006 14:13, spart cus wrote: > Hi Drew, > What specific things should i look on the logs. Im getting 4 emails with > the same message id. And im using dovecot for my pop3 services. Like for > example , i have these email tag as spam but i received 4 times with the > same message id. is there something wrong with my postfix and > Mailscanner? Dovecot? Good that makes life easier, I think (Never used it but I believe it uses standard maildirs?). Assuming you are running maildir, can you go to the mailbox where the duplicated mail was delivered and ls -l the directory. This should give the true message id that Postfix gave the message on delivery. They *should* be unique as detailed in one of the RFC's (Postfix does follow this). If the message id's are unique then I would suggest the mail is being duplicated by the sender or by an interupted SMTP session. If they are not then it's a Postfix/ MailScanner problem. My guess is the former but I wait to be shown my guess is off mark again! Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From linux_spartacus at yahoo.com Wed Mar 29 14:45:46 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Wed Mar 29 14:45:49 2006 Subject: Message Doubles In-Reply-To: <64893.194.70.180.170.1143639444.squirrel@webmail.r-bit.net> Message-ID: <20060329134546.68664.qmail@web35606.mail.mud.yahoo.com> Hi, Im using mbox =( . If its a MS problem what will i do ? Upgrade or some tweak ? Drew Marshall wrote: On Wed, March 29, 2006 14:13, spart cus wrote: > Hi Drew, > What specific things should i look on the logs. Im getting 4 emails with > the same message id. And im using dovecot for my pop3 services. Like for > example , i have these email tag as spam but i received 4 times with the > same message id. is there something wrong with my postfix and > Mailscanner? Dovecot? Good that makes life easier, I think (Never used it but I believe it uses standard maildirs?). Assuming you are running maildir, can you go to the mailbox where the duplicated mail was delivered and ls -l the directory. This should give the true message id that Postfix gave the message on delivery. They *should* be unique as detailed in one of the RFC's (Postfix does follow this). If the message id's are unique then I would suggest the mail is being duplicated by the sender or by an interupted SMTP session. If they are not then it's a Postfix/ MailScanner problem. My guess is the former but I wait to be shown my guess is off mark again! Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --------------------------------- New Yahoo! Messenger with Voice. Call regular phones from your PC for low, low rates. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060329/be97b516/attachment.html From linux_spartacus at yahoo.com Wed Mar 29 15:02:52 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Wed Mar 29 15:02:56 2006 Subject: Message Duplication Message-ID: <20060329140253.4894.qmail@web35608.mail.mud.yahoo.com> Hi To All, Im having this problem of message duplication. 2 to 3 and even 4 emails received with the same message id. I thought this is resolved problem on MS. Any info on these ? --------------------------------- Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060329/f4cd23d9/attachment.html From jchezny at northcarolina.edu Wed Mar 29 15:03:48 2006 From: jchezny at northcarolina.edu (jchezny@northcarolina.edu) Date: Wed Mar 29 15:03:51 2006 Subject: MCP checking in log file; not enabled in conf In-Reply-To: References: <1143580757.4429a8550dafb@webmail.northcarolina.edu> Message-ID: <1143641028.442a93c499c7e@webmail.northcarolina.edu> OK, thanks. Quoting Julian Field : > Don't worry, that extra logging line is a (very tiny) bugette. > > On 28 Mar 2006, at 22:19, jchezny@northcarolina.edu wrote: > > > Folks, > > Can anyone tell me why I see evidence of MCP checking in the > > maillog; even > > though MCP Checks = no in MailScanner.conf? Relevant snippets from > > maillog and > > conf included: > > > > > > Maillog: MailScanner[23557]: MCP Checks completed at 6095460 bytes > > per second > > > > MailScanner.conf: > > # Configuration directory containing files related to MCP > > # (Message Content Protection) > > # %mcp-dir% = /etc/MailScanner/mcp > > > > MCP Checks = no > > > > > > Warm regards, > > > > -jc > > > > ---------------------------------------------------------------- > > This message was sent with UNC-GA Webmail http:// > > webmail.northcarolina.edu > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ---------------------------------------------------------------- This message was sent with UNC-GA Webmail http://webmail.northcarolina.edu From drew at themarshalls.co.uk Wed Mar 29 15:20:55 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Wed Mar 29 15:21:01 2006 Subject: Message Doubles In-Reply-To: <20060329134546.68664.qmail@web35606.mail.mud.yahoo.com> References: <64893.194.70.180.170.1143639444.squirrel@webmail.r-bit.net> <20060329134546.68664.qmail@web35606.mail.mud.yahoo.com> Message-ID: <64989.194.70.180.170.1143642055.squirrel@webmail.r-bit.net> On Wed, March 29, 2006 14:45, spart cus wrote: > Hi, > Im using mbox =( . Damn. Makes it a touch more difficult. Back to logs I am afraid. Basically you need to find two SMTP sessions with the same message id. Grep for the id rather than the sender and see what is turned up. > If its a MS problem what will i do ? Upgrade or some > tweak ? You have found a bug/ problem. As I have been running this set up for ages now (As have several others many with mail volumes much higher than mine) with out problem, I would be surprised if it is this. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From campbell at cnpapers.com Wed Mar 29 16:36:45 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Mar 29 16:37:06 2006 Subject: HTML surprise Message-ID: <00b701c65346$965692b0$0705000a@DDF5DW71> I was surprised, recently, to find out that when HTML is disarmed, I wasn't notifying anyone about this. I changed some logging parms and things like the "Inline HTML Signature" in the config file, but I am not sure this will help. For the most part, this was never an issue, but being a newspaper, a client sent in an attached ad with notes, as HTML stuff, about the ad . The entire body of the email was deleted and the notes just disappeared. The email looked like an empty email with an attachment. Only the signature was left. I don't pretend to understand all of this HTML-in-email thing, so I only guess at what I need to change. I have a ruleset for all of the different categories (like forms, html, etc) and usually just add the sender to all of them once someone complains.The bad thing was, there was nothing quarantined for this email, so I couldn't send the original. I'm a little behind on the upgrades (4.36), but I am planning for a time to do the latest soon. I don't know if the newer release has any changes in the way this is handled. Do the following parameters make MS tell the recipient about the HTML stuff being modified: Sign Clean Messages = yes # for text? Mark Infected Messages = yes #for attachments Thanks. And if anyone has any suggestions, I would certainly like to hear them. Steve Campbell campbell@cnpapers.com Charleston Newspapers -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From norbert.schmidt at is-teledata.com Wed Mar 29 16:40:51 2006 From: norbert.schmidt at is-teledata.com (Norbert Schmidt) Date: Wed Mar 29 16:41:00 2006 Subject: Norbert Schmidt ist =?iso-8859-1?q?au=DFer_Haus=2E?= Message-ID: I will be out of the office starting 29.03.2006 and will not return until 05.04.2006. I'll answer to your mail, when I get back. If it is an urgent problem, please contact joerg.weiskirch@is-teledata.com Ich werde Deine Mail nach meiner R?ckkehr beantworten... -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060329/bf9274e0/attachment.html From MailScanner at ecs.soton.ac.uk Wed Mar 29 17:01:28 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 29 17:01:42 2006 Subject: Message Duplication In-Reply-To: <20060329140253.4894.qmail@web35608.mail.mud.yahoo.com> References: <20060329140253.4894.qmail@web35608.mail.mud.yahoo.com> Message-ID: <0B3122D9-1864-4E6E-B2AA-B6C4BB5FF2DA@ecs.soton.ac.uk> What operating system are you running? What MTA (sendmail, Postfix, what?) What version of your MTA? What version of MailScanner? Answer those, and we can probably give you an answer fairly quickly. On 29 Mar 2006, at 15:02, spart cus wrote: > Hi To All, > Im having this problem of message duplication. 2 to 3 and even 4 > emails received with the same message id. I thought this is > resolved problem on MS. Any info on these ? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dnsadmin at 1bigthink.com Wed Mar 29 17:05:29 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Wed Mar 29 17:05:40 2006 Subject: Will MailScanner plug into sendmail/mailman config? Message-ID: <6.2.3.4.0.20060329105925.05c62bb0@mxt.1bigthink.com> Hello All, Overkill? Don't do it?! Any suggestions for a successful integration? Thanks, Glenn Parsons From steve.swaney at fsl.com Wed Mar 29 17:10:16 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Mar 29 17:10:20 2006 Subject: Will MailScanner plug into sendmail/mailman config? In-Reply-To: <6.2.3.4.0.20060329105925.05c62bb0@mxt.1bigthink.com> Message-ID: <1a0b01c6534b$44b6ef90$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of dnsadmin 1bigthink.com > Sent: Wednesday, March 29, 2006 11:05 AM > To: MailScanner mailing list > Subject: Will MailScanner plug into sendmail/mailman config? > > Hello All, > > Overkill? Don't do it?! Any suggestions for a successful integration? > > Thanks, > Glenn Parsons Mailman works fine on our list servers. We just run MailScanner on the listserver and don't scan outbound emails :) Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From glenn.steen at gmail.com Wed Mar 29 17:04:11 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 29 17:11:15 2006 Subject: Message Doubles In-Reply-To: <64989.194.70.180.170.1143642055.squirrel@webmail.r-bit.net> References: <64893.194.70.180.170.1143639444.squirrel@webmail.r-bit.net> <20060329134546.68664.qmail@web35606.mail.mud.yahoo.com> <64989.194.70.180.170.1143642055.squirrel@webmail.r-bit.net> Message-ID: <223f97700603290804r6a31772cydeecca5d2865cacc@mail.gmail.com> On 29/03/06, Drew Marshall wrote: > On Wed, March 29, 2006 14:45, spart cus wrote: > > Hi, > > Im using mbox =( . > > Damn. Makes it a touch more difficult. Back to logs I am afraid. Basically > you need to find two SMTP sessions with the same message id. Grep for the > id rather than the sender and see what is turned up. > > > If its a MS problem what will i do ? Upgrade or some > > tweak ? > > You have found a bug/ problem. As I have been running this set up for ages > now (As have several others many with mail volumes much higher than mine) > with out problem, I would be surprised if it is this. > > Drew > > I don't think we have to go back to the logs, just use some logic(:-)... We see two separate (by 20 minutes!) messages, possibly containing the exact same message, being handled by smtpd/the header checks... and then passed on to the hold queue. This is a very strong indicator that it isn't your system that is having the problem (although it has to handle the effects of the error), since this, in all likelihood, couldn't happen unless those messages were handled in two separate SMTP-conversations. If you do happen to look at the logs, take just one of teh messages, the first one, and look through the whole chain... is there _any_ errors indicated? Like a dropped connection? If you have logs split, remember to look in the error and warning file too. Are all the duplicates from the same sender/sending domain? If so, call them... and inform them (in a nice manner:-) that they have a problem to solve. If not... Well, we'll get to that eventually:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martinh at solid-state-logic.com Wed Mar 29 17:11:30 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Mar 29 17:11:53 2006 Subject: Will MailScanner plug into sendmail/mailman config? In-Reply-To: <6.2.3.4.0.20060329105925.05c62bb0@mxt.1bigthink.com> Message-ID: <003b01c6534b$70a5e250$3004010a@martinhlaptop> Depends on what you mean by sendmail/mailman config. My mailman host is on a different box, but I get no problems. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of dnsadmin 1bigthink.com > Sent: 29 March 2006 17:05 > To: MailScanner mailing list > Subject: Will MailScanner plug into sendmail/mailman config? > > Hello All, > > Overkill? Don't do it?! Any suggestions for a successful integration? > > Thanks, > Glenn Parsons > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From brose at med.wayne.edu Wed Mar 29 17:15:52 2006 From: brose at med.wayne.edu (Rose, Bobby) Date: Wed Mar 29 17:15:56 2006 Subject: Filetype/MailScanner bug Message-ID: <8F2A53954C22554EB75D9643FCCE0C6B4886C2@MED-CORE03-MS1.med.wayne.edu> I just had another message get misidentified by the new "Use TNEF Contents" option and filetype on the text part of the message that this function creates. No QuickTime movies allowed (msg-24987-72.txt) Yeh I could disable the new option, or change the magic file to remove quicktime signatures or even change the filetype.conf but then again that defeats the intended purpose of the new option and/or the blocking of quicktime filetypes. But it makes more sense to not be passing the msg.txt file created by the new function thru filetype. Plus, filename.conf entries don't seem to override filetype.conf entries as .txt is listed in the filename.conf by default. Bobby Rose -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rose, Bobby Sent: Monday, March 20, 2006 9:58 PM To: MailScanner discussion Subject: Filetype/MailScanner bug Since the "Use TNEF Contents" function in the latest version, I've come across a pseudo bug. It's really not a bug since both file and MailScanner are doing exactly what they're supposed to. If "Use TNEF Contents" is yes and a plain text message or rtf formatted message is processed, there is a potential for file to misinterpret a text message as an incorrect filetype because of string of text being in the correct byte position that magic is expecting for a particular filetype. It was stumbled upon by a one of our researchers who received a "No QuickTime movies allowed (msg-19905-304.txt)" warning from mail server. After investigation it turned out that the word "free" was in the 4th byte position which is also a magic signature for quicktime. I've been able to dupe by sending a plain-text and an rtf formatted message with "RE: freezer emergency" as the first line in the message body. Any ideas for a fix to have MailScanner ignore a misdiagnosis by file without compromising security. \.txt$ is allowed in my filenames rule file so that currently can't be used to offset. -=Bobby -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From drozk at moeller.com Wed Mar 29 17:16:02 2006 From: drozk at moeller.com (Kevin Droz) Date: Wed Mar 29 17:16:13 2006 Subject: DNS? In-Reply-To: <64989.194.70.180.170.1143642055.squirrel@webmail.r-bit.net> Message-ID: <000001c6534c$152ba6c0$c65c5c5c@MOELLER.COM> I'm running RH9 w/ MailScanner 4.38 using Sendmail. I have strange issue with a particular e-mail. Were using Outlook and hit send and receive. The e-mail sits in the outbox and then times out. I can send e-mail outbound and internal to other users with no problems. It only appears to be an issue with this particular domain. The domain is "futuremetals.com" When I lookup the DNS for this domain the name servers time out. My question is shouldn't the system accept the e-mail to the queue and then defer it till the system is back online. It's like the domain doesn't exists and the server is stopping the mail at the client. Here is the error the Mail log: "Lost input channel from XXX.com [XX.XX.XX.XXX] to MTA after rcpt" Thanks, Kevin. From dnsadmin at 1bigthink.com Wed Mar 29 17:46:27 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Wed Mar 29 17:46:38 2006 Subject: Will MailScanner plug into sendmail/mailman config? In-Reply-To: <003b01c6534b$70a5e250$3004010a@martinhlaptop> References: <6.2.3.4.0.20060329105925.05c62bb0@mxt.1bigthink.com> <003b01c6534b$70a5e250$3004010a@martinhlaptop> Message-ID: <6.2.3.4.0.20060329114532.06d3c700@mxt.1bigthink.com> At 11:11 AM 3/29/2006, you wrote: >Depends on what you mean by sendmail/mailman config. > >My mailman host is on a different box, but I get no problems. > >-- >Martin Hepworth All on the same box, host, domain, etc.. Thanks Martin and Stephen! From bob.jones at usg.edu Wed Mar 29 17:58:12 2006 From: bob.jones at usg.edu (Bob Jones) Date: Wed Mar 29 17:58:24 2006 Subject: Will MailScanner plug into sendmail/mailman config? In-Reply-To: <6.2.3.4.0.20060329114532.06d3c700@mxt.1bigthink.com> References: <6.2.3.4.0.20060329105925.05c62bb0@mxt.1bigthink.com> <003b01c6534b$70a5e250$3004010a@martinhlaptop> <6.2.3.4.0.20060329114532.06d3c700@mxt.1bigthink.com> Message-ID: <442ABCA4.3080004@usg.edu> dnsadmin 1bigthink.com wrote: > At 11:11 AM 3/29/2006, you wrote: > >> Depends on what you mean by sendmail/mailman config. >> >> My mailman host is on a different box, but I get no problems. >> >> -- >> Martin Hepworth > > All on the same box, host, domain, etc.. > I never ran it in production (we went with listserv instead) but while I was running it in test I didn't run into any issues with mailman, sendmail and mailscanner. -- Bob Jones bob.jones@usg.edu OIIT, The Board of Regents The University System of Georgia From Richard.Frovarp at sendit.nodak.edu Wed Mar 29 18:14:45 2006 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Wed Mar 29 18:14:51 2006 Subject: Filetype/MailScanner bug In-Reply-To: <8F2A53954C22554EB75D9643FCCE0C6B4886C2@MED-CORE03-MS1.med.wayne.edu> References: <8F2A53954C22554EB75D9643FCCE0C6B4886C2@MED-CORE03-MS1.med.wayne.edu> Message-ID: <442AC085.5090906@sendit.nodak.edu> You are of course assuming that no one will ever try to sneak a unwanted file type through by giving it a txt extension. The whole point of checking file types is that you don't trust the extensions. A user could change all of their files to have extensions of txt and get pass every time. Rose, Bobby wrote: >I just had another message get misidentified by the new "Use TNEF >Contents" option and filetype on the text part of the message that this >function creates. No QuickTime movies allowed (msg-24987-72.txt) > >Yeh I could disable the new option, or change the magic file to remove >quicktime signatures or even change the filetype.conf but then again >that defeats the intended purpose of the new option and/or the blocking >of quicktime filetypes. But it makes more sense to not be passing the >msg.txt file created by the new function thru filetype. Plus, >filename.conf entries don't seem to override filetype.conf entries as >.txt is listed in the filename.conf by default. > >Bobby Rose > > > >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rose, >Bobby >Sent: Monday, March 20, 2006 9:58 PM >To: MailScanner discussion >Subject: Filetype/MailScanner bug > >Since the "Use TNEF Contents" function in the latest version, I've come >across a pseudo bug. It's really not a bug since both file and >MailScanner are doing exactly what they're supposed to. > >If "Use TNEF Contents" is yes and a plain text message or rtf formatted >message is processed, there is a potential for file to misinterpret a >text message as an incorrect filetype because of string of text being in >the correct byte position that magic is expecting for a particular >filetype. > >It was stumbled upon by a one of our researchers who received a "No >QuickTime movies allowed (msg-19905-304.txt)" warning from mail server. >After investigation it turned out that the word "free" was in the 4th >byte position which is also a magic signature for quicktime. I've been >able to dupe by sending a plain-text and an rtf formatted message with >"RE: freezer emergency" as the first line in the message body. > >Any ideas for a fix to have MailScanner ignore a misdiagnosis by file >without compromising security. \.txt$ is allowed in my filenames rule >file so that currently can't be used to offset. > >-=Bobby >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > > > From ssilva at sgvwater.com Wed Mar 29 18:58:06 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 29 19:01:02 2006 Subject: Beta 4.52.1 released In-Reply-To: References: <4425870A.4020307@ecs.soton.ac.uk> <4425C002.2070606@pacific.net> <4426AF54.3040309@ecs.soton.ac.uk> <44281A19.6040601@pacific.net> <44282044.2060008@ecs.soton.ac.uk> Message-ID: Jeff A. Earickson spake the following on 3/27/2006 9:53 AM: > Julian, > > Any chance that you would consider making the "--keep-comments" > option of bin/upgrade_MailScanner_conf the default action? > > Jeff Earickson > Colby College But that option IFAIR doesn't bring in the new comments for options added by Julian. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From drew at themarshalls.co.uk Wed Mar 29 19:26:28 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Wed Mar 29 19:26:35 2006 Subject: Message Doubles In-Reply-To: <223f97700603290804r6a31772cydeecca5d2865cacc@mail.gmail.com> References: <64893.194.70.180.170.1143639444.squirrel@webmail.r-bit.net> <20060329134546.68664.qmail@web35606.mail.mud.yahoo.com> <64989.194.70.180.170.1143642055.squirrel@webmail.r-bit.net> <223f97700603290804r6a31772cydeecca5d2865cacc@mail.gmail.com> Message-ID: On 29 Mar 2006, at 17:04, Glenn Steen wrote: > I don't think we have to go back to the logs, just use some > logic(:-)... We see two separate (by 20 minutes!) messages, possibly > containing the exact same message, being handled by smtpd/the header > checks... and then passed on to the hold queue. This is a very strong > indicator that it isn't your system that is having the problem > (although it has to handle the effects of the error), since this, in > all likelihood, couldn't happen unless those messages were handled in > two separate SMTP-conversations. That's kinda what I meant :-) > > If you do happen to look at the logs, take just one of teh messages, > the first one, and look through the whole chain... is there _any_ > errors indicated? Like a dropped connection? If you have logs split, > remember to look in the error and warning file too. > > Are all the duplicates from the same sender/sending domain? If so, > call them... and inform them (in a nice manner:-) that they have a > problem to solve. > If not... Well, we'll get to that eventually:-). Indeed, and we haven't even got to the replying to self level yet. That's reserved for when things start looking a little more complex ;-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From drew at themarshalls.co.uk Wed Mar 29 19:30:49 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Wed Mar 29 19:30:56 2006 Subject: DNS? In-Reply-To: <000001c6534c$152ba6c0$c65c5c5c@MOELLER.COM> References: <000001c6534c$152ba6c0$c65c5c5c@MOELLER.COM> Message-ID: On 29 Mar 2006, at 17:16, Kevin Droz wrote: > I'm running RH9 w/ MailScanner 4.38 using Sendmail. > > I have strange issue with a particular e-mail. Were using Outlook > and hit > send and receive. The e-mail sits in the outbox and then times out. > I can > send e-mail outbound and internal to other users with no problems. > It only > appears to be an issue with this particular domain. The domain is > "futuremetals.com" When I lookup the DNS for this domain the name > servers > time out. > > My question is shouldn't the system accept the e-mail to the queue > and then > defer it till the system is back online. It's like the domain > doesn't exists > and the server is stopping the mail at the client. > > Here is the error the Mail log: "Lost input channel from XXX.com > [XX.XX.XX.XXX] to MTA after rcpt" I would suggest this is caused by your MTA doing some form of look up against the domain before accepting mail. I ensure that (In Postfix terms) my 'trusted networks' are permitted to queue mail and by pass all other checks that would normally happen for incoming mail (From untrusted networks). That way the client always send it's mail and the server has to do the job of deciding if it can deliver etc. I can do this for trusted clients as I know they are available to receive any bounce notifications. Are you using something like milter ahead which would be trying to check if the domain/ address exists? That would do it also. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From ssilva at sgvwater.com Wed Mar 29 19:29:11 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 29 19:32:18 2006 Subject: Quarantine section not appearing in mailwatch In-Reply-To: <4429DDC7.2090004@aot.com.au> References: <4429DDC7.2090004@aot.com.au> Message-ID: Yusuf Ahmed spake the following on 3/28/2006 5:07 PM: > Hi, > > When I click on the Quarantine link in mailwatch and select a particular > email that I wish to release from quarantine, I am missing the section > at the bottom that says "Quarantine". I have a feeling this has > something to do with permissions but not sure where. > > Wondering if someone can point me in the right direction whetehr it is a > permissions issue or not. > > Cheers. > > MailScanner 4.50.15 > > Regards, > Yus. > > > First... Is the message body actually in the quarantine? Youi have to have a store option set for each of the three message scores you want in the quarrantine. Second... Mailwatch has its own list for help. Have you run the fix_quarrantine_permissions script? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From brose at med.wayne.edu Wed Mar 29 19:36:01 2006 From: brose at med.wayne.edu (Rose, Bobby) Date: Wed Mar 29 19:36:03 2006 Subject: Filetype/MailScanner bug Message-ID: <8F2A53954C22554EB75D9643FCCE0C6B4886C4@MED-CORE03-MS1.med.wayne.edu> First, txt by default in MailScanner is an allowed filetype. Second, a user can already do that with the thousands of extensions that are allowed because you must explicitly denying the bad stuff in MailScanner. So if a user wanted, they could rename the filename to .??_ and it will pass. This bug is not so much a problem with filenames. I'm just pointing out that the filenames.conf entries don't override filetype.conf So the tnef created "msg*.txt" files that can be misinterpretted by filetype as Quicktime files can't be overridden. The only options are to allow quicktime filetypes or disable the "Use TNEF Contents" option. Note that the msg*.txt files are not being sent by the user. They are created by MailScanner using the current "Use TNEF Contents" function. So it would seem to be perfectly safe to say that since MailScanner created that file based off of mime/text that it doesn't need to go thru a filetype check. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Richard Frovarp Sent: Wednesday, March 29, 2006 12:15 PM To: MailScanner discussion Subject: Re: Filetype/MailScanner bug You are of course assuming that no one will ever try to sneak a unwanted file type through by giving it a txt extension. The whole point of checking file types is that you don't trust the extensions. A user could change all of their files to have extensions of txt and get pass every time. Rose, Bobby wrote: >I just had another message get misidentified by the new "Use TNEF >Contents" option and filetype on the text part of the message that this >function creates. No QuickTime movies allowed (msg-24987-72.txt) > >Yeh I could disable the new option, or change the magic file to remove >quicktime signatures or even change the filetype.conf but then again >that defeats the intended purpose of the new option and/or the blocking >of quicktime filetypes. But it makes more sense to not be passing the >msg.txt file created by the new function thru filetype. Plus, >filename.conf entries don't seem to override filetype.conf entries as >.txt is listed in the filename.conf by default. > >Bobby Rose > > > >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rose, >Bobby >Sent: Monday, March 20, 2006 9:58 PM >To: MailScanner discussion >Subject: Filetype/MailScanner bug > >Since the "Use TNEF Contents" function in the latest version, I've come >across a pseudo bug. It's really not a bug since both file and >MailScanner are doing exactly what they're supposed to. > >If "Use TNEF Contents" is yes and a plain text message or rtf formatted >message is processed, there is a potential for file to misinterpret a >text message as an incorrect filetype because of string of text being >in the correct byte position that magic is expecting for a particular >filetype. > >It was stumbled upon by a one of our researchers who received a "No >QuickTime movies allowed (msg-19905-304.txt)" warning from mail server. >After investigation it turned out that the word "free" was in the 4th >byte position which is also a magic signature for quicktime. I've been >able to dupe by sending a plain-text and an rtf formatted message with >"RE: freezer emergency" as the first line in the message body. > >Any ideas for a fix to have MailScanner ignore a misdiagnosis by file >without compromising security. \.txt$ is allowed in my filenames rule >file so that currently can't be used to offset. > >-=Bobby >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Wed Mar 29 19:40:11 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 29 19:42:38 2006 Subject: Filetype/MailScanner bug In-Reply-To: <8F2A53954C22554EB75D9643FCCE0C6B4886C4@MED-CORE03-MS1.med.wayne.edu> References: <8F2A53954C22554EB75D9643FCCE0C6B4886C4@MED-CORE03-MS1.med.wayne.edu> Message-ID: Rose, Bobby spake the following on 3/29/2006 10:36 AM: > First, txt by default in MailScanner is an allowed filetype. Second, a > user can already do that with the thousands of extensions that are > allowed because you must explicitly denying the bad stuff in > MailScanner. So if a user wanted, they could rename the filename to > .??_ and it will pass. > > This bug is not so much a problem with filenames. I'm just pointing out > that the filenames.conf entries don't override filetype.conf So the > tnef created "msg*.txt" files that can be misinterpretted by filetype as > Quicktime files can't be overridden. The only options are to allow > quicktime filetypes or disable the "Use TNEF Contents" option. > > Note that the msg*.txt files are not being sent by the user. They are > created by MailScanner using the current "Use TNEF Contents" function. > So it would seem to be perfectly safe to say that since MailScanner > created that file based off of mime/text that it doesn't need to go thru > a filetype check. > > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Richard > Frovarp > Sent: Wednesday, March 29, 2006 12:15 PM > To: MailScanner discussion > Subject: Re: Filetype/MailScanner bug > > You are of course assuming that no one will ever try to sneak a unwanted > file type through by giving it a txt extension. The whole point of > checking file types is that you don't trust the extensions. A user could > change all of their files to have extensions of txt and get pass every > time. > > Rose, Bobby wrote: > >> I just had another message get misidentified by the new "Use TNEF >> Contents" option and filetype on the text part of the message that this > >> function creates. No QuickTime movies allowed (msg-24987-72.txt) >> >> Yeh I could disable the new option, or change the magic file to remove >> quicktime signatures or even change the filetype.conf but then again >> that defeats the intended purpose of the new option and/or the blocking > >> of quicktime filetypes. But it makes more sense to not be passing the >> msg.txt file created by the new function thru filetype. Plus, >> filename.conf entries don't seem to override filetype.conf entries as >> .txt is listed in the filename.conf by default. >> >> Bobby Rose >> >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rose, >> Bobby >> Sent: Monday, March 20, 2006 9:58 PM >> To: MailScanner discussion >> Subject: Filetype/MailScanner bug >> >> Since the "Use TNEF Contents" function in the latest version, I've come > >> across a pseudo bug. It's really not a bug since both file and >> MailScanner are doing exactly what they're supposed to. >> >> If "Use TNEF Contents" is yes and a plain text message or rtf formatted > >> message is processed, there is a potential for file to misinterpret a >> text message as an incorrect filetype because of string of text being >> in the correct byte position that magic is expecting for a particular >> filetype. >> >> It was stumbled upon by a one of our researchers who received a "No >> QuickTime movies allowed (msg-19905-304.txt)" warning from mail server. >> After investigation it turned out that the word "free" was in the 4th >> byte position which is also a magic signature for quicktime. I've been > >> able to dupe by sending a plain-text and an rtf formatted message with >> "RE: freezer emergency" as the first line in the message body. >> >> Any ideas for a fix to have MailScanner ignore a misdiagnosis by file >> without compromising security. \.txt$ is allowed in my filenames rule >> file so that currently can't be used to offset. >> >> -=Bobby But I don't think Mailscanner creates these files from any sort of mime types, it just extracts the files from the TNEF encoded part and re-attaches them. If the file is wrong in the TNEF file, it will be the same in the new file. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From dhawal at netmagicsolutions.com Wed Mar 29 20:39:28 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Mar 29 20:39:34 2006 Subject: Filetype/MailScanner bug In-Reply-To: <8F2A53954C22554EB75D9643FCCE0C6B4886C4@MED-CORE03-MS1.med.wayne.edu> References: <8F2A53954C22554EB75D9643FCCE0C6B4886C4@MED-CORE03-MS1.med.wayne.edu> Message-ID: <20060329193928.7501.qmail@mymail.netmagicians.com> Rose, Bobby writes: > First, txt by default in MailScanner is an allowed filetype. Second, a > user can already do that with the thousands of extensions that are > allowed because you must explicitly denying the bad stuff in > MailScanner. So if a user wanted, they could rename the filename to > .??_ and it will pass. > > This bug is not so much a problem with filenames. I'm just pointing out > that the filenames.conf entries don't override filetype.conf So the > tnef created "msg*.txt" files that can be misinterpretted by filetype as > Quicktime files can't be overridden. The only options are to allow > quicktime filetypes or disable the "Use TNEF Contents" option. > > Note that the msg*.txt files are not being sent by the user. They are > created by MailScanner using the current "Use TNEF Contents" function. > So it would seem to be perfectly safe to say that since MailScanner > created that file based off of mime/text that it doesn't need to go thru > a filetype check. Not the best option.. but why not have a ruleset to ignore filetype checks from localhost (127.0.0.1) I am assuming messages are re-injected in to the local queue after attaching the msg*.txt - dhawal > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Richard > Frovarp > Sent: Wednesday, March 29, 2006 12:15 PM > To: MailScanner discussion > Subject: Re: Filetype/MailScanner bug > > You are of course assuming that no one will ever try to sneak a unwanted > file type through by giving it a txt extension. The whole point of > checking file types is that you don't trust the extensions. A user could > change all of their files to have extensions of txt and get pass every > time. > > Rose, Bobby wrote: > >>I just had another message get misidentified by the new "Use TNEF >>Contents" option and filetype on the text part of the message that this > >>function creates. No QuickTime movies allowed (msg-24987-72.txt) >> >>Yeh I could disable the new option, or change the magic file to remove >>quicktime signatures or even change the filetype.conf but then again >>that defeats the intended purpose of the new option and/or the blocking > >>of quicktime filetypes. But it makes more sense to not be passing the >>msg.txt file created by the new function thru filetype. Plus, >>filename.conf entries don't seem to override filetype.conf entries as >>.txt is listed in the filename.conf by default. >> >>Bobby Rose >> >> >> >>-----Original Message----- >>From: mailscanner-bounces@lists.mailscanner.info >>[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rose, >>Bobby >>Sent: Monday, March 20, 2006 9:58 PM >>To: MailScanner discussion >>Subject: Filetype/MailScanner bug >> >>Since the "Use TNEF Contents" function in the latest version, I've come > >>across a pseudo bug. It's really not a bug since both file and >>MailScanner are doing exactly what they're supposed to. >> >>If "Use TNEF Contents" is yes and a plain text message or rtf formatted > >>message is processed, there is a potential for file to misinterpret a >>text message as an incorrect filetype because of string of text being >>in the correct byte position that magic is expecting for a particular >>filetype. >> >>It was stumbled upon by a one of our researchers who received a "No >>QuickTime movies allowed (msg-19905-304.txt)" warning from mail server. >>After investigation it turned out that the word "free" was in the 4th >>byte position which is also a magic signature for quicktime. I've been > >>able to dupe by sending a plain-text and an rtf formatted message with >>"RE: freezer emergency" as the first line in the message body. >> >>Any ideas for a fix to have MailScanner ignore a misdiagnosis by file >>without compromising security. \.txt$ is allowed in my filenames rule >>file so that currently can't be used to offset. >> >>-=Bobby >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! >> >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! **************** CAUTION - Disclaimer ***************** This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail requesting deletion of the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. NetMagic Solutions Pvt. Ltd. has taken every reasonable precaution to minimize the risk of virus infection & spam, but is not liable for any damage, you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. NetMagic Solutions Pvt. Ltd. reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the NetMagic Solutions Pvt. Ltd.'s e-mail system. ***************** End of Disclaimer ******************* From MailScanner at ecs.soton.ac.uk Wed Mar 29 20:52:54 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 29 20:53:06 2006 Subject: Beta 4.52.1 released In-Reply-To: References: <4425870A.4020307@ecs.soton.ac.uk> <4425C002.2070606@pacific.net> <4426AF54.3040309@ecs.soton.ac.uk> <44281A19.6040601@pacific.net> <44282044.2060008@ecs.soton.ac.uk> Message-ID: <442AE596.8050701@ecs.soton.ac.uk> Scott Silva wrote: > Jeff A. Earickson spake the following on 3/27/2006 9:53 AM: > >> Julian, >> >> Any chance that you would consider making the "--keep-comments" >> option of bin/upgrade_MailScanner_conf the default action? >> >> Jeff Earickson >> Colby College >> > But that option IFAIR doesn't bring in the new comments for options added by > Julian. > Correct. You either get your comments or mine. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Mar 29 20:57:17 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 29 20:57:47 2006 Subject: DNS? In-Reply-To: <000001c6534c$152ba6c0$c65c5c5c@MOELLER.COM> References: <000001c6534c$152ba6c0$c65c5c5c@MOELLER.COM> Message-ID: <442AE69D.8080605@ecs.soton.ac.uk> This is nothing to do with MailScanner. MailScanner is not involved with SMTP service at all. It's a dns/sendmail/other problem, not a MailScanner one. Kevin Droz wrote: > I'm running RH9 w/ MailScanner 4.38 using Sendmail. > > I have strange issue with a particular e-mail. Were using Outlook and hit > send and receive. The e-mail sits in the outbox and then times out. I can > send e-mail outbound and internal to other users with no problems. It only > appears to be an issue with this particular domain. The domain is > "futuremetals.com" When I lookup the DNS for this domain the name servers > time out. > > My question is shouldn't the system accept the e-mail to the queue and then > defer it till the system is back online. It's like the domain doesn't exists > and the server is stopping the mail at the client. > > Here is the error the Mail log: "Lost input channel from XXX.com > [XX.XX.XX.XXX] to MTA after rcpt" > > Thanks, > Kevin. > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From linux_spartacus at yahoo.com Wed Mar 29 21:02:02 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Wed Mar 29 21:02:08 2006 Subject: Message Duplication In-Reply-To: <0B3122D9-1864-4E6E-B2AA-B6C4BB5FF2DA@ecs.soton.ac.uk> Message-ID: <20060329200202.1694.qmail@web35612.mail.mud.yahoo.com> Here's my config CENTOS 4.2 Postfix -2.1.5-4.2.RHEL4 (mbox) Dovecot for POP3 MS-4.5.14-1 Julian Field wrote: What operating system are you running? What MTA (sendmail, Postfix, what?) What version of your MTA? What version of MailScanner? Answer those, and we can probably give you an answer fairly quickly. On 29 Mar 2006, at 15:02, spart cus wrote: > Hi To All, > Im having this problem of message duplication. 2 to 3 and even 4 > emails received with the same message id. I thought this is > resolved problem on MS. Any info on these ? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --------------------------------- Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2?/min or less. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060329/1f8e587d/attachment.html From jaearick at colby.edu Wed Mar 29 21:03:48 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Mar 29 21:07:54 2006 Subject: Beta 4.52.1 released In-Reply-To: <442AE596.8050701@ecs.soton.ac.uk> References: <4425870A.4020307@ecs.soton.ac.uk> <4425C002.2070606@pacific.net> <4426AF54.3040309@ecs.soton.ac.uk> <44281A19.6040601@pacific.net> <44282044.2060008@ecs.soton.ac.uk> <442AE596.8050701@ecs.soton.ac.uk> Message-ID: Julian, Hunh??? Whenever I do: cd /opt/MailScanner.new/etc ../bin/upgrade_MailScanner_conf --keep-comments \ /opt/MailScanner/etc/MailScanner.conf (old production version) ./MailScanner.conf > MailScanner.new (your new release) I always get my comments from the old version, plus your comments in the new version, plus any new features in your new version -- all nicely output to the MailScanner.new file. Diffs between the three versions (my old, your new, my new) show me what I would expect to happen. Work great, I was hoping it could become the default in the next release. Jeff Earickson On Wed, 29 Mar 2006, Julian Field wrote: > Date: Wed, 29 Mar 2006 20:52:54 +0100 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: Beta 4.52.1 released > > > > Scott Silva wrote: >> Jeff A. Earickson spake the following on 3/27/2006 9:53 AM: >> >>> Julian, >>> >>> Any chance that you would consider making the "--keep-comments" >>> option of bin/upgrade_MailScanner_conf the default action? >>> >>> Jeff Earickson >>> Colby College >>> >> But that option IFAIR doesn't bring in the new comments for options added >> by >> Julian. >> > Correct. You either get your comments or mine. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Wed Mar 29 21:13:01 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 29 21:13:12 2006 Subject: Message Doubles In-Reply-To: References: <64893.194.70.180.170.1143639444.squirrel@webmail.r-bit.net> <20060329134546.68664.qmail@web35606.mail.mud.yahoo.com> <64989.194.70.180.170.1143642055.squirrel@webmail.r-bit.net> <223f97700603290804r6a31772cydeecca5d2865cacc@mail.gmail.com> Message-ID: <223f97700603291213v15a0b4a8l879ea8fe4a9537e6@mail.gmail.com> On 29/03/06, Drew Marshall wrote: > > On 29 Mar 2006, at 17:04, Glenn Steen wrote: > > I don't think we have to go back to the logs, just use some > > logic(:-)... We see two separate (by 20 minutes!) messages, possibly > > containing the exact same message, being handled by smtpd/the header > > checks... and then passed on to the hold queue. This is a very strong > > indicator that it isn't your system that is having the problem > > (although it has to handle the effects of the error), since this, in > > all likelihood, couldn't happen unless those messages were handled in > > two separate SMTP-conversations. > > That's kinda what I meant :-) Yeah, Just wanted it to be "?ber-clear";-)... Hope no toes got hurt in the process:-). > > > > > If you do happen to look at the logs, take just one of teh messages, > > the first one, and look through the whole chain... is there _any_ > > errors indicated? Like a dropped connection? If you have logs split, > > remember to look in the error and warning file too. > > > > Are all the duplicates from the same sender/sending domain? If so, > > call them... and inform them (in a nice manner:-) that they have a > > problem to solve. > > If not... Well, we'll get to that eventually:-). > > Indeed, and we haven't even got to the replying to self level yet. > That's reserved for when things start looking a little more complex ;-) > > Drew > Had to drop everything... The PHB wanted some attention... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Mar 29 21:15:53 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 29 21:16:03 2006 Subject: Message Doubles In-Reply-To: <223f97700603291213v15a0b4a8l879ea8fe4a9537e6@mail.gmail.com> References: <64893.194.70.180.170.1143639444.squirrel@webmail.r-bit.net> <20060329134546.68664.qmail@web35606.mail.mud.yahoo.com> <64989.194.70.180.170.1143642055.squirrel@webmail.r-bit.net> <223f97700603290804r6a31772cydeecca5d2865cacc@mail.gmail.com> <223f97700603291213v15a0b4a8l879ea8fe4a9537e6@mail.gmail.com> Message-ID: <223f97700603291215s555564c4oda3fe92757afad17@mail.gmail.com> On 29/03/06, Glenn Steen wrote: > On 29/03/06, Drew Marshall wrote: (snip) > > Indeed, and we haven't even got to the replying to self level yet. > > That's reserved for when things start looking a little more complex ;-) > > > > Drew > > > > Had to drop everything... The PHB wanted some attention... > ... Otherwise I'd (of course) would have found a reason to reply to myself....:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Wed Mar 29 21:16:54 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 29 21:17:06 2006 Subject: Beta 4.52.1 released In-Reply-To: References: <4425870A.4020307@ecs.soton.ac.uk> <4425C002.2070606@pacific.net> <4426AF54.3040309@ecs.soton.ac.uk> <44281A19.6040601@pacific.net> <44282044.2060008@ecs.soton.ac.uk> <442AE596.8050701@ecs.soton.ac.uk> Message-ID: <442AEB36.4090306@ecs.soton.ac.uk> So it works even better than I thought it did. Cool :-) Jeff A. Earickson wrote: > Julian, > > Hunh??? Whenever I do: > > cd /opt/MailScanner.new/etc > ../bin/upgrade_MailScanner_conf --keep-comments \ > /opt/MailScanner/etc/MailScanner.conf (old production version) > ./MailScanner.conf > MailScanner.new (your new release) > > I always get my comments from the old version, plus your comments > in the new version, plus any new features in your new version -- > all nicely output to the MailScanner.new file. Diffs between > the three versions (my old, your new, my new) show me what I > would expect to happen. Work great, I was hoping it could become the > default in the next release. > > Jeff Earickson > > On Wed, 29 Mar 2006, Julian Field wrote: > >> Date: Wed, 29 Mar 2006 20:52:54 +0100 >> From: Julian Field >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Re: Beta 4.52.1 released >> >> >> >> Scott Silva wrote: >>> Jeff A. Earickson spake the following on 3/27/2006 9:53 AM: >>> >>>> Julian, >>>> >>>> Any chance that you would consider making the "--keep-comments" >>>> option of bin/upgrade_MailScanner_conf the default action? >>>> >>>> Jeff Earickson >>>> Colby College >>>> >>> But that option IFAIR doesn't bring in the new comments for options >>> added by >>> Julian. >>> >> Correct. You either get your comments or mine. >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve.swaney at fsl.com Wed Mar 29 21:24:42 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Mar 29 21:24:45 2006 Subject: Message Doubles In-Reply-To: Message-ID: <001e01c6536e$d0479d20$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Drew Marshall > Sent: Wednesday, March 29, 2006 1:26 PM > To: MailScanner discussion > Subject: Re: Message Doubles > > > On 29 Mar 2006, at 17:04, Glenn Steen wrote: > > I don't think we have to go back to the logs, just use some > > logic(:-)... We see two separate (by 20 minutes!) messages, possibly > > containing the exact same message, being handled by smtpd/the header > > checks... and then passed on to the hold queue. This is a very strong > > indicator that it isn't your system that is having the problem > > (although it has to handle the effects of the error), since this, in > > all likelihood, couldn't happen unless those messages were handled in > > two separate SMTP-conversations. > > That's kinda what I meant :-) > > > > > If you do happen to look at the logs, take just one of teh messages, > > the first one, and look through the whole chain... is there _any_ > > errors indicated? Like a dropped connection? If you have logs split, > > remember to look in the error and warning file too. > > > > Are all the duplicates from the same sender/sending domain? If so, > > call them... and inform them (in a nice manner:-) that they have a > > problem to solve. > > If not... Well, we'll get to that eventually:-). > > Indeed, and we haven't even got to the replying to self level yet. > That's reserved for when things start looking a little more complex ;-) > > Drew > Spartcus, Is the problem gateway system behind a Cisco PIX firewall? Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From MHewryk at symcor.com Wed Mar 29 21:28:49 2006 From: MHewryk at symcor.com (MHewryk@symcor.com) Date: Wed Mar 29 21:28:57 2006 Subject: {Blocked Content} - how to stop it? In-Reply-To: <442AE69D.8080605@ecs.soton.ac.uk> Message-ID: Hi, We have a request not to block the content of email/HTML tags from one particular site. We put the source's email address into the whitelist but the email is still blocked and tagged by MailScanner with the {Blocked Content} tag in the Subject line. What is the fix to stop tagging an email from the specific sites? Our HTML Tags setting in the configuration file. IFrame Tags = yes Form Tags = no Script Tags = no Object Codebase Tags = no Modify Subject = no Modif Text = no Any help? Thanks, Magda Hewryk From jaearick at colby.edu Wed Mar 29 21:36:11 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Mar 29 21:37:30 2006 Subject: Beta 4.52.1 released In-Reply-To: <442AEB36.4090306@ecs.soton.ac.uk> References: <4425870A.4020307@ecs.soton.ac.uk> <4425C002.2070606@pacific.net> <4426AF54.3040309@ecs.soton.ac.uk> <44281A19.6040601@pacific.net> <44282044.2060008@ecs.soton.ac.uk> <442AE596.8050701@ecs.soton.ac.uk> <442AEB36.4090306@ecs.soton.ac.uk> Message-ID: Well, I urge you to experiment a little to convince yourself of my claim, before changing the default and inflicting my hallucinations on others. Jeff On Wed, 29 Mar 2006, Julian Field wrote: > Date: Wed, 29 Mar 2006 21:16:54 +0100 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: Beta 4.52.1 released > > So it works even better than I thought it did. Cool :-) > > Jeff A. Earickson wrote: >> Julian, >> >> Hunh??? Whenever I do: >> >> cd /opt/MailScanner.new/etc >> ../bin/upgrade_MailScanner_conf --keep-comments \ >> /opt/MailScanner/etc/MailScanner.conf (old production version) >> ./MailScanner.conf > MailScanner.new (your new release) >> >> I always get my comments from the old version, plus your comments >> in the new version, plus any new features in your new version -- >> all nicely output to the MailScanner.new file. Diffs between >> the three versions (my old, your new, my new) show me what I >> would expect to happen. Work great, I was hoping it could become the >> default in the next release. >> >> Jeff Earickson >> >> On Wed, 29 Mar 2006, Julian Field wrote: >> >>> Date: Wed, 29 Mar 2006 20:52:54 +0100 >>> From: Julian Field >>> Reply-To: MailScanner discussion >>> To: MailScanner discussion >>> Subject: Re: Beta 4.52.1 released >>> >>> >>> >>> Scott Silva wrote: >>>> Jeff A. Earickson spake the following on 3/27/2006 9:53 AM: >>>> >>>>> Julian, >>>>> >>>>> Any chance that you would consider making the "--keep-comments" >>>>> option of bin/upgrade_MailScanner_conf the default action? >>>>> >>>>> Jeff Earickson >>>>> Colby College >>>>> >>>> But that option IFAIR doesn't bring in the new comments for options added >>>> by >>>> Julian. >>>> >>> Correct. You either get your comments or mine. >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Wed Mar 29 21:39:03 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 29 21:41:48 2006 Subject: Beta 4.52.1 released In-Reply-To: <442AEB36.4090306@ecs.soton.ac.uk> References: <4425870A.4020307@ecs.soton.ac.uk> <4425C002.2070606@pacific.net> <4426AF54.3040309@ecs.soton.ac.uk> <44281A19.6040601@pacific.net> <44282044.2060008@ecs.soton.ac.uk> <442AE596.8050701@ecs.soton.ac.uk> <442AEB36.4090306@ecs.soton.ac.uk> Message-ID: Julian Field spake the following on 3/29/2006 12:16 PM: > So it works even better than I thought it did. Cool :-) > Aha! Another new "feature"! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ishukor at gmail.com Wed Mar 29 22:07:41 2006 From: ishukor at gmail.com (Ishukor) Date: Wed Mar 29 22:06:10 2006 Subject: Single MailScanner with Multiple Domain Message-ID: <442AF71D.2060209@gmail.com> Hi, I have two domain example.com and example.net currently I am running mailscanner for example.com as a gateway, how can I use single mailscanner for two domain? do I need to setup another box of mailscanner for example.net or can I just use one?. From michele at blacknight.ie Wed Mar 29 22:16:08 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Wed Mar 29 22:16:16 2006 Subject: Single MailScanner with Multiple Domain In-Reply-To: <442AF71D.2060209@gmail.com> References: <442AF71D.2060209@gmail.com> Message-ID: <442AF918.3000900@blacknight.ie> Ishukor wrote: > Hi, > > I have two domain example.com and example.net currently I am running > mailscanner for example.com as a gateway, how can I use single > mailscanner for two domain? do I need to setup another box of > mailscanner for example.net or can I just use one?. Just use one :) We're scanning for hundreds of domains per server -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From gborders at jlewiscooper.com Wed Mar 29 22:25:53 2006 From: gborders at jlewiscooper.com (Greg Borders) Date: Wed Mar 29 22:24:44 2006 Subject: Single MailScanner with Multiple Domain In-Reply-To: <442AF71D.2060209@gmail.com> References: <442AF71D.2060209@gmail.com> Message-ID: <442AFB61.3090101@jlewiscooper.com> If your MTA can receive it, Mailscanner will scan it. I've got 3 domains on mine. Works fine, just had to set up some configuration files in my sendmail system. Specifically the /etc/mail/local-host-names is a good start to define them all on one box. Of course a lot depends on the MTA you use, and if you are using it only as a gateway for another server, versus delivering to the local unix mail boxes, then you might need to adjust some alias files or virtual user tables. Bottom line is it's do-able! Greg Borders Sys. Admin. JLC Co. Ishukor wrote: > Hi, > > I have two domain example.com and example.net currently I am running > mailscanner for example.com as a gateway, how can I use single > mailscanner for two domain? do I need to setup another box of > mailscanner for example.net or can I just use one?. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Thu Mar 30 00:09:38 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Mar 30 00:09:49 2006 Subject: Single MailScanner with Multiple Domain In-Reply-To: <442AF71D.2060209@gmail.com> References: <442AF71D.2060209@gmail.com> Message-ID: <442B13B2.5040605@evi-inc.com> Ishukor wrote: > Hi, > > I have two domain example.com and example.net currently I am running > mailscanner for example.com as a gateway, how can I use single > mailscanner for two domain? Set up the MX records for both domains to be the same IPs. ie: evi-inc.com and evitechnology.com, both point their MX records to the same server here. >From there it's just configuration of your MTA to handle multiple domains as local. This varies from MTA to MTA, but it's not hard, check your MTA's docs. If you can't figure it out, post here with information on what MTA you use with MailScanner and someone should be able to help you out. From nauman at worldcall.net.pk Thu Mar 30 06:46:39 2006 From: nauman at worldcall.net.pk (Muhammad Nauman) Date: Thu Mar 30 06:46:40 2006 Subject: Help About MailScannerers Stages. References: <44162CE0.2040107@nkpanama.com> <002001c64814$875135f0$23c051cb@noc> <4418088D.8090608@nkpanama.com> Message-ID: <00a701c66c19$743e73f0$23c051cb@noc> It's not a problem you fix by debugging or tracing. You have to look through the configuration file and pay attention to parameters such as "use spamassassin", the spam scores (which you can make higher or lower depending on your particular mail flow). You should also enable any auxiliary tools for spamassassin that you can (such as Razor, Pyzor and DCC) so that it can make a better analysis. I Used Sendmail 8.13.5 Qpopper 4.0.8 MailScanner 4.50.15.1 Install-Clam-SA Further I updated my SPAM ASSASIN with Mail-SpamAssassin-3.1.1 Now i want to enable RAZOR , PYZOR and DCC , as well. Can Any one Help to fine tune spam Controling From linux_spartacus at yahoo.com Thu Mar 30 06:49:56 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Thu Mar 30 06:50:15 2006 Subject: Message Doubles In-Reply-To: <223f97700603290804r6a31772cydeecca5d2865cacc@mail.gmail.com> Message-ID: <20060330054956.38268.qmail@web35607.mail.mud.yahoo.com> Hi, The sender comes from the same domain,same time, same sender and everything. Thats i suspected some problem. Even from trusted senders and spammers. Im still checking for other clients having the same problem. Glenn Steen wrote: On 29/03/06, Drew Marshall wrote: > On Wed, March 29, 2006 14:45, spart cus wrote: > > Hi, > > Im using mbox =( . > > Damn. Makes it a touch more difficult. Back to logs I am afraid. Basically > you need to find two SMTP sessions with the same message id. Grep for the > id rather than the sender and see what is turned up. > > > If its a MS problem what will i do ? Upgrade or some > > tweak ? > > You have found a bug/ problem. As I have been running this set up for ages > now (As have several others many with mail volumes much higher than mine) > with out problem, I would be surprised if it is this. > > Drew > > I don't think we have to go back to the logs, just use some logic(:-)... We see two separate (by 20 minutes!) messages, possibly containing the exact same message, being handled by smtpd/the header checks... and then passed on to the hold queue. This is a very strong indicator that it isn't your system that is having the problem (although it has to handle the effects of the error), since this, in all likelihood, couldn't happen unless those messages were handled in two separate SMTP-conversations. If you do happen to look at the logs, take just one of teh messages, the first one, and look through the whole chain... is there _any_ errors indicated? Like a dropped connection? If you have logs split, remember to look in the error and warning file too. Are all the duplicates from the same sender/sending domain? If so, call them... and inform them (in a nice manner:-) that they have a problem to solve. If not... Well, we'll get to that eventually:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --------------------------------- Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1¢/min. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060329/b2586820/attachment.html From martinh at solid-state-logic.com Thu Mar 30 09:32:46 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Mar 30 09:33:00 2006 Subject: Help About MailScannerers Stages. In-Reply-To: <00a701c66c19$743e73f0$23c051cb@noc> Message-ID: <002c01c653d4$87bb9eb0$3004010a@martinhlaptop> Hi Add the SARE and other rules from www.rulesemporium.com Keep then updates with RulesDuJour (google for this). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Muhammad Nauman > Sent: 30 April 2006 06:47 > To: MailScanner discussion > Subject: Re: Help About MailScannerers Stages. > > It's not a problem you fix by debugging or tracing. You have to look > through the configuration file and pay attention to parameters such as > "use spamassassin", the spam scores (which you can make higher or lower > depending on your particular mail flow). You should also enable any > auxiliary tools for spamassassin that you can (such as Razor, Pyzor and > DCC) so that it can make a better analysis. > > I Used Sendmail 8.13.5 > Qpopper 4.0.8 > MailScanner 4.50.15.1 > Install-Clam-SA > > Further I updated my SPAM ASSASIN with > Mail-SpamAssassin-3.1.1 > > Now i want to enable RAZOR , PYZOR and DCC , as well. > > Can Any one Help to fine tune spam Controling > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From padma at eis.iisc.ernet.in Thu Mar 30 10:31:11 2006 From: padma at eis.iisc.ernet.in (padma@eis.iisc.ernet.in) Date: Thu Mar 30 10:44:05 2006 Subject: Reg. MailScanner-4.45.4 Message-ID: I have installed Mailscanner-4.45.4.tar.gz with sendmail-8.13.1. There are no errors when installing but how do i get to stop sendmail and restart mailscanner because unlike in an rpm there is no start=up script in source files installed in /opt/Mailscanner/bin Any quick suggestions? Regards Padma ERNET Helpdesk From drew at themarshalls.co.uk Thu Mar 30 10:49:30 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Thu Mar 30 10:49:38 2006 Subject: Message Doubles In-Reply-To: <223f97700603291213v15a0b4a8l879ea8fe4a9537e6@mail.gmail.com> References: <64893.194.70.180.170.1143639444.squirrel@webmail.r-bit.net> <20060329134546.68664.qmail@web35606.mail.mud.yahoo.com> <64989.194.70.180.170.1143642055.squirrel@webmail.r-bit.net> <223f97700603290804r6a31772cydeecca5d2865cacc@mail.gmail.com> <223f97700603291213v15a0b4a8l879ea8fe4a9537e6@mail.gmail.com> Message-ID: <33278.194.70.180.170.1143712170.squirrel@webmail.r-bit.net> On Wed, March 29, 2006 21:13, Glenn Steen wrote: >> That's kinda what I meant :-) > > Yeah, Just wanted it to be "?ber-clear";-)... Hope no toes got hurt in > the process:-). Good grief no. Steel toe caps here :-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From MailScanner at ecs.soton.ac.uk Thu Mar 30 12:01:09 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 30 12:01:22 2006 Subject: Reg. MailScanner-4.45.4 In-Reply-To: References: Message-ID: <4F86DC40-AEFC-419C-A39D-09DF18B9E2FB@ecs.soton.ac.uk> Why didn't you use the RedHat RPM-based distribution of MailScanner? It would have saved you a whole world of pain, and everything is there. Hose /opt/MailScanner completely, download the RPM-based distribution of MailScanner, and install that instead. Your life will be a lot easier :-) If you use the most recent version you will find it is a whole lot faster, too. There is a program called "upgrade_MailScanner_conf" which will do all the hard work of upgrading your MailScanner.conf file to the latest version. Once you have MailScanner installed, just read the instructions it prints out at the end of the installation process. On 30 Mar 2006, at 10:31, padma@eis.iisc.ernet.in wrote: > > > I have installed Mailscanner-4.45.4.tar.gz with sendmail-8.13.1. > There are no errors when installing but how do i get to stop > sendmail and restart mailscanner because unlike in an rpm there is > no start=up script in source files > > installed in /opt/Mailscanner/bin > > Any quick suggestions? > > > Regards > Padma > ERNET Helpdesk > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Thu Mar 30 12:31:23 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Mar 30 12:31:37 2006 Subject: Reg. MailScanner-4.45.4 In-Reply-To: References: Message-ID: wrote on Thu, 30 Mar 2006 15:01:11 +0530 (IST): > I have installed Mailscanner-4.45.4.tar.gz with sendmail-8.13.1. > There are no errors when installing but how do i get to stop sendmail and > restart mailscanner because unlike in an rpm there is no start=up script > in source files If there are no init scripts in the src file, I guess it might be a good idea to at least add the init scripts that are provided with the rpm distribution for reference? Julian? I suppose you cannot install rpm? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From ishukor at gmail.com Thu Mar 30 12:40:36 2006 From: ishukor at gmail.com (Ishukor) Date: Thu Mar 30 12:40:44 2006 Subject: Single MailScanner with Multiple Domain Message-ID: <442BC3B4.6050904@gmail.com> Thanks You for the quick answer everybody, Currently running MaiScanner 4.51.4 on Fedora Core 4 with postfix as a gateway mode for my exchange, Certainly a little help on configuring postfix for multiple domain will help me a lot. Thanks Again Guys. From glenn.steen at gmail.com Thu Mar 30 13:18:41 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 30 13:18:45 2006 Subject: Single MailScanner with Multiple Domain In-Reply-To: <442BC3B4.6050904@gmail.com> References: <442BC3B4.6050904@gmail.com> Message-ID: <223f97700603300418j1f4f69daj38e788624eb6203b@mail.gmail.com> On 30/03/06, Ishukor wrote: > Thanks You for the quick answer everybody, Currently running MaiScanner > 4.51.4 on > Fedora Core 4 with postfix as a gateway mode for my exchange, Certainly > a little help on configuring postfix for multiple domain will help me a lot. > > Thanks Again Guys. > If you relay them all, it's just a question of setting your relay_domains correctly (and possibly transport map too, depending on if your MS host is the MX for the domains....). Oh, and see to it that all "trusted" servers/clients are covered by your mynetworks. Remember to make sure that you update your relay_recipient_map setting/method of generating it, so that you don't start accepting mail for unknown recipients. If you need go "virtual", that's another thing though:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From maillists at conactive.com Thu Mar 30 13:31:17 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Mar 30 13:31:30 2006 Subject: Reg. MailScanner-4.45.4 In-Reply-To: <4F86DC40-AEFC-419C-A39D-09DF18B9E2FB@ecs.soton.ac.uk> References: <4F86DC40-AEFC-419C-A39D-09DF18B9E2FB@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Thu, 30 Mar 2006 12:01:09 +0100: > Why didn't you use the RedHat RPM-based distribution of MailScanner? Hm, how do you know he uses Red Hat? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Thu Mar 30 13:51:13 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 30 13:51:28 2006 Subject: Reg. MailScanner-4.45.4 In-Reply-To: References: <4F86DC40-AEFC-419C-A39D-09DF18B9E2FB@ecs.soton.ac.uk> Message-ID: On 30 Mar 2006, at 13:31, Kai Schaetzl wrote: > Julian Field wrote on Thu, 30 Mar 2006 12:01:09 +0100: > >> Why didn't you use the RedHat RPM-based distribution of MailScanner? > > Hm, how do you know he uses Red Hat? Educated guess from his comment "unlike in an rpm there is no start=up script". Tends to imply he normally uses an rpm. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From tac.forums at gmail.com Thu Mar 30 15:20:54 2006 From: tac.forums at gmail.com (TAC Forums) Date: Thu Mar 30 15:20:57 2006 Subject: mqueue and mqueue.in have more files than necessary ... should I worry? In-Reply-To: References: Message-ID: Hi We have a Sun Cobalt RaQ 550 with MailScanner/sendmail running.... I just noticed that the mqueue and mqueue.in directories have more files than necessary ... When I run 'mailq' - it says ================================== /var/spool/mqueue (160 requests) ================================== But when I run 'ls /var/spool/mqueue | wc' - it says ================================== 47238 47238 708570 ================================== And when I run 'ls /var/spool/mqueue.in | wc' - it says ================================== 8360 8360 125390 ================================== Should I worry? Regards -- TAC Support Team From shuttlebox at gmail.com Thu Mar 30 15:41:25 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 30 15:41:31 2006 Subject: mqueue and mqueue.in have more files than necessary ... should I worry? In-Reply-To: References: Message-ID: <625385e30603300641j11c6fb62w313e8f20a4da11@mail.gmail.com> On 3/30/06, TAC Forums wrote: > Hi > > We have a Sun Cobalt RaQ 550 with MailScanner/sendmail running.... > > I just noticed that the mqueue and mqueue.in directories have more > files than necessary ... > > When I run 'mailq' - it says > ================================== > /var/spool/mqueue (160 requests) > ================================== > > > But when I run 'ls /var/spool/mqueue | wc' - it says > ================================== > 47238 47238 708570 > ================================== > > And when I run 'ls /var/spool/mqueue.in | wc' - it says > ================================== > 8360 8360 125390 > ================================== > > Should I worry? Probably no reason to worry but you should take some steps anyway. List the files and you will probably find a lot old (more than five days) files and file names starting with a capital letter. That indicates something went wrong, like the connection was lost or similar. Anyway, Sendmail will not be able to do anything about it now so you may as well delete those files to gain some speed, huge amount of files in a single directory makes it slow. -- /peter From bpumphrey at WoodMacLaw.com Thu Mar 30 16:20:50 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Thu Mar 30 16:20:56 2006 Subject: [Fwd: do you want to invest money ?] - MailScanner did not detect? Message-ID: <04D932B0071FE34FA63EBB1977B48D15F735A5@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jose Nathaniel G. Nengasca > Sent: Wednesday, March 29, 2006 1:53 AM > To: MailScanner discussion > Subject: [Fwd: do you want to invest money ?] - MailScanner did not > detect? > > Seems that MailScanner didnt detected this? is this new type of scam? > pls help.. > Here was my score: SpamAssassin Score: 4.52 Spam Report: Score Matching Rule Description -2.60 BAYES_00 Bayesian spam probability is 0 to 1% 0.00 HTML_MESSAGE HTML included in message 1.72 MSGID_DOLLARS Message-Id has pattern used in spam -0.00 NO_RELAYS Informational: message was not relayed via SMTP 1.91 RATWARE_MS_HASH Bulk email fingerprint (msgid ms hash) found 2.78 RATWARE_OUTLOOK_NONAME Bulk email fingerprint (Outlook no name) found 0.72 SARE_HTML_TITLE_MNY HTML Title implies this may be spam I will try those extra rules. From jkf at ecs.soton.ac.uk Fri Mar 24 10:33:33 2006 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 30 18:14:58 2006 Subject: Sendmail Upgrade, other problem In-Reply-To: <00c201c64f2c$ef3e2320$0600a8c0@roger> References: <00c201c64f2c$ef3e2320$0600a8c0@roger> Message-ID: <0A0B9F68-5083-44E0-8DBF-B80196E9439F@ecs.soton.ac.uk> If you are running on Linux and have upgraded from sendmail 8.12 or earlier to 8.13 then you need to set Lock Type = or Lock Type = posix depending on your version of MailScanner. Setting it to "posix" explicitly is clearer. On 24 Mar 2006, at 10:23, Roger Jochem wrote: > After the sendmail upgrade to 8.13.6, some of my messages come with > no body, and the text "<<< No Message Collected >>>" in the body... > They appear twice in the users inbox, one with this body, and one > ok message (with the original body). > > In Mailwatch this messages appear with two times the header info. > Very strange... > > Anybody facing the same problem, or maybe could give some ideas of > what's causing that? > > Regards > > Roger Jochem > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jkf at ecs.soton.ac.uk Fri Mar 24 10:33:33 2006 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 30 18:15:02 2006 Subject: Sendmail Upgrade, other problem In-Reply-To: <00c201c64f2c$ef3e2320$0600a8c0@roger> References: <00c201c64f2c$ef3e2320$0600a8c0@roger> Message-ID: <0A0B9F68-5083-44E0-8DBF-B80196E9439F@ecs.soton.ac.uk> If you are running on Linux and have upgraded from sendmail 8.12 or earlier to 8.13 then you need to set Lock Type = or Lock Type = posix depending on your version of MailScanner. Setting it to "posix" explicitly is clearer. On 24 Mar 2006, at 10:23, Roger Jochem wrote: > After the sendmail upgrade to 8.13.6, some of my messages come with > no body, and the text "<<< No Message Collected >>>" in the body... > They appear twice in the users inbox, one with this body, and one > ok message (with the original body). > > In Mailwatch this messages appear with two times the header info. > Very strange... > > Anybody facing the same problem, or maybe could give some ideas of > what's causing that? > > Regards > > Roger Jochem > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Thu Mar 30 18:31:25 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Mar 30 18:31:38 2006 Subject: mqueue and mqueue.in have more files than necessary ... should I worry? In-Reply-To: References: Message-ID: TAC Forums wrote on Thu, 30 Mar 2006 19:50:54 +0530: > Should I worry? I'd check what makes up the discrepancy. F.i. could be a lot of old data files with no queue files. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From roger at rudnick.com.br Thu Mar 30 18:33:57 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Thu Mar 30 18:34:14 2006 Subject: Sendmail Upgrade, other problem References: <00c201c64f2c$ef3e2320$0600a8c0@roger> <0A0B9F68-5083-44E0-8DBF-B80196E9439F@ecs.soton.ac.uk> Message-ID: <055101c65420$1fa34c00$0600a8c0@roger> But it is (and was already) configured as posix. I upgraded from 8.13.1 to 8.13.6, and then the problem started to appear. ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Friday, March 24, 2006 7:33 AM Subject: Re: Sendmail Upgrade, other problem > If you are running on Linux and have upgraded from sendmail 8.12 or > earlier to 8.13 then you need to set > Lock Type = > or > Lock Type = posix > depending on your version of MailScanner. Setting it to "posix" > explicitly is clearer. > > On 24 Mar 2006, at 10:23, Roger Jochem wrote: > >> After the sendmail upgrade to 8.13.6, some of my messages come with no >> body, and the text "<<< No Message Collected >>>" in the body... They >> appear twice in the users inbox, one with this body, and one ok message >> (with the original body). >> >> In Mailwatch this messages appear with two times the header info. Very >> strange... >> >> Anybody facing the same problem, or maybe could give some ideas of >> what's causing that? >> >> Regards >> >> Roger Jochem >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > Julian Field > jkf@ecs.soton.ac.uk > Teaching Systems Manager > Electronics & Computer Science > University of Southampton > SO17 1BJ, UK > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mrm at medicine.wisc.edu Thu Mar 30 18:40:54 2006 From: mrm at medicine.wisc.edu (Michael Masse) Date: Thu Mar 30 18:41:36 2006 Subject: Symantec Linux Enterprise AV support Message-ID: I see that the latest Symantec Enterprise client (10.1) which was released just a couple of days ago now includes a Linux client. It's about time!!!! Looking at MailScanner.conf I see an option for the Symantec Scan Engine but I'm guessing it's not the same as the enterprise version? If not, are there any plans to incorporate the new client into MailScanner? Mike From MailScanner at ecs.soton.ac.uk Thu Mar 30 18:43:58 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 30 18:44:15 2006 Subject: Sendmail Upgrade, other problem In-Reply-To: <055101c65420$1fa34c00$0600a8c0@roger> References: <00c201c64f2c$ef3e2320$0600a8c0@roger> <0A0B9F68-5083-44E0-8DBF-B80196E9439F@ecs.soton.ac.uk> <055101c65420$1fa34c00$0600a8c0@roger> Message-ID: <442C18DE.5010102@ecs.soton.ac.uk> Can you do this and send the output: sendmail -d0.1 -d0.4 -bt But it is (and was already) configured as posix. I upgraded from > 8.13.1 to 8.13.6, and then the problem started to appear. > > ----- Original Message ----- From: "Julian Field" > To: "MailScanner discussion" > Sent: Friday, March 24, 2006 7:33 AM > Subject: Re: Sendmail Upgrade, other problem > > >> If you are running on Linux and have upgraded from sendmail 8.12 or >> earlier to 8.13 then you need to set >> Lock Type = >> or >> Lock Type = posix >> depending on your version of MailScanner. Setting it to "posix" >> explicitly is clearer. >> >> On 24 Mar 2006, at 10:23, Roger Jochem wrote: >> >>> After the sendmail upgrade to 8.13.6, some of my messages come with >>> no body, and the text "<<< No Message Collected >>>" in the body... >>> They appear twice in the users inbox, one with this body, and one >>> ok message (with the original body). >>> >>> In Mailwatch this messages appear with two times the header info. >>> Very strange... >>> >>> Anybody facing the same problem, or maybe could give some ideas of >>> what's causing that? >>> >>> Regards >>> >>> Roger Jochem >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> -- >> Julian Field >> jkf@ecs.soton.ac.uk >> Teaching Systems Manager >> Electronics & Computer Science >> University of Southampton >> SO17 1BJ, UK >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 30 18:46:01 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 30 18:46:07 2006 Subject: Symantec Linux Enterprise AV support In-Reply-To: References: Message-ID: <442C1959.9010209@ecs.soton.ac.uk> If you can send me a fully working and licensed copy of it, I will write support for it. I can guarantee that the copy you send me will never go any further and will be used solely for development purposes. I have no funds available to purchase a copy of it. Oh, and don't post it to the list! :-) Michael Masse wrote: > I see that the latest Symantec Enterprise client (10.1) which was released just a couple of days ago now includes a Linux client. It's about time!!!! Looking at MailScanner.conf I see an option for the Symantec Scan Engine but I'm guessing it's not the same as the enterprise version? If not, are there any plans to incorporate the new client into MailScanner? > > Mike > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From roger at rudnick.com.br Thu Mar 30 18:52:32 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Thu Mar 30 18:53:09 2006 Subject: Sendmail Upgrade, other problem References: <00c201c64f2c$ef3e2320$0600a8c0@roger> <0A0B9F68-5083-44E0-8DBF-B80196E9439F@ecs.soton.ac.uk><055101c65420$1fa34c00$0600a8c0@roger> <442C18DE.5010102@ecs.soton.ac.uk> Message-ID: <05b101c65422$b822d6b0$0600a8c0@roger> It returns Version 8.13.6 Compiled with: DNSMAP LDAPMAP FSTATMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS USERDB USE_LDAP_INIT Canonical name: mail.rudnick.com.br UUCP nodename: mail.rudnick.com.br a.k.a.: mail a.k.a.: [172.16.0.1] ============ SYSTEM IDENTITY (after readcf) ============ (short domain name) $w = mail (canonical domain name) $j = mail.rudnick.com.br (subdomain name) $m = rudnick.com.br (node name) $k = mail.rudnick.com.br ======================================================== ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter
> ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Thursday, March 30, 2006 2:43 PM Subject: Re: Sendmail Upgrade, other problem > Can you do this and send the output: > > sendmail -d0.1 -d0.4 -bt > Roger Jochem wrote: >> But it is (and was already) configured as posix. I upgraded from >> 8.13.1 to 8.13.6, and then the problem started to appear. >> >> ----- Original Message ----- From: "Julian Field" >> To: "MailScanner discussion" >> Sent: Friday, March 24, 2006 7:33 AM >> Subject: Re: Sendmail Upgrade, other problem >> >> >>> If you are running on Linux and have upgraded from sendmail 8.12 or >>> earlier to 8.13 then you need to set >>> Lock Type = >>> or >>> Lock Type = posix >>> depending on your version of MailScanner. Setting it to "posix" >>> explicitly is clearer. >>> >>> On 24 Mar 2006, at 10:23, Roger Jochem wrote: >>> >>>> After the sendmail upgrade to 8.13.6, some of my messages come with >>>> no body, and the text "<<< No Message Collected >>>" in the body... >>>> They appear twice in the users inbox, one with this body, and one >>>> ok message (with the original body). >>>> >>>> In Mailwatch this messages appear with two times the header info. >>>> Very strange... >>>> >>>> Anybody facing the same problem, or maybe could give some ideas of >>>> what's causing that? >>>> >>>> Regards >>>> >>>> Roger Jochem >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> -- >>> Julian Field >>> jkf@ecs.soton.ac.uk >>> Teaching Systems Manager >>> Electronics & Computer Science >>> University of Southampton >>> SO17 1BJ, UK >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Thu Mar 30 21:34:18 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Mar 30 21:34:21 2006 Subject: FW: [Razor-users] Razor2 is open and free. Message-ID: <049a01c65439$51e4dc60$2901010a@office.fsl> In case you didn't see this message. Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com -----Original Message----- From: razor-users-admin@lists.sourceforge.net [mailto:razor-users-admin@lists.sourceforge.net] On Behalf Of Vipul Ved Prakash Sent: Thursday, March 30, 2006 2:19 PM To: razor-users@lists.sourceforge.net Subject: [Razor-users] Razor2 is open and free. Folks, I am pleased to announce that with the release of razor-agents 2.81[1] a new service policy has been introduced, that makes the use of Razor2 service completely open and free. A license introduced in 2003 restricted usage by third party integrators, but the new license unencumbers all usage, commercial or otherwise. My company, Cloudmark, hosts and manages the backend infrastructure that Razor2 agents use for reporting spam and checking fingerprints. Cloudmark retains the right to deny service to anyone abusing the backend, but will not, under normal circumstances, restrict usage in any way. Share and Enjoy! vipul [1] http://prdownloads.sourceforge.net/razor/razor-agents-2.81.tar.bz2?downl oad ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=k&kid0944&bid$1720&dat1642 _______________________________________________ Razor-users mailing list Razor-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/razor-users From karl.bailey at landmark-information.co.uk Thu Mar 30 23:02:24 2006 From: karl.bailey at landmark-information.co.uk (Karl Bailey) Date: Thu Mar 30 23:02:33 2006 Subject: Not often I post Message-ID: <6D593FF95F52DB4D9CC4F5E3A4AC33825C6DFE@exmx04.corp.edrlandmark.net> Only when I have a problem, which I seem to at the moment. Two day in a row now I have had a problem with MailScanner 4.51.5-1 running in RedHat FC1. It employs spam assassin, kaspersky, f-prot & mcafee virus scanning. CPU usage etc hovers around 25% & all in all it works very well processing around 20000 messages (6GBytes) a day. I have received a single message that brings mailscanner to it's knees .. the message enters the inbound mail queue, the MailScanner processes defunct one by one till MailScanner is effectively not processing mail any more, mail builds up in the inbound mail queue. This is exasperated by the fact that although MailScanner reports as defunct in the process list it is actually still identifying spam, & generating spam warning messages, which in turn end up in the inbound queue... this seems to lead to a "DOS" effect. I have isolated the single message in it's raw queue qf & df files. Every time I place it into the inbound queue the processes defunct, & yes I am ensuring there is no file permissions problems... If anyone wants a copy of the message I can send them the queue files.... I'm suspicious though that the Virus Scanning is where the problem lies, hence without the combination of VC's listed above it may run through the queue ... Any ideas? The one thing I've noticed about the header (qf file) is that there seems to be some very long boundary strings emplyed. Regards KArl Registered Office: 5-7 Abbey Court, Eagle Way, Sowton, Exeter, Devon, EX2 7HY Registered Number 2892803 Registered in England & Wales The information contained in this e-mail is confidential and may be subject to legal privilege. If you are not the intended recipient, you must not use, copy, distribute or disclose the e-mail or any part of its contents or take any action in reliance on it. If you have received this e-mail in error, please e-mail the sender by replying to this message. All reasonable precautions have been taken to ensure no viruses are present in this e-mail. Landmark Information Group Limited cannot accept responsibility for loss or damage arising from the use of this e-mail or attachments and recommend that you subject these to your virus checking procedures prior to use. www.landmarkinfo.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060330/6e48ac14/attachment.html From tac.forums at gmail.com Fri Mar 31 03:47:19 2006 From: tac.forums at gmail.com (TAC Forums) Date: Fri Mar 31 03:47:21 2006 Subject: mqueue and mqueue.in have more files than necessary ... should I worry? In-Reply-To: <625385e30603300641j11c6fb62w313e8f20a4da11@mail.gmail.com> References: <625385e30603300641j11c6fb62w313e8f20a4da11@mail.gmail.com> Message-ID: > Anyway, Sendmail will not be able to do anything about it now > so you may as well delete those files to gain some speed, huge amount > of files in a single directory makes it slow. Ah! ... that's incentive enough to make me want to delete these files. :-) Any tips and ideas on a fast way to delete the unwanted files? Regards -- TAC Support Team From tac.forums at gmail.com Fri Mar 31 03:50:06 2006 From: tac.forums at gmail.com (TAC Forums) Date: Fri Mar 31 03:50:08 2006 Subject: mqueue and mqueue.in have more files than necessary ... should I worry? In-Reply-To: References: Message-ID: > I'd check what makes up the discrepancy. F.i. could be a lot of old data > files with no queue files. Yes it is. Any ideas how to quickly delete these files? Here is what I'm thinking. 1. Stop mailscanner / sendmail. 2. Type mailq and get the list of active messages that are in the queue and move them to another folder. 3. delete all other files in /var/spool/mqueue 4. move the active files back to mqueue. 5. Start Mailscanner However, any ideas what I should do about /var/spool/mqueue.in ? How do I know which of these messages are active and which aren't? Regards - TAC Helpdesk From MailScanner at ecs.soton.ac.uk Fri Mar 31 08:35:59 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 31 08:36:18 2006 Subject: Not often I post In-Reply-To: <6D593FF95F52DB4D9CC4F5E3A4AC33825C6DFE@exmx04.corp.edrlandmark.net> References: <6D593FF95F52DB4D9CC4F5E3A4AC33825C6DFE@exmx04.corp.edrlandmark.net> Message-ID: <5F3196B6-7176-43A6-91B2-7FE72BF974F3@ecs.soton.ac.uk> Please can you send me the df and qf files of the message (off-list!). I will test it against the latest code and see what happens. If you could get them to me today, I may be able to fix the problem before the new version release tomorrow. On 30 Mar 2006, at 23:02, Karl Bailey wrote: > Only when I have a problem, which I seem to at the moment. Two day > in a row now I have had a problem with MailScanner 4.51.5-1 running > in RedHat FC1. It employs spam assassin, kaspersky, f-prot & mcafee > virus scanning. CPU usage etc hovers around 25% & all in all it > works very well processing around 20000 messages (6GBytes) a day. > > > I have received a single message that brings mailscanner to it?s > knees .. the message enters the inbound mail queue, the MailScanner > processes defunct one by one till MailScanner is effectively not > processing mail any more, mail builds up in the inbound mail queue. > This is exasperated by the fact that although MailScanner reports > as defunct in the process list it is actually still identifying > spam, & generating spam warning messages, which in turn end up in > the inbound queue? this seems to lead to a ?DOS? effect. > > > I have isolated the single message in it?s raw queue qf & df files. > Every time I place it into the inbound queue the processes defunct, > & yes I am ensuring there is no file permissions problems? If > anyone wants a copy of the message I can send them the queue > files?. I?m suspicious though that the Virus Scanning is where the > problem lies, hence without the combination of VC?s listed above it > may run through the queue ? Any ideas? The one thing I?ve noticed > about the header (qf file) is that there seems to be some very long > boundary strings emplyed. > > > Regards > > KArl > > Registered Office: 5-7 Abbey Court, Eagle Way, Sowton, Exeter, > Devon, EX2 7HY > Registered Number 2892803 Registered in England and Wales > > The information contained in this e-mail is confidential and may be > subject to legal privilege. If you are not the intended recipient, > you must not use, copy, distribute or disclose the e-mail or any > part of its contents or take any action in reliance on it. If you > have received this e-mail in error, please e-mail the sender by > replying to this message. All reasonable precautions have been > taken to ensure no viruses are present in this e-mail. Landmark > Information Group Limited cannot accept responsibility for loss or > damage arising from the use of this e-mail or attachments and > recommend that you subject these to your virus checking procedures > prior to use. > > www.landmarkinfo.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060331/0df26c8b/attachment.html From MailScanner at ecs.soton.ac.uk Fri Mar 31 08:37:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 31 08:37:41 2006 Subject: mqueue and mqueue.in have more files than necessary ... should I worry? In-Reply-To: References: Message-ID: <744004DF-2BA0-4120-B65C-E2C5B8F7049B@ecs.soton.ac.uk> On 31 Mar 2006, at 03:50, TAC Forums wrote: >> I'd check what makes up the discrepancy. F.i. could be a lot of >> old data >> files with no queue files. > > Yes it is. Any ideas how to quickly delete these files? > > Here is what I'm thinking. > > 1. Stop mailscanner / sendmail. > 2. Type mailq and get the list of active messages that are in the > queue and move them to another folder. > 3. delete all other files in /var/spool/mqueue > 4. move the active files back to mqueue. > 5. Start Mailscanner > > However, any ideas what I should do about /var/spool/mqueue.in ? > > How do I know which of these messages are active and which aren't? Switch off the incoming sendmail (kill the one that listening for messages). Wait for MailScanner to stop delivering any new messages. Delete everything left in mqueue.in. Stop MailScanner completely and restart it. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Mailscanner at mailing.kaufland-informationssysteme.com Fri Mar 31 09:00:04 2006 From: Mailscanner at mailing.kaufland-informationssysteme.com (Matthias Sutter) Date: Fri Mar 31 08:59:53 2006 Subject: X_Spam_Status Message-ID: <442CE184.40106@mailing.kaufland-informationssysteme.com> Hi, is it possible to remove the X_Spam_Status flag in the mailheader? I did't find a option in the Mailscanner.conf. Is there an other way as use the source? Thanks a lot Matthias From MailScanner at ecs.soton.ac.uk Fri Mar 31 09:23:05 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 31 09:23:21 2006 Subject: X_Spam_Status In-Reply-To: <442CE184.40106@mailing.kaufland-informationssysteme.com> References: <442CE184.40106@mailing.kaufland-informationssysteme.com> Message-ID: <2462E3D1-AB54-4DBA-BC58-C2490E2139CA@ecs.soton.ac.uk> If it uses underscore characters, it didn't come from MailScanner. On 31 Mar 2006, at 09:00, Matthias Sutter wrote: > Hi, > > is it possible to remove the X_Spam_Status flag in the mailheader? > I did't find a option in the Mailscanner.conf. > > Is there an other way as use the source? > > Thanks a lot > > Matthias > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve.freegard at fsl.com Fri Mar 31 09:31:30 2006 From: steve.freegard at fsl.com (Steve Freegard) Date: Fri Mar 31 09:29:20 2006 Subject: Not often I post In-Reply-To: <6D593FF95F52DB4D9CC4F5E3A4AC33825C6DFE@exmx04.corp.edrlandmark.net> References: <6D593FF95F52DB4D9CC4F5E3A4AC33825C6DFE@exmx04.corp.edrlandmark.net> Message-ID: <1143793891.16392.496.camel@localhost.localdomain> Hi Karl, On Thu, 2006-03-30 at 23:02 +0100, Karl Bailey wrote: > Only when I have a problem, which I seem to at the moment. Two day in > a row now I have had a problem with MailScanner 4.51.5-1 running in > RedHat FC1. It employs spam assassin, kaspersky, f-prot & mcafee virus > scanning. CPU usage etc hovers around 25% & all in all it works very > well processing around 20000 messages (6GBytes) a day. > > > > I have received a single message that brings mailscanner to it?s > knees .. the message enters the inbound mail queue, the MailScanner > processes defunct one by one till MailScanner is effectively not > processing mail any more, mail builds up in the inbound mail queue. > This is exasperated by the fact that although MailScanner reports as > defunct in the process list it is actually still identifying spam, & > generating spam warning messages, which in turn end up in the inbound > queue? this seems to lead to a ?DOS? effect. > > > > I have isolated the single message in it?s raw queue qf & df files. > Every time I place it into the inbound queue the processes defunct, & > yes I am ensuring there is no file permissions problems? If anyone > wants a copy of the message I can send them the queue files?. I?m > suspicious though that the Virus Scanning is where the problem lies, > hence without the combination of VC?s listed above it may run through > the queue ? Any ideas? The one thing I?ve noticed about the header (qf > file) is that there seems to be some very long boundary strings > emplyed. > We had a number of customers with exactly the same problem on 4.51.5 - an upgrade to 4.51.6 solved the problem for them. Kind regards, Steve. -- Steve Freegard Development Director Fort Systems Ltd. Tel: +44 (0)1243 200 001 Mobile: +44 (0)7740 364 348 Skype: smfreegard From dean.plant at roke.co.uk Fri Mar 31 11:52:16 2006 From: dean.plant at roke.co.uk (Plant, Dean) Date: Fri Mar 31 11:52:31 2006 Subject: Normal mail in quarantine Message-ID: <2181C5F19DD0254692452BFF3EAF1D6801527B48@rsys005a.comm.ad.roke.co.uk> I have just gone live with an upgraded MailScanner server and noticed that some non spam & non dangerous mail is being stored in quarantine. Any idea's to what I may have configured incorrectly. My message actions from /etc/MailScanner/MailScanner.conf Spam Actions = store attachment deliver High Scoring Spam Actions = forward emailaddress@ourdomin.co.uk Non Spam Actions = deliver Non MCP Actions = deliver MCP Actions = deliver High Scoring MCP Actions = deliver Viewing the quarantine in Mailwatch shows that most messages should not be in there, example below Anti-Virus/Dangerous Content Protection Virus: N Blocked File: N Other Infection: N SpamAssassin Spam: N Action(s): deliver High Scoring Spam: N SpamAssassin Spam: N Listed in RBL: N Spam Whitelisted: N Spam Blacklisted: N SpamAssassin Autolearn: N SpamAssassin Score: -0.25 Spam Report: Score Matching Rule Description-2.60 BAYES_00 Bayesian spam probability is 0 to 1% 0.00 HTML_MESSAGE HTML included in message 0.23 HTML_TAG_BALANCE_BODY HTML has unbalanced "body" tags 0.12 HTML_TEXT_AFTER_BODY HTML contains text after BODY close tag 2.00 SARE_RAND_1 Message Content Protection (MCP) MCP: N High Scoring MCP: N SpamAssassin MCP: N MCP Whitelisted: N MCP Blacklisted: N MailScanner -V This is CentOS release 4.2 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.51.6 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.32 HTML::Entities 3.48 HTML::Parser 2.35 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.03 MIME::QuotedPrint 5.419 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.08 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.810 DB_File 1.11 DBD::SQLite 1.50 DBI 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.001001 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS 0.31 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI Thanks Dean From MailScanner at ecs.soton.ac.uk Fri Mar 31 12:04:32 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 31 12:04:47 2006 Subject: Normal mail in quarantine In-Reply-To: <2181C5F19DD0254692452BFF3EAF1D6801527B48@rsys005a.comm.ad.roke.co.uk> References: <2181C5F19DD0254692452BFF3EAF1D6801527B48@rsys005a.comm.ad.roke.co.uk> Message-ID: <5D713143-3263-45FB-9E8B-847EDF575DE3@ecs.soton.ac.uk> On 31 Mar 2006, at 11:52, Plant, Dean wrote: > I have just gone live with an upgraded MailScanner server and noticed > that some non spam & non dangerous mail is being stored in quarantine. > Any idea's to what I may have configured incorrectly. Take a look at this option: # Do you want to stop any virus-infected spam getting into the spam or MCP # archives? If you have a system where users can release messages from the # spam or MCP archives, then you probably want to stop them being able to # release any infected messages, so set this to yes. # It is set to no by default as it causes a small hit in performance, and # many people don't allow users to access the spam quarantine, so don't # need it. # This can also be the filename of a ruleset. Keep Spam And MCP Archive Clean = no -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solid-state-logic.com Fri Mar 31 12:09:45 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Mar 31 12:09:53 2006 Subject: Normal mail in quarantine In-Reply-To: <2181C5F19DD0254692452BFF3EAF1D6801527B48@rsys005a.comm.ad.roke.co.uk> Message-ID: <000f01c654b3$9e4e0430$3004010a@martinhlaptop> Dean Check what that actions for 'normal' email are - if it's store then that's why its quarantining them - which is a good idea (TM) when using MailWatch as it means you can run the lean as spam/ham functions and other.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Plant, Dean > Sent: 31 March 2006 11:52 > To: MailScanner discussion > Subject: Normal mail in quarantine > > I have just gone live with an upgraded MailScanner server and noticed > that some non spam & non dangerous mail is being stored in quarantine. > Any idea's to what I may have configured incorrectly. > > My message actions from /etc/MailScanner/MailScanner.conf > > Spam Actions = store attachment deliver > High Scoring Spam Actions = forward emailaddress@ourdomin.co.uk > Non Spam Actions = deliver > Non MCP Actions = deliver > MCP Actions = deliver > High Scoring MCP Actions = deliver > > Viewing the quarantine in Mailwatch shows that most messages should not > be in there, example below > > Anti-Virus/Dangerous Content Protection > Virus: N > Blocked File: N > Other Infection: N > SpamAssassin > Spam: N Action(s): deliver > High Scoring Spam: N > SpamAssassin Spam: N > Listed in RBL: N > Spam Whitelisted: N > Spam Blacklisted: N > SpamAssassin Autolearn: N > SpamAssassin Score: -0.25 > Spam Report: > Score Matching Rule Description-2.60 BAYES_00 > Bayesian spam probability is 0 to 1% > 0.00 HTML_MESSAGE HTML included in message > 0.23 HTML_TAG_BALANCE_BODY HTML has unbalanced "body" tags > 0.12 HTML_TEXT_AFTER_BODY HTML contains text after BODY close tag > 2.00 SARE_RAND_1 > Message Content Protection (MCP) > MCP: N > High Scoring MCP: N > SpamAssassin MCP: N > MCP Whitelisted: N > MCP Blacklisted: N > > MailScanner -V > This is CentOS release 4.2 (Final) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.51.6 > Module versions are: > 1.00 AnyDBM_File > 1.14 Archive::Zip > 1.03 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.14 File::Temp > 1.32 HTML::Entities > 3.48 HTML::Parser > 2.35 HTML::TokeParser > 1.21 IO > 1.10 IO::File > 1.123 IO::Pipe > 1.71 Mail::Header > 3.05 MIME::Base64 > 5.419 MIME::Decoder > 5.419 MIME::Decoder::UU > 5.419 MIME::Head > 5.419 MIME::Parser > 3.03 MIME::QuotedPrint > 5.419 MIME::Tools > 0.10 Net::CIDR > 1.08 POSIX > 1.77 Socket > 0.08 Sys::Syslog > 1.86 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.810 DB_File > 1.11 DBD::SQLite > 1.50 DBI > 1.08 Digest > 1.01 Digest::HMAC > 2.33 Digest::MD5 > 2.10 Digest::SHA1 > 0.44 Inline > 0.17 Mail::ClamAV > 3.001001 Mail::SpamAssassin > 1.997 Mail::SPF::Query > 0.15 Net::CIDR::Lite > 0.48 Net::DNS > 0.31 Net::LDAP > 1.94 Parse::RecDescent > missing SAVI > 1.4 Sys::Hostname::Long > 2.42 Test::Harness > 0.47 Test::Simple > 1.95 Text::Balanced > 1.35 URI > > Thanks > > Dean > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From Chris.Boyd at usit.ie Fri Mar 31 12:16:10 2006 From: Chris.Boyd at usit.ie (Chris Boyd) Date: Fri Mar 31 12:21:33 2006 Subject: Exclude IP from Mailscanner Message-ID: I've never written a rule for Mailscanner. Could anyone give an example of how to exclude an IP (ie mail coming from this IP) from being processed by Mailscanner. TIA ----------------------------------------------------------------- This email message is intended only for the addressee(s) and contains information that may be confidential and/or copyrighted. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email by anyone other than the intended recipient(s) is strictly prohibited. USIT has scanned this email for viruses and dangerous content and believes it to be clean. However, virus scanning is ultimately the responsibility of the recipient. ----------------------------------------------------------------- From jaearick at colby.edu Fri Mar 31 13:08:16 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri Mar 31 13:11:57 2006 Subject: mqueue and mqueue.in have more files than necessary ... should I worry? In-Reply-To: References: <625385e30603300641j11c6fb62w313e8f20a4da11@mail.gmail.com> Message-ID: First, figure out the maximum time that you hold email before returning it as undeliverable. Mine is three days, eg "Timeout.queuereturn=3d" in my sendmail settings. Then cd to the queue directory in question, and do: find . -mtime +3 -print | xargs rm Voila, old files are gone. No need to stop sendmail or MailScanner. Jeff Earickson Colby College On Fri, 31 Mar 2006, TAC Forums wrote: > Date: Fri, 31 Mar 2006 08:17:19 +0530 > From: TAC Forums > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: mqueue and mqueue.in have more files than necessary ... should I > worry? > >> Anyway, Sendmail will not be able to do anything about it now >> so you may as well delete those files to gain some speed, huge amount >> of files in a single directory makes it slow. > > Ah! ... that's incentive enough to make me want to delete these files. :-) > > Any tips and ideas on a fast way to delete the unwanted files? > > Regards > -- > TAC Support Team > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From dean.plant at roke.co.uk Fri Mar 31 13:34:58 2006 From: dean.plant at roke.co.uk (Plant, Dean) Date: Fri Mar 31 13:35:13 2006 Subject: Normal mail in quarantine Message-ID: <2181C5F19DD0254692452BFF3EAF1D6801527B4A@rsys005a.comm.ad.roke.co.uk> Julian Field wrote: > On 31 Mar 2006, at 11:52, Plant, Dean wrote: > >> I have just gone live with an upgraded MailScanner server and noticed >> that some non spam & non dangerous mail is being stored in >> quarantine. Any idea's to what I may have configured incorrectly. > > Take a look at this option: > > # Do you want to stop any virus-infected spam getting into the spam > or MCP > # archives? If you have a system where users can release messages > from the > # spam or MCP archives, then you probably want to stop them being > able to > # release any infected messages, so set this to yes. > # It is set to no by default as it causes a small hit in performance, > and > # many people don't allow users to access the spam quarantine, so > don't # need it. > # This can also be the filename of a ruleset. > Keep Spam And MCP Archive Clean = no I'm not sure if I am understanding that option or I have not clearly worded my question. My problem is that I am intermittingly getting email that is clean of viruses with spam scores below 5 (i.e. clean messages) stored in quarantine. These mails should be passing through the relay and not be stored at all. My Non Spam Actions is set to deliver only. The messages being wrongly stored are going into /var/spool/MailScanner/quarantine/20060331 My MailScanner.conf %org-name% = roke.co.uk %org-long-name% = RSYS002X\nRoke Manor Research Ltd %web-site% = www.roke.co.uk %etc-dir% = /etc/MailScanner %report-dir% = /etc/MailScanner/reports/en %rules-dir% = /etc/MailScanner/rules %mcp-dir% = /etc/MailScanner/mcp Max Children = 5 Run As User = Run As Group = Queue Scan Interval = 5 Incoming Queue Dir = /var/spool/mqueue.in Outgoing Queue Dir = /var/spool/mqueue Incoming Work Dir = /var/spool/MailScanner/incoming Quarantine Dir = /var/spool/MailScanner/quarantine PID file = /var/run/MailScanner.pid Restart Every = 14400 MTA = sendmail Sendmail = /usr/sbin/sendmail Sendmail2 = /usr/sbin/sendmail Incoming Work User = Incoming Work Group = Incoming Work Permissions = 0600 Quarantine User = root Quarantine Group = apache Quarantine Permissions = 0660 Max Unscanned Bytes Per Scan = 100000000 Max Unsafe Bytes Per Scan = 50000000 Max Unscanned Messages Per Scan = 30 Max Unsafe Messages Per Scan = 30 Max Normal Queue Size = 1000 Scan Messages = yes Reject Message = no Maximum Attachments Per Message = 200 Expand TNEF = yes Use TNEF Contents = replace Deliver Unparsable TNEF = yes TNEF Expander = /usr/bin/tnef --maxsize=100000000 TNEF Timeout = 120 File Command = File Timeout = 20 Unrar Command =# /usr/bin/unrar Unrar Timeout = 50 Find UU-Encoded Files = no Maximum Message Size = 0 Maximum Attachment Size = -1 Minimum Attachment Size = -1 Maximum Archive Depth = 4 Find Archives By Content = yes Virus Scanning = %rules-dir%/virus.rules Virus Scanners = clamavmodule Virus Scanner Timeout = 300 Deliver Disinfected Files = no Silent Viruses = All-Viruses Still Deliver Silent Viruses = no Non-Forging Viruses = Zip-Password Block Encrypted Messages = no Block Unencrypted Messages = no Allow Password-Protected Archives = yes Allowed Sophos Error Messages = Sophos IDE Dir = /usr/local/Sophos/ide Sophos Lib Dir = /usr/local/Sophos/lib Monitors For Sophos Updates = /usr/local/Sophos/ide/*ides.zip Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd ClamAVmodule Maximum Recursion Level = 8 ClamAVmodule Maximum Files = 1000 ClamAVmodule Maximum File Size = 100000000 # (100 Mbytes) ClamAVmodule Maximum Compression Ratio = 0 Dangerous Content Scanning = yes Allow Partial Messages = no Allow External Message Bodies = %rules-dir%/ext.message.rules Find Phishing Fraud = yes Also Find Numeric Phishing = yes Highlight Phishing Fraud = yes Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf Allow IFrame Tags = disarm Allow Form Tags = disarm Allow Script Tags = disarm Allow WebBugs = disarm Allow Object Codebase Tags = disarm Convert Dangerous HTML To Text = %rules-dir%/dangerous.html.rules Convert HTML To Text = no Allow Filenames = Deny Filenames = Filename Rules = %rules-dir%/filename.rules Allow Filetypes = Deny Filetypes = Filetype Rules = %etc-dir%/filetype.rules.conf Quarantine Infections = yes Quarantine Silent Viruses = yes Quarantine Modified Body = yes Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = no Keep Spam And MCP Archive Clean = no Language Strings = %report-dir%/languages.conf Rejection Report = %report-dir%/rejection.report.txt Deleted Bad Content Message Report = %report-dir%/deleted.content.message.txt Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt Stored Bad Content Message Report = %report-dir%/stored.content.message.txt Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt Stored Virus Message Report = %report-dir%/stored.virus.message.txt Disinfected Report = %report-dir%/disinfected.report.txt Inline HTML Signature = %rules-dir%/sig.html.rules Inline Text Signature = %rules-dir%/sig.txt.rules Inline HTML Warning = %report-dir%/inline.warning.html Inline Text Warning = %report-dir%/inline.warning.txt Sender Content Report = %report-dir%/sender.content.report.txt Sender Error Report = %report-dir%/sender.error.report.txt Sender Bad Filename Report = %report-dir%/sender.filename.report.txt Sender Virus Report = %report-dir%/sender.virus.report.txt Hide Incoming Work Dir = yes Include Scanner Name In Reports = yes Mail Header = X-MailScanner-%org-name%: Spam Header = X-MailScanner-%org-name%-SpamCheck: Spam Score Header = X-MailScanner-%org-name%-SpamScore: Add Envelope From Header = yes Add Envelope To Header = no Envelope From Header = X-MailScanner-From: Envelope To Header = X-MailScanner-To: Spam Score Character = s SpamScore Number Instead Of Stars = no Minimum Stars If On Spam List = 0 Clean Header Value = Found to be clean Infected Header Value = Found to be infected Disinfected Header Value = Disinfected Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = yes Multiple Headers = append Hostname = the MailScanner Sign Messages Already Processed = no Sign Clean Messages = %rules-dir%/signing.rules Mark Infected Messages = yes Mark Unscanned Messages = yes Unscanned Header Value = Not scanned: please contact your Internet E-Mail Service Provider for details Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: Deliver Cleaned Messages = %rules-dir%/deliver.cleaned.rules Notify Senders = %rules-dir%/notify.senders.rules Notify Senders Of Viruses = yes Notify Senders Of Blocked Filenames Or Filetypes = yes Notify Senders Of Other Blocked Content = yes Never Notify Senders Of Precedence = list bulk Scanned Modify Subject = no # end Scanned Subject Text = {Scanned} Virus Modify Subject = yes Virus Subject Text = {Roke Identified Virus} Filename Modify Subject = yes Filename Subject Text = {Roke Rejected Filename} Content Modify Subject = yes Content Subject Text = {Roke Blocked Content} Disarmed Modify Subject = yes Disarmed Subject Text = {Roke Disarmed Contect} Phishing Modify Subject = no Phishing Subject Text = {{Roke Identified Fraud} Spam Modify Subject = yes Spam Subject Text = {Roke Identified Spam} High Scoring Spam Modify Subject = yes High Scoring Spam Subject Text = {Roke High Spam _SCORE_ } Warning Is Attachment = yes Attachment Warning Filename = RokeVirusWarning.txt Attachment Encoding Charset = us-ascii Archive Mail = Send Notices = yes Notices Include Full Headers = no Hide Incoming Work Dir in Notices = no Notice Signature = -- \nMailScanner\nEmail Virus Scanner Notices From = MailScanner Notices To = viruswarnings@roke.co.uk Local Postmaster = postmaster Spam List Definitions = /etc/MailScanner/spam.lists.conf Virus Scanner Definitions = /etc/MailScanner/virus.scanners.conf Spam Checks = /etc/MailScanner/rules/spam.check.rules Spam List = # ORDB-RBL # Infinite-Monkeys # MAPS-RBL+ costs money (except .ac.uk) Spam Domain List = Spam Lists To Be Spam = 1 Spam Lists To Reach High Score = 5 Spam List Timeout = 20 Max Spam List Timeouts = 7 Spam List Timeouts History = 10 Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules Is Definitely Spam = %rules-dir%/spam.blacklist.rules Definite Spam Is High Scoring = %rules-dir%/spam.blacklist.high.rules Ignore Spam Whitelist If Recipients Exceed = 20 Use SpamAssassin = %rules-dir%/spam.check.rules Max SpamAssassin Size = 90000 Required SpamAssassin Score = 5 High SpamAssassin Score = 10 SpamAssassin Auto Whitelist = no SpamAssassin Timeout = 120 Max SpamAssassin Timeouts = 20 SpamAssassin Timeouts History = 30 Check SpamAssassin If On Spam List = yes Spam Score = yes Cache SpamAssassin Results = yes SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db Rebuild Bayes Every = 7200 Wait During Bayes Rebuild = yes Use Custom Spam Scanner = no Max Custom Spam Scanner Size = 20000 Custom Spam Scanner Timeout = 20 Max Custom Spam Scanner Timeouts = 10 Custom Spam Scanner Timeout History = 20 Spam Actions = store attachment deliver High Scoring Spam Actions = forward spamcheck@roke.co.uk Non Spam Actions = deliver Sender Spam Report = %report-dir%/sender.spam.report.txt Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt Inline Spam Warning = %report-dir%/inline.spam.warning.txt Recipient Spam Report = %report-dir%/recipient.spam.report.txt Enable Spam Bounce = %rules-dir%/bounce.rules Bounce Spam As Attachment = no Syslog Facility = mail Log Speed = yes Log Spam = no Log Non Spam = no Log Permitted Filenames = no Log Permitted Filetypes = no Log Silent Viruses = no Log Dangerous HTML Tags = no SpamAssassin User State Dir = SpamAssassin Install Prefix = SpamAssassin Site Rules Dir = /etc/mail/spamassassin SpamAssassin Local Rules Dir = SpamAssassin Default Rules Dir = MCP Checks = no First Check = mcp MCP Required SpamAssassin Score = 1 MCP High SpamAssassin Score = 10 MCP Error Score = 1 MCP Header = X-%org-name%-MailScanner-MCPCheck: Non MCP Actions = deliver MCP Actions = deliver High Scoring MCP Actions = deliver Bounce MCP As Attachment = no MCP Modify Subject = yes MCP Subject Text = {MCP?} High Scoring MCP Modify Subject = yes High Scoring MCP Subject Text = {MCP?} Is Definitely MCP = no Is Definitely Not MCP = no Definite MCP Is High Scoring = no Always Include MCP Report = no Detailed MCP Report = yes Include Scores In MCP Report = no Log MCP = no MCP Max SpamAssassin Timeouts = 20 MCP Max SpamAssassin Size = 100000 MCP SpamAssassin Timeout = 10 MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf MCP SpamAssassin User State Dir = MCP SpamAssassin Local Rules Dir = %mcp-dir% MCP SpamAssassin Default Rules Dir = %mcp-dir% MCP SpamAssassin Install Prefix = %mcp-dir% Recipient MCP Report = %report-dir%/recipient.mcp.report.txt Sender MCP Report = %report-dir%/sender.mcp.report.txt Use Default Rules With Multiple Recipients = no Spam Score Number Format = %d MailScanner Version Number = 4.51.6 SpamAssassin Cache Timings = 1800,300,10800,172800,600 Debug = no Debug SpamAssassin = no Run In Foreground = no Always Looked Up Last = &MailWatchLogging Always Looked Up Last After Batch = no Deliver In Background = yes Delivery Method = batch Split Exim Spool = no Lockfile Dir = /tmp Custom Functions Dir = /usr/lib/MailScanner/MailScanner/CustomFunctions Lock Type = posix Minimum Code Status = supported Dean From MailScanner at ecs.soton.ac.uk Fri Mar 31 14:03:39 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 31 14:03:54 2006 Subject: Exclude IP from Mailscanner In-Reply-To: References: Message-ID: <1DB695D8-AE15-414E-877B-40193B11B494@ecs.soton.ac.uk> From: 10.2.3.4 no FromOrTo: default yes Put that in /etc/MailScanner/rules/scan.messages.rules Then set Scan Messages = %rules-dir%/scan.messages.rules in MailScanner.conf. Then reload or restart MailScanner. On 31 Mar 2006, at 12:16, Chris Boyd wrote: > I've never written a rule for Mailscanner. Could anyone give an > example of how to exclude an IP (ie mail coming from this IP) from > being processed by Mailscanner. > TIA > > > > ----------------------------------------------------------------- > This email message is intended only for the addressee(s) > and contains information that may be confidential and/or > copyrighted. If you are not the intended recipient please > notify the sender by reply email and immediately delete > this email. Use, disclosure or reproduction of this email > by anyone other than the intended recipient(s) is strictly > prohibited. USIT has scanned this email for viruses and > dangerous content and believes it to be clean. However, > virus scanning is ultimately the responsibility of the recipient. > ----------------------------------------------------------------- > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Mar 31 14:06:42 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 31 14:06:56 2006 Subject: Normal mail in quarantine In-Reply-To: <2181C5F19DD0254692452BFF3EAF1D6801527B4A@rsys005a.comm.ad.roke.co.uk> References: <2181C5F19DD0254692452BFF3EAF1D6801527B4A@rsys005a.comm.ad.roke.co.uk> Message-ID: On 31 Mar 2006, at 13:34, Plant, Dean wrote: > Julian Field wrote: >> On 31 Mar 2006, at 11:52, Plant, Dean wrote: >> >>> I have just gone live with an upgraded MailScanner server and >>> noticed >>> that some non spam & non dangerous mail is being stored in >>> quarantine. Any idea's to what I may have configured incorrectly. >> >> Take a look at this option: >> >> # Do you want to stop any virus-infected spam getting into the spam >> or MCP >> # archives? If you have a system where users can release messages >> from the >> # spam or MCP archives, then you probably want to stop them being >> able to >> # release any infected messages, so set this to yes. >> # It is set to no by default as it causes a small hit in performance, >> and >> # many people don't allow users to access the spam quarantine, so >> don't # need it. >> # This can also be the filename of a ruleset. >> Keep Spam And MCP Archive Clean = no > > I'm not sure if I am understanding that option or I have not clearly > worded my question. My problem is that I am intermittingly getting > email > that is clean of viruses with spam scores below 5 (i.e. clean > messages) > stored in quarantine. These mails should be passing through the relay > and not be stored at all. > > My Non Spam Actions is set to deliver only. The messages being wrongly > stored are going into /var/spool/MailScanner/quarantine/20060331 In which case it's not the non-spam actions causing the problem. I would check in your logs to see what MailScanner thought of some of the messages which you think haven't got viruses in them, the message id is always logged against the report. > > > My MailScanner.conf > > %org-name% = roke.co.uk > %org-long-name% = RSYS002X\nRoke Manor Research Ltd > %web-site% = www.roke.co.uk > %etc-dir% = /etc/MailScanner > %report-dir% = /etc/MailScanner/reports/en > %rules-dir% = /etc/MailScanner/rules > %mcp-dir% = /etc/MailScanner/mcp > Max Children = 5 > Run As User = > Run As Group = > Queue Scan Interval = 5 > Incoming Queue Dir = /var/spool/mqueue.in > Outgoing Queue Dir = /var/spool/mqueue > Incoming Work Dir = /var/spool/MailScanner/incoming > Quarantine Dir = /var/spool/MailScanner/quarantine > PID file = /var/run/MailScanner.pid > Restart Every = 14400 > MTA = sendmail > Sendmail = /usr/sbin/sendmail > Sendmail2 = /usr/sbin/sendmail > Incoming Work User = > Incoming Work Group = > Incoming Work Permissions = 0600 > Quarantine User = root > Quarantine Group = apache > Quarantine Permissions = 0660 > Max Unscanned Bytes Per Scan = 100000000 > Max Unsafe Bytes Per Scan = 50000000 > Max Unscanned Messages Per Scan = 30 > Max Unsafe Messages Per Scan = 30 > Max Normal Queue Size = 1000 > Scan Messages = yes > Reject Message = no > Maximum Attachments Per Message = 200 > Expand TNEF = yes > Use TNEF Contents = replace > Deliver Unparsable TNEF = yes > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > TNEF Timeout = 120 > File Command = > File Timeout = 20 > Unrar Command =# /usr/bin/unrar > Unrar Timeout = 50 > Find UU-Encoded Files = no > Maximum Message Size = 0 > Maximum Attachment Size = -1 > Minimum Attachment Size = -1 > Maximum Archive Depth = 4 > Find Archives By Content = yes > Virus Scanning = %rules-dir%/virus.rules > Virus Scanners = clamavmodule > Virus Scanner Timeout = 300 > Deliver Disinfected Files = no > Silent Viruses = All-Viruses > Still Deliver Silent Viruses = no > Non-Forging Viruses = Zip-Password > Block Encrypted Messages = no > Block Unencrypted Messages = no > Allow Password-Protected Archives = yes > Allowed Sophos Error Messages = > Sophos IDE Dir = /usr/local/Sophos/ide > Sophos Lib Dir = /usr/local/Sophos/lib > Monitors For Sophos Updates = /usr/local/Sophos/ide/*ides.zip > Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd > ClamAVmodule Maximum Recursion Level = 8 > ClamAVmodule Maximum Files = 1000 > ClamAVmodule Maximum File Size = 100000000 # (100 Mbytes) > ClamAVmodule Maximum Compression Ratio = 0 > Dangerous Content Scanning = yes > Allow Partial Messages = no > Allow External Message Bodies = %rules-dir%/ext.message.rules > Find Phishing Fraud = yes > Also Find Numeric Phishing = yes > Highlight Phishing Fraud = yes > Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf > Allow IFrame Tags = disarm > Allow Form Tags = disarm > Allow Script Tags = disarm > Allow WebBugs = disarm > Allow Object Codebase Tags = disarm > Convert Dangerous HTML To Text = %rules-dir%/dangerous.html.rules > Convert HTML To Text = no > Allow Filenames = > Deny Filenames = > Filename Rules = %rules-dir%/filename.rules > Allow Filetypes = > Deny Filetypes = > Filetype Rules = %etc-dir%/filetype.rules.conf > Quarantine Infections = yes > Quarantine Silent Viruses = yes > Quarantine Modified Body = yes > Quarantine Whole Message = yes > Quarantine Whole Messages As Queue Files = no > Keep Spam And MCP Archive Clean = no > Language Strings = %report-dir%/languages.conf > Rejection Report = %report-dir%/rejection.report.txt > Deleted Bad Content Message Report = > %report-dir%/deleted.content.message.txt > Deleted Bad Filename Message Report = > %report-dir%/deleted.filename.message.txt > Deleted Virus Message Report = > %report-dir%/deleted.virus.message.txt > Stored Bad Content Message Report = > %report-dir%/stored.content.message.txt > Stored Bad Filename Message Report = > %report-dir%/stored.filename.message.txt > Stored Virus Message Report = > %report-dir%/stored.virus.message.txt > Disinfected Report = %report-dir%/disinfected.report.txt > Inline HTML Signature = %rules-dir%/sig.html.rules > Inline Text Signature = %rules-dir%/sig.txt.rules > Inline HTML Warning = %report-dir%/inline.warning.html > Inline Text Warning = %report-dir%/inline.warning.txt > Sender Content Report = %report-dir%/sender.content.report.txt > Sender Error Report = %report-dir%/sender.error.report.txt > Sender Bad Filename Report = %report-dir%/sender.filename.report.txt > Sender Virus Report = %report-dir%/sender.virus.report.txt > Hide Incoming Work Dir = yes > Include Scanner Name In Reports = yes > Mail Header = X-MailScanner-%org-name%: > Spam Header = X-MailScanner-%org-name%-SpamCheck: > Spam Score Header = X-MailScanner-%org-name%-SpamScore: > Add Envelope From Header = yes > Add Envelope To Header = no > Envelope From Header = X-MailScanner-From: > Envelope To Header = X-MailScanner-To: > Spam Score Character = s > SpamScore Number Instead Of Stars = no > Minimum Stars If On Spam List = 0 > Clean Header Value = Found to be clean > Infected Header Value = Found to be infected > Disinfected Header Value = Disinfected > Detailed Spam Report = yes > Include Scores In SpamAssassin Report = yes > Always Include SpamAssassin Report = yes > Multiple Headers = append > Hostname = the MailScanner > Sign Messages Already Processed = no > Sign Clean Messages = %rules-dir%/signing.rules > Mark Infected Messages = yes > Mark Unscanned Messages = yes > Unscanned Header Value = Not scanned: please contact your Internet > E-Mail Service Provider for details > Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: > Deliver Cleaned Messages = %rules-dir%/deliver.cleaned.rules > Notify Senders = %rules-dir%/notify.senders.rules > Notify Senders Of Viruses = yes > Notify Senders Of Blocked Filenames Or Filetypes = yes > Notify Senders Of Other Blocked Content = yes > Never Notify Senders Of Precedence = list bulk > Scanned Modify Subject = no # end > Scanned Subject Text = {Scanned} > Virus Modify Subject = yes > Virus Subject Text = {Roke Identified Virus} > Filename Modify Subject = yes > Filename Subject Text = {Roke Rejected Filename} > Content Modify Subject = yes > Content Subject Text = {Roke Blocked Content} > Disarmed Modify Subject = yes > Disarmed Subject Text = {Roke Disarmed Contect} > Phishing Modify Subject = no > Phishing Subject Text = {{Roke Identified Fraud} > Spam Modify Subject = yes > Spam Subject Text = {Roke Identified Spam} > High Scoring Spam Modify Subject = yes > High Scoring Spam Subject Text = {Roke High Spam _SCORE_ } > Warning Is Attachment = yes > Attachment Warning Filename = RokeVirusWarning.txt > Attachment Encoding Charset = us-ascii > Archive Mail = > Send Notices = yes > Notices Include Full Headers = no > Hide Incoming Work Dir in Notices = no > Notice Signature = -- \nMailScanner\nEmail Virus Scanner > Notices From = MailScanner > Notices To = viruswarnings@roke.co.uk > Local Postmaster = postmaster > Spam List Definitions = /etc/MailScanner/spam.lists.conf > Virus Scanner Definitions = /etc/MailScanner/virus.scanners.conf > Spam Checks = /etc/MailScanner/rules/spam.check.rules > Spam List = # ORDB-RBL # Infinite-Monkeys # MAPS-RBL+ costs money > (except .ac.uk) > Spam Domain List = > Spam Lists To Be Spam = 1 > Spam Lists To Reach High Score = 5 > Spam List Timeout = 20 > Max Spam List Timeouts = 7 > Spam List Timeouts History = 10 > Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules > Is Definitely Spam = %rules-dir%/spam.blacklist.rules > Definite Spam Is High Scoring = %rules-dir%/spam.blacklist.high.rules > Ignore Spam Whitelist If Recipients Exceed = 20 > Use SpamAssassin = %rules-dir%/spam.check.rules > Max SpamAssassin Size = 90000 > Required SpamAssassin Score = 5 > High SpamAssassin Score = 10 > SpamAssassin Auto Whitelist = no > SpamAssassin Timeout = 120 > Max SpamAssassin Timeouts = 20 > SpamAssassin Timeouts History = 30 > Check SpamAssassin If On Spam List = yes > Spam Score = yes > Cache SpamAssassin Results = yes > SpamAssassin Cache Database File = > /var/spool/MailScanner/incoming/SpamAssassin.cache.db > Rebuild Bayes Every = 7200 > Wait During Bayes Rebuild = yes > Use Custom Spam Scanner = no > Max Custom Spam Scanner Size = 20000 > Custom Spam Scanner Timeout = 20 > Max Custom Spam Scanner Timeouts = 10 > Custom Spam Scanner Timeout History = 20 > Spam Actions = store attachment deliver > High Scoring Spam Actions = forward spamcheck@roke.co.uk > Non Spam Actions = deliver > Sender Spam Report = %report-dir%/sender.spam.report.txt > Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt > Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt > Inline Spam Warning = %report-dir%/inline.spam.warning.txt > Recipient Spam Report = %report-dir%/recipient.spam.report.txt > Enable Spam Bounce = %rules-dir%/bounce.rules > Bounce Spam As Attachment = no > Syslog Facility = mail > Log Speed = yes > Log Spam = no > Log Non Spam = no > Log Permitted Filenames = no > Log Permitted Filetypes = no > Log Silent Viruses = no > Log Dangerous HTML Tags = no > SpamAssassin User State Dir = > SpamAssassin Install Prefix = > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > SpamAssassin Local Rules Dir = > SpamAssassin Default Rules Dir = > MCP Checks = no > First Check = mcp > MCP Required SpamAssassin Score = 1 > MCP High SpamAssassin Score = 10 > MCP Error Score = 1 > MCP Header = X-%org-name%-MailScanner-MCPCheck: > Non MCP Actions = deliver > MCP Actions = deliver > High Scoring MCP Actions = deliver > Bounce MCP As Attachment = no > MCP Modify Subject = yes > MCP Subject Text = {MCP?} > High Scoring MCP Modify Subject = yes > High Scoring MCP Subject Text = {MCP?} > Is Definitely MCP = no > Is Definitely Not MCP = no > Definite MCP Is High Scoring = no > Always Include MCP Report = no > Detailed MCP Report = yes > Include Scores In MCP Report = no > Log MCP = no > MCP Max SpamAssassin Timeouts = 20 > MCP Max SpamAssassin Size = 100000 > MCP SpamAssassin Timeout = 10 > MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf > MCP SpamAssassin User State Dir = > MCP SpamAssassin Local Rules Dir = %mcp-dir% > MCP SpamAssassin Default Rules Dir = %mcp-dir% > MCP SpamAssassin Install Prefix = %mcp-dir% > Recipient MCP Report = %report-dir%/recipient.mcp.report.txt > Sender MCP Report = %report-dir%/sender.mcp.report.txt > Use Default Rules With Multiple Recipients = no > Spam Score Number Format = %d > MailScanner Version Number = 4.51.6 > SpamAssassin Cache Timings = 1800,300,10800,172800,600 > Debug = no > Debug SpamAssassin = no > Run In Foreground = no > Always Looked Up Last = &MailWatchLogging > Always Looked Up Last After Batch = no > Deliver In Background = yes > Delivery Method = batch > Split Exim Spool = no > Lockfile Dir = /tmp > Custom Functions Dir = /usr/lib/MailScanner/MailScanner/ > CustomFunctions > Lock Type = posix > Minimum Code Status = supported > > Dean > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dean.plant at roke.co.uk Fri Mar 31 14:10:17 2006 From: dean.plant at roke.co.uk (Plant, Dean) Date: Fri Mar 31 14:10:29 2006 Subject: Normal mail in quarantine Message-ID: <2181C5F19DD0254692452BFF3EAF1D6801527B4B@rsys005a.comm.ad.roke.co.uk> Plant, Dean wrote: > Julian Field wrote: >> On 31 Mar 2006, at 11:52, Plant, Dean wrote: >> >>> I have just gone live with an upgraded MailScanner server and >>> noticed that some non spam & non dangerous mail is being stored in >>> quarantine. Any idea's to what I may have configured incorrectly. >> >> Take a look at this option: >> >> # Do you want to stop any virus-infected spam getting into the spam >> or MCP # archives? If you have a system where users can release >> messages from the # spam or MCP archives, then you probably want to >> stop them being able to # release any infected messages, so set this >> to yes. # It is set to no by default as it causes a small hit in >> performance, and # many people don't allow users to access the spam >> quarantine, so don't # need it. # This can also be the filename of a >> ruleset. >> Keep Spam And MCP Archive Clean = no > > I'm not sure if I am understanding that option or I have not clearly > worded my question. My problem is that I am intermittingly getting > email that is clean of viruses with spam scores below 5 (i.e. clean > messages) stored in quarantine. These mails should be passing through > the relay and not be stored at all. > > My Non Spam Actions is set to deliver only. The messages being wrongly > stored are going into /var/spool/MailScanner/quarantine/20060331 > > Ok, I see whats happening now, looks like I have been caught out by one of the newer features. If I had spent more time looking at the log files rather than looking in mailwatch I would have seen this. The messages being quarantined are disarmed messages, Content Checks: Detected and have disarmed web bug, form, form input tags in HTML message in k2VCwGBr017217 from bo-b1h6rw4au718qsbaas71hbww96yp3d@b.airlinenetwork.chtah.com Mar 31 13:58:32 rsys002x MailScanner[15255]: Saved entire message to /var/spool/MailScanner/quarantine/20060331/k2VCwGBr017217 It looks like mailwatch 1.0.3 does not support the disarm notification as it says the message is clean, that's what confused me. Thanks for your help. Dean From michele at blacknight.ie Fri Mar 31 14:40:03 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight Solutions) Date: Fri Mar 31 14:40:14 2006 Subject: FW: [Razor-users] Razor2 is open and free. Message-ID: <03d501c654c8$9e300f60$463711d4@arthur> Vipul Ved Prakash <> said on 30 March 2006 20:19: > Folks, > > I am pleased to announce that with the release of razor-agents > 2.81[1] a new service policy has been introduced, that makes the use > of Razor2 service completely open and free. A license introduced in > 2003 restricted usage by third party integrators, but the new license > unencumbers all usage, commercial or otherwise. > > My company, Cloudmark, hosts and manages the backend infrastructure > that Razor2 agents use for reporting spam and checking fingerprints. > Cloudmark retains the right to deny service to anyone abusing the > backend, but will not, under normal circumstances, restrict usage in > any way. > > Share and Enjoy! > > vipul > > [1] > http://prdownloads.sourceforge.net/razor/razor-agents-2.81.tar.bz2?downl > oad > > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking scripting > language that extends applications into web and mobile media. Attend > the live webcast and join the prime developer group breaking into > this new coding territory! > http://sel.as-us.falkag.net/sel?cmd_________________________________________ ______ > Razor-users mailing list > Razor-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/razor-users Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.ie/ http://blog.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From Chris.Boyd at usit.ie Fri Mar 31 14:58:39 2006 From: Chris.Boyd at usit.ie (Chris Boyd) Date: Fri Mar 31 15:04:02 2006 Subject: Exclude IP from Mailscanner Message-ID: My version is 4.43.6 Is there a Scan Messages= parameter already there or must I add it and if so does it matter where? Thanks a million >>> MailScanner@ecs.soton.ac.uk 03/31/06 2:03 >>> From: 10.2.3.4 no FromOrTo: default yes Put that in /etc/MailScanner/rules/scan.messages.rules Then set Scan Messages = %rules-dir%/scan.messages.rules in MailScanner.conf. Then reload or restart MailScanner. On 31 Mar 2006, at 12:16, Chris Boyd wrote: > I've never written a rule for Mailscanner. Could anyone give an > example of how to exclude an IP (ie mail coming from this IP) from > being processed by Mailscanner. > TIA > > > > ----------------------------------------------------------------- > This email message is intended only for the addressee(s) > and contains information that may be confidential and/or > copyrighted. If you are not the intended recipient please > notify the sender by reply email and immediately delete > this email. Use, disclosure or reproduction of this email > by anyone other than the intended recipient(s) is strictly > prohibited. USIT has scanned this email for viruses and > dangerous content and believes it to be clean. However, > virus scanning is ultimately the responsibility of the recipient. > ----------------------------------------------------------------- > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ----------------------------------------------------------------- This email message is intended only for the addressee(s) and contains information that may be confidential and/or copyrighted. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email by anyone other than the intended recipient(s) is strictly prohibited. USIT has scanned this email for viruses and dangerous content and believes it to be clean. However, virus scanning is ultimately the responsibility of the recipient. ----------------------------------------------------------------- From TasNYC at TasNYC.com Fri Mar 31 15:47:39 2006 From: TasNYC at TasNYC.com (Taso Chatziantoniou) Date: Fri Mar 31 15:48:58 2006 Subject: Request for timestamps during debug mode Message-ID: I have rbldnsd running for local dns checks to make it faster and also disabled 20_dnsbl_tests rules. We have also lowered pyzor time outs to 1 second as their servers where having problems We cannot figure out why these batches are taking so long and a time stamp during the debug might help us troubleshoot. Mailscanner version 4.51 Spamassassin 3.1 Blade dual Xeon HT Processor 4.6g 3 gigs of ram Mailscanner child processes set at 24 50,000 - 80,000 emails come through this box everyday (We have 6 boxes) Mar 31 09:28:55 MAILSCANNERSRV MailScanner[32063]: Batch (1 message) processed in 4.82 seconds Mar 31 09:28:59 MAILSCANNERSRV MailScanner[31323]: Batch (1 message) processed in 8.74 seconds Mar 31 09:29:00 MAILSCANNERSRV MailScanner[1224]: Batch (3 messages) processed in 10.10 seconds Mar 31 09:29:05 MAILSCANNERSRV MailScanner[1224]: Batch (1 message) processed in 4.34 seconds Mar 31 09:29:05 MAILSCANNERSRV MailScanner[1340]: Batch (1 message) processed in 13.68 seconds Mar 31 09:29:05 MAILSCANNERSRV MailScanner[710]: Batch (1 message) processed in 10.46 seconds Mar 31 09:29:06 MAILSCANNERSRV MailScanner[1421]: Batch (2 messages) processed in 9.42 seconds Mar 31 09:29:06 MAILSCANNERSRV MailScanner[30852]: Batch (1 message) processed in 4.67 seconds Mar 31 09:29:08 MAILSCANNERSRV MailScanner[651]: Batch (1 message) processed in 12.91 seconds Mar 31 09:29:09 MAILSCANNERSRV MailScanner[32503]: Batch (1 message) processed in 4.43 seconds Mar 31 09:29:09 MAILSCANNERSRV MailScanner[920]: Batch (1 message) processed in 16.43 seconds Mar 31 09:29:09 MAILSCANNERSRV MailScanner[385]: Batch (1 message) processed in 14.61 seconds Mar 31 09:29:09 MAILSCANNERSRV MailScanner[30757]: Batch (2 messages) processed in 17.92 seconds Mar 31 09:29:09 MAILSCANNERSRV MailScanner[31515]: Batch (1 message) processed in 4.96 seconds Mar 31 09:29:09 MAILSCANNERSRV MailScanner[30653]: Batch (1 message) processed in 6.62 seconds Mar 31 09:29:09 MAILSCANNERSRV MailScanner[1131]: Batch (2 messages) processed in 18.20 seconds -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060331/a0733401/attachment.html From shrek-m at gmx.de Fri Mar 31 16:54:48 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Fri Mar 31 16:54:52 2006 Subject: sophos-av 5.0 linux Message-ID: <442D50C8.60203@gmx.de> hi, can mailscanner handle sophos-av 5.0 for linux ? http://www.sophos.com/pressoffice/news/articles/2006/03/linuxonaccess.html?pl_id=9&lang_id=1&lp_keyword=savlinux the default installation path is /opt/sophos-av/ the default gui port is http://localhost:8081/ # /opt/sophos-av/engine/savscan.base --version SWEEP virus detection utility Copyright (c) 1989-2006 Sophos Plc, www.sophos.com System time 17:41:08, System date 31 March 2006 Product version : 4.02.0 Engine version : 2.32.14 Virus data version : 4.02 User interface version : 2.07.129 Platform : Linux/Intel Released : 06 February 2006 Total viruses (with IDEs) : 119241 Warning: Using English language - message file and Sweep have different version numbers. # /opt/sophos-av/update/savupdate.sh Downloading http://es-web.sophos.com/update/savlinux/master.upd 268 bytes downloaded in 0,994439 secs (269,498648 B/s) /opt/sophos-av/update/cache/LOCAL/PACKAGE/savi/cidsync.upd is up to date /opt/sophos-av/update/cache/LOCAL/PACKAGE/sav-linux/cidsync.upd is up to date /opt/sophos-av/update/cache/LOCAL/PACKAGE/doc/cidsync.upd is up to date /opt/sophos-av/update/cache/LOCAL/PACKAGE/root.upd is up to date /opt/sophos-av/update/cache/LOCAL/PACKAGE/talpa/cidsync.upd is up to date Downloading http://es-web.sophos.com/update/savlinux/config/index.spec Failed to download http://es-web.sophos.com/update/savlinux/config/index.spec Downloading http://es-web.sophos.com/update/savlinux/talpa-custom/index.spec Failed to download http://es-web.sophos.com/update/savlinux/talpa-custom/index.spec Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/savi/manifest.dat in 0,383432 seconds Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/sav-linux/manifest.dat in 1,437221 seconds Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/doc/manifest.dat in 0,165241 seconds Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/root_manifest.dat in 0,135771 seconds Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/talpa/manifest.dat in 0,178662 seconds Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/root_manifest.dat in 0,121840 seconds Successfully updated Sophos Anti-Virus -- shrek-m From roger at rudnick.com.br Fri Mar 31 18:09:29 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Fri Mar 31 18:10:47 2006 Subject: Sendmail Upgrade, other problem Message-ID: <00e901c654e5$dfc34c40$0600a8c0@roger> Hello, Julian. About the reply to the command you asked me, any news? sendmail -d0.1 -d0.4 -bt Version 8.13.6 > Compiled with: DNSMAP LDAPMAP FSTATMAP LOG MAP_REGEX MATCHGECOS MILTER > MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETUNIX NEWDB NIS > PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS USERDB USE_LDAP_INIT > Canonical name: mail.rudnick.com.br > UUCP nodename: mail.rudnick.com.br > a.k.a.: mail > a.k.a.: [172.16.0.1] > > ============ SYSTEM IDENTITY (after readcf) ============ > (short domain name) $w = mail > (canonical domain name) $j = mail.rudnick.com.br > (subdomain name) $m = rudnick.com.br > (node name) $k = mail.rudnick.com.br > ======================================================== > > ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) > Enter
This problem is really strange. I don't found anything similar searching on the net (with a solution). ----- Original Message ----- From: "Roger Jochem" To: "MailScanner discussion" Sent: Thursday, March 30, 2006 2:52 PM Subject: Re: Sendmail Upgrade, other problem > It returns > > Version 8.13.6 > Compiled with: DNSMAP LDAPMAP FSTATMAP LOG MAP_REGEX MATCHGECOS MILTER > MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETUNIX NEWDB NIS > PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS USERDB USE_LDAP_INIT > Canonical name: mail.rudnick.com.br > UUCP nodename: mail.rudnick.com.br > a.k.a.: mail > a.k.a.: [172.16.0.1] > > ============ SYSTEM IDENTITY (after readcf) ============ > (short domain name) $w = mail > (canonical domain name) $j = mail.rudnick.com.br > (subdomain name) $m = rudnick.com.br > (node name) $k = mail.rudnick.com.br > ======================================================== > > ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) > Enter
>> > > ----- Original Message ----- > From: "Julian Field" > To: "MailScanner discussion" > Sent: Thursday, March 30, 2006 2:43 PM > Subject: Re: Sendmail Upgrade, other problem > > >> Can you do this and send the output: >> >> sendmail -d0.1 -d0.4 -bt > >> Roger Jochem wrote: >>> But it is (and was already) configured as posix. I upgraded from 8.13.1 >>> to 8.13.6, and then the problem started to appear. >>> >>> ----- Original Message ----- From: "Julian Field" >>> To: "MailScanner discussion" >>> Sent: Friday, March 24, 2006 7:33 AM >>> Subject: Re: Sendmail Upgrade, other problem >>> >>> >>>> If you are running on Linux and have upgraded from sendmail 8.12 or >>>> earlier to 8.13 then you need to set >>>> Lock Type = >>>> or >>>> Lock Type = posix >>>> depending on your version of MailScanner. Setting it to "posix" >>>> explicitly is clearer. >>>> >>>> On 24 Mar 2006, at 10:23, Roger Jochem wrote: >>>> >>>>> After the sendmail upgrade to 8.13.6, some of my messages come with >>>>> no body, and the text "<<< No Message Collected >>>" in the body... >>>>> They appear twice in the users inbox, one with this body, and one ok >>>>> message (with the original body). >>>>> >>>>> In Mailwatch this messages appear with two times the header info. >>>>> Very strange... >>>>> >>>>> Anybody facing the same problem, or maybe could give some ideas of >>>>> what's causing that? >>>>> >>>>> Regards >>>>> >>>>> Roger Jochem >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>> >>>> -- >>>> Julian Field >>>> jkf@ecs.soton.ac.uk >>>> Teaching Systems Manager >>>> Electronics & Computer Science >>>> University of Southampton >>>> SO17 1BJ, UK >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! From richard.siddall at elirion.net Fri Mar 31 18:23:44 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Fri Mar 31 18:24:08 2006 Subject: Phishing fraud undetected In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580BB1A10B@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580BB1A10B@isabella.herefordshire.gov.uk> Message-ID: <442D65A0.4040002@elirion.net> Randal, Phil wrote: > Steve Basford has a ClamAV phishing database over at > > http://www.sanesecurity.com/clamav/ > > Dennis Davis at the University of Bath wrote a script to fetch it - > here's my version: > [snip] > service MailScanner reload [snip] Presumably you only need to reload MailScanner if you're using Mail::ClamAV instead of the command line version of Clam. Has anyone tried integrating the downloading of supplemental ClamAV signatures into freshclam or MailScanner's update_virus_scanners? (I did not see any obvious way of doing it with freshclam.) Regards, Richard Siddall From maicon at raidbr.com.br Fri Mar 31 18:49:27 2006 From: maicon at raidbr.com.br (Maicon Triches) Date: Fri Mar 31 18:49:59 2006 Subject: notify Message-ID: <442D6BA7.6080601@raidbr.com.br> how can I to mailscanner it to only send message of annex blocked for the shipper and don't for the destinatario? example: fulano@dominio.com orders email with annex blocked for ciclano@dominio.com.br and the someone receives that the blocked annex and the ciclado one receive that the message without the annex I contend information q the annex I was blocked... don't I want that the destinatario receives this... Maik From alex at nkpanama.com Fri Mar 31 20:21:20 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Mar 31 20:21:47 2006 Subject: notify In-Reply-To: <442D6BA7.6080601@raidbr.com.br> References: <442D6BA7.6080601@raidbr.com.br> Message-ID: <442D8130.8090709@nkpanama.com> Anybody here fluent in portuguese? Maybe someone could help him ask a question more coherently. It's probably something as simple as "use a ruleset" and "separate the queues for separate recipients" but I can't make heads or tails of what he's asking. Maicon Triches wrote: > how can I to mailscanner it to only send message of annex blocked for > the shipper and don't for the destinatario? example: > fulano@dominio.com orders email with annex blocked for > ciclano@dominio.com.br and the someone receives that the blocked annex > and the ciclado one receive that the message without the annex I > contend information q the annex I was blocked... don't I want that the > destinatario receives this... > > Maik From roger at rudnick.com.br Fri Mar 31 20:34:58 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Fri Mar 31 20:35:18 2006 Subject: notify References: <442D6BA7.6080601@raidbr.com.br> <442D8130.8090709@nkpanama.com> Message-ID: <02af01c654fa$320ce1a0$0600a8c0@roger> I will ask him. --------------- Ol?, Maicon. Tem como voc? me explicar em portugu?s o que voc? quer? A? eu tento traduzir melhor para a lista. Confesso que tamb?m n?o entendi a sua pergunta em ingl?s. Ficou meio confuso... ----- Original Message ----- From: "Alex Neuman van der Hans" To: "MailScanner discussion" Sent: Friday, March 31, 2006 4:21 PM Subject: Re: notify > Anybody here fluent in portuguese? Maybe someone could help him ask a > question more coherently. It's probably something as simple as "use a > ruleset" and "separate the queues for separate recipients" but I can't > make heads or tails of what he's asking. > > Maicon Triches wrote: >> how can I to mailscanner it to only send message of annex blocked for the >> shipper and don't for the destinatario? example: fulano@dominio.com >> orders email with annex blocked for ciclano@dominio.com.br and the >> someone receives that the blocked annex and the ciclado one receive that >> the message without the annex I contend information q the annex I was >> blocked... don't I want that the destinatario receives this... >> >> Maik > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From realmcking at gmail.com Fri Mar 31 20:50:35 2006 From: realmcking at gmail.com (Mark McCoy) Date: Fri Mar 31 20:50:38 2006 Subject: mqueue and mqueue.in have more files than necessary ... should I worry? In-Reply-To: References: <625385e30603300641j11c6fb62w313e8f20a4da11@mail.gmail.com> Message-ID: Do a 'man find' first. On some Unices, "-mtime +3" means "older than 3 minutes", not "older than 3 days". On 3/31/06, Jeff A. Earickson wrote: > First, figure out the maximum time that you hold email before returning > it as undeliverable. Mine is three days, eg "Timeout.queuereturn=3d" > in my sendmail settings. Then cd to the queue directory in question, > and do: > > find . -mtime +3 -print | xargs rm > > Voila, old files are gone. No need to stop sendmail or MailScanner. > > Jeff Earickson > Colby College > > On Fri, 31 Mar 2006, TAC Forums wrote: > > > Date: Fri, 31 Mar 2006 08:17:19 +0530 > > From: TAC Forums > > Reply-To: MailScanner discussion > > To: MailScanner discussion > > Subject: Re: mqueue and mqueue.in have more files than necessary ... should I > > worry? > > > >> Anyway, Sendmail will not be able to do anything about it now > >> so you may as well delete those files to gain some speed, huge amount > >> of files in a single directory makes it slow. > > > > Ah! ... that's incentive enough to make me want to delete these files. :-) > > > > Any tips and ideas on a fast way to delete the unwanted files? > > > > Regards > > -- > > TAC Support Team > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Mark McCoy -- Professional Unix geek "On two occasions I have been asked, 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. " -- Charles Babbage From bpumphrey at WoodMacLaw.com Fri Mar 31 21:39:25 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Fri Mar 31 21:39:29 2006 Subject: [Fwd: do you want to invest money ?] - MailScanner did notdetect? Message-ID: <04D932B0071FE34FA63EBB1977B48D15F73ACA@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Billy A. Pumphrey > Sent: Thursday, March 30, 2006 10:21 AM > To: MailScanner discussion > Subject: RE: [Fwd: do you want to invest money ?] - MailScanner did > notdetect? > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Jose Nathaniel G. > Nengasca > > Sent: Wednesday, March 29, 2006 1:53 AM > > To: MailScanner discussion > > Subject: [Fwd: do you want to invest money ?] - MailScanner did not > > detect? > > > > Seems that MailScanner didnt detected this? is this new type of scam? > > pls help.. > > > > Here was my score: > > SpamAssassin Score: 4.52 > Spam Report: Score Matching Rule Description > -2.60 BAYES_00 Bayesian spam probability is 0 to 1% > 0.00 HTML_MESSAGE HTML included in message > 1.72 MSGID_DOLLARS Message-Id has pattern used in spam > -0.00 NO_RELAYS Informational: message was not relayed via SMTP > 1.91 RATWARE_MS_HASH Bulk email fingerprint (msgid ms hash) found > 2.78 RATWARE_OUTLOOK_NONAME Bulk email fingerprint (Outlook no name) > found > 0.72 SARE_HTML_TITLE_MNY HTML Title implies this may be spam > > > I will try those extra rules. > -- Funny.... I put the mangled rule on there and ran it the other day and the score was no different than the above. I did it today and got this: -0.68 AWL From: address is in the auto white-list -2.60 BAYES_00 Bayesian spam probability is 0 to 1% 0.23 FS_START_DOYOU 1.13 FS_START_DOYOU2 0.00 HTML_MESSAGE HTML included in message 1.72 MSGID_DOLLARS Message-Id has pattern used in spam -0.00 NO_RELAYS Informational: message was not relayed via SMTP 1.91 RATWARE_MS_HASH Bulk email fingerprint (msgid ms hash) found 2.78 RATWARE_OUTLOOK_NONAME Bulk email fingerprint (Outlook no name) found 0.72 SARE_HTML_TITLE_MNY HTML Title implies this may be spam I am putting in the rules correctly aren't I: wget the rule and put it in etc/mail/spamassassin do a lint spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf do a mailscanner restart ?? From bpumphrey at WoodMacLaw.com Fri Mar 31 21:49:49 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Fri Mar 31 21:49:53 2006 Subject: [Fwd: do you want to invest money ?] - MailScanner did notdetect? Message-ID: <04D932B0071FE34FA63EBB1977B48D15F73AE2@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth > Sent: Wednesday, March 29, 2006 3:13 AM > To: 'MailScanner discussion' > Subject: RE: [Fwd: do you want to invest money ?] - MailScanner did > notdetect? > > Jose > > Works fine for me - here's the spamassassin rules that hit.. > > Content analysis details: (65.3 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > -0.0 NO_RELAYS Informational: message was not relayed via > SMTP > 2.5 MISSING_HB_SEP Missing blank line between message header and > body > 2.3 MANGLED_FREE BODY: mangled free > 2.3 MANGLED_LIST BODY: mangled list > 2.3 MANGLED_OFF BODY: mangled off > 2.3 MANGLED_DOMAIN BODY: mangled domain > 1.0 SARE_OBFUMONEY2 BODY: masked spam word(s) > 2.3 MANGLED_FORM BODY: mangled form > 2.3 MANGLED_FROM BODY: mangled from > 2.3 MANGLED_VISIT BODY: mangled visit > 2.3 MANGLED_ACCNT BODY: mangled account(s) > 2.3 MANGLED_TEXT BODY: mangled text > 2.3 MANGLED_LOOK BODY: mangled look(s) > 2.3 MANGLED_WANT BODY: mangled want > 2.3 MANGLED_SPAM BODY: mangled spam > 2.3 MANGLED_PRIOR BODY: mangled prior > 2.3 MANGLED_PLEASE BODY: mangled please > 2.3 MANGLED_TRNFER BODY: mangled TRANSFER > 2.3 MANGLED_LOW BODY: mangled low > 2.3 MANGLED_MONEY BODY: mangled money > 2.3 MANGLED_TOOL BODY: mangled tool > 5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100% > [score: 0.9991] > 0.5 SARE_HTML_MLINE_HTTP RAW: MULTI-line http > 1.8 MISSING_SUBJECT Missing Subject: header > 1.7 SARE_OBFU_VISIT2 found apparent obfuscation of word used in > spam > 5.8 BODY_OBFU_WINDOWS Attempt to obfuscated the word 'windows' > 1.0 UOLCC_DOWN Drugs downwards > 0.1 TO_CC_NONE No To: or Cc: header > 2.5 FM_NO_FROM_OR_TO FM_NO_FROM_OR_TO > -0.0 NO_RECEIVED Informational: message has no Received headers > 0.5 FM_NO_TO FM_NO_TO > 1.1 FM_MULTI_ODD2 FM_MULTI_ODD2 > > You'll find the MANGLED rules in > http://www.rulesemporium.com/other-rules.htm/mangled.cf > > There's loads of other useful SA rules at that site too.. > How did your bayes say 99-100 when mine says 0-1%? Here is my "Bayes Database Information" from mailwatch: Bayes Database Information Number of Spam Messages: 82,819 Number of Ham Messages: 299,200 Number of Tokens: 137,758 Oldest Token: Sun, 12 Mar 2006 11:30:39 -0500 Newest Token: Fri, 31 Mar 2006 04:13:57 -0500 Last Journal Sync: Fri, 31 Mar 2006 15:26:27 -0500 Last Expiry: Thu, 16 Mar 2006 17:10:48 -0500 Last Expiry Reduction Count: 13,718 tokens From shrek-m at gmx.de Fri Mar 31 22:39:59 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Fri Mar 31 22:40:08 2006 Subject: sophos-av 5.0 linux In-Reply-To: <442D50C8.60203@gmx.de> References: <442D50C8.60203@gmx.de> Message-ID: <442DA1AF.5000007@gmx.de> > # /opt/sophos-av/engine/savscan.base --version sorry, savscan.base seems to use the old sav-version /usr/local/bin/sweep and /usr/local/sav/ can mailscanner use `savscan` and `savupdate` ? # which savscan /usr/local/bin/savscan # /opt/sophos-av/bin/savscan --version SAVScan Virenerkennungsdienstprogramm Copyright (c) 1989-2006 Sophos Plc, www.sophos.com Systemzeit 23:15:46, Systemdatum 31. M?rz 2006 Produktversion : 4.03.0 Engine Version : 2.32.14 Version Virendaten : 4.04 Benutzeroberfl\uffffche Version : 2.07.129 Plattform : Linux/Intel Ver\uffffffentlicht : 03. April 2006 Gesamtzahl der Viren (mit IDEs) : 120404 the web-gui and the on-access daemons are not necessary # service sav-web stop # chkconfig sav-web off # service sav-protect stop # chkconfig sav-protect off # LANG=C savscan /tmp/ SAVScan virus detection utility Version 4.03.0 [Linux/Intel] Virus data version 4.04, April 2006 Includes detection for 120404 viruses, trojans and worms Copyright (c) 1989-2006 Sophos Plc, www.sophos.com System time 23:32:23, System date 31 March 2006 Quick Scanning 3 files scanned in 2 seconds. No viruses were discovered. End of Scan. > SWEEP virus detection utility > Copyright (c) 1989-2006 Sophos Plc, www.sophos.com > > System time 17:41:08, System date 31 March 2006 > > Product version : 4.02.0 > Engine version : 2.32.14 > Virus data version : 4.02 > User interface version : 2.07.129 > Platform : Linux/Intel > Released : 06 February 2006 > Total viruses (with IDEs) : 119241 -- shrek-m From heath at agdog.com Fri Mar 31 23:06:09 2006 From: heath at agdog.com (Heath Carson) Date: Fri Mar 31 23:06:22 2006 Subject: Inline attachment not inline Message-ID: Hi, I've got MailScanner 4.51.6-1 installed on RHEL4 with Sendmail. Everything is working great except for one thing. Because of the Perl CR LF End of Line bug that is currently affecting MailScanner, I'd like the attachment warnings to be put inline above the message body so my Outlook users don't have to open the Attachment-Warning.txt file with Notepad. So I set "Warning Is Attachment = no", but MailScanner will only put the warning inline if the original message body is empty. If there is any text in the original message body, the warning is always made an attachment rather than being inserted inline at the top of the message body. Is this normal behavior? I can't find anything saying it is or isn't. Thanks! -Heath heath agdog.com