From jrudd at ucsc.edu Mon May 1 02:11:33 2006 From: jrudd at ucsc.edu (John Rudd) Date: Mon May 1 02:11:57 2006 Subject: Rejecting Unknown Non-Local Users with MailScanner (4.47.4-2) In-Reply-To: <44552E1F.2090502@pronet.co.nz> References: <445491CA.4070805@blacknight.ie> <44552E1F.2090502@pronet.co.nz> Message-ID: <1676ef6d85877f9363bd69c27ed47fcb@ucsc.edu> On Apr 30, 2006, at 2:37 PM, Brent Addis wrote: > Michele Neylon :: Blacknight.ie wrote: >> Bernard.Lheureux@ibsbe.be wrote: >> >>> I'm looking for a solution that could allow me to reject unknown >>> non-local users mails that come through a MailRelay (MailScanner >>> 4.47.4-2) but not with posfix, I use Sendmail to relay to an Exchange >>> 2003 server. >>> All the soluces that I found are made for Postfix... >>> I suppose it should also exist for sendmail, do you have an idea >>> where I >>> could find infos about it ? >>> >>> >> >> Milter ahead >> >> >> > Does sendmail not do some sort of callout verification? Most other > MTA's I have used since dropping Sendmail have supported it for a long > time. > > Why run Milter if your MTA has most everything milter does built in? > > http://grep.be/blog/en/retorts/milter-ahead.php?show_comments=yes > Why include in core functionality something which can be modular, site specific behavior, and optional? Why not leave it to "plug-ins" (which is what milters are)? Another answer to the original question: mimedefang (another sendmail milter, and VERY flexible) From jrudd at ucsc.edu Mon May 1 02:22:13 2006 From: jrudd at ucsc.edu (John Rudd) Date: Mon May 1 02:22:36 2006 Subject: how to bock mailservers that have only an ip address In-Reply-To: References: Message-ID: <174f1c3328958f4d88dfbec3b0aceab8@ucsc.edu> On Apr 30, 2006, at 6:45 AM, kte@nexis.be wrote: > I ?there a way to block server who don't have an DNS name but only > resolve to an ip address in sendmail? As you can see, other people like the require_rdns.m4 sendmail hack. I prefer using filter_sender in mimedefang: 1) require_rdns has different return codes than I want for different cases (yes, I could modify require_rdns, but then that gets into hacking a hack which gets bad for long term maintainability) 2) I'm not sure if require_rdns can be made to exempt those in certain IP blocks, those who have done SMTP-AUTH, etc ... but mimedefang can (that's why I do the check in filter_sender instead of filter_relay). 3) mimedefang lets you do LOTS of other checks, is incredibly flexible, and you modify behaviors in perl instead of sendmail cf expressions ... I much prefer perl to sendmail cf files. It can check for recipients on remote relays (similar to milter-ahead), HELO/EHLO verification, and even attachment filename/filetype checks, anti-virus checks, and SpamAssassin. Last week I posted a URL to my mimedefang-filter (which is where all of your site-specific perl code goes). I'm about to re-do it, though (clean up the code some, move some code around to sub-routines so it's easier to customize certain details, have different versions for people who may want to skip virus/attachment/anti-spam checks if they're doing that somewhere else, etc.). I'll post about the update in a couple days. From pete at enitech.com.au Mon May 1 03:42:19 2006 From: pete at enitech.com.au (Peter Russell) Date: Mon May 1 03:42:33 2006 Subject: Recommended SpamAssassin Rules (for RDJ) In-Reply-To: <012d01c66909$3e733e80$3004010a@martinhlaptop> References: <012d01c66909$3e733e80$3004010a@martinhlaptop> Message-ID: <4455758B.8090500@enitech.com.au> Just a note on James rules, they are very aggressive. They created a LOT of FPs for us. I suggest you watch your log carefully for a few days after you deploy them. Martin Hepworth wrote: > Jason > > There's a thing in the wiki about this.....nut basically I run all the ones > listed in rulesemporium.com and a few others from James Grey... > > http://files.grayonline.id.au/ > > If you need the rulesdujour config for James's rules let me know off list.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Jason Williams >> Sent: 25 April 2006 16:39 >> To: MailScanner discussion >> Subject: Recommended SpamAssassin Rules (for RDJ) >> >> Just curious here, what rules people liked to use with SpamAssassin. I >> also use RDJ for SA. >> >> Right now, im using: >> >> 70_sare_evilnum0 >> 70_sare_random >> 70_sare_stocks >> 70_sare_unsub >> >> I know there are a lot more, but thought I'd ask here for a list of >> recommendations, before I start downloading a bunch of rules. >> >> Just trying to make my Spam detection that much better. >> >> Thanks, >> >> Jason >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner , and is >> believed to be clean. > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > From james at grayonline.id.au Mon May 1 05:28:02 2006 From: james at grayonline.id.au (James Gray) Date: Mon May 1 05:28:40 2006 Subject: Recommended SpamAssassin Rules (for RDJ) In-Reply-To: <4455758B.8090500@enitech.com.au> References: <012d01c66909$3e733e80$3004010a@martinhlaptop> <4455758B.8090500@enitech.com.au> Message-ID: <200605011428.10703.james@grayonline.id.au> On Mon, 1 May 2006 12:42 pm, Peter Russell wrote: > Just a note on James rules, they are very aggressive. They created a LOT > of FPs for us. I suggest you watch your log carefully for a few days > after you deploy them. Indeed they are. That's why my site adds the following disclaimer: The usual "no warranty given or implied" applies to all my rules. If they work for you, then that's just super :) If they jump up and eat your dog, cause your girlfriend to leave you, make you car explode or e-mail to disappear then don't blame me - it's up to you to test these rules for suitability to your own mail setup. Specifically my rules really punish anything that looks vaguely medical in content. Administrators working for medical institutions should audit these rules VERY carefully! So yah - be careful. Cheers, James -- "My life is a soap opera, but who has the rights?" -- MadameX -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060501/158110a0/attachment.bin From alex at nkpanama.com Mon May 1 05:46:39 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon May 1 05:47:01 2006 Subject: OT: Just testing Message-ID: <445592AF.1010507@nkpanama.com> Just testing a new set of procmail recipes... Pay no attention to the man behind the curtain... :) From mailscanner at mango.zw Mon May 1 09:30:35 2006 From: mailscanner at mango.zw (Jim Holland) Date: Mon May 1 09:33:07 2006 Subject: how to bock mailservers that have only an ip address In-Reply-To: <174f1c3328958f4d88dfbec3b0aceab8@ucsc.edu> Message-ID: On Sun, 30 Apr 2006, John Rudd wrote: > As you can see, other people like the require_rdns.m4 sendmail hack. I > prefer using filter_sender in mimedefang: > > 1) require_rdns has different return codes than I want for different > cases (yes, I could modify require_rdns, but then that gets into > hacking a hack which gets bad for long term maintainability) I am already in that situation with require_rdns, but agree it isn't very desirable. > 2) I'm not sure if require_rdns can be made to exempt those in certain > IP blocks, those who have done SMTP-AUTH, etc ... but mimedefang can > (that's why I do the check in filter_sender instead of filter_relay). You can control whitelisting in your access file. > 3) mimedefang lets you do LOTS of other checks, is incredibly flexible, > and you modify behaviors in perl instead of sendmail cf expressions ... > I much prefer perl to sendmail cf files. It can check for recipients on > remote relays (similar to milter-ahead), HELO/EHLO verification, and > even attachment filename/filetype checks, anti-virus checks, and > SpamAssassin. Having had a look at mimedefang it looks as if it is an alternative package to MailScanner, rather than complementary, and hence not at all compatible with it. All incoming mail would get parsed by mimedefang, with all attachments being extracted etc, only to have the same mail then being reprocessed and split again by MailScanner. This looks like an incredible waste of resources, especially if it is just to make use of a couple of mimedefang features such as milter-ahead, HELO/EHLO verification or blocking of servers with no PTR records. Carrying out filename/ filetype checks, anti-virus checks, and running SpamAssassin through mimedefang while also using MailScanner is clearly pointless as MailScanner does it all so much better. I see the benefits of plugins that work directly with sendmail for additional MTA-related functionality, but using mimedefang filters for that purpose together with MailScanner seems incredible overkill. > Last week I posted a URL to my mimedefang-filter (which is where all of > your site-specific perl code goes). I'm about to re-do it, though > (clean up the code some, move some code around to sub-routines so it's > easier to customize certain details, have different versions for people > who may want to skip virus/attachment/anti-spam checks if they're doing > that somewhere else, etc.). I'll post about the update in a couple > days. Do you have an integrated solution that ensures that MailScanner continues to do what it does best while disabling all the MailScanner-type features in mimedefang so as to avoid the enormous performance hit that will happen if all messages are MIME-decoded twice? Surely the logical approach is to write milters that work directly with sendmail (as with milter-ahead) instead of filters that work with mimedefang which then hooks into sendmail? Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From MailScanner at ecs.soton.ac.uk Mon May 1 10:24:57 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 1 10:25:17 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released Message-ID: <4455D3E9.8010405@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just released the May release of MailScanner, version 4.53.6. The main new improvements this month are: - - Support for sa-update as provided with recent versions of SpamAssassin. - - Support for the new format of headers files produced by Exim 4.61. - - Many improvements to the handling of, and response to, Web Bugs. - - Support for the "gunzip" command so that filetype and filename checks can be done on compressed files created with either the "gzip" or "compress" commands. - - Support for numerical IP addresses in phishing.safe.sites.conf. Using this, entire servers can be whitelisted with one entry, removing the need to add every domain provided by that server. - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that entries can be written as "Max SpamAssassin Size = 30k" instead of "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. You can download it as usual from www.mailscanner.info The full Change Log is * New Features and Improvements * - - Attachment extraction now checks for available disk space and a DoS attack using messages with high expansion ratios will fail even quicker than it did before. - - Added new setting "SpamAssassin Local State Dir" to support the sa-update tool provided with MailScanner these days, to provide a way of auto- updating the core SpamAssassin rulesets. The default value is set to what you need for Linux (/var/lib). - - Added new cron job to run sa-update every night. The location of the sa-update program is read from /etc/sysconfig/MailScanner. - - Added support for new header -H file format in Exim 4.61. - - Added 2 new configuration options "Gunzip Command" and "Gunzip Timeout" to enable unpacking of gzip-ed files for filename and filetype checking. Even if this is disabled, gzip-ed files will still be virus scanned. - - Added support for numerical entries in phishing.safe.sites.conf file. - - Added support for optional multipliers in numbers in MailScanner.conf. So you can now write "50M" instead of "50000000". The multipliers supported are "k", "m" and "g" to denote 1 thousand, 1 million and 1 billion (10^9) in upper or lower case. You must *not* put any spaces between the number and the multiplier character. - - Added a new configuration option "Ignored Web Bug Filenames". This allows you to whitelist a bunch of filenames that can appear in the URLs of potential web bugs. So if you decide that all potential web bugs with "spacer" or "pixel.gif" in the filename are just padding for page layout, then you can make it ignore them by adding them to this list. A sample list is provided in MailScanner.conf. This is disabled by default, as spammers may start to use this as a means of circumventing the Web Bug trap. - - When Web Bugs are disarmed, the URL used to replace the original web bug can now be set using the new configuration option "Web Bug Replacement". If this is not specified, then the old value of "MailScannerWebBug" is used. The default value supplied in the MailScanner.conf file is the address of an untracked 1x1 pixel transparent gif (51 bytes) hosted on the MailScanner web site. This will not be tracked other than to supply an overall count of the number of hits this image gets, for overall statistical purposes. - - Added Razor2 to the list of plugins automatically enabled by the ClamAV+SA easy-to-install package, due to the recent change in licence. Now if DCC could go the same way... * Fixes * - - Fixed bug in DoS attack handler. Thanks for Jorge for this. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFXT6hH2WUcUFbZUEQJqkwCgnB2LzUyvYkHin3/aLN6I7WHsomMAn3au BZyQSK0p+xYHKI8JQJk383/l =qePP -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From jrudd at ucsc.edu Mon May 1 11:18:31 2006 From: jrudd at ucsc.edu (John Rudd) Date: Mon May 1 11:19:17 2006 Subject: how to bock mailservers that have only an ip address In-Reply-To: References: Message-ID: <2343d306f6cd0d1e03d50b748a433ef1@ucsc.edu> On May 1, 2006, at 1:30 AM, Jim Holland wrote: > On Sun, 30 Apr 2006, John Rudd wrote: > > >> 2) I'm not sure if require_rdns can be made to exempt those in certain >> IP blocks, those who have done SMTP-AUTH, etc ... but mimedefang can >> (that's why I do the check in filter_sender instead of filter_relay). > > You can control whitelisting in your access file. Which doesn't answer the part about SMTP-AUTH. Which was the important part, really. >> 3) mimedefang lets you do LOTS of other checks, is incredibly >> flexible, >> and you modify behaviors in perl instead of sendmail cf expressions >> ... >> I much prefer perl to sendmail cf files. It can check for recipients >> on >> remote relays (similar to milter-ahead), HELO/EHLO verification, and >> even attachment filename/filetype checks, anti-virus checks, and >> SpamAssassin. > > Having had a look at mimedefang it looks as if it is an alternative > package to MailScanner, rather than complementary, and hence not at all > compatible with it. It is both alternative and complementary. Depending on how you use it. Yes, you can do virus, filename, filetype, and spam checks in mimedefang. Or not. You can vary your actions for each check, too. Just like in mailscanner. You can also do checks during SMTP time, unlike mailscanner. And you can do checks during the connection based upon the relay, the helo/ehlo string, the sender, sender-options, and recipients. For example, I can reject all connections from hosts whose IP address appears in their hostname. Or reject all connections from hosts whose forward and reverse DNS don't match. I can't _easily_ do those with mailscanner. And I definitely can't do them during the SMTP session. Last, I can do my virus scanning in mimedefang, and thus reduce the amount of anti-spam work that mailscanner does by eliminating the viruses first. Something several people have wanted to do in mailscanner, but that Julian has said would require too much of a re-write to accomplish any time soon. > All incoming mail would get parsed by mimedefang, > with all attachments being extracted etc, only to have the same mail > then > being reprocessed and split again by MailScanner. This looks like an > incredible waste of resources, AFAIK, it's a small drop in the bucket compared to running SpamAssassin. Though, mimedefang does have an option for turning off various checks.. so I've asked for a way to turn off MIME decoding (and thus turning off "filter" and "filter_multipart", but leaving "filter_begin" and "filter_end" on, as I don't think those need MIME decoding in order to run). > especially if it is just to make use of a > couple of mimedefang features such as milter-ahead, HELO/EHLO > verification > or blocking of servers with no PTR records. Carrying out filename/ > filetype checks, anti-virus checks, and running SpamAssassin through > mimedefang while also using MailScanner is clearly pointless as > MailScanner does it all so much better. Who said anything about doing filename/filetype checks, anti-virus checks, and running spam assassin in _both_? IMO, if I was going to do, or recommend, a hybrid approach, I'd do: 0) greet_pause and spamhaus sbl & xbl in sendmail 1) relay, helo, sender, recipient checks, and clamd anti-virus in mimedefang 2) spam assassin, filename, filetype, phishing, and sophos anti-virus in mailscanner (or some other scanner besides clamav, to have a safe 2nd layer of anti-virus scanning) 0 & 1 reduce the number of messages you're feeding through Spam Assassin, which is probably going to be your single biggest resource hog (even if you are MIME decoding every message in both places). I slightly like the filename and filetype checks in mailscanner better than in mimedefang, and if you did find a way to turn off mime decoding in mimedefang, you'd have to do it in mailscanner instead anyway. Though, honestly, I prefer to do it all in mimedefang these days. I have grown to be annoyed by the dual queue approach, and I like to reject as many messages as possible during the SMTP transaction. > I see the benefits of plugins that work directly with sendmail for > additional MTA-related functionality, but using mimedefang filters for > that purpose together with MailScanner seems incredible overkill. > >> Last week I posted a URL to my mimedefang-filter (which is where all >> of >> your site-specific perl code goes). I'm about to re-do it, though >> (clean up the code some, move some code around to sub-routines so it's >> easier to customize certain details, have different versions for >> people >> who may want to skip virus/attachment/anti-spam checks if they're >> doing >> that somewhere else, etc.). I'll post about the update in a couple >> days. > > Do you have an integrated solution that ensures that MailScanner > continues > to do what it does best while disabling all the MailScanner-type > features > in mimedefang so as to avoid the enormous performance hit that will > happen > if all messages are MIME-decoded twice? With the exception of actually turning off the mimedecoding? yes. Just have filter, filter_multipart, and filter_end automatically accept all messages without even looking at them (ie. immediately do: return action_accept(); in filter and filter_multipart, and just immediately return in filter_end). If you're not going to do the virus checking or any header manipulation in filter_begin, you can do the same thing there too. Then just do the things you want in filter_relay, filter_helo, filter_sender, and filter_recipient. Though, I do all of the filter_relay and filter_helo stuff in filter_sender, so that I can exempt based on SMTP-AUTH. > Surely the logical approach is to > write milters that work directly with sendmail (as with milter-ahead) > instead of filters that work with mimedefang which then hooks into > sendmail? uh... what do you think mimedefang is? it's a milter. It is exactly a "milter that works directly with sendmail". It's just more flexible than milter-ahead, that's all. From evanderleun at hal9000.nl Mon May 1 11:18:16 2006 From: evanderleun at hal9000.nl (Erik van der Leun) Date: Mon May 1 12:18:19 2006 Subject: New MS on Gentoo Linux Message-ID: Hi hi, On gentoo linux, I choose to use the perl thingies from portage, instead of the perl modules delivered with MailScanner... This ends up with the wrong name for the module needed when starting MailScanner, namelijk DiskSpace.pm in stead of Df.pm. I fixed it quickly by creating a simple symlink. hal9000 Filesys # pwd /usr/lib/perl5/vendor_perl/5.8.7/Filesys hal9000 Filesys # ls -l total 8 lrwxrwxrwx 1 root root 12 May 1 12:14 Df.pm -> DiskSpace.pm -r-xr-xr-x 1 root root 7923 May 1 12:08 DiskSpace.pm hal9000 Filesys # Just a warning for people on the same platform :) Kind regards, Erik van der Leun From evanderleun at hal9000.nl Mon May 1 12:22:55 2006 From: evanderleun at hal9000.nl (Erik van der Leun) Date: Mon May 1 12:23:02 2006 Subject: mail loops Message-ID: Hi, I've already sent a (mild) warming for gentoo users on the latest stable release of MailScanner (the filename of Df.pm will be different if you use portage to install this perl module), but I didn't even get my MailScanner to work properly after the upgrade. Mail was checked for spam, I got a message the Virusscanning got started, but the first message after that, was the number of messages found in the queue and it kept on looping like this. Mail was accepted, but not delivered... I didn't take a lot time to investigate as I simply don't have it available at the moment. I downgraded and the problem was solved. Did anybody have similar experiences? Kind regards, Erik van der Leun From jaearick at colby.edu Mon May 1 12:36:14 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon May 1 12:39:26 2006 Subject: metric version of 1000? Message-ID: Julian, > - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that > entries can be written as "Max SpamAssassin Size = 30k" instead of > "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. I see you use the metric version of k, m, g. In America we tend to use the old style version of 1024 (2^10), 1048576 (2^20), and 1073741824 (2^30) since we only have two fingers to count with. :) Jeff Earickson Colby College From mailscanner at mango.zw Mon May 1 12:45:08 2006 From: mailscanner at mango.zw (Jim Holland) Date: Mon May 1 12:48:02 2006 Subject: how to bock mailservers that have only an ip address In-Reply-To: <2343d306f6cd0d1e03d50b748a433ef1@ucsc.edu> Message-ID: On Mon, 1 May 2006, John Rudd wrote: > >> 2) I'm not sure if require_rdns can be made to exempt those in certain > >> IP blocks, those who have done SMTP-AUTH, etc ... but mimedefang can > >> (that's why I do the check in filter_sender instead of filter_relay). > > > > You can control whitelisting in your access file. > > Which doesn't answer the part about SMTP-AUTH. Which was the important > part, really. > > >> 3) mimedefang lets you do LOTS of other checks, is incredibly > >> flexible, > >> and you modify behaviors in perl instead of sendmail cf expressions > >> ... > >> I much prefer perl to sendmail cf files. It can check for recipients > >> on > >> remote relays (similar to milter-ahead), HELO/EHLO verification, and > >> even attachment filename/filetype checks, anti-virus checks, and > >> SpamAssassin. > > > > Having had a look at mimedefang it looks as if it is an alternative > > package to MailScanner, rather than complementary, and hence not at all > > compatible with it. > > It is both alternative and complementary. Depending on how you use it. > > Yes, you can do virus, filename, filetype, and spam checks in > mimedefang. Or not. You can vary your actions for each check, too. > Just like in mailscanner. > > You can also do checks during SMTP time, unlike mailscanner. And you > can do checks during the connection based upon the relay, the helo/ehlo > string, the sender, sender-options, and recipients. For example, I can > reject all connections from hosts whose IP address appears in their > hostname. Or reject all connections from hosts whose forward and > reverse DNS don't match. I can't _easily_ do those with mailscanner. > And I definitely can't do them during the SMTP session. Sadly, since starting to use require_rdns I have found that there are so many systems whose PTR records point to invalid hostnames that I am seriously thinking of just limiting its use to blocking those systems with no PTR records at all. The manual workload in whitelisting all the genuine systems with apparently forged addresses is very discouraging. > Last, I can do my virus scanning in mimedefang, and thus reduce the > amount of anti-spam work that mailscanner does by eliminating the > viruses first. Something several people have wanted to do in > mailscanner, but that Julian has said would require too much of a > re-write to accomplish any time soon. Point taken. However I do appreciate the much more satisfactory highly configurable silent virus approach taken by MailScanner than the recommended mimedefang approach: "we believe that on balance, it's better to bounce a virus than to silently discard it. It's almost never a good idea to hide a problem". > > All incoming mail would get parsed by mimedefang, > > with all attachments being extracted etc, only to have the same mail > > then > > being reprocessed and split again by MailScanner. This looks like an > > incredible waste of resources, > > AFAIK, it's a small drop in the bucket compared to running SpamAssassin. > > Though, mimedefang does have an option for turning off various checks.. > so I've asked for a way to turn off MIME decoding (and thus turning off > "filter" and "filter_multipart", but leaving "filter_begin" and > "filter_end" on, as I don't think those need MIME decoding in order to > run). > > > especially if it is just to make use of a > > couple of mimedefang features such as milter-ahead, HELO/EHLO > > verification > > or blocking of servers with no PTR records. Carrying out filename/ > > filetype checks, anti-virus checks, and running SpamAssassin through > > mimedefang while also using MailScanner is clearly pointless as > > MailScanner does it all so much better. > > Who said anything about doing filename/filetype checks, anti-virus > checks, and running spam assassin in _both_? > > IMO, if I was going to do, or recommend, a hybrid approach, I'd do: > > 0) greet_pause and spamhaus sbl & xbl in sendmail > > 1) relay, helo, sender, recipient checks, and clamd anti-virus in > mimedefang > > 2) spam assassin, filename, filetype, phishing, and sophos anti-virus > in mailscanner (or some other scanner besides clamav, to have a safe > 2nd layer of anti-virus scanning) > > 0 & 1 reduce the number of messages you're feeding through Spam > Assassin, which is probably going to be your single biggest resource > hog (even if you are MIME decoding every message in both places). I > slightly like the filename and filetype checks in mailscanner better > than in mimedefang, and if you did find a way to turn off mime decoding > in mimedefang, you'd have to do it in mailscanner instead anyway. Thanks for this very interesting set of suggestions. > Though, honestly, I prefer to do it all in mimedefang these days. I > have grown to be annoyed by the dual queue approach, and I like to > reject as many messages as possible during the SMTP transaction. I agree with this in principle and do adopt this approach. I wonder however if anyone has done any research into one aspect of the behaviour of some spammers: I suspect that when a spam message is rejected directly, they then pass the message off to a different server, using a round-robin approach and making multiple delivery attempts from different locations in the hope that eventually one of them will get through. If this is indeed a significant element in spamming behaviour then the overall traffic load might be less by simply accepting spam and then quarantining it than by trying to reject it at MTA level. > > I see the benefits of plugins that work directly with sendmail for > > additional MTA-related functionality, but using mimedefang filters for > > that purpose together with MailScanner seems incredible overkill. > > > >> Last week I posted a URL to my mimedefang-filter (which is where all > >> of > >> your site-specific perl code goes). I'm about to re-do it, though > >> (clean up the code some, move some code around to sub-routines so it's > >> easier to customize certain details, have different versions for > >> people > >> who may want to skip virus/attachment/anti-spam checks if they're > >> doing > >> that somewhere else, etc.). I'll post about the update in a couple > >> days. > > > > Do you have an integrated solution that ensures that MailScanner > > continues > > to do what it does best while disabling all the MailScanner-type > > features > > in mimedefang so as to avoid the enormous performance hit that will > > happen > > if all messages are MIME-decoded twice? > > With the exception of actually turning off the mimedecoding? yes. > > Just have filter, filter_multipart, and filter_end automatically accept > all messages without even looking at them (ie. immediately do: > > return action_accept(); > > in filter and filter_multipart, and just immediately return in > filter_end). > If you're not going to do the virus checking or any header manipulation > in filter_begin, you can do the same thing there too. Then just do the > things you want in filter_relay, filter_helo, filter_sender, and > filter_recipient. Though, I do all of the filter_relay and filter_helo > stuff in filter_sender, so that I can exempt based on SMTP-AUTH. > > > Surely the logical approach is to > > write milters that work directly with sendmail (as with milter-ahead) > > instead of filters that work with mimedefang which then hooks into > > sendmail? > > uh... what do you think mimedefang is? it's a milter. It is exactly a > "milter that works directly with sendmail". It's just more flexible > than milter-ahead, that's all. Thanks for all your explanations. I will give it a go, but foresee much work in getting to terms with all the options involved, how to manage the additional blacklisting/whitelisting etc, fine tuning of parameters . . . Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From MailScanner at ecs.soton.ac.uk Mon May 1 13:55:14 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 1 13:55:31 2006 Subject: metric version of 1000? In-Reply-To: References: Message-ID: <44560532.3050901@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeff A. Earickson wrote: > Julian, > >> - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that >> entries can be written as "Max SpamAssassin Size = 30k" instead of >> "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. > > I see you use the metric version of k, m, g Correction. I use the version of 1 thousand that I was taught at primary school. > In America we tend to use > the old style version of 1024 (2^10), 1048576 (2^20), and 1073741824 > (2^30) > since we only have two fingers to count with. :) And I thought it was only Apple users whose fingers had all webbed over :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFYFNBH2WUcUFbZUEQIvKgCZAdudW2MhABSlwJk4JO8MzBLDE24Ani13 TCngxsNRcRw4V6vH2dcw70Th =SkYA -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Mon May 1 13:56:53 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 1 13:57:06 2006 Subject: mail loops In-Reply-To: References: Message-ID: <44560595.80704@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In which case stop MailScanner, do "MailScanner --debug" and send us the output. Erik van der Leun wrote: > Hi, > > I've already sent a (mild) warming for gentoo users on the latest stable > release of MailScanner (the filename of Df.pm will be different if you > use portage to install this perl module), but I didn't even get my > MailScanner > to work properly after the upgrade. > > Mail was checked for spam, I got a message the Virusscanning got > started, but > the first message after that, was the number of messages found in the > queue > and it kept on looping like this. > > Mail was accepted, but not delivered... > I didn't take a lot time to investigate as I simply don't have it > available > at the moment. I downgraded and the problem was solved. > > Did anybody have similar experiences? > > Kind regards, > Erik van der Leun - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFYFlRH2WUcUFbZUEQLFLACfQD3n1IAc8Ef33of1eUdn/cwDuAoAoJ8n caAovvutPmulPsve+6s3l1S6 =QJQZ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From evanderleun at hal9000.nl Mon May 1 15:13:13 2006 From: evanderleun at hal9000.nl (Erik van der Leun) Date: Mon May 1 15:25:53 2006 Subject: mail loops In-Reply-To: <44560595.80704@ecs.soton.ac.uk> References: <44560595.80704@ecs.soton.ac.uk> Message-ID: Outgoing mail does not appear to have a problem, logically... I restarted MailScanner to be able to send the mail, and retried debugging mode while MailScanner was still on Air: In Debugging mode, not forking... Ignore errors about failing to find EOCD signature Undefined subroutine &MailScanner::Message::df called at /usr/lib/MailScanner/MailScanner/Message.pm line 1663. This was the only output I got... Might be it though... I'm downgrading again for now, as I do need mailflow :) On Mon, 1 May 2006, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > In which case stop MailScanner, do "MailScanner --debug" and send us the > output. > > Erik van der Leun wrote: >> Hi, >> >> I've already sent a (mild) warming for gentoo users on the latest stable >> release of MailScanner (the filename of Df.pm will be different if you >> use portage to install this perl module), but I didn't even get my >> MailScanner >> to work properly after the upgrade. >> >> Mail was checked for spam, I got a message the Virusscanning got >> started, but >> the first message after that, was the number of messages found in the >> queue >> and it kept on looping like this. >> >> Mail was accepted, but not delivered... >> I didn't take a lot time to investigate as I simply don't have it >> available >> at the moment. I downgraded and the problem was solved. >> >> Did anybody have similar experiences? >> >> Kind regards, >> Erik van der Leun > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRFYFlRH2WUcUFbZUEQLFLACfQD3n1IAc8Ef33of1eUdn/cwDuAoAoJ8n > caAovvutPmulPsve+6s3l1S6 > =QJQZ > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From maillists at conactive.com Mon May 1 15:31:21 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon May 1 15:29:35 2006 Subject: how to bock mailservers that have only an ip address In-Reply-To: References: Message-ID: Jim Holland wrote on Mon, 1 May 2006 13:45:08 +0200 (CAT): > I wonder > however if anyone has done any research into one aspect of the behaviour > of some spammers: I suspect that when a spam message is rejected directly, > they then pass the message off to a different server, using a round-robin > approach and making multiple delivery attempts from different locations in > the hope that eventually one of them will get through. If this is indeed > a significant element in spamming behaviour then the overall traffic load > might be less by simply accepting spam and then quarantining it than by > trying to reject it at MTA level. My personal experience is that domains which accept everything (which includes having a catch-all email alias) "attract" more spam than others. This "experience" is not from a scientific study but just a gut feeling from what I see with our customers from time to time, though. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon May 1 15:31:21 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon May 1 15:29:35 2006 Subject: metric version of 1000? In-Reply-To: References: Message-ID: Jeff A. Earickson wrote on Mon, 1 May 2006 07:36:14 -0400 (EDT): > In America we tend to use > the old style version of 1024 So, disk space of new hard disks is announced "correctly" in the US? I don't believe marketing would allow this ;-) Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon May 1 15:31:21 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon May 1 15:29:37 2006 Subject: how to bock mailservers that have only an ip address In-Reply-To: <2343d306f6cd0d1e03d50b748a433ef1@ucsc.edu> References: <2343d306f6cd0d1e03d50b748a433ef1@ucsc.edu> Message-ID: John Rudd wrote on Mon, 1 May 2006 03:18:31 -0700: > Which doesn't answer the part about SMTP-AUTH. Which was the important > part, really. I suppose you have to use delay_checks to make smtp-auth succeed as it is with other sendmail recipes. I've never used that specific hack since I felt there might be too many false positives and greylisting throws these out, anyway, it seems. > It is both alternative and complementary. Depending on how you use it. I agree with Jim. I think that both packages are really alternatives, not complimentary. If you use both that means you double the memory usage and since both are Perl based that means you need a *lot* of memory. Both packages are similar in many aspects. I doesn't make too much sense for me to run them both just to get that tiny fraction that is missing from one of them. Other aspects which might make up your decision about using the one or the other are ease of configuration (which I cannot assess, I decided years ago to go with MailScanner and never had MimeDefang running, but it were MailScanner and MimeDefang which were my competing alternatives when I decided to drop MailCorral), update cycles/policy (as above, again) and performance (and I think here's a clear advantage for MailScanner: the more mail you get the better should MailScanner perform in contrast to MimeDefang because it runs in queue mode and you can accept mail all the time with the MTA whereas with a milter you have to spawn another instance of it for every open connection). And, of course, there's that basic decision: do you want to reject virus mail at MTA level or quarantine it, just in case it got assessed wrong. Same thing with spam. If one is so confident that the scoring/decision always is right then go with rejecting at MTA level (=MimeDefang or amavisd), if one is not so confident about it then quarantine it (=MailScanner). I for one do it the following way: reject mainly because of "technical" reasons at MTA level (which rejects around 70/80% of all mail, only around 3% of the remaining mail is spam or bad content) and quarantine because of content. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon May 1 16:07:57 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon May 1 16:07:48 2006 Subject: MailScanner ANNOUNCE: Stable 4.53.6 released In-Reply-To: <4455D428.6020502@ecs.soton.ac.uk> References: <4455D428.6020502@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Mon, 01 May 2006 10:26:00 +0100: > I have just released the May release of MailScanner, version 4.53.6. Ok so far. Haven't tested the Webbug functionality yet. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From dml at unb.ca Mon May 1 16:07:37 2006 From: dml at unb.ca (David Lancaster) Date: Mon May 1 16:07:51 2006 Subject: metric version of 1000? In-Reply-To: References: Message-ID: <771E18E9-FE56-4428-BC35-D7D748449FB8@unb.ca> On May 1, 2006, at 11:31 AM, Kai Schaetzl wrote: > Jeff A. Earickson wrote on Mon, 1 May 2006 07:36:14 -0400 (EDT): > >> In America we tend to use >> the old style version of 1024 > > So, disk space of new hard disks is announced "correctly" in the US? I > don't believe marketing would allow this ;-) > Heck no. Can't exaggerate that way... Binary vs SI prefixes: http://physics.nist.gov/cuu/Units/binary.html David -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060501/61d478b5/attachment.html From mailscanner at mango.zw Mon May 1 17:18:11 2006 From: mailscanner at mango.zw (Jim Holland) Date: Mon May 1 17:19:54 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: <4455D3E9.8010405@ecs.soton.ac.uk> Message-ID: Hi Julian Thanks for the new version, however the links to the PGP signatures on your site give a 404 Not found error. Please check. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service On Mon, 1 May 2006, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have just released the May release of MailScanner, version 4.53.6. > > The main new improvements this month are: > > - - Support for sa-update as provided with recent versions of SpamAssassin. > - - Support for the new format of headers files produced by Exim 4.61. > - - Many improvements to the handling of, and response to, Web Bugs. > - - Support for the "gunzip" command so that filetype and filename checks > can be done on compressed files created with either the "gzip" or > "compress" commands. > - - Support for numerical IP addresses in phishing.safe.sites.conf. Using > this, entire servers can be whitelisted with one entry, removing the > need to add every domain provided by that server. > - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that > entries can be written as "Max SpamAssassin Size = 30k" instead of > "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. > > You can download it as usual from > www.mailscanner.info > > The full Change Log is > > * New Features and Improvements * > - - Attachment extraction now checks for available disk space and a DoS attack > using messages with high expansion ratios will fail even quicker than it > did before. > - - Added new setting "SpamAssassin Local State Dir" to support the sa-update > tool provided with MailScanner these days, to provide a way of auto- > updating the core SpamAssassin rulesets. The default value is set to what > you need for Linux (/var/lib). > - - Added new cron job to run sa-update every night. The location of the > sa-update program is read from /etc/sysconfig/MailScanner. > - - Added support for new header -H file format in Exim 4.61. > - - Added 2 new configuration options "Gunzip Command" and "Gunzip Timeout" to > enable unpacking of gzip-ed files for filename and filetype checking. > Even if this is disabled, gzip-ed files will still be virus scanned. > - - Added support for numerical entries in phishing.safe.sites.conf file. > - - Added support for optional multipliers in numbers in MailScanner.conf. > So you can now write "50M" instead of "50000000". The multipliers > supported > are "k", "m" and "g" to denote 1 thousand, 1 million and 1 billion (10^9) > in upper or lower case. > You must *not* put any spaces between the number and the multiplier > character. > - - Added a new configuration option "Ignored Web Bug Filenames". This allows > you to whitelist a bunch of filenames that can appear in the URLs of > potential web bugs. So if you decide that all potential web bugs with > "spacer" or "pixel.gif" in the filename are just padding for page layout, > then you can make it ignore them by adding them to this list. A sample > list is provided in MailScanner.conf. > This is disabled by default, as spammers may start to use this as a means > of circumventing the Web Bug trap. > - - When Web Bugs are disarmed, the URL used to replace the original web bug > can now be set using the new configuration option "Web Bug Replacement". > If this is not specified, then the old value of "MailScannerWebBug" is > used. > The default value supplied in the MailScanner.conf file is the address of > an untracked 1x1 pixel transparent gif (51 bytes) hosted on the > MailScanner > web site. This will not be tracked other than to supply an overall > count of > the number of hits this image gets, for overall statistical purposes. > - - Added Razor2 to the list of plugins automatically enabled by the ClamAV+SA > easy-to-install package, due to the recent change in licence. Now if DCC > could go the same way... > * Fixes * > - - Fixed bug in DoS attack handler. Thanks for Jorge for this. > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRFXT6hH2WUcUFbZUEQJqkwCgnB2LzUyvYkHin3/aLN6I7WHsomMAn3au > BZyQSK0p+xYHKI8JQJk383/l > =qePP > -----END PGP SIGNATURE----- > > From root at doctor.nl2k.ab.ca Mon May 1 17:48:54 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Mon May 1 17:50:15 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: References: <4455D3E9.8010405@ecs.soton.ac.uk> Message-ID: <20060501164854.GA17627@doctor.nl2k.ab.ca> On Mon, May 01, 2006 at 06:18:11PM +0200, Jim Holland wrote: > Hi Julian > > Thanks for the new version, however the links to the PGP signatures on > your site give a 404 Not found error. Please check. > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > > On Mon, 1 May 2006, Julian Field wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > I have just released the May release of MailScanner, version 4.53.6. > > > > The main new improvements this month are: > > > > - - Support for sa-update as provided with recent versions of SpamAssassin. > > - - Support for the new format of headers files produced by Exim 4.61. > > - - Many improvements to the handling of, and response to, Web Bugs. > > - - Support for the "gunzip" command so that filetype and filename checks > > can be done on compressed files created with either the "gzip" or > > "compress" commands. > > - - Support for numerical IP addresses in phishing.safe.sites.conf. Using > > this, entire servers can be whitelisted with one entry, removing the > > need to add every domain provided by that server. > > - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that > > entries can be written as "Max SpamAssassin Size = 30k" instead of > > "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. > > > > You can download it as usual from > > www.mailscanner.info > > > > The full Change Log is > > > > * New Features and Improvements * > > - - Attachment extraction now checks for available disk space and a DoS attack > > using messages with high expansion ratios will fail even quicker than it > > did before. > > - - Added new setting "SpamAssassin Local State Dir" to support the sa-update > > tool provided with MailScanner these days, to provide a way of auto- > > updating the core SpamAssassin rulesets. The default value is set to what > > you need for Linux (/var/lib). > > - - Added new cron job to run sa-update every night. The location of the > > sa-update program is read from /etc/sysconfig/MailScanner. > > - - Added support for new header -H file format in Exim 4.61. > > - - Added 2 new configuration options "Gunzip Command" and "Gunzip Timeout" to > > enable unpacking of gzip-ed files for filename and filetype checking. > > Even if this is disabled, gzip-ed files will still be virus scanned. > > - - Added support for numerical entries in phishing.safe.sites.conf file. > > - - Added support for optional multipliers in numbers in MailScanner.conf. > > So you can now write "50M" instead of "50000000". The multipliers > > supported > > are "k", "m" and "g" to denote 1 thousand, 1 million and 1 billion (10^9) > > in upper or lower case. > > You must *not* put any spaces between the number and the multiplier > > character. > > - - Added a new configuration option "Ignored Web Bug Filenames". This allows > > you to whitelist a bunch of filenames that can appear in the URLs of > > potential web bugs. So if you decide that all potential web bugs with > > "spacer" or "pixel.gif" in the filename are just padding for page layout, > > then you can make it ignore them by adding them to this list. A sample > > list is provided in MailScanner.conf. > > This is disabled by default, as spammers may start to use this as a means > > of circumventing the Web Bug trap. > > - - When Web Bugs are disarmed, the URL used to replace the original web bug > > can now be set using the new configuration option "Web Bug Replacement". > > If this is not specified, then the old value of "MailScannerWebBug" is > > used. > > The default value supplied in the MailScanner.conf file is the address of > > an untracked 1x1 pixel transparent gif (51 bytes) hosted on the > > MailScanner > > web site. This will not be tracked other than to supply an overall > > count of > > the number of hits this image gets, for overall statistical purposes. > > - - Added Razor2 to the list of plugins automatically enabled by the ClamAV+SA > > easy-to-install package, due to the recent change in licence. Now if DCC > > could go the same way... > > * Fixes * > > - - Fixed bug in DoS attack handler. Thanks for Jorge for this. > > > > - -- > > Julian Field > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP Desktop 9.0.6 (Build 6060) > > > > iQA/AwUBRFXT6hH2WUcUFbZUEQJqkwCgnB2LzUyvYkHin3/aLN6I7WHsomMAn3au > > BZyQSK0p+xYHKI8JQJk383/l > > =qePP > > -----END PGP SIGNATURE----- > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. Julian is Filesys-Statvfs_Statfs_Df GOingto be intrical to MailScanner? If so, someone please tell me how I can correct: make test PERL_DL_NONLAZY=1 /usr/bin/perl "-Iblib/lib" "-Iblib/arch" test.pl 1..3 /usr/bin/perl: can't resolve symbol 'statvfs' Can't load 'blib/arch/auto/Filesys/Statvfs/Statvfs.so' for module Filesys::Statvfs: Unable to resolve symbol at /usr/libdata/perl5/5.8.8/i386-bsdos/DynaLoader.pm line 230. at test.pl line 12 Compilation failed in require at test.pl line 12. BEGIN failed--compilation aborted at test.pl line 12. not ok 1 *** Error code 2 Stop. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon May 1 18:33:32 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 1 18:33:50 2006 Subject: mail loops In-Reply-To: References: <44560595.80704@ecs.soton.ac.uk> Message-ID: <4456466C.1080308@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Please can you try changing line 1663 of /usr/lib/MailScanner/MailScanner/Message.pm. Change it to say my $df = Filesys::DF::df($dir, 1024); and let me know if this fixes it. If it does I'll put out another release before tomorrow morning. Erik van der Leun wrote: > > > Outgoing mail does not appear to have a problem, logically... > > I restarted MailScanner to be able to send the mail, and retried > debugging > mode while MailScanner was still on Air: > > In Debugging mode, not forking... > Ignore errors about failing to find EOCD signature > Undefined subroutine &MailScanner::Message::df called at > /usr/lib/MailScanner/MailScanner/Message.pm line 1663. > > This was the only output I got... Might be it though... > > I'm downgrading again for now, as I do need mailflow :) > > On Mon, 1 May 2006, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> In which case stop MailScanner, do "MailScanner --debug" and send us the >> output. >> >> Erik van der Leun wrote: >>> Hi, >>> >>> I've already sent a (mild) warming for gentoo users on the latest >>> stable >>> release of MailScanner (the filename of Df.pm will be different if you >>> use portage to install this perl module), but I didn't even get my >>> MailScanner >>> to work properly after the upgrade. >>> >>> Mail was checked for spam, I got a message the Virusscanning got >>> started, but >>> the first message after that, was the number of messages found in the >>> queue >>> and it kept on looping like this. >>> >>> Mail was accepted, but not delivered... >>> I didn't take a lot time to investigate as I simply don't have it >>> available >>> at the moment. I downgraded and the problem was solved. >>> >>> Did anybody have similar experiences? >>> >>> Kind regards, >>> Erik van der Leun >> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.6 (Build 6060) >> >> iQA/AwUBRFYFlRH2WUcUFbZUEQLFLACfQD3n1IAc8Ef33of1eUdn/cwDuAoAoJ8n >> caAovvutPmulPsve+6s3l1S6 >> =QJQZ >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFZGbRH2WUcUFbZUEQKhLgCcD1Wr/dcWVRvvA+8aIDngBJ1M+EkAnj4E bVt4nI/GlG7cuPvnOF4OnmZx =J2yj -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Mon May 1 18:41:10 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 1 18:41:28 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: References: Message-ID: <44564836.6010306@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fixed. Sorry. Jim Holland wrote: > Hi Julian > > Thanks for the new version, however the links to the PGP signatures on > your site give a 404 Not found error. Please check. > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > > On Mon, 1 May 2006, Julian Field wrote: > > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I have just released the May release of MailScanner, version 4.53.6. >> >> The main new improvements this month are: >> >> - - Support for sa-update as provided with recent versions of SpamAssassin. >> - - Support for the new format of headers files produced by Exim 4.61. >> - - Many improvements to the handling of, and response to, Web Bugs. >> - - Support for the "gunzip" command so that filetype and filename checks >> can be done on compressed files created with either the "gzip" or >> "compress" commands. >> - - Support for numerical IP addresses in phishing.safe.sites.conf. Using >> this, entire servers can be whitelisted with one entry, removing the >> need to add every domain provided by that server. >> - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that >> entries can be written as "Max SpamAssassin Size = 30k" instead of >> "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. >> >> You can download it as usual from >> www.mailscanner.info >> >> The full Change Log is >> >> * New Features and Improvements * >> - - Attachment extraction now checks for available disk space and a DoS attack >> using messages with high expansion ratios will fail even quicker than it >> did before. >> - - Added new setting "SpamAssassin Local State Dir" to support the sa-update >> tool provided with MailScanner these days, to provide a way of auto- >> updating the core SpamAssassin rulesets. The default value is set to what >> you need for Linux (/var/lib). >> - - Added new cron job to run sa-update every night. The location of the >> sa-update program is read from /etc/sysconfig/MailScanner. >> - - Added support for new header -H file format in Exim 4.61. >> - - Added 2 new configuration options "Gunzip Command" and "Gunzip Timeout" to >> enable unpacking of gzip-ed files for filename and filetype checking. >> Even if this is disabled, gzip-ed files will still be virus scanned. >> - - Added support for numerical entries in phishing.safe.sites.conf file. >> - - Added support for optional multipliers in numbers in MailScanner.conf. >> So you can now write "50M" instead of "50000000". The multipliers >> supported >> are "k", "m" and "g" to denote 1 thousand, 1 million and 1 billion (10^9) >> in upper or lower case. >> You must *not* put any spaces between the number and the multiplier >> character. >> - - Added a new configuration option "Ignored Web Bug Filenames". This allows >> you to whitelist a bunch of filenames that can appear in the URLs of >> potential web bugs. So if you decide that all potential web bugs with >> "spacer" or "pixel.gif" in the filename are just padding for page layout, >> then you can make it ignore them by adding them to this list. A sample >> list is provided in MailScanner.conf. >> This is disabled by default, as spammers may start to use this as a means >> of circumventing the Web Bug trap. >> - - When Web Bugs are disarmed, the URL used to replace the original web bug >> can now be set using the new configuration option "Web Bug Replacement". >> If this is not specified, then the old value of "MailScannerWebBug" is >> used. >> The default value supplied in the MailScanner.conf file is the address of >> an untracked 1x1 pixel transparent gif (51 bytes) hosted on the >> MailScanner >> web site. This will not be tracked other than to supply an overall >> count of >> the number of hits this image gets, for overall statistical purposes. >> - - Added Razor2 to the list of plugins automatically enabled by the ClamAV+SA >> easy-to-install package, due to the recent change in licence. Now if DCC >> could go the same way... >> * Fixes * >> - - Fixed bug in DoS attack handler. Thanks for Jorge for this. >> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.6 (Build 6060) >> >> iQA/AwUBRFXT6hH2WUcUFbZUEQJqkwCgnB2LzUyvYkHin3/aLN6I7WHsomMAn3au >> BZyQSK0p+xYHKI8JQJk383/l >> =qePP >> -----END PGP SIGNATURE----- >> >> >> > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFZIOBH2WUcUFbZUEQJNfQCcCu/0xT6xzr3eNqXmExHdok8uLhsAniyr LqYZCLlX0BSptazkZWJnMHar =xBnw -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Mon May 1 18:47:04 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 1 18:47:15 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: <20060501164854.GA17627@doctor.nl2k.ab.ca> References: <4455D3E9.8010405@ecs.soton.ac.uk> <20060501164854.GA17627@doctor.nl2k.ab.ca> Message-ID: <44564998.70902@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > On Mon, May 01, 2006 at 06:18:11PM +0200, Jim Holland wrote: > >> Hi Julian >> >> Thanks for the new version, however the links to the PGP signatures on >> your site give a 404 Not found error. Please check. >> >> Regards >> >> Jim Holland >> System Administrator >> MANGO - Zimbabwe's non-profit e-mail service >> >> On Mon, 1 May 2006, Julian Field wrote: >> >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> I have just released the May release of MailScanner, version 4.53.6. >>> >>> The main new improvements this month are: >>> >>> - - Support for sa-update as provided with recent versions of SpamAssassin. >>> - - Support for the new format of headers files produced by Exim 4.61. >>> - - Many improvements to the handling of, and response to, Web Bugs. >>> - - Support for the "gunzip" command so that filetype and filename checks >>> can be done on compressed files created with either the "gzip" or >>> "compress" commands. >>> - - Support for numerical IP addresses in phishing.safe.sites.conf. Using >>> this, entire servers can be whitelisted with one entry, removing the >>> need to add every domain provided by that server. >>> - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that >>> entries can be written as "Max SpamAssassin Size = 30k" instead of >>> "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. >>> >>> You can download it as usual from >>> www.mailscanner.info >>> >>> The full Change Log is >>> >>> * New Features and Improvements * >>> - - Attachment extraction now checks for available disk space and a DoS attack >>> using messages with high expansion ratios will fail even quicker than it >>> did before. >>> - - Added new setting "SpamAssassin Local State Dir" to support the sa-update >>> tool provided with MailScanner these days, to provide a way of auto- >>> updating the core SpamAssassin rulesets. The default value is set to what >>> you need for Linux (/var/lib). >>> - - Added new cron job to run sa-update every night. The location of the >>> sa-update program is read from /etc/sysconfig/MailScanner. >>> - - Added support for new header -H file format in Exim 4.61. >>> - - Added 2 new configuration options "Gunzip Command" and "Gunzip Timeout" to >>> enable unpacking of gzip-ed files for filename and filetype checking. >>> Even if this is disabled, gzip-ed files will still be virus scanned. >>> - - Added support for numerical entries in phishing.safe.sites.conf file. >>> - - Added support for optional multipliers in numbers in MailScanner.conf. >>> So you can now write "50M" instead of "50000000". The multipliers >>> supported >>> are "k", "m" and "g" to denote 1 thousand, 1 million and 1 billion (10^9) >>> in upper or lower case. >>> You must *not* put any spaces between the number and the multiplier >>> character. >>> - - Added a new configuration option "Ignored Web Bug Filenames". This allows >>> you to whitelist a bunch of filenames that can appear in the URLs of >>> potential web bugs. So if you decide that all potential web bugs with >>> "spacer" or "pixel.gif" in the filename are just padding for page layout, >>> then you can make it ignore them by adding them to this list. A sample >>> list is provided in MailScanner.conf. >>> This is disabled by default, as spammers may start to use this as a means >>> of circumventing the Web Bug trap. >>> - - When Web Bugs are disarmed, the URL used to replace the original web bug >>> can now be set using the new configuration option "Web Bug Replacement". >>> If this is not specified, then the old value of "MailScannerWebBug" is >>> used. >>> The default value supplied in the MailScanner.conf file is the address of >>> an untracked 1x1 pixel transparent gif (51 bytes) hosted on the >>> MailScanner >>> web site. This will not be tracked other than to supply an overall >>> count of >>> the number of hits this image gets, for overall statistical purposes. >>> - - Added Razor2 to the list of plugins automatically enabled by the ClamAV+SA >>> easy-to-install package, due to the recent change in licence. Now if DCC >>> could go the same way... >>> * Fixes * >>> - - Fixed bug in DoS attack handler. Thanks for Jorge for this. >>> >>> - -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.0.6 (Build 6060) >>> >>> iQA/AwUBRFXT6hH2WUcUFbZUEQJqkwCgnB2LzUyvYkHin3/aLN6I7WHsomMAn3au >>> BZyQSK0p+xYHKI8JQJk383/l >>> =qePP >>> -----END PGP SIGNATURE----- >>> >>> >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> > > > Julian is Filesys-Statvfs_Statfs_Df > > GOingto be intrical to MailScanner? > intrical? intrinsically critical? > > If so, someone please tell me how I can correct: > > make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-Iblib/lib" "-Iblib/arch" test.pl > 1..3 > /usr/bin/perl: can't resolve symbol 'statvfs' > Can't load 'blib/arch/auto/Filesys/Statvfs/Statvfs.so' for module Filesys::Statvfs: Unable to resolve symbol at /usr/libdata/perl5/5.8.8/i386-bsdos/DynaLoader.pm line 230. > at test.pl line 12 > Compilation failed in require at test.pl line 12. > BEGIN failed--compilation aborted at test.pl line 12. > not ok 1 > *** Error code 2 > > Stop. That's not good. Please file a bug with the author of Filesys::Df. It appears it fails under BSD :-( To work around it for now, find where Message.pm has been put on your BSD system (possibly /opt/MailScanner/lib/MailScanner/Message.pm or /usr/lib/MailScanner/MailScanner/Message.pm?) and edit it. Change line 1663 from my $df = df($dir, 1024); to my $df = undef; and then restart MailScanner. This will just eliminate the check. Make sure you don't run out of disk space :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFZJmRH2WUcUFbZUEQKdDQCgsZhPcrJoF32oC9kUHvL3w9UqE7AAnA03 ZZe+sL/7Vfx0WjC4ys2/7DQC =QRta -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From root at doctor.nl2k.ab.ca Mon May 1 19:13:20 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Mon May 1 19:13:36 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: <44564998.70902@ecs.soton.ac.uk> References: <4455D3E9.8010405@ecs.soton.ac.uk> <20060501164854.GA17627@doctor.nl2k.ab.ca> <44564998.70902@ecs.soton.ac.uk> Message-ID: <20060501181320.GB28918@doctor.nl2k.ab.ca> On Mon, May 01, 2006 at 06:47:04PM +0100, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Dave Shariff Yadallee - System Administrator a.k.a. The Root of the > Problem wrote: > > On Mon, May 01, 2006 at 06:18:11PM +0200, Jim Holland wrote: > > > >> Hi Julian > >> > >> Thanks for the new version, however the links to the PGP signatures on > >> your site give a 404 Not found error. Please check. > >> > >> Regards > >> > >> Jim Holland > >> System Administrator > >> MANGO - Zimbabwe's non-profit e-mail service > >> > >> On Mon, 1 May 2006, Julian Field wrote: > >> > >> > >>> -----BEGIN PGP SIGNED MESSAGE----- > >>> Hash: SHA1 > >>> > >>> I have just released the May release of MailScanner, version 4.53.6. > >>> > >>> The main new improvements this month are: > >>> > >>> - - Support for sa-update as provided with recent versions of SpamAssassin. > >>> - - Support for the new format of headers files produced by Exim 4.61. > >>> - - Many improvements to the handling of, and response to, Web Bugs. > >>> - - Support for the "gunzip" command so that filetype and filename checks > >>> can be done on compressed files created with either the "gzip" or > >>> "compress" commands. > >>> - - Support for numerical IP addresses in phishing.safe.sites.conf. Using > >>> this, entire servers can be whitelisted with one entry, removing the > >>> need to add every domain provided by that server. > >>> - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that > >>> entries can be written as "Max SpamAssassin Size = 30k" instead of > >>> "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. > >>> > >>> You can download it as usual from > >>> www.mailscanner.info > >>> > >>> The full Change Log is > >>> > >>> * New Features and Improvements * > >>> - - Attachment extraction now checks for available disk space and a DoS attack > >>> using messages with high expansion ratios will fail even quicker than it > >>> did before. > >>> - - Added new setting "SpamAssassin Local State Dir" to support the sa-update > >>> tool provided with MailScanner these days, to provide a way of auto- > >>> updating the core SpamAssassin rulesets. The default value is set to what > >>> you need for Linux (/var/lib). > >>> - - Added new cron job to run sa-update every night. The location of the > >>> sa-update program is read from /etc/sysconfig/MailScanner. > >>> - - Added support for new header -H file format in Exim 4.61. > >>> - - Added 2 new configuration options "Gunzip Command" and "Gunzip Timeout" to > >>> enable unpacking of gzip-ed files for filename and filetype checking. > >>> Even if this is disabled, gzip-ed files will still be virus scanned. > >>> - - Added support for numerical entries in phishing.safe.sites.conf file. > >>> - - Added support for optional multipliers in numbers in MailScanner.conf. > >>> So you can now write "50M" instead of "50000000". The multipliers > >>> supported > >>> are "k", "m" and "g" to denote 1 thousand, 1 million and 1 billion (10^9) > >>> in upper or lower case. > >>> You must *not* put any spaces between the number and the multiplier > >>> character. > >>> - - Added a new configuration option "Ignored Web Bug Filenames". This allows > >>> you to whitelist a bunch of filenames that can appear in the URLs of > >>> potential web bugs. So if you decide that all potential web bugs with > >>> "spacer" or "pixel.gif" in the filename are just padding for page layout, > >>> then you can make it ignore them by adding them to this list. A sample > >>> list is provided in MailScanner.conf. > >>> This is disabled by default, as spammers may start to use this as a means > >>> of circumventing the Web Bug trap. > >>> - - When Web Bugs are disarmed, the URL used to replace the original web bug > >>> can now be set using the new configuration option "Web Bug Replacement". > >>> If this is not specified, then the old value of "MailScannerWebBug" is > >>> used. > >>> The default value supplied in the MailScanner.conf file is the address of > >>> an untracked 1x1 pixel transparent gif (51 bytes) hosted on the > >>> MailScanner > >>> web site. This will not be tracked other than to supply an overall > >>> count of > >>> the number of hits this image gets, for overall statistical purposes. > >>> - - Added Razor2 to the list of plugins automatically enabled by the ClamAV+SA > >>> easy-to-install package, due to the recent change in licence. Now if DCC > >>> could go the same way... > >>> * Fixes * > >>> - - Fixed bug in DoS attack handler. Thanks for Jorge for this. > >>> > >>> - -- > >>> Julian Field > >>> www.MailScanner.info > >>> Buy the MailScanner book at www.MailScanner.info/store > >>> Professional Support Services at www.MailScanner.biz > >>> MailScanner thanks transtec Computers for their support > >>> > >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>> > >>> > >>> -----BEGIN PGP SIGNATURE----- > >>> Version: PGP Desktop 9.0.6 (Build 6060) > >>> > >>> iQA/AwUBRFXT6hH2WUcUFbZUEQJqkwCgnB2LzUyvYkHin3/aLN6I7WHsomMAn3au > >>> BZyQSK0p+xYHKI8JQJk383/l > >>> =qePP > >>> -----END PGP SIGNATURE----- > >>> > >>> > >>> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > > > > > > Julian is Filesys-Statvfs_Statfs_Df > > > > GOingto be intrical to MailScanner? > > > intrical? intrinsically critical? > > > > If so, someone please tell me how I can correct: > > > > make test > > PERL_DL_NONLAZY=1 /usr/bin/perl "-Iblib/lib" "-Iblib/arch" test.pl > > 1..3 > > /usr/bin/perl: can't resolve symbol 'statvfs' > > Can't load 'blib/arch/auto/Filesys/Statvfs/Statvfs.so' for module Filesys::Statvfs: Unable to resolve symbol at /usr/libdata/perl5/5.8.8/i386-bsdos/DynaLoader.pm line 230. > > at test.pl line 12 > > Compilation failed in require at test.pl line 12. > > BEGIN failed--compilation aborted at test.pl line 12. > > not ok 1 > > *** Error code 2 > > > > Stop. > That's not good. Please file a bug with the author of Filesys::Df. It > appears it fails under BSD :-( > > To work around it for now, find where Message.pm has been put on your > BSD system (possibly /opt/MailScanner/lib/MailScanner/Message.pm or > /usr/lib/MailScanner/MailScanner/Message.pm?) and edit it. > > Change line 1663 from > my $df = df($dir, 1024); > to > my $df = undef; > > and then restart MailScanner. This will just eliminate the check. Make > sure you don't run out of disk space :-) > > - -- Don't run out of Disk Space?? Can we have an explanation? > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRFZJmRH2WUcUFbZUEQKdDQCgsZhPcrJoF32oC9kUHvL3w9UqE7AAnA03 > ZZe+sL/7Vfx0WjC4ys2/7DQC > =QRta > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Mon May 1 19:37:09 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon May 1 19:37:27 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: <20060501181320.GB28918@doctor.nl2k.ab.ca> References: <4455D3E9.8010405@ecs.soton.ac.uk> <20060501164854.GA17627@doctor.nl2k.ab.ca> <44564998.70902@ecs.soton.ac.uk> <20060501181320.GB28918@doctor.nl2k.ab.ca> Message-ID: Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem spake the following on 5/1/2006 11:13 AM: > On Mon, May 01, 2006 at 06:47:04PM +0100, Julian Field wrote: Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem spake the following on 5/1/2006 11:13 AM: > On Mon, May 01, 2006 at 06:47:04PM +0100, Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Dave Shariff Yadallee - System Administrator a.k.a. The Root of the >> Problem wrote: >>> On Mon, May 01, 2006 at 06:18:11PM +0200, Jim Holland wrote: >>> >>>> Hi Julian >>>> >>>> Thanks for the new version, however the links to the PGP signatures on >>>> your site give a 404 Not found error. Please check. >>>> >>>> Regards >>>> >>>> Jim Holland >>>> System Administrator >>>> MANGO - Zimbabwe's non-profit e-mail service >>>> >>>> On Mon, 1 May 2006, Julian Field wrote: >>>> >>>> >>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>> Hash: SHA1 >>>>> >>>>> I have just released the May release of MailScanner, version 4.53.6. >>>>> >>>>> The main new improvements this month are: >>>>> >>>>> - - Support for sa-update as provided with recent versions of SpamAssassin. >>>>> - - Support for the new format of headers files produced by Exim 4.61. >>>>> - - Many improvements to the handling of, and response to, Web Bugs. >>>>> - - Support for the "gunzip" command so that filetype and filename checks >>>>> can be done on compressed files created with either the "gzip" or >>>>> "compress" commands. >>>>> - - Support for numerical IP addresses in phishing.safe.sites.conf. Using >>>>> this, entire servers can be whitelisted with one entry, removing the >>>>> need to add every domain provided by that server. >>>>> - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that >>>>> entries can be written as "Max SpamAssassin Size = 30k" instead of >>>>> "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. >>>>> >>>>> You can download it as usual from >>>>> www.mailscanner.info >>>>> >>>>> The full Change Log is >>>>> >>>>> * New Features and Improvements * >>>>> - - Attachment extraction now checks for available disk space and a DoS attack >>>>> using messages with high expansion ratios will fail even quicker than it >>>>> did before. >>>>> - - Added new setting "SpamAssassin Local State Dir" to support the sa-update >>>>> tool provided with MailScanner these days, to provide a way of auto- >>>>> updating the core SpamAssassin rulesets. The default value is set to what >>>>> you need for Linux (/var/lib). >>>>> - - Added new cron job to run sa-update every night. The location of the >>>>> sa-update program is read from /etc/sysconfig/MailScanner. >>>>> - - Added support for new header -H file format in Exim 4.61. >>>>> - - Added 2 new configuration options "Gunzip Command" and "Gunzip Timeout" to >>>>> enable unpacking of gzip-ed files for filename and filetype checking. >>>>> Even if this is disabled, gzip-ed files will still be virus scanned. >>>>> - - Added support for numerical entries in phishing.safe.sites.conf file. >>>>> - - Added support for optional multipliers in numbers in MailScanner.conf. >>>>> So you can now write "50M" instead of "50000000". The multipliers >>>>> supported >>>>> are "k", "m" and "g" to denote 1 thousand, 1 million and 1 billion (10^9) >>>>> in upper or lower case. >>>>> You must *not* put any spaces between the number and the multiplier >>>>> character. >>>>> - - Added a new configuration option "Ignored Web Bug Filenames". This allows >>>>> you to whitelist a bunch of filenames that can appear in the URLs of >>>>> potential web bugs. So if you decide that all potential web bugs with >>>>> "spacer" or "pixel.gif" in the filename are just padding for page layout, >>>>> then you can make it ignore them by adding them to this list. A sample >>>>> list is provided in MailScanner.conf. >>>>> This is disabled by default, as spammers may start to use this as a means >>>>> of circumventing the Web Bug trap. >>>>> - - When Web Bugs are disarmed, the URL used to replace the original web bug >>>>> can now be set using the new configuration option "Web Bug Replacement". >>>>> If this is not specified, then the old value of "MailScannerWebBug" is >>>>> used. >>>>> The default value supplied in the MailScanner.conf file is the address of >>>>> an untracked 1x1 pixel transparent gif (51 bytes) hosted on the >>>>> MailScanner >>>>> web site. This will not be tracked other than to supply an overall >>>>> count of >>>>> the number of hits this image gets, for overall statistical purposes. >>>>> - - Added Razor2 to the list of plugins automatically enabled by the ClamAV+SA >>>>> easy-to-install package, due to the recent change in licence. Now if DCC >>>>> could go the same way... >>>>> * Fixes * >>>>> - - Fixed bug in DoS attack handler. Thanks for Jorge for this. >>>>> >>>>> - -- >>>>> Julian Field >>>>> www.MailScanner.info >>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>> Professional Support Services at www.MailScanner.biz >>>>> MailScanner thanks transtec Computers for their support >>>>> >>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>> >>>>> >>>>> -----BEGIN PGP SIGNATURE----- >>>>> Version: PGP Desktop 9.0.6 (Build 6060) >>>>> >>>>> iQA/AwUBRFXT6hH2WUcUFbZUEQJqkwCgnB2LzUyvYkHin3/aLN6I7WHsomMAn3au >>>>> BZyQSK0p+xYHKI8JQJk383/l >>>>> =qePP >>>>> -----END PGP SIGNATURE----- >>>>> >>>>> >>>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>> >>> Julian is Filesys-Statvfs_Statfs_Df >>> >>> GOingto be intrical to MailScanner? >>> >> intrical? intrinsically critical? >>> If so, someone please tell me how I can correct: >>> >>> make test >>> PERL_DL_NONLAZY=1 /usr/bin/perl "-Iblib/lib" "-Iblib/arch" test.pl >>> 1..3 >>> /usr/bin/perl: can't resolve symbol 'statvfs' >>> Can't load 'blib/arch/auto/Filesys/Statvfs/Statvfs.so' for module Filesys::Statvfs: Unable to resolve symbol at /usr/libdata/perl5/5.8.8/i386-bsdos/DynaLoader.pm line 230. >>> at test.pl line 12 >>> Compilation failed in require at test.pl line 12. >>> BEGIN failed--compilation aborted at test.pl line 12. >>> not ok 1 >>> *** Error code 2 >>> >>> Stop. >> That's not good. Please file a bug with the author of Filesys::Df. It >> appears it fails under BSD :-( >> >> To work around it for now, find where Message.pm has been put on your >> BSD system (possibly /opt/MailScanner/lib/MailScanner/Message.pm or >> /usr/lib/MailScanner/MailScanner/Message.pm?) and edit it. >> >> Change line 1663 from >> my $df = df($dir, 1024); >> to >> my $df = undef; >> >> and then restart MailScanner. This will just eliminate the check. Make >> sure you don't run out of disk space :-) >> >> - -- > > Don't run out of Disk Space?? > > Can we have an explanation? That module reports on file system usage. MailScanner must use it to make sure there is adequate space before it does some options. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From jrudd at ucsc.edu Mon May 1 19:37:11 2006 From: jrudd at ucsc.edu (John Rudd) Date: Mon May 1 19:37:38 2006 Subject: how to bock mailservers that have only an ip address In-Reply-To: References: <2343d306f6cd0d1e03d50b748a433ef1@ucsc.edu> Message-ID: <16ea5bbd24250313eddd6783ef78031a@ucsc.edu> On May 1, 2006, at 7:31 AM, Kai Schaetzl wrote: > performance (and I think here's a clear advantage for > MailScanner: the more mail you get the better should MailScanner > perform > in contrast to MimeDefang because it runs in queue mode and you can > accept > mail all the time with the MTA whereas with a milter you have to spawn > another instance of it for every open connection). Actually, like MailScanner, MIMEDefang uses persistent perl processes not per-scan nor per-message perl processes. The difference isn't in spawning processes, the difference is in the bulk nature of the actual processing being done (MailScanner bulk scans messages during virus scanning, and MIMEDefang scans messages one at a time for all aspects of scanning). > And, of course, there's > that basic decision: do you want to reject virus mail at MTA level or > quarantine it, just in case it got assessed wrong. Same thing with > spam. > If one is so confident that the scoring/decision always is right then > go > with rejecting at MTA level (=MimeDefang or amavisd), if one is not so > confident about it then quarantine it (=MailScanner). Again, that's not the actual trade-off. You can do quarantine with MIMEDefang, too. Either directly, or by adding headers to be used later in the delivery process that will trigger something in the delivery agent (such as a procmail recipe, or something). > I for one do it the following way: reject mainly because of "technical" > reasons at MTA level (which rejects around 70/80% of all mail, only > around > 3% of the remaining mail is spam or bad content) and quarantine > because of > content. That's not too different from what I'm doing or proposing. I'm just saying that MIMEDefang lets you add more technical reasons to do the blocking at the MTA level. And, you can then choose to do your quarantining (and/or sanitizing, and/or mark-and-deliver) with MIMEDefang, MailScanner, or something else. Really, the main trades are with timing (what things do you want done during the SMTP transaction? and the difference between bouncing during SMTP or during post-SMTP processing), the bulk speed of MailScanner for virus checks, a few style choices (MD's filename checks vs MS's filename checks), and a few feature differences (MD's ability to do relay, helo, sender, and recipient checking; MS's phishing checks). The rest is pretty much all the same. From root at doctor.nl2k.ab.ca Mon May 1 21:26:59 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Mon May 1 21:27:24 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: References: <4455D3E9.8010405@ecs.soton.ac.uk> <20060501164854.GA17627@doctor.nl2k.ab.ca> <44564998.70902@ecs.soton.ac.uk> <20060501181320.GB28918@doctor.nl2k.ab.ca> Message-ID: <20060501202659.GB29681@doctor.nl2k.ab.ca> On Mon, May 01, 2006 at 11:37:09AM -0700, Scott Silva wrote: > Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem > spake the following on 5/1/2006 11:13 AM: > > On Mon, May 01, 2006 at 06:47:04PM +0100, Julian Field wrote: > Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem > spake the following on 5/1/2006 11:13 AM: > > On Mon, May 01, 2006 at 06:47:04PM +0100, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> > >> > >> Dave Shariff Yadallee - System Administrator a.k.a. The Root of the > >> Problem wrote: > >>> On Mon, May 01, 2006 at 06:18:11PM +0200, Jim Holland wrote: > >>> > >>>> Hi Julian > >>>> > >>>> Thanks for the new version, however the links to the PGP signatures on > >>>> your site give a 404 Not found error. Please check. > >>>> > >>>> Regards > >>>> > >>>> Jim Holland > >>>> System Administrator > >>>> MANGO - Zimbabwe's non-profit e-mail service > >>>> > >>>> On Mon, 1 May 2006, Julian Field wrote: > >>>> > >>>> > >>>>> -----BEGIN PGP SIGNED MESSAGE----- > >>>>> Hash: SHA1 > >>>>> > >>>>> I have just released the May release of MailScanner, version 4.53.6. > >>>>> > >>>>> The main new improvements this month are: > >>>>> > >>>>> - - Support for sa-update as provided with recent versions of SpamAssassin. > >>>>> - - Support for the new format of headers files produced by Exim 4.61. > >>>>> - - Many improvements to the handling of, and response to, Web Bugs. > >>>>> - - Support for the "gunzip" command so that filetype and filename checks > >>>>> can be done on compressed files created with either the "gzip" or > >>>>> "compress" commands. > >>>>> - - Support for numerical IP addresses in phishing.safe.sites.conf. Using > >>>>> this, entire servers can be whitelisted with one entry, removing the > >>>>> need to add every domain provided by that server. > >>>>> - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that > >>>>> entries can be written as "Max SpamAssassin Size = 30k" instead of > >>>>> "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. > >>>>> > >>>>> You can download it as usual from > >>>>> www.mailscanner.info > >>>>> > >>>>> The full Change Log is > >>>>> > >>>>> * New Features and Improvements * > >>>>> - - Attachment extraction now checks for available disk space and a DoS attack > >>>>> using messages with high expansion ratios will fail even quicker than it > >>>>> did before. > >>>>> - - Added new setting "SpamAssassin Local State Dir" to support the sa-update > >>>>> tool provided with MailScanner these days, to provide a way of auto- > >>>>> updating the core SpamAssassin rulesets. The default value is set to what > >>>>> you need for Linux (/var/lib). > >>>>> - - Added new cron job to run sa-update every night. The location of the > >>>>> sa-update program is read from /etc/sysconfig/MailScanner. > >>>>> - - Added support for new header -H file format in Exim 4.61. > >>>>> - - Added 2 new configuration options "Gunzip Command" and "Gunzip Timeout" to > >>>>> enable unpacking of gzip-ed files for filename and filetype checking. > >>>>> Even if this is disabled, gzip-ed files will still be virus scanned. > >>>>> - - Added support for numerical entries in phishing.safe.sites.conf file. > >>>>> - - Added support for optional multipliers in numbers in MailScanner.conf. > >>>>> So you can now write "50M" instead of "50000000". The multipliers > >>>>> supported > >>>>> are "k", "m" and "g" to denote 1 thousand, 1 million and 1 billion (10^9) > >>>>> in upper or lower case. > >>>>> You must *not* put any spaces between the number and the multiplier > >>>>> character. > >>>>> - - Added a new configuration option "Ignored Web Bug Filenames". This allows > >>>>> you to whitelist a bunch of filenames that can appear in the URLs of > >>>>> potential web bugs. So if you decide that all potential web bugs with > >>>>> "spacer" or "pixel.gif" in the filename are just padding for page layout, > >>>>> then you can make it ignore them by adding them to this list. A sample > >>>>> list is provided in MailScanner.conf. > >>>>> This is disabled by default, as spammers may start to use this as a means > >>>>> of circumventing the Web Bug trap. > >>>>> - - When Web Bugs are disarmed, the URL used to replace the original web bug > >>>>> can now be set using the new configuration option "Web Bug Replacement". > >>>>> If this is not specified, then the old value of "MailScannerWebBug" is > >>>>> used. > >>>>> The default value supplied in the MailScanner.conf file is the address of > >>>>> an untracked 1x1 pixel transparent gif (51 bytes) hosted on the > >>>>> MailScanner > >>>>> web site. This will not be tracked other than to supply an overall > >>>>> count of > >>>>> the number of hits this image gets, for overall statistical purposes. > >>>>> - - Added Razor2 to the list of plugins automatically enabled by the ClamAV+SA > >>>>> easy-to-install package, due to the recent change in licence. Now if DCC > >>>>> could go the same way... > >>>>> * Fixes * > >>>>> - - Fixed bug in DoS attack handler. Thanks for Jorge for this. > >>>>> > >>>>> - -- > >>>>> Julian Field > >>>>> www.MailScanner.info > >>>>> Buy the MailScanner book at www.MailScanner.info/store > >>>>> Professional Support Services at www.MailScanner.biz > >>>>> MailScanner thanks transtec Computers for their support > >>>>> > >>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>>>> > >>>>> > >>>>> -----BEGIN PGP SIGNATURE----- > >>>>> Version: PGP Desktop 9.0.6 (Build 6060) > >>>>> > >>>>> iQA/AwUBRFXT6hH2WUcUFbZUEQJqkwCgnB2LzUyvYkHin3/aLN6I7WHsomMAn3au > >>>>> BZyQSK0p+xYHKI8JQJk383/l > >>>>> =qePP > >>>>> -----END PGP SIGNATURE----- > >>>>> > >>>>> > >>>>> > >>>> -- > >>>> MailScanner mailing list > >>>> mailscanner@lists.mailscanner.info > >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>> > >>>> Before posting, read http://wiki.mailscanner.info/posting > >>>> > >>>> Support MailScanner development - buy the book off the website! > >>>> > >>>> -- > >>>> This message has been scanned for viruses and > >>>> dangerous content by MailScanner, and is > >>>> believed to be clean. > >>>> > >>> > >>> Julian is Filesys-Statvfs_Statfs_Df > >>> > >>> GOingto be intrical to MailScanner? > >>> > >> intrical? intrinsically critical? > >>> If so, someone please tell me how I can correct: > >>> > >>> make test > >>> PERL_DL_NONLAZY=1 /usr/bin/perl "-Iblib/lib" "-Iblib/arch" test.pl > >>> 1..3 > >>> /usr/bin/perl: can't resolve symbol 'statvfs' > >>> Can't load 'blib/arch/auto/Filesys/Statvfs/Statvfs.so' for module Filesys::Statvfs: Unable to resolve symbol at /usr/libdata/perl5/5.8.8/i386-bsdos/DynaLoader.pm line 230. > >>> at test.pl line 12 > >>> Compilation failed in require at test.pl line 12. > >>> BEGIN failed--compilation aborted at test.pl line 12. > >>> not ok 1 > >>> *** Error code 2 > >>> > >>> Stop. > >> That's not good. Please file a bug with the author of Filesys::Df. It > >> appears it fails under BSD :-( > >> > >> To work around it for now, find where Message.pm has been put on your > >> BSD system (possibly /opt/MailScanner/lib/MailScanner/Message.pm or > >> /usr/lib/MailScanner/MailScanner/Message.pm?) and edit it. > >> > >> Change line 1663 from > >> my $df = df($dir, 1024); > >> to > >> my $df = undef; > >> > >> and then restart MailScanner. This will just eliminate the check. Make > >> sure you don't run out of disk space :-) > >> > >> - -- > > > > Don't run out of Disk Space?? > > > > Can we have an explanation? > That module reports on file system usage. MailScanner must use it to make sure > there is adequate space before it does some options. > Got you. Why not use /tmp? > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lshaw at emitinc.com Tue May 2 00:20:09 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Tue May 2 00:20:24 2006 Subject: scanning on both primary and second MX servers Message-ID: Hey everyone, I've been working on setting up MailScanner at the site where I admin (previously we had no spam filtering at all), and so far I've got it working pretty well on the main mail server. We have a backup MX server (which we control) as well, but I hadn't set up MailScanner on that machine at all; I made the decision that it wasn't necessary based on the fact that all that mail will eventually go through the MailScanner machine anyway, so it should be able to do all the filtering. Now I've reached the point where I think realtime blacklisting needs to be part of our spam solution. I set it up on our primary mailserver (which receives via SMTP, runs MailScanner, and also is the POP3/IMAP server), and everything seems OK, except for one thing: the realtime blacklisting doesn't do squat to filter out spams that hit our backup MX server first. The reason is fairly obvious: on our MailScanner machine, the mail appears to be coming from a host that's OK, whereas on the backup MX machine, there is no blacklisting. So, I thought I had a solution: install MailScanner on the backup MX as well. Then blacklisting will be in effect over there, and everything's great, theoretically. I installed all that, and just now I realized the flaw in that plan. I now get two sets of headers because the messages are being scanned twice by two different machines. (I get "X-Spam-Status: Yes, Yes" and stuff like that.) Now I'm starting to believe I need to rethink my filtering strategy, but I'm not sure what the best solution is. It seems like I could solve this problem by making all our public MX records (both primary and secondary) MailScanner machines and having them both forward on to a third machine (which would run POP3/IMAP), but this is complicated, and we're a small company that probably can't easily spare another server-grade machine. Is there any other solution? Should I just remove MailScanner from the backup MX and fall back to doing realtime blacklisting through sendmail's DNSBL feature? That could work, but right now the policy is "always tag, never discard" spam, and I would have to delete spam if I had sendmail do that filtering. Thanks for any advice anyone can offer. - Logan From pete at enitech.com.au Tue May 2 01:09:08 2006 From: pete at enitech.com.au (Peter Russell) Date: Tue May 2 01:09:21 2006 Subject: scanning on both primary and second MX servers In-Reply-To: References: Message-ID: <4456A324.2030906@enitech.com.au> It seems > like I could solve this problem by making all our public MX > records (both primary and secondary) MailScanner machines and > having them both forward on to a third machine (which would run > POP3/IMAP), but this is complicated, and we're a small company > that probably can't easily spare another server-grade machine. > Is there any other solution? Should I just remove MailScanner > from the backup MX and fall back to doing realtime blacklisting > through sendmail's DNSBL feature? That could work, but right > now the policy is "always tag, never discard" spam, and I > would have to delete spam if I had sendmail do that filtering. > > Thanks for any advice anyone can offer. > > - Logan We are a medium sized company and we run the 2 MailScanner MX machines that forward mail to exchange (and handle some virtual domains). It works great especially during upgrade times, i can simply shut MS down on either machine with out affecting mail flow. With running 2 MS machines and having 2 sets of headers, you can handle this by changing the way the headers are added/appended in mailscanner.conf. Your lower weight MX will usually get a huge percentage of spam, so why cant all mail from your backup MX be sent to your primary MX for scanning before delivery? You can ignore the headers from that machine, look in spam.assassin.conf From james at grayonline.id.au Tue May 2 00:00:09 2006 From: james at grayonline.id.au (James Gray) Date: Tue May 2 02:09:56 2006 Subject: metric version of 1000? In-Reply-To: References: Message-ID: <200605020900.10678.james@grayonline.id.au> On Mon, 1 May 2006 09:36 pm, Jeff A. Earickson wrote: > Julian, > > > - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that > > entries can be written as "Max SpamAssassin Size = 30k" instead of > > "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. > > I see you use the metric version of k, m, g. In America we tend to use > the old style version of 1024 (2^10), 1048576 (2^20), and 1073741824 (2^30) > since we only have two fingers to count with. :) But look at the difference: 2^10 bytes = 1024, 10^3 bytes = 1000. Difference 2.4% 2^20 bytes = 1048576, 10^6 bytes = 1000000. Difference 4.9% 2^30 bytes = 1073741824, 10^9 bytes = 1000000000. Difference 7.4% Granted the 1G (base 10) and 1G (base 2) difference is starting to diverge reasonably significantly, but once you're at the point of blocking messages around the gigabyte size, is blocking a message 7.4% "early" going to make a significant difference?? I'm with Julian ;) BTW, thanks - this mod makes the config a LOT easier for humans to read and manage. Cheers, James -- "You're a creature of the night, Michael. Wait'll Mom hears about this." -- from the movie "The Lost Boys" -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060502/d37e3c93/attachment.bin From james at grayonline.id.au Tue May 2 04:10:59 2006 From: james at grayonline.id.au (James Gray) Date: Tue May 2 04:11:24 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: <20060501202659.GB29681@doctor.nl2k.ab.ca> References: <4455D3E9.8010405@ecs.soton.ac.uk> <20060501202659.GB29681@doctor.nl2k.ab.ca> Message-ID: <200605021311.03067.james@grayonline.id.au> On Tue, 2 May 2006 06:26 am, Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > Got you. Why not use /tmp? Point of netiquette: Why post 12.4KB of messages to add a single line?! We've all been following the previous messages, no need to post every message for "context"...just the bit you're replying to. C'mon people - we're mail admins, we of all people should know better ;) Thanks, James -- Be a better psychiatrist and the world will beat a psychopath to your door. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060502/f17610e0/attachment.bin From evanderleun at hal9000.nl Tue May 2 07:09:03 2006 From: evanderleun at hal9000.nl (Erik van der Leun) Date: Tue May 2 07:09:07 2006 Subject: mail loops In-Reply-To: <4456466C.1080308@ecs.soton.ac.uk> References: <44560595.80704@ecs.soton.ac.uk> <4456466C.1080308@ecs.soton.ac.uk> Message-ID: <4456F77F.7010703@hal9000.nl> My apologies... I do not have time today... maybe in my evening hours, but not earlier... I'll test it as soon as possible, I'll give you that :) Sorry, Erik Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Please can you try changing line 1663 of >/usr/lib/MailScanner/MailScanner/Message.pm. Change it to say > > my $df = Filesys::DF::df($dir, 1024); > >and let me know if this fixes it. If it does I'll put out another >release before tomorrow morning. > >Erik van der Leun wrote: > > >>Outgoing mail does not appear to have a problem, logically... >> >>I restarted MailScanner to be able to send the mail, and retried >>debugging >>mode while MailScanner was still on Air: >> >>In Debugging mode, not forking... >>Ignore errors about failing to find EOCD signature >>Undefined subroutine &MailScanner::Message::df called at >>/usr/lib/MailScanner/MailScanner/Message.pm line 1663. >> >>This was the only output I got... Might be it though... >> >>I'm downgrading again for now, as I do need mailflow :) >> >>On Mon, 1 May 2006, Julian Field wrote: >> >> >> >>>-----BEGIN PGP SIGNED MESSAGE----- >>>Hash: SHA1 >>> >>>In which case stop MailScanner, do "MailScanner --debug" and send us the >>>output. >>> >>>Erik van der Leun wrote: >>> >>> >>>>Hi, >>>> >>>>I've already sent a (mild) warming for gentoo users on the latest >>>>stable >>>>release of MailScanner (the filename of Df.pm will be different if you >>>>use portage to install this perl module), but I didn't even get my >>>>MailScanner >>>>to work properly after the upgrade. >>>> >>>>Mail was checked for spam, I got a message the Virusscanning got >>>>started, but >>>>the first message after that, was the number of messages found in the >>>>queue >>>>and it kept on looping like this. >>>> >>>>Mail was accepted, but not delivered... >>>>I didn't take a lot time to investigate as I simply don't have it >>>>available >>>>at the moment. I downgraded and the problem was solved. >>>> >>>>Did anybody have similar experiences? >>>> >>>>Kind regards, >>>>Erik van der Leun >>>> >>>> >>>- -- >>>Julian Field >>>www.MailScanner.info >>>Buy the MailScanner book at www.MailScanner.info/store >>>Professional Support Services at www.MailScanner.biz >>>MailScanner thanks transtec Computers for their support >>> >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>>-----BEGIN PGP SIGNATURE----- >>>Version: PGP Desktop 9.0.6 (Build 6060) >>> >>>iQA/AwUBRFYFlRH2WUcUFbZUEQLFLACfQD3n1IAc8Ef33of1eUdn/cwDuAoAoJ8n >>>caAovvutPmulPsve+6s3l1S6 >>>=QJQZ >>>-----END PGP SIGNATURE----- >>> >>>-- >>>This message has been scanned for viruses and >>>dangerous content by MailScanner, and is >>>believed to be clean. >>>MailScanner thanks transtec Computers for their support. >>> >>>-- >>>MailScanner mailing list >>>mailscanner@lists.mailscanner.info >>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>>Before posting, read http://wiki.mailscanner.info/posting >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> > >- -- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.0.6 (Build 6060) > >iQA/AwUBRFZGbRH2WUcUFbZUEQKhLgCcD1Wr/dcWVRvvA+8aIDngBJ1M+EkAnj4E >bVt4nI/GlG7cuPvnOF4OnmZx >=J2yj >-----END PGP SIGNATURE----- > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060502/ba8e4b10/attachment.html From MailScanner at ecs.soton.ac.uk Tue May 2 09:29:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 2 09:29:48 2006 Subject: scanning on both primary and second MX servers In-Reply-To: References: Message-ID: <7B215F5B-2581-4E2C-9A29-A5FE5F0373F7@ecs.soton.ac.uk> On 2 May 2006, at 00:20, Logan Shaw wrote: > Hey everyone, > > I've been working on setting up MailScanner at the site where > I admin (previously we had no spam filtering at all), and so > far I've got it working pretty well on the main mail server. > We have a backup MX server (which we control) as well, but I > hadn't set up MailScanner on that machine at all; I made the > decision that it wasn't necessary based on the fact that all > that mail will eventually go through the MailScanner machine > anyway, so it should be able to do all the filtering. > > Now I've reached the point where I think realtime blacklisting > needs to be part of our spam solution. I set it up on our > primary mailserver (which receives via SMTP, runs MailScanner, > and also is the POP3/IMAP server), and everything seems OK, > except for one thing: the realtime blacklisting doesn't do > squat to filter out spams that hit our backup MX server first. > The reason is fairly obvious: on our MailScanner machine, > the mail appears to be coming from a host that's OK, whereas > on the backup MX machine, there is no blacklisting. > > So, I thought I had a solution: install MailScanner on the > backup MX as well. Then blacklisting will be in effect over > there, and everything's great, theoretically. I installed all > that, and just now I realized the flaw in that plan. I now > get two sets of headers because the messages are being scanned > twice by two different machines. (I get "X-Spam-Status: Yes, > Yes" and stuff like that.) What I would advise is that you install SpamAssassin (used as part of MailScanner, download by "easy-to-install" package of ClamAV+SA from the MailScanner downloads page). You can then not only assign your own scores to different RBLs if you want to, but more importantly SpamAssassin will check all the hosts through which the message passed, not just the last hop (which is all MailScanner can do). SpamAssassin is much better than MailScanner with this feature. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Tue May 2 09:58:08 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 2 09:58:13 2006 Subject: metric version of 1000? In-Reply-To: <200605020900.10678.james@grayonline.id.au> References: <200605020900.10678.james@grayonline.id.au> Message-ID: <223f97700605020158l249dd6e4hd518e2ac7199a02d@mail.gmail.com> On 02/05/06, James Gray wrote: > On Mon, 1 May 2006 09:36 pm, Jeff A. Earickson wrote: > > Julian, > > > > > - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that > > > entries can be written as "Max SpamAssassin Size = 30k" instead of > > > "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. > > > > I see you use the metric version of k, m, g. In America we tend to use > > the old style version of 1024 (2^10), 1048576 (2^20), and 1073741824 (2^30) > > since we only have two fingers to count with. :) > > But look at the difference: > > 2^10 bytes = 1024, 10^3 bytes = 1000. Difference 2.4% > 2^20 bytes = 1048576, 10^6 bytes = 1000000. Difference 4.9% > 2^30 bytes = 1073741824, 10^9 bytes = 1000000000. Difference 7.4% > > Granted the 1G (base 10) and 1G (base 2) difference is starting to diverge > reasonably significantly, but once you're at the point of blocking messages > around the gigabyte size, is blocking a message 7.4% "early" going to make a > significant difference?? > > I'm with Julian ;) BTW, thanks - this mod makes the config a LOT easier for > humans to read and manage. > > Cheers, > > James Why are you all "upset" about this? This is _very_ old news. (The long and short of it is actually that the HDD makers were actually right. That they might have had another motive than promoting a standardsbased view is... beside the point:-). As someone mentions, there are approved ways of stipulating binary multiples now, so... use them if you need to make the distinction clear;-). One might argue that Jules is simply "enforcing" the SI normative in a consistent way... Which is a very good thing. Makes life so much less ambiguos when we don't have to have any more "1.44M" diskettes (that are actually 1440 KiB... Sigh) and suchlike. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From james at grayonline.id.au Tue May 2 10:24:13 2006 From: james at grayonline.id.au (James Gray) Date: Tue May 2 10:24:47 2006 Subject: metric version of 1000? In-Reply-To: <223f97700605020158l249dd6e4hd518e2ac7199a02d@mail.gmail.com> References: <200605020900.10678.james@grayonline.id.au> <223f97700605020158l249dd6e4hd518e2ac7199a02d@mail.gmail.com> Message-ID: <200605021924.23422.james@grayonline.id.au> On Tue, 2 May 2006 06:58 pm, Glenn Steen wrote: > Why are you all "upset" about this? Are you replying to me? Or Jeff Earickson? Three things: 1. I was reinforcing Julian's choice of using base-10 instead of base-2 multipliers. I AGREE WITH JULIAN. 2. I didn't mention anything about hard drive. 3. I'm not bent out of shape about this. Cheers, James -- A penny saved is a penny to squander. -- Ambrose Bierce -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060502/29dd7326/attachment.bin From glenn.steen at gmail.com Tue May 2 10:35:43 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 2 10:35:47 2006 Subject: metric version of 1000? In-Reply-To: <200605021924.23422.james@grayonline.id.au> References: <200605020900.10678.james@grayonline.id.au> <223f97700605020158l249dd6e4hd518e2ac7199a02d@mail.gmail.com> <200605021924.23422.james@grayonline.id.au> Message-ID: <223f97700605020235s6fbc2cb1j14a582276fc736c2@mail.gmail.com> Could On 02/05/06, James Gray wrote: > On Tue, 2 May 2006 06:58 pm, Glenn Steen wrote: > > > Why are you all "upset" about this? > > Are you replying to me? Or Jeff Earickson? Three things: Jeff more probably than not... The citation marks could have been more prominent too:-). > 1. I was reinforcing Julian's choice of using base-10 instead of base-2 > multipliers. I AGREE WITH JULIAN. Yes. No need to shout. > 2. I didn't mention anything about hard drive. No you didn't. It was mentioned earlier, and I was too lazy to rifle through my mails for that particular one. Sorry. > 3. I'm not bent out of shape about this. Rightly so. As said, I could have been clearer on the ... "tone"... of the mail. > > Cheers, > > James -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Tue May 2 10:40:33 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 2 10:40:48 2006 Subject: metric version of 1000? In-Reply-To: <200605021924.23422.james@grayonline.id.au> References: <200605020900.10678.james@grayonline.id.au> <223f97700605020158l249dd6e4hd518e2ac7199a02d@mail.gmail.com> <200605021924.23422.james@grayonline.id.au> Message-ID: You have to laugh about this thread, I knew it would happen. I say something as simple as state that 10x10x10=1000 and people get uppity about it. :-) Enough guys. 1000 = 1E3, not 2E10. Check the arithmetic with your calculator, I think you'll find I'm right :-) And whatever anyone says about the ability of my calculator to do basic arithmetic that any 7-year old child can do, I ain't changin' it... On 2 May 2006, at 10:24, James Gray wrote: > On Tue, 2 May 2006 06:58 pm, Glenn Steen wrote: > >> Why are you all "upset" about this? > > Are you replying to me? Or Jeff Earickson? Three things: > 1. I was reinforcing Julian's choice of using base-10 instead of > base-2 > multipliers. I AGREE WITH JULIAN. > 2. I didn't mention anything about hard drive. > 3. I'm not bent out of shape about this. > > Cheers, > > James > -- > A penny saved is a penny to squander. > -- Ambrose Bierce > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Tue May 2 11:24:15 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 2 11:24:18 2006 Subject: metric version of 1000? In-Reply-To: References: <200605020900.10678.james@grayonline.id.au> <223f97700605020158l249dd6e4hd518e2ac7199a02d@mail.gmail.com> <200605021924.23422.james@grayonline.id.au> Message-ID: <223f97700605020324t5b872e8r695e1fd99d7f94af@mail.gmail.com> On 02/05/06, Julian Field wrote: > You have to laugh about this thread, I knew it would happen. > I say something as simple as state that 10x10x10=1000 and people get > uppity about it. > :-) The really fun thing is that we're all agreeing... violently:-). Oh well. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From maillists at conactive.com Tue May 2 11:31:20 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue May 2 11:31:25 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: <200605021311.03067.james@grayonline.id.au> References: <4455D3E9.8010405@ecs.soton.ac.uk> <20060501202659.GB29681@doctor.nl2k.ab.ca> <200605021311.03067.james@grayonline.id.au> Message-ID: James Gray wrote on Tue, 2 May 2006 13:10:59 +1000: > Point of netiquette: Thanks, James, you expressed my thoughts. And I really don't mind the size of the messages. But I don't like to search for the reply, this is ridiculous. I just skipped his last messages because I was tired of that. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From jaearick at colby.edu Tue May 2 13:33:18 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Tue May 2 13:38:03 2006 Subject: metric version of 1000? In-Reply-To: References: <200605020900.10678.james@grayonline.id.au> <223f97700605020158l249dd6e4hd518e2ac7199a02d@mail.gmail.com> <200605021924.23422.james@grayonline.id.au> Message-ID: Yup, lighten up guys. I did post this as a bit of humor, plus a more general query about 2^x vs 10^x. If I want 2^10, I know what to enter. The real question is "which two fingers do I count with?" Jeff Earickson On Tue, 2 May 2006, Julian Field wrote: > Date: Tue, 2 May 2006 10:40:33 +0100 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: metric version of 1000? > > You have to laugh about this thread, I knew it would happen. > I say something as simple as state that 10x10x10=1000 and people get uppity > about it. > :-) > > Enough guys. 1000 = 1E3, not 2E10. Check the arithmetic with your calculator, > I think you'll find I'm right :-) > > And whatever anyone says about the ability of my calculator to do basic > arithmetic that any 7-year old child can do, I ain't changin' it... > > On 2 May 2006, at 10:24, James Gray wrote: > >> On Tue, 2 May 2006 06:58 pm, Glenn Steen wrote: >> >>> Why are you all "upset" about this? >> >> Are you replying to me? Or Jeff Earickson? Three things: >> 1. I was reinforcing Julian's choice of using base-10 instead of base-2 >> multipliers. I AGREE WITH JULIAN. >> 2. I didn't mention anything about hard drive. >> 3. I'm not bent out of shape about this. >> >> Cheers, >> >> James >> -- >> A penny saved is a penny to squander. >> -- Ambrose Bierce >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From rob at thehostmasters.com Tue May 2 14:21:24 2006 From: rob at thehostmasters.com (Rob Morin) Date: Tue May 2 14:21:30 2006 Subject: {Spam?} Re: Changin MX machine to it's own, recommendations please... In-Reply-To: <444E6B07.8040905@thehostmasters.com> References: <013b01c66870$70632750$3004010a@martinhlaptop> <444E2D43.8020008@thehostmasters.com> <444E60D2.3090107@thehostmasters.com> <444E6B07.8040905@thehostmasters.com> Message-ID: <44575CD4.9010700@thehostmasters.com> Ok so i have the machine up and running with about 120 domains going through it, all seems nice.... Thanks for all your help guys and gals.... I just have one more simple question..... i whitelisted any email coming form this new machine in my current config on the old machine..... now is this enough to tell MS not to scan incoming email from this server or should i do anything else? I mean will it still scan it? and give it a high negative number because its on the white list....? or is ther another way to say , do not scan for spam ro virus for any email coming form this machine IP? as i need the load to go done on the older machine and do not want MS being used for anything other than email going out form web apps on the server.... Thanks! Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Rob Morin wrote: > Actually also one more question.... bayse, should i use it? if so i > know there is some cleaning that has to be done.... any > pointers/suggestions? > > Thanks... > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > > > Rob Morin wrote: >> >> Thanks for clearing that up Julian, i feel more comfortable now.... >> >> And keep up the good work.... once i get all this working, i assure >> you i shall be getting "The BOOK" >> >> Thanks once again... >> >> :) >> >> Rob Morin >> Dido InterNet Inc. >> Montreal, Canada >> Http://www.dido.ca >> 514-990-4444 >> >> >> >> Julian Field wrote: >>> My recommended route that the "other" distribution takes is to >>> install it into /opt/MailScanner-/ >>> So you get the new version set up (there is a >>> "upgrade_MailScanner_conf" and also a "upgrade_languages_conf" tools >>> that do all the hard work for you), you can just switch over by >>> moving a softlink /opt/MailScanner from the old version to the new >>> version. >>> >>> So say you have >>> /opt/MailScanner-4.52.2/ >>> and >>> ln -s MailScanner-4.52.2 /opt/MailScanner >>> >>> then you install the new version into /opt/MailScanner-4.54.1/ >>> and then >>> rm -f /opt/MailScanner >>> ln -s MailScanner-4.54.1 /opt/MailScanner >>> >>> Then just stop and start MailScanner and it will start up the new >>> one. Keep your old ones installed until you decide to do any >>> housekeeping, there's no harm in leaving the old versions installed. >>> >>> To install it, unpack the tar.gz file and cd into it and ./install.sh. >>> >>> On 25 Apr 2006, at 15:08, Rob Morin wrote: >>> >>>> So for updates to this package , i simply re-install over or is >>>> there another way? say the next update/ version comes out of MS >>>> 4.54 say, so i download the same install package? >>>> >>>> Martin Hepworth wrote: >>>>> Rob >>>>> >>>>> Look for the solaris/BSD/other unix one.. >>>>> >>>>> Latest stable is at.. >>>>> >>>>> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/MailScanner-install-4 >>>>> >>>>> .52.2-1.tar.gz >>>>> >>>>> >>>>> >>>>> -- >>>>> Martin Hepworth Snr Systems Administrator >>>>> Solid State Logic >>>>> Tel: +44 (0)1865 842300 >>>>> >>>>> >>>>>> -----Original Message----- >>>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>>> [mailto:mailscanner- >>>>>> bounces@lists.mailscanner.info] On Behalf Of Rob Morin >>>>>> Sent: 25 April 2006 14:55 >>>>>> To: MailScanner discussion >>>>>> Subject: Re: Changin MX machine to it's own, recommendations >>>>>> please... >>>>>> >>>>>> Ok so i have the new virgin machine up and running, now i want to >>>>>> install Mailscanner.... but on the downloads section i only find >>>>>> debian >>>>>> packages and other packages for other OSs, but no tarball or >>>>>> source? Am >>>>>> i missing something??? >>>>>> >>>>>> I see the tarball to install SA & Clam(i figure i would do that by >>>>>> apt-get) but i wanted to make sure i can keep up with changes of MS >>>>>> itself... if i do Debian package, i will have to wait a month or >>>>>> so or >>>>>> longer between updates, right? Not apt-get but downloading the >>>>>> actual >>>>>> package... >>>>>> >>>>>> What happend to the source install? >>>>>> What should i do? >>>>>> >>>>>> Thanks in advance! >>>>>> >>>>>> :) >>>>>> >>>>>> Have a great day! >>>>>> >>>>>> Rob Morin >>>>>> Dido InterNet Inc. >>>>>> Montreal, Canada >>>>>> Http://www.dido.ca >>>>>> 514-990-4444 >>>>>> >>>>>> >>>>>> >>>>>> Martin Hepworth wrote: >>>>>> >>>>>>> Rob >>>>>>> >>>>>>> As for the apt or source - depends on how often you want to >>>>>>> >>>>>> update....the >>>>>> >>>>>>> apt's can be a little behind a the monthly source updates..if >>>>>>> you're >>>>>>> >>>>>> happy >>>>>> >>>>>>> with apt for everything - esp moving to unstable then it's prob >>>>>>> to stick >>>>>>> with that. >>>>>>> >>>>>>> For the machine itself - make sure you've got at least 1GB per >>>>>>> CPU (that >>>>>>> includes HT as two CPUs etc). >>>>>>> >>>>>>> -- >>>>>>> Martin Hepworth >>>>>>> Snr Systems Administrator >>>>>>> Solid State Logic >>>>>>> Tel: +44 (0)1865 842300 >>>>>>> >>>>>>> >>>>>>> >>>>>>>> -----Original Message----- >>>>>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>>>>> [mailto:mailscanner- >>>>>>>> bounces@lists.mailscanner.info] On Behalf Of Rob Morin >>>>>>>> Sent: 18 April 2006 20:51 >>>>>>>> To: MailScanner discussion >>>>>>>> Subject: Changin MX machine to it's own, recommendations please... >>>>>>>> >>>>>>>> Hello.... >>>>>>>> >>>>>>>> I will be creating an MX(mailscanner Machine) all on its own >>>>>>>> to crunch >>>>>>>> away all those bad little emails... as the current MS is taking >>>>>>>> too >>>>>>>> >>>>>> much >>>>>> >>>>>>>> resources on my other machine.... >>>>>>>> >>>>>>>> So the question is, aside form OS which will be Debian and the >>>>>>>> hardware.... >>>>>>>> >>>>>>>> What setup should i do with respect to install MS and associated >>>>>>>> >>>>>> apps... >>>>>> >>>>>>>> Apt-get or source/compile/install... >>>>>>>> >>>>>>>> any other important things is should check out or know? >>>>>>>> >>>>>>>> Thanks too all.. >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> Rob Morin >>>>>>>> Dido InterNet Inc. >>>>>>>> Montreal, Canada >>>>>>>> Http://www.dido.ca >>>>>>>> 514-990-4444 >>>>>>>> >>>>>>>> -- >>>>>>>> MailScanner mailing list >>>>>>>> mailscanner@lists.mailscanner.info >>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>>> >>>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>>> >>>>>>> ********************************************************************** >>>>>>> >>>>>>> >>>>>>> This email and any files transmitted with it are confidential and >>>>>>> intended solely for the use of the individual or entity to whom >>>>>>> they >>>>>>> are addressed. If you have received this email in error please >>>>>>> notify >>>>>>> the system manager. >>>>>>> >>>>>>> This footnote confirms that this email message has been swept >>>>>>> for the presence of computer viruses and is believed to be clean. >>>>>>> >>>>>>> ********************************************************************** >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>> >>>>> >>>>> ********************************************************************** >>>>> >>>>> >>>>> This email and any files transmitted with it are confidential and >>>>> intended solely for the use of the individual or entity to whom they >>>>> are addressed. If you have received this email in error please notify >>>>> the system manager. >>>>> >>>>> This footnote confirms that this email message has been swept >>>>> for the presence of computer viruses and is believed to be clean. >>>>> ********************************************************************** >>>>> >>>>> >>>>> >>>> >>>> --MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> --Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> --This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> MailScanner thanks transtec Computers for their support. >>> >>> --MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> > From lhaig at haigmail.com Tue May 2 14:27:51 2006 From: lhaig at haigmail.com (Lance Haig) Date: Tue May 2 14:27:56 2006 Subject: metric version of 1000? In-Reply-To: References: <200605020900.10678.james@grayonline.id.au> <223f97700605020158l249dd6e4hd518e2ac7199a02d@mail.gmail.com> <200605021924.23422.james@grayonline.id.au> Message-ID: <44575E57.6030106@haigmail.com> everyone just loves a good discussion :-) Lance Jeff A. Earickson wrote: > Yup, lighten up guys. I did post this as a bit of humor, plus a > more general query about 2^x vs 10^x. If I want 2^10, I know what > to enter. The real question is "which two fingers do I count with?" > > Jeff Earickson > > On Tue, 2 May 2006, Julian Field wrote: > >> Date: Tue, 2 May 2006 10:40:33 +0100 >> From: Julian Field >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Re: metric version of 1000? >> >> You have to laugh about this thread, I knew it would happen. >> I say something as simple as state that 10x10x10=1000 and people get >> uppity about it. >> :-) >> >> Enough guys. 1000 = 1E3, not 2E10. Check the arithmetic with your >> calculator, I think you'll find I'm right :-) >> >> And whatever anyone says about the ability of my calculator to do >> basic arithmetic that any 7-year old child can do, I ain't changin' it... >> >> On 2 May 2006, at 10:24, James Gray wrote: >> >>> On Tue, 2 May 2006 06:58 pm, Glenn Steen wrote: >>> >>>> Why are you all "upset" about this? >>> >>> Are you replying to me? Or Jeff Earickson? Three things: >>> 1. I was reinforcing Julian's choice of using base-10 instead of base-2 >>> multipliers. I AGREE WITH JULIAN. >>> 2. I didn't mention anything about hard drive. >>> 3. I'm not bent out of shape about this. >>> >>> Cheers, >>> >>> James >>> -- >>> A penny saved is a penny to squander. >>> -- Ambrose Bierce >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! From martin.lyberg at gmail.com Tue May 2 14:55:23 2006 From: martin.lyberg at gmail.com (Martin) Date: Tue May 2 14:55:58 2006 Subject: TNEF decoder error Message-ID: Hi, I've noticed the following in my maillog today: May 2 15:33:00 mymachine postfix/smtpd[25300]: connect from [xxx.xxx.xxx.xxx] May 2 15:33:00 mymachine postfix/smtpd[25300]: 1B82C43E00: client=[xxx.xxx.xxx.xxx] May 2 15:33:00 mymachine postfix/cleanup[25301]: 1B82C43E00: hold: header Received: from [xxx.xxx.xxx.xxx])??by mymachine.id.local (Postfix) with ESMTP id 1B82C43E00??for ; from [xxx.xxx.xxx.xxx]; from= to= proto=ESMTP helo= May 2 15:33:00 mymachine postfix/cleanup[25301]: 1B82C43E00: hold: header Received: from user (xxx.xxx.xxx.xxx) by blabla (7.2.070)? id 444497C50036BC75 for user@domain.com; Tue, 2 May 2006 15:32:53 +0200 from [xxx.xxx.xxx.xxx]; from= to= proto=ESMTP helo= May 2 15:33:00 mymachine postfix/cleanup[25301]: 1B82C43E00: message-id= May 2 15:33:05 mymachine MailScanner[19118]: New Batch: Scanning 1 messages, 4733 bytes May 2 15:33:07 mymachine MailScanner[19118]: Expanding TNEF archive at /var/spool/MailScanner/incoming/19118/1B82C43E00.9B11B/winmail.dat May 2 15:33:07 mymachine MailScanner[25304]: TNEF decoder failed with real error: Can't run tnef decoder: No such file or directory at /usr/share/MailScanner/MailScanner/TNEF.pm line 237. What is wrong with this file, and how can i prevent this error? I've searched the logs and it seems like it only happens when there's a attcahment named winmail.dat. I'm using MailScanner 4.51.5. Thank you From dhawal at netmagicsolutions.com Tue May 2 15:04:39 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue May 2 15:04:48 2006 Subject: TNEF decoder error In-Reply-To: References: Message-ID: <445766F7.3000109@netmagicsolutions.com> Martin wrote: > Hi, > > I've noticed the following in my maillog today: > > May 2 15:33:07 mymachine MailScanner[19118]: Expanding TNEF archive at > /var/spool/MailScanner/incoming/19118/1B82C43E00.9B11B/winmail.dat > May 2 15:33:07 mymachine MailScanner[25304]: TNEF decoder failed with > real error: Can't run tnef decoder: No such file or directory at > /usr/share/MailScanner/MailScanner/TNEF.pm line 237. > > What is wrong with this file, and how can i prevent this error? I've > searched the logs and it seems like it only happens when there's a > attcahment named winmail.dat. Do you have the tnef utility installed? http://tnef.sf.net - dhawal > I'm using MailScanner 4.51.5. > > Thank you From martin.lyberg at gmail.com Tue May 2 15:11:39 2006 From: martin.lyberg at gmail.com (Martin) Date: Tue May 2 15:12:20 2006 Subject: TNEF decoder error In-Reply-To: <445766F7.3000109@netmagicsolutions.com> References: <445766F7.3000109@netmagicsolutions.com> Message-ID: Dhawal Doshy wrote: > Do you have the tnef utility installed? http://tnef.sf.net I haven't manually installed it, so no. Will install it right away. I'll let you know if it happens again. Thank you From root at doctor.nl2k.ab.ca Tue May 2 15:17:38 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Tue May 2 15:18:06 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: <20060501202659.GB29681@doctor.nl2k.ab.ca> References: <4455D3E9.8010405@ecs.soton.ac.uk> <20060501164854.GA17627@doctor.nl2k.ab.ca> <44564998.70902@ecs.soton.ac.uk> <20060501181320.GB28918@doctor.nl2k.ab.ca> <20060501202659.GB29681@doctor.nl2k.ab.ca> Message-ID: <20060502141738.GC20347@doctor.nl2k.ab.ca> On Mon, May 01, 2006 at 02:26:59PM -0600, Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > On Mon, May 01, 2006 at 11:37:09AM -0700, Scott Silva wrote: > > Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem > > spake the following on 5/1/2006 11:13 AM: > > > On Mon, May 01, 2006 at 06:47:04PM +0100, Julian Field wrote: > > Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem > > spake the following on 5/1/2006 11:13 AM: > > > On Mon, May 01, 2006 at 06:47:04PM +0100, Julian Field wrote: > > >> -----BEGIN PGP SIGNED MESSAGE----- > > >> Hash: SHA1 > > >> > > >> > > >> > > >> Dave Shariff Yadallee - System Administrator a.k.a. The Root of the > > >> Problem wrote: > > >>> On Mon, May 01, 2006 at 06:18:11PM +0200, Jim Holland wrote: > > >>> > > >>>> Hi Julian > > >>>> > > >>>> Thanks for the new version, however the links to the PGP signatures on > > >>>> your site give a 404 Not found error. Please check. > > >>>> > > >>>> Regards > > >>>> > > >>>> Jim Holland > > >>>> System Administrator > > >>>> MANGO - Zimbabwe's non-profit e-mail service > > >>>> > > >>>> On Mon, 1 May 2006, Julian Field wrote: > > >>>> > > >>>> > > >>>>> -----BEGIN PGP SIGNED MESSAGE----- > > >>>>> Hash: SHA1 > > >>>>> > > >>>>> I have just released the May release of MailScanner, version 4.53.6. > > >>>>> > > >>>>> The main new improvements this month are: > > >>>>> > > >>>>> - - Support for sa-update as provided with recent versions of SpamAssassin. > > >>>>> - - Support for the new format of headers files produced by Exim 4.61. > > >>>>> - - Many improvements to the handling of, and response to, Web Bugs. > > >>>>> - - Support for the "gunzip" command so that filetype and filename checks > > >>>>> can be done on compressed files created with either the "gzip" or > > >>>>> "compress" commands. > > >>>>> - - Support for numerical IP addresses in phishing.safe.sites.conf. Using > > >>>>> this, entire servers can be whitelisted with one entry, removing the > > >>>>> need to add every domain provided by that server. > > >>>>> - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that > > >>>>> entries can be written as "Max SpamAssassin Size = 30k" instead of > > >>>>> "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. > > >>>>> > > >>>>> You can download it as usual from > > >>>>> www.mailscanner.info > > >>>>> > > >>>>> The full Change Log is > > >>>>> > > >>>>> * New Features and Improvements * > > >>>>> - - Attachment extraction now checks for available disk space and a DoS attack > > >>>>> using messages with high expansion ratios will fail even quicker than it > > >>>>> did before. > > >>>>> - - Added new setting "SpamAssassin Local State Dir" to support the sa-update > > >>>>> tool provided with MailScanner these days, to provide a way of auto- > > >>>>> updating the core SpamAssassin rulesets. The default value is set to what > > >>>>> you need for Linux (/var/lib). > > >>>>> - - Added new cron job to run sa-update every night. The location of the > > >>>>> sa-update program is read from /etc/sysconfig/MailScanner. > > >>>>> - - Added support for new header -H file format in Exim 4.61. > > >>>>> - - Added 2 new configuration options "Gunzip Command" and "Gunzip Timeout" to > > >>>>> enable unpacking of gzip-ed files for filename and filetype checking. > > >>>>> Even if this is disabled, gzip-ed files will still be virus scanned. > > >>>>> - - Added support for numerical entries in phishing.safe.sites.conf file. > > >>>>> - - Added support for optional multipliers in numbers in MailScanner.conf. > > >>>>> So you can now write "50M" instead of "50000000". The multipliers > > >>>>> supported > > >>>>> are "k", "m" and "g" to denote 1 thousand, 1 million and 1 billion (10^9) > > >>>>> in upper or lower case. > > >>>>> You must *not* put any spaces between the number and the multiplier > > >>>>> character. > > >>>>> - - Added a new configuration option "Ignored Web Bug Filenames". This allows > > >>>>> you to whitelist a bunch of filenames that can appear in the URLs of > > >>>>> potential web bugs. So if you decide that all potential web bugs with > > >>>>> "spacer" or "pixel.gif" in the filename are just padding for page layout, > > >>>>> then you can make it ignore them by adding them to this list. A sample > > >>>>> list is provided in MailScanner.conf. > > >>>>> This is disabled by default, as spammers may start to use this as a means > > >>>>> of circumventing the Web Bug trap. > > >>>>> - - When Web Bugs are disarmed, the URL used to replace the original web bug > > >>>>> can now be set using the new configuration option "Web Bug Replacement". > > >>>>> If this is not specified, then the old value of "MailScannerWebBug" is > > >>>>> used. > > >>>>> The default value supplied in the MailScanner.conf file is the address of > > >>>>> an untracked 1x1 pixel transparent gif (51 bytes) hosted on the > > >>>>> MailScanner > > >>>>> web site. This will not be tracked other than to supply an overall > > >>>>> count of > > >>>>> the number of hits this image gets, for overall statistical purposes. > > >>>>> - - Added Razor2 to the list of plugins automatically enabled by the ClamAV+SA > > >>>>> easy-to-install package, due to the recent change in licence. Now if DCC > > >>>>> could go the same way... > > >>>>> * Fixes * > > >>>>> - - Fixed bug in DoS attack handler. Thanks for Jorge for this. > > >>>>> > > >>>>> - -- > > >>>>> Julian Field > > >>>>> www.MailScanner.info > > >>>>> Buy the MailScanner book at www.MailScanner.info/store > > >>>>> Professional Support Services at www.MailScanner.biz > > >>>>> MailScanner thanks transtec Computers for their support > > >>>>> > > >>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >>>>> > > >>>>> > > >>>>> -----BEGIN PGP SIGNATURE----- > > >>>>> Version: PGP Desktop 9.0.6 (Build 6060) > > >>>>> > > >>>>> iQA/AwUBRFXT6hH2WUcUFbZUEQJqkwCgnB2LzUyvYkHin3/aLN6I7WHsomMAn3au > > >>>>> BZyQSK0p+xYHKI8JQJk383/l > > >>>>> =qePP > > >>>>> -----END PGP SIGNATURE----- > > >>>>> > > >>>>> > > >>>>> > > >>>> -- > > >>>> MailScanner mailing list > > >>>> mailscanner@lists.mailscanner.info > > >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > > >>>> > > >>>> Before posting, read http://wiki.mailscanner.info/posting > > >>>> > > >>>> Support MailScanner development - buy the book off the website! > > >>>> > > >>>> -- > > >>>> This message has been scanned for viruses and > > >>>> dangerous content by MailScanner, and is > > >>>> believed to be clean. > > >>>> > > >>> > > >>> Julian is Filesys-Statvfs_Statfs_Df > > >>> > > >>> GOingto be intrical to MailScanner? > > >>> > > >> intrical? intrinsically critical? > > >>> If so, someone please tell me how I can correct: > > >>> > > >>> make test > > >>> PERL_DL_NONLAZY=1 /usr/bin/perl "-Iblib/lib" "-Iblib/arch" test.pl > > >>> 1..3 > > >>> /usr/bin/perl: can't resolve symbol 'statvfs' > > >>> Can't load 'blib/arch/auto/Filesys/Statvfs/Statvfs.so' for module Filesys::Statvfs: Unable to resolve symbol at /usr/libdata/perl5/5.8.8/i386-bsdos/DynaLoader.pm line 230. > > >>> at test.pl line 12 > > >>> Compilation failed in require at test.pl line 12. > > >>> BEGIN failed--compilation aborted at test.pl line 12. > > >>> not ok 1 > > >>> *** Error code 2 > > >>> > > >>> Stop. > > >> That's not good. Please file a bug with the author of Filesys::Df. It > > >> appears it fails under BSD :-( > > >> > > >> To work around it for now, find where Message.pm has been put on your > > >> BSD system (possibly /opt/MailScanner/lib/MailScanner/Message.pm or > > >> /usr/lib/MailScanner/MailScanner/Message.pm?) and edit it. > > >> > > >> Change line 1663 from > > >> my $df = df($dir, 1024); > > >> to > > >> my $df = undef; > > >> > > >> and then restart MailScanner. This will just eliminate the check. Make > > >> sure you don't run out of disk space :-) > > >> > > >> - -- > > > > > > Don't run out of Disk Space?? > > > > > > Can we have an explanation? > > That module reports on file system usage. MailScanner must use it to make sure > > there is adequate space before it does some options. > > > > Got you. Why not use /tmp? > Julian, As per your suggestion, I have been in contact with the Filesys-Statvfs_Statfs_Df developers. Just to let you know users of BsdOS 4.3.X and FreeBSD 4.X do not have sys/statvfs.h on their system. I had to nick the necessary files from a FreeBSD 5.X Box. I will let you know of the progress. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue May 2 16:24:20 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 2 16:24:35 2006 Subject: TNEF decoder error In-Reply-To: References: <445766F7.3000109@netmagicsolutions.com> Message-ID: <7C4E1EF8-F80C-4AA0-94B8-CD36F18B96A6@ecs.soton.ac.uk> On 2 May 2006, at 15:11, Martin wrote: > Dhawal Doshy wrote: > >> Do you have the tnef utility installed? http://tnef.sf.net > > I haven't manually installed it, so no. Will install it right away. > I'll let you know if it happens again. From the error message, it is trying to use the internal TNEF decoder. If you install the external one, you will need to edit the location of the TNEF expander in MailScanner.conf. Look for "TNEF" in MailScanner.conf and you will easily find it, together with a commented-out suggestion of what the line should be set to, to use the external decoder. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue May 2 16:25:56 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 2 16:26:17 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: <20060502141738.GC20347@doctor.nl2k.ab.ca> References: <4455D3E9.8010405@ecs.soton.ac.uk> <20060501164854.GA17627@doctor.nl2k.ab.ca> <44564998.70902@ecs.soton.ac.uk> <20060501181320.GB28918@doctor.nl2k.ab.ca> <20060501202659.GB29681@doctor.nl2k.ab.ca> <20060502141738.GC20347@doctor.nl2k.ab.ca> Message-ID: <3D90F0C4-457D-4425-B9FF-9774B9C72A27@ecs.soton.ac.uk> On 2 May 2006, at 15:17, Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > Julian, As per your suggestion, I have been in contact with the > Filesys-Statvfs_Statfs_Df developers. > > Just to let you know users of BsdOS 4.3.X and FreeBSD 4.X > do not have sys/statvfs.h on their system. I had to nick the > necessary files > from a FreeBSD 5.X Box. > > I will let you know of the progress. That's a trick worth knowing. Might be worth someone adding this to a relevant section of the Wiki please? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From martinh at solid-state-logic.com Tue May 2 16:37:37 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue May 2 16:37:45 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: <3D90F0C4-457D-4425-B9FF-9774B9C72A27@ecs.soton.ac.uk> Message-ID: <032401c66dfe$5741ab00$3004010a@martinhlaptop> Assuming you have a 5.x system lying around..... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 02 May 2006 16:26 > To: MailScanner discussion > Subject: Re: MailScanner ANNOUNCE: stable 4.53.6 released > > > On 2 May 2006, at 15:17, Dave Shariff Yadallee - System Administrator > a.k.a. The Root of the Problem wrote: > > > Julian, As per your suggestion, I have been in contact with the > > Filesys-Statvfs_Statfs_Df developers. > > > > Just to let you know users of BsdOS 4.3.X and FreeBSD 4.X > > do not have sys/statvfs.h on their system. I had to nick the > > necessary files > > from a FreeBSD 5.X Box. > > > > I will let you know of the progress. > > That's a trick worth knowing. Might be worth someone adding this to a > relevant section of the Wiki please? > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From root at doctor.nl2k.ab.ca Tue May 2 16:50:46 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Tue May 2 16:51:27 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: <032401c66dfe$5741ab00$3004010a@martinhlaptop> References: <3D90F0C4-457D-4425-B9FF-9774B9C72A27@ecs.soton.ac.uk> <032401c66dfe$5741ab00$3004010a@martinhlaptop> Message-ID: <20060502155046.GB9795@doctor.nl2k.ab.ca> On Tue, May 02, 2006 at 04:37:37PM +0100, Martin Hepworth wrote: > Assuming you have a 5.x system lying around..... > FreeBSD 5.X?? Just get yourself an iso from http://www.freebsd.org . > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Julian Field > > Sent: 02 May 2006 16:26 > > To: MailScanner discussion > > Subject: Re: MailScanner ANNOUNCE: stable 4.53.6 released > > > > > > On 2 May 2006, at 15:17, Dave Shariff Yadallee - System Administrator > > a.k.a. The Root of the Problem wrote: > > > > > Julian, As per your suggestion, I have been in contact with the > > > Filesys-Statvfs_Statfs_Df developers. > > > > > > Just to let you know users of BsdOS 4.3.X and FreeBSD 4.X > > > do not have sys/statvfs.h on their system. I had to nick the > > > necessary files > > > from a FreeBSD 5.X Box. > > > > > > I will let you know of the progress. > > > > That's a trick worth knowing. Might be worth someone adding this to a > > relevant section of the Wiki please? > > > > -- > > Julian Field > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > MailScanner thanks transtec Computers for their support. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Tue May 2 16:51:32 2006 From: alex at nkpanama.com (Alex Neuman) Date: Tue May 2 16:51:51 2006 Subject: {Spam?} Re: Changin MX machine to it's own, recommendations please... In-Reply-To: <44575CD4.9010700@thehostmasters.com> References: <013b01c66870$70632750$3004010a@martinhlaptop> <444E2D43.8020008@thehostmasters.com> <444E60D2.3090107@thehostmasters.com> <444E6B07.8040905@thehostmasters.com> <44575CD4.9010700@thehostmasters.com> Message-ID: <44578004.2020003@nkpanama.com> Rob Morin escribi?: > do not scan for spam ro virus for any email coming form this machine > IP? as i need the load to go done on the older machine and do not want > MS being used for anything other than email going out form web apps on > the server.... The problem is that Web Apps running on the server (like a PHP-based CMS for example) will send mail that appears to come from 127.0.0.1 if the webpage is running on the same server MailScanner is running, so whitelisting that IP will mean that if your server is compromised it will send out bad e-mails without any sort of control. Otherwise you can use "scan messages" along with a ruleset to avoid scanning local messages. From maillists at conactive.com Tue May 2 16:56:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue May 2 16:56:24 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: <032401c66dfe$5741ab00$3004010a@martinhlaptop> References: <032401c66dfe$5741ab00$3004010a@martinhlaptop> Message-ID: Martin Hepworth wrote on Tue, 2 May 2006 16:37:37 +0100: > Assuming you have a 5.x system lying around..... So, better provide that header file as well ;-) Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Tue May 2 16:56:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue May 2 16:56:25 2006 Subject: TNEF decoder error In-Reply-To: References: Message-ID: Martin wrote on Tue, 02 May 2006 15:55:23 +0200: > I'm using MailScanner 4.51.5. Latest MailScanner has a newer tnef.rpm (1.4). Might work better or might break your setup. Julian? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Tue May 2 17:10:29 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 2 17:10:49 2006 Subject: TNEF decoder error In-Reply-To: References: Message-ID: On 2 May 2006, at 16:56, Kai Schaetzl wrote: > Martin wrote on Tue, 02 May 2006 15:55:23 +0200: > >> I'm using MailScanner 4.51.5. > > Latest MailScanner has a newer tnef.rpm (1.4). Might work better or > might > break your setup. Julian? It shouldn't break anything. I have yet to see any problems with the tnef utility from SourceForge. More recent versions do a better job and support more variants of TNEF, of which there are many :-( -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From rob at thehostmasters.com Tue May 2 17:20:16 2006 From: rob at thehostmasters.com (Rob Morin) Date: Tue May 2 17:20:22 2006 Subject: {Spam?} Re: Changin MX machine to it's own, recommendations please... In-Reply-To: <44578004.2020003@nkpanama.com> References: <013b01c66870$70632750$3004010a@martinhlaptop> <444E2D43.8020008@thehostmasters.com> <444E60D2.3090107@thehostmasters.com> <444E6B07.8040905@thehostmasters.com> <44575CD4.9010700@thehostmasters.com> <44578004.2020003@nkpanama.com> Message-ID: <445786C0.9010600@thehostmasters.com> Right thats not the problem... i want to leave it scan locally made messages... but i do not want to scan messages coming in from a certain IP.... i have this in the rules files.... From: 192.186.63.158 yes in both .. spam.whitelist.rules virus.scanning.rules so that no scanning takes place from that IP ONLY all others will get scanned.... but what i do not know is, does it still scan and it adds a negative score to the email or does it simply say, "Oh, its in my whitle list, i won't bother to scan it" as then the actual scan process and SA process will still run , and still take cpu away from the machine.... Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Alex Neuman wrote: > Rob Morin escribi?: >> do not scan for spam ro virus for any email coming form this machine >> IP? as i need the load to go done on the older machine and do not >> want MS being used for anything other than email going out form web >> apps on the server.... > The problem is that Web Apps running on the server (like a PHP-based > CMS for example) will send mail that appears to come from 127.0.0.1 if > the webpage is running on the same server MailScanner is running, so > whitelisting that IP will mean that if your server is compromised it > will send out bad e-mails without any sort of control. > > Otherwise you can use "scan messages" along with a ruleset to avoid > scanning local messages. From dpowell at lssi.net Tue May 2 17:27:05 2006 From: dpowell at lssi.net (Darrin Powell) Date: Tue May 2 17:28:27 2006 Subject: Allow Password-Protected Archives Message-ID: <1146587225.2415.32.camel@powell> Allow Password-Protected Archives = yes however password protected zip archives are still getting blocked. Any help would be greatly appreciated. Thanks -- Darrin Powell, CISSP LSSi Corp. Security Administrator Office (919) 466-6803 From ssilva at sgvwater.com Tue May 2 17:31:15 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 2 17:31:38 2006 Subject: metric version of 1000? In-Reply-To: <44575E57.6030106@haigmail.com> References: <200605020900.10678.james@grayonline.id.au> <223f97700605020158l249dd6e4hd518e2ac7199a02d@mail.gmail.com> <200605021924.23422.james@grayonline.id.au> <44575E57.6030106@haigmail.com> Message-ID: Lance Haig spake the following on 5/2/2006 6:27 AM: > everyone just loves a good discussion :-) > > Lance I'm glad someone didn't start with "boxer's" vs "briefs" ;-) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From martinh at solid-state-logic.com Tue May 2 17:37:26 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue May 2 17:37:33 2006 Subject: Allow Password-Protected Archives In-Reply-To: <1146587225.2415.32.camel@powell> Message-ID: <034d01c66e06$b2242450$3004010a@martinhlaptop> Darrin Whats the message you get for the bounce - it could be the anti-virus program is complaining... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Darrin Powell > Sent: 02 May 2006 17:27 > To: MailScanner discussion > Subject: Allow Password-Protected Archives > > Allow Password-Protected Archives = yes > > however password protected zip archives are still getting blocked. Any > help would be greatly appreciated. > > > > Thanks > -- > Darrin Powell, CISSP > LSSi Corp. > Security Administrator > Office (919) 466-6803 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Tue May 2 17:39:22 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue May 2 17:39:29 2006 Subject: metric version of 1000? In-Reply-To: Message-ID: <034e01c66e06$f7604b20$3004010a@martinhlaptop> Or emacs vs vi ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Scott Silva > Sent: 02 May 2006 17:31 > To: mailscanner@lists.mailscanner.info > Subject: Re: metric version of 1000? > > Lance Haig spake the following on 5/2/2006 6:27 AM: > > everyone just loves a good discussion :-) > > > > Lance > I'm glad someone didn't start with "boxer's" vs "briefs" ;-) > > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From dpowell at lssi.net Tue May 2 17:48:25 2006 From: dpowell at lssi.net (Darrin Powell) Date: Tue May 2 17:49:41 2006 Subject: Allow Password-Protected Archives In-Reply-To: <034d01c66e06$b2242450$3004010a@martinhlaptop> References: <034d01c66e06$b2242450$3004010a@martinhlaptop> Message-ID: <1146588506.2415.42.camel@powell> Below is the message: > At Tue May 2 10:28:52 2006 the virus scanner said: > Password protected file eda10kp.zip/eda10kp.inp Thanks -- Darrin Powell, CISSP LSSi Corp. Security Administrator Office (919) 466-6803 On Tue, 2006-05-02 at 17:37 +0100, Martin Hepworth wrote: > Darrin > > Whats the message you get for the bounce - it could be the anti-virus > program is complaining... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Darrin Powell > > Sent: 02 May 2006 17:27 > > To: MailScanner discussion > > Subject: Allow Password-Protected Archives > > > > Allow Password-Protected Archives = yes > > > > however password protected zip archives are still getting blocked. Any > > help would be greatly appreciated. > > > > > > > > Thanks > > -- > > Darrin Powell, CISSP > > LSSi Corp. > > Security Administrator > > Office (919) 466-6803 > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > -- Darrin Powell, CISSP LSSi Corp. Security Administrator Office (919) 466-6803 From ricardo at memosis.pt Tue May 2 18:07:15 2006 From: ricardo at memosis.pt (Ricardo Aguiar) Date: Tue May 2 18:07:34 2006 Subject: Syntax error in rule file. Message-ID: <33BE89CA8898784C9A2A7287325EE45F0E30FA@RUBY.memosis.pt> Hi, I just upgraded from version '4.51.6' to '4.53.6' and I'm using a rule file to control filenames per domain. After running "MailScanner -lint" with the new version installed I get: Syntax error in line 1 of ruleset file /etc/MailScanner/filename.rules.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2265 Syntax error in line 2 of ruleset file /etc/MailScanner/filename.rules.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2265 Found syntax errors in /etc/MailScanner/filename.rules.rules. at /usr/lib/MailScanner/MailScanner/Config.pm line 2120 Read 717 hostnames from the phishing whitelist Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. ### filename.rules.rules ### FromOrTo: domain.com /etc/MailScanner/filename.no.rules.conf FromOrTo: default /etc/MailScanner/filename.rules.conf This file is unchanged and work perfectly with version '4.51.6'. Thanks in advanced for any help. ______________________________________ | Ricardo d'Aguiar | | |- | EMail .: ricardo@memosis.pt |#| ?????????????????????????????????????? #| |#######################################| ??????????????????????????????????????? From martinh at solid-state-logic.com Tue May 2 18:10:58 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue May 2 18:11:06 2006 Subject: Syntax error in rule file. In-Reply-To: <33BE89CA8898784C9A2A7287325EE45F0E30FA@RUBY.memosis.pt> Message-ID: <035901c66e0b$6199e8d0$3004010a@martinhlaptop> Ricardo And what does /etc/MailScanner/filename.rules.conf contain? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ricardo Aguiar > Sent: 02 May 2006 18:07 > To: mailscanner@lists.mailscanner.info > Subject: Syntax error in rule file. > > Hi, > > I just upgraded from version '4.51.6' to '4.53.6' and I'm using a rule > file to control filenames per domain. > > After running "MailScanner -lint" with the new version installed I get: > > Syntax error in line 1 of ruleset file > /etc/MailScanner/filename.rules.rules at > /usr/lib/MailScanner/MailScanner/Config.pm line 2265 > Syntax error in line 2 of ruleset file > /etc/MailScanner/filename.rules.rules at > /usr/lib/MailScanner/MailScanner/Config.pm line 2265 > Found syntax errors in /etc/MailScanner/filename.rules.rules. at > /usr/lib/MailScanner/MailScanner/Config.pm line 2120 > Read 717 hostnames from the phishing whitelist > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > > > ### filename.rules.rules ### > FromOrTo: domain.com /etc/MailScanner/filename.no.rules.conf > FromOrTo: default /etc/MailScanner/filename.rules.conf > > > This file is unchanged and work perfectly with version '4.51.6'. > > Thanks in advanced for any help. > > ______________________________________ > | Ricardo d'Aguiar | > | |- > | EMail .: ricardo@memosis.pt |#| > ?????????????????????????????????????? #| > |#######################################| > ??????????????????????????????????????? > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From chris at tac.esi.net Tue May 2 18:11:52 2006 From: chris at tac.esi.net (Chris Hammond) Date: Tue May 2 18:12:06 2006 Subject: Syntax error in rule file. In-Reply-To: <33BE89CA8898784C9A2A7287325EE45F0E30FA@RUBY.memosis.pt> References: <33BE89CA8898784C9A2A7287325EE45F0E30FA@RUBY.memosis.pt> Message-ID: <44575A98.B662.0038.0@tac.esi.net> If I remember correctly, tabs need to be used and not spaces. Check that and try it again. Chris >>> ricardo@memosis.pt 05/02/06 1:07 pm >>> Hi, I just upgraded from version '4.51.6' to '4.53.6' and I'm using a rule file to control filenames per domain. After running "MailScanner - lint" with the new version installed I get: Syntax error in line 1 of ruleset file /etc/MailScanner/filename.rules.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2265 Syntax error in line 2 of ruleset file /etc/MailScanner/filename.rules.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2265 Found syntax errors in /etc/MailScanner/filename.rules.rules. at /usr/lib/MailScanner/MailScanner/Config.pm line 2120 Read 717 hostnames from the phishing whitelist Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. ### filename.rules.rules ### FromOrTo: domain.com /etc/MailScanner/filename.no.rules.conf FromOrTo: default /etc/MailScanner/filename.rules.conf This file is unchanged and work perfectly with version '4.51.6'. Thanks in advanced for any help. ______________________________________ | Ricardo d'Aguiar | | |- | EMail .: ricardo@memosis.pt |#| ?????????????????????????????????????? #| |#######################################| ??????????????????????????????????????? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ricardo at memosis.pt Tue May 2 18:16:58 2006 From: ricardo at memosis.pt (Ricardo Aguiar) Date: Tue May 2 18:17:21 2006 Subject: Syntax error in rule file. Message-ID: <33BE89CA8898784C9A2A7287325EE45F0E30FD@RUBY.memosis.pt> I am using tabs. But I already tried both. -----Original Message----- From: Chris Hammond [mailto:chris@tac.esi.net] Sent: ter?a-feira, 2 de Maio de 2006 18:12 To: mailscanner@lists.mailscanner.info; Ricardo Aguiar Subject: Re: Syntax error in rule file. If I remember correctly, tabs need to be used and not spaces. Check that and try it again. Chris >>> ricardo@memosis.pt 05/02/06 1:07 pm >>> Hi, I just upgraded from version '4.51.6' to '4.53.6' and I'm using a rule file to control filenames per domain. After running "MailScanner - lint" with the new version installed I get: Syntax error in line 1 of ruleset file /etc/MailScanner/filename.rules.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2265 Syntax error in line 2 of ruleset file /etc/MailScanner/filename.rules.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2265 Found syntax errors in /etc/MailScanner/filename.rules.rules. at /usr/lib/MailScanner/MailScanner/Config.pm line 2120 Read 717 hostnames from the phishing whitelist Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. ### filename.rules.rules ### FromOrTo: domain.com /etc/MailScanner/filename.no.rules.conf FromOrTo: default /etc/MailScanner/filename.rules.conf This file is unchanged and work perfectly with version '4.51.6'. Thanks in advanced for any help. ______________________________________ | Ricardo d'Aguiar | | |- | EMail .: ricardo@memosis.pt |#| ?????????????????????????????????????? #| |#######################################| ??????????????????????????????????????? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ricardo at memosis.pt Tue May 2 18:18:18 2006 From: ricardo at memosis.pt (Ricardo Aguiar) Date: Tue May 2 18:18:38 2006 Subject: Syntax error in rule file. Message-ID: <33BE89CA8898784C9A2A7287325EE45F0E30FE@RUBY.memosis.pt> The filename.rules.conf is the original that cames with MailScanner 4.53.6-1. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: ter?a-feira, 2 de Maio de 2006 18:11 To: 'MailScanner discussion' Subject: RE: Syntax error in rule file. Ricardo And what does /etc/MailScanner/filename.rules.conf contain? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ricardo Aguiar > Sent: 02 May 2006 18:07 > To: mailscanner@lists.mailscanner.info > Subject: Syntax error in rule file. > > Hi, > > I just upgraded from version '4.51.6' to '4.53.6' and I'm using a rule > file to control filenames per domain. > > After running "MailScanner -lint" with the new version installed I get: > > Syntax error in line 1 of ruleset file > /etc/MailScanner/filename.rules.rules at > /usr/lib/MailScanner/MailScanner/Config.pm line 2265 Syntax error in > line 2 of ruleset file /etc/MailScanner/filename.rules.rules at > /usr/lib/MailScanner/MailScanner/Config.pm line 2265 Found syntax > errors in /etc/MailScanner/filename.rules.rules. at > /usr/lib/MailScanner/MailScanner/Config.pm line 2120 Read 717 > hostnames from the phishing whitelist Checking for SpamAssassin errors > (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database SpamAssassin reported no > errors. > > > ### filename.rules.rules ### > FromOrTo: domain.com /etc/MailScanner/filename.no.rules.conf > FromOrTo: default /etc/MailScanner/filename.rules.conf > > > This file is unchanged and work perfectly with version '4.51.6'. > > Thanks in advanced for any help. > > ______________________________________ > | Ricardo d'Aguiar | > | |- > | EMail .: ricardo@memosis.pt |#| > ?????????????????????????????????????? #| > |#######################################| > ??????????????????????????????????????? > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 2 19:20:53 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 2 19:21:09 2006 Subject: {Spam?} Re: Changin MX machine to it's own, recommendations please... In-Reply-To: <445786C0.9010600@thehostmasters.com> References: <013b01c66870$70632750$3004010a@martinhlaptop> <444E2D43.8020008@thehostmasters.com> <444E60D2.3090107@thehostmasters.com> <444E6B07.8040905@thehostmasters.com> <44575CD4.9010700@thehostmasters.com> <44578004.2020003@nkpanama.com> <445786C0.9010600@thehostmasters.com> Message-ID: <4457A305.3090203@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rob Morin wrote: > Right thats not the problem... i want to leave it scan locally made > messages... but i do not want to scan messages coming in from a > certain IP.... i have this in the rules files.... > From: 192.186.63.158 yes > > in both .. > > spam.whitelist.rules > virus.scanning.rules The spam.whitelist.rules is attached to the "Is Definitely Not Spam" option. So if it says "yes", it means that mail from that IP "is definitely not spam", which is what you want. But if you attach the same line to "Virus Scanning", the "yes" means that the result of this line is for mail from this IP to say "Virus Scanning = yes", which is apparently not what you want. Rulesets are really very simple. They supply a different result value for the configuration setting they are attached to, depending on criteria about where the email message came from or is going to. So if you say From: 1.2.3.4 yes To: mydomain.com no then if you get mail from the IP address 1.2.3.4 then it's equivalent to saying Config Option = yes for whatever option the ruleset is attached to. If the mail you get is addressed to some-user@mydomain.com, then it's equivalent to saying Config Option = no for whatever option the ruleset is attached to. You attach a ruleset to an option by replacing Config Option = yes (for example) with Config Option = /path/to/ruleset/file.rules That's it. That's all there is to it. I have tried to explain it to death and give examples in the distribution, the docs, the wiki and the book. But still people don't get it. Maybe they don't read the docs? At that point, there's not much I can do. > > so that no scanning takes place from that IP ONLY all others will get > scanned.... but what i do not know is, does it still scan and it adds > a negative score to the email or does it simply say, "Oh, its in my > whitle list, i won't bother to scan it" as then the actual scan > process and SA process will still run , and still take cpu away from > the machine.... > > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > > > Alex Neuman wrote: >> Rob Morin escribi?: >>> do not scan for spam ro virus for any email coming form this machine >>> IP? as i need the load to go done on the older machine and do not >>> want MS being used for anything other than email going out form web >>> apps on the server.... >> The problem is that Web Apps running on the server (like a PHP-based >> CMS for example) will send mail that appears to come from 127.0.0.1 >> if the webpage is running on the same server MailScanner is running, >> so whitelisting that IP will mean that if your server is compromised >> it will send out bad e-mails without any sort of control. >> >> Otherwise you can use "scan messages" along with a ruleset to avoid >> scanning local messages. > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFejBhH2WUcUFbZUEQK7MgCeNQ62qvOiEwQrLDzq7eKOfq0qZSAAoPLz Y3l8vRtltcnoAajNCo+JdKBo =3P7C -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue May 2 19:25:45 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 2 19:25:57 2006 Subject: Allow Password-Protected Archives In-Reply-To: <1146588506.2415.42.camel@powell> References: <034d01c66e06$b2242450$3004010a@martinhlaptop> <1146588506.2415.42.camel@powell> Message-ID: <4457A429.8050707@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Darrin Powell wrote: > Below is the message: > > > >> At Tue May 2 10:28:52 2006 the virus scanner said: >> Password protected file eda10kp.zip/eda10kp.inp >> So it's actually saying that the file eda10kp.inp is password-protected, not the zip file at all. If it was a password-protected archive blah.zip, it would have said that :-) If you are using Sophos, then you will find there is a configuration option to set allowed messages from Sophos. What virus scanners are you using? And what type of file is eda10kp.inp? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFekKxH2WUcUFbZUEQKdOACggn3N2pmXxQXLv8dizEhYqJB6s1YAniCS /K41sRknsPmfP3P3dr0h5jD7 =jIud -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue May 2 19:27:25 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 2 19:27:36 2006 Subject: metric version of 1000? In-Reply-To: <034e01c66e06$f7604b20$3004010a@martinhlaptop> References: <034e01c66e06$f7604b20$3004010a@martinhlaptop> Message-ID: <4457A48D.7060604@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Religious discussion detected! Woop! Woop! Woop! Martin Hepworth wrote: > Or emacs vs vi ;-) > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFekjhH2WUcUFbZUEQJjbgCeNSE3+VBq+EvUjzvOz88Z+egRK9EAniZh ExIKHmHc/Kcn7VsDkKKBfF/M =g0aN -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue May 2 19:29:10 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 2 19:29:29 2006 Subject: Syntax error in rule file. In-Reply-To: <44575A98.B662.0038.0@tac.esi.net> References: <33BE89CA8898784C9A2A7287325EE45F0E30FA@RUBY.memosis.pt> <44575A98.B662.0038.0@tac.esi.net> Message-ID: <4457A4F6.1090102@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The only files needing tabs are filename.rules.conf and filetype.rules.conf. That's why I called them *.conf and not *.rules. But I admit it can be a tad confusing, sorry. It's kinda set in stone now :-( Chris Hammond wrote: > If I remember correctly, tabs need to be used and not spaces. Check that and try it again. > > Chris > > >>>> ricardo@memosis.pt 05/02/06 1:07 pm >>> >>>> > Hi, > > I just upgraded from version '4.51.6' to '4.53.6' and I'm using a rule file to control filenames per domain. > > After running "MailScanner - lint" with the new version installed I get: > > Syntax error in line 1 of ruleset file /etc/MailScanner/filename.rules.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2265 > Syntax error in line 2 of ruleset file /etc/MailScanner/filename.rules.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2265 > Found syntax errors in /etc/MailScanner/filename.rules.rules. at /usr/lib/MailScanner/MailScanner/Config.pm line 2120 > Read 717 hostnames from the phishing whitelist > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > > > ### filename.rules.rules ### > FromOrTo: domain.com /etc/MailScanner/filename.no.rules.conf > FromOrTo: default /etc/MailScanner/filename.rules.conf > > > This file is unchanged and work perfectly with version '4.51.6'. > > Thanks in advanced for any help. > > ______________________________________ > | Ricardo d'Aguiar | > | |- > | EMail .: ricardo@memosis.pt |#| > ?????????????????????????????????????? #| > |#######################################| > ??????????????????????????????????????? > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFek9xH2WUcUFbZUEQIoZACgiqhuCqBgwCOXbwh98JTAiAEGCL0An2QK Yexj1/iulCETHEJBPTAEAw9O =/bEY -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From Kevin_Miller at ci.juneau.ak.us Tue May 2 19:38:57 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue May 2 19:39:03 2006 Subject: metric version of 1000? Message-ID: Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Religious discussion detected! > Woop! Woop! Woop! > > Martin Hepworth wrote: >> Or emacs vs vi ;-) >> Yeah. Now about this top-posting thing... ;-) ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From MailScanner at ecs.soton.ac.uk Tue May 2 19:39:39 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 2 19:40:40 2006 Subject: Syntax error in rule file. In-Reply-To: <33BE89CA8898784C9A2A7287325EE45F0E30FA@RUBY.memosis.pt> References: <33BE89CA8898784C9A2A7287325EE45F0E30FA@RUBY.memosis.pt> Message-ID: <4457A76B.4000909@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Very odd. I can't reproduce it. Can you add to Config.pm print STDERR "internalvalue = \"$internalvalue\" and settype = \"$settype\"\n"; just before line 2225. Then do a "MailScanner -debug" and let me know what this line prints. Either that, or mail me off-list with remote login details and root password for your system, and I'll take a look after I've eaten my dinner. Ricardo Aguiar wrote: > Hi, > > I just upgraded from version '4.51.6' to '4.53.6' and I'm using a rule file to control filenames per domain. > > After running "MailScanner -lint" with the new version installed I get: > > Syntax error in line 1 of ruleset file /etc/MailScanner/filename.rules.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2265 > Syntax error in line 2 of ruleset file /etc/MailScanner/filename.rules.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2265 > Found syntax errors in /etc/MailScanner/filename.rules.rules. at /usr/lib/MailScanner/MailScanner/Config.pm line 2120 > Read 717 hostnames from the phishing whitelist > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > > > ### filename.rules.rules ### > FromOrTo: domain.com /etc/MailScanner/filename.no.rules.conf > FromOrTo: default /etc/MailScanner/filename.rules.conf > > > This file is unchanged and work perfectly with version '4.51.6'. > > Thanks in advanced for any help. > > ______________________________________ > | Ricardo d'Aguiar | > | |- > | EMail .: ricardo@memosis.pt |#| > ?????????????????????????????????????? #| > |#######################################| > ??????????????????????????????????????? > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFenbBH2WUcUFbZUEQJ2TgCfa9se7V7yyq77ES2oWC3xfHOOv0IAmQGT ilWwsL3DITfKNDI3Un/ZCWKO =bERL -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mailscanner at mango.zw Tue May 2 19:40:12 2006 From: mailscanner at mango.zw (Jim Holland) Date: Tue May 2 19:43:13 2006 Subject: Syntax error in rule file. In-Reply-To: <33BE89CA8898784C9A2A7287325EE45F0E30FA@RUBY.memosis.pt> Message-ID: On Tue, 2 May 2006, Ricardo Aguiar wrote: > I just upgraded from version '4.51.6' to '4.53.6' and I'm using a rule file to control filenames per domain. > > After running "MailScanner -lint" with the new version installed I get: > > Syntax error in line 1 of ruleset file /etc/MailScanner/filename.rules.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2265 > Syntax error in line 2 of ruleset file /etc/MailScanner/filename.rules.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2265 > Found syntax errors in /etc/MailScanner/filename.rules.rules. at /usr/lib/MailScanner/MailScanner/Config.pm line 2120 > Read 717 hostnames from the phishing whitelist > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > > > ### filename.rules.rules ### > FromOrTo: domain.com /etc/MailScanner/filename.no.rules.conf > FromOrTo: default /etc/MailScanner/filename.rules.conf > > > This file is unchanged and work perfectly with version '4.51.6'. I would start with the MailScanner.conf file: What is the "Filename Rules" line? The default is: Filename Rules = %etc-dir%/filename.rules.conf If you are using a ruleset for this, then the logical entry would be: Filename Rules = %rules-dir%/filename.rules However your ruleset filename is filename.rules.rules, in which case the corresponding line should be: Filename Rules = %rules-dir%/filename.rules.rules and the above file should be located in say /etc/MailScanner/rules. However your error message refers to: syntax errors in /etc/MailScanner/filename.rules.rules which means that you are referring to a ruleset file that is in your configuration directory rather than a separate rules directory. This can lead to confusion - I would recommend putting ruleset files in the default /etc/MailScanner/rules directory. You may find that you have files with the same name in two different locations, so causing more confusion. I would also recommend sticking to using the standard variables: %etc-dir% and %rules-dir% in your config and rules files, instead of listing the full path. That way it should be more obvious when a mistake has been made in putting a ruleset file in the config directory or vice versa. Check that all the above makes sense and that you are referring to the correct files throughout. I suspect that that is where your error lies. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From martinh at solid-state-logic.com Tue May 2 20:46:05 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue May 2 20:46:29 2006 Subject: Syntax error in rule file. In-Reply-To: <33BE89CA8898784C9A2A7287325EE45F0E30FE@RUBY.memosis.pt> Message-ID: <000001c66e21$0f7e0110$4101a8c0@martinhlaptop> Ricardo My 4.53.5 has the following at the start of this file......... > more filename.rules.conf # # NOTE: Fields are separated by TAB characters --- Important! # # Syntax is allow/deny/deny+delete, then regular expression, then log text, # then user report text. # # Due to a bug in Outlook Express, you can make the 2nd from last extension # be what is used to run the file. So very long filenames must be denied, # regardless of the final extension. deny .{150,} Very long filename, possible OE attack Very long filenames are good signs of attacks against Microsoft e-mail packages # JKF 01/01/2006 Another Microsoft security vulnerability deny \.wmf$ Windows Metafile security vulnerability Possible format attack in Windows # JKF 04/01/2005 More Microsoft security vulnerabilities deny \.bmp$ Windows bitmap file security vulnerability Possible buffer overflow in Windows deny \.ico$ Windows icon file security vulnerability Possible buffer overflow in Windows Watch out for line breaks etc in the above though... how does yours compare? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ricardo Aguiar > Sent: 02 May 2006 18:18 > To: MailScanner discussion > Subject: RE: Syntax error in rule file. > > The filename.rules.conf is the original that cames with MailScanner > 4.53.6-1. > > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth > Sent: ter?a-feira, 2 de Maio de 2006 18:11 > To: 'MailScanner discussion' > Subject: RE: Syntax error in rule file. > > Ricardo > > And what does /etc/MailScanner/filename.rules.conf contain? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Ricardo Aguiar > > Sent: 02 May 2006 18:07 > > To: mailscanner@lists.mailscanner.info > > Subject: Syntax error in rule file. > > > > Hi, > > > > I just upgraded from version '4.51.6' to '4.53.6' and I'm using a rule > > file to control filenames per domain. > > > > After running "MailScanner -lint" with the new version installed I get: > > > > Syntax error in line 1 of ruleset file > > /etc/MailScanner/filename.rules.rules at > > /usr/lib/MailScanner/MailScanner/Config.pm line 2265 Syntax error in > > line 2 of ruleset file /etc/MailScanner/filename.rules.rules at > > /usr/lib/MailScanner/MailScanner/Config.pm line 2265 Found syntax > > errors in /etc/MailScanner/filename.rules.rules. at > > /usr/lib/MailScanner/MailScanner/Config.pm line 2120 Read 717 > > hostnames from the phishing whitelist Checking for SpamAssassin errors > > (if you use it)... > > Using SpamAssassin results cache > > Connected to SpamAssassin cache database SpamAssassin reported no > > errors. > > > > > > ### filename.rules.rules ### > > FromOrTo: domain.com /etc/MailScanner/filename.no.rules.conf > > FromOrTo: default /etc/MailScanner/filename.rules.conf > > > > > > This file is unchanged and work perfectly with version '4.51.6'. > > > > Thanks in advanced for any help. > > > > ______________________________________ > > | Ricardo d'Aguiar | > > | |- > > | EMail .: ricardo@memosis.pt |#| > > ?????????????????????????????????????? #| > > |#######################################| > > ??????????????????????????????????????? > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From mailscanner at lists.com.ar Tue May 2 22:09:39 2006 From: mailscanner at lists.com.ar (Leonardo Helman) Date: Tue May 2 22:09:29 2006 Subject: ReadMessageHandle question Message-ID: Hi I've been away from the list for a while. For all the people out there using zmailer+mailscanner (me) I'm porting now some of the last enhacenmnets. I'm very interested in ReadMessageHandle modif But I saw two things I don't understand very well Julian, inside that function, when you wrote this code: my $dhandle = $this->{dpath}; .. sysseek($dhandle, 0, 0); # Rewind the file .. copy($dhandle , $handle); .. sysseek($dhandle, 0, 0); # Rewind the file but in the "constructor", it is written like: $this->{dpath} = $dir . '/' . $this->{dname}; So, this is a file, not really a handle, right? so the sysseek are pointless. Or am I forgetting something? Other thing: In Message.pm, when you wrote: if (!$entity && !MIME::Entity::MailScannerCounter()>=$maxparts) { unless ($this->{dpath}) { Isn't $this->{dpath} always the name of the datafile (at least for sendmail, I really didn't look much of the code for the others), so this "unless" is always false (so it could be eliminated)? Last but not least, I think, we have to change Messages.pm a little and move to the DiskStores the references to $this->{dpath}, like we have done when I sent to you the zmailer parts. For those changes for example look, in SMDiskStore.pm, look for: "# LEOH 26/03/2003 We do not have dpath in other mailers" (more than 3 years wow!) I'm thinking something in the line of getFileNameToLog or something, I don't remember, but I think, we have done something like that. I'm sorry that I couldn't do this port when you change that code for the others, but tomorrow (I hope) I'll finish, test and send to you this patch Saludos -- Leonardo Helman Pert Consultores Argentina From combs at magnet.fsu.edu Tue May 2 22:30:42 2006 From: combs at magnet.fsu.edu (Tom Combs) Date: Tue May 2 22:30:49 2006 Subject: Rules and Mailing lists Message-ID: <4457CF82.6030406@magnet.fsu.edu> Hello, It appears that when setting a ruleset involving the From field when sending to a Mailman email list is not as straight forward as one would think. I have a user, joe@magnet.fsu.edu who was sending an email with an html script to the blah@magnet.fsu.edu list. Naturally it was getting blocked for content. So I thought no problem, I'll set up a Scan Messages ruleset that exempts email from joe@magnet from being scanned: From: joe@magnet.fsu.edu no FromOrTo: default yes This works great when sending to individuals but doesn't work when sending to a listserver list. I ended up having to change the From line so it wasn't from the person sending the email but instead from the blah-bounces@magnet.fsu.edu address: From: blah-bounces@magnet.fsu.edu no FromOrTo: default yes This is not a very good solution because now email sent from any eligible poster to the list won't get scanned. Is there a better solution to set up the rule using some other email header that will identify email just from joe@magnet.fsu.edu without opening up the whole list? TIA, Tom Combs From maillists at conactive.com Tue May 2 22:31:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue May 2 22:31:25 2006 Subject: how to bock mailservers that have only an ip address In-Reply-To: <16ea5bbd24250313eddd6783ef78031a@ucsc.edu> References: <2343d306f6cd0d1e03d50b748a433ef1@ucsc.edu> <16ea5bbd24250313eddd6783ef78031a@ucsc.edu> Message-ID: John Rudd wrote on Mon, 1 May 2006 11:37:11 -0700: > Actually, like MailScanner, MIMEDefang uses persistent perl processes > not per-scan nor per-message perl processes. The difference isn't in > spawning processes, the difference is in the bulk nature of the actual > processing being done (MailScanner bulk scans messages during virus > scanning, and MIMEDefang scans messages one at a time for all aspects > of scanning). Ok. But this also means you have to run enough instances to cater for the usual incoming connections and spawn new instances if that count gets higher than what you have in waiting children. > Again, that's not the actual trade-off. You can do quarantine with > MIMEDefang, too. But in that case it seems to me you lose some of the extra functionality of MIMEDefang. If you quarantine anyway, there's no much use in using MimeDefang in addition to MailScanner. > That's not too different from what I'm doing or proposing. I'm just > saying that MIMEDefang lets you add more technical reasons to do the > blocking at the MTA level. I surely believe that, but I think I'd prefer to add one or two specialized C-based milters for that instead of running a "full-blown" MailScanner-like application in addition to MailScanner. > The rest is pretty much all the same. That's what I mean, they are rather alternatives than complimentary. And apart from a very few things the one or the other is missing it's a matter of style and maybe the throughput you need which one you use. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Tue May 2 22:31:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue May 2 22:31:26 2006 Subject: how to bock mailservers that have only an ip address In-Reply-To: <16ea5bbd24250313eddd6783ef78031a@ucsc.edu> References: <2343d306f6cd0d1e03d50b748a433ef1@ucsc.edu> <16ea5bbd24250313eddd6783ef78031a@ucsc.edu> Message-ID: John Rudd wrote on Mon, 1 May 2006 11:37:11 -0700: > Actually, like MailScanner, MIMEDefang uses persistent perl processes > not per-scan nor per-message perl processes. The difference isn't in > spawning processes, the difference is in the bulk nature of the actual > processing being done (MailScanner bulk scans messages during virus > scanning, and MIMEDefang scans messages one at a time for all aspects > of scanning). Ok. But that means you need to have enough children waiting to cater for your connections and to spawn new ones if you get more incoming connections. There's not that strict dependency with MS because of the queueing. > Again, that's not the actual trade-off. You can do quarantine with > MIMEDefang, too. But then you obviously loose some of the extra functionality of MimeDefang, don't you? > That's not too different from what I'm doing or proposing. I'm just > saying that MIMEDefang lets you add more technical reasons to do the > blocking at the MTA level. I surely believe that, but I'd rather prefer using one or two extra C-based milters for that if I wanted to instead of using a second MailScanner-like app. > The rest is pretty much all the same. That's what I mean, the both are pretty much alternatives and not so much complimentary. Sure, you can use both, but I'd rather not do that. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Tue May 2 22:31:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue May 2 22:31:27 2006 Subject: TNEF decoder error In-Reply-To: References: Message-ID: Julian Field wrote on Tue, 2 May 2006 17:10:29 +0100: > It shouldn't break anything. I have yet to see any problems with the > tnef utility from SourceForge. So, you encourage using it instead of internal tnef processing? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From matt at coders.co.uk Tue May 2 22:40:47 2006 From: matt at coders.co.uk (Matt Hampton) Date: Tue May 2 22:40:52 2006 Subject: Rules and Mailing lists In-Reply-To: <4457CF82.6030406@magnet.fsu.edu> References: <4457CF82.6030406@magnet.fsu.edu> Message-ID: <4457D1DF.3000604@coders.co.uk> > Is there a better solution to set up the rule using some other email > header that will identify email just from joe@magnet.fsu.edu without > opening up the whole list? I am assuming that you have MailScanner "in front" of your mailman installation? The way that I have it set is is to have a second sendmail process listening on loopback which only accepts mail from a list address. The incoming message is scanned by MailScanner and passed to mailman. MailMan then forwards the expanded mail to the second sendmail process which attempts delivery and will place any deferred entries in the standard mqueue directory. This means each message is only scanned once and rules can be applied as you expect. matt From ssilva at sgvwater.com Wed May 3 00:03:31 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 3 00:03:45 2006 Subject: metric version of 1000? In-Reply-To: References: Message-ID: Kevin Miller spake the following on 5/2/2006 11:38 AM: > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Religious discussion detected! >> Woop! Woop! Woop! >> >> Martin Hepworth wrote: >>> Or emacs vs vi ;-) >>> > > Yeah. Now about this top-posting thing... > ;-) > > > ...Kevin Julian is root! He can top, middle, bottom, or sideways post as he sees the need! All hail root!!! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed May 3 00:13:55 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 3 00:14:05 2006 Subject: Rules and Mailing lists In-Reply-To: <4457D1DF.3000604@coders.co.uk> References: <4457CF82.6030406@magnet.fsu.edu> <4457D1DF.3000604@coders.co.uk> Message-ID: Matt Hampton spake the following on 5/2/2006 2:40 PM: >> Is there a better solution to set up the rule using some other email >> header that will identify email just from joe@magnet.fsu.edu without >> opening up the whole list? > > I am assuming that you have MailScanner "in front" of your mailman > installation? > > The way that I have it set is is to have a second sendmail process > listening on loopback which only accepts mail from a list address. > > The incoming message is scanned by MailScanner and passed to mailman. > MailMan then forwards the expanded mail to the second sendmail process > which attempts delivery and will place any deferred entries in the > standard mqueue directory. > > This means each message is only scanned once and rules can be applied as > you expect. > > matt > > Sounds like good wiki fodder! Do you have some details of the setup you did? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From doc at maddoc.net Wed May 3 00:24:36 2006 From: doc at maddoc.net (Doc Schneider) Date: Wed May 3 00:24:39 2006 Subject: Domains spoofs Message-ID: <4457EA34.4090202@maddoc.net> Hi gang, Does anyone know of a .mc that I can add to my sendmail to block folks who send--mostly viruses--appearing to come from my maddoc.net domain? I'm getting sick and tired of all these viruses acting like "noreply@" and "postmaster@" seemingly coming from my servers. Thanks! -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From basement_mobile2004 at yahoo.com Wed May 3 01:22:36 2006 From: basement_mobile2004 at yahoo.com (Anakin SkyWalker) Date: Wed May 3 01:22:44 2006 Subject: clamscan or clamdscan? Message-ID: <20060503002236.68741.qmail@web60016.mail.yahoo.com> Hi everyone, Does anyone have any sort of comparison for using clamav directly rather than using daemonized? Thank you. --------------------------------- Blab-away for as little as 1?/min. Make PC-to-Phone Calls using Yahoo! Messenger with Voice. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060502/ac02aef1/attachment.html From alex at nkpanama.com Wed May 3 04:48:29 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed May 3 04:48:56 2006 Subject: metric version of 1000? In-Reply-To: <4457A48D.7060604@ecs.soton.ac.uk> References: <034e01c66e06$f7604b20$3004010a@martinhlaptop> <4457A48D.7060604@ecs.soton.ac.uk> Message-ID: <4458280D.7090803@nkpanama.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Religious discussion detected! > Woop! Woop! Woop! > > Martin Hepworth wrote: > >> Or emacs vs vi ;-) >> or sendmail vs. everything else!! ;) From alex at nkpanama.com Wed May 3 04:50:56 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed May 3 04:51:14 2006 Subject: {Spam?} Re: Changin MX machine to it's own, recommendations please... In-Reply-To: <4457A305.3090203@ecs.soton.ac.uk> References: <013b01c66870$70632750$3004010a@martinhlaptop> <444E2D43.8020008@thehostmasters.com> <444E60D2.3090107@thehostmasters.com> <444E6B07.8040905@thehostmasters.com> <44575CD4.9010700@thehostmasters.com> <44578004.2020003@nkpanama.com> <445786C0.9010600@thehostmasters.com> <4457A305.3090203@ecs.soton.ac.uk> Message-ID: <445828A0.6060200@nkpanama.com> Julian Field wrote: > But still people don't get it. Maybe they don't read the docs? At that > point, there's not much I can do. > And there's always the ever-popular "scan messages" option, which in the form: From: 1.2.3.4 no FromOrTo: default yes would probably get the result he needs, with a little less impact on performance than virus scanning = no and whitelist = yes for that IP... right? From alex at nkpanama.com Wed May 3 04:52:22 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed May 3 04:52:40 2006 Subject: Syntax error in rule file. In-Reply-To: <4457A4F6.1090102@ecs.soton.ac.uk> References: <33BE89CA8898784C9A2A7287325EE45F0E30FA@RUBY.memosis.pt> <44575A98.B662.0038.0@tac.esi.net> <4457A4F6.1090102@ecs.soton.ac.uk> Message-ID: <445828F6.9090702@nkpanama.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > The only files needing tabs are filename.rules.conf and > filetype.rules.conf. That's why I called them *.conf and not *.rules. > But I admit it can be a tad confusing, sorry. It's kinda set in stone > now :-( > But does it *hurt* to *always* use tabs, no matter what? I use them for readability and because I can *never* remember which ones *need* tabs... ;) From alex at nkpanama.com Wed May 3 04:54:15 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed May 3 04:54:38 2006 Subject: Domains spoofs In-Reply-To: <4457EA34.4090202@maddoc.net> References: <4457EA34.4090202@maddoc.net> Message-ID: <44582967.705@nkpanama.com> Doc Schneider wrote: > Hi gang, > > Does anyone know of a .mc that I can add to my sendmail to block folks > who send--mostly viruses--appearing to come from my maddoc.net domain? > > I'm getting sick and tired of all these viruses acting like "noreply@" > and "postmaster@" seemingly coming from my servers. > > Thanks! > Look for "block bad helo hack" for sendmail (if it's what you use). From steve.swaney at fsl.com Wed May 3 05:05:40 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed May 3 05:05:50 2006 Subject: new milter-link from snertsoft Message-ID: <07e301c66e66$d7a7dd60$287ba8c0@office.fsl> FYI There is a new milter available from Anthony Howe, milter-link Version: 0.1.8. This milter extracts URLs from a mail message and checks it against one or more URI blacklists. It can also verify if any link is bad and has other configurable options. This milter has been VERY effective in reducing load during testing on our spam traps. It's available for free download from www.snertsoft.com Description: This Sendmail mail filter extracts URIs, such http: and mailto: links, from within text, HTML, and/or MIME encoded messages, can verify if web page links do not work (-l option), and consult with one or more URI black lists, such as SURBL, SpamHaus, and/or URIBL, as to whether the URI domains have appeared in previous instances of spam (-d option). I can recommend this one for all of the sendmail users. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From alex at nkpanama.com Wed May 3 05:10:41 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed May 3 05:11:07 2006 Subject: Domains spoofs In-Reply-To: <44582967.705@nkpanama.com> References: <4457EA34.4090202@maddoc.net> <44582967.705@nkpanama.com> Message-ID: <44582D41.7030708@nkpanama.com> Alex Neuman van der Hans wrote: > Doc Schneider wrote: >> I'm getting sick and tired of all these viruses acting like >> "noreply@" and "postmaster@" seemingly coming from my servers. >> > And btw... You may want to block "noreply@" since nowadays it's used mostly by spammers. "Real" messages that shouldn't be replied to often state so within the e-mail itself, and instead encourage you to reply somewhere else depending on the nature of your query. From doc at maddoc.net Wed May 3 05:34:16 2006 From: doc at maddoc.net (Doc Schneider) Date: Wed May 3 05:34:26 2006 Subject: Domains spoofs In-Reply-To: <44582D41.7030708@nkpanama.com> References: <4457EA34.4090202@maddoc.net> <44582967.705@nkpanama.com> <44582D41.7030708@nkpanama.com> Message-ID: <445832C8.1070503@maddoc.net> Alex Neuman van der Hans wrote: > Alex Neuman van der Hans wrote: >> Doc Schneider wrote: >>> I'm getting sick and tired of all these viruses acting like >>> "noreply@" and "postmaster@" seemingly coming from my servers. >>> >> > And btw... You may want to block "noreply@" since nowadays it's used > mostly by spammers. "Real" messages that shouldn't be replied to often > state so within the e-mail itself, and instead encourage you to reply > somewhere else depending on the nature of your query. Thanks Alex. I will block those "noreply@" and guess I'll need to make sure to add noreply@freshmeat.net as being OK--since that is how they send out their project updates and whatnot. But I'll also look for that "block bad helo hack" on sendmail.org and see if that is what I need to use. Thanks again! -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From alex at nkpanama.com Wed May 3 05:46:26 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed May 3 05:46:46 2006 Subject: Domains spoofs In-Reply-To: <445832C8.1070503@maddoc.net> References: <4457EA34.4090202@maddoc.net> <44582967.705@nkpanama.com> <44582D41.7030708@nkpanama.com> <445832C8.1070503@maddoc.net> Message-ID: <445835A2.40404@nkpanama.com> Doc Schneider wrote: > Thanks Alex. I will block those "noreply@" and guess I'll need to make > sure to add noreply@freshmeat.net as being OK--since that is how they > send out their project updates and whatnot. But I'll also look for that > "block bad helo hack" on sendmail.org and see if that is what I need > to use. > > Thanks again! > http://www.cs.niu.edu/~rickert/cf/bad-ehlo.html http://www.cs.niu.edu/~rickert/cf/hack/block_bad_helo.m4 The html file explains that AUTH'd clients could be blocked if their "HELO" is malformed (aka some versions of LookOut! and LookOut! Express, and certain Windows configurations). You may want to look into "delay_checks" and other ways to make sure local clients will be able to send out e-mail. From doc at maddoc.net Wed May 3 06:04:34 2006 From: doc at maddoc.net (Doc Schneider) Date: Wed May 3 06:04:39 2006 Subject: Domains spoofs In-Reply-To: <445835A2.40404@nkpanama.com> References: <4457EA34.4090202@maddoc.net> <44582967.705@nkpanama.com> <44582D41.7030708@nkpanama.com> <445832C8.1070503@maddoc.net> <445835A2.40404@nkpanama.com> Message-ID: <445839E2.8050506@maddoc.net> Alex Neuman van der Hans wrote: > Doc Schneider wrote: >> Thanks Alex. I will block those "noreply@" and guess I'll need to make >> sure to add noreply@freshmeat.net as being OK--since that is how they >> send out their project updates and whatnot. But I'll also look for that >> "block bad helo hack" on sendmail.org and see if that is what I need >> to use. >> >> Thanks again! >> > http://www.cs.niu.edu/~rickert/cf/bad-ehlo.html > http://www.cs.niu.edu/~rickert/cf/hack/block_bad_helo.m4 > > The html file explains that AUTH'd clients could be blocked if their > "HELO" is malformed (aka some versions of LookOut! and LookOut! Express, > and certain Windows configurations). You may want to look into > "delay_checks" and other ways to make sure local clients will be able to > send out e-mail. I've been using Delay_checks since it found its way into sendmail. 8*)) Waz ist das Windows? Mostly I run mailing lists and of course some clients who host their domains with us and none of them are using LookOut! Or LO Xpress! I let people know about Thunderbird and everyone who uses my servers uses it. Of course I use mine via KDE on X. Am reading about that hack right now. Thanks again. -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From MailScanner at ecs.soton.ac.uk Wed May 3 09:02:18 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 3 09:02:33 2006 Subject: ReadMessageHandle question In-Reply-To: References: Message-ID: <1A265B28-6E4C-4CC4-9F4A-5DDC05DE2CAB@ecs.soton.ac.uk> On 2 May 2006, at 22:09, Leonardo Helman wrote: > Hi > > I've been away from the list for a while. > > For all the people out there using zmailer+mailscanner (me) > I'm porting now some of the last enhacenmnets. > > I'm very interested in ReadMessageHandle modif > > But I saw two things I don't understand very well > > Julian, inside that function, when you wrote this code: > > > my $dhandle = $this->{dpath}; > .. > sysseek($dhandle, 0, 0); # Rewind the file > .. > copy($dhandle , $handle); > .. > sysseek($dhandle, 0, 0); # Rewind the file > > > but in the "constructor", it is written like: > $this->{dpath} = $dir . '/' . $this->{dname}; > > > So, this is a file, not really a handle, right? > so the sysseek are pointless. > Or am I forgetting something? No, you are absolutely right, it's a bug. Fortunately one that doesn't have any effect. It just renders the sysseeks on $hhandle and $dhandle useless. > > > Other thing: > > In Message.pm, when you wrote: > > if (!$entity && !MIME::Entity::MailScannerCounter()>=$maxparts) { > unless ($this->{dpath}) { > > Isn't $this->{dpath} always the name of the datafile (at least for > sendmail, > I really didn't look much of the code for the others), so this > "unless" > is always false (so it could be eliminated)? Not if it ran out of disk space trying to do it! In that case $this-> {dpath} would be empty (and hence 0). > > > Last but not least, I think, we have to change Messages.pm a little > and > move to the DiskStores the references to $this->{dpath}, like > we have done when I sent to you the zmailer parts. > > For those changes for example look, in SMDiskStore.pm, look for: "# > LEOH 26/03/2003 We do not have dpath in other mailers" (more than 3 > years wow!) > I'm thinking something in the line of getFileNameToLog or > something, I don't > remember, but I think, we have done something like that. I can't remember this one. From what I *can* remember, dpath exists in the Message object for other mailers doesn't it? Does it matter what other mailers do here? > I'm sorry that I couldn't do this port when you change that code > for the > others, but tomorrow (I hope) I'll finish, test and send to you > this patch No problem. Thanks for helping to debug my code :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Wed May 3 09:06:14 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed May 3 09:06:20 2006 Subject: metric version of 1000? In-Reply-To: References: Message-ID: <223f97700605030106s23ca413fjf9f7407c056569d3@mail.gmail.com> On 03/05/06, Scott Silva wrote: > Kevin Miller spake the following on 5/2/2006 11:38 AM: > > Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> Religious discussion detected! > >> Woop! Woop! Woop! > >> > >> Martin Hepworth wrote: > >>> Or emacs vs vi ;-) > >>> > > > > Yeah. Now about this top-posting thing... > > ;-) > > > > > > ...Kevin > Julian is root! He can top, middle, bottom, or sideways post as he sees the need! > > All hail root!!! > > Did this thread just turn from moderately non-interresting to ... ridiculous?:-) .... I'm sorry I ever said anything... Perhaps it'll go away if I do a "public crying session" kind of like japanese corporate execs used to do when the market dipped.... "It's all my fault, bwahhh, I'm sooo baaad, *sniffle*, Ok, next on the agenda...".... Nah, that's silly....:-) Now, if ($root == "king) { $me = "jester, with fools hat and all... or what?"; } else { &gofigure(); } .... or....:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Wed May 3 09:06:51 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 3 09:07:24 2006 Subject: TNEF decoder error In-Reply-To: References: Message-ID: <9B1F85AA-6749-42F9-9120-558A95EBF84F@ecs.soton.ac.uk> On 2 May 2006, at 22:31, Kai Schaetzl wrote: > Julian Field wrote on Tue, 2 May 2006 17:10:29 +0100: >> It shouldn't break anything. I have yet to see any problems with the >> tnef utility from SourceForge. > > So, you encourage using it instead of internal tnef processing? Some people have more luck with the internal, some with the external. I tend to encourage the internal one as the external one used to be pretty poor, but it has improved greatly in recent versions, so I might switch my allegiance some time. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed May 3 09:11:48 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 3 09:12:03 2006 Subject: Syntax error in rule file. In-Reply-To: <445828F6.9090702@nkpanama.com> References: <33BE89CA8898784C9A2A7287325EE45F0E30FA@RUBY.memosis.pt> <44575A98.B662.0038.0@tac.esi.net> <4457A4F6.1090102@ecs.soton.ac.uk> <445828F6.9090702@nkpanama.com> Message-ID: <5256C572-A205-4584-8FB7-E08521BCB75F@ecs.soton.ac.uk> On 3 May 2006, at 04:52, Alex Neuman van der Hans wrote: > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> The only files needing tabs are filename.rules.conf and >> filetype.rules.conf. That's why I called them *.conf and not >> *.rules. But I admit it can be a tad confusing, sorry. It's kinda >> set in stone now :-( >> > But does it *hurt* to *always* use tabs, no matter what? No, you will be fine. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From martin.lyberg at gmail.com Wed May 3 10:02:42 2006 From: martin.lyberg at gmail.com (Martin) Date: Wed May 3 10:03:02 2006 Subject: TNEF decoder error In-Reply-To: <7C4E1EF8-F80C-4AA0-94B8-CD36F18B96A6@ecs.soton.ac.uk> References: <445766F7.3000109@netmagicsolutions.com> <7C4E1EF8-F80C-4AA0-94B8-CD36F18B96A6@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > From the error message, it is trying to use the internal TNEF decoder. > If you install the external one, you will need to edit the location of > the TNEF expander in MailScanner.conf. Look for "TNEF" in > MailScanner.conf and you will easily find it, together with a > commented-out suggestion of what the line should be set to, to use the > external decoder. > --Julian Field I'm using Debian, so i just did an 'apt-get install tnef'. I searched for 'winmail.dat' in my maillogs today, and it seems like the problem is solved, no errors showing anymore. I didn't have to change the default patch either. This is from my conf: TNEF Expander = /usr/bin/tnef --maxsize=100000000 # whereis tnef tnef: /usr/bin/tnef /usr/share/man/man1/tnef.1.gz / Martin From ricardo at memosis.pt Wed May 3 10:14:25 2006 From: ricardo at memosis.pt (Ricardo Aguiar) Date: Wed May 3 10:15:46 2006 Subject: Syntax error in rule file. Message-ID: <33BE89CA8898784C9A2A7287325EE45F0E3104@RUBY.memosis.pt> Ok. After adding the line to Config.pm. This are the line on the console after running the "MailScanner -debug" [root@server MailScanner]# MailScanner -debug In Debugging mode, not forking... internalvalue = "0" and settype = "yesno" internalvalue = "0" and settype = "yesno" internalvalue = "1" and settype = "yesno" internalvalue = "1" and settype = "yesno" internalvalue = "1" and settype = "yesno" internalvalue = "1" and settype = "yesno" internalvalue = "1" and settype = "yesno" internalvalue = "1" and settype = "yesno" internalvalue = "0" and settype = "yesno" internalvalue = "" and settype = "yesno" internalvalue = "" and settype = "yesno" internalvalue = "/etc/MailScanner/filename.no.rules.conf" and settype = "other" internalvalue = "/etc/MailScanner/filename.rules.conf" and settype = "other" internalvalue = "/etc/MailScanner/filetype.no.rules.conf" and settype = "other" internalvalue = "/etc/MailScanner/filetype.rules.conf" and settype = "other" In the log file: May 3 09:57:48 server MailScanner[7608]: MailScanner E-Mail Virus Scanner version 4.53.6 starting... May 3 09:57:49 server MailScanner[7608]: Syntax error in line 1 of ruleset file /etc/MailScanner/filename.rules.rules May 3 09:57:49 server MailScanner[7608]: Syntax error in line 2 of ruleset file /etc/MailScanner/filename.rules.rules May 3 09:57:49 server MailScanner[7608]: Found syntax errors in /etc/MailScanner/filename.rules.rules. May 3 09:57:49 server MailScanner[7608]: Read 717 hostnames from the phishing whitelist May 3 09:57:51 server MailScanner[7608]: Using SpamAssassin results cache May 3 09:57:51 server MailScanner[7608]: Connected to SpamAssassin cache database May 3 09:57:51 server MailScanner[7608]: Expired 5 records from the SpamAssassin cache May 3 09:57:51 server MailScanner[7608]: Enabling SpamAssassin auto-whitelist functionality... May 3 09:58:01 server MailScanner[7608]: ClamAV scanner using unrar command /usr/bin/unrar May 3 09:58:01 server MailScanner[7608]: Using locktype = flock May 3 10:01:04 server update.virus.scanners: Delaying cron job up to 600 seconds This file has tabs, no spaces. [root@server MailScanner]# cat /etc/MailScanner/filename.no.rules.conf allow . - - I could add the /etc/MailScanner/filename.rules.conf" but it is the original. If it helps the md5sum is: [root@server MailScanner]# md5sum /etc/MailScanner/filename.rules.conf 2299715e7f67935f73fe0c457a5cae8e /etc/MailScanner/filename.rules.conf I hope that this helps. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: ter?a-feira, 2 de Maio de 2006 19:40 To: MailScanner discussion Subject: Re: Syntax error in rule file. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Very odd. I can't reproduce it. Can you add to Config.pm print STDERR "internalvalue = \"$internalvalue\" and settype = \"$settype\"\n"; just before line 2225. Then do a "MailScanner -debug" and let me know what this line prints. Either that, or mail me off-list with remote login details and root password for your system, and I'll take a look after I've eaten my dinner. Ricardo Aguiar wrote: > Hi, > > I just upgraded from version '4.51.6' to '4.53.6' and I'm using a rule file to control filenames per domain. > > After running "MailScanner -lint" with the new version installed I get: > > Syntax error in line 1 of ruleset file > /etc/MailScanner/filename.rules.rules at > /usr/lib/MailScanner/MailScanner/Config.pm line 2265 Syntax error in > line 2 of ruleset file /etc/MailScanner/filename.rules.rules at > /usr/lib/MailScanner/MailScanner/Config.pm line 2265 Found syntax errors in /etc/MailScanner/filename.rules.rules. at /usr/lib/MailScanner/MailScanner/Config.pm line 2120 Read 717 hostnames from the phishing whitelist Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database SpamAssassin reported no > errors. > > > ### filename.rules.rules ### > FromOrTo: domain.com /etc/MailScanner/filename.no.rules.conf > FromOrTo: default /etc/MailScanner/filename.rules.conf > > > This file is unchanged and work perfectly with version '4.51.6'. > > Thanks in advanced for any help. > > ______________________________________ > | Ricardo d'Aguiar | > | |- > | EMail .: ricardo@memosis.pt |#| > ?????????????????????????????????????? #| > |#######################################| > ??????????????????????????????????????? > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFenbBH2WUcUFbZUEQJ2TgCfa9se7V7yyq77ES2oWC3xfHOOv0IAmQGT ilWwsL3DITfKNDI3Un/ZCWKO =bERL -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From maillists at conactive.com Wed May 3 10:31:20 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed May 3 10:31:27 2006 Subject: clamscan or clamdscan? In-Reply-To: <20060503002236.68741.qmail@web60016.mail.yahoo.com> References: <20060503002236.68741.qmail@web60016.mail.yahoo.com> Message-ID: Anakin SkyWalker wrote on Tue, 2 May 2006 17:22:36 -0700 (PDT): > Does anyone have any sort of comparison for using clamav directly rather than using daemonized? You cannot use clamd with MS. No matter if you are a Yedi or not. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed May 3 10:31:20 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed May 3 10:31:28 2006 Subject: TNEF decoder error In-Reply-To: <9B1F85AA-6749-42F9-9120-558A95EBF84F@ecs.soton.ac.uk> References: <9B1F85AA-6749-42F9-9120-558A95EBF84F@ecs.soton.ac.uk> Message-ID: Ok, thanks! (Still using the internal.) Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From shuttlebox at gmail.com Wed May 3 10:49:22 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed May 3 10:49:24 2006 Subject: clamscan or clamdscan? In-Reply-To: References: <20060503002236.68741.qmail@web60016.mail.yahoo.com> Message-ID: <625385e30605030249o51d312b1qebee2e8215341d53@mail.gmail.com> On 5/3/06, Kai Schaetzl wrote: > You cannot use clamd with MS. No matter if you are a Yedi or not. It's not that hard to modify the clam wrapper to use clamdscan instead of clamscan. -- /peter From MailScanner at ecs.soton.ac.uk Wed May 3 11:45:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 3 11:45:32 2006 Subject: clamscan or clamdscan? In-Reply-To: <625385e30605030249o51d312b1qebee2e8215341d53@mail.gmail.com> References: <20060503002236.68741.qmail@web60016.mail.yahoo.com> <625385e30605030249o51d312b1qebee2e8215341d53@mail.gmail.com> Message-ID: <38427898-5962-4569-9FD5-0BE9F0A29C5B@ecs.soton.ac.uk> On 3 May 2006, at 10:49, shuttlebox wrote: > On 5/3/06, Kai Schaetzl wrote: >> You cannot use clamd with MS. No matter if you are a Yedi or not. > > It's not that hard to modify the clam wrapper to use clamdscan instead > of clamscan. At which point you might as well use "clamavmodule". What's the point of running the daemon if you don't have to? "clamavmodule" is faster and lighter than clamdscan anyway. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From devonharding at gmail.com Wed May 3 12:17:28 2006 From: devonharding at gmail.com (Devon Harding) Date: Wed May 3 12:17:34 2006 Subject: Spamassassin not working after 4.53 Message-ID: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> After I upgraded to 4.53, I noticed that Mailscanner was letting through ALOT more spam. I also noticed that spamassassin was scoring messages very low. Can anyone tell me whats going on? Here's a copy of my spamassassin --lint: [root@mars MailScanner]# spamassassin -x -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint [11642] dbg: logger: adding facilities: all [11642] dbg: logger: logging level is DBG [11642] dbg: generic: SpamAssassin version 3.1.1 [11642] dbg: config: score set 0 chosen. [11642] dbg: util: running in taint mode? yes [11642] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [11642] dbg: util: PATH included '/usr/kerberos/sbin', keeping [11642] dbg: util: PATH included '/usr/kerberos/bin', keeping [11642] dbg: util: PATH included '/usr/local/sbin', keeping [11642] dbg: util: PATH included '/usr/local/bin', keeping [11642] dbg: util: PATH included '/sbin', keeping [11642] dbg: util: PATH included '/bin', keeping [11642] dbg: util: PATH included '/usr/sbin', keeping [11642] dbg: util: PATH included '/usr/bin', keeping [11642] dbg: util: PATH included '/root/bin', keeping [11642] dbg: util: final PATH set to: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin [11642] dbg: dns: is Net::DNS::Resolver available? yes [11642] dbg: dns: Net::DNS version: 0.57 [11642] dbg: diag: perl platform: 5.008008 linux [11642] dbg: diag: module installed: Digest::SHA1, version 2.11 [11642] dbg: diag: module installed: HTML::Parser, version 3.51 [11642] dbg: diag: module installed: MIME::Base64, version 3.07 [11642] dbg: diag: module installed: DB_File, version 1.814 [11642] dbg: diag: module installed: Net::DNS, version 0.57 [11642] dbg: diag: module installed: Net::SMTP, version 2.29 [11642] dbg: diag: module installed: Mail::SPF::Query, version 1.999001 [11642] dbg: diag: module installed: IP::Country::Fast, version 604.001 [11642] dbg: diag: module installed: Razor2::Client::Agent, version 2.81 [11642] dbg: diag: module installed: Net::Ident, version 1.20 [11642] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed) [11642] dbg: diag: module installed: IO::Socket::SSL, version 0.97 [11642] dbg: diag: module installed: Time::HiRes, version 1.86 [11642] dbg: diag: module installed: DBI, version 1.50 [11642] dbg: diag: module installed: Getopt::Long, version 2.35 [11642] dbg: diag: module installed: LWP::UserAgent, version 2.033 [11642] dbg: diag: module installed: HTTP::Date, version 1.47 [11642] dbg: diag: module installed: Archive::Tar, version 1.29 [11642] dbg: diag: module installed: IO::Zlib, version 1.04 [11642] dbg: ignore: using a test message to lint rules [11642] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [11642] dbg: config: read file /etc/mail/spamassassin/init.pre [11642] dbg: config: read file /etc/mail/spamassassin/v310.pre [11642] dbg: config: using "/var/lib/spamassassin/3.001001" for sys rules pre files [11642] dbg: config: using "/var/lib/spamassassin/3.001001" for default rules dir [11642] dbg: config: using "/etc/mail/spamassassin" for site rules dir [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum1.cf [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum2.cf [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_html.cf [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_html4.cf [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_html_eng.cf [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu.cf [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_random.cf [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_specific.cf [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_uri.cf [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_whitelist.cf [11642] dbg: config: read file /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf [11642] dbg: config: read file /etc/mail/spamassassin/88_FVGT_body.cf [11642] dbg: config: read file /etc/mail/spamassassin/88_FVGT_headers.cf [11642] dbg: config: read file /etc/mail/spamassassin/88_FVGT_rawbody.cf [11642] dbg: config: read file /etc/mail/spamassassin/88_FVGT_subject.cf [11642] dbg: config: read file /etc/mail/spamassassin/88_FVGT_uri.cf [11642] dbg: config: read file /etc/mail/spamassassin/99_FVGT_Tripwire.cf [11642] dbg: config: read file /etc/mail/spamassassin/antidrug.cf [11642] dbg: config: read file /etc/mail/spamassassin/backhair.cf [11642] dbg: config: read file /etc/mail/spamassassin/chickenpox.cf [11642] dbg: config: read file /etc/mail/spamassassin/german.cf [11642] dbg: config: read file /etc/mail/spamassassin/local.cf [11642] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf [11642] dbg: config: read file /etc/mail/spamassassin/mangled.cf [11642] dbg: config: read file /etc/mail/spamassassin/random.current.cf [11642] dbg: config: read file /etc/mail/spamassassin/sa-blacklist.current.uri.cf [11642] dbg: config: read file /etc/mail/spamassassin/tripwire.cf [11642] dbg: config: read file /etc/mail/spamassassin/weeds.cf [11642] dbg: config: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file [11642] dbg: config: read file /etc/MailScanner/spam.assassin.prefs.conf [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC [11642] dbg: dcc: network tests on, registering DCC [11642] dbg: plugin: registered Mail::SpamAssassin::Plugin::DCC=HASH(0x9a6b8e0) [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [11642] dbg: pyzor: network tests on, attempting Pyzor [11642] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a5db2c) [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: razor2 is available, version 2.81 [11642] dbg: plugin: registered Mail::SpamAssassin::Plugin::Razor2=HASH(0x9b24050) [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [11642] dbg: reporter: network tests on, attempting SpamCop [11642] dbg: plugin: registered Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9b5b2a8) [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [11642] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x9ae90d4) [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [11642] dbg: plugin: registered Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9aea07c) [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [11642] dbg: plugin: registered Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9aeaaf0) [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [11642] dbg: plugin: registered Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9aeb7d4) [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [11642] dbg: plugin: registered Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from @INC [11642] dbg: plugin: registered Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [11642] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x9b64784) [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [11642] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: razor2 is available, version 2.81 [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Razor2=HASH(0x9bb3f14), already registered [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC [11642] dbg: dcc: network tests on, registering DCC [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::DCC=HASH(0x9a85404), already registered [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [11642] dbg: pyzor: network tests on, attempting Pyzor [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a85428), already registered [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: razor2 is available, version 2.81 [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a85440), already registered [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [11642] dbg: reporter: network tests on, attempting SpamCop [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9a8550c), already registered [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::AWL=HASH(0x9a854d0), already registered [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9a855a8), already registered [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9a855a8), already registered [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9a8568c), already registered [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9a85704), already registered [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from @INC [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9a8571c), already registered [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::SPF=HASH(0x9a856b0), already registered [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9a85710), already registered [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: razor2 is available, version 2.81 [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a8577c), already registered [11642] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) implements 'finish_parsing_end' [11642] dbg: replacetags: replacing tags [11642] dbg: replacetags: done replacing tags [11642] dbg: bayes: using username: root [11642] dbg: bayes: database connection established [11642] dbg: bayes: found bayes db version 3 [11642] dbg: bayes: Using userid: 1 [11642] dbg: config: score set 3 chosen. [11642] dbg: message: ---- MIME PARSER START ---- [11642] dbg: message: main message type: text/plain [11642] dbg: message: parsing normal part [11642] dbg: message: added part, type: text/plain [11642] dbg: message: ---- MIME PARSER END ---- [11642] dbg: dns: name server: 192.168.0.10, family: 2, ipv6: 0 [11642] dbg: dns: testing resolver nameservers: 192.168.0.10, 192.168.0.12, 192.168.0.2 [11642] dbg: dns: trying (3) linux.org... [11642] dbg: dns: looking up NS for 'linux.org' [11642] dbg: dns: NS lookup of linux.org using 192.168.0.10 failed, no results found [11642] dbg: dns: trying (2) akamai.com... [11642] dbg: dns: looking up NS for 'akamai.com' [11642] dbg: dns: NS lookup of akamai.com using 192.168.0.10 failed, no results found [11642] dbg: dns: trying (1) intel.com... [11642] dbg: dns: looking up NS for 'intel.com' [11642] dbg: dns: NS lookup of intel.com using 192.168.0.10 succeeded => DNS available (set dns_available to override) [11642] dbg: dns: is DNS available? 1 [11642] dbg: metadata: X-Spam-Relays-Trusted: [11642] dbg: metadata: X-Spam-Relays-Untrusted: [11642] dbg: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) implements 'extract_metadata' [11642] dbg: metadata: X-Relay-Countries: [11642] dbg: message: no encoding detected [11642] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements 'parsed_metadata' [11642] dbg: uridnsbl: domains to query: [11642] dbg: check: running tests for priority: 0 [11642] dbg: rules: running header regexp tests; score so far=0 [11642] dbg: rules: running body-text per-line regexp tests; score so far=0 [11642] dbg: rules: ran body rule __SARE_HTML_HAS_MSG ======> got hit: "I" [11642] dbg: uri: running uri tests; score so far=0 [11642] dbg: rules: running raw-body-text per-line regexp tests; score so far=0 [11642] dbg: rules: running full-text regexp tests; score so far=0 [11642] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements 'check_tick' [11642] dbg: check: running tests for priority: 500 [11642] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements 'check_post_dnsbl' [11642] dbg: rules: running meta tests; score so far=0 [11642] dbg: rules: running header regexp tests; score so far=0 [11642] dbg: rules: running body-text per-line regexp tests; score so far=0 [11642] dbg: uri: running uri tests; score so far=0 [11642] dbg: rules: running raw-body-text per-line regexp tests; score so far=0 [11642] dbg: rules: running full-text regexp tests; score so far=0 [11642] dbg: check: is spam? score=0 required=5 [11642] dbg: check: tests= [11642] dbg: check: subtests=__SARE_HTML_HAS_MSG From adrik at salesmanager.nl Wed May 3 12:28:06 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Wed May 3 12:28:08 2006 Subject: Spamassassin not working after 4.53 Message-ID: I see you are using /var/lib/spamassassin/3.001001 as your sys and def rules dir. Probably these where created by running sa-update. Yet, there are NO rules from this location read! So all the default built-in rules don't exist as far as Sa is concerned. Are there any rules in /var/lib/spamassassin/3.001001 or underlying directories? Have you tried running sa-update again? Perhaps it's a failed sa-update, which deleted everything? Adri. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Devon Harding > Sent: woensdag 3 mei 2006 13:17 > To: MailScanner discussion > Subject: Spamassassin not working after 4.53 > > After I upgraded to 4.53, I noticed that Mailscanner was letting > through ALOT more spam. I also noticed that spamassassin was scoring > messages very low. Can anyone tell me whats going on? Here's a copy > of my spamassassin --lint: > > [root@mars MailScanner]# spamassassin -x -D -p > /etc/MailScanner/spam.assassin.prefs.conf --lint > [11642] dbg: logger: adding facilities: all > [11642] dbg: logger: logging level is DBG > [11642] dbg: generic: SpamAssassin version 3.1.1 > [11642] dbg: config: score set 0 chosen. > [11642] dbg: util: running in taint mode? yes > [11642] dbg: util: taint mode: deleting unsafe environment variables, > resetting PATH > [11642] dbg: util: PATH included '/usr/kerberos/sbin', keeping > [11642] dbg: util: PATH included '/usr/kerberos/bin', keeping > [11642] dbg: util: PATH included '/usr/local/sbin', keeping > [11642] dbg: util: PATH included '/usr/local/bin', keeping > [11642] dbg: util: PATH included '/sbin', keeping > [11642] dbg: util: PATH included '/bin', keeping > [11642] dbg: util: PATH included '/usr/sbin', keeping > [11642] dbg: util: PATH included '/usr/bin', keeping > [11642] dbg: util: PATH included '/root/bin', keeping > [11642] dbg: util: final PATH set to: > /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/loca > l/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin > [11642] dbg: dns: is Net::DNS::Resolver available? yes > [11642] dbg: dns: Net::DNS version: 0.57 > [11642] dbg: diag: perl platform: 5.008008 linux > [11642] dbg: diag: module installed: Digest::SHA1, version 2.11 > [11642] dbg: diag: module installed: HTML::Parser, version 3.51 > [11642] dbg: diag: module installed: MIME::Base64, version 3.07 > [11642] dbg: diag: module installed: DB_File, version 1.814 > [11642] dbg: diag: module installed: Net::DNS, version 0.57 > [11642] dbg: diag: module installed: Net::SMTP, version 2.29 > [11642] dbg: diag: module installed: Mail::SPF::Query, > version 1.999001 > [11642] dbg: diag: module installed: IP::Country::Fast, > version 604.001 > [11642] dbg: diag: module installed: Razor2::Client::Agent, > version 2.81 > [11642] dbg: diag: module installed: Net::Ident, version 1.20 > [11642] dbg: diag: module not installed: IO::Socket::INET6 > ('require' failed) > [11642] dbg: diag: module installed: IO::Socket::SSL, version 0.97 > [11642] dbg: diag: module installed: Time::HiRes, version 1.86 > [11642] dbg: diag: module installed: DBI, version 1.50 > [11642] dbg: diag: module installed: Getopt::Long, version 2.35 > [11642] dbg: diag: module installed: LWP::UserAgent, version 2.033 > [11642] dbg: diag: module installed: HTTP::Date, version 1.47 > [11642] dbg: diag: module installed: Archive::Tar, version 1.29 > [11642] dbg: diag: module installed: IO::Zlib, version 1.04 > [11642] dbg: ignore: using a test message to lint rules > [11642] dbg: config: using "/etc/mail/spamassassin" for site > rules pre files > [11642] dbg: config: read file /etc/mail/spamassassin/init.pre > [11642] dbg: config: read file /etc/mail/spamassassin/v310.pre > [11642] dbg: config: using "/var/lib/spamassassin/3.001001" for sys > rules pre files > [11642] dbg: config: using "/var/lib/spamassassin/3.001001" for > default rules dir > [11642] dbg: config: using "/etc/mail/spamassassin" for site rules dir > [11642] dbg: config: read file > /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/70_sare_evilnum0.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/70_sare_evilnum1.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/70_sare_evilnum2.cf > [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_html.cf > [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_html4.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/70_sare_html_eng.cf > [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/70_sare_random.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/70_sare_specific.cf > [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_uri.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/70_sare_whitelist.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf > [11642] dbg: config: read file /etc/mail/spamassassin/88_FVGT_body.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/88_FVGT_headers.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/88_FVGT_rawbody.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/88_FVGT_subject.cf > [11642] dbg: config: read file /etc/mail/spamassassin/88_FVGT_uri.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/99_FVGT_Tripwire.cf > [11642] dbg: config: read file /etc/mail/spamassassin/antidrug.cf > [11642] dbg: config: read file /etc/mail/spamassassin/backhair.cf > [11642] dbg: config: read file /etc/mail/spamassassin/chickenpox.cf > [11642] dbg: config: read file /etc/mail/spamassassin/german.cf > [11642] dbg: config: read file /etc/mail/spamassassin/local.cf > [11642] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf > [11642] dbg: config: read file /etc/mail/spamassassin/mangled.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/random.current.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/sa-blacklist.current.uri.cf > [11642] dbg: config: read file /etc/mail/spamassassin/tripwire.cf > [11642] dbg: config: read file /etc/mail/spamassassin/weeds.cf > [11642] dbg: config: using "/etc/MailScanner/spam.assassin.prefs.conf" > for user prefs file > [11642] dbg: config: read file > /etc/MailScanner/spam.assassin.prefs.conf > [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC > [11642] dbg: dcc: network tests on, registering DCC > [11642] dbg: plugin: registered > Mail::SpamAssassin::Plugin::DCC=HASH(0x9a6b8e0) > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Pyzor from @INC > [11642] dbg: pyzor: network tests on, attempting Pyzor > [11642] dbg: plugin: registered > Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a5db2c) > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Razor2 from @INC > [11642] dbg: razor2: razor2 is available, version 2.81 > [11642] dbg: plugin: registered > Mail::SpamAssassin::Plugin::Razor2=HASH(0x9b24050) > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::SpamCop from @INC > [11642] dbg: reporter: network tests on, attempting SpamCop > [11642] dbg: plugin: registered > Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9b5b2a8) > [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC > [11642] dbg: plugin: registered > Mail::SpamAssassin::Plugin::AWL=HASH(0x9ae90d4) > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC > [11642] dbg: plugin: registered > Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9aea07c) > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::WhiteListSubject from @INC > [11642] dbg: plugin: registered > Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9aeaaf0) > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::MIMEHeader from @INC > [11642] dbg: plugin: registered > Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9aeb7d4) > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::ReplaceTags from @INC > [11642] dbg: plugin: registered > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::RelayCountry from @INC > [11642] dbg: plugin: registered > Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) > [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > [11642] dbg: plugin: registered > Mail::SpamAssassin::Plugin::SPF=HASH(0x9b64784) > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::URIDNSBL from @INC > [11642] dbg: plugin: registered > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Razor2 from @INC > [11642] dbg: razor2: razor2 is available, version 2.81 > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::Razor2=HASH(0x9bb3f14), already registered > [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC > [11642] dbg: dcc: network tests on, registering DCC > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::DCC=HASH(0x9a85404), already registered > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Pyzor from @INC > [11642] dbg: pyzor: network tests on, attempting Pyzor > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a85428), already registered > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Razor2 from @INC > [11642] dbg: razor2: razor2 is available, version 2.81 > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a85440), already registered > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::SpamCop from @INC > [11642] dbg: reporter: network tests on, attempting SpamCop > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9a8550c), already > registered > [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::AWL=HASH(0x9a854d0), already registered > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9a855a8), > already registered > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::WhiteListSubject from @INC > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9a855a8), already > registered > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::MIMEHeader from @INC > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9a8568c), already > registered > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::ReplaceTags from @INC > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9a85704), already > registered > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::RelayCountry from @INC > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9a8571c), already > registered > [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::SPF=HASH(0x9a856b0), already registered > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::URIDNSBL from @INC > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9a85710), already > registered > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Razor2 from @INC > [11642] dbg: razor2: razor2 is available, version 2.81 > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a8577c), already registered > [11642] dbg: plugin: > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) implements > 'finish_parsing_end' > [11642] dbg: replacetags: replacing tags > [11642] dbg: replacetags: done replacing tags > [11642] dbg: bayes: using username: root > [11642] dbg: bayes: database connection established > [11642] dbg: bayes: found bayes db version 3 > [11642] dbg: bayes: Using userid: 1 > [11642] dbg: config: score set 3 chosen. > [11642] dbg: message: ---- MIME PARSER START ---- > [11642] dbg: message: main message type: text/plain > [11642] dbg: message: parsing normal part > [11642] dbg: message: added part, type: text/plain > [11642] dbg: message: ---- MIME PARSER END ---- > [11642] dbg: dns: name server: 192.168.0.10, family: 2, ipv6: 0 > [11642] dbg: dns: testing resolver nameservers: 192.168.0.10, > 192.168.0.12, 192.168.0.2 > [11642] dbg: dns: trying (3) linux.org... > [11642] dbg: dns: looking up NS for 'linux.org' > [11642] dbg: dns: NS lookup of linux.org using 192.168.0.10 failed, no > results found > [11642] dbg: dns: trying (2) akamai.com... > [11642] dbg: dns: looking up NS for 'akamai.com' > [11642] dbg: dns: NS lookup of akamai.com using 192.168.0.10 failed, > no results found > [11642] dbg: dns: trying (1) intel.com... > [11642] dbg: dns: looking up NS for 'intel.com' > [11642] dbg: dns: NS lookup of intel.com using 192.168.0.10 succeeded > => DNS available (set dns_available to override) > [11642] dbg: dns: is DNS available? 1 > [11642] dbg: metadata: X-Spam-Relays-Trusted: > [11642] dbg: metadata: X-Spam-Relays-Untrusted: > [11642] dbg: plugin: > Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) implements > 'extract_metadata' > [11642] dbg: metadata: X-Relay-Countries: > [11642] dbg: message: no encoding detected > [11642] dbg: plugin: > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements > 'parsed_metadata' > [11642] dbg: uridnsbl: domains to query: > [11642] dbg: check: running tests for priority: 0 > [11642] dbg: rules: running header regexp tests; score so far=0 > [11642] dbg: rules: running body-text per-line regexp tests; > score so far=0 > [11642] dbg: rules: ran body rule __SARE_HTML_HAS_MSG ======> > got hit: "I" > [11642] dbg: uri: running uri tests; score so far=0 > [11642] dbg: rules: running raw-body-text per-line regexp > tests; score so far=0 > [11642] dbg: rules: running full-text regexp tests; score so far=0 > [11642] dbg: plugin: > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements > 'check_tick' > [11642] dbg: check: running tests for priority: 500 > [11642] dbg: plugin: > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements > 'check_post_dnsbl' > [11642] dbg: rules: running meta tests; score so far=0 > [11642] dbg: rules: running header regexp tests; score so far=0 > [11642] dbg: rules: running body-text per-line regexp tests; > score so far=0 > [11642] dbg: uri: running uri tests; score so far=0 > [11642] dbg: rules: running raw-body-text per-line regexp > tests; score so far=0 > [11642] dbg: rules: running full-text regexp tests; score so far=0 > [11642] dbg: check: is spam? score=0 required=5 > [11642] dbg: check: tests= > [11642] dbg: check: subtests=__SARE_HTML_HAS_MSG > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From csweeney at osubucks.org Wed May 3 12:30:38 2006 From: csweeney at osubucks.org (Chris Sweeney) Date: Wed May 3 12:29:02 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> Message-ID: <4458945E.1000709@osubucks.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Did you notice this part: kinda looks like you might be have a DNS issue..... 11642] dbg: dns: name server: 192.168.0.10, family: 2, ipv6: 0 [11642] dbg: dns: testing resolver nameservers: 192.168.0.10, 192.168.0.12, 192.168.0.2 [11642] dbg: dns: trying (3) linux.org... [11642] dbg: dns: looking up NS for 'linux.org' [11642] dbg: dns: NS lookup of linux.org using 192.168.0.10 failed, no results found [11642] dbg: dns: trying (2) akamai.com... [11642] dbg: dns: looking up NS for 'akamai.com' [11642] dbg: dns: NS lookup of akamai.com using 192.168.0.10 failed, no results found Devon Harding wrote: > After I upgraded to 4.53, I noticed that Mailscanner was letting > through ALOT more spam. I also noticed that spamassassin was scoring > messages very low. Can anyone tell me whats going on? Here's a copy > of my spamassassin --lint: > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEWJReS9AMNDUYgIcRAhoFAKDkJ8YJNgMMpoq0QgBUW/Xp8Ps7qwCgijF5 wttgiixx5P7HYIIoC/xUtzE= =lQRj -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From kte at nexis.be Wed May 3 12:45:07 2006 From: kte at nexis.be (kte@nexis.be) Date: Wed May 3 12:45:33 2006 Subject: Open source mailserver Message-ID: I want to install an opensource mailserver on linux wit about 1600 users who send or receive about 10 messages a day for each user. He must have a web based admin + quota management + webclient + connecting from an outlook client (imap, pop3). I there an easy install/stable/configure open source mailserver that has these functions? I' looking at openexchange, zimbra, more.groupware? But I don't have experience + they have more the just a mailserver + webclient Thanks Koen -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060503/6ff8c590/attachment.html From roger at rudnick.com.br Wed May 3 12:45:20 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Wed May 3 12:45:39 2006 Subject: Spamassassin not working after 4.53 References: Message-ID: <018c01c66ea7$0eff6450$0600a8c0@roger> I'm with the same problem here... What's the problem with sa-update? I normally used my rules in /etc/mail/spamassassin, and since this version 4.53.6-1, with this new setting "SpamAssassin Local State Dir" I'm having problems... My sa-update command runned with debug didn't found any working mirror... Any help? Regards Roger Jochem ----- Original Message ----- From: "Adri Koppes" To: "MailScanner discussion" Sent: Wednesday, May 03, 2006 8:28 AM Subject: RE: Spamassassin not working after 4.53 >I see you are using /var/lib/spamassassin/3.001001 as your sys and def > rules dir. > Probably these where created by running sa-update. > Yet, there are NO rules from this location read! > So all the default built-in rules don't exist as far as Sa is concerned. > Are there any rules in /var/lib/spamassassin/3.001001 or underlying > directories? > Have you tried running sa-update again? Perhaps it's a failed sa-update, > which deleted everything? > > Adri. > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Devon Harding >> Sent: woensdag 3 mei 2006 13:17 >> To: MailScanner discussion >> Subject: Spamassassin not working after 4.53 >> >> After I upgraded to 4.53, I noticed that Mailscanner was letting >> through ALOT more spam. I also noticed that spamassassin was scoring >> messages very low. Can anyone tell me whats going on? Here's a copy >> of my spamassassin --lint: >> >> [root@mars MailScanner]# spamassassin -x -D -p >> /etc/MailScanner/spam.assassin.prefs.conf --lint >> [11642] dbg: logger: adding facilities: all >> [11642] dbg: logger: logging level is DBG >> [11642] dbg: generic: SpamAssassin version 3.1.1 >> [11642] dbg: config: score set 0 chosen. >> [11642] dbg: util: running in taint mode? yes >> [11642] dbg: util: taint mode: deleting unsafe environment variables, >> resetting PATH >> [11642] dbg: util: PATH included '/usr/kerberos/sbin', keeping >> [11642] dbg: util: PATH included '/usr/kerberos/bin', keeping >> [11642] dbg: util: PATH included '/usr/local/sbin', keeping >> [11642] dbg: util: PATH included '/usr/local/bin', keeping >> [11642] dbg: util: PATH included '/sbin', keeping >> [11642] dbg: util: PATH included '/bin', keeping >> [11642] dbg: util: PATH included '/usr/sbin', keeping >> [11642] dbg: util: PATH included '/usr/bin', keeping >> [11642] dbg: util: PATH included '/root/bin', keeping >> [11642] dbg: util: final PATH set to: >> /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/loca >> l/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin >> [11642] dbg: dns: is Net::DNS::Resolver available? yes >> [11642] dbg: dns: Net::DNS version: 0.57 >> [11642] dbg: diag: perl platform: 5.008008 linux >> [11642] dbg: diag: module installed: Digest::SHA1, version 2.11 >> [11642] dbg: diag: module installed: HTML::Parser, version 3.51 >> [11642] dbg: diag: module installed: MIME::Base64, version 3.07 >> [11642] dbg: diag: module installed: DB_File, version 1.814 >> [11642] dbg: diag: module installed: Net::DNS, version 0.57 >> [11642] dbg: diag: module installed: Net::SMTP, version 2.29 >> [11642] dbg: diag: module installed: Mail::SPF::Query, >> version 1.999001 >> [11642] dbg: diag: module installed: IP::Country::Fast, >> version 604.001 >> [11642] dbg: diag: module installed: Razor2::Client::Agent, >> version 2.81 >> [11642] dbg: diag: module installed: Net::Ident, version 1.20 >> [11642] dbg: diag: module not installed: IO::Socket::INET6 >> ('require' failed) >> [11642] dbg: diag: module installed: IO::Socket::SSL, version 0.97 >> [11642] dbg: diag: module installed: Time::HiRes, version 1.86 >> [11642] dbg: diag: module installed: DBI, version 1.50 >> [11642] dbg: diag: module installed: Getopt::Long, version 2.35 >> [11642] dbg: diag: module installed: LWP::UserAgent, version 2.033 >> [11642] dbg: diag: module installed: HTTP::Date, version 1.47 >> [11642] dbg: diag: module installed: Archive::Tar, version 1.29 >> [11642] dbg: diag: module installed: IO::Zlib, version 1.04 >> [11642] dbg: ignore: using a test message to lint rules >> [11642] dbg: config: using "/etc/mail/spamassassin" for site >> rules pre files >> [11642] dbg: config: read file /etc/mail/spamassassin/init.pre >> [11642] dbg: config: read file /etc/mail/spamassassin/v310.pre >> [11642] dbg: config: using "/var/lib/spamassassin/3.001001" for sys >> rules pre files >> [11642] dbg: config: using "/var/lib/spamassassin/3.001001" for >> default rules dir >> [11642] dbg: config: using "/etc/mail/spamassassin" for site rules dir >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_evilnum0.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_evilnum1.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_evilnum2.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_html.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_html4.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_html_eng.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_random.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_specific.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_uri.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_whitelist.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/88_FVGT_body.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/88_FVGT_headers.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/88_FVGT_rawbody.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/88_FVGT_subject.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/88_FVGT_uri.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/99_FVGT_Tripwire.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/antidrug.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/backhair.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/chickenpox.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/german.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/local.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/mangled.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/random.current.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/sa-blacklist.current.uri.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/tripwire.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/weeds.cf >> [11642] dbg: config: using "/etc/MailScanner/spam.assassin.prefs.conf" >> for user prefs file >> [11642] dbg: config: read file >> /etc/MailScanner/spam.assassin.prefs.conf >> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC >> [11642] dbg: dcc: network tests on, registering DCC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a6b8e0) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Pyzor from @INC >> [11642] dbg: pyzor: network tests on, attempting Pyzor >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a5db2c) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Razor2 from @INC >> [11642] dbg: razor2: razor2 is available, version 2.81 >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9b24050) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::SpamCop from @INC >> [11642] dbg: reporter: network tests on, attempting SpamCop >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9b5b2a8) >> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::AWL=HASH(0x9ae90d4) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9aea07c) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9aeaaf0) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::MIMEHeader from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9aeb7d4) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::ReplaceTags from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::RelayCountry from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) >> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::SPF=HASH(0x9b64784) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::URIDNSBL from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Razor2 from @INC >> [11642] dbg: razor2: razor2 is available, version 2.81 >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9bb3f14), already registered >> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC >> [11642] dbg: dcc: network tests on, registering DCC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a85404), already registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Pyzor from @INC >> [11642] dbg: pyzor: network tests on, attempting Pyzor >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a85428), already registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Razor2 from @INC >> [11642] dbg: razor2: razor2 is available, version 2.81 >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a85440), already registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::SpamCop from @INC >> [11642] dbg: reporter: network tests on, attempting SpamCop >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9a8550c), already >> registered >> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::AWL=HASH(0x9a854d0), already registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9a855a8), >> already registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9a855a8), already >> registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::MIMEHeader from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9a8568c), already >> registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::ReplaceTags from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9a85704), already >> registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::RelayCountry from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9a8571c), already >> registered >> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::SPF=HASH(0x9a856b0), already registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::URIDNSBL from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9a85710), already >> registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Razor2 from @INC >> [11642] dbg: razor2: razor2 is available, version 2.81 >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a8577c), already registered >> [11642] dbg: plugin: >> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) implements >> 'finish_parsing_end' >> [11642] dbg: replacetags: replacing tags >> [11642] dbg: replacetags: done replacing tags >> [11642] dbg: bayes: using username: root >> [11642] dbg: bayes: database connection established >> [11642] dbg: bayes: found bayes db version 3 >> [11642] dbg: bayes: Using userid: 1 >> [11642] dbg: config: score set 3 chosen. >> [11642] dbg: message: ---- MIME PARSER START ---- >> [11642] dbg: message: main message type: text/plain >> [11642] dbg: message: parsing normal part >> [11642] dbg: message: added part, type: text/plain >> [11642] dbg: message: ---- MIME PARSER END ---- >> [11642] dbg: dns: name server: 192.168.0.10, family: 2, ipv6: 0 >> [11642] dbg: dns: testing resolver nameservers: 192.168.0.10, >> 192.168.0.12, 192.168.0.2 >> [11642] dbg: dns: trying (3) linux.org... >> [11642] dbg: dns: looking up NS for 'linux.org' >> [11642] dbg: dns: NS lookup of linux.org using 192.168.0.10 failed, no >> results found >> [11642] dbg: dns: trying (2) akamai.com... >> [11642] dbg: dns: looking up NS for 'akamai.com' >> [11642] dbg: dns: NS lookup of akamai.com using 192.168.0.10 failed, >> no results found >> [11642] dbg: dns: trying (1) intel.com... >> [11642] dbg: dns: looking up NS for 'intel.com' >> [11642] dbg: dns: NS lookup of intel.com using 192.168.0.10 succeeded >> => DNS available (set dns_available to override) >> [11642] dbg: dns: is DNS available? 1 >> [11642] dbg: metadata: X-Spam-Relays-Trusted: >> [11642] dbg: metadata: X-Spam-Relays-Untrusted: >> [11642] dbg: plugin: >> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) implements >> 'extract_metadata' >> [11642] dbg: metadata: X-Relay-Countries: >> [11642] dbg: message: no encoding detected >> [11642] dbg: plugin: >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >> 'parsed_metadata' >> [11642] dbg: uridnsbl: domains to query: >> [11642] dbg: check: running tests for priority: 0 >> [11642] dbg: rules: running header regexp tests; score so far=0 >> [11642] dbg: rules: running body-text per-line regexp tests; >> score so far=0 >> [11642] dbg: rules: ran body rule __SARE_HTML_HAS_MSG ======> >> got hit: "I" >> [11642] dbg: uri: running uri tests; score so far=0 >> [11642] dbg: rules: running raw-body-text per-line regexp >> tests; score so far=0 >> [11642] dbg: rules: running full-text regexp tests; score so far=0 >> [11642] dbg: plugin: >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >> 'check_tick' >> [11642] dbg: check: running tests for priority: 500 >> [11642] dbg: plugin: >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >> 'check_post_dnsbl' >> [11642] dbg: rules: running meta tests; score so far=0 >> [11642] dbg: rules: running header regexp tests; score so far=0 >> [11642] dbg: rules: running body-text per-line regexp tests; >> score so far=0 >> [11642] dbg: uri: running uri tests; score so far=0 >> [11642] dbg: rules: running raw-body-text per-line regexp >> tests; score so far=0 >> [11642] dbg: rules: running full-text regexp tests; score so far=0 >> [11642] dbg: check: is spam? score=0 required=5 >> [11642] dbg: check: tests= >> [11642] dbg: check: subtests=__SARE_HTML_HAS_MSG >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Wed May 3 12:49:44 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed May 3 12:49:47 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> Message-ID: <223f97700605030449w3cdf63bdo5dbe92fe623428a9@mail.gmail.com> On 03/05/06, Devon Harding wrote: > After I upgraded to 4.53, I noticed that Mailscanner was letting > through ALOT more spam. I also noticed that spamassassin was scoring > messages very low. Can anyone tell me whats going on? Here's a copy > of my spamassassin --lint: > > [root@mars MailScanner]# spamassassin -x -D -p (snip) Is this really the complete debug run? It looks a bit .... cut of in the middle, to me at least. Do you employ the digest checks...? There's no mention of those, nor of actually using bayes... Just that a version 3 db is found... Also, you seem to have multiple LoadPlugin lines for the same plugin(s). That doesn't matter for the scoring (AFAICS), but isn't really necessary... > [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC > [11642] dbg: razor2: razor2 is available, version 2.81 > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a8577c), already registered -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From roger at rudnick.com.br Wed May 3 12:51:19 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Wed May 3 12:51:14 2006 Subject: Spamassassin not working after 4.53 References: Message-ID: <01c001c66ea7$e44ec880$0600a8c0@roger> I solved my problem. Port 8090 whas blocked at my firewall... I never used sa-update before. Really a greate feature I didn't know that existed... This maintans my spamassassin rules updated, right? Regards Roger Jochem ----- Original Message ----- From: "Adri Koppes" To: "MailScanner discussion" Sent: Wednesday, May 03, 2006 8:28 AM Subject: RE: Spamassassin not working after 4.53 >I see you are using /var/lib/spamassassin/3.001001 as your sys and def > rules dir. > Probably these where created by running sa-update. > Yet, there are NO rules from this location read! > So all the default built-in rules don't exist as far as Sa is concerned. > Are there any rules in /var/lib/spamassassin/3.001001 or underlying > directories? > Have you tried running sa-update again? Perhaps it's a failed sa-update, > which deleted everything? > > Adri. > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Devon Harding >> Sent: woensdag 3 mei 2006 13:17 >> To: MailScanner discussion >> Subject: Spamassassin not working after 4.53 >> >> After I upgraded to 4.53, I noticed that Mailscanner was letting >> through ALOT more spam. I also noticed that spamassassin was scoring >> messages very low. Can anyone tell me whats going on? Here's a copy >> of my spamassassin --lint: >> >> [root@mars MailScanner]# spamassassin -x -D -p >> /etc/MailScanner/spam.assassin.prefs.conf --lint >> [11642] dbg: logger: adding facilities: all >> [11642] dbg: logger: logging level is DBG >> [11642] dbg: generic: SpamAssassin version 3.1.1 >> [11642] dbg: config: score set 0 chosen. >> [11642] dbg: util: running in taint mode? yes >> [11642] dbg: util: taint mode: deleting unsafe environment variables, >> resetting PATH >> [11642] dbg: util: PATH included '/usr/kerberos/sbin', keeping >> [11642] dbg: util: PATH included '/usr/kerberos/bin', keeping >> [11642] dbg: util: PATH included '/usr/local/sbin', keeping >> [11642] dbg: util: PATH included '/usr/local/bin', keeping >> [11642] dbg: util: PATH included '/sbin', keeping >> [11642] dbg: util: PATH included '/bin', keeping >> [11642] dbg: util: PATH included '/usr/sbin', keeping >> [11642] dbg: util: PATH included '/usr/bin', keeping >> [11642] dbg: util: PATH included '/root/bin', keeping >> [11642] dbg: util: final PATH set to: >> /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/loca >> l/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin >> [11642] dbg: dns: is Net::DNS::Resolver available? yes >> [11642] dbg: dns: Net::DNS version: 0.57 >> [11642] dbg: diag: perl platform: 5.008008 linux >> [11642] dbg: diag: module installed: Digest::SHA1, version 2.11 >> [11642] dbg: diag: module installed: HTML::Parser, version 3.51 >> [11642] dbg: diag: module installed: MIME::Base64, version 3.07 >> [11642] dbg: diag: module installed: DB_File, version 1.814 >> [11642] dbg: diag: module installed: Net::DNS, version 0.57 >> [11642] dbg: diag: module installed: Net::SMTP, version 2.29 >> [11642] dbg: diag: module installed: Mail::SPF::Query, >> version 1.999001 >> [11642] dbg: diag: module installed: IP::Country::Fast, >> version 604.001 >> [11642] dbg: diag: module installed: Razor2::Client::Agent, >> version 2.81 >> [11642] dbg: diag: module installed: Net::Ident, version 1.20 >> [11642] dbg: diag: module not installed: IO::Socket::INET6 >> ('require' failed) >> [11642] dbg: diag: module installed: IO::Socket::SSL, version 0.97 >> [11642] dbg: diag: module installed: Time::HiRes, version 1.86 >> [11642] dbg: diag: module installed: DBI, version 1.50 >> [11642] dbg: diag: module installed: Getopt::Long, version 2.35 >> [11642] dbg: diag: module installed: LWP::UserAgent, version 2.033 >> [11642] dbg: diag: module installed: HTTP::Date, version 1.47 >> [11642] dbg: diag: module installed: Archive::Tar, version 1.29 >> [11642] dbg: diag: module installed: IO::Zlib, version 1.04 >> [11642] dbg: ignore: using a test message to lint rules >> [11642] dbg: config: using "/etc/mail/spamassassin" for site >> rules pre files >> [11642] dbg: config: read file /etc/mail/spamassassin/init.pre >> [11642] dbg: config: read file /etc/mail/spamassassin/v310.pre >> [11642] dbg: config: using "/var/lib/spamassassin/3.001001" for sys >> rules pre files >> [11642] dbg: config: using "/var/lib/spamassassin/3.001001" for >> default rules dir >> [11642] dbg: config: using "/etc/mail/spamassassin" for site rules dir >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_evilnum0.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_evilnum1.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_evilnum2.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_html.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_html4.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_html_eng.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_random.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_specific.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_uri.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_whitelist.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/88_FVGT_body.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/88_FVGT_headers.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/88_FVGT_rawbody.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/88_FVGT_subject.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/88_FVGT_uri.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/99_FVGT_Tripwire.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/antidrug.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/backhair.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/chickenpox.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/german.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/local.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/mangled.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/random.current.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/sa-blacklist.current.uri.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/tripwire.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/weeds.cf >> [11642] dbg: config: using "/etc/MailScanner/spam.assassin.prefs.conf" >> for user prefs file >> [11642] dbg: config: read file >> /etc/MailScanner/spam.assassin.prefs.conf >> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC >> [11642] dbg: dcc: network tests on, registering DCC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a6b8e0) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Pyzor from @INC >> [11642] dbg: pyzor: network tests on, attempting Pyzor >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a5db2c) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Razor2 from @INC >> [11642] dbg: razor2: razor2 is available, version 2.81 >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9b24050) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::SpamCop from @INC >> [11642] dbg: reporter: network tests on, attempting SpamCop >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9b5b2a8) >> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::AWL=HASH(0x9ae90d4) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9aea07c) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9aeaaf0) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::MIMEHeader from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9aeb7d4) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::ReplaceTags from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::RelayCountry from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) >> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::SPF=HASH(0x9b64784) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::URIDNSBL from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Razor2 from @INC >> [11642] dbg: razor2: razor2 is available, version 2.81 >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9bb3f14), already registered >> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC >> [11642] dbg: dcc: network tests on, registering DCC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a85404), already registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Pyzor from @INC >> [11642] dbg: pyzor: network tests on, attempting Pyzor >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a85428), already registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Razor2 from @INC >> [11642] dbg: razor2: razor2 is available, version 2.81 >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a85440), already registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::SpamCop from @INC >> [11642] dbg: reporter: network tests on, attempting SpamCop >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9a8550c), already >> registered >> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::AWL=HASH(0x9a854d0), already registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9a855a8), >> already registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9a855a8), already >> registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::MIMEHeader from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9a8568c), already >> registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::ReplaceTags from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9a85704), already >> registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::RelayCountry from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9a8571c), already >> registered >> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::SPF=HASH(0x9a856b0), already registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::URIDNSBL from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9a85710), already >> registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Razor2 from @INC >> [11642] dbg: razor2: razor2 is available, version 2.81 >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a8577c), already registered >> [11642] dbg: plugin: >> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) implements >> 'finish_parsing_end' >> [11642] dbg: replacetags: replacing tags >> [11642] dbg: replacetags: done replacing tags >> [11642] dbg: bayes: using username: root >> [11642] dbg: bayes: database connection established >> [11642] dbg: bayes: found bayes db version 3 >> [11642] dbg: bayes: Using userid: 1 >> [11642] dbg: config: score set 3 chosen. >> [11642] dbg: message: ---- MIME PARSER START ---- >> [11642] dbg: message: main message type: text/plain >> [11642] dbg: message: parsing normal part >> [11642] dbg: message: added part, type: text/plain >> [11642] dbg: message: ---- MIME PARSER END ---- >> [11642] dbg: dns: name server: 192.168.0.10, family: 2, ipv6: 0 >> [11642] dbg: dns: testing resolver nameservers: 192.168.0.10, >> 192.168.0.12, 192.168.0.2 >> [11642] dbg: dns: trying (3) linux.org... >> [11642] dbg: dns: looking up NS for 'linux.org' >> [11642] dbg: dns: NS lookup of linux.org using 192.168.0.10 failed, no >> results found >> [11642] dbg: dns: trying (2) akamai.com... >> [11642] dbg: dns: looking up NS for 'akamai.com' >> [11642] dbg: dns: NS lookup of akamai.com using 192.168.0.10 failed, >> no results found >> [11642] dbg: dns: trying (1) intel.com... >> [11642] dbg: dns: looking up NS for 'intel.com' >> [11642] dbg: dns: NS lookup of intel.com using 192.168.0.10 succeeded >> => DNS available (set dns_available to override) >> [11642] dbg: dns: is DNS available? 1 >> [11642] dbg: metadata: X-Spam-Relays-Trusted: >> [11642] dbg: metadata: X-Spam-Relays-Untrusted: >> [11642] dbg: plugin: >> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) implements >> 'extract_metadata' >> [11642] dbg: metadata: X-Relay-Countries: >> [11642] dbg: message: no encoding detected >> [11642] dbg: plugin: >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >> 'parsed_metadata' >> [11642] dbg: uridnsbl: domains to query: >> [11642] dbg: check: running tests for priority: 0 >> [11642] dbg: rules: running header regexp tests; score so far=0 >> [11642] dbg: rules: running body-text per-line regexp tests; >> score so far=0 >> [11642] dbg: rules: ran body rule __SARE_HTML_HAS_MSG ======> >> got hit: "I" >> [11642] dbg: uri: running uri tests; score so far=0 >> [11642] dbg: rules: running raw-body-text per-line regexp >> tests; score so far=0 >> [11642] dbg: rules: running full-text regexp tests; score so far=0 >> [11642] dbg: plugin: >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >> 'check_tick' >> [11642] dbg: check: running tests for priority: 500 >> [11642] dbg: plugin: >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >> 'check_post_dnsbl' >> [11642] dbg: rules: running meta tests; score so far=0 >> [11642] dbg: rules: running header regexp tests; score so far=0 >> [11642] dbg: rules: running body-text per-line regexp tests; >> score so far=0 >> [11642] dbg: uri: running uri tests; score so far=0 >> [11642] dbg: rules: running raw-body-text per-line regexp >> tests; score so far=0 >> [11642] dbg: rules: running full-text regexp tests; score so far=0 >> [11642] dbg: check: is spam? score=0 required=5 >> [11642] dbg: check: tests= >> [11642] dbg: check: subtests=__SARE_HTML_HAS_MSG >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From devonharding at gmail.com Wed May 3 12:58:17 2006 From: devonharding at gmail.com (Devon Harding) Date: Wed May 3 12:58:21 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <4458945E.1000709@osubucks.org> References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> <4458945E.1000709@osubucks.org> Message-ID: <2baac6140605030458j79427c97r1efa71400bbabe10@mail.gmail.com> > > Did you notice this part: kinda looks like you might be have a DNS > issue..... DNS is ok, I re-ran lint and the names were resolved... [11996] dbg: dns: name server: 192.168.0.10, family: 2, ipv6: 0 [11996] dbg: dns: testing resolver nameservers: 192.168.0.10, 192.168.0.12, 192.168.0.2 [11996] dbg: dns: trying (3) sourceforge.net... [11996] dbg: dns: looking up NS for 'sourceforge.net' [11996] dbg: dns: NS lookup of sourceforge.net using 192.168.0.10 succeeded => DNS available (set dns_available to override) [11996] dbg: dns: is DNS available? 1 >Have you tried running sa-update again? Perhaps it's a failed sa-update, >which deleted everything? Here is sa-learn's output, btw, got the same -lint results [root@mars MailScanner]# /usr/bin/sa-learn --force-expire --sync -p /etc/MailScanner/spam.assassin.perf.conf expired old bayes database entries in 24 seconds 124411 entries kept, 2400 deleted token frequency: 1-occurrence tokens: 64.69% token frequency: less than 8 occurrences: 21.09% From devonharding at gmail.com Wed May 3 13:03:02 2006 From: devonharding at gmail.com (Devon Harding) Date: Wed May 3 13:03:04 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <223f97700605030449w3cdf63bdo5dbe92fe623428a9@mail.gmail.com> References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> <223f97700605030449w3cdf63bdo5dbe92fe623428a9@mail.gmail.com> Message-ID: <2baac6140605030503n174e69aag931ff7f6e91f3a00@mail.gmail.com> > Is this really the complete debug run? It looks a bit .... cut of in > the middle, to me at least. Here is the command I use: spamassassin -x -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint > Do you employ the digest checks...? There's no mention of those, nor > of actually using bayes... Just that a version 3 db is found... Also using MySQL for bayes storage. From pete at enitech.com.au Wed May 3 13:12:38 2006 From: pete at enitech.com.au (Pete Russell) Date: Wed May 3 13:12:51 2006 Subject: Open source mailserver In-Reply-To: References: Message-ID: <44589E36.6060908@enitech.com.au> Does it need to be open source, or simply nix based? Because outlook/evolution connectors all cost money when you have that many users. Eval www.scalix.com its very polished compared to zimbra and open exchange. But then my eval of it was for 4 users :) kte@nexis.be wrote: > > I want to install an opensource mailserver on linux wit about 1600 users > who send or receive about 10 messages a day for each user. He must have > a web based admin + quota management + webclient + connecting from an > outlook client (imap, pop3). I there an easy install/stable/configure > open source mailserver that has these functions? > I' looking at openexchange, zimbra, more.groupware? But I don't have > experience + they have more the just a mailserver + webclient > > Thanks Koen > From mailscanner at lists.com.ar Wed May 3 13:24:33 2006 From: mailscanner at lists.com.ar (Leonardo Helman) Date: Wed May 3 13:24:16 2006 Subject: ReadMessageHandle question In-Reply-To: <1A265B28-6E4C-4CC4-9F4A-5DDC05DE2CAB@ecs.soton.ac.uk> Message-ID: On Wed, May 03, 2006 at 09:01:56AM +0100, Julian Field wrote: > > On 2 May 2006, at 22:09, Leonardo Helman wrote: > > >Hi > > > >sendmail, > >I really didn't look much of the code for the others), so this > >"unless" > >is always false (so it could be eliminated)? > > Not if it ran out of disk space trying to do it! In that case $this-> > {dpath} would be empty (and hence 0). I'm modifying MailScanner-4.53.6, are you working with something very different. greped (-w) for dpath, and found only: /lib/MailScanner/EximDiskStore.pm: $this->{dpath} = $dir . '/' . $this->{dname}; /lib/MailScanner/SMDiskStore.pm: $this->{dpath} = $dir . '/' . $this->{dname}; > > > > > >Last but not least, I think, we have to change Messages.pm a little > >and > >move to the DiskStores the references to $this->{dpath}, like > >we have done when I sent to you the zmailer parts. > > > >For those changes for example look, in SMDiskStore.pm, look for: "# > >LEOH 26/03/2003 We do not have dpath in other mailers" (more than 3 > >years wow!) > >I'm thinking something in the line of getFileNameToLog or > >something, I don't > >remember, but I think, we have done something like that. > > I can't remember this one. From what I *can* remember, dpath exists > in the Message object for other mailers doesn't it? Does it matter > what other mailers do here? no, it doesn't, I think we deleted all the dpath's from Messages.pm sometime near 2003 Only ./lib/MailScanner/SMDiskStore.pm and ./lib/MailScanner/EximDiskStore.pm should have dpath's Other mailers could have any internal structure for working with the file/s, and Message.pm, should not know any of them What I saw now, is, that dpath returned to Messages.pm I never saw that mention before (and it seems like most of the time $entity is true, so didn't saw it in the logs) Saludos LeoH -- Leonardo Helman Pert Consultores Argentina From glenn.steen at gmail.com Wed May 3 13:39:22 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed May 3 13:39:24 2006 Subject: Open source mailserver In-Reply-To: References: Message-ID: <223f97700605030539nf19fa06hd22488748fea20fb@mail.gmail.com> On 03/05/06, kte@nexis.be wrote: > > I want to install an opensource mailserver on linux wit about 1600 users who > send or receive about 10 messages a day for each user. He must have a web > based admin + quota management + webclient + connecting from an outlook > client (imap, pop3). I there an easy install/stable/configure open source > mailserver that has these functions? > I' looking at openexchange, zimbra, more.groupware? But I don't have > experience + they have more the just a mailserver + webclient > > Thanks Koen > Prossibly a tad less polished than Petes suggestion, but do have a look at courier (http://www.courier-mta.org/)... As they say themselves, you don't need to use their MTA, but can instead use for example Postfix, together with their IMAP and webmail package. I'm not sure that Dovecot has "enough" quota support yet, so ... perhaps not fitting your bill... Not to mention that you'd need complement it with some webmail (squirrel perhaps). Judge for yourself at http://www.dovecot.org/. Some will swear by Cyrus, others at it... Again, judge for yourself at http://asg.web.cmu.edu/cyrus/imapd/ As Pete mentions, most/all "groupware suites" that have an OutLook connector will charge you for it (open-ex etc).... And as you say, they do a bit more than you really want them to, so why use them? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed May 3 13:59:07 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed May 3 13:59:10 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <2baac6140605030458j79427c97r1efa71400bbabe10@mail.gmail.com> References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> <4458945E.1000709@osubucks.org> <2baac6140605030458j79427c97r1efa71400bbabe10@mail.gmail.com> Message-ID: <223f97700605030559t5666b27do76eb176f8381bef9@mail.gmail.com> On 03/05/06, Devon Harding wrote: (snip) > >Have you tried running sa-update again? Perhaps it's a failed sa-update, > >which deleted everything? > > Here is sa-learn's output, btw, got the same -lint results > (snip) update != learn... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed May 3 14:06:08 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed May 3 14:06:10 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <2baac6140605030503n174e69aag931ff7f6e91f3a00@mail.gmail.com> References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> <223f97700605030449w3cdf63bdo5dbe92fe623428a9@mail.gmail.com> <2baac6140605030503n174e69aag931ff7f6e91f3a00@mail.gmail.com> Message-ID: <223f97700605030606u4542799fq92ac4c7c6bc4f802@mail.gmail.com> On 03/05/06, Devon Harding wrote: > > Is this really the complete debug run? It looks a bit .... cut of in > > the middle, to me at least. > > Here is the command I use: > spamassassin -x -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint > > > Do you employ the digest checks...? There's no mention of those, nor > > of actually using bayes... Just that a version 3 db is found... > > Also using MySQL for bayes storage. i think Adri is right... Seems like many of the default rules simply aren't there. Does /var/lib/spamassassin/3.001001 contain any rule files? Or are they in /usr/share/spamassassin? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From adrik at salesmanager.nl Wed May 3 14:13:58 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Wed May 3 14:14:00 2006 Subject: Spamassassin not working after 4.53 Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Glenn Steen > Sent: woensdag 3 mei 2006 15:06 > To: MailScanner discussion > Subject: Re: Spamassassin not working after 4.53 > > On 03/05/06, Devon Harding wrote: > > > Is this really the complete debug run? It looks a bit > .... cut of in > > > the middle, to me at least. > > > > Here is the command I use: > > spamassassin -x -D -p > /etc/MailScanner/spam.assassin.prefs.conf --lint > > > > > Do you employ the digest checks...? There's no mention of > those, nor > > > of actually using bayes... Just that a version 3 db is found... > > > > Also using MySQL for bayes storage. > > i think Adri is right... Seems like many of the default rules > simply aren't there. Does /var/lib/spamassassin/3.001001 > contain any rule files? Or are they in /usr/share/spamassassin? On a normal installation of SA, the default rules will reside in /usr/share/spamassassin. After running sa-update, the default rules will wtill stay in /usr/share/spamassassin, but a new directory with the all old and updated default rules will be created under /var/lib/spamassassin/3.001001. When running SA and the local_state_dir variable is set, it SA will NOT look in /usr/share/spamassassin anymore for default rules. Adri. From devonharding at gmail.com Wed May 3 14:46:10 2006 From: devonharding at gmail.com (Devon Harding) Date: Wed May 3 14:46:12 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <223f97700605030559t5666b27do76eb176f8381bef9@mail.gmail.com> References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> <4458945E.1000709@osubucks.org> <2baac6140605030458j79427c97r1efa71400bbabe10@mail.gmail.com> <223f97700605030559t5666b27do76eb176f8381bef9@mail.gmail.com> Message-ID: <2baac6140605030646n644b6fc3m217e2f0810b6de99@mail.gmail.com> Here are my sa-update results: [root@mars dcc-1.3.31]# sa-update error: can't verify SHA1 signature channel: SHA1 verification failed, channel failed hmm..There are rules in /usr/share/spamassassin, but nothing in /var/lib/spamassassin/3.001001 [root@mars dcc-1.3.31]# l /var/lib/spamassassin/3.001001/ total 8.0K drwxr-xr-x 2 root root 4.0K May 2 04:14 updates_spamassassin_org drwxr-xr-x 2 root root 4.0K May 2 04:14 updates_spamassassin_org.tmp [root@mars dcc-1.3.31]# l /var/lib/spamassassin/3.001001/updates_spamassassin_org total 0 [root@mars dcc-1.3.31]# l /var/lib/spamassassin/3.001001/updates_spamassassin_org.tmp/ total 4.0K -rw-r--r-- 1 root root 98 May 3 09:11 MIRRORED.BY How do I correct this? From glenn.steen at gmail.com Wed May 3 15:16:06 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed May 3 15:16:09 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <2baac6140605030646n644b6fc3m217e2f0810b6de99@mail.gmail.com> References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> <4458945E.1000709@osubucks.org> <2baac6140605030458j79427c97r1efa71400bbabe10@mail.gmail.com> <223f97700605030559t5666b27do76eb176f8381bef9@mail.gmail.com> <2baac6140605030646n644b6fc3m217e2f0810b6de99@mail.gmail.com> Message-ID: <223f97700605030716u217c0b2fu268ee5eadc5ab787@mail.gmail.com> On 03/05/06, Devon Harding wrote: > Here are my sa-update results: > > [root@mars dcc-1.3.31]# sa-update > error: can't verify SHA1 signature > channel: SHA1 verification failed, channel failed > > hmm..There are rules in /usr/share/spamassassin, but nothing in > /var/lib/spamassassin/3.001001 > > [root@mars dcc-1.3.31]# l /var/lib/spamassassin/3.001001/ > total 8.0K > drwxr-xr-x 2 root root 4.0K May 2 04:14 updates_spamassassin_org > drwxr-xr-x 2 root root 4.0K May 2 04:14 updates_spamassassin_org.tmp > [root@mars dcc-1.3.31]# l > /var/lib/spamassassin/3.001001/updates_spamassassin_org > total 0 > [root@mars dcc-1.3.31]# l > /var/lib/spamassassin/3.001001/updates_spamassassin_org.tmp/ > total 4.0K > -rw-r--r-- 1 root root 98 May 3 09:11 MIRRORED.BY > > How do I correct this? Someone will definitely correct me if I'm wrong, but (re-)moving the directory somewhere else (that SA will not try to find it) would probably make it fall abck to /usr/share/spamassassin. I'm sure Adri (or someone else) will have a handle on your SHA1 error there... You saw Rogers resolution to his problem (FW of port 8090 preventing it from retreiving anything)? I just tested running sa-update on a machine with port 8090 blocked, and this is exactly the error that you get... after a longish time you get: ----- [root@apmx05 ~]# sa-update sa-update: importing default keyring to '/etc/mail/spamassassin//sa-update-keys'... http: request failed: 500 Can't connect to buildbot.spamassassin.org.nyud.net:8090 (connect: timeout): 500 Can't connect to buildbot.spamassassin.org.nyud.net:8090 (connect: timeout) error: channel updates.spamassassin.org has no working mirrors channel: could not find working mirror, channel failed ----- and then the /var/lib/spamassassin/ directory is created _without the "old" rules! This is bad only if you have never successfully run sa-update, since otherwise you'll have your "old rules" in place, but when it happens the first time, you neither get the encryption keys (it seems to me), nor any working rules.... Bah. Either fall back to the "default" rules by deleting the dir, or make darned sure the first run succeeds. You might need delete the /etc/mail/spamassassin/sa-update-keys directory and the /var/lib/spamassassin/3.001001 for that to actually work (after opening port 8090). HtH -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dpowell at lssi.net Wed May 3 15:32:35 2006 From: dpowell at lssi.net (Darrin Powell) Date: Wed May 3 15:33:56 2006 Subject: Allow Password-Protected Archives In-Reply-To: <4457A429.8050707@ecs.soton.ac.uk> References: <034d01c66e06$b2242450$3004010a@martinhlaptop> <1146588506.2415.42.camel@powell> <4457A429.8050707@ecs.soton.ac.uk> Message-ID: <1146666756.2775.58.camel@powell> Ahh should have read the message closer :). I am using Sophos AV only. I am not sure what type of file eda10kp.inp is. I received another one today for an .xls file At Tue May 2 15:44:32 2006 the virus scanner said: Password protected file rand.zip/rand.xls Not sure I have seen this in the past. What file would I need to change with Sophos. Thanks -- Darrin Powell, CISSP LSSi Corp. Security Administrator Office (919) 466-6803 On Tue, 2006-05-02 at 19:25 +0100, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Darrin Powell wrote: > > Below is the message: > > > > > > > >> At Tue May 2 10:28:52 2006 the virus scanner said: > >> Password protected file eda10kp.zip/eda10kp.inp > >> > So it's actually saying that the file eda10kp.inp is password-protected, > not the zip file at all. If it was a password-protected archive > blah.zip, it would have said that :-) > > If you are using Sophos, then you will find there is a configuration > option to set allowed messages from Sophos. > > What virus scanners are you using? And what type of file is eda10kp.inp? > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRFekKxH2WUcUFbZUEQKdOACggn3N2pmXxQXLv8dizEhYqJB6s1YAniCS > /K41sRknsPmfP3P3dr0h5jD7 > =jIud > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > -- Darrin Powell, CISSP LSSi Corp. Security Administrator Office (919) 466-6803 From martinh at solid-state-logic.com Wed May 3 15:39:41 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed May 3 15:39:48 2006 Subject: Allow Password-Protected Archives In-Reply-To: <1146666756.2775.58.camel@powell> Message-ID: <00f401c66ebf$69708af0$3004010a@martinhlaptop> Darrin In MailScanner.conf look for the line Allowed Sophos Error Messages I have mine set to the following.. Allowed Sophos Error Messages = "corrupt", "format not supported", "File was encrypted", "The main body of virus data is out of date" (all one line of course - my email client will no doubt split the line ;-( -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Darrin Powell > Sent: 03 May 2006 15:33 > To: MailScanner discussion > Subject: Re: Allow Password-Protected Archives > > Ahh should have read the message closer :). I am using Sophos AV only. I > am not sure what type of file eda10kp.inp is. I received another one > today for an .xls file > > At Tue May 2 15:44:32 2006 the virus scanner said: > Password protected file rand.zip/rand.xls > > Not sure I have seen this in the past. What file would I need to change > with Sophos. > > > Thanks > -- > Darrin Powell, CISSP > LSSi Corp. > Security Administrator > Office (919) 466-6803 > > > On Tue, 2006-05-02 at 19:25 +0100, Julian Field wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > > > > Darrin Powell wrote: > > > Below is the message: > > > > > > > > > > > >> At Tue May 2 10:28:52 2006 the virus scanner said: > > >> Password protected file eda10kp.zip/eda10kp.inp > > >> > > So it's actually saying that the file eda10kp.inp is password-protected, > > not the zip file at all. If it was a password-protected archive > > blah.zip, it would have said that :-) > > > > If you are using Sophos, then you will find there is a configuration > > option to set allowed messages from Sophos. > > > > What virus scanners are you using? And what type of file is eda10kp.inp? > > > > - -- > > Julian Field > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP Desktop 9.0.6 (Build 6060) > > > > iQA/AwUBRFekKxH2WUcUFbZUEQKdOACggn3N2pmXxQXLv8dizEhYqJB6s1YAniCS > > /K41sRknsPmfP3P3dr0h5jD7 > > =jIud > > -----END PGP SIGNATURE----- > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > MailScanner thanks transtec Computers for their support. > > > -- > Darrin Powell, CISSP > LSSi Corp. > Security Administrator > Office (919) 466-6803 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Wed May 3 15:45:51 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 3 15:46:05 2006 Subject: ReadMessageHandle question In-Reply-To: References: Message-ID: <10C8794B-1E89-4601-9B99-091D0590E365@ecs.soton.ac.uk> On 3 May 2006, at 13:24, Leonardo Helman wrote: > On Wed, May 03, 2006 at 09:01:56AM +0100, Julian Field wrote: >> >> On 2 May 2006, at 22:09, Leonardo Helman wrote: >> >>> Hi >>> >>> sendmail, >>> I really didn't look much of the code for the others), so this >>> "unless" >>> is always false (so it could be eliminated)? >> >> Not if it ran out of disk space trying to do it! In that case $this-> >> {dpath} would be empty (and hence 0). > I'm modifying MailScanner-4.53.6, are you working with something > very different. > greped (-w) for dpath, and found only: > > /lib/MailScanner/EximDiskStore.pm: $this->{dpath} = $dir . '/' . > $this->{dname}; > /lib/MailScanner/SMDiskStore.pm: $this->{dpath} = $dir . '/' . > $this->{dname}; > This is from 4.53.6: [root@tinker MailScanner]# pwd /usr/lib/MailScanner/MailScanner [root@tinker MailScanner]# fgrep -l '{dpath}' * EximDiskStore.pm MCP.pm Message.pm SMDiskStore.pm [root@tinker MailScanner]# -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From devonharding at gmail.com Wed May 3 15:47:47 2006 From: devonharding at gmail.com (Devon Harding) Date: Wed May 3 15:47:49 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <223f97700605030716u217c0b2fu268ee5eadc5ab787@mail.gmail.com> References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> <4458945E.1000709@osubucks.org> <2baac6140605030458j79427c97r1efa71400bbabe10@mail.gmail.com> <223f97700605030559t5666b27do76eb176f8381bef9@mail.gmail.com> <2baac6140605030646n644b6fc3m217e2f0810b6de99@mail.gmail.com> <223f97700605030716u217c0b2fu268ee5eadc5ab787@mail.gmail.com> Message-ID: <2baac6140605030747x17ed1a0ew97f7d79901a24987@mail.gmail.com> > Either fall back to the "default" rules by deleting the dir, or make > darned sure the first run succeeds. You might need delete the > /etc/mail/spamassassin/sa-update-keys directory and the > /var/lib/spamassassin/3.001001 for that to actually work (after > opening port 8090). Ok, deleted both folders and re ran sa-update: [root@mars ~]# sa-update sa-update: importing default keyring to '/etc/mail/spamassassin//sa-update-keys'... error: can't verify SHA1 signature channel: SHA1 verification failed, channel failed Checked again, and the folders got recreated. Any other options? From MailScanner at ecs.soton.ac.uk Wed May 3 15:48:10 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 3 15:48:21 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <018c01c66ea7$0eff6450$0600a8c0@roger> References: <018c01c66ea7$0eff6450$0600a8c0@roger> Message-ID: Should I urgently put out a new version with the SpamAssassin Local State Dir setting commented out in MailScanner.conf? On 3 May 2006, at 12:45, Roger Jochem wrote: > I'm with the same problem here... > > What's the problem with sa-update? I normally used my rules in /etc/ > mail/spamassassin, and since this version 4.53.6-1, with this new > setting "SpamAssassin Local State Dir" I'm having problems... > > My sa-update command runned with debug didn't found any working > mirror... Any help? > > Regards > > Roger Jochem > > ----- Original Message ----- From: "Adri Koppes" > > To: "MailScanner discussion" > Sent: Wednesday, May 03, 2006 8:28 AM > Subject: RE: Spamassassin not working after 4.53 > > >> I see you are using /var/lib/spamassassin/3.001001 as your sys and >> def >> rules dir. >> Probably these where created by running sa-update. >> Yet, there are NO rules from this location read! >> So all the default built-in rules don't exist as far as Sa is >> concerned. >> Are there any rules in /var/lib/spamassassin/3.001001 or underlying >> directories? >> Have you tried running sa-update again? Perhaps it's a failed sa- >> update, >> which deleted everything? >> >> Adri. >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>> Of Devon Harding >>> Sent: woensdag 3 mei 2006 13:17 >>> To: MailScanner discussion >>> Subject: Spamassassin not working after 4.53 >>> >>> After I upgraded to 4.53, I noticed that Mailscanner was letting >>> through ALOT more spam. I also noticed that spamassassin was >>> scoring >>> messages very low. Can anyone tell me whats going on? Here's a >>> copy >>> of my spamassassin --lint: >>> >>> [root@mars MailScanner]# spamassassin -x -D -p >>> /etc/MailScanner/spam.assassin.prefs.conf --lint >>> [11642] dbg: logger: adding facilities: all >>> [11642] dbg: logger: logging level is DBG >>> [11642] dbg: generic: SpamAssassin version 3.1.1 >>> [11642] dbg: config: score set 0 chosen. >>> [11642] dbg: util: running in taint mode? yes >>> [11642] dbg: util: taint mode: deleting unsafe environment >>> variables, >>> resetting PATH >>> [11642] dbg: util: PATH included '/usr/kerberos/sbin', keeping >>> [11642] dbg: util: PATH included '/usr/kerberos/bin', keeping >>> [11642] dbg: util: PATH included '/usr/local/sbin', keeping >>> [11642] dbg: util: PATH included '/usr/local/bin', keeping >>> [11642] dbg: util: PATH included '/sbin', keeping >>> [11642] dbg: util: PATH included '/bin', keeping >>> [11642] dbg: util: PATH included '/usr/sbin', keeping >>> [11642] dbg: util: PATH included '/usr/bin', keeping >>> [11642] dbg: util: PATH included '/root/bin', keeping >>> [11642] dbg: util: final PATH set to: >>> /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/loca >>> l/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin >>> [11642] dbg: dns: is Net::DNS::Resolver available? yes >>> [11642] dbg: dns: Net::DNS version: 0.57 >>> [11642] dbg: diag: perl platform: 5.008008 linux >>> [11642] dbg: diag: module installed: Digest::SHA1, version 2.11 >>> [11642] dbg: diag: module installed: HTML::Parser, version 3.51 >>> [11642] dbg: diag: module installed: MIME::Base64, version 3.07 >>> [11642] dbg: diag: module installed: DB_File, version 1.814 >>> [11642] dbg: diag: module installed: Net::DNS, version 0.57 >>> [11642] dbg: diag: module installed: Net::SMTP, version 2.29 >>> [11642] dbg: diag: module installed: Mail::SPF::Query, >>> version 1.999001 >>> [11642] dbg: diag: module installed: IP::Country::Fast, >>> version 604.001 >>> [11642] dbg: diag: module installed: Razor2::Client::Agent, >>> version 2.81 >>> [11642] dbg: diag: module installed: Net::Ident, version 1.20 >>> [11642] dbg: diag: module not installed: IO::Socket::INET6 >>> ('require' failed) >>> [11642] dbg: diag: module installed: IO::Socket::SSL, version 0.97 >>> [11642] dbg: diag: module installed: Time::HiRes, version 1.86 >>> [11642] dbg: diag: module installed: DBI, version 1.50 >>> [11642] dbg: diag: module installed: Getopt::Long, version 2.35 >>> [11642] dbg: diag: module installed: LWP::UserAgent, version 2.033 >>> [11642] dbg: diag: module installed: HTTP::Date, version 1.47 >>> [11642] dbg: diag: module installed: Archive::Tar, version 1.29 >>> [11642] dbg: diag: module installed: IO::Zlib, version 1.04 >>> [11642] dbg: ignore: using a test message to lint rules >>> [11642] dbg: config: using "/etc/mail/spamassassin" for site >>> rules pre files >>> [11642] dbg: config: read file /etc/mail/spamassassin/init.pre >>> [11642] dbg: config: read file /etc/mail/spamassassin/v310.pre >>> [11642] dbg: config: using "/var/lib/spamassassin/3.001001" for sys >>> rules pre files >>> [11642] dbg: config: using "/var/lib/spamassassin/3.001001" for >>> default rules dir >>> [11642] dbg: config: using "/etc/mail/spamassassin" for site >>> rules dir >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/70_sare_evilnum0.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/70_sare_evilnum1.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/70_sare_evilnum2.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>> 70_sare_html.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>> 70_sare_html4.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/70_sare_html_eng.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>> 70_sare_obfu.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/70_sare_random.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/70_sare_specific.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_uri.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/70_sare_whitelist.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>> 88_FVGT_body.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/88_FVGT_headers.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/88_FVGT_rawbody.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/88_FVGT_subject.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/88_FVGT_uri.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/99_FVGT_Tripwire.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/antidrug.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/backhair.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/chickenpox.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/german.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/local.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/mangled.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/random.current.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/sa-blacklist.current.uri.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/tripwire.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/weeds.cf >>> [11642] dbg: config: using "/etc/MailScanner/ >>> spam.assassin.prefs.conf" >>> for user prefs file >>> [11642] dbg: config: read file >>> /etc/MailScanner/spam.assassin.prefs.conf >>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from >>> @INC >>> [11642] dbg: dcc: network tests on, registering DCC >>> [11642] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a6b8e0) >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::Pyzor from @INC >>> [11642] dbg: pyzor: network tests on, attempting Pyzor >>> [11642] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a5db2c) >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::Razor2 from @INC >>> [11642] dbg: razor2: razor2 is available, version 2.81 >>> [11642] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9b24050) >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::SpamCop from @INC >>> [11642] dbg: reporter: network tests on, attempting SpamCop >>> [11642] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9b5b2a8) >>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from >>> @INC >>> [11642] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::AWL=HASH(0x9ae90d4) >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >>> [11642] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9aea07c) >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>> [11642] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9aeaaf0) >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::MIMEHeader from @INC >>> [11642] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9aeb7d4) >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC >>> [11642] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::RelayCountry from @INC >>> [11642] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) >>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from >>> @INC >>> [11642] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::SPF=HASH(0x9b64784) >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::URIDNSBL from @INC >>> [11642] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::Razor2 from @INC >>> [11642] dbg: razor2: razor2 is available, version 2.81 >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9bb3f14), already >>> registered >>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from >>> @INC >>> [11642] dbg: dcc: network tests on, registering DCC >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a85404), already registered >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::Pyzor from @INC >>> [11642] dbg: pyzor: network tests on, attempting Pyzor >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a85428), already >>> registered >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::Razor2 from @INC >>> [11642] dbg: razor2: razor2 is available, version 2.81 >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a85440), already >>> registered >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::SpamCop from @INC >>> [11642] dbg: reporter: network tests on, attempting SpamCop >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9a8550c), already >>> registered >>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from >>> @INC >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::AWL=HASH(0x9a854d0), already registered >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9a855a8), >>> already registered >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9a855a8), >>> already >>> registered >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::MIMEHeader from @INC >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9a8568c), already >>> registered >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9a85704), already >>> registered >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::RelayCountry from @INC >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9a8571c), already >>> registered >>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from >>> @INC >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::SPF=HASH(0x9a856b0), already registered >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::URIDNSBL from @INC >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9a85710), already >>> registered >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::Razor2 from @INC >>> [11642] dbg: razor2: razor2 is available, version 2.81 >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a8577c), already >>> registered >>> [11642] dbg: plugin: >>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) implements >>> 'finish_parsing_end' >>> [11642] dbg: replacetags: replacing tags >>> [11642] dbg: replacetags: done replacing tags >>> [11642] dbg: bayes: using username: root >>> [11642] dbg: bayes: database connection established >>> [11642] dbg: bayes: found bayes db version 3 >>> [11642] dbg: bayes: Using userid: 1 >>> [11642] dbg: config: score set 3 chosen. >>> [11642] dbg: message: ---- MIME PARSER START ---- >>> [11642] dbg: message: main message type: text/plain >>> [11642] dbg: message: parsing normal part >>> [11642] dbg: message: added part, type: text/plain >>> [11642] dbg: message: ---- MIME PARSER END ---- >>> [11642] dbg: dns: name server: 192.168.0.10, family: 2, ipv6: 0 >>> [11642] dbg: dns: testing resolver nameservers: 192.168.0.10, >>> 192.168.0.12, 192.168.0.2 >>> [11642] dbg: dns: trying (3) linux.org... >>> [11642] dbg: dns: looking up NS for 'linux.org' >>> [11642] dbg: dns: NS lookup of linux.org using 192.168.0.10 >>> failed, no >>> results found >>> [11642] dbg: dns: trying (2) akamai.com... >>> [11642] dbg: dns: looking up NS for 'akamai.com' >>> [11642] dbg: dns: NS lookup of akamai.com using 192.168.0.10 failed, >>> no results found >>> [11642] dbg: dns: trying (1) intel.com... >>> [11642] dbg: dns: looking up NS for 'intel.com' >>> [11642] dbg: dns: NS lookup of intel.com using 192.168.0.10 >>> succeeded >>> => DNS available (set dns_available to override) >>> [11642] dbg: dns: is DNS available? 1 >>> [11642] dbg: metadata: X-Spam-Relays-Trusted: >>> [11642] dbg: metadata: X-Spam-Relays-Untrusted: >>> [11642] dbg: plugin: >>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) implements >>> 'extract_metadata' >>> [11642] dbg: metadata: X-Relay-Countries: >>> [11642] dbg: message: no encoding detected >>> [11642] dbg: plugin: >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>> 'parsed_metadata' >>> [11642] dbg: uridnsbl: domains to query: >>> [11642] dbg: check: running tests for priority: 0 >>> [11642] dbg: rules: running header regexp tests; score so far=0 >>> [11642] dbg: rules: running body-text per-line regexp tests; >>> score so far=0 >>> [11642] dbg: rules: ran body rule __SARE_HTML_HAS_MSG ======> >>> got hit: "I" >>> [11642] dbg: uri: running uri tests; score so far=0 >>> [11642] dbg: rules: running raw-body-text per-line regexp >>> tests; score so far=0 >>> [11642] dbg: rules: running full-text regexp tests; score so far=0 >>> [11642] dbg: plugin: >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>> 'check_tick' >>> [11642] dbg: check: running tests for priority: 500 >>> [11642] dbg: plugin: >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>> 'check_post_dnsbl' >>> [11642] dbg: rules: running meta tests; score so far=0 >>> [11642] dbg: rules: running header regexp tests; score so far=0 >>> [11642] dbg: rules: running body-text per-line regexp tests; >>> score so far=0 >>> [11642] dbg: uri: running uri tests; score so far=0 >>> [11642] dbg: rules: running raw-body-text per-line regexp >>> tests; score so far=0 >>> [11642] dbg: rules: running full-text regexp tests; score so far=0 >>> [11642] dbg: check: is spam? score=0 required=5 >>> [11642] dbg: check: tests= >>> [11642] dbg: check: subtests=__SARE_HTML_HAS_MSG >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed May 3 15:49:24 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 3 15:49:37 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <223f97700605030449w3cdf63bdo5dbe92fe623428a9@mail.gmail.com> References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> <223f97700605030449w3cdf63bdo5dbe92fe623428a9@mail.gmail.com> Message-ID: <555DC717-E0D0-4F37-90B9-E3D695FFCEB5@ecs.soton.ac.uk> On 3 May 2006, at 12:49, Glenn Steen wrote: > Also, you seem to have multiple LoadPlugin lines for the same > plugin(s). That doesn't matter for the scoring (AFAICS), but isn't > really necessary... That's my fault. My easy-to-install ClamAV+SA package adds these lines even if they were there already. I'll put some checks in a future release to stop this happening. It is totally harmless though. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From dpowell at lssi.net Wed May 3 15:52:34 2006 From: dpowell at lssi.net (Darrin Powell) Date: Wed May 3 15:53:49 2006 Subject: Allow Password-Protected Archives In-Reply-To: <00f401c66ebf$69708af0$3004010a@martinhlaptop> References: <00f401c66ebf$69708af0$3004010a@martinhlaptop> Message-ID: <1146667954.2775.61.camel@powell> That worked, Thanks ! On Wed, 2006-05-03 at 15:39 +0100, Martin Hepworth wrote: > encrypted", "The main body of virus data is out of date" -- Darrin Powell, CISSP LSSi Corp. Security Administrator Office (919) 466-6803 From MailScanner at ecs.soton.ac.uk Wed May 3 15:55:02 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 3 15:55:23 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <2baac6140605030747x17ed1a0ew97f7d79901a24987@mail.gmail.com> References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> <4458945E.1000709@osubucks.org> <2baac6140605030458j79427c97r1efa71400bbabe10@mail.gmail.com> <223f97700605030559t5666b27do76eb176f8381bef9@mail.gmail.com> <2baac6140605030646n644b6fc3m217e2f0810b6de99@mail.gmail.com> <223f97700605030716u217c0b2fu268ee5eadc5ab787@mail.gmail.com> <2baac6140605030747x17ed1a0ew97f7d79901a24987@mail.gmail.com> Message-ID: <33AD789C-F118-4406-8036-2D9178B4C161@ecs.soton.ac.uk> On 3 May 2006, at 15:47, Devon Harding wrote: >> Either fall back to the "default" rules by deleting the dir, or make >> darned sure the first run succeeds. You might need delete the >> /etc/mail/spamassassin/sa-update-keys directory and the >> /var/lib/spamassassin/3.001001 for that to actually work (after >> opening port 8090). > > Ok, deleted both folders and re ran sa-update: > > [root@mars ~]# sa-update > sa-update: importing default keyring to > '/etc/mail/spamassassin//sa-update-keys'... > error: can't verify SHA1 signature > channel: SHA1 verification failed, channel failed > > Checked again, and the folders got recreated. Any other options? Start by doing sa-update --debug and telling us the output of that. And do perl -MDigest::SHA1 -e 'print $Digest::SHA1::VERSION' and tell us the output of that too. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From devonharding at gmail.com Wed May 3 16:02:10 2006 From: devonharding at gmail.com (Devon Harding) Date: Wed May 3 16:02:24 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: References: <018c01c66ea7$0eff6450$0600a8c0@roger> Message-ID: <2baac6140605030802s3ef05abbg9eb396f5c8dbb71b@mail.gmail.com> Re-ran sa-update a second time and didn't get the SH1 error. And now it actually copied the rules to the /var/lib/spamassassin/3.001001/updates_spamassassin_org directory. So it looks as if it may be working. Lets wait for incoming spam to be sure. From devonharding at gmail.com Wed May 3 16:04:37 2006 From: devonharding at gmail.com (Devon Harding) Date: Wed May 3 16:04:41 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <33AD789C-F118-4406-8036-2D9178B4C161@ecs.soton.ac.uk> References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> <4458945E.1000709@osubucks.org> <2baac6140605030458j79427c97r1efa71400bbabe10@mail.gmail.com> <223f97700605030559t5666b27do76eb176f8381bef9@mail.gmail.com> <2baac6140605030646n644b6fc3m217e2f0810b6de99@mail.gmail.com> <223f97700605030716u217c0b2fu268ee5eadc5ab787@mail.gmail.com> <2baac6140605030747x17ed1a0ew97f7d79901a24987@mail.gmail.com> <33AD789C-F118-4406-8036-2D9178B4C161@ecs.soton.ac.uk> Message-ID: <2baac6140605030804w26444b7ax2f6c725e1a15d4d7@mail.gmail.com> > Start by doing > sa-update --debug > and telling us the output of that. > And do > perl -MDigest::SHA1 -e 'print $Digest::SHA1::VERSION' > and tell us the output of that too. Here is the debug output: [root@mars ~]# sa-update --debug [16800] dbg: logger: adding facilities: all [16800] dbg: logger: logging level is DBG [16800] dbg: generic: SpamAssassin version 3.1.1 [16800] dbg: config: score set 0 chosen. [16800] dbg: dns: is Net::DNS::Resolver available? yes [16800] dbg: dns: Net::DNS version: 0.57 [16800] dbg: generic: sa-update version svn384884 [16800] dbg: generic: using update directory: /var/lib/spamassassin/3.001001 [16800] dbg: diag: perl platform: 5.008008 linux [16800] dbg: diag: module installed: Digest::SHA1, version 2.11 [16800] dbg: diag: module installed: IO::Socket::SSL, version 0.97 [16800] dbg: diag: module installed: Time::HiRes, version 1.86 [16800] dbg: diag: module installed: DBI, version 1.50 [16800] dbg: diag: module installed: Getopt::Long, version 2.35 [16800] dbg: diag: module installed: LWP::UserAgent, version 2.033 [16800] dbg: diag: module installed: HTTP::Date, version 1.47 [16800] dbg: diag: module installed: Archive::Tar, version 1.29 [16800] dbg: diag: module installed: IO::Zlib, version 1.04 [16800] dbg: diag: module installed: HTML::Parser, version 3.51 [16800] dbg: diag: module installed: MIME::Base64, version 3.07 [16800] dbg: diag: module installed: DB_File, version 1.814 [16800] dbg: diag: module installed: Net::DNS, version 0.57 [16800] dbg: diag: module installed: Net::SMTP, version 2.29 [16800] dbg: diag: module installed: Mail::SPF::Query, version 1.999001 [16800] dbg: diag: module installed: IP::Country::Fast, version 604.001 [16800] dbg: diag: module installed: Razor2::Client::Agent, version 2.81 [16800] dbg: diag: module installed: Net::Ident, version 1.20 [16800] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed) [16800] dbg: gpg: Searching for 'gpg' in /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin [16800] dbg: gpg: found /usr/bin/gpg [16800] dbg: gpg: release trusted key id list: 5E541DC959CB8BAC7C78DFDC4056A61A5244EC45 26C900A46DD40CD5AD24F6D7DEE01987265FA05B 0C2B1D7175B852C64B3CDC716C55397824F434CE 24F434CE 265FA05B 5244EC45 [16800] dbg: channel: attempting channel updates.spamassassin.org [16800] dbg: channel: update directory /var/lib/spamassassin/3.001001/updates_spamassassin_org [16800] dbg: channel: update tmp directory /var/lib/spamassassin/3.001001/updates_spamassassin_org.tmp [16800] dbg: channel: channel cf file /var/lib/spamassassin/3.001001/updates_spamassassin_org.cf [16800] dbg: channel: channel tmp cf file /tmp/.spamassassin16800Ng0jGbtmp [16800] dbg: channel: metadata version = 398009 [16800] dbg: dns: 1.1.3.updates.spamassassin.org => 398009, parsed as 398009 [16800] dbg: channel: current version is 398009, new version is 398009, skipping channel [16800] dbg: diag: updates complete, exiting with code 1 And [root@mars ~]# perl -MDigest::SHA1 -e 'print $Digest::SHA1::VERSION' 2.10 [root@mars ~]# From adrik at salesmanager.nl Wed May 3 16:04:54 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Wed May 3 16:04:57 2006 Subject: Spamassassin not working after 4.53 Message-ID: Julian, One option might be to either have it commented out or leave the option blank, so that it doesn't get used and people have to enable it themselves when they start using sa-update and have verified they have received the first update ok. Another option could be to have MailScanner check on startup, if the directory exists, is readable and actually contains some rules before enabling the option. Normal behaviour of sa-update is to download the new rules, run an internal spamassassin --lint on them and if they pass, copy them to the local_state_dir. It looks like there is a small bug in SA, where it used the local_state_dir, even when it is empty. This would normally only happen, if there never was a successful sa-update. As soon as sa-update has run successfully, it will never delete the contents of the directory on a next unsuccessfull update. Adri. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: woensdag 3 mei 2006 16:48 > To: MailScanner discussion > Subject: Re: Spamassassin not working after 4.53 > > Should I urgently put out a new version with the SpamAssassin > Local State Dir setting commented out in MailScanner.conf? > > > On 3 May 2006, at 12:45, Roger Jochem wrote: > > > I'm with the same problem here... > > > > What's the problem with sa-update? I normally used my rules > in /etc/ > > mail/spamassassin, and since this version 4.53.6-1, with this new > > setting "SpamAssassin Local State Dir" I'm having problems... > > > > My sa-update command runned with debug didn't found any working > > mirror... Any help? > > > > Regards > > > > Roger Jochem > > > > ----- Original Message ----- From: "Adri Koppes" > > > > To: "MailScanner discussion" > > Sent: Wednesday, May 03, 2006 8:28 AM > > Subject: RE: Spamassassin not working after 4.53 > > > > > >> I see you are using /var/lib/spamassassin/3.001001 as your sys and > >> def rules dir. > >> Probably these where created by running sa-update. > >> Yet, there are NO rules from this location read! > >> So all the default built-in rules don't exist as far as Sa is > >> concerned. > >> Are there any rules in /var/lib/spamassassin/3.001001 or > underlying > >> directories? > >> Have you tried running sa-update again? Perhaps it's a failed sa- > >> update, which deleted everything? > >> > >> Adri. > >> > >> > >>> -----Original Message----- > >>> From: mailscanner-bounces@lists.mailscanner.info > >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > >>> Devon Harding > >>> Sent: woensdag 3 mei 2006 13:17 > >>> To: MailScanner discussion > >>> Subject: Spamassassin not working after 4.53 > >>> > >>> After I upgraded to 4.53, I noticed that Mailscanner was letting > >>> through ALOT more spam. I also noticed that spamassassin was > >>> scoring messages very low. Can anyone tell me whats going on? > >>> Here's a copy of my spamassassin --lint: > >>> > >>> [root@mars MailScanner]# spamassassin -x -D -p > >>> /etc/MailScanner/spam.assassin.prefs.conf --lint [11642] dbg: > >>> logger: adding facilities: all [11642] dbg: logger: > logging level is > >>> DBG [11642] dbg: generic: SpamAssassin version 3.1.1 [11642] dbg: > >>> config: score set 0 chosen. > >>> [11642] dbg: util: running in taint mode? yes [11642] dbg: util: > >>> taint mode: deleting unsafe environment variables, resetting PATH > >>> [11642] dbg: util: PATH included '/usr/kerberos/sbin', keeping > >>> [11642] dbg: util: PATH included '/usr/kerberos/bin', keeping > >>> [11642] dbg: util: PATH included '/usr/local/sbin', > keeping [11642] > >>> dbg: util: PATH included '/usr/local/bin', keeping [11642] dbg: > >>> util: PATH included '/sbin', keeping [11642] dbg: util: PATH > >>> included '/bin', keeping [11642] dbg: util: PATH included > >>> '/usr/sbin', keeping [11642] dbg: util: PATH included '/usr/bin', > >>> keeping [11642] dbg: util: PATH included '/root/bin', keeping > >>> [11642] dbg: util: final PATH set to: > >>> /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/loca > >>> l/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin > >>> [11642] dbg: dns: is Net::DNS::Resolver available? yes > [11642] dbg: > >>> dns: Net::DNS version: 0.57 [11642] dbg: diag: perl platform: > >>> 5.008008 linux [11642] dbg: diag: module installed: Digest::SHA1, > >>> version 2.11 [11642] dbg: diag: module installed: HTML::Parser, > >>> version 3.51 [11642] dbg: diag: module installed: MIME::Base64, > >>> version 3.07 [11642] dbg: diag: module installed: > DB_File, version > >>> 1.814 [11642] dbg: diag: module installed: Net::DNS, version 0.57 > >>> [11642] dbg: diag: module installed: Net::SMTP, version > 2.29 [11642] > >>> dbg: diag: module installed: Mail::SPF::Query, version 1.999001 > >>> [11642] dbg: diag: module installed: IP::Country::Fast, version > >>> 604.001 [11642] dbg: diag: module installed: > Razor2::Client::Agent, > >>> version 2.81 [11642] dbg: diag: module installed: Net::Ident, > >>> version 1.20 [11642] dbg: diag: module not installed: > >>> IO::Socket::INET6 ('require' failed) [11642] dbg: diag: module > >>> installed: IO::Socket::SSL, version 0.97 [11642] dbg: > diag: module > >>> installed: Time::HiRes, version 1.86 [11642] dbg: diag: module > >>> installed: DBI, version 1.50 [11642] dbg: diag: module installed: > >>> Getopt::Long, version 2.35 [11642] dbg: diag: module installed: > >>> LWP::UserAgent, version 2.033 [11642] dbg: diag: module > installed: > >>> HTTP::Date, version 1.47 [11642] dbg: diag: module installed: > >>> Archive::Tar, version 1.29 [11642] dbg: diag: module installed: > >>> IO::Zlib, version 1.04 [11642] dbg: ignore: using a test > message to > >>> lint rules [11642] dbg: config: using > "/etc/mail/spamassassin" for > >>> site rules pre files [11642] dbg: config: read file > >>> /etc/mail/spamassassin/init.pre [11642] dbg: config: read file > >>> /etc/mail/spamassassin/v310.pre [11642] dbg: config: using > >>> "/var/lib/spamassassin/3.001001" for sys rules pre files [11642] > >>> dbg: config: using "/var/lib/spamassassin/3.001001" for default > >>> rules dir [11642] dbg: config: using "/etc/mail/spamassassin" for > >>> site rules dir [11642] dbg: config: read file > >>> /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf > >>> [11642] dbg: config: read file > >>> /etc/mail/spamassassin/70_sare_evilnum0.cf > >>> [11642] dbg: config: read file > >>> /etc/mail/spamassassin/70_sare_evilnum1.cf > >>> [11642] dbg: config: read file > >>> /etc/mail/spamassassin/70_sare_evilnum2.cf > >>> [11642] dbg: config: read file /etc/mail/spamassassin/ > >>> 70_sare_html.cf [11642] dbg: config: read file > >>> /etc/mail/spamassassin/ 70_sare_html4.cf [11642] dbg: > config: read > >>> file /etc/mail/spamassassin/70_sare_html_eng.cf > >>> [11642] dbg: config: read file /etc/mail/spamassassin/ > >>> 70_sare_obfu.cf [11642] dbg: config: read file > >>> /etc/mail/spamassassin/70_sare_random.cf > >>> [11642] dbg: config: read file > >>> /etc/mail/spamassassin/70_sare_specific.cf > >>> [11642] dbg: config: read file > /etc/mail/spamassassin/70_sare_uri.cf > >>> [11642] dbg: config: read file > >>> /etc/mail/spamassassin/70_sare_whitelist.cf > >>> [11642] dbg: config: read file > >>> /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf > >>> [11642] dbg: config: read file /etc/mail/spamassassin/ > >>> 88_FVGT_body.cf [11642] dbg: config: read file > >>> /etc/mail/spamassassin/88_FVGT_headers.cf > >>> [11642] dbg: config: read file > >>> /etc/mail/spamassassin/88_FVGT_rawbody.cf > >>> [11642] dbg: config: read file > >>> /etc/mail/spamassassin/88_FVGT_subject.cf > >>> [11642] dbg: config: read file > /etc/mail/spamassassin/88_FVGT_uri.cf > >>> [11642] dbg: config: read file > >>> /etc/mail/spamassassin/99_FVGT_Tripwire.cf > >>> [11642] dbg: config: read file /etc/mail/spamassassin/antidrug.cf > >>> [11642] dbg: config: read file /etc/mail/spamassassin/backhair.cf > >>> [11642] dbg: config: read file > /etc/mail/spamassassin/chickenpox.cf > >>> [11642] dbg: config: read file /etc/mail/spamassassin/german.cf > >>> [11642] dbg: config: read file /etc/mail/spamassassin/local.cf > >>> [11642] dbg: config: read file > /etc/mail/spamassassin/mailscanner.cf > >>> [11642] dbg: config: read file /etc/mail/spamassassin/mangled.cf > >>> [11642] dbg: config: read file > >>> /etc/mail/spamassassin/random.current.cf > >>> [11642] dbg: config: read file > >>> /etc/mail/spamassassin/sa-blacklist.current.uri.cf > >>> [11642] dbg: config: read file /etc/mail/spamassassin/tripwire.cf > >>> [11642] dbg: config: read file /etc/mail/spamassassin/weeds.cf > >>> [11642] dbg: config: using "/etc/MailScanner/ > >>> spam.assassin.prefs.conf" > >>> for user prefs file > >>> [11642] dbg: config: read file > >>> /etc/MailScanner/spam.assassin.prefs.conf > >>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from > >>> @INC [11642] dbg: dcc: network tests on, registering DCC [11642] > >>> dbg: plugin: registered > >>> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a6b8e0) > >>> [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::Pyzor from @INC [11642] dbg: pyzor: > >>> network tests on, attempting Pyzor [11642] dbg: plugin: registered > >>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a5db2c) > >>> [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: > >>> razor2 is available, version 2.81 [11642] dbg: plugin: registered > >>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9b24050) > >>> [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::SpamCop from @INC [11642] > dbg: reporter: > >>> network tests on, attempting SpamCop [11642] dbg: plugin: > registered > >>> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9b5b2a8) > >>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from > >>> @INC [11642] dbg: plugin: registered > >>> Mail::SpamAssassin::Plugin::AWL=HASH(0x9ae90d4) > >>> [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [11642] > >>> dbg: plugin: registered > >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9aea07c) > >>> [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC > [11642] dbg: > >>> plugin: registered > >>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9aeaaf0) > >>> [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::MIMEHeader from @INC [11642] dbg: > >>> plugin: registered > >>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9aeb7d4) > >>> [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC [11642] dbg: > >>> plugin: registered > >>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) > >>> [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::RelayCountry from @INC [11642] dbg: > >>> plugin: registered > >>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) > >>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from > >>> @INC [11642] dbg: plugin: registered > >>> Mail::SpamAssassin::Plugin::SPF=HASH(0x9b64784) > >>> [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::URIDNSBL from @INC [11642] > dbg: plugin: > >>> registered > >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) > >>> [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: > >>> razor2 is available, version 2.81 [11642] dbg: plugin: did not > >>> register > Mail::SpamAssassin::Plugin::Razor2=HASH(0x9bb3f14), already > >>> registered [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::DCC from @INC [11642] dbg: > dcc: network > >>> tests on, registering DCC [11642] dbg: plugin: did not register > >>> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a85404), already > registered > >>> [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Pyzor from > >>> @INC [11642] dbg: pyzor: network tests on, attempting > Pyzor [11642] > >>> dbg: plugin: did not register > >>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a85428), already > >>> registered [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: > >>> razor2 is available, version 2.81 [11642] dbg: plugin: did not > >>> register > Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a85440), already > >>> registered [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::SpamCop from @INC [11642] > dbg: reporter: > >>> network tests on, attempting SpamCop [11642] dbg: plugin: did not > >>> register Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9a8550c), > >>> already registered [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::AWL from @INC [11642] dbg: > plugin: did > >>> not register Mail::SpamAssassin::Plugin::AWL=HASH(0x9a854d0), > >>> already registered [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [11642] > >>> dbg: plugin: did not register > >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9a855a8), > >>> already registered > >>> [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC > [11642] dbg: > >>> plugin: did not register > >>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9a855a8), > >>> already > >>> registered > >>> [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::MIMEHeader from @INC [11642] dbg: > >>> plugin: did not register > >>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9a8568c), already > >>> registered [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC [11642] dbg: > >>> plugin: did not register > >>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9a85704), already > >>> registered [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::RelayCountry from @INC [11642] dbg: > >>> plugin: did not register > >>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9a8571c), already > >>> registered [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::SPF from @INC [11642] dbg: > plugin: did > >>> not register Mail::SpamAssassin::Plugin::SPF=HASH(0x9a856b0), > >>> already registered [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::URIDNSBL from @INC [11642] > dbg: plugin: > >>> did not register > >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9a85710), already > >>> registered [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: > >>> razor2 is available, version 2.81 [11642] dbg: plugin: did not > >>> register > Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a8577c), already > >>> registered [11642] dbg: plugin: > >>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) > implements > >>> 'finish_parsing_end' > >>> [11642] dbg: replacetags: replacing tags [11642] dbg: > replacetags: > >>> done replacing tags [11642] dbg: bayes: using username: > root [11642] > >>> dbg: bayes: database connection established [11642] dbg: bayes: > >>> found bayes db version 3 [11642] dbg: bayes: Using > userid: 1 [11642] > >>> dbg: config: score set 3 chosen. > >>> [11642] dbg: message: ---- MIME PARSER START ---- [11642] dbg: > >>> message: main message type: text/plain [11642] dbg: > message: parsing > >>> normal part [11642] dbg: message: added part, type: text/plain > >>> [11642] dbg: message: ---- MIME PARSER END ---- [11642] dbg: dns: > >>> name server: 192.168.0.10, family: 2, ipv6: 0 [11642] dbg: dns: > >>> testing resolver nameservers: 192.168.0.10, 192.168.0.12, > >>> 192.168.0.2 [11642] dbg: dns: trying (3) linux.org... > >>> [11642] dbg: dns: looking up NS for 'linux.org' > >>> [11642] dbg: dns: NS lookup of linux.org using > 192.168.0.10 failed, > >>> no results found [11642] dbg: dns: trying (2) akamai.com... > >>> [11642] dbg: dns: looking up NS for 'akamai.com' > >>> [11642] dbg: dns: NS lookup of akamai.com using > 192.168.0.10 failed, > >>> no results found [11642] dbg: dns: trying (1) intel.com... > >>> [11642] dbg: dns: looking up NS for 'intel.com' > >>> [11642] dbg: dns: NS lookup of intel.com using 192.168.0.10 > >>> succeeded => DNS available (set dns_available to > override) [11642] > >>> dbg: dns: is DNS available? 1 [11642] dbg: metadata: > >>> X-Spam-Relays-Trusted: > >>> [11642] dbg: metadata: X-Spam-Relays-Untrusted: > >>> [11642] dbg: plugin: > >>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) > implements > >>> 'extract_metadata' > >>> [11642] dbg: metadata: X-Relay-Countries: > >>> [11642] dbg: message: no encoding detected [11642] dbg: plugin: > >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements > >>> 'parsed_metadata' > >>> [11642] dbg: uridnsbl: domains to query: > >>> [11642] dbg: check: running tests for priority: 0 [11642] dbg: > >>> rules: running header regexp tests; score so far=0 [11642] dbg: > >>> rules: running body-text per-line regexp tests; score so far=0 > >>> [11642] dbg: rules: ran body rule __SARE_HTML_HAS_MSG ======> got > >>> hit: "I" > >>> [11642] dbg: uri: running uri tests; score so far=0 [11642] dbg: > >>> rules: running raw-body-text per-line regexp tests; score > so far=0 > >>> [11642] dbg: rules: running full-text regexp tests; score > so far=0 > >>> [11642] dbg: plugin: > >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements > >>> 'check_tick' > >>> [11642] dbg: check: running tests for priority: 500 [11642] dbg: > >>> plugin: > >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements > >>> 'check_post_dnsbl' > >>> [11642] dbg: rules: running meta tests; score so far=0 > [11642] dbg: > >>> rules: running header regexp tests; score so far=0 [11642] dbg: > >>> rules: running body-text per-line regexp tests; score so far=0 > >>> [11642] dbg: uri: running uri tests; score so far=0 [11642] dbg: > >>> rules: running raw-body-text per-line regexp tests; score > so far=0 > >>> [11642] dbg: rules: running full-text regexp tests; score > so far=0 > >>> [11642] dbg: check: is spam? score=0 required=5 [11642] > dbg: check: > >>> tests= [11642] dbg: check: subtests=__SARE_HTML_HAS_MSG > >>> -- > >>> MailScanner mailing list > >>> mailscanner@lists.mailscanner.info > >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>> > >>> Before posting, read http://wiki.mailscanner.info/posting > >>> > >>> Support MailScanner development - buy the book off the website! > >>> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store PGP > footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From adrik at salesmanager.nl Wed May 3 16:07:08 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Wed May 3 16:07:12 2006 Subject: Spamassassin not working after 4.53 Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: woensdag 3 mei 2006 16:55 > To: MailScanner discussion > Subject: Re: Spamassassin not working after 4.53 > > > On 3 May 2006, at 15:47, Devon Harding wrote: > > >> Either fall back to the "default" rules by deleting the > dir, or make > >> darned sure the first run succeeds. You might need delete the > >> /etc/mail/spamassassin/sa-update-keys directory and the > >> /var/lib/spamassassin/3.001001 for that to actually work (after > >> opening port 8090). > > > > Ok, deleted both folders and re ran sa-update: > > > > [root@mars ~]# sa-update > > sa-update: importing default keyring to > > '/etc/mail/spamassassin//sa-update-keys'... > > error: can't verify SHA1 signature > > channel: SHA1 verification failed, channel failed > > > > Checked again, and the folders got recreated. Any other options? > > Start by doing > sa-update --debug > and telling us the output of that. > And do > perl -MDigest::SHA1 -e 'print $Digest::SHA1::VERSION' > and tell us the output of that too. Sa-update also produces this error, when it can't contact the server due to firewall problems, connectivity problems or the server being down or overloaded. Sometimes I notice this error and retrying a few minutes afterwards, everything is ok again. Adri. From dpowell at lssi.net Wed May 3 16:06:03 2006 From: dpowell at lssi.net (Darrin Powell) Date: Wed May 3 16:07:16 2006 Subject: SMTP Auth Message-ID: <1146668763.2775.71.camel@powell> I have a remote user using smtp auth to send email remotely. Recently his emails started getting flagged as spam, the IP he was sending from was found an a blacklist. Is there any way to whitelist messages that are sent when using smtp auth? Example: Apr 26 15:31:33 server sendmail[8880]: k3QJVVde008880: from=, size=417, class=0, nrcpts=2, msgid=<444FCA92.8080300@lssi.net>, proto=ESMTP, daemon=TLSMTA, relay=[66.78.236.255] Apr 26 15:31:33 sever sendmail[8880]: k3QJVVde008880: to=, delay=00:00:01, mailer=cyrusv2, pri=60417, stat=queued Apr 26 15:31:33 server sendmail[8880]: k3QJVVde008880: to=, delay=00:00:01, mailer=cyrusv2, pri=60417, stat=queued Apr 26 15:31:33 server MailScanner[31843]: New Batch: Scanning 1 messages, 951 bytes Apr 26 15:31:35 server MailScanner[31843]: Spam Checks: Found 1 spam messages Apr 26 15:31:35 server MailScanner[31843]: Virus and Content Scanning: Starting Apr 26 15:31:35 server sendmail[8876]: STARTTLS=client, relay=cust1683-1.in.mailcontrol.com., version=TLSv1/SSLv3, verify=OK, cipher=DHE-RSA-AES256-SHA, bits=256/256 Apr 26 15:31:36 server MailScanner[31843]: Uninfected: Delivered 1 messages Thanks -- Darrin Powell, CISSP LSSi Corp. Security Administrator Office (919) 466-6803 From jaearick at colby.edu Wed May 3 16:15:36 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed May 3 16:17:22 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <2baac6140605030747x17ed1a0ew97f7d79901a24987@mail.gmail.com> References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> <4458945E.1000709@osubucks.org> <2baac6140605030458j79427c97r1efa71400bbabe10@mail.gmail.com> <223f97700605030559t5666b27do76eb176f8381bef9@mail.gmail.com> <2baac6140605030646n644b6fc3m217e2f0810b6de99@mail.gmail.com> <223f97700605030716u217c0b2fu268ee5eadc5ab787@mail.gmail.com> <2baac6140605030747x17ed1a0ew97f7d79901a24987@mail.gmail.com> Message-ID: On Wed, 3 May 2006, Devon Harding wrote: >> Either fall back to the "default" rules by deleting the dir, or make >> darned sure the first run succeeds. You might need delete the >> /etc/mail/spamassassin/sa-update-keys directory and the >> /var/lib/spamassassin/3.001001 for that to actually work (after >> opening port 8090). Coming into this thread... I also discovered that (a) I'm not running sa-update on a regular basis via cron, (b) I had port 8090 blocked in my firewall (now fixed). Questions here: a) My installed SA cf files are in /opt/perl5/share/spamassassin. So I ran "sa-update -D" and watched what happened. It put new cf files in /var/opt/spamassassin/3.001001/updates_spamassassin_org. Will MailScanner and SA pick up these new cf files, or should I be doing "sa-update --updatedir /opt/perl5/share/spamassassin" instead? b) I did a diff of 10_misc.cf between the directories, and found: 4c4 < # the next update. Use /etc/mail/spamassassin/local.cf instead. --- > # the next update. Use @@LOCAL_RULES_DIR@@/local.cf instead. 45c45 < report_contact postmaster@colby.edu --- > report_contact @@CONTACT_ADDRESS@@ So the updates are mangled. How to fix? c) Once the new cf files are in the right place and unmangled, will SpamAssassin begin using them right away? d) Shouldn't the sa-update action be added to the normal MailScanner cron jobs? Jeff Earickson Colby College From dhawal at netmagicsolutions.com Wed May 3 16:29:13 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed May 3 16:29:22 2006 Subject: razor2 problems.. Message-ID: <4458CC49.80409@netmagicsolutions.com> Hello List, I run this command as a daily cronjob. 01 04 * * * razor-admin -conf=/path/to/razor-agent.conf -discover Since the past few days, i notice that RAZOR stops functioning post the discover command.. is anyone else observing something similar? I simply need to run a 'spamassassin --lint razor2' to get it operational again. MailScanner: v4.50.10 Razor2: v2.81 SA: v3.1.1 Debug mode (both SA and MS) don't report anything wrong specific to razor. Any ideas on how to troubleshoot further? - dhawal From dhawal at netmagicsolutions.com Wed May 3 16:39:40 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed May 3 16:39:49 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> <4458945E.1000709@osubucks.org> <2baac6140605030458j79427c97r1efa71400bbabe10@mail.gmail.com> <223f97700605030559t5666b27do76eb176f8381bef9@mail.gmail.com> <2baac6140605030646n644b6fc3m217e2f0810b6de99@mail.gmail.com> <223f97700605030716u217c0b2fu268ee5eadc5ab787@mail.gmail.com> <2baac6140605030747x17ed1a0ew97f7d79901a24987@mail.gmail.com> Message-ID: <4458CEBC.8050208@netmagicsolutions.com> Jeff A. Earickson wrote: > On Wed, 3 May 2006, Devon Harding wrote: > >>> Either fall back to the "default" rules by deleting the dir, or make >>> darned sure the first run succeeds. You might need delete the >>> /etc/mail/spamassassin/sa-update-keys directory and the >>> /var/lib/spamassassin/3.001001 for that to actually work (after >>> opening port 8090). > > Coming into this thread... I also discovered that (a) I'm not running > sa-update on a regular basis via cron, (b) I had port 8090 blocked in my > firewall (now fixed). Questions here: > > a) My installed SA cf files are in /opt/perl5/share/spamassassin. So > I ran "sa-update -D" and watched what happened. It put new cf files in > /var/opt/spamassassin/3.001001/updates_spamassassin_org. Will MailScanner > and SA pick up these new cf files, or should I be doing > "sa-update --updatedir /opt/perl5/share/spamassassin" instead? Nopes, /opt/perl5/share/spamassassin is the default rules dir.. whereas /var/lib/whatever is the local state dir, which will completely override 'default rules dir' > b) I did a diff of 10_misc.cf between the directories, and found: > > 4c4 > < # the next update. Use /etc/mail/spamassassin/local.cf instead. > --- >> # the next update. Use @@LOCAL_RULES_DIR@@/local.cf instead. > 45c45 > < report_contact postmaster@colby.edu > --- >> report_contact @@CONTACT_ADDRESS@@ > > So the updates are mangled. How to fix? Fix this in your /etc/mail/spamassassin/local.cf, in any case 'report_contact' is IMO not used by MailScanner. > c) Once the new cf files are in the right place and unmangled, will > SpamAssassin begin using them right away? No again, a reload/restart to mailscanner will do the trick.. the 4-hour auto-restart will work equally well. > d) Shouldn't the sa-update action be added to the normal MailScanner > cron jobs? It is.. at least in RPM based systems '/etc/cron.daily/sa-update' > Jeff Earickson > Colby College - dhawal From mkettler at evi-inc.com Wed May 3 16:42:42 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed May 3 16:43:07 2006 Subject: razor2 problems.. In-Reply-To: <4458CC49.80409@netmagicsolutions.com> References: <4458CC49.80409@netmagicsolutions.com> Message-ID: <4458CF72.5090906@evi-inc.com> Dhawal Doshy wrote: > Hello List, > > I run this command as a daily cronjob. > 01 04 * * * razor-admin -conf=/path/to/razor-agent.conf -discover Why? Razor should automatically re-discover at regular intervals. From brett at wrl.org Wed May 3 16:52:24 2006 From: brett at wrl.org (Brett Charbeneau) Date: Wed May 3 16:53:13 2006 Subject: Debug for Sendmail with MailScanner - huh? Message-ID: Greetings all, SPECIFICS: Debian Sarge, Sendmail 8.13.4-3, MailScanner 4.51.5-1 with SpamAssassin 3.03. I'm missing something really easy I suspect - I'd be grateful for any pointers or hints! I am trying to configure sendmail to record the more details in the mail log for each message (this is to try and ferret out a spambot I think I have on my network). I've placed this in my /etc/syslog.conf file: *.info;daemon.none;authpriv.none;cron.none /var/log/messages mail.* /var/log/mail.log in an attempt to get ALL mail log into to go into the mail.log file. In Debian, the init script for Sendmail references the /etc/mail/sendmail.conf file so a lot of options go in there. There is a DEBUG=1; line in the init script, but setting it to "1" doesn't change the log output in either messages OR mail.log. In the /etc/mail/sendmail.conf I've tried setting some traditional debug options with this line: MISC_PARMS="-d0-99.127"; but again, no change in the log output. This is in addition to the "DAMON_PARMS" line which I have set like this to utilize MailScanner: DAEMON_PARMS="-bd \ -OPrivacyOptions=noetrn -ODeliveryMode=queueonly \ -OQueueDirectory=/var/spool/mqueue.in"; I've even tried adding the "-d" to the "DAMON_PARMS" statement - again to increase in log output in either messages or mail.log. Anyone have a clue what I'm doing wrong? -- ******************************************************************** Brett Charbeneau Network Administrator Williamsburg Regional Library 7770 Croaker Road Williamsburg, VA 23188-7064 (757)259-4044 www.wrl.org (757)259-4079 (fax) brett@wrl.org ******************************************************************** From dhawal at netmagicsolutions.com Wed May 3 16:53:41 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed May 3 16:53:50 2006 Subject: razor2 problems.. In-Reply-To: <4458CF72.5090906@evi-inc.com> References: <4458CC49.80409@netmagicsolutions.com> <4458CF72.5090906@evi-inc.com> Message-ID: <4458D205.6040205@netmagicsolutions.com> Matt Kettler wrote: > Dhawal Doshy wrote: >> Hello List, >> >> I run this command as a daily cronjob. >> 01 04 * * * razor-admin -conf=/path/to/razor-agent.conf -discover > > Why? Razor should automatically re-discover at regular intervals. > I didn't know that, i will remove the cron entry. But i suspect it'll occur again post razor's auto-discovery. The only way to find out is to let is happen again, this time with close monitoring.. Also, is the auto-discovery also true for pyzor? since i run this as well on a daily basis. /usr/bin/pyzor --homedir /etc/mail/spamassassin/pyzor discover thanks, - dhawal From MailScanner at ecs.soton.ac.uk Wed May 3 16:56:56 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 3 16:57:10 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: References: Message-ID: <972EAD70-2D44-4EB3-B294-5A49052FF46D@ecs.soton.ac.uk> I have just published 4.53.7 which has this option commented out by default. You can uncomment it yourself once you have found out all about sa- update. This way seems a lot safer to me. Shame it never turned up as an issue during beta testing. On 3 May 2006, at 16:04, Adri Koppes wrote: > Julian, > > One option might be to either have it commented out or leave the > option > blank, so that it doesn't get used and people have to enable it > themselves when they start using sa-update and have verified they have > received the first update ok. > Another option could be to have MailScanner check on startup, if the > directory exists, is readable and actually contains some rules before > enabling the option. > > Normal behaviour of sa-update is to download the new rules, run an > internal spamassassin --lint on them and if they pass, copy them to > the > local_state_dir. > It looks like there is a small bug in SA, where it used the > local_state_dir, even when it is empty. > This would normally only happen, if there never was a successful > sa-update. As soon as sa-update has run successfully, it will never > delete the contents of the directory on a next unsuccessfull update. > > Adri. > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Julian Field >> Sent: woensdag 3 mei 2006 16:48 >> To: MailScanner discussion >> Subject: Re: Spamassassin not working after 4.53 >> >> Should I urgently put out a new version with the SpamAssassin >> Local State Dir setting commented out in MailScanner.conf? >> >> >> On 3 May 2006, at 12:45, Roger Jochem wrote: >> >>> I'm with the same problem here... >>> >>> What's the problem with sa-update? I normally used my rules >> in /etc/ >>> mail/spamassassin, and since this version 4.53.6-1, with this new >>> setting "SpamAssassin Local State Dir" I'm having problems... >>> >>> My sa-update command runned with debug didn't found any working >>> mirror... Any help? >>> >>> Regards >>> >>> Roger Jochem >>> >>> ----- Original Message ----- From: "Adri Koppes" >>> >>> To: "MailScanner discussion" >>> Sent: Wednesday, May 03, 2006 8:28 AM >>> Subject: RE: Spamassassin not working after 4.53 >>> >>> >>>> I see you are using /var/lib/spamassassin/3.001001 as your sys and >>>> def rules dir. >>>> Probably these where created by running sa-update. >>>> Yet, there are NO rules from this location read! >>>> So all the default built-in rules don't exist as far as Sa is >>>> concerned. >>>> Are there any rules in /var/lib/spamassassin/3.001001 or >> underlying >>>> directories? >>>> Have you tried running sa-update again? Perhaps it's a failed sa- >>>> update, which deleted everything? >>>> >>>> Adri. >>>> >>>> >>>>> -----Original Message----- >>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>>>> Devon Harding >>>>> Sent: woensdag 3 mei 2006 13:17 >>>>> To: MailScanner discussion >>>>> Subject: Spamassassin not working after 4.53 >>>>> >>>>> After I upgraded to 4.53, I noticed that Mailscanner was letting >>>>> through ALOT more spam. I also noticed that spamassassin was >>>>> scoring messages very low. Can anyone tell me whats going on? >>>>> Here's a copy of my spamassassin --lint: >>>>> >>>>> [root@mars MailScanner]# spamassassin -x -D -p >>>>> /etc/MailScanner/spam.assassin.prefs.conf --lint [11642] dbg: >>>>> logger: adding facilities: all [11642] dbg: logger: >> logging level is >>>>> DBG [11642] dbg: generic: SpamAssassin version 3.1.1 [11642] dbg: >>>>> config: score set 0 chosen. >>>>> [11642] dbg: util: running in taint mode? yes [11642] dbg: util: >>>>> taint mode: deleting unsafe environment variables, resetting PATH >>>>> [11642] dbg: util: PATH included '/usr/kerberos/sbin', keeping >>>>> [11642] dbg: util: PATH included '/usr/kerberos/bin', keeping >>>>> [11642] dbg: util: PATH included '/usr/local/sbin', >> keeping [11642] >>>>> dbg: util: PATH included '/usr/local/bin', keeping [11642] dbg: >>>>> util: PATH included '/sbin', keeping [11642] dbg: util: PATH >>>>> included '/bin', keeping [11642] dbg: util: PATH included >>>>> '/usr/sbin', keeping [11642] dbg: util: PATH included '/usr/bin', >>>>> keeping [11642] dbg: util: PATH included '/root/bin', keeping >>>>> [11642] dbg: util: final PATH set to: >>>>> /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/loca >>>>> l/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin >>>>> [11642] dbg: dns: is Net::DNS::Resolver available? yes >> [11642] dbg: >>>>> dns: Net::DNS version: 0.57 [11642] dbg: diag: perl platform: >>>>> 5.008008 linux [11642] dbg: diag: module installed: Digest::SHA1, >>>>> version 2.11 [11642] dbg: diag: module installed: HTML::Parser, >>>>> version 3.51 [11642] dbg: diag: module installed: MIME::Base64, >>>>> version 3.07 [11642] dbg: diag: module installed: >> DB_File, version >>>>> 1.814 [11642] dbg: diag: module installed: Net::DNS, version 0.57 >>>>> [11642] dbg: diag: module installed: Net::SMTP, version >> 2.29 [11642] >>>>> dbg: diag: module installed: Mail::SPF::Query, version 1.999001 >>>>> [11642] dbg: diag: module installed: IP::Country::Fast, version >>>>> 604.001 [11642] dbg: diag: module installed: >> Razor2::Client::Agent, >>>>> version 2.81 [11642] dbg: diag: module installed: Net::Ident, >>>>> version 1.20 [11642] dbg: diag: module not installed: >>>>> IO::Socket::INET6 ('require' failed) [11642] dbg: diag: module >>>>> installed: IO::Socket::SSL, version 0.97 [11642] dbg: >> diag: module >>>>> installed: Time::HiRes, version 1.86 [11642] dbg: diag: module >>>>> installed: DBI, version 1.50 [11642] dbg: diag: module installed: >>>>> Getopt::Long, version 2.35 [11642] dbg: diag: module installed: >>>>> LWP::UserAgent, version 2.033 [11642] dbg: diag: module >> installed: >>>>> HTTP::Date, version 1.47 [11642] dbg: diag: module installed: >>>>> Archive::Tar, version 1.29 [11642] dbg: diag: module installed: >>>>> IO::Zlib, version 1.04 [11642] dbg: ignore: using a test >> message to >>>>> lint rules [11642] dbg: config: using >> "/etc/mail/spamassassin" for >>>>> site rules pre files [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/init.pre [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/v310.pre [11642] dbg: config: using >>>>> "/var/lib/spamassassin/3.001001" for sys rules pre files [11642] >>>>> dbg: config: using "/var/lib/spamassassin/3.001001" for default >>>>> rules dir [11642] dbg: config: using "/etc/mail/spamassassin" for >>>>> site rules dir [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf >>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/70_sare_evilnum0.cf >>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/70_sare_evilnum1.cf >>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/70_sare_evilnum2.cf >>>>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>>>> 70_sare_html.cf [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/ 70_sare_html4.cf [11642] dbg: >> config: read >>>>> file /etc/mail/spamassassin/70_sare_html_eng.cf >>>>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>>>> 70_sare_obfu.cf [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/70_sare_random.cf >>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/70_sare_specific.cf >>>>> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_uri.cf >>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/70_sare_whitelist.cf >>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf >>>>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>>>> 88_FVGT_body.cf [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/88_FVGT_headers.cf >>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/88_FVGT_rawbody.cf >>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/88_FVGT_subject.cf >>>>> [11642] dbg: config: read file >> /etc/mail/spamassassin/88_FVGT_uri.cf >>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/99_FVGT_Tripwire.cf >>>>> [11642] dbg: config: read file /etc/mail/spamassassin/antidrug.cf >>>>> [11642] dbg: config: read file /etc/mail/spamassassin/backhair.cf >>>>> [11642] dbg: config: read file >> /etc/mail/spamassassin/chickenpox.cf >>>>> [11642] dbg: config: read file /etc/mail/spamassassin/german.cf >>>>> [11642] dbg: config: read file /etc/mail/spamassassin/local.cf >>>>> [11642] dbg: config: read file >> /etc/mail/spamassassin/mailscanner.cf >>>>> [11642] dbg: config: read file /etc/mail/spamassassin/mangled.cf >>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/random.current.cf >>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/sa-blacklist.current.uri.cf >>>>> [11642] dbg: config: read file /etc/mail/spamassassin/tripwire.cf >>>>> [11642] dbg: config: read file /etc/mail/spamassassin/weeds.cf >>>>> [11642] dbg: config: using "/etc/MailScanner/ >>>>> spam.assassin.prefs.conf" >>>>> for user prefs file >>>>> [11642] dbg: config: read file >>>>> /etc/MailScanner/spam.assassin.prefs.conf >>>>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from >>>>> @INC [11642] dbg: dcc: network tests on, registering DCC [11642] >>>>> dbg: plugin: registered >>>>> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a6b8e0) >>>>> [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::Pyzor from @INC [11642] dbg: pyzor: >>>>> network tests on, attempting Pyzor [11642] dbg: plugin: registered >>>>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a5db2c) >>>>> [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>> razor2 is available, version 2.81 [11642] dbg: plugin: registered >>>>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9b24050) >>>>> [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::SpamCop from @INC [11642] >> dbg: reporter: >>>>> network tests on, attempting SpamCop [11642] dbg: plugin: >> registered >>>>> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9b5b2a8) >>>>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from >>>>> @INC [11642] dbg: plugin: registered >>>>> Mail::SpamAssassin::Plugin::AWL=HASH(0x9ae90d4) >>>>> [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [11642] >>>>> dbg: plugin: registered >>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9aea07c) >>>>> [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >> [11642] dbg: >>>>> plugin: registered >>>>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9aeaaf0) >>>>> [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::MIMEHeader from @INC [11642] dbg: >>>>> plugin: registered >>>>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9aeb7d4) >>>>> [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC [11642] dbg: >>>>> plugin: registered >>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) >>>>> [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::RelayCountry from @INC [11642] dbg: >>>>> plugin: registered >>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) >>>>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from >>>>> @INC [11642] dbg: plugin: registered >>>>> Mail::SpamAssassin::Plugin::SPF=HASH(0x9b64784) >>>>> [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::URIDNSBL from @INC [11642] >> dbg: plugin: >>>>> registered >>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) >>>>> [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>> razor2 is available, version 2.81 [11642] dbg: plugin: did not >>>>> register >> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9bb3f14), already >>>>> registered [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::DCC from @INC [11642] dbg: >> dcc: network >>>>> tests on, registering DCC [11642] dbg: plugin: did not register >>>>> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a85404), already >> registered >>>>> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Pyzor from >>>>> @INC [11642] dbg: pyzor: network tests on, attempting >> Pyzor [11642] >>>>> dbg: plugin: did not register >>>>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a85428), already >>>>> registered [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>> razor2 is available, version 2.81 [11642] dbg: plugin: did not >>>>> register >> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a85440), already >>>>> registered [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::SpamCop from @INC [11642] >> dbg: reporter: >>>>> network tests on, attempting SpamCop [11642] dbg: plugin: did not >>>>> register Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9a8550c), >>>>> already registered [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::AWL from @INC [11642] dbg: >> plugin: did >>>>> not register Mail::SpamAssassin::Plugin::AWL=HASH(0x9a854d0), >>>>> already registered [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [11642] >>>>> dbg: plugin: did not register >>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9a855a8), >>>>> already registered >>>>> [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >> [11642] dbg: >>>>> plugin: did not register >>>>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9a855a8), >>>>> already >>>>> registered >>>>> [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::MIMEHeader from @INC [11642] dbg: >>>>> plugin: did not register >>>>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9a8568c), already >>>>> registered [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC [11642] dbg: >>>>> plugin: did not register >>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9a85704), already >>>>> registered [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::RelayCountry from @INC [11642] dbg: >>>>> plugin: did not register >>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9a8571c), already >>>>> registered [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::SPF from @INC [11642] dbg: >> plugin: did >>>>> not register Mail::SpamAssassin::Plugin::SPF=HASH(0x9a856b0), >>>>> already registered [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::URIDNSBL from @INC [11642] >> dbg: plugin: >>>>> did not register >>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9a85710), already >>>>> registered [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>> razor2 is available, version 2.81 [11642] dbg: plugin: did not >>>>> register >> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a8577c), already >>>>> registered [11642] dbg: plugin: >>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) >> implements >>>>> 'finish_parsing_end' >>>>> [11642] dbg: replacetags: replacing tags [11642] dbg: >> replacetags: >>>>> done replacing tags [11642] dbg: bayes: using username: >> root [11642] >>>>> dbg: bayes: database connection established [11642] dbg: bayes: >>>>> found bayes db version 3 [11642] dbg: bayes: Using >> userid: 1 [11642] >>>>> dbg: config: score set 3 chosen. >>>>> [11642] dbg: message: ---- MIME PARSER START ---- [11642] dbg: >>>>> message: main message type: text/plain [11642] dbg: >> message: parsing >>>>> normal part [11642] dbg: message: added part, type: text/plain >>>>> [11642] dbg: message: ---- MIME PARSER END ---- [11642] dbg: dns: >>>>> name server: 192.168.0.10, family: 2, ipv6: 0 [11642] dbg: dns: >>>>> testing resolver nameservers: 192.168.0.10, 192.168.0.12, >>>>> 192.168.0.2 [11642] dbg: dns: trying (3) linux.org... >>>>> [11642] dbg: dns: looking up NS for 'linux.org' >>>>> [11642] dbg: dns: NS lookup of linux.org using >> 192.168.0.10 failed, >>>>> no results found [11642] dbg: dns: trying (2) akamai.com... >>>>> [11642] dbg: dns: looking up NS for 'akamai.com' >>>>> [11642] dbg: dns: NS lookup of akamai.com using >> 192.168.0.10 failed, >>>>> no results found [11642] dbg: dns: trying (1) intel.com... >>>>> [11642] dbg: dns: looking up NS for 'intel.com' >>>>> [11642] dbg: dns: NS lookup of intel.com using 192.168.0.10 >>>>> succeeded => DNS available (set dns_available to >> override) [11642] >>>>> dbg: dns: is DNS available? 1 [11642] dbg: metadata: >>>>> X-Spam-Relays-Trusted: >>>>> [11642] dbg: metadata: X-Spam-Relays-Untrusted: >>>>> [11642] dbg: plugin: >>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) >> implements >>>>> 'extract_metadata' >>>>> [11642] dbg: metadata: X-Relay-Countries: >>>>> [11642] dbg: message: no encoding detected [11642] dbg: plugin: >>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>>>> 'parsed_metadata' >>>>> [11642] dbg: uridnsbl: domains to query: >>>>> [11642] dbg: check: running tests for priority: 0 [11642] dbg: >>>>> rules: running header regexp tests; score so far=0 [11642] dbg: >>>>> rules: running body-text per-line regexp tests; score so far=0 >>>>> [11642] dbg: rules: ran body rule __SARE_HTML_HAS_MSG ======> got >>>>> hit: "I" >>>>> [11642] dbg: uri: running uri tests; score so far=0 [11642] dbg: >>>>> rules: running raw-body-text per-line regexp tests; score >> so far=0 >>>>> [11642] dbg: rules: running full-text regexp tests; score >> so far=0 >>>>> [11642] dbg: plugin: >>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>>>> 'check_tick' >>>>> [11642] dbg: check: running tests for priority: 500 [11642] dbg: >>>>> plugin: >>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>>>> 'check_post_dnsbl' >>>>> [11642] dbg: rules: running meta tests; score so far=0 >> [11642] dbg: >>>>> rules: running header regexp tests; score so far=0 [11642] dbg: >>>>> rules: running body-text per-line regexp tests; score so far=0 >>>>> [11642] dbg: uri: running uri tests; score so far=0 [11642] dbg: >>>>> rules: running raw-body-text per-line regexp tests; score >> so far=0 >>>>> [11642] dbg: rules: running full-text regexp tests; score >> so far=0 >>>>> [11642] dbg: check: is spam? score=0 required=5 [11642] >> dbg: check: >>>>> tests= [11642] dbg: check: subtests=__SARE_HTML_HAS_MSG >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store PGP >> footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From dhawal at netmagicsolutions.com Wed May 3 17:08:36 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed May 3 17:08:44 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <972EAD70-2D44-4EB3-B294-5A49052FF46D@ecs.soton.ac.uk> References: <972EAD70-2D44-4EB3-B294-5A49052FF46D@ecs.soton.ac.uk> Message-ID: <4458D584.3050503@netmagicsolutions.com> Julian Field wrote: > I have just published 4.53.7 which has this option commented out by > default. > You can uncomment it yourself once you have found out all about sa-update. > > This way seems a lot safer to me. Shame it never turned up as an issue > during beta testing. Erm.. one more thing. I have some outgoing mail servers running mailscanner without spamassassin (and hence no sa-update). Since /etc/cron.daily/sa-update is created automatically, can you add a '$disabled = 1/0;' option similar to the one in clean.quarantine? - dhawal From shrek-m at gmx.de Wed May 3 17:16:47 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Wed May 3 17:16:50 2006 Subject: Debug for Sendmail with MailScanner - huh? In-Reply-To: References: Message-ID: <4458D76F.6040803@gmx.de> On 03.05.2006 17:52, Brett Charbeneau wrote: > SPECIFICS: Debian Sarge, Sendmail 8.13.4-3, MailScanner 4.51.5-1 with > SpamAssassin 3.03. > > > I'm missing something really easy I suspect - I'd be grateful for > any pointers or hints! > I am trying to configure sendmail to record the more details in > the mail log for each message (this is to try and ferret out a spambot > I think I have on my network). > I've placed this in my /etc/syslog.conf file: > > *.info;daemon.none;authpriv.none;cron.none /var/log/messages > mail.* /var/log/mail.log > > in an attempt to get ALL mail log into to go into the mail.log file. > In Debian, the init script for Sendmail references the > /etc/mail/sendmail.conf file so a lot of options go in there. There is a > > DEBUG=1; > > line in the init script, but setting it to "1" doesn't change the > log output in either messages OR mail.log. i do not know debians sendmail.mc do you mean `confLOG_LEVEL' ? eg. /etc/mail/sendmail.mc -------- dnl # default logging level is 9, you might want to set it higher to dnl # debug the configuration dnl # dnl define(`confLOG_LEVEL', `9')dnl define(`confLOG_LEVEL', `15')dnl -------- -- shrek-m From devonharding at gmail.com Wed May 3 17:17:17 2006 From: devonharding at gmail.com (Devon Harding) Date: Wed May 3 17:17:19 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <972EAD70-2D44-4EB3-B294-5A49052FF46D@ecs.soton.ac.uk> References: <972EAD70-2D44-4EB3-B294-5A49052FF46D@ecs.soton.ac.uk> Message-ID: <2baac6140605030917r6ea3ea26o1f210e5f20deac0d@mail.gmail.com> So, to sum it up. If sa-update has an issue (and creates an empty /var/lib/spamassassin/3.001001/), Mailscanner will look there for SA rules, not find any, and let SPAM through? From maillists at conactive.com Wed May 3 17:31:17 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed May 3 17:31:24 2006 Subject: SMTP Auth In-Reply-To: <1146668763.2775.71.camel@powell> References: <1146668763.2775.71.camel@powell> Message-ID: Darrin Powell wrote on Wed, 03 May 2006 11:06:03 -0400: > Is there any way to whitelist messages that > are sent when using smtp auth? not that I'm aware of. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From dhawal at netmagicsolutions.com Wed May 3 17:38:42 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed May 3 17:38:50 2006 Subject: SMTP Auth In-Reply-To: References: <1146668763.2775.71.camel@powell> Message-ID: <4458DC92.8070306@netmagicsolutions.com> Kai Schaetzl wrote: > Darrin Powell wrote on Wed, 03 May 2006 11:06:03 -0400: > >> Is there any way to whitelist messages that >> are sent when using smtp auth? > > not that I'm aware of. > > Kai > Not whitelist, but a high -ve score. It'll need some work and it won't support postfix < 2.3 http://wiki.apache.org/spamassassin/DynablockIssues - dhawal From alex at nkpanama.com Wed May 3 17:49:42 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed May 3 17:50:15 2006 Subject: SMTP Auth In-Reply-To: References: <1146668763.2775.71.camel@powell> Message-ID: <4458DF26.8040400@nkpanama.com> Kai Schaetzl wrote: > Darrin Powell wrote on Wed, 03 May 2006 11:06:03 -0400: > > >> Is there any way to whitelist messages that >> are sent when using smtp auth? >> > > not that I'm aware of. > > Kai > How about one of the spamassassin gurus here gives us a hand? You *could* set up a spamassassin rule that gives a strong negative value to something in the headers. I can see from a message that just came in that Dhawal is suggesting something similar. My headers look like: Return-Path: Received-SPF: pass (nkserver.nkpanama.com: authenticated connection) receiver=nkserver.nkpanama.com; client-ip=201.226.170.130; helo=[192.168.100.101]; envelope-from=alex@nkpanama.com; x-software=spfmilter 0.97 http://www.acme.com/software/spfmilter/ with libspf2-1.0.0; Received: from [192.168.100.101] (nkcenter [201.226.170.130]) (user=alex mech=PLAIN bits=0) by nkserver.nkpanama.com (8.13.1/8.13.1) with ESMTP id k43GkwD0017301 for ; Wed, 3 May 2006 11:46:59 -0500 So I could set a rule that hits on "authenticated connection", "user=whatever mech=whatever bits=whatever" or something similar. I'm using sendmail, btw. From roger at rudnick.com.br Wed May 3 17:58:32 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Wed May 3 17:59:01 2006 Subject: SMTP Auth References: <1146668763.2775.71.camel@powell> <4458DF26.8040400@nkpanama.com> Message-ID: <01fb01c66ed2$cfa0d790$0600a8c0@roger> I do that in my server... My server is mail.rudnick.com.br and the rulle is the following: header AUTHENTICATED Received =~ /\(authenticated .* by mail.rudnick.com.br/ score AUTHENTICATED -100.0 ----- Original Message ----- From: "Alex Neuman van der Hans" To: "MailScanner discussion" Sent: Wednesday, May 03, 2006 1:49 PM Subject: Re: SMTP Auth > Kai Schaetzl wrote: >> Darrin Powell wrote on Wed, 03 May 2006 11:06:03 -0400: >> >> >>> Is there any way to whitelist messages that are sent when using smtp >>> auth? >>> >> >> not that I'm aware of. >> >> Kai >> > How about one of the spamassassin gurus here gives us a hand? You *could* > set up a spamassassin rule that gives a strong negative value to something > in the headers. I can see from a message that just came in that Dhawal is > suggesting something similar. > > My headers look like: > > Return-Path: > Received-SPF: pass (nkserver.nkpanama.com: authenticated connection) > receiver=nkserver.nkpanama.com; client-ip=201.226.170.130; > helo=[192.168.100.101]; envelope-from=alex@nkpanama.com; > x-software=spfmilter 0.97 http://www.acme.com/software/spfmilter/ with > libspf2-1.0.0; > Received: from [192.168.100.101] (nkcenter [201.226.170.130]) > (user=alex mech=PLAIN bits=0) > by nkserver.nkpanama.com (8.13.1/8.13.1) with ESMTP id k43GkwD0017301 > for ; Wed, 3 May 2006 11:46:59 -0500 > > > So I could set a rule that hits on "authenticated connection", > "user=whatever mech=whatever bits=whatever" or something similar. I'm > using sendmail, btw. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From gmane at tippingmar.com Wed May 3 18:15:05 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Wed May 3 18:15:46 2006 Subject: SMTP Auth In-Reply-To: <4458DF26.8040400@nkpanama.com> References: <1146668763.2775.71.camel@powell> <4458DF26.8040400@nkpanama.com> Message-ID: Alex Neuman van der Hans wrote: > How about one of the spamassassin gurus here gives us a hand? You > *could* set up a spamassassin rule that gives a strong negative value to > something in the headers. I can see from a message that just came in > that Dhawal is suggesting something similar. Here is the spamassassin rule I use for this situation: # Check for authenticated mail sent from outside the office # so we can compensate for rbls, etc. # Note that the Received header has been modified in sendmail.mc so # it says "authenticated SecretPhrase" instead of just "authenticated". # This to make it harder for someone to bypass our filters by sending # us messages with a forged Received header. header TMA_AUTH Received =~ /from .*\(authenticated SecretPhrase bits.* by mail\.tippingmar\.com .* cipher=/i describe TMA_AUTH Sent through our server using authentication tflags TMA_AUTH nice score TMA_AUTH -5.0 That first part should all be on one line, of course. Mark Nienberg (not a spamassassin guru) From jaearick at colby.edu Wed May 3 18:10:40 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed May 3 18:18:49 2006 Subject: updates_spamassassin_org.cf ?? Message-ID: Gang, Branching out from the "Spamassassin not working..." thread regarding sa-update, I have done some experimenting and I'll report what I found with MailScanner. I ran sa-update and got new cf files put into /var/opt/spamassassin/3.001001/updates_spamassassin_org, with a file /var/opt/spamassassin/3.001001/updates_spamassassin_org.cf. Then I ran MS in debug mode and looked for evident that the files in /var/opt where used. Nothing. Then I made a symlink: cd /etc/mail/spamassassin ln -s /var/opt/spamassassin/3.001001/updates_spamassassin_org.cf updates_spamassassin_org.cf and ran MS in debug mode again. Voila! The updates got used, eg: dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/10_misc.cf dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/10_misc.cf" for included file and so on for all of the other cf files in /var/opt. Errr, is this the way that info from sa-update should be used? Jeff Earickson Colby College From ka at pacific.net Wed May 3 18:26:55 2006 From: ka at pacific.net (Ken A) Date: Wed May 3 18:23:20 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <972EAD70-2D44-4EB3-B294-5A49052FF46D@ecs.soton.ac.uk> References: <972EAD70-2D44-4EB3-B294-5A49052FF46D@ecs.soton.ac.uk> Message-ID: <4458E7DF.1010609@pacific.net> This being a new feature of S.A., I did the usual poking around, ran "man sa-update" and then "sa-update -D". It failed on one of 3 SA/MS boxes the first time around with sha key errors, then it ran fine the second try. The other boxes worked on the first shot. It might be a nice thing to have some of the informative output at the end of install.sh say something about the importance of the 'first run' of sa-update. Thanks, Ken Anderson Pacific.Net Julian Field wrote: > I have just published 4.53.7 which has this option commented out by > default. > You can uncomment it yourself once you have found out all about sa-update. > > This way seems a lot safer to me. Shame it never turned up as an issue > during beta testing. > > On 3 May 2006, at 16:04, Adri Koppes wrote: > >> Julian, >> >> One option might be to either have it commented out or leave the option >> blank, so that it doesn't get used and people have to enable it >> themselves when they start using sa-update and have verified they have >> received the first update ok. >> Another option could be to have MailScanner check on startup, if the >> directory exists, is readable and actually contains some rules before >> enabling the option. >> >> Normal behaviour of sa-update is to download the new rules, run an >> internal spamassassin --lint on them and if they pass, copy them to the >> local_state_dir. >> It looks like there is a small bug in SA, where it used the >> local_state_dir, even when it is empty. >> This would normally only happen, if there never was a successful >> sa-update. As soon as sa-update has run successfully, it will never >> delete the contents of the directory on a next unsuccessfull update. >> >> Adri. >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>> Of Julian Field >>> Sent: woensdag 3 mei 2006 16:48 >>> To: MailScanner discussion >>> Subject: Re: Spamassassin not working after 4.53 >>> >>> Should I urgently put out a new version with the SpamAssassin >>> Local State Dir setting commented out in MailScanner.conf? >>> >>> >>> On 3 May 2006, at 12:45, Roger Jochem wrote: >>> >>>> I'm with the same problem here... >>>> >>>> What's the problem with sa-update? I normally used my rules >>> in /etc/ >>>> mail/spamassassin, and since this version 4.53.6-1, with this new >>>> setting "SpamAssassin Local State Dir" I'm having problems... >>>> >>>> My sa-update command runned with debug didn't found any working >>>> mirror... Any help? >>>> >>>> Regards >>>> >>>> Roger Jochem >>>> >>>> ----- Original Message ----- From: "Adri Koppes" >>>> >>>> To: "MailScanner discussion" >>>> Sent: Wednesday, May 03, 2006 8:28 AM >>>> Subject: RE: Spamassassin not working after 4.53 >>>> >>>> >>>>> I see you are using /var/lib/spamassassin/3.001001 as your sys and >>>>> def rules dir. >>>>> Probably these where created by running sa-update. >>>>> Yet, there are NO rules from this location read! >>>>> So all the default built-in rules don't exist as far as Sa is >>>>> concerned. >>>>> Are there any rules in /var/lib/spamassassin/3.001001 or >>> underlying >>>>> directories? >>>>> Have you tried running sa-update again? Perhaps it's a failed sa- >>>>> update, which deleted everything? >>>>> >>>>> Adri. >>>>> >>>>> >>>>>> -----Original Message----- >>>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>>>>> Devon Harding >>>>>> Sent: woensdag 3 mei 2006 13:17 >>>>>> To: MailScanner discussion >>>>>> Subject: Spamassassin not working after 4.53 >>>>>> >>>>>> After I upgraded to 4.53, I noticed that Mailscanner was letting >>>>>> through ALOT more spam. I also noticed that spamassassin was >>>>>> scoring messages very low. Can anyone tell me whats going on? >>>>>> Here's a copy of my spamassassin --lint: >>>>>> >>>>>> [root@mars MailScanner]# spamassassin -x -D -p >>>>>> /etc/MailScanner/spam.assassin.prefs.conf --lint [11642] dbg: >>>>>> logger: adding facilities: all [11642] dbg: logger: >>> logging level is >>>>>> DBG [11642] dbg: generic: SpamAssassin version 3.1.1 [11642] dbg: >>>>>> config: score set 0 chosen. >>>>>> [11642] dbg: util: running in taint mode? yes [11642] dbg: util: >>>>>> taint mode: deleting unsafe environment variables, resetting PATH >>>>>> [11642] dbg: util: PATH included '/usr/kerberos/sbin', keeping >>>>>> [11642] dbg: util: PATH included '/usr/kerberos/bin', keeping >>>>>> [11642] dbg: util: PATH included '/usr/local/sbin', >>> keeping [11642] >>>>>> dbg: util: PATH included '/usr/local/bin', keeping [11642] dbg: >>>>>> util: PATH included '/sbin', keeping [11642] dbg: util: PATH >>>>>> included '/bin', keeping [11642] dbg: util: PATH included >>>>>> '/usr/sbin', keeping [11642] dbg: util: PATH included '/usr/bin', >>>>>> keeping [11642] dbg: util: PATH included '/root/bin', keeping >>>>>> [11642] dbg: util: final PATH set to: >>>>>> /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/loca >>>>>> l/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin >>>>>> [11642] dbg: dns: is Net::DNS::Resolver available? yes >>> [11642] dbg: >>>>>> dns: Net::DNS version: 0.57 [11642] dbg: diag: perl platform: >>>>>> 5.008008 linux [11642] dbg: diag: module installed: Digest::SHA1, >>>>>> version 2.11 [11642] dbg: diag: module installed: HTML::Parser, >>>>>> version 3.51 [11642] dbg: diag: module installed: MIME::Base64, >>>>>> version 3.07 [11642] dbg: diag: module installed: >>> DB_File, version >>>>>> 1.814 [11642] dbg: diag: module installed: Net::DNS, version 0.57 >>>>>> [11642] dbg: diag: module installed: Net::SMTP, version >>> 2.29 [11642] >>>>>> dbg: diag: module installed: Mail::SPF::Query, version 1.999001 >>>>>> [11642] dbg: diag: module installed: IP::Country::Fast, version >>>>>> 604.001 [11642] dbg: diag: module installed: >>> Razor2::Client::Agent, >>>>>> version 2.81 [11642] dbg: diag: module installed: Net::Ident, >>>>>> version 1.20 [11642] dbg: diag: module not installed: >>>>>> IO::Socket::INET6 ('require' failed) [11642] dbg: diag: module >>>>>> installed: IO::Socket::SSL, version 0.97 [11642] dbg: >>> diag: module >>>>>> installed: Time::HiRes, version 1.86 [11642] dbg: diag: module >>>>>> installed: DBI, version 1.50 [11642] dbg: diag: module installed: >>>>>> Getopt::Long, version 2.35 [11642] dbg: diag: module installed: >>>>>> LWP::UserAgent, version 2.033 [11642] dbg: diag: module >>> installed: >>>>>> HTTP::Date, version 1.47 [11642] dbg: diag: module installed: >>>>>> Archive::Tar, version 1.29 [11642] dbg: diag: module installed: >>>>>> IO::Zlib, version 1.04 [11642] dbg: ignore: using a test >>> message to >>>>>> lint rules [11642] dbg: config: using >>> "/etc/mail/spamassassin" for >>>>>> site rules pre files [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/init.pre [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/v310.pre [11642] dbg: config: using >>>>>> "/var/lib/spamassassin/3.001001" for sys rules pre files [11642] >>>>>> dbg: config: using "/var/lib/spamassassin/3.001001" for default >>>>>> rules dir [11642] dbg: config: using "/etc/mail/spamassassin" for >>>>>> site rules dir [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf >>>>>> [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/70_sare_evilnum0.cf >>>>>> [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/70_sare_evilnum1.cf >>>>>> [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/70_sare_evilnum2.cf >>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>>>>> 70_sare_html.cf [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/ 70_sare_html4.cf [11642] dbg: >>> config: read >>>>>> file /etc/mail/spamassassin/70_sare_html_eng.cf >>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>>>>> 70_sare_obfu.cf [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/70_sare_random.cf >>>>>> [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/70_sare_specific.cf >>>>>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/70_sare_uri.cf >>>>>> [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/70_sare_whitelist.cf >>>>>> [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf >>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>>>>> 88_FVGT_body.cf [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/88_FVGT_headers.cf >>>>>> [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/88_FVGT_rawbody.cf >>>>>> [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/88_FVGT_subject.cf >>>>>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/88_FVGT_uri.cf >>>>>> [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/99_FVGT_Tripwire.cf >>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/antidrug.cf >>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/backhair.cf >>>>>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/chickenpox.cf >>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/german.cf >>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/local.cf >>>>>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/mailscanner.cf >>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/mangled.cf >>>>>> [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/random.current.cf >>>>>> [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/sa-blacklist.current.uri.cf >>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/tripwire.cf >>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/weeds.cf >>>>>> [11642] dbg: config: using "/etc/MailScanner/ >>>>>> spam.assassin.prefs.conf" >>>>>> for user prefs file >>>>>> [11642] dbg: config: read file >>>>>> /etc/MailScanner/spam.assassin.prefs.conf >>>>>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from >>>>>> @INC [11642] dbg: dcc: network tests on, registering DCC [11642] >>>>>> dbg: plugin: registered >>>>>> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a6b8e0) >>>>>> [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::Pyzor from @INC [11642] dbg: pyzor: >>>>>> network tests on, attempting Pyzor [11642] dbg: plugin: registered >>>>>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a5db2c) >>>>>> [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>>> razor2 is available, version 2.81 [11642] dbg: plugin: registered >>>>>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9b24050) >>>>>> [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::SpamCop from @INC [11642] >>> dbg: reporter: >>>>>> network tests on, attempting SpamCop [11642] dbg: plugin: >>> registered >>>>>> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9b5b2a8) >>>>>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from >>>>>> @INC [11642] dbg: plugin: registered >>>>>> Mail::SpamAssassin::Plugin::AWL=HASH(0x9ae90d4) >>>>>> [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [11642] >>>>>> dbg: plugin: registered >>>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9aea07c) >>>>>> [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>> [11642] dbg: >>>>>> plugin: registered >>>>>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9aeaaf0) >>>>>> [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::MIMEHeader from @INC [11642] dbg: >>>>>> plugin: registered >>>>>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9aeb7d4) >>>>>> [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC [11642] dbg: >>>>>> plugin: registered >>>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) >>>>>> [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::RelayCountry from @INC [11642] dbg: >>>>>> plugin: registered >>>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) >>>>>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from >>>>>> @INC [11642] dbg: plugin: registered >>>>>> Mail::SpamAssassin::Plugin::SPF=HASH(0x9b64784) >>>>>> [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::URIDNSBL from @INC [11642] >>> dbg: plugin: >>>>>> registered >>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) >>>>>> [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>>> razor2 is available, version 2.81 [11642] dbg: plugin: did not >>>>>> register >>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9bb3f14), already >>>>>> registered [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::DCC from @INC [11642] dbg: >>> dcc: network >>>>>> tests on, registering DCC [11642] dbg: plugin: did not register >>>>>> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a85404), already >>> registered >>>>>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::Pyzor from >>>>>> @INC [11642] dbg: pyzor: network tests on, attempting >>> Pyzor [11642] >>>>>> dbg: plugin: did not register >>>>>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a85428), already >>>>>> registered [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>>> razor2 is available, version 2.81 [11642] dbg: plugin: did not >>>>>> register >>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a85440), already >>>>>> registered [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::SpamCop from @INC [11642] >>> dbg: reporter: >>>>>> network tests on, attempting SpamCop [11642] dbg: plugin: did not >>>>>> register Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9a8550c), >>>>>> already registered [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::AWL from @INC [11642] dbg: >>> plugin: did >>>>>> not register Mail::SpamAssassin::Plugin::AWL=HASH(0x9a854d0), >>>>>> already registered [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [11642] >>>>>> dbg: plugin: did not register >>>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9a855a8), >>>>>> already registered >>>>>> [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>> [11642] dbg: >>>>>> plugin: did not register >>>>>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9a855a8), >>>>>> already >>>>>> registered >>>>>> [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::MIMEHeader from @INC [11642] dbg: >>>>>> plugin: did not register >>>>>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9a8568c), already >>>>>> registered [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC [11642] dbg: >>>>>> plugin: did not register >>>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9a85704), already >>>>>> registered [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::RelayCountry from @INC [11642] dbg: >>>>>> plugin: did not register >>>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9a8571c), already >>>>>> registered [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::SPF from @INC [11642] dbg: >>> plugin: did >>>>>> not register Mail::SpamAssassin::Plugin::SPF=HASH(0x9a856b0), >>>>>> already registered [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::URIDNSBL from @INC [11642] >>> dbg: plugin: >>>>>> did not register >>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9a85710), already >>>>>> registered [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>>> razor2 is available, version 2.81 [11642] dbg: plugin: did not >>>>>> register >>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a8577c), already >>>>>> registered [11642] dbg: plugin: >>>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) >>> implements >>>>>> 'finish_parsing_end' >>>>>> [11642] dbg: replacetags: replacing tags [11642] dbg: >>> replacetags: >>>>>> done replacing tags [11642] dbg: bayes: using username: >>> root [11642] >>>>>> dbg: bayes: database connection established [11642] dbg: bayes: >>>>>> found bayes db version 3 [11642] dbg: bayes: Using >>> userid: 1 [11642] >>>>>> dbg: config: score set 3 chosen. >>>>>> [11642] dbg: message: ---- MIME PARSER START ---- [11642] dbg: >>>>>> message: main message type: text/plain [11642] dbg: >>> message: parsing >>>>>> normal part [11642] dbg: message: added part, type: text/plain >>>>>> [11642] dbg: message: ---- MIME PARSER END ---- [11642] dbg: dns: >>>>>> name server: 192.168.0.10, family: 2, ipv6: 0 [11642] dbg: dns: >>>>>> testing resolver nameservers: 192.168.0.10, 192.168.0.12, >>>>>> 192.168.0.2 [11642] dbg: dns: trying (3) linux.org... >>>>>> [11642] dbg: dns: looking up NS for 'linux.org' >>>>>> [11642] dbg: dns: NS lookup of linux.org using >>> 192.168.0.10 failed, >>>>>> no results found [11642] dbg: dns: trying (2) akamai.com... >>>>>> [11642] dbg: dns: looking up NS for 'akamai.com' >>>>>> [11642] dbg: dns: NS lookup of akamai.com using >>> 192.168.0.10 failed, >>>>>> no results found [11642] dbg: dns: trying (1) intel.com... >>>>>> [11642] dbg: dns: looking up NS for 'intel.com' >>>>>> [11642] dbg: dns: NS lookup of intel.com using 192.168.0.10 >>>>>> succeeded => DNS available (set dns_available to >>> override) [11642] >>>>>> dbg: dns: is DNS available? 1 [11642] dbg: metadata: >>>>>> X-Spam-Relays-Trusted: >>>>>> [11642] dbg: metadata: X-Spam-Relays-Untrusted: >>>>>> [11642] dbg: plugin: >>>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) >>> implements >>>>>> 'extract_metadata' >>>>>> [11642] dbg: metadata: X-Relay-Countries: >>>>>> [11642] dbg: message: no encoding detected [11642] dbg: plugin: >>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>>>>> 'parsed_metadata' >>>>>> [11642] dbg: uridnsbl: domains to query: >>>>>> [11642] dbg: check: running tests for priority: 0 [11642] dbg: >>>>>> rules: running header regexp tests; score so far=0 [11642] dbg: >>>>>> rules: running body-text per-line regexp tests; score so far=0 >>>>>> [11642] dbg: rules: ran body rule __SARE_HTML_HAS_MSG ======> got >>>>>> hit: "I" >>>>>> [11642] dbg: uri: running uri tests; score so far=0 [11642] dbg: >>>>>> rules: running raw-body-text per-line regexp tests; score >>> so far=0 >>>>>> [11642] dbg: rules: running full-text regexp tests; score >>> so far=0 >>>>>> [11642] dbg: plugin: >>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>>>>> 'check_tick' >>>>>> [11642] dbg: check: running tests for priority: 500 [11642] dbg: >>>>>> plugin: >>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>>>>> 'check_post_dnsbl' >>>>>> [11642] dbg: rules: running meta tests; score so far=0 >>> [11642] dbg: >>>>>> rules: running header regexp tests; score so far=0 [11642] dbg: >>>>>> rules: running body-text per-line regexp tests; score so far=0 >>>>>> [11642] dbg: uri: running uri tests; score so far=0 [11642] dbg: >>>>>> rules: running raw-body-text per-line regexp tests; score >>> so far=0 >>>>>> [11642] dbg: rules: running full-text regexp tests; score >>> so far=0 >>>>>> [11642] dbg: check: is spam? score=0 required=5 [11642] >>> dbg: check: >>>>>> tests= [11642] dbg: check: subtests=__SARE_HTML_HAS_MSG >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store PGP >>> footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> --This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> MailScanner thanks transtec Computers for their support. >>> >>> --MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > --Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From martinh at solid-state-logic.com Wed May 3 18:40:55 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed May 3 18:41:24 2006 Subject: updates_spamassassin_org.cf ?? In-Reply-To: Message-ID: <013f01c66ed8$baf83da0$3004010a@martinhlaptop> Jeff No - the sa-updates creates a new dir with new and existing rules for your version...changing the MailScanner line.. SpamAssassin Local State Dir = /var/lib will make MS see the updated rulesets. HOWEVER it would seem that you have to have run sa-update BEFORE you make this change otherwise MS doesn't see the 'original' rules in /usr/local/share/spamassassin and your spam detection will down the pan. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jeff A. Earickson > Sent: 03 May 2006 18:11 > To: mailscanner mailing list > Subject: updates_spamassassin_org.cf ?? > > Gang, > > Branching out from the "Spamassassin not working..." thread > regarding sa-update, I have done some experimenting and I'll > report what I found with MailScanner. > > I ran sa-update and got new cf files put into > /var/opt/spamassassin/3.001001/updates_spamassassin_org, with > a file /var/opt/spamassassin/3.001001/updates_spamassassin_org.cf. > > Then I ran MS in debug mode and looked for evident that the > files in /var/opt where used. Nothing. Then I made a symlink: > > cd /etc/mail/spamassassin > ln -s /var/opt/spamassassin/3.001001/updates_spamassassin_org.cf > updates_spamassassin_org.cf > > and ran MS in debug mode again. Voila! The updates got used, eg: > > dbg: plugin: fixed relative path: > /etc/mail/spamassassin/updates_spamassassin_org/10_misc.cf > dbg: config: using > "/etc/mail/spamassassin/updates_spamassassin_org/10_misc.cf" for included > file > > and so on for all of the other cf files in /var/opt. > > Errr, is this the way that info from sa-update should be used? > > Jeff Earickson > Colby College > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From alex at nkpanama.com Wed May 3 18:49:31 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed May 3 18:49:53 2006 Subject: SMTP Auth In-Reply-To: References: <1146668763.2775.71.camel@powell> <4458DF26.8040400@nkpanama.com> Message-ID: <4458ED2B.7040306@nkpanama.com> Mark Nienberg wrote: > > # Check for authenticated mail sent from outside the office > # so we can compensate for rbls, etc. > # Note that the Received header has been modified in sendmail.mc so > # it says "authenticated SecretPhrase" instead of just "authenticated". > # This to make it harder for someone to bypass our filters by sending > # us messages with a forged Received header. > > header TMA_AUTH Received =~ /from .*\(authenticated SecretPhrase > bits.* by mail\.tippingmar\.com .* cipher=/i > The place for the "secretphrase" would be where the cfhead.m4 says: _REC_FULL_AUTH_$?{auth_ssf} bits=${auth_ssf}$.) right? BTW, mine says "rec_full_auth" instead of the "rec_auth" that comes with the stock cf file so I can tell *who* authenticated - not just the fact that the message *was* authenticated. From jaearick at colby.edu Wed May 3 18:59:34 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed May 3 19:02:03 2006 Subject: tnef 1.4, Solaris, won't build Message-ID: Anybody else had problems getting tnef 1.4 to build from the tar release? On Solaris 10 with gcc 4.1, I get: if gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -MT xstrdup.o -MD -MP -MF ".deps/xstrdup.Tpo" -c -o xstrdup.o xstrdup.c; \ then mv -f ".deps/xstrdup.Tpo" ".deps/xstrdup.Po"; else rm -f ".deps/xstrdup.Tpo"; exit 1; fi gmake[3]: *** No rule to make target `replace/libreplace.a', needed by `tnef'. Stop. I'm going to use the tnef executable from the previous MS release and move on for the moment. Jeff Earickson Colby College From MailScanner at ecs.soton.ac.uk Wed May 3 19:25:22 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 3 19:26:21 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <2baac6140605030917r6ea3ea26o1f210e5f20deac0d@mail.gmail.com> References: <972EAD70-2D44-4EB3-B294-5A49052FF46D@ecs.soton.ac.uk> <2baac6140605030917r6ea3ea26o1f210e5f20deac0d@mail.gmail.com> Message-ID: <4458F592.1050408@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Not quite. After it has done it the first time, it will have some rules in the /var/lib/... directory. If it fails in future it just won't copy the screwed rules into place. But yes, it has a bad failure mode that if it fails the first time it leaves you with a system that doesn't work properly. Can Matt Kettler forward this to the SpamAssassin guys (e.g. Justin) and file this as a bug please? Devon Harding wrote: > So, to sum it up. If sa-update has an issue (and creates an empty > /var/lib/spamassassin/3.001001/), Mailscanner will look there for SA > rules, not find any, and let SPAM through? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFj1lBH2WUcUFbZUEQJmXwCg45Mhw4DqGXsLA4jb3xBJFFxO5AcAn0WI kSHhFs5iF317OlDP+GyBM/go =JhJh -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From jaearick at colby.edu Wed May 3 19:23:59 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed May 3 19:27:26 2006 Subject: updates_spamassassin_org.cf ?? In-Reply-To: <013f01c66ed8$baf83da0$3004010a@martinhlaptop> References: <013f01c66ed8$baf83da0$3004010a@martinhlaptop> Message-ID: Martin, I was trying to figure out the sa-update thing with MS version 4.52.2. Your note below made no sense to me until I started looking at the MailScanner.conf for 4.53.7. I my case (Solaris 10) the state dir is /var/opt instead of /var/lib. Jeff Earickson Colby College On Wed, 3 May 2006, Martin Hepworth wrote: > Date: Wed, 3 May 2006 18:40:55 +0100 > From: Martin Hepworth > Reply-To: MailScanner discussion > To: 'MailScanner discussion' > Subject: RE: updates_spamassassin_org.cf ?? > > Jeff > > No - the sa-updates creates a new dir with new and existing rules for your > version...changing the MailScanner line.. > > SpamAssassin Local State Dir = /var/lib > > will make MS see the updated rulesets. HOWEVER it would seem that you have > to have run sa-update BEFORE you make this change otherwise MS doesn't see > the 'original' rules in /usr/local/share/spamassassin and your spam > detection will down the pan. > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Jeff A. Earickson >> Sent: 03 May 2006 18:11 >> To: mailscanner mailing list >> Subject: updates_spamassassin_org.cf ?? >> >> Gang, >> >> Branching out from the "Spamassassin not working..." thread >> regarding sa-update, I have done some experimenting and I'll >> report what I found with MailScanner. >> >> I ran sa-update and got new cf files put into >> /var/opt/spamassassin/3.001001/updates_spamassassin_org, with >> a file /var/opt/spamassassin/3.001001/updates_spamassassin_org.cf. >> >> Then I ran MS in debug mode and looked for evident that the >> files in /var/opt where used. Nothing. Then I made a symlink: >> >> cd /etc/mail/spamassassin >> ln -s /var/opt/spamassassin/3.001001/updates_spamassassin_org.cf >> updates_spamassassin_org.cf >> >> and ran MS in debug mode again. Voila! The updates got used, eg: >> >> dbg: plugin: fixed relative path: >> /etc/mail/spamassassin/updates_spamassassin_org/10_misc.cf >> dbg: config: using >> "/etc/mail/spamassassin/updates_spamassassin_org/10_misc.cf" for included >> file >> >> and so on for all of the other cf files in /var/opt. >> >> Errr, is this the way that info from sa-update should be used? >> >> Jeff Earickson >> Colby College >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From chardlist at chard.net Wed May 3 19:41:05 2006 From: chardlist at chard.net (chardlist) Date: Wed May 3 19:41:29 2006 Subject: Bitdefender Wrapper / tmpfs Message-ID: <044201c66ee1$24399bd0$0202fea9@sangria> Is there a way to specify the temporary directory Bitdefender uses when doing it's scanning? I saw in the clam-av wrapper where this could be easily modified. I'm trying to get as many of the mailscanner processes as possible using tmpfs. Elaborating on that... does anyone have recommendations on using tmpfs to improve performance? I've already configured the mailscanner incoming directory and the clamav temporary directory to use tmpfs and the performance boost is outstanding. Thank you, -Brendan From MailScanner at ecs.soton.ac.uk Wed May 3 19:56:33 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 3 19:56:55 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <4458E7DF.1010609@pacific.net> References: <972EAD70-2D44-4EB3-B294-5A49052FF46D@ecs.soton.ac.uk> <4458E7DF.1010609@pacific.net> Message-ID: <4458FCE1.6000204@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have disabled it from having any effect until the user finds it. It's relatively unimportant at the moment anyway. Is it very easy to tell from the end of the output of sa-update that it succeeded or failed? Users can't be expected to read more than the last 5 lines or so of the output of sa-update. Does it produce different exit codes if it fails? Ken A wrote: > > This being a new feature of S.A., I did the usual poking around, ran > "man sa-update" and then "sa-update -D". It failed on one of 3 SA/MS > boxes the first time around with sha key errors, then it ran fine the > second try. The other boxes worked on the first shot. > > It might be a nice thing to have some of the informative output at the > end of install.sh say something about the importance of the 'first > run' of sa-update. > > Thanks, > > Ken Anderson > Pacific.Net > > > Julian Field wrote: >> I have just published 4.53.7 which has this option commented out by >> default. >> You can uncomment it yourself once you have found out all about >> sa-update. >> >> This way seems a lot safer to me. Shame it never turned up as an >> issue during beta testing. >> >> On 3 May 2006, at 16:04, Adri Koppes wrote: >> >>> Julian, >>> >>> One option might be to either have it commented out or leave the option >>> blank, so that it doesn't get used and people have to enable it >>> themselves when they start using sa-update and have verified they have >>> received the first update ok. >>> Another option could be to have MailScanner check on startup, if the >>> directory exists, is readable and actually contains some rules before >>> enabling the option. >>> >>> Normal behaviour of sa-update is to download the new rules, run an >>> internal spamassassin --lint on them and if they pass, copy them to the >>> local_state_dir. >>> It looks like there is a small bug in SA, where it used the >>> local_state_dir, even when it is empty. >>> This would normally only happen, if there never was a successful >>> sa-update. As soon as sa-update has run successfully, it will never >>> delete the contents of the directory on a next unsuccessfull update. >>> >>> Adri. >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>> Of Julian Field >>>> Sent: woensdag 3 mei 2006 16:48 >>>> To: MailScanner discussion >>>> Subject: Re: Spamassassin not working after 4.53 >>>> >>>> Should I urgently put out a new version with the SpamAssassin >>>> Local State Dir setting commented out in MailScanner.conf? >>>> >>>> >>>> On 3 May 2006, at 12:45, Roger Jochem wrote: >>>> >>>>> I'm with the same problem here... >>>>> >>>>> What's the problem with sa-update? I normally used my rules >>>> in /etc/ >>>>> mail/spamassassin, and since this version 4.53.6-1, with this new >>>>> setting "SpamAssassin Local State Dir" I'm having problems... >>>>> >>>>> My sa-update command runned with debug didn't found any working >>>>> mirror... Any help? >>>>> >>>>> Regards >>>>> >>>>> Roger Jochem >>>>> >>>>> ----- Original Message ----- From: "Adri Koppes" >>>>> >>>>> To: "MailScanner discussion" >>>>> Sent: Wednesday, May 03, 2006 8:28 AM >>>>> Subject: RE: Spamassassin not working after 4.53 >>>>> >>>>> >>>>>> I see you are using /var/lib/spamassassin/3.001001 as your sys and >>>>>> def rules dir. >>>>>> Probably these where created by running sa-update. >>>>>> Yet, there are NO rules from this location read! >>>>>> So all the default built-in rules don't exist as far as Sa is >>>>>> concerned. >>>>>> Are there any rules in /var/lib/spamassassin/3.001001 or >>>> underlying >>>>>> directories? >>>>>> Have you tried running sa-update again? Perhaps it's a failed sa- >>>>>> update, which deleted everything? >>>>>> >>>>>> Adri. >>>>>> >>>>>> >>>>>>> -----Original Message----- >>>>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>>>>>> Devon Harding >>>>>>> Sent: woensdag 3 mei 2006 13:17 >>>>>>> To: MailScanner discussion >>>>>>> Subject: Spamassassin not working after 4.53 >>>>>>> >>>>>>> After I upgraded to 4.53, I noticed that Mailscanner was letting >>>>>>> through ALOT more spam. I also noticed that spamassassin was >>>>>>> scoring messages very low. Can anyone tell me whats going on? >>>>>>> Here's a copy of my spamassassin --lint: >>>>>>> >>>>>>> [root@mars MailScanner]# spamassassin -x -D -p >>>>>>> /etc/MailScanner/spam.assassin.prefs.conf --lint [11642] dbg: >>>>>>> logger: adding facilities: all [11642] dbg: logger: >>>> logging level is >>>>>>> DBG [11642] dbg: generic: SpamAssassin version 3.1.1 [11642] dbg: >>>>>>> config: score set 0 chosen. >>>>>>> [11642] dbg: util: running in taint mode? yes [11642] dbg: util: >>>>>>> taint mode: deleting unsafe environment variables, resetting PATH >>>>>>> [11642] dbg: util: PATH included '/usr/kerberos/sbin', keeping >>>>>>> [11642] dbg: util: PATH included '/usr/kerberos/bin', keeping >>>>>>> [11642] dbg: util: PATH included '/usr/local/sbin', >>>> keeping [11642] >>>>>>> dbg: util: PATH included '/usr/local/bin', keeping [11642] dbg: >>>>>>> util: PATH included '/sbin', keeping [11642] dbg: util: PATH >>>>>>> included '/bin', keeping [11642] dbg: util: PATH included >>>>>>> '/usr/sbin', keeping [11642] dbg: util: PATH included '/usr/bin', >>>>>>> keeping [11642] dbg: util: PATH included '/root/bin', keeping >>>>>>> [11642] dbg: util: final PATH set to: >>>>>>> /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/loca >>>>>>> l/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin >>>>>>> [11642] dbg: dns: is Net::DNS::Resolver available? yes >>>> [11642] dbg: >>>>>>> dns: Net::DNS version: 0.57 [11642] dbg: diag: perl platform: >>>>>>> 5.008008 linux [11642] dbg: diag: module installed: Digest::SHA1, >>>>>>> version 2.11 [11642] dbg: diag: module installed: HTML::Parser, >>>>>>> version 3.51 [11642] dbg: diag: module installed: MIME::Base64, >>>>>>> version 3.07 [11642] dbg: diag: module installed: >>>> DB_File, version >>>>>>> 1.814 [11642] dbg: diag: module installed: Net::DNS, version 0.57 >>>>>>> [11642] dbg: diag: module installed: Net::SMTP, version >>>> 2.29 [11642] >>>>>>> dbg: diag: module installed: Mail::SPF::Query, version 1.999001 >>>>>>> [11642] dbg: diag: module installed: IP::Country::Fast, version >>>>>>> 604.001 [11642] dbg: diag: module installed: >>>> Razor2::Client::Agent, >>>>>>> version 2.81 [11642] dbg: diag: module installed: Net::Ident, >>>>>>> version 1.20 [11642] dbg: diag: module not installed: >>>>>>> IO::Socket::INET6 ('require' failed) [11642] dbg: diag: module >>>>>>> installed: IO::Socket::SSL, version 0.97 [11642] dbg: >>>> diag: module >>>>>>> installed: Time::HiRes, version 1.86 [11642] dbg: diag: module >>>>>>> installed: DBI, version 1.50 [11642] dbg: diag: module installed: >>>>>>> Getopt::Long, version 2.35 [11642] dbg: diag: module installed: >>>>>>> LWP::UserAgent, version 2.033 [11642] dbg: diag: module >>>> installed: >>>>>>> HTTP::Date, version 1.47 [11642] dbg: diag: module installed: >>>>>>> Archive::Tar, version 1.29 [11642] dbg: diag: module installed: >>>>>>> IO::Zlib, version 1.04 [11642] dbg: ignore: using a test >>>> message to >>>>>>> lint rules [11642] dbg: config: using >>>> "/etc/mail/spamassassin" for >>>>>>> site rules pre files [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/init.pre [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/v310.pre [11642] dbg: config: using >>>>>>> "/var/lib/spamassassin/3.001001" for sys rules pre files [11642] >>>>>>> dbg: config: using "/var/lib/spamassassin/3.001001" for default >>>>>>> rules dir [11642] dbg: config: using "/etc/mail/spamassassin" for >>>>>>> site rules dir [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf >>>>>>> [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/70_sare_evilnum0.cf >>>>>>> [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/70_sare_evilnum1.cf >>>>>>> [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/70_sare_evilnum2.cf >>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>>>>>> 70_sare_html.cf [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/ 70_sare_html4.cf [11642] dbg: >>>> config: read >>>>>>> file /etc/mail/spamassassin/70_sare_html_eng.cf >>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>>>>>> 70_sare_obfu.cf [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/70_sare_random.cf >>>>>>> [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/70_sare_specific.cf >>>>>>> [11642] dbg: config: read file >>>> /etc/mail/spamassassin/70_sare_uri.cf >>>>>>> [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/70_sare_whitelist.cf >>>>>>> [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf >>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>>>>>> 88_FVGT_body.cf [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/88_FVGT_headers.cf >>>>>>> [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/88_FVGT_rawbody.cf >>>>>>> [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/88_FVGT_subject.cf >>>>>>> [11642] dbg: config: read file >>>> /etc/mail/spamassassin/88_FVGT_uri.cf >>>>>>> [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/99_FVGT_Tripwire.cf >>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/antidrug.cf >>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/backhair.cf >>>>>>> [11642] dbg: config: read file >>>> /etc/mail/spamassassin/chickenpox.cf >>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/german.cf >>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/local.cf >>>>>>> [11642] dbg: config: read file >>>> /etc/mail/spamassassin/mailscanner.cf >>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/mangled.cf >>>>>>> [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/random.current.cf >>>>>>> [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/sa-blacklist.current.uri.cf >>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/tripwire.cf >>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/weeds.cf >>>>>>> [11642] dbg: config: using "/etc/MailScanner/ >>>>>>> spam.assassin.prefs.conf" >>>>>>> for user prefs file >>>>>>> [11642] dbg: config: read file >>>>>>> /etc/MailScanner/spam.assassin.prefs.conf >>>>>>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from >>>>>>> @INC [11642] dbg: dcc: network tests on, registering DCC [11642] >>>>>>> dbg: plugin: registered >>>>>>> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a6b8e0) >>>>>>> [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::Pyzor from @INC [11642] dbg: pyzor: >>>>>>> network tests on, attempting Pyzor [11642] dbg: plugin: registered >>>>>>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a5db2c) >>>>>>> [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>>>> razor2 is available, version 2.81 [11642] dbg: plugin: registered >>>>>>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9b24050) >>>>>>> [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::SpamCop from @INC [11642] >>>> dbg: reporter: >>>>>>> network tests on, attempting SpamCop [11642] dbg: plugin: >>>> registered >>>>>>> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9b5b2a8) >>>>>>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from >>>>>>> @INC [11642] dbg: plugin: registered >>>>>>> Mail::SpamAssassin::Plugin::AWL=HASH(0x9ae90d4) >>>>>>> [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [11642] >>>>>>> dbg: plugin: registered >>>>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9aea07c) >>>>>>> [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>>> [11642] dbg: >>>>>>> plugin: registered >>>>>>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9aeaaf0) >>>>>>> [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::MIMEHeader from @INC [11642] dbg: >>>>>>> plugin: registered >>>>>>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9aeb7d4) >>>>>>> [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC [11642] dbg: >>>>>>> plugin: registered >>>>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) >>>>>>> [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::RelayCountry from @INC [11642] dbg: >>>>>>> plugin: registered >>>>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) >>>>>>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from >>>>>>> @INC [11642] dbg: plugin: registered >>>>>>> Mail::SpamAssassin::Plugin::SPF=HASH(0x9b64784) >>>>>>> [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL from @INC [11642] >>>> dbg: plugin: >>>>>>> registered >>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) >>>>>>> [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>>>> razor2 is available, version 2.81 [11642] dbg: plugin: did not >>>>>>> register >>>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9bb3f14), already >>>>>>> registered [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::DCC from @INC [11642] dbg: >>>> dcc: network >>>>>>> tests on, registering DCC [11642] dbg: plugin: did not register >>>>>>> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a85404), already >>>> registered >>>>>>> [11642] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::Pyzor from >>>>>>> @INC [11642] dbg: pyzor: network tests on, attempting >>>> Pyzor [11642] >>>>>>> dbg: plugin: did not register >>>>>>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a85428), already >>>>>>> registered [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>>>> razor2 is available, version 2.81 [11642] dbg: plugin: did not >>>>>>> register >>>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a85440), already >>>>>>> registered [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::SpamCop from @INC [11642] >>>> dbg: reporter: >>>>>>> network tests on, attempting SpamCop [11642] dbg: plugin: did not >>>>>>> register Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9a8550c), >>>>>>> already registered [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::AWL from @INC [11642] dbg: >>>> plugin: did >>>>>>> not register Mail::SpamAssassin::Plugin::AWL=HASH(0x9a854d0), >>>>>>> already registered [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [11642] >>>>>>> dbg: plugin: did not register >>>>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9a855a8), >>>>>>> already registered >>>>>>> [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>>> [11642] dbg: >>>>>>> plugin: did not register >>>>>>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9a855a8), >>>>>>> already >>>>>>> registered >>>>>>> [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::MIMEHeader from @INC [11642] dbg: >>>>>>> plugin: did not register >>>>>>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9a8568c), already >>>>>>> registered [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC [11642] dbg: >>>>>>> plugin: did not register >>>>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9a85704), already >>>>>>> registered [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::RelayCountry from @INC [11642] dbg: >>>>>>> plugin: did not register >>>>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9a8571c), already >>>>>>> registered [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::SPF from @INC [11642] dbg: >>>> plugin: did >>>>>>> not register Mail::SpamAssassin::Plugin::SPF=HASH(0x9a856b0), >>>>>>> already registered [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL from @INC [11642] >>>> dbg: plugin: >>>>>>> did not register >>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9a85710), already >>>>>>> registered [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>>>> razor2 is available, version 2.81 [11642] dbg: plugin: did not >>>>>>> register >>>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a8577c), already >>>>>>> registered [11642] dbg: plugin: >>>>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) >>>> implements >>>>>>> 'finish_parsing_end' >>>>>>> [11642] dbg: replacetags: replacing tags [11642] dbg: >>>> replacetags: >>>>>>> done replacing tags [11642] dbg: bayes: using username: >>>> root [11642] >>>>>>> dbg: bayes: database connection established [11642] dbg: bayes: >>>>>>> found bayes db version 3 [11642] dbg: bayes: Using >>>> userid: 1 [11642] >>>>>>> dbg: config: score set 3 chosen. >>>>>>> [11642] dbg: message: ---- MIME PARSER START ---- [11642] dbg: >>>>>>> message: main message type: text/plain [11642] dbg: >>>> message: parsing >>>>>>> normal part [11642] dbg: message: added part, type: text/plain >>>>>>> [11642] dbg: message: ---- MIME PARSER END ---- [11642] dbg: dns: >>>>>>> name server: 192.168.0.10, family: 2, ipv6: 0 [11642] dbg: dns: >>>>>>> testing resolver nameservers: 192.168.0.10, 192.168.0.12, >>>>>>> 192.168.0.2 [11642] dbg: dns: trying (3) linux.org... >>>>>>> [11642] dbg: dns: looking up NS for 'linux.org' >>>>>>> [11642] dbg: dns: NS lookup of linux.org using >>>> 192.168.0.10 failed, >>>>>>> no results found [11642] dbg: dns: trying (2) akamai.com... >>>>>>> [11642] dbg: dns: looking up NS for 'akamai.com' >>>>>>> [11642] dbg: dns: NS lookup of akamai.com using >>>> 192.168.0.10 failed, >>>>>>> no results found [11642] dbg: dns: trying (1) intel.com... >>>>>>> [11642] dbg: dns: looking up NS for 'intel.com' >>>>>>> [11642] dbg: dns: NS lookup of intel.com using 192.168.0.10 >>>>>>> succeeded => DNS available (set dns_available to >>>> override) [11642] >>>>>>> dbg: dns: is DNS available? 1 [11642] dbg: metadata: >>>>>>> X-Spam-Relays-Trusted: >>>>>>> [11642] dbg: metadata: X-Spam-Relays-Untrusted: >>>>>>> [11642] dbg: plugin: >>>>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) >>>> implements >>>>>>> 'extract_metadata' >>>>>>> [11642] dbg: metadata: X-Relay-Countries: >>>>>>> [11642] dbg: message: no encoding detected [11642] dbg: plugin: >>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>>>>>> 'parsed_metadata' >>>>>>> [11642] dbg: uridnsbl: domains to query: >>>>>>> [11642] dbg: check: running tests for priority: 0 [11642] dbg: >>>>>>> rules: running header regexp tests; score so far=0 [11642] dbg: >>>>>>> rules: running body-text per-line regexp tests; score so far=0 >>>>>>> [11642] dbg: rules: ran body rule __SARE_HTML_HAS_MSG ======> got >>>>>>> hit: "I" >>>>>>> [11642] dbg: uri: running uri tests; score so far=0 [11642] dbg: >>>>>>> rules: running raw-body-text per-line regexp tests; score >>>> so far=0 >>>>>>> [11642] dbg: rules: running full-text regexp tests; score >>>> so far=0 >>>>>>> [11642] dbg: plugin: >>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>>>>>> 'check_tick' >>>>>>> [11642] dbg: check: running tests for priority: 500 [11642] dbg: >>>>>>> plugin: >>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>>>>>> 'check_post_dnsbl' >>>>>>> [11642] dbg: rules: running meta tests; score so far=0 >>>> [11642] dbg: >>>>>>> rules: running header regexp tests; score so far=0 [11642] dbg: >>>>>>> rules: running body-text per-line regexp tests; score so far=0 >>>>>>> [11642] dbg: uri: running uri tests; score so far=0 [11642] dbg: >>>>>>> rules: running raw-body-text per-line regexp tests; score >>>> so far=0 >>>>>>> [11642] dbg: rules: running full-text regexp tests; score >>>> so far=0 >>>>>>> [11642] dbg: check: is spam? score=0 required=5 [11642] >>>> dbg: check: >>>>>>> tests= [11642] dbg: check: subtests=__SARE_HTML_HAS_MSG >>>>>>> -- >>>>>>> MailScanner mailing list >>>>>>> mailscanner@lists.mailscanner.info >>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>> >>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store PGP >>>> footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> >>>> --This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> MailScanner thanks transtec Computers for their support. >>>> >>>> --MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> --Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> --This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFj84xH2WUcUFbZUEQLFGACgtmWxoM95k9hgEnVs6CYKnCKvEhAAoMQI iwfbIW4ok5IcSYvz198qVovc =PJbN -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From brett at wrl.org Wed May 3 20:00:47 2006 From: brett at wrl.org (Brett Charbeneau) Date: Wed May 3 20:02:15 2006 Subject: Debug for Sendmail with MailScanner - huh? In-Reply-To: References: Message-ID: Thanks for the response, shrek-m! > i do not know debians sendmail.mc > do you mean `confLOG_LEVEL' ? > > eg. /etc/mail/sendmail.mc > -------- > dnl # default logging level is 9, you might want to set it higher to > dnl # debug the configuration > dnl # > dnl define(`confLOG_LEVEL', `9')dnl > define(`confLOG_LEVEL', `15')dnl Wow - that seems to have done it! There wasn't any "confLOG_LEVEL" mention in the Debian sendmail.mc, but when I stuck your define statement in it really cranked up the detail on the log! Many thanks! -- ******************************************************************** Brett Charbeneau Network Administrator Williamsburg Regional Library 7770 Croaker Road Williamsburg, VA 23188-7064 (757)259-4044 www.wrl.org (757)259-4079 (fax) brett@wrl.org ******************************************************************** From MailScanner at ecs.soton.ac.uk Wed May 3 20:04:36 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 3 20:04:48 2006 Subject: Bitdefender Wrapper / tmpfs In-Reply-To: <044201c66ee1$24399bd0$0202fea9@sangria> References: <044201c66ee1$24399bd0$0202fea9@sangria> Message-ID: <4458FEC4.6080208@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A 'strings - bdc' produces this /tmp/ %s/%s %s%s /proc/%d /proc/self /tmp/ctmpXXXXXX /tmp/tmpXXXXXX so if you mount /tmp with tmpfs you should get it. chardlist wrote: > Is there a way to specify the temporary directory Bitdefender uses when > doing it's scanning? > > I saw in the clam-av wrapper where this could be easily modified. > > I'm trying to get as many of the mailscanner processes as possible using > tmpfs. > > Elaborating on that... does anyone have recommendations on using tmpfs to > improve performance? I've already configured the mailscanner incoming > directory and the clamav temporary directory to use tmpfs and the > performance boost is outstanding. > > Thank you, > -Brendan > > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFj+xhH2WUcUFbZUEQJZjwCfXk8Evf0+O+umn4ZtKl79QdU8HRkAn1Z3 XgMZvBbwTL+pEd779lqSQh9e =5xmo -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mariusz_p at poczta.onet.pl Wed May 3 20:16:03 2006 From: mariusz_p at poczta.onet.pl (Mariusz P.) Date: Wed May 3 20:16:19 2006 Subject: How switch off delete of infected attachment Message-ID: <00c901c66ee6$053b1790$9b2a1453@home> How switch off delete of infected attachment?? From mkettler at evi-inc.com Wed May 3 20:23:28 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed May 3 20:23:43 2006 Subject: How switch off delete of infected attachment In-Reply-To: <00c901c66ee6$053b1790$9b2a1453@home> References: <00c901c66ee6$053b1790$9b2a1453@home> Message-ID: <44590330.8020808@evi-inc.com> Mariusz P. wrote: > How switch off delete of infected attachment?? Quarantine Infections = yes This will cause MS to rip them off and drop them in a quarantine directory on the server instead of deleting them. If even quarantining isn't good enough, your other alternative is to turn off virus scanning. I don't think there's any way to use "deliver" as a virus action in MS. From evanderleun at hal9000.nl Wed May 3 20:30:47 2006 From: evanderleun at hal9000.nl (Erik van der Leun) Date: Wed May 3 20:30:53 2006 Subject: mail loops In-Reply-To: <4456466C.1080308@ecs.soton.ac.uk> References: <44560595.80704@ecs.soton.ac.uk> <4456466C.1080308@ecs.soton.ac.uk> Message-ID: <445904E7.8000309@hal9000.nl> Alas... this change didn't make any difference. hal9000 mqueue # MailScanner --debug In Debugging mode, not forking... Ignore errors about failing to find EOCD signature Undefined subroutine &Filesys::DF::df called at /usr/lib/MailScanner/MailScanner/Message.pm line 1663. hal9000 mqueue # this is copied from the CPAN interface (yet, I did install the perl module using Gentoo's Portage, which I prefer to do) DESCRIPTION Disk free based on Filesys::Statvfs CPAN_USERID IGUTHRIE (Ian Guthrie ) CPAN_VERSION 0.75 CPAN_FILE I/IG/IGUTHRIE/Filesys-Statvfs_Statfs_Df-0.75.tar.gz DSLI_STATUS Rdpr (released,developer,perl,references+ties) MANPAGE Filesys::DiskSpace - Perl df INST_FILE /usr/lib/perl5/vendor_perl/5.8.7/Filesys/Df.pm INST_VERSION 0.05 I'm not overly familiar with perl... could anybody give me tips on how to debug this problem? Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Please can you try changing line 1663 of >/usr/lib/MailScanner/MailScanner/Message.pm. Change it to say > > my $df = Filesys::DF::df($dir, 1024); > >and let me know if this fixes it. If it does I'll put out another >release before tomorrow morning. > >Erik van der Leun wrote: > > >>Outgoing mail does not appear to have a problem, logically... >> >>I restarted MailScanner to be able to send the mail, and retried >>debugging >>mode while MailScanner was still on Air: >> >>In Debugging mode, not forking... >>Ignore errors about failing to find EOCD signature >>Undefined subroutine &MailScanner::Message::df called at >>/usr/lib/MailScanner/MailScanner/Message.pm line 1663. >> >>This was the only output I got... Might be it though... >> >>I'm downgrading again for now, as I do need mailflow :) >> >>On Mon, 1 May 2006, Julian Field wrote: >> >> >> >>>-----BEGIN PGP SIGNED MESSAGE----- >>>Hash: SHA1 >>> >>>In which case stop MailScanner, do "MailScanner --debug" and send us the >>>output. >>> >>>Erik van der Leun wrote: >>> >>> >>>>Hi, >>>> >>>>I've already sent a (mild) warming for gentoo users on the latest >>>>stable >>>>release of MailScanner (the filename of Df.pm will be different if you >>>>use portage to install this perl module), but I didn't even get my >>>>MailScanner >>>>to work properly after the upgrade. >>>> >>>>Mail was checked for spam, I got a message the Virusscanning got >>>>started, but >>>>the first message after that, was the number of messages found in the >>>>queue >>>>and it kept on looping like this. >>>> >>>>Mail was accepted, but not delivered... >>>>I didn't take a lot time to investigate as I simply don't have it >>>>available >>>>at the moment. I downgraded and the problem was solved. >>>> >>>>Did anybody have similar experiences? >>>> >>>>Kind regards, >>>>Erik van der Leun >>>> >>>> >>>- -- >>>Julian Field >>>www.MailScanner.info >>>Buy the MailScanner book at www.MailScanner.info/store >>>Professional Support Services at www.MailScanner.biz >>>MailScanner thanks transtec Computers for their support >>> >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>>-----BEGIN PGP SIGNATURE----- >>>Version: PGP Desktop 9.0.6 (Build 6060) >>> >>>iQA/AwUBRFYFlRH2WUcUFbZUEQLFLACfQD3n1IAc8Ef33of1eUdn/cwDuAoAoJ8n >>>caAovvutPmulPsve+6s3l1S6 >>>=QJQZ >>>-----END PGP SIGNATURE----- >>> >>>-- >>>This message has been scanned for viruses and >>>dangerous content by MailScanner, and is >>>believed to be clean. >>>MailScanner thanks transtec Computers for their support. >>> >>>-- >>>MailScanner mailing list >>>mailscanner@lists.mailscanner.info >>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>>Before posting, read http://wiki.mailscanner.info/posting >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> > >- -- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.0.6 (Build 6060) > >iQA/AwUBRFZGbRH2WUcUFbZUEQKhLgCcD1Wr/dcWVRvvA+8aIDngBJ1M+EkAnj4E >bVt4nI/GlG7cuPvnOF4OnmZx >=J2yj >-----END PGP SIGNATURE----- > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060503/6d69e72a/attachment.html From jrudd at ucsc.edu Wed May 3 20:34:59 2006 From: jrudd at ucsc.edu (John Rudd) Date: Wed May 3 20:33:11 2006 Subject: SMTP Auth In-Reply-To: References: <1146668763.2775.71.camel@powell> <4458DF26.8040400@nkpanama.com> Message-ID: <733a88527ecaae3d9d0f4a1755c6ac69@ucsc.edu> On May 3, 2006, at 10:15, Mark Nienberg wrote: > Alex Neuman van der Hans wrote: > >> How about one of the spamassassin gurus here gives us a hand? You >> *could* set up a spamassassin rule that gives a strong negative value >> to something in the headers. I can see from a message that just came >> in that Dhawal is suggesting something similar. > > > Here is the spamassassin rule I use for this situation: > > # Check for authenticated mail sent from outside the office > # so we can compensate for rbls, etc. > # Note that the Received header has been modified in sendmail.mc so > # it says "authenticated SecretPhrase" instead of just "authenticated". > # This to make it harder for someone to bypass our filters by sending > # us messages with a forged Received header. > My plan around that is: 0) mimedefang removes any existing X-my-header-indicating-authenticated-user 1) mimedefang reads the sendmail macros to see if the sender is authenticated 2) mimedefang adds a X-my-header-indicating-authenticated-user with the header value being the authenticated user 3) if they are authenticated (or from one of my own exempt/local IP addrs), mimedefang doesn't feed the message to spam assassin; if they aren't, it feeds the message to spam assassin. Though, I could also, easily, feed the message to spam assassin in a later process, and give the presence of that header a low score. Since mimedefang removes that header up front, I don't have to worry about it being inserted by someone else (thus no need for a secret phrase). From shuttlebox at gmail.com Wed May 3 20:42:32 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed May 3 20:42:34 2006 Subject: tnef 1.4, Solaris, won't build In-Reply-To: References: Message-ID: <625385e30605031242qb76c8f3jf937d57406cfa1f5@mail.gmail.com> On 5/3/06, Jeff A. Earickson wrote: > Anybody else had problems getting tnef 1.4 to build from the tar > release? On Solaris 10 with gcc 4.1, I get: > > if gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -MT xstrdup.o -MD -MP -MF > ".deps/xstrdup.Tpo" -c -o xstrdup.o xstrdup.c; \ > then mv -f ".deps/xstrdup.Tpo" ".deps/xstrdup.Po"; else rm -f > ".deps/xstrdup.Tpo"; exit 1; fi > gmake[3]: *** No rule to make target `replace/libreplace.a', needed by > `tnef'. Stop. > > I'm going to use the tnef executable from the previous MS > release and move on for the moment. I have built TNEF 1.4 for the Blastwave project as part of my goal to get MailScanner in there. If you're a Blastwave user you can download the package from www.blastwave.org/testing since it's not in the normal repositories yet. -- /peter From alex at nkpanama.com Wed May 3 20:49:08 2006 From: alex at nkpanama.com (Alex Neuman) Date: Wed May 3 20:49:35 2006 Subject: SMTP Auth In-Reply-To: <733a88527ecaae3d9d0f4a1755c6ac69@ucsc.edu> References: <1146668763.2775.71.camel@powell> <4458DF26.8040400@nkpanama.com> <733a88527ecaae3d9d0f4a1755c6ac69@ucsc.edu> Message-ID: <44590934.80301@nkpanama.com> John Rudd escribi?: > > > My plan around that is: > > 0) mimedefang removes any existing > X-my-header-indicating-authenticated-user > 1) mimedefang reads the sendmail macros to see if the sender is > authenticated > 2) mimedefang adds a X-my-header-indicating-authenticated-user with > the header value being the authenticated user > 3) if they are authenticated (or from one of my own exempt/local IP > addrs), mimedefang doesn't feed the message to spam assassin; if they > aren't, it feeds the message to spam assassin. > > Though, I could also, easily, feed the message to spam assassin in a > later process, and give the presence of that header a low score. > Since mimedefang removes that header up front, I don't have to worry > about it being inserted by someone else (thus no need for a secret > phrase). > > Sorry to sound like a clueless noob (or a one-trick-pony, but you have to admit MailScanner is one hell of a trick!), but all I read is: 0) mimedefang blah blah 1) mimedefang yadda yadda 2) mimedefang adds fluffity-fluff bleebloop 3) if they are authenticated, mimedefang bah weep gra-nah weep ninni bong. Perhaps I should look into mimedefang so I can add it to my bag of tricks (or at least, so I can follow a simple thread!) :) From evanderleun at hal9000.nl Wed May 3 20:54:35 2006 From: evanderleun at hal9000.nl (Erik van der Leun) Date: Wed May 3 20:54:38 2006 Subject: mail loops In-Reply-To: <4456466C.1080308@ecs.soton.ac.uk> References: <44560595.80704@ecs.soton.ac.uk> <4456466C.1080308@ecs.soton.ac.uk> Message-ID: <44590A7B.4070304@hal9000.nl> This is from the module I installed from portage This module was formerly called File::Df. It has been renamed into Filesys::DiskSpace. It could have be Filesys::Df but unfortunatly another module created in the meantime uses this name. I installed Filesys-Statvfs_Statfs_Df-0.75.tar.gz using CPAN Conclusion: I was being a noob, installed the wrong module... It was called Filesys::DiskSpace, and I thought it was correct... naive... Sorry for the fuss :) And thanks for your support line 1663 does NOT need to be changed :) Erik van der Leun Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Please can you try changing line 1663 of >/usr/lib/MailScanner/MailScanner/Message.pm. Change it to say > > my $df = Filesys::DF::df($dir, 1024); > >and let me know if this fixes it. If it does I'll put out another >release before tomorrow morning. > >Erik van der Leun wrote: > > >>Outgoing mail does not appear to have a problem, logically... >> >>I restarted MailScanner to be able to send the mail, and retried >>debugging >>mode while MailScanner was still on Air: >> >>In Debugging mode, not forking... >>Ignore errors about failing to find EOCD signature >>Undefined subroutine &MailScanner::Message::df called at >>/usr/lib/MailScanner/MailScanner/Message.pm line 1663. >> >>This was the only output I got... Might be it though... >> >>I'm downgrading again for now, as I do need mailflow :) >> >>On Mon, 1 May 2006, Julian Field wrote: >> >> >> >>>-----BEGIN PGP SIGNED MESSAGE----- >>>Hash: SHA1 >>> >>>In which case stop MailScanner, do "MailScanner --debug" and send us the >>>output. >>> >>>Erik van der Leun wrote: >>> >>> >>>>Hi, >>>> >>>>I've already sent a (mild) warming for gentoo users on the latest >>>>stable >>>>release of MailScanner (the filename of Df.pm will be different if you >>>>use portage to install this perl module), but I didn't even get my >>>>MailScanner >>>>to work properly after the upgrade. >>>> >>>>Mail was checked for spam, I got a message the Virusscanning got >>>>started, but >>>>the first message after that, was the number of messages found in the >>>>queue >>>>and it kept on looping like this. >>>> >>>>Mail was accepted, but not delivered... >>>>I didn't take a lot time to investigate as I simply don't have it >>>>available >>>>at the moment. I downgraded and the problem was solved. >>>> >>>>Did anybody have similar experiences? >>>> >>>>Kind regards, >>>>Erik van der Leun >>>> >>>> >>>- -- >>>Julian Field >>>www.MailScanner.info >>>Buy the MailScanner book at www.MailScanner.info/store >>>Professional Support Services at www.MailScanner.biz >>>MailScanner thanks transtec Computers for their support >>> >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>>-----BEGIN PGP SIGNATURE----- >>>Version: PGP Desktop 9.0.6 (Build 6060) >>> >>>iQA/AwUBRFYFlRH2WUcUFbZUEQLFLACfQD3n1IAc8Ef33of1eUdn/cwDuAoAoJ8n >>>caAovvutPmulPsve+6s3l1S6 >>>=QJQZ >>>-----END PGP SIGNATURE----- >>> >>>-- >>>This message has been scanned for viruses and >>>dangerous content by MailScanner, and is >>>believed to be clean. >>>MailScanner thanks transtec Computers for their support. >>> >>>-- >>>MailScanner mailing list >>>mailscanner@lists.mailscanner.info >>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>>Before posting, read http://wiki.mailscanner.info/posting >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> > >- -- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.0.6 (Build 6060) > >iQA/AwUBRFZGbRH2WUcUFbZUEQKhLgCcD1Wr/dcWVRvvA+8aIDngBJ1M+EkAnj4E >bVt4nI/GlG7cuPvnOF4OnmZx >=J2yj >-----END PGP SIGNATURE----- > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060503/9f1d62c2/attachment.html From ka at pacific.net Wed May 3 20:58:47 2006 From: ka at pacific.net (Ken A) Date: Wed May 3 20:55:27 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <4458FCE1.6000204@ecs.soton.ac.uk> References: <972EAD70-2D44-4EB3-B294-5A49052FF46D@ecs.soton.ac.uk> <4458E7DF.1010609@pacific.net> <4458FCE1.6000204@ecs.soton.ac.uk> Message-ID: <44590B77.8080102@pacific.net> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have disabled it from having any effect until the user finds it. It's > relatively unimportant at the moment anyway. > Is it very easy to tell from the end of the output of sa-update that it > succeeded or failed? Users can't be expected to read more than the last > 5 lines or so of the output of sa-update. Does it produce different exit > codes if it fails? Yep. Last 2 lines of a successful run: [18514] dbg: channel: current version is 398009, new version is 398009, skipping channel [18514] dbg: diag: updates complete, exiting with code 1 Last 3 of a failed run: [19042] dbg: sha1: verification expected: 15c1ee72b78106cd3d6e32dba7be8619e97e156f [19042] dbg: sha1: verification got : 183e72b6541452a0ec169d109e4bbf39d22ce2b6 error: can't verify SHA1 signature channel: SHA1 verification failed, channel failed [19042] dbg: diag: updates complete, exiting with code 4 Last 3 of a successful run (when an update is needed): [19503] dbg: channel: unlinking 23_bayes.cf [19503] dbg: channel: unlinking 20_anti_ratware.cf [19503] dbg: channel: update complete [19503] dbg: diag: updates complete, exiting with code 0 All exit codes are in man sa-update. > > EXIT CODES > An exit code of 0 means an update was available, and was downloaded and installed successfully. > > An exit code of 1 means no fresh updates were available. > > An exit code of 4 or higher, indicates that errors occurred while attempting to download and extract updates. Thanks, Ken A Pacific.Net > Ken A wrote: >> This being a new feature of S.A., I did the usual poking around, ran >> "man sa-update" and then "sa-update -D". It failed on one of 3 SA/MS >> boxes the first time around with sha key errors, then it ran fine the >> second try. The other boxes worked on the first shot. >> >> It might be a nice thing to have some of the informative output at the >> end of install.sh say something about the importance of the 'first >> run' of sa-update. >> >> Thanks, >> >> Ken Anderson >> Pacific.Net >> >> >> Julian Field wrote: >>> I have just published 4.53.7 which has this option commented out by >>> default. >>> You can uncomment it yourself once you have found out all about >>> sa-update. >>> >>> This way seems a lot safer to me. Shame it never turned up as an >>> issue during beta testing. >>> >>> On 3 May 2006, at 16:04, Adri Koppes wrote: >>> >>>> Julian, >>>> >>>> One option might be to either have it commented out or leave the option >>>> blank, so that it doesn't get used and people have to enable it >>>> themselves when they start using sa-update and have verified they have >>>> received the first update ok. >>>> Another option could be to have MailScanner check on startup, if the >>>> directory exists, is readable and actually contains some rules before >>>> enabling the option. >>>> >>>> Normal behaviour of sa-update is to download the new rules, run an >>>> internal spamassassin --lint on them and if they pass, copy them to the >>>> local_state_dir. >>>> It looks like there is a small bug in SA, where it used the >>>> local_state_dir, even when it is empty. >>>> This would normally only happen, if there never was a successful >>>> sa-update. As soon as sa-update has run successfully, it will never >>>> delete the contents of the directory on a next unsuccessfull update. >>>> >>>> Adri. >>>> >>>>> -----Original Message----- >>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>>> Of Julian Field >>>>> Sent: woensdag 3 mei 2006 16:48 >>>>> To: MailScanner discussion >>>>> Subject: Re: Spamassassin not working after 4.53 >>>>> >>>>> Should I urgently put out a new version with the SpamAssassin >>>>> Local State Dir setting commented out in MailScanner.conf? >>>>> >>>>> >>>>> On 3 May 2006, at 12:45, Roger Jochem wrote: >>>>> >>>>>> I'm with the same problem here... >>>>>> >>>>>> What's the problem with sa-update? I normally used my rules >>>>> in /etc/ >>>>>> mail/spamassassin, and since this version 4.53.6-1, with this new >>>>>> setting "SpamAssassin Local State Dir" I'm having problems... >>>>>> >>>>>> My sa-update command runned with debug didn't found any working >>>>>> mirror... Any help? >>>>>> >>>>>> Regards >>>>>> >>>>>> Roger Jochem >>>>>> >>>>>> ----- Original Message ----- From: "Adri Koppes" >>>>>> >>>>>> To: "MailScanner discussion" >>>>>> Sent: Wednesday, May 03, 2006 8:28 AM >>>>>> Subject: RE: Spamassassin not working after 4.53 >>>>>> >>>>>> >>>>>>> I see you are using /var/lib/spamassassin/3.001001 as your sys and >>>>>>> def rules dir. >>>>>>> Probably these where created by running sa-update. >>>>>>> Yet, there are NO rules from this location read! >>>>>>> So all the default built-in rules don't exist as far as Sa is >>>>>>> concerned. >>>>>>> Are there any rules in /var/lib/spamassassin/3.001001 or >>>>> underlying >>>>>>> directories? >>>>>>> Have you tried running sa-update again? Perhaps it's a failed sa- >>>>>>> update, which deleted everything? >>>>>>> >>>>>>> Adri. >>>>>>> >>>>>>> >>>>>>>> -----Original Message----- >>>>>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>>>>>>> Devon Harding >>>>>>>> Sent: woensdag 3 mei 2006 13:17 >>>>>>>> To: MailScanner discussion >>>>>>>> Subject: Spamassassin not working after 4.53 >>>>>>>> >>>>>>>> After I upgraded to 4.53, I noticed that Mailscanner was letting >>>>>>>> through ALOT more spam. I also noticed that spamassassin was >>>>>>>> scoring messages very low. Can anyone tell me whats going on? >>>>>>>> Here's a copy of my spamassassin --lint: >>>>>>>> >>>>>>>> [root@mars MailScanner]# spamassassin -x -D -p >>>>>>>> /etc/MailScanner/spam.assassin.prefs.conf --lint [11642] dbg: >>>>>>>> logger: adding facilities: all [11642] dbg: logger: >>>>> logging level is >>>>>>>> DBG [11642] dbg: generic: SpamAssassin version 3.1.1 [11642] dbg: >>>>>>>> config: score set 0 chosen. >>>>>>>> [11642] dbg: util: running in taint mode? yes [11642] dbg: util: >>>>>>>> taint mode: deleting unsafe environment variables, resetting PATH >>>>>>>> [11642] dbg: util: PATH included '/usr/kerberos/sbin', keeping >>>>>>>> [11642] dbg: util: PATH included '/usr/kerberos/bin', keeping >>>>>>>> [11642] dbg: util: PATH included '/usr/local/sbin', >>>>> keeping [11642] >>>>>>>> dbg: util: PATH included '/usr/local/bin', keeping [11642] dbg: >>>>>>>> util: PATH included '/sbin', keeping [11642] dbg: util: PATH >>>>>>>> included '/bin', keeping [11642] dbg: util: PATH included >>>>>>>> '/usr/sbin', keeping [11642] dbg: util: PATH included '/usr/bin', >>>>>>>> keeping [11642] dbg: util: PATH included '/root/bin', keeping >>>>>>>> [11642] dbg: util: final PATH set to: >>>>>>>> /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/loca >>>>>>>> l/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin >>>>>>>> [11642] dbg: dns: is Net::DNS::Resolver available? yes >>>>> [11642] dbg: >>>>>>>> dns: Net::DNS version: 0.57 [11642] dbg: diag: perl platform: >>>>>>>> 5.008008 linux [11642] dbg: diag: module installed: Digest::SHA1, >>>>>>>> version 2.11 [11642] dbg: diag: module installed: HTML::Parser, >>>>>>>> version 3.51 [11642] dbg: diag: module installed: MIME::Base64, >>>>>>>> version 3.07 [11642] dbg: diag: module installed: >>>>> DB_File, version >>>>>>>> 1.814 [11642] dbg: diag: module installed: Net::DNS, version 0.57 >>>>>>>> [11642] dbg: diag: module installed: Net::SMTP, version >>>>> 2.29 [11642] >>>>>>>> dbg: diag: module installed: Mail::SPF::Query, version 1.999001 >>>>>>>> [11642] dbg: diag: module installed: IP::Country::Fast, version >>>>>>>> 604.001 [11642] dbg: diag: module installed: >>>>> Razor2::Client::Agent, >>>>>>>> version 2.81 [11642] dbg: diag: module installed: Net::Ident, >>>>>>>> version 1.20 [11642] dbg: diag: module not installed: >>>>>>>> IO::Socket::INET6 ('require' failed) [11642] dbg: diag: module >>>>>>>> installed: IO::Socket::SSL, version 0.97 [11642] dbg: >>>>> diag: module >>>>>>>> installed: Time::HiRes, version 1.86 [11642] dbg: diag: module >>>>>>>> installed: DBI, version 1.50 [11642] dbg: diag: module installed: >>>>>>>> Getopt::Long, version 2.35 [11642] dbg: diag: module installed: >>>>>>>> LWP::UserAgent, version 2.033 [11642] dbg: diag: module >>>>> installed: >>>>>>>> HTTP::Date, version 1.47 [11642] dbg: diag: module installed: >>>>>>>> Archive::Tar, version 1.29 [11642] dbg: diag: module installed: >>>>>>>> IO::Zlib, version 1.04 [11642] dbg: ignore: using a test >>>>> message to >>>>>>>> lint rules [11642] dbg: config: using >>>>> "/etc/mail/spamassassin" for >>>>>>>> site rules pre files [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/init.pre [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/v310.pre [11642] dbg: config: using >>>>>>>> "/var/lib/spamassassin/3.001001" for sys rules pre files [11642] >>>>>>>> dbg: config: using "/var/lib/spamassassin/3.001001" for default >>>>>>>> rules dir [11642] dbg: config: using "/etc/mail/spamassassin" for >>>>>>>> site rules dir [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf >>>>>>>> [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/70_sare_evilnum0.cf >>>>>>>> [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/70_sare_evilnum1.cf >>>>>>>> [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/70_sare_evilnum2.cf >>>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>>>>>>> 70_sare_html.cf [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/ 70_sare_html4.cf [11642] dbg: >>>>> config: read >>>>>>>> file /etc/mail/spamassassin/70_sare_html_eng.cf >>>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>>>>>>> 70_sare_obfu.cf [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/70_sare_random.cf >>>>>>>> [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/70_sare_specific.cf >>>>>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/70_sare_uri.cf >>>>>>>> [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/70_sare_whitelist.cf >>>>>>>> [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf >>>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>>>>>>> 88_FVGT_body.cf [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/88_FVGT_headers.cf >>>>>>>> [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/88_FVGT_rawbody.cf >>>>>>>> [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/88_FVGT_subject.cf >>>>>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/88_FVGT_uri.cf >>>>>>>> [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/99_FVGT_Tripwire.cf >>>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/antidrug.cf >>>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/backhair.cf >>>>>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/chickenpox.cf >>>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/german.cf >>>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/local.cf >>>>>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/mailscanner.cf >>>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/mangled.cf >>>>>>>> [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/random.current.cf >>>>>>>> [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/sa-blacklist.current.uri.cf >>>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/tripwire.cf >>>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/weeds.cf >>>>>>>> [11642] dbg: config: using "/etc/MailScanner/ >>>>>>>> spam.assassin.prefs.conf" >>>>>>>> for user prefs file >>>>>>>> [11642] dbg: config: read file >>>>>>>> /etc/MailScanner/spam.assassin.prefs.conf >>>>>>>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from >>>>>>>> @INC [11642] dbg: dcc: network tests on, registering DCC [11642] >>>>>>>> dbg: plugin: registered >>>>>>>> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a6b8e0) >>>>>>>> [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::Pyzor from @INC [11642] dbg: pyzor: >>>>>>>> network tests on, attempting Pyzor [11642] dbg: plugin: registered >>>>>>>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a5db2c) >>>>>>>> [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>>>>> razor2 is available, version 2.81 [11642] dbg: plugin: registered >>>>>>>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9b24050) >>>>>>>> [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::SpamCop from @INC [11642] >>>>> dbg: reporter: >>>>>>>> network tests on, attempting SpamCop [11642] dbg: plugin: >>>>> registered >>>>>>>> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9b5b2a8) >>>>>>>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from >>>>>>>> @INC [11642] dbg: plugin: registered >>>>>>>> Mail::SpamAssassin::Plugin::AWL=HASH(0x9ae90d4) >>>>>>>> [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [11642] >>>>>>>> dbg: plugin: registered >>>>>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9aea07c) >>>>>>>> [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>>>> [11642] dbg: >>>>>>>> plugin: registered >>>>>>>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9aeaaf0) >>>>>>>> [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::MIMEHeader from @INC [11642] dbg: >>>>>>>> plugin: registered >>>>>>>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9aeb7d4) >>>>>>>> [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC [11642] dbg: >>>>>>>> plugin: registered >>>>>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) >>>>>>>> [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::RelayCountry from @INC [11642] dbg: >>>>>>>> plugin: registered >>>>>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) >>>>>>>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from >>>>>>>> @INC [11642] dbg: plugin: registered >>>>>>>> Mail::SpamAssassin::Plugin::SPF=HASH(0x9b64784) >>>>>>>> [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL from @INC [11642] >>>>> dbg: plugin: >>>>>>>> registered >>>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) >>>>>>>> [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>>>>> razor2 is available, version 2.81 [11642] dbg: plugin: did not >>>>>>>> register >>>>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9bb3f14), already >>>>>>>> registered [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::DCC from @INC [11642] dbg: >>>>> dcc: network >>>>>>>> tests on, registering DCC [11642] dbg: plugin: did not register >>>>>>>> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a85404), already >>>>> registered >>>>>>>> [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::Pyzor from >>>>>>>> @INC [11642] dbg: pyzor: network tests on, attempting >>>>> Pyzor [11642] >>>>>>>> dbg: plugin: did not register >>>>>>>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a85428), already >>>>>>>> registered [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>>>>> razor2 is available, version 2.81 [11642] dbg: plugin: did not >>>>>>>> register >>>>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a85440), already >>>>>>>> registered [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::SpamCop from @INC [11642] >>>>> dbg: reporter: >>>>>>>> network tests on, attempting SpamCop [11642] dbg: plugin: did not >>>>>>>> register Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9a8550c), >>>>>>>> already registered [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::AWL from @INC [11642] dbg: >>>>> plugin: did >>>>>>>> not register Mail::SpamAssassin::Plugin::AWL=HASH(0x9a854d0), >>>>>>>> already registered [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [11642] >>>>>>>> dbg: plugin: did not register >>>>>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9a855a8), >>>>>>>> already registered >>>>>>>> [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>>>> [11642] dbg: >>>>>>>> plugin: did not register >>>>>>>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9a855a8), >>>>>>>> already >>>>>>>> registered >>>>>>>> [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::MIMEHeader from @INC [11642] dbg: >>>>>>>> plugin: did not register >>>>>>>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9a8568c), already >>>>>>>> registered [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC [11642] dbg: >>>>>>>> plugin: did not register >>>>>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9a85704), already >>>>>>>> registered [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::RelayCountry from @INC [11642] dbg: >>>>>>>> plugin: did not register >>>>>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9a8571c), already >>>>>>>> registered [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::SPF from @INC [11642] dbg: >>>>> plugin: did >>>>>>>> not register Mail::SpamAssassin::Plugin::SPF=HASH(0x9a856b0), >>>>>>>> already registered [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL from @INC [11642] >>>>> dbg: plugin: >>>>>>>> did not register >>>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9a85710), already >>>>>>>> registered [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>>>>> razor2 is available, version 2.81 [11642] dbg: plugin: did not >>>>>>>> register >>>>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a8577c), already >>>>>>>> registered [11642] dbg: plugin: >>>>>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) >>>>> implements >>>>>>>> 'finish_parsing_end' >>>>>>>> [11642] dbg: replacetags: replacing tags [11642] dbg: >>>>> replacetags: >>>>>>>> done replacing tags [11642] dbg: bayes: using username: >>>>> root [11642] >>>>>>>> dbg: bayes: database connection established [11642] dbg: bayes: >>>>>>>> found bayes db version 3 [11642] dbg: bayes: Using >>>>> userid: 1 [11642] >>>>>>>> dbg: config: score set 3 chosen. >>>>>>>> [11642] dbg: message: ---- MIME PARSER START ---- [11642] dbg: >>>>>>>> message: main message type: text/plain [11642] dbg: >>>>> message: parsing >>>>>>>> normal part [11642] dbg: message: added part, type: text/plain >>>>>>>> [11642] dbg: message: ---- MIME PARSER END ---- [11642] dbg: dns: >>>>>>>> name server: 192.168.0.10, family: 2, ipv6: 0 [11642] dbg: dns: >>>>>>>> testing resolver nameservers: 192.168.0.10, 192.168.0.12, >>>>>>>> 192.168.0.2 [11642] dbg: dns: trying (3) linux.org... >>>>>>>> [11642] dbg: dns: looking up NS for 'linux.org' >>>>>>>> [11642] dbg: dns: NS lookup of linux.org using >>>>> 192.168.0.10 failed, >>>>>>>> no results found [11642] dbg: dns: trying (2) akamai.com... >>>>>>>> [11642] dbg: dns: looking up NS for 'akamai.com' >>>>>>>> [11642] dbg: dns: NS lookup of akamai.com using >>>>> 192.168.0.10 failed, >>>>>>>> no results found [11642] dbg: dns: trying (1) intel.com... >>>>>>>> [11642] dbg: dns: looking up NS for 'intel.com' >>>>>>>> [11642] dbg: dns: NS lookup of intel.com using 192.168.0.10 >>>>>>>> succeeded => DNS available (set dns_available to >>>>> override) [11642] >>>>>>>> dbg: dns: is DNS available? 1 [11642] dbg: metadata: >>>>>>>> X-Spam-Relays-Trusted: >>>>>>>> [11642] dbg: metadata: X-Spam-Relays-Untrusted: >>>>>>>> [11642] dbg: plugin: >>>>>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) >>>>> implements >>>>>>>> 'extract_metadata' >>>>>>>> [11642] dbg: metadata: X-Relay-Countries: >>>>>>>> [11642] dbg: message: no encoding detected [11642] dbg: plugin: >>>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>>>>>>> 'parsed_metadata' >>>>>>>> [11642] dbg: uridnsbl: domains to query: >>>>>>>> [11642] dbg: check: running tests for priority: 0 [11642] dbg: >>>>>>>> rules: running header regexp tests; score so far=0 [11642] dbg: >>>>>>>> rules: running body-text per-line regexp tests; score so far=0 >>>>>>>> [11642] dbg: rules: ran body rule __SARE_HTML_HAS_MSG ======> got >>>>>>>> hit: "I" >>>>>>>> [11642] dbg: uri: running uri tests; score so far=0 [11642] dbg: >>>>>>>> rules: running raw-body-text per-line regexp tests; score >>>>> so far=0 >>>>>>>> [11642] dbg: rules: running full-text regexp tests; score >>>>> so far=0 >>>>>>>> [11642] dbg: plugin: >>>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>>>>>>> 'check_tick' >>>>>>>> [11642] dbg: check: running tests for priority: 500 [11642] dbg: >>>>>>>> plugin: >>>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>>>>>>> 'check_post_dnsbl' >>>>>>>> [11642] dbg: rules: running meta tests; score so far=0 >>>>> [11642] dbg: >>>>>>>> rules: running header regexp tests; score so far=0 [11642] dbg: >>>>>>>> rules: running body-text per-line regexp tests; score so far=0 >>>>>>>> [11642] dbg: uri: running uri tests; score so far=0 [11642] dbg: >>>>>>>> rules: running raw-body-text per-line regexp tests; score >>>>> so far=0 >>>>>>>> [11642] dbg: rules: running full-text regexp tests; score >>>>> so far=0 >>>>>>>> [11642] dbg: check: is spam? score=0 required=5 [11642] >>>>> dbg: check: >>>>>>>> tests= [11642] dbg: check: subtests=__SARE_HTML_HAS_MSG >>>>>>>> -- >>>>>>>> MailScanner mailing list >>>>>>>> mailscanner@lists.mailscanner.info >>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>>> >>>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>> -- >>>>>>> MailScanner mailing list >>>>>>> mailscanner@lists.mailscanner.info >>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>> >>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>> -- >>>>> Julian Field >>>>> www.MailScanner.info >>>>> Buy the MailScanner book at www.MailScanner.info/store PGP >>>>> footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>> >>>>> >>>>> --This message has been scanned for viruses and >>>>> dangerous content by MailScanner, and is >>>>> believed to be clean. >>>>> MailScanner thanks transtec Computers for their support. >>>>> >>>>> --MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> --Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> --This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> MailScanner thanks transtec Computers for their support. >>> >>> --MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRFj84xH2WUcUFbZUEQLFGACgtmWxoM95k9hgEnVs6CYKnCKvEhAAoMQI > iwfbIW4ok5IcSYvz198qVovc > =PJbN > -----END PGP SIGNATURE----- > From ryan at marinocrane.com Wed May 3 20:59:08 2006 From: ryan at marinocrane.com (Ryan Pitt) Date: Wed May 3 20:59:20 2006 Subject: SMTP Auth In-Reply-To: <44590934.80301@nkpanama.com> References: <1146668763.2775.71.camel@powell> <4458DF26.8040400@nkpanama.com> <733a88527ecaae3d9d0f4a1755c6ac69@ucsc.edu> <44590934.80301@nkpanama.com> Message-ID: <44590B8C.1030204@marinocrane.com> Alex Neuman wrote: > Sorry to sound like a clueless noob (or a one-trick-pony, but you have > to admit MailScanner is one hell of a trick!), but all I read is: > > 0) mimedefang blah blah > 1) mimedefang yadda yadda > 2) mimedefang adds fluffity-fluff bleebloop > 3) if they are authenticated, mimedefang bah weep gra-nah weep ninni > bong. > > Perhaps I should look into mimedefang so I can add it to my bag of > tricks (or at least, so I can follow a simple thread!) :) Alex, Thanks for the chuckle! I too have no idea what mimedefang is, but, like you, all I know is that MailScanner ROCKS! Ryan From rob at thehostmasters.com Wed May 3 21:18:00 2006 From: rob at thehostmasters.com (Rob Morin) Date: Wed May 3 21:18:05 2006 Subject: {Spam?} Re: Changin MX machine to it's own, recommendations please... In-Reply-To: <445828A0.6060200@nkpanama.com> References: <013b01c66870$70632750$3004010a@martinhlaptop> <444E2D43.8020008@thehostmasters.com> <444E60D2.3090107@thehostmasters.com> <444E6B07.8040905@thehostmasters.com> <44575CD4.9010700@thehostmasters.com> <44578004.2020003@nkpanama.com> <445786C0.9010600@thehostmasters.com> <4457A305.3090203@ecs.soton.ac.uk> <445828A0.6060200@nkpanama.com> Message-ID: <44590FF8.3070602@thehostmasters.com> I understand about what is said here, but i wanted to know if putting that in IP in the list like in the example would just let the email bypass scanning via MS or would it still run clam and SA and then notice its white listed.... Basically only scan email coming from localhost, anything else do not scan for spam or virus at all, as i can tell postfix to accept email only from a specific source and no where else.... so i would accept email only from this 1 IP and reject everything else.... My apologies if i have upset or irritated anyone, or if i have not made myself clear.... Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Alex Neuman van der Hans wrote: > Julian Field wrote: >> But still people don't get it. Maybe they don't read the docs? At >> that point, there's not much I can do. >> > > And there's always the ever-popular "scan messages" option, which in > the form: > > From: 1.2.3.4 no > FromOrTo: default yes > > would probably get the result he needs, with a little less impact on > performance than virus scanning = no and whitelist = yes for that > IP... right? From matt at coders.co.uk Wed May 3 23:14:33 2006 From: matt at coders.co.uk (Matt Hampton) Date: Wed May 3 23:14:43 2006 Subject: Rules and Mailing lists In-Reply-To: References: <4457CF82.6030406@magnet.fsu.edu> <4457D1DF.3000604@coders.co.uk> Message-ID: <44592B49.3020505@coders.co.uk> Scott Silva wrote: > Matt Hampton spake the following on 5/2/2006 2:40 PM: >>> Is there a better solution to set up the rule using some other email >>> header that will identify email just from joe@magnet.fsu.edu without >>> opening up the whole list? >> I am assuming that you have MailScanner "in front" of your mailman >> installation? >> >> The way that I have it set is is to have a second sendmail process >> listening on loopback which only accepts mail from a list address. >> >> The incoming message is scanned by MailScanner and passed to mailman. >> MailMan then forwards the expanded mail to the second sendmail process >> which attempts delivery and will place any deferred entries in the >> standard mqueue directory. >> >> This means each message is only scanned once and rules can be applied as >> you expect. >> >> matt >> >> > Sounds like good wiki fodder! Do you have some details of the setup you did? > > http://wiki.mailscanner.info/doku.php?id=documentation:related_software:mailman Early draft. Comments please! From lshaw at emitinc.com Wed May 3 23:36:42 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Wed May 3 23:36:50 2006 Subject: scanning on both primary and second MX servers In-Reply-To: <7B215F5B-2581-4E2C-9A29-A5FE5F0373F7@ecs.soton.ac.uk> References: <7B215F5B-2581-4E2C-9A29-A5FE5F0373F7@ecs.soton.ac.uk> Message-ID: On Tue, 2 May 2006, Julian Field wrote: > On 2 May 2006, at 00:20, Logan Shaw wrote: >> So, I thought I had a solution: install MailScanner on the >> backup MX as well. Then blacklisting will be in effect over >> there, and everything's great, theoretically. I installed all >> that, and just now I realized the flaw in that plan. I now >> get two sets of headers because the messages are being scanned >> twice by two different machines. (I get "X-Spam-Status: Yes, >> Yes" and stuff like that.) > > What I would advise is that you install SpamAssassin (used as part of > MailScanner, download by "easy-to-install" package of ClamAV+SA from the > MailScanner downloads page). You can then not only assign your own scores to > different RBLs if you want to, but more importantly SpamAssassin will check > all the hosts through which the message passed, not just the last hop (which > is all MailScanner can do). > > SpamAssassin is much better than MailScanner with this feature. Aha, so just to recap now that I've taken a day or whatever to digest that response, I think what you're saying is this: 1. Even though MailScanner uses SpamAssassin, they each have their own independent RBL implementations and MailScanner uses its own and turns off SpamAssassin's. 2. SpamAssassin's RBL support works better in that it scans all the Received: headers, rather than just looking at where the most recent message came from. And also in that it gives me more control over scoring. 3. I can set up MailScanner to use SpamAssassin's implementation instead, so that I can continue to use MailScanner but I can use the superior RBL implementation. And it would appear (please tell me if I'm on the right track!) that the implications of this are: 1. I need to make sure I have properly configured SpamAssassin so that it correctly identifies which hosts are/aren't trusted, and I use the "trusted_networks" setting to do this by putting a list of all my own MX hosts (and those I trust, like maybe my ISP's). 2. If I do this (and if I don't feel the need to delete the spam immediately on the secondary MX), then I don't necessarily have to have MailScanner or SpamAssassin or any other filtering software on the backup MX, because SpamAssassin can catch everything on the main mail server. Do I basically have that correct? If so, that makes my life easier, because it is a bit more of a pain to maintain a second MailScanner setup on the backup MX machine. (Especially considering that its bayes and autowhitelisting will be all screwed up, so those require special attention...) - Logan From jrudd at ucsc.edu Wed May 3 23:48:33 2006 From: jrudd at ucsc.edu (John Rudd) Date: Wed May 3 23:46:21 2006 Subject: SMTP Auth In-Reply-To: <44590B8C.1030204@marinocrane.com> References: <1146668763.2775.71.camel@powell> <4458DF26.8040400@nkpanama.com> <733a88527ecaae3d9d0f4a1755c6ac69@ucsc.edu> <44590934.80301@nkpanama.com> <44590B8C.1030204@marinocrane.com> Message-ID: <5329616e168715e8367185a94a58f66a@ucsc.edu> On May 3, 2006, at 12:59, Ryan Pitt wrote: > > Alex Neuman wrote: >> Sorry to sound like a clueless noob (or a one-trick-pony, but you >> have to admit MailScanner is one hell of a trick!), but all I read >> is: >> >> 0) mimedefang blah blah >> 1) mimedefang yadda yadda >> 2) mimedefang adds fluffity-fluff bleebloop >> 3) if they are authenticated, mimedefang bah weep gra-nah weep ninni >> bong. >> >> Perhaps I should look into mimedefang so I can add it to my bag of >> tricks (or at least, so I can follow a simple thread!) :) > > Alex, > > Thanks for the chuckle! I too have no idea what mimedefang is, but, > like you, all I know is that MailScanner ROCKS! > It's a sendmail milter. Lets you do some good stuff during the SMTP transaction. Can be used along side mailscanner, or even replace some of mailscanner's capabilities (each has its own trade-offs). From jaearick at colby.edu Thu May 4 01:53:08 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu May 4 01:57:27 2006 Subject: 4.53.7: phishing fraud endless loop Message-ID: Gang, I sent Julian an example sendmail message (offlist) that caused 4.53.7 to go into an endless loop when I ran it in debug mode. This was a lucky coincidence; I normally run a new version of MS in debug mode one time before putting it into production, and this message just happened to be there. I got beaucoup syslog messages like: Found phishing fraud from www.evite.com claiming to be www.greetingstoall,afternearly3yearsbackinthestates,i'mheadingbacktolondonforwor in k43IWccm014788 and the debug mode wouldn't end. I tried it both with the default "Web Bug Replacement =" setting and setting this to blank, both looped up. Anybody else seen this behavior? My setup: Solaris 10, sendmail 8.13.6, SA 3.1.1. Julian, what happens if some firewall gets between MailScanner and http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif ? Jeff Earickson Colby College From alex at nkpanama.com Thu May 4 03:14:23 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu May 4 03:15:06 2006 Subject: Bitdefender Wrapper / tmpfs In-Reply-To: <044201c66ee1$24399bd0$0202fea9@sangria> References: <044201c66ee1$24399bd0$0202fea9@sangria> Message-ID: <4459637F.5020107@nkpanama.com> chardlist wrote: > I saw in the clam-av wrapper where this could be easily modified. > > Elaborating on that... does anyone have recommendations on using tmpfs to > improve performance? I've already configured the mailscanner incoming > directory and the clamav temporary directory to use tmpfs and the > performance boost is outstanding. > Can you document how you did this? Perhaps other bits and pieces (like razor-pyzor-dcc-etc.) could be optimized this way. The only problem lies in that a power outage or an unexpected reboot could potentially mean a lot of lost messages. From mikej at rogers.com Thu May 4 05:50:48 2006 From: mikej at rogers.com (Mike Jakubik) Date: Thu May 4 05:51:06 2006 Subject: Will MS work with Postfix 2.3? Message-ID: <44598828.6030008@rogers.com> I hope this gets Julian's attention, but i am curious to know whether MailScanner will continue to function with the new release of Postfix 2.3. From MailScanner at ecs.soton.ac.uk Thu May 4 09:51:03 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 4 09:51:20 2006 Subject: SMTP Auth In-Reply-To: <733a88527ecaae3d9d0f4a1755c6ac69@ucsc.edu> References: <1146668763.2775.71.camel@powell> <4458DF26.8040400@nkpanama.com> <733a88527ecaae3d9d0f4a1755c6ac69@ucsc.edu> Message-ID: <68C296ED-BFAF-42ED-8BDB-55BEBB8E59C1@ecs.soton.ac.uk> On 3 May 2006, at 20:34, John Rudd wrote: > > On May 3, 2006, at 10:15, Mark Nienberg wrote: > >> Alex Neuman van der Hans wrote: >> >>> How about one of the spamassassin gurus here gives us a hand? You >>> *could* set up a spamassassin rule that gives a strong negative >>> value to something in the headers. I can see from a message that >>> just came in that Dhawal is suggesting something similar. >> >> >> Here is the spamassassin rule I use for this situation: >> >> # Check for authenticated mail sent from outside the office >> # so we can compensate for rbls, etc. >> # Note that the Received header has been modified in sendmail.mc so >> # it says "authenticated SecretPhrase" instead of just >> "authenticated". >> # This to make it harder for someone to bypass our filters by sending >> # us messages with a forged Received header. >> > > My plan around that is: > > 0) mimedefang removes any existing X-my-header-indicating- > authenticated-user > 1) mimedefang reads the sendmail macros to see if the sender is > authenticated > 2) mimedefang adds a X-my-header-indicating-authenticated-user with > the header value being the authenticated user > 3) if they are authenticated (or from one of my own exempt/local IP > addrs), mimedefang doesn't feed the message to spam assassin; if > they aren't, it feeds the message to spam assassin. > > Though, I could also, easily, feed the message to spam assassin in > a later process, and give the presence of that header a low score. > Since mimedefang removes that header up front, I don't have to > worry about it being inserted by someone else (thus no need for a > secret phrase). John, If you want to sing the praises of mimedefang, please do it on their list and not mine. This list is for MailScanner discussions, and you are starting to get very off-topic. Regards Jules. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu May 4 09:53:38 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 4 09:53:52 2006 Subject: scanning on both primary and second MX servers In-Reply-To: References: <7B215F5B-2581-4E2C-9A29-A5FE5F0373F7@ecs.soton.ac.uk> Message-ID: On 3 May 2006, at 23:36, Logan Shaw wrote: > On Tue, 2 May 2006, Julian Field wrote: >> On 2 May 2006, at 00:20, Logan Shaw wrote: > >>> So, I thought I had a solution: install MailScanner on the >>> backup MX as well. Then blacklisting will be in effect over >>> there, and everything's great, theoretically. I installed all >>> that, and just now I realized the flaw in that plan. I now >>> get two sets of headers because the messages are being scanned >>> twice by two different machines. (I get "X-Spam-Status: Yes, >>> Yes" and stuff like that.) >> >> What I would advise is that you install SpamAssassin (used as part >> of MailScanner, download by "easy-to-install" package of ClamAV+SA >> from the MailScanner downloads page). You can then not only assign >> your own scores to different RBLs if you want to, but more >> importantly SpamAssassin will check all the hosts through which >> the message passed, not just the last hop (which is all >> MailScanner can do). >> >> SpamAssassin is much better than MailScanner with this feature. > > Aha, so just to recap now that I've taken a day or whatever to > digest that response, I think what you're saying is this: > > 1. Even though MailScanner uses SpamAssassin, they each have > their own independent RBL implementations and MailScanner > uses its own and turns off SpamAssassin's. MailScanner does not turn off SpamAssassin's RBL support. You can (and I do) use both. > > 2. SpamAssassin's RBL support works better in that it scans > all the Received: headers, rather than just looking at > where the most recent message came from. And also in that > it gives me more control over scoring. > > 3. I can set up MailScanner to use SpamAssassin's implementation > instead, so that I can continue to use MailScanner but I can > use the superior RBL implementation. > > And it would appear (please tell me if I'm on the right track!) > that the implications of this are: > > 1. I need to make sure I have properly configured SpamAssassin > so that it correctly identifies which hosts are/aren't > trusted, and I use the "trusted_networks" setting to do > this by putting a list of all my own MX hosts (and those > I trust, like maybe my ISP's). > > 2. If I do this (and if I don't feel the need to delete the > spam immediately on the secondary MX), then I don't > necessarily have to have MailScanner or SpamAssassin or > any other filtering software on the backup MX, because > SpamAssassin can catch everything on the main mail server. > > Do I basically have that correct? If so, that makes my life > easier, because it is a bit more of a pain to maintain a second > MailScanner setup on the backup MX machine. (Especially > considering that its bayes and autowhitelisting will be all > screwed up, so those require special attention...) From what I see, yes. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu May 4 09:54:25 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 4 09:54:40 2006 Subject: 4.53.7: phishing fraud endless loop In-Reply-To: References: Message-ID: On 4 May 2006, at 01:53, Jeff A. Earickson wrote: > Gang, > > I sent Julian an example sendmail message (offlist) that caused > 4.53.7 to > go into an endless loop when I ran it in debug mode. This was > a lucky coincidence; I normally run a new version of MS in debug > mode one time before putting it into production, and this message > just happened to be there. > > I got beaucoup syslog messages like: > > Found phishing fraud from www.evite.com claiming to be > www.greetingstoall,afternearly3yearsbackinthestates,i'mheadingbacktolo > ndonforwor in k43IWccm014788 > > and the debug mode wouldn't end. I tried it both with the > default "Web Bug Replacement =" setting and setting this to > blank, both looped up. Anybody else seen this behavior? > My setup: Solaris 10, sendmail 8.13.6, SA 3.1.1. > > Julian, what happens if some firewall gets between MailScanner > and http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif ? Then the HTML view of the page won't render quite as prettily, that's all. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu May 4 09:55:51 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 4 09:56:12 2006 Subject: Bitdefender Wrapper / tmpfs In-Reply-To: <4459637F.5020107@nkpanama.com> References: <044201c66ee1$24399bd0$0202fea9@sangria> <4459637F.5020107@nkpanama.com> Message-ID: <1879F503-2C76-49E9-98E9-2A060800825A@ecs.soton.ac.uk> On 4 May 2006, at 03:14, Alex Neuman van der Hans wrote: > chardlist wrote: >> I saw in the clam-av wrapper where this could be easily modified. >> >> Elaborating on that... does anyone have recommendations on using >> tmpfs to >> improve performance? I've already configured the mailscanner >> incoming >> directory and the clamav temporary directory to use tmpfs and the >> performance boost is outstanding. >> > Can you document how you did this? Perhaps other bits and pieces > (like razor-pyzor-dcc-etc.) could be optimized this way. The only > problem lies in that a power outage or an unexpected reboot could > potentially mean a lot of lost messages. It will *not* result in any lost messages at all. I ain't that stoopid :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu May 4 09:56:28 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 4 09:56:43 2006 Subject: Will MS work with Postfix 2.3? In-Reply-To: <44598828.6030008@rogers.com> References: <44598828.6030008@rogers.com> Message-ID: <07C0775D-36EE-43D3-88A8-EFF1145B1A44@ecs.soton.ac.uk> Don't know, haven't tried it yet. I'll give it a go and see what he has changed to keep me on my toes! On 4 May 2006, at 05:50, Mike Jakubik wrote: > I hope this gets Julian's attention, but i am curious to know > whether MailScanner will continue to function with the new release > of Postfix 2.3. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From maillists at conactive.com Thu May 4 10:31:17 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu May 4 10:31:25 2006 Subject: 4.53.7: phishing fraud endless loop In-Reply-To: References: Message-ID: Jeff A. Earickson wrote on Wed, 3 May 2006 20:53:08 -0400 (EDT): > Julian, what happens if some firewall gets between MailScanner > and http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif ? Depends on what the firewall does ;-) This should not be any problem during MS/SA detection since I assume MS replaces the URL only after all is done. So, it's got any effect only when the message gets viewed in a mail program that shows HTML and retrieves external images. If port 80 is blocked it won't get retrieved. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From a.peacock at chime.ucl.ac.uk Thu May 4 10:54:51 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu May 4 10:55:06 2006 Subject: MailScanner.conf Message-ID: <4459CF6B.7060809@chime.ucl.ac.uk> Hi, I am just upgrading to the latest stable version 4.53.7. Working my way through the new MailScanner.conf file I noticed the comment at the top about the ability to use scaling suffixes on numbers. This comment says that this feature was added in version 4.54! Should the comment be fixed? -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From Jan-Peter.Koopmann at seceidos.de Thu May 4 11:20:27 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Thu May 4 11:20:44 2006 Subject: Mailscanner does not identify attachment in mail Message-ID: Hi Julian, I just had an enduser complain that certain messages did not reach him. I looked them up and they were all identified as spam. Why? Because the attachment in the message was not identified as such and therefore the uuencoded (or base64?) attachment triggered all sorts of SA rules. The real question now is: Why did Mailscanner not pick up the attachment? The message body looks like this: ------------------- RunJob Report PDCMFREP_B 04-May-2006 17:32:47 WAUST begin 664 PFLIST.pdf M)5!$1BTQ+C$*,2`P(&]B:@H\/`HO0W)E871O2`P-"`P-3HS,SHU.2!032`R,#`V*0HO ` end ------------------- Nothing special in the headers. This looks wrong to me but if this message is delivered to Exchange/Outlook the attachment is decoded correctly. But this now means that these sort of wrongly formatted attachments are not discovered and therefore not scanned by MailScanner??? Please help. I can put the exim spool files to a download location if that helps you. Kind regards Jan-Peter Koopmann Dipl.-Wirtschaftsinformatiker Gesch?ftsf?hrer -- Seceidos GmbH&Co. KG | Tel: +49 6151 66843-43 Robert-Bosch-Str. 7 | Fax: +49 6151 66843-52 64293 Darmstadt / Germany | IAX: guest@voip.seceidos.de/43 http://www.seceidos.de | SIP: 43@voip.seceidos.de -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060504/d2ace6ea/smime.bin From Jan-Peter.Koopmann at seceidos.de Thu May 4 11:29:30 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Thu May 4 11:29:49 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released Message-ID: On Tuesday, May 02, 2006 4:18 PM Dave Shariff Yadallee - System Administrator a.k.a. The Root of theProblem wrote: > Just to let you know users of BsdOS 4.3.X and FreeBSD 4.X do not have > sys/statvfs.h on their system. I had to nick the necessary files > from a FreeBSD 5.X Box. Why don't you simply install the p5-Filesys-Statvfs_Df port? That surely did the trick on my FreeBSD boxes (4.X to 6.X) and is the official/supported way of doing this. Or wait till the 4.53.7 port is committed (hopefully today) since it will solve the problem for you. Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060504/7acc6923/smime.bin From martinh at solid-state-logic.com Thu May 4 11:32:34 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu May 4 11:32:42 2006 Subject: Mailscanner does not identify attachment in mail In-Reply-To: Message-ID: <007401c66f66$0eb5ca60$3004010a@martinhlaptop> JP It's a personal certificate file (guess who uses Outleek as their MUA ;-( The 'file-typeing' is usually called out to the unix 'file' command, but I guess you could but in an entry into the file.names.conf for a .p2s file..??? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Koopmann, Jan-Peter > Sent: 04 May 2006 11:20 > To: MailScanner discussion > Subject: Mailscanner does not identify attachment in mail > > Hi Julian, > > I just had an enduser complain that certain messages did not reach him. I > looked them up and they were all identified as spam. Why? Because the > attachment in the message was not identified as such and therefore the > uuencoded (or base64?) attachment triggered all sorts of SA rules. The > real > question now is: Why did Mailscanner not pick up the attachment? > > The message body looks like this: > > ------------------- > > > RunJob Report PDCMFREP_B 04-May-2006 17:32:47 WAUST > begin 664 PFLIST.pdf > M)5!$1BTQ+C$*,2`P(&]B:@H\/`HO0W)E871O M"B]#2`P-"`P-3HS,SHU.2!032`R,#`V*0HO > > ` > end > > ------------------- > > Nothing special in the headers. This looks wrong to me but if this message > is delivered to Exchange/Outlook the attachment is decoded correctly. But > this now means that these sort of wrongly formatted attachments are not > discovered and therefore not scanned by MailScanner??? > > Please help. I can put the exim spool files to a download location if that > helps you. > > > > > Kind regards > > Jan-Peter Koopmann > Dipl.-Wirtschaftsinformatiker > Gesch?ftsf?hrer > > -- > Seceidos GmbH&Co. KG | Tel: +49 6151 66843-43 > Robert-Bosch-Str. 7 | Fax: +49 6151 66843-52 > 64293 Darmstadt / Germany | IAX: guest@voip.seceidos.de/43 > http://www.seceidos.de | SIP: 43@voip.seceidos.de ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Thu May 4 11:33:45 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu May 4 11:33:55 2006 Subject: Mailscanner does not identify attachment in mail In-Reply-To: Message-ID: <007501c66f66$38dc8040$3004010a@martinhlaptop> My Mailwatch identifies this as of.. MIME Type: application/x-pkcs7-signature -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Koopmann, Jan-Peter > Sent: 04 May 2006 11:20 > To: MailScanner discussion > Subject: Mailscanner does not identify attachment in mail > > Hi Julian, > > I just had an enduser complain that certain messages did not reach him. I > looked them up and they were all identified as spam. Why? Because the > attachment in the message was not identified as such and therefore the > uuencoded (or base64?) attachment triggered all sorts of SA rules. The > real > question now is: Why did Mailscanner not pick up the attachment? > > The message body looks like this: > > ------------------- > > > RunJob Report PDCMFREP_B 04-May-2006 17:32:47 WAUST > begin 664 PFLIST.pdf > M)5!$1BTQ+C$*,2`P(&]B:@H\/`HO0W)E871O M"B]#2`P-"`P-3HS,SHU.2!032`R,#`V*0HO > > ` > end > > ------------------- > > Nothing special in the headers. This looks wrong to me but if this message > is delivered to Exchange/Outlook the attachment is decoded correctly. But > this now means that these sort of wrongly formatted attachments are not > discovered and therefore not scanned by MailScanner??? > > Please help. I can put the exim spool files to a download location if that > helps you. > > > > > Kind regards > > Jan-Peter Koopmann > Dipl.-Wirtschaftsinformatiker > Gesch?ftsf?hrer > > -- > Seceidos GmbH&Co. KG | Tel: +49 6151 66843-43 > Robert-Bosch-Str. 7 | Fax: +49 6151 66843-52 > 64293 Darmstadt / Germany | IAX: guest@voip.seceidos.de/43 > http://www.seceidos.de | SIP: 43@voip.seceidos.de ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Thu May 4 11:38:12 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 4 11:38:30 2006 Subject: Mailscanner does not identify attachment in mail In-Reply-To: References: Message-ID: <6FFC146D-542A-4008-8D7F-170618F17E18@ecs.soton.ac.uk> It should have found the uu-encoded file. Have you got that feature switched on? Look for "uu" or "UU" in MailScanner.conf. On 4 May 2006, at 11:20, Koopmann, Jan-Peter wrote: > Hi Julian, > > I just had an enduser complain that certain messages did not reach > him. I > looked them up and they were all identified as spam. Why? Because the > attachment in the message was not identified as such and therefore the > uuencoded (or base64?) attachment triggered all sorts of SA rules. > The real > question now is: Why did Mailscanner not pick up the attachment? > > The message body looks like this: > > ------------------- > > > RunJob Report PDCMFREP_B 04-May-2006 17:32:47 WAUST > begin 664 PFLIST.pdf > M)5!$1BTQ+C$*,2`P(&]B:@H\/`HO0W)E871O M"B]#2`P-"`P-3HS,SHU.2!032`R,#`V*0HO > > ` > end > > ------------------- > > Nothing special in the headers. This looks wrong to me but if this > message > is delivered to Exchange/Outlook the attachment is decoded > correctly. But > this now means that these sort of wrongly formatted attachments are > not > discovered and therefore not scanned by MailScanner??? > > Please help. I can put the exim spool files to a download location > if that > helps you. > > > > > Kind regards > > Jan-Peter Koopmann > Dipl.-Wirtschaftsinformatiker > Gesch?ftsf?hrer > > -- > Seceidos GmbH&Co. KG | Tel: +49 6151 66843-43 > Robert-Bosch-Str. 7 | Fax: +49 6151 66843-52 > 64293 Darmstadt / Germany | IAX: guest@voip.seceidos.de/43 > http://www.seceidos.de | SIP: 43@voip.seceidos.de > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From maillists at conactive.com Thu May 4 12:31:15 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu May 4 12:31:24 2006 Subject: Mailscanner does not identify attachment in mail In-Reply-To: References: Message-ID: Jan-Peter Koopmann wrote on Thu, 4 May 2006 12:20:27 +0200: > Because the > attachment in the message was not identified as such and therefore the > uuencoded (or base64?) attachment triggered all sorts of SA rules. The real > question now is: Why did Mailscanner not pick up the attachment? I don't think this is not a MailScanner thing. uuencoded messages are indeed scanned by SA like a text message and may create weird results. I guess they didn't stop this so spammers can't bypass by a simple begin line. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mailscanner at lists.com.ar Thu May 4 13:15:15 2006 From: mailscanner at lists.com.ar (Leonardo Helman) Date: Thu May 4 13:15:04 2006 Subject: ReadMessageHandle question In-Reply-To: <10C8794B-1E89-4601-9B99-091D0590E365@ecs.soton.ac.uk> Message-ID: > >I'm modifying MailScanner-4.53.6, are you working with something > >very different. > > greped (-w) for dpath, and found only: > > > >/lib/MailScanner/EximDiskStore.pm: $this->{dpath} = $dir . '/' . > >$this->{dname}; > >/lib/MailScanner/SMDiskStore.pm: $this->{dpath} = $dir . '/' . > >$this->{dname}; > > > > This is from 4.53.6: > > > [root@tinker MailScanner]# pwd > /usr/lib/MailScanner/MailScanner > [root@tinker MailScanner]# fgrep -l '{dpath}' * > EximDiskStore.pm > MCP.pm > Message.pm > SMDiskStore.pm Yea, I know, I didn't wrote down all the dpath found, only where you assign dpath (only in sub new). It's only, I couldn't find the place where you are saying dpath goes to false when the disk is full. In MCP.pm, dpath is commented out by LeoH (that's me) in 2003, I sent to you some fixes and the zmailer code (probably Mariano, a coworker sent the mail), and all of them went into the trunk Saludos -- Leonardo Helman Pert Consultores Argentina From dhawal at netmagicsolutions.com Thu May 4 13:44:23 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu May 4 13:44:33 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <80973D29-30E5-4A00-8176-6FE4D48F7E78@ecs.soton.ac.uk> References: <20060412205748.GD14679@luckyduck.tux> <443F9148.7080908@netmagicsolutions.com> <443FDBCF.6040004@rogers.com> <20060414192115.13204.qmail@mymail.netmagicians.com> <44432F03.4090907@netmagicsolutions.com> <223f97700604241045n144a8ae5radb01346cbdb2f1d@mail.gmail.com> <44523AA2.3080008@netmagicsolutions.com> <80973D29-30E5-4A00-8176-6FE4D48F7E78@ecs.soton.ac.uk> Message-ID: <4459F727.3080206@netmagicsolutions.com> Julian Field wrote: > > On 28 Apr 2006, at 16:54, Dhawal Doshy wrote: > >> Glenn Steen wrote: >>> Anyway, looking at the points Wietse stipulates, I think Jules pretty >>> much follow all/most of them already... So for now at least, things a >>> alright:-). >> >> I agree and here is a point by point check.. >> >> 9) When creating a queue file, Mailscanner MUST adhere to the >> convention that the file permissions are set to "executable" only >> after the file contents are safely stored. Otherwise mail will be >> corrupted or lost. >> >> DD> Not sure about this one, maybe Julian can comment on this. > > I adhere to this. Julian, can you elaborate on the specifics for this point.. i need to convey it to Viktor (co-developer for postfix). >> 10) Mailscanner should never touch a queue file that has an advisory >> lock (flock or fcntl lock, depending on the system environment). >> Otherwise mail will be corrupted or lost. >> >> DD> Not sure about this one too, maybe Julian can comment on this as >> well. > > I adhere to this. This point as well.. Also a few things that Viktor pointed out.. can you spare time to read these? http://article.gmane.org/gmane.mail.postfix.user/140871 http://article.gmane.org/gmane.mail.postfix.user/140888 http://article.gmane.org/gmane.mail.postfix.user/140902 thanks, - dhawal From MailScanner at ecs.soton.ac.uk Thu May 4 14:04:56 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 4 14:05:14 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <4459F727.3080206@netmagicsolutions.com> References: <20060412205748.GD14679@luckyduck.tux> <443F9148.7080908@netmagicsolutions.com> <443FDBCF.6040004@rogers.com> <20060414192115.13204.qmail@mymail.netmagicians.com> <44432F03.4090907@netmagicsolutions.com> <223f97700604241045n144a8ae5radb01346cbdb2f1d@mail.gmail.com> <44523AA2.3080008@netmagicsolutions.com> <80973D29-30E5-4A00-8176-6FE4D48F7E78@ecs.soton.ac.uk> <4459F727.3080206@netmagicsolutions.com> Message-ID: <6C27E286-36EE-47B7-92CA-8FC821F38F7B@ecs.soton.ac.uk> On 4 May 2006, at 13:44, Dhawal Doshy wrote: > Julian Field wrote: >> On 28 Apr 2006, at 16:54, Dhawal Doshy wrote: >>> Glenn Steen wrote: >>>> Anyway, looking at the points Wietse stipulates, I think Jules >>>> pretty >>>> much follow all/most of them already... So for now at least, >>>> things a >>>> alright:-). >>> >>> I agree and here is a point by point check.. >>> >>> 9) When creating a queue file, Mailscanner MUST adhere to the >>> convention that the file permissions are set to "executable" only >>> after the file contents are safely stored. Otherwise mail will be >>> corrupted or lost. >>> >>> DD> Not sure about this one, maybe Julian can comment on this. >> I adhere to this. > > Julian, can you elaborate on the specifics for this point.. i need > to convey it to Viktor (co-developer for postfix). Once it has written the file and closed it, and then undef-ed the filehandle to force it to close completely, I only then do the chmod to set the permissions on it. > >>> 10) Mailscanner should never touch a queue file that has an >>> advisory lock (flock or fcntl lock, depending on the system >>> environment). Otherwise mail will be corrupted or lost. >>> >>> DD> Not sure about this one too, maybe Julian can comment on this >>> as well. >> I adhere to this. > > This point as well.. MailScanner not only checks that there are no locks on it (using the same locking system as in the Postfix source code), it also checks for the E (I think) record at the end of the message file indicating the body of the message has been written. I can't remember all the fine details of the Postfix support code, I wrote it and got it all working a very long time ago. I can't remember every detail of how it works :-( > Also a few things that Viktor pointed out.. can you spare time to > read these? > http://article.gmane.org/gmane.mail.postfix.user/140871 > http://article.gmane.org/gmane.mail.postfix.user/140888 > http://article.gmane.org/gmane.mail.postfix.user/140902 > > thanks, > - dhawal > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From a.peacock at chime.ucl.ac.uk Thu May 4 14:53:56 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu May 4 14:54:06 2006 Subject: Phishing emails cause MailScanner to loop infinitely Message-ID: <445A0774.1050700@chime.ucl.ac.uk> Hi, I have just had to back out of MS 4.53.7 to MS 4.52.2, because the MS processes got stuck in a loop when they found a phishing email. I am running on Solaris 8 x86. After the upgrade all worked well for a while, and then I noticed that the incoming queue was getting backed up. When I looked at the logs it appeared that the MS processes were looping around finding a phishing email. I have attached a text file with the relevant log lines for one of the processes. In reality there were many MS processes stuck in these loops for different phishing sites. I have saved some of the queue files that caused this and once things have settled down may be able to test this in DEBUG mode. Backup off to MS 4.52.2 caused all of the queue to be processed successfully. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From Jan-Peter.Koopmann at seceidos.de Thu May 4 15:03:10 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Thu May 4 15:03:22 2006 Subject: Mailscanner does not identify attachment in mail Message-ID: On Thursday, May 04, 2006 12:38 PM Julian Field wrote: > It should have found the uu-encoded file. Have you got that feature > switched on? > Look for "uu" or "UU" in MailScanner.conf. I feel sheepish... :-) Just realized the customer is running 4.43.... *upgrading* Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060504/cb7da887/smime.bin From steve.swaney at fsl.com Thu May 4 15:04:01 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu May 4 15:04:13 2006 Subject: OT - Hiring programmer Message-ID: <134901c66f83$98c516d0$287ba8c0@office.fsl> Fort Systems Ltd. has full time openings for Developers/Support Staff in our offices in New Delhi or Bangalore. The job would be primarily working from home and broadband would be provided. The Job Description: To provide support for MailScanner open-source and FSL's DefenderMX application. To assist with the development and testing of DefenderMX 2.0 and related applications. Skill Sets required: MailScanner SpamAssassin Perl MySQL PHP Other "good to have" Skill Sets: OpenLDAP PostgreSQL Sendmail/Postfix/Exim SOAP API development experience HTML/CSS Please contact me off list at steve@fsl.com if you would like to be considered for these positions. Thanks, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From mailscanner at yeticomputers.com Thu May 4 15:18:43 2006 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Thu May 4 15:18:56 2006 Subject: Will MS work with Postfix 2.3? In-Reply-To: <44598828.6030008@rogers.com> References: <44598828.6030008@rogers.com> Message-ID: <445A0D43.4030306@yeticomputers.com> Mike Jakubik wrote: > I hope this gets Julian's attention, but i am curious to know whether > MailScanner will continue to function with the new release of Postfix > 2.3. > I'm using MailScanner (as of yesterday it was at 4.52.2 in FreeBSD ports) with postfix-2.3.20060405. I stopped updating Postfix when I read the recent discussions on this list about possible future breakage, but the version I have works flawlessly. Rick From jaearick at colby.edu Thu May 4 15:14:19 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu May 4 15:24:47 2006 Subject: Phishing emails cause MailScanner to loop infinitely In-Reply-To: <445A0774.1050700@chime.ucl.ac.uk> References: <445A0774.1050700@chime.ucl.ac.uk> Message-ID: Anthony, Sounds like the same problem I discovered yesterday. Both you and I are running Solaris (10 sparc for me), the Linux/BSD crowd hasn't seen this yet? Jeff Earickson Colby College On Thu, 4 May 2006, Anthony Peacock wrote: > Date: Thu, 04 May 2006 14:53:56 +0100 > From: Anthony Peacock > Reply-To: MailScanner discussion > To: mailscanner@lists.mailscanner.info > Subject: Phishing emails cause MailScanner to loop infinitely > > Hi, > > I have just had to back out of MS 4.53.7 to MS 4.52.2, because the MS > processes got stuck in a loop when they found a phishing email. > > I am running on Solaris 8 x86. > > After the upgrade all worked well for a while, and then I noticed that the > incoming queue was getting backed up. When I looked at the logs it appeared > that the MS processes were looping around finding a phishing email. > > I have attached a text file with the relevant log lines for one of the > processes. In reality there were many MS processes stuck in these loops for > different phishing sites. > > I have saved some of the queue files that caused this and once things have > settled down may be able to test this in DEBUG mode. > > Backup off to MS 4.52.2 caused all of the queue to be processed successfully. > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "The most exciting phrase to hear in science, the one that heralds new > discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From maillists at conactive.com Thu May 4 15:31:22 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu May 4 15:31:30 2006 Subject: Mailscanner does not identify attachment in mail In-Reply-To: References: Message-ID: Kai Schaetzl wrote on Thu, 04 May 2006 13:31:15 +0200: > I don't think this is not a MailScanner thing. Remove one "not" ;-) Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From a.peacock at chime.ucl.ac.uk Thu May 4 15:39:39 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu May 4 15:39:48 2006 Subject: Phishing emails cause MailScanner to loop infinitely In-Reply-To: References: <445A0774.1050700@chime.ucl.ac.uk> Message-ID: <445A122B.2090701@chime.ucl.ac.uk> Hi Jeff, Jeff A. Earickson wrote: > Anthony, > > Sounds like the same problem I discovered yesterday. Both you and > I are running Solaris (10 sparc for me), the Linux/BSD crowd hasn't > seen this yet? It is comforting to know that it isn't only me :-) And I have just realised that I didn't attach the log snippet to my original email. Its there this time... > > Jeff Earickson > Colby College > > On Thu, 4 May 2006, Anthony Peacock wrote: > >> Date: Thu, 04 May 2006 14:53:56 +0100 >> From: Anthony Peacock >> Reply-To: MailScanner discussion >> To: mailscanner@lists.mailscanner.info >> Subject: Phishing emails cause MailScanner to loop infinitely >> >> Hi, >> >> I have just had to back out of MS 4.53.7 to MS 4.52.2, because the MS >> processes got stuck in a loop when they found a phishing email. >> >> I am running on Solaris 8 x86. >> >> After the upgrade all worked well for a while, and then I noticed that >> the incoming queue was getting backed up. When I looked at the logs >> it appeared that the MS processes were looping around finding a >> phishing email. >> >> I have attached a text file with the relevant log lines for one of the >> processes. In reality there were many MS processes stuck in these >> loops for different phishing sites. >> >> I have saved some of the queue files that caused this and once things >> have settled down may be able to test this in DEBUG mode. >> >> Backup off to MS 4.52.2 caused all of the queue to be processed >> successfully. >> >> -- >> Anthony Peacock >> CHIME, Royal Free & University College Medical School >> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ >> "The most exciting phrase to hear in science, the one that heralds new >> discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov -------------- next part -------------- May 4 12:49:11 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: New Batch: Scanning 1 messages, 4115 bytes May 4 12:49:13 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Virus and Content Scanning: Starting May 4 12:49:18 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Uninfected: Delivered 1 messages May 4 12:49:18 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Batch (1 message) processed in 6.61 seconds May 4 12:49:18 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Logging message k44BnAXZ004181 to SQL May 4 12:49:18 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: "Always Looked Up Last" took 0.00 seconds May 4 12:51:06 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: New Batch: Found 5 messages waiting May 4 12:51:06 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: New Batch: Scanning 1 messages, 5433 bytes May 4 12:51:14 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Spam Checks: Found 1 spam messages May 4 12:51:14 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Virus and Content Scanning: Starting May 4 12:51:29 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Found phishing fraud from www.thecruisinglife.com claiming to be www.hsbc.co.uk in k44Bp21P004322 May 4 12:51:29 inetsrv-1.chime.ucl.ac.uk last message repeated 13 times May 4 12:51:35 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Found phishing fraud from www.thecruisinglife.com claiming to be www.hsbc.co.uk in k44Bp21P004322 May 4 12:51:35 inetsrv-1.chime.ucl.ac.uk last message repeated 7 times May 4 12:51:39 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Found phishing fraud from www.thecruisinglife.com claiming to be www.hsbc.co.uk in k44Bp21P004322 May 4 12:51:39 inetsrv-1.chime.ucl.ac.uk last message repeated 33 times May 4 12:51:58 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Found phishing fraud from www.thecruisinglife.com claiming to be www.hsbc.co.uk in k44Bp21P004322 May 4 12:51:58 inetsrv-1.chime.ucl.ac.uk last message repeated 12 times May 4 12:52:05 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Found phishing fraud from www.thecruisinglife.com claiming to be www.hsbc.co.uk in k44Bp21P004322 May 4 12:52:05 inetsrv-1.chime.ucl.ac.uk last message repeated 7 times May 4 12:52:11 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Found phishing fraud from www.thecruisinglife.com claiming to be www.hsbc.co.uk in k44Bp21P004322 May 4 12:52:11 inetsrv-1.chime.ucl.ac.uk last message repeated 8 times May 4 12:52:18 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Found phishing fraud from www.thecruisinglife.com claiming to be www.hsbc.co.uk in k44Bp21P004322 May 4 12:52:18 inetsrv-1.chime.ucl.ac.uk last message repeated 4 times May 4 12:52:21 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Found phishing fraud from www.thecruisinglife.com claiming to be www.hsbc.co.uk in k44Bp21P004322 May 4 12:52:21 inetsrv-1.chime.ucl.ac.uk last message repeated 19 times May 4 12:52:35 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Found phishing fraud from www.thecruisinglife.com claiming to be www.hsbc.co.uk in k44Bp21P004322 May 4 12:52:35 inetsrv-1.chime.ucl.ac.uk last message repeated 12 times May 4 12:52:42 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Found phishing fraud from www.thecruisinglife.com claiming to be www.hsbc.co.uk in k44Bp21P004322 May 4 12:52:42 inetsrv-1.chime.ucl.ac.uk last message repeated 27 times May 4 12:52:53 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Found phishing fraud from www.thecruisinglife.com claiming to be www.hsbc.co.uk in k44Bp21P004322 May 4 12:52:53 inetsrv-1.chime.ucl.ac.uk last message repeated 3 times May 4 12:52:55 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Found phishing fraud from www.thecruisinglife.com claiming to be www.hsbc.co.uk in k44Bp21P004322 May 4 12:52:55 inetsrv-1.chime.ucl.ac.uk last message repeated 33 times May 4 12:53:13 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Found phishing fraud from www.thecruisinglife.com claiming to be www.hsbc.co.uk in k44Bp21P004322 May 4 12:53:13 inetsrv-1.chime.ucl.ac.uk last message repeated 62 times From glenn.steen at gmail.com Thu May 4 15:53:08 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu May 4 15:53:13 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <4459F727.3080206@netmagicsolutions.com> References: <20060412205748.GD14679@luckyduck.tux> <443FDBCF.6040004@rogers.com> <20060414192115.13204.qmail@mymail.netmagicians.com> <44432F03.4090907@netmagicsolutions.com> <223f97700604241045n144a8ae5radb01346cbdb2f1d@mail.gmail.com> <44523AA2.3080008@netmagicsolutions.com> <80973D29-30E5-4A00-8176-6FE4D48F7E78@ecs.soton.ac.uk> <4459F727.3080206@netmagicsolutions.com> Message-ID: <223f97700605040753n34503771y77717bee07ab4c88@mail.gmail.com> On 04/05/06, Dhawal Doshy wrote: (snip) > http://article.gmane.org/gmane.mail.postfix.user/140871 > http://article.gmane.org/gmane.mail.postfix.user/140888 > http://article.gmane.org/gmane.mail.postfix.user/140902 Hi Dhawal, First up, I admire your tenacity and courage... This is a battle I've thought of fighting, and subsequently shied away from, more than once... In the last link above you say: ------ I do agree that the file isn't renamed as per the new inode and linked / logged.. i will communicate this to the MailScanner developers. ------ I'm not entirely certain you are right in this. Jules will no doubt correct me if I'm wrong, but at the time when the (new) queue file is reintroduced into the postfix incoming queue, it is certainly handled as outlined by Viktor... And prominently logged with both old (postfix_queue_id.random ...) and new queue IDs, where the new queue ID is certainly linked to the current i-node number (as stipulated). So there is no discrepancies here. At least not that I can see. Further down you and Viktor say: ----- >> 5) Mailscanner MUST maintain the relationship between the file name and >> the file inode number. Otherwise mail will be corrupted or lost. >> >> MailScanner: See reply to point 4. original filename is appended with a >> random number. > > This is wrong. The relationship must be maintained *exacty*, not by > appending a suffix. Understood. ----- What is wrong here is not what MailScanner does, but the perspective of the reply (I know you go on to correct this somewhat further down, but bear with me:). As far as it goes, MailScanner maintains this relationship (by not really touching the queue file, other than to make a copy of it) throughout the entire chain. That it is the copy/new queue file that is reintroduced to Postfix doesn't change this in any way (that I can think of:-). From the Postfix perspective, this operation is a "black box", IMHO (Why should they even care what happens to that copy, before it is reintroduced? When they are guaranteed that the "trust chain" cannot be broken by the actions taken in the "black box"...?). Oh well. Further: ----- >> 8) Mailscanner MUST NOT modify queue files. If content needs to be >> updates, Mailscanner MUST create a new queue file and delete the >> original only after the new file has been committed to stable storage. >> Otherwise mail will be corrupted or lost. >> >> MailScanner: See points 4,5,7 > > Exactly, do not reply until understand why this is true. If still disagree > with 8, do not reply. Sorry. Agreed, modifications are made to a copy of the queue-file in mailscanner's incoming directory and post-processing written to the postfix incoming queue directory. I'll anyways get further clarification from the mailscanner developers. ------ More "philosophical hairsplitting"... Again, from the Postfix perspective, the reintroduced queue file should be seen as an entirely new, fully logged, queue file. So this should also be a non-issue. Thing is, the Posfix developers don't really know (nor care, it seems:-) how MailScanner works, and have never looked at Jules code (AFAICS, else they would know at least some of these things already). I can certainly not claim a full understanding of it either, but have at least looked through it a couple of times... Mostly to assure myself of these very things (and to determine why I had so darned many duplicates in MailWatch, back when that was a problem). .... And even a cursory understanding, like mine, seems to be lacking. I'm in no way criticising them for that. They should be, and are, focused on what's important to them (Postfix mainly:-). I'm not sure that they even need to know particularly much about it either, because all they should need know is that the things they stipulate is covered nicely already. I guess what I'm trying to say is that we need to adjust our thinking to the "slightly skewed" Postfix perspective when communicating with them. For one thing, I don't think they've really appreciated the ramifications of the use of the HOLD thing, although it is "their feature" so to speak:-). Oh, and we do need world domination^H^H^H^H^H^H^H^H^H^Hpeace (:-). -- -- Glenn (Who just can't handle another high-volume mailing list more, or otherwise would participate more directly on the postfix-users list) email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From drew at themarshalls.co.uk Thu May 4 16:00:42 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Thu May 4 16:00:57 2006 Subject: Will MS work with Postfix 2.3? In-Reply-To: <445A0D43.4030306@yeticomputers.com> References: <44598828.6030008@rogers.com> <445A0D43.4030306@yeticomputers.com> Message-ID: <40820.194.70.180.170.1146754842.squirrel@webmail.r-bit.net> On Thu, May 4, 2006 15:18, Rick Chadderdon wrote: > Mike Jakubik wrote: > >> I hope this gets Julian's attention, but i am curious to know whether >> MailScanner will continue to function with the new release of Postfix >> 2.3. >> > I'm using MailScanner (as of yesterday it was at 4.52.2 in FreeBSD > ports) with postfix-2.3.20060405. I stopped updating Postfix when I > read the recent discussions on this list about possible future breakage, > but the version I have works flawlessly. Me too, although I am running the latest Postfix port on one of the mx's just to see when/ if it does break. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From ka at pacific.net Thu May 4 16:05:39 2006 From: ka at pacific.net (Ken A) Date: Thu May 4 16:02:01 2006 Subject: 4.53.7: phishing fraud endless loop In-Reply-To: References: Message-ID: <445A1843.4020909@pacific.net> If you have your own webmail software, just replace with the url/uri to a local spacer.gif image. Ken A Kai Schaetzl wrote: > Jeff A. Earickson wrote on Wed, 3 May 2006 20:53:08 -0400 (EDT): > >> Julian, what happens if some firewall gets between MailScanner >> and http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif ? > > Depends on what the firewall does ;-) This should not be any problem > during MS/SA detection since I assume MS replaces the URL only after all > is done. So, it's got any effect only when the message gets viewed in a > mail program that shows HTML and retrieves external images. If port 80 is > blocked it won't get retrieved. > > Kai > From brett at wrl.org Thu May 4 16:30:04 2006 From: brett at wrl.org (Brett Charbeneau) Date: Thu May 4 16:30:57 2006 Subject: Adding HUGE negative score to whitelisted addresses Message-ID: SPECIFICS: Debian Sarge, Sendmail 8.13.4-3, System-wide install of MailScanner 4.51.5-1 with SpamAssassin 3.03. Gentlefolk, I know that the default scoring for a whitelist rule in spam.whitelist.rules is -100. Where would one increase this value? In spam.assassin.prefs.conf? I tried adding score USER_IN_WHITELIST -1000 to spam.assassin.prefs.conf, but "MailScanner --lint" complains that warning: score set for non-existent rule USER_IN_WHITELIST -- ******************************************************************** Brett Charbeneau Network Administrator Williamsburg Regional Library 7770 Croaker Road Williamsburg, VA 23188-7064 (757)259-4044 www.wrl.org (757)259-4079 (fax) brett@wrl.org ******************************************************************** From a.peacock at chime.ucl.ac.uk Thu May 4 16:41:18 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu May 4 16:41:30 2006 Subject: Phishing emails cause MailScanner to loop infinitely In-Reply-To: References: <445A0774.1050700@chime.ucl.ac.uk> Message-ID: <445A209E.40006@chime.ucl.ac.uk> Hi Jeff, I had forgotten about your earlier email, I think I had got sidetracked by the discussion about the Web Bug URL... I have gone back through the archives and re-read your emails, and I agree this sounds like the same issue. I am wondering if it is an issue with the Df routines under Solaris... Jeff A. Earickson wrote: > Anthony, > > Sounds like the same problem I discovered yesterday. Both you and > I are running Solaris (10 sparc for me), the Linux/BSD crowd hasn't > seen this yet? > > Jeff Earickson > Colby College > > On Thu, 4 May 2006, Anthony Peacock wrote: > >> Date: Thu, 04 May 2006 14:53:56 +0100 >> From: Anthony Peacock >> Reply-To: MailScanner discussion >> To: mailscanner@lists.mailscanner.info >> Subject: Phishing emails cause MailScanner to loop infinitely >> >> Hi, >> >> I have just had to back out of MS 4.53.7 to MS 4.52.2, because the MS >> processes got stuck in a loop when they found a phishing email. >> >> I am running on Solaris 8 x86. >> >> After the upgrade all worked well for a while, and then I noticed that >> the incoming queue was getting backed up. When I looked at the logs >> it appeared that the MS processes were looping around finding a >> phishing email. >> >> I have attached a text file with the relevant log lines for one of the >> processes. In reality there were many MS processes stuck in these >> loops for different phishing sites. >> >> I have saved some of the queue files that caused this and once things >> have settled down may be able to test this in DEBUG mode. >> >> Backup off to MS 4.52.2 caused all of the queue to be processed >> successfully. >> >> -- >> Anthony Peacock >> CHIME, Royal Free & University College Medical School >> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ >> "The most exciting phrase to hear in science, the one that heralds new >> discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From prandal at herefordshire.gov.uk Thu May 4 16:39:47 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu May 4 16:55:31 2006 Subject: Phishing emails cause MailScanner to loop infinitely Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580CC0AF02@isabella.herefordshire.gov.uk> I think it affects everybody. I've just backrev'd to 4.52.2 because of an ever increasing incoming mail queue under 4.53.6 on Linux. And the backlog is vanishing fast under 4.52.2. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Jeff A. Earickson > Sent: 04 May 2006 15:14 > To: MailScanner discussion > Subject: Re: Phishing emails cause MailScanner to loop infinitely > > Anthony, > > Sounds like the same problem I discovered yesterday. Both you and > I are running Solaris (10 sparc for me), the Linux/BSD crowd hasn't > seen this yet? > > Jeff Earickson > Colby College > > On Thu, 4 May 2006, Anthony Peacock wrote: > > > Date: Thu, 04 May 2006 14:53:56 +0100 > > From: Anthony Peacock > > Reply-To: MailScanner discussion > > > To: mailscanner@lists.mailscanner.info > > Subject: Phishing emails cause MailScanner to loop infinitely > > > > Hi, > > > > I have just had to back out of MS 4.53.7 to MS 4.52.2, > because the MS > > processes got stuck in a loop when they found a phishing email. > > > > I am running on Solaris 8 x86. > > > > After the upgrade all worked well for a while, and then I > noticed that the > > incoming queue was getting backed up. When I looked at the > logs it appeared > > that the MS processes were looping around finding a phishing email. > > > > I have attached a text file with the relevant log lines for > one of the > > processes. In reality there were many MS processes stuck > in these loops for > > different phishing sites. > > > > I have saved some of the queue files that caused this and > once things have > > settled down may be able to test this in DEBUG mode. > > > > Backup off to MS 4.52.2 caused all of the queue to be > processed successfully. > > > > -- > > Anthony Peacock > > CHIME, Royal Free & University College Medical School > > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > > "The most exciting phrase to hear in science, the one that > heralds new > > discoveries, is not 'Eureka!' but 'That's funny....'" -- > Isaac Asimov > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From jaearick at colby.edu Thu May 4 16:55:17 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu May 4 17:00:05 2006 Subject: Phishing emails cause MailScanner to loop infinitely In-Reply-To: <445A209E.40006@chime.ucl.ac.uk> References: <445A0774.1050700@chime.ucl.ac.uk> <445A209E.40006@chime.ucl.ac.uk> Message-ID: On Thu, 4 May 2006, Anthony Peacock wrote: > Date: Thu, 04 May 2006 16:41:18 +0100 > From: Anthony Peacock > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: Phishing emails cause MailScanner to loop infinitely > > Hi Jeff, > > I had forgotten about your earlier email, I think I had got sidetracked by > the discussion about the Web Bug URL... > > I have gone back through the archives and re-read your emails, and I agree > this sounds like the same issue. > > I am wondering if it is an issue with the Df routines under Solaris... > That's right, Filesys-Statvfs_Statfs_Df-0.78 is the new wrinkle in 4.53.7. I installed this by hand (perl Makefile.PL, make, make test, etc). However it compiled and passed its tests without problems, giving correct block numbers. I do notice that there is a version 0.79, released on April 19. Downloading now, will install and test. Jeff Earickson Colby College From martinh at solid-state-logic.com Thu May 4 17:01:03 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu May 4 17:01:10 2006 Subject: Phishing emails cause MailScanner to loop infinitely In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580CC0AF02@isabella.herefordshire.gov.uk> Message-ID: <012201c66f93$f1d128d0$3004010a@martinhlaptop> Running 4.53.5 here and no problems that I've noticed..but am NOT running the stricter checks... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Randal, Phil > Sent: 04 May 2006 16:40 > To: MailScanner discussion > Subject: RE: Phishing emails cause MailScanner to loop infinitely > > I think it affects everybody. I've just backrev'd to 4.52.2 because of > an ever increasing incoming mail queue under 4.53.6 on Linux. > > And the backlog is vanishing fast under 4.52.2. > > Cheers, > > Phil > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Jeff A. Earickson > > Sent: 04 May 2006 15:14 > > To: MailScanner discussion > > Subject: Re: Phishing emails cause MailScanner to loop infinitely > > > > Anthony, > > > > Sounds like the same problem I discovered yesterday. Both you and > > I are running Solaris (10 sparc for me), the Linux/BSD crowd hasn't > > seen this yet? > > > > Jeff Earickson > > Colby College > > > > On Thu, 4 May 2006, Anthony Peacock wrote: > > > > > Date: Thu, 04 May 2006 14:53:56 +0100 > > > From: Anthony Peacock > > > Reply-To: MailScanner discussion > > > > > To: mailscanner@lists.mailscanner.info > > > Subject: Phishing emails cause MailScanner to loop infinitely > > > > > > Hi, > > > > > > I have just had to back out of MS 4.53.7 to MS 4.52.2, > > because the MS > > > processes got stuck in a loop when they found a phishing email. > > > > > > I am running on Solaris 8 x86. > > > > > > After the upgrade all worked well for a while, and then I > > noticed that the > > > incoming queue was getting backed up. When I looked at the > > logs it appeared > > > that the MS processes were looping around finding a phishing email. > > > > > > I have attached a text file with the relevant log lines for > > one of the > > > processes. In reality there were many MS processes stuck > > in these loops for > > > different phishing sites. > > > > > > I have saved some of the queue files that caused this and > > once things have > > > settled down may be able to test this in DEBUG mode. > > > > > > Backup off to MS 4.52.2 caused all of the queue to be > > processed successfully. > > > > > > -- > > > Anthony Peacock > > > CHIME, Royal Free & University College Medical School > > > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > > > "The most exciting phrase to hear in science, the one that > > heralds new > > > discoveries, is not 'Eureka!' but 'That's funny....'" -- > > Isaac Asimov > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From prandal at herefordshire.gov.uk Thu May 4 16:56:01 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu May 4 17:01:28 2006 Subject: Phishing emails cause MailScanner to loop infinitely Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580CC0AF20@isabella.herefordshire.gov.uk> If you're using mailscanner-mrtg you'll also see impossibly high "spam identified" figures (greater than the total number of messages). Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Jeff A. Earickson > Sent: 04 May 2006 15:14 > To: MailScanner discussion > Subject: Re: Phishing emails cause MailScanner to loop infinitely > > Anthony, > > Sounds like the same problem I discovered yesterday. Both you and > I are running Solaris (10 sparc for me), the Linux/BSD crowd hasn't > seen this yet? > > Jeff Earickson > Colby College > > On Thu, 4 May 2006, Anthony Peacock wrote: > > > Date: Thu, 04 May 2006 14:53:56 +0100 > > From: Anthony Peacock > > Reply-To: MailScanner discussion > > > To: mailscanner@lists.mailscanner.info > > Subject: Phishing emails cause MailScanner to loop infinitely > > > > Hi, > > > > I have just had to back out of MS 4.53.7 to MS 4.52.2, > because the MS > > processes got stuck in a loop when they found a phishing email. > > > > I am running on Solaris 8 x86. > > > > After the upgrade all worked well for a while, and then I > noticed that the > > incoming queue was getting backed up. When I looked at the > logs it appeared > > that the MS processes were looping around finding a phishing email. > > > > I have attached a text file with the relevant log lines for > one of the > > processes. In reality there were many MS processes stuck > in these loops for > > different phishing sites. > > > > I have saved some of the queue files that caused this and > once things have > > settled down may be able to test this in DEBUG mode. > > > > Backup off to MS 4.52.2 caused all of the queue to be > processed successfully. > > > > -- > > Anthony Peacock > > CHIME, Royal Free & University College Medical School > > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > > "The most exciting phrase to hear in science, the one that > heralds new > > discoveries, is not 'Eureka!' but 'That's funny....'" -- > Isaac Asimov > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From jrudd at ucsc.edu Thu May 4 17:03:45 2006 From: jrudd at ucsc.edu (John Rudd) Date: Thu May 4 17:04:12 2006 Subject: SMTP Auth In-Reply-To: <68C296ED-BFAF-42ED-8BDB-55BEBB8E59C1@ecs.soton.ac.uk> References: <1146668763.2775.71.camel@powell> <4458DF26.8040400@nkpanama.com> <733a88527ecaae3d9d0f4a1755c6ac69@ucsc.edu> <68C296ED-BFAF-42ED-8BDB-55BEBB8E59C1@ecs.soton.ac.uk> Message-ID: On May 4, 2006, at 1:51 AM, Julian Field wrote: > On 3 May 2006, at 20:34, John Rudd wrote: > >> My plan around that is: >> >> 0) mimedefang removes any existing >> X-my-header-indicating-authenticated-user >> 1) mimedefang reads the sendmail macros to see if the sender is >> authenticated >> 2) mimedefang adds a X-my-header-indicating-authenticated-user with >> the header value being the authenticated user >> 3) if they are authenticated (or from one of my own exempt/local IP >> addrs), mimedefang doesn't feed the message to spam assassin; if they >> aren't, it feeds the message to spam assassin. >> >> Though, I could also, easily, feed the message to spam assassin in a >> later process, and give the presence of that header a low score. >> Since mimedefang removes that header up front, I don't have to worry >> about it being inserted by someone else (thus no need for a secret >> phrase). > > John, > > If you want to sing the praises of mimedefang, please do it on their > list and not mine. This list is for MailScanner discussions, and you > are starting to get very off-topic. No problem, but in my defense I would like to point out that I have mainly been mentioning it in ways that allow it to act in concert with mailscanner ... and thus don't see it in any different light than the many recommendations about ways to modify sendmail to extra AV/AS functionality (talking about the greet_pause, or the rdns hack, as examples). For example, in the case I gave, steps 0-2 could be done, then the message given to MailScanner. MailScanner's invocation of SpamAssassin could have a rule that looked for the added-header and give the message a lower score. That said, I will honor your request. From dmehler26 at woh.rr.com Thu May 4 17:04:27 2006 From: dmehler26 at woh.rr.com (Dave) Date: Thu May 4 17:15:20 2006 Subject: ot, ms, postfix, freebsd, and chrooted sasl processes References: <44598828.6030008@rogers.com> <445A0D43.4030306@yeticomputers.com> <40820.194.70.180.170.1146754842.squirrel@webmail.r-bit.net> Message-ID: <01a901c66f94$6bd19ca0$0200a8c0@satellite> Hello, Is anyone got the above going? My flaw is with the sasl2 i want to use saslauthd to authenticate users against the system password file, yet whenever i chroot postfix, saslauthd doesn't work properly. Ms doesn't seem to have a problem in a chrooted environment. Please reply privately if you've got this going as this is ot for the list. Thanks. Dave. From maillists at conactive.com Thu May 4 17:31:17 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu May 4 17:31:25 2006 Subject: 4.53.7: phishing fraud endless loop In-Reply-To: <445A1843.4020909@pacific.net> References: <445A1843.4020909@pacific.net> Message-ID: Ken A wrote on Thu, 04 May 2006 08:05:39 -0700: > If you have your own webmail software, just replace with the url/uri to > a local spacer.gif image. You can replace it even if you don't have your own ;-) Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From jaearick at colby.edu Thu May 4 17:41:43 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu May 4 17:44:45 2006 Subject: Phishing emails cause MailScanner to loop infinitely In-Reply-To: References: <445A0774.1050700@chime.ucl.ac.uk> <445A209E.40006@chime.ucl.ac.uk> Message-ID: On Thu, 4 May 2006, Jeff A. Earickson wrote: >> >> I am wondering if it is an issue with the Df routines under Solaris... >> > That's right, Filesys-Statvfs_Statfs_Df-0.78 is the new wrinkle in 4.53.7. I > installed this by hand (perl Makefile.PL, make, make test, etc). > However it compiled and passed its tests without problems, giving > correct block numbers. > > I do notice that there is a version 0.79, released on April 19. > Downloading now, will install and test. Installing Filesys-Statvfs_Statfs_Df-0.79 and retrying my problem email message made no difference. It still looped at the same spot. Jeff Earickson Colby College From alex at nkpanama.com Thu May 4 17:47:47 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu May 4 17:48:12 2006 Subject: Bitdefender Wrapper / tmpfs In-Reply-To: <1879F503-2C76-49E9-98E9-2A060800825A@ecs.soton.ac.uk> References: <044201c66ee1$24399bd0$0202fea9@sangria> <4459637F.5020107@nkpanama.com> <1879F503-2C76-49E9-98E9-2A060800825A@ecs.soton.ac.uk> Message-ID: <445A3033.2040903@nkpanama.com> Julian Field wrote: > > It will *not* result in any lost messages at all. I ain't that stoopid > :-) > > -- Well... I *did* say "potentially"... Specially when only MS was written by you; the rest (the MTA, the AVs, the other bits and pieces) could always go crazy and do something bad, right? :-) From dhawal at netmagicsolutions.com Thu May 4 18:01:14 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu May 4 18:01:24 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <223f97700605040753n34503771y77717bee07ab4c88@mail.gmail.com> References: <20060412205748.GD14679@luckyduck.tux> <443FDBCF.6040004@rogers.com> <20060414192115.13204.qmail@mymail.netmagicians.com> <44432F03.4090907@netmagicsolutions.com> <223f97700604241045n144a8ae5radb01346cbdb2f1d@mail.gmail.com> <44523AA2.3080008@netmagicsolutions.com> <80973D29-30E5-4A00-8176-6FE4D48F7E78@ecs.soton.ac.uk> <4459F727.3080206@netmagicsolutions.com> <223f97700605040753n34503771y77717bee07ab4c88@mail.gmail.com> Message-ID: <445A335A.4020706@netmagicsolutions.com> Glenn Steen wrote: > On 04/05/06, Dhawal Doshy wrote: > (snip) >> http://article.gmane.org/gmane.mail.postfix.user/140871 >> http://article.gmane.org/gmane.mail.postfix.user/140888 >> http://article.gmane.org/gmane.mail.postfix.user/140902 > Hi Dhawal, > > First up, I admire your tenacity and courage... This is a battle I've > thought of fighting, and subsequently shied away from, more than > once... i know what you feel.. i have myself shied away more than once (due to death threats from the postfix underworld) and would have again if Wietse were not so outright in proclaiming that he would break mailscanner compatibility in the next version.. Viktor appears to quite reasonable and open on getting this resolved but requires some smarter inputs. i genuinely think i am not the right person to pursue this any further.. and someone more technically competent with a much better understanding of both postfix and mailscanner ought to do so (if the inclination exists). i have symmetric multiple headaches already and am almost about to give up.. and will mostly opt for the wait till it breaks and watch situation. - dhawal > In the last link above you say: > ------ > I do agree that the file isn't renamed as per the new inode and linked / > logged.. i will communicate this to the MailScanner developers. > ------ > I'm not entirely certain you are right in this. Jules will no doubt > correct me if I'm wrong, but at the time when the (new) queue file is > reintroduced into the postfix incoming queue, it is certainly handled > as outlined by Viktor... And prominently logged with both old > (postfix_queue_id.random ...) and new queue IDs, where the new queue > ID is certainly linked to the current i-node number (as stipulated). > So there is no discrepancies here. At least not that I can see. > > Further down you and Viktor say: > ----- >>> 5) Mailscanner MUST maintain the relationship between the file name and >>> the file inode number. Otherwise mail will be corrupted or lost. >>> >>> MailScanner: See reply to point 4. original filename is appended with a >>> random number. >> >> This is wrong. The relationship must be maintained *exacty*, not by >> appending a suffix. > > Understood. > ----- > What is wrong here is not what MailScanner does, but the perspective > of the reply (I know you go on to correct this somewhat further down, > but bear with me:). > As far as it goes, MailScanner maintains this relationship (by not > really touching the queue file, other than to make a copy of it) > throughout the entire chain. That it is the copy/new queue file that > is reintroduced to Postfix doesn't change this in any way (that I can > think of:-). From the Postfix perspective, this operation is a "black > box", IMHO (Why should they even care what happens to that copy, > before it is reintroduced? When they are guaranteed that the "trust > chain" cannot be broken by the actions taken in the "black box"...?). > Oh well. > > Further: > ----- >>> 8) Mailscanner MUST NOT modify queue files. If content needs to be >>> updates, Mailscanner MUST create a new queue file and delete the >>> original only after the new file has been committed to stable storage. >>> Otherwise mail will be corrupted or lost. >>> >>> MailScanner: See points 4,5,7 >> >> Exactly, do not reply until understand why this is true. If still >> disagree >> with 8, do not reply. Sorry. > > Agreed, modifications are made to a copy of the queue-file in mailscanner's > incoming directory and post-processing written to the postfix incoming > queue > directory. I'll anyways get further clarification from the mailscanner > developers. > ------ > More "philosophical hairsplitting"... Again, from the Postfix > perspective, the reintroduced queue file should be seen as an entirely > new, fully logged, queue file. So this should also be a non-issue. > > Thing is, the Posfix developers don't really know (nor care, it > seems:-) how MailScanner works, and have never looked at Jules code > (AFAICS, else they would know at least some of these things already). > I can certainly not claim a full understanding of it either, but have > at least looked through it a couple of times... Mostly to assure > myself of these very things (and to determine why I had so darned many > duplicates in MailWatch, back when that was a problem). .... And even > a cursory understanding, like mine, seems to be lacking. > I'm in no way criticising them for that. They should be, and are, > focused on what's important to them (Postfix mainly:-). > > I'm not sure that they even need to know particularly much about it > either, because all they should need know is that the things they > stipulate is covered nicely already. > I guess what I'm trying to say is that we need to adjust our thinking > to the "slightly skewed" Postfix perspective when communicating with > them. > For one thing, I don't think they've really appreciated the > ramifications of the use of the HOLD thing, although it is "their > feature" so to speak:-). > > Oh, and we do need world domination^H^H^H^H^H^H^H^H^H^Hpeace (:-). > > -- > -- Glenn (Who just can't handle another high-volume mailing list more, > or otherwise would participate more directly on the postfix-users > list) > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se From maillists at conactive.com Thu May 4 19:31:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu May 4 19:31:28 2006 Subject: Adding HUGE negative score to whitelisted addresses In-Reply-To: References: Message-ID: Brett Charbeneau wrote on Thu, 4 May 2006 11:30:04 -0400 (EDT): > I know that the default scoring for a whitelist rule in > spam.whitelist.rules is -100. > Where would one increase this value? why? > In spam.assassin.prefs.conf? preferrably in a .conf file in /etc/mail/spamassassin I > tried adding > > score USER_IN_WHITELIST -1000 > > to spam.assassin.prefs.conf, but "MailScanner --lint" complains that > > warning: score set for non-existent rule USER_IN_WHITELIST Then you/MailScanner are not using the default /usr/share/spamassassin rule directory when doing that lint. -> /usr/share/spamassassin/ grep USER_IN_WHITELIST * Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From a.peacock at chime.ucl.ac.uk Thu May 4 19:46:58 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu May 4 19:47:04 2006 Subject: Phishing emails cause MailScanner to loop infinitely In-Reply-To: References: <445A0774.1050700@chime.ucl.ac.uk> <445A209E.40006@chime.ucl.ac.uk> Message-ID: <445A4C22.6080105@chime.ucl.ac.uk> Hi Jeff, Jeff A. Earickson wrote: > On Thu, 4 May 2006, Jeff A. Earickson wrote: > >>> >>> I am wondering if it is an issue with the Df routines under Solaris... >>> >> That's right, Filesys-Statvfs_Statfs_Df-0.78 is the new wrinkle in >> 4.53.7. I installed this by hand (perl Makefile.PL, make, make test, >> etc). >> However it compiled and passed its tests without problems, giving >> correct block numbers. >> >> I do notice that there is a version 0.79, released on April 19. >> Downloading now, will install and test. > > > Installing Filesys-Statvfs_Statfs_Df-0.79 and retrying my problem > email message made no difference. It still looped at the same spot. I had a look at the change log for this module and there was only one change for the latest version. Not to mention that the changelog claimed that it had been released in 2060 :-) The other area of MS that has changed in this latest release is the phishing code. I will do some more testing tomorrow when I get back into the office. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "I'm in shape. - ROUND is a shape" From glenn.steen at gmail.com Thu May 4 22:45:19 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu May 4 22:45:23 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <445A335A.4020706@netmagicsolutions.com> References: <20060412205748.GD14679@luckyduck.tux> <20060414192115.13204.qmail@mymail.netmagicians.com> <44432F03.4090907@netmagicsolutions.com> <223f97700604241045n144a8ae5radb01346cbdb2f1d@mail.gmail.com> <44523AA2.3080008@netmagicsolutions.com> <80973D29-30E5-4A00-8176-6FE4D48F7E78@ecs.soton.ac.uk> <4459F727.3080206@netmagicsolutions.com> <223f97700605040753n34503771y77717bee07ab4c88@mail.gmail.com> <445A335A.4020706@netmagicsolutions.com> Message-ID: <223f97700605041445y1fbba49eu85ce3f1c1e4a2882@mail.gmail.com> On 04/05/06, Dhawal Doshy wrote: > Glenn Steen wrote: > > On 04/05/06, Dhawal Doshy wrote: > > (snip) > >> http://article.gmane.org/gmane.mail.postfix.user/140871 > >> http://article.gmane.org/gmane.mail.postfix.user/140888 > >> http://article.gmane.org/gmane.mail.postfix.user/140902 > > Hi Dhawal, > > > > First up, I admire your tenacity and courage... This is a battle I've > > thought of fighting, and subsequently shied away from, more than > > once... > > i know what you feel.. i have myself shied away more than once (due to > death threats from the postfix underworld) and would have again if > Wietse were not so outright in proclaiming that he would break > mailscanner compatibility in the next version.. > > Viktor appears to quite reasonable and open on getting this resolved but > requires some smarter inputs. i genuinely think i am not the right > person to pursue this any further.. and someone more technically > competent with a much better understanding of both postfix and > mailscanner ought to do so (if the inclination exists). > > i have symmetric multiple headaches already and am almost about to give > up.. and will mostly opt for the wait till it breaks and watch situation. > > - dhawal > Oh I it's not easy... At least the postfix crowd tend to have a rather ... rough ... tone:-). If there was more time on every day (say 2-3 hours more), I'd have time for the postfix list on a more regular basis... As it is now I hardly have time for this one (one might argue that that shows in the level of quality my small contributions have had lately:-). If I could do more, I would. That said, I'm not sure I'm the right one for the job either... Drew perhaps, or Joshua, or ... Jules:-). Anyway, my comments were the slight contrib I could do ATM. Sorry it's not more. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Jan-Peter.Koopmann at seceidos.de Fri May 5 09:33:22 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Fri May 5 09:33:35 2006 Subject: Mailscanner does not identify attachment in mail Message-ID: On Thursday, May 04, 2006 12:38 PM Julian Field wrote: > It should have found the uu-encoded file. Have you got that feature > switched on? > Look for "uu" or "UU" in MailScanner.conf. Well I upgraded to 4.53.7 on that box and today the next one came in. It again was identified as spam. May 5 10:00:40 proxy-hb MailScanner[98493]: New Batch: Scanning 1 messages, 35159 bytes May 5 10:00:40 proxy-hb MailScanner[98493]: Saved archive copies of 1FbvEk-0002FH-GK May 5 10:00:40 proxy-hb MailScanner[98493]: MCP Checks: Starting May 5 10:00:40 proxy-hb MailScanner[98493]: Spam Checks: Starting May 5 10:00:52 proxy-hb MailScanner[98493]: Spam Checks: Found 1 spam messages May 5 10:00:52 proxy-hb MailScanner[98493]: Spam Actions: message 1FbvEk-0002FH-GK actions are store May 5 10:00:53 proxy-hb MailScanner[98493]: Virus and Content Scanning: Starting May 5 10:00:53 proxy-hb MailScanner[98493]: Scan started at Fri May 5 10:00:53 2006 May 5 10:00:53 proxy-hb MailScanner[98493]: Database version: 2006-05-05_01 May 5 10:00:53 proxy-hb MailScanner[98493]: Scan ended at Fri May 5 10:00:53 2006 May 5 10:00:53 proxy-hb MailScanner[98493]: 3 files scanned May 5 10:00:55 proxy-hb MailScanner[98493]: Batch (1 message) processed in 15.31 seconds May 5 10:00:55 proxy-hb MailScanner[98493]: "Always Looked Up Last" took 0.02 seconds Two problems/questions: 1. Is the uuencoded file now identified as such by MailScanner? It says 3 files scanned so I would assume so but I am not sure. I have Find UU-Encoded Files = yes in MailScanner.conf. The attachment is a virus free pdf so it is ok that no alarms pop up. 2. Why does Spamassassin identify it as spam? Clearly it does not recognize the uuencoded file as such and therefore hits strange rules (like BAYES_99, SARE_URI_EUQALS etc.) pushing it over the High Scoring Spam limit. Is this a SpamAssassin or a MailScanner problem? In MIME-Mails SA does recognize attachments does it not and exclude it from scanning, does it not= Regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060505/01caa2be/smime.bin From Jan-Peter.Koopmann at seceidos.de Fri May 5 09:39:59 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Fri May 5 09:40:10 2006 Subject: Mailscanner does not identify attachment in mail Message-ID: On Thursday, May 04, 2006 1:31 PM Kai Schaetzl wrote: > I don't think this is not a MailScanner thing. uuencoded messages are > indeed scanned by SA like a text message and may create weird > results. I guess they didn't stop this so spammers can't bypass by a > simple begin line. Ok. This would answer my second question in my earlier post. I also assume it's a SA "problem" not a MailScanner one. But how does one solve this? Sending uuencoded files like this in productive systems seems stupid to me but I stopped trying to change the world. It does happen. Do all of you whitelist such hosts? On the other hand I just found this on the SA list: "Bayes is done after decoding Base64/uuencode/etc, and after stripping all of the HTML." Regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060505/be721728/smime.bin From a.peacock at chime.ucl.ac.uk Fri May 5 09:52:44 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri May 5 09:52:54 2006 Subject: Mailscanner does not identify attachment in mail In-Reply-To: References: Message-ID: <445B125C.9010309@chime.ucl.ac.uk> Hi, Koopmann, Jan-Peter wrote: > On Thursday, May 04, 2006 1:31 PM Kai Schaetzl wrote: > >> I don't think this is not a MailScanner thing. uuencoded messages are >> indeed scanned by SA like a text message and may create weird >> results. I guess they didn't stop this so spammers can't bypass by a >> simple begin line. > > Ok. This would answer my second question in my earlier post. I also assume > it's a SA "problem" not a MailScanner one. But how does one solve this? > Sending uuencoded files like this in productive systems seems stupid to me > but I stopped trying to change the world. It does happen. Do all of you > whitelist such hosts? We would really need to see which SA rules hit. (Sorry if you provided that in an earlier post, I didn't keep a copy). I doubt whether it is the fact that it is a UUencoded post is the only factor. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From mailscanner at ecs.soton.ac.uk Fri May 5 10:52:31 2006 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 5 10:53:56 2006 Subject: 4.53.7, endless loop in debug mode In-Reply-To: References: Message-ID: <03F1D7E0-D8B5-4214-8942-642986CCC342@ecs.soton.ac.uk> Please can you try the attached Message.pm file instead of your previous one. I have rewritten a whole chunk of the phishing net and it should be more reliable now (I hope!). -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- A non-text attachment was scrubbed... Name: Message.pm.gz Type: application/x-gzip Size: 55804 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060505/571091c3/Message.pm-0001.gz -------------- next part -------------- On 3 May 2006, at 19:52, Jeff A. Earickson wrote: > The attached message cause 4.53.7 > to go into some kind of endless loop when I ran it in debug > mode. I didn't try it in normal mode. The debug output is > attached too. > > In debug mode, I got hundreds of syslog msgs like: > > MailScanner[16465]: Found phishing fraud from www.evite.com > claiming to be > www.greetingstoall,afternearly3yearsbackinthestates,i'mheadingbacktolo > ndonforwor in k43IWccm014788 > > I've fallen back to 4.52.2. My setup: Solaris 10, sendmail 8.13.6, > SA 3.1.1. > > Jeff Earickson > Colby College > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From Jan-Peter.Koopmann at seceidos.de Fri May 5 11:05:02 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Fri May 5 11:05:15 2006 Subject: Mailscanner does not identify attachment in mail Message-ID: On Friday, May 05, 2006 10:53 AM Anthony Peacock wrote: > We would really need to see which SA rules hit. (Sorry if you > provided that in an earlier post, I didn't keep a copy). 5.00 BAYES_99 Bayesian spam probability is 99 to 100% 0.34 FB_SINGLE_0WORD 1.01 FB_SINGLE_1WORD 1.39 FB_WORD2_END_DOLLAR 0.59 FB_WORD_01DOLLAR2 1.25 FH_RELAY_NODNS 1.10 FM_MULTI_ODD2 0.70 FM_MULTI_ODD3 0.70 FM_MULTI_ODD4 0.90 FM_MULTI_ODD5 3.20 FM_N0N0_WORDS 0.55 HELO_MISMATCH_COM 0.96 NO_REAL_NAME From: does not include a real name 2.10 OBSCURED_EMAIL Message seems to contain rot13ed address 0.99 RELAY_IS_203 2.00 SARE_RAND_6 0.42 SARE_RMML_Stock9 5.00 SARE_URI_EQUALS 2.00 SPF_FAIL SPF: sender does not match SPF record (fail) 2.80 UNWANTED_LANGUAGE_BODY Message written in an undesired language 0.37 UPPERCASE_50_75 message body is 50-75% uppercase 1.37 USERPASS URL contains username and (optional) password 0.21 X_AUTH_WARN_FAKED X-Authentication-Warning header looks faked > I doubt whether it is the fact that it is a UUencoded post is the > only factor. Not the only factor I agree. But BAYES_99, SARE_*, UNWANTED_LANGUAGE_BODY, UPPERCASE etc. surely are due to uuencoded text since that is the only thing in the body. Regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060505/cf639811/smime.bin From a.peacock at chime.ucl.ac.uk Fri May 5 11:33:52 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri May 5 11:34:07 2006 Subject: 4.53.7, endless loop in debug mode In-Reply-To: <03F1D7E0-D8B5-4214-8942-642986CCC342@ecs.soton.ac.uk> References: <03F1D7E0-D8B5-4214-8942-642986CCC342@ecs.soton.ac.uk> Message-ID: <445B2A10.5070709@chime.ucl.ac.uk> Hi Julian, Thanks for this. Replacing the previous Message.pm with this new one seems to have fixed the problem. I placed the saved queue files that were causing the problem yesterday in the incoming queue, and MS ran without hitch, both in debug mode and in normal operation. I will keep and eye on this and get back if I noticed any further glitches. Julian Field wrote: > Please can you try the attached Message.pm file instead of your previous > one. I have rewritten a whole chunk of the phishing net and it should be > more reliable now (I hope!). > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > > On 3 May 2006, at 19:52, Jeff A. Earickson wrote: > >> The attached message cause 4.53.7 >> to go into some kind of endless loop when I ran it in debug >> mode. I didn't try it in normal mode. The debug output is >> attached too. >> >> In debug mode, I got hundreds of syslog msgs like: >> >> MailScanner[16465]: Found phishing fraud from www.evite.com claiming >> to be >> www.greetingstoall,afternearly3yearsbackinthestates,i'mheadingbacktolondonforwor >> in k43IWccm014788 >> >> I've fallen back to 4.52.2. My setup: Solaris 10, sendmail 8.13.6, >> SA 3.1.1. >> >> Jeff Earickson >> Colby College >> >> >> > > --Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From a.peacock at chime.ucl.ac.uk Fri May 5 11:52:08 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri May 5 11:52:14 2006 Subject: Mailscanner does not identify attachment in mail In-Reply-To: References: Message-ID: <445B2E58.5070408@chime.ucl.ac.uk> Hi, Koopmann, Jan-Peter wrote: > On Friday, May 05, 2006 10:53 AM Anthony Peacock wrote: > >> We would really need to see which SA rules hit. (Sorry if you >> provided that in an earlier post, I didn't keep a copy). > > 5.00 BAYES_99 Bayesian spam probability is 99 to 100% > 0.34 FB_SINGLE_0WORD > 1.01 FB_SINGLE_1WORD > 1.39 FB_WORD2_END_DOLLAR > 0.59 FB_WORD_01DOLLAR2 > 1.25 FH_RELAY_NODNS > 1.10 FM_MULTI_ODD2 > 0.70 FM_MULTI_ODD3 > 0.70 FM_MULTI_ODD4 > 0.90 FM_MULTI_ODD5 > 3.20 FM_N0N0_WORDS > 0.55 HELO_MISMATCH_COM > 0.96 NO_REAL_NAME From: does not include a real name > 2.10 OBSCURED_EMAIL Message seems to contain rot13ed address > 0.99 RELAY_IS_203 > 2.00 SARE_RAND_6 > 0.42 SARE_RMML_Stock9 > 5.00 SARE_URI_EQUALS > 2.00 SPF_FAIL SPF: sender does not match SPF record (fail) > 2.80 UNWANTED_LANGUAGE_BODY Message written in an undesired language > 0.37 UPPERCASE_50_75 message body is 50-75% uppercase > 1.37 USERPASS URL contains username and (optional) password > 0.21 X_AUTH_WARN_FAKED X-Authentication-Warning header looks faked > >> I doubt whether it is the fact that it is a UUencoded post is the >> only factor. > > Not the only factor I agree. But BAYES_99, SARE_*, UNWANTED_LANGUAGE_BODY, > UPPERCASE etc. surely are due to uuencoded text since that is the only thing > in the body. Yup! I agree that SA is scoring the UU code. What version of SA do you have installed. I would suggest that you post this question to the SpamAssassin-users mailing list. If you can place the full (inc headers) email in a downloadable location, it will help people run it against their installs. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From Jan-Peter.Koopmann at seceidos.de Fri May 5 12:02:36 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Fri May 5 12:02:46 2006 Subject: Mailscanner does not identify attachment in mail Message-ID: On Friday, May 05, 2006 12:52 PM Anthony Peacock wrote: > Yup! I agree that SA is scoring the UU code. What version of SA do > you have installed. p5-Mail-SpamAssassin-3.1.1_4 > I would suggest that you post this question to the SpamAssassin-users > mailing list. If you can place the full (inc headers) email in a > downloadable location, it will help people run it against their > installs. I have to check this with the client. I have no clue how confidential that mail is. Frankly I just whitelisted that particular IP so the problem is "gone" (sort of). The bug-reports for SpamAssassin suggest that uudecoded mail bodies are just treated as text and therefore all those rules should apply unfortunatly. Unless I got this the wrong way and it should not be scanned at all there is not much we could do. MailScanner could decide not to send mail-bodies consisting of only uuencoded text to SpamAssassin but I am not sure it is A) feasable B) worth the effort. Opinions? Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060505/ae3374bb/smime.bin From Jan-Peter.Koopmann at seceidos.de Fri May 5 12:06:31 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Fri May 5 12:06:43 2006 Subject: 4.53.7, endless loop in debug mode Message-ID: On Friday, May 05, 2006 11:53 AM Julian Field wrote: > Please can you try the attached Message.pm file instead of your > previous one. I have rewritten a whole chunk of the phishing net and > it should be more reliable now (I hope!). FreeBSD port 4.53.7 has just been committed. Is this a bug worth releasing a new version? Is the new Message.pm stable enough? Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060505/d5945c6c/smime.bin From jaearick at colby.edu Fri May 5 12:28:49 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri May 5 12:33:32 2006 Subject: 4.53.7, endless loop in debug mode In-Reply-To: References: Message-ID: Please let me try and test it this morning. You Europeans had a five hour head start on this. Thanks. Jeff Earickson Colby College On Fri, 5 May 2006, Koopmann, Jan-Peter wrote: > Date: Fri, 5 May 2006 13:06:31 +0200 > From: "Koopmann, Jan-Peter" > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: RE: 4.53.7, endless loop in debug mode > > On Friday, May 05, 2006 11:53 AM Julian Field wrote: > >> Please can you try the attached Message.pm file instead of your >> previous one. I have rewritten a whole chunk of the phishing net and >> it should be more reliable now (I hope!). > > FreeBSD port 4.53.7 has just been committed. Is this a bug worth releasing a > new version? Is the new Message.pm stable enough? > > > Kind regards, > JP > From prandal at herefordshire.gov.uk Fri May 5 12:36:45 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri May 5 12:37:16 2006 Subject: 4.53.7, endless loop in debug mode Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580CC0AFAD@isabella.herefordshire.gov.uk> Julian, This one needs a 4.53.8 release, because it can affect anybody. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Anthony Peacock > Sent: 05 May 2006 11:34 > To: MailScanner discussion > Subject: Re: 4.53.7, endless loop in debug mode > > Hi Julian, > > Thanks for this. > > Replacing the previous Message.pm with this new one seems to > have fixed > the problem. > > I placed the saved queue files that were causing the problem > yesterday > in the incoming queue, and MS ran without hitch, both in > debug mode and > in normal operation. > > I will keep and eye on this and get back if I noticed any > further glitches. > > Julian Field wrote: > > Please can you try the attached Message.pm file instead of > your previous > > one. I have rewritten a whole chunk of the phishing net and > it should be > > more reliable now (I hope!). > > > > > > --This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > MailScanner thanks transtec Computers for their support. > > > > > > On 3 May 2006, at 19:52, Jeff A. Earickson wrote: > > > >> The attached message cause 4.53.7 > >> to go into some kind of endless loop when I ran it in debug > >> mode. I didn't try it in normal mode. The debug output is > >> attached too. > >> > >> In debug mode, I got hundreds of syslog msgs like: > >> > >> MailScanner[16465]: Found phishing fraud from > www.evite.com claiming > >> to be > >> > www.greetingstoall,afternearly3yearsbackinthestates,i'mheading > backtolondonforwor > >> in k43IWccm014788 > >> > >> I've fallen back to 4.52.2. My setup: Solaris 10, sendmail 8.13.6, > >> SA 3.1.1. > >> > >> Jeff Earickson > >> Colby College > >> > >> > >> > > > > --Julian Field > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "The most exciting phrase to hear in science, the one that > heralds new > discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From maillists at conactive.com Fri May 5 13:09:33 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Fri May 5 13:09:34 2006 Subject: Mailscanner does not identify attachment in mail In-Reply-To: References: Message-ID: Jan-Peter Koopmann wrote on Fri, 5 May 2006 13:02:36 +0200: > The bug-reports for SpamAssassin suggest that uudecoded > mail bodies are just treated as text and therefore all those rules should > apply unfortunatly. Unless I got this the wrong way and it should not be > scanned at all there is not much we could do. > > MailScanner could decide not to send mail-bodies consisting of only > uuencoded text to SpamAssassin but I am not sure it is > > A) feasable > B) worth the effort. Since MS unpacks and scans the attachment (I assume), anyway, I agree something could be done at this stage. AFAIK a uuencoded attachment normally doesn't get displayed inline, not even by MS software. So, it won't be displayed even if it is a spam html page or so. What does MS do with attachments in general? I've been assuming that it only gives the first x bytes (there's a setting for that) to SA and no attachments at all. When I encountered the uu problem the first time last year I didn't think about MS in this regard at all I just thought about the fact that SA didn't refuse scanning it and decided against a bug report for SA. (One of the things why SA can't refuse that is that it might not get the end of the attachment, so it cannot guarantee it's really an attachment I guess.) But you are right, something could be done here by MS. Maybe it's that special case here that the body contains only that attachment and nothing else which makes it pipe the body to SA? In general I think it should be safe to exclude uuencoded attachments from spam scanning if the detection of that attachment is reasonably safe. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From jaearick at colby.edu Fri May 5 13:14:28 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri May 5 13:15:48 2006 Subject: 4.53.7, endless loop in debug mode In-Reply-To: <03F1D7E0-D8B5-4214-8942-642986CCC342@ecs.soton.ac.uk> References: <03F1D7E0-D8B5-4214-8942-642986CCC342@ecs.soton.ac.uk> Message-ID: Julian, Yes, the new Message.pm worked with my problem message. Attached is the debug output from my run with the one problem message. I'm now running 4.53.7 with the new Message.pm in production, waiting for the sound of screeching tires and breaking glass. :) If you decide to roll out a new release (I think you should), please add this small change to MailScanner.conf comments: *** MailScanner.conf.orig Wed May 3 14:00:23 2006 --- MailScanner.conf.new Fri May 5 08:10:13 2006 *************** *** 1945,1950 **** --- 1945,1951 ---- # cron job has run successfully and has created a directory structure under # the spamassassin directory within this one and has put some *.cf files in # there. Otherwise it will ignore all your current rules! + # The default location may be /var/opt on Solaris systems. SpamAssassin Local State Dir = # /var/lib # The default rules are searched for here, and in prefix/share/spamassassin, Thanks for the quick work! Jeff Earickson Colby College On Fri, 5 May 2006, Julian Field wrote: > Date: Fri, 5 May 2006 10:52:31 +0100 > From: Julian Field > To: Jeff A. Earickson > Cc: MailScanner mailing list > Subject: Re: 4.53.7, endless loop in debug mode > > Please can you try the attached Message.pm file instead of your previous one. > I have rewritten a whole chunk of the phishing net and it should be more > reliable now (I hope!). > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > -------------- next part -------------- Starting MailScanner... In Debugging mode, not forking... [14612] dbg: logger: adding facilities: all [14612] dbg: logger: logging level is DBG [14612] dbg: generic: SpamAssassin version 3.1.1 [14612] dbg: config: score set 0 chosen. [14612] dbg: util: running in taint mode? no [14612] dbg: dns: is Net::DNS::Resolver available? yes [14612] dbg: dns: Net::DNS version: 0.48 [14612] dbg: ignore: test message to precompile patterns and load modules [14612] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [14612] dbg: config: read file /etc/mail/spamassassin/init.pre [14612] dbg: config: read file /etc/mail/spamassassin/v310.pre [14612] dbg: config: using "/var/opt/spamassassin/3.001001" for sys rules pre files [14612] dbg: config: using "/var/opt/spamassassin/3.001001" for default rules dir [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org.cf [14612] dbg: config: using "/etc/mail/spamassassin" for site rules dir [14612] dbg: config: read file /etc/mail/spamassassin/backhair.cf [14612] dbg: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf [14612] dbg: config: read file /etc/mail/spamassassin/local.cf [14612] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf [14612] dbg: config: read file /etc/mail/spamassassin/updates_spamassassin_org.cf [14612] dbg: config: using "//.spamassassin/user_prefs" for user prefs file [14612] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [14612] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x15ec84c) [14612] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC [14612] dbg: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x15f9484) [14612] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [14612] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0xf8a6d8) [14612] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [14612] dbg: pyzor: network tests on, attempting Pyzor [14612] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x16f752c) [14612] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [14612] dbg: reporter: network tests on, attempting SpamCop [14612] dbg: plugin: registered Mail::SpamAssassin::Plugin::SpamCop=HASH(0x17b0db8) [14612] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [14612] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x17c8944) [14612] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [14612] dbg: plugin: registered Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x17b638c) [14612] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [14612] dbg: plugin: registered Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x17dbf9c) [14612] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [14612] dbg: plugin: registered Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x17e7c00) [14612] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [14612] dbg: plugin: registered Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x17f4640) [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/10_misc.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/10_misc.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/10_misc.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_advance_fee.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_advance_fee.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_advance_fee.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_anti_ratware.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_anti_ratware.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_anti_ratware.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_body_tests.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_body_tests.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_body_tests.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_compensate.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_compensate.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_compensate.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_dnsbl_tests.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_dnsbl_tests.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_dnsbl_tests.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_drugs.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_drugs.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_drugs.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_fake_helo_tests.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_fake_helo_tests.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_fake_helo_tests.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_head_tests.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_head_tests.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_head_tests.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_html_tests.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_html_tests.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_html_tests.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_meta_tests.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_meta_tests.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_meta_tests.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_net_tests.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_net_tests.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_net_tests.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_phrases.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_phrases.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_phrases.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_porn.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_porn.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_porn.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_ratware.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_ratware.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_ratware.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_uri_tests.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_uri_tests.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_uri_tests.cf [14612] dbg: config: adding redirector regex: /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i [14612] dbg: config: adding redirector regex: /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i [14612] dbg: config: adding redirector regex: /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i [14612] dbg: config: adding redirector regex: /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i [14612] dbg: config: adding redirector regex: /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i [14612] dbg: config: adding redirector regex: m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&\#])'i [14612] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i [14612] dbg: config: adding redirector regex: m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&\#])'i [14612] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&\#])'i [14612] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&\#])'i [14612] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&\#])'i [14612] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&\#])'i [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/23_bayes.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/23_bayes.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/23_bayes.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_accessdb.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_accessdb.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_accessdb.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_antivirus.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_antivirus.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_antivirus.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_body_tests_es.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_body_tests_es.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_body_tests_es.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_body_tests_pl.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_body_tests_pl.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_body_tests_pl.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_dcc.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_dcc.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_dcc.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_dkim.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_dkim.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_dkim.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_domainkeys.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_domainkeys.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_domainkeys.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_hashcash.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_hashcash.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_hashcash.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_pyzor.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_pyzor.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_pyzor.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_razor2.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_razor2.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_razor2.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_replace.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_replace.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_replace.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_spf.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_spf.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_spf.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_textcat.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_textcat.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_textcat.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_uribl.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_uribl.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_uribl.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_de.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_de.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_de.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_fr.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_fr.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_fr.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_it.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_it.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_it.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_nl.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_nl.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_nl.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_pl.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_pl.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_pl.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_pt_br.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_pt_br.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_pt_br.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/50_scores.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/50_scores.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/50_scores.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/60_awl.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/60_awl.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/60_awl.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/60_whitelist.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/60_whitelist.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/60_whitelist.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/60_whitelist_dkim.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/60_whitelist_dkim.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/60_whitelist_dkim.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/60_whitelist_spf.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/60_whitelist_spf.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/60_whitelist_spf.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/60_whitelist_subject.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/60_whitelist_subject.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/60_whitelist_subject.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/80_additional.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/80_additional.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/80_additional.cf [14612] info: config: pyzor_path "/usr/bin/pyzor" isn't an executable [14612] info: config: SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path /usr/bin/pyzor [14612] info: config: failed to parse line, skipping: dcc_path /opt/dcc/bin/dccproc [14612] info: config: failed to parse line, skipping: dcc_home /opt/dcc [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/10_misc.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/10_misc.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_anti_ratware.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_anti_ratware.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_compensate.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_compensate.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_dnsbl_tests.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_dnsbl_tests.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_drugs.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_drugs.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_fake_helo_tests.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_fake_helo_tests.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_head_tests.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_head_tests.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_html_tests.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_html_tests.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_meta_tests.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_meta_tests.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_net_tests.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_net_tests.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_phrases.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_phrases.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_porn.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_porn.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_ratware.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_ratware.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_uri_tests.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_uri_tests.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/23_bayes.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/23_bayes.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_accessdb.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_accessdb.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_antivirus.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_antivirus.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_body_tests_es.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_body_tests_es.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_body_tests_pl.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_body_tests_pl.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_dcc.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_dcc.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_dkim.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_dkim.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_domainkeys.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_domainkeys.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_hashcash.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_hashcash.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_pyzor.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_pyzor.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_razor2.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_razor2.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_replace.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_replace.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_spf.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_spf.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_textcat.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_textcat.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_uribl.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_uribl.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/30_text_de.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/30_text_de.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/30_text_fr.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/30_text_fr.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/30_text_it.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/30_text_it.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/30_text_nl.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/30_text_nl.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/30_text_pl.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/30_text_pl.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/30_text_pt_br.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/30_text_pt_br.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/50_scores.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/50_scores.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/60_awl.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/60_awl.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/60_whitelist.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/60_whitelist.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/60_whitelist_dkim.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/60_whitelist_dkim.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/60_whitelist_spf.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/60_whitelist_spf.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/60_whitelist_subject.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/60_whitelist_subject.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/80_additional.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/80_additional.cf" for included file [14612] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x17f4640) implements 'finish_parsing_end' [14612] dbg: replacetags: replacing tags [14612] dbg: replacetags: done replacing tags [14612] dbg: bayes: tie-ing to DB file R/O /var/spool/spamassassin/bayes_toks [14612] dbg: bayes: tie-ing to DB file R/O /var/spool/spamassassin/bayes_seen [14612] dbg: bayes: found bayes db version 3 [14612] dbg: bayes: DB journal sync: last sync: 1126554232 [14612] dbg: config: score set 3 chosen. [14612] dbg: message: ---- MIME PARSER START ---- [14612] dbg: message: main message type: text/plain [14612] dbg: message: parsing normal part [14612] dbg: message: added part, type: text/plain [14612] dbg: message: ---- MIME PARSER END ---- [14612] dbg: dns: dns_available set to yes in config file, skipping test [14612] dbg: metadata: X-Spam-Relays-Trusted: [14612] dbg: metadata: X-Spam-Relays-Untrusted: [14612] dbg: message: no encoding detected [14612] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x15ec84c) implements 'parsed_metadata' [14612] dbg: uridnsbl: domains to query: [14612] dbg: check: running tests for priority: 0 [14612] dbg: rules: running header regexp tests; score so far=0 [14612] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [14612] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1146830616.53826@spamassassin_spamd_init> [14612] dbg: rules: " [14612] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@spamassassin_spamd_init>" [14612] dbg: rules: ran header rule NO_REAL_NAME ======> got hit: "ignore@compiling.spamassassin.taint.org [14612] dbg: rules: " [14612] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1146830616" [14612] dbg: plugin: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x15f9484)) [14612] dbg: plugin: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0xf8a6d8)) [14612] dbg: spf: no trusted relays found, using first (untrusted) relay (if present) for SPF checks [14612] dbg: spf: no suitable relay for spf use found, skipping SPF-helo check [14612] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org [14612] dbg: plugin: registering glue method for check_subject_in_blacklist (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x17dbf9c)) [14612] dbg: plugin: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x15f9484)) [14612] dbg: eval: all '*To' addrs: [14612] dbg: plugin: registering glue method for check_for_spf_neutral (Mail::SpamAssassin::Plugin::SPF=HASH(0xf8a6d8)) [14612] dbg: spf: no suitable relay for spf use found, skipping SPF check [14612] dbg: plugin: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0xf8a6d8)) [14612] dbg: rules: ran eval rule NO_RELAYS ======> got hit [14612] dbg: plugin: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0xf8a6d8)) [14612] dbg: plugin: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0xf8a6d8)) [14612] dbg: plugin: registering glue method for check_for_def_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0xf8a6d8)) [14612] dbg: spf: cannot get Envelope-From, cannot use SPF [14612] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender [14612] dbg: plugin: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0xf8a6d8)) [14612] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit [14612] dbg: plugin: registering glue method for check_subject_in_whitelist (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x17dbf9c)) [14612] dbg: plugin: registering glue method for check_for_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0xf8a6d8)) [14612] dbg: spf: spf_whitelist_from: could not find useable envelope sender [14612] dbg: rules: running body-text per-line regexp tests; score so far=0.96 [14612] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" [14612] dbg: uri: running uri tests; score so far=0.96 [14612] dbg: plugin: registering glue method for _mimeheader_eval_TVD_FW_GRAPHIC_NAME_LONG (Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x17e7c00)) [14612] dbg: plugin: registering glue method for _mimeheader_eval_TVD_FW_GRAPHIC_ID1 (Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x17e7c00)) [14612] dbg: plugin: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x15ec84c)) [14612] dbg: plugin: registering glue method for _mimeheader_eval_TVD_FW_GRAPHIC_NAME_MID (Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x17e7c00)) [14612] dbg: plugin: registering glue method for _mimeheader_eval___GIF_ATTACH (Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x17e7c00)) [14612] dbg: plugin: registering glue method for _mimeheader_eval_TVD_FW_GRAPHIC_ID2 (Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x17e7c00)) [14612] dbg: rules: running raw-body-text per-line regexp tests; score so far=0.96 [14612] dbg: rules: running full-text regexp tests; score so far=0.96 [14612] dbg: plugin: registering glue method for check_pyzor (Mail::SpamAssassin::Plugin::Pyzor=HASH(0x16f752c)) [14612] dbg: pyzor: use_pyzor option not enabled, disabling Pyzor [14612] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x15ec84c) implements 'check_tick' [14612] dbg: check: running tests for priority: 500 [14612] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x15ec84c) implements 'check_post_dnsbl' [14612] dbg: rules: running meta tests; score so far=0.96 [14612] dbg: rules: running header regexp tests; score so far=2.906 [14612] dbg: rules: running body-text per-line regexp tests; score so far=2.906 [14612] dbg: uri: running uri tests; score so far=2.906 [14612] dbg: rules: running raw-body-text per-line regexp tests; score so far=2.906 [14612] dbg: rules: running full-text regexp tests; score so far=2.906 [14612] dbg: check: running tests for priority: 1000 [14612] dbg: rules: running meta tests; score so far=2.906 [14612] dbg: rules: running header regexp tests; score so far=2.906 [14612] dbg: plugin: registering glue method for check_from_in_auto_whitelist (Mail::SpamAssassin::Plugin::AWL=HASH(0x17c8944)) [14612] dbg: rules: running body-text per-line regexp tests; score so far=2.906 [14612] dbg: uri: running uri tests; score so far=2.906 [14612] dbg: rules: running raw-body-text per-line regexp tests; score so far=2.906 [14612] dbg: rules: running full-text regexp tests; score so far=2.906 [14612] dbg: check: is spam? score=2.906 required=5 [14612] dbg: check: tests=MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE [14612] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID [14612] dbg: bayes: untie-ing [14612] dbg: bayes: untie-ing db_toks [14612] dbg: bayes: untie-ing db_seen [14621] dbg: message: ---- MIME PARSER START ---- [14621] dbg: message: main message type: multipart/related [14621] dbg: message: parsing multipart, got boundary: ----=_Part_121008_2180492.1146681134503 [14621] dbg: message: found part of type multipart/alternative, boundary: ----=_Part_121009_6102710.1146681134506 [14621] dbg: message: parsing multipart, got boundary: ----=_Part_121009_6102710.1146681134506 [14621] dbg: message: found part of type text/plain, boundary: ----=_Part_121009_6102710.1146681134506 [14621] dbg: message: parsing normal part [14621] dbg: message: added part, type: text/plain [14621] dbg: message: found part of type text/html, boundary: ----=_Part_121009_6102710.1146681134506 [14621] dbg: message: parsing normal part [14621] dbg: message: added part, type: text/html [14621] dbg: message: added part, type: multipart/alternative [14621] dbg: message: ---- MIME PARSER END ---- [14621] dbg: dns: name server: 137.146.28.68, family: 2, ipv6: 0 [14621] dbg: received-header: parsed as [ ip=209.104.61.24 rdns=mail7.evite.com helo=mail7.evite.com by=coal.colby.edu ident= envfrom= intl=0 id=k43IWccm014788 auth= ] [14621] dbg: dns: looking up A records for 'coal.colby.edu' [14621] dbg: dns: A records for 'coal.colby.edu': 137.146.28.68 [14621] dbg: dns: looking up A records for 'coal.colby.edu' [14621] dbg: dns: A records for 'coal.colby.edu': 137.146.28.68 [14621] dbg: received-header: 'by' coal.colby.edu has public IP 137.146.28.68 [14621] dbg: received-header: relay 209.104.61.24 trusted? no internal? no [14621] dbg: received-header: parsed as [ ip=209.104.61.122 rdns=www22.evite.com helo=www22 by=mail7.evite.com ident= envfrom= intl=0 id=k43IWEfu020541 auth= ] [14621] dbg: received-header: relay 209.104.61.122 trusted? no internal? no [14621] dbg: metadata: X-Spam-Relays-Trusted: [14621] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=209.104.61.24 rdns=mail7.evite.com helo=mail7.evite.com by=coal.colby.edu ident= envfrom= intl=0 id=k43IWccm014788 auth= ] [ ip=209.104.61.122 rdns=www22.evite.com helo=www22 by=mail7.evite.com ident= envfrom= intl=0 id=k43IWEfu020541 auth= ] [14621] dbg: message: decoding other encoding type (7bit), ignoring [14621] dbg: message: decoding other encoding type (7bit), ignoring [14621] dbg: uri: html uri found, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: cleaned html uri, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/images/eric.gif [14621] dbg: uri: cleaned html uri, http://www.evite.com/images/eric.gif [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/inviteMore?eventID=FZKJBFGOZUFDSADKKQDF&iid=ZPKWSNKQKSVXUHFIRYVU [14621] dbg: uri: cleaned html uri, http://www.evite.com/inviteMore?eventID=FZKJBFGOZUFDSADKKQDF&iid=ZPKWSNKQKSVXUHFIRYVU [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/ [14621] dbg: uri: cleaned html uri, http://www.evite.com/ [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/images/v_email/top_trans.png [14621] dbg: uri: cleaned html uri, http://www.evite.com/images/v_email/top_trans.png [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/images/v_email/logo.gif [14621] dbg: uri: cleaned html uri, http://www.evite.com/images/v_email/logo.gif [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/respond/rmcomm?iid=ZPKWSNKQKSVXUHFIRYVU [14621] dbg: uri: cleaned html uri, http://www.evite.com/respond/rmcomm?iid=ZPKWSNKQKSVXUHFIRYVU [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/html/designGallery/designs/Vintage_Travel/vmg_bonvoyage.gif [14621] dbg: uri: cleaned html uri, http://www.evite.com/html/designGallery/designs/Vintage_Travel/vmg_bonvoyage.gif [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: parsed uri found, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&src=email [14621] dbg: uri: cleaned parsed uri, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&src=email [14621] dbg: uri: parsed domain, evite.com [14621] dbg: uri: parsed uri found, http://www.evite.com/privacy [14621] dbg: uri: cleaned parsed uri, http://www.evite.com/privacy [14621] dbg: uri: parsed domain, evite.com [14621] dbg: uri: parsed uri found, mailto:info@evite.com [14621] dbg: uri: cleaned parsed uri, mailto:info@evite.com [14621] dbg: uri: parsed domain, evite.com [14621] dbg: uri: parsed uri found, mailto:info@evite.com [14621] dbg: uri: parsed domain, evite.com [14621] dbg: uri: parsed uri found, http://www.evite.com/r?iid=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: cleaned parsed uri, http://www.evite.com/r?iid=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: parsed domain, evite.com [14621] dbg: uridnsbl: domains to query: evite.com [14621] dbg: check: running tests for priority: 0 [14621] dbg: rules: running header regexp tests; score so far=0 [14621] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [14621] dbg: rules: ran header rule __HAS_RCVD ======> got hit: "f" [14621] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<26346609.1146681157211.JavaMail.evite@www22> [14621] dbg: rules: " [14621] dbg: rules: ran header rule __CTYPE_HAS_BOUNDARY ======> got hit: "boundary" [14621] dbg: rules: ran header rule __CT ======> got hit: "m" [14621] dbg: rules: ran header rule __MIME_VERSION ======> got hit: "1" [14621] dbg: rules: ran header rule __TOCC_EXISTS ======> got hit: """ [14621] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1146681157" [14621] dbg: rules: ran header rule __HAS_SUBJECT ======> got hit: "B" [14621] dbg: rules: ran header rule __MSGID_OK_HEX ======> got hit: "26346609" [14621] dbg: spf: no trusted relays found, using first (untrusted) relay (if present) for SPF checks [14621] dbg: spf: checking HELO (helo=mail7.evite.com, ip=209.104.61.24) [14621] dbg: spf: query for /209.104.61.24/mail7.evite.com: result: none, comment: SPF: domain of sender mail7.evite.com does not designate mailers [14621] dbg: eval: all '*From' addrs: info@evite.com ?g [14621] dbg: eval: forged-HELO: from=evite.com helo=evite.com by=colby.edu [14621] dbg: eval: forged-HELO: from=evite.com helo=www22 by=evite.com [14621] dbg: eval: trying Received header date for real time: 3 May 2006 14:32:46 -0400 [14621] dbg: eval: time_t from date=1146681166, rcvd= 3 May 2006 14:32:46 -0400 [14621] dbg: eval: trying Received header date for real time: 3 May 2006 11:32:37 -0700 [14621] dbg: eval: time_t from date=1146681157, rcvd= 3 May 2006 11:32:37 -0700 [14621] dbg: eval: all '*To' addrs: maduggan@colby.edu [14621] dbg: spf: checking EnvelopeFrom (helo=mail7.evite.com, ip=209.104.61.24, envfrom=?g) [14621] dbg: spf: query for ?g/209.104.61.24/mail7.evite.com: result: unknown, comment: Please see http://www.openspf.org/why.html?sender=%81g&ip=209.104.61.24&receiver=coal: domain of sender ?g does not exist [14621] dbg: spf: def_whitelist_from_spf: ?g is not in DEF_WHITELIST_FROM_SPF [14621] dbg: eval: date chosen from message: Wed May 3 14:32:46 2006 [14621] dbg: spf: whitelist_from_spf: ?g is not in user's WHITELIST_FROM_SPF [14621] dbg: rules: running body-text per-line regexp tests; score so far=0 [14621] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "B" [14621] dbg: uri: running uri tests; score so far=0 [14621] dbg: bayes: tie-ing to DB file R/O /var/spool/spamassassin/bayes_toks [14621] dbg: bayes: tie-ing to DB file R/O /var/spool/spamassassin/bayes_seen [14621] dbg: bayes: found bayes db version 3 [14621] dbg: bayes: DB journal sync: last sync: 1126554232 [14621] dbg: bayes: corpus size: nspam = 165933, nham = 1270606 [14621] dbg: bayes: score = 0 [14621] dbg: bayes: DB expiry: tokens in DB: 328107, Expiry max size: 150000, Oldest atime: 1126411200, Newest atime: 1145900818, Last expire: 1126519525, Current time: 1146830621 [14621] dbg: bayes: opportunistic call found expiry due [14621] dbg: bayes: bayes journal sync starting [14621] dbg: bayes: bayes journal sync completed [14621] dbg: bayes: expiry starting [14621] dbg: locker: safe_lock: created /var/spool/spamassassin/bayes.mutex [14621] dbg: locker: safe_lock: trying to get lock on /var/spool/spamassassin/bayes with 10 timeout [14621] dbg: locker: safe_lock: link to /var/spool/spamassassin/bayes.mutex: link ok [14621] dbg: bayes: tie-ing to DB file R/W /var/spool/spamassassin/bayes_toks [14621] dbg: bayes: tie-ing to DB file R/W /var/spool/spamassassin/bayes_seen [14621] dbg: bayes: found bayes db version 3 [14621] dbg: locker: refresh_lock: refresh /var/spool/spamassassin/bayes.mutex [14621] dbg: bayes: DB expiry: tokens in DB: 0, Expiry max size: 150000, Oldest atime: 0, Newest atime: 0, Last expire: 0, Current time: 1146830621 [14621] dbg: bayes: expiry completed [14621] dbg: bayes: untie-ing [14621] dbg: bayes: untie-ing db_toks [14621] dbg: bayes: untie-ing db_seen [14621] dbg: bayes: files locked, now unlocking lock [14621] dbg: locker: safe_unlock: unlocked /var/spool/spamassassin/bayes.mutex [14621] dbg: rules: ran eval rule __TAG_EXISTS_BODY ======> got hit [14621] dbg: eval: text words: 152, html words: 108 [14621] dbg: eval: madiff: left: 53, orig: 108, max-difference: 49.07% [14621] dbg: rules: ran eval rule __COMMENT_EXISTS ======> got hit [14621] dbg: rules: ran eval rule BAYES_00 ======> got hit [14621] dbg: rules: ran eval rule __MIME_HTML ======> got hit [14621] dbg: rules: ran eval rule HTML_MESSAGE ======> got hit [14621] dbg: rules: ran eval rule __TAG_EXISTS_HTML ======> got hit [14621] dbg: rules: ran eval rule __HTML_LINK_IMAGE ======> got hit [14621] dbg: rules: running raw-body-text per-line regexp tests; score so far=-0.049 [14621] dbg: rules: running full-text regexp tests; score so far=-0.049 [14621] dbg: pyzor: use_pyzor option not enabled, disabling Pyzor [14621] dbg: uridnsbl: select found 1 socks ready [14621] dbg: uridnsbl: queries completed: 1 started: 2 [14621] dbg: uridnsbl: queries active: DNSBL=2 at Fri May 5 08:03:41 2006 [14621] dbg: check: running tests for priority: 500 [14621] dbg: uridnsbl: select found 1 socks ready [14621] dbg: uridnsbl: query for evite.com took 1 seconds to look up (multi.surbl.org.:evite.com) [14621] dbg: uridnsbl: queries completed: 1 started: 0 [14621] dbg: uridnsbl: queries active: A=2 DNSBL=1 at Fri May 5 08:03:41 2006 [14621] dbg: uridnsbl: waiting 2 seconds for URIDNSBL lookups to complete [14621] dbg: uridnsbl: select found 1 socks ready [14621] dbg: uridnsbl: query for evite.com took 1 seconds to look up (multi.uribl.com.:evite.com) [14621] dbg: uridnsbl: queries completed: 1 started: 0 [14621] dbg: uridnsbl: queries active: A=2 at Fri May 5 08:03:41 2006 [14621] dbg: uridnsbl: select found 1 socks ready [14621] dbg: uridnsbl: queries completed: 1 started: 1 [14621] dbg: uridnsbl: queries active: A=1 at Fri May 5 08:03:41 2006 [14621] dbg: uridnsbl: select found 1 socks ready [14621] dbg: uridnsbl: queries completed: 1 started: 1 [14621] dbg: uridnsbl: queries active: DNSBL=1 at Fri May 5 08:03:41 2006 [14621] dbg: uridnsbl: select found 1 socks ready [14621] dbg: uridnsbl: query for evite.com took 1 seconds to look up (sbl.spamhaus.org.:54.61.104.209) [14621] dbg: uridnsbl: queries completed: 1 started: 0 [14621] dbg: uridnsbl: queries active: DNSBL=1 at Fri May 5 08:03:41 2006 [14621] dbg: uridnsbl: select found 1 socks ready [14621] dbg: uridnsbl: query for evite.com took 1 seconds to look up (sbl.spamhaus.org.:52.61.104.209) [14621] dbg: uridnsbl: queries completed: 1 started: 0 [14621] dbg: uridnsbl: queries active: at Fri May 5 08:03:41 2006 [14621] dbg: uridnsbl: done waiting for URIDNSBL lookups to complete [14621] dbg: rules: running meta tests; score so far=-0.049 [14621] dbg: rules: running header regexp tests; score so far=-0.049 [14621] dbg: rules: running body-text per-line regexp tests; score so far=-0.049 [14621] dbg: uri: running uri tests; score so far=-0.049 [14621] dbg: rules: running raw-body-text per-line regexp tests; score so far=-0.049 [14621] dbg: rules: running full-text regexp tests; score so far=-0.049 [14621] dbg: check: running tests for priority: 1000 [14621] dbg: rules: running meta tests; score so far=-0.049 [14621] dbg: rules: running header regexp tests; score so far=-0.049 [14621] dbg: rules: running body-text per-line regexp tests; score so far=-0.049 [14621] dbg: uri: running uri tests; score so far=-0.049 [14621] dbg: rules: running raw-body-text per-line regexp tests; score so far=-0.049 [14621] dbg: rules: running full-text regexp tests; score so far=-0.049 [14621] dbg: plugin: Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x17b638c) implements 'autolearn_discriminator' [14621] dbg: learn: auto-learn: currently using scoreset 3, recomputing score based on scoreset 1 [14621] dbg: learn: auto-learn: message score: -0.049, computed score for autolearn: 0.001 [14621] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=0.001, head-points=0, learned-points=-0.05 [14621] dbg: learn: auto-learn? yes, ham (0.001 < 0.1) [14621] dbg: learn: initializing learner [14621] dbg: learn: learning ham [14621] dbg: eval: all '*From' addrs: info@evite.com ?g [14621] dbg: eval: all '*To' addrs: maduggan@colby.edu [14621] dbg: uri: html uri found, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: cleaned html uri, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/images/eric.gif [14621] dbg: uri: cleaned html uri, http://www.evite.com/images/eric.gif [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/inviteMore?eventID=FZKJBFGOZUFDSADKKQDF&iid=ZPKWSNKQKSVXUHFIRYVU [14621] dbg: uri: cleaned html uri, http://www.evite.com/inviteMore?eventID=FZKJBFGOZUFDSADKKQDF&iid=ZPKWSNKQKSVXUHFIRYVU [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/ [14621] dbg: uri: cleaned html uri, http://www.evite.com/ [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&src=email [14621] dbg: uri: cleaned html uri, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&src=email [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/images/v_email/top_trans.png [14621] dbg: uri: cleaned html uri, http://www.evite.com/images/v_email/top_trans.png [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/privacy [14621] dbg: uri: cleaned html uri, http://www.evite.com/privacy [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, mailto:info@evite.com [14621] dbg: uri: cleaned html uri, mailto:info@evite.com [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/images/v_email/logo.gif [14621] dbg: uri: cleaned html uri, http://www.evite.com/images/v_email/logo.gif [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/respond/rmcomm?iid=ZPKWSNKQKSVXUHFIRYVU [14621] dbg: uri: cleaned html uri, http://www.evite.com/respond/rmcomm?iid=ZPKWSNKQKSVXUHFIRYVU [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/html/designGallery/designs/Vintage_Travel/vmg_bonvoyage.gif [14621] dbg: uri: cleaned html uri, http://www.evite.com/html/designGallery/designs/Vintage_Travel/vmg_bonvoyage.gif [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/r?iid=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: cleaned html uri, http://www.evite.com/r?iid=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: parsed uri found, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&src=email [14621] dbg: uri: parsed domain, evite.com [14621] dbg: uri: parsed uri found, http://www.evite.com/privacy [14621] dbg: uri: parsed domain, evite.com [14621] dbg: uri: parsed uri found, mailto:info@evite.com [14621] dbg: uri: parsed domain, evite.com [14621] dbg: uri: parsed uri found, mailto:info@evite.com [14621] dbg: uri: parsed domain, evite.com [14621] dbg: uri: parsed uri found, http://www.evite.com/r?iid=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: parsed domain, evite.com [14621] dbg: locker: safe_lock: created /var/spool/spamassassin/bayes.mutex [14621] dbg: locker: safe_lock: trying to get lock on /var/spool/spamassassin/bayes with 10 timeout [14621] dbg: locker: safe_lock: link to /var/spool/spamassassin/bayes.mutex: link ok [14621] dbg: bayes: tie-ing to DB file R/W /var/spool/spamassassin/bayes_toks [14621] dbg: bayes: tie-ing to DB file R/W /var/spool/spamassassin/bayes_seen [14621] dbg: bayes: found bayes db version 3 [14621] dbg: bayes: 08dfde562b6bfabf0098ac6a3686413257b86141@sa_generated already learnt correctly, not learning twice [14621] dbg: bayes: untie-ing [14621] dbg: bayes: untie-ing db_toks [14621] dbg: bayes: untie-ing db_seen [14621] dbg: bayes: files locked, now unlocking lock [14621] dbg: locker: safe_unlock: unlocked /var/spool/spamassassin/bayes.mutex [14621] dbg: learn: initializing learner [14621] dbg: check: is spam? score=-0.049 required=5 [14621] dbg: check: tests=BAYES_00,HTML_MESSAGE [14621] dbg: check: subtests=__COMMENT_EXISTS,__CT,__CTYPE_HAS_BOUNDARY,__HAS_MSGID,__HAS_RCVD,__HAS_SUBJECT,__HTML_LINK_IMAGE,__MIME_HTML,__MIME_VERSION,__MSGID_OK_DIGITS,__MSGID_OK_HEX,__NONEMPTY_BODY,__SANE_MSGID,__TAG_EXISTS_BODY,__TAG_EXISTS_HTML,__TOCC_EXISTS [14621] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=0.001, head-points=0, learned-points=-0.05 [14621] dbg: learn: auto-learn? yes, ham (0.001 < 0.1) [14621] dbg: learn: initializing learner [14621] dbg: learn: learning ham [14621] dbg: eval: all '*From' addrs: info@evite.com ?g [14621] dbg: eval: all '*To' addrs: maduggan@colby.edu [14621] dbg: uri: html uri found, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: cleaned html uri, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/images/eric.gif [14621] dbg: uri: cleaned html uri, http://www.evite.com/images/eric.gif [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/inviteMore?eventID=FZKJBFGOZUFDSADKKQDF&iid=ZPKWSNKQKSVXUHFIRYVU [14621] dbg: uri: cleaned html uri, http://www.evite.com/inviteMore?eventID=FZKJBFGOZUFDSADKKQDF&iid=ZPKWSNKQKSVXUHFIRYVU [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/ [14621] dbg: uri: cleaned html uri, http://www.evite.com/ [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&src=email [14621] dbg: uri: cleaned html uri, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&src=email [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/images/v_email/top_trans.png [14621] dbg: uri: cleaned html uri, http://www.evite.com/images/v_email/top_trans.png [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/privacy [14621] dbg: uri: cleaned html uri, http://www.evite.com/privacy [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, mailto:info@evite.com [14621] dbg: uri: cleaned html uri, mailto:info@evite.com [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/images/v_email/logo.gif [14621] dbg: uri: cleaned html uri, http://www.evite.com/images/v_email/logo.gif [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/respond/rmcomm?iid=ZPKWSNKQKSVXUHFIRYVU [14621] dbg: uri: cleaned html uri, http://www.evite.com/respond/rmcomm?iid=ZPKWSNKQKSVXUHFIRYVU [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/html/designGallery/designs/Vintage_Travel/vmg_bonvoyage.gif [14621] dbg: uri: cleaned html uri, http://www.evite.com/html/designGallery/designs/Vintage_Travel/vmg_bonvoyage.gif [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/r?iid=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: cleaned html uri, http://www.evite.com/r?iid=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: parsed uri found, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&src=email [14621] dbg: uri: parsed domain, evite.com [14621] dbg: uri: parsed uri found, http://www.evite.com/privacy [14621] dbg: uri: parsed domain, evite.com [14621] dbg: uri: parsed uri found, mailto:info@evite.com [14621] dbg: uri: parsed domain, evite.com [14621] dbg: uri: parsed uri found, mailto:info@evite.com [14621] dbg: uri: parsed domain, evite.com [14621] dbg: uri: parsed uri found, http://www.evite.com/r?iid=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: parsed domain, evite.com [14621] dbg: locker: safe_lock: created /var/spool/spamassassin/bayes.mutex [14621] dbg: locker: safe_lock: trying to get lock on /var/spool/spamassassin/bayes with 10 timeout [14621] dbg: locker: safe_lock: link to /var/spool/spamassassin/bayes.mutex: link ok [14621] dbg: bayes: tie-ing to DB file R/W /var/spool/spamassassin/bayes_toks [14621] dbg: bayes: tie-ing to DB file R/W /var/spool/spamassassin/bayes_seen [14621] dbg: bayes: found bayes db version 3 [14621] dbg: bayes: 08dfde562b6bfabf0098ac6a3686413257b86141@sa_generated already learnt correctly, not learning twice [14621] dbg: bayes: untie-ing [14621] dbg: bayes: untie-ing db_toks [14621] dbg: bayes: untie-ing db_seen [14621] dbg: bayes: files locked, now unlocking lock [14621] dbg: locker: safe_unlock: unlocked /var/spool/spamassassin/bayes.mutex [14621] dbg: learn: initializing learner Ignore errors about failing to find EOCD signature format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 781 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 781 Stopping now as you are debugging me. From AHKAPLAN at PARTNERS.ORG Fri May 5 13:43:25 2006 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Fri May 5 13:43:35 2006 Subject: Quarantine Directory Message-ID: <9C63A4713C4E3342B90428CE44806A73026796BC@PHSXMB5.partners.org> Hi there - I want to investigate the contents of the quarantine directory, and I need to know what is the best way to do so. Any suggestions will be welcome. Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060505/91edc3dc/attachment.html From MailScanner at ecs.soton.ac.uk Fri May 5 13:45:43 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 5 13:46:00 2006 Subject: 4.53.7, endless loop in debug mode In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580CC0AFAD@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580CC0AFAD@isabella.herefordshire.gov.uk> Message-ID: <98FB8BAF-373F-4B92-A749-5D2A7B7B49C6@ecs.soton.ac.uk> Please can a couple more people test it and let me know if it working well. Then I will do a 4.53.8. On 5 May 2006, at 12:36, Randal, Phil wrote: > Julian, > > This one needs a 4.53.8 release, because it can affect anybody. > > Cheers, > > Phil > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Anthony Peacock >> Sent: 05 May 2006 11:34 >> To: MailScanner discussion >> Subject: Re: 4.53.7, endless loop in debug mode >> >> Hi Julian, >> >> Thanks for this. >> >> Replacing the previous Message.pm with this new one seems to >> have fixed >> the problem. >> >> I placed the saved queue files that were causing the problem >> yesterday >> in the incoming queue, and MS ran without hitch, both in >> debug mode and >> in normal operation. >> >> I will keep and eye on this and get back if I noticed any >> further glitches. >> >> Julian Field wrote: >>> Please can you try the attached Message.pm file instead of >> your previous >>> one. I have rewritten a whole chunk of the phishing net and >> it should be >>> more reliable now (I hope!). >>> >>> >>> --This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> MailScanner thanks transtec Computers for their support. >>> >>> >>> On 3 May 2006, at 19:52, Jeff A. Earickson wrote: >>> >>>> The attached message cause 4.53.7 >>>> to go into some kind of endless loop when I ran it in debug >>>> mode. I didn't try it in normal mode. The debug output is >>>> attached too. >>>> >>>> In debug mode, I got hundreds of syslog msgs like: >>>> >>>> MailScanner[16465]: Found phishing fraud from >> www.evite.com claiming >>>> to be >>>> >> www.greetingstoall,afternearly3yearsbackinthestates,i'mheading >> backtolondonforwor >>>> in k43IWccm014788 >>>> >>>> I've fallen back to 4.52.2. My setup: Solaris 10, sendmail 8.13.6, >>>> SA 3.1.1. >>>> >>>> Jeff Earickson >>>> Colby College >>>> >>>> >>>> >>> >>> --Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >> >> >> -- >> Anthony Peacock >> CHIME, Royal Free & University College Medical School >> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ >> "The most exciting phrase to hear in science, the one that >> heralds new >> discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From prandal at herefordshire.gov.uk Fri May 5 13:49:02 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri May 5 13:49:47 2006 Subject: 4.53.7, endless loop in debug mode Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580CC0AFBC@isabella.herefordshire.gov.uk> The new Message.pm has quite happily processed 650-odd messages in the last hour without problems. Thanks for the fix, Julian. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Jeff A. Earickson > Sent: 05 May 2006 13:14 > To: Julian Field > Cc: MailScanner mailing list > Subject: Re: 4.53.7, endless loop in debug mode > > Julian, > > Yes, the new Message.pm worked with my problem message. Attached is > the debug output from my run with the one problem message. > > I'm now running 4.53.7 with the new Message.pm in production, waiting > for the sound of screeching tires and breaking glass. :) > > If you decide to roll out a new release (I think you should), please > add this small change to MailScanner.conf comments: > > *** MailScanner.conf.orig Wed May 3 14:00:23 2006 > --- MailScanner.conf.new Fri May 5 08:10:13 2006 > *************** > *** 1945,1950 **** > --- 1945,1951 ---- > # cron job has run successfully and has created a > directory structure > under > # the spamassassin directory within this one and has put > some *.cf files > in > # there. Otherwise it will ignore all your current rules! > + # The default location may be /var/opt on Solaris systems. > SpamAssassin Local State Dir = # /var/lib > > # The default rules are searched for here, and in > prefix/share/spamassassin, > > Thanks for the quick work! > > Jeff Earickson > Colby College > > On Fri, 5 May 2006, Julian Field wrote: > > > Date: Fri, 5 May 2006 10:52:31 +0100 > > From: Julian Field > > To: Jeff A. Earickson > > Cc: MailScanner mailing list > > Subject: Re: 4.53.7, endless loop in debug mode > > > > Please can you try the attached Message.pm file instead of > your previous one. > > I have rewritten a whole chunk of the phishing net and it > should be more > > reliable now (I hope!). > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > MailScanner thanks transtec Computers for their support. > > > From MailScanner at ecs.soton.ac.uk Fri May 5 14:02:58 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 5 14:03:16 2006 Subject: Mailscanner does not identify attachment in mail In-Reply-To: References: Message-ID: On 5 May 2006, at 09:33, Koopmann, Jan-Peter wrote: > On Thursday, May 04, 2006 12:38 PM Julian Field wrote: > >> It should have found the uu-encoded file. Have you got that feature >> switched on? >> Look for "uu" or "UU" in MailScanner.conf. > > Well I upgraded to 4.53.7 on that box and today the next one came > in. It > again was identified as spam. > > May 5 10:00:40 proxy-hb MailScanner[98493]: New Batch: Scanning 1 > messages, > 35159 bytes > May 5 10:00:40 proxy-hb MailScanner[98493]: Saved archive copies of > 1FbvEk-0002FH-GK > May 5 10:00:40 proxy-hb MailScanner[98493]: MCP Checks: Starting > May 5 10:00:40 proxy-hb MailScanner[98493]: Spam Checks: Starting > May 5 10:00:52 proxy-hb MailScanner[98493]: Spam Checks: Found 1 spam > messages > May 5 10:00:52 proxy-hb MailScanner[98493]: Spam Actions: message > 1FbvEk-0002FH-GK actions are store > May 5 10:00:53 proxy-hb MailScanner[98493]: Virus and Content > Scanning: > Starting > May 5 10:00:53 proxy-hb MailScanner[98493]: Scan started at Fri > May 5 > 10:00:53 2006 > May 5 10:00:53 proxy-hb MailScanner[98493]: Database version: > 2006-05-05_01 > May 5 10:00:53 proxy-hb MailScanner[98493]: Scan ended at Fri May 5 > 10:00:53 2006 > May 5 10:00:53 proxy-hb MailScanner[98493]: 3 files scanned > May 5 10:00:55 proxy-hb MailScanner[98493]: Batch (1 message) > processed in > 15.31 seconds > May 5 10:00:55 proxy-hb MailScanner[98493]: "Always Looked Up > Last" took > 0.02 seconds > > > Two problems/questions: > > 1. Is the uuencoded file now identified as such by MailScanner? It > says 3 > files scanned so I would assume so but I am not sure. I have Find > UU-Encoded > Files = yes in MailScanner.conf. The attachment is a virus free pdf > so it is > ok that no alarms pop up. Yes, it should be identified as a uu-encoded file by MailScanner. > 2. Why does Spamassassin identify it as spam? Clearly it does not > recognize > the uuencoded file as such and therefore hits strange rules (like > BAYES_99, > SARE_URI_EUQALS etc.) pushing it over the High Scoring Spam limit. > Is this a > SpamAssassin or a MailScanner problem? In MIME-Mails SA does recognize > attachments does it not and exclude it from scanning, does it not= The difference is that uu-encoding is usually just done within a text/ plain part of the message, it's not a separate MIME entity like every other attachment. The only way of finding them is to hunt through all the plain text parts of the message, looking for the signature line at the start of a uu-encoded file, and try to process the following text into a file. This is what MailScanner does, and has for a long time. The "MyParty" virus appeared years ago which exploited this loophole in most commercial virus scanners. It's always a good test of a commercial email virus scanner, just uuencode eicar and put it into a plain text (not MIME at all) message and see if it gets caught. It is possible that SpamAssassin does not do these checks, resulting in false positives. I'm sure Matt will correct me if I'm wrong :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From adrik at salesmanager.nl Fri May 5 14:11:21 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Fri May 5 14:11:23 2006 Subject: Mailscanner does not identify attachment in mail Message-ID: Julian, I also spent some time looking in SA bugs list etc. It seems SA doesn't want to alter the plain text of an email message. Therefore it only strips MIME attachments before processing the message body. UUEncoded attachments seems to stay in place and are processed, resulting in undesirable side-effects! This problem has appeared a few times on the SA list and the general consensus of the developers seems to be 'Don't fix', since it appears rarely in normal email and everybody should be MIME compliant. I might not agree with this, but I think there won't be a quick solution from SpamAssassin. Adri. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: vrijdag 5 mei 2006 15:03 > To: MailScanner discussion > Subject: Re: Mailscanner does not identify attachment in mail > > > On 5 May 2006, at 09:33, Koopmann, Jan-Peter wrote: > > > On Thursday, May 04, 2006 12:38 PM Julian Field wrote: > > > >> It should have found the uu-encoded file. Have you got > that feature > >> switched on? > >> Look for "uu" or "UU" in MailScanner.conf. > > > > Well I upgraded to 4.53.7 on that box and today the next > one came in. > > It again was identified as spam. > > > > May 5 10:00:40 proxy-hb MailScanner[98493]: New Batch: Scanning 1 > > messages, > > 35159 bytes > > May 5 10:00:40 proxy-hb MailScanner[98493]: Saved archive > copies of > > 1FbvEk-0002FH-GK May 5 10:00:40 proxy-hb MailScanner[98493]: MCP > > Checks: Starting May 5 10:00:40 proxy-hb MailScanner[98493]: Spam > > Checks: Starting May 5 10:00:52 proxy-hb MailScanner[98493]: Spam > > Checks: Found 1 spam messages May 5 10:00:52 proxy-hb > > MailScanner[98493]: Spam Actions: message 1FbvEk-0002FH-GK > actions are > > store May 5 10:00:53 proxy-hb MailScanner[98493]: Virus and Content > > Scanning: > > Starting > > May 5 10:00:53 proxy-hb MailScanner[98493]: Scan started > at Fri May > > 5 > > 10:00:53 2006 > > May 5 10:00:53 proxy-hb MailScanner[98493]: Database version: > > 2006-05-05_01 > > May 5 10:00:53 proxy-hb MailScanner[98493]: Scan ended at > Fri May 5 > > 10:00:53 2006 > > May 5 10:00:53 proxy-hb MailScanner[98493]: 3 files scanned May 5 > > 10:00:55 proxy-hb MailScanner[98493]: Batch (1 message) processed in > > 15.31 seconds > > May 5 10:00:55 proxy-hb MailScanner[98493]: "Always Looked > Up Last" > > took > > 0.02 seconds > > > > > > Two problems/questions: > > > > 1. Is the uuencoded file now identified as such by MailScanner? It > > says 3 files scanned so I would assume so but I am not sure. I have > > Find UU-Encoded Files = yes in MailScanner.conf. The > attachment is a > > virus free pdf so it is ok that no alarms pop up. > > Yes, it should be identified as a uu-encoded file by MailScanner. > > > 2. Why does Spamassassin identify it as spam? Clearly it does not > > recognize the uuencoded file as such and therefore hits > strange rules > > (like BAYES_99, SARE_URI_EUQALS etc.) pushing it over the > High Scoring > > Spam limit. > > Is this a > > SpamAssassin or a MailScanner problem? In MIME-Mails SA > does recognize > > attachments does it not and exclude it from scanning, does it not= > > The difference is that uu-encoding is usually just done > within a text/ plain part of the message, it's not a separate > MIME entity like every other attachment. The only way of > finding them is to hunt through all the plain text parts of > the message, looking for the signature line at the start of a > uu-encoded file, and try to process the following text into a > file. This is what MailScanner does, and has for a long time. > The "MyParty" virus appeared years ago which exploited this > loophole in most commercial virus scanners. It's always a > good test of a commercial email virus scanner, just uuencode > eicar and put it into a plain text (not MIME at all) message > and see if it gets caught. > > It is possible that SpamAssassin does not do these checks, > resulting in false positives. I'm sure Matt will correct me > if I'm wrong :-) > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store PGP > footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Fri May 5 14:13:15 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 5 14:13:30 2006 Subject: 4.53.8 --- Re: 4.53.7, endless loop in debug mode In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580CC0AFBC@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580CC0AFBC@isabella.herefordshire.gov.uk> Message-ID: <7E2E2D61-D75C-481E-8EBF-7E49A9DB3241@ecs.soton.ac.uk> I have just release 4.53.8. The only change (except for 1 comment) is the phishing net bug fix. I'm very sorry for doing this to you folks. In future, I would really appreciate it if more people would help with the beta testing. This bug really should have shown up in testing and didn't. But I realise that it is my fault for sloppy code in the first place. :-( Jules. On 5 May 2006, at 13:49, Randal, Phil wrote: > The new Message.pm has quite happily processed 650-odd messages in the > last hour without problems. > > Thanks for the fix, Julian. > > Cheers, > > Phil > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Jeff A. Earickson >> Sent: 05 May 2006 13:14 >> To: Julian Field >> Cc: MailScanner mailing list >> Subject: Re: 4.53.7, endless loop in debug mode >> >> Julian, >> >> Yes, the new Message.pm worked with my problem message. Attached is >> the debug output from my run with the one problem message. >> >> I'm now running 4.53.7 with the new Message.pm in production, waiting >> for the sound of screeching tires and breaking glass. :) >> >> If you decide to roll out a new release (I think you should), please >> add this small change to MailScanner.conf comments: >> >> *** MailScanner.conf.orig Wed May 3 14:00:23 2006 >> --- MailScanner.conf.new Fri May 5 08:10:13 2006 >> *************** >> *** 1945,1950 **** >> --- 1945,1951 ---- >> # cron job has run successfully and has created a >> directory structure >> under >> # the spamassassin directory within this one and has put >> some *.cf files >> in >> # there. Otherwise it will ignore all your current rules! >> + # The default location may be /var/opt on Solaris systems. >> SpamAssassin Local State Dir = # /var/lib >> >> # The default rules are searched for here, and in >> prefix/share/spamassassin, >> >> Thanks for the quick work! >> >> Jeff Earickson >> Colby College >> >> On Fri, 5 May 2006, Julian Field wrote: >> >>> Date: Fri, 5 May 2006 10:52:31 +0100 >>> From: Julian Field >>> To: Jeff A. Earickson >>> Cc: MailScanner mailing list >>> Subject: Re: 4.53.7, endless loop in debug mode >>> >>> Please can you try the attached Message.pm file instead of >> your previous one. >>> I have rewritten a whole chunk of the phishing net and it >> should be more >>> reliable now (I hope!). >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> MailScanner thanks transtec Computers for their support. >>> >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From adrik at salesmanager.nl Fri May 5 14:25:17 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Fri May 5 14:25:19 2006 Subject: 4.53.8 --- Re: 4.53.7, endless loop in debug mode Message-ID: Julian, Don't worry to much. :-) It's probably better to have quick bug fixes instead of endless development cycles with no releases. Adri. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: vrijdag 5 mei 2006 15:13 > To: MailScanner discussion > Subject: 4.53.8 --- Re: 4.53.7, endless loop in debug mode > > I have just release 4.53.8. > > The only change (except for 1 comment) is the phishing net bug fix. > > I'm very sorry for doing this to you folks. > In future, I would really appreciate it if more people would > help with the beta testing. This bug really should have shown > up in testing and didn't. But I realise that it is my fault > for sloppy code in the first place. :-( > > Jules. > > On 5 May 2006, at 13:49, Randal, Phil wrote: > > > The new Message.pm has quite happily processed 650-odd > messages in the > > last hour without problems. > > > > Thanks for the fix, Julian. > > > > Cheers, > > > > Phil > > > > ---- > > Phil Randal > > Network Engineer > > Herefordshire Council > > Hereford, UK > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Jeff > >> A. Earickson > >> Sent: 05 May 2006 13:14 > >> To: Julian Field > >> Cc: MailScanner mailing list > >> Subject: Re: 4.53.7, endless loop in debug mode > >> > >> Julian, > >> > >> Yes, the new Message.pm worked with my problem message. > Attached is > >> the debug output from my run with the one problem message. > >> > >> I'm now running 4.53.7 with the new Message.pm in > production, waiting > >> for the sound of screeching tires and breaking glass. :) > >> > >> If you decide to roll out a new release (I think you > should), please > >> add this small change to MailScanner.conf comments: > >> > >> *** MailScanner.conf.orig Wed May 3 14:00:23 2006 > >> --- MailScanner.conf.new Fri May 5 08:10:13 2006 > >> *************** > >> *** 1945,1950 **** > >> --- 1945,1951 ---- > >> # cron job has run successfully and has created a directory > >> structure under > >> # the spamassassin directory within this one and has > put some *.cf > >> files in > >> # there. Otherwise it will ignore all your current rules! > >> + # The default location may be /var/opt on Solaris systems. > >> SpamAssassin Local State Dir = # /var/lib > >> > >> # The default rules are searched for here, and in > >> prefix/share/spamassassin, > >> > >> Thanks for the quick work! > >> > >> Jeff Earickson > >> Colby College > >> > >> On Fri, 5 May 2006, Julian Field wrote: > >> > >>> Date: Fri, 5 May 2006 10:52:31 +0100 > >>> From: Julian Field > >>> To: Jeff A. Earickson > >>> Cc: MailScanner mailing list > >>> Subject: Re: 4.53.7, endless loop in debug mode > >>> > >>> Please can you try the attached Message.pm file instead of > >> your previous one. > >>> I have rewritten a whole chunk of the phishing net and it > >> should be more > >>> reliable now (I hope!). > >>> > >>> > >>> -- > >>> This message has been scanned for viruses and dangerous > content by > >>> MailScanner, and is believed to be clean. > >>> MailScanner thanks transtec Computers for their support. > >>> > >> > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store PGP > footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From campbell at cnpapers.com Fri May 5 14:26:21 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Fri May 5 14:26:43 2006 Subject: Quarantine Directory References: <9C63A4713C4E3342B90428CE44806A73026796BC@PHSXMB5.partners.org> Message-ID: <001e01c67047$801e34d0$0705000a@DDF5DW71> Mailwatch works for me Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: Kaplan, Andrew H. To: mailscanner@lists.mailscanner.info Sent: Friday, May 05, 2006 8:43 AM Subject: Quarantine Directory Hi there - I want to investigate the contents of the quarantine directory, and I need to know what is the best way to do so. Any suggestions will be welcome. Thanks. ------------------------------------------------------------------------------ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060505/18477bd7/attachment.html From amoore at dekalbmemorial.com Fri May 5 14:38:59 2006 From: amoore at dekalbmemorial.com (Aaron K. Moore) Date: Fri May 5 14:38:48 2006 Subject: 4.53.8 --- Re: 4.53.7, endless loop in debug mode Message-ID: <60D398EB2DB948409CA1F50D8AF12257010337AC@exch1.dekalbmemorial.local> Julian, Is Message.pm the only file with changes? I install from source here instead of the rpms (long story) and would rather just drop in the corrected file than go through a whole install from scratch. Thanks Aaron Julian Field wrote: > I have just release 4.53.8. > > The only change (except for 1 comment) is the phishing net bug fix. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com From a.peacock at chime.ucl.ac.uk Fri May 5 14:52:02 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri May 5 14:52:29 2006 Subject: 4.53.8 --- Re: 4.53.7, endless loop in debug mode In-Reply-To: <7E2E2D61-D75C-481E-8EBF-7E49A9DB3241@ecs.soton.ac.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580CC0AFBC@isabella.herefordshire.gov.uk> <7E2E2D61-D75C-481E-8EBF-7E49A9DB3241@ecs.soton.ac.uk> Message-ID: <445B5882.8070104@chime.ucl.ac.uk> Hi Julian, Julian Field wrote: > I have just release 4.53.8. > > The only change (except for 1 comment) is the phishing net bug fix. Many thanks for the quick fix. > I'm very sorry for doing this to you folks. > In future, I would really appreciate it if more people would help with > the beta testing. This bug really should have shown up in testing and > didn't. But I realise that it is my fault for sloppy code in the first > place. :-( It isn't always possible for me to test the beta releases. In fact I don't always install every stable release, it just depends on what else I have going on at work at the time. If I get the chance I do intend on setting up a test server that can run new releases in parallel to the live service. In the meantime I have MailScanner installed so that reverting back to a previous release is a case of stopping MailScanner, changing a soft link and restarting MailScanner. This works really well for quickly changing between versions for testing purposes. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From jaearick at colby.edu Fri May 5 15:52:11 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri May 5 15:56:50 2006 Subject: Quarantine Directory In-Reply-To: <9C63A4713C4E3342B90428CE44806A73026796BC@PHSXMB5.partners.org> References: <9C63A4713C4E3342B90428CE44806A73026796BC@PHSXMB5.partners.org> Message-ID: Andrew, Whatsamatter, vi not good enough for you?? :) If you are using sendmail, you can see what is in a quarantine directory with: usr/lib/sendmail -v -bp -OQueueDirectory=/var/spool/MailScanner/quarantine/whereever, eg /usr/lib/sendmail -v -bp -OQueueDirectory=/var/spool/MailScanner/quarantine/20060505/k45EfZEa020990 Maybe write a shell script to do something like: #/usr/bin/ksh for msgid in `ls -1 /var/spool/MailScanner/quarantine/20060505` do /usr/lib/sendmail -v -bp -OQueueDirectory=/var/spool/MailScanner/quarantine/20060505/$msgid done something like that for various dates and msgids. Or loop thru the directories then grep for the msgids in your syslog. Jeff Earickson Colby College On Fri, 5 May 2006, Kaplan, Andrew H. wrote: > Date: Fri, 5 May 2006 08:43:25 -0400 > From: "Kaplan, Andrew H." > Reply-To: MailScanner discussion > To: mailscanner@lists.mailscanner.info > Subject: Quarantine Directory > > Hi there - > > > > I want to investigate the contents of the quarantine directory, and I need to > know what is the best way to do so. Any suggestions > > will be welcome. Thanks. > > From glenn.steen at gmail.com Fri May 5 16:33:32 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri May 5 16:33:36 2006 Subject: Quarantine Directory In-Reply-To: References: <9C63A4713C4E3342B90428CE44806A73026796BC@PHSXMB5.partners.org> Message-ID: <223f97700605050833y60d43c9v29ffb6b645b3531f@mail.gmail.com> On 05/05/06, Jeff A. Earickson wrote: > Andrew, > > Whatsamatter, vi not good enough for you?? :) If it was, there would be no vim:-):-) > > If you are using sendmail, you can see what is in a quarantine > directory with: > > usr/lib/sendmail -v -bp -OQueueDirectory=/var/spool/MailScanner/quarantine/whereever, eg > > /usr/lib/sendmail -v -bp -OQueueDirectory=/var/spool/MailScanner/quarantine/20060505/k45EfZEa020990 > > Maybe write a shell script to do something like: > > #/usr/bin/ksh > for msgid in `ls -1 /var/spool/MailScanner/quarantine/20060505` > do > /usr/lib/sendmail -v -bp -OQueueDirectory=/var/spool/MailScanner/quarantine/20060505/$msgid > done > > something like that for various dates and msgids. Or loop thru the > directories then grep for the msgids in your syslog. > > Jeff Earickson > Colby College > If it's Postfix and you are storing as queue files, use "postcat /path/to/filename" ... Example: # postcat /var/spool/MailScanner/quarantine/20060505/spam/F3AC284127.5615D | less -e If not storing as queue files, then the message is decoded in the file named message ... and the spam quarantine would contain decoded messages too... Example: # file /var/spool/MailScanner/quarantine/20060505/spam/F3AC284127.5615D /var/spool/MailScanner/quarantine/20060505/spam/F3AC284127.5615D: RFC 822 mail text # less -e /var/spool/MailScanner/quarantine/20060505/spam/F3AC284127.5615D .... The virus/dangerous content quarantine is very similar, but there you have # ls -l /var/spool/MailScanner/quarantine/20060503/475CF840FA.636D0/ totalt 28 -rw-rw---- 1 postfix apache 12364 maj 3 01:55 message -rw-rw---- 1 postfix apache 11102 maj 3 01:55 msg-12029-9.html # less -e /var/spool/MailScanner/quarantine/20060503/475CF840FA.636D0/message .... etc etc But Steve is right, the most convenient way is definitely MailWatch: http://mailwatch.sf.net -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Fri May 5 16:56:12 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 5 16:56:30 2006 Subject: 4.53.8 --- Re: 4.53.7, endless loop in debug mode In-Reply-To: <60D398EB2DB948409CA1F50D8AF12257010337AC@exch1.dekalbmemorial.local> References: <60D398EB2DB948409CA1F50D8AF12257010337AC@exch1.dekalbmemorial.local> Message-ID: Yes. On 5 May 2006, at 14:38, Aaron K. Moore wrote: > Julian, > > Is Message.pm the only file with changes? I install from source here > instead of the rpms (long story) and would rather just drop in the > corrected file than go through a whole install from scratch. > > Thanks > > Aaron > > Julian Field wrote: >> I have just release 4.53.8. >> >> The only change (except for 1 comment) is the phishing net bug fix. > > -- > Aaron Kent Moore > Information Technology Services > DeKalb Memorial Hospital, Inc. > Auburn, IN > Phone: 260.920.2808 > E-mail: amoore@dekalbmemorial.com > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From campbell at cnpapers.com Fri May 5 17:04:32 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Fri May 5 17:04:42 2006 Subject: Quarantine Directory References: <9C63A4713C4E3342B90428CE44806A73026796BC@PHSXMB5.partners.org> <223f97700605050833y60d43c9v29ffb6b645b3531f@mail.gmail.com> Message-ID: <001301c6705d$989e04c0$0705000a@DDF5DW71> ----- Original Message ----- From: "Glenn Steen" To: "MailScanner discussion" Sent: Friday, May 05, 2006 11:33 AM Subject: Re: Quarantine Directory > On 05/05/06, Jeff A. Earickson wrote: >> Andrew, >> >> Whatsamatter, vi not good enough for you?? :) > > If it was, there would be no vim:-):-) > >> >> If you are using sendmail, you can see what is in a quarantine >> directory with: >> >> usr/lib/sendmail -v -bp -OQueueDirectory=/var/spool/MailScanner/quarantine/whereever, >> eg >> >> /usr/lib/sendmail -v -bp -OQueueDirectory=/var/spool/MailScanner/quarantine/20060505/k45EfZEa020990 >> >> Maybe write a shell script to do something like: >> >> #/usr/bin/ksh >> for msgid in `ls -1 /var/spool/MailScanner/quarantine/20060505` >> do >> /usr/lib/sendmail -v -bp -OQueueDirectory=/var/spool/MailScanner/quarantine/20060505/$msgid >> done >> >> something like that for various dates and msgids. Or loop thru the >> directories then grep for the msgids in your syslog. >> >> Jeff Earickson >> Colby College >> > If it's Postfix and you are storing as queue files, use "postcat > /path/to/filename" ... Example: > # postcat /var/spool/MailScanner/quarantine/20060505/spam/F3AC284127.5615D > | less -e > If not storing as queue files, then the message is decoded in the file > named message ... and the spam quarantine would contain decoded > messages too... Example: > # file /var/spool/MailScanner/quarantine/20060505/spam/F3AC284127.5615D > /var/spool/MailScanner/quarantine/20060505/spam/F3AC284127.5615D: RFC > 822 mail text > # less -e /var/spool/MailScanner/quarantine/20060505/spam/F3AC284127.5615D > .... > The virus/dangerous content quarantine is very similar, but there you have > # ls -l /var/spool/MailScanner/quarantine/20060503/475CF840FA.636D0/ > totalt 28 > -rw-rw---- 1 postfix apache 12364 maj 3 01:55 message > -rw-rw---- 1 postfix apache 11102 maj 3 01:55 msg-12029-9.html > # less -e > /var/spool/MailScanner/quarantine/20060503/475CF840FA.636D0/message > .... > etc etc > > But Steve is right, the most convenient way is definitely MailWatch: > http://mailwatch.sf.net Thank goodness for the above paragraph. I thought I was using one of the best tools for email ever all for the wrong reasons there for a minute. Steve > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- From mailscanner at mango.zw Fri May 5 17:40:07 2006 From: mailscanner at mango.zw (Jim Holland) Date: Fri May 5 17:44:40 2006 Subject: Quarantine Directory In-Reply-To: Message-ID: On Fri, 5 May 2006, Kaplan, Andrew H. wrote: > > Date: Fri, 5 May 2006 08:43:25 -0400 > > From: "Kaplan, Andrew H." > > Reply-To: MailScanner discussion > > To: mailscanner@lists.mailscanner.info > > Subject: Quarantine Directory > > > > Hi there - > > > > I want to investigate the contents of the quarantine directory, and I need to > > know what is the best way to do so. Any suggestions > > will be welcome. Thanks. It depends what you are looking for. If you just want to know what messages have been stored there and why, start with the mail log: grep for: "Spam Actions:.*actions are store" extract the msgids, by using awk to extract the relevant field grep for the msgids in the log If you want to examine particular messages, use your favourite viewer - mine is Midnight Commander. If you want to browse the spam messages, then why not convert the mail files into a dummy mailbox and then browse that: cd for file in *; do sed "s/^Return-Path:.*/From junk@junk.com Fri May 5 \ 00:00 2006/" < $file >> mailbox ; echo >> mailbox; done The above assumes that the quarantined messages all start with: Return-Path: <.g> and then you can browse the mailbox with any mail utility you want, eg: mutt -f mailbox Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From KGoods at AIAInsurance.com Fri May 5 18:00:16 2006 From: KGoods at AIAInsurance.com (Ken Goods) Date: Fri May 5 18:05:11 2006 Subject: 4.53.7, endless loop in debug mode Message-ID: <13C0059880FDD3118DC600508B6D4A6D013D890A@aiainsurance.com> Julian Field wrote: > Please can you try the attached Message.pm file instead of your > previous one. I have rewritten a whole chunk of the phishing net and > it should be more reliable now (I hope!). Be gentle... I have never patched before... :) Can I just replace my current Message.pm with this one and then do a 'service MailScanner restart'? Will it break anything during the next upgrade or are there any other gotcha's I should be aware of? I am also experiencing some messages being stuck in the mqueue for hours at a time. Or is this completely un-related to my problem? I'm running the latest stable MS, and the latest SA and ClamAV (from your simple install script Thank YOU for that!) on a Centos 4.3 build. TIA Ken Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. From prandal at herefordshire.gov.uk Fri May 5 18:30:26 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri May 5 18:30:48 2006 Subject: 4.53.7, endless loop in debug mode Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580CC0B003@isabella.herefordshire.gov.uk> Just replace the file and do a service mailscanner restart It won't break future updates. And those stuck messages should clear out of your incoming queue. The updated MailScanner's processed 4465 messages here so far without problems. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Ken Goods > Sent: 05 May 2006 18:00 > To: 'MailScanner discussion' > Subject: RE: 4.53.7, endless loop in debug mode > > Julian Field wrote: > > Please can you try the attached Message.pm file instead of your > > previous one. I have rewritten a whole chunk of the phishing net and > > it should be more reliable now (I hope!). > > Be gentle... I have never patched before... :) > Can I just replace my current Message.pm with this one and then do a > 'service MailScanner restart'? Will it break anything during the next > upgrade or are there any other gotcha's I should be aware of? > > I am also experiencing some messages being stuck in the > mqueue for hours at > a time. Or is this completely un-related to my problem? I'm > running the > latest stable MS, and the latest SA and ClamAV (from your > simple install > script Thank YOU for that!) on a Centos 4.3 build. > > TIA > Ken > > Ken Goods > Network Administrator > AIA/CropUSA Insurance, Inc. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From kwang at ucalgary.ca Fri May 5 18:38:56 2006 From: kwang at ucalgary.ca (Kai Wang) Date: Fri May 5 18:39:06 2006 Subject: Redeliver archived messages Message-ID: <445B8DB0.6010909@ucalgary.ca> Greetings. We are running postfix with MailScanner. We archive the incoming messages. The archived messages are in postfix format. I want to write a script which does the following things: 1. scan virus in an archived message 2. if it is clean, tag '{Redelivered}' in subject line and requeue it to postfix My problem is that the archived message is in postfix format. Should I run postcat to dump it to another file then submit it to virus scanner? Can anybody tell me how to modify the subject? Thanks -- Kai Wang System Services Information Technologies, University of Calgary, 2500 University Drive, N.W., Calgary, Alberta, Canada T2N 1N4 Phone (403) 220-2423, Fax (403) 282-9361 From glenn.steen at gmail.com Fri May 5 22:38:55 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri May 5 22:38:58 2006 Subject: Redeliver archived messages In-Reply-To: <445B8DB0.6010909@ucalgary.ca> References: <445B8DB0.6010909@ucalgary.ca> Message-ID: <223f97700605051438h28a3816en2aec19a50252463@mail.gmail.com> On 05/05/06, Kai Wang wrote: > > Greetings. > > We are running postfix with MailScanner. We archive the incoming > messages. The archived messages are in postfix format. > > I want to write a script which does the following things: > 1. scan virus in an archived message > 2. if it is clean, tag '{Redelivered}' in subject line and requeue it to > postfix > > My problem is that the archived message is in postfix format. Should I > run postcat to dump it to another file then submit it to virus scanner? > Can anybody tell me how to modify the subject? > > Thanks > Are we to assume you/your users have lost some of your mails and want hem back? One can actually use MailScanner to do the job... Just plop the relevant messages back into the hold queue and MS should start working on them. With some special attention, perhaps using the MCP feature with an altered subject (so that it matches what you want), and some temporary MCP rules, one might even get the "entire package", so to speak:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri May 5 22:45:19 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri May 5 22:45:24 2006 Subject: Quarantine Directory In-Reply-To: <001301c6705d$989e04c0$0705000a@DDF5DW71> References: <9C63A4713C4E3342B90428CE44806A73026796BC@PHSXMB5.partners.org> <223f97700605050833y60d43c9v29ffb6b645b3531f@mail.gmail.com> <001301c6705d$989e04c0$0705000a@DDF5DW71> Message-ID: <223f97700605051445h26af2957md72868cb36df0874@mail.gmail.com> On 05/05/06, Steve Campbell wrote: > > ----- Original Message ----- > From: "Glenn Steen" > To: "MailScanner discussion" > Sent: Friday, May 05, 2006 11:33 AM > Subject: Re: Quarantine Directory (snip) > > But Steve is right, the most convenient way is definitely MailWatch: > > http://mailwatch.sf.net > > > Thank goodness for the above paragraph. I thought I was using one of the > best tools for email ever all for the wrong reasons there for a minute. > > Steve Ah yes, but if he hasn't got MailWatch already, chances are that the already existing quarantine is in queue file format, so ... MailWatch wouldn't help with those, since MW only operates on the RFC822 "decoded" message files and attachments... So he'd have MW for "the new stuff", but would need something else for the old things. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From shrek-m at gmx.de Fri May 5 23:11:13 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Fri May 5 23:11:21 2006 Subject: Sophos v5 In-Reply-To: References: Message-ID: <445BCD81.5090900@gmx.de> On 05.05.2006 18:44, Sam Luxford-Watts wrote: >I am trying to upgrade our elderly MailScanner server. I am installing on >CentOs4 and got most of it working except MS->Sophos. > >I have downloaded and installed Sophos 5.0.2. It installs fine using the >sophos install.sh script. The one suggested in the Mailscanner docs is now >outdated it seams. Sophos.install doesn?t work. > > http://lists.mailscanner.info/pipermail/mailscanner/2006-March/059542.html http://lists.mailscanner.info/pipermail/mailscanner/2006-March/059551.html i have no problems with sav5.x except that i do not know how i can tell ms how to use it. >Has anyone got MS working with Sophos v5.0.2? if so - how? > i did not tried, for now i have both installed. - sav4.x for ms (Sophos.install) - sav5.x for other use i do not know, perhaps is "generic" a solution for sav5.x, some help/hints would be great. - /etc/MailScanner/virus.scanners.conf - /usr/lib/MailScanner/generic-wrapper - /usr/lib/MailScanner/generic-autoupdate savscan = sav5.x sweep = sav3.x/4.x savscan.base = sweep (see below) a while ago i got some answers from sophos support: - die Optionen von sweep/savscan/savscan.base sind identisch my translation: "the sweep/savscan/savscan.base options are identical" savscan.base is the 'sweep' binary, which is called by savscan with some arguments (for example the location of the IDE files). I would avoid playing around in the engine directory as it is not something that anyone, especially customers should be playing with. roots crontab after sav5.x installation 47 * * * * /opt/sophos-av/bin/savupdate -- shrek-m From uxbod at splatnix.net Sat May 6 21:01:02 2006 From: uxbod at splatnix.net (uxbod@splatnix.net) Date: Sat May 6 20:06:41 2006 Subject: First time MailScanner Issues Message-ID: <20060506200102.lhtmcx5cudsc4008@10.0.0.10> Hi, this is my first post so please excuse my ignorance. I was using the beta Gentoo ebuild, but I would like to use the latest version of MailScanner due to recent enhancements. The problem is that Postfix is received the messages, putting them into the queue, MailScanner picks them up and passes through SpamAssassin but then does not deliver. Here is the output from the log :- May 6 19:59:33 mailhub MailScanner[14915]: MailScanner E-Mail Virus Scanner version 4.53.8 starting... May 6 19:59:33 mailhub MailScanner[14915]: Read 717 hostnames from the phishing whitelist May 6 19:59:33 mailhub MailScanner[14915]: Using SpamAssassin results cache May 6 19:59:33 mailhub MailScanner[14915]: Connected to SpamAssassin cache database May 6 19:59:33 mailhub MailScanner[14915]: Enabling SpamAssassin auto-whitelist functionality... May 6 19:59:44 mailhub MailScanner[14921]: MailScanner E-Mail Virus Scanner version 4.53.8 starting... May 6 19:59:44 mailhub MailScanner[14921]: Read 717 hostnames from the phishing whitelist May 6 19:59:44 mailhub MailScanner[14921]: Using SpamAssassin results cache May 6 19:59:44 mailhub MailScanner[14921]: Connected to SpamAssassin cache database May 6 19:59:44 mailhub MailScanner[14921]: Enabling SpamAssassin auto-whitelist functionality... May 6 19:59:47 mailhub MailScanner[14915]: Using locktype = flock May 6 19:59:47 mailhub MailScanner[14915]: New Batch: Scanning 10 messages, 13160 bytes May 6 19:59:47 mailhub MailScanner[14915]: SpamAssassin cache hit for message 009873F808E.14150 May 6 19:59:54 mailhub MailScanner[14921]: Using locktype = flock May 6 19:59:55 mailhub MailScanner[14929]: MailScanner E-Mail Virus Scanner version 4.53.8 starting... May 6 19:59:55 mailhub MailScanner[14929]: Read 717 hostnames from the phishing whitelist May 6 19:59:55 mailhub MailScanner[14929]: Using SpamAssassin results cache May 6 19:59:55 mailhub MailScanner[14929]: Connected to SpamAssassin cache database May 6 19:59:55 mailhub MailScanner[14929]: Enabling SpamAssassin auto-whitelist functionality... And this just keeps going on and on and not delivering :( Superb software by the way. I have posted to the Gentoo forums to try and get it included properly in Portage. Thanks, -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From drew at themarshalls.co.uk Sat May 6 20:25:03 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Sat May 6 20:25:09 2006 Subject: First time MailScanner Issues In-Reply-To: <20060506200102.lhtmcx5cudsc4008@10.0.0.10> References: <20060506200102.lhtmcx5cudsc4008@10.0.0.10> Message-ID: <52F8C995-D6C9-4397-86DA-818190B45E3F@themarshalls.co.uk> On 6 May 2006, at 21:01, uxbod@splatnix.net wrote: > Hi, > > this is my first post so please excuse my ignorance. No problem, we all start somewhere ;-) > > > And this just keeps going on and on and not delivering :( Not knowing how the Gentoo port starts it's self you might have o customise this a bit but either find the check_MailScanner script (/ etc/MailScanner?) and run check_MailScanner ---debug or edit /etc/ MailScanner/MailScanner.conf at the end and turn on debugging (You can't miss it) and re-start MailScanner using the Portage start script and check the output. That should tell you some more. Post back the output (Or at least where it stops) if you need more help. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From MailScanner at ecs.soton.ac.uk Sat May 6 20:31:40 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 6 20:32:16 2006 Subject: SPARC Solaris 10? Message-ID: <445CF99C.5080302@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anyone running on SPARC on Solaris 10? I'm having nightmare installation problems with MIME::Base64, HTML::Parser and Filesys::Df, and pretty much any module including C code. Any hints? I have already found the --arch=v8 switch and added it to the installer. This will be in the next release. Getting parse errors in standard header files, using GCC. :-( - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFz5nRH2WUcUFbZUEQK3SACdEv7nxLE3s57Wl3XzLPo6R1EB8GYAn0r1 d+22dAwcluVMDA/F8zz5wCS1 =aNzE -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From drew at themarshalls.co.uk Sat May 6 20:33:23 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Sat May 6 20:33:29 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <223f97700605041445y1fbba49eu85ce3f1c1e4a2882@mail.gmail.com> References: <20060412205748.GD14679@luckyduck.tux> <20060414192115.13204.qmail@mymail.netmagicians.com> <44432F03.4090907@netmagicsolutions.com> <223f97700604241045n144a8ae5radb01346cbdb2f1d@mail.gmail.com> <44523AA2.3080008@netmagicsolutions.com> <80973D29-30E5-4A00-8176-6FE4D48F7E78@ecs.soton.ac.uk> <4459F727.3080206@netmagicsolutions.com> <223f97700605040753n34503771y77717bee07ab4c88@mail.gmail.com> <445A335A.4020706@netmagicsolutions.com> <223f97700605041445y1fbba49eu85ce3f1c1e4a2882@mail.gmail.com> Message-ID: On 4 May 2006, at 22:45, Glenn Steen wrote: > Oh I it's not easy... At least the postfix crowd tend to have a rather > ... rough ... tone:-). To put it mildly :-) > That said, I'm not sure I'm the right one for the job either... Drew > perhaps, or Joshua, or ... Jules:-). Sadly I don't think I am the right guy either. Although I understand what each of the nice bits of software do, how they play and the mechanics, I am not a programmer nor do I understand the code bits of either (Kind of like I can drive, I understand what a misfire is and can even explain why but I'm not a mechanic!). I really think that Jules is the man to explain how it all comes together (And understand the answers better!) but perhaps there might be better results if between us we could mediate between the two parties, if Jules doesn't fancy walking back in to the lion's den and why indeed should he considering the past :-( > > Anyway, my comments were the slight contrib I could do ATM. Sorry > it's not more. Like wise Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From uxbod at splatnix.net Sat May 6 21:52:00 2006 From: uxbod at splatnix.net (uxbod@splatnix.net) Date: Sat May 6 20:55:00 2006 Subject: First time MailScanner Issues Message-ID: <20060506205200.3osihwnuo404wo88@10.0.0.10> Okay, found the problem it was due to NOD32 virus scanner! Hashed that out now and all is working fine. Out of interest what commercial scanner are people using? From the statistics NOD32 seems the best? Thank you all. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rob at robhq.com Sat May 6 20:58:35 2006 From: rob at robhq.com (Rob Freeman) Date: Sat May 6 20:58:41 2006 Subject: First time MailScanner Issues In-Reply-To: <20060506205200.3osihwnuo404wo88@10.0.0.10> References: <20060506205200.3osihwnuo404wo88@10.0.0.10> Message-ID: <445CFFEB.7040008@robhq.com> Using ClamAV, BitDefender, and f-prot here. Have tried Mcafee, but it did not catch as many as the three we currently use. uxbod@splatnix.net wrote: > Okay, found the problem it was due to NOD32 virus scanner! Hashed that > out now and all is working fine. Out of interest what commercial > scanner are people using? From the statistics NOD32 seems the best? > > Thank you all. > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > --No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.392 / Virus Database: 268.5.5/333 - Release Date: 5/5/2006 > > From MailScanner at ecs.soton.ac.uk Sat May 6 21:32:28 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 6 21:32:45 2006 Subject: First time MailScanner Issues In-Reply-To: <445CFFEB.7040008@robhq.com> References: <20060506205200.3osihwnuo404wo88@10.0.0.10> <445CFFEB.7040008@robhq.com> Message-ID: <445D07DC.6060103@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Just thought I would point out that ClamAV and BitDefender are both free when used within MailScanner. So you can get 2 going without spending anything at all. Get them working first, then start with Nod32 as well. Probably a config problem in /etc/MailScanner/virus.scanners.conf or something like that. Rob Freeman wrote: > Using ClamAV, BitDefender, and f-prot here. Have tried Mcafee, but it > did not catch as many as the three we currently use. > uxbod@splatnix.net wrote: >> Okay, found the problem it was due to NOD32 virus scanner! Hashed >> that out now and all is working fine. Out of interest what commercial >> scanner are people using? From the statistics NOD32 seems the best? >> >> Thank you all. >> >> >> --This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> --No virus found in this incoming message. >> Checked by AVG Free Edition. >> Version: 7.1.392 / Virus Database: 268.5.5/333 - Release Date: 5/5/2006 >> >> > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRF0H3RH2WUcUFbZUEQJpcQCgimJcBwaIH6EYXHLdg/zRSnmKf/wAnROB m+ALr9c42EpdSYrB5vnLmzpc =QJ2q -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From uxbod at splatnix.net Sat May 6 22:38:25 2006 From: uxbod at splatnix.net (uxbod@splatnix.net) Date: Sat May 6 21:41:16 2006 Subject: First time MailScanner Issues In-Reply-To: <445D07DC.6060103@ecs.soton.ac.uk> References: <20060506205200.3osihwnuo404wo88@10.0.0.10> <445CFFEB.7040008@robhq.com> <445D07DC.6060103@ecs.soton.ac.uk> Message-ID: <20060506213825.qkobozp6ow00wos0@10.0.0.10> Thanks Julian. Would just like to say thank you aswell for a excellent piece of code. I guess you are sorted if you leave Southampton University ;) Keep up with the execellent work. Best Regards, Phil Quoting Julian Field : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Just thought I would point out that ClamAV and BitDefender are both free > when used within MailScanner. So you can get 2 going without spending > anything at all. Get them working first, then start with Nod32 as well. > Probably a config problem in /etc/MailScanner/virus.scanners.conf or > something like that. > > Rob Freeman wrote: >> Using ClamAV, BitDefender, and f-prot here. Have tried Mcafee, but it >> did not catch as many as the three we currently use. >> uxbod@splatnix.net wrote: >>> Okay, found the problem it was due to NOD32 virus scanner! Hashed >>> that out now and all is working fine. Out of interest what commercial >>> scanner are people using? From the statistics NOD32 seems the best? >>> >>> Thank you all. >>> >>> >>> --This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> --MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> --No virus found in this incoming message. >>> Checked by AVG Free Edition. >>> Version: 7.1.392 / Virus Database: 268.5.5/333 - Release Date: 5/5/2006 >>> >>> >> > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRF0H3RH2WUcUFbZUEQJpcQCgimJcBwaIH6EYXHLdg/zRSnmKf/wAnROB > m+ALr9c42EpdSYrB5vnLmzpc > =QJ2q > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jrudd at ucsc.edu Sun May 7 00:11:36 2006 From: jrudd at ucsc.edu (John Rudd) Date: Sun May 7 00:12:00 2006 Subject: SPARC Solaris 10? In-Reply-To: <445CF99C.5080302@ecs.soton.ac.uk> References: <445CF99C.5080302@ecs.soton.ac.uk> Message-ID: <34aea41fe2225c9ecf008683a39cea43@ucsc.edu> In fall, I was trying to use the new x4100 boxes they have (which is Intel not Sparc, but it was still Solaris 10). I couldn't get ANY perl modules to install via CPAN. I wound up (after running dangerously close to my deliverable date) trading those machines with one of my peers, and took his 410's, and installing Solaris 8 on them instead. Once I get some spare time, I hope to sit down and just beat on Solaris 10 for a while (intel and sparc) ... but if it continues to be that degree of annoyance, I may decide it's more annoying than Linux (a _huge_ statement for me) and abandon Solaris 10 for some Linux distro. On May 6, 2006, at 12:31 PM, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Anyone running on SPARC on Solaris 10? > I'm having nightmare installation problems with MIME::Base64, > HTML::Parser and Filesys::Df, and pretty much any module including C > code. > Any hints? > I have already found the --arch=v8 switch and added it to the > installer. > This will be in the next release. > > Getting parse errors in standard header files, using GCC. > :-( > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRFz5nRH2WUcUFbZUEQK3SACdEv7nxLE3s57Wl3XzLPo6R1EB8GYAn0r1 > d+22dAwcluVMDA/F8zz5wCS1 > =aNzE > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From admin at thenamegame.com Sun May 7 00:18:22 2006 From: admin at thenamegame.com (Michael S.) Date: Sun May 7 00:17:18 2006 Subject: Errors installing Mailscanner on Freebsd from ports Message-ID: <200605062317.k46NHFIo007763@bkserver.blacknight.ie> I can't seem to get a successful install of MailScanner on Freebsd 5.4, At the end of the installation I receive an ERROR CODE 1 I tried to deinstall it but it won't let me. cd /usr/ports/mail/mailscanner make deinstall make deinstall ===> Deinstalling for mail/mailscanner pkg_info: package bsdpan-Class-Std-Utils-v0.0.2 has no origin recorded pkg_info: package bsdpan-Class-Std-v0.0.8 has no origin recorded pkg_info: package bsdpan-Filesys-Statvfs_Statfs_Df-0.79 has no origin recorded pkg_info: package bsdpan-GDGraph-1.4307 has no origin recorded pkg_info: package bsdpan-GDTextUtil-0.86 has no origin recorded pkg_info: package bsdpan-IO-Interactive-v0.0.3 has no origin recorded pkg_info: package bsdpan-Net_SSLeay.pm-1.30 has no origin recorded pkg_info: package bsdpan-ShadowHash-0.07 has no origin recorded pkg_info: package bsdpan-Term-ReadLine-Perl-1.03 has no origin recorded pkg_info: package bsdpan-TermReadKey-2.30 has no origin recorded pkg_info: package bsdpan-Tie-Watch-1.2 has no origin recorded pkg_info: package bsdpan-Tree-MultiNode-1.0.10 has no origin recorded pkg_info: package bsdpan-Unix-PID-v0.0.6 has no origin recorded pkg_info: package bsdpan-libwww-perl-5.805 has no origin recorded ===> MailScanner not installed, skipping Then I try to reinstall it. Make install ===> Warning: your umask is "0077". If this is not desired, set it to an appropriate value and install this port again by ``make reinstall''. # # Step 1: Install bin files # install -o root -g wheel -m 555 /usr/ports/mail/mailscanner/work/MailScanner-install-4.53.8/bin/MailScanner /usr/local/sbin/mailscanner /bin/ln -s /usr/local/sbin/mailscanner /usr/local/sbin/MailScanner ln: /usr/local/sbin/MailScanner: File exists *** Error code 1 Stop in /usr/ports/mail/mailscanner. When I de install it isn't it supposed to remove the entire installation instead of complaining that the file already exists??? Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060506/f02f5737/attachment.html From randyf at sibernet.com Sun May 7 05:57:01 2006 From: randyf at sibernet.com (randyf@sibernet.com) Date: Sun May 7 05:57:22 2006 Subject: SPARC Solaris 10? In-Reply-To: <34aea41fe2225c9ecf008683a39cea43@ucsc.edu> References: <445CF99C.5080302@ecs.soton.ac.uk> <34aea41fe2225c9ecf008683a39cea43@ucsc.edu> Message-ID: On Sat, 6 May 2006, John Rudd wrote: > > In fall, I was trying to use the new x4100 boxes they have (which is Intel > not Sparc, but it was still Solaris 10). I couldn't get ANY perl modules to > install via CPAN. I wound up (after running dangerously close to my > deliverable date) trading those machines with one of my peers, and took his > 410's, and installing Solaris 8 on them instead. I had no problem installing perl modules on S10 on x86 _or_ sparc, once I got around the predominant issue with many perl modules assuming tools and perl are in /usr/local The best way to deal with Perl modules on Solaris is to add 'OPTIMIZE= ' 'CCFLAGS= ' 'CCCDLFLAGS= ' as arguments to Makefile.PL: perl Makefile.PL 'OPTIMIZE= ' 'CCFLAGS= ' 'CCCDLFLAGS= ' And this has worked 99% of the time independent of me using gcc from the Solaris install, or if I have installed it seperately (I have even done this with the Sun compiler with no problems). I have also found that adding Perl modules to Solaris is mostly simple if if Webmin's "Install Perl Module" is used (note, BTW, that I have had better success in adding the MailScanner modules via Webmin than with the Mailscanner installer). > > Once I get some spare time, I hope to sit down and just beat on Solaris 10 > for a while (intel and sparc) ... but if it continues to be that degree of > annoyance, I may decide it's more annoying than Linux (a _huge_ statement for > me) and abandon Solaris 10 for some Linux distro. My biggest annoyance predominantly is when any "open source" tool assumes underlying mechanisms, and the only reason (IMHO) it would be any easier, is that those underlying assumptions are more likely to be Linux swayed, then Solaris swayed (though I am just as annoyed when they are swayed to a particular platform). Sorry for the rant, I hope the previous stuff was of help. However, if you want to beat on it, and would like any of my "expertise" in this subject (I have done a "few" Solaris installs), feel free to contact me separately. rf P.S. I didn't see the following message, are there odd filterings going on? I can't speak for Filesys::Df, but the other two installed for me fine with the the other two using the Makefile.PL options I mentioned above. > > > On May 6, 2006, at 12:31 PM, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Anyone running on SPARC on Solaris 10? >> I'm having nightmare installation problems with MIME::Base64, >> HTML::Parser and Filesys::Df, and pretty much any module including C code. >> Any hints? >> I have already found the --arch=v8 switch and added it to the installer. >> This will be in the next release. >> >> Getting parse errors in standard header files, using GCC. >> :-( >> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.6 (Build 6060) >> >> iQA/AwUBRFz5nRH2WUcUFbZUEQK3SACdEv7nxLE3s57Wl3XzLPo6R1EB8GYAn0r1 >> d+22dAwcluVMDA/F8zz5wCS1 >> =aNzE >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From Mailscanner at mailing.kaufland-informationssysteme.com Sun May 7 06:34:17 2006 From: Mailscanner at mailing.kaufland-informationssysteme.com (Matthias Sutter) Date: Sun May 7 06:34:29 2006 Subject: Sample Exim config file Message-ID: <445D86D9.9010205@mailing.kaufland-informationssysteme.com> Hello, can sombody send me a simple MS ready Exim config file? And know sombody a clear and easy to understand exim documentation? Thanks in advanced Matthias From lhaig at haigmail.com Sun May 7 10:33:00 2006 From: lhaig at haigmail.com (Lance Haig) Date: Sun May 7 10:33:07 2006 Subject: Open source mailserver In-Reply-To: References: Message-ID: <445DBECC.8070107@haigmail.com> Try Hula, www.hula.org. This is the Open source port of Novell's netmail which I use and it runs on almost any OS. some of the features are not available yet but for what you need it seems the perfect fit. Regards Lance kte@nexis.be wrote: > > I want to install an opensource mailserver on linux wit about 1600 > users who send or receive about 10 messages a day for each user. He > must have a web based admin + quota management + webclient + > connecting from an outlook client (imap, pop3). I there an easy > install/stable/configure open source mailserver that has these functions? > I' looking at openexchange, zimbra, more.groupware? But I don't have > experience + they have more the just a mailserver + webclient > > Thanks Koen > > > -- > This message has been scanned for viruses and > dangerous content by *Red Armour MailScanner* > , and is > believed to be clean. > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060507/7be11079/attachment.html From kte at nexis.be Sun May 7 10:59:40 2006 From: kte at nexis.be (kte@nexis.be) Date: Sun May 7 11:00:22 2006 Subject: Open source mailserver In-Reply-To: <445DBECC.8070107@haigmail.com> Message-ID: I also found scalix had a community edition. Anyone any experience with that one? Koen Lance Haig Sent by: mailscanner-bounces@lists.mailscanner.info 07/05/2006 11:33 Please respond to MailScanner discussion To MailScanner discussion cc Subject Re: Open source mailserver Try Hula, www.hula.org. This is the Open source port of Novell's netmail which I use and it runs on almost any OS. some of the features are not available yet but for what you need it seems the perfect fit. Regards Lance kte@nexis.be wrote: I want to install an opensource mailserver on linux wit about 1600 users who send or receive about 10 messages a day for each user. He must have a web based admin + quota management + webclient + connecting from an outlook client (imap, pop3). I there an easy install/stable/configure open source mailserver that has these functions? I' looking at openexchange, zimbra, more.groupware? But I don't have experience + they have more the just a mailserver + webclient Thanks Koen -- This message has been scanned for viruses and dangerous content by Red Armour MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060507/7b65b2f9/attachment.html From jaearick at colby.edu Sun May 7 12:47:24 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Sun May 7 12:48:21 2006 Subject: SPARC Solaris 10? In-Reply-To: <445CF99C.5080302@ecs.soton.ac.uk> References: <445CF99C.5080302@ecs.soton.ac.uk> Message-ID: Julian, Yup, running on sparc S10, in production. Using the latest MS 4.53.8, SA 3.1.1, perl 5.8.8. Perl -V output is attached. Note that perl is built using Sun's studio 10 compiler, on a V490. I don't use gcc to build perl because various gcc libs end up in /usr/local, which is an NFS filesystem on most of my boxes. A long story there. Whenever I install a new version of MS, the first thing I do is look at the perl modules you include, and compare them to what is already installed. If something is new or needs an upgrade then I install the module by hand. I comment out the install-perl-modules section of your install.sh script before running it for a new version. I tend to run newer releases of perl modules then what you ship with MS. I'm picky about making sure the perl modules pass their tests. Gcc 4.x is a lot pickier about include files than 3.x was. If I can be of help, let me know. I have a second S10 box (my V1280) that I was trying to get reconfigured to run MS again. It had hardware problems for a while, now hopefully fixed. Jeff Earickson Colby College On Sat, 6 May 2006, Julian Field wrote: > Date: Sat, 06 May 2006 20:31:40 +0100 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: SPARC Solaris 10? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Anyone running on SPARC on Solaris 10? > I'm having nightmare installation problems with MIME::Base64, > HTML::Parser and Filesys::Df, and pretty much any module including C code. > Any hints? > I have already found the --arch=v8 switch and added it to the installer. > This will be in the next release. > > Getting parse errors in standard header files, using GCC. > :-( > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRFz5nRH2WUcUFbZUEQK3SACdEv7nxLE3s57Wl3XzLPo6R1EB8GYAn0r1 > d+22dAwcluVMDA/F8zz5wCS1 > =aNzE > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- Summary of my perl5 (revision 5 version 8 subversion 8) configuration: Platform: osname=solaris, osvers=2.10, archname=sun4-solaris uname='sunos coal 5.10 generic_118822-27 sun4u sparc sunw,sun-fire-v490 ' config_args='-Ui_gdbm -Dprefix=/opt/perl5 -Dcc=cc -Doptimize=-O -Dlocincpth=/opt/openssl/include /opt/BerkeleyDB/include /usr/local/include -Dloclibpth=/opt/openssl/lib /opt/BerkeleyDB/lib /usr/local/lib -Dcf_email=jaearick@colby.edu -Dperladmin=jaearick@colby.edu -Drunnm=false -Dldlibpthname=none -Duseshrplib=true -Dinstallusrbinperl -ders' hint=recommended, useposix=true, d_sigaction=define usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef useperlio=define d_sfio=undef uselargefiles=define usesocks=undef use64bitint=undef use64bitall=undef uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='cc', ccflags ='-I/opt/openssl/include -I/opt/BerkeleyDB/include -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DPERL_USE_SAFE_PUTENV', optimize='-O', cppflags='-I/opt/openssl/include -I/opt/BerkeleyDB/include -I/usr/local/include' ccversion='Sun C 5.7 Patch 117836-05 2005/10/05', gccversion='', gccosandvers='' intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=4321 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16 ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=8, prototype=define Linker and Libraries: ld='cc', ldflags =' -L/usr/lib -L/usr/ccs/lib -L/opt/SUNWspro/prod/lib/v8plus -L/opt/SUNWspro/prod/lib -L/lib -L/opt/openssl/lib -L/opt/BerkeleyDB/lib -L/usr/local/lib ' libpth=/usr/lib /usr/ccs/lib /opt/SUNWspro/prod/lib/v8plus /opt/SUNWspro/prod/lib /lib /opt/openssl/lib /opt/BerkeleyDB/lib /usr/local/lib libs=-lsocket -lnsl -lgdbm -ldb -ldl -lm -lc perllibs=-lsocket -lnsl -ldl -lm -lc libc=, so=so, useshrplib=true, libperl=libperl.so gnulibc_version='' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags=' -R /opt/perl5/lib/5.8.8/sun4-solaris/CORE' cccdlflags='-KPIC', lddlflags='-G -L/usr/lib -L/usr/ccs/lib -L/opt/SUNWspro/prod/lib/v8plus -L/opt/SUNWspro/prod/lib -L/lib -L/opt/openssl/lib -L/opt/BerkeleyDB/lib -L/usr/local/lib' Characteristics of this binary (from libperl): Compile-time options: PERL_MALLOC_WRAP PERL_USE_SAFE_PUTENV USE_LARGE_FILES USE_PERLIO Built under solaris Compiled at Mar 3 2006 11:48:23 @INC: /opt/perl5/lib/5.8.8/sun4-solaris /opt/perl5/lib/5.8.8 /opt/perl5/lib/site_perl/5.8.8/sun4-solaris /opt/perl5/lib/site_perl/5.8.8 /opt/perl5/lib/site_perl/5.8.7/sun4-solaris /opt/perl5/lib/site_perl/5.8.7 /opt/perl5/lib/site_perl . From MailScanner at ecs.soton.ac.uk Sun May 7 12:52:28 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun May 7 12:52:46 2006 Subject: SPARC Solaris 10? In-Reply-To: References: <445CF99C.5080302@ecs.soton.ac.uk> <34aea41fe2225c9ecf008683a39cea43@ucsc.edu> Message-ID: <445DDF7C.2020105@ecs.soton.ac.uk> I'm still having trouble. I have tried your suggested command and it hasn't helped with the make. This is the start of what I get, using gcc as I haven't got Sun's C compiler. cc -c -DVERSION=\"3.05\" -DXS_VERSION=\"3.05\" "-I/usr/perl5/5.8.4/lib/sun4-solaris-64int/CORE" Base64.c In file included from /usr/include/sys/signal.h:34, from /usr/include/signal.h:26, from /usr/perl5/5.8.4/lib/sun4-solaris-64int/CORE/unixish.h:106, from /usr/perl5/5.8.4/lib/sun4-solaris-64int/CORE/perl.h:1970, from Base64.xs:33: /usr/include/sys/siginfo.h:259: error: parse error before "ctid_t" /usr/include/sys/siginfo.h:292: error: parse error before '}' token /usr/include/sys/siginfo.h:294: error: parse error before '}' token /usr/include/sys/siginfo.h:390: error: parse error before "ctid_t" Any ideas anyone? Please? randyf@sibernet.com wrote: > > On Sat, 6 May 2006, John Rudd wrote: > >> >> In fall, I was trying to use the new x4100 boxes they have (which is >> Intel not Sparc, but it was still Solaris 10). I couldn't get ANY >> perl modules to install via CPAN. I wound up (after running >> dangerously close to my deliverable date) trading those machines with >> one of my peers, and took his 410's, and installing Solaris 8 on them >> instead. > > I had no problem installing perl modules on S10 on x86 _or_ sparc, > once I got around the predominant issue with many perl modules > assuming tools and perl are in /usr/local > > The best way to deal with Perl modules on Solaris is to add > 'OPTIMIZE= ' 'CCFLAGS= ' 'CCCDLFLAGS= ' as arguments to Makefile.PL: > > perl Makefile.PL 'OPTIMIZE= ' 'CCFLAGS= ' 'CCCDLFLAGS= ' > > And this has worked 99% of the time independent of me using gcc from > the Solaris install, or if I have installed it seperately (I have even > done this with the Sun compiler with no problems). > > I have also found that adding Perl modules to Solaris is mostly > simple if if Webmin's "Install Perl Module" is used (note, BTW, that I > have had better success in adding the MailScanner modules via Webmin > than with the Mailscanner installer). > >> >> Once I get some spare time, I hope to sit down and just beat on >> Solaris 10 for a while (intel and sparc) ... but if it continues to >> be that degree of annoyance, I may decide it's more annoying than >> Linux (a _huge_ statement for me) and abandon Solaris 10 for some >> Linux distro. > > My biggest annoyance predominantly is when any "open source" tool > assumes underlying mechanisms, and the only reason (IMHO) it would be > any easier, is that those underlying assumptions are more likely to be > Linux swayed, then Solaris swayed (though I am just as annoyed when > they are swayed to a particular platform). > > Sorry for the rant, I hope the previous stuff was of help. However, > if you want to beat on it, and would like any of my "expertise" in > this subject (I have done a "few" Solaris installs), feel free to > contact me separately. > > rf > > P.S. I didn't see the following message, are there odd filterings > going > on? I can't speak for Filesys::Df, but the other two installed > for me fine with the the other two using the Makefile.PL options > I mentioned above. > >> >> >> On May 6, 2006, at 12:31 PM, Julian Field wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Anyone running on SPARC on Solaris 10? >>> I'm having nightmare installation problems with MIME::Base64, >>> HTML::Parser and Filesys::Df, and pretty much any module including C >>> code. >>> Any hints? >>> I have already found the --arch=v8 switch and added it to the >>> installer. >>> This will be in the next release. >>> >>> Getting parse errors in standard header files, using GCC. >>> :-( >>> >>> - -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.0.6 (Build 6060) >>> >>> iQA/AwUBRFz5nRH2WUcUFbZUEQK3SACdEv7nxLE3s57Wl3XzLPo6R1EB8GYAn0r1 >>> d+22dAwcluVMDA/F8zz5wCS1 >>> =aNzE >>> -----END PGP SIGNATURE----- >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> MailScanner thanks transtec Computers for their support. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From jaearick at colby.edu Sun May 7 13:09:20 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Sun May 7 13:12:53 2006 Subject: SPARC Solaris 10? In-Reply-To: <445DDF7C.2020105@ecs.soton.ac.uk> References: <445CF99C.5080302@ecs.soton.ac.uk> <34aea41fe2225c9ecf008683a39cea43@ucsc.edu> <445DDF7C.2020105@ecs.soton.ac.uk> Message-ID: Julian, You can download Sun's compiler at: http://store.sun.com/CMTemplate/CEServlet?process=SunStore&cmdViewProduct_CP&catid=141526 I'm using Studio 10 (didn't know about 11, I'll download on Monday). The generic cc compiler is useless. If I don't respond for the rest of the day, don't take it personally. I have to take my sister-in-law to the airport, a significant drive. Jeff Earickson Colby College From martelm at quark.vsc.edu Sun May 7 13:43:19 2006 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Sun May 7 13:43:32 2006 Subject: SPARC Solaris 10? In-Reply-To: <445DDF7C.2020105@ecs.soton.ac.uk> References: <445CF99C.5080302@ecs.soton.ac.uk> <34aea41fe2225c9ecf008683a39cea43@ucsc.edu> <445DDF7C.2020105@ecs.soton.ac.uk> Message-ID: --On Sunday, May 07, 2006 12:52 PM +0100 Julian Field wrote: > /usr/include/sys/siginfo.h:259: error: parse error before "ctid_t" > /usr/include/sys/siginfo.h:292: error: parse error before '}' token > /usr/include/sys/siginfo.h:294: error: parse error before '}' token > /usr/include/sys/siginfo.h:390: error: parse error before "ctid_t" > > Any ideas anyone? Julian, I found this on Google. Maybe this applies ? Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 From uxbod at splatnix.net Sun May 7 14:58:59 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Sun May 7 14:00:13 2006 Subject: Spam Testing Message-ID: <20060507135859.237c42e9@cyborg> Hi, okay, my MailScanner installation is up and running and I believe that I have configured SpamAssassin okay. apart from waiting for some spam to come through is their any tests I can perform to ensure that it will actually capture them ? I have setup and Learn-SPAM and Learn-HAM IMAP folders for my users, and have a cron job running to execute a sa-learn against them. I would love to learn and understand from peoples experience on best practice for configuration. Regards, -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun May 7 14:39:49 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun May 7 14:40:05 2006 Subject: SPARC Solaris 10? In-Reply-To: References: <445CF99C.5080302@ecs.soton.ac.uk> <34aea41fe2225c9ecf008683a39cea43@ucsc.edu> <445DDF7C.2020105@ecs.soton.ac.uk> Message-ID: <445DF8A5.80201@ecs.soton.ac.uk> Michael H. Martel wrote: > --On Sunday, May 07, 2006 12:52 PM +0100 Julian Field > wrote: > >> /usr/include/sys/siginfo.h:259: error: parse error before "ctid_t" >> /usr/include/sys/siginfo.h:292: error: parse error before '}' token >> /usr/include/sys/siginfo.h:294: error: parse error before '}' token >> /usr/include/sys/siginfo.h:390: error: parse error before "ctid_t" >> >> Any ideas anyone? > > Julian, I found this on Google. Maybe this applies ? > > Just tried running it with the cc in SUNWspro and it produces the same error :-( I even linked /usr/local/bin/cc to /opt/SUNWspro/bin/cc to be sure it was using the right cc. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Sun May 7 15:00:21 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun May 7 15:00:26 2006 Subject: Spam Testing In-Reply-To: <20060507135859.237c42e9@cyborg> References: <20060507135859.237c42e9@cyborg> Message-ID: <223f97700605070700q4766b934n3e34dc42ff4b473@mail.gmail.com> On 07/05/06, --[UxBoD]-- wrote: > Hi, > > okay, my MailScanner installation is up and running and I believe that I have configured SpamAssassin okay. > > apart from waiting for some spam to come through is their any tests I can perform to ensure that it will actually capture them ? I have setup and > Learn-SPAM and Learn-HAM IMAP folders for my users, and have a cron job running to execute a sa-learn against them. > > I would love to learn and understand from peoples experience on best practice for configuration. > > Regards, > > Testing: http://wiki.mailscanner.info/doku.php?id=&idx=documentation:test_troubleshoot specifically http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:spam and http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:virus ... and perhaps most importantly (since I wrote it:-) http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mta:connexion Loads of good advice: http://wiki.mailscanner.info/doku.php?id=maq:index http://wiki.mailscanner.info/doku.php?id=best_practices Have fun reading:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mgt at stellarcore.net Sun May 7 15:14:17 2006 From: mgt at stellarcore.net (Mike Tremaine) Date: Sun May 7 15:14:32 2006 Subject: SPARC Solaris 10? In-Reply-To: <200605071102.k47B23tE004292@bkserver.blacknight.ie> References: <200605071102.k47B23tE004292@bkserver.blacknight.ie> Message-ID: <1147011257.3212.6.camel@dwarfstar.stellarcore.net> On Sun, 2006-05-07 at 12:02 +0100, mailscanner- request@lists.mailscanner.info wrote: > From: Julian Field > Subject: SPARC Solaris 10? > To: MailScanner discussion > Message-ID: <445CF99C.5080302@ecs.soton.ac.uk> > Content-Type: text/plain; charset="ISO-8859-1" > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Anyone running on SPARC on Solaris 10? > I'm having nightmare installation problems with MIME::Base64, > HTML::Parser and Filesys::Df, and pretty much any module including C > code. > Any hints? > I have already found the --arch=v8 switch and added it to the > installer. > This will be in the next release. > > Getting parse errors in standard header files, using GCC. > :-( Did you remember about perlgcc? [mgt@hypernova ~]$ which perlgcc /usr/perl5/bin/perlgcc [mgt@hypernova ~]$ uname -a SunOS hypernova 5.10 Generic_118833-03 sun4u sparc SUNW,UltraAX-i2 Without it all perl modules will look for the Sun Compiler. -Mike From MailScanner at ecs.soton.ac.uk Sun May 7 15:22:03 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun May 7 15:22:19 2006 Subject: SPARC Solaris 10? In-Reply-To: <1147011257.3212.6.camel@dwarfstar.stellarcore.net> References: <200605071102.k47B23tE004292@bkserver.blacknight.ie> <1147011257.3212.6.camel@dwarfstar.stellarcore.net> Message-ID: <445E028B.4020008@ecs.soton.ac.uk> Mike Tremaine wrote: > On Sun, 2006-05-07 at 12:02 +0100, mailscanner- > request@lists.mailscanner.info wrote: > >> From: Julian Field >> Subject: SPARC Solaris 10? >> To: MailScanner discussion >> Message-ID: <445CF99C.5080302@ecs.soton.ac.uk> >> Content-Type: text/plain; charset="ISO-8859-1" >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Anyone running on SPARC on Solaris 10? >> I'm having nightmare installation problems with MIME::Base64, >> HTML::Parser and Filesys::Df, and pretty much any module including C >> code. >> Any hints? >> I have already found the --arch=v8 switch and added it to the >> installer. >> This will be in the next release. >> >> Getting parse errors in standard header files, using GCC. >> :-( >> > > Did you remember about perlgcc? > > [mgt@hypernova ~]$ which perlgcc > /usr/perl5/bin/perlgcc > [mgt@hypernova ~]$ uname -a > SunOS hypernova 5.10 Generic_118833-03 sun4u sparc SUNW,UltraAX-i2 > > Without it all perl modules will look for the Sun Compiler. > I have just ripped apart my install.tar-fns.sh script and it's started to work! Yay, and thanks to whoever it was who pointed me towards SUNWspro. I didn't realise it was free these days :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mgt at stellarcore.net Sun May 7 15:24:09 2006 From: mgt at stellarcore.net (Mike Tremaine) Date: Sun May 7 15:24:18 2006 Subject: SPARC Solaris 10? In-Reply-To: <200605071102.k47B23tE004292@bkserver.blacknight.ie> References: <200605071102.k47B23tE004292@bkserver.blacknight.ie> Message-ID: <1147011850.3212.14.camel@dwarfstar.stellarcore.net> On Sun, 2006-05-07 at 12:02 +0100, mailscanner- request@lists.mailscanner.info wrote: > From: John Rudd > Subject: Re: SPARC Solaris 10? > To: MailScanner discussion > Message-ID: <34aea41fe2225c9ecf008683a39cea43@ucsc.edu> > Content-Type: text/plain; charset=US-ASCII; format=flowed > > > In fall, I was trying to use the new x4100 boxes they have (which is > Intel not Sparc, but it was still Solaris 10). I couldn't get ANY > perl > modules to install via CPAN. I wound up (after running dangerously > close to my deliverable date) trading those machines with one of my > peers, and took his 410's, and installing Solaris 8 on them instead. > > Once I get some spare time, I hope to sit down and just beat on > Solaris > 10 for a while (intel and sparc) ... but if it continues to be that > degree of annoyance, I may decide it's more annoying than Linux (a > _huge_ statement for me) and abandon Solaris 10 for some Linux distro. Ouch :/... As I mentioned in my other post perlgcc is what you want. To use CPAN you do perlgcc -MCPAN -e shell It's annoying to remember but Sun has it's own compiler that they use to build everything including Perl so without this you will fail on all builds with gcc [related to perl]. Also long as I'm typing I should also say you'll want to edit /var/svc/manifest/network/smtp-sendmail.xml and /lib/svc/method/smtp-sendmail If you want to to get MailScanner running from the sendmail startup scripts. Solaris 10 is nice, there is a learning curve involved in it but over all I recommend using it on SPARC hardware that supports it. [ I'm not Solaris X86 fan, you got X86 use a BSD or Linux ;) ] Good Luck. -Mike From randyf at sibernet.com Sun May 7 17:16:50 2006 From: randyf at sibernet.com (randyf@sibernet.com) Date: Sun May 7 17:17:46 2006 Subject: SPARC Solaris 10? In-Reply-To: <1147011850.3212.14.camel@dwarfstar.stellarcore.net> References: <200605071102.k47B23tE004292@bkserver.blacknight.ie> <1147011850.3212.14.camel@dwarfstar.stellarcore.net> Message-ID: On Sun, 7 May 2006, Mike Tremaine wrote: > > Ouch :/... As I mentioned in my other post perlgcc is what you want. To > use CPAN you do > > perlgcc -MCPAN -e shell > > It's annoying to remember but Sun has it's own compiler that they use to > build everything including Perl so without this you will fail on all > builds with gcc [related to perl]. Perl in S10 is built to allow for modules to be compiled with either the Studio compiler or gcc. It even provides gcc in /usr/sfw. As I mentioned in a previous message, I have successfully installed Perl modules into the Sun Perl distro using the gcc in /usr/sfw, and one that I obtained via blastwave. Making sure that OPTIMIZE, CCFLAGS, and CCCDLFAGS are all cleared as arguments to Makefile.PL solves any compiler incompatibilities. > > Also long as I'm typing I should also say you'll want to edit > > /var/svc/manifest/network/smtp-sendmail.xml > and > /lib/svc/method/smtp-sendmail > > If you want to to get MailScanner running from the sendmail startup > scripts. NO! Dont edit the original Solaris manifest _or_ method! This will cause you great pain should you ever upgrade or patch the system. If you want to change the manifest or method, copy them somewhere (say to /opt/MailScanner, or better yet, create an /etc/MailScanner and put it there), edit these files, and import the the new manifest to use the new methods. rf From randyf at sibernet.com Sun May 7 17:48:47 2006 From: randyf at sibernet.com (randyf@sibernet.com) Date: Sun May 7 17:49:49 2006 Subject: SPARC Solaris 10? In-Reply-To: References: <200605071102.k47B23tE004292@bkserver.blacknight.ie> <1147011850.3212.14.camel@dwarfstar.stellarcore.net> Message-ID: On Sun, 7 May 2006, randyf@sibernet.com wrote: >> Also long as I'm typing I should also say you'll want to edit >> >> /var/svc/manifest/network/smtp-sendmail.xml >> and >> /lib/svc/method/smtp-sendmail >> >> If you want to to get MailScanner running from the sendmail startup >> scripts. > > NO! Dont edit the original Solaris manifest _or_ method! This will cause > you great pain should you ever upgrade or patch the system. > > If you want to change the manifest or method, copy them somewhere (say to > /opt/MailScanner, or better yet, create an /etc/MailScanner and put it > there), edit these files, and import the the new manifest to use the new > methods. > For those that may actually want to try MailScanner on S10 (and use the Sun versions of the tools), I have attached a manifest and method that can be used with MailScanner (maybe Julian will be interested in putting them in the contrib space). The scripts and instructions expect that the manifest and method will reside in the directory /etc/MailScanner/smf. The method assumes MailScanner to reside in /opt/MailScanner. You will need to update the manifest (the .xml file) if you put the method elsewhere, and tne method (the non-.xml file) if MailScanner is elsewhere. Note, that putting all the MailScanner config files in /etc allows for a single install of MailScanner should MailScanner be used in multiple Solaris zones. To change the manifest for Sendmail to the new manifest, simply do: # svcadm disable network/smtp # svccfg -s network/smtp svc:/network/smtp> import /etc/MailScanner/smf/ms-smtp-sendmail.xml svc:/network/smtp> quit # svcadm enable network/smtp To go back to the original Sun manifest, just change the "import" line to: svc:/network/smtp> import /var/svc/manifest/network/smtp-sendmail.xml rf -------------- next part -------------- #!/sbin/sh # # Copyright 2004 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # Modeled from the Sun distributed smtp-sendmail method. # . /lib/svc/share/smf_include.sh ERRMSG1='WARNING: /var/mail is NFS-mounted without setting actimeo=0,' ERRMSG2='this can cause mailbox locking and access problems.' SERVER_PID_FILE="/var/run/sendmail.pid" SERVER_PID_FILE2="/var/run/sendmail2.pid" CLIENT_PID_FILE="/var/spool/clientmqueue/sm-client.pid" DEFAULT_FILE="/etc/default/sendmail" ALIASES_FILE="/etc/mail/aliases" check_queue_interval_syntax() { default="15m" if [ $# -lt 1 ]; then answer=$default return fi if echo $1 | egrep '^([0-9]*[1-9][0-9]*[smhdw])+$' >/dev/null 2>&1; then answer=$1 else answer=$default fi } check_and_kill() { PID=`head -1 $1` kill -0 $PID > /dev/null 2>&1 [ $? -eq 0 ] && kill $PID } case "$1" in 'refresh') [ -f $SERVER_PID_FILE ] && kill -1 `head -1 $SERVER_PID_FILE` [ -f $SERVER_PID_FILE2 ] && kill -1 `head -1 $SERVER_PID_FILE2` [ -f $CLIENT_PID_FILE ] && kill -1 `head -1 $CLIENT_PID_FILE` pkill -HUP MailScanner ;; 'start') if [ -f /usr/lib/sendmail -a -f /etc/mail/sendmail.cf ]; then if [ ! -d /var/spool/mqueue ]; then /usr/bin/mkdir -m 0750 /var/spool/mqueue /usr/bin/chown root:bin /var/spool/mqueue fi if [ ! -d /var/spool/mqueue.in ]; then /usr/bin/mkdir -m 0750 /var/spool/mqueue.in /usr/bin/chown root:bin /var/spool/mqueue.in fi if [ ! -f $ALIASES_FILE.db ] && [ ! -f $ALIASES_FILE.dir ] \ && [ ! -f $ALIASES_FILE.pag ]; then /usr/sbin/newaliases fi MODE="-bd" [ -f $DEFAULT_FILE ] && . $DEFAULT_FILE # # * MODE should be "-bd" or null (MODE= or MODE="") or # left alone. Anything else and you're on your own. # * QUEUEOPTION should be "p" or null (as above). # * [CLIENT]QUEUEINTERVAL should be set to some legal value; # sanity checks are done below. # * [CLIENT]OPTIONS are catch-alls; set with care. # if [ -n "$QUEUEOPTION" -a "$QUEUEOPTION" != "p" ]; then QUEUEOPTION="" fi if [ -z "$QUEUEOPTION" -o -n "$QUEUEINTERVAL" ]; then check_queue_interval_syntax $QUEUEINTERVAL QUEUEINTERVAL=$answer fi check_queue_interval_syntax $CLIENTQUEUEINTERVAL CLIENTQUEUEINTERVAL=$answer /usr/lib/sendmail $MODE -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in -O PidFile=$SERVER_PID_FILE2& /usr/lib/sendmail -q$QUEUEOPTION$QUEUEINTERVAL $OPTIONS & /usr/lib/sendmail -Ac -q$CLIENTQUEUEINTERVAL $CLIENTOPTIONS & # # ETRN_HOSTS should be of the form # "s1:c1.1,c1.2 s2:c2.1 s3:c3.1,c3.2,c3.3" # i.e., white-space separated groups of server:client where # client can be one or more comma-separated names; N.B. that # the :client part is optional; see etrn(1M) for details. # server is the name of the server to prod; a mail queue run # is requested for each client name. This is comparable to # running "/usr/lib/sendmail -qRclient" on the host server. # # See RFC 1985 for more information. # for i in $ETRN_HOSTS; do SERVER=`echo $i | /usr/bin/sed -e 's/:.*$//'` CLIENTS=`echo $i | /usr/bin/sed -n -e 's/,/ /g' \ -e '/:/s/^.*://p'` /usr/sbin/etrn -b $SERVER $CLIENTS >/dev/null 2>&1 & done # # Start MailScanner # /opt/MailScanner/bin/check_mailscanner fi if /usr/bin/nawk 'BEGIN{s = 1} $2 == "/var/mail" && $3 == "nfs" && $4 !~ /actimeo=0/ && $4 !~ /noac/{s = 0} END{exit s}' /etc/mnttab; then /usr/bin/logger -p mail.crit "$ERRMSG1" /usr/bin/logger -p mail.crit "$ERRMSG2" fi ;; 'stop') [ -f $SERVER_PID_FILE ] && check_and_kill $SERVER_PID_FILE [ -f $SERVER_PID_FILE2 ] && check_and_kill $SERVER_PID_FILE2 if [ -f $CLIENT_PID_FILE ]; then check_and_kill $CLIENT_PID_FILE rm -f $CLIENT_PID_FILE fi /usr/bin/pkill -15 -x -u 0 MailScanner # Need to kill the entire service contract to kill all sendmail related # processes smf_kill_contract $2 TERM 1 30 ret=$? [ $ret -eq 1 ] && exit 1 # Since sendmail spawns user processes out of .forward files, it is # possible that some of these are not responding to TERM. If the # contract did not empty after TERM, move on to KILL. if [ $ret -eq 2 ] ; then smf_kill_contract $2 KILL 1 fi ;; *) echo "Usage: $0 { start | stop | refresh }" exit 1 ;; esac exit 0 -------------- next part -------------- From bob.jones at usg.edu Sun May 7 18:53:14 2006 From: bob.jones at usg.edu (Bob Jones) Date: Sun May 7 18:53:21 2006 Subject: SPARC Solaris 10? In-Reply-To: <445E028B.4020008@ecs.soton.ac.uk> References: <200605071102.k47B23tE004292@bkserver.blacknight.ie> <1147011257.3212.6.camel@dwarfstar.stellarcore.net> <445E028B.4020008@ecs.soton.ac.uk> Message-ID: <445E340A.2040906@usg.edu> Thus spake Julian Field, with impeccable timing on 5/7/2006 10:22 AM: > > I have just ripped apart my install.tar-fns.sh script and it's started > to work! > Yay, and thanks to whoever it was who pointed me towards SUNWspro. I > didn't realise it was free these days :-) While you're ripping apart your install script, I'd like to reiterate a suggestion I made while you were gone. With your install script, you have the option of telling it where the perl you want to use lives. However, the actual MailScanner internals all seem to use #!/usr/bin/perl which means if that's not the perl you want to use, you have to have a link from there to the perl you did use. Your install script should change the MailScanner perl scripts to point to the perl you give it during installation time. If it doesn't, there's no point to having an option to specify the perl location at all since you would be forced into using /usr/bin/perl anyway. Thanks, -- Bob Jones bob.jones@usg.edu OIIT, The Board of Regents The University System of Georgia From rob at robhq.com Sun May 7 19:00:36 2006 From: rob at robhq.com (Rob Freeman) Date: Sun May 7 19:00:35 2006 Subject: Open source mailserver In-Reply-To: References: Message-ID: <445E35C4.4080402@robhq.com> I have been running it along with MailScanner on the same server for a few weeks now with good success. The community edition allows for 25 premium users which is fine for me home use of 3 users. Rob kte@nexis.be wrote: > > I also found scalix had a community edition. Anyone any experience > with that one? > > Koen > > > > *Lance Haig * > Sent by: mailscanner-bounces@lists.mailscanner.info > > 07/05/2006 11:33 > Please respond to > MailScanner discussion > > > > To > MailScanner discussion > cc > > Subject > Re: Open source mailserver > > > > > > > > > > Try Hula, > _ > __www.hula.org_ . > This is the Open source port of Novell's netmail which I use and it > runs on almost any OS. > some of the features are not available yet but for what you need it > seems the perfect fit. > > Regards > > Lance > > _ > __kte@nexis.be_ wrote: > > I want to install an opensource mailserver on linux wit about 1600 > users who send or receive about 10 messages a day for each user. He > must have a web based admin + quota management + webclient + > connecting from an outlook client (imap, pop3). I there an easy > install/stable/configure open source mailserver that has these functions? > I' looking at openexchange, zimbra, more.groupware? But I don't have > experience + they have more the just a mailserver + webclient > > Thanks Koen > > > -- > This message has been scanned for viruses and > dangerous content by *_Red Armour MailScanner_* > , and is > believed to be clean. -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > ------------------------------------------------------------------------ > > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.392 / Virus Database: 268.5.5/333 - Release Date: 5/5/2006 > From steve.swaney at fsl.com Sun May 7 19:17:32 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Sun May 7 19:17:44 2006 Subject: opm.blitzed.org shut down Message-ID: <002501c67202$824dddc0$2901010a@office.fsl> I just received notification on another list that opm.blitzed.org has shut down. I can't confirm but I can't reach their web site. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From kte at nexis.be Sun May 7 22:32:26 2006 From: kte at nexis.be (kte@nexis.be) Date: Sun May 7 22:33:10 2006 Subject: Open source mailserver In-Reply-To: <445E35C4.4080402@robhq.com> Message-ID: But I need about 1600 users will my dual core server with 4 GB ram hold it?? Koen Rob Freeman Sent by: mailscanner-bounces@lists.mailscanner.info 07/05/2006 20:00 Please respond to MailScanner discussion To MailScanner discussion cc Subject Re: Open source mailserver I have been running it along with MailScanner on the same server for a few weeks now with good success. The community edition allows for 25 premium users which is fine for me home use of 3 users. Rob kte@nexis.be wrote: > > I also found scalix had a community edition. Anyone any experience > with that one? > > Koen > > > > *Lance Haig * > Sent by: mailscanner-bounces@lists.mailscanner.info > > 07/05/2006 11:33 > Please respond to > MailScanner discussion > > > > To > MailScanner discussion > cc > > Subject > Re: Open source mailserver > > > > > > > > > > Try Hula, > _ > __www.hula.org_ . > This is the Open source port of Novell's netmail which I use and it > runs on almost any OS. > some of the features are not available yet but for what you need it > seems the perfect fit. > > Regards > > Lance > > _ > __kte@nexis.be_ wrote: > > I want to install an opensource mailserver on linux wit about 1600 > users who send or receive about 10 messages a day for each user. He > must have a web based admin + quota management + webclient + > connecting from an outlook client (imap, pop3). I there an easy > install/stable/configure open source mailserver that has these functions? > I' looking at openexchange, zimbra, more.groupware? But I don't have > experience + they have more the just a mailserver + webclient > > Thanks Koen > > > -- > This message has been scanned for viruses and > dangerous content by *_Red Armour MailScanner_* > , and is > believed to be clean. -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > ------------------------------------------------------------------------ > > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.392 / Virus Database: 268.5.5/333 - Release Date: 5/5/2006 > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060507/0274c256/attachment.html From smcguane at mailshield.com.au Mon May 8 02:00:17 2006 From: smcguane at mailshield.com.au (ShaunM [MailShield]) Date: Mon May 8 02:00:29 2006 Subject: Open source mailserver In-Reply-To: Message-ID: <200605080100.k4810Q6L015335@bkserver.blacknight.ie> Hi guys, I recently installed a new centos 4.3 - mailscanner/mailwatch box which im using as a test solution to move away from cpanel. However upon starting this I get 2 errors when I tail the maillog. I know these errors may not be directly related to each product mailscanner or mailwatch but I thought I would ask anyway. Unable to initialise database connection: Access denied for user 'mailwatch'@'localhost' (using password: YES) --> I know what this problem is but unsure of the command on how to setup a user/pass for mailwatch@localhost in the sql database. Anyones help would be appreciated? Could not use Custom Function code MailScanner::CustomConfig::InitMailWatchLogging, it could not be "eval"ed. Make sure the module is correct with perl -wc --> I do not know what this error is about. Anyone? Thanks Guys Shaun --------------------------------------------------------------------------------------------------------- This message has been scanned for viruses and malicious content by MailShield http://www.mailshield.com.au -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060508/56b2c7f7/attachment.html From smcguane at mailshield.com.au Mon May 8 02:15:59 2006 From: smcguane at mailshield.com.au (ShaunM [MailShield]) Date: Mon May 8 02:16:11 2006 Subject: Error In MailScanner - Maillog on Startup In-Reply-To: <200605080100.k4810Q6L015335@bkserver.blacknight.ie> Message-ID: <200605080116.k481G7Jl015655@bkserver.blacknight.ie> Hi guys, I recently installed a new centos 4.3 - mailscanner/mailwatch box which im using as a test solution to move away from cpanel. However upon starting this I get 2 errors when I tail the maillog. I know these errors may not be directly related to each product mailscanner or mailwatch but I thought I would ask anyway. Unable to initialise database connection: Access denied for user 'mailwatch'@'localhost' (using password: YES) --> I know what this problem is but unsure of the command on how to setup a user/pass for mailwatch@localhost in the sql database. Anyones help would be appreciated? Could not use Custom Function code MailScanner::CustomConfig::InitMailWatchLogging, it could not be "eval"ed. Make sure the module is correct with perl -wc --> I do not know what this error is about. Anyone? Thanks Guys Shaun ---------------------------------------------------------------------------- - This message has been scanned for viruses and malicious content by MailShield http://www.mailshield.com.au --------------------------------------------------------------------------------------------------------- This message has been scanned for viruses and malicious content by MailShield http://www.mailshield.com.au -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060508/d4250d65/attachment-0001.html From admin at thenamegame.com Mon May 8 02:20:14 2006 From: admin at thenamegame.com (Michael S.) Date: Mon May 8 02:20:09 2006 Subject: Errors installing Mailscanner on Freebsd from ports In-Reply-To: <200605062317.k46NHFIo007763@bkserver.blacknight.ie> Message-ID: <200605080120.k481K7KF015804@bkserver.blacknight.ie> Can somebody give me some pointers on this please??? _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Michael S. Sent: Saturday, May 06, 2006 7:18 PM To: mailscanner@lists.mailscanner.info Subject: Errors installing Mailscanner on Freebsd from ports I can't seem to get a successful install of MailScanner on Freebsd 5.4, At the end of the installation I receive an ERROR CODE 1 I tried to deinstall it but it won't let me. cd /usr/ports/mail/mailscanner make deinstall make deinstall ===> Deinstalling for mail/mailscanner pkg_info: package bsdpan-Class-Std-Utils-v0.0.2 has no origin recorded pkg_info: package bsdpan-Class-Std-v0.0.8 has no origin recorded pkg_info: package bsdpan-Filesys-Statvfs_Statfs_Df-0.79 has no origin recorded pkg_info: package bsdpan-GDGraph-1.4307 has no origin recorded pkg_info: package bsdpan-GDTextUtil-0.86 has no origin recorded pkg_info: package bsdpan-IO-Interactive-v0.0.3 has no origin recorded pkg_info: package bsdpan-Net_SSLeay.pm-1.30 has no origin recorded pkg_info: package bsdpan-ShadowHash-0.07 has no origin recorded pkg_info: package bsdpan-Term-ReadLine-Perl-1.03 has no origin recorded pkg_info: package bsdpan-TermReadKey-2.30 has no origin recorded pkg_info: package bsdpan-Tie-Watch-1.2 has no origin recorded pkg_info: package bsdpan-Tree-MultiNode-1.0.10 has no origin recorded pkg_info: package bsdpan-Unix-PID-v0.0.6 has no origin recorded pkg_info: package bsdpan-libwww-perl-5.805 has no origin recorded ===> MailScanner not installed, skipping Then I try to reinstall it. Make install ===> Warning: your umask is "0077". If this is not desired, set it to an appropriate value and install this port again by ``make reinstall''. # # Step 1: Install bin files # install -o root -g wheel -m 555 /usr/ports/mail/mailscanner/work/MailScanner-install-4.53.8/bin/MailScanner /usr/local/sbin/mailscanner /bin/ln -s /usr/local/sbin/mailscanner /usr/local/sbin/MailScanner ln: /usr/local/sbin/MailScanner: File exists *** Error code 1 Stop in /usr/ports/mail/mailscanner. When I de install it isn't it supposed to remove the entire installation instead of complaining that the file already exists??? Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060507/44bd8130/attachment.html From jaearick at colby.edu Mon May 8 02:29:47 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon May 8 02:33:18 2006 Subject: SPARC Solaris 10? In-Reply-To: <445E028B.4020008@ecs.soton.ac.uk> References: <200605071102.k47B23tE004292@bkserver.blacknight.ie> <1147011257.3212.6.camel@dwarfstar.stellarcore.net> <445E028B.4020008@ecs.soton.ac.uk> Message-ID: On Sun, 7 May 2006, Julian Field wrote: >> >> Did you remember about perlgcc? >> >> [mgt@hypernova ~]$ which perlgcc >> /usr/perl5/bin/perlgcc >> [mgt@hypernova ~]$ uname -a >> SunOS hypernova 5.10 Generic_118833-03 sun4u sparc SUNW,UltraAX-i2 >> >> Without it all perl modules will look for the Sun Compiler. >> > > I have just ripped apart my install.tar-fns.sh script and it's started to > work! > Yay, and thanks to whoever it was who pointed me towards SUNWspro. I didn't > realise it was free these days :-) No problem. I don't know why they don't just make SUNWspro part of S10 now that its free. FWIW, I don't use Sun's version of perl. I build and install the public-domain version, and make sure that it is /usr/bin/perl. I specifically delete the SUNWCperl cluster in my jumpstart setup for Solaris 10. In fact, I delete a lot of clusters and packages in my default S10 install, such as GNOME, apache, perl, sendmail, mozilla, etc. It makes the install footprint much smaller and still gives me all of the server functionality I want. If I want things like sendmail or perl, I build and install the public-domain versions. Then I *know* what compiler and options got used and how they got there. More work up front but less guessing and hassle later on. I also build nearly all critical software items with SUNWspro. While GCC is a great compiler, I've sometimes had problems with GCC apps and Sun shared libs -- problems I don't have with SUNWspro. But some things won't build cleanly with SUNWspro, so GCC remains available. Jeff Earickson Colby College From raylund.lai at kankanwoo.com Mon May 8 03:06:03 2006 From: raylund.lai at kankanwoo.com (Raylund Lai) Date: Mon May 8 03:07:01 2006 Subject: Errors installing Mailscanner on Freebsd from ports In-Reply-To: <200605080120.k481K7KF015804@bkserver.blacknight.ie> References: <200605080120.k481K7KF015804@bkserver.blacknight.ie> Message-ID: <445EA78B.9090505@kankanwoo.com> Do your perl multi-threaded? -Raylund Michael S. wrote: > > Can somebody give me some pointers on this please??? > > ------------------------------------------------------------------------ > > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Michael S. > *Sent:* Saturday, May 06, 2006 7:18 PM > *To:* mailscanner@lists.mailscanner.info > *Subject:* Errors installing Mailscanner on Freebsd from ports > > I can?t seem to get a successful install of MailScanner on Freebsd 5.4, > > At the end of the installation I receive an > > ERROR CODE 1 > > I tried to deinstall it but it won?t let me. > > cd /usr/ports/mail/mailscanner > > make deinstall > > make deinstall > > ===> Deinstalling for mail/mailscanner > > pkg_info: package bsdpan-Class-Std-Utils-v0.0.2 has no origin recorded > > pkg_info: package bsdpan-Class-Std-v0.0.8 has no origin recorded > > pkg_info: package bsdpan-Filesys-Statvfs_Statfs_Df-0.79 has no origin > recorded > > pkg_info: package bsdpan-GDGraph-1.4307 has no origin recorded > > pkg_info: package bsdpan-GDTextUtil-0.86 has no origin recorded > > pkg_info: package bsdpan-IO-Interactive-v0.0.3 has no origin recorded > > pkg_info: package bsdpan-Net_SSLeay.pm-1.30 has no origin recorded > > pkg_info: package bsdpan-ShadowHash-0.07 has no origin recorded > > pkg_info: package bsdpan-Term-ReadLine-Perl-1.03 has no origin recorded > > pkg_info: package bsdpan-TermReadKey-2.30 has no origin recorded > > pkg_info: package bsdpan-Tie-Watch-1.2 has no origin recorded > > pkg_info: package bsdpan-Tree-MultiNode-1.0.10 has no origin recorded > > pkg_info: package bsdpan-Unix-PID-v0.0.6 has no origin recorded > > pkg_info: package bsdpan-libwww-perl-5.805 has no origin recorded > > ===> MailScanner not installed, skipping > > Then I try to reinstall it. > > Make install > > ===> Warning: your umask is "0077". > > If this is not desired, set it to an appropriate value > > and install this port again by ``make reinstall''. > > # > > # Step 1: Install bin files > > # > > install -o root -g wheel -m 555 > /usr/ports/mail/mailscanner/work/MailScanner-install-4.53.8/bin/MailScanner > /usr/local/sbin/mailscanner > > /bin/ln -s /usr/local/sbin/mailscanner /usr/local/sbin/MailScanner > > ln: /usr/local/sbin/MailScanner: File exists > > *** Error code 1 > > Stop in /usr/ports/mail/mailscanner. > > When I de install it isn?t it supposed to remove the entire > installation instead of complaining that the file already exists??? > > Thank you. > From smcguane at mailshield.com.au Mon May 8 03:23:47 2006 From: smcguane at mailshield.com.au (ShaunM [MailShield]) Date: Mon May 8 03:23:59 2006 Subject: Error In MailScanner - Maillog on Startup In-Reply-To: <200605080116.k481G7Jl015655@bkserver.blacknight.ie> Message-ID: <200605080223.k482NucB016874@bkserver.blacknight.ie> Problem has been solved. Thanks _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of ShaunM [MailShield] Sent: Monday, 8 May 2006 11:16 AM To: 'MailScanner discussion' Subject: RE: Error In MailScanner - Maillog on Startup Hi guys, I recently installed a new centos 4.3 - mailscanner/mailwatch box which im using as a test solution to move away from cpanel. However upon starting this I get 2 errors when I tail the maillog. I know these errors may not be directly related to each product mailscanner or mailwatch but I thought I would ask anyway. Unable to initialise database connection: Access denied for user 'mailwatch'@'localhost' (using password: YES) --> I know what this problem is but unsure of the command on how to setup a user/pass for mailwatch@localhost in the sql database. Anyones help would be appreciated? Could not use Custom Function code MailScanner::CustomConfig::InitMailWatchLogging, it could not be "eval"ed. Make sure the module is correct with perl -wc --> I do not know what this error is about. Anyone? Thanks Guys Shaun ---------------------------------------------------------------------------- - This message has been scanned for viruses and malicious content by MailShield http://www.mailshield.com.au ---------------------------------------------------------------------------- - This message has been scanned for viruses and malicious content by MailShield http://www.mailshield.com.au --------------------------------------------------------------------------------------------------------- This message has been scanned for viruses and malicious content by MailShield http://www.mailshield.com.au -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060508/97672b9c/attachment.html From admin at thenamegame.com Mon May 8 05:00:02 2006 From: admin at thenamegame.com (Michael S.) Date: Mon May 8 04:59:13 2006 Subject: Errors installing Mailscanner on Freebsd from ports In-Reply-To: <445EA78B.9090505@kankanwoo.com> Message-ID: <200605080359.k483xAMv019144@bkserver.blacknight.ie> I'm not sure what you mean. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Raylund Lai Sent: Sunday, May 07, 2006 10:06 PM To: MailScanner discussion Subject: Re: Errors installing Mailscanner on Freebsd from ports Do your perl multi-threaded? -Raylund Michael S. wrote: > > Can somebody give me some pointers on this please??? > > ------------------------------------------------------------------------ > > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Michael S. > *Sent:* Saturday, May 06, 2006 7:18 PM > *To:* mailscanner@lists.mailscanner.info > *Subject:* Errors installing Mailscanner on Freebsd from ports > > I can't seem to get a successful install of MailScanner on Freebsd 5.4, > > At the end of the installation I receive an > > ERROR CODE 1 > > I tried to deinstall it but it won't let me. > > cd /usr/ports/mail/mailscanner > > make deinstall > > make deinstall > > ===> Deinstalling for mail/mailscanner > > pkg_info: package bsdpan-Class-Std-Utils-v0.0.2 has no origin recorded > > pkg_info: package bsdpan-Class-Std-v0.0.8 has no origin recorded > > pkg_info: package bsdpan-Filesys-Statvfs_Statfs_Df-0.79 has no origin > recorded > > pkg_info: package bsdpan-GDGraph-1.4307 has no origin recorded > > pkg_info: package bsdpan-GDTextUtil-0.86 has no origin recorded > > pkg_info: package bsdpan-IO-Interactive-v0.0.3 has no origin recorded > > pkg_info: package bsdpan-Net_SSLeay.pm-1.30 has no origin recorded > > pkg_info: package bsdpan-ShadowHash-0.07 has no origin recorded > > pkg_info: package bsdpan-Term-ReadLine-Perl-1.03 has no origin recorded > > pkg_info: package bsdpan-TermReadKey-2.30 has no origin recorded > > pkg_info: package bsdpan-Tie-Watch-1.2 has no origin recorded > > pkg_info: package bsdpan-Tree-MultiNode-1.0.10 has no origin recorded > > pkg_info: package bsdpan-Unix-PID-v0.0.6 has no origin recorded > > pkg_info: package bsdpan-libwww-perl-5.805 has no origin recorded > > ===> MailScanner not installed, skipping > > Then I try to reinstall it. > > Make install > > ===> Warning: your umask is "0077". > > If this is not desired, set it to an appropriate value > > and install this port again by ``make reinstall''. > > # > > # Step 1: Install bin files > > # > > install -o root -g wheel -m 555 > /usr/ports/mail/mailscanner/work/MailScanner-install-4.53.8/bin/MailScanner > /usr/local/sbin/mailscanner > > /bin/ln -s /usr/local/sbin/mailscanner /usr/local/sbin/MailScanner > > ln: /usr/local/sbin/MailScanner: File exists > > *** Error code 1 > > Stop in /usr/ports/mail/mailscanner. > > When I de install it isn't it supposed to remove the entire > installation instead of complaining that the file already exists??? > > Thank you. > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From slwatts at winckworths.co.uk Mon May 8 08:37:10 2006 From: slwatts at winckworths.co.uk (Sam Luxford-Watts) Date: Mon May 8 08:37:39 2006 Subject: Sophos v5 Message-ID: Julian, I know we can carry on using V4 for now but any update as to when Sophos V5 support will likely to be written into Mailscanner? Thanks, Sam -----Original Message----- From: shrek-m@gmx.de [mailto:shrek-m@gmx.de] Sent: Friday, May 05, 2006 11:11 PM To: mailscanner@lists.mailscanner.info Subject: Re: Sophos v5 On 05.05.2006 18:44, Sam Luxford-Watts wrote: >I am trying to upgrade our elderly MailScanner server. I am installing on >CentOs4 and got most of it working except MS->Sophos. > >I have downloaded and installed Sophos 5.0.2. It installs fine using the >sophos install.sh script. The one suggested in the Mailscanner docs is now >outdated it seams. Sophos.install doesn?t work. > > http://lists.mailscanner.info/pipermail/mailscanner/2006-March/059542.html http://lists.mailscanner.info/pipermail/mailscanner/2006-March/059551.html i have no problems with sav5.x except that i do not know how i can tell ms how to use it. >Has anyone got MS working with Sophos v5.0.2? if so - how? > i did not tried, for now i have both installed. - sav4.x for ms (Sophos.install) - sav5.x for other use i do not know, perhaps is "generic" a solution for sav5.x, some help/hints would be great. - /etc/MailScanner/virus.scanners.conf - /usr/lib/MailScanner/generic-wrapper - /usr/lib/MailScanner/generic-autoupdate savscan = sav5.x sweep = sav3.x/4.x savscan.base = sweep (see below) a while ago i got some answers from sophos support: - die Optionen von sweep/savscan/savscan.base sind identisch my translation: "the sweep/savscan/savscan.base options are identical" savscan.base is the 'sweep' binary, which is called by savscan with some arguments (for example the location of the IDE files). I would avoid playing around in the engine directory as it is not something that anyone, especially customers should be playing with. roots crontab after sav5.x installation 47 * * * * /opt/sophos-av/bin/savupdate -- shrek-m -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- Winckworth Sherwood, ranked first in the Diversity League Table 2006 UK 100 Plus - a survey analysing ethnicity and gender in the legal profession, commissioned by the Black Solicitors Network and the Commission for Racial Equality. -------------- Winckworth Sherwood Solicitors and Parliamentary Agents, DX 148400 WESTMINSTER 5: 35 Great Peter Street, London SW1P 3LR. Telephone +44 (0)20 7593 5000 Fax +44 (0)20 7593 5099. www.winckworths.co.uk This email and any attachments are confidential and may be the subject of legal privilege. Any use, copying or disclosure other than by the intended recipient is unauthorised. If you have received this message in error, please notify the sender immediately via +44 (0)20 7593 5000 and delete this message from your computer and network. Winckworth Sherwood is regulated by the Law Society. A list of partners is available for inspection at the above address. From bsnottum at hkskole.no Mon May 8 08:50:31 2006 From: bsnottum at hkskole.no (bsnottum@hkskole.no) Date: Mon May 8 08:50:38 2006 Subject: Spamassassin exceeded time limit, not stopping spam Message-ID: <8993.62.97.226.98.1147074631.squirrel@hkskole.no> Hallo! I am running mailscanner-4.44.6-2 on fc2 - yes I know it is old and I will set up a new server shortly. Anyway I have a problem with spamassassin that I really need to solve before I build the new server. My problem is that spamassassin does not stop spam! In the mail-header it says: not spam - exceeded time limit. If I restart mailscanner it works for a while - a few minutes, but after this the error starts again. Can anyone tell me what is going wrong here? Regards Bjorn From james at grayonline.id.au Mon May 8 09:07:35 2006 From: james at grayonline.id.au (James Gray) Date: Mon May 8 09:08:10 2006 Subject: Spamassassin exceeded time limit, not stopping spam In-Reply-To: <8993.62.97.226.98.1147074631.squirrel@hkskole.no> References: <8993.62.97.226.98.1147074631.squirrel@hkskole.no> Message-ID: <200605081807.38649.james@grayonline.id.au> On Mon, 8 May 2006 17:50, bsnottum@hkskole.no wrote: > Hallo! > > I am running mailscanner-4.44.6-2 on fc2 - yes I know it is old and I > will set up a new server shortly. Anyway I have a problem with > spamassassin that I really need to solve before I build the new server. > > My problem is that spamassassin does not stop spam! In the mail-header it > says: not spam - exceeded time limit. If I restart mailscanner it works > for a while - a few minutes, but after this the error starts again. > > Can anyone tell me what is going wrong here? These errors are usually due to either an RBL timing out or a spamassassin plugin (helper) not configured correctly, eg, pyzor, razor2, dcc etc. Best plan is to run a lint test with full debug output: spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf --lint -D 2>&1 | less (all on one line). Watch the shell redirection (2>&1) - as written above will probably bork on standard Bourne shells ("sh") but should work fin in bash/zsh. Have a GOOD look at the output, and hunt down anything that refers to time outs, crashes, missing configs, etc. Keep in mind time outs can be due to firewalls blocking traffic to/from the helpers etc. RBL's are generally implemented with DNS (tcp+udp/53). Spamassassin's wiki has some good articles on what ports are required for different helpers (I believe the MailScanner wiki also has a page dedicated to this area too). If in doubt post back the lint results here and/or the spamassassin list. Cheers, James -- I want you to organize my PASTRY trays ... my TEA-TINS are gleaming in formation like a ROW of DRUM MAJORETTES -- please don't be FURIOUS with me -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060508/f4a76819/attachment.bin From glenn.steen at gmail.com Mon May 8 09:17:56 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon May 8 09:17:58 2006 Subject: Open source mailserver In-Reply-To: <200605080100.k4810Q6L015335@bkserver.blacknight.ie> References: <200605080100.k4810Q6L015335@bkserver.blacknight.ie> Message-ID: <223f97700605080117l39c9c7b6oe783ebd0af9db3ac@mail.gmail.com> On 08/05/06, ShaunM [MailShield] wrote: > > Hi guys, > > I recently installed a new centos 4.3 - mailscanner/mailwatch box which im > using as a test solution to move away from cpanel. > > However upon starting this I get 2 errors when I tail the maillog. I know > these errors may not be directly related to each product > mailscanner or mailwatch but I thought I would ask anyway. > > > Unable to initialise database connection: Access denied for user > 'mailwatch'@'localhost' (using password: YES) > > ? I know what this problem is but unsure of the command on how to setup a > user/pass for mailwatch@localhost in the sql database. Anyones help > would be appreciated? > > Could not use Custom Function code > MailScanner::CustomConfig::InitMailWatchLogging, it could > not be "eval"ed. Make sure the module is correct with perl ?wc > > ? I do not know what this error is about. Anyone? > > Thanks Guys > > Shaun > What does this have to do with the subject? Why didn't you start your own thread? And why are you asking about MailWatch in the MailScanner list, when (and I know you know this) MailWatch has its own mailing list? Anyway, the first one is covered in the install instructions for MailWatch. You can't miss it. The second is likely due to MailScanner reading the same MailWatch.pm twice, either because you have it in /usr/lib/MailScanner/MailScanner/CustomFunctions/ and also use the "old-style" require (which you shouldn't), or because you have two copies of MailWatch.pm in /usr/lib/MailScanner/MailScanner/CustomFunctions/ (Some wellknown editors tend to "sh*t where they eat"... creating backup files like MailWatch.pm~) ... which will get you this error. If none of that apply, then do as it says, run perl -wc on it ... and move over to the MailWatch list;-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martinh at solid-state-logic.com Mon May 8 09:37:03 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon May 8 09:37:19 2006 Subject: Sample Exim config file In-Reply-To: <445D86D9.9010205@mailing.kaufland-informationssysteme.com> Message-ID: <013401c6727a$96fb0e50$3004010a@martinhlaptop> Matthias Follow the instructions in the wiki - you'll need two configs as described. If you're still unsure ask here again... As for exim doccy - yes there is lack of examples in the online stuff..the new docs at the top of main web page (exim specification and filter spec are better) and the book is extremely useful. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Matthias Sutter > Sent: 07 May 2006 06:34 > To: MailScanner discussion > Subject: Sample Exim config file > > Hello, > > can sombody send me a simple MS ready Exim config file? > > And know sombody a clear and easy to understand exim documentation? > > Thanks in advanced > > Matthias > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From G.Pentland at soton.ac.uk Mon May 8 10:00:09 2006 From: G.Pentland at soton.ac.uk (Pentland G.) Date: Mon May 8 10:00:17 2006 Subject: SPARC Solaris 10? Message-ID: <71437982F5B13A4D9A5B2669BDB89EE403A84E28@ISS-CL-EX-V1.soton.ac.uk> From an earlier conversation that was off list... If you need a hand with SMF let me know, basics are... 1. Stick a normal init script in /lib/svc/method 2. Copy the xml for telnet or something, from /var/svc/manifest 3. Put that in /var/svc/manifest/site> 4. edit the obvious stuff Then "svccfg import " Should be fine. NEVER change any Sun supplied manifests, as soon as you do that you will be in a world of trouble if you install patches with reading every file in them. The Sun supplied manifests do and will change with patch installs. Also the sendmail.cf has done in the past with Sun patches, so make those backups before you install any patches! When I get can get a wiki login I'll add this in more detail. I hope that will save someone some grief! Gary BTW Recovering SMF from a database corruption is a nightmare! From prandal at herefordshire.gov.uk Mon May 8 10:07:37 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon May 8 10:08:00 2006 Subject: Updates Script to fetch Steve Basford's Phihing Sigs for ClamAV Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580CC0B081@isabella.herefordshire.gov.uk> Folks, Steve Basford has a ClamAV phishing database over at http://www.sanesecurity.com/clamav/ and has recently updated his site to provide a gzipped version of the file. The attached script is a modified version of the one I posted to this list back in March. This version uses curl to fetch newer versions of the gzipped database. It should be run no more than once hourly, and Steve says that 4 times a day is sufficient. Can people using the old script please update to this one to save the load on Steve's server. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK -------------- next part -------------- A non-text attachment was scrubbed... Name: get_phish_sigs Type: application/octet-stream Size: 1099 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060508/9686a5c1/get_phish_sigs.obj From Peter.Bates at lshtm.ac.uk Mon May 8 13:11:21 2006 From: Peter.Bates at lshtm.ac.uk (Peter Bates) Date: Mon May 8 13:12:03 2006 Subject: Submitting phishing reports (with Postfix) Message-ID: <445F43790200007600004CA7@193.63.251.15> Hello all... As with most people, we see a reasonable amount of Phishing scams from one day to the next. ClamAV spots a fair few, which end up quarantined and then (as I'm using Postfix) stored as Postfix queue files. This method is fine for resubmitting to the 'intended' recipient, but I quite fancy occasionally reporting some of the worse offenders. My questions are: - are there any 'central' antiphishing sites I can point any report at (I've seen millersmiles.co.uk, for instance) - how to extract something from the Postfix queue file to send and then fire off from the box itself (thereby avoiding the content filtering). postcat xxxxx > file reallly includes a lot of stuff I shouldn't be sending on to anyone else. Is anyone doing this? ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 From kbjo at interpost.no Mon May 8 13:47:40 2006 From: kbjo at interpost.no (Knut Bjornstad) Date: Mon May 8 13:47:43 2006 Subject: Spamassassin cache loop Message-ID: <20060508144740.A28384@akkar.interpost.no> We have a problem with our MailScanner installations - a small part of the traffic get stuck in the Spamassassin cache and loops back to the hold queue for reprossessing. This happens to ordinary mail, I am not sure if any of them is spam. The loop is not infinite thou, most of the cases escape after a few hundred iterations. But there are som mails that has been stuck for months. We have quite a lot of mail going through our MailScanner filters, so I have not given this attention before the last days. But the load on the boxes (we have several running in parallell), kept increasing very slowly. I was not able to reset the cache in any way. My knowledge of SQLite and sql bases in general are very limited, but at last I managed to reset the base on one of the boxes by overwriting it with an empty base! This had no effect, the looping continued. At last I stopped it by removing the offending mails from the hold queue. Then the load (as reported by uptime) on the boxes fell immediately. Here is some obeservations I have made: The log gets lines like this: "May 8 00:08:04 xxxx MailScanner[882]: SpamAssassin cache hit for message A3C3B310132.D0C33" where the last part of the session-id varies as the mail is put back in the hold queue I have found no particular type of mail that gets caught - but all of them have a few MIME components. When I remove a mail, and then put it back in the hold queue, without any modification, it got sent immidiately! Our installation: postfix postfix-2.2.1 and 2.1.5 on Suse Linux (the behaviour occurs on both versions) MailScanner 4.50.15 spamassassin 3.0.4 ClamAV 0.88.1 I wonder if this problem can be rectified by upgrading MailScanner, or by changing the cache parameters (but the config comment says you shouldn't ordinarily do this) I would appreciate any comment. -- --Knut Bjornstad -- IKTDriftstjenester, ErgoGroup AS ---Oslo, Norway------- --kbjo@interpost.no -- t:47 23 14 53 36 -- mob: 901 15 917 -- From steve.swaney at fsl.com Mon May 8 14:16:23 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Mon May 8 14:16:36 2006 Subject: Spamassassin cache loop In-Reply-To: <20060508144740.A28384@akkar.interpost.no> Message-ID: <051101c672a1$9aebe5d0$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Knut Bjornstad > Sent: Monday, May 08, 2006 8:48 AM > To: mailscanner@lists.mailscanner.info > Subject: Spamassassin cache loop > > We have a problem with our MailScanner installations - a small part of > the traffic get stuck in the Spamassassin cache and loops back to > the hold queue for reprossessing. This happens to ordinary mail, I am > not sure if any of them is spam. The loop is not infinite thou, most of > the cases escape after a few hundred iterations. But there are som mails > that has been stuck for months. > > We have quite a lot of mail going through our MailScanner filters, so I > have not given this attention before the last days. But the load on the > boxes (we have several running in parallell), kept increasing very > slowly. I was not able to reset the cache in any way. My knowledge of > SQLite and sql bases in general are very limited, but at last I managed > to reset the base on one of the boxes by overwriting it with an empty > base! > This had no effect, the looping continued. At last I stopped it by > removing the > offending mails from the hold queue. Then the load (as reported by > uptime) on the boxes fell immediately. > > Here is some obeservations I have made: > The log gets lines like this: > "May 8 00:08:04 xxxx MailScanner[882]: SpamAssassin cache hit for > message A3C3B310132.D0C33" where the last part of the session-id varies > as the mail is put back in the hold queue > > I have found no particular type of mail that gets caught - but all of them > have > a few MIME components. > > When I remove a mail, and then put it back in the hold queue, without > any modification, it got sent immidiately! > > Our installation: > postfix postfix-2.2.1 and 2.1.5 on Suse Linux (the behaviour occurs on > both versions) > MailScanner 4.50.15 > spamassassin 3.0.4 > ClamAV 0.88.1 > > I wonder if this problem can be rectified by upgrading MailScanner, or > by changing the cache parameters (but the config comment says you > shouldn't ordinarily do this) > > I would appreciate any comment. > -- I believe this is a known problem which can be fixed by upgrading. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From P.G.M.Peters at utwente.nl Mon May 8 15:38:33 2006 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Mon May 8 15:38:38 2006 Subject: MailScanner 4.53.6 stops with alarm clock Message-ID: <445F57E9.10600@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Since a couple of days MailScanner seems to get killed. Setting MailScanner to debug gives the following messages They end with: Not forking Ignore errors about failing to find EOCD signature Alarm clock Strace ends in: ioctl(69, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbfffcfb8) = -1 EINVAL (Invalid argument) _llseek(69, 0, 0xbfffcff0, SEEK_CUR) = -1 ESPIPE (Illegal seek) ioctl(70, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbfffcfb8) = -1 EINVAL (Invalid argument) _llseek(70, 0, 0xbfffcff0, SEEK_CUR) = -1 ESPIPE (Illegal seek) fcntl64(69, F_SETFD, FD_CLOEXEC) = 0 fcntl64(70, F_SETFD, FD_CLOEXEC) = 0 write(67, "Hello!
My name is Erectile Dy"..., 357) = 357 _llseek(68, 512, [512], SEEK_SET) = 0 _llseek(68, 0, [512], SEEK_CUR) = 0 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb75e20c8) = 10965 close(70) = 0 alarm(10) = 0 read(69, 0x97b4e58, 4096) = ? ERESTARTSYS (To be restarted) - --- SIGALRM (Alarm clock) @ 0 (0) --- +++ killed by SIGALRM +++ - -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEX1fpelLo80lrIdIRAhRxAJ9qS999j5OvD00d/JAyr4aOoAhFbgCfR5Cy IMsGtvan5pwE/BdBpsDOIoI= =yro4 -----END PGP SIGNATURE----- From nick.smith67 at googlemail.com Mon May 8 15:51:57 2006 From: nick.smith67 at googlemail.com (Nick Smith) Date: Mon May 8 15:52:00 2006 Subject: Could not analyze message Message-ID: Hi, MailScanner 4.53.8 I have an application that generates a MIME header like this: Content-Type: Multipart/Mixed; boundary=" 3:May:06:19:22:23_Boundary_" As you can see, it appears to be generating the boundary value by using a timestamp, and pads a single-digit day number with a leading space Unfortunately, this falls foul of the current test for a null MIME boundary - the definition of which also seems to include leading whitespace (line 1625 of Message.pm): if ($boundary eq "" || $boundary eq "\"\"" || $boundary =~ /^\s/) { I have briefly looked at RFC's 1049/2045/2046 but cannot find any reference to leading whitespace in a quoted boundary field being illegal and am therefore finding it difficult to convince the developer that the app needs to be fixed For the meantime, I have commented the offending test and it does seem to have "fixed" the problem. Any other ideas about ways around this without code hacking? Thanks Nick From P.G.M.Peters at utwente.nl Mon May 8 16:16:08 2006 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Mon May 8 16:16:15 2006 Subject: MailScanner 4.53.6 stops with alarm clock In-Reply-To: <445F57E9.10600@utwente.nl> References: <445F57E9.10600@utwente.nl> Message-ID: <445F60B8.9070405@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Peters wrote on 8-5-2006 16:38: > Since a couple of days MailScanner seems to get killed. Setting > MailScanner to debug gives the following messages They end with: > > Not forking > Ignore errors about failing to find EOCD signature > Alarm clock More testing seems to indicate the phishing tests. Disabling them has processed 3000 messages without problems. I wont have much time to test anything else. I'll be away from the office for the next coupel of days. - -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEX2C4elLo80lrIdIRAjhRAJ9Yt9Oy9BBpgmBI3XtIaeKAHaReUQCeP+w6 gaOehRAa7xJd3RnSyB1C1sw= =Y7aE -----END PGP SIGNATURE----- From ssilva at sgvwater.com Mon May 8 16:17:00 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon May 8 16:17:29 2006 Subject: Error In MailScanner - Maillog on Startup In-Reply-To: <200605080223.k482NucB016874@bkserver.blacknight.ie> References: <200605080116.k481G7Jl015655@bkserver.blacknight.ie> <200605080223.k482NucB016874@bkserver.blacknight.ie> Message-ID: ShaunM [MailShield] spake the following on 5/7/2006 7:23 PM: > Problem has been solved. > > > > Thanks Must have read the install docs! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From martinh at solid-state-logic.com Mon May 8 16:21:56 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon May 8 16:22:06 2006 Subject: MailScanner 4.53.6 stops with alarm clock In-Reply-To: <445F60B8.9070405@utwente.nl> Message-ID: <01d301c672b3$24e6dd60$3004010a@martinhlaptop> Peter You need the 4.53.8 update.... Julian had to do an emergency patch for this very problem.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Peter Peters > Sent: 08 May 2006 16:16 > To: MailScanner discussion > Subject: Re: MailScanner 4.53.6 stops with alarm clock > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Peter Peters wrote on 8-5-2006 16:38: > > Since a couple of days MailScanner seems to get killed. Setting > > MailScanner to debug gives the following messages They end with: > > > > Not forking > > Ignore errors about failing to find EOCD signature > > Alarm clock > > More testing seems to indicate the phishing tests. Disabling them has > processed 3000 messages without problems. > > I wont have much time to test anything else. I'll be away from the > office for the next coupel of days. > > - -- > Peter Peters, senior beheerder (Security) > Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) > Universiteit Twente, Postbus 217, 7500 AE Enschede > telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2.2 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFEX2C4elLo80lrIdIRAjhRAJ9Yt9Oy9BBpgmBI3XtIaeKAHaReUQCeP+w6 > gaOehRAa7xJd3RnSyB1C1sw= > =Y7aE > -----END PGP SIGNATURE----- > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From smcguane at mailshield.com.au Mon May 8 16:31:59 2006 From: smcguane at mailshield.com.au (ShaunM [MailShield]) Date: Mon May 8 16:32:10 2006 Subject: Open source mailserver In-Reply-To: <223f97700605080117l39c9c7b6oe783ebd0af9db3ac@mail.gmail.com> Message-ID: <200605081532.k48FW8qD028769@bkserver.blacknight.ie> Glen, I didn't know you were the sherrif on this list. I did say that -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Monday, 8 May 2006 6:18 PM To: MailScanner discussion Subject: Re: Open source mailserver On 08/05/06, ShaunM [MailShield] wrote: > > Hi guys, > > I recently installed a new centos 4.3 - mailscanner/mailwatch box which im > using as a test solution to move away from cpanel. > > However upon starting this I get 2 errors when I tail the maillog. I know > these errors may not be directly related to each product > mailscanner or mailwatch but I thought I would ask anyway. > > > Unable to initialise database connection: Access denied for user > 'mailwatch'@'localhost' (using password: YES) > > ? I know what this problem is but unsure of the command on how to setup a > user/pass for mailwatch@localhost in the sql database. Anyones help > would be appreciated? > > Could not use Custom Function code > MailScanner::CustomConfig::InitMailWatchLogging, it could > not be "eval"ed. Make sure the module is correct with perl ?wc > > ? I do not know what this error is about. Anyone? > > Thanks Guys > > Shaun > What does this have to do with the subject? Why didn't you start your own thread? And why are you asking about MailWatch in the MailScanner list, when (and I know you know this) MailWatch has its own mailing list? Anyway, the first one is covered in the install instructions for MailWatch. You can't miss it. The second is likely due to MailScanner reading the same MailWatch.pm twice, either because you have it in /usr/lib/MailScanner/MailScanner/CustomFunctions/ and also use the "old-style" require (which you shouldn't), or because you have two copies of MailWatch.pm in /usr/lib/MailScanner/MailScanner/CustomFunctions/ (Some wellknown editors tend to "sh*t where they eat"... creating backup files like MailWatch.pm~) ... which will get you this error. If none of that apply, then do as it says, run perl -wc on it ... and move over to the MailWatch list;-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ---------------------------------------------------------------------------- ----------------------------- This message has been scanned for viruses and malicious content by MailShield http://www.mailshield.com.au --------------------------------------------------------------------------------------------------------- This message has been scanned for viruses and malicious content by MailShield http://www.mailshield.com.au From smcguane at mailshield.com.au Mon May 8 16:35:36 2006 From: smcguane at mailshield.com.au (ShaunM [MailShield]) Date: Mon May 8 16:35:49 2006 Subject: Open source mailserver In-Reply-To: <223f97700605080117l39c9c7b6oe783ebd0af9db3ac@mail.gmail.com> Message-ID: <200605081535.k48FZkDK029007@bkserver.blacknight.ie> Glen, I didn?t know you were the sheriff on this list. I did know that it was a mistake so I sorted it out. Anyway I was not sure what program was to be at fault. I know Steve from fsl has been on this list from time to time so I thought I would take a chance and ask here in case. It was a mistake to hit reply on your thread ... sorry for the hijacking anyway back on topic now. Thanks Shaun -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Monday, 8 May 2006 6:18 PM To: MailScanner discussion Subject: Re: Open source mailserver On 08/05/06, ShaunM [MailShield] wrote: > > Hi guys, > > I recently installed a new centos 4.3 - mailscanner/mailwatch box which im > using as a test solution to move away from cpanel. > > However upon starting this I get 2 errors when I tail the maillog. I know > these errors may not be directly related to each product > mailscanner or mailwatch but I thought I would ask anyway. > > > Unable to initialise database connection: Access denied for user > 'mailwatch'@'localhost' (using password: YES) > > ? I know what this problem is but unsure of the command on how to setup a > user/pass for mailwatch@localhost in the sql database. Anyones help > would be appreciated? > > Could not use Custom Function code > MailScanner::CustomConfig::InitMailWatchLogging, it could > not be "eval"ed. Make sure the module is correct with perl ?wc > > ? I do not know what this error is about. Anyone? > > Thanks Guys > > Shaun > What does this have to do with the subject? Why didn't you start your own thread? And why are you asking about MailWatch in the MailScanner list, when (and I know you know this) MailWatch has its own mailing list? Anyway, the first one is covered in the install instructions for MailWatch. You can't miss it. The second is likely due to MailScanner reading the same MailWatch.pm twice, either because you have it in /usr/lib/MailScanner/MailScanner/CustomFunctions/ and also use the "old-style" require (which you shouldn't), or because you have two copies of MailWatch.pm in /usr/lib/MailScanner/MailScanner/CustomFunctions/ (Some wellknown editors tend to "sh*t where they eat"... creating backup files like MailWatch.pm~) ... which will get you this error. If none of that apply, then do as it says, run perl -wc on it ... and move over to the MailWatch list;-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ---------------------------------------------------------------------------- ----------------------------- This message has been scanned for viruses and malicious content by MailShield http://www.mailshield.com.au --------------------------------------------------------------------------------------------------------- This message has been scanned for viruses and malicious content by MailShield http://www.mailshield.com.au From mkettler at evi-inc.com Mon May 8 16:44:01 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon May 8 16:44:13 2006 Subject: Spamassassin exceeded time limit, not stopping spam In-Reply-To: <200605081807.38649.james@grayonline.id.au> References: <8993.62.97.226.98.1147074631.squirrel@hkskole.no> <200605081807.38649.james@grayonline.id.au> Message-ID: <445F6741.1070004@evi-inc.com> James Gray wrote: > On Mon, 8 May 2006 17:50, bsnottum@hkskole.no wrote: >> Hallo! >> >> I am running mailscanner-4.44.6-2 on fc2 - yes I know it is old and I >> will set up a new server shortly. Anyway I have a problem with >> spamassassin that I really need to solve before I build the new server. >> >> My problem is that spamassassin does not stop spam! In the mail-header it >> says: not spam - exceeded time limit. If I restart mailscanner it works >> for a while - a few minutes, but after this the error starts again. >> >> Can anyone tell me what is going wrong here? > > These errors are usually due to either an RBL timing out or a spamassassin > plugin (helper) not configured correctly, eg, pyzor, razor2, dcc etc. The above should NOT be the problem, unless you have configured MailScanner for an absurdly short timeout. Note that SA 3.x has RBL timeouts, razor timeouts, etc that default in the sub-15 second range. Also note that with 3.x, no matter how many RBLs timeout, you'll never wait more than the total timeout duration. DCC, Razor, and Pyzor all default to 10 seconds. RBL's default to 15. Even if all 4 systems are used and time-out together that's a maximum of 45 seconds. Your SpamAssassin timeout should be MUCH greater than 45 seconds, because there is a normal operation that takes MUCH longer. Nearly every case of "SpamAssassin timed out and was killed" is caused by bayes expiry. This process can reasonably take as much as 5 minutes to complete, depending on your bayes DB and hardware. On really slow hardware with large bayes DBs it can take longer. Look for ".expire" files in your bayes_path. If you see a bunch of them, this means MailScanner is terminating SA instances that are attempting to perform bayes maintenance. I have *NEVER* seen a legitimate incident of MailScanner terminating SA since I started using it when SpamAssassin 2.31 was released. Early on MailScanner had it's timeout set to SA's DNS timeout, ensuring that all DNS timeouts would cause SA to be killed. (oops). Now SA performs bayes maintenance on occasion while scanning messages. Set your SpamAssassin Timeout to 10 minutes, and it should fix itself. SpamAssassin Timeout = 600 From jaearick at colby.edu Mon May 8 16:50:30 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon May 8 16:54:49 2006 Subject: First time MailScanner Issues In-Reply-To: <52F8C995-D6C9-4397-86DA-818190B45E3F@themarshalls.co.uk> References: <20060506200102.lhtmcx5cudsc4008@10.0.0.10> <52F8C995-D6C9-4397-86DA-818190B45E3F@themarshalls.co.uk> Message-ID: Gang, I've seen this same exact behavior with MS 4.53.8 and a couple of previous versions on Solaris 10. I've discovered that the check_mailscanner script will start MailScanner via cron just fine, but that the start script I used in Solaris 9 works sometimes, sometimes does not. This is an annoyance that can be gotten around by just running check_mailscanner often. Jeff Earickson Colby College On Sat, 6 May 2006, Drew Marshall wrote: > Date: Sat, 6 May 2006 20:25:03 +0100 > From: Drew Marshall > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: First time MailScanner Issues > > > On 6 May 2006, at 21:01, uxbod@splatnix.net wrote: > >> Hi, >> >> this is my first post so please excuse my ignorance. > > No problem, we all start somewhere ;-) >> > >> >> And this just keeps going on and on and not delivering :( > > Not knowing how the Gentoo port starts it's self you might have o customise > this a bit but either find the check_MailScanner script (/etc/MailScanner?) > and run check_MailScanner ---debug or edit /etc/MailScanner/MailScanner.conf > at the end and turn on debugging (You can't miss it) and re-start MailScanner > using the Portage start script and check the output. That should tell you > some more. > > Post back the output (Or at least where it stops) if you need more help. > > Drew > > -- > In line with our policy, this message hasbeen scanned for viruses and > dangerouscontent by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From KGoods at AIAInsurance.com Mon May 8 17:15:31 2006 From: KGoods at AIAInsurance.com (Ken Goods) Date: Mon May 8 17:20:29 2006 Subject: 4.53.7, endless loop in debug mode Message-ID: <13C0059880FDD3118DC600508B6D4A6D013D8915@aiainsurance.com> Randal, Phil wrote: > Just replace the file and do a > > service mailscanner restart > > It won't break future updates. > > And those stuck messages should clear out of your incoming queue. > > The updated MailScanner's processed 4465 messages here so far without > problems. > > Cheers, > > Phil > > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK Thanks so much Phil (and Julian for the patch!)... worked like a charm! Kind regards, Ken Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. From marcel-ml at irc-addicts.de Mon May 8 17:23:29 2006 From: marcel-ml at irc-addicts.de (Marcel Blenkers) Date: Mon May 8 17:24:05 2006 Subject: /etc/cron.daily/sa-update failure? Message-ID: Hi there, after upgrade to the lastest MailScanner-Version (V 4.53.7) on a SuSE10, i received an error-mail to root, that the cron.daily failed. After reading the Mail, i saw that sa-update seemed to fail. At least this is what the mail said: SCRIPT: sa-update exited with RETURNCODE = 1. Moving sa-update outside of cron.daily worked. cron.daily worked again.. /usr/bin/sa-update is existing.. is there anything i should set up first?? Any help welcome.. Thanks in advance Marcel From KGoods at AIAInsurance.com Mon May 8 18:13:55 2006 From: KGoods at AIAInsurance.com (Ken Goods) Date: Mon May 8 18:18:53 2006 Subject: Quick question about system email notifications. Message-ID: <13C0059880FDD3118DC600508B6D4A6D013D8919@aiainsurance.com> I get the following (addressed to root) when checking mail on the server. I've always got these and find them useful for a "quick check" of the mail system... if I see something out of the ordinary here I look more closely at the logs. Problem is, after this latest install (migrated from RH 9.0 to Centos 4.3) I'm getting way too much detail in the **Unmatched Entries** section... it runs on and on for pages and pages. Is there a log level setting in MailScanner that I missed or is this something I need to address in Centos (LogWatch) somehow? Not looking for a step by step (never learn anything that way:)) just a direction to start. Thanks for any and all help! Ken >From root@gw-mail.aiainsurance.com Sat May 6 04:03:40 2006 Date: Sat, 6 May 2006 04:03:00 -0700 From: root To: root@gw-mail.aiainsurance.com Subject: LogWatch for gw-mail X-AIAINSURANCE-MailScanner-Information: Please contact MIS for more information X-AIAINSURANCE-MailScanner: Found to be clean X-AIAINSURANCE-MailScanner-SpamCheck: not spam, SpamAssassin (score=-0.002, required 5, autolearn=not spam, SPF_HELO_PASS -0.00, SPF_PASS -0.00) X-AIAINSURANCE-MailScanner-From: root@gw-mail.aiainsurance.com X-AIAINSURANCE-MailScanner-To: root@gw-mail.aiainsurance.com ################### LogWatch 5.2.2 (06/23/04) #################### Processing Initiated: Sat May 6 04:02:36 2006 Date Range Processed: yesterday Detail Level of Output: 0 Logfiles for Host: gw-mail ################################################################ --------------------- MailScanner Begin ------------------------ MailScanner Status: 1533 messages Scanned by MailScanner 16546483 Total Bytes 1189 Spam messages detected by MailScanner 364 Messages delivered by MailScanner Virus Report: (Total Seen = 1) HTML.Phishing.Pay-92: 1 Times(s) Virus Sender Report: (Total Seen = 1) 64.69.88.226 : 1 Times(s) Content Report: (Total Seen = ) and have disarmed form tags in HTML message: 1 Times(s) and have disarmed form, form input tags in HTML message: 5 Times(s) and have disarmed phishing tags in HTML message: 6 Times(s) and have disarmed script tags in HTML message: 2 Times(s) and have disarmed web bug tags in HTML message: 48 Times(s) and have disarmed web bug, form, form input tags in HTML message: 12 Times(s) and have disarmed web bug, script, form, form input tags in HTML message: 2 Times(s) **Unmatched Entries** Expired 1 records from the SpamAssassin cache : 96 Time(s) Expired 2 records from the SpamAssassin cache : 60 Time(s) Expired 3 records from the SpamAssassin cache : 47 Time(s) Connected to SpamAssassin cache database : 31 Time(s) Creating hardcoded struct_flock subroutine for linux (Linux-type) : 31 Time(s) ClamAV scanner using unrar command /usr/bin/unrar : 31 Time(s) Read 717 hostnames from the phishing whitelist : 31 Time(s) Using locktype = posix : 31 Time(s) Using SpamAssassin results cache : 31 Time(s) Batch (1 message) processed in 13.46 seconds : 26 Time(s) Batch (1 message) processed in 13.50 seconds : 23 Time(s) Batch (1 message) processed in 13.47 seconds : 21 Time(s) Batch (1 message) processed in 13.48 seconds : 20 Time(s) Expired 4 records from the SpamAssassin cache : 17 Time(s) Expired 5 records from the SpamAssassin cache : 17 Time(s) Expired 6 records from the SpamAssassin cache : 16 Time(s) Batch (1 message) processed in 13.62 seconds : 16 Time(s) Batch (1 message) processed in 13.49 seconds : 14 Time(s) Batch (1 message) processed in 13.45 seconds : 13 Time(s) Batch (1 message) processed in 13.63 seconds : 11 Time(s) Batch (1 message) processed in 13.64 seconds : 11 Time(s) Batch (1 message) processed in 13.54 seconds : 10 Time(s) Batch (1 message) processed in 13.61 seconds : 10 Time(s) Expired 7 records from the SpamAssassin cache : 10 Time(s) Batch (1 message) processed in 13.55 seconds : 9 Time(s) Batch (1 message) processed in 13.53 seconds : 9 Time(s) Batch (1 message) processed in 13.65 seconds : 9 Time(s) Virus Scanning completed at 132 bytes per second : 9 Time(s) Virus Scanning completed at 138 bytes per second : 9 Time(s) Virus Scanning completed at 147 bytes per second : 8 Tim .... for pages and pages.... Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. From Denis.Beauchemin at USherbrooke.ca Mon May 8 18:26:40 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon May 8 18:26:57 2006 Subject: Updates Script to fetch Steve Basford's Phihing Sigs for ClamAV In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580CC0B081@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580CC0B081@isabella.herefordshire.gov.uk> Message-ID: <445F7F50.4050805@USherbrooke.ca> Randal, Phil a ?crit : > Folks, > > Steve Basford has a ClamAV phishing database over at > > http://www.sanesecurity.com/clamav/ > > and has recently updated his site to provide a gzipped version of the > file. > > The attached script is a modified version of the one I posted to this > list back in March. This version uses curl to fetch newer versions of > the gzipped database. > > It should be run no more than once hourly, and Steve says that 4 times a > day is sufficient. > > Can people using the old script please update to this one to save the > load on Steve's server. > Phil, I had to specify /sbin/service in the script because /sbin was not in root's path under cron. BTW: is it necessary to reload MS? Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060508/ef655ddc/smime.bin From MailScanner at ecs.soton.ac.uk Mon May 8 18:28:41 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 8 18:28:59 2006 Subject: Sophos v5 In-Reply-To: References: Message-ID: <445F7FC9.4050009@ecs.soton.ac.uk> Just as soon as I have time to write it! :-) I am working on it, I hope it won't be anything major. I may scrap Sophos.install at the same time if I can, but no promises. Has anyone tried it with the current MailScanner release? Sam Luxford-Watts wrote: > Julian, > > I know we can carry on using V4 for now but any update as to when Sophos V5 > support will likely to be written into Mailscanner? > > Thanks, > > Sam > > -----Original Message----- > From: shrek-m@gmx.de [mailto:shrek-m@gmx.de] > Sent: Friday, May 05, 2006 11:11 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: Sophos v5 > > On 05.05.2006 18:44, Sam Luxford-Watts wrote: > > >> I am trying to upgrade our elderly MailScanner server. I am installing on >> CentOs4 and got most of it working except MS->Sophos. >> >> I have downloaded and installed Sophos 5.0.2. It installs fine using the >> sophos install.sh script. The one suggested in the Mailscanner docs is now >> outdated it seams. Sophos.install doesn?t work. >> >> >> > > http://lists.mailscanner.info/pipermail/mailscanner/2006-March/059542.html > http://lists.mailscanner.info/pipermail/mailscanner/2006-March/059551.html > > i have no problems with sav5.x except that i do not know how i can tell ms > how to use it. > > > >> Has anyone got MS working with Sophos v5.0.2? if so - how? >> >> > > i did not tried, for now i have both installed. > - sav4.x for ms (Sophos.install) > - sav5.x for other use > > i do not know, perhaps is "generic" a solution for sav5.x, some > help/hints would be great. > - /etc/MailScanner/virus.scanners.conf > - /usr/lib/MailScanner/generic-wrapper > - /usr/lib/MailScanner/generic-autoupdate > > > savscan = sav5.x > sweep = sav3.x/4.x > savscan.base = sweep (see below) > > a while ago i got some answers from sophos support: > > > > - die Optionen von sweep/savscan/savscan.base sind identisch > > > my translation: "the sweep/savscan/savscan.base options are identical" > > > savscan.base is the 'sweep' binary, which is called by savscan with some > arguments (for example the location of the IDE files). > > I would avoid playing around in the engine directory as it is not > something that anyone, especially customers should be playing with. > > > > > roots crontab after sav5.x installation > > 47 * * * * /opt/sophos-av/bin/savupdate > > > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Mon May 8 18:36:12 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon May 8 18:36:14 2006 Subject: Open source mailserver In-Reply-To: <200605081535.k48FZkDK029007@bkserver.blacknight.ie> References: <223f97700605080117l39c9c7b6oe783ebd0af9db3ac@mail.gmail.com> <200605081535.k48FZkDK029007@bkserver.blacknight.ie> Message-ID: <223f97700605081036r46a54660v3581580f35a64c7f@mail.gmail.com> On 08/05/06, ShaunM [MailShield] wrote: > Glen, > > I didn't know you were the sheriff on this list. I did know that it was a > mistake so I sorted it out. Not really... As you can see, I actually go on to try help you ... too:-). > Anyway I was not sure what program was to be at fault. I know Steve from fsl > > has been on this list from time to time so I thought I would take a chance > and ask here in case. > > It was a mistake to hit reply on your thread ... sorry for the hijacking > anyway back on topic now. > > Thanks > Shaun > Well, see it as a friendly nudge... sledgehammer-style:-). Glad to hear your problems are sorted. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon May 8 18:40:17 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon May 8 18:40:20 2006 Subject: /etc/cron.daily/sa-update failure? In-Reply-To: References: Message-ID: <223f97700605081040t6e545cbcif5f60ec39acfab84@mail.gmail.com> On 08/05/06, Marcel Blenkers wrote: > Hi there, > > after upgrade to the lastest MailScanner-Version (V 4.53.7) on a SuSE10, i > received an error-mail to root, that the cron.daily failed. > > After reading the Mail, i saw that sa-update seemed to fail. At least this > is what the mail said: > > SCRIPT: sa-update exited with RETURNCODE = 1. > > Moving sa-update outside of cron.daily worked. > cron.daily worked again.. > > /usr/bin/sa-update > > is existing.. > > is there anything i should set up first?? > > Any help welcome.. > > Thanks in advance > > Marcel man sa-update should contain the details... IIRC returning 1 means there was no update to perform, while 0 means there was one and that it worked OK... 4 is the "bad" one:). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From shrek-m at gmx.de Mon May 8 18:46:22 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Mon May 8 18:46:31 2006 Subject: Sophos v5 In-Reply-To: References: Message-ID: <445F83EE.4060404@gmx.de> On 08.05.2006 09:37, Sam Luxford-Watts wrote: >I know we can carry on using V4 for now but any update as to when Sophos V5 >support will likely to be written into Mailscanner? > >>Has anyone got MS working with Sophos v5.0.2? if so - how? >> i had no luck with generic-wrapper (every *.ide = virus warning and no report) >"the sweep/savscan/savscan.base options are identical" > > a copy of sophos-wrapper as sophos-av-wrapper and "sophos-av" in virus.scanners.conf and MailScanner.conf did not work. sorry, i have no developer skills, i assume that it is no problem for others. ---- /usr/lib/MailScanner/sophos-wrapper ---- ##exec ${PackageDir}/bin/$prog "$@" exec /opt/sophos-av/bin/savscan "$@" ------- sophos virusscanner-autodetection does not work if you have removed/renamed sav4.x /usr/local/Sophos/ /usr/local/sav/ /usr/local/sav-install/ i have now sophos (only sav5.x) and clamav ---- /etc/MailScanner/MailScanner.conf ---- #Virus Scanners = auto Virus Scanners = clamav sophos i tried different virii *.com, *.exe, *.zip, .... ~1 day and sav5.x seems to work without problems. >roots crontab after sav5.x installation > >47 * * * * /opt/sophos-av/bin/savupdate > > once again, i have no developper skills. ---- sophos-autoupdate ---- #!/bin/bash /opt/sophos-av/bin/savupdate >> /var/log/maillog 2>&1 exit 0 --------- ---- /var/log/maillog ---- Downloading http://es-web.sophos.com/update/savlinux/master.upd 268 bytes downloaded in 0,392609 secs (682,612774 B/s) /opt/sophos-av/update/cache/LOCAL/PACKAGE/savi/cidsync.upd is up to date /opt/sophos-av/update/cache/LOCAL/PACKAGE/sav-linux/cidsync.upd is up to date /opt/sophos-av/update/cache/LOCAL/PACKAGE/doc/cidsync.upd is up to date Downloading http://es-web.sophos.com/update/savlinux/root.upd 342 bytes downloaded in 0,171530 secs (1,947090 KiB/s) Downloading http://es-web.sophos.com/update/savlinux/root_manifest.dat 3168 bytes downloaded in 0,288249 secs (10,732907 KiB/s) /opt/sophos-av/update/cache/LOCAL/PACKAGE/talpa/cidsync.upd is up to date Downloading http://es-web.sophos.com/update/savlinux/config/index.spec Failed to download http://es-web.sophos.com/update/savlinux/config/index.spec Downloading http://es-web.sophos.com/update/savlinux/talpa-custom/index.spec Failed to download http://es-web.sophos.com/update/savlinux/talpa-custom/index.spec Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/savi/manifest.dat in 0,222307 seconds Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/sav-linux/manifest.dat in 0,362816 seconds Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/doc/manifest.dat in 0,039915 seconds Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/root_manifest.dat in 0,036539 seconds Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/talpa/manifest.dat in 0,138936 seconds Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/root_manifest.dat in 0,038047 seconds Successfully updated Sophos Anti-Virus -------- my understanding, it should be no problem to add real sav5.x support in mailscanner for a developer but not me. -- shrek-m -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060508/cbe6258e/attachment.html From lshaw at emitinc.com Mon May 8 20:05:14 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Mon May 8 20:05:24 2006 Subject: Spamassassin exceeded time limit, not stopping spam In-Reply-To: <200605081807.38649.james@grayonline.id.au> References: <8993.62.97.226.98.1147074631.squirrel@hkskole.no> <200605081807.38649.james@grayonline.id.au> Message-ID: On Mon, 8 May 2006, James Gray wrote: > spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf --lint -D 2>&1 | > less > > (all on one line). Watch the shell redirection (2>&1) - as written above > will probably bork on standard Bourne shells ("sh") but should work fin in > bash/zsh. The "2>&1" syntax is a standard Bourne shell ("sh") thing and has been around since long before bash and zsh existed, and maybe even before ksh existed. - Logan From uxbod at splatnix.net Mon May 8 21:13:43 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Mon May 8 20:14:51 2006 Subject: Spamassassin exceeded time limit, not stopping spam In-Reply-To: References: <8993.62.97.226.98.1147074631.squirrel@hkskole.no> <200605081807.38649.james@grayonline.id.au> Message-ID: <20060508201343.5dd5ae15@cyborg> Agreed. Std Error to Std Output. On Mon, 8 May 2006 14:05:14 -0500 (CDT) Logan Shaw wrote: > On Mon, 8 May 2006, James Gray wrote: > > spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf --lint -D 2>&1 | > > less > > > > (all on one line). Watch the shell redirection (2>&1) - as written above > > will probably bork on standard Bourne shells ("sh") but should work fin in > > bash/zsh. > > The "2>&1" syntax is a standard Bourne shell ("sh") thing > and has been around since long before bash and zsh existed, > and maybe even before ksh existed. > > - Logan -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Mon May 8 20:56:48 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon May 8 20:57:09 2006 Subject: Updates Script to fetch Steve Basford's Phihing Sigs for Clam AV Message-ID: <86144ED6CE5B004DA23E1EAC0B569B58017681C4@isabella.herefordshire.gov.uk> >Randal, Phil a ?crit : >> Folks, >> >> Steve Basford has a ClamAV phishing database over at >> >> http://www.sanesecurity.com/clamav/ >> >> and has recently updated his site to provide a gzipped version of the >> file. >> >> The attached script is a modified version of the one I posted to this >> list back in March. This version uses curl to fetch newer versions of >> the gzipped database. >> >> It should be run no more than once hourly, and Steve says that 4 times a >> day is sufficient. >> >> Can people using the old script please update to this one to save the >> load on Steve's server. >> >Phil, >I had to specify /sbin/service in the script because /sbin was not in >root's path under cron. >BTW: is it necessary to reload MS? >Denis Good catch! I use clamavmodule here and am never sure whether a reload is necessary after a virus pattern update, so erred on the side of caution. Cheers, Phil From ssilva at sgvwater.com Mon May 8 21:18:29 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon May 8 21:18:51 2006 Subject: Quick question about system email notifications. In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D013D8919@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D013D8919@aiainsurance.com> Message-ID: Ken Goods spake the following on 5/8/2006 10:13 AM: > I get the following (addressed to root) when checking mail on the server. > I've always got these and find them useful for a "quick check" of the mail > system... if I see something out of the ordinary here I look more closely at > the logs. > > Problem is, after this latest install (migrated from RH 9.0 to Centos 4.3) > I'm getting way too much detail in the **Unmatched Entries** section... it > runs on and on for pages and pages. Is there a log level setting in > MailScanner that I missed or is this something I need to address in Centos > (LogWatch) somehow? Not looking for a step by step (never learn anything > that way:)) just a direction to start. > > Thanks for any and all help! > Ken The current Logwatch is into the 7. something range. You are running 5.2.2. Just get a newer version, because it won't hurt anything, and will be much quieter. ftp://ftp.kaybee.org/pub/redhat/RPMS/noarch/logwatch-7.3-1.noarch.rpm -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From KGoods at AIAInsurance.com Mon May 8 21:27:43 2006 From: KGoods at AIAInsurance.com (Ken Goods) Date: Mon May 8 21:32:42 2006 Subject: Quick question about system email notifications. Message-ID: <13C0059880FDD3118DC600508B6D4A6D013D8920@aiainsurance.com> Scott Silva wrote: > Ken Goods spake the following on 5/8/2006 10:13 AM: >> I get the following (addressed to root) when checking mail on the >> server. I've always got these and find them useful for a "quick >> check" of the mail system... if I see something out of the ordinary >> here I look more closely at the logs. >> >> Problem is, after this latest install (migrated from RH 9.0 to >> Centos 4.3) I'm getting way too much detail in the **Unmatched >> Entries** section... it runs on and on for pages and pages. Is there >> a log level setting in MailScanner that I missed or is this >> something I need to address in Centos (LogWatch) somehow? Not >> looking for a step by step (never learn anything that way:)) just a >> direction to start. >> >> Thanks for any and all help! >> Ken > The current Logwatch is into the 7. something range. You are running > 5.2.2. Just get a newer version, because it won't hurt anything, and > will be much quieter. > > ftp://ftp.kaybee.org/pub/redhat/RPMS/noarch/logwatch-7.3-1.noarch.rpm > > > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! Thanks so much Scott... just what I was looking for! Kind regards, Ken Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. From MailScanner at ecs.soton.ac.uk Mon May 8 23:03:37 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 8 23:03:48 2006 Subject: 4.54.1 with Sophos V5 support Message-ID: <445FC039.9050805@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just implemented support for Sophos version 5. You can still use Sophos.install to install Sophos version 5, but you don't have to if you don't want to. The advantage of installing using Sophos.install is - More guidance - Automatic editing of virus.scanners.conf to update location If you install it without using Sophos.install, you *must not* enable on-access scanning. Otherwise it sill start inspecting files too early and may well break your system as it deletes or renames files that MailScanner is about to scan. In this position I cannot guarantee what, if anything, MailScanner will do. Please try it out and let me (or the list) know how you get on. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRF/AOhH2WUcUFbZUEQKb7gCgyid6j7kyOjJjQeG+Jt/H+g+Bed4An3uQ OhYwYcTJXTh8/TpKht9gfUVE =nYPj -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Mon May 8 23:18:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 8 23:18:21 2006 Subject: Updates Script to fetch Steve Basford's Phihing Sigs for Clam AV In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B58017681C4@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B58017681C4@isabella.herefordshire.gov.uk> Message-ID: <445FC3A3.7020704@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Randal, Phil wrote: >> Randal, Phil a ?crit : >> >>> Folks, >>> >>> Steve Basford has a ClamAV phishing database over at >>> >>> http://www.sanesecurity.com/clamav/ >>> >>> and has recently updated his site to provide a gzipped version of the >>> file. >>> >>> The attached script is a modified version of the one I posted to this >>> list back in March. This version uses curl to fetch newer versions >>> > of > >>> the gzipped database. >>> >>> It should be run no more than once hourly, and Steve says that 4 >>> > times a > >>> day is sufficient. >>> >>> Can people using the old script please update to this one to save the >>> load on Steve's server. >>> >>> >> Phil, >> > > >> I had to specify /sbin/service in the script because /sbin was not in >> root's path under cron. >> > > >> BTW: is it necessary to reload MS? >> > > >> Denis >> > > Good catch! I use clamavmodule here and am never sure whether a reload > is necessary after a virus pattern update, so erred on the side of > caution. May I point you at this in your MailScanner.conf file? # ClamAVModule only: monitor each of these files for changes in size to # detect when a ClamAV update has happened. # This is only used by the "clamavmodule" virus scanner, not the "clamav" # scanner setting. Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd It automatically detects pattern updates and reloads MailScanner as and when necessary for you. I have already done all the hard work for you :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRF/DpBH2WUcUFbZUEQLOBACglGlPMLJwD2oqE5wNJIvC5N3XewAAn3XD nBAxEPpG9XoijChzjZcCU2Lg =KKnG -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From ka at pacific.net Tue May 9 00:14:01 2006 From: ka at pacific.net (Ken A) Date: Tue May 9 00:10:20 2006 Subject: Updates Script to fetch Steve Basford's Phihing Sigs for Clam AV In-Reply-To: <445FC3A3.7020704@ecs.soton.ac.uk> References: <86144ED6CE5B004DA23E1EAC0B569B58017681C4@isabella.herefordshire.gov.uk> <445FC3A3.7020704@ecs.soton.ac.uk> Message-ID: <445FD0B9.3040505@pacific.net> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Randal, Phil wrote: >>> Randal, Phil a ?crit : >>> >>>> Folks, >>>> >>>> Steve Basford has a ClamAV phishing database over at >>>> >>>> http://www.sanesecurity.com/clamav/ >>>> >>>> and has recently updated his site to provide a gzipped version of the >>>> file. >>>> >>>> The attached script is a modified version of the one I posted to this >>>> list back in March. This version uses curl to fetch newer versions >>>> >> of >> >>>> the gzipped database. >>>> >>>> It should be run no more than once hourly, and Steve says that 4 >>>> >> times a >> >>>> day is sufficient. >>>> >>>> Can people using the old script please update to this one to save the >>>> load on Steve's server. >>>> >>>> >>> Phil, >>> >> >>> I had to specify /sbin/service in the script because /sbin was not in >>> root's path under cron. >>> >> >>> BTW: is it necessary to reload MS? >>> >> >>> Denis >>> >> Good catch! I use clamavmodule here and am never sure whether a reload >> is necessary after a virus pattern update, so erred on the side of >> caution. > May I point you at this in your MailScanner.conf file? > > # ClamAVModule only: monitor each of these files for changes in size to > # detect when a ClamAV update has happened. > # This is only used by the "clamavmodule" virus scanner, not the "clamav" > # scanner setting. > Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd If you are using Steve Basford's Phishing you should probably change the line in MailScanner.conf to /usr/local/share/clamav/*.* or maybe /usr/local/share/clamav/*.[cn]?? because sigs are phish.ndb Thanks, Ken A Pacific.Net > It automatically detects pattern updates and reloads MailScanner as and > when necessary for you. I have already done all the hard work for you :-) > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRF/DpBH2WUcUFbZUEQLOBACglGlPMLJwD2oqE5wNJIvC5N3XewAAn3XD > nBAxEPpG9XoijChzjZcCU2Lg > =KKnG > -----END PGP SIGNATURE----- > From marcel-ml at irc-addicts.de Tue May 9 01:00:36 2006 From: marcel-ml at irc-addicts.de (Marcel Blenkers) Date: Tue May 9 01:00:56 2006 Subject: /etc/cron.daily/sa-update failure? In-Reply-To: <223f97700605081040t6e545cbcif5f60ec39acfab84@mail.gmail.com> References: <223f97700605081040t6e545cbcif5f60ec39acfab84@mail.gmail.com> Message-ID: Hi there, [...] > man sa-update > should contain the details... IIRC returning 1 means there was no > update to perform, while 0 means there was one and that it worked > OK... 4 is the "bad" one:). > thanks.. but isnt it a bit strange, that my system stated that there was an error.. :( this could mean everynight a failure-mail.. :( or should i delete the script, and handle sa-update by hand..or enter an entry in cron by hand? Marcel From smcguane at mailshield.com.au Tue May 9 07:21:53 2006 From: smcguane at mailshield.com.au (ShaunM [MailShield]) Date: Tue May 9 07:22:08 2006 Subject: Problem With Installation Perl Clamav Module In-Reply-To: <223f97700605081036r46a54660v3581580f35a64c7f@mail.gmail.com> Message-ID: <200605090622.k496M4vO008552@bkserver.blacknight.ie> Hey Guys, Following Julians Instructions below I followed through all the steps to install the module and it only failed on the MAIL::CLAMAV installation. The O/S is Centos 4.3 1. Download and install ClamAV from www.clamav.net as usual. 2. The default locations are under /usr/local/{bin,man,share}. 3. Do the following: perl -MCPAN -e shell install Parse::RecDescent install Inline install Mail::ClamAV 4. In MailScanner.conf, set 'Virus Scanners = clamavmodule'. 5. In MailScanner.conf, check the setting of 'Monitors for ClamAV Updates' to ensure it matches the location of your ClamAV virus database files. The output is below, fails on make test anyone can shed some light on this? Thanks Shaun Running make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/Mail-ClamAV....NOK 1# Failed test (t/Mail-ClamAV.t at line 9) # Tried to use 'Mail::ClamAV'. # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' # # Can't load '/root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' for module Mail::ClamAV: libclamav.so.1: cannot open shared object file: No such file or directory at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. # at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 # # # at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 188 # BEGIN failed--compilation aborted at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 532. # Compilation failed in require at (eval 1) line 2. "all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t line 11 Can't continue after import errors at t/Mail-ClamAV.t line 11 # Looks like you planned 10 tests but only ran 1. t/Mail-ClamAV....dubious Test returned status 10 (wstat 2560, 0xa00) DIED. FAILED tests 1-10 Failed 10/10 tests, 0.00% okay Failed Test Stat Wstat Total Fail Failed List of Failed ---------------------------------------------------------------------------- --- t/Mail-ClamAV.t 10 2560 10 19 190.00% 1-10 Failed 1/1 test scripts, 0.00% okay. 10/10 subtests failed, 0.00% okay. make: *** [test_dynamic] Error 2 /usr/bin/make test -- NOT OK Running make install make test had returned bad status, won't install without force --------------------------------------------------------------------------------------------------------- This message has been scanned for viruses and malicious content by MailShield http://www.mailshield.com.au From james at grayonline.id.au Tue May 9 07:40:24 2006 From: james at grayonline.id.au (James Gray) Date: Tue May 9 07:41:16 2006 Subject: Spamassassin exceeded time limit, not stopping spam In-Reply-To: References: <8993.62.97.226.98.1147074631.squirrel@hkskole.no> <200605081807.38649.james@grayonline.id.au> Message-ID: <200605091640.32260.james@grayonline.id.au> On Tue, 9 May 2006 05:05, Logan Shaw wrote: > On Mon, 8 May 2006, James Gray wrote: > > spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf --lint -D > > 2>&1 | less > > > > (all on one line). Watch the shell redirection (2>&1) - as written > > above will probably bork on standard Bourne shells ("sh") but should > > work fin in bash/zsh. > > The "2>&1" syntax is a standard Bourne shell ("sh") thing > and has been around since long before bash and zsh existed, > and maybe even before ksh existed. Right - but for some daft reason, that syntax ALWAYS breaks on my FreeBSD boxes which use /bin/sh for root. Go figure. Cheers, James -- People will buy anything that's one to a customer. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060509/e2501a3d/attachment.bin From james at grayonline.id.au Tue May 9 07:43:50 2006 From: james at grayonline.id.au (James Gray) Date: Tue May 9 07:44:03 2006 Subject: Spamassassin exceeded time limit, not stopping spam In-Reply-To: <445F6741.1070004@evi-inc.com> References: <8993.62.97.226.98.1147074631.squirrel@hkskole.no> <200605081807.38649.james@grayonline.id.au> <445F6741.1070004@evi-inc.com> Message-ID: <200605091643.50735.james@grayonline.id.au> On Tue, 9 May 2006 01:44, Matt Kettler wrote: > James Gray wrote: > > On Mon, 8 May 2006 17:50, bsnottum@hkskole.no wrote: > >> My problem is that spamassassin does not stop spam! In the mail-header > >> it says: not spam - exceeded time limit. If I restart mailscanner it > >> works for a while - a few minutes, but after this the error starts > >> again. > > > > These errors are usually due to either an RBL timing out or a > > spamassassin plugin (helper) not configured correctly, eg, pyzor, > > razor2, dcc etc. > > Nearly every case of "SpamAssassin timed out and was killed" is caused by > bayes expiry. This process can reasonably take as much as 5 minutes to > complete, depending on your bayes DB and hardware. On really slow > hardware with large bayes DBs it can take longer. Thanks for the info about time outs. I've wondered how the various bits add up under mailscanner. However, I doubt Bjorn's problem is bayes related as the problem goes away when he restarts MailScanner then returns after a few minutes. Does MS/SA resume an expire that was interrupted? I didn't think that was the case (happy to be proven wrong too!). Cheers, James -- Nada é tão difícil como não enganar-se. -- Ludwig Wittgenstein -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060509/b6648dda/attachment.bin From james at grayonline.id.au Tue May 9 07:51:28 2006 From: james at grayonline.id.au (James Gray) Date: Tue May 9 07:52:35 2006 Subject: Sample Exim config file In-Reply-To: <445D86D9.9010205@mailing.kaufland-informationssysteme.com> References: <445D86D9.9010205@mailing.kaufland-informationssysteme.com> Message-ID: <200605091651.29013.james@grayonline.id.au> On Sun, 7 May 2006 15:34, Matthias Sutter wrote: > Hello, > > can sombody send me a simple MS ready Exim config file? > > And know sombody a clear and easy to understand exim documentation? > > Thanks in advanced > > Matthias I wrote a wiki page about getting Exim (4.x) and MailScanner humming and clicking on Debian. Not sure if that's your OS, but here's the doc anyway: http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:exim:installation:debian&s=debian+exim (watch the wrap) or: http://tinyurl.com/jrrf2 Cheers, James -- "Never laugh at live dragons, Bilbo you fool!" he said to himself, and it became a favourite saying of his later, and passed into a proverb. "You aren't nearly through this adventure yet," he added, and that was pretty true as well. -- Bilbo Baggins, "The Hobbit" by J.R.R. Tolkien, Chapter XII -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060509/ce490561/attachment.bin From martinh at solid-state-logic.com Tue May 9 09:13:40 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue May 9 09:13:53 2006 Subject: Sophos v5 In-Reply-To: <445F7FC9.4050009@ecs.soton.ac.uk> Message-ID: <00e001c67340$7afadd40$3004010a@martinhlaptop> Julian Please be aware V5 is only available on Windows and Linux. The rest of the O/S's (MacO X, FreeBSD, Solaris etc) are still on V4. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 08 May 2006 18:29 > To: MailScanner discussion > Subject: Re: Sophos v5 > > Just as soon as I have time to write it! :-) > I am working on it, I hope it won't be anything major. I may scrap > Sophos.install at the same time if I can, but no promises. > > Has anyone tried it with the current MailScanner release? > > Sam Luxford-Watts wrote: > > Julian, > > > > I know we can carry on using V4 for now but any update as to when Sophos > V5 > > support will likely to be written into Mailscanner? > > > > Thanks, > > > > Sam > > > > -----Original Message----- > > From: shrek-m@gmx.de [mailto:shrek-m@gmx.de] > > Sent: Friday, May 05, 2006 11:11 PM > > To: mailscanner@lists.mailscanner.info > > Subject: Re: Sophos v5 > > > > On 05.05.2006 18:44, Sam Luxford-Watts wrote: > > > > > >> I am trying to upgrade our elderly MailScanner server. I am installing > on > >> CentOs4 and got most of it working except MS->Sophos. > >> > >> I have downloaded and installed Sophos 5.0.2. It installs fine using > the > >> sophos install.sh script. The one suggested in the Mailscanner docs is > now > >> outdated it seams. Sophos.install doesn't work. > >> > >> > >> > > > > http://lists.mailscanner.info/pipermail/mailscanner/2006- > March/059542.html > > http://lists.mailscanner.info/pipermail/mailscanner/2006- > March/059551.html > > > > i have no problems with sav5.x except that i do not know how i can tell > ms > > how to use it. > > > > > > > >> Has anyone got MS working with Sophos v5.0.2? if so - how? > >> > >> > > > > i did not tried, for now i have both installed. > > - sav4.x for ms (Sophos.install) > > - sav5.x for other use > > > > i do not know, perhaps is "generic" a solution for sav5.x, some > > help/hints would be great. > > - /etc/MailScanner/virus.scanners.conf > > - /usr/lib/MailScanner/generic-wrapper > > - /usr/lib/MailScanner/generic-autoupdate > > > > > > savscan = sav5.x > > sweep = sav3.x/4.x > > savscan.base = sweep (see below) > > > > a while ago i got some answers from sophos support: > > > > > > > > - die Optionen von sweep/savscan/savscan.base sind identisch > > > > > > my translation: "the sweep/savscan/savscan.base options are > identical" > > > > > > savscan.base is the 'sweep' binary, which is called by savscan with some > > arguments (for example the location of the IDE files). > > > > I would avoid playing around in the engine directory as it is not > > something that anyone, especially customers should be playing with. > > > > > > > > > > roots crontab after sav5.x installation > > > > 47 * * * * /opt/sophos-av/bin/savupdate > > > > > > > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From glenn.steen at gmail.com Tue May 9 09:14:56 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 9 09:14:59 2006 Subject: /etc/cron.daily/sa-update failure? In-Reply-To: References: <223f97700605081040t6e545cbcif5f60ec39acfab84@mail.gmail.com> Message-ID: <223f97700605090114j151defbex3b7e98f6a8fcf38c@mail.gmail.com> On 09/05/06, Marcel Blenkers wrote: > Hi there, > > [...] > > > man sa-update > > should contain the details... IIRC returning 1 means there was no > > update to perform, while 0 means there was one and that it worked > > OK... 4 is the "bad" one:). > > > > thanks.. > > but isnt it a bit strange, that my system stated that there was an error.. > :( > > this could mean everynight a failure-mail.. :( > > or should i delete the script, and handle sa-update by hand..or enter an > entry in cron by hand? > > Marcel If the script is run "bare", it'll return a non-zero value.... and that will be reported (every night) by cron, yes. Perhaps not that good:-). Wrap it in a scriptlet and run that instead... Or whatever... Something silly like #!/bin/sh /path/to/script params case $? in 0|1) ;; *) return ;; esac # EoS should do:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue May 9 09:18:06 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 9 09:18:09 2006 Subject: /etc/cron.daily/sa-update failure? In-Reply-To: <223f97700605090114j151defbex3b7e98f6a8fcf38c@mail.gmail.com> References: <223f97700605081040t6e545cbcif5f60ec39acfab84@mail.gmail.com> <223f97700605090114j151defbex3b7e98f6a8fcf38c@mail.gmail.com> Message-ID: <223f97700605090118q41591a85m734384e2b6c053c2@mail.gmail.com> On 09/05/06, Glenn Steen wrote: (itiod me, strikes again....:-) > #!/bin/sh > /path/to/script params > case $? in > 0|1) ;; should be 0|1) exit 0 ;; > *) return ;; should be *) exit 1 ;; or even preserving the actual return value from sa-update...:-) > esac > # EoS > should do:-) > (clearly a case of 1) too little coffee, and 2) brain not communicating with fingers...:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue May 9 09:24:01 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 9 09:24:04 2006 Subject: Problem With Installation Perl Clamav Module In-Reply-To: <200605090622.k496M4vO008552@bkserver.blacknight.ie> References: <223f97700605081036r46a54660v3581580f35a64c7f@mail.gmail.com> <200605090622.k496M4vO008552@bkserver.blacknight.ie> Message-ID: <223f97700605090124v1361402fl953db8622b7e9665@mail.gmail.com> On 09/05/06, ShaunM [MailShield] wrote: > Hey Guys, > > Following Julians Instructions below I followed through all the steps to > install the module and it only failed on the MAIL::CLAMAV installation. > > The O/S is Centos 4.3 > > 1. Download and install ClamAV from www.clamav.net as usual. > 2. The default locations are under /usr/local/{bin,man,share}. > 3. Do the following: > perl -MCPAN -e shell > install Parse::RecDescent > install Inline > install Mail::ClamAV > 4. In MailScanner.conf, set 'Virus Scanners = clamavmodule'. > 5. In MailScanner.conf, check the setting of 'Monitors for ClamAV > Updates' to ensure it matches the location of your ClamAV virus database > files. > > The output is below, fails on make test anyone can shed some light on this? > > Thanks > Shaun > Does the same type of error happen wityh Julians easy-to-install Clam+SA package (which contains the Mail::ClamAV module, and will take care of the build process for you)? I switched to that a while back, and have had no problems... very slick. Only real carp is that the package keeps adding three lines to your SA *.pre files, but, well ... those are pretty easy to remove, and they don't really harm anything:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue May 9 09:30:56 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 9 09:30:59 2006 Subject: Spamassassin exceeded time limit, not stopping spam In-Reply-To: <200605091640.32260.james@grayonline.id.au> References: <8993.62.97.226.98.1147074631.squirrel@hkskole.no> <200605081807.38649.james@grayonline.id.au> <200605091640.32260.james@grayonline.id.au> Message-ID: <223f97700605090130p4c8993c0i9b26c752a3957c5f@mail.gmail.com> On 09/05/06, James Gray wrote: > On Tue, 9 May 2006 05:05, Logan Shaw wrote: > > On Mon, 8 May 2006, James Gray wrote: > > > spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf --lint -D > > > 2>&1 | less > > > > > > (all on one line). Watch the shell redirection (2>&1) - as written > > > above will probably bork on standard Bourne shells ("sh") but should > > > work fin in bash/zsh. > > > > The "2>&1" syntax is a standard Bourne shell ("sh") thing > > and has been around since long before bash and zsh existed, > > and maybe even before ksh existed. > > Right - but for some daft reason, that syntax ALWAYS breaks on my FreeBSD > boxes which use /bin/sh for root. Go figure. > > Cheers, > > James Some implementations of diverse shells (including bourne... well, "reimplementations" perhaps:-) on some platforms have been known to be rather picky about things like whitespace surronding it, and placement(!). DG/UX comes to mind here... differed between ksh/sh. Sigh. Well, it's dead now:-). I have next to no experience of any modern FreeBSD, so can't say how things are there:). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From a.peacock at chime.ucl.ac.uk Tue May 9 09:44:33 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Tue May 9 09:45:36 2006 Subject: MailWatch Stops logging sascore & sareport Message-ID: <44605671.8080708@chime.ucl.ac.uk> Hi, I originally posted this to the MailWatch users list, and although I have had some help I still have the problem. I am posting this here in the hope that someone on this list might have seen this problem before and can give some pointers. I apologise to those people who are on both lists. -------- Original Message -------- Hi All, I though a recent upgrade of MailScanner had cured me of this problem, but 20 minutes ago MailWatch suddenly stopped logging any values of sascore or sareport. It still logged details of emails processed but sascore and sareport are both NULL. MailScanner is correctly marking emails still and they are still filtered properly. It just stops logging these values in MailWatch. It has run for about 5 days now without showing this behaviour. It is very difficult to track down, as if I leave DBItrace running for 5 days the file gets huge. And a restart of MailScanner cures the problem, so switching DBItrace on when I see the problem occur doesn't help. :-( If anybody has seen something similar or can give me some pointers I would be very grateful. I may post this to the MailScanner-users list as well to see if I reach a different audience... Steve Freegard wrote: > Hi Anthony, > > On Fri, 2006-04-28 at 07:40 +0100, Anthony Peacock wrote: >> Every so often, MailWatch stops logging the SpamAssassin score. All >> other details still get logged, except the sascore is always NULL in the >> database. MailScanner and SpamAssassin are correctly scoring, marking >> and filtering the emails so the system is working as expected except >> that when I check the MailWatch web page none of the emails are marked >> as spam. >> >> As stop and start of mailscanner clears this problem up and there does >> not appear to be any residual problems. >> >> As I said I did investigate this earlier this week and couldn't see >> anything obvious in the logs or DBItrace. This appears to be something >> that happens after a period of time. Any ideas would be appreciated. > > Very strange indeed as sascore gets no particular special attention by > MailWatch.pm. > > The only thing that I know causes NULL to be written to the column is > when a message has been whitelisted. > > Only thing you could try is to disable the SpamAssassin cache > temporarily and see if that solves the problem as this is the only thing > I can think of that changes sascore in the recent versions of > MailScanner. > > Kind regards, > Steve. > > > > ------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Mailwatch-users mailing list > Mailwatch-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/mailwatch-users > > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Mailwatch-users mailing list Mailwatch-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mailwatch-users -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From MailScanner at ecs.soton.ac.uk Tue May 9 11:29:06 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 9 11:29:23 2006 Subject: Sophos v5 In-Reply-To: <00e001c67340$7afadd40$3004010a@martinhlaptop> References: <00e001c67340$7afadd40$3004010a@martinhlaptop> Message-ID: <36320480-0DAF-41E4-BAF3-B97D349B5592@ecs.soton.ac.uk> Yes, don't worry. The new scripts auto-detect which version you have installed and just "do the right thing" (TM) On 9 May 2006, at 09:13, Martin Hepworth wrote: > Julian > > Please be aware V5 is only available on Windows and Linux. The rest > of the > O/S's (MacO X, FreeBSD, Solaris etc) are still on V4. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Julian Field >> Sent: 08 May 2006 18:29 >> To: MailScanner discussion >> Subject: Re: Sophos v5 >> >> Just as soon as I have time to write it! :-) >> I am working on it, I hope it won't be anything major. I may scrap >> Sophos.install at the same time if I can, but no promises. >> >> Has anyone tried it with the current MailScanner release? >> >> Sam Luxford-Watts wrote: >>> Julian, >>> >>> I know we can carry on using V4 for now but any update as to when >>> Sophos >> V5 >>> support will likely to be written into Mailscanner? >>> >>> Thanks, >>> >>> Sam >>> >>> -----Original Message----- >>> From: shrek-m@gmx.de [mailto:shrek-m@gmx.de] >>> Sent: Friday, May 05, 2006 11:11 PM >>> To: mailscanner@lists.mailscanner.info >>> Subject: Re: Sophos v5 >>> >>> On 05.05.2006 18:44, Sam Luxford-Watts wrote: >>> >>> >>>> I am trying to upgrade our elderly MailScanner server. I am >>>> installing >> on >>>> CentOs4 and got most of it working except MS->Sophos. >>>> >>>> I have downloaded and installed Sophos 5.0.2. It installs fine >>>> using >> the >>>> sophos install.sh script. The one suggested in the Mailscanner >>>> docs is >> now >>>> outdated it seams. Sophos.install doesn't work. >>>> >>>> >>>> >>> >>> http://lists.mailscanner.info/pipermail/mailscanner/2006- >> March/059542.html >>> http://lists.mailscanner.info/pipermail/mailscanner/2006- >> March/059551.html >>> >>> i have no problems with sav5.x except that i do not know how i >>> can tell >> ms >>> how to use it. >>> >>> >>> >>>> Has anyone got MS working with Sophos v5.0.2? if so - how? >>>> >>>> >>> >>> i did not tried, for now i have both installed. >>> - sav4.x for ms (Sophos.install) >>> - sav5.x for other use >>> >>> i do not know, perhaps is "generic" a solution for sav5.x, some >>> help/hints would be great. >>> - /etc/MailScanner/virus.scanners.conf >>> - /usr/lib/MailScanner/generic-wrapper >>> - /usr/lib/MailScanner/generic-autoupdate >>> >>> >>> savscan = sav5.x >>> sweep = sav3.x/4.x >>> savscan.base = sweep (see below) >>> >>> a while ago i got some answers from sophos support: >>> >>> >>> >>> - die Optionen von sweep/savscan/savscan.base sind identisch >>> >>> >>> my translation: "the sweep/savscan/savscan.base options are >> identical" >>> >>> >>> savscan.base is the 'sweep' binary, which is called by savscan >>> with some >>> arguments (for example the location of the IDE files). >>> >>> I would avoid playing around in the engine directory as it is not >>> something that anyone, especially customers should be playing with. >>> >>> >>> >>> >>> roots crontab after sav5.x installation >>> >>> 47 * * * * /opt/sophos-av/bin/savupdate >>> >>> >>> >>> >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue May 9 11:38:39 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 9 11:38:51 2006 Subject: Problem With Installation Perl Clamav Module In-Reply-To: <200605090622.k496M4vO008552@bkserver.blacknight.ie> References: <200605090622.k496M4vO008552@bkserver.blacknight.ie> Message-ID: <360A643E-396E-49D6-A6A7-8D2DFB968F54@ecs.soton.ac.uk> If you had used my easy-to-install ClamAV and SpamAssassin package, you wouldn't have had this problem :-) You need to add /usr/local/lib to your /etc/ld.so.conf file and then run the ldconfig command. On 9 May 2006, at 07:21, ShaunM [MailShield] wrote: > Hey Guys, > > Following Julians Instructions below I followed through all the > steps to > install the module and it only failed on the MAIL::CLAMAV > installation. > > The O/S is Centos 4.3 > > 1. Download and install ClamAV from www.clamav.net as usual. > 2. The default locations are under /usr/local/{bin,man,share}. > 3. Do the following: > perl -MCPAN -e shell > install Parse::RecDescent > install Inline > install Mail::ClamAV > 4. In MailScanner.conf, set 'Virus Scanners = clamavmodule'. > 5. In MailScanner.conf, check the setting of 'Monitors for ClamAV > Updates' to ensure it matches the location of your ClamAV virus > database > files. > > The output is below, fails on make test anyone can shed some light > on this? > > Thanks > Shaun > > > > Running make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/Mail-ClamAV....NOK 1# Failed test (t/Mail-ClamAV.t at line 9) > > # Tried to use 'Mail::ClamAV'. > # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' > # > # Can't load > '/root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ > ClamAV.so' > for module Mail::ClamAV: libclamav.so.1: cannot open shared object > file: No > such file or directory at > /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. > # at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 > # > # > # at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm > line 188 > # BEGIN failed--compilation aborted at > /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 532. > # Compilation failed in require at (eval 1) line 2. > "all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail- > ClamAV.t line > 11 > Can't continue after import errors at t/Mail-ClamAV.t line 11 > # Looks like you planned 10 tests but only ran 1. > t/Mail-ClamAV....dubious > > Test returned status 10 (wstat 2560, 0xa00) > DIED. FAILED tests 1-10 > Failed 10/10 tests, 0.00% okay > Failed Test Stat Wstat Total Fail Failed List of Failed > ---------------------------------------------------------------------- > ------ > --- > t/Mail-ClamAV.t 10 2560 10 19 190.00% 1-10 > Failed 1/1 test scripts, 0.00% okay. 10/10 subtests failed, 0.00% > okay. > make: *** [test_dynamic] Error 2 > /usr/bin/make test -- NOT OK > Running make install > make test had returned bad status, won't install without force > > > > > ---------------------------------------------------------------------- > ----------------------------------- > This message has been scanned for viruses and malicious content by > MailShield http://www.mailshield.com.au > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From shrek-m at gmx.de Tue May 9 12:12:49 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Tue May 9 12:12:53 2006 Subject: 4.54.1 with Sophos V5 support In-Reply-To: <445FC039.9050805@ecs.soton.ac.uk> References: <445FC039.9050805@ecs.soton.ac.uk> Message-ID: <44607931.2060205@gmx.de> On 09.05.2006 00:03, Julian Field wrote: >I have just implemented support for Sophos version 5. > > ms installation as usual sophos-wrapper.rpmnew --> sophos-wrapper sophos-autoupdate.rmpnew --> sophos-autoupdate >You can still use Sophos.install to install Sophos version 5, but you >don't have to if you don't want to. >The advantage of installing using Sophos.install is > - More guidance > - Automatic editing of virus.scanners.conf to update location > > # cd /usr/local/sophos-av/ ; Sophos.install [... really short because sav5 was installed ...] $ grep sophos /etc/MailScanner/virus.scanners.conf sophos /usr/lib/MailScanner/sophos-wrapper /opt/sophos-av sophossavi /bin/false /opt/sophos-av ---- MailScanner.conf ---- #Virus Scanners = clamav sophos Virus Scanners = auto -------- ---- /var/log/maillog ---- May 9 13:05:12 xp1800 Sophos-autoupdate[10230]: Sophos V5 updated May 9 13:06:30 xp1800 MailScanner[5215]: Virus Scanning: Sophos found 1 infections -------- >If you install it without using Sophos.install, you *must not* enable >on-access scanning. Otherwise it sill start inspecting files too early >and may well break your system as it deletes or renames files that >MailScanner is about to scan. In this position I cannot guarantee what, >if anything, MailScanner will do. > >Please try it out and let me (or the list) know how you get on. > thanks, works great :-) -- shrek-m From lhaig at haigmail.com Tue May 9 13:29:52 2006 From: lhaig at haigmail.com (Lance Haig) Date: Tue May 9 13:30:19 2006 Subject: Might be off topic Message-ID: <44608B40.4060605@haigmail.com> This is purely a hypothetical question and in now way represents any real situation. I was thinking about this the other night and was wondering if any of you had ideas. I know it is sad but I am sometimes sad like that :-) What type of implementation would you use for say a 2 million email account system? I was thinking I would have 4 - 4 processor 64 bit systems with 16Gb of RAM and 1 - 4 processor 64bit system for mailwatch. Do you think this would be able to take the load? If everyone got 10 emails a day that is 20 million emails in one day. Each system would have to handle 5 million emails. which should be ok. I would really like to know your thoughts. Thanks Lance From maillists at conactive.com Tue May 9 13:31:28 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue May 9 13:31:46 2006 Subject: MailWatch Stops logging sascore & sareport In-Reply-To: <44605671.8080708@chime.ucl.ac.uk> References: <44605671.8080708@chime.ucl.ac.uk> Message-ID: Anthony Peacock wrote on Tue, 09 May 2006 09:44:33 +0100: > I originally posted this to the MailWatch users list, and although I > have had some help I still have the problem. I am posting this here in > the hope that someone on this list might have seen this problem before > and can give some pointers. Anthony, I followed that partly on the mailwatch list. Ahm, what I didn't see is any mention of DBI version etc. There is a DBI version that the old mailwatch didn't work with. If you use the new MailWatchLogging it is still possible that there is some DBI problem. Have you tried to setup a similar machine and reproduce the problem? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From a.peacock at chime.ucl.ac.uk Tue May 9 14:14:37 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Tue May 9 14:14:56 2006 Subject: MailWatch Stops logging sascore & sareport In-Reply-To: References: <44605671.8080708@chime.ucl.ac.uk> Message-ID: <446095BD.6060401@chime.ucl.ac.uk> Hi Kai, Kai Schaetzl wrote: > Anthony Peacock wrote on Tue, 09 May 2006 09:44:33 +0100: > >> I originally posted this to the MailWatch users list, and although I >> have had some help I still have the problem. I am posting this here in >> the hope that someone on this list might have seen this problem before >> and can give some pointers. > > Anthony, I followed that partly on the mailwatch list. Ahm, what I didn't > see is any mention of DBI version etc. There is a DBI version that the old > mailwatch didn't work with. If you use the new MailWatchLogging it is > still possible that there is some DBI problem. Have you tried to setup a > similar machine and reproduce the problem? Thanks for your reply. DBI is 1.50 DBD::mysql is 3.0002_3 The interesting thing is that the logging works fine for a number of days then suddenly starts to log sascore and sareport as NULL, everything else carries on working OK. I haven't really been able to work out what the triggering event is or replicate the problem. It is not really possible for me to set up a different machine to debug this at the moment. However, in looking through my config I did notice something that wasn't working quite correctly. Before I go any further... I don't use Julian's install scripts (for various reasons). I have been using /opt/MailScanner/bin/cron/check_MailScanner.cron as cron job every 15 minutes to check that MailScanner is still running. I have been doing this (or calling /opt/MailScanner/bin/check_mailscanner before that) for ages, and had been redirecting the output to /dev/null because of the noise earlier versions used to generate. I hadn't noticed the introduction of the -q quiet mode option, I also hadn't noticed that check_MailScanner.cron does some basic locking in /var/lock. Because I was dumping the output to the bit bucket I hadn't been aware that /var/lock didn't exist on my system. And therefore the basic locking wasn't working as expected. The reason that I think this might be relevant is that I was once able to cause the logging to stop working properly by running a debug attempt at the same time as the check_MailScanner cron job tried to run. This made me wonder if the cron job was tripping over itself or something else. I have now thoroughly checked the system, MailScanner runs without error in debug mode, DBItrace looks fine, SpamAssassin debug looks OK and the cron jobs are OK. I will let this run for a while and see if it fails again. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From kbjo at interpost.no Tue May 9 15:03:53 2006 From: kbjo at interpost.no (Knut Bjornstad) Date: Tue May 9 15:03:56 2006 Subject: Spamassassin cache loop In-Reply-To: <051101c672a1$9aebe5d0$2901010a@office.fsl>; from steve.swaney@fsl.com on Mon, May 08, 2006 at 09:16:23AM -0400 References: <20060508144740.A28384@akkar.interpost.no> <051101c672a1$9aebe5d0$2901010a@office.fsl> Message-ID: <20060509160353.A13265@akkar.interpost.no> On Mon, May 08, 2006 at 09:16:23AM -0400, Stephen Swaney wrote: > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Knut Bjornstad > > Sent: Monday, May 08, 2006 8:48 AM > > To: mailscanner@lists.mailscanner.info > > Subject: Spamassassin cache loop > > > > We have a problem with our MailScanner installations - a small part of > > the traffic get stuck in the Spamassassin cache and loops back to > > the hold queue for reprossessing. This happens to ordinary mail, I am > > not sure if any of them is spam. The loop is not infinite thou, most of > > the cases escape after a few hundred iterations. But there are som mails > > that has been stuck for months. > > > > We have quite a lot of mail going through our MailScanner filters, so I > > have not given this attention before the last days. But the load on the > > boxes (we have several running in parallell), kept increasing very > > slowly. I was not able to reset the cache in any way. My knowledge of > > SQLite and sql bases in general are very limited, but at last I managed > > to reset the base on one of the boxes by overwriting it with an empty > > base! > > This had no effect, the looping continued. At last I stopped it by > > removing the > > offending mails from the hold queue. Then the load (as reported by > > uptime) on the boxes fell immediately. > > > > Here is some obeservations I have made: > > The log gets lines like this: > > "May 8 00:08:04 xxxx MailScanner[882]: SpamAssassin cache hit for > > message A3C3B310132.D0C33" where the last part of the session-id varies > > as the mail is put back in the hold queue > > > > I have found no particular type of mail that gets caught - but all of them > > have > > a few MIME components. > > > > When I remove a mail, and then put it back in the hold queue, without > > any modification, it got sent immidiately! > > > > Our installation: > > postfix postfix-2.2.1 and 2.1.5 on Suse Linux (the behaviour occurs on > > both versions) > > MailScanner 4.50.15 > > spamassassin 3.0.4 > > ClamAV 0.88.1 > > > > I wonder if this problem can be rectified by upgrading MailScanner, or > > by changing the cache parameters (but the config comment says you > > shouldn't ordinarily do this) > > > > I would appreciate any comment. > > -- > > I believe this is a known problem which can be fixed by upgrading. > > Steve Do you know which change fixed this? I found nothing in the changelog since 4.50.15. -- --Knut Bjornstad -- IKTDriftstjenester, ErgoGroup AS ---Oslo, Norway------- --kbjo@interpost.no -- t:47 23 14 53 36 -- mob: 901 15 917 -- From rpoe at plattesheriff.org Tue May 9 15:51:01 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Tue May 9 15:51:35 2006 Subject: Might be off topic In-Reply-To: <44608B40.4060605@haigmail.com> References: <44608B40.4060605@haigmail.com> Message-ID: <44606608.65ED.00A2.0@plattesheriff.org> >What type of implementation would you use for say a 2 million email >account system? Nice. 20,000,000 / 24 = 833333.333... per hour /60 = 13888 per min / 60 = 230 per second... Are you scanning for spam or just viruses? If spam, how restrictive the rulesets. Why do you assume people will only get 10 a day? The unwashed masses (sorry, slashdot reference) sign up for every cotton picken thing in the world that says *FREE!!!!!! Not to mention spam harvest bots, the inability to block other countries (with 2 million people, you can't just make arbitrary decisions about what countries you will and won't allow email from .. for instance, there is no chance I'll ever do business with China. So on my mail server I have them blacklisted. With a 2 million account system .. that's not an option. Your cross section of people will be too great. I was thinking I would have 4 - 4 processor 64 bit systems with 16Gb of RAM and 1 - 4 processor 64bit system for mailwatch. Do you think this would be able to take the load? If everyone got 10 emails a day that is 20 million emails in one day. Each system would have to handle 5 million emails. which should be ok. I would really like to know your thoughts. Thanks Lance -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Tue May 9 15:52:05 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Tue May 9 15:52:20 2006 Subject: Spamassassin cache loop In-Reply-To: <20060509160353.A13265@akkar.interpost.no> Message-ID: <0b7e01c67378$2402a260$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Knut Bjornstad > Sent: Tuesday, May 09, 2006 10:04 AM > To: MailScanner discussion > Subject: Spamassassin cache loop > > On Mon, May 08, 2006 at 09:16:23AM -0400, Stephen Swaney wrote: > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Knut Bjornstad > > > Sent: Monday, May 08, 2006 8:48 AM > > > To: mailscanner@lists.mailscanner.info > > > Subject: Spamassassin cache loop > > > > > > We have a problem with our MailScanner installations - a small part of > > > the traffic get stuck in the Spamassassin cache and loops back to > > > the hold queue for reprossessing. This happens to ordinary mail, I am > > > not sure if any of them is spam. The loop is not infinite thou, most > of > > > the cases escape after a few hundred iterations. But there are som > mails > > > that has been stuck for months. > > > > > > We have quite a lot of mail going through our MailScanner filters, so > I > > > have not given this attention before the last days. But the load on > the > > > boxes (we have several running in parallell), kept increasing very > > > slowly. I was not able to reset the cache in any way. My knowledge of > > > SQLite and sql bases in general are very limited, but at last I > managed > > > to reset the base on one of the boxes by overwriting it with an empty > > > base! > > > This had no effect, the looping continued. At last I stopped it by > > > removing the > > > offending mails from the hold queue. Then the load (as reported by > > > uptime) on the boxes fell immediately. > > > > > > Here is some obeservations I have made: > > > The log gets lines like this: > > > "May 8 00:08:04 xxxx MailScanner[882]: SpamAssassin cache hit for > > > message A3C3B310132.D0C33" where the last part of the session-id > varies > > > as the mail is put back in the hold queue > > > > > > I have found no particular type of mail that gets caught - but all of > them > > > have > > > a few MIME components. > > > > > > When I remove a mail, and then put it back in the hold queue, without > > > any modification, it got sent immidiately! > > > > > > Our installation: > > > postfix postfix-2.2.1 and 2.1.5 on Suse Linux (the behaviour occurs on > > > both versions) > > > MailScanner 4.50.15 > > > spamassassin 3.0.4 > > > ClamAV 0.88.1 > > > > > > I wonder if this problem can be rectified by upgrading MailScanner, or > > > by changing the cache parameters (but the config comment says you > > > shouldn't ordinarily do this) > > > > > > I would appreciate any comment. > > > -- > > > > I believe this is a known problem which can be fixed by upgrading. > > > > Steve > Do you know which change fixed this? I found nothing in the changelog > since 4.50.15. No but if you search the mail list you can probably find the answer. Might have missed the Change Log. I'd just update to the latest version. It's stable. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From jwilliams at courtesymortgage.com Tue May 9 16:44:55 2006 From: jwilliams at courtesymortgage.com (Jason Williams) Date: Tue May 9 16:43:20 2006 Subject: Holding/Redirecting email from a cetain account? Message-ID: <01BCE961CD5E4146B83F920FC6A4F2351F71B8@cmexchange01.CourtesyMortgage.local> Something was asked of me this morning and im not sure how to do it. There is a former employee who is sending some not so nice emails that management would like to take a look at. At first, they wanted me to just "discard" them. Which was a piece of cake with postfix. However, as far as redirecting them to a certain email address, that I am not sure about and was hoping someone might be able to lend some help. Anyone have ideas on how this migh be done? Running MS 4.46.2 with Postfix 2.2.8 Appreciate it. Jason -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060509/1068126a/attachment.html From lhaig at haigmail.com Tue May 9 16:46:48 2006 From: lhaig at haigmail.com (Lance Haig) Date: Tue May 9 16:46:52 2006 Subject: Might be off topic In-Reply-To: <44606608.65ED.00A2.0@plattesheriff.org> References: <44608B40.4060605@haigmail.com> <44606608.65ED.00A2.0@plattesheriff.org> Message-ID: <4460B968.9000304@haigmail.com> Hi Rob, > Nice. 20,000,000 / 24 = 833333.333... per hour /60 = 13888 per min / > 60 = 230 per second... > > I did not work it out in that much detail. :-) > Are you scanning for spam or just viruses? If spam, how restrictive > the rulesets. Why do you assume people will only get 10 a day? The > unwashed masses (sorry, slashdot reference) sign up for every cotton > picken thing in the world that says *FREE!!!!!! > > I suppose if I would do this I probably would want to just tag spam and remove the virus e-mail. I assumed 10 emails just as a starting point as this was a theoretical discussion in my head. at about 3 in the morning. By the sounds of things I would never want to do this anyway as the numbers just scare me. I could not imagine running a system like this although I am sure MS could do this but it would scare me. Thanks for the response though. Lance From rpoe at plattesheriff.org Tue May 9 16:52:14 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Tue May 9 16:52:49 2006 Subject: Might be off topic In-Reply-To: <4460B968.9000304@haigmail.com> References: <44608B40.4060605@haigmail.com> <44606608.65ED.00A2.0@plattesheriff.org> <4460B968.9000304@haigmail.com> Message-ID: <44607461.65ED.00A2.0@plattesheriff.org> Either way it's an interesting discussion. I'd probably do multiple machines running MS / whatever. I'm not sure if I'd spend the money on BIG iron, or go the Google way and do a ton of little inexpensive 1-2u rackmounts and do a round robin or load balanced setup. Have those machines sort of as a perimeter MX, forwarding mail to the internal "core". Hotmail (had) an interesting setup .. where it was a unified LOOKING system but partitioned out into "sections" .. I guess that was more pre-cluster days, because "parts" of the userbase might go down for maintenance. >>> Lance Haig 5/9/2006 10:46:48 AM >>> Hi Rob, > Nice. 20,000,000 / 24 = 833333.333... per hour /60 = 13888 per min / > 60 = 230 per second... > > I did not work it out in that much detail. :-) > Are you scanning for spam or just viruses? If spam, how restrictive > the rulesets. Why do you assume people will only get 10 a day? The > unwashed masses (sorry, slashdot reference) sign up for every cotton > picken thing in the world that says *FREE!!!!!! > > I suppose if I would do this I probably would want to just tag spam and remove the virus e-mail. I assumed 10 emails just as a starting point as this was a theoretical discussion in my head. at about 3 in the morning. By the sounds of things I would never want to do this anyway as the numbers just scare me. I could not imagine running a system like this although I am sure MS could do this but it would scare me. Thanks for the response though. Lance From jaearick at colby.edu Tue May 9 16:49:41 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Tue May 9 16:54:40 2006 Subject: spam score for all emails? Message-ID: Dumb question... I would like the "X-Colby-MailScanner-SpamScore:" mail header line to appear in ALL emails, even ones less than "Required SpamAssassin Score". I thought this was a settable option, but I can't seem to find it. Was I dreaming? Jeff Earickson Colby College From mrm at medicine.wisc.edu Tue May 9 16:54:48 2006 From: mrm at medicine.wisc.edu (Michael Masse) Date: Tue May 9 16:55:26 2006 Subject: 4.54.1 with Sophos V5 support Message-ID: Any word on the new Symantec support? Mike >>> MailScanner@ecs.soton.ac.uk 5/8/2006 5:03 PM >>> I have just implemented support for Sophos version 5. From andoni.auzmendi at robertwalters.com Tue May 9 16:58:21 2006 From: andoni.auzmendi at robertwalters.com (Andoni Auzmendi) Date: Tue May 9 16:59:26 2006 Subject: Holding/Redirecting email from a cetain account? Message-ID: <1A8B0BB098059B42BCFF0EB7E2E62FD065C021@PAT.internal.robertwalters.com> Have you tried setting up an email alias? User: user, bigbro Both user and bigbro would get emails for user. Andoni _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason Williams Sent: 09 May 2006 16:45 To: MailScanner discussion Subject: Holding/Redirecting email from a cetain account? Something was asked of me this morning and im not sure how to do it. There is a former employee who is sending some not so nice emails that management would like to take a look at. At first, they wanted me to just "discard" them. Which was a piece of cake with postfix. However, as far as redirecting them to a certain email address, that I am not sure about and was hoping someone might be able to lend some help. Anyone have ideas on how this migh be done? Running MS 4.46.2 with Postfix 2.2.8 Appreciate it. Jason -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060509/771bde56/attachment.html From alex at nkpanama.com Tue May 9 17:01:22 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue May 9 17:01:42 2006 Subject: Holding/Redirecting email from a cetain account? In-Reply-To: <01BCE961CD5E4146B83F920FC6A4F2351F71B8@cmexchange01.CourtesyMortgage.local> References: <01BCE961CD5E4146B83F920FC6A4F2351F71B8@cmexchange01.CourtesyMortgage.local> Message-ID: <4460BCD2.8020007@nkpanama.com> Jason Williams wrote: > > Something was asked of me this morning and im not sure how to do it. > > There is a former employee who is sending some not so nice emails that > management would like to take a look at. At first, they wanted me to > just "discard" them. Which was a piece of cake with postfix. > > However, as far as redirecting them to a certain email address, that I > am not sure about and was hoping someone might be able to lend some help. > > Anyone have ideas on how this migh be done? > > Running MS 4.46.2 with Postfix 2.2.8 > > Appreciate it. > > Jason > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. You could use the "Archive Mail" option with a ruleset like: Archive Mail = %rules-dir%/archive.rules with the following: FromOrTo: nasty.employee@yourcompany.com /home/jason/mail/nasty FromOrTo: default no That way all mail from or to the guy in question would get sent to a standard mbox file, readable using IMAP or importable into anything else. From a.peacock at chime.ucl.ac.uk Tue May 9 17:03:10 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Tue May 9 17:03:21 2006 Subject: spam score for all emails? In-Reply-To: References: Message-ID: <4460BD3E.8030603@chime.ucl.ac.uk> Hi Jeff, Jeff A. Earickson wrote: > Dumb question... > > I would like the "X-Colby-MailScanner-SpamScore:" mail header > line to appear in ALL emails, even ones less than "Required SpamAssassin > Score". I thought this was a settable option, > but I can't seem to find it. Was I dreaming? > > Jeff Earickson > Colby College Always Include SpamAssassin Report = yes Will always include the X-ORG-MailScanner-SpamCheck header. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From a.peacock at chime.ucl.ac.uk Tue May 9 17:05:43 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Tue May 9 17:05:53 2006 Subject: MailWatch Stops logging sascore & sareport In-Reply-To: <446095BD.6060401@chime.ucl.ac.uk> References: <44605671.8080708@chime.ucl.ac.uk> <446095BD.6060401@chime.ucl.ac.uk> Message-ID: <4460BDD7.8020206@chime.ucl.ac.uk> Hi, So much for that theory! It starting going wrong again this afternoon, so that was just a matter of hours since the last restart. I missed it starting to go wrong so couldn't really catch any idea of what was happening at the time. A stop and restart of MailScanner fixes the problem. I will keep looking into this and will post if I find out anything further. Anthony Peacock wrote: > Hi Kai, > > Kai Schaetzl wrote: >> Anthony Peacock wrote on Tue, 09 May 2006 09:44:33 +0100: >> >>> I originally posted this to the MailWatch users list, and although I >>> have had some help I still have the problem. I am posting this here >>> in the hope that someone on this list might have seen this problem >>> before and can give some pointers. >> >> Anthony, I followed that partly on the mailwatch list. Ahm, what I >> didn't see is any mention of DBI version etc. There is a DBI version >> that the old mailwatch didn't work with. If you use the new >> MailWatchLogging it is still possible that there is some DBI problem. >> Have you tried to setup a similar machine and reproduce the problem? > > Thanks for your reply. > > DBI is 1.50 DBD::mysql is 3.0002_3 > > The interesting thing is that the logging works fine for a number of > days then suddenly starts to log sascore and sareport as NULL, > everything else carries on working OK. I haven't really been able to > work out what the triggering event is or replicate the problem. > > It is not really possible for me to set up a different machine to debug > this at the moment. However, in looking through my config I did notice > something that wasn't working quite correctly. > > Before I go any further... I don't use Julian's install scripts (for > various reasons). > > I have been using /opt/MailScanner/bin/cron/check_MailScanner.cron as > cron job every 15 minutes to check that MailScanner is still running. I > have been doing this (or calling /opt/MailScanner/bin/check_mailscanner > before that) for ages, and had been redirecting the output to /dev/null > because of the noise earlier versions used to generate. I hadn't > noticed the introduction of the -q quiet mode option, I also hadn't > noticed that check_MailScanner.cron does some basic locking in > /var/lock. Because I was dumping the output to the bit bucket I hadn't > been aware that /var/lock didn't exist on my system. And therefore the > basic locking wasn't working as expected. > > The reason that I think this might be relevant is that I was once able > to cause the logging to stop working properly by running a debug attempt > at the same time as the check_MailScanner cron job tried to run. This > made me wonder if the cron job was tripping over itself or something else. > > I have now thoroughly checked the system, MailScanner runs without error > in debug mode, DBItrace looks fine, SpamAssassin debug looks OK and the > cron jobs are OK. I will let this run for a while and see if it fails > again. > > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From alex at nkpanama.com Tue May 9 17:08:36 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue May 9 17:09:59 2006 Subject: spam score for all emails? In-Reply-To: References: Message-ID: <4460BE84.2040503@nkpanama.com> Jeff A. Earickson wrote: > Dumb question... > > I would like the "X-Colby-MailScanner-SpamScore:" mail header > line to appear in ALL emails, even ones less than "Required > SpamAssassin Score". I thought this was a settable option, > but I can't seem to find it. Was I dreaming? > > Jeff Earickson > Colby College Isn't there an "Always Include SpamAssassin Report" option that does something similar? From ssilva at sgvwater.com Tue May 9 17:40:38 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 9 17:41:18 2006 Subject: Holding/Redirecting email from a cetain account? In-Reply-To: <1A8B0BB098059B42BCFF0EB7E2E62FD065C021@PAT.internal.robertwalters.com> References: <1A8B0BB098059B42BCFF0EB7E2E62FD065C021@PAT.internal.robertwalters.com> Message-ID: Andoni Auzmendi spake the following on 5/9/2006 8:58 AM: > Have you tried setting up an email alias? > > > > User: user, bigbro > > > > Both user and bigbro would get emails for user. > > > > Andoni I wouldn't think a "former" employee would still have an account to alias. Especially one who is abusing the e-mail system. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Tue May 9 17:49:29 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 9 17:50:23 2006 Subject: MailWatch Stops logging sascore & sareport In-Reply-To: <4460BDD7.8020206@chime.ucl.ac.uk> References: <44605671.8080708@chime.ucl.ac.uk> <446095BD.6060401@chime.ucl.ac.uk> <4460BDD7.8020206@chime.ucl.ac.uk> Message-ID: Anthony Peacock spake the following on 5/9/2006 9:05 AM: > Hi, > > So much for that theory! It starting going wrong again this afternoon, > so that was just a matter of hours since the last restart. > > I missed it starting to go wrong so couldn't really catch any idea of > what was happening at the time. > > A stop and restart of MailScanner fixes the problem. > > I will keep looking into this and will post if I find out anything further. > You could turn the MailScanner restart time down to a few hours for now, just to keep it functioning until you find the problem. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From uxbod at splatnix.net Tue May 9 20:03:25 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Tue May 9 19:04:40 2006 Subject: Might be off topic In-Reply-To: <44607461.65ED.00A2.0@plattesheriff.org> References: <44608B40.4060605@haigmail.com> <44606608.65ED.00A2.0@plattesheriff.org> <4460B968.9000304@haigmail.com> <44607461.65ED.00A2.0@plattesheriff.org> Message-ID: <20060509190325.7bbc36e0@cyborg> I would certainly look at a blade cluster configuration, with a SAN on the backend, and RedHat GFS as the underlying filesystem. That one if one blade fails it can be swapped out easily. Probably put a pair of Cisco CSS 11503 load balancers in front of it. UxBoD -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Tue May 9 19:43:49 2006 From: alex at nkpanama.com (Alex Neuman) Date: Tue May 9 19:44:08 2006 Subject: Might be off topic In-Reply-To: <20060509190325.7bbc36e0@cyborg> References: <44608B40.4060605@haigmail.com> <44606608.65ED.00A2.0@plattesheriff.org> <4460B968.9000304@haigmail.com> <44607461.65ED.00A2.0@plattesheriff.org> <20060509190325.7bbc36e0@cyborg> Message-ID: <4460E2E5.3080508@nkpanama.com> --[UxBoD]-- escribi?: > I would certainly look at a blade cluster configuration, with a SAN on the backend, and RedHat GFS as the underlying filesystem. That one if one > blade fails it can be swapped out easily. Probably put a pair of Cisco CSS 11503 load balancers in front of it. > > UxBoD > > How about a Microsoft Exchange Server with the minimum configuration requirements? ;-) From ssilva at sgvwater.com Tue May 9 20:04:21 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 9 20:04:36 2006 Subject: Might be off topic In-Reply-To: <4460E2E5.3080508@nkpanama.com> References: <44608B40.4060605@haigmail.com> <44606608.65ED.00A2.0@plattesheriff.org> <4460B968.9000304@haigmail.com> <44607461.65ED.00A2.0@plattesheriff.org> <20060509190325.7bbc36e0@cyborg> <4460E2E5.3080508@nkpanama.com> Message-ID: Alex Neuman spake the following on 5/9/2006 11:43 AM: > --[UxBoD]-- escribi?: >> I would certainly look at a blade cluster configuration, with a SAN on >> the backend, and RedHat GFS as the underlying filesystem. That one if >> one >> blade fails it can be swapped out easily. Probably put a pair of >> Cisco CSS 11503 load balancers in front of it. >> >> UxBoD >> >> > How about a Microsoft Exchange Server with the minimum configuration > requirements? ;-) Not funny! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Tue May 9 20:28:33 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 9 20:28:53 2006 Subject: 4.54.1 with Sophos V5 support In-Reply-To: References: Message-ID: <4460ED61.3070303@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ? Michael Masse wrote: > Any word on the new Symantec support? > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGDtYhH2WUcUFbZUEQK1AgCg9apxDPs9KBOvp6MRr4qVn+zfqiUAn21g 2OBwcvPAJM3McZzjcbI3ZrNx =QARE -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue May 9 20:31:58 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 9 20:32:10 2006 Subject: Holding/Redirecting email from a cetain account? In-Reply-To: <01BCE961CD5E4146B83F920FC6A4F2351F71B8@cmexchange01.CourtesyMortgage.local> References: <01BCE961CD5E4146B83F920FC6A4F2351F71B8@cmexchange01.CourtesyMortgage.local> Message-ID: <4460EE2E.8040208@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A ruleset on "non-spam actions" that triggered the "forward" action on mail from them, and "deliver" for everyone else. Jason Williams wrote: > > Something was asked of me this morning and im not sure how to do it. > > There is a former employee who is sending some not so nice emails that > management would like to take a look at. At first, they wanted me to > just "discard" them. Which was a piece of cake with postfix. > > However, as far as redirecting them to a certain email address, that I > am not sure about and was hoping someone might be able to lend some help. > > Anyone have ideas on how this migh be done? > > Running MS 4.46.2 with Postfix 2.2.8 > > Appreciate it. > > Jason > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGDuLxH2WUcUFbZUEQKiVQCdHRY3hGXr7fQ24iGx4bfs6YJm6VQAoKJh 5ZXGtQI/0T+67/zisaJZA7sB =AC5z -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From jaearick at colby.edu Tue May 9 21:27:49 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Tue May 9 21:29:31 2006 Subject: webbug replacement ruleset? Message-ID: Julian, I got a howl from a user that her mailings from savedsearches@ebay.com now comes sans pictures of the items that she is shopping for. I suspect the new Web Bug Replacement feature. I would like to do a ruleset here. Would this work? #---don't do webbug replacement on selected sites From: savedsearches@ebay.com no # #---do replacement on everything else FromorTo: default http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif Thanks, Jeff Earickson Colby College From ryanw at falsehope.com Tue May 9 22:03:07 2006 From: ryanw at falsehope.com (Ryan Weaver) Date: Tue May 9 22:03:03 2006 Subject: 4.54.1 with Sophos V5 support In-Reply-To: <4460ED61.3070303@ecs.soton.ac.uk> Message-ID: <001001c673ab$fcdb2520$6427a8c0@fryguy> ----Original Message---- From: Julian Field Sent: Tuesday, May 09, 2006 2:29 PM To: MailScanner discussion Subject: Re: 4.54.1 with Sophos V5 support > > ? > > Michael Masse wrote: >> Any word on the new Symantec support? >> Symantec AntiVirus Corporate Edition SAV for Linux. sav-1.0.0-61 Comes bundled with Symantec AntiVirus Corporate Edition 10.1.0.394 From maillists at conactive.com Wed May 10 00:13:04 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed May 10 00:12:55 2006 Subject: webbug replacement ruleset? In-Reply-To: References: Message-ID: Jeff A. Earickson wrote on Tue, 9 May 2006 16:27:49 -0400 (EDT): > Would this work? I don't think so. That rule is not a ruleset, it just contains what should be replaced for the source of the image. Did the problem exist *before* the new Webbug replacement? If not, than it can't be the source of the problem unless Julian changed detection code as well (to include images with no size - that's the only possibility). Before it replaced just with "MailScannerWebBug", now it replaces with a URL. In both cases the original cannot be shown. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From james at grayonline.id.au Wed May 10 01:10:57 2006 From: james at grayonline.id.au (James Gray) Date: Wed May 10 07:13:33 2006 Subject: Might be off topic In-Reply-To: <4460E2E5.3080508@nkpanama.com> References: <44608B40.4060605@haigmail.com> <20060509190325.7bbc36e0@cyborg> <4460E2E5.3080508@nkpanama.com> Message-ID: <200605101011.02020.james@grayonline.id.au> On Wed, 10 May 2006 04:43 am, Alex Neuman wrote: > --[UxBoD]-- escribi?: > > I would certainly look at a blade cluster configuration, with a SAN on > > the backend, and RedHat GFS as the underlying filesystem. That one if > > one blade fails it can be swapped out easily. Probably put a pair of > > Cisco CSS 11503 load balancers in front of it. > > > > UxBoD > > How about a Microsoft Exchange Server with the minimum configuration > requirements? ;-) Save yourself the licensing fees: install any old F/OSS MTA as an open relay and be done with it :P James -- Health nuts are going to feel stupid someday, lying in hospitals dying of nothing. -- Redd Foxx -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060510/444122ef/attachment.bin From MailScanner at ecs.soton.ac.uk Wed May 10 08:37:39 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 10 08:37:58 2006 Subject: webbug replacement ruleset? In-Reply-To: References: Message-ID: On 9 May 2006, at 21:27, Jeff A. Earickson wrote: > Julian, > > I got a howl from a user that her mailings from savedsearches@ebay.com > now comes sans pictures of the items that she is shopping for. I > suspect the new Web Bug Replacement feature. I would like to do a > ruleset here. Would this work? > > #---don't do webbug replacement on selected sites > From: savedsearches@ebay.com no > # > #---do replacement on everything else > FromorTo: default http://www.sng.ecs.soton.ac.uk/mailscanner/ > images/1x1spacer.gif No, you would want FromorTo: Default yes The option takes either yes or no values, so that's what the ruleset must feed it. Unless Ebay have screwed up their image size attributes in the img tag, MailScanner shouldn't be clobbering these images. Is anyone else receiving reports of this problem? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From FStein at thehill.org Wed May 10 11:40:40 2006 From: FStein at thehill.org (Stein, Mr. Fred) Date: Wed May 10 11:41:36 2006 Subject: webbug replacement ruleset? Message-ID: Yes Fred Stein Network Administrator The Hill School 717 E. High Street Pottstown, PA? 19464 fstein@thehill.org www.thehill.org -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Wednesday, May 10, 2006 3:38 AM To: MailScanner discussion Subject: Re: webbug replacement ruleset? On 9 May 2006, at 21:27, Jeff A. Earickson wrote: > Julian, > > I got a howl from a user that her mailings from savedsearches@ebay.com > now comes sans pictures of the items that she is shopping for. I > suspect the new Web Bug Replacement feature. I would like to do a > ruleset here. Would this work? > > #---don't do webbug replacement on selected sites > From: savedsearches@ebay.com no > # > #---do replacement on everything else > FromorTo: default http://www.sng.ecs.soton.ac.uk/mailscanner/ > images/1x1spacer.gif No, you would want FromorTo: Default yes The option takes either yes or no values, so that's what the ruleset must feed it. Unless Ebay have screwed up their image size attributes in the img tag, MailScanner shouldn't be clobbering these images. Is anyone else receiving reports of this problem? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 10 13:56:34 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 10 13:56:51 2006 Subject: webbug replacement ruleset? In-Reply-To: References: Message-ID: Please can someone send me a "unclobbered" and a "clobbered" example message? Preferably raw queue files or RFC822 messages gzipped. Please send them to me, not the list. On 10 May 2006, at 11:40, Stein, Mr. Fred wrote: > Yes > > Fred Stein > Network Administrator > The Hill School > 717 E. High Street > Pottstown, PA 19464 > fstein@thehill.org > www.thehill.org > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Julian Field > Sent: Wednesday, May 10, 2006 3:38 AM > To: MailScanner discussion > Subject: Re: webbug replacement ruleset? > > On 9 May 2006, at 21:27, Jeff A. Earickson wrote: > >> Julian, >> >> I got a howl from a user that her mailings from >> savedsearches@ebay.com >> now comes sans pictures of the items that she is shopping for. I >> suspect the new Web Bug Replacement feature. I would like to do a >> ruleset here. Would this work? >> >> #---don't do webbug replacement on selected sites >> From: savedsearches@ebay.com no >> # >> #---do replacement on everything else >> FromorTo: default http://www.sng.ecs.soton.ac.uk/mailscanner/ >> images/1x1spacer.gif > > No, you would want FromorTo: Default yes > The option takes either yes or no values, so that's what the ruleset > must feed it. > > Unless Ebay have screwed up their image size attributes in the img > tag, MailScanner shouldn't be clobbering these images. > > Is anyone else receiving reports of this problem? > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From gborders at jlewiscooper.com Wed May 10 14:07:38 2006 From: gborders at jlewiscooper.com (Greg Borders) Date: Wed May 10 14:08:18 2006 Subject: webbug replacement ruleset? In-Reply-To: References: Message-ID: <4461E59A.7050001@jlewiscooper.com> Julian Field wrote: > On 9 May 2006, at 21:27, Jeff A. Earickson wrote: > >> Julian, >> >> I got a howl from a user that her mailings from savedsearches@ebay.com >> now comes sans pictures of the items that she is shopping for. I >> suspect the new Web Bug Replacement feature. I would like to do a >> ruleset here. Would this work? >> >> #---don't do webbug replacement on selected sites >> From: savedsearches@ebay.com no >> # >> #---do replacement on everything else >> FromorTo: default >> http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif > > No, you would want FromorTo: Default yes > The option takes either yes or no values, so that's what the ruleset > must feed it. > > Unless Ebay have screwed up their image size attributes in the img > tag, MailScanner shouldn't be clobbering these images. > > Is anyone else receiving reports of this problem? I'm Getting some similar feed back from users as well. Had some messages from for example; Tiger Direct / Global Computers come through without the images that had been rendering just fine before the update. (from 4.52.2-1 to 4.53.8-1 in my case.) I'll just flip off the web bug check temporarily, until we get this resolved. Julian, if you want a copy of one of the messages that was 'altered', I can send you a copy from my quarantine file. Greg. Borders System Administrator JLC Co. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From nick.smith67 at googlemail.com Wed May 10 14:13:30 2006 From: nick.smith67 at googlemail.com (Nick Smith) Date: Wed May 10 14:13:32 2006 Subject: Mishandling multi-line ISO encoded subject headers Message-ID: Hi, MS 4.53.8, Postfix 2.2.10 I have a big problem right now with MailScanner apparently mangling some (but not all) multi-line folded Subject headers - typically those containing ISO encoded subjects for multi-byte character sets. Consider these two examples: Subject: =?iso-2022-jp?B?GyRCJCIkIiQiJCIkIiQiJCIkIiQiJCIkIiQiJCIbKEIgYWFhYWFhYQ==?= =?iso-2022-jp?B?YSAbJEIkIiQiJCIkIiQiJCIkIiQiJCIkIhsoQg==?= Subject: =?iso-2022-jp?B?GyRCJCIkIiQiJCIkIiQiJCIkIiQiJCIkIiQiGyhCIGFhYWFhYWFhIA==?= =?iso-2022-jp?B?GyRCJCIkIiQiJCIkIiQiJCIkIiQiJCIbKEI=?= The first one is an ISO-2022-JP encoded representation of 13 Japanese double-byte "a" followed by a single space, 8 lower case ASCII "a", another single space and finally 10 more Japanese double-byte "a". The second is identical, except one of the 13 double-byte "a" has been removed so there are only 12 Given that the first character of the second line in each example is a space, they ought to be treated as a single header per RFC822's folded header specification The weird part is that the first example works, shows up unchanged in the user's mailbox, and the Subject: header looks exactly as it did when it was sent while the shorter second one gets broken. What shows up in the user's mailbox (and the headers) is a decoded version of just the first line - which looks like this: Subject: ^[$B$"$"$"$"$"$"$"$"$"$"$"$"^[(B aaaaaaaa MailScanner running with Sendmail does not seem to experience this problem, and neither does Postfix running without MailScanner so it looks to be something to do with MailScanner's Postfix-specific code I did notice whilst digging in MailScanner's Postfix.pm that maybe the complete handling of folded Subject: headers is not implemented - for example lines 449-452: if ($recdata =~ /^Subject:\s*(\S.*)?$/i) { $message->{subject} = $1; next; } This doesn't seem to handle the case where Subject: is on more than one line, and will result in $message->{subject} containing only the first line of a folded Subject: Clearly this is not the whole story and an incomplete $message->{subject} is not enough to kill it every time because otherwise it would never work with a folded subject at all - as I said previously, the longer example above does work OK as do many other folded subject headers. Unfortunately, this is causing quite a big problem - it would be great if somebody could suggest a fix. Failing a proper fix, is there any way to modify the existing header_check: /^Received:/ HOLD ...so that it will exclude messages with (for example) /^Subject: =*iso-2022-jp/ - that way I could maybe have these messages bypass MS for the time being Thanks Nick From jaearick at colby.edu Wed May 10 14:24:55 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed May 10 14:28:27 2006 Subject: webbug replacement ruleset? In-Reply-To: References: Message-ID: Julian, I need to turn off this web bug replacement option because the howls are growing louder and more numerous. How to operate like before 4.53.8? Just set Web Bug Replacement = ie, nothing after the equals? Jeff Earickson Colby College On Wed, 10 May 2006, Julian Field wrote: > Date: Wed, 10 May 2006 08:37:39 +0100 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: webbug replacement ruleset? > > On 9 May 2006, at 21:27, Jeff A. Earickson wrote: > >> Julian, >> >> I got a howl from a user that her mailings from savedsearches@ebay.com >> now comes sans pictures of the items that she is shopping for. I >> suspect the new Web Bug Replacement feature. I would like to do a >> ruleset here. Would this work? >> >> #---don't do webbug replacement on selected sites >> From: savedsearches@ebay.com no >> # >> #---do replacement on everything else >> FromorTo: default >> http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif > > No, you would want FromorTo: Default yes > The option takes either yes or no values, so that's what the ruleset must > feed it. > > Unless Ebay have screwed up their image size attributes in the img tag, > MailScanner shouldn't be clobbering these images. > > Is anyone else receiving reports of this problem? > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From amoore at dekalbmemorial.com Wed May 10 15:07:23 2006 From: amoore at dekalbmemorial.com (Aaron K. Moore) Date: Wed May 10 15:07:31 2006 Subject: Spamassassin cache loop Message-ID: <60D398EB2DB948409CA1F50D8AF122570113EBEB@exch1.dekalbmemorial.local> Knut Bjornstad wrote: > Do you know which change fixed this? I found nothing in the changelog > since 4.50.15. I believe it was 4.53.8. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com From tobias.axelsson at vxu.se Wed May 10 15:50:15 2006 From: tobias.axelsson at vxu.se (Tobias Axelsson) Date: Wed May 10 15:50:24 2006 Subject: Spam with the bodytext in a image Message-ID: <0IZ2003B217UGE40@mailinone.vxu.se> Hi We have some problem with spam that sends a mail only containing a gif-image with the text in. Offcourse they change the filename everytime. I'm not sure if it's ok to attach files to this list, so I don't :) One solution could be a md5sum-blacklist on attachment, becourse the md5sum does'nt change if you change the filename... Is there current a function that I can use for this or is this maybe a future reliase feature to add? Thanks for a great bundled software /Tobias Vaxjo university -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060510/04e9a5c8/attachment.html From adrik at salesmanager.nl Wed May 10 15:58:24 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Wed May 10 15:58:27 2006 Subject: Spam with the bodytext in a image Message-ID: Tobias, The Sare stock rules set has some specific rules for detecting inline gif images. See http://www.rulesemporium.com. Also if you use sa-update, it includes some new rules for this in 80_additional.cf. Adri. ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Tobias Axelsson Sent: woensdag 10 mei 2006 16:50 To: MailScanner discussion Subject: Spam with the bodytext in a image Hi We have some problem with spam that sends a mail only containing a gif-image with the text in. Offcourse they change the filename everytime. I'm not sure if it's ok to attach files to this list, so I don't :) One solution could be a md5sum-blacklist on attachment, becourse the md5sum does'nt change if you change the filename... Is there current a function that I can use for this or is this maybe a future reliase feature to add? Thanks for a great bundled software /Tobias Vaxjo university -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060510/8821acc3/attachment.html From lshaw at emitinc.com Wed May 10 16:01:48 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Wed May 10 16:02:03 2006 Subject: Might be off topic In-Reply-To: <44607461.65ED.00A2.0@plattesheriff.org> References: <44608B40.4060605@haigmail.com> <44606608.65ED.00A2.0@plattesheriff.org> <4460B968.9000304@haigmail.com> <44607461.65ED.00A2.0@plattesheriff.org> Message-ID: On Tue, 9 May 2006, Rob Poe wrote: > Either way it's an interesting discussion. I'd probably do multiple > machines running MS / whatever. I'm not sure if I'd spend the money on > BIG iron, or go the Google way and do a ton of little inexpensive 1-2u > rackmounts and do a round robin or load balanced setup. > > Have those machines sort of as a perimeter MX, forwarding mail to the > internal "core". > > Hotmail (had) an interesting setup .. where it was a unified LOOKING > system but partitioned out into "sections" .. I guess that was more > pre-cluster days, because "parts" of the userbase might go down for > maintenance. In my mind, that's the way to do it. Even if you have accounts in only one DNS domain that you wish to serve, e-mail is an example of a task that can be parallelized out the wazoo. Not only can you split up functions on different machines (mailbox storage, incoming delivery, outgoing delivery, filtering, web front end), but you can also split things up based on account name. You could have a separate set of servers for account names beginning with each different letter of the alphabet. Of course, you can go further and do a hash function with 1000 different values and have 1000 different servers, if you want. Or store which-account-is-where information in a distributed database like LDAP. You can even split up the mailbox storage onto separate machines: there is no reason a mailbox needs to be globally accessible as long as the machines that need it know which machine to contact in order to find the mailbox they need. Of course, you'd need a method to move mailboxes/accounts from one machine to another to balance load and to remove/add from the pool. - Logan From naolson at gmail.com Wed May 10 16:18:01 2006 From: naolson at gmail.com (Nathan Olson) Date: Wed May 10 16:18:07 2006 Subject: Spam with the bodytext in a image In-Reply-To: References: Message-ID: <8f54b4330605100818n677ac64hf12d1defcba41e84@mail.gmail.com> Are you using SA 3.1.1? I show no updates for 3.1.0 Nate From MailScanner at ecs.soton.ac.uk Wed May 10 17:07:51 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 10 17:08:09 2006 Subject: webbug replacement ruleset? In-Reply-To: References: Message-ID: Please can you send me a screwed message? The only one I have been sent so far renders just fine in a web browser. On 10 May 2006, at 14:24, Jeff A. Earickson wrote: > Julian, > > I need to turn off this web bug replacement option because the howls > are growing louder and more numerous. How to operate like before > 4.53.8? Just set > > Web Bug Replacement = > > ie, nothing after the equals? > > Jeff Earickson > Colby College > > On Wed, 10 May 2006, Julian Field wrote: > >> Date: Wed, 10 May 2006 08:37:39 +0100 >> From: Julian Field >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Re: webbug replacement ruleset? >> On 9 May 2006, at 21:27, Jeff A. Earickson wrote: >> >>> Julian, >>> I got a howl from a user that her mailings from >>> savedsearches@ebay.com >>> now comes sans pictures of the items that she is shopping for. I >>> suspect the new Web Bug Replacement feature. I would like to do a >>> ruleset here. Would this work? >>> #---don't do webbug replacement on selected sites >>> From: savedsearches@ebay.com no >>> # >>> #---do replacement on everything else >>> FromorTo: default http://www.sng.ecs.soton.ac.uk/mailscanner/ >>> images/1x1spacer.gif >> >> No, you would want FromorTo: Default yes >> The option takes either yes or no values, so that's what the >> ruleset must feed it. >> >> Unless Ebay have screwed up their image size attributes in the img >> tag, MailScanner shouldn't be clobbering these images. >> >> Is anyone else receiving reports of this problem? >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed May 10 17:16:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 10 17:16:31 2006 Subject: webbug replacement ruleset? In-Reply-To: References: Message-ID: Can you please try the attached Message.pm file instead of your current one in 4.53. I fixed another bug in it, and it's possible that bug affected this. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- A non-text attachment was scrubbed... Name: Message.pm.gz Type: application/x-gzip Size: 55817 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060510/4896b7bb/Message.pm-0001.gz -------------- next part -------------- On 10 May 2006, at 14:24, Jeff A. Earickson wrote: > Julian, > > I need to turn off this web bug replacement option because the howls > are growing louder and more numerous. How to operate like before > 4.53.8? Just set > > Web Bug Replacement = > > ie, nothing after the equals? > > Jeff Earickson > Colby College > > On Wed, 10 May 2006, Julian Field wrote: > >> Date: Wed, 10 May 2006 08:37:39 +0100 >> From: Julian Field >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Re: webbug replacement ruleset? >> On 9 May 2006, at 21:27, Jeff A. Earickson wrote: >> >>> Julian, >>> I got a howl from a user that her mailings from >>> savedsearches@ebay.com >>> now comes sans pictures of the items that she is shopping for. I >>> suspect the new Web Bug Replacement feature. I would like to do a >>> ruleset here. Would this work? >>> #---don't do webbug replacement on selected sites >>> From: savedsearches@ebay.com no >>> # >>> #---do replacement on everything else >>> FromorTo: default http://www.sng.ecs.soton.ac.uk/mailscanner/ >>> images/1x1spacer.gif >> >> No, you would want FromorTo: Default yes >> The option takes either yes or no values, so that's what the >> ruleset must feed it. >> >> Unless Ebay have screwed up their image size attributes in the img >> tag, MailScanner shouldn't be clobbering these images. >> >> Is anyone else receiving reports of this problem? >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From jaearick at colby.edu Wed May 10 17:30:24 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed May 10 17:34:16 2006 Subject: webbug replacement ruleset? In-Reply-To: References: Message-ID: Julian, I have dropped the new Message.pm in place and changed Web Bug Replacement back to the default. I don't have an example message to send you, but I'll see if I can scrounge up one. Thanks. Jeff Earickson Colby College On Wed, 10 May 2006, Julian Field wrote: > Date: Wed, 10 May 2006 17:16:11 +0100 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: webbug replacement ruleset? > > Can you please try the attached Message.pm file instead of your current one > in 4.53. > I fixed another bug in it, and it's possible that bug affected this. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > From jaearick at colby.edu Wed May 10 18:29:01 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed May 10 18:34:52 2006 Subject: webbug replacement ruleset? In-Reply-To: References: Message-ID: Julian, One of my howling users has her Wall Street Journal email subscriptions mangled, so (behold) I will use the Power of MailScanner (TM) to snag a message via a ruleset: Non Spam Actions = %localrules-dir%/nonspam.rules where the rules are: From: access@interactive.wsj.com and To: user@colby.edu deliver store forward jaearick@colby.edu FromOrTo: default deliver This should leave me the raw qf/df files in quarantine that I can then send along. This might take a day or so, depending on WSJ mailings and settings that I have to tweak. When I can figure out how to use rulesets, it is the coolest thing about MailScanner. Jeff Earickson Colby College On Wed, 10 May 2006, Julian Field wrote: > Date: Wed, 10 May 2006 17:07:51 +0100 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: webbug replacement ruleset? > > Please can you send me a screwed message? > The only one I have been sent so far renders just fine in a web browser. > > On 10 May 2006, at 14:24, Jeff A. Earickson wrote: > >> Julian, >> >> I need to turn off this web bug replacement option because the howls >> are growing louder and more numerous. How to operate like before >> 4.53.8? Just set >> >> Web Bug Replacement = >> >> ie, nothing after the equals? >> >> Jeff Earickson >> Colby College >> >> On Wed, 10 May 2006, Julian Field wrote: >> >>> Date: Wed, 10 May 2006 08:37:39 +0100 >>> From: Julian Field >>> Reply-To: MailScanner discussion >>> To: MailScanner discussion >>> Subject: Re: webbug replacement ruleset? >>> On 9 May 2006, at 21:27, Jeff A. Earickson wrote: >>> >>>> Julian, >>>> I got a howl from a user that her mailings from savedsearches@ebay.com >>>> now comes sans pictures of the items that she is shopping for. I >>>> suspect the new Web Bug Replacement feature. I would like to do a >>>> ruleset here. Would this work? >>>> #---don't do webbug replacement on selected sites >>>> From: savedsearches@ebay.com no >>>> # >>>> #---do replacement on everything else >>>> FromorTo: default >>>> http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif >>> >>> No, you would want FromorTo: Default yes >>> The option takes either yes or no values, so that's what the ruleset must >>> feed it. >>> >>> Unless Ebay have screwed up their image size attributes in the img tag, >>> MailScanner shouldn't be clobbering these images. >>> >>> Is anyone else receiving reports of this problem? >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> MailScanner thanks transtec Computers for their support. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 10 19:01:13 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 10 19:01:30 2006 Subject: webbug replacement ruleset? In-Reply-To: References: Message-ID: <44622A69.9000003@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Has anyone with this problem had a chance to try this yet? I would really appreciate a fast response. Julian Field wrote: > Can you please try the attached Message.pm file instead of your > current one in 4.53. > I fixed another bug in it, and it's possible that bug affected this. > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > > On 10 May 2006, at 14:24, Jeff A. Earickson wrote: > >> Julian, >> >> I need to turn off this web bug replacement option because the howls >> are growing louder and more numerous. How to operate like before >> 4.53.8? Just set >> >> Web Bug Replacement = >> >> ie, nothing after the equals? >> >> Jeff Earickson >> Colby College >> >> On Wed, 10 May 2006, Julian Field wrote: >> >>> Date: Wed, 10 May 2006 08:37:39 +0100 >>> From: Julian Field >>> Reply-To: MailScanner discussion >>> To: MailScanner discussion >>> Subject: Re: webbug replacement ruleset? >>> On 9 May 2006, at 21:27, Jeff A. Earickson wrote: >>> >>>> Julian, >>>> I got a howl from a user that her mailings from savedsearches@ebay.com >>>> now comes sans pictures of the items that she is shopping for. I >>>> suspect the new Web Bug Replacement feature. I would like to do a >>>> ruleset here. Would this work? >>>> #---don't do webbug replacement on selected sites >>>> From: savedsearches@ebay.com no >>>> # >>>> #---do replacement on everything else >>>> FromorTo: default >>>> http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif >>> >>> No, you would want FromorTo: Default yes >>> The option takes either yes or no values, so that's what the ruleset >>> must feed it. >>> >>> Unless Ebay have screwed up their image size attributes in the img >>> tag, MailScanner shouldn't be clobbering these images. >>> >>> Is anyone else receiving reports of this problem? >>> --Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> --This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> MailScanner thanks transtec Computers for their support. >>> >>> --MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > --Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGIqaxH2WUcUFbZUEQJlhQCgvKbTbvHMqPh5fSxd0BbOLOOrp44AoNGO j94RGDTzMepozlVC2ss2v9T7 =iJwU -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed May 10 19:11:23 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 10 19:11:35 2006 Subject: webbug replacement ruleset? In-Reply-To: References: Message-ID: <44622CCB.1000401@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeff A. Earickson wrote: > Julian, > > One of my howling users has her Wall Street Journal email subscriptions > mangled, so (behold) I will use the Power of MailScanner (TM) to snag > a message via a ruleset: > > This should leave me the raw qf/df files in quarantine that I can then > send along. This might take a day or so, depending on WSJ mailings and > settings that I have to tweak. Thanks. I'll publish a beta as soon as I can. > When I can figure out how to use rulesets, it is the coolest thing > about MailScanner. They are dead simple. Instead of stating a simple value in a MailScanner setting Setting = value they provide a way of changing the "value" depending on the sender and recipient addresses of the mail message. That's all there is to it. So if, for the option "Sign Clean Messages" you want to say "no" to mail going to your own domain "lawyers.com" and you want to say "yes" to all other mail, then you just say To: lawyers.com no FromOrTo: default yes The "FromOrTo: default" line is the one that says "use this for all other mail". If, in "Non-Spam Actions", you want to say "deliver store" for mail from wsj.com and "deliver" for all other mail, then you just say From: wsj.com deliver store FromOrTo: default deliver You can use all sorts of things instead of just "wsj.com". You can specify any user, any group of users, you can use wildcards, you can specify the IP address it came from (very useful for saying "use this value for all messages from my PC's, regardless of the addresses they are using"), or you can even harness the power of full regular expressions which can be used to say just about anything. But the value on the right-hand side of a rule is always just the value you want to use for that configuration setting with that bunch of email addresses. I just don't quite understand why people have trouble understanding this, I think they believe it's all more complicated and clever than it really is. > On Wed, 10 May 2006, Julian Field wrote: > >> Date: Wed, 10 May 2006 17:07:51 +0100 >> From: Julian Field >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Re: webbug replacement ruleset? >> >> Please can you send me a screwed message? >> The only one I have been sent so far renders just fine in a web browser. >> >> On 10 May 2006, at 14:24, Jeff A. Earickson wrote: >> >>> Julian, >>> >>> I need to turn off this web bug replacement option because the howls >>> are growing louder and more numerous. How to operate like before >>> 4.53.8? Just set >>> >>> Web Bug Replacement = >>> >>> ie, nothing after the equals? >>> >>> Jeff Earickson >>> Colby College >>> >>> On Wed, 10 May 2006, Julian Field wrote: >>> >>>> Date: Wed, 10 May 2006 08:37:39 +0100 >>>> From: Julian Field >>>> Reply-To: MailScanner discussion >>>> To: MailScanner discussion >>>> Subject: Re: webbug replacement ruleset? >>>> On 9 May 2006, at 21:27, Jeff A. Earickson wrote: >>>> >>>>> Julian, >>>>> I got a howl from a user that her mailings from >>>>> savedsearches@ebay.com >>>>> now comes sans pictures of the items that she is shopping for. I >>>>> suspect the new Web Bug Replacement feature. I would like to do a >>>>> ruleset here. Would this work? >>>>> #---don't do webbug replacement on selected sites >>>>> From: savedsearches@ebay.com no >>>>> # >>>>> #---do replacement on everything else >>>>> FromorTo: default >>>>> http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif >>>> >>>> No, you would want FromorTo: Default yes >>>> The option takes either yes or no values, so that's what the >>>> ruleset must feed it. >>>> >>>> Unless Ebay have screwed up their image size attributes in the img >>>> tag, MailScanner shouldn't be clobbering these images. >>>> >>>> Is anyone else receiving reports of this problem? >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> MailScanner thanks transtec Computers for their support. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGIszBH2WUcUFbZUEQLilQCgjy9Bl34BttmN8jwuGxjIWmjkpfAAn1de j/ohvSAYUQKfwpWKgkR9r4jt =rW5M -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mauriciopcavalcanti at hotmail.com Wed May 10 19:36:16 2006 From: mauriciopcavalcanti at hotmail.com (Mauricio) Date: Wed May 10 19:36:53 2006 Subject: Disclaimer problem In-Reply-To: <44622A69.9000003@ecs.soton.ac.uk> Message-ID: All, I?m trying to make a rule to insert html or text disclaimer, but it?s not working well. I?m using MS 4.46.2-3 and Debian. Here is my MailScanner.conf: Inline HTML Signature = %rules-dir%/disclaimer.html.rules Inline Text Signature = %rules-dir%/disclaimer.txt.rules Here is my disclaimer.html.rules: From: fulano@domain.com.br /etc/MailScanner/reports/disclaimer.html From: fulano@DOMAIN.COM.BR /etc/MailScanner/reports/disclaimer.html FromOrTo: default /etc/MailScanner/reports/blank.disclaimer And the same for disclaimer.txt.rules... It?s working, but only if Outlook Express is used to generate the e-mail. The problem is when SAP generates the same e-mail... no disclaimer is inserted. Header is OK in both. PS: No problem reported in logs. Thanks in advance, Mauricio From jaearick at colby.edu Wed May 10 20:22:48 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed May 10 20:24:32 2006 Subject: Critical Vulnerability in Sophos Message-ID: Gang, See the following and act accordingly: http://www.incidents.org/diary.php?storyid=1325 Fortunately, CAB files are already in Julian's filenames.rules.conf deny list. Jeff Earickson Colby College From MailScanner at ecs.soton.ac.uk Wed May 10 20:37:04 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 10 20:37:16 2006 Subject: Disclaimer problem In-Reply-To: References: Message-ID: <446240E0.1000905@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mauricio wrote: > All, > I?m trying to make a rule to insert html or text disclaimer, but it?s not > working well. > > I?m using MS 4.46.2-3 and Debian. > > Here is my MailScanner.conf: > > Inline HTML Signature = %rules-dir%/disclaimer.html.rules > Inline Text Signature = %rules-dir%/disclaimer.txt.rules > > Here is my disclaimer.html.rules: > From: fulano@domain.com.br /etc/MailScanner/reports/disclaimer.html > From: fulano@DOMAIN.COM.BR /etc/MailScanner/reports/disclaimer.html > FromOrTo: default /etc/MailScanner/reports/blank.disclaimer > No need to specift the domain.com.br and DOMAIN.COM.BR, the host part of email addresses is case-insensitive. > And the same for disclaimer.txt.rules... > > It?s working, but only if Outlook Express is used to generate the e-mail. > The problem is when SAP generates the same e-mail... no disclaimer is > inserted. Header is OK in both. > I would suspect that SAP is generating the mail with a different sender address, just the same "From:" address in the headers. MailScanner uses the envelope sender and recipient addresses, not the ones that happen to occur in the headers (which are irrelevant for mail delivery). Get MailScanner to add the Envelope From Address and see where they are actually coming from. > PS: No problem reported in logs. > > Thanks in advance, > Mauricio > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGJA4RH2WUcUFbZUEQJVyQCfcYv7vsdyzM//yKNOWy83XFZGhesAn0HJ iuMP2aAITI9SNuifYBmwuIAI =8ldX -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From alex at nkpanama.com Wed May 10 20:54:38 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed May 10 20:55:17 2006 Subject: Disclaimer problem In-Reply-To: <446240E0.1000905@ecs.soton.ac.uk> References: <446240E0.1000905@ecs.soton.ac.uk> Message-ID: <446244FE.5010001@nkpanama.com> Julian Field wrote: > I would suspect that SAP is generating the mail with a different sender > address, just the same "From:" address in the headers. > MailScanner uses the envelope sender and recipient addresses, not the > ones that happen to occur in the headers (which are irrelevant for mail > delivery). > > Get MailScanner to add the Envelope From Address and see where they are > actually coming from. > You beat me to that one. I hit "send" on my last e-mail and during the "sending" dialog that thought crossed my mind. That's why I usually set up "mailscanner-from" and "mailscanner-to" headers to show up in these situations as a ruleset so I can see in more detail what is going on. From alex at nkpanama.com Wed May 10 20:54:42 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed May 10 20:55:31 2006 Subject: Disclaimer problem In-Reply-To: References: Message-ID: <44624502.8040908@nkpanama.com> Mauricio wrote: > It?s working, but only if Outlook Express is used to generate the e-mail. > The problem is when SAP generates the same e-mail... no disclaimer is > inserted. Header is OK in both. > Some additional details might help. 1. Does it *only* happen when "outlook express" is used? Perhaps you mean "only when clients connect using SMTP in a specific set of circumstances, for example from a certain network segment"... You could only say "if Outlook Express is used" if the problem didn't show up while using Eudora, Netscape, Thunderbird, etc. 2. "When SAP generates the same e-mail" could mean anything. What *exactly* do you mean by "SAP"? Is it a process that runs its own SMTP engine? Is it running on the same server? Is it coming from a segment you've asked the server not to scan? Does it connect to your SMTP server in the same way your outlook express clients do? From FStein at thehill.org Wed May 10 20:59:43 2006 From: FStein at thehill.org (Stein, Mr. Fred) Date: Wed May 10 21:00:43 2006 Subject: webbug replacement ruleset? Message-ID: Julian I have tried the fix and in early testing it appears to fix the problem. Fred Fred Stein Network Administrator The Hill School 717 E. High Street Pottstown, PA? 19464 fstein@thehill.org www.thehill.org -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Wednesday, May 10, 2006 2:01 PM To: MailScanner discussion Subject: Re: webbug replacement ruleset? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Has anyone with this problem had a chance to try this yet? I would really appreciate a fast response. Julian Field wrote: > Can you please try the attached Message.pm file instead of your > current one in 4.53. > I fixed another bug in it, and it's possible that bug affected this. > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > > On 10 May 2006, at 14:24, Jeff A. Earickson wrote: > >> Julian, >> >> I need to turn off this web bug replacement option because the howls >> are growing louder and more numerous. How to operate like before >> 4.53.8? Just set >> >> Web Bug Replacement = >> >> ie, nothing after the equals? >> >> Jeff Earickson >> Colby College >> >> On Wed, 10 May 2006, Julian Field wrote: >> >>> Date: Wed, 10 May 2006 08:37:39 +0100 >>> From: Julian Field >>> Reply-To: MailScanner discussion >>> To: MailScanner discussion >>> Subject: Re: webbug replacement ruleset? >>> On 9 May 2006, at 21:27, Jeff A. Earickson wrote: >>> >>>> Julian, >>>> I got a howl from a user that her mailings from savedsearches@ebay.com >>>> now comes sans pictures of the items that she is shopping for. I >>>> suspect the new Web Bug Replacement feature. I would like to do a >>>> ruleset here. Would this work? >>>> #---don't do webbug replacement on selected sites >>>> From: savedsearches@ebay.com no >>>> # >>>> #---do replacement on everything else >>>> FromorTo: default >>>> http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif >>> >>> No, you would want FromorTo: Default yes >>> The option takes either yes or no values, so that's what the ruleset >>> must feed it. >>> >>> Unless Ebay have screwed up their image size attributes in the img >>> tag, MailScanner shouldn't be clobbering these images. >>> >>> Is anyone else receiving reports of this problem? >>> --Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> --This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> MailScanner thanks transtec Computers for their support. >>> >>> --MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > --Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGIqaxH2WUcUFbZUEQJlhQCgvKbTbvHMqPh5fSxd0BbOLOOrp44AoNGO j94RGDTzMepozlVC2ss2v9T7 =iJwU -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From maillists at conactive.com Wed May 10 21:31:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed May 10 21:31:41 2006 Subject: Spam with the bodytext in a image In-Reply-To: <8f54b4330605100818n677ac64hf12d1defcba41e84@mail.gmail.com> References: <8f54b4330605100818n677ac64hf12d1defcba41e84@mail.gmail.com> Message-ID: Nathan Olson wrote on Wed, 10 May 2006 10:18:01 -0500: > Are you using SA 3.1.1? I show no updates for 3.1.0 Yes, you need 3.1.1 to get any updates. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From ugob at camo-route.com Wed May 10 22:02:36 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Wed May 10 22:04:54 2006 Subject: MailScanner ANNOUNCE: Stable 4.53.6 released References: <4455D428.6020502@ecs.soton.ac.uk> Message-ID: Julian Field wrote in news:4455D428.6020502@ecs.soton.ac.uk: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have just released the May release of MailScanner, version 4.53.6. > > - - Support for numerical IP addresses in phishing.safe.sites.conf. > Using this, entire servers can be whitelisted with one entry, removing > the need to add every domain provided by that server. Would it be easy for you julian to add a config that allow to whitelist an IP but in the URLS, for the "Also Find Numeric Phishing = " setting., so that we can jut put an IP address there and the phishing net will not trigger an alert when this IP is in the URL in a message? Thanks, Ugo From nick.smith67 at googlemail.com Wed May 10 22:16:36 2006 From: nick.smith67 at googlemail.com (Nick Smith) Date: Wed May 10 22:16:38 2006 Subject: Mishandling multi-line ISO encoded subject headers In-Reply-To: References: Message-ID: OK - so it's rather sad to reply to your own post, but I've written a patch against Postfix.pm which seems to fix this issue (in the limited amount of testing I've done) What it does is to extend the Subject: header extraction handling in the ReadQf subroutine I referred to previously: if ($recdata =~ /^Subject:\s*(\S.*)?$/i) { $message->{subject} = $1; next; } ...so that now it handles the case where Subject: is multiple folded lines. It uses a flag to know when it's hit a Subject: header and assumes that any following line is a continuation of the subject until it finds a line that does not begin with whitespace For each continuation line it finds like this it will strip off a single leading whitespace (because the leading whitespace is denoting the fold and is not part of the subject) and concatenate to the previous contents of the Subject: I think it's safe, because come what may we should always find at least a Message-ID: header after the Subject: with Postfix and this should be sufficient to turn off the flag As I said, I have done limited testing with this patch and all my scenarios are working now including both those which were working previously and those that were broken The thing which still confuses me is how any of it worked before if this really was the issue In any case, I'd appreciate it if the MS developers would review this patch and either apply it as-is or modify as they see fit - if of course it is agreed that this is/was a problem to begin with Thanks Nick On 5/10/06, Nick Smith wrote: > Hi, > > MS 4.53.8, Postfix 2.2.10 > > I have a big problem right now with MailScanner apparently mangling some > (but not all) multi-line folded Subject headers - typically those containing > ISO encoded subjects for multi-byte character sets. Consider these two > examples: > > Subject: =?iso-2022-jp?B?GyRCJCIkIiQiJCIkIiQiJCIkIiQiJCIkIiQiJCIbKEIgYWFhYWFhYQ==?= > =?iso-2022-jp?B?YSAbJEIkIiQiJCIkIiQiJCIkIiQiJCIkIhsoQg==?= > > Subject: =?iso-2022-jp?B?GyRCJCIkIiQiJCIkIiQiJCIkIiQiJCIkIiQiGyhCIGFhYWFhYWFhIA==?= > =?iso-2022-jp?B?GyRCJCIkIiQiJCIkIiQiJCIkIiQiJCIbKEI=?= > > The first one is an ISO-2022-JP encoded representation of 13 Japanese > double-byte "a" followed by a single space, 8 lower case ASCII "a", another > single space and finally 10 more Japanese double-byte "a". > > The second is identical, except one of the 13 double-byte "a" has been > removed so there are only 12 > > Given that the first character of the second line in each example is a > space, they ought to be treated as a single header per RFC822's folded > header specification > > The weird part is that the first example works, shows up unchanged in the > user's mailbox, and the Subject: header looks exactly as it did when it was > sent while the shorter second one gets broken. What shows up in the user's > mailbox (and the headers) is a decoded version of just the first line - > which looks like this: > > Subject: ^[$B$"$"$"$"$"$"$"$"$"$"$"$"^[(B aaaaaaaa > > MailScanner running with Sendmail does not seem to experience this problem, > and neither does Postfix running without MailScanner so it looks to be > something to do with MailScanner's Postfix-specific code > > I did notice whilst digging in MailScanner's Postfix.pm that maybe the > complete handling of folded Subject: headers is not implemented - for > example lines 449-452: > > if ($recdata =~ /^Subject:\s*(\S.*)?$/i) { > $message->{subject} = $1; > next; > } > > This doesn't seem to handle the case where Subject: is on more than one > line, and will result in $message->{subject} containing only the first line > of a folded Subject: > > Clearly this is not the whole story and an incomplete $message->{subject} is > not enough to kill it every time because otherwise it would never work with > a folded subject at all - as I said previously, the longer example above > does work OK as do many other folded subject headers. > > Unfortunately, this is causing quite a big problem - it would be great if > somebody could suggest a fix. Failing a proper fix, is there any way to > modify the existing header_check: > > /^Received:/ HOLD > > ...so that it will exclude messages with (for example) /^Subject: > =*iso-2022-jp/ - that way I could maybe have these messages bypass MS for > the time being > > Thanks > > Nick > -------------- next part -------------- A non-text attachment was scrubbed... Name: ms-4.58.8-pfsubject.patch Type: application/octet-stream Size: 1316 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060510/89c31e00/ms-4.58.8-pfsubject.obj From kwang at ucalgary.ca Thu May 11 00:05:33 2006 From: kwang at ucalgary.ca (Kai Wang) Date: Thu May 11 00:05:42 2006 Subject: hostname variable is cleared when MailScanner setuid to postfix Message-ID: <446271BD.1090504@ucalgary.ca> Greetings. We are running MailScanner with postfix. We want to set MailScanner variable Hostname to be environment variable $HOSTNAME. We use MailScanner Hostname variable in our reports. However, when MailScanner switching to postfix, the environment variable is cleared. We have a few such machines and want to use the same MailScanner.conf file. Does anybody know how to keep that variable? Thanks -- Kai Wang System Services Information Technologies, University of Calgary, 2500 University Drive, N.W., Calgary, Alberta, Canada T2N 1N4 Phone (403) 220-2423, Fax (403) 282-9361 From nauman at worldcall.net.pk Thu May 11 07:42:24 2006 From: nauman at worldcall.net.pk (Muhammad Nauman) Date: Thu May 11 07:42:56 2006 Subject: Mail Server's BackUp Tool ? References: <446271BD.1090504@ucalgary.ca> Message-ID: <001a01c674c6$14d68eb0$23c051cb@noc> Hello there All, This seams to be one great helping Forum 4 me - thankx 2 All. 1. After making a Good Stable Mailing Server - i m now looking for Good Procedure to Maintain My Mails Backup. In case i lost my DISK - due to crash or any other reason - i may have a system saving my mail . 2. And Can i take Image of My - Installed and Configured OS at some place toooo ? so that - I do'nt have to do all the configuration again and again ? Thankx in advace -- This message has been scanned for viruses and dangerous content by WorldCall Scanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu May 11 08:21:27 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 11 08:21:46 2006 Subject: MailScanner ANNOUNCE: Stable 4.53.6 released In-Reply-To: References: <4455D428.6020502@ecs.soton.ac.uk> Message-ID: On 10 May 2006, at 22:02, Ugo Bellavance wrote: > Julian Field wrote in > news:4455D428.6020502@ecs.soton.ac.uk: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I have just released the May release of MailScanner, version 4.53.6. > > > >> >> - - Support for numerical IP addresses in phishing.safe.sites.conf. >> Using this, entire servers can be whitelisted with one entry, >> removing >> the need to add every domain provided by that server. > > Would it be easy for you julian to add a config that allow to > whitelist an > IP but in the URLS, for the "Also Find Numeric Phishing = " > setting., so > that we can jut put an IP address there and the phishing net will not > trigger an alert when this IP is in the URL in a message? Have you tried it? I thought you already could do that. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu May 11 08:34:06 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 11 08:34:40 2006 Subject: Mishandling multi-line ISO encoded subject headers In-Reply-To: References: Message-ID: The patch looks okay. I have re-phrased it a tiny bit, and it could still be optimised a bit, but it looks good otherwise. It will be in the next release. Thanks! On 10 May 2006, at 22:16, Nick Smith wrote: > OK - so it's rather sad to reply to your own post, but I've written a > patch against Postfix.pm which seems to fix this issue (in the limited > amount of testing I've done) > > What it does is to extend the Subject: header extraction handling in > the ReadQf subroutine I referred to previously: > > if ($recdata =~ /^Subject:\s*(\S.*)?$/i) { > $message->{subject} = $1; > next; > } > > ...so that now it handles the case where Subject: is multiple folded > lines. It uses a flag to know when it's hit a Subject: header and > assumes that any following line is a continuation of the subject until > it finds a line that does not begin with whitespace > > For each continuation line it finds like this it will strip off a > single leading whitespace (because the leading whitespace is denoting > the fold and is not part of the subject) and concatenate to the > previous contents of the Subject: > > I think it's safe, because come what may we should always find at > least a Message-ID: header after the Subject: with Postfix and this > should be sufficient to turn off the flag > > As I said, I have done limited testing with this patch and all my > scenarios are working now including both those which were working > previously and those that were broken > > The thing which still confuses me is how any of it worked before if > this really was the issue > > In any case, I'd appreciate it if the MS developers would review this > patch and either apply it as-is or modify as they see fit - if of > course it is agreed that this is/was a problem to begin with > > Thanks > > Nick > > On 5/10/06, Nick Smith wrote: >> Hi, >> >> MS 4.53.8, Postfix 2.2.10 >> >> I have a big problem right now with MailScanner apparently >> mangling some >> (but not all) multi-line folded Subject headers - typically those >> containing >> ISO encoded subjects for multi-byte character sets. Consider these >> two >> examples: >> >> Subject: =?iso-2022-jp?B? >> GyRCJCIkIiQiJCIkIiQiJCIkIiQiJCIkIiQiJCIbKEIgYWFhYWFhYQ==?= >> =?iso-2022-jp?B?YSAbJEIkIiQiJCIkIiQiJCIkIiQiJCIkIhsoQg==?= >> >> Subject: =?iso-2022-jp?B? >> GyRCJCIkIiQiJCIkIiQiJCIkIiQiJCIkIiQiGyhCIGFhYWFhYWFhIA==?= >> =?iso-2022-jp?B?GyRCJCIkIiQiJCIkIiQiJCIkIiQiJCIbKEI=?= >> >> The first one is an ISO-2022-JP encoded representation of 13 Japanese >> double-byte "a" followed by a single space, 8 lower case ASCII >> "a", another >> single space and finally 10 more Japanese double-byte "a". >> >> The second is identical, except one of the 13 double-byte "a" has >> been >> removed so there are only 12 >> >> Given that the first character of the second line in each example >> is a >> space, they ought to be treated as a single header per RFC822's >> folded >> header specification >> >> The weird part is that the first example works, shows up unchanged >> in the >> user's mailbox, and the Subject: header looks exactly as it did >> when it was >> sent while the shorter second one gets broken. What shows up in >> the user's >> mailbox (and the headers) is a decoded version of just the first >> line - >> which looks like this: >> >> Subject: ^[$B$"$"$"$"$"$"$"$"$"$"$"$"^[(B aaaaaaaa >> >> MailScanner running with Sendmail does not seem to experience this >> problem, >> and neither does Postfix running without MailScanner so it looks >> to be >> something to do with MailScanner's Postfix-specific code >> >> I did notice whilst digging in MailScanner's Postfix.pm that maybe >> the >> complete handling of folded Subject: headers is not implemented - for >> example lines 449-452: >> >> if ($recdata =~ /^Subject:\s*(\S.*)?$/i) { >> $message->{subject} = $1; >> next; >> } >> >> This doesn't seem to handle the case where Subject: is on more >> than one >> line, and will result in $message->{subject} containing only the >> first line >> of a folded Subject: >> >> Clearly this is not the whole story and an incomplete $message-> >> {subject} is >> not enough to kill it every time because otherwise it would never >> work with >> a folded subject at all - as I said previously, the longer example >> above >> does work OK as do many other folded subject headers. >> >> Unfortunately, this is causing quite a big problem - it would be >> great if >> somebody could suggest a fix. Failing a proper fix, is there any >> way to >> modify the existing header_check: >> >> /^Received:/ HOLD >> >> ...so that it will exclude messages with (for example) /^Subject: >> =*iso-2022-jp/ - that way I could maybe have these messages bypass >> MS for >> the time being >> >> Thanks >> >> Nick >> >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From a.peacock at chime.ucl.ac.uk Thu May 11 08:53:21 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu May 11 08:53:42 2006 Subject: MailWatch Stops logging sascore & sareport In-Reply-To: References: <44605671.8080708@chime.ucl.ac.uk> <446095BD.6060401@chime.ucl.ac.uk> <4460BDD7.8020206@chime.ucl.ac.uk> Message-ID: <4462ED71.1050007@chime.ucl.ac.uk> Hi Scott, Scott Silva wrote: > Anthony Peacock spake the following on 5/9/2006 9:05 AM: >> Hi, >> >> So much for that theory! It starting going wrong again this afternoon, >> so that was just a matter of hours since the last restart. >> >> I missed it starting to go wrong so couldn't really catch any idea of >> what was happening at the time. >> >> A stop and restart of MailScanner fixes the problem. >> >> I will keep looking into this and will post if I find out anything further. >> > You could turn the MailScanner restart time down to a few hours for now, just > to keep it functioning until you find the problem. Thanks for your suggestion, I am back in the office after having to take yesterday off. I will consider this when I get back into looking into this problem. One positive is that it had stopped logging sascore again since I last looked at it on Tuesday. So it looks like it is failing more quickly than before, so I should be able to switch on DBItrace and wait for it to fail. MailScanner is correctly marking emails and they are being filtered correctly. It is only that MailWatch suddenly starts logging sascore and sareport as NULL, all other values are logged correctly. I did try turning off the SpamAssassin score cache to see it it was a problem with that, but it failed with that as well. I will report back to the list if I discover anything more. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From martinh at solid-state-logic.com Thu May 11 09:09:15 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu May 11 09:09:26 2006 Subject: Critical Vulnerability in Sophos In-Reply-To: Message-ID: <00ef01c674d2$31a15a50$3004010a@martinhlaptop> Jeff Thanks for the heads up on this one....latest versions (4.05 for those of us still using the 'old' versions of Sophos) fix the issue. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jeff A. Earickson > Sent: 10 May 2006 20:23 > To: mailscanner mailing list > Subject: Critical Vulnerability in Sophos > > Gang, > > See the following and act accordingly: > > http://www.incidents.org/diary.php?storyid=1325 > > Fortunately, CAB files are already in Julian's > filenames.rules.conf deny list. > > Jeff Earickson > Colby College > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Thu May 11 09:15:31 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu May 11 09:15:41 2006 Subject: Mail Server's BackUp Tool ? In-Reply-To: <001a01c674c6$14d68eb0$23c051cb@noc> Message-ID: <00f001c674d3$12142770$3004010a@martinhlaptop> Hi Depends on what files you want to backup... I backup my MailScanner machine with Amanda (www.amanda.org) and make sure all my O/S is documented so I can do a bare metal restore fairly quickly. Depending on quickly you need to restore the service I'd look at RAID ed disks and possibly a clustering of MailScanner hosts. There's also some nice tools for sending out an O/S config to machines - there was a recent Slashdot question on that, have a look at some of the tools mentioned there. Think risks, what are risks, what's the impact of that risk happening (along with timescales - a 5 minute outage might not have big impact but a 2 week may have a larger ramification), what is the likelihood of the risk (theft might be low, but disk failure could be high) then think of the appropriate controls (procedures and technologies) to reduce that risk. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Muhammad Nauman > Sent: 11 May 2006 07:42 > To: MailScanner discussion > Subject: Mail Server's BackUp Tool ? > > Hello there All, > > This seams to be one great helping Forum 4 me - thankx 2 All. > > 1. After making a Good Stable Mailing Server - i m now looking for Good > Procedure to Maintain My Mails Backup. > > In case i lost my DISK - due to crash or any other reason - i may have > a > system saving my mail . > > > 2. And Can i take Image of My - Installed and Configured OS at some place > toooo ? > > so that - I do'nt have to do all the configuration again and again ? > > Thankx in advace > > > > -- > This message has been scanned for viruses and > dangerous content by WorldCall Scanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From nauman at worldcall.net.pk Thu May 11 09:39:22 2006 From: nauman at worldcall.net.pk (Muhammad Nauman) Date: Thu May 11 09:39:37 2006 Subject: Mail Server's BackUp Tool ? References: <00f001c674d3$12142770$3004010a@martinhlaptop> Message-ID: <014401c674d6$6c0cf650$23c051cb@noc> How About - Taking Backup on the same machine - but a different hard disk . rsync - or incremental backup - sort of procedure but so far - as i m using the best tools in the garden - i want a good tool 4 this too . i will be keeping my original mails on a SCSI and will be taking their daily backup ( twice or thrice a day ) on the same machine on a SATA HD. which tool can be used here ? any suggestions on this > Hi > > Depends on what files you want to backup... > > I backup my MailScanner machine with Amanda (www.amanda.org) and make sure > all my O/S is documented so I can do a bare metal restore fairly quickly. > >> Thankx in advace >> >> -- This message has been scanned for viruses and dangerous content by WorldCall Scanner, and is believed to be clean. From nauman at worldcall.net.pk Thu May 11 09:49:26 2006 From: nauman at worldcall.net.pk (Muhammad Nauman) Date: Thu May 11 09:49:38 2006 Subject: Best Way to Control Relaying? References: <00f001c674d3$12142770$3004010a@martinhlaptop> Message-ID: <014f01c674d7$d0d97260$23c051cb@noc> Hi I m using Sendmail 8.13.5 MailScanner 4.50.15-1 ClamAV-0.88.2 Mail-SpamAssassin-3.1.1 and i m relaying my User - using the access featur in sendmail -with file : /etc/mail/access We have quite a lot of users , and some of the residential user are unaware that their system is been used for spamming. Also some of our clients do it on purpose , but they usually use some other ID but as they are allowed to Relay - they just ENJOY It . I want to Bring them Down . Is there any way that - they simply are drop coz they are out of my domain !!! any explained HELP will be greatful. Thankx in advance Nauman -- This message has been scanned for viruses and dangerous content by WorldCall Scanner, and is believed to be clean. From lars+lister.mailscanner at adventuras.no Thu May 11 12:40:30 2006 From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen) Date: Thu May 11 12:41:08 2006 Subject: Mail Server's BackUp Tool ? In-Reply-To: <014401c674d6$6c0cf650$23c051cb@noc> References: <00f001c674d3$12142770$3004010a@martinhlaptop> <014401c674d6$6c0cf650$23c051cb@noc> Message-ID: <446322AE.5030503@adventuras.no> Muhammad Nauman wrote: > How About - Taking Backup on the same machine - but a different hard > disk . A good advice would be to have backups available in another building at least. And also rotate older backups in a third place. That would give some protection in case of fire, water leakage, malicious behaviour and/or a few other catastrophes. -- Regards from Lars From maillists at conactive.com Thu May 11 13:24:14 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu May 11 13:24:36 2006 Subject: Bug in sa-update script and other small things Message-ID: 1. There's a bug in the sa-update script from May 8. The $Disabled stuff has been taken over from the perl scripts and therefore throws an error. Correct version: --------------- Disabled=1 if [ $Disabled -eq 1 ]; then exit fi --------------- Btw: is this file getting replaced with a new version if it exists or only placed there if non-existant? (Replacement would change the Disabled setting). Same question for clean_quarantine. 2. the default path for gunzip given as /usr/bin/gunzip is not the default on Red Hat or SuSE, it's /bin/gunzip. I suggest changing this since these are the main targeted platforms it seems. 3. could we somehow stop adding the mailscanner.conf symlink to /etc/mail/spamassassin with each upgrade? I have to remove it each time and easily forget that. 4. is there a chance you list upgraded perl src.rpms in a file so one can easily see which ones are new? I really don't see much sense in installing the whole bunch of src.rpms time and again with each upgrade and mostly just upgrade the mailscanner.rpm. But I check with the older directory if there are any newer Perl rpm versions and build and install these if I don't have them already. I think there's also something wrong with the detection of already existing versions, so that rpms get built and installed although that rpm is already on board with a newer version. (I don't mean the ones -MIME-Base64, MIME-Tools- where it says "I'm sorry I have to force this - btw: I have been running MailScanner just fine with the regular MIME-Base64 or the CPANed one in the past.) It might be helpful to have more command-line parameters for install.sh, f.i. "noperl" for not installing any of the packaged Perl rpms and "onlyforcedperl" for only installing those Perl rpms that are installed anyway. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From pz at christ-net.sk Thu May 11 13:36:22 2006 From: pz at christ-net.sk (Peter Zimen) Date: Thu May 11 13:36:37 2006 Subject: dont see any processes Message-ID: <29234BC8-8F4F-4FF4-B01D-2A4AE1B92E68@christ-net.sk> Hello, where is problem. Mail Scanner normal start via service,scan emails, but i dont see it in process list (ps axu). Every hour is "started" via cron... MS is on RedHat9 linux. Last version. Peter From andoni.auzmendi at robertwalters.com Thu May 11 13:40:47 2006 From: andoni.auzmendi at robertwalters.com (Andoni Auzmendi) Date: Thu May 11 13:41:30 2006 Subject: dont see any processes Message-ID: <1A8B0BB098059B42BCFF0EB7E2E62FD065C02B@PAT.internal.robertwalters.com> Check in the /var/log/maillog for any errors. Andoni -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter Zimen Sent: 11 May 2006 13:36 To: MailScanner discussion Subject: dont see any processes Hello, where is problem. Mail Scanner normal start via service,scan emails, but i dont see it in process list (ps axu). Every hour is "started" via cron... MS is on RedHat9 linux. Last version. Peter -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** From jaearick at colby.edu Thu May 11 13:38:58 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu May 11 13:44:52 2006 Subject: webbug replacement ruleset? In-Reply-To: <44622A69.9000003@ecs.soton.ac.uk> References: <44622A69.9000003@ecs.soton.ac.uk> Message-ID: Julian, The Message.pm you put out yesterday has mollified the angry mobs at my site. Many Thanks! Jeff Earickson Colby College On Wed, 10 May 2006, Julian Field wrote: > Date: Wed, 10 May 2006 19:01:13 +0100 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: webbug replacement ruleset? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Has anyone with this problem had a chance to try this yet? I would > really appreciate a fast response. > > Julian Field wrote: >> Can you please try the attached Message.pm file instead of your >> current one in 4.53. >> I fixed another bug in it, and it's possible that bug affected this. From pz at christ-net.sk Thu May 11 13:55:05 2006 From: pz at christ-net.sk (Peter Zimen) Date: Thu May 11 13:55:20 2006 Subject: dont see any processes In-Reply-To: <1A8B0BB098059B42BCFF0EB7E2E62FD065C02B@PAT.internal.robertwalters.com> References: <1A8B0BB098059B42BCFF0EB7E2E62FD065C02B@PAT.internal.robertwalters.com> Message-ID: Absolute no errors. May 11 14:54:44 mail postfix/master[8242]: daemon started -- version 2.1.1 May 11 14:54:46 mail MailScanner[8264]: MailScanner E-Mail Virus Scanner version 4.53.8 starting... May 11 14:54:46 mail MailScanner[8264]: Read 717 hostnames from the phishing whitelist May 11 14:54:47 mail MailScanner[8264]: Using SpamAssassin results cache May 11 14:54:47 mail MailScanner[8264]: Connected to SpamAssassin cache database May 11 14:54:47 mail MailScanner[8264]: Expired 2 records from the SpamAssassin cache May 11 14:54:47 mail MailScanner[8264]: Enabling SpamAssassin auto- whitelist functionality... May 11 14:54:48 mail MailScanner[8264]: Using locktype = flock On 11.5.2006, at 14:40, Andoni Auzmendi wrote: > Check in the /var/log/maillog for any errors. > > Andoni > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter > Zimen > Sent: 11 May 2006 13:36 > To: MailScanner discussion > Subject: dont see any processes > > Hello, > where is problem. Mail Scanner normal start via service,scan emails, > but i dont see it in process list (ps axu). > > Every hour is "started" via cron... > > MS is on RedHat9 linux. Last version. > > Peter > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote also confirms that this email message has been swept by > MIMEsweeper for the presence of computer viruses. > > www.mimesweeper.com > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From campbell at cnpapers.com Thu May 11 14:09:27 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Thu May 11 14:10:09 2006 Subject: Mail Server's BackUp Tool ? References: <446271BD.1090504@ucalgary.ca> <001a01c674c6$14d68eb0$23c051cb@noc> Message-ID: <008a01c674fc$221a5710$0705000a@DDF5DW71> ----- Original Message ----- From: "Muhammad Nauman" To: "MailScanner discussion" Sent: Thursday, May 11, 2006 2:42 AM Subject: Mail Server's BackUp Tool ? > Hello there All, > > This seams to be one great helping Forum 4 me - thankx 2 All. > > 1. After making a Good Stable Mailing Server - i m now looking for Good > Procedure to Maintain My Mails Backup. > > In case i lost my DISK - due to crash or any other reason - i may have a > system saving my mail . > > > 2. And Can i take Image of My - Installed and Configured OS at some place > toooo ? > > so that - I do'nt have to do all the configuration again and again ? > > Thankx in advace > > > > -- > This message has been scanned for viruses and > dangerous content by WorldCall Scanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! All of the suggestions I've read so far are very sound, and worth investigating. If you were referring to new incoming mail in part 1, then a gateway of some type in front of your mailbox hub would take care of a mailbox hub failure. If the gateway failed, a secondary MX that points to the mailbox hub would take care of the gateway failure. If you were referring to delivered mail, I would agree with the amanda suggestion. But this only works for delivered mail that was existent when amanda was ran. Determine how much time-wise you could afford to lose in delivered mail (of course the last email delivered before the crash is always the most important and you never recover that one) and run something like rsync from cron to backup the mailboxes. If you feel that a half an hour is the most you could afford, run rsync once every half an hour. For part 2, I use mondo. Mondo can make a bare metal set of ISO files and either save them to disk or burn them immediately. I use the images options and move them to another NAS device. If I need them, I upload them and burn them, then just boot from the first image on CD/DVD and nuke the machine. This will restore the machine to the state it was at the time of running mondo (complete OS and everything). I can then use the rsync images to restore to within the time frame I set in cron or use amanda. As far as off-site storage, here in the US, this usually gives us better insurance rates, so this is something you need to consider. All of the options above can transfer the images natively (without extra apps) to a site elsewhere. Just make sure you have whatever you need extract the images at the other site (for instance, a CD burner for the mondo ISOs). I don't think you can ever plan for a complete recovery in hardware failures unless you have a lot of hardware and redundancy everywhere, but you can minimize the losses. I'm also sure I've overlooked something. Steve Campbell campbell@cnpapers.com Charleston Newspapers From mailscanner at lists.com.ar Thu May 11 14:27:29 2006 From: mailscanner at lists.com.ar (Leonardo Helman) Date: Thu May 11 14:27:57 2006 Subject: zmailer performance improvement Message-ID: <20060511132728.GA22724@pert.com.ar> Hi, I've been working on the zmailer part (and several things I encountered on the way) I've been working on the MailScanner-4.54.1 version I'm attaching a patch (if you prefer any other format, please let me know) Here is a ChangeLog * ZMailer: Queue files access optimization * ZMailer: New ReadMessageHandle function, to be used in Message::Explode optimization like other MTA's * Message.pm unused variables cleanup * Moved chunks of code about MTA internal files to the *DiskStores.pm * Adding of uba.ar and educ.ar to country.domains.conf There should be an esc.edu.ar also, but I will not add it without checking that part of the code. For a more detailed discussion look http://article.gmane.org/gmane.mail.spam.rbl.surbl/2718 * The perl module Filesys::Df it's actualy not used. I remove it from MailScanner (not from the installer) There is a little bug I've moved (not corrected) that you may fix quicker than me. In Message.pm, there are a few occurrences of $this->{dpath} but * dpath is an mta internal file (so Message.pm, should not know nothing about) * $this->{dpath} is always false because is never defined in this object. So, each time a "$this->{dpath}" appears, I change it for store->spaceAvailable and every time a "$this->{dpath}" is used in a "print" was changed for getDataFilename I added spaceAvailable and getDataFilename to each *DiskStores.pm. But $this->{dpath} IN store is always true, so there should be a change in the way it works after the patch: unless( $this->{dpath} ) {} # $this->{dpath} is not defined, so it will always enter the block before the patch: unless( $this->{store}->spaceAvailable() ) {} # This returns $this->{dpath} (of the store) witch is always true, so it will never enter the block I also have a patch for breaking a mail into several mails each one with recipients with similar actions. I remember seeing that question for certain mailers sometimes on the list but I'll have to work a little on that patch to addapt it to the newer MailScanners Saludos -- Leonardo Helman Pert Consultores Argentina -------------- next part -------------- diff -Naur MailScanner-4.54.1.ORIG/bin/MailScanner MailScanner-4.54.1/bin/MailScanner --- MailScanner-4.54.1.ORIG/bin/MailScanner Mon May 8 18:39:57 2006 +++ MailScanner-4.54.1/bin/MailScanner Wed May 10 12:28:48 2006 @@ -63,7 +63,6 @@ use IO::Handle; use Getopt::Long; use Time::HiRes qw ( time ); -use Filesys::Df; use MailScanner::Config; use MailScanner::CustomConfig; use MailScanner::GenericSpam; @@ -162,7 +161,7 @@ # Are we just printing version numbers and exiting? if ($Versions) { - my @Modules = qw/AnyDBM_File Archive::Zip Carp Convert::BinHex Convert::TNEF Data::Dumper DirHandle Fcntl File::Basename File::Copy FileHandle File::Path File::Temp Filesys::Df HTML::Entities HTML::Parser HTML::TokeParser IO IO::File IO::Pipe Mail::ClamAV Mail::Header Mail::SpamAssassin MIME::Base64 MIME::Decoder MIME::Decoder::UU MIME::Head MIME::Parser MIME::QuotedPrint MIME::Tools MIME::WordDecoder Net::CIDR POSIX SAVI Socket Sys::Syslog Time::HiRes Time::localtime/; + my @Modules = qw/AnyDBM_File Archive::Zip Carp Convert::BinHex Convert::TNEF Data::Dumper DirHandle Fcntl File::Basename File::Copy FileHandle File::Path File::Temp HTML::Entities HTML::Parser HTML::TokeParser IO IO::File IO::Pipe Mail::ClamAV Mail::Header Mail::SpamAssassin MIME::Base64 MIME::Decoder MIME::Decoder::UU MIME::Head MIME::Parser MIME::QuotedPrint MIME::Tools MIME::WordDecoder Net::CIDR POSIX SAVI Socket Sys::Syslog Time::HiRes Time::localtime/; my @Optional = qw#Convert/TNEF.pm DB_File.pm DBD/SQLite.pm DBI.pm Digest.pm Digest/HMAC.pm Digest/MD5.pm Digest/SHA1.pm Inline.pm Mail/ClamAV.pm Mail/SpamAssassin.pm Mail/SPF/Query.pm Net/CIDR/Lite.pm Net/DNS.pm Net/LDAP.pm Parse/RecDescent.pm SAVI.pm Sys/Hostname/Long.pm Test/Harness.pm Test/Simple.pm Text/Balanced.pm URI.pm#; my($module, $s, $v, $m); diff -Naur MailScanner-4.54.1.ORIG/etc/country.domains.conf MailScanner-4.54.1/etc/country.domains.conf --- MailScanner-4.54.1.ORIG/etc/country.domains.conf Wed Apr 12 06:45:21 2006 +++ MailScanner-4.54.1/etc/country.domains.conf Wed May 10 11:03:28 2006 @@ -43,11 +43,13 @@ org.am com.ar edu.ar +educ.ar gov.ar int.ar mil.ar net.ar org.ar +uba.ar e164.arpa in-addr.arpa ip6.arpa diff -Naur MailScanner-4.54.1.ORIG/lib/MailScanner/EximDiskStore.pm MailScanner-4.54.1/lib/MailScanner/EximDiskStore.pm --- MailScanner-4.54.1.ORIG/lib/MailScanner/EximDiskStore.pm Wed Apr 12 06:45:15 2006 +++ MailScanner-4.54.1/lib/MailScanner/EximDiskStore.pm Tue May 9 16:54:49 2006 @@ -589,4 +589,23 @@ # $this->{hpath} . "\" \"$dir\""); #} +# PERT-LEOH 2006/05/09 Julian Field said dpath should be unset when +# the disk is full (I couldn't find where) +# The idea is that this function returns false if there was some kind +# of problem with the space +sub spaceAvailable { + my $this= shift; + + return $this->{dpath}; +} + +# PERT-LEOH 2006/05/09 This function must return a printable name for +# the data file, it should be here because not all the mailers use dpath +sub getDataFilename { + my $this= shift; + + return $this->{dpath}; +} + + 1; diff -Naur MailScanner-4.54.1.ORIG/lib/MailScanner/Message.pm MailScanner-4.54.1/lib/MailScanner/Message.pm --- MailScanner-4.54.1.ORIG/lib/MailScanner/Message.pm Fri May 5 09:54:12 2006 +++ MailScanner-4.54.1/lib/MailScanner/Message.pm Tue May 9 16:44:25 2006 @@ -177,9 +177,9 @@ my $type = shift; my($id, $queuedirname, $fake) = @_; my $this = {}; - my ($queue, $workarea, $mta, $hpath, $dpath, $addr, $user, $domain); + # PERT-LEOH: 2006/05/09 Cleanup of unused variables: queue, workarea, hpath, dpath hfile + my ($mta, $addr, $user, $domain); my ($archiveplaces); - my $hfile = new FileHandle; #print STDERR "Creating message $id\n"; @@ -1431,7 +1431,7 @@ # The whole parsing thing is totally different for sendmail & Exim for speed. # Many thanks for those who know themselves for this great improvement! - if (MailScanner::Config::Value('mta') =~ /sendmail|exim|postfix/i) { + if (MailScanner::Config::Value('mta') =~ /sendmail|exim|postfix|zmailer/i) { # # This is for sendmail and Exim systems @@ -1454,7 +1454,10 @@ close($handle); if (!$entity && !MIME::Entity::MailScannerCounter()>=$maxparts) { - unless ($this->{dpath}) { + # PERT-LEOH: 2006/05/09 We do not always have dpath file, so we ask to + # the store if it ran out of disk space (besides dpath + # is never set in $this) + unless ($this->{store}->spaceAvailable()) { # It probably ran out of disk space, drop this message from the batch MailScanner::Log::WarnLog("Failed to create message structures for %s" . ", dropping it from the batch", $this->{id}); @@ -1464,8 +1467,11 @@ return; } + # PERT-LEOH: 2006/05/09 We do not always have dpath file, so we ask to + # the store for a distinctive file name (besides dpath + # is never set in $this) MailScanner::Log::WarnLog("Cannot parse " . $this->{headerspath} . " and " . - $this->{dpath} . ", $@"); + $this->{store}->getDataFilename() . ", $@"); $this->{entity} = $entity; # In case it failed due to too many attachments $this->{cantparse} = 1; $this->{otherinfected} = 1; @@ -1514,7 +1520,10 @@ #print STDERR "Found an error!\n"; $pipe->close() if $pipe; # Don't close a pipe that failed to exist waitpid $pid, 0; - unless ($this->{dpath}) { + # PERT-LEOH: 2006/05/09 We do not always have dpath file, so we ask to + # the store if it ran out of disk space (besides dpath + # is never set in $this) + unless ($this->{store}->spaceAvailable()) { # It probably ran out of disk space, drop this message from the batch MailScanner::Log::WarnLog("Failed to create message structures for %s" . ", dropping it from the batch", $this->{id}); @@ -1524,8 +1533,11 @@ return; } + # PERT-LEOH: 2006/05/09 We do not always have dpath file, so we ask to + # the store if it ran out of disk space (besides dpath + # is never set in $this) MailScanner::Log::WarnLog("Cannot parse " . $this->{headerspath} . - " and " . $this->{dpath} . ", $@"); + " and " . $this->{store}->getDataFilename() . ", $@"); $this->{entity} = $entity;# In case it failed due to too many attachments $this->{cantparse} = 1; $this->{otherinfected} = 1; diff -Naur MailScanner-4.54.1.ORIG/lib/MailScanner/PFDiskStore.pm MailScanner-4.54.1/lib/MailScanner/PFDiskStore.pm --- MailScanner-4.54.1.ORIG/lib/MailScanner/PFDiskStore.pm Wed Apr 12 06:45:15 2006 +++ MailScanner-4.54.1/lib/MailScanner/PFDiskStore.pm Tue May 9 16:55:24 2006 @@ -668,6 +668,24 @@ return "$dir/$hdfile"; } +# PERT-LEOH 2006/05/09 Julian Field said dpath should be unset when +# the disk is full (I couldn't find where) +# The idea is that this function returns false if there was some kind +# of problem with the space +sub spaceAvailable { + my $this= shift; + + return $this->{dpath}; +} + +# PERT-LEOH 2006/05/09 This function must return a printable name for +# the data file, it should be here because not all the mailers use dpath +sub getDataFilename { + my $this= shift; + + return $this->{dpath}; +} + package Body; # Stefan Baltus, October 2003 diff -Naur MailScanner-4.54.1.ORIG/lib/MailScanner/SMDiskStore.pm MailScanner-4.54.1/lib/MailScanner/SMDiskStore.pm --- MailScanner-4.54.1.ORIG/lib/MailScanner/SMDiskStore.pm Wed Apr 12 06:45:15 2006 +++ MailScanner-4.54.1/lib/MailScanner/SMDiskStore.pm Tue May 9 16:56:05 2006 @@ -543,4 +543,22 @@ # $this->{hpath} . "\" \"$dir\""); #} +# PERT-LEOH 2006/05/09 Julian Field said dpath should be unset when +# the disk is full (I couldn't find where) +# The idea is that this function returns false if there was some kind +# of problem with the space +sub spaceAvailable { + my $this= shift; + + return $this->{dpath}; +} + +# PERT-LEOH 2006/05/09 This function must return a printable name for +# the data file, it should be here because not all the mailers use dpath +sub getDataFilename { + my $this= shift; + + return $this->{dpath}; +} + 1; diff -Naur MailScanner-4.54.1.ORIG/lib/MailScanner/ZMDiskStore.pm MailScanner-4.54.1/lib/MailScanner/ZMDiskStore.pm --- MailScanner-4.54.1.ORIG/lib/MailScanner/ZMDiskStore.pm Wed Apr 12 06:45:15 2006 +++ MailScanner-4.54.1/lib/MailScanner/ZMDiskStore.pm Wed May 10 13:59:40 2006 @@ -221,11 +221,11 @@ "message %s, %s", $message->{id}, $!); if( $this->{body}[0] eq "ORIGINAL" ) { - my $b= Body->new( $this->{hdpath} ); + my $b= Body->new( $this->{inhdhandle} ); $b->Start(); my $line; #print STDERR "originalBody\n"; - while( $line= $b->Next() ) { + while( defined ($line= $b->Next()) ) { $Tf->print($line); #print STDERR "BODY: $line"; } @@ -300,7 +300,7 @@ my $this = shift; my($body, $max) = @_; - my $b= Body->new( $this->{hdpath} ); + my $b= Body->new( $this->{inhdhandle} ); $b->Start(); my $line; if ($max) { @@ -423,38 +423,93 @@ return "$dir/$hdfile"; } + +# Writes the whole message to a handle. +# Need to be passed the message to find the headers path +# as it's not part of the DiskStore. +# PERT-LEOH: We could optimize saving file position in ReadQf, +# and accessing the queue file, directly +sub ReadMessageHandle { + my $this = shift; + my ($message, $handle) = @_; + + # Where did we start? + my $oldpos = $this->{inhdhandle}->getpos(); + + # Write the whole message in RFC822 format to the handle. + # That means 1 CR-terminated line for every N record in the file. + my $b= Body->new( $this->{inhdhandle} ); + $b->Start(1); + my $line; + #print STDERR "originalBody\n"; + while(defined($line = $b->Next())) { + print $handle $line or MailScanner::Log::DieLog("Cannot print " . $this->{hdpath} . " into handle $!, $^E" ); + #print STDERR "BODY: $line"; + } + $b->Done(); + + # rewind tmpfile to read it later + $handle->seek(0,0) or MailScanner::Log::DieLog("Cannot rewind handle $!, $^E" ); + + # rewind source files + $this->{inhdhandle}->setpos($oldpos); + + #print STDERR "Done ReadMessageHandle\n"; + return 1; +} + + +# PERT-LEOH 2006/05/09 Julian Field said dpath should be unset when +# the disk is full (I couldn't find where) +# In the case of ZMailer, I have to write it myself +# The idea is that this function returns false if there was some kind +# of problem with the space +sub spaceAvailable { + my $this= shift; + + return $this->{hdpath}; +} + +# PERT-LEOH 2006/05/09 This function must return a printable name for +# the data file, it should be here because not all the mailers use dpath +sub getDataFilename { + my $this= shift; + + return $this->{hdpath}; +} + package Body; use FileHandle; sub new { my $type = shift; - my ( $hdpathname )=@_; + my ( $handle )=@_; my $self=(); - my $handle= new FileHandle "<$hdpathname"; if( defined $handle ) { - $self={ _hdpathname => $hdpathname, + $self={ _handle => $handle, _startpos => -1 }; bless $self, $type; } else { - MailScanner::Log::DieLog("Cannot open %s, %s", - $hdpathname, $!); + MailScanner::Log::DieLog("Cannot open handle, %s", $!); } return $self; } sub Start { - my ( $this )=@_; + my ( $this, $entiremessage )=@_; if( $$this{_startpos} == -1 ) { + seek $$this{_handle}, 0, 0; # reset the handle my $InHeader = 0; #print STDERR "Start\n"; + #TODO: OPTIMIZATION: Save startpos to header/body beginning in ReadQf, so we don't have to search it every time while($_=$$this{_handle}->getline) { #print STDERR "Start LEIDO: $_"; chomp; # Chomp everything now. We can easily add it back later. - s/\015/ /g; # Sanitise everything by removing all embedded s - if ( /^env-end$|^env-eof$/i ) { # The envelope ends here, starting hdr + if ( /^env-end\015?$|^env-eof\015?$/i ) { # The envelope ends here, starting hdr + last if ($entiremessage); $InHeader=1; #print STDERR "InHeader\n"; next; From jaearick at colby.edu Thu May 11 15:21:47 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu May 11 15:24:12 2006 Subject: any MAPS RBL+ subscribers out there? Message-ID: Gang, Is any MailScanner site a paid MAPS RBL+ subscriber? Colby has been a MAPS customer for nearly 5 years, and it has been a solid performer for us as an MTA spam-rejection filter (we also use sbl-xbl.spamhaus.org in sendmail too). Our previous payment to Kelkea was $145.00 per year. Trend Micro (new owner) just dropped a $1500.00 quote on us. Wowee! I seriously questioning the value of a ten-fold jump in price. Comments anybody? Jeff Earickson Colby College From shrek-m at gmx.de Thu May 11 15:24:05 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Thu May 11 15:24:16 2006 Subject: dont see any processes In-Reply-To: <29234BC8-8F4F-4FF4-B01D-2A4AE1B92E68@christ-net.sk> References: <29234BC8-8F4F-4FF4-B01D-2A4AE1B92E68@christ-net.sk> Message-ID: <44634905.8070109@gmx.de> On 11.05.2006 14:36, Peter Zimen wrote: > where is problem. Mail Scanner normal start via service,scan emails, > but i dont see it in process list (ps axu). fedora core 4 eg. # ps x | grep -i mailscann 2882 ? Ss 0:00 MailScanner: starting child 29827 ? S 0:02 MailScanner: waiting for messages 31580 ? S 0:02 MailScanner: waiting for messages 31678 ? S 0:02 MailScanner: waiting for messages 32210 ? S 0:02 MailScanner: waiting for messages 32387 ? S 0:01 MailScanner: waiting for messages 964 pts/1 S+ 0:00 grep -i mailscann > Every hour is "started" via cron... why ? > MS is on RedHat9 linux. Last version. red hat linux ==> fedora core -- shrek-m From alex at nkpanama.com Thu May 11 15:48:54 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu May 11 15:49:27 2006 Subject: Best Way to Control Relaying? In-Reply-To: <014f01c674d7$d0d97260$23c051cb@noc> References: <00f001c674d3$12142770$3004010a@martinhlaptop> <014f01c674d7$d0d97260$23c051cb@noc> Message-ID: <44634ED6.1040600@nkpanama.com> Muhammad Nauman wrote: > Hi > > I m using Sendmail 8.13.5 > and i m relaying my User - using the access featur in sendmail -with > file : /etc/mail/access > 1. Remove the "xxx.xxx.xxx.xxx RELAY" option that you have in that file so that only AUTHENTICATED users can relay - that way you can have people accountable for what they do. You may need to run the saslauthd service for this to work. 2. Remember to change /usr/share/sendmail-cf/m4/cfhead.m4 to read _REC_FULL_AUTH_$?{auth_ssf} bits=${auth_ssf}$.) instead of _REC_AUTH_$?{auth_ssf} bits=${auth_ssf}$.) ... so you can know *who* sent what. You have to "m4 < /etc/mail/sendmail.mc > /etc/mail/sendmail.cf after the change and restart MailScanner. 3. Throttle your users. Use a milter or some of sendmail's built-in features to throttle the connection so that users can send a reasonable amount of mail (say, 5 per minute, for example). You can always add exceptions for bigger customers. Check http://technoids.org/dossed.html for more info. If you limit the amount of emails-per-minute and connections-per-second your server accepts, you can make it impractical for (ab)users to use you as a spam relay. You can also look into http://www.five-ten-sg.com/syslog2iptables/rn01re01.html in order to temporarily firewall those who repeatedly try to send mail through your server and aren't authorized. From slwatts at winckworths.co.uk Thu May 11 15:55:33 2006 From: slwatts at winckworths.co.uk (Sam Luxford-Watts) Date: Thu May 11 15:55:47 2006 Subject: 4.54.1 with Sophos V5 support Message-ID: Is there a similar update for sophos SAVI? I couldn?t get SAVI-Perl-0.30 working with it :-( -----Original Message----- From: Julian Field [mailto:MailScanner@ecs.soton.ac.uk] Sent: Monday, May 08, 2006 11:04 PM To: MailScanner discussion Subject: 4.54.1 with Sophos V5 support -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just implemented support for Sophos version 5. You can still use Sophos.install to install Sophos version 5, but you don't have to if you don't want to. The advantage of installing using Sophos.install is - More guidance - Automatic editing of virus.scanners.conf to update location If you install it without using Sophos.install, you *must not* enable on-access scanning. Otherwise it sill start inspecting files too early and may well break your system as it deletes or renames files that MailScanner is about to scan. In this position I cannot guarantee what, if anything, MailScanner will do. Please try it out and let me (or the list) know how you get on. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRF/AOhH2WUcUFbZUEQKb7gCgyid6j7kyOjJjQeG+Jt/H+g+Bed4An3uQ OhYwYcTJXTh8/TpKht9gfUVE =nYPj -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- Winckworth Sherwood, ranked first in the Diversity League Table 2006 UK 100 Plus - a survey analysing ethnicity and gender in the legal profession, commissioned by the Black Solicitors Network and the Commission for Racial Equality. -------------- Winckworth Sherwood Solicitors and Parliamentary Agents, DX 148400 WESTMINSTER 5: 35 Great Peter Street, London SW1P 3LR. Telephone +44 (0)20 7593 5000 Fax +44 (0)20 7593 5099. www.winckworths.co.uk This email and any attachments are confidential and may be the subject of legal privilege. Any use, copying or disclosure other than by the intended recipient is unauthorised. If you have received this message in error, please notify the sender immediately via +44 (0)20 7593 5000 and delete this message from your computer and network. Winckworth Sherwood is regulated by the Law Society. A list of partners is available for inspection at the above address. From alex at nkpanama.com Thu May 11 15:55:43 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu May 11 15:56:13 2006 Subject: any MAPS RBL+ subscribers out there? In-Reply-To: References: Message-ID: <4463506F.9080809@nkpanama.com> Jeff A. Earickson wrote: > Gang, > > Is any MailScanner site a paid MAPS RBL+ subscriber? Colby > has been a MAPS customer for nearly 5 years, and it has been > a solid performer for us as an MTA spam-rejection filter (we > also use sbl-xbl.spamhaus.org in sendmail too). > > Our previous payment to Kelkea was $145.00 per year. Trend > Micro (new owner) just dropped a $1500.00 quote on us. > Wowee! I seriously questioning the value of a ten-fold jump > in price. Comments anybody? > > Jeff Earickson > Colby College Flip them off. IMHO they used to be a great company providing great products, but have since become just another McAfee/Norton ... the 800lb. gorillas of AV software. Their software is bad, their customer service is worse, and now they're probably going to take a perfectly good RBL and break it. In fact, do something better. Tell them you'll charge THEM $1500k/yr to endorse the use of their list, or you'll start seeing other lists ;) From alex at nkpanama.com Thu May 11 15:56:30 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu May 11 15:56:56 2006 Subject: dont see any processes In-Reply-To: <29234BC8-8F4F-4FF4-B01D-2A4AE1B92E68@christ-net.sk> References: <29234BC8-8F4F-4FF4-B01D-2A4AE1B92E68@christ-net.sk> Message-ID: <4463509E.5080404@nkpanama.com> Peter Zimen wrote: > > > MS is on RedHat9 linux. Last version. Last version to be called "RedHat Linux"? ;-) From alex at nkpanama.com Thu May 11 15:58:21 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu May 11 15:58:49 2006 Subject: Best Way to Control Relaying? In-Reply-To: <44634ED6.1040600@nkpanama.com> References: <00f001c674d3$12142770$3004010a@martinhlaptop> <014f01c674d7$d0d97260$23c051cb@noc> <44634ED6.1040600@nkpanama.com> Message-ID: <4463510D.1080407@nkpanama.com> Alex Neuman van der Hans wrote: > > 3. Throttle your users. :) I _meant_ throttle your users' connections... but the thought probably _was_ crossing my mind at the time! ;-) From rgreen at trayerproducts.com Thu May 11 16:48:41 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Thu May 11 16:49:13 2006 Subject: Net::DNS Perl module Message-ID: <44635CD9.8020408@trayerproducts.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060511/1a56ec36/attachment.html From prandal at herefordshire.gov.uk Thu May 11 17:01:06 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu May 11 17:01:52 2006 Subject: :DNS Perl module Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580CC0B4AE@isabella.herefordshire.gov.uk> The latest Net::DNS works fine with MailScanner. >From my MailScanner -V: 0.57 Net::DNS Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rodney Green Sent: 11 May 2006 16:49 To: mailscanner@lists.mailscanner.info Subject: Net::DNS Perl module Hello, I wish to install a new perl module named Mail::VRFY. When attempting to build the module I'm getting the warning message below. Are there any foreseen MailScanner problems with the newer version of Net::DNS? I'm using MailScanner version 4.37.7. Also below is the output of MailScanner -V. Thanks for any help. Warning: prerequisite Net::DNS 0.57 not found. We have 0.49. Output of MailScanner -V: Linux mail3 2.4.20-31.9 #1 Tue Apr 13 18:04:23 EDT 2004 i686 i686 i386 GNU/Linux This is Red Hat Linux release 9 (Shrike) This is Perl version 5.008000 (5.8.0) This is MailScanner version 4.37.7 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.04 Fcntl 2.71 File::Basename 2.05 File::Copy 2.01 FileHandle 1.05 File::Path 0.16 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.20 IO 1.09 IO::File 1.122 IO::Pipe 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.05 POSIX 1.75 Socket 0.03 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.811 DB_File 1.10 Digest 1.01 Digest::HMAC 2.20 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.000002 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.49 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.26 Test::Harness 0.47 Test::Simple 1.89 Text::Balanced 1.35 URI -- Rodney Green -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060511/0e00e325/attachment.html From strombrg at dcs.nac.uci.edu Thu May 11 17:31:22 2006 From: strombrg at dcs.nac.uci.edu (Dan Stromberg) Date: Thu May 11 17:32:47 2006 Subject: Trouble-free steps to upgrade mailscanner? Message-ID: Hi folks. (If we can work out a really good, no-hiccup procedure, I promise to give back by writing up the process for a web article - I'm a bit of an obsessive note taker/summarizer. That is, assuming someone hasn't already done so :) I have a busy mail server running MailScanner 4.36.4, part NFS, part local. I need to upgrade it to 100% local MailScanner 4.53.8 (or maybe 4.53.6). If this mail server goes kerflooie, it's not going to be pretty. At all. I'm assuming I'll need to work out the local vs NFS thing with site-specifics of course, but what are the basic steps one needs to follow to get a trial and tribulation-free mailscanner upgrade - getting it right the first time? For example, is there a way to have two versions of mailscanner running on the host at the same time, so you can test the new one, and cut over later once you feel confident about the new one by doing something simple, like changing a symlink and restarting a daemon? I'm guessing you'd probably need 2 distinct pairs of sendmail's, but what else might one require? Thanks! From alex at nkpanama.com Thu May 11 17:35:28 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu May 11 17:35:55 2006 Subject: :DNS Perl module In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580CC0B4AE@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580CC0B4AE@isabella.herefordshire.gov.uk> Message-ID: <446367D0.4060109@nkpanama.com> Randal, Phil wrote: > The latest Net::DNS works fine with MailScanner. > I usually upgrade most perl modules from CPAN after an install, specially if they have anything to do with spamassassin, DNS, or networking. Usual candidates are Net::DNS and Net::CIDR, but it varies from time to time. From alex at nkpanama.com Thu May 11 17:39:12 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu May 11 17:39:45 2006 Subject: Trouble-free steps to upgrade mailscanner? In-Reply-To: References: Message-ID: <446368B0.5050404@nkpanama.com> Dan Stromberg wrote: > Hi folks. > > > (group voice) Hi Dan... > For example, is there a way to have two versions of mailscanner running on > the host at the same time, so you can test the new one, and cut over later > once you feel confident about the new one by doing something simple, like > changing a symlink and restarting a daemon? > I think somebody mentioned something like this (they were talking about BSD I think) where someone would: 1. Stop MailScanner 2. Move /wherever/MailScanner to /old/mailscanner 3. Create symlink from /wherever/MailScanner to /old/mailscanner 4. install new MailScanner to /new/mailscanner Then test everything separately using whatever method you want, and in the end you just stop MailScanner, change the symlink, and start it again. Things you should consider: 1. Do you use a database, like with mailwatch? I don't know if one thing could break another. 2. Use the archive feature, albeit temporarily. You can always requeue e-mail back into the system if it breaks, right? From MailScanner at ecs.soton.ac.uk Thu May 11 17:40:14 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 11 17:40:24 2006 Subject: any MAPS RBL+ subscribers out there? In-Reply-To: References: Message-ID: <446368EE.4090000@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The UK Higher Education community are another user, we have a mass-subscription to it with our own DNS server providing a clone of the list. I don't believe it is worth $1500 per year, I would spend my money with Spamhaus or some other organisation, rather than Trend who produce dubious products and think they can charge whatever they like. Fortunately, compared to MailScanner, they are small fry in the gateway scanning market. I would tell them where to jump, and send me the money instead :-) Jeff A. Earickson wrote: > Gang, > > Is any MailScanner site a paid MAPS RBL+ subscriber? Colby > has been a MAPS customer for nearly 5 years, and it has been > a solid performer for us as an MTA spam-rejection filter (we > also use sbl-xbl.spamhaus.org in sendmail too). > > Our previous payment to Kelkea was $145.00 per year. Trend > Micro (new owner) just dropped a $1500.00 quote on us. > Wowee! I seriously questioning the value of a ten-fold jump > in price. Comments anybody? > > Jeff Earickson > Colby College - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGNo7xH2WUcUFbZUEQJm4QCg05A/7RSgQfflYCutApV7ZhyiYyoAn0Iq vVrXitPz2kfUOr7Q2R7sLM/Y =TgBx -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu May 11 17:54:00 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 11 17:54:13 2006 Subject: Trouble-free steps to upgrade mailscanner? In-Reply-To: References: Message-ID: <44636C28.2080303@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I don't advise using any of the 4.53 releases, there have been problems this month. I will put out a new "beta" of 4.54 very soon (possibly next, right now) that will contain all the fixes for the bits I got wrong in 4.53. What operating system are you using? If you aren't using the Linux distributions of MailScanner, then as someone else has already said, you should put it somewhere like /opt/MailScanner-x.xx.x (where x.xx.x is the version number) and use a soft-link from /opt/MailScanner to the version number. This means that you can set it all up in its real location, test all the cron jobs and all that sort of stuff. Then switch on Archive Mail in the new version, stop it, set the link up to point to the new version, start it and then watch it. If it goes bad, just stop it, put the link back, start the old version again. I'll put out a beta right now for you. Dan Stromberg wrote: > Hi folks. > > (If we can work out a really good, no-hiccup procedure, I promise to > give back by writing up the process for a web article - I'm a bit of an > obsessive note taker/summarizer. That is, assuming someone hasn't already > done so :) > > I have a busy mail server running MailScanner 4.36.4, part NFS, part local. > > I need to upgrade it to 100% local MailScanner 4.53.8 (or maybe 4.53.6). > > If this mail server goes kerflooie, it's not going to be pretty. At all. > > I'm assuming I'll need to work out the local vs NFS thing with > site-specifics of course, but what are the basic steps one needs to follow > to get a trial and tribulation-free mailscanner upgrade - getting it right > the first time? > > For example, is there a way to have two versions of mailscanner running on > the host at the same time, so you can test the new one, and cut over later > once you feel confident about the new one by doing something simple, like > changing a symlink and restarting a daemon? > > I'm guessing you'd probably need 2 distinct pairs of sendmail's, but what > else might one require? > > Thanks! > > > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGNsKhH2WUcUFbZUEQL9mQCffZo4suiaXk43Y8w3tXL4+HZumSwAnjEj zVf7+ZKeT18CFu3H+8K3rxjr =h5Qv -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From strombrg at dcs.nac.uci.edu Thu May 11 18:28:22 2006 From: strombrg at dcs.nac.uci.edu (Dan Stromberg) Date: Thu May 11 18:28:42 2006 Subject: Trouble-free steps to upgrade mailscanner? References: <44636C28.2080303@ecs.soton.ac.uk> Message-ID: On Thu, 11 May 2006 17:54:00 +0100, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I don't advise using any of the 4.53 releases, there have been problems > this month. I will put out a new "beta" of 4.54 very soon (possibly > next, right now) that will contain all the fixes for the bits I got > wrong in 4.53. This makes me a little nervous. Are there some trusted 4.52 releases by any chance? Or do they have security issues? > What operating system are you using? This one's Solaris, but we use MailScanner here on a variety of OSes. > If you aren't using the Linux distributions of MailScanner, then as > someone else has already said, you should put it somewhere like > /opt/MailScanner-x.xx.x (where x.xx.x is the version number) and use a > soft-link from /opt/MailScanner to the version number. This means that > you can set it all up in its real location, test all the cron jobs and > all that sort of stuff. Then switch on Archive Mail in the new version, > stop it, set the link up to point to the new version, start it and then > watch it. If it goes bad, just stop it, put the link back, start the old > version again. This is great info. > I'll put out a beta right now for you. Thanks! > Dan Stromberg wrote: >> Hi folks. >> >> (If we can work out a really good, no-hiccup procedure, I promise to >> give back by writing up the process for a web article - I'm a bit of an >> obsessive note taker/summarizer. That is, assuming someone hasn't already >> done so :) >> >> I have a busy mail server running MailScanner 4.36.4, part NFS, part local. >> >> I need to upgrade it to 100% local MailScanner 4.53.8 (or maybe 4.53.6). >> >> If this mail server goes kerflooie, it's not going to be pretty. At all. >> >> I'm assuming I'll need to work out the local vs NFS thing with >> site-specifics of course, but what are the basic steps one needs to follow >> to get a trial and tribulation-free mailscanner upgrade - getting it right >> the first time? >> >> For example, is there a way to have two versions of mailscanner running on >> the host at the same time, so you can test the new one, and cut over later >> once you feel confident about the new one by doing something simple, like >> changing a symlink and restarting a daemon? >> >> I'm guessing you'd probably need 2 distinct pairs of sendmail's, but what >> else might one require? >> >> Thanks! >> >> >> >> >> > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRGNsKhH2WUcUFbZUEQL9mQCffZo4suiaXk43Y8w3tXL4+HZumSwAnjEj > zVf7+ZKeT18CFu3H+8K3rxjr > =h5Qv > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. From strombrg at dcs.nac.uci.edu Thu May 11 18:32:50 2006 From: strombrg at dcs.nac.uci.edu (Dan Stromberg) Date: Thu May 11 18:35:14 2006 Subject: Trouble-free steps to upgrade mailscanner? References: <446368B0.5050404@nkpanama.com> Message-ID: On Thu, 11 May 2006 11:39:12 -0500, Alex Neuman van der Hans wrote: >> For example, is there a way to have two versions of mailscanner running on >> the host at the same time, so you can test the new one, and cut over later >> once you feel confident about the new one by doing something simple, like >> changing a symlink and restarting a daemon? >> > > I think somebody mentioned something like this (they were talking about > BSD I think) where someone would: > > 1. Stop MailScanner > 2. Move /wherever/MailScanner to /old/mailscanner > 3. Create symlink from /wherever/MailScanner to /old/mailscanner > 4. install new MailScanner to /new/mailscanner Yes, this sounds like a good way to go. > Then test everything separately using whatever method you want, and in > the end you just stop MailScanner, change the symlink, and start it again. What are some "cover the fundamentals" test methods for MailScanner? Is it just a matter of sending four messages: ham+novirus, spam+novirus, ham+virus, spam+virus and making sure they're handled well? And if I wanted to test it out by just sending something from evolution on my office server, would I need to configure a second pair of sendmail's, where the -bd one of the second pair was listening on an alternate port for a while? > Things you should consider: > > 1. Do you use a database, like with mailwatch? I don't know if one thing > could break another. I'll check into this, but I don't think we're using mailwatch. Is mailwatch useful for assessing MailScanner's health though? > 2. Use the archive feature, albeit temporarily. You can always requeue > e-mail back into the system if it breaks, right? I really like this feature. Thanks! From mstandish at gmail.com Thu May 11 18:52:51 2006 From: mstandish at gmail.com (Matt Standish) Date: Thu May 11 18:53:01 2006 Subject: SpamAssassin Score Ruleset Message-ID: <446379F3.7000808@gmail.com> I have a simple rule set to change the SpamAssassin required hits score based on the domain the mail is directed to. I can't seem to to get it work. No matter how I change the file the required hits are always 5. Here is a snip from MailScanner.conf: %rules-dir% = /etc/MailScanner/rules Required SpamAssassin Score = %rules-dir%/spam-score-low.rules The Rule: ###Spam action rules FromOrTo: *@domain.net 7 A header from an email: X-domain.net-MailScanner-SpamCheck: not spam, SpamAssassin (score=0, required 5) I am using Mailscanner-4.53.6-1 Anyone see what I am doing wrong? From MailScanner at ecs.soton.ac.uk Thu May 11 20:29:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 11 20:29:41 2006 Subject: Trouble-free steps to upgrade mailscanner? In-Reply-To: References: <44636C28.2080303@ecs.soton.ac.uk> Message-ID: <4463909B.30200@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dan Stromberg wrote: > On Thu, 11 May 2006 17:54:00 +0100, Julian Field wrote: > > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I don't advise using any of the 4.53 releases, there have been problems >> this month. I will put out a new "beta" of 4.54 very soon (possibly >> next, right now) that will contain all the fixes for the bits I got >> wrong in 4.53. >> > > This makes me a little nervous. Are there some trusted 4.52 releases by > any chance? Or do they have security issues? > Yes, sorry about that. But I thought it would be better to be absolutely straight with you. 4.52 was fine, the last release of that was 4.52.2-1. You should be able to deduce the URL of them :-) No security issues that I am aware of, no. Check the ChangeLog on the website, it's linked to from most of the entries in the "News" section of the homepage. >> What operating system are you using? >> > > This one's Solaris, but we use MailScanner here on a variety of OSes. > > >> If you aren't using the Linux distributions of MailScanner, then as >> someone else has already said, you should put it somewhere like >> /opt/MailScanner-x.xx.x (where x.xx.x is the version number) and use a >> soft-link from /opt/MailScanner to the version number. This means that >> you can set it all up in its real location, test all the cron jobs and >> all that sort of stuff. Then switch on Archive Mail in the new version, >> stop it, set the link up to point to the new version, start it and then >> watch it. If it goes bad, just stop it, put the link back, start the old >> version again. >> > > This is great info. > > >> I'll put out a beta right now for you. >> > > Thanks! > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGOQnBH2WUcUFbZUEQKsKgCg2QhycV0kJjY1FA0knggMd4uVHH4Anj9U 4Z4nNKYxQqKCs7XHDnzNZlBw =5duP -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From maillists at conactive.com Thu May 11 20:31:24 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu May 11 20:31:29 2006 Subject: SpamAssassin Score Ruleset In-Reply-To: <446379F3.7000808@gmail.com> References: <446379F3.7000808@gmail.com> Message-ID: Matt Standish wrote on Thu, 11 May 2006 13:52:51 -0400: > X-domain.net-MailScanner-SpamCheck: not spam, SpamAssassin (score=0, > required 5) I may be completely wrong, but this looks suspiciously like there either was no SA scan or MS doesn't get the correct result. A score of exactly 0 is very uncommon. So, the required hits could just be some default picked up from SA. BTW: do you use Mailwatch? Then I recommend using the additional MS modules coming with it. One of them supports scores via MySQL and works very well. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Thu May 11 20:36:42 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 11 20:36:52 2006 Subject: Trouble-free steps to upgrade mailscanner? In-Reply-To: References: <446368B0.5050404@nkpanama.com> Message-ID: <4463924A.20907@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dan Stromberg wrote: > On Thu, 11 May 2006 11:39:12 -0500, Alex Neuman van der Hans wrote: > > > >>> For example, is there a way to have two versions of mailscanner running on >>> the host at the same time, so you can test the new one, and cut over later >>> once you feel confident about the new one by doing something simple, like >>> changing a symlink and restarting a daemon? >>> >>> >> I think somebody mentioned something like this (they were talking about >> BSD I think) where someone would: >> >> 1. Stop MailScanner >> 2. Move /wherever/MailScanner to /old/mailscanner >> 3. Create symlink from /wherever/MailScanner to /old/mailscanner >> 4. install new MailScanner to /new/mailscanner >> > > Yes, this sounds like a good way to go. > > >> Then test everything separately using whatever method you want, and in >> the end you just stop MailScanner, change the symlink, and start it again. >> > > What are some "cover the fundamentals" test methods for MailScanner? Is > it just a matter of sending four messages: ham+novirus, spam+novirus, > ham+virus, spam+virus and making sure they're handled well? > Download the EICAR test virus from www.eicar.org and send it through MailScanner a few times to check its reaction. That and a few spam messages will check it is basically working for you. I have a huge library of test messages that I use for testing various bits of the functionality, but unfortunately I can't share these with you for privacy reasons, sorry. > And if I wanted to test it out by just sending something from evolution on > my office server, would I need to configure a second pair of sendmail's, > where the -bd one of the second pair was listening on an alternate port > for a while? > You not only need that but they need to use different queue directories as well, and you'll need to configure the secondary queue directories in MailScanner as well. Using a spare machine for testing is rather easier, as you can leave it configured as a test system. If you stop the outgoing queue runner sendmail and set "Delivery Method = queue" then it won't actually deliver the processed messages, so you can examine the files in the queue. I always check the queue files than let them be delivered. > >> 2. Use the archive feature, albeit temporarily. You can always requeue >> e-mail back into the system if it breaks, right? >> > > I really like this feature. > Glad you find this useful. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGOSSxH2WUcUFbZUEQLP8QCg5cU4Fmn2G/m/cvTvO9dzZqYq9zkAn2RV kvxti3ikfSj5/MaB0kJW3/Jl =kKjB -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu May 11 20:39:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 11 20:39:28 2006 Subject: SpamAssassin Score Ruleset In-Reply-To: <446379F3.7000808@gmail.com> References: <446379F3.7000808@gmail.com> Message-ID: <446392E9.4050800@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 2 things: 1. MailScanner uses the sender address in the envelope, not the From: address that may happen to appear in the headers. Check you are checking the real address. 2. You should add a default rule to your ruleset FromOrTo: default 5 3. You are doing a "service MailScanner reload" or equivalent (e.g. HUP the MailScanner processes). Oh, that's 3, never mind :-) Matt Standish wrote: > I have a simple rule set to change the SpamAssassin required hits > score based on the domain the mail is directed to. I can't seem to to > get it work. No matter how I change the file the required hits are > always 5. Here is a snip from MailScanner.conf: > > %rules-dir% = /etc/MailScanner/rules > Required SpamAssassin Score = %rules-dir%/spam-score-low.rules > > The Rule: > ###Spam action rules > > FromOrTo: *@domain.net 7 > > > A header from an email: > X-domain.net-MailScanner-SpamCheck: not spam, SpamAssassin (score=0, > required 5) > > > I am using Mailscanner-4.53.6-1 > > Anyone see what I am doing wrong? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGOS6hH2WUcUFbZUEQJlRgCgyYO5bwVRWrbl98EKEplYjZPr7FIAn0BF 7o0OXDanUioeti9j6flApNsf =9Pjy -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mstandish at gmail.com Thu May 11 20:41:19 2006 From: mstandish at gmail.com (Matt Standish) Date: Thu May 11 20:41:22 2006 Subject: SpamAssassin Score Ruleset In-Reply-To: References: <446379F3.7000808@gmail.com> Message-ID: <4463935F.4090200@gmail.com> Kai Schaetzl wrote: > Matt Standish wrote on Thu, 11 May 2006 13:52:51 -0400: > >> X-domain.net-MailScanner-SpamCheck: not spam, SpamAssassin (score=0, >> required 5) > > I may be completely wrong, but this looks suspiciously like there either > was no SA scan or MS doesn't get the correct result. A score of exactly 0 > is very uncommon. So, the required hits could just be some default picked > up from SA. > BTW: do you use Mailwatch? Then I recommend using the additional MS > modules coming with it. One of them supports scores via MySQL and works > very well. > > Kai > It's scanning, I am catching a ton of spam. I like mailwatch a lot but it seemed like it was going to be a bigger challenge to make mailwatch work in my organization (an ISP) than it would be to roll our own. From MailScanner at ecs.soton.ac.uk Thu May 11 20:43:10 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 11 20:43:25 2006 Subject: Beta 4.54.2 released Message-ID: <446393CE.9000502@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just updated a load of Perl modules to bring all the modules used by Perl, ClamAV and SpamAssassin up to date. I have ignored changes such as minor documentation changes and stuff like that, but every module with any major bug-fixes or enhancements has been updated. I have put in all the fixes for problems that people have found in 4.53. All the problems with the phishing net and the Web Bug processor should now have gone. All in all this should now be where 4.53 should have been :-( Download from www.mailscanner.info as usual. Full Change Log is this: * New Features and Improvements * - - sa-update cron job disabled by default - - Support for Sophos version 5. This just requires new sophos-autoupdate and sophos-wrapper. There are no changes to the core MailScanner code. - - The Sophos.install script is not needed for version 5 of Sophos. But it won't do any harm and will print some useful information on how you should configure it, and it will make its best attempts to update the virus.scanners.conf file to point to your new version 5 installation. So I would still strongly advise that you run Sophos.install to install Sophos, even with version 5. - - When the SpamAssassin cache is being used, the phrase "cached" or "not cached" is added to the start of the SpamAssassin detailed report in the headers. These words are defined in the languages.conf file so you can change them to anything you like, and translate them into your local languages. Please post all translations back to me for inclusion in the standard distribution. - - Added a reference to the message batch in the call to look up "lastafterbatch" so that MailWatch can get the batch statistics. - - Updated loads of Perl modules to more modern versions where there have been any significant updates to them. Minor doc and test tweaks have been ignored. - - Updated many Perl modules in ClamAV+SA easy-to-install package. - - ClamAV+SA package does not add extra loadplugin lines if they are already present in the init.pre and v310.pre files. * Fixes * - - Fixed bug in output formatting of phishing net. This could leave HTML links open. - - Fixed major problem with Web Bug processor. - - Fixed bug in handling of multi-line Subject: lines in Postfix. Thanks to James for this fix and his patch. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGOT0hH2WUcUFbZUEQLgeACfezbnZj/cLM25JH5F7sm1dR2QrFgAoMky SFT74zAHgHtKCpsOC0rsgF5U =wFmB -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mstandish at gmail.com Thu May 11 21:00:41 2006 From: mstandish at gmail.com (Matt Standish) Date: Thu May 11 21:00:44 2006 Subject: SpamAssassin Score Ruleset In-Reply-To: <446392E9.4050800@ecs.soton.ac.uk> References: <446379F3.7000808@gmail.com> <446392E9.4050800@ecs.soton.ac.uk> Message-ID: <446397E9.5080003@gmail.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > 2 things: > > 1. MailScanner uses the sender address in the envelope, not the From: > address that may happen to appear in the headers. Check you are checking > the real address. > 2. You should add a default rule to your ruleset > FromOrTo: default 5 > 3. You are doing a "service MailScanner reload" or equivalent (e.g. HUP > the MailScanner processes). > > Oh, that's 3, never mind :-) Thanks. The sender envelope actually is the problem! I am not following point 3. I should or shouldn't restart the process (/etc/init.d/MailScanner restart)? Why would this effect the rules? Thanks for the help! From MailScanner at ecs.soton.ac.uk Thu May 11 21:15:42 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 11 21:15:52 2006 Subject: SpamAssassin Score Ruleset In-Reply-To: <446397E9.5080003@gmail.com> References: <446379F3.7000808@gmail.com> <446392E9.4050800@ecs.soton.ac.uk> <446397E9.5080003@gmail.com> Message-ID: <44639B6E.8010108@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matt Standish wrote: > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> 2 things: >> >> 1. MailScanner uses the sender address in the envelope, not the From: >> address that may happen to appear in the headers. Check you are >> checking the real address. >> 2. You should add a default rule to your ruleset >> FromOrTo: default 5 >> 3. You are doing a "service MailScanner reload" or equivalent (e.g. >> HUP the MailScanner processes). >> >> Oh, that's 3, never mind :-) > > Thanks. The sender envelope actually is the problem! > > I am not following point 3. I should or shouldn't restart the process > (/etc/init.d/MailScanner restart)? Why would this effect the rules? You can do a restart instead of a reload if you like. It's just that a reload doesn't actually cause a sendmail break in service, which a restart does (for 30 seconds). Most settings will be re-read by a reload. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGObbxH2WUcUFbZUEQJC5QCeMk8VUAKtG2xoSrJAYQTr8+u1V8kAoPIC 8r5mxf1y0k2aCF99Bn5y33CL =w/ZB -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From chardlist at chard.net Thu May 11 21:53:26 2006 From: chardlist at chard.net (chardlist) Date: Thu May 11 21:53:47 2006 Subject: DCC Logs (OT but related) Message-ID: <016f01c6753c$f5440100$a000a8c0@sangria> This is slightly off topic... but I found the mailscanner help document incredibly helpful in setting up DCC to run as a daemon http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/312.html. However DCC is logging a chuck of every message to /var/dcc/log and it's taking up a lot of space. Is there an easy way to simply tell DCC not to log files? I don't need them for anything and would only turn it on to troubleshoot an issue. Thank you, -Brendan From ka at pacific.net Thu May 11 22:13:13 2006 From: ka at pacific.net (Ken A) Date: Thu May 11 22:09:32 2006 Subject: DCC Logs (OT but related) In-Reply-To: <016f01c6753c$f5440100$a000a8c0@sangria> References: <016f01c6753c$f5440100$a000a8c0@sangria> Message-ID: <4463A8E9.6090602@pacific.net> edit /var/dcc/dcc_conf - See the ...LOG_AT for dccifd, assuming you are using dccifd. man dccd for more... Ken A Pacific.Net chardlist wrote: > This is slightly off topic... but I found the mailscanner help document > incredibly helpful in setting up DCC to run as a daemon > http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/312.html. > > However DCC is logging a chuck of every message to /var/dcc/log and it's > taking up a lot of space. Is there an easy way to simply tell DCC not to > log files? I don't need them for anything and would only turn it on to > troubleshoot an issue. > > Thank you, > -Brendan > > > From pz at christ-net.sk Thu May 11 22:44:52 2006 From: pz at christ-net.sk (Peter Zimen) Date: Thu May 11 22:45:16 2006 Subject: dont see any processes In-Reply-To: <4463509E.5080404@nkpanama.com> References: <29234BC8-8F4F-4FF4-B01D-2A4AE1B92E68@christ-net.sk> <4463509E.5080404@nkpanama.com> Message-ID: <1702C059-ADF3-4FA4-B314-66CBEBAF06F5@christ-net.sk> No fedora :) Old 9 release of Red Hat. On 11.5.2006, at 16:56, Alex Neuman van der Hans wrote: > Peter Zimen wrote: >> >> >> MS is on RedHat9 linux. Last version. > > Last version to be called "RedHat Linux"? ;-) > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From prandal at herefordshire.gov.uk Thu May 11 23:31:14 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu May 11 23:31:24 2006 Subject: Beta 4.54.2 released Message-ID: <86144ED6CE5B004DA23E1EAC0B569B58017681C7@isabella.herefordshire.gov.uk> Julian, You may need to force install Perl-TimeDate. Perl-TimeDate-1.16 is allegedly "older" than the Perl-TimeDate-1.1305 which I had installed here. During install.sh's execution, we get the error "Attempting to build and install perl-HTML-Parser-3.57-1 Missing file perl-HTML-Parser-3.57-1.src.rpm. Are you in the right directory?" Should be 3.54... Cheers, Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, May 11, 2006 8:43 PM To: MailScanner discussion Subject: Beta 4.54.2 released -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just updated a load of Perl modules to bring all the modules used by Perl, ClamAV and SpamAssassin up to date. I have ignored changes such as minor documentation changes and stuff like that, but every module with any major bug-fixes or enhancements has been updated. I have put in all the fixes for problems that people have found in 4.53. All the problems with the phishing net and the Web Bug processor should now have gone. All in all this should now be where 4.53 should have been :-( Download from www.mailscanner.info as usual. Full Change Log is this: * New Features and Improvements * - - sa-update cron job disabled by default - - Support for Sophos version 5. This just requires new sophos-autoupdate and sophos-wrapper. There are no changes to the core MailScanner code. - - The Sophos.install script is not needed for version 5 of Sophos. But it won't do any harm and will print some useful information on how you should configure it, and it will make its best attempts to update the virus.scanners.conf file to point to your new version 5 installation. So I would still strongly advise that you run Sophos.install to install Sophos, even with version 5. - - When the SpamAssassin cache is being used, the phrase "cached" or "not cached" is added to the start of the SpamAssassin detailed report in the headers. These words are defined in the languages.conf file so you can change them to anything you like, and translate them into your local languages. Please post all translations back to me for inclusion in the standard distribution. - - Added a reference to the message batch in the call to look up "lastafterbatch" so that MailWatch can get the batch statistics. - - Updated loads of Perl modules to more modern versions where there have been any significant updates to them. Minor doc and test tweaks have been ignored. - - Updated many Perl modules in ClamAV+SA easy-to-install package. - - ClamAV+SA package does not add extra loadplugin lines if they are already present in the init.pre and v310.pre files. * Fixes * - - Fixed bug in output formatting of phishing net. This could leave HTML links open. - - Fixed major problem with Web Bug processor. - - Fixed bug in handling of multi-line Subject: lines in Postfix. Thanks to James for this fix and his patch. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGOT0hH2WUcUFbZUEQLgeACfezbnZj/cLM25JH5F7sm1dR2QrFgAoMky SFT74zAHgHtKCpsOC0rsgF5U =wFmB -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From smcguane at mailshield.com.au Fri May 12 00:10:34 2006 From: smcguane at mailshield.com.au (ShaunM [MailShield]) Date: Fri May 12 00:10:46 2006 Subject: Can MailScanner Do Smart Relaying? In-Reply-To: Message-ID: <200605112310.k4BNAhVx021399@bkserver.blacknight.ie> Heya Guys, I have a bit of a tricky one for you.... I have setup a second server to take some pressure of my main server which is handling web hosting / mail filtering / pop retrieval etc. However upon doing this this changes the network scope a a little bit. For arguments sake we will call it like this Box A : Original Main Server Handles everything currently. Box B : New Server built with mailscanner/Sendmail/mailwatch etc. I need to know how to control the sending of email from box b to the main box a. I want flexibility in this so I can handle it at a domain level. I will explain why..... Most of my clients retrieve mail by using pop3 which is fine. If I setup a smart relay in Sendmail it will send *all* mail to box A However I want to control it at a domain level so for domain.x.y.z goto Box A and for domain.s.o.s relay to their exchange server or similar. Normally I would expect to do this from the MTA level such as Sendmail, however with MailScanner installed and using Sendmail mailer-relay like I should be totally ignores what I want. So I was wondering if there is another way? I know that this might not be the place to ask and should ask MTA groups but I took a longshot with this thinking MailScanner might have some config in It that will help me with this problem. Thanks Shaun --------------------------------------------------------------------------------------------------------- This message has been scanned for viruses and malicious content by MailShield http://www.mailshield.com.au From maillists at conactive.com Fri May 12 00:31:16 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Fri May 12 00:31:20 2006 Subject: /etc/cron.daily/sa-update failure? In-Reply-To: References: Message-ID: Marcel Blenkers wrote on Mon, 8 May 2006 18:23:29 +0200 (CEST): > SCRIPT: sa-update exited with RETURNCODE = 1. Marcel, that is because there's a small bug in the script, compare my mail of today (well, yesterday) about this. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mike at vesol.com Fri May 12 00:33:52 2006 From: mike at vesol.com (Mike Kercher) Date: Fri May 12 00:34:11 2006 Subject: Can MailScanner Do Smart Relaying? Message-ID: You need to use /etc/mail/mailertable :) Mike > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of ShaunM [MailShield] > Sent: Thursday, May 11, 2006 6:11 PM > To: 'MailScanner discussion' > Subject: Can MailScanner Do Smart Relaying? > > Heya Guys, > > I have a bit of a tricky one for you.... > > I have setup a second server to take some pressure of my main > server which is handling web hosting / mail filtering / pop > retrieval etc. > > However upon doing this this changes the network scope a a little bit. > > For arguments sake we will call it like this > > Box A : Original Main Server Handles everything currently. > Box B : New Server built with mailscanner/Sendmail/mailwatch etc. > > I need to know how to control the sending of email from box b > to the main box a. I want flexibility in this so I can handle > it at a domain level. I will explain why..... > > Most of my clients retrieve mail by using pop3 which is fine. > If I setup a smart relay in Sendmail it will send *all* mail to box A > > However I want to control it at a domain level so for > domain.x.y.z goto Box A and for domain.s.o.s relay to their > exchange server or similar. > > Normally I would expect to do this from the MTA level such as > Sendmail, however with MailScanner installed and using > Sendmail mailer-relay like I should be totally ignores what I > want. So I was wondering if there is another way? > > I know that this might not be the place to ask and should ask > MTA groups but I took a longshot with this thinking > MailScanner might have some config in It that will help me > with this problem. > > Thanks > Shaun > > > > -------------------------------------------------------------- > ------------------------------------------- > This message has been scanned for viruses and malicious > content by MailShield http://www.mailshield.com.au > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From alex at nkpanama.com Fri May 12 03:00:46 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri May 12 03:01:04 2006 Subject: Can MailScanner Do Smart Relaying? In-Reply-To: References: Message-ID: <4463EC4E.5020500@nkpanama.com> Mike Kercher wrote: > You need to use /etc/mail/mailertable :) > > More accurately, you need to have your MTA do this. From nauman at worldcall.net.pk Fri May 12 05:22:48 2006 From: nauman at worldcall.net.pk (Muhammad Nauman) Date: Fri May 12 05:23:05 2006 Subject: Best Way to Control Relaying? References: <00f001c674d3$12142770$3004010a@martinhlaptop><014f01c674d7$d0d97260$23c051cb@noc> <44634ED6.1040600@nkpanama.com> Message-ID: <004801c6757b$bebf67c0$23c051cb@noc> > Muhammad Nauman wrote: >> Hi >> >> I m using Sendmail 8.13.5 >> and i m relaying my User - using the access featur in sendmail -with file >> : /etc/mail/access >> > 1. Remove the "xxx.xxx.xxx.xxx RELAY" option that you have in that file so > that only AUTHENTICATED users can relay - that way you can have people > accountable for what they do. You may need to run the saslauthd service > for this to work. > 2. Remember to change /usr/share/sendmail-cf/m4/cfhead.m4 to read > _REC_FULL_AUTH_$?{auth_ssf} bits=${auth_ssf}$.) > instead of > _REC_AUTH_$?{auth_ssf} bits=${auth_ssf}$.) > > ... so you can know *who* sent what. You have to "m4 < > /etc/mail/sendmail.mc > /etc/mail/sendmail.cf after the change and restart > MailScanner. Thankx Alex , You been a great HELP ! I already have restricted IP'ies in my /etc/mail/access but they also count up2 about 6000 ip'z So i m not totally Open Relayed at all - ( xxx.xxx.xxx.xxx RELAY ) Not like this what does your 2nd Point do exactly ? and about controlling the amount of mail sent per min - i m using feature great pause in sendmail . but that wo'nt stop them completely can it ? Nauman -- This message has been scanned for viruses and dangerous content by WorldCall Scanner, and is believed to be clean. From maillists at conactive.com Fri May 12 06:31:17 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Fri May 12 06:31:35 2006 Subject: Best Way to Control Relaying? In-Reply-To: <004801c6757b$bebf67c0$23c051cb@noc> References: <00f001c674d3$12142770$3004010a@martinhlaptop> <014f01c674d7$d0d97260$23c051cb@noc> <44634ED6.1040600@nkpanama.com> <004801c6757b$bebf67c0$23c051cb@noc> Message-ID: Muhammad Nauman wrote on Fri, 12 May 2006 09:22:48 +0500: > I already have restricted IP'ies in my /etc/mail/access but they also count > up2 about 6000 ip'z If you only restrict access this way you *are* an open relay. Only using SMTP AUTH will stop abuse. This may help you: http://spam.abuse.net/adminhelp/ Kai From MailScanner at ecs.soton.ac.uk Fri May 12 08:51:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 12 08:51:48 2006 Subject: Beta 4.54.2 released In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B58017681C7@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B58017681C7@isabella.herefordshire.gov.uk> Message-ID: All fixed. On 11 May 2006, at 23:31, Randal, Phil wrote: > Julian, > > You may need to force install Perl-TimeDate. Perl-TimeDate-1.16 is > allegedly "older" than the Perl-TimeDate-1.1305 which I had installed > here. > > During install.sh's execution, we get the error > > "Attempting to build and install perl-HTML-Parser-3.57-1 > Missing file perl-HTML-Parser-3.57-1.src.rpm. Are you in the right > directory?" > > Should be 3.54... > > Cheers, > > Phil > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Julian > Field > Sent: Thursday, May 11, 2006 8:43 PM > To: MailScanner discussion > Subject: Beta 4.54.2 released > > * PGP Bad Signature, Signed by a unverified key: 05/11/06 at 20:43:14 > > I have just updated a load of Perl modules to bring all the modules > used > > by Perl, ClamAV and SpamAssassin up to date. I have ignored changes > such > > as minor documentation changes and stuff like that, but every module > with any major bug-fixes or enhancements has been updated. > > I have put in all the fixes for problems that people have found in > 4.53. > > All the problems with the phishing net and the Web Bug processor > should > now have gone. > > All in all this should now be where 4.53 should have been :-( > > Download from www.mailscanner.info as usual. > > Full Change Log is this: > > * New Features and Improvements * > - sa-update cron job disabled by default > - Support for Sophos version 5. This just requires new > sophos-autoupdate and > sophos-wrapper. There are no changes to the core MailScanner code. > - The Sophos.install script is not needed for version 5 of Sophos. But > it > won't do any harm and will print some useful information on how you > should configure it, and it will make its best attempts to update > the > virus.scanners.conf file to point to your new version 5 > installation. > So I would still strongly advise that you run Sophos.install to > install > Sophos, even with version 5. > - When the SpamAssassin cache is being used, the phrase "cached" or > "not > cached" > is added to the start of the SpamAssassin detailed report in the > headers. > These words are defined in the languages.conf file so you can change > them to > anything you like, and translate them into your local languages. > Please post > all translations back to me for inclusion in the standard > distribution. > - Added a reference to the message batch in the call to look up > "lastafterbatch" > so that MailWatch can get the batch statistics. > - Updated loads of Perl modules to more modern versions where there > have > been > any significant updates to them. Minor doc and test tweaks have been > ignored. > - Updated many Perl modules in ClamAV+SA easy-to-install package. > - ClamAV+SA package does not add extra loadplugin lines if they are > already > present in the init.pre and v310.pre files. > > * Fixes * > - Fixed bug in output formatting of phishing net. This could leave > HTML > links > open. > - Fixed major problem with Web Bug processor. > - Fixed bug in handling of multi-line Subject: lines in Postfix. > Thanks to > James for this fix and his patch. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > * Julian Field > * 0x1415B654 - Unverified (L) > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From admin at thenamegame.com Fri May 12 08:56:30 2006 From: admin at thenamegame.com (Michael S.) Date: Fri May 12 08:55:35 2006 Subject: 3rd time asking, HOW DO I UNINSTALL MAILSCANNER FROM FREEBSD???????????? Message-ID: <200605120755.k4C7tXxb030775@bkserver.blacknight.ie> How do I uninstall MailScanner from Freebsd? When I run make uninstall it tells me MailScanner is not installed but it is installed. make deinstall ===> Deinstalling for mail/mailscanner pkg_info: package bsdpan-Class-Std-Utils-v0.0.2 has no origin recorded pkg_info: package bsdpan-Class-Std-v0.0.8 has no origin recorded pkg_info: package bsdpan-Filesys-Statvfs_Statfs_Df-0.79 has no origin recorded pkg_info: package bsdpan-GDGraph-1.4307 has no origin recorded pkg_info: package bsdpan-GDTextUtil-0.86 has no origin recorded pkg_info: package bsdpan-IO-Interactive-v0.0.3 has no origin recorded pkg_info: package bsdpan-Net_SSLeay.pm-1.30 has no origin recorded pkg_info: package bsdpan-ShadowHash-0.07 has no origin recorded pkg_info: package bsdpan-Term-ReadLine-Perl-1.03 has no origin recorded pkg_info: package bsdpan-TermReadKey-2.30 has no origin recorded pkg_info: package bsdpan-Tie-Watch-1.2 has no origin recorded pkg_info: package bsdpan-Tree-MultiNode-1.0.10 has no origin recorded pkg_info: package bsdpan-Unix-PID-v0.0.6 has no origin recorded pkg_info: package bsdpan-libwww-perl-5.805 has no origin recorded ===> MailScanner not installed, skipping Here lookl drwxrwxr-x 4 500 500 512 May 12 03:26 ./ drwxrwxr-x 590 500 500 12800 May 10 18:09 ../ -rw-r--r-- 1 500 500 14310 May 5 18:03 Makefile -rw-r--r-- 1 500 500 242 May 5 18:03 distinfo drwxrwxr-x 2 500 500 1024 May 5 18:04 files/ -rw-r--r-- 1 500 500 1307 Jan 18 2004 pkg-descr -rw-r--r-- 1 500 500 30933 May 5 18:04 pkg-plist drwx------ 3 root wheel 512 May 12 03:26 work/ I would like to know how to remove this from my server so I can reinstall it! If I can't deinstall it how do I remove it manually? What do I need to do to remove all the files manually? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060512/ec05e2a4/attachment.html From andoni.auzmendi at robertwalters.com Fri May 12 08:59:16 2006 From: andoni.auzmendi at robertwalters.com (Andoni Auzmendi) Date: Fri May 12 08:59:28 2006 Subject: dont see any processes Message-ID: <1A8B0BB098059B42BCFF0EB7E2E62FD065C02E@PAT.internal.robertwalters.com> How many MailScanner E-Mail Virus Scanner version 4.53.8 starting... do you see ? You set in MailScanner.conf the number of processes and you should see those starting up as well. When you ps can you see any postfix processes ? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter Zimen Sent: 11 May 2006 13:55 To: MailScanner discussion Subject: Re: dont see any processes Absolute no errors. May 11 14:54:44 mail postfix/master[8242]: daemon started -- version 2.1.1 May 11 14:54:46 mail MailScanner[8264]: MailScanner E-Mail Virus Scanner version 4.53.8 starting... May 11 14:54:46 mail MailScanner[8264]: Read 717 hostnames from the phishing whitelist May 11 14:54:47 mail MailScanner[8264]: Using SpamAssassin results cache May 11 14:54:47 mail MailScanner[8264]: Connected to SpamAssassin cache database May 11 14:54:47 mail MailScanner[8264]: Expired 2 records from the SpamAssassin cache May 11 14:54:47 mail MailScanner[8264]: Enabling SpamAssassin auto- whitelist functionality... May 11 14:54:48 mail MailScanner[8264]: Using locktype = flock On 11.5.2006, at 14:40, Andoni Auzmendi wrote: > Check in the /var/log/maillog for any errors. > > Andoni > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter > Zimen > Sent: 11 May 2006 13:36 > To: MailScanner discussion > Subject: dont see any processes > > Hello, > where is problem. Mail Scanner normal start via service,scan emails, > but i dont see it in process list (ps axu). > > Every hour is "started" via cron... > > MS is on RedHat9 linux. Last version. > > Peter > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote also confirms that this email message has been swept by > MIMEsweeper for the presence of computer viruses. > > www.mimesweeper.com > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** From MailScanner at ecs.soton.ac.uk Fri May 12 09:07:23 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 12 09:07:57 2006 Subject: Bug in sa-update script and other small things In-Reply-To: References: Message-ID: <8467E107-E6FA-44E7-82C7-57AD843DCB79@ecs.soton.ac.uk> On 11 May 2006, at 13:24, Kai Schaetzl wrote: > 1. > There's a bug in the sa-update script from May 8. The $Disabled > stuff has > been taken over from the perl scripts and therefore throws an error. > > Correct version: > --------------- > Disabled=1 > > if [ $Disabled -eq 1 ]; then > exit > fi > --------------- Oops, forgot which language I was writing. Fixed. > > Btw: is this file getting replaced with a new version if it exists > or only > placed there if non-existant? (Replacement would change the Disabled > setting). Fixed. > Same question for clean_quarantine. It already did this. > > 2. > the default path for gunzip given as /usr/bin/gunzip is not the > default on > Red Hat or SuSE, it's /bin/gunzip. I suggest changing this since > these are > the main targeted platforms it seems. Fixed. > > 3. > could we somehow stop adding the mailscanner.conf symlink to > /etc/mail/spamassassin with each upgrade? I have to remove it each > time > and easily forget that. That one is a bit more awkward. > > 4. > is there a chance you list upgraded perl src.rpms in a file so one can > easily see which ones are new? I really don't see much sense in > installing > the whole bunch of src.rpms time and again with each upgrade and > mostly > just upgrade the mailscanner.rpm. But I check with the older > directory if > there are any newer Perl rpm versions and build and install these if I > don't have them already. > I think there's also something wrong with the detection of already > existing versions, so that rpms get built and installed although > that rpm > is already on board with a newer version. (I don't mean the ones > -MIME-Base64, MIME-Tools- where it says "I'm sorry I have to force > this - > btw: I have been running MailScanner just fine with the regular > MIME-Base64 or the CPANed one in the past.) It might be helpful to > have > more command-line parameters for install.sh, f.i. "noperl" for not > installing any of the packaged Perl rpms and "onlyforcedperl" for only > installing those Perl rpms that are installed anyway. There are some modules where it isn't easy to tell what version you already have installed. It doesn't install more than it finds necessary. I might make this more clever at some point, but it's not exactly high on the list :-( -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From prandal at herefordshire.gov.uk Fri May 12 10:15:06 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri May 12 10:15:36 2006 Subject: DCC Logs (OT but related) Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580CC0B531@isabella.herefordshire.gov.uk> Also ln -s /var/dcc/libexec/cron-dccd /etc/cron.daily/cron-dccd or the equivalent for your *n?x. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A > Sent: 11 May 2006 22:13 > To: MailScanner discussion > Subject: Re: DCC Logs (OT but related) > > edit /var/dcc/dcc_conf - See the ...LOG_AT for dccifd, > assuming you are > using dccifd. man dccd for more... > > Ken A > Pacific.Net > > > > chardlist wrote: > > This is slightly off topic... but I found the mailscanner > help document > > incredibly helpful in setting up DCC to run as a daemon > > http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/312.html. > > > > However DCC is logging a chuck of every message to > /var/dcc/log and it's > > taking up a lot of space. Is there an easy way to simply > tell DCC not to > > log files? I don't need them for anything and would only > turn it on to > > troubleshoot an issue. > > > > Thank you, > > -Brendan > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From drew at themarshalls.co.uk Fri May 12 10:37:42 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri May 12 10:37:55 2006 Subject: 3rd time asking, HOW DO I UNINSTALL MAILSCANNER FROM FREEBSD???????????? In-Reply-To: <200605120755.k4C7tXxb030775@bkserver.blacknight.ie> References: <200605120755.k4C7tXxb030775@bkserver.blacknight.ie> Message-ID: <52119.194.70.180.170.1147426662.squirrel@webmail.r-bit.net> On Fri, May 12, 2006 08:56, Michael S. wrote: > How do I uninstall MailScanner from Freebsd? OK try going to /var/db/pkg and then ls and see if there is an entry for MailScanner listed. If so then just pkg_delete that item, which should remove it. It will not, however, remove the dependencies (Such as the Perl modules). I would suggets installing cut leaves from the ports tree if you want to remove these. That way you will know what is no longer needed by the system. HTH Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From rgreen at trayerproducts.com Fri May 12 12:07:23 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Fri May 12 12:07:49 2006 Subject: :DNS Perl module In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580CC0B4AE@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580CC0B4AE@isabella.herefordshire.gov.uk> Message-ID: <44646C6B.8060203@trayerproducts.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060512/6cbdd1d9/attachment.html From max at kipness.com Fri May 12 12:10:31 2006 From: max at kipness.com (Max Kipness) Date: Fri May 12 12:10:58 2006 Subject: Confusion with Allow Filenames Message-ID: <60667.72.64.76.161.1147432231.squirrel@72.64.76.161> I've been trying to find the answers from archived posts, but I'm still not sure if the following should work or not. I definitely doesn't based on emails with .bmp files attached sent from other mail servers (that don't block .bmp on outbound mail). In mailscanner.conf: Allow Filenames = /etc/MailScanner/rules/allow.filename.conf Allow Filetypes = /etc/MailScanner/rules/allow.filename.conf In /etc/MailScanner/rules/allow.filename.conf: FromOrTo: myemailaddress@domain.com \.bmp FromOrTo: default There are no errors being produced in the maillog, but the rule is being ignored completely. I saw another reference to creating the allow.filename.conf back to individual filename.rule.conf files per domain, but I'd rather not do it that way unless necessary. Can the above work? Or what am I doing wrong? Thanks, Max From mailscanner at lists.com.ar Fri May 12 12:24:13 2006 From: mailscanner at lists.com.ar (Leonardo Helman) Date: Fri May 12 12:24:43 2006 Subject: 404 for signature 4.54.2-2 Message-ID: <20060512112413.GC14134@pert.com.ar> There is no signature for 4.54.2-2 (in tar dir) http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/MailScanner-install-4.54.2-2.tar.gz.sig Saludos -- Leonardo Helman Pert Consultores Argentina From martinh at solid-state-logic.com Fri May 12 12:31:24 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri May 12 12:32:02 2006 Subject: Confusion with Allow Filenames In-Reply-To: <60667.72.64.76.161.1147432231.squirrel@72.64.76.161> Message-ID: <00aa01c675b7$9992fd90$3004010a@martinhlaptop> Max Have a look here http://wiki.mailscanner.info/doku.php?id=documentation:configuration:ruleset s:overloading For an example of this.. Basically you need to provide an override filename in the rule, not the actual filenames/type you want to override. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Max Kipness > Sent: 12 May 2006 12:11 > To: mailscanner@lists.mailscanner.info > Subject: Confusion with Allow Filenames > > I've been trying to find the answers from archived posts, but I'm still > not sure if the following should work or not. I definitely doesn't based > on emails with .bmp files attached sent from other mail servers (that > don't block .bmp on outbound mail). > > In mailscanner.conf: > Allow Filenames = /etc/MailScanner/rules/allow.filename.conf > Allow Filetypes = /etc/MailScanner/rules/allow.filename.conf > > In /etc/MailScanner/rules/allow.filename.conf: > FromOrTo: myemailaddress@domain.com \.bmp > FromOrTo: default > > There are no errors being produced in the maillog, but the rule is being > ignored completely. > > I saw another reference to creating the allow.filename.conf back to > individual filename.rule.conf files per domain, but I'd rather not do it > that way unless necessary. > > Can the above work? Or what am I doing wrong? > > Thanks, > Max > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From maillists at conactive.com Fri May 12 13:31:18 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Fri May 12 13:31:25 2006 Subject: Confusion with Allow Filenames In-Reply-To: <60667.72.64.76.161.1147432231.squirrel@72.64.76.161> References: <60667.72.64.76.161.1147432231.squirrel@72.64.76.161> Message-ID: Max Kipness wrote on Fri, 12 May 2006 06:10:31 -0500 (CDT): > I've been trying to find the answers from archived posts, but I'm still > not sure if the following should work or not. It should not. It just behaves like described in MailScanner.conf, one line of extensions. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Fri May 12 14:28:50 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 12 14:29:12 2006 Subject: Confusion with Allow Filenames In-Reply-To: <60667.72.64.76.161.1147432231.squirrel@72.64.76.161> References: <60667.72.64.76.161.1147432231.squirrel@72.64.76.161> Message-ID: <887EF39A-347C-4D3F-88FD-964BF74190A7@ecs.soton.ac.uk> On 12 May 2006, at 12:10, Max Kipness wrote: > I've been trying to find the answers from archived posts, but I'm > still > not sure if the following should work or not. I definitely doesn't > based > on emails with .bmp files attached sent from other mail servers (that > don't block .bmp on outbound mail). > > In mailscanner.conf: > Allow Filenames = /etc/MailScanner/rules/allow.filename.conf > Allow Filetypes = /etc/MailScanner/rules/allow.filename.conf > > In /etc/MailScanner/rules/allow.filename.conf: > FromOrTo: myemailaddress@domain.com \.bmp > FromOrTo: default > > There are no errors being produced in the maillog, but the rule is > being > ignored completely. > > I saw another reference to creating the allow.filename.conf back to > individual filename.rule.conf files per domain, but I'd rather not > do it > that way unless necessary. > > Can the above work? Or what am I doing wrong? A few months ago I created an alternative way of doing all this which you may find much easier to use when creating simple sets of restrictions for different groups of users. One of the few things you cannot do with this new method is to have rules containing any tabs or spaces. But that's not a problem most of the time. First of all these configuration options are considered. If nothing matched, then the filename.rules.conf file is used as it always has been. There is course a similar set of options for filetypes as well as filenames. Can someone write some documentation for the wiki pointing out this alternative method please? Here is the documentation about it, taken directly from MailScanner.conf. # To simplify web-based configuration systems, there are now two extra # settings here. They are both intended for use with normal rulesets # that you would expect to find in %rules-dir%. The first gives a list # of patterns to match against the attachment filenames, and a filename # is allowed if it matches any of these patterns. The second gives the # the equivalent list for patterns that are used to deny filenames. # If either of these match at all, then filename.rules.conf is ignored # for that filename. # So you can easily have a set like this: # Allow Filenames = \.txt$ \.pdf$ # Deny Filenames = \.com$ \.exe$ \.cpl$ \.pif$ # which is a lot simpler than having to handle filename.rules.conf! # It is far simpler when you want to change the allowed+denied list for # different domains/addresses, as you can use the filename of a simple # ruleset here instead. # NOTE: The filename and filetype rules are separate, so if you want to # allow executable *.exe files you will need at least # Allow Filenames = \.exe$ # Allow Filetypes = executable # to make it pass both tests. If either test denies the attachment # then it will be blocked. # Allow any attachment filenames matching any of the patters listed here. # If this setting is empty, it is ignored and no matches are made. # This can also be the filename of a ruleset. Allow Filenames = # Deny any attachment filenames matching any of the patters listed here. # If this setting is empty, it is ignored and no matches are made. # This can also be the filename of a ruleset. Deny Filenames = -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Fri May 12 15:09:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 12 15:09:55 2006 Subject: 404 for signature 4.54.2-2 In-Reply-To: <20060512112413.GC14134@pert.com.ar> References: <20060512112413.GC14134@pert.com.ar> Message-ID: Sorry about that. I have added all the signatures now. Glad to see that at least 1 person checks them! On 12 May 2006, at 12:24, Leonardo Helman wrote: > There is no signature for 4.54.2-2 (in tar dir) > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/ > MailScanner-install-4.54.2-2.tar.gz.sig > > > > Saludos > -- > Leonardo Helman > Pert Consultores > Argentina > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From rob at thehostmasters.com Fri May 12 15:13:38 2006 From: rob at thehostmasters.com (Rob Morin) Date: Fri May 12 15:13:49 2006 Subject: Mail refused by SORBS because it is considered dynamic IP?????? Message-ID: <44649812.7070805@thehostmasters.com> OK this is just not right! ----------------------- Un probl?me de communication SMTP s'est produit avec le serveur de messagerie du destinataire. Contactez votre administrateur syst?me. ---------------------- We have had a static IP for 4 years now via our ISP on a DSL line.... now whats the diff if my ISP says its dynamic or not? How does sorbs even tell this? Its not right to refuse email based on that it might be a dynamic IP..... Has anyone seen this before?? Any help appreciated... Thanks... -- Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 From adrik at salesmanager.nl Fri May 12 15:25:53 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Fri May 12 15:25:55 2006 Subject: Mail refused by SORBS because it is considered dynamic IP?????? Message-ID: Rob, Have you tried contacting SORBS support to get your entry removed? See the link at the bottom of their check page. It seems they are blocking the subnet 206.248.146.128/26 (128 through 191). Adri. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Rob Morin > Sent: vrijdag 12 mei 2006 16:14 > To: MailScanner discussion > Subject: Mail refused by SORBS because it is considered > dynamic IP?????? > > OK this is just not right! > > ----------------------- > Un probl?me de communication SMTP s'est produit avec le > serveur de messagerie du destinataire. Contactez votre > administrateur syst?me. > unavailable; [206.248.146.164] blocked using > dul.dnsbl.sorbs.net, reason: Dynamic IP Addresses See: > http://www.sorbs.net/lookup.shtml?206.248.146.164> > ---------------------- > > We have had a static IP for 4 years now via our ISP on a DSL line.... > now whats the diff if my ISP says its dynamic or not? How > does sorbs even tell this? Its not right to refuse email > based on that it might be a dynamic IP..... > > Has anyone seen this before?? > > Any help appreciated... > > Thanks... > > -- > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ugob at camo-route.com Fri May 12 16:12:50 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Fri May 12 16:13:30 2006 Subject: MailScanner ANNOUNCE: Stable 4.53.6 released References: <4455D428.6020502@ecs.soton.ac.uk> Message-ID: Julian Field wrote in news:D9701541-E799- 44E7-8F72-0BB384CECB1E@ecs.soton.ac.uk: > > On 10 May 2006, at 22:02, Ugo Bellavance wrote: > >> Julian Field wrote in >> news:4455D428.6020502@ecs.soton.ac.uk: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> I have just released the May release of MailScanner, version 4.53.6. >> >> >> >>> >>> - - Support for numerical IP addresses in phishing.safe.sites.conf. >>> Using this, entire servers can be whitelisted with one entry, >>> removing >>> the need to add every domain provided by that server. >> >> Would it be easy for you julian to add a config that allow to >> whitelist an >> IP but in the URLS, for the "Also Find Numeric Phishing = " >> setting., so >> that we can jut put an IP address there and the phishing net will not >> trigger an alert when this IP is in the URL in a message? > > Have you tried it? I thought you already could do that. > You're right. I just tested it and it works. I guess I read the comment at the top of the file too quickly :(. Thanks, From slwatts at winckworths.co.uk Fri May 12 16:26:02 2006 From: slwatts at winckworths.co.uk (Sam Luxford-Watts) Date: Fri May 12 16:26:37 2006 Subject: problem with vanishing tags Message-ID: Hi All, I have just upgraded to MS 4.53.8-1 and we have a problem with tags vanishing from the body of some email messages. As it happened the only source that we can reliably duplicate this error is one of our internet servers that runs a script that sends an email with a link to some of our staff (a kind of workflow thing). Mailscanner appears to be modifying the link as follows: From: CLICK HERE TO VIEW APPROVED PENDING RECORD To: Any ideas as to why it behaves this way? Nothing is logged in the maillog. Thanks, Sam Sam Luxford-Watts IT Manager DT: 020 75935173 DF: 020 75935099 -------------- Winckworth Sherwood, ranked first in the Diversity League Table 2006 UK 100 Plus - a survey analysing ethnicity and gender in the legal profession, commissioned by the Black Solicitors Network and the Commission for Racial Equality. -------------- Winckworth Sherwood Solicitors and Parliamentary Agents, DX 148400 WESTMINSTER 5: 35 Great Peter Street, London SW1P 3LR. Telephone +44 (0)20 7593 5000 Fax +44 (0)20 7593 5099. www.winckworths.co.uk This email and any attachments are confidential and may be the subject of legal privilege. Any use, copying or disclosure other than by the intended recipient is unauthorised. If you have received this message in error, please notify the sender immediately via +44 (0)20 7593 5000 and delete this message from your computer and network. Winckworth Sherwood is regulated by the Law Society. A list of partners is available for inspection at the above address. From steve.swaney at fsl.com Fri May 12 16:33:18 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Fri May 12 16:33:23 2006 Subject: problem with vanishing tags In-Reply-To: Message-ID: <014e01c675d9$64efd4b0$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Sam Luxford-Watts > Sent: Friday, May 12, 2006 11:26 AM > To: 'MailScanner discussion' > Subject: problem with vanishing tags > > Hi All, > > I have just upgraded to MS 4.53.8-1 and we have a problem with tags > vanishing from the body of some email messages. As it happened the only > source that we can reliably duplicate this error is one of our internet > servers that runs a script that sends an email with a link to some of our > staff (a kind of workflow thing). Mailscanner appears to be modifying the > link as follows: > > From: > CLICK > HERE > TO VIEW APPROVED PENDING RECORD > > To: > > > Any ideas as to why it behaves this way? Nothing is logged in the maillog. > > Thanks, > > Sam > Sam Luxford-Watts > IT Manager We had the same problem which Julian quickly fixed. He released a new Message.pm which fixed the problem. Just search the list for Message.pm or upgrade to the latest beta which includes the fix. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From prandal at herefordshire.gov.uk Fri May 12 16:33:20 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri May 12 16:33:30 2006 Subject: problem with vanishing tags Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580CC0B5FD@isabella.herefordshire.gov.uk> There was a bug in 4.53.8 which may have done this. Try MailScanner 4.54.2-2 to see if that fixes it. 4.54.2-2 works fine here. Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Sam Luxford-Watts > Sent: 12 May 2006 16:26 > To: 'MailScanner discussion' > Subject: problem with vanishing tags > > Hi All, > > I have just upgraded to MS 4.53.8-1 and we have a problem > with tags > vanishing from the body of some email messages. As it > happened the only > source that we can reliably duplicate this error is one of > our internet > servers that runs a script that sends an email with a link to > some of our > staff (a kind of workflow thing). Mailscanner appears to be > modifying the > link as follows: > > From: > href="http://myserver.mydomain.tld/dir1/script.ASP?ACCM=35550" > >CLICK HERE > TO VIEW APPROVED PENDING RECORD > > To: > > > Any ideas as to why it behaves this way? Nothing is logged in > the maillog. > > Thanks, > > Sam > Sam Luxford-Watts > IT Manager > > DT: 020 75935173 > DF: 020 75935099 > > > -------------- > Winckworth Sherwood, ranked first in the Diversity League > Table 2006 UK 100 Plus - a survey analysing ethnicity and > gender in the legal profession, commissioned by the Black > Solicitors Network and the Commission for Racial Equality. > -------------- > > Winckworth Sherwood > Solicitors and Parliamentary Agents, DX 148400 WESTMINSTER 5: > 35 Great Peter Street, London SW1P 3LR. Telephone +44 (0)20 > 7593 5000 Fax +44 (0)20 7593 5099. > www.winckworths.co.uk > > This email and any attachments are confidential and may be > the subject of legal privilege. Any use, copying or > disclosure other than by the intended recipient is > unauthorised. If you have received this message in error, > please notify the sender immediately via +44 (0)20 7593 5000 > and delete this message from your computer and network. > > Winckworth Sherwood is regulated by the Law Society. A list > of partners is available for inspection at the above address. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From slwatts at winckworths.co.uk Fri May 12 16:58:27 2006 From: slwatts at winckworths.co.uk (Sam Luxford-Watts) Date: Fri May 12 16:59:19 2006 Subject: problem with vanishing tags Message-ID: Great - thanks will download and upgrade. Sam -----Original Message----- From: Randal, Phil [mailto:prandal@herefordshire.gov.uk] Sent: Friday, May 12, 2006 4:33 PM To: MailScanner discussion Subject: RE: problem with vanishing tags There was a bug in 4.53.8 which may have done this. Try MailScanner 4.54.2-2 to see if that fixes it. 4.54.2-2 works fine here. Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Sam Luxford-Watts > Sent: 12 May 2006 16:26 > To: 'MailScanner discussion' > Subject: problem with vanishing tags > > Hi All, > > I have just upgraded to MS 4.53.8-1 and we have a problem > with tags > vanishing from the body of some email messages. As it > happened the only > source that we can reliably duplicate this error is one of > our internet > servers that runs a script that sends an email with a link to > some of our > staff (a kind of workflow thing). Mailscanner appears to be > modifying the > link as follows: > > From: > href="http://myserver.mydomain.tld/dir1/script.ASP?ACCM=35550" > >CLICK HERE > TO VIEW APPROVED PENDING RECORD > > To: > > > Any ideas as to why it behaves this way? Nothing is logged in > the maillog. > > Thanks, > > Sam > Sam Luxford-Watts > IT Manager > > DT: 020 75935173 > DF: 020 75935099 > > > -------------- > Winckworth Sherwood, ranked first in the Diversity League > Table 2006 UK 100 Plus - a survey analysing ethnicity and > gender in the legal profession, commissioned by the Black > Solicitors Network and the Commission for Racial Equality. > -------------- > > Winckworth Sherwood > Solicitors and Parliamentary Agents, DX 148400 WESTMINSTER 5: > 35 Great Peter Street, London SW1P 3LR. Telephone +44 (0)20 > 7593 5000 Fax +44 (0)20 7593 5099. > www.winckworths.co.uk > > This email and any attachments are confidential and may be > the subject of legal privilege. Any use, copying or > disclosure other than by the intended recipient is > unauthorised. If you have received this message in error, > please notify the sender immediately via +44 (0)20 7593 5000 > and delete this message from your computer and network. > > Winckworth Sherwood is regulated by the Law Society. A list > of partners is available for inspection at the above address. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- Winckworth Sherwood, ranked first in the Diversity League Table 2006 UK 100 Plus - a survey analysing ethnicity and gender in the legal profession, commissioned by the Black Solicitors Network and the Commission for Racial Equality. -------------- Winckworth Sherwood Solicitors and Parliamentary Agents, DX 148400 WESTMINSTER 5: 35 Great Peter Street, London SW1P 3LR. Telephone +44 (0)20 7593 5000 Fax +44 (0)20 7593 5099. www.winckworths.co.uk This email and any attachments are confidential and may be the subject of legal privilege. Any use, copying or disclosure other than by the intended recipient is unauthorised. If you have received this message in error, please notify the sender immediately via +44 (0)20 7593 5000 and delete this message from your computer and network. Winckworth Sherwood is regulated by the Law Society. A list of partners is available for inspection at the above address. From mike at tc3net.com Fri May 12 17:11:04 2006 From: mike at tc3net.com (Michael Baird) Date: Fri May 12 17:10:06 2006 Subject: Mail refused by SORBS because it is considered dynamic IP?????? In-Reply-To: <44649812.7070805@thehostmasters.com> References: <44649812.7070805@thehostmasters.com> Message-ID: <1147450264.30106.27.camel@mike-new2.tc3net.com> It is because of the reverse lookup name. Have your ISP put in a different reverse name for you mail server (have it match the forward even). nslookup 206.248.146.164 Server: 64.112.192.34 Address: 64.112.192.34#53 Non-authoritative answer: 164.146.248.206.in-addr.arpa name = 206-248-146-164.dsl.teksavvy.com. It's silly, but having the string "dsl" in the reverse is why they are detecting it as a dialup/residential IP address (dul.dnsbl.sorbs.net). Regards Michael Baird > OK this is just not right! > > ----------------------- > Un probl?me de communication SMTP s'est produit avec le serveur de > messagerie du destinataire. Contactez votre administrateur syst?me. > [206.248.146.164] blocked using dul.dnsbl.sorbs.net, reason: Dynamic IP > Addresses See: http://www.sorbs.net/lookup.shtml?206.248.146.164> > ---------------------- > > We have had a static IP for 4 years now via our ISP on a DSL line.... > now whats the diff if my ISP says its dynamic or not? How does sorbs > even tell this? Its not right to refuse email based on that it might be > a dynamic IP..... > > Has anyone seen this before?? > > Any help appreciated... > > Thanks... > > -- > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > From lhaig at haigmail.com Fri May 12 17:25:50 2006 From: lhaig at haigmail.com (Lance Haig) Date: Fri May 12 17:26:03 2006 Subject: is this error bad? Message-ID: <4464B70E.8030706@haigmail.com> Whenever I upgrade mailscanner i get the following error perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package perl-5.8.6-5.3 is this bad or can I ignore it? Regards Lance From MailScanner at ecs.soton.ac.uk Fri May 12 17:34:41 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 12 17:34:58 2006 Subject: is this error bad? In-Reply-To: <4464B70E.8030706@haigmail.com> References: <4464B70E.8030706@haigmail.com> Message-ID: <28069C3F-7717-4F1E-8955-0053C06BABA0@ecs.soton.ac.uk> You can ignore it perfectly safely. On 12 May 2006, at 17:25, Lance Haig wrote: > Whenever I upgrade mailscanner i get the following error > > perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package > perl-5.8.6-5.3 > > is this bad or can I ignore it? > > Regards > > Lance > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From lhaig at haigmail.com Fri May 12 17:39:31 2006 From: lhaig at haigmail.com (Lance Haig) Date: Fri May 12 17:39:35 2006 Subject: is this error bad? In-Reply-To: <28069C3F-7717-4F1E-8955-0053C06BABA0@ecs.soton.ac.uk> References: <4464B70E.8030706@haigmail.com> <28069C3F-7717-4F1E-8955-0053C06BABA0@ecs.soton.ac.uk> Message-ID: <4464BA43.1060803@haigmail.com> Thanks Jullian, Lance Julian Field wrote: > You can ignore it perfectly safely. > > On 12 May 2006, at 17:25, Lance Haig wrote: > >> Whenever I upgrade mailscanner i get the following error >> >> perl-ExtUtils-MakeMaker-6.30-1 conflicts with file from package >> perl-5.8.6-5.3 >> >> is this bad or can I ignore it? >> >> Regards >> >> Lance >> >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > --Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > --This message has been scanned for viruses and > dangerous content by Red Armour MailScanner, and is > believed to be clean. http://www.redarmour.co.uk > > > From max at assuredata.com Fri May 12 17:57:19 2006 From: max at assuredata.com (Max Kipness) Date: Fri May 12 17:57:42 2006 Subject: Confusion with Allow Filenames Message-ID: <11375BD8FE838A409E10DB32B9BFFE9B77F5@addc01.assuredata.local> > On 12 May 2006, at 12:10, Max Kipness wrote: > > > I've been trying to find the answers from archived posts, but I'm > > still > > not sure if the following should work or not. I definitely doesn't > > based > > on emails with .bmp files attached sent from other mail servers (that > > don't block .bmp on outbound mail). > > > > In mailscanner.conf: > > Allow Filenames = /etc/MailScanner/rules/allow.filename.conf > > Allow Filetypes = /etc/MailScanner/rules/allow.filename.conf > > > > In /etc/MailScanner/rules/allow.filename.conf: > > FromOrTo: myemailaddress@domain.com \.bmp > > FromOrTo: default > > > > There are no errors being produced in the maillog, but the rule is > > being > > ignored completely. > > > > I saw another reference to creating the allow.filename.conf back to > > individual filename.rule.conf files per domain, but I'd rather not > > do it > > that way unless necessary. > > > > Can the above work? Or what am I doing wrong? > > A few months ago I created an alternative way of doing all this which > you may find much easier to use when creating simple sets of > restrictions for different groups of users. One of the few things you > cannot do with this new method is to have rules containing any tabs > or spaces. But that's not a problem most of the time. > > First of all these configuration options are considered. If nothing > matched, then the filename.rules.conf file is used as it always has > been. > > There is course a similar set of options for filetypes as well as > filenames. > > Can someone write some documentation for the wiki pointing out this > alternative method please? > I've read the inline docs, and I'm not clear on how you use a ruleset to accomplish what I explained above. Does the ruleset have to then point to different filename.rules.conf files for each user/domain? Or is there some other way of doing it? Thanks, Max From sking at tufftorq.com Fri May 12 18:23:15 2006 From: sking at tufftorq.com (sking@tufftorq.com) Date: Fri May 12 18:16:28 2006 Subject: Scott King/Tufftorq is IN the office. Message-ID: I will be out of the office starting 05/12/2006 and will not return until 05/15/2006. This is only a test of the Out of Office feature. Please disregard this. From alex at nkpanama.com Fri May 12 19:19:33 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri May 12 19:20:05 2006 Subject: Best Way to Control Relaying? In-Reply-To: References: <00f001c674d3$12142770$3004010a@martinhlaptop> <014f01c674d7$d0d97260$23c051cb@noc> <44634ED6.1040600@nkpanama.com> <004801c6757b$bebf67c0$23c051cb@noc> Message-ID: <4464D1B5.8090509@nkpanama.com> Kai Schaetzl wrote: > Muhammad Nauman wrote on Fri, 12 May 2006 09:22:48 +0500: > > >> I already have restricted IP'ies in my /etc/mail/access but they also count >> up2 about 6000 ip'z >> > > If you only restrict access this way you *are* an open relay. Only using SMTP > AUTH will stop abuse. This may help you: > http://spam.abuse.net/adminhelp/ > What Kai means, more accurately, is that, to _your customers_, you _are_ an open relay. This also means that to _viruses_ and _spyware_ running on your customers' machines, you _are_ an open relay. For all intents and purposes... Understand this, this is the important part... You *cannot* allow yourself to be an open relay, to *anyone*, under *any* circumstances. People must be made responsible for their actions, and that's where my second point comes in. When you change REC_AUTH to REC_FULL_AUTH, what you're doing is asking sendmail to add "authenticated user mnauman" instead of "authenticated user" to your headers. That way you can know, immediately, who sent the e-mail - as opposed to just knowing it was authenticated and having to fish through the logs for the specific msg id. From sking at tufftorq.com Fri May 12 19:32:06 2006 From: sking at tufftorq.com (sking@tufftorq.com) Date: Fri May 12 19:25:14 2006 Subject: Scott King/Tufftorq is IN the office. Message-ID: I will be out of the office starting 05/12/2006 and will not return until 05/15/2006. This is only a test of the Out of Office feature. Please disregard this. From alex at nkpanama.com Fri May 12 19:26:37 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri May 12 19:27:08 2006 Subject: Mail refused by SORBS because it is considered dynamic IP?????? In-Reply-To: <1147450264.30106.27.camel@mike-new2.tc3net.com> References: <44649812.7070805@thehostmasters.com> <1147450264.30106.27.camel@mike-new2.tc3net.com> Message-ID: <4464D35D.6000805@nkpanama.com> Michael Baird wrote: > It is because of the reverse lookup name. Have your ISP put in a > different reverse name for you mail server (have it match the forward > even). > > > Non-authoritative answer: > 164.146.248.206.in-addr.arpa name = 206-248-146-164.dsl.teksavvy.com. I've seen this a lot. If your e-mail server is supposed to be called "flexserv.flex.com" then your reverse DNS "should" be called the same. Tell your ISP to do it. Tell them you'll take your juicy 4-year-old contract elsewhere if they say they can't/won't. From sking at tufftorq.com Fri May 12 19:37:05 2006 From: sking at tufftorq.com (sking@tufftorq.com) Date: Fri May 12 19:30:14 2006 Subject: Scott King/Tufftorq is IN the office. Message-ID: I will be out of the office starting 05/12/2006 and will not return until 05/15/2006. This is only a test of the Out of Office feature. Please disregard this. From sking at tufftorq.com Fri May 12 19:41:05 2006 From: sking at tufftorq.com (sking@tufftorq.com) Date: Fri May 12 19:34:14 2006 Subject: Scott King/Tufftorq is IN the office. Message-ID: I will be out of the office starting 05/12/2006 and will not return until 05/15/2006. This is only a test of the Out of Office feature. Please disregard this. From sking at tufftorq.com Fri May 12 19:43:06 2006 From: sking at tufftorq.com (sking@tufftorq.com) Date: Fri May 12 19:36:13 2006 Subject: Scott King/Tufftorq is IN the office. Message-ID: I will be out of the office starting 05/12/2006 and will not return until 05/15/2006. This is only a test of the Out of Office feature. Please disregard this. From sking at tufftorq.com Fri May 12 19:46:05 2006 From: sking at tufftorq.com (sking@tufftorq.com) Date: Fri May 12 19:39:14 2006 Subject: Scott King/Tufftorq is IN the office. Message-ID: I will be out of the office starting 05/12/2006 and will not return until 05/15/2006. This is only a test of the Out of Office feature. Please disregard this. From jaearick at colby.edu Fri May 12 19:37:06 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri May 12 19:41:38 2006 Subject: Scott King/Tufftorq is IN the office. In-Reply-To: References: Message-ID: Julian, Please disable this guy... Third one this afternoon from this guy. On Fri, 12 May 2006, sking@tufftorq.com wrote: > Date: Fri, 12 May 2006 14:37:05 -0400 > From: sking@tufftorq.com > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Scott King/Tufftorq is IN the office. > > I will be out of the office starting 05/12/2006 and will not return until > 05/15/2006. > > This is only a test of the Out of Office feature. Please disregard this. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From sking at tufftorq.com Fri May 12 19:52:05 2006 From: sking at tufftorq.com (sking@tufftorq.com) Date: Fri May 12 19:45:13 2006 Subject: Scott King/Tufftorq is IN the office. Message-ID: I will be out of the office starting 05/12/2006 and will not return until 05/15/2006. This is only a test of the Out of Office feature. Please disregard this. From sking at tufftorq.com Fri May 12 19:54:06 2006 From: sking at tufftorq.com (sking@tufftorq.com) Date: Fri May 12 19:47:14 2006 Subject: Scott King/Tufftorq is IN the office. Message-ID: I will be out of the office starting 05/12/2006 and will not return until 05/15/2006. This is only a test of the Out of Office feature. Please disregard this. From sking at tufftorq.com Fri May 12 19:57:05 2006 From: sking at tufftorq.com (sking@tufftorq.com) Date: Fri May 12 19:50:14 2006 Subject: Scott King/Tufftorq is IN the office. Message-ID: I will be out of the office starting 05/12/2006 and will not return until 05/15/2006. This is only a test of the Out of Office feature. Please disregard this. From sailer at bnl.gov Fri May 12 19:51:00 2006 From: sailer at bnl.gov (Tim Sailer) Date: Fri May 12 19:51:16 2006 Subject: Scott King/Tufftorq is IN the office. In-Reply-To: References: Message-ID: <20060512185100.GA20428@bnl.gov> :) What kind out testing for an out of office feature sends mail when you are *IN* the office. Tim On Fri, May 12, 2006 at 02:37:06PM -0400, Jeff A. Earickson wrote: > Julian, > Please disable this guy... Third one this afternoon from this guy. > > On Fri, 12 May 2006, sking@tufftorq.com wrote: > > >Date: Fri, 12 May 2006 14:37:05 -0400 > >From: sking@tufftorq.com > >Reply-To: MailScanner discussion > >To: MailScanner discussion > >Subject: Scott King/Tufftorq is IN the office. > > > >I will be out of the office starting 05/12/2006 and will not return until > >05/15/2006. > > > >This is only a test of the Out of Office feature. Please disregard this. > > > >-- > >MailScanner mailing list > >mailscanner@lists.mailscanner.info > >http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > >Before posting, read http://wiki.mailscanner.info/posting > > > >Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Tim Sailer Information and Special Technologies Program Northeast Regional Counterintelligence Office Brookhaven National Laboratory (631) 344-3001 From jwilliams at courtesymortgage.com Fri May 12 19:53:42 2006 From: jwilliams at courtesymortgage.com (Jason Williams) Date: Fri May 12 19:52:09 2006 Subject: Holding/Redirecting email from a cetain account? Message-ID: <01BCE961CD5E4146B83F920FC6A4F2351F71E2@cmexchange01.CourtesyMortgage.local> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans Sent: Tuesday, May 09, 2006 9:01 AM To: MailScanner discussion Subject: Re: Holding/Redirecting email from a cetain account? Jason Williams wrote: > > Something was asked of me this morning and im not sure how to do it. > > There is a former employee who is sending some not so nice emails that > management would like to take a look at. At first, they wanted me to > just "discard" them. Which was a piece of cake with postfix. > > However, as far as redirecting them to a certain email address, that I > am not sure about and was hoping someone might be able to lend some help. > > Anyone have ideas on how this migh be done? > > Running MS 4.46.2 with Postfix 2.2.8 > > Appreciate it. > > Jason > > > -- > This message has been scanned for viruses and dangerous content by > *MailScanner* , and is believed to be > clean. >You could use the "Archive Mail" option with a ruleset like: > >Archive Mail = %rules-dir%/archive.rules > >with the following: > >FromOrTo: nasty.employee@yourcompany.com /home/jason/mail/nasty >FromOrTo: default no > >That way all mail from or to the guy in question would get sent to a standard mbox file, readable using IMAP or importable into anything else. > >This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.> Appreciate the feedback and help on this. I'll give the above a shot. Just so I am clear, what does the last line do: FromorTo: default no Is that needed? Thanks, Jason -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Fri May 12 19:52:59 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Fri May 12 19:53:04 2006 Subject: Mail refused by SORBS because it is considered dynamic IP?????? In-Reply-To: <44649812.7070805@thehostmasters.com> References: <44649812.7070805@thehostmasters.com> Message-ID: Rob Morin wrote on Fri, 12 May 2006 10:13:38 -0400: > We have had a static IP for 4 years now via our ISP on a DSL line.... > now whats the diff if my ISP says its dynamic or not? Your ISP didn't tell SORBS. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From sking at tufftorq.com Fri May 12 20:00:05 2006 From: sking at tufftorq.com (sking@tufftorq.com) Date: Fri May 12 19:53:14 2006 Subject: Scott King/Tufftorq is IN the office. Message-ID: I will be out of the office starting 05/12/2006 and will not return until 05/15/2006. This is only a test of the Out of Office feature. Please disregard this. From jrudd at ucsc.edu Fri May 12 19:56:30 2006 From: jrudd at ucsc.edu (John Rudd) Date: Fri May 12 19:56:57 2006 Subject: Mail refused by SORBS because it is considered dynamic IP?????? In-Reply-To: <1147450264.30106.27.camel@mike-new2.tc3net.com> References: <44649812.7070805@thehostmasters.com> <1147450264.30106.27.camel@mike-new2.tc3net.com> Message-ID: <5a9b3bd0f914d52ddf4de39b9ba677a5@ucsc.edu> Though, even without "dsl" in the hostname, having the IP address in the hostname makes it look like a dialup/residential IP too. (my local set up would block it for _either_ of those reasons, for example) On May 12, 2006, at 9:11 AM, Michael Baird wrote: > It is because of the reverse lookup name. Have your ISP put in a > different reverse name for you mail server (have it match the forward > even). > > nslookup 206.248.146.164 > Server: 64.112.192.34 > Address: 64.112.192.34#53 > > Non-authoritative answer: > 164.146.248.206.in-addr.arpa name = > 206-248-146-164.dsl.teksavvy.com. > > It's silly, but having the string "dsl" in the reverse is why they are > detecting it as a dialup/residential IP address (dul.dnsbl.sorbs.net). > > Regards > Michael Baird > >> OK this is just not right! >> >> ----------------------- >> Un probl?me de communication SMTP s'est produit avec le serveur de >> messagerie du destinataire. Contactez votre administrateur syst?me. >> > [206.248.146.164] blocked using dul.dnsbl.sorbs.net, reason: Dynamic >> IP >> Addresses See: http://www.sorbs.net/lookup.shtml?206.248.146.164> >> ---------------------- >> >> We have had a static IP for 4 years now via our ISP on a DSL line.... >> now whats the diff if my ISP says its dynamic or not? How does sorbs >> even tell this? Its not right to refuse email based on that it might >> be >> a dynamic IP..... >> >> Has anyone seen this before?? >> >> Any help appreciated... >> >> Thanks... >> >> -- >> >> Rob Morin >> Dido InterNet Inc. >> Montreal, Canada >> Http://www.dido.ca >> 514-990-4444 >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From rob at robhq.com Fri May 12 20:01:50 2006 From: rob at robhq.com (rob freeman) Date: Fri May 12 19:57:49 2006 Subject: Scott King/Tufftorq is IN the office. In-Reply-To: Message-ID: <13916891.1147460510897.JavaMail.root@gollum.robhq.com> Up to 7 here.? I think the test worked. ----- Original Message ----- From: mailscanner-bounces@lists.mailscanner.info on behalf of Jeff A. Earickson Sent: Fri, 5/12/2006 1:52pm To: MailScanner discussion Subject: Re: Scott King/Tufftorq is IN the office. Julian, ?? Please disable this guy...??Third one this afternoon from this guy. On Fri, 12 May 2006, sking@tufftorq.com wrote: > Date: Fri, 12 May 2006 14:37:05 -0400 > From: sking@tufftorq.com > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Scott King/Tufftorq is IN the office. > > I will be out of the office starting??05/12/2006 and will not return until > 05/15/2006. > > This is only a test of the Out of Office feature. Please disregard this. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From KShortt at ussco.com Fri May 12 20:07:58 2006 From: KShortt at ussco.com (Shortt, Kevin) Date: Fri May 12 20:08:04 2006 Subject: Scott King/Tufftorq is IN the office. Message-ID: <122DFF9D468A2F4DAC3405E57A39DF7804C9D220@Fsc-Mail-2.na.ds.ussco.com> Here's some feedback: Test it on another list. -k -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Tim Sailer Sent: Friday, May 12, 2006 1:51 PM To: MailScanner discussion Subject: Re: Scott King/Tufftorq is IN the office. :) What kind out testing for an out of office feature sends mail when you are *IN* the office. Tim On Fri, May 12, 2006 at 02:37:06PM -0400, Jeff A. Earickson wrote: > Julian, > Please disable this guy... Third one this afternoon from this guy. > > On Fri, 12 May 2006, sking@tufftorq.com wrote: > > >Date: Fri, 12 May 2006 14:37:05 -0400 > >From: sking@tufftorq.com > >Reply-To: MailScanner discussion > >To: MailScanner discussion > >Subject: Scott King/Tufftorq is IN the office. > > > >I will be out of the office starting 05/12/2006 and will not return > >until 05/15/2006. > > > >This is only a test of the Out of Office feature. Please disregard this. > > > >-- > >MailScanner mailing list > >mailscanner@lists.mailscanner.info > >http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > >Before posting, read http://wiki.mailscanner.info/posting > > > >Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Tim Sailer Information and Special Technologies Program Northeast Regional Counterintelligence Office Brookhaven National Laboratory (631) 344-3001 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Richard.Frovarp at sendit.nodak.edu Fri May 12 20:22:11 2006 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Fri May 12 20:22:14 2006 Subject: Scott King/Tufftorq is IN the office. In-Reply-To: <13916891.1147460510897.JavaMail.root@gollum.robhq.com> References: <13916891.1147460510897.JavaMail.root@gollum.robhq.com> Message-ID: <4464E063.2020102@sendit.nodak.edu> Actually it would appear to have at least partially failed. Out of office notices should never be sent back to lists. rob freeman wrote: >Up to 7 here. I think the test worked. > >----- Original Message ----- >From: mailscanner-bounces@lists.mailscanner.info on behalf of Jeff A. Earickson >Sent: Fri, 5/12/2006 1:52pm >To: MailScanner discussion >Subject: Re: Scott King/Tufftorq is IN the office. > >Julian, > Please disable this guy... Third one this afternoon from this guy. > >On Fri, 12 May 2006, sking@tufftorq.com wrote: > > > >>Date: Fri, 12 May 2006 14:37:05 -0400 >>From: sking@tufftorq.com >>Reply-To: MailScanner discussion >>To: MailScanner discussion >>Subject: Scott King/Tufftorq is IN the office. >> >>I will be out of the office starting 05/12/2006 and will not return until >>05/15/2006. >> >>This is only a test of the Out of Office feature. Please disregard this. >> >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! >> >> >> -- Richard Frovarp EduTech System Administrator 1-701-231-5127 or 1-800-774-1091 From sking at tufftorq.com Fri May 12 20:30:09 2006 From: sking at tufftorq.com (sking@tufftorq.com) Date: Fri May 12 20:23:18 2006 Subject: Scott King/Tufftorq is IN the office. REALLY!!!! Message-ID: I will be out of the office starting 05/12/2006 and will not return until 05/15/2006. This is only a TEST of the Out of Office feature. Please delete this. From naolson at gmail.com Fri May 12 20:34:48 2006 From: naolson at gmail.com (Nathan Olson) Date: Fri May 12 20:34:52 2006 Subject: Scott King/Tufftorq is IN the office. REALLY!!!! In-Reply-To: References: Message-ID: <8f54b4330605121234g7a3f2e34x8f356893dc5fd3f@mail.gmail.com> Please for the love of $DIETY stop this. Nate From jon at radel.com Fri May 12 20:49:11 2006 From: jon at radel.com (Jon Radel) Date: Fri May 12 20:49:44 2006 Subject: Test receives a grade of D Was: Re: Scott King/Tufftorq is IN the office. In-Reply-To: <4464E063.2020102@sendit.nodak.edu> References: <13916891.1147460510897.JavaMail.root@gollum.robhq.com> <4464E063.2020102@sendit.nodak.edu> Message-ID: <4464E6B7.9060008@radel.com> Richard Frovarp wrote: > > Actually it would appear to have at least partially failed. Out of > office notices should never be sent back to lists. > They shouldn't be sent to lists if at all possible to distinguish the mail is from a list. They should never be sent to the same address more than once (or once per pretty long time period--I'll admit that opinions differ). Completely replacing the subject line and giving no hint as to what you're responding to, no thread information in header, no nothing, is rather shoddy. So I'd think we're looking at close to a total failure here.... Suggestion for Scott King, setup a test e-mail account that gets no list traffic at all to use for your development. You have a ways to go before you want the world to see this. --Jon Radel Who's having a grumpy Friday From dave.list at pixelhammer.com Fri May 12 21:07:32 2006 From: dave.list at pixelhammer.com (DAve) Date: Fri May 12 21:07:49 2006 Subject: Scott King/Tufftorq is IN the office. REALLY!!!! In-Reply-To: <8f54b4330605121234g7a3f2e34x8f356893dc5fd3f@mail.gmail.com> References: <8f54b4330605121234g7a3f2e34x8f356893dc5fd3f@mail.gmail.com> Message-ID: <4464EB04.2080607@pixelhammer.com> Nathan Olson wrote: > Please for the love of $DIETY stop this. > > Nate I tried to call. I've found a phone call to an admin with a lot of laughing and finger pointing "NOOB!" generally gets instant results. But not today, they closed their office 5 minutes ago. DAve -- This message was checked by forty monkeys and found to not contain any SPAM whatsoever. Your monkeys may vary From sking at tufftorq.com Fri May 12 21:27:32 2006 From: sking at tufftorq.com (sking@tufftorq.com) Date: Fri May 12 21:20:39 2006 Subject: Forgiveness Please!!!!! Message-ID: Everyone, My oversight has caused much pain as evidenced by many replies. Some people have wished my death. I will not bore you with how I came to such a demise as using my personal account in this matter. Rest assured, I shall never, never, use out of office reply for as long as the Earth remains. As Steve Martin once said, "WELL EXCUUUUUUUSE MEEEEEEEEEEEEE!" Seriously, I am sorry for the grief I have caused you all. Scott King Tuff Torq Corporation 5943 Commerce Blvd Morristown, TN 37814 423-585-2000 (Tuff Torq) 423-317-2319 (Desk) sking@tufftorq.com "Nathan Olson" To: "MailScanner discussion" Sent by: cc: mailscanner-bounces@lists.mailsc Subject: Re: Scott King/Tufftorq is IN the office. REALLY!!!! anner.info 05/12/06 03:34 PM Please respond to MailScanner discussion Please for the love of $DIETY stop this. Nate -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Kevin_Miller at ci.juneau.ak.us Fri May 12 21:58:04 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri May 12 21:58:11 2006 Subject: Forgiveness Please!!!!! Message-ID: sking@tufftorq.com wrote: > Everyone, > My oversight has caused much pain as evidenced by many replies. > Some > people have wished my death. I will not bore you with how I came to > such a > demise as using my personal account in this matter. Rest assured, I > shall > never, never, use out of office reply for as long as the Earth > remains. As Steve Martin once said, "WELL EXCUUUUUUUSE > MEEEEEEEEEEEEE!" > Seriously, I am sorry for the grief I have caused you all. Well, you said it was a test. People got testy. Seems axiomatic to me! I guess you could buy us all a tall cold $PREFERRED_LIBATION - anybody know of a pub that'll seat 10,000? Have a great weekend all... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From dave.list at pixelhammer.com Fri May 12 22:18:30 2006 From: dave.list at pixelhammer.com (DAve) Date: Fri May 12 22:18:41 2006 Subject: Forgiveness Please!!!!! In-Reply-To: References: Message-ID: <4464FBA6.7060401@pixelhammer.com> Kevin Miller wrote: > sking@tufftorq.com wrote: >> Everyone, >> My oversight has caused much pain as evidenced by many replies. >> Some >> people have wished my death. I will not bore you with how I came to >> such a >> demise as using my personal account in this matter. Rest assured, I >> shall >> never, never, use out of office reply for as long as the Earth >> remains. As Steve Martin once said, "WELL EXCUUUUUUUSE >> MEEEEEEEEEEEEE!" >> Seriously, I am sorry for the grief I have caused you all. > > Well, you said it was a test. People got testy. Seems axiomatic to me! > > > I guess you could buy us all a tall cold $PREFERRED_LIBATION - anybody > know of a pub that'll seat 10,000? > Any football stadium, we got a nice one right here in Indiana. DAve -- This message was checked by forty monkeys and found to not contain any SPAM whatsoever. Your monkeys may vary From dyioulos at firstbhph.com Fri May 12 22:45:52 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Fri May 12 22:46:01 2006 Subject: Forgiveness Please!!!!! In-Reply-To: <4464FBA6.7060401@pixelhammer.com> References: <4464FBA6.7060401@pixelhammer.com> Message-ID: <200605121745.53605.dyioulos@firstbhph.com> On Friday May 12 2006 5:18 pm, DAve wrote: > Kevin Miller wrote: > > sking@tufftorq.com wrote: > >> Everyone, > >> My oversight has caused much pain as evidenced by many replies. > >> Some > >> people have wished my death. I will not bore you with how I came to > >> such a > >> demise as using my personal account in this matter. Rest assured, I > >> shall > >> never, never, use out of office reply for as long as the Earth > >> remains. As Steve Martin once said, "WELL EXCUUUUUUUSE > >> MEEEEEEEEEEEEE!" > >> Seriously, I am sorry for the grief I have caused you all. > > > > Well, you said it was a test. People got testy. Seems axiomatic to me! > > > > > > I guess you could buy us all a tall cold $PREFERRED_LIBATION - anybody > > know of a pub that'll seat 10,000? > > Any football stadium, we got a nice one right here in Indiana. > > DAve > > -- Unless it's a covered stadium, the weather'll have to be better than here in Boston (it's been raining for ... well, it seems like forty days and forty nights). But, I guess if I have enough $PREFERRED_LIBATION, I really won't care. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri May 12 23:20:39 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 12 23:20:56 2006 Subject: Confusion with Allow Filenames In-Reply-To: <11375BD8FE838A409E10DB32B9BFFE9B77F5@addc01.assuredata.local> References: <11375BD8FE838A409E10DB32B9BFFE9B77F5@addc01.assuredata.local> Message-ID: <44650A37.1070703@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Max Kipness wrote: >> On 12 May 2006, at 12:10, Max Kipness wrote: >> >> >>> I've been trying to find the answers from archived posts, but I'm >>> still >>> not sure if the following should work or not. I definitely doesn't >>> based >>> on emails with .bmp files attached sent from other mail servers >>> > (that > >>> don't block .bmp on outbound mail). >>> >>> In mailscanner.conf: >>> Allow Filenames = /etc/MailScanner/rules/allow.filename.conf >>> Allow Filetypes = /etc/MailScanner/rules/allow.filename.conf >>> >>> In /etc/MailScanner/rules/allow.filename.conf: >>> FromOrTo: myemailaddress@domain.com \.bmp >>> FromOrTo: default >>> >>> There are no errors being produced in the maillog, but the rule is >>> being >>> ignored completely. >>> >>> I saw another reference to creating the allow.filename.conf back to >>> individual filename.rule.conf files per domain, but I'd rather not >>> do it >>> that way unless necessary. >>> >>> Can the above work? Or what am I doing wrong? >>> >> A few months ago I created an alternative way of doing all this which >> you may find much easier to use when creating simple sets of >> restrictions for different groups of users. One of the few things you >> cannot do with this new method is to have rules containing any tabs >> or spaces. But that's not a problem most of the time. >> >> First of all these configuration options are considered. If nothing >> matched, then the filename.rules.conf file is used as it always has >> been. >> >> There is course a similar set of options for filetypes as well as >> filenames. >> >> Can someone write some documentation for the wiki pointing out this >> alternative method please? >> >> > > I've read the inline docs, and I'm not clear on how you use a ruleset to > accomplish what I explained above. Does the ruleset have to then point > to different filename.rules.conf files for each user/domain? Or is there > some other way of doing it? > > Thanks, > Max > Set Allow Filenames = %rules-dir%/allow.filenames.rules In /etc/MailScanner/allow.filenames.rules From: yourmail@address.com \.bmp$ That's it! Leave your filename.rules.conf file alone. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGUKOBH2WUcUFbZUEQLILACg+TjNN2013wVRQ8TiyY2AZneU288AoJcO T0A3ROcADgELO8pW7Gx9lkBr =Re4Y -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Fri May 12 23:23:14 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 12 23:23:30 2006 Subject: Scott King/Tufftorq is IN the office. In-Reply-To: References: Message-ID: <44650AD2.9030601@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What a fool :-) Unsubscribed. Jeff A. Earickson wrote: > Julian, > Please disable this guy... Third one this afternoon from this guy. > > On Fri, 12 May 2006, sking@tufftorq.com wrote: > >> Date: Fri, 12 May 2006 14:37:05 -0400 >> From: sking@tufftorq.com >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Scott King/Tufftorq is IN the office. >> >> I will be out of the office starting 05/12/2006 and will not return >> until >> 05/15/2006. >> >> This is only a test of the Out of Office feature. Please disregard this. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGUK0xH2WUcUFbZUEQJZEACfbS+m5VxW+dZ6hM1jizieROOAlHEAn05D Ly5Mtx4WKGRhfzTP91uvNa38 =0imw -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Fri May 12 23:32:29 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 12 23:32:35 2006 Subject: Forgiveness Please!!!!! In-Reply-To: <200605121745.53605.dyioulos@firstbhph.com> References: <4464FBA6.7060401@pixelhammer.com> <200605121745.53605.dyioulos@firstbhph.com> Message-ID: <44650CFD.3020805@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dimitri Yioulos wrote: > On Friday May 12 2006 5:18 pm, DAve wrote: > >> Kevin Miller wrote: >> >>> sking@tufftorq.com wrote: >>> >>>> Everyone, >>>> My oversight has caused much pain as evidenced by many replies. >>>> Some >>>> people have wished my death. I will not bore you with how I came to >>>> such a >>>> demise as using my personal account in this matter. Rest assured, I >>>> shall >>>> never, never, use out of office reply for as long as the Earth >>>> remains. As Steve Martin once said, "WELL EXCUUUUUUUSE >>>> MEEEEEEEEEEEEE!" >>>> Seriously, I am sorry for the grief I have caused you all. >>>> >>> Well, you said it was a test. People got testy. Seems axiomatic to me! >>> >>> >>> I guess you could buy us all a tall cold $PREFERRED_LIBATION - anybody >>> know of a pub that'll seat 10,000? >>> >> Any football stadium, we got a nice one right here in Indiana. >> >> DAve >> >> -- >> > > Unless it's a covered stadium, the weather'll have to be better than here in > Boston (it's been raining for ... well, it seems like forty days and forty > nights). But, I guess if I have enough $PREFERRED_LIBATION, I really won't > care. > And I already unsub-ed him. Guess I could re-sub him :-) And, while I'm here, should I assume that $DIETY is the $DEITY of dieting? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGUM/hH2WUcUFbZUEQIomgCbB7YV7GS86VsT8BOXLCr9UdLxzuoAnjtk lIdpiZIELUVGnEzNveydMjrp =EPZj -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From naolson at gmail.com Sat May 13 00:38:59 2006 From: naolson at gmail.com (Nathan Olson) Date: Sat May 13 00:39:03 2006 Subject: Forgiveness Please!!!!! In-Reply-To: <44650CFD.3020805@ecs.soton.ac.uk> References: <4464FBA6.7060401@pixelhammer.com> <200605121745.53605.dyioulos@firstbhph.com> <44650CFD.3020805@ecs.soton.ac.uk> Message-ID: <8f54b4330605121638oed53265ha8ae49e1238fee81@mail.gmail.com> > And, while I'm here, should I assume that $DIETY is the $DEITY of dieting? Crap. Nate From max at assuredata.com Sat May 13 01:01:57 2006 From: max at assuredata.com (Max Kipness) Date: Sat May 13 01:02:07 2006 Subject: Confusion with Allow Filenames Message-ID: <11375BD8FE838A409E10DB32B9BFFE9B7804@addc01.assuredata.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Friday, May 12, 2006 5:21 PM > To: MailScanner discussion > Subject: Re: Confusion with Allow Filenames > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Max Kipness wrote: > >> On 12 May 2006, at 12:10, Max Kipness wrote: > >> > >> > >>> I've been trying to find the answers from archived posts, but I'm > >>> still > >>> not sure if the following should work or not. I definitely doesn't > >>> based > >>> on emails with .bmp files attached sent from other mail servers > >>> > > (that > > > >>> don't block .bmp on outbound mail). > >>> > >>> In mailscanner.conf: > >>> Allow Filenames = /etc/MailScanner/rules/allow.filename.conf > >>> Allow Filetypes = /etc/MailScanner/rules/allow.filename.conf > >>> > >>> In /etc/MailScanner/rules/allow.filename.conf: > >>> FromOrTo: myemailaddress@domain.com \.bmp > >>> FromOrTo: default > >>> > >>> There are no errors being produced in the maillog, but the rule is > >>> being > >>> ignored completely. > >>> > >>> I saw another reference to creating the allow.filename.conf back to > >>> individual filename.rule.conf files per domain, but I'd rather not > >>> do it > >>> that way unless necessary. > >>> > >>> Can the above work? Or what am I doing wrong? > >>> > >> A few months ago I created an alternative way of doing all this which > >> you may find much easier to use when creating simple sets of > >> restrictions for different groups of users. One of the few things you > >> cannot do with this new method is to have rules containing any tabs > >> or spaces. But that's not a problem most of the time. > >> > >> First of all these configuration options are considered. If nothing > >> matched, then the filename.rules.conf file is used as it always has > >> been. > >> > >> There is course a similar set of options for filetypes as well as > >> filenames. > >> > >> Can someone write some documentation for the wiki pointing out this > >> alternative method please? > >> > >> > > > > I've read the inline docs, and I'm not clear on how you use a ruleset to > > accomplish what I explained above. Does the ruleset have to then point > > to different filename.rules.conf files for each user/domain? Or is there > > some other way of doing it? > > > > Thanks, > > Max > > > Set > Allow Filenames = %rules-dir%/allow.filenames.rules > In /etc/MailScanner/allow.filenames.rules > From: yourmail@address.com \.bmp$ > That's it! > Leave your filename.rules.conf file alone. Ok, just did some extensive testing and it worked great. Got to remember no tabs... Thanks! Max From jaearick at colby.edu Sat May 13 02:31:50 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Sat May 13 02:35:33 2006 Subject: Scott King/Tufftorq is IN the office. In-Reply-To: <44650AD2.9030601@ecs.soton.ac.uk> References: <44650AD2.9030601@ecs.soton.ac.uk> Message-ID: Tis Christian to forgive... I'm unloading my gun right now. It is a Friday night and I have a brew in my hand, so resubscribe him I guess. Jeff Earickson On Fri, 12 May 2006, Julian Field wrote: > Date: Fri, 12 May 2006 23:23:14 +0100 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: Scott King/Tufftorq is IN the office. > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > What a fool :-) > Unsubscribed. > > Jeff A. Earickson wrote: >> Julian, >> Please disable this guy... Third one this afternoon from this guy. >> >> On Fri, 12 May 2006, sking@tufftorq.com wrote: >> >>> Date: Fri, 12 May 2006 14:37:05 -0400 >>> From: sking@tufftorq.com >>> Reply-To: MailScanner discussion >>> To: MailScanner discussion >>> Subject: Scott King/Tufftorq is IN the office. >>> >>> I will be out of the office starting 05/12/2006 and will not return >>> until >>> 05/15/2006. >>> >>> This is only a test of the Out of Office feature. Please disregard this. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRGUK0xH2WUcUFbZUEQJZEACfbS+m5VxW+dZ6hM1jizieROOAlHEAn05D > Ly5Mtx4WKGRhfzTP91uvNa38 > =0imw > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From dyioulos at firstbhph.com Sat May 13 16:13:56 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Sat May 13 16:14:02 2006 Subject: Forgiveness Please!!!!! In-Reply-To: <44650CFD.3020805@ecs.soton.ac.uk> References: <200605121745.53605.dyioulos@firstbhph.com> <44650CFD.3020805@ecs.soton.ac.uk> Message-ID: <200605131113.56580.dyioulos@firstbhph.com> On Friday May 12 2006 6:32 pm, Julian Field wrote: > Dimitri Yioulos wrote: > > On Friday May 12 2006 5:18 pm, DAve wrote: > >> Kevin Miller wrote: > >>> sking@tufftorq.com wrote: > >>>> Everyone, > >>>> My oversight has caused much pain as evidenced by many replies. > >>>> Some > >>>> people have wished my death. I will not bore you with how I came to > >>>> such a > >>>> demise as using my personal account in this matter. Rest assured, I > >>>> shall > >>>> never, never, use out of office reply for as long as the Earth > >>>> remains. As Steve Martin once said, "WELL EXCUUUUUUUSE > >>>> MEEEEEEEEEEEEE!" > >>>> Seriously, I am sorry for the grief I have caused you all. > >>> > >>> Well, you said it was a test. People got testy. Seems axiomatic to > >>> me! > >>> > >>> I guess you could buy us all a tall cold $PREFERRED_LIBATION - anybody > >>> know of a pub that'll seat 10,000? > >> > >> Any football stadium, we got a nice one right here in Indiana. > >> > >> DAve > >> > >> -- > > > > Unless it's a covered stadium, the weather'll have to be better than here > > in Boston (it's been raining for ... well, it seems like forty days and > > forty nights). But, I guess if I have enough $PREFERRED_LIBATION, I > > really won't care. > > And I already unsub-ed him. Guess I could re-sub him :-) > > And, while I'm here, should I assume that $DIETY is the $DEITY of dieting? > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > The $PREFERRED_LIBATION has reelee kikt in, so i shay resubscriiiiiiibe they guy. Btw, it's stil rayning in Boston!!!! DDiimmiittrrii -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Sat May 13 19:31:29 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sat May 13 19:31:43 2006 Subject: SA AWL scoring Message-ID: I recognized that there is quite a difference between the AWL score that I get from Spamassassin when run on the command line in contrast to what SA says when run via MailScanner. What causes this difference? F.i. SA on command line (root): AWL 0.08 SA via MailScanner: AWL 1.7 on the same message. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From rune at pepco.no Sat May 13 20:02:02 2006 From: rune at pepco.no (Rune Gundersen) Date: Sat May 13 20:02:11 2006 Subject: image spam Message-ID: <44662D2A.7030701@pepco.no> Hi I have recently been getting alot of message just containing an image with the spam message in it, wich sent me on a search for information on how to block it since my MailScanner/Spamassassin didn't catch it. What I found was this regexp: http://sunbeltblog.blogspot.com/2006/05/image-spam.html. Wich JulesFM on #mailscanner helped me put into a sa rule: rawbody image_spam m/^\s*?\\s*?\\s*?\\s*?\]*?content\s*?=\s*?(["'])[^\1]*?\1\s*?name\s*?=\s*?["']?GENERATOR["']?\s*?\>\s*?\]*?\>.*?\<\/style\s*?\>\s*?\<\/head\s*?\>\s*?\\s*?\]*?\>.*?\[^<]*?\\s*?\<\/font\>\s*?\<\/div\>\s*?\<\/body\>\s*?\<\/html\>\s*?$/ score image_spam 10 describe image_spam stopping thoose image spams Maybe someone has some input on this ? // Rune Gundersen From MailScanner at ecs.soton.ac.uk Sat May 13 20:43:27 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 13 20:43:42 2006 Subject: image spam In-Reply-To: <44662D2A.7030701@pepco.no> References: <44662D2A.7030701@pepco.no> Message-ID: <446636DF.6000602@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It matches this: .... which shouldn't match anything that it isn't intended to. It's pretty specific on the sort of image it matches shouldn't turn up in place it wasn't expected. So the rule probably works okay. Rune Gundersen wrote: > m/^\s*?\\s*?\\s*? > \\s*?\]*?content\s*?=\s*?(["'])[^\1]*?\1\s*? > name\s*?=\s*?["']?GENERATOR["']?\s*?\>\s*?\ > ]*?\>.*?\<\/style\s*?\>\s*?\<\/head\s*?\>\s*?\ bgColor\s*?=\s*?\S{7,7}\s*?\>\s*?\]*?\>.*?\ =\s*?arial\s+?size\s*?=\s*?2\*?\>[^<]*?\ \2\s+?hspace\s*?=\s*?0\s+?src\s*?=\s*?(["'])cid\:[^@]{30,30}@ > [^\3]*?\3\s+?align\s*?=\s*?baseline\s+?border\s*?=\s*?0\>\s*?\<\/font\> > \s*?\<\/div\>\s*?\<\/body\>\s*?\<\/html\>\s*?$/ > score image_spam 10 > describe image_spam stopping thoose image spams > > Maybe someone has some input on this ? > > // Rune Gundersen - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGY24RH2WUcUFbZUEQIP4wCfXVmGELz8+n85NNiyGV79Wxs4dI8AnAgQ PqfwogYEut/qdREqJrGHJKNG =2MMk -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From ka at pacific.net Sat May 13 21:02:40 2006 From: ka at pacific.net (Ken A) Date: Sat May 13 21:02:45 2006 Subject: SA AWL scoring In-Reply-To: References: Message-ID: <44663B60.7090204@pacific.net> Kai Schaetzl wrote: > I recognized that there is quite a difference between the AWL score that I > get from Spamassassin when run on the command line in contrast to what SA > says when run via MailScanner. What causes this difference? > > F.i. > SA on command line (root): AWL 0.08 > SA via MailScanner: AWL 1.7 > > on the same message. Same envelope sender AND same IP? Ken > > Kai > From lars+lister.mailscanner at adventuras.no Sat May 13 22:50:50 2006 From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen) Date: Sat May 13 22:51:13 2006 Subject: SA AWL scoring In-Reply-To: <44663B60.7090204@pacific.net> References: <44663B60.7090204@pacific.net> Message-ID: <446654BA.2@adventuras.no> Ken A wrote: > > > Kai Schaetzl wrote: >> I recognized that there is quite a difference between the AWL score >> that I get from Spamassassin when run on the command line in contrast >> to what SA says when run via MailScanner. What causes this difference? >> >> F.i. >> SA on command line (root): AWL 0.08 >> SA via MailScanner: AWL 1.7 >> >> on the same message. > > Same envelope sender AND same IP? > Ken Are you sure you are using the same auto-whitelist file? Lars > > >> >> Kai >> From admin at thenamegame.com Sun May 14 06:02:07 2006 From: admin at thenamegame.com (Michael S.) Date: Sun May 14 06:01:04 2006 Subject: 3rd time asking, HOW DO I UNINSTALL MAILSCANNER FROM FREEBSD???????????? In-Reply-To: <200605120755.k4C7tXxb030775@bkserver.blacknight.ie> Message-ID: <200605140501.k4E511cr008041@bkserver.blacknight.ie> I still cannot do a clean install of MailScanner. What gives? I keep getting these errors on FreeBSD and the files are no copied to the proper directories. # # Step 1: Install bin files # install -o root -g wheel -m 555 /usr/ports/mail/mailscanner/work/MailScanner-install-4.53.8/bin/MailScanner /usr/local/sbin/mailscanner /bin/ln -s /usr/local/sbin/mailscanner /usr/local/sbin/MailScanner ln: /usr/local/sbin/MailScanner: File exists *** Error code 1 Stop in /usr/ports/mail/mailscanner. [root@orion mailscanner]# make initial-config # Renew virus wrapper scripts install -o root -g wheel -m 555 /usr/ports/mail/mailscanner/work/MailScanner-install-4.53.8/lib/*-wrapper /usr/local/libexec/MailScanner install: wrong number or types of arguments usage: install [-bCcpSsv] [-B suffix] [-f flags] [-g group] [-m mode] [-o owner] file1 file2 install [-bCcpSsv] [-B suffix] [-f flags] [-g group] [-m mode] [-o owner] file1 ... fileN directory install -d [-v] [-g group] [-m mode] [-o owner] directory ... *** Error code 64 _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Michael S. Sent: Friday, May 12, 2006 3:57 AM To: mailscanner@lists.mailscanner.info Subject: 3rd time asking,HOW DO I UNINSTALL MAILSCANNER FROM FREEBSD???????????? How do I uninstall MailScanner from Freebsd? When I run make uninstall it tells me MailScanner is not installed but it is installed. make deinstall ===> Deinstalling for mail/mailscanner pkg_info: package bsdpan-Class-Std-Utils-v0.0.2 has no origin recorded pkg_info: package bsdpan-Class-Std-v0.0.8 has no origin recorded pkg_info: package bsdpan-Filesys-Statvfs_Statfs_Df-0.79 has no origin recorded pkg_info: package bsdpan-GDGraph-1.4307 has no origin recorded pkg_info: package bsdpan-GDTextUtil-0.86 has no origin recorded pkg_info: package bsdpan-IO-Interactive-v0.0.3 has no origin recorded pkg_info: package bsdpan-Net_SSLeay.pm-1.30 has no origin recorded pkg_info: package bsdpan-ShadowHash-0.07 has no origin recorded pkg_info: package bsdpan-Term-ReadLine-Perl-1.03 has no origin recorded pkg_info: package bsdpan-TermReadKey-2.30 has no origin recorded pkg_info: package bsdpan-Tie-Watch-1.2 has no origin recorded pkg_info: package bsdpan-Tree-MultiNode-1.0.10 has no origin recorded pkg_info: package bsdpan-Unix-PID-v0.0.6 has no origin recorded pkg_info: package bsdpan-libwww-perl-5.805 has no origin recorded ===> MailScanner not installed, skipping Here lookl drwxrwxr-x 4 500 500 512 May 12 03:26 ./ drwxrwxr-x 590 500 500 12800 May 10 18:09 ../ -rw-r--r-- 1 500 500 14310 May 5 18:03 Makefile -rw-r--r-- 1 500 500 242 May 5 18:03 distinfo drwxrwxr-x 2 500 500 1024 May 5 18:04 files/ -rw-r--r-- 1 500 500 1307 Jan 18 2004 pkg-descr -rw-r--r-- 1 500 500 30933 May 5 18:04 pkg-plist drwx------ 3 root wheel 512 May 12 03:26 work/ I would like to know how to remove this from my server so I can reinstall it! If I can't deinstall it how do I remove it manually? What do I need to do to remove all the files manually? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060514/93708fbd/attachment.html From wintermutecx at gmail.com Sun May 14 07:33:25 2006 From: wintermutecx at gmail.com (Dave) Date: Sun May 14 07:33:28 2006 Subject: Process did not exit cleanly Message-ID: Friday I noticed my mail server stuck in a loop and quite a few message listed below in the system message. It happened again today on Saturday. Friday I cleared out the queue dir and reintroduced messages back into the until I tracked down the message. (it's a small server luckily ;). The one today tracked down to a message to my mailing list. The previous one was a spam message that I thought might have just been munged or something. I changed a few Mailscanner settings and after changing the following two to no, the stuck message for today went through. I'm not sure if it's my setup or something that needs to be looked at. I'll leave them off for now. Find Archives By Content = no Dangerous Content Scanning = no root: Process did not exit cleanly, returned 0 with signal 14 CentOS4.3 mailscanner-4.53.6-1 spamassassin-3.1.0-1 sendmail-8.13.1-3.RHEL4.3 From admin at thenamegame.com Sun May 14 07:42:57 2006 From: admin at thenamegame.com (Michael S.) Date: Sun May 14 07:41:31 2006 Subject: 3rd time asking, HOW DO I UNINSTALL MAILSCANNER FROM FREEBSD???????????? In-Reply-To: <200605140501.k4E511cr008041@bkserver.blacknight.ie> Message-ID: <200605140641.k4E6fS5T010274@bkserver.blacknight.ie> And im also getting this error May 14 02:39:52 orion MailScanner[18716]: Could not read Custom Functions directory /usr/local/lib/MailScanner/MailScanner/CustomFunctions What does this mean? I'v already check the perms and they seem correct! _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Michael S. Sent: Sunday, May 14, 2006 1:02 AM To: 'MailScanner discussion' Subject: RE: 3rd time asking,HOW DO I UNINSTALL MAILSCANNER FROM FREEBSD???????????? I still cannot do a clean install of MailScanner. What gives? I keep getting these errors on FreeBSD and the files are no copied to the proper directories. # # Step 1: Install bin files # install -o root -g wheel -m 555 /usr/ports/mail/mailscanner/work/MailScanner-install-4.53.8/bin/MailScanner /usr/local/sbin/mailscanner /bin/ln -s /usr/local/sbin/mailscanner /usr/local/sbin/MailScanner ln: /usr/local/sbin/MailScanner: File exists *** Error code 1 Stop in /usr/ports/mail/mailscanner. [root@orion mailscanner]# make initial-config # Renew virus wrapper scripts install -o root -g wheel -m 555 /usr/ports/mail/mailscanner/work/MailScanner-install-4.53.8/lib/*-wrapper /usr/local/libexec/MailScanner install: wrong number or types of arguments usage: install [-bCcpSsv] [-B suffix] [-f flags] [-g group] [-m mode] [-o owner] file1 file2 install [-bCcpSsv] [-B suffix] [-f flags] [-g group] [-m mode] [-o owner] file1 ... fileN directory install -d [-v] [-g group] [-m mode] [-o owner] directory ... *** Error code 64 _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Michael S. Sent: Friday, May 12, 2006 3:57 AM To: mailscanner@lists.mailscanner.info Subject: 3rd time asking,HOW DO I UNINSTALL MAILSCANNER FROM FREEBSD???????????? How do I uninstall MailScanner from Freebsd? When I run make uninstall it tells me MailScanner is not installed but it is installed. make deinstall ===> Deinstalling for mail/mailscanner pkg_info: package bsdpan-Class-Std-Utils-v0.0.2 has no origin recorded pkg_info: package bsdpan-Class-Std-v0.0.8 has no origin recorded pkg_info: package bsdpan-Filesys-Statvfs_Statfs_Df-0.79 has no origin recorded pkg_info: package bsdpan-GDGraph-1.4307 has no origin recorded pkg_info: package bsdpan-GDTextUtil-0.86 has no origin recorded pkg_info: package bsdpan-IO-Interactive-v0.0.3 has no origin recorded pkg_info: package bsdpan-Net_SSLeay.pm-1.30 has no origin recorded pkg_info: package bsdpan-ShadowHash-0.07 has no origin recorded pkg_info: package bsdpan-Term-ReadLine-Perl-1.03 has no origin recorded pkg_info: package bsdpan-TermReadKey-2.30 has no origin recorded pkg_info: package bsdpan-Tie-Watch-1.2 has no origin recorded pkg_info: package bsdpan-Tree-MultiNode-1.0.10 has no origin recorded pkg_info: package bsdpan-Unix-PID-v0.0.6 has no origin recorded pkg_info: package bsdpan-libwww-perl-5.805 has no origin recorded ===> MailScanner not installed, skipping Here lookl drwxrwxr-x 4 500 500 512 May 12 03:26 ./ drwxrwxr-x 590 500 500 12800 May 10 18:09 ../ -rw-r--r-- 1 500 500 14310 May 5 18:03 Makefile -rw-r--r-- 1 500 500 242 May 5 18:03 distinfo drwxrwxr-x 2 500 500 1024 May 5 18:04 files/ -rw-r--r-- 1 500 500 1307 Jan 18 2004 pkg-descr -rw-r--r-- 1 500 500 30933 May 5 18:04 pkg-plist drwx------ 3 root wheel 512 May 12 03:26 work/ I would like to know how to remove this from my server so I can reinstall it! If I can't deinstall it how do I remove it manually? What do I need to do to remove all the files manually? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060514/033631f4/attachment.html From Jan-Peter.Koopmann at seceidos.de Sun May 14 10:00:31 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Sun May 14 10:00:43 2006 Subject: 3rd time asking, HOW DO I UNINSTALL MAILSCANNER FROM FREEBSD???????????? Message-ID: Hi, sorry you have to ask for the third time. NO NEED TO YELL THOUGH! Pleae remember that people here do not necessarily do this for a living but contribute to the community. So there is no obligation to help at all or to do so in a specific timeframe. Unless of course you have some sort of service contract and pay enough money! :-) Oh and while I am at it: It is generally not considered good style to write HTML mails in mailing-lists. Something is screwed up with your ports database. The bsdpan packages probably come from manually installed perl modules. You should not do this but instead use the ports p5- version whenever possible. Sure mailscanner-devel is not installed? Check with pkg_info. Otherwise have a look at pkg-plist in the mailscanner ports dir and you will see all files that are installed by the port so you can manually delete them. Still: A fresh install should work even if the files exist AFAIK. What version of the port btw? Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060514/0df6712d/smime.bin From MailScanner at ecs.soton.ac.uk Sun May 14 12:10:17 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun May 14 12:10:35 2006 Subject: Process did not exit cleanly In-Reply-To: References: Message-ID: <44671019.9000702@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This was caused by a bug in 4.53.6. Upgrade to the latest 4.53.8 or 4.54 and everything should work fine. Dave wrote: > Friday I noticed my mail server stuck in a loop and quite a few > message listed below in the system message. It happened again today on > Saturday. Friday I cleared out the queue dir and reintroduced messages > back into the until I tracked down the message. (it's a small server > luckily ;). The one today tracked down to a message to my mailing > list. The previous one was a spam message that I thought might have > just been munged or something. I changed a few Mailscanner settings > and after changing the following two to no, the stuck message for > today went through. I'm not sure if it's my setup or something that > needs to be looked at. I'll leave them off for now. > > Find Archives By Content = no > Dangerous Content Scanning = no > > root: Process did not exit cleanly, returned 0 with signal 14 > > > CentOS4.3 > mailscanner-4.53.6-1 > spamassassin-3.1.0-1 > sendmail-8.13.1-3.RHEL4.3 - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGcQIBH2WUcUFbZUEQK/xgCg36T57pkkIMzYeFXKlIC/TuM4fmkAoMet QCc2XNqDFyYGWF/l0dz+ww2w =lJ8c -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From admin at thenamegame.com Sun May 14 14:56:07 2006 From: admin at thenamegame.com (Michael S.) Date: Sun May 14 14:55:19 2006 Subject: 3rd time asking, HOW DO I UNINSTALL MAILSCANNER FROM FREEBSD???????????? In-Reply-To: Message-ID: <200605141355.k4EDtHU4016676@bkserver.blacknight.ie> Thanks for letting me know. The only Perl modules that were installed manually were the ones required for Clamav. /scripts/perlinstaller /scripts/perlinstaller Net::CIDR Archive::Zip Compress::Zlib Convert::BinHex Inline::C I'm not sure which Perl modules are needed for MS. Where can I find out which Perl modules these are, and is there a way to uninstall and reinstall them? Even so, I thought that doing a make deinstall will remove MS but it doesn't. I have to find all instances of MS and rm -f or rm -rf everything. Thanks -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Koopmann, Jan-Peter Sent: Sunday, May 14, 2006 5:01 AM To: MailScanner discussion Subject: RE: 3rd time asking,HOW DO I UNINSTALL MAILSCANNER FROM FREEBSD???????????? Hi, sorry you have to ask for the third time. NO NEED TO YELL THOUGH! Pleae remember that people here do not necessarily do this for a living but contribute to the community. So there is no obligation to help at all or to do so in a specific timeframe. Unless of course you have some sort of service contract and pay enough money! :-) Oh and while I am at it: It is generally not considered good style to write HTML mails in mailing-lists. Something is screwed up with your ports database. The bsdpan packages probably come from manually installed perl modules. You should not do this but instead use the ports p5- version whenever possible. Sure mailscanner-devel is not installed? Check with pkg_info. Otherwise have a look at pkg-plist in the mailscanner ports dir and you will see all files that are installed by the port so you can manually delete them. Still: A fresh install should work even if the files exist AFAIK. What version of the port btw? Kind regards, JP From maillists at conactive.com Sun May 14 21:31:20 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun May 14 21:31:32 2006 Subject: SA AWL scoring In-Reply-To: <446654BA.2@adventuras.no> References: <44663B60.7090204@pacific.net> <446654BA.2@adventuras.no> Message-ID: Lars Kristiansen wrote on Sat, 13 May 2006 23:50:50 +0200: > Are you sure you are using the same auto-whitelist file? Yes, AWL is global (I think that's the only way to use it from MailScanner, anyway, isn't it?). Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Sun May 14 21:31:20 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun May 14 21:31:35 2006 Subject: 3rd time asking, HOW DO I UNINSTALL MAILSCANNER FROM FREEBSD???????????? In-Reply-To: <200605141355.k4EDtHU4016676@bkserver.blacknight.ie> References: <200605141355.k4EDtHU4016676@bkserver.blacknight.ie> Message-ID: Michael S. wrote on Sun, 14 May 2006 09:56:07 -0400: > I'm not sure which Perl modules are needed for MS. Where can I find out > which Perl modules these are, and is there a way to uninstall and reinstall > them? I can't tell you the BSD way, but if you download one of the files from the MailScanner downloads, it contains not only MailScanner but all Perl src.rpms. Some rpms do not have a CPAN Perl modules equivalent, though :-( Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Sun May 14 21:31:20 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun May 14 21:31:38 2006 Subject: SA AWL scoring In-Reply-To: <44663B60.7090204@pacific.net> References: <44663B60.7090204@pacific.net> Message-ID: Ken A wrote on Sat, 13 May 2006 13:02:40 -0700: > Same envelope sender AND same IP? I'm using the same message (the one that got stored by MailScanner), so I'd say yes. From inspecting other messages it seems I *always* get 0.08 via MailScanner if AWL hits. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From Jan-Peter.Koopmann at seceidos.de Sun May 14 21:38:48 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Sun May 14 21:39:00 2006 Subject: 3rd time asking, HOW DO I UNINSTALL MAILSCANNER FROM FREEBSD???????????? In-Reply-To: <200605141355.k4EDtHU4016676@bkserver.blacknight.ie> Message-ID: On Sunday, May 14, 2006 3:56 PM Michael S. wrote: > Thanks for letting me know. The only Perl modules that were installed > manually were the ones required for Clamav. The bsdpan references make me thing otherwise... > I'm not sure which Perl modules are needed for MS. Where can I find > out which Perl modules these are, The port system will install them for you once a make install in /usr/ports/mail/mailscanner succeeds. > Even so, I thought that doing a make deinstall will remove MS but it > doesn't. The bits you posted show that your FreeBSD installation is not aware that the mailscanner port is installed. Therefore it cannot deinstall it. I have no clue how you achieved this though. > I have to find all instances of MS and rm -f or rm -rf > everything. _IF_ you installed via ports then a look at pkg-plist will show you all installed files. From Jan-Peter.Koopmann at seceidos.de Sun May 14 21:57:28 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Sun May 14 21:57:39 2006 Subject: 3rd time asking, HOW DO I UNINSTALL MAILSCANNER FROM FREEBSD???????????? In-Reply-To: Message-ID: On Sunday, May 14, 2006 10:31 PM Kai Schaetzl wrote: > I can't tell you the BSD way, but if you download one of the files > from the MailScanner downloads, it contains not only MailScanner but > all Perl src.rpms. Some rpms do not have a CPAN Perl modules > equivalent, though :-( Please don't do this on FreeBSD. The port does not use the modules of the MailScanner download and should not... From alex at nkpanama.com Sun May 14 22:23:26 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun May 14 22:23:54 2006 Subject: Holding/Redirecting email from a cetain account? In-Reply-To: <01BCE961CD5E4146B83F920FC6A4F2351F71E2@cmexchange01.CourtesyMortgage.local> References: <01BCE961CD5E4146B83F920FC6A4F2351F71E2@cmexchange01.CourtesyMortgage.local> Message-ID: <44679FCE.5090204@nkpanama.com> Jason Williams wrote: > FromorTo: default no > > Is that needed? > > Thanks, > > Jason > > I don't know if it's needed, but generally I believe it is. This has been explained a lot of times, but I'll give it a shot: Setting = one thing | another thing | something else | a ruleset Meaning: A specific setting can hold one of three different values, or a ruleset. If you put in one of the values, they apply to _everyone_. If you put in a ruleset, then rules will be checked "top-down" until a "hit" is made, or the "default" is reached. So yes, the last line "should" be "fromorto: default whatever" where _whatever_ is the default value you wish to assign. From admin at thenamegame.com Sun May 14 22:37:56 2006 From: admin at thenamegame.com (Michael S.) Date: Sun May 14 22:36:32 2006 Subject: 3rd time asking, HOW DO I UNINSTALL MAILSCANNER FROM FREEBSD???????????? In-Reply-To: Message-ID: <200605142136.k4ELaTSw026209@bkserver.blacknight.ie> Ok, well I have installed many modules via ports including DCC, Pyzor updates to outdated packages etc and I have NEVER had issues with ports! I have MailScanner up and running and it seems to be doing what's its supposed to be after struggling with it for about 2hrs. I had to move the mailscanner.sh and mta.sh to the proper directories since these were not copied properly. Also, I believe im missing the crons, the ones that restart MS on the hour and do the updates to the virus scanners. Those I don't see anywhere. Talk about a big frustration. I have been using MS on RH for years and in fact wrote the first HOWTO and was the first person to actually offer a solution with Exim + Cpanel. So this is nothing new to me. But the ports installation is a big mess and the installation is incomplete. Because Im not somewhat of a newbie at this, I pretty much had a good idea what to do to get this going on FreeBSD but I already see the horror of having to do this again when upgrading, granted it will probably mess up the entire installation and will not work as instructed in your one page layout. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Koopmann, Jan-Peter Sent: Sunday, May 14, 2006 4:57 PM To: MailScanner discussion Subject: RE: 3rd time asking,HOW DO I UNINSTALL MAILSCANNER FROM FREEBSD???????????? On Sunday, May 14, 2006 10:31 PM Kai Schaetzl wrote: > I can't tell you the BSD way, but if you download one of the files > from the MailScanner downloads, it contains not only MailScanner but > all Perl src.rpms. Some rpms do not have a CPAN Perl modules > equivalent, though :-( Please don't do this on FreeBSD. The port does not use the modules of the MailScanner download and should not... -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From maillists at conactive.com Mon May 15 00:15:17 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon May 15 00:15:13 2006 Subject: MailScanner + Bayes on SQL Message-ID: Is this at all possible with MailScanner? I followed the instructions on the spamassassin wiki and migrated a Bayes database to MySQL. When I test via spamassassin --lint I get this output: [12153] dbg: bayes: using username: root [12153] dbg: bayes: database connection established [12153] dbg: bayes: found bayes db version 3 [12153] dbg: bayes: unable to initialize database for root user, aborting! This doesn't happen with the system wide setting of bayes_path, the user doesn't matter in this case. How can I do this when using MailScanner? Is it that configuration variable? bayes_sql_override_username someusername >From the description I'm not 100% sure. http://wiki.apache.org/spamassassin/BetterDocumentation/SqlReadme Also, if that is the correct way to do it, what username do I use? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From lars+lister.mailscanner at adventuras.no Mon May 15 01:51:32 2006 From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen) Date: Mon May 15 01:52:32 2006 Subject: 3rd time asking, HOW DO I UNINSTALL MAILSCANNER FROM FREEBSD???????????? In-Reply-To: <200605142136.k4ELaTSw026209@bkserver.blacknight.ie> References: <200605142136.k4ELaTSw026209@bkserver.blacknight.ie> Message-ID: <4467D094.4040800@adventuras.no> Michael S. wrote: > Ok, well I have installed many modules via ports including DCC, Pyzor > updates to outdated packages etc and I have NEVER had issues with ports! > FWIW, I have never had any issues like you have had with the mailscanner port. > I have MailScanner up and running and it seems to be doing what's its > supposed to be after struggling with it for about 2hrs. I had to move the > mailscanner.sh and mta.sh to the proper directories since these were not > copied properly. Also, I believe im missing the crons, the ones that restart > MS on the hour and do the updates to the virus scanners. Those I don't see > anywhere. > > 'pkg_info -Lx MailScanner' will show what files are installed by that port. It will help you to find one of those files you are missing in: /usr/local/libexec/MailScanner/ But you will need to edit a crontab to run it. I do not think you the need the restarting cronscript any more. From /usr/local/etc/MailScanner/MailScanner.conf: # To avoid resource leaks, re-start periodically Restart Every = 14400 > Talk about a big frustration. I have been using MS on RH for years and in > fact wrote the first HOWTO and was the first person to actually offer a > solution with Exim + Cpanel. So this is nothing new to me. But the ports > installation is a big mess and the installation is incomplete. Because Im > I respectfully disagree. Personally, I like this port. > not somewhat of a newbie at this, I pretty much had a good idea what to do > to get this going on FreeBSD but I already see the horror of having to do > this again when upgrading, granted it will probably mess up the entire > installation and will not work as instructed in your one page layout. > If I may be so bold: Something on your computer is somewhat different from the most usual. I would try to find out what, before starting to write patches if necessary. -- Regards from Lars From Jan-Peter.Koopmann at seceidos.de Mon May 15 07:15:06 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Mon May 15 07:15:22 2006 Subject: 3rd time asking, HOW DO I UNINSTALL MAILSCANNER FROM FREEBSD???????????? In-Reply-To: <200605142136.k4ELaTSw026209@bkserver.blacknight.ie> Message-ID: On Sunday, May 14, 2006 11:38 PM Michael S. wrote: > Ok, well I have installed many modules via ports including DCC, Pyzor > updates to outdated packages etc and I have NEVER had issues with > ports! Good for you. Nither have I. > I have MailScanner up and running and it seems to be doing what's its > supposed to be after struggling with it for about 2hrs. I had to move > the mailscanner.sh and mta.sh to the proper directories since these > were not copied properly. Then something is wrong with your setup. I maintain the port and use it on many installations and these problems have yet never occured anywhere. Maybe something is wrong with the latest version but up to this point no one complained. If you do a "make install" the port tells you exactly what it is doing. Maybe you put the stuff in a log and send it to me? Then I might be able to help. Again: bsdpan- things on my installations only show up for manually installed ports (which might happen if you run install.sh from the MailScanner.tgz btw.!). I might be wrong but I suspect you are. > Also, I believe im missing the crons, the > ones that restart MS on the hour and do the updates to the virus > scanners. Those I don't see anywhere. /usr/local/libexec/MailScanner > to me. But the ports installation is a big mess and the installation > is incomplete. Thanks for the compliment. Somehow I still think you messed something else up. Again: I have never had these problems and neither have the others. In fact a lot of problems people had with the original MailScanner package from Julian or rpms on other distributions have never occured to FreeBSD people thanks to the ports system. Your statements are contradictory (bsdpan and no manually installed packages) so I have to assume that you did something unwillingly or unknowningly that screwed your system up. > Because Im not somewhat of a newbie at this, I pretty Neither are we. > much had a good idea what to do to get this going on FreeBSD but I > already see the horror of having to do this again when upgrading, > granted it will probably mess up the entire installation and will not > work as instructed in your one page layout. Well. It does work here and at other sites. The port is probably used at a few hundred if not thousand locations and upgrading is as simple as possible (to my knowledge). I barely heard of any problems or horror experiences. Unless you kindly provide more information on what you did and what the output of the commands were, I am not able to help you. And due to your tone I am not even sure I want to help you to be quite frank. Give me some more information and if there is a bug in the port I will of course fix it. Unless we find a bug please be so kind and at least rethink the possibility that due to the fact that you are up to this point the only person having these problems, it is much more probable that the error is on your side than in the port. Kind regards, JP From dhawal at netmagicsolutions.com Mon May 15 07:39:33 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Mon May 15 07:39:50 2006 Subject: MailScanner + Bayes on SQL In-Reply-To: References: Message-ID: <44682225.4000904@netmagicsolutions.com> Kai Schaetzl wrote: > Is this at all possible with MailScanner? I followed the instructions on > the spamassassin wiki and migrated a Bayes database to MySQL. When I test > via spamassassin --lint I get this output: > [12153] dbg: bayes: using username: root > [12153] dbg: bayes: database connection established > [12153] dbg: bayes: found bayes db version 3 > [12153] dbg: bayes: unable to initialize database for root user, aborting! > > This doesn't happen with the system wide setting of bayes_path, the user > doesn't matter in this case. How can I do this when using MailScanner? > Is it that configuration variable? > > bayes_sql_override_username someusername precisely.. See, http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:bayes:sql >>From the description I'm not 100% sure. > http://wiki.apache.org/spamassassin/BetterDocumentation/SqlReadme > > Also, if that is the correct way to do it, what username do I use? mysql> SELECT id, username, spam_count, ham_count, token_count FROM bayes_vars; - dhawal > Kai From MailScanner at ecs.soton.ac.uk Mon May 15 08:37:10 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 15 08:37:40 2006 Subject: MailScanner ANNOUNCE: Stable 4.53.6 released In-Reply-To: References: <4455D428.6020502@ecs.soton.ac.uk> Message-ID: <58347C8C-B841-40EB-BCA5-54B680456E5B@ecs.soton.ac.uk> On 12 May 2006, at 16:12, Ugo Bellavance wrote: > Julian Field wrote in news:D9701541- > E799- > 44E7-8F72-0BB384CECB1E@ecs.soton.ac.uk: > >> >> On 10 May 2006, at 22:02, Ugo Bellavance wrote: >> >>> Julian Field wrote in >>> news:4455D428.6020502@ecs.soton.ac.uk: >>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> I have just released the May release of MailScanner, version >>>> 4.53.6. >>> >>> >>> >>>> >>>> - - Support for numerical IP addresses in phishing.safe.sites.conf. >>>> Using this, entire servers can be whitelisted with one entry, >>>> removing >>>> the need to add every domain provided by that server. >>> >>> Would it be easy for you julian to add a config that allow to >>> whitelist an >>> IP but in the URLS, for the "Also Find Numeric Phishing = " >>> setting., so >>> that we can jut put an IP address there and the phishing net will >>> not >>> trigger an alert when this IP is in the URL in a message? >> >> Have you tried it? I thought you already could do that. >> > > You're right. I just tested it and it works. I guess I read the > comment > at the top of the file too quickly :(. Another thing you can now do is put an IP address in the whitelist. That will effectively whitelist all mail coming from that server, regardless of the domain name it uses. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Mon May 15 08:46:02 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 15 08:46:18 2006 Subject: Holding/Redirecting email from a cetain account? In-Reply-To: <44679FCE.5090204@nkpanama.com> References: <01BCE961CD5E4146B83F920FC6A4F2351F71E2@cmexchange01.CourtesyMortgage.local> <44679FCE.5090204@nkpanama.com> Message-ID: On 14 May 2006, at 22:23, Alex Neuman van der Hans wrote: > Jason Williams wrote: >> FromorTo: default no >> >> Is that needed? >> Thanks, >> >> Jason >> >> > > I don't know if it's needed, but generally I believe it is. This > has been explained a lot of times, but I'll give it a shot: > > Setting = one thing | another thing | something else | a ruleset > > Meaning: A specific setting can hold one of three different values, > or a ruleset. If you put in one of the values, they apply to > _everyone_. If you put in a ruleset, then rules will be checked > "top-down" until a "hit" is made, or the "default" is reached. > > So yes, the last line "should" be "fromorto: default whatever" > where _whatever_ is the default value you wish to assign. It does work from top to bottom, with one exception. So you're 99% right. The exception is the location of the "default" rule is unimportant. So if you're auto-generating the ruleset, you don't have to remember to put the default rule at the bottom, it could just as well be at the top and have the same effect. But don't worry too much about that feature, you will know when you need it :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From jaearick at colby.edu Mon May 15 14:11:44 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon May 15 14:15:09 2006 Subject: upgrade_MailScanner_conf --keep-comments buglet Message-ID: Julian, I just noticed that when I do: cd /opt/MailScaner-[new]/etc ../bin/upgrade_MailScanner_conf --keep-comments /opt/MailScanner/etc/MailScanner.conf ./MailScanner.conf > MailScanner.new The first 43 lines of comments in the original MailScanner.conf file gets lost in MailScanner.new. Not a huge deal, but maybe you didn't know... Jeff Earickson Colby College From steve.swaney at fsl.com Mon May 15 14:28:39 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Mon May 15 14:29:18 2006 Subject: upgrade_MailScanner_conf --keep-comments buglet In-Reply-To: Message-ID: <042001c67823$7a8590c0$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jeff A. Earickson > Sent: Monday, May 15, 2006 9:12 AM > To: mailscanner mailing list > Subject: upgrade_MailScanner_conf --keep-comments buglet > > Julian, > > I just noticed that when I do: > > cd /opt/MailScaner-[new]/etc > ../bin/upgrade_MailScanner_conf --keep-comments > /opt/MailScanner/etc/MailScanner.conf ./MailScanner.conf > MailScanner.new > > The first 43 lines of comments in the original MailScanner.conf > file gets lost in MailScanner.new. Not a huge deal, but maybe you > didn't know... > > Jeff Earickson > Colby College > -- Jeff, If you run upgrade_MailScanner_conf without arguments you'll see: NOTE ==== To keep your old comments in your original file, add "--keep-comments" to the command line. Note that this will mean you don't get to find out any extra new values you might be able to use in existing "improved" configuration options. It means just what is says. You won't get any of the new comments that go with the new configuration options. Kind of a trade-off. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From glenn.steen at gmail.com Mon May 15 15:12:36 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon May 15 15:13:36 2006 Subject: Trouble-free steps to upgrade mailscanner? In-Reply-To: <4463924A.20907@ecs.soton.ac.uk> References: <446368B0.5050404@nkpanama.com> <4463924A.20907@ecs.soton.ac.uk> Message-ID: <223f97700605150712w9c2ce3re3fb69d1803ecebd@mail.gmail.com> On 11/05/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Dan Stromberg wrote: > > On Thu, 11 May 2006 11:39:12 -0500, Alex Neuman van der Hans wrote: > > > > > > > >>> For example, is there a way to have two versions of mailscanner running on > >>> the host at the same time, so you can test the new one, and cut over later > >>> once you feel confident about the new one by doing something simple, like > >>> changing a symlink and restarting a daemon? > >>> > >>> > >> I think somebody mentioned something like this (they were talking about > >> BSD I think) where someone would: > >> > >> 1. Stop MailScanner > >> 2. Move /wherever/MailScanner to /old/mailscanner > >> 3. Create symlink from /wherever/MailScanner to /old/mailscanner > >> 4. install new MailScanner to /new/mailscanner > >> > > > > Yes, this sounds like a good way to go. > > > > > >> Then test everything separately using whatever method you want, and in > >> the end you just stop MailScanner, change the symlink, and start it again. > >> > > > > What are some "cover the fundamentals" test methods for MailScanner? Is > > it just a matter of sending four messages: ham+novirus, spam+novirus, > > ham+virus, spam+virus and making sure they're handled well? > > > Download the EICAR test virus from www.eicar.org and send it through > MailScanner a few times to check its reaction. That and a few spam > messages will check it is basically working for you. I have a huge > library of test messages that I use for testing various bits of the > functionality, but unfortunately I can't share these with you for > privacy reasons, sorry. > > And if I wanted to test it out by just sending something from evolution on > > my office server, would I need to configure a second pair of sendmail's, > > where the -bd one of the second pair was listening on an alternate port > > for a while? > > > You not only need that but they need to use different queue directories > as well, and you'll need to configure the secondary queue directories in > MailScanner as well. > > Using a spare machine for testing is rather easier, as you can leave it > configured as a test system. If you stop the outgoing queue runner > sendmail and set "Delivery Method = queue" then it won't actually > deliver the processed messages, so you can examine the files in the > queue. I always check the queue files than let them be delivered. > > > >> 2. Use the archive feature, albeit temporarily. You can always requeue > >> e-mail back into the system if it breaks, right? > >> > > > > I really like this feature. > > > Glad you find this useful. > > - -- > Julian Field (Both replying to Dan and ... well... anyone... Just to be clear:-) Wouldn't it be great if someone who actually uses the tar-ball typed something about this into http://wiki.mailscanner.info/doku.php?id=documentation:install_upgrade:upgrade:tar (need not be more complex than the instructions found in this thread, I think... Look at http://wiki.mailscanner.info/doku.php?id=documentation:install_upgrade:upgrade:rpm and http://wiki.mailscanner.info/doku.php?id=maq:index#upgrade_rpm for inspiration:-)? Julian? Alex? Someone? I'd do it myself, but since I only use the rpm method (ATM)...:-) As for the "best test" question... Well, there's some basic instructions in the MAQ and the troubleshooting section of the wiki... Basically 1) send mail->check, 2) send EICAR->check 3) send GTUBE->check perhaps 4) send combined->check And if you really want to ... stress things ... do as Julian suggest and use a large body of collected mails for some "stress and quality testing", to finish things up. But ultimately there's no "test" like production...:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From jaearick at colby.edu Mon May 15 14:45:40 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon May 15 15:54:19 2006 Subject: upgrade_MailScanner_conf --keep-comments buglet In-Reply-To: <042001c67823$7a8590c0$2901010a@office.fsl> References: <042001c67823$7a8590c0$2901010a@office.fsl> Message-ID: On Mon, 15 May 2006, Stephen Swaney wrote: > Date: Mon, 15 May 2006 09:28:39 -0400 > From: Stephen Swaney > Reply-To: MailScanner discussion > To: 'MailScanner discussion' > Subject: RE: upgrade_MailScanner_conf --keep-comments buglet > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Jeff A. Earickson >> Sent: Monday, May 15, 2006 9:12 AM >> To: mailscanner mailing list >> Subject: upgrade_MailScanner_conf --keep-comments buglet >> >> Julian, >> >> I just noticed that when I do: >> >> cd /opt/MailScaner-[new]/etc >> ../bin/upgrade_MailScanner_conf --keep-comments >> /opt/MailScanner/etc/MailScanner.conf ./MailScanner.conf > MailScanner.new >> >> The first 43 lines of comments in the original MailScanner.conf >> file gets lost in MailScanner.new. Not a huge deal, but maybe you >> didn't know... >> >> Jeff Earickson >> Colby College >> -- > > Jeff, > > If you run upgrade_MailScanner_conf without arguments you'll see: > > > NOTE > ==== > To keep your old comments in your original file, add "--keep-comments" > to the command line. Note that this will mean you don't get to find > out any extra new values you might be able to use in existing "improved" > configuration options. > > It means just what is says. You won't get any of the new comments that go > with the new configuration options. > > Kind of a trade-off. > > Steve Hunh?? All of Julian's other comments are always there (even for new options), plus whatever comments I added in the past. Works great, except the leading comments at the top of the file get whacked off in MailScanner.new. I must be the only one that uses the --keep-comments feature... Jeff From rob at thehostmasters.com Mon May 15 17:16:07 2006 From: rob at thehostmasters.com (Rob Morin) Date: Mon May 15 17:16:15 2006 Subject: Retrieve quarantine email Message-ID: <4468A947.4090609@thehostmasters.com> Hello all... i searched through the archives but did not seem to find an answer to my question... I think some of you guys/gals here have some sort of functionality that will allow user to retrieve quarantine email? I mean i remember reading some doc that explained how a user can click on a URL that he receives in the email that says the email was quarantined... Are there any docs or files i someone can point me too? Thanks... -- Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 From rob at thehostmasters.com Mon May 15 17:21:54 2006 From: rob at thehostmasters.com (Rob Morin) Date: Mon May 15 17:22:01 2006 Subject: Mail refused by SORBS because it is considered dynamic IP?????? In-Reply-To: <4464D35D.6000805@nkpanama.com> References: <44649812.7070805@thehostmasters.com> <1147450264.30106.27.camel@mike-new2.tc3net.com> <4464D35D.6000805@nkpanama.com> Message-ID: <4468AAA2.1040308@thehostmasters.com> Right, ok, thanks, what i did was tell exchange to forward email to my isp's SMTP server then.... thanks allot guys/gals/ Have a great day Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Alex Neuman van der Hans wrote: > Michael Baird wrote: >> It is because of the reverse lookup name. Have your ISP put in a >> different reverse name for you mail server (have it match the forward >> even). >> >> >> Non-authoritative answer: >> 164.146.248.206.in-addr.arpa name = 206-248-146-164.dsl.teksavvy.com. > I've seen this a lot. If your e-mail server is supposed to be called > "flexserv.flex.com" then your reverse DNS "should" be called the same. > Tell your ISP to do it. Tell them you'll take your juicy 4-year-old > contract elsewhere if they say they can't/won't. > From martinh at solid-state-logic.com Mon May 15 17:22:41 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon May 15 17:22:51 2006 Subject: Retrieve quarantine email In-Reply-To: <4468A947.4090609@thehostmasters.com> Message-ID: <000001c6783b$ca47e230$3004010a@martinhlaptop> Rob Theres the quarantinereport (http://www.fsl.com/support/QuarantineReport.tar.gz) Only works if you MTA is sendmail or exim as it needs to split emails with multiple recipients into multiple emails with single recipients. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rob Morin > Sent: 15 May 2006 17:16 > To: MailScanner discussion > Subject: Retrieve quarantine email > > Hello all... i searched through the archives but did not seem to find an > answer to my question... I think some of you guys/gals here have some > sort of functionality that will allow user to retrieve quarantine > email? I mean i remember reading some doc that explained how a user can > click on a URL that he receives in the email that says the email was > quarantined... Are there any docs or files i someone can point me too? > > Thanks... > > -- > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From rob at thehostmasters.com Mon May 15 17:36:50 2006 From: rob at thehostmasters.com (Rob Morin) Date: Mon May 15 17:36:54 2006 Subject: Retrieve quarantine email In-Reply-To: <000001c6783b$ca47e230$3004010a@martinhlaptop> References: <000001c6783b$ca47e230$3004010a@martinhlaptop> Message-ID: <4468AE22.6010603@thehostmasters.com> Ahhh, sorry i should have stated i use Postfix.... sorry.... But maybe i will take a peek at it anyways to get some ideas.... Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Martin Hepworth wrote: > Rob > > Theres the quarantinereport > (http://www.fsl.com/support/QuarantineReport.tar.gz) > > Only works if you MTA is sendmail or exim as it needs to split emails with > multiple recipients into multiple emails with single recipients. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Rob Morin >> Sent: 15 May 2006 17:16 >> To: MailScanner discussion >> Subject: Retrieve quarantine email >> >> Hello all... i searched through the archives but did not seem to find an >> answer to my question... I think some of you guys/gals here have some >> sort of functionality that will allow user to retrieve quarantine >> email? I mean i remember reading some doc that explained how a user can >> click on a URL that he receives in the email that says the email was >> quarantined... Are there any docs or files i someone can point me too? >> >> Thanks... >> >> -- >> >> Rob Morin >> Dido InterNet Inc. >> Montreal, Canada >> Http://www.dido.ca >> 514-990-4444 >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > From martinh at solid-state-logic.com Mon May 15 17:41:25 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon May 15 17:41:38 2006 Subject: Retrieve quarantine email In-Reply-To: <4468AE22.6010603@thehostmasters.com> Message-ID: <000101c6783e$680f5aa0$3004010a@martinhlaptop> Rob There's Mailwatch, so people can look at their own emails - BUT you have the same problem, is the email is to multiple people and the person isn't first on the list they won't be able to see their emails. No-ones figured out how to make PF split the emails up...if you do, please let FSL know so they can amend things. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rob Morin > Sent: 15 May 2006 17:37 > To: MailScanner discussion > Subject: Re: Retrieve quarantine email > > Ahhh, sorry i should have stated i use Postfix.... sorry.... > > But maybe i will take a peek at it anyways to get some ideas.... > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > > > Martin Hepworth wrote: > > Rob > > > > Theres the quarantinereport > > (http://www.fsl.com/support/QuarantineReport.tar.gz) > > > > Only works if you MTA is sendmail or exim as it needs to split emails > with > > multiple recipients into multiple emails with single recipients. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Rob Morin > >> Sent: 15 May 2006 17:16 > >> To: MailScanner discussion > >> Subject: Retrieve quarantine email > >> > >> Hello all... i searched through the archives but did not seem to find > an > >> answer to my question... I think some of you guys/gals here have some > >> sort of functionality that will allow user to retrieve quarantine > >> email? I mean i remember reading some doc that explained how a user > can > >> click on a URL that he receives in the email that says the email was > >> quarantined... Are there any docs or files i someone can point me too? > >> > >> Thanks... > >> > >> -- > >> > >> Rob Morin > >> Dido InterNet Inc. > >> Montreal, Canada > >> Http://www.dido.ca > >> 514-990-4444 > >> > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From steve.swaney at fsl.com Mon May 15 17:42:33 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Mon May 15 17:42:39 2006 Subject: Retrieve quarantine email In-Reply-To: <000001c6783b$ca47e230$3004010a@martinhlaptop> Message-ID: <050c01c6783e$90b64e50$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth > Sent: Monday, May 15, 2006 12:23 PM > To: 'MailScanner discussion' > Subject: RE: Retrieve quarantine email > > Rob > > Theres the quarantinereport > (http://www.fsl.com/support/QuarantineReport.tar.gz) > > Only works if you MTA is sendmail or exim as it needs to split emails with > multiple recipients into multiple emails with single recipients. > > -- QuarantineReport is still on our website and all are welcome to use it but we've stopped supporting this application since Steve Freegard added this function into MailWatch. MailWatch (free) and DefenderMX (not free) both have this functionality available. Only DefenderMX allows you to specify domains which get the quarantine report and a list of email addresses that do not get a quarantine report. I expect this will be added to a future release of MailWatch. Hope this helps Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From uxbod at splatnix.net Mon May 15 19:56:29 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Mon May 15 18:57:24 2006 Subject: Retrieve quarantine email In-Reply-To: <000101c6783e$680f5aa0$3004010a@martinhlaptop> References: <4468AE22.6010603@thehostmasters.com> <000101c6783e$680f5aa0$3004010a@martinhlaptop> Message-ID: <20060515185629.735a57f8@cyborg> DefenderMX is a interesting product especially as the screenie shows MailWatch ;) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Mon May 15 19:09:45 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon May 15 19:10:26 2006 Subject: MCP newbie question Message-ID: <4468C3E9.5010701@USherbrooke.ca> Hello all, I would like to get proactive and create special SA rules for phishing attempts on our local banks. Problem is I don't get all those phishing emails myself... so I thought about MCP... The %mcp-dir%/mcp.spam.assassin.prefs.conf file will contain pretty general rules that could match on legitimate emails. I want my filtering as unintrusive as possible: I would like to receive copies of emails without the end-users even knowing about it. This is how I would configure MS: MCP Checks = yes Non MCP Actions = deliver MCP Actions = deliver forward myself@usherbrooke.ca High Scoring MCP Actions = deliver forward myself@usherbrooke.ca Bounce MCP As Attachment = no MCP Modify Subject = no High Scoring MCP Modify Subject = no Always Include MCP Report = no Detailed MCP Report = yes Include Scores In MCP Report = yes Now for these 2: Recipient MCP Report = %report-dir%/recipient.mcp.report.txt Sender MCP Report = %report-dir%/sender.mcp.report.txt What should I do about them? Nuke them? Thanks! Denis PS: what is "MCP Error Score = 1" about? -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060515/a17bc621/smime.bin From paul at welshfamily.com Mon May 15 19:20:30 2006 From: paul at welshfamily.com (Paul Welsh) Date: Mon May 15 19:20:43 2006 Subject: Net::DNS::Resolver not available In-Reply-To: <2BD3058086A2A44896622E7CB3720BC2AFBB70@DRIFTWOOD.corporate.paccoast.com> Message-ID: <200605151820.k4FIKfOg018884@bkserver.blacknight.ie> Hi all I upgraded ClamAV last night using the ClamAV 0.88.2 and SpamAssassin 3.1.1 easy installation package (http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz) from http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml. Unfortunately, something is now broken. Spam isn't being detected because Net::DNS::Resolver isn't available. I know this because I ran spamassassin in test mode against a sample message that made it through: [12190] dbg: dns: is Net::DNS::Resolver available? No Any ideas on how to fix this one? ClamAV is still finding infections, so that's good. I upgraded to Version 4.53.8-1 just now, but the Resolver module didn't get fixed. I'm running CentOS 4. From michele at blacknight.ie Mon May 15 19:56:17 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Mon May 15 19:56:20 2006 Subject: Net::DNS::Resolver not available In-Reply-To: <200605151820.k4FIKfOg018884@bkserver.blacknight.ie> References: <200605151820.k4FIKfOg018884@bkserver.blacknight.ie> Message-ID: <4468CED1.4050700@blacknight.ie> Paul Welsh wrote: > Hi all > > I upgraded ClamAV last night using the ClamAV 0.88.2 and SpamAssassin 3.1.1 > easy installation package > (http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz) > from http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml. > > Unfortunately, something is now broken. Spam isn't being detected because > Net::DNS::Resolver isn't available. I know this because I ran spamassassin > in test mode against a sample message that made it through: > > [12190] dbg: dns: is Net::DNS::Resolver available? No > > Any ideas on how to fix this one? > > ClamAV is still finding infections, so that's good. > > I upgraded to Version 4.53.8-1 just now, but the Resolver module didn't get > fixed. > > I'm running CentOS 4. > Have you tried upgrading Net::DNS? If DNS is available and working you can always override the setting I think ........ -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From steve.swaney at fsl.com Mon May 15 19:58:20 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Mon May 15 19:58:27 2006 Subject: :DNS::Resolver not available In-Reply-To: <200605151820.k4FIKfOg018884@bkserver.blacknight.ie> Message-ID: <05a501c67851$88b623c0$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Paul Welsh > Sent: Monday, May 15, 2006 2:21 PM > To: 'MailScanner discussion' > Subject: Net::DNS::Resolver not available > > Hi all > > I upgraded ClamAV last night using the ClamAV 0.88.2 and SpamAssassin > 3.1.1 > easy installation package > (http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam- > SA.tar.gz) > from http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml. > > Unfortunately, something is now broken. Spam isn't being detected because > Net::DNS::Resolver isn't available. I know this because I ran > spamassassin > in test mode against a sample message that made it through: > > [12190] dbg: dns: is Net::DNS::Resolver available? No > > Any ideas on how to fix this one? > > ClamAV is still finding infections, so that's good. > > I upgraded to Version 4.53.8-1 just now, but the Resolver module didn't > get > fixed. > > I'm running CentOS 4. > I'd use CPAN to Install Net::DNS. Also Do you have an empty directory: /var/lib/spamassassin/3.001001/updates_spamassassin_org If so remove that directory and make sure that the /etc/cron.daily/sa-learn cron-job is disabled and search the recent list archives for "sa-learn". Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From MailScanner at ecs.soton.ac.uk Mon May 15 20:15:48 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 15 20:16:05 2006 Subject: Net::DNS::Resolver not available In-Reply-To: <200605151820.k4FIKfOg018884@bkserver.blacknight.ie> References: <200605151820.k4FIKfOg018884@bkserver.blacknight.ie> Message-ID: <4468D364.4090609@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Download the updated version I just put there and you'll find this is fixed. Paul Welsh wrote: > Hi all > > I upgraded ClamAV last night using the ClamAV 0.88.2 and SpamAssassin 3.1.1 > easy installation package > (http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz) > from http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml. > > Unfortunately, something is now broken. Spam isn't being detected because > Net::DNS::Resolver isn't available. I know this because I ran spamassassin > in test mode against a sample message that made it through: > > [12190] dbg: dns: is Net::DNS::Resolver available? No > > Any ideas on how to fix this one? > > ClamAV is still finding infections, so that's good. > > I upgraded to Version 4.53.8-1 just now, but the Resolver module didn't get > fixed. > > I'm running CentOS 4. > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGjTZhH2WUcUFbZUEQLuHgCgh91YRrXCfj5vTrxbVRaFXDFarLQAnA9P 3r5376kN+x2N2o+EzIQ2duKB =cMqj -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From paul at welshfamily.com Mon May 15 20:16:50 2006 From: paul at welshfamily.com (Paul Welsh) Date: Mon May 15 20:17:00 2006 Subject: :DNS::Resolver not available Message-ID: <200605151916.k4FJGxD4020528@bkserver.blacknight.ie> I just ran: sa-update --debug and it is very broken: # sa-update --debug Can't locate Net/IP.pm in @INC (@INC contains: /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5 /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4 /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl) at /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Net/DNS/Resolver/Base .pm line 24. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Net/DNS/Resolver/Base .pm line 24. Compilation failed in require at /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Net/DNS/Resolver/UNIX .pm line 9. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Net/DNS/Resolver/UNIX .pm line 9. Compilation failed in require at /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Net/DNS/Resolver.pm line 19. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Net/DNS/Resolver.pm line 22. Compilation failed in require at /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Net/DNS.pm line 66. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Net/DNS.pm line 66. Compilation failed in require at /usr/bin/sa-update line 78. BEGIN failed--compilation aborted at /usr/bin/sa-update line 78. From maillists at conactive.com Mon May 15 20:31:23 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon May 15 20:31:36 2006 Subject: Net::DNS::Resolver not available In-Reply-To: <200605151820.k4FIKfOg018884@bkserver.blacknight.ie> References: <200605151820.k4FIKfOg018884@bkserver.blacknight.ie> Message-ID: Paul Welsh wrote on Mon, 15 May 2006 19:20:30 +0100: > [12190] dbg: dns: is Net::DNS::Resolver available? No Are you sure it was installed before? rpm -q perl-Net-DNS says what? > I'm running CentOS 4. Use ClamAV from kbs-Centos-Extras. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon May 15 20:31:23 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon May 15 20:31:38 2006 Subject: MCP newbie question In-Reply-To: <4468C3E9.5010701@USherbrooke.ca> References: <4468C3E9.5010701@USherbrooke.ca> Message-ID: Denis Beauchemin wrote on Mon, 15 May 2006 14:09:45 -0400: > I would like to get proactive and create special SA rules for phishing > attempts on our local banks. > > Problem is I don't get all those phishing emails myself... so I thought > about MCP... Do you know Mailwatch? ClamAV detects many Phishing Mails and MailScanner shows them as {Phishing}. You can just scan the Mailwatch display or write a script that rips the data out of that database. No need for MCP, unless phishing for your local banks would not get detected by the existing rules, of course. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From Denis.Beauchemin at USherbrooke.ca Mon May 15 20:50:50 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon May 15 20:51:21 2006 Subject: MCP newbie question In-Reply-To: References: <4468C3E9.5010701@USherbrooke.ca> Message-ID: <4468DB9A.4070607@USherbrooke.ca> Kai Schaetzl a ?crit : > Denis Beauchemin wrote on Mon, 15 May 2006 14:09:45 -0400: > > >> I would like to get proactive and create special SA rules for phishing >> attempts on our local banks. >> >> Problem is I don't get all those phishing emails myself... so I thought >> about MCP... >> > > Do you know Mailwatch? ClamAV detects many Phishing Mails and MailScanner > shows them as {Phishing}. You can just scan the Mailwatch display or write > a script that rips the data out of that database. > > No need for MCP, unless phishing for your local banks would not get > detected by the existing rules, of course. > > Kai > > Kai, I already use Clam + www.sanesecurity.com Clam phishing sigs. I thought this would make the emails detected as viruses and thus destroyed. But my users are still complaining about phishing attempts (most of them in French). My users would like me to delete these emails before they even reach them. That's why I inquired about MCP. What would MailWatch do for me? I want to be able to look at the emails to create new SA rules that would make the phishing attempts go to the bit bucket. I think MW would just give me the same info I already have in my maillog, which lacks the message body. Thanks! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060515/51e8fa31/smime.bin From Denis.Beauchemin at USherbrooke.ca Mon May 15 21:11:14 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon May 15 21:11:33 2006 Subject: Error in install-Clam-SA Message-ID: <4468E062.2030500@USherbrooke.ca> Hello, I just used the latest install-Clam-SA script on a brand new RHEL 4 server and I got the following errors about Clam: WARNING ------------------------------------------------ WARNING You have an older version of clamav or WARNING clamav-config is not in your path WARNING If you get compile errors you will either WARNING need to upgrade clamav to atleast 0.73 WARNING or make sure clamav-config is in your path WARNING ------------------------------------------------ Checking if your kit is complete... Looks good Note (probably harmless): No library found for -lclamav Writing Makefile for Mail::ClamAV cp ClamAV.pm blib/lib/Mail/ClamAV.pm /usr/bin/perl -Mblib -MInline=NOISY,_INSTALL_ -MMail::ClamAV -e1 0.17 blib/arch Starting Build Prepocess Stage Finished Build Prepocess Stage Starting Build Parse Stage Finished Build Parse Stage Starting Build Glue 1 Stage Finished Build Glue 1 Stage Starting Build Glue 2 Stage Finished Build Glue 2 Stage Starting Build Glue 3 Stage Finished Build Glue 3 Stage Starting Build Compile Stage Starting "perl Makefile.PL" Stage Note (probably harmless): No library found for -lclamav Writing Makefile for Mail::ClamAV Finished "perl Makefile.PL" Stage Starting "make" Stage make[1]: Entering directory `/tmp/Mail-ClamAV-0.17/_Inline/build/Mail/ClamAV' /usr/bin/perl /usr/lib/perl5/5.8.5/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.8.5/ExtUtils/typemap ClamAV.xs > ClamAV.xsc && mv ClamAV.xsc ClamAV.c gcc -c -I/tmp/Mail-ClamAV-0.17 -I/usr/include -D_REENTRANT -D_GNU_SOURCE -DDEBUGGING -fno-strict-aliasing -pipe -I/usr/loca l/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -m32 -march=i386 -mtune=pentium4 -DVERSION=\"0.17\" -DXS_VERSION=\"0.17\" -fPIC "-I/usr/lib/perl5/5.8.5/i386-linux-thread-multi/CORE" ClamAV.c ClamAV.xs:11:20: clamav.h: No such file or directory ClamAV.xs:19: error: field `limits' has incomplete type ClamAV.xs:20: error: field `st' has incomplete type ClamAV.xs: In function `clamav_perl_new': ClamAV.xs:48: error: invalid application of `sizeof' to incomplete type `cl_stat' ClamAV.xs: In function `clamav_perl__scanbuff': ClamAV.xs:180: error: `CL_VIRUS' undeclared (first use in this function) ClamAV.xs:180: error: (Each undeclared identifier is reported only once ClamAV.xs:180: error: for each function it appears in.) ClamAV.xs:182: error: `CL_CLEAN' undeclared (first use in this function) ClamAV.xs:185: warning: passing arg 3 of `Perl_sv_setpv' makes pointer from integer without a cast ClamAV.xs: In function `clamav_perl__scanfd': ClamAV.xs:224: error: `CL_VIRUS' undeclared (first use in this function) ClamAV.xs:226: error: `CL_CLEAN' undeclared (first use in this function) ClamAV.xs:229: warning: passing arg 3 of `Perl_sv_setpv' makes pointer from integer without a cast ClamAV.xs: In function `clamav_perl__scanfile': ClamAV.xs:265: error: `CL_VIRUS' undeclared (first use in this function) ClamAV.xs:267: error: `CL_CLEAN' undeclared (first use in this function) ClamAV.xs:270: warning: passing arg 3 of `Perl_sv_setpv' makes pointer from integer without a cast ClamAV.xs: In function `error': ClamAV.xs:293: warning: assignment makes pointer from integer without a cast ClamAV.xs: In function `clamav_perl_constant': ClamAV.xs:300: error: `CL_CLEAN' undeclared (first use in this function) ClamAV.xs:301: error: `CL_VIRUS' undeclared (first use in this function) ClamAV.xs:303: error: `CL_EMAXREC' undeclared (first use in this function) ClamAV.xs:304: error: `CL_EMAXSIZE' undeclared (first use in this function) ClamAV.xs:305: error: `CL_EMAXFILES' undeclared (first use in this function) ClamAV.xs:306: error: `CL_ERAR' undeclared (first use in this function) ClamAV.xs:307: error: `CL_EZIP' undeclared (first use in this function) ClamAV.xs:308: error: `CL_EMALFZIP' undeclared (first use in this function) ClamAV.xs:309: error: `CL_EGZIP' undeclared (first use in this function) ClamAV.xs:310: error: `CL_EBZIP' undeclared (first use in this function) ClamAV.xs:311: error: `CL_EOLE2' undeclared (first use in this function) undeclared (first use in this function) ClamAV.xs:313: error: `CL_EMSCAB' undeclared (first use in this function) ClamAV.xs:314: error: `CL_EACCES' undeclared (first use in this function) ClamAV.xs:315: error: `CL_ENULLARG' undeclared (first use in this function) ClamAV.xs:317: error: `CL_ETMPFILE' undeclared (first use in this function) ClamAV.xs:318: error: `CL_EFSYNC' undeclared (first use in this function) ClamAV.xs:319: error: `CL_EMEM' undeclared (first use in this function) ClamAV.xs:320: error: `CL_EOPEN' undeclared (first use in this function) ClamAV.xs:321: error: `CL_EMALFDB' undeclared (first use in this function) ClamAV.xs:322: error: `CL_EPATSHORT' undeclared (first use in this function) ClamAV.xs:323: error: `CL_ETMPDIR' undeclared (first use in this function) ClamAV.xs:324: error: `CL_ECVD' undeclared (first use in this function) ClamAV.xs:325: error: `CL_ECVDEXTR' undeclared (first use in this function) ClamAV.xs:326: error: `CL_EMD5' undeclared (first use in this function) ClamAV.xs:327: error: `CL_EDSIG' undeclared (first use in this function) ClamAV.xs:328: error: `CL_EIO' undeclared (first use in this function) ClamAV.xs:329: error: `CL_EFORMAT' undeclared (first use in this function) ClamAV.xs:331: error: `CL_SCAN_RAW' undeclared (first use in this function) ClamAV.xs:332: error: `CL_SCAN_ARCHIVE' undeclared (first use in this function) ClamAV.xs:333: error: `CL_SCAN_MAIL' undeclared (first use in this function) ClamAV.xs:334: error: `CL_SCAN_DISABLERAR' undeclared (first use in this function) ClamAV.xs:335: error: `CL_SCAN_OLE2' undeclared (first use in this function) ClamAV.xs:336: error: `CL_SCAN_BLOCKENCRYPTED' undeclared (first use in this function) ClamAV.xs:337: error: `CL_SCAN_HTML' undeclared (first use in this function) ClamAV.xs:338: error: `CL_SCAN_PE' undeclared (first use in this function) ClamAV.xs:339: error: `CL_SCAN_BLOCKBROKEN' undeclared (first use in this function) ClamAV.xs:340: error: `CL_SCAN_MAILURL' undeclared (first use in this function) ClamAV.xs:341: error: `CL_SCAN_BLOCKMAX' undeclared (first use in this function) ClamAV.xs:343: error: `CL_SCAN_STDOPT' undeclared (first use in this function) make[1]: *** [ClamAV.o] Error 1 make[1]: Leaving directory `/tmp/Mail-ClamAV-0.17/_Inline/build/Mail/ClamAV' A problem was encountered while attempting to compile and install your Inline C code. The command that failed was: make The build directory was: /tmp/Mail-ClamAV-0.17/_Inline/build/Mail/ClamAV To debug the problem, cd to the build directory, and inspect the output files. at /tmp/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 193 BEGIN failed--compilation aborted at /tmp/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 537. Compilation failed in require. BEGIN failed--compilation aborted. make: *** [ClamAV.inl] Error 2 What's causing this and how can I fix it? Thanks! -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060515/ef57404f/smime.bin From paul at welshfamily.com Mon May 15 21:53:40 2006 From: paul at welshfamily.com (Paul Welsh) Date: Mon May 15 21:53:47 2006 Subject: Net::DNS::Resolver not available Message-ID: <200605152053.k4FKrjj9023309@bkserver.blacknight.ie> > -----Original Message----- > Julian Field MailScanner at ecs.soton.ac.uk > Mon May 15 20:15:48 IST 2006 > Download the updated version I just put there and you'll find this is fixed. Ta very much, Julian. I downloaded the new http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz, ran it and all is now working. Thanks also to Michele, Stephen and Kai for the very quick responses. From maillists at conactive.com Mon May 15 22:01:20 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon May 15 22:01:13 2006 Subject: MCP newbie question In-Reply-To: <4468DB9A.4070607@USherbrooke.ca> References: <4468C3E9.5010701@USherbrooke.ca> <4468DB9A.4070607@USherbrooke.ca> Message-ID: Denis Beauchemin wrote on Mon, 15 May 2006 15:50:50 -0400: > I already use Clam + www.sanesecurity.com Clam phishing sigs. I thought > this would make the emails detected as viruses and thus destroyed. But > my users are still complaining about phishing attempts (most of them in > French). I see, it's very much possible that French gets mostly thru undetected (as other languages probably as well). > > My users would like me to delete these emails before they even reach > them. That's why I inquired about MCP. Maybe I misunderstood your sentence "I would like to receive copies of emails without the end-users even knowing about it." That indicated to me that you want them to receive the mail like normal, but you want a copy (so you can test if your filter rules would work. What you actually want is add extra rules that catch more phishing, especially in French, than now gets caught? Is that correct? Then I wonder why you want to use MCP for this. MCP is an *extra* spamassassin run with a different ruleset. Why not just add your extra rules to your first spamassassin run? > > What would MailWatch do for me? I want to be able to look at the emails > to create new SA rules that would make the phishing attempts go to the > bit bucket. I think MW would just give me the same info I already have > in my maillog, which lacks the message body. No, it gives you just that what you want if you let MailScanner store all messages in the quarantine. And, frankly, even without the bodies there's quite much more you see/get with Mailwatch than what's in your maillog. Try it. Deleting messages is scary in my eyes, anyway. You *will* get false positives. By using a quarantine you avoid the problem that you may delete false positives. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon May 15 22:01:21 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon May 15 22:01:15 2006 Subject: Error in install-Clam-SA In-Reply-To: <4468E062.2030500@USherbrooke.ca> References: <4468E062.2030500@USherbrooke.ca> Message-ID: Denis Beauchemin wrote on Mon, 15 May 2006 16:11:14 -0400: > I just used the latest install-Clam-SA script on a brand new RHEL 4 ClamAV is available from rpmforge and can be easily installed/updated with yum. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From jd at bentecmed.com Mon May 15 21:59:07 2006 From: jd at bentecmed.com (JD Doelitzsch) Date: Mon May 15 22:04:22 2006 Subject: connection refused by 127.0.0.1 In-Reply-To: Message-ID: Im getting alot of messages filling up my logs with status deferred connection refused by 127.0.0.1 why would MS send to its loopback? and why wouldn't it accept it? -JD From Denis.Beauchemin at USherbrooke.ca Mon May 15 22:17:54 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon May 15 22:18:13 2006 Subject: MCP newbie question In-Reply-To: References: <4468C3E9.5010701@USherbrooke.ca> <4468DB9A.4070607@USherbrooke.ca> Message-ID: <4468F002.9020409@USherbrooke.ca> Kai Schaetzl a ?crit : > Denis Beauchemin wrote on Mon, 15 May 2006 15:50:50 -0400: > > >> I already use Clam + www.sanesecurity.com Clam phishing sigs. I thought >> this would make the emails detected as viruses and thus destroyed. But >> my users are still complaining about phishing attempts (most of them in >> French). >> > > I see, it's very much possible that French gets mostly thru undetected (as > other languages probably as well). > > >> >> My users would like me to delete these emails before they even reach >> them. That's why I inquired about MCP. >> > > Maybe I misunderstood your sentence "I would like to receive copies of > emails without the end-users even knowing about it." That indicated to me > that you want them to receive the mail like normal, but you want a copy (so > you can test if your filter rules would work. What you actually want is add > extra rules that catch more phishing, especially in French, than now gets > caught? Is that correct? Then I wonder why you want to use MCP for this. > MCP is an *extra* spamassassin run with a different ruleset. Why not just > add your extra rules to your first spamassassin run? > > >> >> What would MailWatch do for me? I want to be able to look at the emails >> to create new SA rules that would make the phishing attempts go to the >> bit bucket. I think MW would just give me the same info I already have >> in my maillog, which lacks the message body. >> > > No, it gives you just that what you want if you let MailScanner store all > messages in the quarantine. And, frankly, even without the bodies there's > quite much more you see/get with Mailwatch than what's in your maillog. Try > it. Deleting messages is scary in my eyes, anyway. You *will* get false > positives. By using a quarantine you avoid the problem that you may delete > false positives. > > Kai > > Kai, You understood correctly the FIRST time. I don't have any SA rule right now that catches the phishing attempts. I would like to be able to look at emails with strings such as "banque royale", "CIBC", etc which are our local bank names. Of course I could not block all emails with these strings. But if I can get hold of all emails with these strings I will be able to write SA rules that will delete the phishing emails targeted to those banks. And I don't want to archive all emails that come into my servers because we process more than 80K messages/day. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060515/e44b472f/smime.bin From Denis.Beauchemin at USherbrooke.ca Mon May 15 22:18:49 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon May 15 22:19:05 2006 Subject: Error in install-Clam-SA In-Reply-To: References: <4468E062.2030500@USherbrooke.ca> Message-ID: <4468F039.6090704@USherbrooke.ca> Kai Schaetzl a ?crit : > Denis Beauchemin wrote on Mon, 15 May 2006 16:11:14 -0400: > > >> I just used the latest install-Clam-SA script on a brand new RHEL 4 >> > > ClamAV is available from rpmforge and can be easily installed/updated with > yum. > > Kai > > I know that but it usually works just fine with Julian's installer. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060515/1a5f50c2/smime.bin From vanhorn at whidbey.com Mon May 15 22:24:03 2006 From: vanhorn at whidbey.com (G. Armour Van Horn) Date: Mon May 15 22:24:10 2006 Subject: Mail disaster - semi-new system In-Reply-To: <58347C8C-B841-40EB-BCA5-54B680456E5B@ecs.soton.ac.uk> References: <4455D428.6020502@ecs.soton.ac.uk> <58347C8C-B841-40EB-BCA5-54B680456E5B@ecs.soton.ac.uk> Message-ID: <4468F173.1000207@whidbey.com> I've been pulling my hair out for a couple of days, and decided that tracking down "the usual suspect" either isn't sufficient here, or I've been pulling out brains along with the hair. Because one of my servers was compromised I had to rebuild it. I copied most of /usr /etc/ and /home to a second disk and installed Fedora Core 5 on the primary disk. I got BIND and Apache running before I even started on mail, which in this case is 8.13.5. With the firewall still turned on so no mail traffic was getting to the box, I downloaded and installed the current f-prot (manual rpm install) and clamav (yum install) RPMs, then downloaded MailScanner 4.53.8. I had brought over most of my old MailScanner configuration files prior to installing MailScanner, but I went through most of MailScanner.conf to make sure things made sense, then started it up and disabled the firewall. I had to edit the Sendmail config that keeps you from receiving mail from outside, of course. At this point, no mail is coming in to the local mail spool. The files that are sitting there from last week have been carefully set to the correct ownership (username:mail) but nothing is being added to them. Mail to users who don't currently have files in /var/spool/mail do not result in new files being created. the maillog is getting lots of entries like this one: May 15 14:16:22 verbose sendmail[9479]: k4FLCHkZ009386: to=, delay=00:04:04, xdelay=00:00:00, mailer=local, pri=216546, dsn=4.0.0, stat=Deferred: local mailer (/usr/bin/procmail) exited with EX_TEMPFAIL The error appears to be the same whether the user is one of those that has a file in /var/spool/mail or not. Procmail is running, apparently, and is version 3.22. I can find no trace of a procmail log, nor have I been able to learn how to enable procmail logging. (Everything I come up with talks about how to control a user's personal procmail log, not a global/system one.) At one point I was getting errors from clamav that there was no user clamav (the installer had ignored that and proceeded as root). I finally removed clamav from the MailScanner.conf list of virus scanners. At least that eliminated those log entries. The natives are getting restless, and I'm frustrated beyond measure. I'm sure there's some obvious step I've ommitted and am hoping that one of you can tell me just how stupid I am - preferrably while telling me what the ommitted step should have been! Van -- ---------------------------------------------------------- Sign up now for Quotes of the Day, a handful of quotations on a theme delivered every morning. Enlightenment! Daily, for free! mailto:twisted@whidbey.com?subject=Subscribe_QOTD For photography, web design, hosting, and maintenance, visit Van's home page: http://www.domainvanhorn.com/van/ ----------------------------------------------------------- From Kevin_Miller at ci.juneau.ak.us Mon May 15 22:24:57 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon May 15 22:25:03 2006 Subject: connection refused by 127.0.0.1 Message-ID: JD Doelitzsch wrote: > Im getting alot of messages filling up my logs with status deferred > connection refused by 127.0.0.1 why would MS send to its loopback? > and why wouldn't it accept it? > > -JD Don't know if it's the case here, but check the domain. I had a case some time ago where the spammer had a MX records in their DNS that resolved to 127.0.0.1 so any reply mail/bounces, etc. would never leave the server. Pretty sleazy. I blacklisted the domain in sendmail's access table. May be something similar going on here... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From doc at maddoc.net Mon May 15 22:25:37 2006 From: doc at maddoc.net (Doc Schneider) Date: Mon May 15 22:25:44 2006 Subject: connection refused by 127.0.0.1 In-Reply-To: References: Message-ID: <4468F1D1.1090007@maddoc.net> JD Doelitzsch wrote: > Im getting alot of messages filling up my logs with status deferred > connection refused by 127.0.0.1 why would MS send to its loopback? and why > wouldn't it accept it? > > -JD > > You need to add 127.0.0.1 to your access file: 127.0.0.1 (needs a tab) OK Then make in your /etc/mail directory. This is presuming you're using sendmail. -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From mrm at medicine.wisc.edu Mon May 15 22:26:18 2006 From: mrm at medicine.wisc.edu (Michael Masse) Date: Mon May 15 22:26:42 2006 Subject: img src tag filtering Message-ID: Running 4.53.8-1 and have upgraded a few times within the last couple of weeks to keep up with the bug fixes. Sometime within that last couple of weeks the mailscanner has started to completely strip out ALL remote images instead of just web bugs. Personally I think it's great, but people who receive online newpapers and such are not happy at all. Telling them to complain to the senders instead isn't winning me any bonus points. I've searched for all of the keywords I could think of that might be relevant in mailscanner.conf but can't find anything. Enabling web bugs doesn't make any difference either. Can someone tell me the config option to change the behaviour of remote image stripping? Mike From doc at maddoc.net Mon May 15 22:29:14 2006 From: doc at maddoc.net (Doc Schneider) Date: Mon May 15 22:29:21 2006 Subject: sa-stats ?? Message-ID: <4468F2AA.40105@maddoc.net> I use sa-stats.pl from the SARE site to generate stats for my mailers, however, the one running MailScanner doesn't generate anything. Is there such a beasty for MailScanners maillog? Thanks! -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From mike at vesol.com Mon May 15 22:38:54 2006 From: mike at vesol.com (Mike Kercher) Date: Mon May 15 22:39:14 2006 Subject: Mail disaster - semi-new system Message-ID: mailscanner-bounces@lists.mailscanner.info <> scribbled on : > I've been pulling my hair out for a couple of days, and > decided that tracking down "the usual suspect" either isn't > sufficient here, or I've been pulling out brains along with the hair. > > Because one of my servers was compromised I had to rebuild > it. I copied most of /usr /etc/ and /home to a second disk > and installed Fedora Core > 5 on the primary disk. I got BIND and Apache running before I > even started on mail, which in this case is 8.13.5. > > With the firewall still turned on so no mail traffic was > getting to the box, I downloaded and installed the current > f-prot (manual rpm install) and clamav (yum install) RPMs, > then downloaded MailScanner 4.53.8. > > I had brought over most of my old MailScanner configuration > files prior to installing MailScanner, but I went through > most of MailScanner.conf to make sure things made sense, then > started it up and disabled the firewall. > > I had to edit the Sendmail config that keeps you from > receiving mail from outside, of course. > > At this point, no mail is coming in to the local mail spool. > The files that are sitting there from last week have been > carefully set to the correct ownership (username:mail) but > nothing is being added to them. > Mail to users who don't currently have files in > /var/spool/mail do not result in new files being created. > > the maillog is getting lots of entries like this one: > May 15 14:16:22 verbose sendmail[9479]: k4FLCHkZ009386: > to=, delay=00:04:04, > xdelay=00:00:00, mailer=local, pri=216546, dsn=4.0.0, > stat=Deferred: local mailer > (/usr/bin/procmail) exited with EX_TEMPFAIL > > The error appears to be the same whether the user is one of > those that has a file in /var/spool/mail or not. > > Procmail is running, apparently, and is version 3.22. I can > find no trace of a procmail log, nor have I been able to > learn how to enable procmail logging. (Everything I come up > with talks about how to control a user's personal procmail > log, not a global/system one.) > > At one point I was getting errors from clamav that there was > no user clamav (the installer had ignored that and proceeded > as root). I finally removed clamav from the MailScanner.conf > list of virus scanners. At least that eliminated those log entries. > > The natives are getting restless, and I'm frustrated beyond > measure. I'm sure there's some obvious step I've ommitted and > am hoping that one of you can tell me just how stupid I am - > preferrably while telling me what the ommitted step should have been! > > Van > Are there any messages being sent to the postmaster@ account on that box? What is the filesize of /var/spool/mail/root? Are there any procmail rules running? Have you tried to enable logging within procmail? Mike From mike at vesol.com Mon May 15 22:43:03 2006 From: mike at vesol.com (Mike Kercher) Date: Mon May 15 22:43:23 2006 Subject: Mail disaster - semi-new system Message-ID: mailscanner-bounces@lists.mailscanner.info <> scribbled on : > I've been pulling my hair out for a couple of days, and > decided that tracking down "the usual suspect" either isn't > sufficient here, or I've been pulling out brains along with the hair. > > Because one of my servers was compromised I had to rebuild > it. I copied most of /usr /etc/ and /home to a second disk > and installed Fedora Core > 5 on the primary disk. I got BIND and Apache running before I > even started on mail, which in this case is 8.13.5. > > With the firewall still turned on so no mail traffic was > getting to the box, I downloaded and installed the current > f-prot (manual rpm install) and clamav (yum install) RPMs, > then downloaded MailScanner 4.53.8. > > I had brought over most of my old MailScanner configuration > files prior to installing MailScanner, but I went through > most of MailScanner.conf to make sure things made sense, then > started it up and disabled the firewall. > > I had to edit the Sendmail config that keeps you from > receiving mail from outside, of course. > > At this point, no mail is coming in to the local mail spool. > The files that are sitting there from last week have been > carefully set to the correct ownership (username:mail) but > nothing is being added to them. > Mail to users who don't currently have files in > /var/spool/mail do not result in new files being created. > > the maillog is getting lots of entries like this one: > May 15 14:16:22 verbose sendmail[9479]: k4FLCHkZ009386: > to=, delay=00:04:04, > xdelay=00:00:00, mailer=local, pri=216546, dsn=4.0.0, > stat=Deferred: local mailer > (/usr/bin/procmail) exited with EX_TEMPFAIL > > The error appears to be the same whether the user is one of > those that has a file in /var/spool/mail or not. > > Procmail is running, apparently, and is version 3.22. I can > find no trace of a procmail log, nor have I been able to > learn how to enable procmail logging. (Everything I come up > with talks about how to control a user's personal procmail > log, not a global/system one.) > > At one point I was getting errors from clamav that there was > no user clamav (the installer had ignored that and proceeded > as root). I finally removed clamav from the MailScanner.conf > list of virus scanners. At least that eliminated those log entries. > > The natives are getting restless, and I'm frustrated beyond > measure. I'm sure there's some obvious step I've ommitted and > am hoping that one of you can tell me just how stupid I am - > preferrably while telling me what the ommitted step should have been! > > Van Also, give me the output of: grep procmail /etc/mail/sendmail.mc Mike From admin at thenamegame.com Mon May 15 22:55:40 2006 From: admin at thenamegame.com (Michael S.) Date: Mon May 15 22:54:27 2006 Subject: 3rd time asking, HOW DO I UNINSTALL MAILSCANNER FROM FREEBSD???????????? In-Reply-To: Message-ID: <200605152154.k4FLsOwv027012@bkserver.blacknight.ie> Then something is wrong with your setup. I maintain the port and use it on many installations and these problems have yet never occured anywhere. Maybe something is wrong with the latest version but up to this point no one complained. If you do a "make install" the port tells you exactly what it is doing. Maybe you put the stuff in a log and send it to me? Then I might be able to help. Again: bsdpan- things on my installations only show up for manually installed ports (which might happen if you run install.sh from the MailScanner.tgz btw.!). I might be wrong but I suspect you are. We are running a copy of Freebsd 5.4 on a new installation. We have never run install.sh. From the first time we ran make install from the mailscanner port directory the ERROR 1 code appeared. After trying to deinstall and reinstall it we had the same errors. While 90% of the files are copied the the proper directories during Error Code 1, many are not. Eg, in the work directory the following files were not copied. Mailscanner.sh Mta.sh File missing from /usr/local/etc/MailScanner/rules bounce.rules max.message.size.rules These are the files I know were not copied as I had to cp -> rules and to rc.d @comment $FreeBSD: ports/mail/mailscanner/pkg-plist,v 1.30 2006/05/05 10:38:02 garga Exp $ etc/MailScanner/country.domains.conf.sample etc/MailScanner/MailScanner.conf.sample etc/MailScanner/filename.rules.conf.sample etc/MailScanner/filetype.rules.conf.sample etc/MailScanner/mcp/10_example.cf.sample etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf.sample etc/MailScanner/rules/EXAMPLES etc/MailScanner/rules/README etc/MailScanner/rules/spam.whitelist.rules.sample etc/MailScanner/phishing.safe.sites.conf.sample etc/MailScanner/spam.assassin.prefs.conf.sample etc/MailScanner/spam.lists.conf.sample etc/MailScanner/virus.scanners.conf.sample lib/MailScanner/MailScanner.pm lib/MailScanner/MailScanner/BinHex.pm lib/MailScanner/MailScanner/Config.pm lib/MailScanner/MailScanner/ConfigDefs.pl lib/MailScanner/MailScanner/CustomConfig.pm lib/MailScanner/MailScanner/CustomFunctions/GenericSpamScanner.pm lib/MailScanner/MailScanner/CustomFunctions/MyExample.pm lib/MailScanner/MailScanner/CustomFunctions/DavidHooton.pm lib/MailScanner/MailScanner/CustomFunctions/ZMRouterDirHash.pm lib/MailScanner/MailScanner/Exim.pm lib/MailScanner/MailScanner/EximDiskStore.pm lib/MailScanner/MailScanner/GenericSpam.pm lib/MailScanner/MailScanner/Lock.pm lib/MailScanner/MailScanner/Log.pm lib/MailScanner/MailScanner/MCP.pm lib/MailScanner/MailScanner/MCPMessage.pm lib/MailScanner/MailScanner/Mail.pm lib/MailScanner/MailScanner/Message.pm lib/MailScanner/MailScanner/MessageBatch.pm lib/MailScanner/MailScanner/PFDiskStore.pm lib/MailScanner/MailScanner/Postfix.pm lib/MailScanner/MailScanner/QMDiskStore.pm lib/MailScanner/MailScanner/Qmail.pm lib/MailScanner/MailScanner/Quarantine.pm lib/MailScanner/MailScanner/Queue.pm lib/MailScanner/MailScanner/RBLs.pm lib/MailScanner/MailScanner/SA.pm lib/MailScanner/MailScanner/SMDiskStore.pm lib/MailScanner/MailScanner/Sendmail.pm lib/MailScanner/MailScanner/SweepContent.pm lib/MailScanner/MailScanner/SweepOther.pm lib/MailScanner/MailScanner/SweepViruses.pm lib/MailScanner/MailScanner/SystemDefs.pm lib/MailScanner/MailScanner/TNEF.pm lib/MailScanner/MailScanner/WorkArea.pm lib/MailScanner/MailScanner/ZMDiskStore.pm lib/MailScanner/MailScanner/ZMailer.pm lib/MailScanner/MailScanner/notes.txt libexec/MailScanner/analyse_SpamAssassin_cache libexec/MailScanner/clean.SA.cache libexec/MailScanner/clean.quarantine libexec/MailScanner/update_phishing_sites libexec/MailScanner/update_phishing_sites.cron libexec/MailScanner/update_virus_scanners libexec/MailScanner/update_virus_scanners.cron libexec/MailScanner/sa-update.cron libexec/MailScanner/antivir-autoupdate.sample libexec/MailScanner/antivir-wrapper.sample libexec/MailScanner/avg-autoupdate.sample libexec/MailScanner/avg-wrapper.sample libexec/MailScanner/bitdefender-autoupdate.sample libexec/MailScanner/bitdefender-wrapper.sample libexec/MailScanner/clamav-autoupdate.sample libexec/MailScanner/clamav-wrapper.sample libexec/MailScanner/command-wrapper.sample libexec/MailScanner/css-autoupdate.sample libexec/MailScanner/css-wrapper.sample libexec/MailScanner/drweb-wrapper.sample libexec/MailScanner/etrust-autoupdate.sample libexec/MailScanner/etrust-wrapper.sample libexec/MailScanner/f-prot-autoupdate.sample libexec/MailScanner/f-prot-wrapper.sample libexec/MailScanner/f-secure-autoupdate.sample libexec/MailScanner/f-secure-wrapper.sample libexec/MailScanner/generic-autoupdate.sample libexec/MailScanner/generic-wrapper.sample libexec/MailScanner/inoculan-autoupdate.sample libexec/MailScanner/inoculan-wrapper.sample libexec/MailScanner/inoculate-wrapper.sample libexec/MailScanner/kaspersky-autoupdate.sample libexec/MailScanner/kaspersky-wrapper.sample libexec/MailScanner/kavdaemonclient-wrapper.sample libexec/MailScanner/mcafee-autoupdate.sample libexec/MailScanner/mcafee-wrapper.sample libexec/MailScanner/nod32-autoupdate.sample libexec/MailScanner/nod32-wrapper.sample libexec/MailScanner/norman-autoupdate.sample libexec/MailScanner/norman-wrapper.sample libexec/MailScanner/panda-wrapper.sample libexec/MailScanner/panda-autoupdate.sample libexec/MailScanner/rav-autoupdate.sample libexec/MailScanner/rav-wrapper.sample libexec/MailScanner/sophos-autoupdate.sample libexec/MailScanner/sophos-wrapper.sample libexec/MailScanner/symscanengine-autoupdate.sample libexec/MailScanner/symscanengine-wrapper.sample libexec/MailScanner/trend-autoupdate.sample libexec/MailScanner/trend-wrapper.sample libexec/MailScanner/vexira-autoupdate.sample libexec/MailScanner/vexira-wrapper.sample sbin/mailscanner sbin/MailScanner %%DATADIR%%/reports/ca/rejection.report.txt.sample %%DATADIR%%/reports/ca/deleted.content.message.txt.sample %%DATADIR%%/reports/ca/deleted.filename.message.txt.sample %%DATADIR%%/reports/ca/deleted.virus.message.txt.sample %%DATADIR%%/reports/ca/disinfected.report.txt.sample %%DATADIR%%/reports/ca/inline.sig.html.sample %%DATADIR%%/reports/ca/inline.sig.txt.sample %%DATADIR%%/reports/ca/inline.spam.warning.txt.sample %%DATADIR%%/reports/ca/inline.warning.html.sample %%DATADIR%%/reports/ca/inline.warning.txt.sample %%DATADIR%%/reports/ca/languages.conf.sample %%DATADIR%%/reports/ca/recipient.mcp.report.txt.sample %%DATADIR%%/reports/ca/recipient.spam.report.txt.sample %%DATADIR%%/reports/ca/sender.content.report.txt.sample %%DATADIR%%/reports/ca/sender.error.report.txt.sample %%DATADIR%%/reports/ca/sender.filename.report.txt.sample %%DATADIR%%/reports/ca/sender.mcp.report.txt.sample %%DATADIR%%/reports/ca/sender.spam.rbl.report.txt.sample %%DATADIR%%/reports/ca/sender.spam.report.txt.sample %%DATADIR%%/reports/ca/sender.spam.sa.report.txt.sample %%DATADIR%%/reports/ca/sender.virus.report.txt.sample %%DATADIR%%/reports/ca/stored.content.message.txt.sample %%DATADIR%%/reports/ca/stored.filename.message.txt.sample %%DATADIR%%/reports/ca/stored.virus.message.txt.sample %%DATADIR%%/reports/cy+en/deleted.content.message.txt.sample %%DATADIR%%/reports/cy+en/deleted.filename.message.txt.sample %%DATADIR%%/reports/cy+en/deleted.virus.message.txt.sample %%DATADIR%%/reports/cy+en/disinfected.report.txt.sample %%DATADIR%%/reports/cy+en/inline.sig.html.sample %%DATADIR%%/reports/cy+en/inline.sig.txt.sample %%DATADIR%%/reports/cy+en/inline.spam.warning.txt.sample %%DATADIR%%/reports/cy+en/inline.warning.html.sample %%DATADIR%%/reports/cy+en/inline.warning.txt.sample %%DATADIR%%/reports/cy+en/languages.conf.sample %%DATADIR%%/reports/cy+en/recipient.mcp.report.txt.sample %%DATADIR%%/reports/cy+en/recipient.spam.report.txt.sample %%DATADIR%%/reports/cy+en/sender.content.report.txt.sample %%DATADIR%%/reports/cy+en/rejection.report.txt.sample %%DATADIR%%/reports/cy+en/sender.error.report.txt.sample %%DATADIR%%/reports/cy+en/sender.filename.report.txt.sample %%DATADIR%%/reports/cy+en/sender.mcp.report.txt.sample %%DATADIR%%/reports/cy+en/sender.spam.rbl.report.txt.sample %%DATADIR%%/reports/cy+en/sender.spam.report.txt.sample %%DATADIR%%/reports/cy+en/sender.spam.sa.report.txt.sample %%DATADIR%%/reports/cy+en/sender.virus.report.txt.sample %%DATADIR%%/reports/cy+en/stored.content.message.txt.sample %%DATADIR%%/reports/cy+en/stored.filename.message.txt.sample %%DATADIR%%/reports/cy+en/stored.virus.message.txt.sample %%DATADIR%%/reports/cz/deleted.content.message.txt.sample %%DATADIR%%/reports/cz/deleted.filename.message.txt.sample %%DATADIR%%/reports/cz/deleted.virus.message.txt.sample %%DATADIR%%/reports/cz/disinfected.report.txt.sample %%DATADIR%%/reports/cz/inline.sig.html.sample %%DATADIR%%/reports/cz/inline.sig.txt.sample %%DATADIR%%/reports/cz/inline.spam.warning.txt.sample %%DATADIR%%/reports/cz/inline.warning.html.sample %%DATADIR%%/reports/cz/inline.warning.txt.sample %%DATADIR%%/reports/cz/languages.conf.sample %%DATADIR%%/reports/cz/recipient.mcp.report.txt.sample %%DATADIR%%/reports/cz/recipient.spam.report.txt.sample %%DATADIR%%/reports/cz/sender.content.report.txt.sample %%DATADIR%%/reports/cz/rejection.report.txt.sample %%DATADIR%%/reports/cz/sender.error.report.txt.sample %%DATADIR%%/reports/cz/sender.filename.report.txt.sample %%DATADIR%%/reports/cz/sender.mcp.report.txt.sample %%DATADIR%%/reports/cz/sender.spam.rbl.report.txt.sample %%DATADIR%%/reports/cz/sender.spam.report.txt.sample %%DATADIR%%/reports/cz/sender.spam.sa.report.txt.sample %%DATADIR%%/reports/cz/sender.virus.report.txt.sample %%DATADIR%%/reports/cz/stored.content.message.txt.sample %%DATADIR%%/reports/cz/stored.filename.message.txt.sample %%DATADIR%%/reports/cz/stored.virus.message.txt.sample %%DATADIR%%/reports/de/README.1ST.sample %%DATADIR%%/reports/de/deleted.content.message.txt.sample %%DATADIR%%/reports/de/deleted.filename.message.txt.sample %%DATADIR%%/reports/de/deleted.virus.message.txt.sample %%DATADIR%%/reports/de/disinfected.report.txt.sample %%DATADIR%%/reports/de/inline.sig.html.sample %%DATADIR%%/reports/de/inline.sig.txt.sample %%DATADIR%%/reports/de/inline.spam.warning.txt.sample %%DATADIR%%/reports/de/inline.warning.html.sample %%DATADIR%%/reports/de/inline.warning.txt.sample %%DATADIR%%/reports/de/languages.conf.sample %%DATADIR%%/reports/de/recipient.mcp.report.txt.sample %%DATADIR%%/reports/de/recipient.spam.report.txt.sample %%DATADIR%%/reports/de/sender.content.report.txt.sample %%DATADIR%%/reports/de/rejection.report.txt.sample %%DATADIR%%/reports/de/sender.error.report.txt.sample %%DATADIR%%/reports/de/sender.filename.report.txt.sample %%DATADIR%%/reports/de/sender.mcp.report.txt.sample %%DATADIR%%/reports/de/sender.spam.rbl.report.txt.sample %%DATADIR%%/reports/de/sender.spam.report.txt.sample %%DATADIR%%/reports/de/sender.spam.sa.report.txt.sample %%DATADIR%%/reports/de/sender.virus.report.txt.sample %%DATADIR%%/reports/de/stored.content.message.txt.sample %%DATADIR%%/reports/de/stored.filename.message.txt.sample %%DATADIR%%/reports/de/stored.virus.message.txt.sample %%DATADIR%%/reports/dk/deleted.content.message.txt.sample %%DATADIR%%/reports/dk/deleted.filename.message.txt.sample %%DATADIR%%/reports/dk/deleted.virus.message.txt.sample %%DATADIR%%/reports/dk/disinfected.report.txt.sample %%DATADIR%%/reports/dk/inline.sig.html.sample %%DATADIR%%/reports/dk/inline.sig.txt.sample %%DATADIR%%/reports/dk/inline.spam.warning.txt.sample %%DATADIR%%/reports/dk/inline.warning.html.sample %%DATADIR%%/reports/dk/inline.warning.txt.sample %%DATADIR%%/reports/dk/languages.conf.sample %%DATADIR%%/reports/dk/recipient.mcp.report.txt.sample %%DATADIR%%/reports/dk/recipient.spam.report.txt.sample %%DATADIR%%/reports/dk/sender.content.report.txt.sample %%DATADIR%%/reports/dk/rejection.report.txt.sample %%DATADIR%%/reports/dk/sender.error.report.txt.sample %%DATADIR%%/reports/dk/sender.filename.report.txt.sample %%DATADIR%%/reports/dk/sender.mcp.report.txt.sample %%DATADIR%%/reports/dk/sender.spam.rbl.report.txt.sample %%DATADIR%%/reports/dk/sender.spam.report.txt.sample %%DATADIR%%/reports/dk/sender.spam.sa.report.txt.sample %%DATADIR%%/reports/dk/sender.virus.report.txt.sample %%DATADIR%%/reports/dk/stored.content.message.txt.sample %%DATADIR%%/reports/dk/stored.filename.message.txt.sample %%DATADIR%%/reports/dk/stored.virus.message.txt.sample %%DATADIR%%/reports/en/deleted.content.message.txt.sample %%DATADIR%%/reports/en/deleted.filename.message.txt.sample %%DATADIR%%/reports/en/deleted.virus.message.txt.sample %%DATADIR%%/reports/en/disinfected.report.txt.sample %%DATADIR%%/reports/en/inline.sig.html.sample %%DATADIR%%/reports/en/inline.sig.txt.sample %%DATADIR%%/reports/en/inline.spam.warning.txt.sample %%DATADIR%%/reports/en/inline.warning.html.sample %%DATADIR%%/reports/en/inline.warning.txt.sample %%DATADIR%%/reports/en/languages.conf.sample %%DATADIR%%/reports/en/recipient.mcp.report.txt.sample %%DATADIR%%/reports/en/recipient.spam.report.txt.sample %%DATADIR%%/reports/en/sender.content.report.txt.sample %%DATADIR%%/reports/en/rejection.report.txt.sample %%DATADIR%%/reports/en/sender.error.report.txt.sample %%DATADIR%%/reports/en/sender.filename.report.txt.sample %%DATADIR%%/reports/en/sender.mcp.report.txt.sample %%DATADIR%%/reports/en/sender.spam.rbl.report.txt.sample %%DATADIR%%/reports/en/sender.spam.report.txt.sample %%DATADIR%%/reports/en/sender.spam.sa.report.txt.sample %%DATADIR%%/reports/en/sender.virus.report.txt.sample %%DATADIR%%/reports/en/stored.content.message.txt.sample %%DATADIR%%/reports/en/stored.filename.message.txt.sample %%DATADIR%%/reports/en/stored.virus.message.txt.sample %%DATADIR%%/reports/es/deleted.content.message.txt.sample %%DATADIR%%/reports/es/deleted.filename.message.txt.sample %%DATADIR%%/reports/es/deleted.virus.message.txt.sample %%DATADIR%%/reports/es/disinfected.report.txt.sample %%DATADIR%%/reports/es/inline.sig.html.sample %%DATADIR%%/reports/es/inline.sig.txt.sample %%DATADIR%%/reports/es/inline.spam.warning.txt.sample %%DATADIR%%/reports/es/inline.warning.html.sample %%DATADIR%%/reports/es/inline.warning.txt.sample %%DATADIR%%/reports/es/languages.conf.sample %%DATADIR%%/reports/es/recipient.mcp.report.txt.sample %%DATADIR%%/reports/es/recipient.spam.report.txt.sample %%DATADIR%%/reports/es/rejection.report.txt.sample %%DATADIR%%/reports/es/sender.content.report.txt.sample %%DATADIR%%/reports/es/sender.error.report.txt.sample %%DATADIR%%/reports/es/sender.filename.report.txt.sample %%DATADIR%%/reports/es/sender.mcp.report.txt.sample %%DATADIR%%/reports/es/sender.spam.rbl.report.txt.sample %%DATADIR%%/reports/es/sender.spam.report.txt.sample %%DATADIR%%/reports/es/sender.spam.sa.report.txt.sample %%DATADIR%%/reports/es/sender.virus.report.txt.sample %%DATADIR%%/reports/es/stored.content.message.txt.sample %%DATADIR%%/reports/es/stored.filename.message.txt.sample %%DATADIR%%/reports/es/stored.virus.message.txt.sample %%DATADIR%%/reports/fr/deleted.content.message.txt.sample %%DATADIR%%/reports/fr/deleted.filename.message.txt.sample %%DATADIR%%/reports/fr/deleted.virus.message.txt.sample %%DATADIR%%/reports/fr/disinfected.report.txt.sample %%DATADIR%%/reports/fr/inline.sig.html.sample %%DATADIR%%/reports/fr/inline.sig.txt.sample %%DATADIR%%/reports/fr/inline.spam.warning.txt.sample %%DATADIR%%/reports/fr/inline.warning.html.sample %%DATADIR%%/reports/fr/inline.warning.txt.sample %%DATADIR%%/reports/fr/languages.conf.sample %%DATADIR%%/reports/fr/recipient.mcp.report.txt.sample %%DATADIR%%/reports/fr/recipient.spam.report.txt.sample %%DATADIR%%/reports/fr/rejection.report.txt.sample %%DATADIR%%/reports/fr/sender.content.report.txt.sample %%DATADIR%%/reports/fr/sender.error.report.txt.sample %%DATADIR%%/reports/fr/sender.filename.report.txt.sample %%DATADIR%%/reports/fr/sender.mcp.report.txt.sample %%DATADIR%%/reports/fr/sender.spam.rbl.report.txt.sample %%DATADIR%%/reports/fr/sender.spam.report.txt.sample %%DATADIR%%/reports/fr/sender.spam.sa.report.txt.sample %%DATADIR%%/reports/fr/sender.virus.report.txt.sample %%DATADIR%%/reports/fr/stored.content.message.txt.sample %%DATADIR%%/reports/fr/stored.filename.message.txt.sample %%DATADIR%%/reports/fr/stored.virus.message.txt.sample %%DATADIR%%/reports/hu/deleted.content.message.txt.sample %%DATADIR%%/reports/hu/deleted.filename.message.txt.sample %%DATADIR%%/reports/hu/deleted.virus.message.txt.sample %%DATADIR%%/reports/hu/disinfected.report.txt.sample %%DATADIR%%/reports/hu/inline.sig.html.sample %%DATADIR%%/reports/hu/inline.sig.txt.sample %%DATADIR%%/reports/hu/inline.spam.warning.txt.sample %%DATADIR%%/reports/hu/inline.warning.html.sample %%DATADIR%%/reports/hu/inline.warning.txt.sample %%DATADIR%%/reports/hu/languages.conf.sample %%DATADIR%%/reports/hu/recipient.mcp.report.txt.sample %%DATADIR%%/reports/hu/recipient.spam.report.txt.sample %%DATADIR%%/reports/hu/rejection.report.txt.sample %%DATADIR%%/reports/hu/sender.content.report.txt.sample %%DATADIR%%/reports/hu/sender.error.report.txt.sample %%DATADIR%%/reports/hu/sender.filename.report.txt.sample %%DATADIR%%/reports/hu/sender.mcp.report.txt.sample %%DATADIR%%/reports/hu/sender.spam.rbl.report.txt.sample %%DATADIR%%/reports/hu/sender.spam.report.txt.sample %%DATADIR%%/reports/hu/sender.spam.sa.report.txt.sample %%DATADIR%%/reports/hu/sender.virus.report.txt.sample %%DATADIR%%/reports/hu/stored.content.message.txt.sample %%DATADIR%%/reports/hu/stored.filename.message.txt.sample %%DATADIR%%/reports/hu/stored.virus.message.txt.sample %%DATADIR%%/reports/it/deleted.content.message.txt.sample %%DATADIR%%/reports/it/deleted.filename.message.txt.sample %%DATADIR%%/reports/it/deleted.virus.message.txt.sample %%DATADIR%%/reports/it/disinfected.report.txt.sample %%DATADIR%%/reports/it/inline.sig.html.sample %%DATADIR%%/reports/it/inline.sig.txt.sample %%DATADIR%%/reports/it/inline.spam.warning.txt.sample %%DATADIR%%/reports/it/inline.warning.html.sample %%DATADIR%%/reports/it/inline.warning.txt.sample %%DATADIR%%/reports/it/languages.conf.sample %%DATADIR%%/reports/it/recipient.mcp.report.txt.sample %%DATADIR%%/reports/it/recipient.spam.report.txt.sample %%DATADIR%%/reports/it/rejection.report.txt.sample %%DATADIR%%/reports/it/sender.content.report.txt.sample %%DATADIR%%/reports/it/sender.error.report.txt.sample %%DATADIR%%/reports/it/sender.filename.report.txt.sample %%DATADIR%%/reports/it/sender.mcp.report.txt.sample %%DATADIR%%/reports/it/sender.spam.rbl.report.txt.sample %%DATADIR%%/reports/it/sender.spam.report.txt.sample %%DATADIR%%/reports/it/sender.spam.sa.report.txt.sample %%DATADIR%%/reports/it/sender.virus.report.txt.sample %%DATADIR%%/reports/it/stored.content.message.txt.sample %%DATADIR%%/reports/it/stored.filename.message.txt.sample %%DATADIR%%/reports/it/stored.virus.message.txt.sample %%DATADIR%%/reports/nl/deleted.content.message.txt.sample %%DATADIR%%/reports/nl/deleted.filename.message.txt.sample %%DATADIR%%/reports/nl/deleted.virus.message.txt.sample %%DATADIR%%/reports/nl/disinfected.report.txt.sample %%DATADIR%%/reports/nl/inline.sig.html.sample %%DATADIR%%/reports/nl/inline.sig.txt.sample %%DATADIR%%/reports/nl/inline.spam.warning.txt.sample %%DATADIR%%/reports/nl/inline.warning.html.sample %%DATADIR%%/reports/nl/inline.warning.txt.sample %%DATADIR%%/reports/nl/languages.conf.sample %%DATADIR%%/reports/nl/recipient.mcp.report.txt.sample %%DATADIR%%/reports/nl/recipient.spam.report.txt.sample %%DATADIR%%/reports/nl/rejection.report.txt.sample %%DATADIR%%/reports/nl/sender.content.report.txt.sample %%DATADIR%%/reports/nl/sender.error.report.txt.sample %%DATADIR%%/reports/nl/sender.filename.report.txt.sample %%DATADIR%%/reports/nl/sender.mcp.report.txt.sample %%DATADIR%%/reports/nl/sender.spam.rbl.report.txt.sample %%DATADIR%%/reports/nl/sender.spam.report.txt.sample %%DATADIR%%/reports/nl/sender.spam.sa.report.txt.sample %%DATADIR%%/reports/nl/sender.virus.report.txt.sample %%DATADIR%%/reports/nl/stored.content.message.txt.sample %%DATADIR%%/reports/nl/stored.filename.message.txt.sample %%DATADIR%%/reports/nl/stored.virus.message.txt.sample %%DATADIR%%/reports/pt_br/deleted.content.message.txt.sample %%DATADIR%%/reports/pt_br/deleted.filename.message.txt.sample %%DATADIR%%/reports/pt_br/deleted.virus.message.txt.sample %%DATADIR%%/reports/pt_br/disinfected.report.txt.sample %%DATADIR%%/reports/pt_br/inline.sig.html.sample %%DATADIR%%/reports/pt_br/inline.sig.txt.sample %%DATADIR%%/reports/pt_br/inline.spam.warning.txt.sample %%DATADIR%%/reports/pt_br/inline.warning.html.sample %%DATADIR%%/reports/pt_br/inline.warning.txt.sample %%DATADIR%%/reports/pt_br/languages.conf.sample %%DATADIR%%/reports/pt_br/recipient.mcp.report.txt.sample %%DATADIR%%/reports/pt_br/recipient.spam.report.txt.sample %%DATADIR%%/reports/pt_br/rejection.report.txt.sample %%DATADIR%%/reports/pt_br/sender.content.report.txt.sample %%DATADIR%%/reports/pt_br/sender.error.report.txt.sample %%DATADIR%%/reports/pt_br/sender.filename.report.txt.sample %%DATADIR%%/reports/pt_br/sender.mcp.report.txt.sample %%DATADIR%%/reports/pt_br/sender.spam.rbl.report.txt.sample %%DATADIR%%/reports/pt_br/sender.spam.report.txt.sample %%DATADIR%%/reports/pt_br/sender.spam.sa.report.txt.sample %%DATADIR%%/reports/pt_br/sender.virus.report.txt.sample %%DATADIR%%/reports/pt_br/stored.content.message.txt.sample %%DATADIR%%/reports/pt_br/stored.filename.message.txt.sample %%DATADIR%%/reports/pt_br/stored.virus.message.txt.sample %%DATADIR%%/reports/ro/deleted.content.message.txt.sample %%DATADIR%%/reports/ro/deleted.filename.message.txt.sample %%DATADIR%%/reports/ro/deleted.virus.message.txt.sample %%DATADIR%%/reports/ro/disinfected.report.txt.sample %%DATADIR%%/reports/ro/inline.sig.html.sample %%DATADIR%%/reports/ro/inline.sig.txt.sample %%DATADIR%%/reports/ro/inline.spam.warning.txt.sample %%DATADIR%%/reports/ro/inline.warning.html.sample %%DATADIR%%/reports/ro/inline.warning.txt.sample %%DATADIR%%/reports/ro/languages.conf.sample %%DATADIR%%/reports/ro/recipient.mcp.report.txt.sample %%DATADIR%%/reports/ro/recipient.spam.report.txt.sample %%DATADIR%%/reports/ro/rejection.report.txt.sample %%DATADIR%%/reports/ro/sender.content.report.txt.sample %%DATADIR%%/reports/ro/sender.error.report.txt.sample %%DATADIR%%/reports/ro/sender.filename.report.txt.sample %%DATADIR%%/reports/ro/sender.mcp.report.txt.sample %%DATADIR%%/reports/ro/sender.spam.rbl.report.txt.sample %%DATADIR%%/reports/ro/sender.spam.report.txt.sample %%DATADIR%%/reports/ro/sender.spam.sa.report.txt.sample %%DATADIR%%/reports/ro/sender.virus.report.txt.sample %%DATADIR%%/reports/ro/stored.content.message.txt.sample %%DATADIR%%/reports/ro/stored.filename.message.txt.sample %%DATADIR%%/reports/ro/stored.virus.message.txt.sample %%DATADIR%%/reports/se/README.sample %%DATADIR%%/reports/se/deleted.content.message.txt.sample %%DATADIR%%/reports/se/deleted.filename.message.txt.sample %%DATADIR%%/reports/se/deleted.virus.message.txt.sample %%DATADIR%%/reports/se/disinfected.report.txt.sample %%DATADIR%%/reports/se/inline.sig.html.sample %%DATADIR%%/reports/se/inline.sig.txt.sample %%DATADIR%%/reports/se/inline.spam.warning.txt.sample %%DATADIR%%/reports/se/inline.warning.html.sample %%DATADIR%%/reports/se/inline.warning.txt.sample %%DATADIR%%/reports/se/languages.conf.sample %%DATADIR%%/reports/se/recipient.mcp.report.txt.sample %%DATADIR%%/reports/se/recipient.spam.report.txt.sample %%DATADIR%%/reports/se/rejection.report.txt.sample %%DATADIR%%/reports/se/sender.content.report.txt.sample %%DATADIR%%/reports/se/sender.error.report.txt.sample %%DATADIR%%/reports/se/sender.filename.report.txt.sample %%DATADIR%%/reports/se/sender.mcp.report.txt.sample %%DATADIR%%/reports/se/sender.spam.rbl.report.txt.sample %%DATADIR%%/reports/se/sender.spam.report.txt.sample %%DATADIR%%/reports/se/sender.spam.sa.report.txt.sample %%DATADIR%%/reports/se/sender.virus.report.txt.sample %%DATADIR%%/reports/se/stored.content.message.txt.sample %%DATADIR%%/reports/se/stored.filename.message.txt.sample %%DATADIR%%/reports/se/stored.virus.message.txt.sample %%DATADIR%%/reports/sk/deleted.content.message.txt.sample %%DATADIR%%/reports/sk/deleted.filename.message.txt.sample %%DATADIR%%/reports/sk/deleted.virus.message.txt.sample %%DATADIR%%/reports/sk/disinfected.report.txt.sample %%DATADIR%%/reports/sk/inline.sig.html.sample %%DATADIR%%/reports/sk/inline.sig.txt.sample %%DATADIR%%/reports/sk/inline.spam.warning.txt.sample %%DATADIR%%/reports/sk/inline.warning.html.sample %%DATADIR%%/reports/sk/inline.warning.txt.sample %%DATADIR%%/reports/sk/languages.conf.sample %%DATADIR%%/reports/sk/recipient.mcp.report.txt.sample %%DATADIR%%/reports/sk/recipient.spam.report.txt.sample %%DATADIR%%/reports/sk/rejection.report.txt.sample %%DATADIR%%/reports/sk/sender.content.report.txt.sample %%DATADIR%%/reports/sk/sender.error.report.txt.sample %%DATADIR%%/reports/sk/sender.filename.report.txt.sample %%DATADIR%%/reports/sk/sender.mcp.report.txt.sample %%DATADIR%%/reports/sk/sender.spam.rbl.report.txt.sample %%DATADIR%%/reports/sk/sender.spam.report.txt.sample %%DATADIR%%/reports/sk/sender.spam.sa.report.txt.sample %%DATADIR%%/reports/sk/sender.virus.report.txt.sample %%DATADIR%%/reports/sk/stored.content.message.txt.sample %%DATADIR%%/reports/sk/stored.filename.message.txt.sample %%DATADIR%%/reports/sk/stored.virus.message.txt.sample %%PORTDOCS%%%%DOCSDIR%%/ellen2.old.jpg %%PORTDOCS%%%%DOCSDIR%%/ellenweblogo.png %%PORTDOCS%%%%DOCSDIR%%/Book.Dec04-Aug05.pdf %%PORTDOCS%%%%DOCSDIR%%/COPYING %%PORTDOCS%%%%DOCSDIR%%/ChangeLog %%PORTDOCS%%%%DOCSDIR%%/CHANGES.port %%PORTDOCS%%%%DOCSDIR%%/FreeBSD.html %%PORTDOCS%%%%DOCSDIR%%/INSTALL %%PORTDOCS%%%%DOCSDIR%%/INSTALL.FreeBSD %%PORTDOCS%%%%DOCSDIR%%/INSTALL.OpenBSD %%PORTDOCS%%%%DOCSDIR%%/MailScannerFlyer.pdf %%PORTDOCS%%%%DOCSDIR%%/QuickInstall.txt %%PORTDOCS%%%%DOCSDIR%%/README %%PORTDOCS%%%%DOCSDIR%%/README.FreeBSD.port %%PORTDOCS%%%%DOCSDIR%%/README.sql-logging %%PORTDOCS%%%%DOCSDIR%%/Sophos.install.freebsd %%PORTDOCS%%%%DOCSDIR%%/book.cover.gif %%PORTDOCS%%%%DOCSDIR%%/building.txt %%PORTDOCS%%%%DOCSDIR%%/docs.html %%PORTDOCS%%%%DOCSDIR%%/donations.shtml %%PORTDOCS%%%%DOCSDIR%%/downloadgraphs.shtml %%PORTDOCS%%%%DOCSDIR%%/downloads.shtml %%PORTDOCS%%%%DOCSDIR%%/ecs.css %%PORTDOCS%%%%DOCSDIR%%/ellen2.jpg %%PORTDOCS%%%%DOCSDIR%%/faq.shtml %%PORTDOCS%%%%DOCSDIR%%/images/JulianField1_small.jpg %%PORTDOCS%%%%DOCSDIR%%/images/bigmailscannerlogo.gif %%PORTDOCS%%%%DOCSDIR%%/images/smallmailscannerlogo.gif %%PORTDOCS%%%%DOCSDIR%%/images/thumb_JulianField2.jpg %%PORTDOCS%%%%DOCSDIR%%/images/thumb_JulianField3.jpg %%PORTDOCS%%%%DOCSDIR%%/images/thumb_JulianField4.jpg %%PORTDOCS%%%%DOCSDIR%%/images/thumb_JulianField5.jpg %%PORTDOCS%%%%DOCSDIR%%/index.html %%PORTDOCS%%%%DOCSDIR%%/index.new.html %%PORTDOCS%%%%DOCSDIR%%/install/ClamAVModule.shtml %%PORTDOCS%%%%DOCSDIR%%/install/OS-virus-scan-web.htm %%PORTDOCS%%%%DOCSDIR%%/install/README.trend %%PORTDOCS%%%%DOCSDIR%%/install/SAVI.shtml %%PORTDOCS%%%%DOCSDIR%%/install/codestatus.shtml %%PORTDOCS%%%%DOCSDIR%%/install/conf.shtml %%PORTDOCS%%%%DOCSDIR%%/install/exim-old.shtml %%PORTDOCS%%%%DOCSDIR%%/install/exim.shtml %%PORTDOCS%%%%DOCSDIR%%/install/filesnscripts.shtml %%PORTDOCS%%%%DOCSDIR%%/install/gcc.shtml %%PORTDOCS%%%%DOCSDIR%%/install/index.shtml %%PORTDOCS%%%%DOCSDIR%%/install/linux.shtml %%PORTDOCS%%%%DOCSDIR%%/install/mailscanner.shtml %%PORTDOCS%%%%DOCSDIR%%/install/mcafee.shtml %%PORTDOCS%%%%DOCSDIR%%/install/mcp/Message.pm.patch.3.1.1 %%PORTDOCS%%%%DOCSDIR%%/install/mcp/Conf.pm.patch.3.1.1 %%PORTDOCS%%%%DOCSDIR%%/install/mcp/PerMsgStatus.pm.patch.3.1.1 %%PORTDOCS%%%%DOCSDIR%%/install/mcp/Conf.pm.patch.2.55 %%PORTDOCS%%%%DOCSDIR%%/install/mcp/Conf.pm.patch.2.60 %%PORTDOCS%%%%DOCSDIR%%/install/mcp/Conf.pm.patch.2.61 %%PORTDOCS%%%%DOCSDIR%%/install/mcp/Conf.pm.patch.2.63 %%PORTDOCS%%%%DOCSDIR%%/install/mcp/Conf.pm.patch.3.0.0 %%PORTDOCS%%%%DOCSDIR%%/install/mcp/Conf.pm.patch.3.0.3 %%PORTDOCS%%%%DOCSDIR%%/install/mcp/Conf.pm.patch.3.0.4 %%PORTDOCS%%%%DOCSDIR%%/install/mcp/Conf.pm.patch.3.1.0 %%PORTDOCS%%%%DOCSDIR%%/install/mcp/Message.pm.patch.3.0.0 %%PORTDOCS%%%%DOCSDIR%%/install/mcp/Message.pm.patch.3.0.3 %%PORTDOCS%%%%DOCSDIR%%/install/mcp/Message.pm.patch.3.0.4 %%PORTDOCS%%%%DOCSDIR%%/install/mcp/Message.pm.patch.3.1.0 %%PORTDOCS%%%%DOCSDIR%%/install/mcp/PerMsgStatus.pm.patch.2.55 %%PORTDOCS%%%%DOCSDIR%%/install/mcp/PerMsgStatus.pm.patch.2.60 %%PORTDOCS%%%%DOCSDIR%%/install/mcp/PerMsgStatus.pm.patch.2.61 %%PORTDOCS%%%%DOCSDIR%%/install/mcp/PerMsgStatus.pm.patch.2.63 %%PORTDOCS%%%%DOCSDIR%%/install/mcp/PerMsgStatus.pm.patch.3.0.0 %%PORTDOCS%%%%DOCSDIR%%/install/mcp/PerMsgStatus.pm.patch.3.0.3 %%PORTDOCS%%%%DOCSDIR%%/install/mcp/PerMsgStatus.pm.patch.3.0.4 %%PORTDOCS%%%%DOCSDIR%%/install/mcp/PerMsgStatus.pm.patch.3.1.0 %%PORTDOCS%%%%DOCSDIR%%/install/mcp/index.html %%PORTDOCS%%%%DOCSDIR%%/install/mime-tools-patch.txt %%PORTDOCS%%%%DOCSDIR%%/install/mime-tools-patch2.txt %%PORTDOCS%%%%DOCSDIR%%/install/mime-tools-patch3.txt %%PORTDOCS%%%%DOCSDIR%%/install/mime-tools-patch4.txt %%PORTDOCS%%%%DOCSDIR%%/install/osborne.txt %%PORTDOCS%%%%DOCSDIR%%/install/other.shtml %%PORTDOCS%%%%DOCSDIR%%/install/perl.shtml %%PORTDOCS%%%%DOCSDIR%%/install/postfix.shtml %%PORTDOCS%%%%DOCSDIR%%/install/sendmail.shtml %%PORTDOCS%%%%DOCSDIR%%/install/solaris9.txt %%PORTDOCS%%%%DOCSDIR%%/install/sophos.shtml %%PORTDOCS%%%%DOCSDIR%%/install/spamassassin.shtml %%PORTDOCS%%%%DOCSDIR%%/install/tnef.shtml %%PORTDOCS%%%%DOCSDIR%%/install/zmailer.shtml %%PORTDOCS%%%%DOCSDIR%%/introduction.shtml %%PORTDOCS%%%%DOCSDIR%%/last-spam-logo.jpg %%PORTDOCS%%%%DOCSDIR%%/mailscanner_trans.gif %%PORTDOCS%%%%DOCSDIR%%/man/MailScanner.8 %%PORTDOCS%%%%DOCSDIR%%/man/MailScanner.8.html %%PORTDOCS%%%%DOCSDIR%%/man/MailScanner.conf.5 %%PORTDOCS%%%%DOCSDIR%%/man/MailScanner.conf.5.html %%PORTDOCS%%%%DOCSDIR%%/mrtg.shtml %%PORTDOCS%%%%DOCSDIR%%/newinv4.shtml %%PORTDOCS%%%%DOCSDIR%%/nextversion.shtml %%PORTDOCS%%%%DOCSDIR%%/oldnews.shtml %%PORTDOCS%%%%DOCSDIR%%/osdir.png %%PORTDOCS%%%%DOCSDIR%%/performance.shtml %%PORTDOCS%%%%DOCSDIR%%/phishing3.png %%PORTDOCS%%%%DOCSDIR%%/phishingcartoon.gif %%PORTDOCS%%%%DOCSDIR%%/poetry.shtml %%PORTDOCS%%%%DOCSDIR%%/poweredby.google.gif %%PORTDOCS%%%%DOCSDIR%%/poweredby.transtec.gif %%PORTDOCS%%%%DOCSDIR%%/phishing.html %%PORTDOCS%%%%DOCSDIR%%/phishing.jpg %%PORTDOCS%%%%DOCSDIR%%/phishing2.jpg %%PORTDOCS%%%%DOCSDIR%%/phishingnet.info/index.html %%PORTDOCS%%%%DOCSDIR%%/phishingnet.info/PhishingNet.gif %%PORTDOCS%%%%DOCSDIR%%/pressreleases.html %%PORTDOCS%%%%DOCSDIR%%/presentations.html %%PORTDOCS%%%%DOCSDIR%%/press.html %%PORTDOCS%%%%DOCSDIR%%/qmail/qmail-queue.zip %%PORTDOCS%%%%DOCSDIR%%/readme.shtml %%PORTDOCS%%%%DOCSDIR%%/reject.html %%PORTDOCS%%%%DOCSDIR%%/sobig.html %%PORTDOCS%%%%DOCSDIR%%/store.html %%PORTDOCS%%%%DOCSDIR%%/support.html %%PORTDOCS%%%%DOCSDIR%%/transtec.logo.gif %%PORTDOCS%%%%DOCSDIR%%/users.shtml %%PORTDOCS%%@dirrm %%DOCSDIR%%/qmail %%PORTDOCS%%@dirrm %%DOCSDIR%%/man %%PORTDOCS%%@dirrm %%DOCSDIR%%/install/mcp %%PORTDOCS%%@dirrm %%DOCSDIR%%/install %%PORTDOCS%%@dirrm %%DOCSDIR%%/images %%PORTDOCS%%@dirrm %%DOCSDIR%%/phishingnet.info %%PORTDOCS%%@dirrm %%DOCSDIR%% %%SPAMASSASSIN%%%%SPAMASSASSIN_SYMLINK%%@exec [ -e %D/etc/mail/spamassassin/mailscanner.cf ] || ln -s %D/etc/MailScanner/spam.assassin.prefs.conf %D/etc/mail/spamassassin/mailscanner.cf %%SPAMASSASSIN%%%%SPAMASSASSIN_SYMLINK%%@unexec [ -L %D/etc/mail/spamassassin/mailscanner.cf ] && rm -f %D/etc/mail/spamassassin/mailscanner.cf @dirrm %%DATADIR%%/reports/sk @dirrm %%DATADIR%%/reports/se @dirrm %%DATADIR%%/reports/ro @dirrm %%DATADIR%%/reports/pt_br @dirrm %%DATADIR%%/reports/nl @dirrm %%DATADIR%%/reports/it @dirrm %%DATADIR%%/reports/hu @dirrm %%DATADIR%%/reports/fr @dirrm %%DATADIR%%/reports/es @dirrm %%DATADIR%%/reports/en @dirrm %%DATADIR%%/reports/dk @dirrm %%DATADIR%%/reports/de @dirrm %%DATADIR%%/reports/cz @dirrm %%DATADIR%%/reports/cy+en @dirrm %%DATADIR%%/reports/ca @dirrm %%DATADIR%%/reports @dirrm %%DATADIR%% @dirrm libexec/MailScanner @dirrm lib/MailScanner/MailScanner/CustomFunctions @dirrm lib/MailScanner/MailScanner @dirrm lib/MailScanner @dirrm etc/MailScanner/mcp @dirrm etc/MailScanner/rules @dirrm etc/MailScanner From vanhorn at whidbey.com Mon May 15 23:07:43 2006 From: vanhorn at whidbey.com (G. Armour Van Horn) Date: Mon May 15 23:07:51 2006 Subject: Mail disaster - semi-new system In-Reply-To: References: Message-ID: <4468FBAF.5020402@whidbey.com> Mike Kercher wrote: >mailscanner-bounces@lists.mailscanner.info <> scribbled on : > > > >>I've been pulling my hair out for a couple of days, and >>decided that tracking down "the usual suspect" either isn't >>sufficient here, or I've been pulling out brains along with the hair. >> >>Because one of my servers was compromised I had to rebuild >>it. I copied most of /usr /etc/ and /home to a second disk >>and installed Fedora Core >>5 on the primary disk. I got BIND and Apache running before I >>even started on mail, which in this case is 8.13.5. >> >>With the firewall still turned on so no mail traffic was >>getting to the box, I downloaded and installed the current >>f-prot (manual rpm install) and clamav (yum install) RPMs, >>then downloaded MailScanner 4.53.8. >> >>I had brought over most of my old MailScanner configuration >>files prior to installing MailScanner, but I went through >>most of MailScanner.conf to make sure things made sense, then >>started it up and disabled the firewall. >> >>I had to edit the Sendmail config that keeps you from >>receiving mail from outside, of course. >> >>At this point, no mail is coming in to the local mail spool. >>The files that are sitting there from last week have been >>carefully set to the correct ownership (username:mail) but >>nothing is being added to them. >>Mail to users who don't currently have files in >>/var/spool/mail do not result in new files being created. >> >>the maillog is getting lots of entries like this one: >>May 15 14:16:22 verbose sendmail[9479]: k4FLCHkZ009386: >>to=, delay=00:04:04, >>xdelay=00:00:00, mailer=local, pri=216546, dsn=4.0.0, >>stat=Deferred: local mailer >>(/usr/bin/procmail) exited with EX_TEMPFAIL >> >>The error appears to be the same whether the user is one of >>those that has a file in /var/spool/mail or not. >> >>Procmail is running, apparently, and is version 3.22. I can >>find no trace of a procmail log, nor have I been able to >>learn how to enable procmail logging. (Everything I come up >>with talks about how to control a user's personal procmail >>log, not a global/system one.) >> >>At one point I was getting errors from clamav that there was >>no user clamav (the installer had ignored that and proceeded >>as root). I finally removed clamav from the MailScanner.conf >>list of virus scanners. At least that eliminated those log entries. >> >>The natives are getting restless, and I'm frustrated beyond >>measure. I'm sure there's some obvious step I've ommitted and >>am hoping that one of you can tell me just how stupid I am - >>preferrably while telling me what the ommitted step should have been! >> >>Van >> >> >> > >Are there any messages being sent to the postmaster@ account on that >box? What is the filesize of /var/spool/mail/root? >Are there any procmail rules running? Have you tried to enable logging >within procmail? > >Mike > > I'm not aware of anyone sending anything to postmaster, but that address is aliased to root so I might not ever notice. [root@verbose mail]# ls -l total 6772 -rw------- 1 root mail 336470 May 15 10:50 root No procmail rules have been setup for any user or for the system. I've been all over the flipping net looking for hints on how to enable logging for procmail, all if find is instructions on setting procmail logging for individual users - and that doesn't apply here. Van -- ---------------------------------------------------------- Sign up now for Quotes of the Day, a handful of quotations on a theme delivered every morning. Enlightenment! Daily, for free! mailto:twisted@whidbey.com?subject=Subscribe_QOTD For photography, web design, hosting, and maintenance, visit Van's home page: http://www.domainvanhorn.com/van/ ----------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060515/44d3e179/attachment.html From vanhorn at whidbey.com Mon May 15 23:09:00 2006 From: vanhorn at whidbey.com (G. Armour Van Horn) Date: Mon May 15 23:09:04 2006 Subject: Mail disaster - semi-new system In-Reply-To: References: Message-ID: <4468FBFC.9010203@whidbey.com> Mike Kercher wrote: >mailscanner-bounces@lists.mailscanner.info <> scribbled on : > > > >>I've been pulling my hair out for a couple of days, and >>decided that tracking down "the usual suspect" either isn't >>sufficient here, or I've been pulling out brains along with the hair. >> >>Because one of my servers was compromised I had to rebuild >>it. I copied most of /usr /etc/ and /home to a second disk >>and installed Fedora Core >>5 on the primary disk. I got BIND and Apache running before I >>even started on mail, which in this case is 8.13.5. >> >>With the firewall still turned on so no mail traffic was >>getting to the box, I downloaded and installed the current >>f-prot (manual rpm install) and clamav (yum install) RPMs, >>then downloaded MailScanner 4.53.8. >> >>I had brought over most of my old MailScanner configuration >>files prior to installing MailScanner, but I went through >>most of MailScanner.conf to make sure things made sense, then >>started it up and disabled the firewall. >> >>I had to edit the Sendmail config that keeps you from >>receiving mail from outside, of course. >> >>At this point, no mail is coming in to the local mail spool. >>The files that are sitting there from last week have been >>carefully set to the correct ownership (username:mail) but >>nothing is being added to them. >>Mail to users who don't currently have files in >>/var/spool/mail do not result in new files being created. >> >>the maillog is getting lots of entries like this one: >>May 15 14:16:22 verbose sendmail[9479]: k4FLCHkZ009386: >>to=, delay=00:04:04, >>xdelay=00:00:00, mailer=local, pri=216546, dsn=4.0.0, >>stat=Deferred: local mailer >>(/usr/bin/procmail) exited with EX_TEMPFAIL >> >>The error appears to be the same whether the user is one of >>those that has a file in /var/spool/mail or not. >> >>Procmail is running, apparently, and is version 3.22. I can >>find no trace of a procmail log, nor have I been able to >>learn how to enable procmail logging. (Everything I come up >>with talks about how to control a user's personal procmail >>log, not a global/system one.) >> >>At one point I was getting errors from clamav that there was >>no user clamav (the installer had ignored that and proceeded >>as root). I finally removed clamav from the MailScanner.conf >>list of virus scanners. At least that eliminated those log entries. >> >>The natives are getting restless, and I'm frustrated beyond >>measure. I'm sure there's some obvious step I've ommitted and >>am hoping that one of you can tell me just how stupid I am - >>preferrably while telling me what the ommitted step should have been! >> >>Van >> >> > >Also, give me the output of: > >grep procmail /etc/mail/sendmail.mc > >Mike > > [root@verbose mail]# grep procmail /etc/mail/sendmail.mc define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl MAILER(procmail)dnl -- ---------------------------------------------------------- Sign up now for Quotes of the Day, a handful of quotations on a theme delivered every morning. Enlightenment! Daily, for free! mailto:twisted@whidbey.com?subject=Subscribe_QOTD For photography, web design, hosting, and maintenance, visit Van's home page: http://www.domainvanhorn.com/van/ ----------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060515/ffbd2308/attachment.html From mike at vesol.com Mon May 15 23:26:39 2006 From: mike at vesol.com (Mike Kercher) Date: Mon May 15 23:26:59 2006 Subject: Mail disaster - semi-new system Message-ID: Mike I'm not aware of anyone sending anything to postmaster, but that address is aliased to root so I might not ever notice. [root@verbose mail]# ls -l total 6772 -rw------- 1 root mail 336470 May 15 10:50 root No procmail rules have been setup for any user or for the system. I've been all over the flipping net looking for hints on how to enable logging for procmail, all if find is instructions on setting procmail logging for individual users - and that doesn't apply here. Van In /etc/procmailrc, add this line: LOGFILE=/var/log/maillog Mike From mike at vesol.com Mon May 15 23:27:37 2006 From: mike at vesol.com (Mike Kercher) Date: Mon May 15 23:28:03 2006 Subject: Mail disaster - semi-new system Message-ID: Could this be an SELinux issue? Anyone? Mike ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of G. Armour Van Horn Sent: Monday, May 15, 2006 5:09 PM To: MailScanner discussion Subject: Re: Mail disaster - semi-new system Mike Kercher wrote: mailscanner-bounces@lists.mailscanner.info <> scribbled on : I've been pulling my hair out for a couple of days, and decided that tracking down "the usual suspect" either isn't sufficient here, or I've been pulling out brains along with the hair. Because one of my servers was compromised I had to rebuild it. I copied most of /usr /etc/ and /home to a second disk and installed Fedora Core 5 on the primary disk. I got BIND and Apache running before I even started on mail, which in this case is 8.13.5. With the firewall still turned on so no mail traffic was getting to the box, I downloaded and installed the current f-prot (manual rpm install) and clamav (yum install) RPMs, then downloaded MailScanner 4.53.8. I had brought over most of my old MailScanner configuration files prior to installing MailScanner, but I went through most of MailScanner.conf to make sure things made sense, then started it up and disabled the firewall. I had to edit the Sendmail config that keeps you from receiving mail from outside, of course. At this point, no mail is coming in to the local mail spool. The files that are sitting there from last week have been carefully set to the correct ownership (username:mail) but nothing is being added to them. Mail to users who don't currently have files in /var/spool/mail do not result in new files being created. the maillog is getting lots of entries like this one: May 15 14:16:22 verbose sendmail[9479]: k4FLCHkZ009386: to= , delay=00:04:04, xdelay=00:00:00, mailer=local, pri=216546, dsn=4.0.0, stat=Deferred: local mailer (/usr/bin/procmail) exited with EX_TEMPFAIL The error appears to be the same whether the user is one of those that has a file in /var/spool/mail or not. Procmail is running, apparently, and is version 3.22. I can find no trace of a procmail log, nor have I been able to learn how to enable procmail logging. (Everything I come up with talks about how to control a user's personal procmail log, not a global/system one.) At one point I was getting errors from clamav that there was no user clamav (the installer had ignored that and proceeded as root). I finally removed clamav from the MailScanner.conf list of virus scanners. At least that eliminated those log entries. The natives are getting restless, and I'm frustrated beyond measure. I'm sure there's some obvious step I've ommitted and am hoping that one of you can tell me just how stupid I am - preferrably while telling me what the ommitted step should have been! Van Also, give me the output of: grep procmail /etc/mail/sendmail.mc Mike [root@verbose mail]# grep procmail /etc/mail/sendmail.mc define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl MAILER(procmail)dnl -- ---------------------------------------------------------- Sign up now for Quotes of the Day, a handful of quotations on a theme delivered every morning. Enlightenment! Daily, for free! mailto:twisted@whidbey.com?subject=Subscribe_QOTD For photography, web design, hosting, and maintenance, visit Van's home page: http://www.domainvanhorn.com/van/ ----------------------------------------------------------- From maillists at conactive.com Mon May 15 23:31:22 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon May 15 23:31:34 2006 Subject: MailScanner + Bayes on SQL In-Reply-To: <44682225.4000904@netmagicsolutions.com> References: <44682225.4000904@netmagicsolutions.com> Message-ID: Dhawal Doshy wrote on Mon, 15 May 2006 12:09:33 +0530: > precisely.. See, > http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:bayes:sql Ah, thanks, seems I read the wrong wiki :-) > mysql> SELECT id, username, spam_count, ham_count, token_count FROM > bayes_vars; Seems to be the one that's also proposed in the wiki: root. I'm still waiting that the --restore finishes, I've got quite a few tokens .... One caveat I've already recognized is that storing it in MySQL takes much more, maybe three times as much space as with dbm. The indexes take a lot. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon May 15 23:31:22 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon May 15 23:31:37 2006 Subject: Best Way to Control Relaying? In-Reply-To: <4464D1B5.8090509@nkpanama.com> References: <00f001c674d3$12142770$3004010a@martinhlaptop> <014f01c674d7$d0d97260$23c051cb@noc> <44634ED6.1040600@nkpanama.com> <004801c6757b$bebf67c0$23c051cb@noc> <4464D1B5.8090509@nkpanama.com> Message-ID: Alex Neuman van der Hans wrote on Fri, 12 May 2006 13:19:33 -0500: > What Kai means, more accurately, is that, to _your customers_, you _are_ > an open relay. This also means that to _viruses_ and _spyware_ running > on your customers' machines, you _are_ an open relay. No, what I meant was what I wrote. I may have misunderstood him, though. >From what he wrote it sounded like he was stopping relaying to others by blocking them in access.db. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon May 15 23:31:22 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon May 15 23:31:42 2006 Subject: Mail disaster - semi-new system In-Reply-To: <4468F173.1000207@whidbey.com> References: <4455D428.6020502@ecs.soton.ac.uk> <58347C8C-B841-40EB-BCA5-54B680456E5B@ecs.soton.ac.uk> <4468F173.1000207@whidbey.com> Message-ID: G. Armour Van Horn wrote on Mon, 15 May 2006 14:24:03 -0700: > stat=Deferred: local mailer > (/usr/bin/procmail) exited with EX_TEMPFAIL There's a few postings on this findable via Google: http://www.google.de/search?as_q=&num=10&as_epq=Deferred%3A+local+mailer Google is really a good source for searching for parts of error messages. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From vanhorn at whidbey.com Mon May 15 23:40:08 2006 From: vanhorn at whidbey.com (G. Armour Van Horn) Date: Mon May 15 23:40:16 2006 Subject: Mail disaster - semi-new system In-Reply-To: References: Message-ID: <44690348.9040805@whidbey.com> There was no /etc/procmailrc, but I created one and put that line in. Van Mike Kercher wrote: > Mike > > > I'm not aware of anyone sending anything to postmaster, but that >address is aliased to root so I might not ever notice. > > [root@verbose mail]# ls -l > total 6772 > > -rw------- 1 root mail 336470 May 15 10:50 root > > No procmail rules have been setup for any user or for the >system. > > I've been all over the flipping net looking for hints on how to >enable logging for procmail, all if find is instructions on setting >procmail logging for individual users - and that doesn't apply here. > > Van > > > >In /etc/procmailrc, add this line: > >LOGFILE=/var/log/maillog > >Mike > > > -- ---------------------------------------------------------- Sign up now for Quotes of the Day, a handful of quotations on a theme delivered every morning. Enlightenment! Daily, for free! mailto:twisted@whidbey.com?subject=Subscribe_QOTD For photography, web design, hosting, and maintenance, visit Van's home page: http://www.domainvanhorn.com/van/ ----------------------------------------------------------- From vanhorn at whidbey.com Mon May 15 23:43:02 2006 From: vanhorn at whidbey.com (G. Armour Van Horn) Date: Mon May 15 23:43:07 2006 Subject: Mail disaster - semi-new system In-Reply-To: References: Message-ID: <446903F6.5080301@whidbey.com> Mike Kercher wrote: > Mike > > > I'm not aware of anyone sending anything to postmaster, but that >address is aliased to root so I might not ever notice. > > [root@verbose mail]# ls -l > total 6772 > > -rw------- 1 root mail 336470 May 15 10:50 root > > No procmail rules have been setup for any user or for the >system. > > I've been all over the flipping net looking for hints on how to >enable logging for procmail, all if find is instructions on setting >procmail logging for individual users - and that doesn't apply here. > > Van > > > >In /etc/procmailrc, add this line: > >LOGFILE=/var/log/maillog > >Mike > > > Okay, I created that file, added that line, and then sent a message to one of the users with a mail spool. Here's the result: May 15 15:41:05 verbose sendmail[14161]: k4FMf5UV014161: from=, size=1082, class=0, nrcpts=1, msgid=<44690380.70109@whidbey.com>, proto=ESMTP, daemon=MTA, relay=mailout.whidbey.net [209.166.64.124] May 15 15:41:10 verbose procmail[14175]: Error while writing to "/var/log/maillog" May 15 15:41:10 verbose sendmail[14174]: k4FMf5UV014161: to=, delay=00:00:05, xdelay=00:00:00, mailer=local, pri=121082, dsn=4.0.0, stat=Deferred: local mailer (/usr/bin/procmail) exited with EX_TEMPFAIL Van -- ---------------------------------------------------------- Sign up now for Quotes of the Day, a handful of quotations on a theme delivered every morning. Enlightenment! Daily, for free! mailto:twisted@whidbey.com?subject=Subscribe_QOTD For photography, web design, hosting, and maintenance, visit Van's home page: http://www.domainvanhorn.com/van/ ----------------------------------------------------------- From vanhorn at whidbey.com Mon May 15 23:55:45 2006 From: vanhorn at whidbey.com (G. Armour Van Horn) Date: Mon May 15 23:55:51 2006 Subject: Mail disaster - semi-new system In-Reply-To: References: Message-ID: <446906F1.1000607@whidbey.com> I don't think so, I am sure I didn't choose to install SELinux when I set this up, and when I invoke "system-config-securitylevel" there is nothing to play with other than the firewall - which I have turned off. (The machine is behind a damned good firewall already, and the command-line tools for configuring the firewall on the Fedora box aren't too helpful if you want to open more than a couple non-standard ports.) A quick search just now suggests that, if I had SELinux running, there would be a tab for it in system-config-securitylevel. Van Mike Kercher wrote: >Could this be an SELinux issue? Anyone? > >Mike > > > >________________________________ > > From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of G. >Armour Van Horn > Sent: Monday, May 15, 2006 5:09 PM > To: MailScanner discussion > Subject: Re: Mail disaster - semi-new system > > > Mike Kercher wrote: > > mailscanner-bounces@lists.mailscanner.info <> scribbled >on : > > > > I've been pulling my hair out for a couple of >days, and > decided that tracking down "the usual suspect" >either isn't > sufficient here, or I've been pulling out brains >along with the hair. > > Because one of my servers was compromised I had >to rebuild > it. I copied most of /usr /etc/ and /home to a >second disk > and installed Fedora Core > 5 on the primary disk. I got BIND and Apache >running before I > even started on mail, which in this case is >8.13.5. > > With the firewall still turned on so no mail >traffic was > getting to the box, I downloaded and installed >the current > f-prot (manual rpm install) and clamav (yum >install) RPMs, > then downloaded MailScanner 4.53.8. > > I had brought over most of my old MailScanner >configuration > files prior to installing MailScanner, but I >went through > most of MailScanner.conf to make sure things >made sense, then > started it up and disabled the firewall. > > I had to edit the Sendmail config that keeps you >from > receiving mail from outside, of course. > > At this point, no mail is coming in to the local >mail spool. > The files that are sitting there from last week >have been > carefully set to the correct ownership >(username:mail) but > nothing is being added to them. > Mail to users who don't currently have files in > /var/spool/mail do not result in new files being >created. > > the maillog is getting lots of entries like this >one: > May 15 14:16:22 verbose sendmail[9479]: >k4FLCHkZ009386: > to= > , delay=00:04:04, > xdelay=00:00:00, mailer=local, pri=216546, >dsn=4.0.0, > stat=Deferred: local mailer > (/usr/bin/procmail) exited with EX_TEMPFAIL > > The error appears to be the same whether the >user is one of > those that has a file in /var/spool/mail or not. > > Procmail is running, apparently, and is version >3.22. I can > find no trace of a procmail log, nor have I been >able to > learn how to enable procmail logging. >(Everything I come up > with talks about how to control a user's >personal procmail > log, not a global/system one.) > > At one point I was getting errors from clamav >that there was > no user clamav (the installer had ignored that >and proceeded > as root). I finally removed clamav from the >MailScanner.conf > list of virus scanners. At least that eliminated >those log entries. > > The natives are getting restless, and I'm >frustrated beyond > measure. I'm sure there's some obvious step I've >ommitted and > am hoping that one of you can tell me just how >stupid I am - > preferrably while telling me what the ommitted >step should have been! > > Van > > > > Also, give me the output of: > > grep procmail /etc/mail/sendmail.mc > > Mike > > > [root@verbose mail]# grep procmail /etc/mail/sendmail.mc > define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl > FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl > MAILER(procmail)dnl > > > > > -- > ---------------------------------------------------------- > Sign up now for Quotes of the Day, a handful of quotations > on a theme delivered every morning. > Enlightenment! Daily, for free! > mailto:twisted@whidbey.com?subject=Subscribe_QOTD > > For photography, web design, hosting, and maintenance, > visit Van's home page: http://www.domainvanhorn.com/van/ > ----------------------------------------------------------- > > > -- ---------------------------------------------------------- Sign up now for Quotes of the Day, a handful of quotations on a theme delivered every morning. Enlightenment! Daily, for free! mailto:twisted@whidbey.com?subject=Subscribe_QOTD For photography, web design, hosting, and maintenance, visit Van's home page: http://www.domainvanhorn.com/van/ ----------------------------------------------------------- From kwang at ucalgary.ca Tue May 16 00:11:51 2006 From: kwang at ucalgary.ca (Kai Wang) Date: Tue May 16 00:11:58 2006 Subject: Postfix+MailScanner: Held messages disappeared Message-ID: <44690AB7.9030609@ucalgary.ca> We run postfix with MailScanner. I noticed in our log that some held messages disappeared. For the following example, the following message, I can not find it in the hold queue and there is no log entries about it any more. May 12 06:42:09 mhub5 postfix/smtpd[3690]: DC8B814014: client=unknown[87.247.131.77] May 12 06:42:10 mhub5 postfix/cleanup[3904]: DC8B814014: hold: header Received: from 192.168.1.37 (unknown [87.247.131.77])??by mhub5.ucalgary.ca (Postfix) with SMTP id DC8B814014??for ; Fri, 12 May 2006 06:42:07 -0600 (MDT) from unknown[87.247.131.77]; from= to= proto=SMTP helo=<192.168.1.37> May 12 06:42:10 mhub5 postfix/cleanup[3904]: DC8B814014: message-id= -- Kai Wang System Services Information Technologies, University of Calgary, 2500 University Drive, N.W., Calgary, Alberta, Canada T2N 1N4 Phone (403) 220-2423, Fax (403) 282-9361 From maillists at conactive.com Tue May 16 00:31:18 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue May 16 00:31:30 2006 Subject: img src tag filtering In-Reply-To: References: Message-ID: Michael Masse wrote on Mon, 15 May 2006 16:26:18 -0500: > Running 4.53.8-1 and have upgraded a few times within the last couple > of > weeks to keep up with the bug fixes. Sometime within that last > couple > of weeks the mailscanner has started to completely strip out ALL > remote > images instead of just web bugs. Michael, that sounds like the bug that was cured with the 4.54 versions. You need to upgrade to that. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From jon at radel.com Tue May 16 01:16:04 2006 From: jon at radel.com (Jon Radel) Date: Tue May 16 01:16:30 2006 Subject: Mail disaster - semi-new system In-Reply-To: <446906F1.1000607@whidbey.com> References: <446906F1.1000607@whidbey.com> Message-ID: <446919C4.5020700@radel.com> G. Armour Van Horn wrote: > > I don't think so, I am sure I didn't choose to install SELinux when I > set this up, and when I invoke "system-config-securitylevel" there is > nothing to play with other than the firewall - which I have turned off. > (The machine is behind a damned good firewall already, and the > command-line tools for configuring the firewall on the Fedora box aren't > too helpful if you want to open more than a couple non-standard ports.) > A quick search just now suggests that, if I had SELinux running, there > would be a tab for it in system-config-securitylevel. Just for grins, you might want to, as root, try the command /usr/sbin/sestatus -v and look what's in /etc/sysconfig/selinux if anything. See http://fedora.redhat.com/docs/selinux-faq-fc5/#id2959210 for the selinux as used in Fedora Core 5 FAQ (which you may well have already looked at). --Jon Radel From vanhorn at whidbey.com Tue May 16 01:33:23 2006 From: vanhorn at whidbey.com (G. Armour Van Horn) Date: Tue May 16 01:33:34 2006 Subject: Mail disaster - semi-new system In-Reply-To: <446919C4.5020700@radel.com> References: <446906F1.1000607@whidbey.com> <446919C4.5020700@radel.com> Message-ID: <44691DD3.5030906@whidbey.com> Jon Radel wrote: >G. Armour Van Horn wrote: > > >>I don't think so, I am sure I didn't choose to install SELinux when I >>set this up, and when I invoke "system-config-securitylevel" there is >>nothing to play with other than the firewall - which I have turned off. >>(The machine is behind a damned good firewall already, and the >>command-line tools for configuring the firewall on the Fedora box aren't >>too helpful if you want to open more than a couple non-standard ports.) >>A quick search just now suggests that, if I had SELinux running, there >>would be a tab for it in system-config-securitylevel. >> >> > >Just for grins, you might want to, as root, try the command > >/usr/sbin/sestatus -v > >and look what's in /etc/sysconfig/selinux if anything. > >See http://fedora.redhat.com/docs/selinux-faq-fc5/#id2959210 for the >selinux as used in Fedora Core 5 FAQ (which you may well have already >looked at). > >--Jon Radel > > Well, that's interesting, it seems I am running it. (See below) I'll trundle off and look at that page. Do I want to be running SELinux for some reason? Will it make my life better in sufficient ways to justify the grief it will cause me to have one server behave differently than the others? Van [root@verbose mail]# /usr/sbin/sestatus -v SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 20 Policy from config file: targeted Process contexts: Current context: root:system_r:unconfined_t:SystemLow-SystemHigh Init context: system_u:system_r:init_t /sbin/mingetty system_u:system_r:getty_t /usr/sbin/sshd system_u:system_r:unconfined_t:SystemLow-SystemHigh File contexts: Controlling term: root:object_r:devpts_t /etc/passwd root:object_r:etc_runtime_t /etc/shadow root:object_r:etc_runtime_t /bin/bash system_u:object_r:shell_exec_t /bin/login system_u:object_r:login_exec_t /bin/sh system_u:object_r:bin_t -> system_u:object_r:shell_exec_t /sbin/agetty system_u:object_r:getty_exec_t /sbin/init system_u:object_r:init_exec_t /sbin/mingetty system_u:object_r:getty_exec_t /usr/sbin/sshd system_u:object_r:sshd_exec_t /lib/libc.so.6 system_u:object_r:lib_t -> system_u:object_r:lib_t /lib/ld-linux.so.2 system_u:object_r:lib_t -> system_u:object_r:ld_so_t -- ---------------------------------------------------------- Sign up now for Quotes of the Day, a handful of quotations on a theme delivered every morning. Enlightenment! Daily, for free! mailto:twisted@whidbey.com?subject=Subscribe_QOTD For photography, web design, hosting, and maintenance, visit Van's home page: http://www.domainvanhorn.com/van/ ----------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060515/4dbb1849/attachment.html From vanhorn at whidbey.com Tue May 16 01:47:30 2006 From: vanhorn at whidbey.com (G. Armour Van Horn) Date: Tue May 16 01:47:34 2006 Subject: Mail disaster - semi-new system In-Reply-To: <446906F1.1000607@whidbey.com> References: <446906F1.1000607@whidbey.com> Message-ID: <44692122.9010300@whidbey.com> A new hint just arrived. One of my many test messages just generated a bounce, here's a snip: ----- Transcript of session follows ----- procmail: Couldn't create "/var/mail/vanhorn" procmail: Error while writing to "/var/log/maillog" ... Deferred: local mailer (/usr/bin/procmail) exited with EX_TEMPFAIL Suddenly I'm wondering what's with "/var/mail/vanhorn" as mail on this machine get written to /var/spool/mail as far as I know. There is a /var/mail, but it's a link to /var/spool/mail anyway. Privs on /var/spool/mail were 755 and owned by root, I just did go+w on it to eliminate that possibility, but it doesn't look like it actually changed anything. Van -- ---------------------------------------------------------- Sign up now for Quotes of the Day, a handful of quotations on a theme delivered every morning. Enlightenment! Daily, for free! mailto:twisted@whidbey.com?subject=Subscribe_QOTD For photography, web design, hosting, and maintenance, visit Van's home page: http://www.domainvanhorn.com/van/ ----------------------------------------------------------- From jon at radel.com Tue May 16 03:03:16 2006 From: jon at radel.com (Jon Radel) Date: Tue May 16 03:03:36 2006 Subject: Mail disaster - semi-new system In-Reply-To: <44692122.9010300@whidbey.com> References: <446906F1.1000607@whidbey.com> <44692122.9010300@whidbey.com> Message-ID: <446932E4.3020502@radel.com> G. Armour Van Horn wrote: > > A new hint just arrived. One of my many test messages just generated a > bounce, here's a snip: > > ----- Transcript of session follows ----- > procmail: Couldn't create "/var/mail/vanhorn" > procmail: Error while writing to "/var/log/maillog" > ... Deferred: local mailer > (/usr/bin/procmail) exited with EX_TEMPFAIL > > > Suddenly I'm wondering what's with "/var/mail/vanhorn" as mail on this > machine get written to /var/spool/mail as far as I know. There is a > /var/mail, but it's a link to /var/spool/mail anyway. Privs on > /var/spool/mail were 755 and owned by root, I just did go+w on it to > eliminate that possibility, but it doesn't look like it actually changed > anything. Try it with selinux turned off. Any reasonable policy, if selinux is in enforcing mode, which you appear to have it in per previous mail, will block many programs from doing many things. Or, to put it another way, you could set every directory on your box to 777 and have trouble creating files in certain places. My suggestion is you either 1) turn selinux off entirely if you don't want to pursue it, 2) set selinux to log violations only and then use the log file to help build a policy customized for what you're actually doing on the box. Preferably out of sight of the restless natives. :-) Take the above with a grain of salt, as I make no claim to have gotten past the look at the logs, read the docs, and sigh about how much work it all seems to write a useful policy, stage myself. BTW, good call on Mike Kercher's part to bring selinux up in the first place.... --Jon Radel From steve.swaney at fsl.com Tue May 16 04:08:05 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Tue May 16 04:08:11 2006 Subject: Retrieve quarantine email In-Reply-To: <20060515185629.735a57f8@cyborg> Message-ID: <071701c67895$f3efd840$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of --[UxBoD]-- > Sent: Monday, May 15, 2006 2:56 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: Retrieve quarantine email > > DefenderMX is a interesting product especially as the screenie shows > MailWatch ;) > You noticed :) MailWatch is a very integral part of DefenderMX since Steve Freegard is a partner in FSL and now works full time with us. We use the MailWatch "Recent Messages" screens on our web page because they are eye catching, beautifully designed and more colorful that the other screens that are used to configure MailScanner - actually the MailScanner screens are not that boring - just not as colorful. There are a few MailWatch features that are more easily implemented in DefenderMX than in MailWatch because we've extended the MailWatch with authentication modules which are not part of MailWatch or MailScanner. DefenderMX can be easily configured to accept mail for many domains. Email for each domain may be forwarded to a different back end mail hub and each domain may use a different authentication method. One of the "must have" specifications for the DefenderMX design was that "no user state or passwords should ever be maintained on the gateways". We accomplish this by allowing user or domain administrator logins for viewing Recent Messages, setting individual or domain configurations or running reports by authenticating the user / domain administrator login against the mail hub. If the email address can authenticate on the mail hub we give them access to the appropriate information on the gateways. These features also make it easier for us to send out quarantine reports by domains. I'd also like to emphasize that it's our pledge that the Open Source versions of MailScanner and MailWatch will always use the same code base. All of the improvements that Steve and Julian have or will develop for DefenderMX and MailWatch have been or will be implemented in the open source versions and all of us are committed to never "forking" the code base of either application. In fact Steve's development of the code for MailWatch 2.0 is well underway. We need to subsidize the development of this code first because it is such an essential part of our new DefenderMX 2.0 release. We are also contracting with Anthony Howe to co-develop some new, exciting and very effective comprehensive milters for DefenderMX 2.0 based on development and test work that Steve and Anthony have recently completed. milter-link (free from www.snertsoft.com) is just one of the results of this collaboration. If you're using sendmail, you should definitely test this milter. I find it interesting that most of our DefenderMX users are not current users of the MailScanner or MailWatch open source applications. They are ISPs, ASP's and commercial or educational sites that have very limited experience with open source applications. They want the "gain with out the pain" of all that Julian and Steve have worked so hard to provide. They want simple installation, configuration, web based control for users and administrators, low TCO and expect the support that comes (sometimes) with commercial applications. The really exciting thing for me personally is that once these newbies see what Linux and open source can do, they tend to take a much more open approach to using Linux and open source. Plus we've got a lot more MailScanner users than there would have been if DefenderMX wasn't so simple to install and configure. Sorry for the windy explanation but it's late and I wanted to make clear that the MailScanner and MailWatch features and enhancements we develop for DefenderMX will never be withheld from the Open Source community. I feel that giving users the choice of open source and / or commercially supported open source applications can only help us all. I almost forgot, if you're using MailScanner - "buy the book" and check Julian's wish list! G'night Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From mike at vesol.com Tue May 16 04:21:20 2006 From: mike at vesol.com (Mike Kercher) Date: Tue May 16 04:21:59 2006 Subject: Mail disaster - semi-new system Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of G. Armour Van Horn > Sent: Monday, May 15, 2006 7:48 PM > To: MailScanner discussion > Subject: Re: Mail disaster - semi-new system > > A new hint just arrived. One of my many test messages just > generated a bounce, here's a snip: > > ----- Transcript of session follows ----- > procmail: Couldn't create "/var/mail/vanhorn" > procmail: Error while writing to "/var/log/maillog" > ... Deferred: local > mailer (/usr/bin/procmail) exited with EX_TEMPFAIL > > > Suddenly I'm wondering what's with "/var/mail/vanhorn" as > mail on this machine get written to /var/spool/mail as far as > I know. There is a /var/mail, but it's a link to > /var/spool/mail anyway. Privs on /var/spool/mail were 755 and > owned by root, I just did go+w on it to eliminate that > possibility, but it doesn't look like it actually changed anything. > > Van Personally, I'd turn selinux off and get your mail running again. If you want to tinker with selinux, I'd set another box up and tinker with it offline and, as Jon suggested, set it to log violations and build your own policy. Seeing as your previous box was compromised, I think it would behoove you to firewall that box up as tight as you can and maybe run tripwire. Chances are, they may look your IP up again to see if you learned anything from the prior hack. Mike From vanhorn at whidbey.com Tue May 16 05:16:32 2006 From: vanhorn at whidbey.com (G. Armour Van Horn) Date: Tue May 16 05:16:38 2006 Subject: Mail disaster - semi-new system In-Reply-To: References: Message-ID: <44695220.3080506@whidbey.com> Bingo! Set SELinux to disabled, restarted, and eventually the machine restarted and processed all the backed up mail in thirty seconds. (Eventually because the machine was unable to run X due to an install error and I hadn't changed the default runlevel to 3, so I had to drive fifteen miles to get to the console and get it running again.) Perhaps in a year or so I'll dig into SELinux enough to try again, for now I'm comfortable with the current security level. The firewall allows exactly what I want to come through (though obviously that includes things that could be used to attack the machine - as long as I'm not on the same local network I have to allow enough access for myself to administer the thing), and everything is now completely up to date. Thanks a lot for your astute observation. I wish I'd asked a day earlier! Van Mike Kercher wrote: >Could this be an SELinux issue? Anyone? > >Mike > > > >________________________________ > > From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of G. >Armour Van Horn > Sent: Monday, May 15, 2006 5:09 PM > To: MailScanner discussion > Subject: Re: Mail disaster - semi-new system > > > Mike Kercher wrote: > > mailscanner-bounces@lists.mailscanner.info <> scribbled >on : > > > > I've been pulling my hair out for a couple of >days, and > decided that tracking down "the usual suspect" >either isn't > sufficient here, or I've been pulling out brains >along with the hair. > > Because one of my servers was compromised I had >to rebuild > it. I copied most of /usr /etc/ and /home to a >second disk > and installed Fedora Core > 5 on the primary disk. I got BIND and Apache >running before I > even started on mail, which in this case is >8.13.5. > > With the firewall still turned on so no mail >traffic was > getting to the box, I downloaded and installed >the current > f-prot (manual rpm install) and clamav (yum >install) RPMs, > then downloaded MailScanner 4.53.8. > > I had brought over most of my old MailScanner >configuration > files prior to installing MailScanner, but I >went through > most of MailScanner.conf to make sure things >made sense, then > started it up and disabled the firewall. > > I had to edit the Sendmail config that keeps you >from > receiving mail from outside, of course. > > At this point, no mail is coming in to the local >mail spool. > The files that are sitting there from last week >have been > carefully set to the correct ownership >(username:mail) but > nothing is being added to them. > Mail to users who don't currently have files in > /var/spool/mail do not result in new files being >created. > > the maillog is getting lots of entries like this >one: > May 15 14:16:22 verbose sendmail[9479]: >k4FLCHkZ009386: > to= > , delay=00:04:04, > xdelay=00:00:00, mailer=local, pri=216546, >dsn=4.0.0, > stat=Deferred: local mailer > (/usr/bin/procmail) exited with EX_TEMPFAIL > > The error appears to be the same whether the >user is one of > those that has a file in /var/spool/mail or not. > > Procmail is running, apparently, and is version >3.22. I can > find no trace of a procmail log, nor have I been >able to > learn how to enable procmail logging. >(Everything I come up > with talks about how to control a user's >personal procmail > log, not a global/system one.) > > At one point I was getting errors from clamav >that there was > no user clamav (the installer had ignored that >and proceeded > as root). I finally removed clamav from the >MailScanner.conf > list of virus scanners. At least that eliminated >those log entries. > > The natives are getting restless, and I'm >frustrated beyond > measure. I'm sure there's some obvious step I've >ommitted and > am hoping that one of you can tell me just how >stupid I am - > preferrably while telling me what the ommitted >step should have been! > > Van > > > > Also, give me the output of: > > grep procmail /etc/mail/sendmail.mc > > Mike > > > [root@verbose mail]# grep procmail /etc/mail/sendmail.mc > define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl > FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl > MAILER(procmail)dnl > > > > > -- > ---------------------------------------------------------- > Sign up now for Quotes of the Day, a handful of quotations > on a theme delivered every morning. > Enlightenment! Daily, for free! > mailto:twisted@whidbey.com?subject=Subscribe_QOTD > > For photography, web design, hosting, and maintenance, > visit Van's home page: http://www.domainvanhorn.com/van/ > ----------------------------------------------------------- > > > -- ---------------------------------------------------------- Sign up now for Quotes of the Day, a handful of quotations on a theme delivered every morning. Enlightenment! Daily, for free! mailto:twisted@whidbey.com?subject=Subscribe_QOTD For photography, web design, hosting, and maintenance, visit Van's home page: http://www.domainvanhorn.com/van/ ----------------------------------------------------------- From alex at nkpanama.com Tue May 16 05:39:19 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue May 16 05:39:30 2006 Subject: Best Way to Control Relaying? In-Reply-To: References: <00f001c674d3$12142770$3004010a@martinhlaptop> <014f01c674d7$d0d97260$23c051cb@noc> <44634ED6.1040600@nkpanama.com> <004801c6757b$bebf67c0$23c051cb@noc> <4464D1B5.8090509@nkpanama.com> Message-ID: <44695777.7080907@nkpanama.com> Kai Schaetzl wrote: > Alex Neuman van der Hans wrote on Fri, 12 May 2006 13:19:33 -0500: > > >> What Kai means, more accurately, is that, to _your customers_, you _are_ >> an open relay. This also means that to _viruses_ and _spyware_ running >> on your customers' machines, you _are_ an open relay. >> > > No, what I meant was what I wrote. I may have misunderstood him, though. > >From what he wrote it sounded like he was stopping relaying to others by > blocking them in access.db. > > Kai > > Sorry if I misunderstood you, but in any case, he _is_ an open relay to his customers, since they're not _required_ to authenticate themselves. This is a problem we used to have in this country since all major ISP's were "open relays" to their customers, which meant that internet caf?s and open wifi spots were being used as a base for spammers to get to their victims through ISP's mail servers. From Jan-Peter.Koopmann at seceidos.de Tue May 16 09:41:25 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Tue May 16 09:41:36 2006 Subject: 3rd time asking, HOW DO I UNINSTALL MAILSCANNER FROM FREEBSD???????????? In-Reply-To: <200605152154.k4FLsOwv027012@bkserver.blacknight.ie> Message-ID: On Monday, May 15, 2006 11:56 PM Michael S. wrote: > Again: bsdpan- things on my installations only show up for manually > installed ports (which might happen if you run install.sh from the > MailScanner.tgz btw.!). I might be wrong but I suspect you are. > > We are running a copy of Freebsd 5.4 on a new installation. We have > never run install.sh. Then where do the bsdpan- ports come from? > From the first time we ran make install from > the mailscanner port directory the ERROR 1 code appeared. Never had this problem on any system. I would probably have to logon to the system and have a look myself. > After > trying to deinstall and reinstall it we had the same errors. While > 90% of the files are copied the the proper directories during Error > Code 1, many are not. Eg, in the work directory the following files > were not copied. > > Mailscanner.sh > Mta.sh These do not come from work but from files and are installed via the ports system automatically. Again this somehow points to a more general problem. > File missing from /usr/local/etc/MailScanner/rules > > bounce.rules > max.message.size.rules They are up to this point not part of the port installation. I will add them for the next port version. > These are the files I know were not copied as I had to cp -> rules > and to rc.d Regards, JP From glenn.steen at gmail.com Tue May 16 10:26:44 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 16 10:26:49 2006 Subject: Postfix+MailScanner: Held messages disappeared In-Reply-To: <44690AB7.9030609@ucalgary.ca> References: <44690AB7.9030609@ucalgary.ca> Message-ID: <223f97700605160226x74b54fa5sf884d75db8dccbe8@mail.gmail.com> On 16/05/06, Kai Wang wrote: > > We run postfix with MailScanner. I noticed in our log that some held > messages disappeared. For the following example, the following message, > I can not find it in the hold queue and there is no log entries about it > any more. > > May 12 06:42:09 mhub5 postfix/smtpd[3690]: DC8B814014: > client=unknown[87.247.131.77] > May 12 06:42:10 mhub5 postfix/cleanup[3904]: DC8B814014: hold: header > Received: from 192.168.1.37 (unknown [87.247.131.77])??by > mhub5.ucalgary.ca (Postfix) with SMTP id DC8B814014??for > ; Fri, 12 May 2006 06:42:07 -0600 (MDT) from > unknown[87.247.131.77]; from= to= > proto=SMTP helo=<192.168.1.37> > May 12 06:42:10 mhub5 postfix/cleanup[3904]: DC8B814014: > message-id= > Do you employ split logs (info, warnings, errors)? If so, did you lok in the warnings and errors files too? Might be that it was corrupted and moved there... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From lhaig at haigmail.com Tue May 16 12:11:13 2006 From: lhaig at haigmail.com (Lance Haig) Date: Tue May 16 12:11:24 2006 Subject: Script to download latest from Julians Site Message-ID: <4469B351.6050700@haigmail.com> Has anyone written a script that you can use to download the latest versions of programs from Julian's site? I was just wondering as I always download them locally first then have to upload and if I am on dial up it takes forever. if this has not been done I want to try to write one. Thanks Lance From maillists at conactive.com Tue May 16 12:31:17 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue May 16 12:31:31 2006 Subject: Mail disaster - semi-new system In-Reply-To: <44695220.3080506@whidbey.com> References: <44695220.3080506@whidbey.com> Message-ID: G. Armour Van Horn wrote on Mon, 15 May 2006 21:16:32 -0700: > Bingo! Set SELinux to disabled, restarted, and eventually the machine > restarted and processed all the backed up mail in thirty seconds. Frankly, if you got a problem with SELinux regarding procmail not being allowed to access your maillog, then something is screwed up on your machine. I don't have SELinux enabled, but I run it in permissive mode and I did not ever get a warning from SELinux in regard to sendmail/MailScanner/procmail. Of course, it's possible that the SELinux policy coming with FC5 is different from the policy in RHEL4. I wouldn't just skip that, especially not if my earlier machine got hacked. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From glenn.steen at gmail.com Tue May 16 12:46:52 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 16 12:46:57 2006 Subject: Script to download latest from Julians Site In-Reply-To: <4469B351.6050700@haigmail.com> References: <4469B351.6050700@haigmail.com> Message-ID: <223f97700605160446j2c909686iac81bb277b4739c7@mail.gmail.com> On 16/05/06, Lance Haig wrote: > Has anyone written a script that you can use to download the latest > versions of programs from Julian's site? > > I was just wondering as I always download them locally first then have > to upload and if I am on dial up it takes forever. > > if this has not been done I want to try to write one. > > Thanks > > Lance > If you allow the server http, you could well use lynx or links or similar tool (even wget and curl could be helpful, although then you need know/find out the locations... or just mirror http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/ or somesuch (wget -mirror ... or whatever) :-). Personally I prefer to use lynx, since I do this infrequently... And lynx is enough to get the job done. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From maillists at conactive.com Tue May 16 12:54:22 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue May 16 12:54:11 2006 Subject: Script to download latest from Julians Site In-Reply-To: <4469B351.6050700@haigmail.com> References: <4469B351.6050700@haigmail.com> Message-ID: Lance Haig wrote on Tue, 16 May 2006 12:11:13 +0100: > I was just wondering as I always download them locally first then have > to upload and if I am on dial up it takes forever. Don't tell me you download them to your PC, upload via FTP and then login via SSH and install them. Do you really do that? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From glenn.steen at gmail.com Tue May 16 12:58:37 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 16 12:58:41 2006 Subject: Postfix+MailScanner: Held messages disappeared In-Reply-To: <223f97700605160226x74b54fa5sf884d75db8dccbe8@mail.gmail.com> References: <44690AB7.9030609@ucalgary.ca> <223f97700605160226x74b54fa5sf884d75db8dccbe8@mail.gmail.com> Message-ID: <223f97700605160458h6a2f341cq9f8e01cf1d44bd45@mail.gmail.com> On 16/05/06, Glenn Steen wrote: > On 16/05/06, Kai Wang wrote: (snip) > Do you employ split logs (info, warnings, errors)? If so, did you lok > in the warnings and errors files too? > Might be that it was corrupted and moved there... Sometimes one should read ones typings/typos before hitting the send button... The last sentence above is regarding the _message_ possibly having been corrupted, subsequently moved to the "corrupted" queue directory, and that fact being logged in the errors log file (if Kai has such a file)... Nothing else. (You smart guys'n'gals out there had already deduced that from the malformed mumblings above, but I thought it best to try clarify my point:-). -- -- Glenn (a.k.a. Le Grand Typo) email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dhawal at netmagicsolutions.com Tue May 16 13:15:57 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue May 16 13:16:11 2006 Subject: MailScanner + Bayes on SQL In-Reply-To: References: <44682225.4000904@netmagicsolutions.com> Message-ID: <4469C27D.4070402@netmagicsolutions.com> Kai Schaetzl wrote: > Dhawal Doshy wrote on Mon, 15 May 2006 12:09:33 +0530: > >> precisely.. See, >> http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:bayes:sql > > Ah, thanks, seems I read the wrong wiki :-) > >> mysql> SELECT id, username, spam_count, ham_count, token_count FROM >> bayes_vars; > > Seems to be the one that's also proposed in the wiki: root. > > I'm still waiting that the --restore finishes, I've got quite a few tokens .... One caveat > I've already recognized is that storing it in MySQL takes much more, maybe three times as > much space as with dbm. The indexes take a lot. Yes, but disk is cheap.. comparing MySQL (innodb) with DBM: scanning and expiry are way faster, forgets are slower and learning is more or less as fast/slow as for DBM. See these for more details.. http://wiki.apache.org/spamassassin/BayesBenchmark http://wiki.apache.org/spamassassin/BayesBenchmarkResults Plus SQL will let you share Bayes across multiple front-end MX servers and permission errors are a thing of the past.. - dhawal > Kai From dhawal at netmagicsolutions.com Tue May 16 13:21:28 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue May 16 13:21:36 2006 Subject: Postfix+MailScanner: Held messages disappeared In-Reply-To: <44690AB7.9030609@ucalgary.ca> References: <44690AB7.9030609@ucalgary.ca> Message-ID: <4469C3C8.4090800@netmagicsolutions.com> Kai Wang wrote: > > We run postfix with MailScanner. I noticed in our log that some held > messages disappeared. For the following example, the following message, > I can not find it in the hold queue and there is no log entries about it > any more. > > May 12 06:42:09 mhub5 postfix/smtpd[3690]: DC8B814014: > client=unknown[87.247.131.77] > May 12 06:42:10 mhub5 postfix/cleanup[3904]: DC8B814014: hold: header > Received: from 192.168.1.37 (unknown [87.247.131.77])??by > mhub5.ucalgary.ca (Postfix) with SMTP id DC8B814014??for > ; Fri, 12 May 2006 06:42:07 -0600 (MDT) from > unknown[87.247.131.77]; from= to= > proto=SMTP helo=<192.168.1.37> > May 12 06:42:10 mhub5 postfix/cleanup[3904]: DC8B814014: > message-id= Kai, MailScanner will make a copy of the mail in /var/spool/postfix/hold to /var/spool/MailScanner/Incoming. During this copying, the Queue-ID is changed from DC8B814014 to DC8B814014.XXXXXX (where XXXXXX are six random characters). Can you double check your logs for this? Also as Glenn suggested, can you check your /var/spool/postfix/corrupt directory for any leftovers? - dhawal From dhawal at netmagicsolutions.com Tue May 16 13:31:35 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue May 16 13:31:48 2006 Subject: Script to download latest from Julians Site In-Reply-To: <4469B351.6050700@haigmail.com> References: <4469B351.6050700@haigmail.com> Message-ID: <4469C627.9050400@netmagicsolutions.com> Lance Haig wrote: > Has anyone written a script that you can use to download the latest > versions of programs from Julian's site? #!/bin/sh # Uncomment next line for tar version # wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/ wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/ wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/`cat index.html | awk -F "href=\"" '{print $2}' | awk -F "\"" '{print $1}' | grep -v sig$ | grep ^MailScanner | sort | tail -1` rm -f index.html replace awk with gawk for solaris.. - dhawal > I was just wondering as I always download them locally first then have > to upload and if I am on dial up it takes forever. > > if this has not been done I want to try to write one. > > Thanks > > Lance From dhawal at netmagicsolutions.com Tue May 16 13:36:35 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue May 16 13:36:44 2006 Subject: Postfix+MailScanner: Held messages disappeared In-Reply-To: <4469C3C8.4090800@netmagicsolutions.com> References: <44690AB7.9030609@ucalgary.ca> <4469C3C8.4090800@netmagicsolutions.com> Message-ID: <4469C753.1010503@netmagicsolutions.com> Dhawal Doshy wrote: > Kai Wang wrote: >> >> We run postfix with MailScanner. I noticed in our log that some held >> messages disappeared. For the following example, the following >> message, I can not find it in the hold queue and there is no log >> entries about it any more. >> >> May 12 06:42:09 mhub5 postfix/smtpd[3690]: DC8B814014: >> client=unknown[87.247.131.77] >> May 12 06:42:10 mhub5 postfix/cleanup[3904]: DC8B814014: hold: header >> Received: from 192.168.1.37 (unknown [87.247.131.77])??by >> mhub5.ucalgary.ca (Postfix) with SMTP id DC8B814014??for >> ; Fri, 12 May 2006 06:42:07 -0600 (MDT) from >> unknown[87.247.131.77]; from= to= >> proto=SMTP helo=<192.168.1.37> >> May 12 06:42:10 mhub5 postfix/cleanup[3904]: DC8B814014: >> message-id= > > Kai, > > MailScanner will make a copy of the mail in /var/spool/postfix/hold to > /var/spool/MailScanner/Incoming. During this copying, the Queue-ID is > changed from DC8B814014 to DC8B814014.XXXXXX (where XXXXXX are six > random characters). Can you double check your logs for this? > > Also as Glenn suggested, can you check your /var/spool/postfix/corrupt > directory for any leftovers? Oops, Glenn is right.. no corruption here else the logs would indicate something.. anyways check for the queue-id.xxxxxx thingy. > - dhawal From uxbod at splatnix.net Tue May 16 14:59:58 2006 From: uxbod at splatnix.net (uxbod@splatnix.net) Date: Tue May 16 14:02:59 2006 Subject: SA Scoring Message-ID: <2752399fba2ea14b8101d76722a43faf@splatnix.net> Hi, i am trying to understand why I cannot get a particular spam email to be recognised. Here is what I see in MailWatch :- From: newberniste@g9.com [Add to Whitelist | Add to Blacklist] To: xxxxxx@xxxxxx.com Subject: Re: your VALthUM Size: 4.4Kb Anti-Virus/Dangerous Content Protection Virus: N Blocked File: N Other Infection: N SpamAssassin Spam: N Action(s): deliver, header, "X-Spam-Status:, No" High Scoring Spam: N SpamAssassin Spam: N Listed in RBL: N Spam Whitelisted: N Spam Blacklisted: N SpamAssassin Autolearn: Y (not spam) SpamAssassin Score: 0.00 Spam Report: Score Matching Rule Description cached not score=0.001 6 required spam autolearn=not 0.00 HTML_MESSAGE HTML included in message I get a lot of these and the only thing that changes is the Subject line, but only by case modification. When I get these I train using sa-learn, but after reading this will only happen if a minumum of three criteria are met. How are you all handling messages like this ? Thanks, -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Tue May 16 14:10:26 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue May 16 14:10:51 2006 Subject: MCP broken? Message-ID: <4469CF42.8050100@USherbrooke.ca> Hello again, After experimenting with MCP on a test system I come to the conclusion that something is not working as it should: Non MCP Actions = deliver MCP Actions = deliver forward address@gmail.com High Scoring MCP Actions = deliver forward address@gmail.com Now I send an email that triggers enough MCP rules to match one of the last 2 rules. The email gets sent OK to the forward address but is not delivered to the recipient. Why? Here are the maillog messages: May 15 16:57:55 localhost MailScanner[1885]: MailScanner child caught a SIGHUP May 15 16:57:55 localhost MailScanner[1977]: MailScanner E-Mail Virus Scanner version 4.54.2 starting... May 15 16:57:55 localhost MailScanner[1977]: Read 718 hostnames from the phishing whitelist May 15 16:57:56 localhost MailScanner[1977]: Using SpamAssassin results cache May 15 16:57:56 localhost MailScanner[1977]: Connected to SpamAssassin cache database May 15 16:57:56 localhost MailScanner[1977]: Enabling SpamAssassin auto-whitelist functionality... May 15 16:57:56 localhost MailScanner[1977]: I have found scanners installed, and will use them all by default. May 15 16:57:56 localhost MailScanner[1977]: You appear to have no virus scanners installed at all! This is not good. If you have installed any, then check your virus.scanners.conf file to make sure the locations of your scanners are correct May 15 16:57:56 localhost MailScanner[1977]: Using locktype = flock May 15 16:58:42 localhost sendmail[2016]: k4FKwgcD002016: from=, size=444, class=0, nrcpts= 1, msgid=<4468EB82.5000302@USherbrooke.ca>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] May 15 16:58:42 localhost sendmail[2016]: k4FKwgcD002016: to=, delay=00:00:00, mailer=relay, pri=30444, stat=queued May 15 16:58:45 localhost MailScanner[1977]: New Batch: Scanning 1 messages, 946 bytes May 15 16:58:45 localhost MailScanner[1977]: MCP Checks: Starting May 15 16:58:45 localhost MailScanner[1977]: Message k4FKwgcD002016 from 127.0.0.1 (me@usherbrooke.ca) to usherbrooke.ca is MCP, MCP-Checker (score=10, requis 1, UdeS_Bank4, UdeS_Bank5) May 15 16:58:45 localhost MailScanner[1977]: MCP Checks: Found 1 MCP messages May 15 16:58:45 localhost MailScanner[1977]: MCP Actions: message k4FKwgcD002016 actions are address@gmail.com,forward,deliver May 15 16:58:45 localhost MailScanner[1977]: Spam Checks: Starting May 15 16:58:46 localhost MailScanner[1977]: Message k4FKwgcD002016 from 127.0.0.1 (me@usherbrooke.ca) to usherbrooke.ca is n'est pas un polluriel, SpamAssassin (not cached, score=-1.44, requis 6, autolearn=not spam, ALL_TRUSTED -1.44 May 15 16:58:46 localhost MailScanner[1977]: Virus and Content Scanning: Starting May 15 16:58:46 localhost MailScanner[1977]: Uninfected: Delivered 1 messages May 15 16:58:46 localhost MailScanner[1977]: Batch (1 message) processed in 1.48 seconds May 15 16:58:51 localhost sendmail[2022]: k4FKwgcD002016: to=, delay=00:00:09, xdelay=00:00:01, mailer=relay, pri=120444, relay=smtp.usherbrooke.ca. [132.210.244.93], dsn=2.0.0, stat=Sent (2.0.0 k4FKpUYJ000525 Message accepted for delivery) You can see the gmail address being forwarded to, but nothing about the destination address. The MCP line says "actions are address@gmail.com,forward,deliver". But I see no "deliver". I'm using the following versions: Running on Linux localhost.localdomain 2.6.9-34.EL #1 Fri Feb 24 16:44:51 EST 2006 i686 i686 i386 GNU/Linux This is Red Hat Enterprise Linux AS release 4 (Nahant Update 3) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.54.2 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 0.78 Filesys::Df 1.35 HTML::Entities 3.54 HTML::Parser 2.37 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.03 MIME::QuotedPrint 5.420 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.08 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.809 DB_File 1.11 DBD::SQLite 1.50 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 0.44 Inline missing Mail::ClamAV 3.001001 Mail::SpamAssassin 1.999001 Mail::SPF::Query 0.20 Net::CIDR::Lite 0.57 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.56 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI Thanks! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060516/ae8eac2e/smime.bin From prandal at herefordshire.gov.uk Tue May 16 14:30:02 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue May 16 14:37:17 2006 Subject: SA Scoring Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580CC0B831@isabella.herefordshire.gov.uk> With Razor, Pyzor, DCC, and URIBLs (uribl.com blacklist) they get well clobbered here. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of uxbod@splatnix.net > Sent: 16 May 2006 15:00 > To: mailscanner@lists.mailscanner.info > Subject: SA Scoring > > Hi, > > i am trying to understand why I cannot get a particular spam > email to be > recognised. Here is what I see in MailWatch :- > > From: newberniste@g9.com [Add to Whitelist | Add to Blacklist] > > To: xxxxxx@xxxxxx.com > Subject: Re: your VALthUM > Size: 4.4Kb > Anti-Virus/Dangerous Content Protection > Virus: N > Blocked File: N > Other Infection: N > SpamAssassin > Spam: N Action(s): deliver, header, "X-Spam-Status:, No" > High Scoring Spam: N > SpamAssassin Spam: N > Listed in RBL: N > Spam Whitelisted: N > Spam Blacklisted: N > SpamAssassin Autolearn: Y (not spam) > SpamAssassin Score: 0.00 > Spam Report: Score Matching Rule Description > cached not > score=0.001 > 6 required > spam autolearn=not > 0.00 HTML_MESSAGE HTML included in message > > I get a lot of these and the only thing that changes is the > Subject line, > but only by case modification. > > When I get these I train using sa-learn, but after reading > this will only > happen if a minumum of three criteria are met. > > How are you all handling messages like this ? > > Thanks, > > > -- > This message has been scanned for viruses and dangerous > content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From itdept at redred.com Tue May 16 14:37:20 2006 From: itdept at redred.com (RedRed!com IT Department) Date: Tue May 16 14:37:26 2006 Subject: Script to download latest from Julians Site In-Reply-To: References: <4469B351.6050700@haigmail.com> Message-ID: <4469D590.8060202@redred.com> Kai Schaetzl wrote: > Lance Haig wrote on Tue, 16 May 2006 12:11:13 +0100: > > >>I was just wondering as I always download them locally first then have >>to upload and if I am on dial up it takes forever. > > > Don't tell me you download them to your PC, upload via FTP and then login > via SSH and install them. Do you really do that? > > > Kai > Hey, when you get paid by the hour, you tend to make things fill up a day. :) Why isn't that a viable solution? I do that so I can keep the latest version of the software on my laptop for future use, or until the next version comes out, then I replace it. From Denis.Beauchemin at USherbrooke.ca Tue May 16 14:46:39 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue May 16 14:47:29 2006 Subject: Error in install-Clam-SA In-Reply-To: <4468E062.2030500@USherbrooke.ca> References: <4468E062.2030500@USherbrooke.ca> Message-ID: <4469D7BF.5000504@USherbrooke.ca> Denis Beauchemin a ?crit : > I just used the latest install-Clam-SA script on a brand new RHEL 4 > server and I got the following errors about Clam: > ... I reran the install script and looked more closely at the output: turns out I was missing zlib-devel. After installing it Clam installed OK. Julian, could you check for zlib-devel before installing ClamAV? Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060516/e814e287/smime.bin From maillists at conactive.com Tue May 16 14:51:06 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue May 16 14:51:20 2006 Subject: SA Scoring In-Reply-To: <2752399fba2ea14b8101d76722a43faf@splatnix.net> References: <2752399fba2ea14b8101d76722a43faf@splatnix.net> Message-ID: wrote on Tue, 16 May 2006 13:59:58 +0000: > I get a lot of these and the only thing that changes is the Subject line, > but only by case modification. > > When I get these I train using sa-learn, but after reading this will only > happen if a minumum of three criteria are met. 1. visit www.rulesemporium.com 2. subscribe to the sa-users list 3. it seems your bayes isn't working at all (too few ham/spam yet?). Once Bayes works you'll always find a Bayes_xx hit. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Tue May 16 14:51:06 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue May 16 14:51:24 2006 Subject: MailScanner + Bayes on SQL In-Reply-To: <4469C27D.4070402@netmagicsolutions.com> References: <44682225.4000904@netmagicsolutions.com> <4469C27D.4070402@netmagicsolutions.com> Message-ID: Dhawal Doshy wrote on Tue, 16 May 2006 17:45:57 +0530: > Yes, but disk is cheap.. comparing MySQL (innodb) with DBM: scanning and > expiry are way faster, forgets are slower and learning is more or less > as fast/slow as for DBM. Yeah, that's why I wanted to change. > See these for more details.. > http://wiki.apache.org/spamassassin/BayesBenchmark > http://wiki.apache.org/spamassassin/BayesBenchmarkResults > Plus SQL will let you share Bayes across multiple front-end MX servers > and permission errors are a thing of the past.. Sharing is only feasible for a few of my servers, but, yes, it's a bonus if you need it. As it seems you don't need the bayes_sql_override_username when you backup. It's only needed when you read it in again. I used the backup.txt I had done on another machine (with Bayes on dbm) without bayes_sql_override_username and then restored it on the machine with the testing setup and bayes_sql_override_username set. This took quite long since the machine isn't the fastest and it were around 2 million tokens. Bayes works. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From Denis.Beauchemin at USherbrooke.ca Tue May 16 15:02:57 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue May 16 15:03:17 2006 Subject: MCP broken? In-Reply-To: <4469CF42.8050100@USherbrooke.ca> References: <4469CF42.8050100@USherbrooke.ca> Message-ID: <4469DB91.1030200@USherbrooke.ca> Denis Beauchemin a ?crit : > After experimenting with MCP on a test system I come to the conclusion > that something is not working as it should: > Non MCP Actions = deliver > MCP Actions = deliver forward address@gmail.com > High Scoring MCP Actions = deliver forward address@gmail.com > > Now I send an email that triggers enough MCP rules to match one of the > last 2 rules. The email gets sent OK to the forward address but is > not delivered to the recipient. Why? I did some more tests and used only "deliver" for "MCP Actions". The email was not delivered. Is this normal behaviour? Denis PS: "deliver" works for non-MCP messages. -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060516/782e46b1/smime.bin From uxbod at splatnix.net Tue May 16 16:07:35 2006 From: uxbod at splatnix.net (uxbod@splatnix.net) Date: Tue May 16 15:10:36 2006 Subject: SA Scoring In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580CC0B831@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580CC0B831@isabella.herefordshire.gov.uk> Message-ID: <536202be1c36e8ba43dc1dcee412f25d@splatnix.net> Running with these already. As there is only two mailbox users then perhaps it is down to the number of spam/ham learnt in Bayes. On 1:30 pm 05/16/06 "Randal, Phil" wrote: > With Razor, Pyzor, DCC, and URIBLs (uribl.com blacklist) they get well > clobbered here. > > Cheers, > > Phil > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of uxbod@splatnix.net > > Sent: 16 May 2006 15:00 > > To: mailscanner@lists.mailscanner.info > > Subject: SA Scoring > > > > Hi, > > > > i am trying to understand why I cannot get a particular spam > > email to be > > recognised. Here is what I see in MailWatch :- > > > > From: newberniste@g9.com [Add to Whitelist | Add to Blacklist] > > > > To: xxxxxx@xxxxxx.com > > Subject: Re: your VALthUM > > Size: 4.4Kb > > Anti-Virus/Dangerous Content Protection > > Virus: N > > Blocked File: N > > Other Infection: N > > SpamAssassin > > Spam: N Action(s): deliver, header, "X-Spam-Status:, No" > > High Scoring Spam: N > > SpamAssassin Spam: N > > Listed in RBL: N > > Spam Whitelisted: N > > Spam Blacklisted: N > > SpamAssassin Autolearn: Y (not spam) > > SpamAssassin Score: 0.00 > > Spam Report: Score Matching Rule Description > > cached not > > score=0.001 > > 6 required > > spam autolearn=not > > 0.00 HTML_MESSAGE HTML included in message > > > > I get a lot of these and the only thing that changes is the > > Subject line, > > but only by case modification. > > > > When I get these I train using sa-learn, but after reading > > this will only > > happen if a minumum of three criteria are met. > > > > How are you all handling messages like this ? > > > > Thanks, > > > > > > -- > > This message has been scanned for viruses and dangerous > > content by MailScanner, and is > > believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dhawal at netmagicsolutions.com Tue May 16 15:27:30 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue May 16 15:27:44 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: References: <20060412205748.GD14679@luckyduck.tux> <20060414192115.13204.qmail@mymail.netmagicians.com> <44432F03.4090907@netmagicsolutions.com> <223f97700604241045n144a8ae5radb01346cbdb2f1d@mail.gmail.com> <44523AA2.3080008@netmagicsolutions.com> <80973D29-30E5-4A00-8176-6FE4D48F7E78@ecs.soton.ac.uk> <4459F727.3080206@netmagicsolutions.com> <223f97700605040753n34503771y77717bee07ab4c88@mail.gmail.com> <445A335A.4020706@netmagicsolutions.com> <223f97700605041445y1fbba49eu85ce3f1c1e4a2882@mail.gmail.com> Message-ID: <4469E152.7050407@netmagicsolutions.com> Drew Marshall wrote: > > On 4 May 2006, at 22:45, Glenn Steen wrote: > > > > Sadly I don't think I am the right guy either. Although I understand > what each of the nice bits of software do, how they play and the > mechanics, I am not a programmer nor do I understand the code bits of > either (Kind of like I can drive, I understand what a misfire is and can > even explain why but I'm not a mechanic!). I really think that Jules is > the man to explain how it all comes together (And understand the answers > better!) but perhaps there might be better results if between us we > could mediate between the two parties, if Jules doesn't fancy walking > back in to the lion's den and why indeed should he considering the past :-( > >> >> Anyway, my comments were the slight contrib I could do ATM. Sorry it's >> not more. > > Like wise Drew / Glenn / Other Postfix users, I almost gave up.. but somehow think that this matter needs to be clarified once and for all.. Are you guys game for getting together on the MailScanner IRC at some predefined time and drafting a mail (that is technically. grammatically and politically correct) to be sent to the postfix developers?? - dhawal BTW, check the announcement on the postfix-users list.. milter support in postfix is now available in the experimental versions. http://www.porcupine.org/postfix-mirror/MILTER_README.html ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/ From dhawal at netmagicsolutions.com Tue May 16 15:48:11 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue May 16 15:48:24 2006 Subject: SA Scoring In-Reply-To: <536202be1c36e8ba43dc1dcee412f25d@splatnix.net> References: <86144ED6CE5B004DA23E1EAC0B569B580CC0B831@isabella.herefordshire.gov.uk> <536202be1c36e8ba43dc1dcee412f25d@splatnix.net> Message-ID: <4469E62B.10708@netmagicsolutions.com> uxbod@splatnix.net wrote: > Running with these already. As there is only two mailbox users then perhaps > it is down to the number of spam/ham learnt in Bayes. Does the spam contain something like "domain [dot} tld, replace the dot with a '.'", if yes then spamassassin is currently unable to lookup munged domains on SURBL/URIBL. Dallas (of SA) suggested a hack (which might be prone to FPs and is not an approved method).. here's a patch for PerMsgStatus.pm in SA 3.1.1 [root@sauron ~]# diff -u /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm.original /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm --- /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm.original 2006-03-11 00:59:55.000000000 +0530 +++ /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm 2006-05-15 23:41:11.000000000 +0530 @@ -2071,6 +2071,11 @@ for (@$textary) { # NOTE: do not modify $_ in this loop + + # do not allow dot munging.. ie domain(dot)tld domain[dot]tld domain-dot-tld + # actively started 2006-03-20 + s/([a-z0-9])[^a-z0-9]dot[^a-z0-9]([a-z]{2,7})/$1\.$2/gi; + while (/($uriRe)/igo) { my $uri = $1; - dhawal > On 1:30 pm 05/16/06 "Randal, Phil" wrote: >> With Razor, Pyzor, DCC, and URIBLs (uribl.com blacklist) they get well >> clobbered here. >> >> Cheers, >> >> Phil >> >> ---- >> Phil Randal >> Network Engineer >> Herefordshire Council >> Hereford, UK >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>> Of uxbod@splatnix.net >>> Sent: 16 May 2006 15:00 >>> To: mailscanner@lists.mailscanner.info >>> Subject: SA Scoring >>> >>> Hi, >>> >>> i am trying to understand why I cannot get a particular spam >>> email to be >>> recognised. Here is what I see in MailWatch :- >>> >>> From: newberniste@g9.com [Add to Whitelist | Add to Blacklist] >>> >>> To: xxxxxx@xxxxxx.com >>> Subject: Re: your VALthUM >>> Size: 4.4Kb >>> Anti-Virus/Dangerous Content Protection >>> Virus: N >>> Blocked File: N >>> Other Infection: N >>> SpamAssassin >>> Spam: N Action(s): deliver, header, "X-Spam-Status:, No" >>> High Scoring Spam: N >>> SpamAssassin Spam: N >>> Listed in RBL: N >>> Spam Whitelisted: N >>> Spam Blacklisted: N >>> SpamAssassin Autolearn: Y (not spam) >>> SpamAssassin Score: 0.00 >>> Spam Report: Score Matching Rule Description >>> cached not >>> score=0.001 >>> 6 required >>> spam autolearn=not >>> 0.00 HTML_MESSAGE HTML included in message >>> >>> I get a lot of these and the only thing that changes is the >>> Subject line, >>> but only by case modification. >>> >>> When I get these I train using sa-learn, but after reading >>> this will only >>> happen if a minumum of three criteria are met. >>> >>> How are you all handling messages like this ? >>> >>> Thanks, From ka at pacific.net Tue May 16 15:55:50 2006 From: ka at pacific.net (Ken A) Date: Tue May 16 15:52:02 2006 Subject: Script to download latest from Julians Site In-Reply-To: <4469D590.8060202@redred.com> References: <4469B351.6050700@haigmail.com> <4469D590.8060202@redred.com> Message-ID: <4469E7F6.9050502@pacific.net> RedRed!com IT Department wrote: > Kai Schaetzl wrote: >> Lance Haig wrote on Tue, 16 May 2006 12:11:13 +0100: >> >> >>> I was just wondering as I always download them locally first then >>> have to upload and if I am on dial up it takes forever. >> >> >> Don't tell me you download them to your PC, upload via FTP and then >> login via SSH and install them. Do you really do that? >> >> >> Kai >> > > Hey, when you get paid by the hour, you tend to make things fill up a > day. :) > > Why isn't that a viable solution? I do that so I can keep the latest > version of the software on my laptop for future use, or until the next > version comes out, then I replace it. Why not split the file into floppies first and carry it over to the server, then join the files back together? Must be a gov't contract.... Ken A Pacific.Net From MailScanner at ecs.soton.ac.uk Tue May 16 16:18:46 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 16 16:19:04 2006 Subject: Error in install-Clam-SA In-Reply-To: <4469D7BF.5000504@USherbrooke.ca> References: <4468E062.2030500@USherbrooke.ca> <4469D7BF.5000504@USherbrooke.ca> Message-ID: On 16 May 2006, at 14:46, Denis Beauchemin wrote: > Denis Beauchemin a ?crit : >> I just used the latest install-Clam-SA script on a brand new RHEL >> 4 server and I got the following errors about Clam: >> ... > I reran the install script and looked more closely at the output: > turns out I was missing zlib-devel. > > After installing it Clam installed OK. > > Julian, could you check for zlib-devel before installing ClamAV? I just tried building ClamAV without zlib.a there at all, and it built just fine. I don't think that is the problem. Just for the record, here is a little shell script that will test for the presence of a devel library. #!/bin/sh TMPDIR=/tmp/zlib.$$ mkdir -p $TMPDIR echo 'int main(void) { return 0; }' > $TMPDIR/try.c if cc -o $TMPDIR/try $TMPDIR/try.c -lz >/dev/null 2>&1 ; then echo It succeeded. Zlib-devel is installed. else echo It failed. Zlib-devel is not installed. fi rm -rf $TMPDIR -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From alex at nkpanama.com Tue May 16 16:38:49 2006 From: alex at nkpanama.com (Alex Neuman) Date: Tue May 16 16:39:07 2006 Subject: Mail disaster - semi-new system In-Reply-To: References: <44695220.3080506@whidbey.com> Message-ID: <4469F209.3050108@nkpanama.com> Kai Schaetzl escribi?: > Of course, it's possible that the SELinux > policy coming with FC5 is different from the policy in RHEL4. I wouldn't > just skip that, especially not if my earlier machine got hacked. > > Kai > > He _did_ say *compromised*, not *hacked*. When this happens it's usually the result of not tightening up something else... Examples include: * Users on the system instead of a database, with /bin/bash as their shell and SSH enabled, and a guessable password. * Lax permissions on CMS systems that allow people to execute code or upload content * Not changing passwords after admin-level users leave the company SELinux is great, if you know how to implement it properly. Otherwise it can confuse the hell out of someone not used to it. From admin at thenamegame.com Tue May 16 16:44:35 2006 From: admin at thenamegame.com (Michael S.) Date: Tue May 16 16:43:44 2006 Subject: 3rd time asking, HOW DO I UNINSTALL MAILSCANNER FROM FREEBSD???????????? In-Reply-To: Message-ID: <200605161543.k4GFhfDE022735@bkserver.blacknight.ie> Then where do the bsdpan- ports come from? > Probably cPanel. Cpanel does its own upgrading of certain perl modules when it runs its updates. Also, one has the ability to install any perl module from the cpanel WHM interface at any time. From john at katy.com Tue May 16 16:48:25 2006 From: john at katy.com (John Schmerold) Date: Tue May 16 16:48:15 2006 Subject: Resend archived mail Message-ID: <4469F449.7050803@katy.com> We had a sad story this morning. Long story short, I need to resend all archived emails addressed to one domain and archived. We are using Sendmail. If memory serves all we need to do is copy the archived message into mqueue like so: cp -p /var/spool/MailScanner/quarantine/20051101/20051111/?fjABMN7KU009599 /var/spool/mqueue It's been 15 minutes or so & the emails have not budged from mqueue: [root@mx1 root]# ls -al /var/spool/MailScanner/quarantine/20051101/20060516/?fk4GF081P020699 -rw-rw---- 1 root root 1085 May 16 10:00 /var/spool/MailScanner/quarantine/20051101/20060516/dfk4GF081P020699 -rw-rw---- 1 root root 3143 May 16 10:00 /var/spool/MailScanner/quarantine/20051101/20060516/qfk4GF081P020699 [root@mx1 root]# ls -al /var/spool/mqueue/?fk4GF081P020699 -rw-rw---- 1 root root 1085 May 16 10:00 /var/spool/mqueue/dfk4GF081P020699 -rw-rw---- 1 root root 3143 May 16 10:00 /var/spool/mqueue/qfk4GF081P020699 Two questions: 1. What am I missing? 2. Does any dear soul have a script they'd care to share with the group to re-deliver all emails sent to example.com ? Perhaps something as simple as: dosomething $(grep -ril "@katy.com" /var/spool/MailScanner/quarantine/20051101/20060516/qfk4GF081P020699 ) TIA From ssilva at sgvwater.com Tue May 16 16:48:39 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 16 17:03:09 2006 Subject: Script to download latest from Julians Site In-Reply-To: <4469D590.8060202@redred.com> References: <4469B351.6050700@haigmail.com> <4469D590.8060202@redred.com> Message-ID: RedRed!com IT Department spake the following on 5/16/2006 6:37 AM: > Kai Schaetzl wrote: >> Lance Haig wrote on Tue, 16 May 2006 12:11:13 +0100: >> >> >>> I was just wondering as I always download them locally first then >>> have to upload and if I am on dial up it takes forever. >> >> >> Don't tell me you download them to your PC, upload via FTP and then >> login via SSH and install them. Do you really do that? >> >> >> Kai >> > > Hey, when you get paid by the hour, you tend to make things fill up a > day. :) > > Why isn't that a viable solution? I do that so I can keep the latest > version of the software on my laptop for future use, or until the next > version comes out, then I replace it. I already have MORE than enough to fill out a day... Sometimes the PHB's try to fill my time as well as theirs. Being a sysadmin is a full time job, and I find myself doing or checking things from home just to head off the real BIG disasters. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mikea at mikea.ath.cx Tue May 16 17:26:34 2006 From: mikea at mikea.ath.cx (mikea) Date: Tue May 16 17:26:41 2006 Subject: Resend archived mail In-Reply-To: <4469F449.7050803@katy.com>; from john@katy.com on Tue, May 16, 2006 at 10:48:25AM -0500 References: <4469F449.7050803@katy.com> Message-ID: <20060516112634.B38881@mikea.ath.cx> On Tue, May 16, 2006 at 10:48:25AM -0500, John Schmerold wrote: > We had a sad story this morning. Long story short, I need to resend all > archived emails addressed to one domain and archived. We are using > Sendmail. If memory serves all we need to do is copy the archived > message into mqueue like so: > cp -p > /var/spool/MailScanner/quarantine/20051101/20051111/?fjABMN7KU009599 > /var/spool/mqueue > > It's been 15 minutes or so & the emails have not budged from mqueue: > [root@mx1 root]# ls -al > /var/spool/MailScanner/quarantine/20051101/20060516/?fk4GF081P020699 > -rw-rw---- 1 root root 1085 May 16 10:00 > /var/spool/MailScanner/quarantine/20051101/20060516/dfk4GF081P020699 > -rw-rw---- 1 root root 3143 May 16 10:00 > /var/spool/MailScanner/quarantine/20051101/20060516/qfk4GF081P020699 > [root@mx1 root]# ls -al /var/spool/mqueue/?fk4GF081P020699 > -rw-rw---- 1 root root 1085 May 16 10:00 > /var/spool/mqueue/dfk4GF081P020699 > -rw-rw---- 1 root root 3143 May 16 10:00 > /var/spool/mqueue/qfk4GF081P020699 > > > Two questions: > 1. What am I missing? > > 2. Does any dear soul have a script they'd care to share with the group > to re-deliver all emails sent to example.com ? > Perhaps something as simple as: > dosomething $(grep -ril "@katy.com" > /var/spool/MailScanner/quarantine/20051101/20060516/qfk4GF081P020699 ) For the first, some variation of "sendmail -q" should suffice. You want sendmail to run the queue, and that command causes a queue run to happen. Or have you tried that already? I'll defer to others on #2; they'll have some incredibly-obvious-in- hindsight solution, where I'll have a Tingueley-cum-Goldberg kludge. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From maillists at conactive.com Tue May 16 17:57:45 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue May 16 17:58:00 2006 Subject: Resend archived mail In-Reply-To: <4469F449.7050803@katy.com> References: <4469F449.7050803@katy.com> Message-ID: John Schmerold wrote on Tue, 16 May 2006 10:48:25 -0500: > /var/spool/MailScanner/quarantine/20051101/20060516/?fk4GF081P020699 I do know d, p and x, but I don't know "?" queue files. Maybe that's the problem? What does "mailq" tell you? If it detects these files as valid queue files it should tell you something. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Tue May 16 17:57:45 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue May 16 17:58:04 2006 Subject: Mail disaster - semi-new system In-Reply-To: <4469F209.3050108@nkpanama.com> References: <44695220.3080506@whidbey.com> <4469F209.3050108@nkpanama.com> Message-ID: Alex Neuman wrote on Tue, 16 May 2006 10:38:49 -0500: > Examples include: Yepp, and all of them can't be fixed with a firewall. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From ssilva at sgvwater.com Tue May 16 17:59:31 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 16 18:05:29 2006 Subject: Resend archived mail In-Reply-To: <4469F449.7050803@katy.com> References: <4469F449.7050803@katy.com> Message-ID: John Schmerold spake the following on 5/16/2006 8:48 AM: > We had a sad story this morning. Long story short, I need to resend all > archived emails addressed to one domain and archived. We are using > Sendmail. If memory serves all we need to do is copy the archived > message into mqueue like so: > cp -p > /var/spool/MailScanner/quarantine/20051101/20051111/?fjABMN7KU009599 > /var/spool/mqueue > > It's been 15 minutes or so & the emails have not budged from mqueue: > [root@mx1 root]# ls -al > /var/spool/MailScanner/quarantine/20051101/20060516/?fk4GF081P020699 > -rw-rw---- 1 root root 1085 May 16 10:00 > /var/spool/MailScanner/quarantine/20051101/20060516/dfk4GF081P020699 > -rw-rw---- 1 root root 3143 May 16 10:00 > /var/spool/MailScanner/quarantine/20051101/20060516/qfk4GF081P020699 > [root@mx1 root]# ls -al /var/spool/mqueue/?fk4GF081P020699 > -rw-rw---- 1 root root 1085 May 16 10:00 > /var/spool/mqueue/dfk4GF081P020699 > -rw-rw---- 1 root root 3143 May 16 10:00 > /var/spool/mqueue/qfk4GF081P020699 > > > Two questions: > 1. What am I missing? > > 2. Does any dear soul have a script they'd care to share with the group > to re-deliver all emails sent to example.com ? > Perhaps something as simple as: > dosomething $(grep -ril "@katy.com" > /var/spool/MailScanner/quarantine/20051101/20060516/qfk4GF081P020699 ) > > TIA That will not work as the quarantine doesn't contain queue files, it contains RFC type mail files. You would have to use "sendmail -toi user@domain < messagefile". It could be scripted, but that is beyond my humble skills. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mikea at mikea.ath.cx Tue May 16 18:09:01 2006 From: mikea at mikea.ath.cx (mikea) Date: Tue May 16 18:09:04 2006 Subject: Resend archived mail In-Reply-To: <20060516112634.B38881@mikea.ath.cx>; from mikea@mikea.ath.cx on Tue, May 16, 2006 at 11:26:34AM -0500 References: <4469F449.7050803@katy.com> <20060516112634.B38881@mikea.ath.cx> Message-ID: <20060516120901.A39217@mikea.ath.cx> On Tue, May 16, 2006 at 11:26:34AM -0500, mikea wrote: > On Tue, May 16, 2006 at 10:48:25AM -0500, John Schmerold wrote: > > We had a sad story this morning. Long story short, I need to resend all > > archived emails addressed to one domain and archived. We are using > > Sendmail. If memory serves all we need to do is copy the archived > > message into mqueue like so: > > cp -p > > /var/spool/MailScanner/quarantine/20051101/20051111/?fjABMN7KU009599 > > /var/spool/mqueue > > > > It's been 15 minutes or so & the emails have not budged from mqueue: > > [root@mx1 root]# ls -al > > /var/spool/MailScanner/quarantine/20051101/20060516/?fk4GF081P020699 > > -rw-rw---- 1 root root 1085 May 16 10:00 > > /var/spool/MailScanner/quarantine/20051101/20060516/dfk4GF081P020699 > > -rw-rw---- 1 root root 3143 May 16 10:00 > > /var/spool/MailScanner/quarantine/20051101/20060516/qfk4GF081P020699 > > [root@mx1 root]# ls -al /var/spool/mqueue/?fk4GF081P020699 > > -rw-rw---- 1 root root 1085 May 16 10:00 > > /var/spool/mqueue/dfk4GF081P020699 > > -rw-rw---- 1 root root 3143 May 16 10:00 > > /var/spool/mqueue/qfk4GF081P020699 > > > > > > Two questions: > > 1. What am I missing? > > > > 2. Does any dear soul have a script they'd care to share with the group > > to re-deliver all emails sent to example.com ? > > Perhaps something as simple as: > > dosomething $(grep -ril "@katy.com" > > /var/spool/MailScanner/quarantine/20051101/20060516/qfk4GF081P020699 ) > > For the first, some variation of "sendmail -q" should suffice. You want > sendmail to run the queue, and that command causes a queue run to happen. > Or have you tried that already? > > I'll defer to others on #2; they'll have some incredibly-obvious-in- > hindsight solution, where I'll have a Tingueley-cum-Goldberg kludge. This from the sendmail help may help, too: -q[!]R substr Limit processed jobs to those containing substr as a substring of one of the recipients or not when ! is specified. -q[!]S substr Limit processed jobs to those containing substr as a substring of the sender or not when ! is speci- fied. I use "sudo sendmail -v -bp -OQueueDirectory=/var/spool/mqueue.in" to list the contents of the inbound queue. -OQueueDirectory= sets directory you want to use as your mail queue for that instance of sendmail. You could use "sendmail -q -qRexample.com \ -OQueueDirectory=/var/spool/MailScanner/quarantine/20051101/20060516/qfk4GF081P020699" to run the queue for all the mails to example.com stuck in that directory. If you wanted to get fancier and were using ksh or some other non-csh shell then something like # for i in `ls ` do sendmail -q -qRexample.com -OQueueDirectory=$i done # might go a long way towards getting that mail out. Or, on the gripping hand, it might not. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From mikea at mikea.ath.cx Tue May 16 18:10:30 2006 From: mikea at mikea.ath.cx (mikea) Date: Tue May 16 18:10:33 2006 Subject: Resend archived mail In-Reply-To: ; from maillists@conactive.com on Tue, May 16, 2006 at 06:57:45PM +0200 References: <4469F449.7050803@katy.com> Message-ID: <20060516121030.B39217@mikea.ath.cx> On Tue, May 16, 2006 at 06:57:45PM +0200, Kai Schaetzl wrote: > John Schmerold wrote on Tue, 16 May 2006 10:48:25 -0500: > > > /var/spool/MailScanner/quarantine/20051101/20060516/?fk4GF081P020699 > > I do know d, p and x, but I don't know "?" queue files. Maybe that's the > problem? What does "mailq" tell you? If it detects these files as valid > queue files it should tell you something. Hi, Kai. I think that the ? is a match-anything placeholder, 1-character wide, in the operand of his `ls` command. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From john at katy.com Tue May 16 18:31:14 2006 From: john at katy.com (John Schmerold) Date: Tue May 16 18:31:07 2006 Subject: Resend archived mail In-Reply-To: References: <4469F449.7050803@katy.com> Message-ID: <446A0C62.3070407@katy.com> That explains why this did not work: sendmail -OQueueDirectory=/var/spool/MailScanner/quarantine/20051101/20060516 -qR@katy.com Scott Silva wrote: >John Schmerold spake the following on 5/16/2006 8:48 AM: > > >>We had a sad story this morning. Long story short, I need to resend all >>archived emails addressed to one domain and archived. We are using >>Sendmail. If memory serves all we need to do is copy the archived >>message into mqueue like so: >>cp -p >>/var/spool/MailScanner/quarantine/20051101/20051111/?fjABMN7KU009599 >>/var/spool/mqueue >> >>It's been 15 minutes or so & the emails have not budged from mqueue: >>[root@mx1 root]# ls -al >>/var/spool/MailScanner/quarantine/20051101/20060516/?fk4GF081P020699 >>-rw-rw---- 1 root root 1085 May 16 10:00 >>/var/spool/MailScanner/quarantine/20051101/20060516/dfk4GF081P020699 >>-rw-rw---- 1 root root 3143 May 16 10:00 >>/var/spool/MailScanner/quarantine/20051101/20060516/qfk4GF081P020699 >>[root@mx1 root]# ls -al /var/spool/mqueue/?fk4GF081P020699 >>-rw-rw---- 1 root root 1085 May 16 10:00 >>/var/spool/mqueue/dfk4GF081P020699 >>-rw-rw---- 1 root root 3143 May 16 10:00 >>/var/spool/mqueue/qfk4GF081P020699 >> >> >>Two questions: >>1. What am I missing? >> >>2. Does any dear soul have a script they'd care to share with the group >>to re-deliver all emails sent to example.com ? >> Perhaps something as simple as: >> dosomething $(grep -ril "@katy.com" >>/var/spool/MailScanner/quarantine/20051101/20060516/qfk4GF081P020699 ) >> >>TIA >> >> >That will not work as the quarantine doesn't contain queue files, it contains >RFC type mail files. You would have to use "sendmail -toi user@domain < >messagefile". It could be scripted, but that is beyond my humble skills. > > > > -- John Schmerold Katy Computer & Wireless 20 Meramec Station Rd Valley Park MO 63088 636-861-6900 v 775-227-6947 f From jrudd at ucsc.edu Tue May 16 18:53:08 2006 From: jrudd at ucsc.edu (John Rudd) Date: Tue May 16 18:53:40 2006 Subject: Best Way to Control Relaying? In-Reply-To: <44695777.7080907@nkpanama.com> References: <00f001c674d3$12142770$3004010a@martinhlaptop> <014f01c674d7$d0d97260$23c051cb@noc> <44634ED6.1040600@nkpanama.com> <004801c6757b$bebf67c0$23c051cb@noc> <4464D1B5.8090509@nkpanama.com> <44695777.7080907@nkpanama.com> Message-ID: <3b85c513756f3cbe5162f8b4599c5e84@ucsc.edu> On May 15, 2006, at 9:39 PM, Alex Neuman van der Hans wrote: > Kai Schaetzl wrote: >> Alex Neuman van der Hans wrote on Fri, 12 May 2006 13:19:33 -0500: >> >> >>> What Kai means, more accurately, is that, to _your customers_, you >>> _are_ an open relay. This also means that to _viruses_ and _spyware_ >>> running on your customers' machines, you _are_ an open relay. >>> >> >> No, what I meant was what I wrote. I may have misunderstood him, >> though. >From what he wrote it sounded like he was stopping relaying >> to others by blocking them in access.db. >> > Sorry if I misunderstood you, but in any case, he _is_ an open relay > to his customers, since they're not _required_ to authenticate > themselves. > > This is a problem we used to have in this country since all major > ISP's were "open relays" to their customers, which meant that internet > caf?s and open wifi spots were being used as a base for spammers to > get to their victims through ISP's mail servers. Uh, that's not what it means to be an "open relay". An open relay is a relay which doesn't restrict who uses it. Specifically, it is a relay that allows 3rd parties (ie. not the server's proper users (the customers), nor people sending to the proper users, but a third group which is neither proper users nor people sending to the proper users). If only his customers can relay through is sever, then it's not an open relay. Therefore, being an "open relay to his customers" is a meaningless phrase. It's like saying "it's a 2 way door if and only if you open it from the inside". If you can only open it from the inside, it's not a 2 way door. I can see arguments for requiring authentication (it's certainly a good goal, and should be a 'best practice'), but it's still perfectly normal and valid for a site to allow relaying for/by the network/hosts/users it is responsible for. That doesn't make them an "open relay". It makes them a "relay". There's nothing wrong with being a "relay". From mkettler at evi-inc.com Tue May 16 19:03:20 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue May 16 19:03:28 2006 Subject: SA Scoring In-Reply-To: <2752399fba2ea14b8101d76722a43faf@splatnix.net> References: <2752399fba2ea14b8101d76722a43faf@splatnix.net> Message-ID: <446A13E8.9050908@evi-inc.com> uxbod@splatnix.net wrote: > > When I get these I train using sa-learn, but after reading this will only > happen if a minumum of three criteria are met. Eh? The multi-critera only applies to automatic learning. Manual training ALWAYS applies. However, one thing to be careful of is to make sure you're training the right bayes database. Newer versions of MailScanner set the bayes_path using mailscanner.cf, however older versions did not have this. In those older versions, any manual training would go to a different bayes DB than the one MailScanner uses at run-time. > > How are you all handling messages like this ? Personally, my system tears most of these up, assuming you're talking about the recent wave of pill-spams with just a single line of text and a URL. The URIBL tests are tearing them to shreds: X-EVI-MailScanner-SpamCheck: spam, SpamAssassin (score=40.403, required 5, autolearn=spam, BAYES_99 3.50, HELO_DYNAMIC_HCC 4.10, HELO_DYNAMIC_IPADDR2 3.82, INFO_GREYLIST_DELAYED 0.40, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_BL_SPAMCOP_NET 1.56, RCVD_IN_SORBS_DUL 2.05, RCVD_IN_XBL 3.90, SURBL_MULTI1 -0.50, SURBL_MULTI2 -0.20, SURBL_MULTI3 -0.20, SURBL_MULTI4 -0.20, URIBL_AB_SURBL 3.81, URIBL_BLACK 1.50, URIBL_BLACK_OVERLAP -1.00, URIBL_JP_SURBL 4.09, URIBL_OB_SURBL 3.01, URIBL_SBL 1.64, URIBL_SC_SURBL 4.50, URIBL_WS_SURBL 2.14) What version of SA are you using? are you using any add-ons? Do you have Net::DNS installed, and have network checks enabled? Do you have the uribl plugin loaded in your init.pre? > > Thanks, > > From jd at bentecmed.com Tue May 16 19:24:10 2006 From: jd at bentecmed.com (JD Doelitzsch) Date: Tue May 16 19:29:15 2006 Subject: connection refused by 127.0.0.1 In-Reply-To: <4468F1D1.1090007@maddoc.net> Message-ID: Yes you assumed right, I am using sendmail, would opening the loopback be a security issue considering what Kevin miller said? thanks for the info. -JD -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Doc Schneider Sent: Monday, May 15, 2006 1:26 PM To: MailScanner discussion Subject: Re: connection refused by 127.0.0.1 JD Doelitzsch wrote: > Im getting alot of messages filling up my logs with status deferred > connection refused by 127.0.0.1 why would MS send to its loopback? and why > wouldn't it accept it? > > -JD > > You need to add 127.0.0.1 to your access file: 127.0.0.1 (needs a tab) OK Then make in your /etc/mail directory. This is presuming you're using sendmail. -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jd at bentecmed.com Tue May 16 19:24:09 2006 From: jd at bentecmed.com (JD Doelitzsch) Date: Tue May 16 19:29:18 2006 Subject: connection refused by 127.0.0.1 In-Reply-To: Message-ID: Wow thats pretty interesting, how did you find that out?? did you have to go to all of the domains listed in the messages? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Kevin Miller Sent: Monday, May 15, 2006 1:25 PM To: MailScanner discussion Subject: RE: connection refused by 127.0.0.1 JD Doelitzsch wrote: > Im getting alot of messages filling up my logs with status deferred > connection refused by 127.0.0.1 why would MS send to its loopback? > and why wouldn't it accept it? > > -JD Don't know if it's the case here, but check the domain. I had a case some time ago where the spammer had a MX records in their DNS that resolved to 127.0.0.1 so any reply mail/bounces, etc. would never leave the server. Pretty sleazy. I blacklisted the domain in sendmail's access table. May be something similar going on here... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jd at bentecmed.com Tue May 16 19:24:09 2006 From: jd at bentecmed.com (JD Doelitzsch) Date: Tue May 16 19:29:21 2006 Subject: (no subject) Message-ID: Just a General question here. If im not using the delay feature on MS and its still taking about 15-20 secs to get the 220 which is causing a timeout in some instances, and im using a P3 box. That means get a new box right? -JD Also, You guys are great. The support I get from you guys beats anything. I feel like im part of a happy family. Or is that the drugs? From uxbod at splatnix.net Tue May 16 20:36:27 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Tue May 16 19:37:33 2006 Subject: SA Scoring In-Reply-To: <446A13E8.9050908@evi-inc.com> References: <2752399fba2ea14b8101d76722a43faf@splatnix.net> <446A13E8.9050908@evi-inc.com> Message-ID: <20060516193627.0f51ea29@cyborg> Hi, oops, no I didnt have it enabled ! :( Okay, that is now done and here is my output from spamassassin -D --lint :- [6992] dbg: logger: adding facilities: all [6992] dbg: logger: logging level is DBG [6992] dbg: generic: SpamAssassin version 3.1.0 [6992] dbg: config: score set 0 chosen. [6992] dbg: util: running in taint mode? no [6992] dbg: dns: is Net::DNS::Resolver available? yes [6992] dbg: dns: Net::DNS version: 0.53 [6992] dbg: dns: name server: 10.0.0.10, family: 2, ipv6: 0 [6992] dbg: diag: perl platform: 5.008007 linux [6992] dbg: diag: module installed: Digest::SHA1, version 2.11 [6992] dbg: diag: module installed: MIME::Base64, version 3.05 [6992] dbg: diag: module installed: HTML::Parser, version 3.48 [6992] dbg: diag: module installed: DB_File, version 1.814 [6992] dbg: diag: module installed: Net::DNS, version 0.53 [6992] dbg: diag: module installed: Net::SMTP, version 2.29 [6992] dbg: diag: module installed: Mail::SPF::Query, version 1.998 [6992] dbg: diag: module installed: IP::Country::Fast, version 309.002 [6992] dbg: diag: module installed: Razor2::Client::Agent, version 2.81 [6992] dbg: diag: module installed: Net::Ident, version 1.20 [6992] dbg: diag: module installed: IO::Socket::INET6, version 2.51 [6992] dbg: diag: module installed: IO::Socket::SSL, version 0.97 [6992] dbg: diag: module installed: Time::HiRes, version 1.82 [6992] dbg: diag: module installed: DBI, version 1.50 [6992] dbg: diag: module installed: Getopt::Long, version 2.35 [6992] dbg: diag: module installed: LWP::UserAgent, version 2.033 [6992] dbg: diag: module installed: HTTP::Date, version 1.46 [6992] dbg: diag: module installed: Archive::Tar, version 1.28 [6992] dbg: diag: module installed: IO::Zlib, version 1.04 [6992] dbg: ignore: using a test message to lint rules [6992] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [6992] dbg: config: read file /etc/mail/spamassassin/init.pre [6992] dbg: config: read file /etc/mail/spamassassin/v310.pre [6992] dbg: config: using "/usr/share/spamassassin" for sys rules pre files [6992] dbg: config: using "/usr/share/spamassassin" for default rules dir [6992] dbg: config: read file /usr/share/spamassassin/10_misc.cf [6992] dbg: config: read file /usr/share/spamassassin/11_gentoo.cf [6992] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf [6992] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf [6992] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf [6992] dbg: config: read file /usr/share/spamassassin/20_compensate.cf [6992] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf [6992] dbg: config: read file /usr/share/spamassassin/20_drugs.cf [6992] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf [6992] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf [6992] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf [6992] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf [6992] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf [6992] dbg: config: read file /usr/share/spamassassin/20_phrases.cf [6992] dbg: config: read file /usr/share/spamassassin/20_porn.cf [6992] dbg: config: read file /usr/share/spamassassin/20_ratware.cf [6992] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf [6992] dbg: config: read file /usr/share/spamassassin/23_bayes.cf [6992] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf [6992] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf [6992] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf [6992] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf [6992] dbg: config: read file /usr/share/spamassassin/25_dcc.cf [6992] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf [6992] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf [6992] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf [6992] dbg: config: read file /usr/share/spamassassin/25_razor2.cf [6992] dbg: config: read file /usr/share/spamassassin/25_replace.cf [6992] dbg: config: read file /usr/share/spamassassin/25_spf.cf [6992] dbg: config: read file /usr/share/spamassassin/25_textcat.cf [6992] dbg: config: read file /usr/share/spamassassin/25_uribl.cf [6992] dbg: config: read file /usr/share/spamassassin/30_text_de.cf [6992] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf [6992] dbg: config: read file /usr/share/spamassassin/30_text_it.cf [6992] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf [6992] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf [6992] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf [6992] dbg: config: read file /usr/share/spamassassin/50_scores.cf [6992] dbg: config: read file /usr/share/spamassassin/60_awl.cf [6992] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf [6992] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf [6992] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf [6992] dbg: config: using "/etc/mail/spamassassin" for site rules dir [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_adult.cf [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum1.cf [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_genlsubj0.cf [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_genlsubj1.cf [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_genlsubj_eng.cf [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_header0.cf [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_header1.cf [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_header_eng.cf [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_highrisk.cf [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_html0.cf [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_html1.cf [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_html_eng.cf [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu0.cf [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu1.cf [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_oem.cf [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_random.cf [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_specific.cf [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_spoof.cf [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_unsub.cf [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_uri0.cf [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_uri1.cf [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_uri_eng.cf [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_whitelist.cf [6992] dbg: config: read file /etc/mail/spamassassin/70_zmi_german.cf [6992] dbg: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf [6992] dbg: config: read file /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf [6992] dbg: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf [6992] dbg: config: read file /etc/mail/spamassassin/antidrug.cf [6992] dbg: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf [6992] dbg: config: read file /etc/mail/spamassassin/local.cf [6992] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf [6992] dbg: config: read file /etc/mail/spamassassin/random.cf [6992] dbg: config: read file /etc/mail/spamassassin/secrets.cf [6992] dbg: config: read file /etc/mail/spamassassin/tripwire.cf [6992] dbg: config: using "/root/.spamassassin" for user state dir [6992] dbg: config: using "/root/.spamassassin/user_prefs" for user prefs file [6992] dbg: config: read file /root/.spamassassin/user_prefs [6992] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [6992] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x82f8584) [6992] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC [6992] dbg: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x918d57c) [6992] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [6992] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x91728c0) [6992] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC [6992] dbg: dcc: network tests on, registering DCC [6992] dbg: plugin: registered Mail::SpamAssassin::Plugin::DCC=HASH(0x918ded8) [6992] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [6992] dbg: pyzor: network tests on, attempting Pyzor [6992] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9190140) [6992] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [6992] dbg: reporter: network tests on, attempting SpamCop [6992] dbg: plugin: registered Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9201604) [6992] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [6992] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x921d7c4) [6992] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [6992] dbg: plugin: registered Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9225c54) [6992] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [6992] dbg: plugin: registered Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9221330) [6992] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [6992] dbg: plugin: registered Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9221f60) [6992] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [6992] dbg: plugin: registered Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x923250c) [6992] dbg: config: adding redirector regex: /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i [6992] dbg: config: adding redirector regex: /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i [6992] dbg: config: adding redirector regex: /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i [6992] dbg: config: adding redirector regex: /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i [6992] dbg: config: adding redirector regex: /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i [6992] dbg: config: adding redirector regex: m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&\#])'i [6992] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i [6992] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x923250c) implements 'finish_parsing_end' [6992] dbg: replacetags: replacing tags [6992] dbg: replacetags: done replacing tags [6992] dbg: config: using "/root/.spamassassin" for user state dir [6992] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_toks [6992] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_seen [6992] dbg: bayes: found bayes db version 3 [6992] dbg: bayes: DB journal sync: last sync: 0 [6992] dbg: config: using "/root/.spamassassin" for user state dir [6992] dbg: bayes: not available for scanning, only 35 spam(s) in bayes DB < 200 [6992] dbg: bayes: untie-ing [6992] dbg: bayes: untie-ing db_toks [6992] dbg: bayes: untie-ing db_seen [6992] dbg: config: score set 1 chosen. [6992] dbg: message: ---- MIME PARSER START ---- [6992] dbg: message: main message type: text/plain [6992] dbg: message: parsing normal part [6992] dbg: message: added part, type: text/plain [6992] dbg: message: ---- MIME PARSER END ---- [6992] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_toks [6992] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_seen [6992] dbg: bayes: found bayes db version 3 [6992] dbg: bayes: DB journal sync: last sync: 0 [6992] dbg: bayes: not available for scanning, only 35 spam(s) in bayes DB < 200 [6992] dbg: bayes: untie-ing [6992] dbg: bayes: untie-ing db_toks [6992] dbg: bayes: untie-ing db_seen [6992] dbg: dns: dns_available set to yes in config file, skipping test [6992] dbg: metadata: X-Spam-Relays-Trusted: [6992] dbg: metadata: X-Spam-Relays-Untrusted: [6992] dbg: message: no encoding detected [6992] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x82f8584) implements 'parsed_metadata' [6992] dbg: uridnsbl: domains to query: [6992] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl-notfirsthop [6992] dbg: dns: checking RBL sa-accredit.habeas.com., set habeas-firsttrusted [6992] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl [6992] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-untrusted [6992] dbg: dns: checking RBL combined.njabl.org., set njabl-notfirsthop [6992] dbg: dns: checking RBL combined.njabl.org., set njabl [6992] dbg: dns: checking RBL combined-HIB.dnsiplists.completewhois.com., set whois [6992] dbg: dns: checking RBL list.dsbl.org., set dsbl-notfirsthop [6992] dbg: dns: checking RBL bl.spamcop.net., set spamcop [6992] dbg: dns: checking RBL sa-trusted.bondedsender.org., set bsp-firsttrusted [6992] dbg: dns: checking RBL combined-HIB.dnsiplists.completewhois.com., set whois-notfirsthop [6992] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-notfirsthop [6992] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs [6992] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted [6992] dbg: check: running tests for priority: 0 [6992] dbg: rules: running header regexp tests; score so far=0 [6992] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [6992] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1147807803@lint_rules> [6992] dbg: rules: " [6992] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@lint_rules>" [6992] dbg: rules: ran header rule NO_REAL_NAME ======> got hit: "ignore@compiling.spamassassin.taint.org [6992] dbg: rules: " [6992] dbg: rules: ran header rule __SARE_WHITELIST_FLAG ======> got hit: "i" [6992] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1147807803" [6992] dbg: plugin: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x918d57c)) [6992] dbg: plugin: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x91728c0)) [6992] dbg: spf: message was delivered entirely via trusted relays, not required [6992] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org [6992] dbg: plugin: registering glue method for check_subject_in_blacklist (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x922 1330)) [6992] dbg: plugin: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x918d57c)) [6992] dbg: eval: all '*To' addrs: [6992] dbg: plugin: registering glue method for check_for_spf_neutral (Mail::SpamAssassin::Plugin::SPF=HASH(0x91728c0)) [6992] dbg: spf: message was delivered entirely via trusted relays, not required [6992] dbg: plugin: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x91728c0)) [6992] dbg: rules: ran eval rule NO_RELAYS ======> got hit [6992] dbg: plugin: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x91728c0)) [6992] dbg: plugin: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x91728c0)) [6992] dbg: plugin: registering glue method for check_for_def_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0x91728c0)) [6992] dbg: spf: cannot get Envelope-From, cannot use SPF [6992] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender [6992] dbg: plugin: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x91728c0)) [6992] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit [6992] dbg: plugin: registering glue method for check_subject_in_whitelist(Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x922 1330)) [6992]dbg: rules: ran eval rule MISSING_HEADERS ======> got hit [6992] dbg: plugin: registering glue method for check_for_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0x91728c0)) [6992] dbg: spf: spf_whitelist_from: could not find useable envelope sender [6992] dbg: rules: running body-text per-line regexp tests; score so far=0.738 [6992] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" [6992] dbg: uri: running uri tests; score so far=0.738 [6992] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_toks [6992] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_seen [6992] dbg: bayes: found bayes db version 3 [6992] dbg: bayes: DB journal sync: last sync: 0 [6992] dbg: bayes: not available for scanning, only 35 spam(s) in bayes DB < 200 [6992] dbg: bayes: not scoring message, returning undef [6992] dbg: bayes: DB expiry: tokens in DB: 3511, Expiry max size: 150000, Oldest atime: 1146840893, Newest atime: 1147796074, Last expire: 0, Current time: 1147807806 [6992] dbg: bayes: DB journal sync: last sync: 0 [6992] dbg: bayes: untie-ing [6992] dbg: bayes: untie-ing db_toks [6992] dbg: bayes: untie-ing db_seen [6992] dbg: plugin: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x82f8584)) [6992] dbg: rules: running raw-body-text per-line regexp tests; score so far=0.738 [6992] dbg: rules: running full-text regexp tests; score so far=0.738 [6992] dbg: plugin: registering glue method for check_pyzor (Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9190140)) [6992] dbg: pyzor: pyzor is available: /usr/bin/pyzor [6992] dbg: info: entering helper-app run mode [6992] dbg: pyzor: opening pipe: /usr/bin/pyzor check < /tmp/.spamassassin6992cB4lOEtmp [6994] dbg: util: setuid: ruid=0 euid=0 [6992] dbg: pyzor: [6994] finished: exit=0x0100 [6992] dbg: pyzor: got response: 66.250.40.33:24441_(200, 'OK')_0_0 [6992] dbg: info: leaving helper-app run mode [6992] dbg: plugin: registering glue method for check_dcc (Mail::SpamAssassin::Plugin::DCC=HASH(0x918ded8)) [6992] dbg: dcc: dccifd is not available: no r/w dccifd socket found [6992] dbg: dcc: dccproc is not available: no dccproc executable found [6992] dbg: dcc: dccifd and dccproc are not available, disabling DCC [6992] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x82f8584) implements 'check_tick' [6992] dbg: check: running tests for priority: 500 [6992] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x82f8584) implements 'check_post_dnsbl' [6992] dbg: rules: running meta tests; score so far=0.738 [6992] dbg: rules: running header regexp tests; score so far=2.216 [6992] dbg: rules: running body-text per-line regexp tests; score so far=2.216 [6992] dbg: uri: running uri tests; score so far=2.216 [6992] dbg: rules: running raw-body-text per-line regexp tests; score so far=2.216 [6992] dbg: rules: running full-text regexp tests; score so far=2.216 [6992] dbg: check: running tests for priority: 1000 [6992] dbg: rules: running meta tests; score so far=2.216 [6992] dbg: rules: running header regexp tests; score so far=2.216 [6992] dbg: plugin: registering glue method for check_from_in_auto_whitelist (Mail::SpamAssassin::Plugin::AWL=HASH(0x921d7c4)) [6992] dbg: rules: running body-text per-line regexp tests; score so far=2.216 [6992] dbg: uri: running uri tests; score so far=2.216 [6992] dbg: rules: running raw-body-text per-line regexp tests; score so far=2.216 [6992] dbg: rules: running full-text regexp tests; score so far=2.216 [6992] dbg: check: is spam? score=2.216 required=5 [6992] dbg: check: tests=MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE [6992] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__SARE_WHITELIST_FLAG,__UN US Thank your your help. Any comments gratefully appreciated. And apologies if this post is not etiquette. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ka at pacific.net Tue May 16 19:50:52 2006 From: ka at pacific.net (Ken A) Date: Tue May 16 19:47:04 2006 Subject: connection refused by 127.0.0.1 In-Reply-To: References: Message-ID: <446A1F0C.9020801@pacific.net> > connection refused You may need to edit sendmail.mc There should be a line like so: DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl That tells sendmail to listen on all addresses (including loopback), assuming that is what you want. Then 'make -C /etc/mail' Some spammers do set an MX to 127.0.0.1, and you'll inherit these 'mail loops back to me' errors, but that's just a minor annoyance. You need to be able to accept root cron mail and other important local notices. See http://rfc-ignorant.org/policy-dsn.php for some solutions. Ken A Pacific.Net JD Doelitzsch wrote: > Yes you assumed right, I am using sendmail, would opening the loopback be a > security issue considering what Kevin miller said? > > thanks for the info. > > -JD > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Doc > Schneider > Sent: Monday, May 15, 2006 1:26 PM > To: MailScanner discussion > Subject: Re: connection refused by 127.0.0.1 > > > JD Doelitzsch wrote: >> Im getting alot of messages filling up my logs with status deferred >> connection refused by 127.0.0.1 why would MS send to its loopback? and why >> wouldn't it accept it? >> >> -JD >> >> > > You need to add 127.0.0.1 to your access file: > > 127.0.0.1 (needs a tab) OK > > Then make in your /etc/mail directory. > > This is presuming you're using sendmail. > > -- > -Doc > Lincoln, NE. > http://www.genealogyforyou.com/ > http://www.cairnproductions.com/ > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > From Kevin_Miller at ci.juneau.ak.us Tue May 16 20:02:44 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue May 16 20:02:56 2006 Subject: connection refused by 127.0.0.1 Message-ID: It was pre-MailScanner days. Can't remember what I was running back then, but it was a lot dumber than sendmail and MailScanner. Anyway, the message came in, and the system either was replying to an unknown user, or was bouncing spam - can't remember which. Seems like back in those days there was a lot less forging going on and a lot more spam bouncing. Anyway, the system got the mail, decided to return it, replying to spammer@funkydomain.com. funkydomain.com's MX resolved to 127.0.0.1, so the braindead system I was running contacted itself, accepted the mail, noticed that it didn't have a valid user named spammer@funkydomain.com so sent an NDR, which went to itself, it replied again, etc. Eventually it ran out of disk space. It was really obvious what the domain name was as all the messages were addressed to it. Kinda funny looking back at it. I just pulled the network cable, cleaned out the queues, blacklisted the sending domain and restarted. It wasn't long after that that I began looking around for a new system! After I sent my reply yesterday I got to thinking that this probably wasn't your trouble, as modern MTAs are smarter than that and will detect a mail loop after a few iterations. FWIW, the offending domain was demolish.com (managed by bluegravity.com), and nomail.bluegravity.com. Doing a quick dig in Sam Spade shows that nomail.bluegravity.com is still blackholed. They've earned a permanent blacklisting in my access file: Dig nomail.bluegravity.com@ns2.bluegravity.com (64.57.64.3) ... Query for nomail.bluegravity.com type=255 class=1 nomail.bluegravity.com A (Address) 127.0.0.1 bluegravity.com NS (Nameserver) ns1.bluegravity.com bluegravity.com NS (Nameserver) ns2.bluegravity.com ns1.bluegravity.com A (Address) 64.57.64.2 ns2.bluegravity.com A (Address) 64.57.64.3 ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of JD Doelitzsch Sent: Tuesday, May 16, 2006 10:24 AM To: MailScanner discussion Subject: RE: connection refused by 127.0.0.1 Wow thats pretty interesting, how did you find that out?? did you have to go to all of the domains listed in the messages? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Kevin Miller Sent: Monday, May 15, 2006 1:25 PM To: MailScanner discussion Subject: RE: connection refused by 127.0.0.1 JD Doelitzsch wrote: > Im getting alot of messages filling up my logs with status deferred > connection refused by 127.0.0.1 why would MS send to its loopback? > and why wouldn't it accept it? > > -JD Don't know if it's the case here, but check the domain. I had a case some time ago where the spammer had a MX records in their DNS that resolved to 127.0.0.1 so any reply mail/bounces, etc. would never leave the server. Pretty sleazy. I blacklisted the domain in sendmail's access table. May be something similar going on here... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Tue May 16 20:21:23 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 16 20:22:15 2006 Subject: SA Scoring In-Reply-To: <20060516193627.0f51ea29@cyborg> References: <2752399fba2ea14b8101d76722a43faf@splatnix.net> <446A13E8.9050908@evi-inc.com> <20060516193627.0f51ea29@cyborg> Message-ID: --[UxBoD]-- spake the following on 5/16/2006 12:36 PM: > Hi, > > oops, no I didnt have it enabled ! :( Okay, that is now done and here is my output from spamassassin -D --lint :- > > [6992] dbg: logger: adding facilities: all > [6992] dbg: logger: logging level is DBG > [6992] dbg: generic: SpamAssassin version 3.1.0 > [6992] dbg: config: score set 0 chosen. > [6992] dbg: util: running in taint mode? no > [6992] dbg: dns: is Net::DNS::Resolver available? yes > [6992] dbg: dns: Net::DNS version: 0.53 > [6992] dbg: dns: name server: 10.0.0.10, family: 2, ipv6: 0 > [6992] dbg: diag: perl platform: 5.008007 linux > [6992] dbg: diag: module installed: Digest::SHA1, version 2.11 > [6992] dbg: diag: module installed: MIME::Base64, version 3.05 > [6992] dbg: diag: module installed: HTML::Parser, version 3.48 > [6992] dbg: diag: module installed: DB_File, version 1.814 > [6992] dbg: diag: module installed: Net::DNS, version 0.53 > [6992] dbg: diag: module installed: Net::SMTP, version 2.29 > [6992] dbg: diag: module installed: Mail::SPF::Query, version 1.998 > [6992] dbg: diag: module installed: IP::Country::Fast, version 309.002 > [6992] dbg: diag: module installed: Razor2::Client::Agent, version 2.81 > [6992] dbg: diag: module installed: Net::Ident, version 1.20 > [6992] dbg: diag: module installed: IO::Socket::INET6, version 2.51 > [6992] dbg: diag: module installed: IO::Socket::SSL, version 0.97 > [6992] dbg: diag: module installed: Time::HiRes, version 1.82 > [6992] dbg: diag: module installed: DBI, version 1.50 > [6992] dbg: diag: module installed: Getopt::Long, version 2.35 > [6992] dbg: diag: module installed: LWP::UserAgent, version 2.033 > [6992] dbg: diag: module installed: HTTP::Date, version 1.46 > [6992] dbg: diag: module installed: Archive::Tar, version 1.28 > [6992] dbg: diag: module installed: IO::Zlib, version 1.04 > [6992] dbg: ignore: using a test message to lint rules > [6992] dbg: config: using "/etc/mail/spamassassin" for site rules pre files > [6992] dbg: config: read file /etc/mail/spamassassin/init.pre > [6992] dbg: config: read file /etc/mail/spamassassin/v310.pre > [6992] dbg: config: using "/usr/share/spamassassin" for sys rules pre files > [6992] dbg: config: using "/usr/share/spamassassin" for default rules dir > [6992] dbg: config: read file /usr/share/spamassassin/10_misc.cf > [6992] dbg: config: read file /usr/share/spamassassin/11_gentoo.cf > [6992] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf > [6992] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf > [6992] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf > [6992] dbg: config: read file /usr/share/spamassassin/20_compensate.cf > [6992] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf > [6992] dbg: config: read file /usr/share/spamassassin/20_drugs.cf > [6992] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf > [6992] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf > [6992] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf > [6992] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf > [6992] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf > [6992] dbg: config: read file /usr/share/spamassassin/20_phrases.cf > [6992] dbg: config: read file /usr/share/spamassassin/20_porn.cf > [6992] dbg: config: read file /usr/share/spamassassin/20_ratware.cf > [6992] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf > [6992] dbg: config: read file /usr/share/spamassassin/23_bayes.cf > [6992] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf > [6992] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf > [6992] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf > [6992] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf > [6992] dbg: config: read file /usr/share/spamassassin/25_dcc.cf > [6992] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf > [6992] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf > [6992] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf > [6992] dbg: config: read file /usr/share/spamassassin/25_razor2.cf > [6992] dbg: config: read file /usr/share/spamassassin/25_replace.cf > [6992] dbg: config: read file /usr/share/spamassassin/25_spf.cf > [6992] dbg: config: read file /usr/share/spamassassin/25_textcat.cf > [6992] dbg: config: read file /usr/share/spamassassin/25_uribl.cf > [6992] dbg: config: read file /usr/share/spamassassin/30_text_de.cf > [6992] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf > [6992] dbg: config: read file /usr/share/spamassassin/30_text_it.cf > [6992] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf > [6992] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf > [6992] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf > [6992] dbg: config: read file /usr/share/spamassassin/50_scores.cf > [6992] dbg: config: read file /usr/share/spamassassin/60_awl.cf > [6992] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf > [6992] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf > [6992] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf > [6992] dbg: config: using "/etc/mail/spamassassin" for site rules dir > [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_adult.cf > [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf > [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf > [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum1.cf > [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_genlsubj0.cf > [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_genlsubj1.cf > [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_genlsubj_eng.cf > [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_header0.cf > [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_header1.cf > [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_header_eng.cf > [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_highrisk.cf > [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_html0.cf > [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_html1.cf > [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_html_eng.cf > [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu0.cf > [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu1.cf > [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_oem.cf > [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_random.cf > [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_specific.cf > [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_spoof.cf > [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_unsub.cf > [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_uri0.cf > [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_uri1.cf > [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_uri_eng.cf > [6992] dbg: config: read file /etc/mail/spamassassin/70_sare_whitelist.cf > [6992] dbg: config: read file /etc/mail/spamassassin/70_zmi_german.cf > [6992] dbg: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf > [6992] dbg: config: read file /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf > [6992] dbg: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf > [6992] dbg: config: read file /etc/mail/spamassassin/antidrug.cf > [6992] dbg: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf > [6992] dbg: config: read file /etc/mail/spamassassin/local.cf > [6992] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf > [6992] dbg: config: read file /etc/mail/spamassassin/random.cf > [6992] dbg: config: read file /etc/mail/spamassassin/secrets.cf > [6992] dbg: config: read file /etc/mail/spamassassin/tripwire.cf > [6992] dbg: config: using "/root/.spamassassin" for user state dir > [6992] dbg: config: using "/root/.spamassassin/user_prefs" for user prefs file > [6992] dbg: config: read file /root/.spamassassin/user_prefs > [6992] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC > [6992] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x82f8584) > [6992] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC > [6992] dbg: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x918d57c) > [6992] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > [6992] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x91728c0) > [6992] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC > [6992] dbg: dcc: network tests on, registering DCC > [6992] dbg: plugin: registered Mail::SpamAssassin::Plugin::DCC=HASH(0x918ded8) > [6992] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC > [6992] dbg: pyzor: network tests on, attempting Pyzor > [6992] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9190140) > [6992] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC > [6992] dbg: reporter: network tests on, attempting SpamCop > [6992] dbg: plugin: registered Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9201604) > [6992] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC > [6992] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x921d7c4) > [6992] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC > [6992] dbg: plugin: registered Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9225c54) > [6992] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC > [6992] dbg: plugin: registered Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9221330) > [6992] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC > [6992] dbg: plugin: registered Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9221f60) > [6992] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC > [6992] dbg: plugin: registered Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x923250c) > [6992] dbg: config: adding redirector regex: /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i > [6992] dbg: config: adding redirector regex: /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i > [6992] dbg: config: adding redirector regex: /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i > [6992] dbg: config: adding redirector regex: /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i > [6992] dbg: config: adding redirector regex: /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i > [6992] dbg: config: adding redirector regex: m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&\#])'i > [6992] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i > [6992] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x923250c) implements 'finish_parsing_end' > [6992] dbg: replacetags: replacing tags > [6992] dbg: replacetags: done replacing tags > [6992] dbg: config: using "/root/.spamassassin" for user state dir > [6992] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_toks > [6992] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_seen > [6992] dbg: bayes: found bayes db version 3 > [6992] dbg: bayes: DB journal sync: last sync: 0 > [6992] dbg: config: using "/root/.spamassassin" for user state dir > [6992] dbg: bayes: not available for scanning, only 35 spam(s) in bayes DB < 200 > [6992] dbg: bayes: untie-ing > [6992] dbg: bayes: untie-ing db_toks > [6992] dbg: bayes: untie-ing db_seen > [6992] dbg: config: score set 1 chosen. > [6992] dbg: message: ---- MIME PARSER START ---- > [6992] dbg: message: main message type: text/plain > [6992] dbg: message: parsing normal part > [6992] dbg: message: added part, type: text/plain > [6992] dbg: message: ---- MIME PARSER END ---- > [6992] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_toks > [6992] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_seen > [6992] dbg: bayes: found bayes db version 3 > [6992] dbg: bayes: DB journal sync: last sync: 0 > [6992] dbg: bayes: not available for scanning, only 35 spam(s) in bayes DB < 200 > [6992] dbg: bayes: untie-ing > [6992] dbg: bayes: untie-ing db_toks > [6992] dbg: bayes: untie-ing db_seen > [6992] dbg: dns: dns_available set to yes in config file, skipping test > [6992] dbg: metadata: X-Spam-Relays-Trusted: > [6992] dbg: metadata: X-Spam-Relays-Untrusted: > [6992] dbg: message: no encoding detected > [6992] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x82f8584) implements 'parsed_metadata' > [6992] dbg: uridnsbl: domains to query: > [6992] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl-notfirsthop > [6992] dbg: dns: checking RBL sa-accredit.habeas.com., set habeas-firsttrusted > [6992] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl > [6992] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-untrusted > [6992] dbg: dns: checking RBL combined.njabl.org., set njabl-notfirsthop > [6992] dbg: dns: checking RBL combined.njabl.org., set njabl > [6992] dbg: dns: checking RBL combined-HIB.dnsiplists.completewhois.com., set whois > [6992] dbg: dns: checking RBL list.dsbl.org., set dsbl-notfirsthop > [6992] dbg: dns: checking RBL bl.spamcop.net., set spamcop > [6992] dbg: dns: checking RBL sa-trusted.bondedsender.org., set bsp-firsttrusted > [6992] dbg: dns: checking RBL combined-HIB.dnsiplists.completewhois.com., set whois-notfirsthop > [6992] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-notfirsthop > [6992] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs > [6992] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted > [6992] dbg: check: running tests for priority: 0 > [6992] dbg: rules: running header regexp tests; score so far=0 > [6992] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" > [6992] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1147807803@lint_rules> > [6992] dbg: rules: " > [6992] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@lint_rules>" > [6992] dbg: rules: ran header rule NO_REAL_NAME ======> got hit: "ignore@compiling.spamassassin.taint.org > [6992] dbg: rules: " > [6992] dbg: rules: ran header rule __SARE_WHITELIST_FLAG ======> got hit: "i" > [6992] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1147807803" > [6992] dbg: plugin: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x918d57c)) > [6992] dbg: plugin: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x91728c0)) > [6992] dbg: spf: message was delivered entirely via trusted relays, not required > [6992] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org > [6992] dbg: plugin: registering glue method for check_subject_in_blacklist > (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x922 1330)) [6992] > dbg: plugin: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x918d57c)) [6992] dbg: eval: all '*To' > addrs: [6992] dbg: plugin: registering glue method for check_for_spf_neutral (Mail::SpamAssassin::Plugin::SPF=HASH(0x91728c0)) > [6992] dbg: spf: message was delivered entirely via trusted relays, not required > [6992] dbg: plugin: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x91728c0)) > [6992] dbg: rules: ran eval rule NO_RELAYS ======> got hit > [6992] dbg: plugin: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x91728c0)) > [6992] dbg: plugin: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x91728c0)) > [6992] dbg: plugin: registering glue method for check_for_def_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0x91728c0)) > [6992] dbg: spf: cannot get Envelope-From, cannot use SPF > [6992] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender > [6992] dbg: plugin: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x91728c0)) > [6992] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit > [6992] dbg: plugin: registering glue method for check_subject_in_whitelist(Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x922 1330)) [6992]dbg: rules: ran eval rule MISSING_HEADERS ======> got hit [6992] dbg: plugin: registering glue method for check_for_spf_whitelist_from > (Mail::SpamAssassin::Plugin::SPF=HASH(0x91728c0)) [6992] dbg: spf: spf_whitelist_from: could not find useable envelope sender > [6992] dbg: rules: running body-text per-line regexp tests; score so far=0.738 > [6992] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" > [6992] dbg: uri: running uri tests; score so far=0.738 > [6992] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_toks > [6992] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_seen > [6992] dbg: bayes: found bayes db version 3 > [6992] dbg: bayes: DB journal sync: last sync: 0 > [6992] dbg: bayes: not available for scanning, only 35 spam(s) in bayes DB < 200 > [6992] dbg: bayes: not scoring message, returning undef Consider a starter database for bayes unless you have enough volume to train yours. And is your bayes db in /root/.spamassassin? > [6992] dbg: bayes: DB expiry: tokens in DB: 3511, Expiry max size: 150000, Oldest atime: 1146840893, Newest atime: 1147796074, > Last expire: 0, Current time: 1147807806 [6992] dbg: bayes: DB journal > sync: last sync: 0 [6992] dbg: bayes: untie-ing > [6992] dbg: bayes: untie-ing db_toks > [6992] dbg: bayes: untie-ing db_seen > [6992] dbg: plugin: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x82f8584)) > [6992] dbg: rules: running raw-body-text per-line regexp tests; score so far=0.738 > [6992] dbg: rules: running full-text regexp tests; score so far=0.738 > [6992] dbg: plugin: registering glue method for check_pyzor (Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9190140)) > [6992] dbg: pyzor: pyzor is available: /usr/bin/pyzor > [6992] dbg: info: entering helper-app run mode > [6992] dbg: pyzor: opening pipe: /usr/bin/pyzor check < /tmp/.spamassassin6992cB4lOEtmp > [6994] dbg: util: setuid: ruid=0 euid=0 > [6992] dbg: pyzor: [6994] finished: exit=0x0100 > [6992] dbg: pyzor: got response: 66.250.40.33:24441_(200, 'OK')_0_0 > [6992] dbg: info: leaving helper-app run mode > [6992] dbg: plugin: registering glue method for check_dcc (Mail::SpamAssassin::Plugin::DCC=HASH(0x918ded8)) > [6992] dbg: dcc: dccifd is not available: no r/w dccifd socket found > [6992] dbg: dcc: dccproc is not available: no dccproc executable found > [6992] dbg: dcc: dccifd and dccproc are not available, disabling DCC No DCC? > [6992] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x82f8584) implements 'check_tick' > [6992] dbg: check: running tests for priority: 500 > [6992] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x82f8584) implements 'check_post_dnsbl' > [6992] dbg: rules: running meta tests; score so far=0.738 > [6992] dbg: rules: running header regexp tests; score so far=2.216 > [6992] dbg: rules: running body-text per-line regexp tests; score so far=2.216 > [6992] dbg: uri: running uri tests; score so far=2.216 > [6992] dbg: rules: running raw-body-text per-line regexp tests; score so far=2.216 > [6992] dbg: rules: running full-text regexp tests; score so far=2.216 > [6992] dbg: check: running tests for priority: 1000 > [6992] dbg: rules: running meta tests; score so far=2.216 > [6992] dbg: rules: running header regexp tests; score so far=2.216 > [6992] dbg: plugin: registering glue method for check_from_in_auto_whitelist (Mail::SpamAssassin::Plugin::AWL=HASH(0x921d7c4)) > [6992] dbg: rules: running body-text per-line regexp tests; score so far=2.216 > [6992] dbg: uri: running uri tests; score so far=2.216 > [6992] dbg: rules: running raw-body-text per-line regexp tests; score so far=2.216 > [6992] dbg: rules: running full-text regexp tests; score so far=2.216 > [6992] dbg: check: is spam? score=2.216 required=5 > [6992] dbg: check: tests=MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE > [6992] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__SARE_WHITELIST_FLAG,__UN > US > > Thank your your help. Any comments gratefully appreciated. And apologies if this post is not etiquette. > Your earlier post says you are using DCC, but spamassassin isn't using it, or is having a problem. You also need to get 200 ham and spam messages through bayes before it will score. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From maillists at conactive.com Tue May 16 20:26:55 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue May 16 20:26:44 2006 Subject: Resend archived mail In-Reply-To: <20060516121030.B39217@mikea.ath.cx> References: <4469F449.7050803@katy.com> <20060516121030.B39217@mikea.ath.cx> Message-ID: Mikea wrote on Tue, 16 May 2006 12:10:30 -0500: > I think that the ? is a match-anything placeholder, 1-character wide, > in the operand of his `ls` command. I see, I overlooked that, it displayed so terribly broken here that I thought it's output from ls, not input. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Tue May 16 20:26:55 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue May 16 20:26:48 2006 Subject: Best Way to Control Relaying? In-Reply-To: <44695777.7080907@nkpanama.com> References: <00f001c674d3$12142770$3004010a@martinhlaptop> <014f01c674d7$d0d97260$23c051cb@noc> <44634ED6.1040600@nkpanama.com> <004801c6757b$bebf67c0$23c051cb@noc> <4464D1B5.8090509@nkpanama.com> <44695777.7080907@nkpanama.com> Message-ID: Alex, I sent you a short answer off-list. However, your mailer seems to be misconfigured or your milter or what you use is misbehaving. It thinks my mailer doesn't have reverse DNS set although it has. FYI. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mailscanner at wealdclose.co.uk Tue May 16 20:57:13 2006 From: mailscanner at wealdclose.co.uk (Kristian Shaw) Date: Tue May 16 20:58:35 2006 Subject: MCP broken? References: <4469CF42.8050100@USherbrooke.ca> <4469DB91.1030200@USherbrooke.ca> Message-ID: <003301c67922$ed2965c0$050a780a@defiant> Hello, I had a similar problem about a year ago and used to patch the code to work around. The 'Deliver' action got lost and messages were blackholed. Since then, it has been possible to change the mcp/spam checking order which resolved the issue for me. Try setting: First Check = spam Regards, Kris ----- Original Message ----- From: "Denis Beauchemin" To: "MailScanner discussion" Sent: Tuesday, May 16, 2006 3:02 PM Subject: Re: MCP broken? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Tue May 16 21:06:04 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 16 21:06:24 2006 Subject: (no subject) In-Reply-To: References: Message-ID: <446A30AC.8030608@ecs.soton.ac.uk> JD Doelitzsch wrote: > Also, You guys are great. The support I get from you guys beats anything. I > feel like im part of a happy family. Or is that the drugs? > It's not the drugs. The guys here really are great. You folks, consider yourself patted on the back. :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From jstevens at athensdistributing.com Tue May 16 21:39:46 2006 From: jstevens at athensdistributing.com (James R. Stevens) Date: Tue May 16 21:39:53 2006 Subject: install-Clam-SA Message-ID: <1A65E6BAEADF9B4F865314484A13ECF10F8E19@atlas.athensdistributing.com> Upgrading our clam version as well and cant remember what MailScanner uses. Does clamd need to be running for MailScanner to us it and stats to grow in MailWatch? Does MailScanner use clamscan and not need anything else but the definition files updated via freashclam? I cant find the clamd.conf MANUAL anywhere. -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. From mkettler at evi-inc.com Tue May 16 21:50:26 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue May 16 21:50:38 2006 Subject: install-Clam-SA In-Reply-To: <1A65E6BAEADF9B4F865314484A13ECF10F8E19@atlas.athensdistributing.com> References: <1A65E6BAEADF9B4F865314484A13ECF10F8E19@atlas.athensdistributing.com> Message-ID: <446A3B12.6050804@evi-inc.com> James R. Stevens wrote: > > Upgrading our clam version as well and cant remember what MailScanner > uses. > > Does clamd need to be running for MailScanner to us it and stats to grow > in MailWatch? > Does MailScanner use clamscan and not need anything else but the > definition files updated via freashclam? > > I cant find the clamd.conf MANUAL anywhere. MailScanner doesn't use clamd. It either uses clamscan or it uses the perl API, depending on which way you configure clamav in MailScanner.conf. There are two different options for clamav you can declare in the "Virus Scanners" statement: clamav = use clamscan clamavmodule = use Mail::ClamAV perl API From sandrews at andrewscompanies.com Tue May 16 21:53:27 2006 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Tue May 16 21:53:31 2006 Subject: install-Clam-SA Message-ID: <1964AAFBC212F742958F9275BF63DBB039A5C2@winchester.andrewscompanies.com> This is what I have in our MailScanner.conf Virus Scanners = clamav Stats work normally in MailWatch. Freshclam keeps it updated; I'm pretty sure that's built into install-Clam-SA package as well. I do believe you have to update freshclam.conf http://www.clamav.net/faq.html#pagestart How many times per hour shall I run freshclam? If you are running ClamAV 0.7x do NOT check more often than once per hour. If you are running ClamAV 0.8x or later, you can check for database update as often as 4 times per hour provided that you have the following options in freshclam.conf: DNSDatabaseInfo current.cvd.clamav.net DatabaseMirror db.XY.clamav.net DatabaseMirror database.clamav.net Replace XY with your country code. If you don't have that option, then you must stick with 1 check per hour. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of James R. Stevens Sent: Tuesday, May 16, 2006 4:40 PM To: MailScanner discussion Subject: install-Clam-SA Upgrading our clam version as well and cant remember what MailScanner uses. Does clamd need to be running for MailScanner to us it and stats to grow in MailWatch? Does MailScanner use clamscan and not need anything else but the definition files updated via freashclam? I cant find the clamd.conf MANUAL anywhere. -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From uxbod at splatnix.net Tue May 16 23:09:24 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Tue May 16 22:10:36 2006 Subject: SA Scoring In-Reply-To: References: <2752399fba2ea14b8101d76722a43faf@splatnix.net> <446A13E8.9050908@evi-inc.com> <20060516193627.0f51ea29@cyborg> Message-ID: <20060516220924.5ffb3fc8@cyborg> Hi Scott, oops again, upgraded DCC and was using wrong path :( with respect to the bayes database yes I am using root. Should it be held under the postfix account ? Also, where can I get I pre-learnt bayes database from as in mine I only have 34 spam/ham messages :( Thanks, Phil -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From john at katy.com Tue May 16 22:58:10 2006 From: john at katy.com (John Schmerold) Date: Tue May 16 22:58:08 2006 Subject: Resend archived mail In-Reply-To: <4469F449.7050803@katy.com> References: <4469F449.7050803@katy.com> Message-ID: <446A4AF2.50608@katy.com> Turns out the answer to the fundamental question is: you need to copy to mqueue.in: cp -p /var/spool/MailScanner/quarantine/20051101/20060516/?fk4GLVKel032053 /var/spool/mqueue.in I'm hoping to whip up a script that looks for the domain in the q file, then copies q & f file to /var/spool/mqueue.in I sure wish FoxPro worked on my Centos box :-( John Schmerold wrote: > We had a sad story this morning. Long story short, I need to resend > all archived emails addressed to one domain and archived. We are using > Sendmail. If memory serves all we need to do is copy the archived > message into mqueue like so: > cp -p > /var/spool/MailScanner/quarantine/20051101/20051111/?fjABMN7KU009599 > /var/spool/mqueue > > It's been 15 minutes or so & the emails have not budged from mqueue: > [root@mx1 root]# ls -al > /var/spool/MailScanner/quarantine/20051101/20060516/?fk4GF081P020699 > -rw-rw---- 1 root root 1085 May 16 10:00 > /var/spool/MailScanner/quarantine/20051101/20060516/dfk4GF081P020699 > -rw-rw---- 1 root root 3143 May 16 10:00 > /var/spool/MailScanner/quarantine/20051101/20060516/qfk4GF081P020699 > [root@mx1 root]# ls -al /var/spool/mqueue/?fk4GF081P020699 > -rw-rw---- 1 root root 1085 May 16 10:00 > /var/spool/mqueue/dfk4GF081P020699 > -rw-rw---- 1 root root 3143 May 16 10:00 > /var/spool/mqueue/qfk4GF081P020699 > > > Two questions: > 1. What am I missing? > > 2. Does any dear soul have a script they'd care to share with the > group to re-deliver all emails sent to example.com ? > Perhaps something as simple as: > dosomething $(grep -ril "@katy.com" > /var/spool/MailScanner/quarantine/20051101/20060516/qfk4GF081P020699 ) > > TIA -- John Schmerold Katy Computer & Wireless 20 Meramec Station Rd Valley Park MO 63088 636-861-6900 v 775-227-6947 f From ssilva at sgvwater.com Tue May 16 23:08:00 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 16 23:08:30 2006 Subject: SA Scoring In-Reply-To: <20060516220924.5ffb3fc8@cyborg> References: <2752399fba2ea14b8101d76722a43faf@splatnix.net> <446A13E8.9050908@evi-inc.com> <20060516193627.0f51ea29@cyborg> <20060516220924.5ffb3fc8@cyborg> Message-ID: --[UxBoD]-- spake the following on 5/16/2006 3:09 PM: > Hi Scott, > > oops again, upgraded DCC and was using wrong path :( with respect to the bayes database yes I am using root. Should it be held under the postfix > account ? Also, where can I get I pre-learnt bayes database from as in mine I only have 34 spam/ham messages :( > > Thanks, > > Phil > The database seems accessible where it is, so it is working OK. As for a starter database, you can go to http://www.fsl.com/support.html It should get your bayes working right away. It will still take time to build accuracy, but should get you started. The Fort Systems site also has a good RulesDuJour starter package. Their staff are frequent contributors to MailScanner, and Julian also works with them. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From alex at nkpanama.com Tue May 16 23:21:47 2006 From: alex at nkpanama.com (Alex Neuman) Date: Tue May 16 23:22:11 2006 Subject: Mail disaster - semi-new system In-Reply-To: References: <44695220.3080506@whidbey.com> <4469F209.3050108@nkpanama.com> Message-ID: <446A507B.8070507@nkpanama.com> Kai Schaetzl escribi?: > Yepp, and all of them can't be fixed with a firewall. > And that's one of the things I need to explain to people when they give me the standard "we have a firewall" answer, in a "we don't have a problem" tone, when they need to fix whatever the hell's wrong with their network, from open proxies to compromised machines being used to DDOS/spam/joe-job one of my clients. From uxbod at splatnix.net Wed May 17 00:22:01 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Tue May 16 23:23:02 2006 Subject: SA Scoring In-Reply-To: References: <2752399fba2ea14b8101d76722a43faf@splatnix.net> <446A13E8.9050908@evi-inc.com> <20060516193627.0f51ea29@cyborg> <20060516220924.5ffb3fc8@cyborg> Message-ID: <20060516232201.756f0c4a@cyborg> Thank you. Will setup a few honeypot accounts aswell to populate the database. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Tue May 16 23:26:08 2006 From: alex at nkpanama.com (Alex Neuman) Date: Tue May 16 23:26:37 2006 Subject: Best Way to Control Relaying? In-Reply-To: References: <00f001c674d3$12142770$3004010a@martinhlaptop> <014f01c674d7$d0d97260$23c051cb@noc> <44634ED6.1040600@nkpanama.com> <004801c6757b$bebf67c0$23c051cb@noc> <4464D1B5.8090509@nkpanama.com> <44695777.7080907@nkpanama.com> Message-ID: <446A5180.4040007@nkpanama.com> Kai Schaetzl escribi?: > Alex, I sent you a short answer off-list. However, your mailer seems to be > misconfigured or your milter or what you use is misbehaving. It thinks my > mailer doesn't have reverse DNS set although it has. FYI. > > Kai > > Fixed... thanks... From alex at nkpanama.com Tue May 16 23:44:33 2006 From: alex at nkpanama.com (Alex Neuman) Date: Tue May 16 23:44:51 2006 Subject: Best Way to Control Relaying? In-Reply-To: <3b85c513756f3cbe5162f8b4599c5e84@ucsc.edu> References: <00f001c674d3$12142770$3004010a@martinhlaptop> <014f01c674d7$d0d97260$23c051cb@noc> <44634ED6.1040600@nkpanama.com> <004801c6757b$bebf67c0$23c051cb@noc> <4464D1B5.8090509@nkpanama.com> <44695777.7080907@nkpanama.com> <3b85c513756f3cbe5162f8b4599c5e84@ucsc.edu> Message-ID: <446A55D1.9040901@nkpanama.com> John Rudd escribi?: > Uh, that's not what it means to be an "open relay". An open relay is > a relay which doesn't restrict who uses it. Specifically, it is a > relay that allows 3rd parties (ie. not the server's proper users (the > customers), nor people sending to the proper users, but a third group > which is neither proper users nor people sending to the proper > users). If only his customers can relay through is sever, then it's > not an open relay. Therefore, being an "open relay to his customers" > is a meaningless phrase. It's like saying "it's a 2 way door if and > only if you open it from the inside". If you can only open it from > the inside, it's not a 2 way door. > > > I can see arguments for requiring authentication (it's certainly a > good goal, and should be a 'best practice'), but it's still perfectly > normal and valid for a site to allow relaying for/by the > network/hosts/users it is responsible for. That doesn't make them an > "open relay". It makes them a "relay". There's nothing wrong with > being a "relay". > It's good to know that we agree on what a relay is, although we disagree on the use of the word "open" as a description of the behaviour we are talking about, depending on the conditions. I don't believe the phrase is meaningless in the sense that, expanding it a little more, the hypothetical ISP in question is a relay that is sufficiently open to abuse in such a way that entities not necessarily under its control are able to use it as a relay to cause harm to others. In your definition, "entities not under his control" are SMTP clients on networks not directly managed by this ISP. In my definition, which is a bit stricter, "entities not under his control" includes everybody, everywhere, unless they have authenticated. So in both our definitions, an "open relay" is a relay that doesn't restrict who uses it. The way I see it, however, implies that, to a compromised/infected/rogue/spammer machine inside an ISP's network legitimately (the user is a subscriber) or not (the user is hijacking another computer or using an open wifi spot), there is no *practical* difference between such an "open" ISP "relay" and a more completely "open" relay, in the fuller sense of the term that you imply. I just got off the phone with a sysadmin friend of mine whose server was being listed in RBL's, whose CPU usage was going through the roof... etc. - you probably know what I'm talking about. We shut off the "allow relay by address" options, turned on SMTP AUTH and made it mandatory. Problem solved. Most ISP's in my country are making SMTP AUTH mandatory; they're doing it to address the problem of being, for all practical purposes, "open relays" to machines in their networks. So although we may have different views on what "open" means, depending on where you're standing, I'm glad we agree that allowing relay without some sort of control or accountability is usually a Bad Thing ;-) From alex at nkpanama.com Tue May 16 23:48:25 2006 From: alex at nkpanama.com (Alex Neuman) Date: Tue May 16 23:48:41 2006 Subject: (no subject) In-Reply-To: References: Message-ID: <446A56B9.4040102@nkpanama.com> JD Doelitzsch escribi?: > Just a General question here. If im not using the delay feature on MS and > its still taking about 15-20 secs to get the 220 which is causing a timeout > in some instances, and im using a P3 box. That means get a new box right? > > -JD > > Also, You guys are great. The support I get from you guys beats anything. I > feel like im part of a happy family. Or is that the drugs? > > > Could be that you haven't implemented a caching DNS server and whoever you have in /etc/resolv.conf is not answering right away. When someone connects to your MTA it's probably going to try and resolve the name of the IP address connecting to it, hence the delay. From ka at pacific.net Tue May 16 23:59:00 2006 From: ka at pacific.net (Ken A) Date: Tue May 16 23:55:10 2006 Subject: Resend archived mail In-Reply-To: <446A4AF2.50608@katy.com> References: <4469F449.7050803@katy.com> <446A4AF2.50608@katy.com> Message-ID: <446A5934.5030603@pacific.net> John Schmerold wrote: > Turns out the answer to the fundamental question is: you need to copy to > mqueue.in: > cp -p > /var/spool/MailScanner/quarantine/20051101/20060516/?fk4GLVKel032053 > /var/spool/mqueue.in > That will just send them through MailScanner and catch and quarantine them again. They need to go into the outgoing queue. Something like this ugly shell script will get everything under quarantine (all dates) that is going to some domain.com. cd /var/spool/MailScanner/quarantine/ for i in `grep "rRFC822" */*/qf* | \ grep -w domain.com | \ awk -F : '{print $1}' | \ sort -u | \ sed 's/\/qf/\/?f/'`; \ do echo $i; \ done; Cut and paste it in. Replace domain.com with the domain you want to find. Replace "echo $i" with "cp $i /var/spool/mqueue" when you like the output. Run the outgoing queue manually if it's stuck for some reason. /usr/sbin/sendmail -oQ/var/spool/mqueue -v -qRdomain.com Ken A Pacific.Net > I'm hoping to whip up a script that looks for the domain in the q file, > then copies q & f file to /var/spool/mqueue.in > > I sure wish FoxPro worked on my Centos box :-( > > John Schmerold wrote: > >> We had a sad story this morning. Long story short, I need to resend >> all archived emails addressed to one domain and archived. We are using >> Sendmail. If memory serves all we need to do is copy the archived >> message into mqueue like so: >> cp -p >> /var/spool/MailScanner/quarantine/20051101/20051111/?fjABMN7KU009599 >> /var/spool/mqueue >> >> It's been 15 minutes or so & the emails have not budged from mqueue: >> [root@mx1 root]# ls -al >> /var/spool/MailScanner/quarantine/20051101/20060516/?fk4GF081P020699 >> -rw-rw---- 1 root root 1085 May 16 10:00 >> /var/spool/MailScanner/quarantine/20051101/20060516/dfk4GF081P020699 >> -rw-rw---- 1 root root 3143 May 16 10:00 >> /var/spool/MailScanner/quarantine/20051101/20060516/qfk4GF081P020699 >> [root@mx1 root]# ls -al /var/spool/mqueue/?fk4GF081P020699 >> -rw-rw---- 1 root root 1085 May 16 10:00 >> /var/spool/mqueue/dfk4GF081P020699 >> -rw-rw---- 1 root root 3143 May 16 10:00 >> /var/spool/mqueue/qfk4GF081P020699 >> >> >> Two questions: >> 1. What am I missing? >> >> 2. Does any dear soul have a script they'd care to share with the >> group to re-deliver all emails sent to example.com ? >> Perhaps something as simple as: >> dosomething $(grep -ril "@katy.com" >> /var/spool/MailScanner/quarantine/20051101/20060516/qfk4GF081P020699 ) >> >> TIA > > From fajarep at simplimobile.com Wed May 17 03:28:29 2006 From: fajarep at simplimobile.com (Fajar) Date: Wed May 17 03:29:12 2006 Subject: MailScanner Update Frequency?? Message-ID: <003b01c67959$9f4ece30$8001a8c0@Fajar> Hello Everyone, especially to Julian Field... Thanks for the great mailscanner, it's really help reducing our mail server by spam, virus, etc. I just want to ask, why mailscanner is really fast is developing? Sometimes I get bored updating our mailscanner :). In scale 1-10(10 for most important), how important updating mailscanner installation? Thanks Fajar -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060517/0326ab5a/attachment.html From nauman at worldcall.net.pk Wed May 17 07:36:45 2006 From: nauman at worldcall.net.pk (Muhammad Nauman) Date: Wed May 17 07:36:56 2006 Subject: Best Way to Control Relaying? References: <00f001c674d3$12142770$3004010a@martinhlaptop> <014f01c674d7$d0d97260$23c051cb@noc> <44634ED6.1040600@nkpanama.com> <004801c6757b$bebf67c0$23c051cb@noc> <4464D1B5.8090509@nkpanama.com> <44695777.7080907@nkpanama.com><3b85c513756f3cbe5162f8b4599c5e84@ucsc.edu> <446A55D1.9040901@nkpanama.com> Message-ID: <003e01c6797c$4659e580$23c051cb@noc> > John Rudd escribi?: >> Uh, that's not what it means to be an "open relay". An open relay is a >> relay which doesn't restrict who uses it. Specifically, it is a relay >> that allows 3rd parties >> I can see arguments for requiring authentication (it's certainly a good >> goal, and should be a 'best practice'), but it's still perfectly > Most ISP's in my country are making SMTP AUTH mandatory; they're doing it > to address the problem of being, for all practical purposes, "open relays" > to machines in their networks. Thankx for clearifying the Use of " OPEN RELAY " but what i ment to say was exactly what ALEX stated as : >What Kai means, more accurately, is that, to _your customers_, you _are_ an >open relay. This also means that to _viruses_ and _spyware_ running on your >customers' machines, you _are_ an open relay. And thankx for the Answers : 1.change REC_AUTH to REC_FULL_AUTH 2. SMTP AUTH Now it will be great help here again - if any one can tell me one best HOWTO which do'nt fuss up with MailScanner or any running Program. Thanks and regards, M.Nauman Habib Network Engineer ICT Department WorldCALL Multimedia Pvt Ltd 16-S Gulberg II Lahore, Pakistan Off: 92 (42) 5877051-55 Cell : 0321-4311830 -- This message has been scanned for viruses and dangerous content by WorldCall Scanner, and is believed to be clean. From lhaig at haigmail.com Wed May 17 08:19:26 2006 From: lhaig at haigmail.com (Lance Haig) Date: Wed May 17 08:19:29 2006 Subject: Script to download latest from Julians Site In-Reply-To: <223f97700605160446j2c909686iac81bb277b4739c7@mail.gmail.com> References: <4469B351.6050700@haigmail.com> <223f97700605160446j2c909686iac81bb277b4739c7@mail.gmail.com> Message-ID: <446ACE7E.6090507@haigmail.com> Hi Glenn, I was just thinking it would be quicker to get the files with a single script. Dhawal has created something for me to try and look at. Thanks Lance Glenn Steen wrote: > On 16/05/06, Lance Haig wrote: >> Has anyone written a script that you can use to download the latest >> versions of programs from Julian's site? >> >> I was just wondering as I always download them locally first then have >> to upload and if I am on dial up it takes forever. >> >> if this has not been done I want to try to write one. >> >> Thanks >> >> Lance >> > If you allow the server http, you could well use lynx or links or > similar tool (even wget and curl could be helpful, although then you > need know/find out the locations... or just mirror > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/ or somesuch (wget > -mirror ... or whatever) :-). > Personally I prefer to use lynx, since I do this infrequently... And > lynx is enough to get the job done. > From lhaig at haigmail.com Wed May 17 08:20:53 2006 From: lhaig at haigmail.com (Lance Haig) Date: Wed May 17 08:20:55 2006 Subject: Script to download latest from Julians Site In-Reply-To: References: <4469B351.6050700@haigmail.com> Message-ID: <446ACED5.4080004@haigmail.com> Kai, I sometimes do depending on where I am going to be at what time as I generally read the what's new files first. I was also thinking about newbies to MS and helping them out. Lance Kai Schaetzl wrote: > Lance Haig wrote on Tue, 16 May 2006 12:11:13 +0100: > > >> I was just wondering as I always download them locally first then have >> to upload and if I am on dial up it takes forever. >> > > Don't tell me you download them to your PC, upload via FTP and then login > via SSH and install them. Do you really do that? > > > Kai > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060517/99498475/attachment.html From lhaig at haigmail.com Wed May 17 08:22:37 2006 From: lhaig at haigmail.com (Lance Haig) Date: Wed May 17 08:22:41 2006 Subject: Script to download latest from Julians Site In-Reply-To: <4469C627.9050400@netmagicsolutions.com> References: <4469B351.6050700@haigmail.com> <4469C627.9050400@netmagicsolutions.com> Message-ID: <446ACF3D.5030000@haigmail.com> Dhawal, Thanks for the help. I will see if I can create something similar for the clam install. But thanks a million for the start :-) Lance Dhawal Doshy wrote: > Lance Haig wrote: >> Has anyone written a script that you can use to download the latest >> versions of programs from Julian's site? > > #!/bin/sh > > # Uncomment next line for tar version > # wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/ > wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/ > > wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/`cat > index.html | awk -F "href=\"" '{print $2}' | awk -F "\"" '{print $1}' > | grep -v sig$ | grep ^MailScanner | sort | tail -1` > > rm -f index.html > > replace awk with gawk for solaris.. > > - dhawal > >> I was just wondering as I always download them locally first then >> have to upload and if I am on dial up it takes forever. >> >> if this has not been done I want to try to write one. >> >> Thanks >> >> Lance From lhaig at haigmail.com Wed May 17 08:23:19 2006 From: lhaig at haigmail.com (Lance Haig) Date: Wed May 17 08:23:21 2006 Subject: Script to download latest from Julians Site In-Reply-To: <4469D590.8060202@redred.com> References: <4469B351.6050700@haigmail.com> <4469D590.8060202@redred.com> Message-ID: <446ACF67.6050204@haigmail.com> I keep that for the same reason. Lance RedRed!com IT Department wrote: > Kai Schaetzl wrote: >> Lance Haig wrote on Tue, 16 May 2006 12:11:13 +0100: >> >> >>> I was just wondering as I always download them locally first then >>> have to upload and if I am on dial up it takes forever. >> >> >> Don't tell me you download them to your PC, upload via FTP and then >> login via SSH and install them. Do you really do that? >> >> >> Kai >> > > Hey, when you get paid by the hour, you tend to make things fill up a > day. :) > > Why isn't that a viable solution? I do that so I can keep the latest > version of the software on my laptop for future use, or until the next > version comes out, then I replace it. From a.peacock at chime.ucl.ac.uk Wed May 17 08:23:37 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Wed May 17 08:23:48 2006 Subject: MailScanner Update Frequency?? In-Reply-To: <003b01c67959$9f4ece30$8001a8c0@Fajar> References: <003b01c67959$9f4ece30$8001a8c0@Fajar> Message-ID: <446ACF79.4000007@chime.ucl.ac.uk> Hi, Fajar wrote: > Hello Everyone, especially to Julian Field... > > Thanks for the great mailscanner, it's really help reducing our mail server by > spam, virus, etc. I just want to ask, why mailscanner is really fast is developing? > Sometimes I get bored updating our mailscanner :). In scale 1-10(10 for most > important), how important updating mailscanner installation? That is really a decision you need to make based on your local conditions and needs. I often skip a version or two, depending on what the changes and new features are, and how busy I am on other things. I always check the changelog on the release of a new version and decide if the changes are important to my situation enough to spend the (small) amount of time upgrading. The changes can be divided into two broad categories: Bug fixes and new features. If a bug fix is critical or security related or I am being affected by the bug, I will upgrade. If the bug is trivial or in a section of the software that I don't use, then I may not. If a new feature looks useful in my situation then I will upgrade. If I don't think I need the feature or I want to think it through and plan its roll out, I may not. As a general rule I try to not get more than 2-3 versions behind. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From michele at blacknight.ie Wed May 17 08:39:35 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Wed May 17 08:39:38 2006 Subject: MailScanner Update Frequency?? In-Reply-To: <446ACF79.4000007@chime.ucl.ac.uk> References: <003b01c67959$9f4ece30$8001a8c0@Fajar> <446ACF79.4000007@chime.ucl.ac.uk> Message-ID: <446AD337.6030300@blacknight.ie> Anthony Peacock wrote: >> important), how important updating mailscanner installation? > > That is really a decision you need to make based on your local > conditions and needs. I often skip a version or two, depending on what > the changes and new features are, and how busy I am on other things. > > I always check the changelog on the release of a new version and decide > if the changes are important to my situation enough to spend the (small) > amount of time upgrading. > > The changes can be divided into two broad categories: Bug fixes and new > features. > > If a bug fix is critical or security related or I am being affected by > the bug, I will upgrade. If the bug is trivial or in a section of the > software that I don't use, then I may not. > > If a new feature looks useful in my situation then I will upgrade. If I > don't think I need the feature or I want to think it through and plan > its roll out, I may not. > > As a general rule I try to not get more than 2-3 versions behind. Which would sum up my philosophy as well. -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From glenn.steen at gmail.com Wed May 17 09:11:29 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed May 17 09:11:31 2006 Subject: SA Scoring In-Reply-To: <20060516220924.5ffb3fc8@cyborg> References: <2752399fba2ea14b8101d76722a43faf@splatnix.net> <446A13E8.9050908@evi-inc.com> <20060516193627.0f51ea29@cyborg> <20060516220924.5ffb3fc8@cyborg> Message-ID: <223f97700605170111u1bd23d64r5721058bb18286ac@mail.gmail.com> On 17/05/06, --[UxBoD]-- wrote: > Hi Scott, > > oops again, upgraded DCC and was using wrong path :( with respect to the bayes database yes I am using root. Should it be held under the postfix > account ? Phil, if that path/files are readable by postfix (assuming you do the usual unprivileged chroot thing)... well, then that is fine. If not ... :-). Easiest test is to su into the postfix user account and rerun the SA lint from there... Search the output for "bayes":-). Ownership of the files/directories and/or permission "mask" might need be adjusted, if it isn't readable/writable. While you're at it (logged in as the postfix user), also look that pyzor/razor/dcc really works for that user too... It's rather common to make the postfix users homedir unwritable, so these might need some help too. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Wed May 17 09:23:46 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 17 09:24:04 2006 Subject: install-Clam-SA In-Reply-To: <1964AAFBC212F742958F9275BF63DBB039A5C2@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB039A5C2@winchester.andrewscompanies.com> Message-ID: <878E7EE3-C7A4-498C-BFEF-154BB16A4456@ecs.soton.ac.uk> On 16 May 2006, at 21:53, wrote: > I do believe you have to update > freshclam.conf My easy-install package will do this for you, don't worry. > http://www.clamav.net/faq.html#pagestart > How many times per hour shall I run freshclam? Once at the very most. > If you are running ClamAV 0.7x do NOT check more often than once per > hour. If you are running ClamAV 0.8x or later, you can check for > database update as often as 4 times per hour provided that you have > the > following options in freshclam.conf: > DNSDatabaseInfo current.cvd.clamav.net > DatabaseMirror db.XY.clamav.net > DatabaseMirror database.clamav.net > Replace XY with your country code. If you don't have that option, then > you must stick with 1 check per hour. And don't forget that MailScanner will be running freshclam once every hour anyway, so you don't need to bother with any of this fiddly stuff. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of James > R. Stevens > Sent: Tuesday, May 16, 2006 4:40 PM > To: MailScanner discussion > Subject: install-Clam-SA > > > Upgrading our clam version as well and cant remember what MailScanner > uses. > > Does clamd need to be running for MailScanner to us it and stats to > grow > in MailWatch? > Does MailScanner use clamscan and not need anything else but the > definition files updated via freashclam? > > I cant find the clamd.conf MANUAL anywhere. > > > -- > This message has been scanned for viruses and dangerous content by > Athens Hyperion Scanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Wed May 17 09:52:34 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed May 17 09:52:38 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <4469E152.7050407@netmagicsolutions.com> References: <20060412205748.GD14679@luckyduck.tux> <223f97700604241045n144a8ae5radb01346cbdb2f1d@mail.gmail.com> <44523AA2.3080008@netmagicsolutions.com> <80973D29-30E5-4A00-8176-6FE4D48F7E78@ecs.soton.ac.uk> <4459F727.3080206@netmagicsolutions.com> <223f97700605040753n34503771y77717bee07ab4c88@mail.gmail.com> <445A335A.4020706@netmagicsolutions.com> <223f97700605041445y1fbba49eu85ce3f1c1e4a2882@mail.gmail.com> <4469E152.7050407@netmagicsolutions.com> Message-ID: <223f97700605170152g448f2b14yfd5730b0e15386fe@mail.gmail.com> On 16/05/06, Dhawal Doshy wrote: > Drew Marshall wrote: > > > > On 4 May 2006, at 22:45, Glenn Steen wrote: > > > > > > > > Sadly I don't think I am the right guy either. Although I understand > > what each of the nice bits of software do, how they play and the > > mechanics, I am not a programmer nor do I understand the code bits of > > either (Kind of like I can drive, I understand what a misfire is and can > > even explain why but I'm not a mechanic!). I really think that Jules is > > the man to explain how it all comes together (And understand the answers > > better!) but perhaps there might be better results if between us we > > could mediate between the two parties, if Jules doesn't fancy walking > > back in to the lion's den and why indeed should he considering the past :-( > > > >> > >> Anyway, my comments were the slight contrib I could do ATM. Sorry it's > >> not more. > > > > Like wise > > Drew / Glenn / Other Postfix users, > > I almost gave up.. but somehow think that this matter needs to be > clarified once and for all.. Yes... It would be very very good. Don't let us pessimists get you down:-) > > Are you guys game for getting together on the MailScanner IRC at some > predefined time and drafting a mail (that is technically. grammatically > and politically correct) to be sent to the postfix developers?? Unfortunately IRC from work is a no-no for me. So that rather limits when I'm able to connect. Add to that just too much to do (especially at home... Not to mention the choir etc (yes, I sing in a church choir, a pretty good one at that... We're just getting ready for a small tour:-)), and the prospects of me participating is pretty low. Sorry. But do suggest a time that would work for you. Who knows, we might get lucky:-). And although Drew downplays his usefulness, I do believe he should be in on it too. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From billox at billox.com Wed May 17 10:53:14 2006 From: billox at billox.com (James Page) Date: Wed May 17 10:51:14 2006 Subject: Dealing with suspected spam Message-ID: <446AF28A.4000709@billox.com> Hello, Not sure this is really on topic for this forum, but anyhoo.... What are people's opinions on dealing with spam in a corporate environment? Is it best to quarantine and advise original sender? Tag and deliver? Quarantine high scoring and then tag and deliver below a certain score? What strategies do you use? Thanks, James From prandal at herefordshire.gov.uk Wed May 17 11:14:20 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed May 17 11:15:23 2006 Subject: Dealing with suspected spam Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580CC0B8D2@isabella.herefordshire.gov.uk> Quarantine high-scoring. Do not even think of delivering a list of high-scoring spams to the user, as the "Subject:" lines are often in themselves highly offensive. Tag and deliver the low-scoring stuff, and make sure the users know how to filter the tagged emails into a "possible spam" folder in their email client. Sending users a digest of low-scoring spams that they can release themselves is a possiblility, but the downside is that the end users have to get their heads around yet another user interface. And explain to your users that it is not humanly possible to block all spam without also blocking non-spam emails. Instruction in the use of the "Delete" key would also come in useful. Why end users think that it makes sense to call or email the corporate helpdesk to report spam which is already tagged as possible spam is beyond me, but it happens a lot here. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of James Page > Sent: 17 May 2006 10:53 > To: mailscanner@lists.mailscanner.info > Subject: Dealing with suspected spam > > Hello, > > Not sure this is really on topic for this forum, but anyhoo.... > > What are people's opinions on dealing with spam in a corporate > environment? Is it best to quarantine and advise original sender? Tag > and deliver? Quarantine high scoring and then tag and deliver below a > certain score? What strategies do you use? > > > Thanks, > > > James > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From dhawal at netmagicsolutions.com Wed May 17 11:33:48 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed May 17 11:33:57 2006 Subject: connection refused by 127.0.0.1 In-Reply-To: References: Message-ID: <446AFC0C.6020401@netmagicsolutions.com> Kevin Miller wrote: > JD Doelitzsch wrote: >> Im getting alot of messages filling up my logs with status deferred >> connection refused by 127.0.0.1 why would MS send to its loopback? >> and why wouldn't it accept it? >> >> -JD > > Don't know if it's the case here, but check the domain. I had a case > some time ago where the spammer had a MX records in their DNS that > resolved to 127.0.0.1 so any reply mail/bounces, etc. would never leave > the server. Pretty sleazy. I blacklisted the domain in sendmail's > access table. May be something similar going on here... > > ...Kevin Umm.. why not reject sender domains, where the MX record points (yeah yeah MX records point to A records, which point to IP addresses whatever) to an invalid entry like 192.168.x.x/10.x.x.x/172.168.x.x/127.x.x.x/224.x.x.x Postfix lets me do this using a cidr map for the 'check_sender_mx_access' parameter, i'm sure a sendmail milter can do some thing similar. 2 units of your local currency, - dhawal From dhawal at netmagicsolutions.com Wed May 17 11:37:40 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed May 17 11:37:49 2006 Subject: sa-stats ?? In-Reply-To: <4468F2AA.40105@maddoc.net> References: <4468F2AA.40105@maddoc.net> Message-ID: <446AFCF4.8010305@netmagicsolutions.com> Doc Schneider wrote: > I use sa-stats.pl from the SARE site to generate stats for my mailers, > however, the one running MailScanner doesn't generate anything. Is there > such a beasty for MailScanners maillog? > > Thanks! See, http://wiki.mailscanner.info/doku.php?id=&idx=documentation:related_software:stats vispan should be nice for stats, if you need graphs and stuff checkout mailwatch. - dhawal From sandrews at andrewscompanies.com Wed May 17 11:41:25 2006 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Wed May 17 11:41:28 2006 Subject: install-Clam-SA Message-ID: <1964AAFBC212F742958F9275BF63DBB038E1B3@winchester.andrewscompanies.com> I stand corrected; thanks Julian! Steve -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Wednesday, May 17, 2006 4:24 AM To: MailScanner discussion Subject: Re: install-Clam-SA On 16 May 2006, at 21:53, wrote: > I do believe you have to update > freshclam.conf My easy-install package will do this for you, don't worry. > http://www.clamav.net/faq.html#pagestart > How many times per hour shall I run freshclam? Once at the very most. > If you are running ClamAV 0.7x do NOT check more often than once per > hour. If you are running ClamAV 0.8x or later, you can check for > database update as often as 4 times per hour provided that you have > the following options in freshclam.conf: > DNSDatabaseInfo current.cvd.clamav.net DatabaseMirror db.XY.clamav.net > DatabaseMirror database.clamav.net Replace XY with your country code. > If you don't have that option, then you must stick with 1 check per > hour. And don't forget that MailScanner will be running freshclam once every hour anyway, so you don't need to bother with any of this fiddly stuff. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of James > R. Stevens > Sent: Tuesday, May 16, 2006 4:40 PM > To: MailScanner discussion > Subject: install-Clam-SA > > > Upgrading our clam version as well and cant remember what MailScanner > uses. > > Does clamd need to be running for MailScanner to us it and stats to > grow in MailWatch? > Does MailScanner use clamscan and not need anything else but the > definition files updated via freashclam? > > I cant find the clamd.conf MANUAL anywhere. > > > -- > This message has been scanned for viruses and dangerous content by > Athens Hyperion Scanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From andoni.auzmendi at robertwalters.com Wed May 17 11:41:37 2006 From: andoni.auzmendi at robertwalters.com (Andoni Auzmendi) Date: Wed May 17 11:41:49 2006 Subject: Dealing with suspected spam Message-ID: <1A8B0BB098059B42BCFF0EB7E2E62FD06F6037@PAT.internal.robertwalters.com> You wouldn't like to spam your users with spam notifications :-) We quarantine and not deliver to users high scoring spam messages. We quarantine, modify subject and deliver to users low scoring spam messages. We have set the threshold accordingly so we get no false positives in the high scoring spam area but we can have few in the low scoring spam area. Our values are: 7 for low score spam and 11 for high score spam. We also get from users messages not tag as spam and those rare false positives to whitelist, blacklist or add new SA rules. The above is working for us. We currently have 700 users and receive 25000 emails a day. Andoni -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of James Page Sent: 17 May 2006 10:53 To: mailscanner@lists.mailscanner.info Subject: Dealing with suspected spam Hello, Not sure this is really on topic for this forum, but anyhoo.... What are people's opinions on dealing with spam in a corporate environment? Is it best to quarantine and advise original sender? Tag and deliver? Quarantine high scoring and then tag and deliver below a certain score? What strategies do you use? Thanks, James -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** From sandrews at andrewscompanies.com Wed May 17 11:45:44 2006 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Wed May 17 11:45:48 2006 Subject: Dealing with suspected spam Message-ID: <1964AAFBC212F742958F9275BF63DBB038E1B4@winchester.andrewscompanies.com> Quarantine High and deliver the rest as tagged in subject line. Advise users to create a rule to dump tagged to trash can and tell them to check every so often for false positives; keep lowering bar on spam and high spam until we get into false positive range and then back off a bit and start whitelisting. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of James Page Sent: Wednesday, May 17, 2006 5:53 AM To: mailscanner@lists.mailscanner.info Subject: Dealing with suspected spam Hello, Not sure this is really on topic for this forum, but anyhoo.... What are people's opinions on dealing with spam in a corporate environment? Is it best to quarantine and advise original sender? Tag and deliver? Quarantine high scoring and then tag and deliver below a certain score? What strategies do you use? Thanks, James -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From sandrews at andrewscompanies.com Wed May 17 11:49:34 2006 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Wed May 17 11:49:37 2006 Subject: Dealing with suspected spam Message-ID: <1964AAFBC212F742958F9275BF63DBB038E1B5@winchester.andrewscompanies.com> Wow, 7 and 11? I'm down into the 4.5 and 8 level...sheesh. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Andoni Auzmendi Sent: Wednesday, May 17, 2006 6:42 AM To: MailScanner discussion Subject: RE: Dealing with suspected spam You wouldn't like to spam your users with spam notifications :-) We quarantine and not deliver to users high scoring spam messages. We quarantine, modify subject and deliver to users low scoring spam messages. We have set the threshold accordingly so we get no false positives in the high scoring spam area but we can have few in the low scoring spam area. Our values are: 7 for low score spam and 11 for high score spam. We also get from users messages not tag as spam and those rare false positives to whitelist, blacklist or add new SA rules. The above is working for us. We currently have 700 users and receive 25000 emails a day. Andoni -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of James Page Sent: 17 May 2006 10:53 To: mailscanner@lists.mailscanner.info Subject: Dealing with suspected spam Hello, Not sure this is really on topic for this forum, but anyhoo.... What are people's opinions on dealing with spam in a corporate environment? Is it best to quarantine and advise original sender? Tag and deliver? Quarantine high scoring and then tag and deliver below a certain score? What strategies do you use? Thanks, James -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From prandal at herefordshire.gov.uk Wed May 17 11:58:36 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed May 17 11:59:46 2006 Subject: Dealing with suspected spam Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580CC0B8E3@isabella.herefordshire.gov.uk> 4.75 and 9 here. Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of sandrews@andrewscompanies.com > Sent: 17 May 2006 11:50 > To: mailscanner@lists.mailscanner.info > Subject: RE: Dealing with suspected spam > > Wow, 7 and 11? I'm down into the 4.5 and 8 level...sheesh. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Andoni > Auzmendi > Sent: Wednesday, May 17, 2006 6:42 AM > To: MailScanner discussion > Subject: RE: Dealing with suspected spam > > You wouldn't like to spam your users with spam notifications :-) > > We quarantine and not deliver to users high scoring spam messages. > > We quarantine, modify subject and deliver to users low scoring spam > messages. > > We have set the threshold accordingly so we get no false positives in > the high scoring spam area but we can have few in the low scoring spam > area. Our values are: 7 for low score spam and 11 for high score spam. > > We also get from users messages not tag as spam and those rare false > positives to whitelist, blacklist or add new SA rules. > > The above is working for us. We currently have 700 users and receive > 25000 emails a day. > > Andoni > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of James > Page > Sent: 17 May 2006 10:53 > To: mailscanner@lists.mailscanner.info > Subject: Dealing with suspected spam > > Hello, > > Not sure this is really on topic for this forum, but anyhoo.... > > What are people's opinions on dealing with spam in a corporate > environment? Is it best to quarantine and advise original sender? Tag > and deliver? Quarantine high scoring and then tag and deliver below a > certain score? What strategies do you use? > > > Thanks, > > > James > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to > whom they are > addressed. If you have received this email in error please notify the > system manager. > > This footnote also confirms that this email message has been swept by > MIMEsweeper for the presence of computer viruses. > > www.mimesweeper.com > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From alan at essex.ac.uk Wed May 17 12:00:44 2006 From: alan at essex.ac.uk (Stanier, Alan M) Date: Wed May 17 12:00:58 2006 Subject: Dealing with suspected spam In-Reply-To: <446AF28A.4000709@billox.com> Message-ID: <773A7B88FE13D6119C7B009027D3A56A0693F7A4@sernt13.essex.ac.uk> We have a webform that users may use to request 1) All spam be quarantined 2) High spam be quarantined, low spam delivered 3) All spam be delivered. Then once the mail is tagged, we pass it thru a filter which does what was asked. A user who gives no preference gets option 1 Alan -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of James Page Sent: 17 May 2006 10:53 To: mailscanner@lists.mailscanner.info Subject: Dealing with suspected spam Hello, Not sure this is really on topic for this forum, but anyhoo.... What are people's opinions on dealing with spam in a corporate environment? Is it best to quarantine and advise original sender? Tag and deliver? Quarantine high scoring and then tag and deliver below a certain score? What strategies do you use? Thanks, James -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From drew at themarshalls.co.uk Wed May 17 13:09:55 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Wed May 17 13:10:05 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <223f97700605170152g448f2b14yfd5730b0e15386fe@mail.gmail.com> References: <20060412205748.GD14679@luckyduck.tux> <223f97700604241045n144a8ae5radb01346cbdb2f1d@mail.gmail.com> <44523AA2.3080008@netmagicsolutions.com> <80973D29-30E5-4A00-8176-6FE4D48F7E78@ecs.soton.ac.uk> <4459F727.3080206@netmagicsolutions.com> <223f97700605040753n34503771y77717bee07ab4c88@mail.gmail.com> <445A335A.4020706@netmagicsolutions.com> <223f97700605041445y1fbba49eu85ce3f1c1e4a2882@mail.gmail.com> <4469E152.7050407@netmagicsolutions.com> <223f97700605170152g448f2b14yfd5730b0e15386fe@mail.gmail.com> Message-ID: <58779.194.70.180.170.1147867795.squirrel@webmail.r-bit.net> On Wed, May 17, 2006 09:52, Glenn Steen wrote: > On 16/05/06, Dhawal Doshy wrote: >> Drew / Glenn / Other Postfix users, >> >> I almost gave up.. but somehow think that this matter needs to be >> clarified once and for all.. > > Yes... It would be very very good. Don't let us pessimists get you down:-) Agreed! >> >> Are you guys game for getting together on the MailScanner IRC at some >> predefined time and drafting a mail (that is technically. grammatically >> and politically correct) to be sent to the postfix developers?? Yes, no worries. Time is a little restricted for me as I am off on my holidays at the end of the month for a couple of weeks. I would also have to do it at home as work is a no-no fr IRC. > > Unfortunately IRC from work is a no-no for me. So that rather limits > when I'm able to connect. > Add to that just too much to do (especially at home... Not to mention > the choir etc (yes, I sing in a church choir, a pretty good one at > that... We're just getting ready for a small tour:-)), I look forward to the MP3s being available for download. Will you take requests?? :-) > and the > prospects of me participating is pretty low. Sorry. > > But do suggest a time that would work for you. Who knows, we might get > lucky:-). And although Drew downplays his usefulness, I do believe he > should be in on it too. Glenn, you flatter me but I am always willing to help. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From MailScanner at ecs.soton.ac.uk Wed May 17 13:41:53 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 17 13:42:10 2006 Subject: Dealing with suspected spam In-Reply-To: <1964AAFBC212F742958F9275BF63DBB038E1B4@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB038E1B4@winchester.andrewscompanies.com> Message-ID: One thing I want to make sure you know: Thunderbird has a feature where it will trust the "Is This Spam?" headers from SpamAssassin among other systems. You have to switch this on in the preferences. By default on new MailScanner systems, MailScanner will generate the relevant headers pretending to be SpamAssassin for this feature. So your users can very easily filter their spam into Thunderbird's Junk folder, without having to go into the complexity of writing a rule that matches the subject line or anything like that. If you want to apply this to older installations, set things up like this: Non Spam Actions = deliver header "X-Spam-Status: No" Spam Actions = deliver header "X-Spam-Status: Yes" I hope that helps someone. Jules. On 17 May 2006, at 11:45, wrote: > Quarantine High and deliver the rest as tagged in subject line. > Advise > users to create a rule to dump tagged to trash can and tell them to > check every so often for false positives; keep lowering bar on spam > and > high spam until we get into false positive range and then back off > a bit > and start whitelisting. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of James > Page > Sent: Wednesday, May 17, 2006 5:53 AM > To: mailscanner@lists.mailscanner.info > Subject: Dealing with suspected spam > > Hello, > > Not sure this is really on topic for this forum, but anyhoo.... > > What are people's opinions on dealing with spam in a corporate > environment? Is it best to quarantine and advise original sender? Tag > and deliver? Quarantine high scoring and then tag and deliver below a > certain score? What strategies do you use? > > > Thanks, > > > James > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From P.G.M.Peters at utwente.nl Wed May 17 14:08:23 2006 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Wed May 17 14:08:29 2006 Subject: Script to download latest from Julians Site In-Reply-To: <446ACED5.4080004@haigmail.com> References: <4469B351.6050700@haigmail.com> <446ACED5.4080004@haigmail.com> Message-ID: <446B2047.3@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lance Haig wrote on 17-5-2006 9:20: > I sometimes do depending on where I am going to be at what time as I > generally read the what's new files first. I read them too. But then I copy the link location, log in on the mailserver and do a wget of the copied link. - -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEayBHelLo80lrIdIRApPVAJ9gSi+Zw9VG7v5ZpieWG9CYrsjVtwCgjXmL Vao/Lne+4Nn7ZsZJ8axQ/Pc= =GN4J -----END PGP SIGNATURE----- From andoni.auzmendi at robertwalters.com Wed May 17 15:06:11 2006 From: andoni.auzmendi at robertwalters.com (Andoni Auzmendi) Date: Wed May 17 15:07:44 2006 Subject: Dealing with suspected spam Message-ID: <1A8B0BB098059B42BCFF0EB7E2E62FD065C042@PAT.internal.robertwalters.com> Because I know with our setup the threshold of 11 is high enough to avoid any false positives. In our business 1 false positive is too much unfortunately. I have had to boost up some SA rules though... -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of sandrews@andrewscompanies.com Sent: 17 May 2006 11:50 To: mailscanner@lists.mailscanner.info Subject: RE: Dealing with suspected spam Wow, 7 and 11? I'm down into the 4.5 and 8 level...sheesh. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Andoni Auzmendi Sent: Wednesday, May 17, 2006 6:42 AM To: MailScanner discussion Subject: RE: Dealing with suspected spam You wouldn't like to spam your users with spam notifications :-) We quarantine and not deliver to users high scoring spam messages. We quarantine, modify subject and deliver to users low scoring spam messages. We have set the threshold accordingly so we get no false positives in the high scoring spam area but we can have few in the low scoring spam area. Our values are: 7 for low score spam and 11 for high score spam. We also get from users messages not tag as spam and those rare false positives to whitelist, blacklist or add new SA rules. The above is working for us. We currently have 700 users and receive 25000 emails a day. Andoni -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of James Page Sent: 17 May 2006 10:53 To: mailscanner@lists.mailscanner.info Subject: Dealing with suspected spam Hello, Not sure this is really on topic for this forum, but anyhoo.... What are people's opinions on dealing with spam in a corporate environment? Is it best to quarantine and advise original sender? Tag and deliver? Quarantine high scoring and then tag and deliver below a certain score? What strategies do you use? Thanks, James -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** From maillists at conactive.com Wed May 17 15:31:21 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed May 17 15:31:37 2006 Subject: Script to download latest from Julians Site In-Reply-To: <446ACF67.6050204@haigmail.com> References: <4469B351.6050700@haigmail.com> <4469D590.8060202@redred.com> <446ACF67.6050204@haigmail.com> Message-ID: Lance Haig wrote on Wed, 17 May 2006 08:23:19 +0100: > I keep that for the same reason. Downloading them thru a dialup link and uploading them thru a dialup link is more likely to break the files than fetch them directly. Not to mention the speed implication. If you do not know about wget run a "man wget" and I think you'll know what most others probably do to get newer mailscanner versions. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed May 17 15:31:21 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed May 17 15:31:40 2006 Subject: install-Clam-SA In-Reply-To: <878E7EE3-C7A4-498C-BFEF-154BB16A4456@ecs.soton.ac.uk> References: <1964AAFBC212F742958F9275BF63DBB039A5C2@winchester.andrewscompanies.com> <878E7EE3-C7A4-498C-BFEF-154BB16A4456@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Wed, 17 May 2006 09:23:46 +0100: > > How many times per hour shall I run freshclam? > > Once at the very most. Once per hour or more often? I think this is very much against the policy of the maintainers of the clam database mirrors. There's a statment on the clamav website or in the conf files or somewhere which clearly says this shouldn't get overused. I just don't remember if they give a minimum that shouldn't get stressed. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From sandrews at andrewscompanies.com Wed May 17 15:46:04 2006 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Wed May 17 15:46:08 2006 Subject: Script to download latest from Julians Site Message-ID: <1964AAFBC212F742958F9275BF63DBB039A5C4@winchester.andrewscompanies.com> Doesn't have to be that complicated, just putty to the box cd /usr/src (or where ever you want to store the stuff) wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/MailScanner-4.54.2-2.rpm.tar.gz tar zxvf MailScanner-4.54.2-2.rpm.tar.gz cd /MailScanner-4.54.2-2 ./install.sh I do it via dialup, cell modem, whatever. If I've got a lot to do, I'll just make the whole script out to do the MailScanner and install-Clam-SA including the install and upgrade; I'll SCP to the boxen and just upload the scripts and fire off the jobs. The I go bill the customers accordingly. ;) Meanwhile, I'm down at the pub. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kai Schaetzl Sent: Wednesday, May 17, 2006 10:31 AM To: mailscanner@lists.mailscanner.info Subject: Re: Script to download latest from Julians Site Lance Haig wrote on Wed, 17 May 2006 08:23:19 +0100: > I keep that for the same reason. Downloading them thru a dialup link and uploading them thru a dialup link is more likely to break the files than fetch them directly. Not to mention the speed implication. If you do not know about wget run a "man wget" and I think you'll know what most others probably do to get newer mailscanner versions. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From drew at themarshalls.co.uk Wed May 17 15:51:47 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Wed May 17 15:52:01 2006 Subject: SA Scoring In-Reply-To: References: <2752399fba2ea14b8101d76722a43faf@splatnix.net> <446A13E8.9050908@evi-inc.com> <20060516193627.0f51ea29@cyborg> <20060516220924.5ffb3fc8@cyborg> Message-ID: <59533.194.70.180.170.1147877507.squirrel@webmail.r-bit.net> On Tue, May 16, 2006 23:08, Scott Silva wrote: > --[UxBoD]-- spake the following on 5/16/2006 3:09 PM: >> Hi Scott, >> >> oops again, upgraded DCC and was using wrong path :( with respect to the >> bayes database yes I am using root. Should it be held under the postfix >> account ? Also, where can I get I pre-learnt bayes database from as in >> mine I only have 34 spam/ham messages :( >> >> Thanks, >> >> Phil >> > The database seems accessible where it is, so it is working OK. I have fallen for that one too. The --lint is being run as root and so will pick up the root bayes file. You need to run --lint as the same as the Postfix user (Usually postfix) to make sure you use the right database. You will also need to specify where the bayes files are (This is set in MailScanner.conf, towards the bottom, usually /var/spool/MailScanner/spamassassin/) > As for a starter database, you can go to http://www.fsl.com/support.html > It should get your bayes working right away. It will still take time to > build > accuracy, but should get you started. But don't forget to drop it in the directory as described above so MS can find it and ensure it is at least owned by postfix. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From dhawal at netmagicsolutions.com Wed May 17 16:07:49 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed May 17 16:07:59 2006 Subject: SA Scoring In-Reply-To: <59533.194.70.180.170.1147877507.squirrel@webmail.r-bit.net> References: <2752399fba2ea14b8101d76722a43faf@splatnix.net> <446A13E8.9050908@evi-inc.com> <20060516193627.0f51ea29@cyborg> <20060516220924.5ffb3fc8@cyborg> <59533.194.70.180.170.1147877507.squirrel@webmail.r-bit.net> Message-ID: <446B3C45.9090907@netmagicsolutions.com> Drew Marshall wrote: > On Tue, May 16, 2006 23:08, Scott Silva wrote: >> --[UxBoD]-- spake the following on 5/16/2006 3:09 PM: > >> As for a starter database, you can go to http://www.fsl.com/support.html >> It should get your bayes working right away. It will still take time to >> build >> accuracy, but should get you started. I would recommend that you manage to create your own database from scratch in a few weeks, rather than using the starter database forever. A starter is meant for just starting out, nothing more. The accuracy will always be higher in a manually picked (your own) spam/ham learning as compared to a started database. I could be wrong though, Matt can correct me here. - dhawal From john at katy.com Wed May 17 16:17:18 2006 From: john at katy.com (John Schmerold) Date: Wed May 17 16:17:22 2006 Subject: Resend archived mail In-Reply-To: <446A5934.5030603@pacific.net> References: <4469F449.7050803@katy.com> <446A4AF2.50608@katy.com> <446A5934.5030603@pacific.net> Message-ID: <446B3E7E.30607@katy.com> Ken, Thank you. You've provided some very good inspiration. Of course, I've run into the dreaded "Argument list too long" issue. Some days I wonder why I jumped on the Linux bandwagon. John Ken A wrote: > > John Schmerold wrote: > >> Turns out the answer to the fundamental question is: you need to copy >> to mqueue.in: >> cp -p >> /var/spool/MailScanner/quarantine/20051101/20060516/?fk4GLVKel032053 >> /var/spool/mqueue.in >> > > That will just send them through MailScanner and catch and quarantine > them again. They need to go into the outgoing queue. > > Something like this ugly shell script will get everything under > quarantine (all dates) that is going to some domain.com. > > cd /var/spool/MailScanner/quarantine/ > > for i in `grep "rRFC822" */*/qf* | \ > grep -w domain.com | \ > awk -F : '{print $1}' | \ > sort -u | \ > sed 's/\/qf/\/?f/'`; \ > do echo $i; \ > done; > > Cut and paste it in. Replace domain.com with the domain you want to > find. Replace "echo $i" with "cp $i /var/spool/mqueue" when you like > the output. > > Run the outgoing queue manually if it's stuck for some reason. > /usr/sbin/sendmail -oQ/var/spool/mqueue -v -qRdomain.com > > Ken A > Pacific.Net > > >> I'm hoping to whip up a script that looks for the domain in the q >> file, then copies q & f file to /var/spool/mqueue.in >> >> I sure wish FoxPro worked on my Centos box :-( >> >> John Schmerold wrote: >> >>> We had a sad story this morning. Long story short, I need to resend >>> all archived emails addressed to one domain and archived. We are >>> using Sendmail. If memory serves all we need to do is copy the >>> archived message into mqueue like so: >>> cp -p >>> /var/spool/MailScanner/quarantine/20051101/20051111/?fjABMN7KU009599 >>> /var/spool/mqueue >>> >>> It's been 15 minutes or so & the emails have not budged from mqueue: >>> [root@mx1 root]# ls -al >>> /var/spool/MailScanner/quarantine/20051101/20060516/?fk4GF081P020699 >>> -rw-rw---- 1 root root 1085 May 16 10:00 >>> /var/spool/MailScanner/quarantine/20051101/20060516/dfk4GF081P020699 >>> -rw-rw---- 1 root root 3143 May 16 10:00 >>> /var/spool/MailScanner/quarantine/20051101/20060516/qfk4GF081P020699 >>> [root@mx1 root]# ls -al /var/spool/mqueue/?fk4GF081P020699 >>> -rw-rw---- 1 root root 1085 May 16 10:00 >>> /var/spool/mqueue/dfk4GF081P020699 >>> -rw-rw---- 1 root root 3143 May 16 10:00 >>> /var/spool/mqueue/qfk4GF081P020699 >>> >>> >>> Two questions: >>> 1. What am I missing? >>> >>> 2. Does any dear soul have a script they'd care to share with the >>> group to re-deliver all emails sent to example.com ? >>> Perhaps something as simple as: >>> dosomething $(grep -ril "@katy.com" >>> /var/spool/MailScanner/quarantine/20051101/20060516/qfk4GF081P020699 ) >>> >>> TIA >> >> >> -- John Schmerold Katy Computer & Wireless 20 Meramec Station Rd Valley Park MO 63088 636-861-6900 v 775-227-6947 f From Denis.Beauchemin at USherbrooke.ca Wed May 17 16:18:28 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed May 17 16:18:48 2006 Subject: MCP broken? In-Reply-To: <003301c67922$ed2965c0$050a780a@defiant> References: <4469CF42.8050100@USherbrooke.ca> <4469DB91.1030200@USherbrooke.ca> <003301c67922$ed2965c0$050a780a@defiant> Message-ID: <446B3EC4.2070907@USherbrooke.ca> Kristian Shaw a ?crit : > Hello, > > I had a similar problem about a year ago and used to patch the code to > work around. The 'Deliver' action got lost and messages were > blackholed. Since then, it has been possible to change the mcp/spam > checking order which resolved the issue for me. > > Try setting: > > First Check = spam > Kristian, Thanks a lot! It is now working. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060517/a4a59a48/smime.bin From campbell at cnpapers.com Wed May 17 16:40:09 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Wed May 17 16:40:31 2006 Subject: SA Scoring References: <2752399fba2ea14b8101d76722a43faf@splatnix.net> <446A13E8.9050908@evi-inc.com> <20060516193627.0f51ea29@cyborg> <20060516220924.5ffb3fc8@cyborg><59533.194.70.180.170.1147877507.squirrel@webmail.r-bit.net> <446B3C45.9090907@netmagicsolutions.com> Message-ID: <004301c679c8$2e29f6c0$0705000a@DDF5DW71> ----- Original Message ----- From: "Dhawal Doshy" To: "MailScanner discussion" Sent: Wednesday, May 17, 2006 11:07 AM Subject: Re: SA Scoring > Drew Marshall wrote: >> On Tue, May 16, 2006 23:08, Scott Silva wrote: >>> --[UxBoD]-- spake the following on 5/16/2006 3:09 PM: >> >>> As for a starter database, you can go to >>> http://www.fsl.com/support.html >>> It should get your bayes working right away. It will still take time to >>> build >>> accuracy, but should get you started. > > I would recommend that you manage to create your own database from scratch > in a few weeks, rather than using the starter database forever. > > A starter is meant for just starting out, nothing more. The accuracy will > always be higher in a manually picked (your own) spam/ham learning as > compared to a started database. > I've always wondered about this point. As the spam we receive seems to run in particular spurts from particular spammers with specific content, the saved emails that I might keep to start up a new db file would appear to be outdated whenever I needed them again for priming the new db. Granted, it would be more pertinent to use spam to my mailservers than to use a generic starter DB, but would I gain anything other than having the required 200 mails, no matter which set of emails I use? The 'seen' stuff may be unseen forever again. Steve Campbell campbell@cnpapers.com Charleston Newspapers > I could be wrong though, Matt can correct me here. > > - dhawal > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From ryanw at falsehope.com Wed May 17 17:09:55 2006 From: ryanw at falsehope.com (Ryan Weaver) Date: Wed May 17 17:10:31 2006 Subject: Script to download latest from Julians Site In-Reply-To: Message-ID: <004401c679cc$5c465400$a566a8c0@corporate.grantgeo.com> ----Original Message---- From: mailscanner-bounces@lists.mailscanner.info Sent: Wednesday, May 17, 2006 9:31 AM To: mailscanner@lists.mailscanner.info Subject: Re: Script to download latest from Julians Site > Lance Haig wrote on Wed, 17 May 2006 08:23:19 +0100: > >> I keep that for the same reason. > > Downloading them thru a dialup link and uploading them > thru a dialup link is more likely to break the files than > fetch them directly. Not to mention the speed implication. > If you do not know about wget run a "man wget" and I think > you'll know what most others probably do to get newer > mailscanner versions. > > Kai > You can try the following (including a uuencoded version to combat wordwrap) It will download the latest Stable and Beta, but wont download the same files twice. #!/bin/sh SITE='http://www.sng.ecs.soton.ac.uk/mailscanner'; DL_HTML='downloads.shtml'; LOOK_FOR='RPM-based Linux distributions'; for FILE in $(wget -q -O - ${SITE}/${DL_HTML} | grep "${LOOK_FOR}" | sed -e 's/^.*href="//g' -e 's/".*$//g'); do echo "Getting ${FILE}"; wget -m -nv -nH -nd ${SITE}/${FILE}; Done begin 700 get_latest.sh M(R$O8FEN+W-H"@I3251%/2=H='1P.B\O=W=W+G-N9RYE8W,NT1,7TA434Q]('P@ M(&=R97`@(B1[3$]/2U]&3U)](B`@?"!S960@+64@)W,O7BXJ:')E9CTB+R]G M)R`M92`GU-)5$5]+R1[1DE,17T[ &"F1O;F4* ` End From ssilva at sgvwater.com Wed May 17 17:13:07 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 17 17:15:17 2006 Subject: sa-stats ?? In-Reply-To: <446AFCF4.8010305@netmagicsolutions.com> References: <4468F2AA.40105@maddoc.net> <446AFCF4.8010305@netmagicsolutions.com> Message-ID: Dhawal Doshy spake the following on 5/17/2006 3:37 AM: > Doc Schneider wrote: >> I use sa-stats.pl from the SARE site to generate stats for my mailers, >> however, the one running MailScanner doesn't generate anything. Is >> there such a beasty for MailScanners maillog? >> >> Thanks! > > See, > http://wiki.mailscanner.info/doku.php?id=&idx=documentation:related_software:stats > > > vispan should be nice for stats, if you need graphs and stuff checkout > mailwatch. > > - dhawal I like Vispan. Especially the access blocking. Has anyone found an easier way to install it? It can be a bear to get going on an x86_64. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed May 17 17:42:05 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 17 17:42:42 2006 Subject: sa-update cron script Message-ID: Has any body else had problems with the sa-update script in cron.daily from the latest beta? The new lines to default the script to disabled seem to choke unless they are commented out. I'm not a bash guru, but the lines seem more like perl than bash. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From dhawal at netmagicsolutions.com Wed May 17 17:50:39 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed May 17 17:50:53 2006 Subject: sa-update cron script In-Reply-To: References: Message-ID: <446B545F.9070804@netmagicsolutions.com> Scott Silva wrote: > Has any body else had problems with the sa-update script in cron.daily from > the latest beta? > > The new lines to default the script to disabled seem to choke unless they are > commented out. > > I'm not a bash guru, but the lines seem more like perl than bash. This ought to be fixed in the latest beta.. else refer to a mail by 'Kai Sch?tzl' a few days back referring to the same problem. - dhawal From edwardbruce at sbcglobal.net Wed May 17 18:05:22 2006 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Wed May 17 18:05:27 2006 Subject: SA Scoring In-Reply-To: <223f97700605170111u1bd23d64r5721058bb18286ac@mail.gmail.com> References: <2752399fba2ea14b8101d76722a43faf@splatnix.net> <446A13E8.9050908@evi-inc.com> <20060516193627.0f51ea29@cyborg> <20060516220924.5ffb3fc8@cyborg> <223f97700605170111u1bd23d64r5721058bb18286ac@mail.gmail.com> Message-ID: <446B57D2.1040105@sbcglobal.net> Glenn Steen wrote: > On 17/05/06, --[UxBoD]-- wrote: >> Hi Scott, >> >> oops again, upgraded DCC and was using wrong path :( with respect to >> the bayes database yes I am using root. Should it be held under the >> postfix >> account ? > > Phil, if that path/files are readable by postfix (assuming you do the > usual unprivileged chroot thing)... well, then that is fine. If not > ... :-). > Easiest test is to su into the postfix user account and rerun the SA > lint from there... Search the output for "bayes":-). > Ownership of the files/directories and/or permission "mask" might need > be adjusted, if it isn't readable/writable. > > While you're at it (logged in as the postfix user), also look that > pyzor/razor/dcc really works for that user too... It's rather common > to make the postfix users homedir unwritable, so these might need some > help too. > I have a question, since our postfix account is in a chroot jail and can't be su'ed to, how do you check this out? From admin at thenamegame.com Wed May 17 19:06:24 2006 From: admin at thenamegame.com (Michael S.) Date: Wed May 17 19:06:08 2006 Subject: Clamavmodule, what is the proper path to " Monitors for ClamAV Updates" in MailScanner on FreeBSD? Message-ID: <200605171806.k4HI66KR030164@bkserver.blacknight.ie> According to the MS documentation the path to Monitors for ClamAV Updates = should be pointing to; Monitors for ClamAV Updates = /var/db/clamav/*.cvd But on Freebsd there is no such path. The only path I see to *.cvd files on Freebsd is /var/db/clamv/*.cvd but if you add this path to MS it errors out. If you use the clamav module it works properly. If we try to use clamavmodule it complains that it cannot find the *.cvd files. My question is, what path should Monitors For ClamAV Updates be pointing too? Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060517/46acf44f/attachment.html From mailscanner at lists.com.ar Wed May 17 19:20:58 2006 From: mailscanner at lists.com.ar (Leonardo Helman) Date: Wed May 17 19:21:21 2006 Subject: rejection.report.txt Translation Message-ID: <20060517182058.GD13493@pert.com.ar> Hi I've translated the report/es/rejection.report.txt to spanish It should say something like: ------------------------------------------------------------------------------ From: $to To: $from Subject: Mail no solicitado no aceptado X-%org-name%-MailScanner: generated Usted nos ha mandado un correo electronico no requerido, y ha sido rechazado. Por favor, no mande mas mails a esta direccion. To: $to Subject: $subject Date: $date Si tiene preguntas acerca de esto o si cree qeu ha recibido este mensaje por error, por favor contactese con los administradores de este sitio. -- MailScanner Email Virus Scanner %org-long-name% %web-site% ------------------------------------------------------------------------------ Saludos -- Leonardo Helman Pert Consultores Argentina From ssilva at sgvwater.com Wed May 17 19:26:45 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 17 19:27:00 2006 Subject: sa-update cron script In-Reply-To: <446B545F.9070804@netmagicsolutions.com> References: <446B545F.9070804@netmagicsolutions.com> Message-ID: Dhawal Doshy spake the following on 5/17/2006 9:50 AM: > Scott Silva wrote: >> Has any body else had problems with the sa-update script in cron.daily >> from >> the latest beta? >> >> The new lines to default the script to disabled seem to choke unless >> they are >> commented out. >> >> I'm not a bash guru, but the lines seem more like perl than bash. > > This ought to be fixed in the latest beta.. else refer to a mail by 'Kai > Sch?tzl' a few days back referring to the same problem. > > - dhawal I must have missed that one. Thanks!! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mailscanner at lists.com.ar Wed May 17 19:34:15 2006 From: mailscanner at lists.com.ar (Leonardo Helman) Date: Wed May 17 19:34:23 2006 Subject: languages.conf Translation In-Reply-To: <20060517182058.GD13493@pert.com.ar> References: <20060517182058.GD13493@pert.com.ar> Message-ID: <20060517183414.GE13493@pert.com.ar> Sory for sending this in several mails More translations: In languages.conf NumericLinkWarning = MailScanner le advierte: los links numericos son comunmente utilizados en actividades maliciosas: # Used in "From:" header of many reports PostmasterName = Alerce GSDisabled = El Analizador de Mensajes no deseados a medida fue deshabilitado debido a fallas repetidas # Used in simple filename allow/deny rules (not filename.rules.conf) FoundBlockedFilename = Se detecto un nombre de archivo bloqueado FoundBlockedFiletype = Se detecto un tipo de archivo bloqueado # Used in SpamAssassin cache results headers cached = almacenado notcached = no almacenado From MailScanner at ecs.soton.ac.uk Wed May 17 19:37:45 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 17 19:38:00 2006 Subject: Script to download latest from Julians Site In-Reply-To: <1964AAFBC212F742958F9275BF63DBB039A5C4@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB039A5C4@winchester.andrewscompanies.com> Message-ID: <446B6D79.2050008@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 sandrews@andrewscompanies.com wrote: > The I go bill the customers accordingly. ;) Meanwhile, I'm down at the pub. > And presumably buying me beers, or at least saving up the beer money to Paypal to me later so that I can buy them on your behalf :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGttehH2WUcUFbZUEQLoOgCg+RPpmbKnMS1M5ynVgequJ3XbB84AoIC5 0G+nWk/BswGvNxIGAPNyqraG =pmkD -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed May 17 19:40:39 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 17 19:40:50 2006 Subject: sa-update cron script In-Reply-To: <446B545F.9070804@netmagicsolutions.com> References: <446B545F.9070804@netmagicsolutions.com> Message-ID: <446B6E27.7000808@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dhawal Doshy wrote: > Scott Silva wrote: >> Has any body else had problems with the sa-update script in >> cron.daily from >> the latest beta? >> >> The new lines to default the script to disabled seem to choke unless >> they are >> commented out. >> >> I'm not a bash guru, but the lines seem more like perl than bash. > > This ought to be fixed in the latest beta.. else refer to a mail by > 'Kai Sch?tzl' a few days back referring to the same problem. Yes, I had an E_WRONG_LANGUAGE error and started writing Perl in a sh script. Sorry! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGtuKBH2WUcUFbZUEQLg6gCeN5V8WW/GYqDboVCJF5/MewtqoGYAoJrY BA3Pcrsbi8RGTFhtHX9UC3HG =GZi5 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed May 17 19:43:32 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 17 19:43:50 2006 Subject: Clamavmodule, what is the proper path to " Monitors for ClamAV Updates" in MailScanner on FreeBSD? In-Reply-To: <200605171806.k4HI66KR030164@bkserver.blacknight.ie> References: <200605171806.k4HI66KR030164@bkserver.blacknight.ie> Message-ID: <446B6ED4.1050908@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael S. wrote: > > According to the MS documentation the path to Monitors for ClamAV > Updates = should be pointing to; > > Monitors for ClamAV Updates = /var/db/clamav/*.cvd > > But on Freebsd there is no such path. The only path I see to **.*cvd > files on Freebsd is /var/db/clamv/*.cvd but if you add this path to MS > it errors out. > > If you use the clamav module it works properly. If we try to use > clamavmodule it complains that it cannot find the *.cvd files. > > My question is, what path should Monitors For ClamAV Updates be > pointing too? > It's right for installations done with my easy-install Clam+SA package. It should point to the location of your cvd files. As you say this errors out, can you check that when you are using something like Postfix, that the "Run As User" can reach and read the cvd files. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGtu2RH2WUcUFbZUEQIZXACgiKjPrlaXgBcCMy7drVxhO+427oIAn36i ybOUDyyPjF2jMZ4Bm/QKu5tS =WvPz -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From gdoris at rogers.com Wed May 17 19:46:43 2006 From: gdoris at rogers.com (Gerry Doris) Date: Wed May 17 19:47:05 2006 Subject: MailWatch parsing error with latest beta Message-ID: <46743.192.18.101.5.1147891603.squirrel@tiger.dorfam.ca> I just installed the latest MailScanner beta last night (only change made to system and no changes to MailScanner.conf). I noticed today that all messages have the following parsing error showing up in the Spam Report section of MailWatch. I'm assuming this has something to do with the beta since it started immediately after installing the beta. Just in case there is wrapping, "cached" shows up under the Score heading, "not" under the Matching Rule heading, "score=0.332" on the next line under the Matching Rule heading, "5" in the Score heading and "required" under the Matching Rule heading. "spam" is in the Score column and "autolearn=not" is in the Matching Rule column. The rest is correct. The scores are calculated correctly. Score Matching Rule Description cached not score=0.332 5 required spam autolearn=not 0.20 AWL From: address is in the auto white-list 0.14 FORGED_RCVD_HELO Received: contains a forged HELO From MailScanner at ecs.soton.ac.uk Wed May 17 19:49:26 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 17 19:49:38 2006 Subject: rejection.report.txt Translation In-Reply-To: <20060517182058.GD13493@pert.com.ar> References: <20060517182058.GD13493@pert.com.ar> Message-ID: <446B7036.1050508@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This will be in the next release. Thankyou very much! Leonardo Helman wrote: > I've translated the report/es/rejection.report.txt to spanish > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGtwNhH2WUcUFbZUEQIUCwCfXjH8cS4QXKO3vLSXCeUp4ZeJs6sAn0wo mD6X9txu4BSl/6TxRggqgC80 =l3qU -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From dhawal at netmagicsolutions.com Wed May 17 20:57:39 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed May 17 20:57:52 2006 Subject: SA Scoring In-Reply-To: <446B57D2.1040105@sbcglobal.net> References: <2752399fba2ea14b8101d76722a43faf@splatnix.net> <446A13E8.9050908@evi-inc.com> <20060516193627.0f51ea29@cyborg> <20060516220924.5ffb3fc8@cyborg> <223f97700605170111u1bd23d64r5721058bb18286ac@mail.gmail.com> <446B57D2.1040105@sbcglobal.net> Message-ID: <20060517195739.29969.qmail@mymail.netmagicians.com> Ed Bruce writes: > Glenn Steen wrote: >> On 17/05/06, --[UxBoD]-- wrote: >>> Hi Scott, >>> >>> oops again, upgraded DCC and was using wrong path :( with respect to >>> the bayes database yes I am using root. Should it be held under the >>> postfix >>> account ? >> >> Phil, if that path/files are readable by postfix (assuming you do the >> usual unprivileged chroot thing)... well, then that is fine. If not >> ... :-). >> Easiest test is to su into the postfix user account and rerun the SA >> lint from there... Search the output for "bayes":-). >> Ownership of the files/directories and/or permission "mask" might need >> be adjusted, if it isn't readable/writable. >> >> While you're at it (logged in as the postfix user), also look that >> pyzor/razor/dcc really works for that user too... It's rather common >> to make the postfix users homedir unwritable, so these might need some >> help too. >> > I have a question, since our postfix account is in a chroot jail and > can't be su'ed to, how do you check this out? I am not too sure but the regular method should work: [root@hostname ~]# su - postfix -s /bin/sh [postfix@hostname ~]$ spamassassin -D --lint -x - dhawal From edwardbruce at sbcglobal.net Wed May 17 21:18:09 2006 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Wed May 17 21:18:14 2006 Subject: SA Scoring In-Reply-To: <20060517195739.29969.qmail@mymail.netmagicians.com> References: <2752399fba2ea14b8101d76722a43faf@splatnix.net> <446A13E8.9050908@evi-inc.com> <20060516193627.0f51ea29@cyborg> <20060516220924.5ffb3fc8@cyborg> <223f97700605170111u1bd23d64r5721058bb18286ac@mail.gmail.com> <446B57D2.1040105@sbcglobal.net> <20060517195739.29969.qmail@mymail.netmagicians.com> Message-ID: <446B8501.1060500@sbcglobal.net> Dhawal Doshy wrote: > Ed Bruce writes: >> Glenn Steen wrote: >>> On 17/05/06, --[UxBoD]-- wrote: >>>> Hi Scott, >>>> oops again, upgraded DCC and was using wrong path :( with respect to >>>> the bayes database yes I am using root. Should it be held under the >>>> postfix >>>> account ? >>> >>> Phil, if that path/files are readable by postfix (assuming you do the >>> usual unprivileged chroot thing)... well, then that is fine. If not >>> ... :-). >>> Easiest test is to su into the postfix user account and rerun the SA >>> lint from there... Search the output for "bayes":-). >>> Ownership of the files/directories and/or permission "mask" might need >>> be adjusted, if it isn't readable/writable. >>> While you're at it (logged in as the postfix user), also look that >>> pyzor/razor/dcc really works for that user too... It's rather common >>> to make the postfix users homedir unwritable, so these might need some >>> help too. >> I have a question, since our postfix account is in a chroot jail and >> can't be su'ed to, how do you check this out? > > > I am not too sure but the regular method should work: > [root@hostname ~]# su - postfix -s /bin/sh > [postfix@hostname ~]$ spamassassin -D --lint -x > - dhawal > Thanks that worked. Adding the -s option actually. Thanks again. From Denis.Beauchemin at USherbrooke.ca Wed May 17 21:36:16 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed May 17 21:36:47 2006 Subject: Error in install-Clam-SA In-Reply-To: References: <4468E062.2030500@USherbrooke.ca> <4469D7BF.5000504@USherbrooke.ca> Message-ID: <446B8940.2060101@USherbrooke.ca> Julian Field a ?crit : > I just tried building ClamAV without zlib.a there at all, and it built > just fine. > I don't think that is the problem. > Julian, I don't know what happened on my RHEL4 server but this is the error message I got: checking whether snprintf correctly terminates long strings... yes checking pthread.h usability... yes checking pthread.h presence... yes checking for pthread.h... yes checking whether to enable maintainer-specific portions of Makefiles... no checking for zlib installation... /usr configure: error: Please install zlib and zlib-devel packages make: *** No targets specified and no makefile found. Stop. make: *** No rule to make target `install'. Stop. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060517/780d8ba2/smime.bin From steve.swaney at fsl.com Wed May 17 21:43:09 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed May 17 21:43:13 2006 Subject: Error in install-Clam-SA In-Reply-To: <446B8940.2060101@USherbrooke.ca> Message-ID: <110c01c679f2$81ef2da0$2901010a@office.fsl> Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Denis Beauchemin > Sent: Wednesday, May 17, 2006 4:36 PM > To: MailScanner discussion > Subject: Re: Error in install-Clam-SA > > Julian Field a ?crit : > > I just tried building ClamAV without zlib.a there at all, and it built > > just fine. > > I don't think that is the problem. > > > Julian, > > I don't know what happened on my RHEL4 server but this is the error > message I got: > checking whether snprintf correctly terminates long strings... yes > checking pthread.h usability... yes > checking pthread.h presence... yes > checking for pthread.h... yes > checking whether to enable maintainer-specific portions of Makefiles... no > checking for zlib installation... /usr > configure: error: Please install zlib and zlib-devel packages > make: *** No targets specified and no makefile found. Stop. > make: *** No rule to make target `install'. Stop. > > Denis What is the output of: rpm -qa | grep zlib It should be similar to: zlib-1.2.1.2-1.2 zlib-devel-1.2.1.2-1.2 If not use up2date or yum to install Hope this helps, Steve From john at katy.com Wed May 17 21:53:55 2006 From: john at katy.com (John Schmerold) Date: Wed May 17 21:53:58 2006 Subject: Resend archived mail In-Reply-To: <4469F449.7050803@katy.com> References: <4469F449.7050803@katy.com> Message-ID: <446B8D63.5000103@katy.com> Solved with following script thanks for everyone's input: #!/bin/sh for d in 13 14 15 do cd /var/spool/MailScanner/quarantine/20051101/200605$d for file in q* do for i in `grep -il bti-bri.com $file` do j=$( echo "$i" | tr qf df ) cp -p $j /var/spool/mqueue.in cp -p $i /var/spool/mqueue.in done done done John Schmerold wrote: > We had a sad story this morning. Long story short, I need to resend > all archived emails addressed to one domain and archived. We are using > Sendmail. If memory serves all we need to do is copy the archived > message into mqueue like so: > cp -p > /var/spool/MailScanner/quarantine/20051101/20051111/?fjABMN7KU009599 > /var/spool/mqueue > > It's been 15 minutes or so & the emails have not budged from mqueue: > [root@mx1 root]# ls -al > /var/spool/MailScanner/quarantine/20051101/20060516/?fk4GF081P020699 > -rw-rw---- 1 root root 1085 May 16 10:00 > /var/spool/MailScanner/quarantine/20051101/20060516/dfk4GF081P020699 > -rw-rw---- 1 root root 3143 May 16 10:00 > /var/spool/MailScanner/quarantine/20051101/20060516/qfk4GF081P020699 > [root@mx1 root]# ls -al /var/spool/mqueue/?fk4GF081P020699 > -rw-rw---- 1 root root 1085 May 16 10:00 > /var/spool/mqueue/dfk4GF081P020699 > -rw-rw---- 1 root root 3143 May 16 10:00 > /var/spool/mqueue/qfk4GF081P020699 > > > Two questions: > 1. What am I missing? > > 2. Does any dear soul have a script they'd care to share with the > group to re-deliver all emails sent to example.com ? > Perhaps something as simple as: > dosomething $(grep -ril "@katy.com" > /var/spool/MailScanner/quarantine/20051101/20060516/qfk4GF081P020699 ) > > TIA -- John Schmerold Katy Computer & Wireless 20 Meramec Station Rd Valley Park MO 63088 636-861-6900 v 775-227-6947 f From glenn.steen at gmail.com Wed May 17 22:53:21 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed May 17 22:53:27 2006 Subject: SA Scoring In-Reply-To: <446B8501.1060500@sbcglobal.net> References: <2752399fba2ea14b8101d76722a43faf@splatnix.net> <446A13E8.9050908@evi-inc.com> <20060516193627.0f51ea29@cyborg> <20060516220924.5ffb3fc8@cyborg> <223f97700605170111u1bd23d64r5721058bb18286ac@mail.gmail.com> <446B57D2.1040105@sbcglobal.net> <20060517195739.29969.qmail@mymail.netmagicians.com> <446B8501.1060500@sbcglobal.net> Message-ID: <223f97700605171453u4b0ccb6bwd2422da8a69e5cc2@mail.gmail.com> On 17/05/06, Ed Bruce wrote: > Dhawal Doshy wrote: > > Ed Bruce writes: > >> Glenn Steen wrote: > >>> On 17/05/06, --[UxBoD]-- wrote: > >>>> Hi Scott, > >>>> oops again, upgraded DCC and was using wrong path :( with respect to > >>>> the bayes database yes I am using root. Should it be held under the > >>>> postfix > >>>> account ? > >>> > >>> Phil, if that path/files are readable by postfix (assuming you do the > >>> usual unprivileged chroot thing)... well, then that is fine. If not > >>> ... :-). > >>> Easiest test is to su into the postfix user account and rerun the SA > >>> lint from there... Search the output for "bayes":-). > >>> Ownership of the files/directories and/or permission "mask" might need > >>> be adjusted, if it isn't readable/writable. > >>> While you're at it (logged in as the postfix user), also look that > >>> pyzor/razor/dcc really works for that user too... It's rather common > >>> to make the postfix users homedir unwritable, so these might need some > >>> help too. > >> I have a question, since our postfix account is in a chroot jail and > >> can't be su'ed to, how do you check this out? > > > > > > I am not too sure but the regular method should work: > > [root@hostname ~]# su - postfix -s /bin/sh > > [postfix@hostname ~]$ spamassassin -D --lint -x > > - dhawal > > > Thanks that worked. Adding the -s option actually. Thanks again. Yep, Dahwal is quite correct... The thing is that the postfix user is often set to have a "non-shell" command for login ... /bin/false isn't uncommon...:-). So you simply have to tell what shell to use. If you like a shell with a little more functionality (commandline history/editing....:-) you could run bash ... or whatever gets you happy:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dhawal at netmagicsolutions.com Wed May 17 23:04:19 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed May 17 23:04:29 2006 Subject: SA Scoring In-Reply-To: <223f97700605171453u4b0ccb6bwd2422da8a69e5cc2@mail.gmail.com> References: <2752399fba2ea14b8101d76722a43faf@splatnix.net> <446A13E8.9050908@evi-inc.com> <20060516193627.0f51ea29@cyborg> <20060516220924.5ffb3fc8@cyborg> <223f97700605170111u1bd23d64r5721058bb18286ac@mail.gmail.com> <446B57D2.1040105@sbcglobal.net> <20060517195739.29969.qmail@mymail.netmagicians.com> <446B8501.1060500@sbcglobal.net> <223f97700605171453u4b0ccb6bwd2422da8a69e5cc2@mail.gmail.com> Message-ID: <20060517220419.5096.qmail@mymail.netmagicians.com> Glenn Steen writes: > On 17/05/06, Ed Bruce wrote: >> Dhawal Doshy wrote: >> > Ed Bruce writes: >> >> Glenn Steen wrote: >> >>> On 17/05/06, --[UxBoD]-- wrote: >> >>>> Hi Scott, >> >>>> oops again, upgraded DCC and was using wrong path :( with respect to >> >>>> the bayes database yes I am using root. Should it be held under the >> >>>> postfix >> >>>> account ? >> >>> >> >>> Phil, if that path/files are readable by postfix (assuming you do the >> >>> usual unprivileged chroot thing)... well, then that is fine. If not >> >>> ... :-). >> >>> Easiest test is to su into the postfix user account and rerun the SA >> >>> lint from there... Search the output for "bayes":-). >> >>> Ownership of the files/directories and/or permission "mask" might >> need >> >>> be adjusted, if it isn't readable/writable. >> >>> While you're at it (logged in as the postfix user), also look that >> >>> pyzor/razor/dcc really works for that user too... It's rather common >> >>> to make the postfix users homedir unwritable, so these might need >> some >> >>> help too. >> >> I have a question, since our postfix account is in a chroot jail and >> >> can't be su'ed to, how do you check this out? >> > >> > >> > I am not too sure but the regular method should work: >> > [root@hostname ~]# su - postfix -s /bin/sh >> > [postfix@hostname ~]$ spamassassin -D --lint -x >> > - dhawal >> > >> Thanks that worked. Adding the -s option actually. Thanks again. > > Yep, Dahwal is quite correct... The thing is that the postfix user is > often set to have a "non-shell" command for login ... /bin/false isn't > uncommon...:-). So you simply have to tell what shell to use. If you > like a shell with a little more functionality (commandline > history/editing....:-) you could run bash ... or whatever gets you > happy:-). Umm.. sh is bash, AFAIK no one uses the bourne shell (sh) in linux anymore, everyone IS using bourne again shell (bash) [dhawal@sauron ~]$ ll /bin/sh /bin/bash -rwxr-xr-x 1 root root 616184 Feb 22 2005 /bin/bash lrwxrwxrwx 1 root root 4 Jun 6 2005 /bin/sh -> bash - dhawal > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mkettler at evi-inc.com Wed May 17 23:27:51 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed May 17 23:28:04 2006 Subject: SA Scoring In-Reply-To: <20060517220419.5096.qmail@mymail.netmagicians.com> References: <2752399fba2ea14b8101d76722a43faf@splatnix.net> <446A13E8.9050908@evi-inc.com> <20060516193627.0f51ea29@cyborg> <20060516220924.5ffb3fc8@cyborg> <223f97700605170111u1bd23d64r5721058bb18286ac@mail.gmail.com> <446B57D2.1040105@sbcglobal.net> <20060517195739.29969.qmail@mymail.netmagicians.com> <446B8501.1060500@sbcglobal.net> <223f97700605171453u4b0ccb6bwd2422da8a69e5cc2@mail.gmail.com> <20060517220419.5096.qmail@mymail.netmagicians.com> Message-ID: <446BA367.6010405@evi-inc.com> Dhawal Doshy wrote: > > Umm.. sh is bash, AFAIK no one uses the bourne shell (sh) in linux > anymore, everyone IS using bourne again shell (bash) > [dhawal@sauron ~]$ ll /bin/sh /bin/bash > -rwxr-xr-x 1 root root 616184 Feb 22 2005 /bin/bash > lrwxrwxrwx 1 root root 4 Jun 6 2005 /bin/sh -> bash Yes, but when bash is invoked as sh it changes its behavior to mimic the historic sh. So while everyone uses a symlink from sh to bash, that "sh" command behaves very differently than calling bash. See http://www.faqs.org/docs/bashman/bashref_63.html "If Bash is invoked with the name sh, it tries to mimic the startup behavior of historical versions of sh as closely as possible, while conforming to the POSIX standard as well." From glenn.steen at gmail.com Wed May 17 23:34:57 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed May 17 23:35:00 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <58779.194.70.180.170.1147867795.squirrel@webmail.r-bit.net> References: <20060412205748.GD14679@luckyduck.tux> <80973D29-30E5-4A00-8176-6FE4D48F7E78@ecs.soton.ac.uk> <4459F727.3080206@netmagicsolutions.com> <223f97700605040753n34503771y77717bee07ab4c88@mail.gmail.com> <445A335A.4020706@netmagicsolutions.com> <223f97700605041445y1fbba49eu85ce3f1c1e4a2882@mail.gmail.com> <4469E152.7050407@netmagicsolutions.com> <223f97700605170152g448f2b14yfd5730b0e15386fe@mail.gmail.com> <58779.194.70.180.170.1147867795.squirrel@webmail.r-bit.net> Message-ID: <223f97700605171534i5aa3b4c1udf25d9687bf6533b@mail.gmail.com> On 17/05/06, Drew Marshall wrote: (snip) > > Unfortunately IRC from work is a no-no for me. So that rather limits > > when I'm able to connect. > > Add to that just too much to do (especially at home... Not to mention > > the choir etc (yes, I sing in a church choir, a pretty good one at > > that... We're just getting ready for a small tour:-)), > > I look forward to the MP3s being available for download. Will you take > requests?? :-) Requests? Sure, what would you like to hear.... I'll be glad to meet at any convenient drinking facility and .... perform under the influence:-):-). Can't promise any definite timeframe if the facility happens to be anywhere other than the vicinity of Stockholm though:-(. Anyway, although I wasn't part of the choir when they recorded a CD last (for public sale, at least:-), my wife was... You can hear her at http://www.svenskakyrkan.se/strangnas/sdkf_orgelskiva.html (It is the sample called "Sov du barn"... She's really quite a good). > > and the > > prospects of me participating is pretty low. Sorry. > > > > But do suggest a time that would work for you. Who knows, we might get > > lucky:-). And although Drew downplays his usefulness, I do believe he > > should be in on it too. > > Glenn, you flatter me but I am always willing to help. Not really, no. You have a polite tone and a good head on your shoulders... What has that to do with flattery?;-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed May 17 23:39:43 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed May 17 23:39:47 2006 Subject: SA Scoring In-Reply-To: <20060517220419.5096.qmail@mymail.netmagicians.com> References: <2752399fba2ea14b8101d76722a43faf@splatnix.net> <20060516193627.0f51ea29@cyborg> <20060516220924.5ffb3fc8@cyborg> <223f97700605170111u1bd23d64r5721058bb18286ac@mail.gmail.com> <446B57D2.1040105@sbcglobal.net> <20060517195739.29969.qmail@mymail.netmagicians.com> <446B8501.1060500@sbcglobal.net> <223f97700605171453u4b0ccb6bwd2422da8a69e5cc2@mail.gmail.com> <20060517220419.5096.qmail@mymail.netmagicians.com> Message-ID: <223f97700605171539x17c96ecflbe4d6356e68acc5f@mail.gmail.com> On 18/05/06, Dhawal Doshy wrote: > Glenn Steen writes: (snip) > > Yep, Dahwal is quite correct... The thing is that the postfix user is > > often set to have a "non-shell" command for login ... /bin/false isn't > > uncommon...:-). So you simply have to tell what shell to use. If you > > like a shell with a little more functionality (commandline > > history/editing....:-) you could run bash ... or whatever gets you > > happy:-). > > > Umm.. sh is bash, AFAIK no one uses the bourne shell (sh) in linux anymore, > everyone IS using bourne again shell (bash) > > [dhawal@sauron ~]$ ll /bin/sh /bin/bash > -rwxr-xr-x 1 root root 616184 Feb 22 2005 /bin/bash > lrwxrwxrwx 1 root root 4 Jun 6 2005 /bin/sh -> bash > Ah, yes... Well, I'm probably still fumbling around in the dark ages.... When this was far from a given;-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Thu May 18 00:03:03 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu May 18 00:03:31 2006 Subject: MailWatch parsing error with latest beta In-Reply-To: <46743.192.18.101.5.1147891603.squirrel@tiger.dorfam.ca> References: <46743.192.18.101.5.1147891603.squirrel@tiger.dorfam.ca> Message-ID: Gerry Doris spake the following on 5/17/2006 11:46 AM: > I just installed the latest MailScanner beta last night (only change made > to system and no changes to MailScanner.conf). I noticed today that all > messages have the following parsing error showing up in the Spam Report > section of MailWatch. I'm assuming this has something to do with the beta > since it started immediately after installing the beta. > > Just in case there is wrapping, "cached" shows up under the Score heading, > "not" under the Matching Rule heading, "score=0.332" on the next line > under the Matching Rule heading, "5" in the Score heading and "required" > under the Matching Rule heading. > > "spam" is in the Score column and "autolearn=not" is in the Matching Rule > column. The rest is correct. > > The scores are calculated correctly. > > > Score Matching Rule Description > cached not > score=0.332 > 5 required > spam autolearn=not > 0.20 AWL From: address is in the auto white-list > 0.14 FORGED_RCVD_HELO Received: contains a forged HELO > I have been seeing that as well, but seemed only cosmetic. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From maillists at conactive.com Thu May 18 00:31:21 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu May 18 00:31:38 2006 Subject: Script to download latest from Julians Site In-Reply-To: <1964AAFBC212F742958F9275BF63DBB039A5C4@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB039A5C4@winchester.andrewscompanies.com> Message-ID: wrote on Wed, 17 May 2006 10:46:04 -0400: > Doesn't have to be that complicated, Not sure why you chose my answer for that answer. Well. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From alex at nkpanama.com Thu May 18 04:11:08 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu May 18 04:11:22 2006 Subject: Best Way to Control Relaying? In-Reply-To: <003e01c6797c$4659e580$23c051cb@noc> References: <00f001c674d3$12142770$3004010a@martinhlaptop> <014f01c674d7$d0d97260$23c051cb@noc> <44634ED6.1040600@nkpanama.com> <004801c6757b$bebf67c0$23c051cb@noc> <4464D1B5.8090509@nkpanama.com> <44695777.7080907@nkpanama.com><3b85c513756f3cbe5162f8b4599c5e84@ucsc.edu> <446A55D1.9040901@nkpanama.com> <003e01c6797c$4659e580$23c051cb@noc> Message-ID: <446BE5CC.3070600@nkpanama.com> Muhammad Nauman wrote: > but what i ment to say was exactly what ALEX stated as : > >> What Kai means, more accurately, is that, to _your customers_, you >> _are_ an >> open relay. This also means that to _viruses_ and _spyware_ running >> on your >> customers' machines, you _are_ an open relay. > 1.change REC_AUTH to REC_FULL_AUTH > 2. SMTP AUTH > > Now it will be great help here again - if any one can tell me one best > HOWTO > which do'nt fuss up with MailScanner or any running Program. > It's good to know when a service provider improves their installation in order to benefit his customers and reduce the amount of unwanted traffic for the entire Internet. I've even heard that for every time an admin implements SMTP AUTH, an angel gets its wings! :-) In any case, both points I mentioned are easy to implement: 1. Just edit /usr/share/sendmail-cf/m4/cfhead.m4 to read _REC_FULL_AUTH_$?{auth_ssf} bits=${auth_ssf}$.) instead of _REC_AUTH_$?{auth_ssf} bits=${auth_ssf}$.) 2. Add the following somewhere near the top (mine's on line 35, along with some similar settings - I don't know if the order is important): define(`confAUTH_OPTIONS', `A')dnl TRUST_AUTH_MECH(`EXTERNAL LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `EXTERNAL LOGIN PLAIN')dnl 3. Make sure saslauthd is running (and set to run on startup) with: chkconfig saslauthd on service saslauthd start Then rebuild sendmail.cf by issuing: m4 < /etc/mail/sendmail.mc > /etc/mail/sendmail.cf ... and let your users know you're going to be asking for authentication from now on. Give them a few days to set their mail clients to "my server requires authentication". After your deadline, take away the "xx.xxx.xxx.xxx RELAY" lines from /etc/mail/access and regenerate it using make -C /etc/mail so that the changes activate. After than restart MailScanner and you should be set. Good luck! From alex at nkpanama.com Thu May 18 04:51:05 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu May 18 04:51:15 2006 Subject: connection refused by 127.0.0.1 In-Reply-To: <446AFC0C.6020401@netmagicsolutions.com> References: <446AFC0C.6020401@netmagicsolutions.com> Message-ID: <446BEF29.2030906@nkpanama.com> Dhawal Doshy wrote: > > Umm.. why not reject sender domains, where the MX record points (yeah > yeah MX records point to A records, which point to IP addresses > whatever) to an invalid entry like > 192.168.x.x/10.x.x.x/172.168.x.x/127.x.x.x/224.x.x.x > > Postfix lets me do this using a cidr map for the > 'check_sender_mx_access' parameter, i'm sure a sendmail milter can do > some thing similar. If you're using sendmail, you could probably use an RBL for this. Look for "bogon dnsbls" at http://spamlinks.net/filter-dnsbl-lists.htm, you might want to use bogons.cymru.com for this. From res at ausics.net Thu May 18 08:48:51 2006 From: res at ausics.net (Res) Date: Thu May 18 08:49:03 2006 Subject: Resend archived mail In-Reply-To: <446B3E7E.30607@katy.com> References: <4469F449.7050803@katy.com> <446A4AF2.50608@katy.com> <446A5934.5030603@pacific.net> <446B3E7E.30607@katy.com> Message-ID: Hi John, On Wed, 17 May 2006, John Schmerold wrote: > Thank you. You've provided some very good inspiration. Of course, I've run > into the dreaded "Argument list too long" issue. This is a shell limitation (you can increase it) However the fact you are doing */*/qf* tremendously adds to your pain, cd into the directory and do qf* and your arg list capability grows much much more, if its still an issue 'xargs' is your new friend to get around it. >> for i in `grep "rRFC822" */*/qf* | \ >> grep -w domain.com | \ >> awk -F : '{print $1}' | \ >> sort -u | \ >> sed 's/\/qf/\/?f/'`; \ >> do echo $i; \ >> done; -- Regards, Res From dhawal at netmagicsolutions.com Thu May 18 13:13:46 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu May 18 13:13:56 2006 Subject: SA Scoring In-Reply-To: <446BA367.6010405@evi-inc.com> References: <2752399fba2ea14b8101d76722a43faf@splatnix.net> <446A13E8.9050908@evi-inc.com> <20060516193627.0f51ea29@cyborg> <20060516220924.5ffb3fc8@cyborg> <223f97700605170111u1bd23d64r5721058bb18286ac@mail.gmail.com> <446B57D2.1040105@sbcglobal.net> <20060517195739.29969.qmail@mymail.netmagicians.com> <446B8501.1060500@sbcglobal.net> <223f97700605171453u4b0ccb6bwd2422da8a69e5cc2@mail.gmail.com> <20060517220419.5096.qmail@mymail.netmagicians.com> <446BA367.6010405@evi-inc.com> Message-ID: <446C64FA.5040304@netmagicsolutions.com> Matt Kettler wrote: > Dhawal Doshy wrote: > >> Umm.. sh is bash, AFAIK no one uses the bourne shell (sh) in linux >> anymore, everyone IS using bourne again shell (bash) >> [dhawal@sauron ~]$ ll /bin/sh /bin/bash >> -rwxr-xr-x 1 root root 616184 Feb 22 2005 /bin/bash >> lrwxrwxrwx 1 root root 4 Jun 6 2005 /bin/sh -> bash > > Yes, but when bash is invoked as sh it changes its behavior to mimic the > historic sh. > > So while everyone uses a symlink from sh to bash, that "sh" command behaves very > differently than calling bash. > > See > http://www.faqs.org/docs/bashman/bashref_63.html > > "If Bash is invoked with the name sh, it tries to mimic the startup behavior of > historical versions of sh as closely as possible, while conforming to the POSIX > standard as well." True, i forgot this feature.. that too after spending hours some years back linking bash as rbash (restricted bash) - dhawal From alex at nkpanama.com Thu May 18 14:42:43 2006 From: alex at nkpanama.com (Alex Neuman) Date: Thu May 18 14:43:15 2006 Subject: Dealing with suspected spam In-Reply-To: References: <1964AAFBC212F742958F9275BF63DBB038E1B4@winchester.andrewscompanies.com> Message-ID: <446C79D3.80903@nkpanama.com> Julian Field escribi?: > > Thunderbird has a feature where it will trust the "Is This Spam?" > headers from SpamAssassin among other systems. You have to switch this > on in the preferences. > > By default on new MailScanner systems, MailScanner will generate the > relevant headers pretending to be SpamAssassin for this feature. So > your users can very easily filter their spam into Thunderbird's Junk > folder, without having to go into the complexity of writing a rule > that matches the subject line or anything like that. > > If you want to apply this to older installations, set things up like > this: > > Non Spam Actions = deliver header "X-Spam-Status: No" > Spam Actions = deliver header "X-Spam-Status: Yes" > > I hope that helps someone. > Jules. You can also add the following to your users' .procmailrc file: :0: * ^X-Spam-Status: Yes mail/Junk\ E-mail ... to achieve the same functionality if they are using something else (webmail, for example). There is one downside (or upside, depending on how you see it)... users reading their e-mail using POP3 instead of IMAP will not receive the "Junk E-mail"-tagged messages because they will be going to a separate (not the Inbox) folder. They would *have* to go to a webmail page or use an IMAP client. The good news is that whatever method you use to send stuff to a separate folder, you can then use tools like http://www.argon.org/~roderick/mbox-purge.html to delete everything past a certain timeframe. One more thing... If you deliver spam messages to your users, you might want to consider the "attachment" feature that delivers e-mails to users as attachments. That option prevents several bad things from happening, and gives the user a more clear and detailed warning - and you get to modify it to include additional information, if you want. From alex at nkpanama.com Thu May 18 14:49:14 2006 From: alex at nkpanama.com (Alex Neuman) Date: Thu May 18 14:49:37 2006 Subject: connection refused by 127.0.0.1 In-Reply-To: <446BEF29.2030906@nkpanama.com> References: <446AFC0C.6020401@netmagicsolutions.com> <446BEF29.2030906@nkpanama.com> Message-ID: <446C7B5A.1060304@nkpanama.com> Alex Neuman van der Hans escribi?: > Dhawal Doshy wrote: >> >> Umm.. why not reject sender domains, where the MX record points (yeah >> yeah MX records point to A records, which point to IP addresses >> whatever) to an invalid entry like >> 192.168.x.x/10.x.x.x/172.168.x.x/127.x.x.x/224.x.x.x >> >> Postfix lets me do this using a cidr map for the >> 'check_sender_mx_access' parameter, i'm sure a sendmail milter can do >> some thing similar. > If you're using sendmail, you could probably use an RBL for this. Look > for "bogon dnsbls" at http://spamlinks.net/filter-dnsbl-lists.htm, you > might want to use bogons.cymru.com for this. I was doing additional checking and this would only work if somehow someone could actually get to you from a bogon address (through spoofing or whatever). Does anybody know of a milter (free) for sendmail that checks for bogon MXs? From alex at nkpanama.com Thu May 18 14:58:38 2006 From: alex at nkpanama.com (Alex Neuman) Date: Thu May 18 14:59:04 2006 Subject: rejection.report.txt Translation In-Reply-To: <20060517182058.GD13493@pert.com.ar> References: <20060517182058.GD13493@pert.com.ar> Message-ID: <446C7D8E.8080809@nkpanama.com> Leonardo Helman escribi?: > Hi > > I've translated the report/es/rejection.report.txt to spanish > > It should say something like: > ------------------------------------------------------------------------------ > From: $to > To: $from > Subject: Mail no solicitado no aceptado > Should say "correo" - Mail is not a word in Spanish. > X-%org-name%-MailScanner: generated > > Usted nos ha mandado un correo electronico no requerido, y ha sido > "enviado" sounds better than "mandado"... Less ambiguous... "electr?nico" requires an accent mark... > rechazado. Por favor, no mande mas mails a esta direccion. > "rechazado. Por favor no env?e m?s correo a esta direcci?n" > To: $to > Subject: $subject > Date: $date > > Si tiene preguntas acerca de esto o si cree qeu ha recibido este mensaje > "que", not "qeu" > por error, por favor contactese con los administradores de este sitio. > > "contacte a los administradores de este sitio" instead of "cont?ctese con", which would be a redundant third-person-reflexive-tense word common in some South American countries. The analogy in English would be to say "please contact the admins" instead of "you go ahead and make contact with the admins yourself, on your own" :-) Even though I've set up several MS installations in Spansh, I never actually looked in the "es" folder. Guess I'll look now and start contributing ;-) From alex at nkpanama.com Thu May 18 15:13:28 2006 From: alex at nkpanama.com (Alex Neuman) Date: Thu May 18 15:13:57 2006 Subject: rejection.report.txt Translation In-Reply-To: <20060517182058.GD13493@pert.com.ar> References: <20060517182058.GD13493@pert.com.ar> Message-ID: <446C8108.8020408@nkpanama.com> In "languages.conf", NumericLinkWarning = MailScanner warning: numerical links are often malicious: should say NumericLinkWarning= Advertencia MailScanner: Enlaces num?ricos suelen ser maliciosos: and... FoundBlockedFilename = Blocked Filename Detected FoundBlockedFiletype = Blocked Filetype Detected should say: FoundBlockedFilename = Nombre de Archivo Bloqueado Detectado FoundBlockedFiletype = Tipo de Archivo Bloqueado From alex at nkpanama.com Thu May 18 15:18:43 2006 From: alex at nkpanama.com (Alex Neuman) Date: Thu May 18 15:19:13 2006 Subject: rejection.report.txt Translation In-Reply-To: <446C8108.8020408@nkpanama.com> References: <20060517182058.GD13493@pert.com.ar> <446C8108.8020408@nkpanama.com> Message-ID: <446C8243.2080702@nkpanama.com> I just realized my installation is getting old - or I haven't run "upgrade_mailscanner_conf"/"upgrade_languages_conf" properly :-) Alex Neuman escribi?: > In "languages.conf", > NumericLinkWarning = MailScanner warning: > numerical links are often malicious: > > should say > > NumericLinkWarning= Advertencia MailScanner: > Enlaces num?ricos suelen ser maliciosos: > > and... > > FoundBlockedFilename = Blocked Filename Detected > FoundBlockedFiletype = Blocked Filetype Detected > > should say: > > FoundBlockedFilename = Nombre de Archivo Bloqueado Detectado > FoundBlockedFiletype = Tipo de Archivo Bloqueado > > > From alex at nkpanama.com Thu May 18 15:20:50 2006 From: alex at nkpanama.com (Alex Neuman) Date: Thu May 18 15:21:16 2006 Subject: Resend archived mail (although maybe a bit OT) :-) In-Reply-To: References: <4469F449.7050803@katy.com> <446A4AF2.50608@katy.com> <446A5934.5030603@pacific.net> <446B3E7E.30607@katy.com> Message-ID: <446C82C2.5090104@nkpanama.com> Speaking of grep/awk/etc... Anybody know of a good way to turn a bunch of maildir-formatted messages and turn them into an mbox-formatted file? Or perhaps something I could feed to "formail -s sendmail"? Thanks... Res escribi?: > Hi John, > > On Wed, 17 May 2006, John Schmerold wrote: > >> Thank you. You've provided some very good inspiration. Of course, >> I've run into the dreaded "Argument list too long" issue. > > This is a shell limitation (you can increase it) > > However the fact you are doing */*/qf* tremendously adds to your > pain, cd into the directory and do qf* and your arg list capability > grows much much more, if its still an issue 'xargs' is your new > friend to get around it. > >>> for i in `grep "rRFC822" */*/qf* | \ >>> grep -w domain.com | \ >>> awk -F : '{print $1}' | \ >>> sort -u | \ >>> sed 's/\/qf/\/?f/'`; \ >>> do echo $i; \ >>> done; > > -- > Regards, > Res > From glenn.steen at gmail.com Thu May 18 15:46:01 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu May 18 15:46:05 2006 Subject: Resend archived mail (although maybe a bit OT) :-) In-Reply-To: <446C82C2.5090104@nkpanama.com> References: <4469F449.7050803@katy.com> <446A4AF2.50608@katy.com> <446A5934.5030603@pacific.net> <446B3E7E.30607@katy.com> <446C82C2.5090104@nkpanama.com> Message-ID: <223f97700605180746r44b77cafwbb4e43fef8a68a20@mail.gmail.com> On 18/05/06, Alex Neuman wrote: > Speaking of grep/awk/etc... > > Anybody know of a good way to turn a bunch of maildir-formatted messages > and turn them into an mbox-formatted file? > > Or perhaps something I could feed to "formail -s sendmail"? > > Thanks... > Hi Alex, A quick google turned up: http://www.systemsaligned.com/content/view/18/19/ ... the viability of which... I cannot vouch for. but at least it's something. Going the other direction seems much simpler:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Alex.Laslavic at bcdtravel.com Thu May 18 15:53:53 2006 From: Alex.Laslavic at bcdtravel.com (Alex Laslavic (Lenox)) Date: Thu May 18 15:54:13 2006 Subject: Rules, and Envelope header forging Message-ID: <1147964033.14665.30.camel@localhost.localdomain> Skipped content of type multipart/signed-------------- next part -------------- Skipped content of type multipart/alternative From glenn.steen at gmail.com Thu May 18 16:10:40 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu May 18 16:10:44 2006 Subject: Rules, and Envelope header forging In-Reply-To: <1147964033.14665.30.camel@localhost.localdomain> References: <1147964033.14665.30.camel@localhost.localdomain> Message-ID: <223f97700605180810m41174ce9p302d1bbc5e20582e@mail.gmail.com> On 18/05/06, Alex Laslavic (Lenox) wrote: > Currently at one of my sites, we are only using MailScanner to block > spam / phishing for certain domains. My plan is to eventually scan > globally, as I have been using MailScanner for years, and have lots of > faith in it, but the exchange admins are scared, so we are taking it > slowly. > > One of rules we have, that sets off SpamAssassin is: > # We want to block fraudulent email from paypal > From: @paypal.com yes > # paypal wildcard 1 > From: paypal yes > # paypal wildcard 2 > From: @*.paypal.com yes > # paypal wildcard 3 > From: *paypal* yes > > > I was being overly careful specifying the syntax, so I'm sure thats > unnecessary. > > The current problem, is that we received a message, where the Envelope > from was some random domain, but the actual From: header showed > service@paypal.com. > > This snuck by the rule, because I guess it checks the Envelope from, not > the From: header. > > Any idea how I can get past that? > > Can I specify a header check in the Rules, or just Envelope To/From? > > Headers below: > -------------------------- > > +------------------------------+-------------------------------------------------+ > | from_address | subject > | > +------------------------------+-------------------------------------------------+ > | anonymous@mail.dumbonion.com | PayPal Notification : Your account is > suspended | > +------------------------------+-------------------------------------------------+ > > > Received: from mail.dumbonion.com (unknown [64.8.111.2]) > by mail3.worldtravel.com (Postfix) with SMTP id 613201A4D35 > for ; Wed, 17 May 2006 23:26:35 -0400 > (EDT) > Received: (qmail 26668 invoked by uid 398); 17 May 2006 18:03:04 -0000 > Date: 17 May 2006 18:03:04 -0000 > To: sanitized@worldtravel.com > Subject: PayPal Notification : Your account is suspended > Message-ID: <1147888984.175046.qmail@paypal.com> > From: "Customer Support" > Content-Type: text/html > > I find that most/all of these are picked up by clamav... and the rest tend to attract a lot of points from SA... And none seem to carry the actual paypal string anywhere in the envelope sender (which is what the rules operate on), so those rules look to be a bit pointless, IMO. If you use postfix, you could make that a header check, but ... I suppose there are loads of SA rules to handle exactly this... Not to mention the MS phishing net being able to help with these, in all probability;). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Alex.Laslavic at bcdtravel.com Thu May 18 16:17:20 2006 From: Alex.Laslavic at bcdtravel.com (Alex Laslavic (Lenox)) Date: Thu May 18 16:17:39 2006 Subject: Rules, and Envelope header forging Message-ID: <1147965440.14665.33.camel@localhost.localdomain> Skipped content of type multipart/signed-------------- next part -------------- Skipped content of type multipart/alternative From alex at nkpanama.com Thu May 18 16:17:12 2006 From: alex at nkpanama.com (Alex Neuman) Date: Thu May 18 16:17:48 2006 Subject: Rules, and Envelope header forging In-Reply-To: <223f97700605180810m41174ce9p302d1bbc5e20582e@mail.gmail.com> References: <1147964033.14665.30.camel@localhost.localdomain> <223f97700605180810m41174ce9p302d1bbc5e20582e@mail.gmail.com> Message-ID: <446C8FF8.8070103@nkpanama.com> How about checking at the MTA level? Glenn Steen escribi?: > On 18/05/06, Alex Laslavic (Lenox) wrote: >> Currently at one of my sites, we are only using MailScanner to block >> spam / phishing for certain domains. My plan is to eventually scan >> globally, as I have been using MailScanner for years, and have lots of >> faith in it, but the exchange admins are scared, so we are taking it >> slowly. >> >> One of rules we have, that sets off SpamAssassin is: >> # We want to block fraudulent email from paypal >> From: @paypal.com yes >> # paypal wildcard 1 >> From: paypal yes >> # paypal wildcard 2 >> From: @*.paypal.com yes >> # paypal wildcard 3 >> From: *paypal* yes >> >> >> I was being overly careful specifying the syntax, so I'm sure thats >> unnecessary. >> >> The current problem, is that we received a message, where the Envelope >> from was some random domain, but the actual From: header showed >> service@paypal.com. >> >> This snuck by the rule, because I guess it checks the Envelope from, not >> the From: header. >> >> Any idea how I can get past that? >> >> Can I specify a header check in the Rules, or just Envelope To/From? >> >> Headers below: >> -------------------------- >> >> +------------------------------+-------------------------------------------------+ >> >> | from_address | subject >> | >> +------------------------------+-------------------------------------------------+ >> >> | anonymous@mail.dumbonion.com | PayPal Notification : Your account is >> suspended | >> +------------------------------+-------------------------------------------------+ >> >> >> >> Received: from mail.dumbonion.com (unknown [64.8.111.2]) >> by mail3.worldtravel.com (Postfix) with SMTP id 613201A4D35 >> for ; Wed, 17 May 2006 23:26:35 -0400 >> (EDT) >> Received: (qmail 26668 invoked by uid 398); 17 May 2006 18:03:04 -0000 >> Date: 17 May 2006 18:03:04 -0000 >> To: sanitized@worldtravel.com >> Subject: PayPal Notification : Your account is suspended >> Message-ID: <1147888984.175046.qmail@paypal.com> >> From: "Customer Support" >> Content-Type: text/html >> >> > I find that most/all of these are picked up by clamav... and the rest > tend to attract a lot of points from SA... And none seem to carry the > actual paypal string anywhere in the envelope sender (which is what > the rules operate on), so those rules look to be a bit pointless, IMO. > > If you use postfix, you could make that a header check, but ... I > suppose there are loads of SA rules to handle exactly this... Not to > mention the MS phishing net being able to help with these, in all > probability;). > From drew at themarshalls.co.uk Thu May 18 18:58:42 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Thu May 18 18:58:52 2006 Subject: SA Scoring In-Reply-To: <20060517220419.5096.qmail@mymail.netmagicians.com> References: <2752399fba2ea14b8101d76722a43faf@splatnix.net> <446A13E8.9050908@evi-inc.com> <20060516193627.0f51ea29@cyborg> <20060516220924.5ffb3fc8@cyborg> <223f97700605170111u1bd23d64r5721058bb18286ac@mail.gmail.com> <446B57D2.1040105@sbcglobal.net> <20060517195739.29969.qmail@mymail.netmagicians.com> <446B8501.1060500@sbcglobal.net> <223f97700605171453u4b0ccb6bwd2422da8a69e5cc2@mail.gmail.com> <20060517220419.5096.qmail@mymail.netmagicians.com> Message-ID: <4638E371-BCC2-4196-9C68-2F584E876BA3@themarshalls.co.uk> On Wed, May 17, 2006 23:04, Dhawal Doshy wrote: > Umm.. sh is bash, AFAIK no one uses the bourne shell (sh) in linux > anymore, > everyone IS using bourne again shell (bash) > > [dhawal@sauron ~]$ ll /bin/sh /bin/bash > -rwxr-xr-x 1 root root 616184 Feb 22 2005 /bin/bash > lrwxrwxrwx 1 root root 4 Jun 6 2005 /bin/sh -> bash Except those of us in the BSD (And I would guess Solaris?) also really have an good 'ole bourne shell too. Choice in open source is so great! Drew PS I did note you said Linux so I am only picking holes ;-) -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From MailScanner at ecs.soton.ac.uk Thu May 18 20:43:20 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 18 20:43:41 2006 Subject: Best Way to Control Relaying? In-Reply-To: <446BE5CC.3070600@nkpanama.com> References: <00f001c674d3$12142770$3004010a@martinhlaptop> <014f01c674d7$d0d97260$23c051cb@noc> <44634ED6.1040600@nkpanama.com> <004801c6757b$bebf67c0$23c051cb@noc> <4464D1B5.8090509@nkpanama.com> <44695777.7080907@nkpanama.com><3b85c513756f3cbe5162f8b4599c5e84@ucsc.edu> <446A55D1.9040901@nkpanama.com> <003e01c6797c$4659e580$23c051cb@noc> <446BE5CC.3070600@nkpanama.com> Message-ID: <446CCE58.1070507@ecs.soton.ac.uk> Alex Neuman van der Hans wrote: > > 3. Make sure saslauthd is running (and set to run on startup) with: > chkconfig saslauthd on > service saslauthd start One thing worth mentioning. There's a mistake (in my view) in RedHat's supplied configuration of saslauthd. In /etc/sysconfig/saslauthd, they have set MECH=shadow with the result that only /etc/passwd and /etc/shadow will be used to search for usernames and passwords. If you use any other mechanism, you will probably want to change this to MECH=pam -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From leolists at seidkr.com Thu May 18 20:47:06 2006 From: leolists at seidkr.com (=?ISO-8859-1?Q?Philip_Leonard_WV=D8T?=) Date: Thu May 18 20:47:24 2006 Subject: Whitelist by domain question... In-Reply-To: <4638E371-BCC2-4196-9C68-2F584E876BA3@themarshalls.co.uk> References: <2752399fba2ea14b8101d76722a43faf@splatnix.net> <446A13E8.9050908@evi-inc.com> <20060516193627.0f51ea29@cyborg> <20060516220924.5ffb3fc8@cyborg> <223f97700605170111u1bd23d64r5721058bb18286ac@mail.gmail.com> <446B57D2.1040105@sbcglobal.net> <20060517195739.29969.qmail@mymail.netmagicians.com> <446B8501.1060500@sbcglobal.net> <223f97700605171453u4b0ccb6bwd2422da8a69e5cc2@mail.gmail.com> <20060517220419.5096.qmail@mymail.netmagicians.com> <4638E371-BCC2-4196-9C68-2F584E876BA3@themarshalls.co.uk> Message-ID: <446CCF3A.2070904@seidkr.com> I've just implemented the by domain white/black list feature and I am wondering if MailScanner picks up changes to the white/black list files immediately when they are modified or does it only read them at startup? I am currently running MS 4.51.6. Thanks, Philip From MailScanner at ecs.soton.ac.uk Thu May 18 20:58:56 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 18 20:59:08 2006 Subject: Rules, and Envelope header forging In-Reply-To: <1147965440.14665.33.camel@localhost.localdomain> References: <1147965440.14665.33.camel@localhost.localdomain> Message-ID: <446CD200.9030208@ecs.soton.ac.uk> Alex Laslavic (Lenox) wrote: > The anti-phising rules did catch it. > ClamAV missed it. > > Spamassassin would have caught it, except it is only invoked if the > Envelope From contains "paypal". > > Oh well. I guess I'll just tell the exchange admins we need to run > spamassassin on all messages. > You should indeed run SpamAssassin on everything. Spammers put anything they like (usually some poor innocent soul) in the envelope sender address. You can do it simplistically on a few rules. That's exactly the situation that SpamAssassin is there to solve. There is no way to determine which messages should be run through SpamAssassin and which shouldn't, except in the situation where you are an ISP and have recipient customers who are/aren't paying for spam detection service. That's why you have SpamAssassin in the first place! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu May 18 21:03:24 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 18 21:03:33 2006 Subject: Whitelist by domain question... In-Reply-To: <446CCF3A.2070904@seidkr.com> References: <2752399fba2ea14b8101d76722a43faf@splatnix.net> <446A13E8.9050908@evi-inc.com> <20060516193627.0f51ea29@cyborg> <20060516220924.5ffb3fc8@cyborg> <223f97700605170111u1bd23d64r5721058bb18286ac@mail.gmail.com> <446B57D2.1040105@sbcglobal.net> <20060517195739.29969.qmail@mymail.netmagicians.com> <446B8501.1060500@sbcglobal.net> <223f97700605171453u4b0ccb6bwd2422da8a69e5cc2@mail.gmail.com> <20060517220419.5096.qmail@mymail.netmagicians.com> <4638E371-BCC2-4196-9C68-2F584E876BA3@themarshalls.co.uk> <446CCF3A.2070904@seidkr.com> Message-ID: <446CD30C.7010501@ecs.soton.ac.uk> Philip Leonard WV?T wrote: > I've just implemented the by domain white/black list feature and I am > wondering if MailScanner picks up changes to the white/black list > files immediately when they are modified or does it only read them at > startup? I am currently running MS 4.51.6. It picks up changes when MailScanner restarts its children periodically ("Restart Every" = 4 hours by default), or when you do a "service MailScanner reload". You could quite easily reduce it to every hour, that's a maximum lag that most people are happy with. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From leolists at seidkr.com Thu May 18 21:11:42 2006 From: leolists at seidkr.com (=?ISO-8859-1?Q?Philip_Leonard_WV=D8T?=) Date: Thu May 18 21:11:57 2006 Subject: {Spam?} Re: Whitelist by domain question... In-Reply-To: <446CD30C.7010501@ecs.soton.ac.uk> References: <2752399fba2ea14b8101d76722a43faf@splatnix.net> <446A13E8.9050908@evi-inc.com> <20060516193627.0f51ea29@cyborg> <20060516220924.5ffb3fc8@cyborg> <223f97700605170111u1bd23d64r5721058bb18286ac@mail.gmail.com> <446B57D2.1040105@sbcglobal.net> <20060517195739.29969.qmail@mymail.netmagicians.com> <446B8501.1060500@sbcglobal.net> <223f97700605171453u4b0ccb6bwd2422da8a69e5cc2@mail.gmail.com> <20060517220419.5096.qmail@mymail.netmagicians.com> <4638E371-BCC2-4196-9C68-2F584E876BA3@themarshalls.co.uk> <446CCF3A.2070904@seidkr.com> <446CD30C.7010501@ecs.soton.ac.uk> Message-ID: <446CD4FE.8040909@seidkr.com> Julian Field wrote: > Philip Leonard WV?T wrote: >> I've just implemented the by domain white/black list feature and I am >> wondering if MailScanner picks up changes to the white/black list >> files immediately when they are modified or does it only read them at >> startup? I am currently running MS 4.51.6. > It picks up changes when MailScanner restarts its children periodically > ("Restart Every" = 4 hours by default), or when you do a "service > MailScanner reload". > > You could quite easily reduce it to every hour, that's a maximum lag > that most people are happy with. > Thanks. That's what I figured it was but just wanted to know for sure. Philip From maillists at conactive.com Thu May 18 21:31:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu May 18 21:30:32 2006 Subject: Rules, and Envelope header forging In-Reply-To: <1147964033.14665.30.camel@localhost.localdomain> References: <1147964033.14665.30.camel@localhost.localdomain> Message-ID: Alex Laslavic (Lenox) wrote on Thu, 18 May 2006 10:53:53 -0400: > Any idea how I can get past that? Use an SA rule, SA rules work on the header. SA also has rules to check Received *and* From. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mailscanner at lists.com.ar Thu May 18 21:45:28 2006 From: mailscanner at lists.com.ar (Leonardo Helman) Date: Thu May 18 21:45:50 2006 Subject: rejection.report.txt Translation In-Reply-To: <446C7D8E.8080809@nkpanama.com> References: <20060517182058.GD13493@pert.com.ar> <446C7D8E.8080809@nkpanama.com> Message-ID: <20060518204528.GF13272@pert.com.ar> > >X-%org-name%-MailScanner: generated > > > >Usted nos ha mandado un correo electronico no requerido, y ha sido > > > "enviado" sounds better than "mandado"... Less ambiguous... > "electr?nico" requires an accent mark... That's ok, but I don't know how it will look that accent when processed by ms/mta/m.. But you are right, it was written like "electr?nico" in other files. > >rechazado. Por favor, no mande mas mails a esta direccion. > > > "rechazado. Por favor no env?e m?s correo a esta direcci?n" absolutely right > >Si tiene preguntas acerca de esto o si cree qeu ha recibido este mensaje > > > "que", not "qeu" my fat fingers > >por error, por favor contactese con los administradores de este sitio. > > > > > "contacte a los administradores de este sitio" instead of "cont?ctese > con", which would be a redundant third-person-reflexive-tense word > common in some South American countries. The analogy in English would be > to say "please contact the admins" instead of "you go ahead and make > contact with the admins yourself, on your own" :-) I'm from argentina, so either way is ok with me > Even though I've set up several MS installations in Spansh, I never > actually looked in the "es" folder. Guess I'll look now and start > contributing ;-) We have some customized messages, but I was wondering if spanish is in the top ten spoken language, maybe top five, or less if you belive everything the newspapers are writing. If I was the only one using it whith the "es" selection. Saludos -- Leonardo Helman Pert Consultores Argentina From MailScanner at ecs.soton.ac.uk Thu May 18 21:59:16 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 18 21:59:31 2006 Subject: rejection.report.txt Translation In-Reply-To: <20060518204528.GF13272@pert.com.ar> References: <20060517182058.GD13493@pert.com.ar> <446C7D8E.8080809@nkpanama.com> <20060518204528.GF13272@pert.com.ar> Message-ID: <446CE024.7060505@ecs.soton.ac.uk> Leonardo Helman wrote: >>> X-%org-name%-MailScanner: generated >>> >>> Usted nos ha mandado un correo electronico no requerido, y ha sido >>> >>> >> "enviado" sounds better than "mandado"... Less ambiguous... >> "electr?nico" requires an accent mark... >> > That's ok, but I don't know how it will look that accent when processed > by ms/mta/m.. > But you are right, it was written like "electr?nico" in other files. > > >>> rechazado. Por favor, no mande mas mails a esta direccion. >>> >>> >> "rechazado. Por favor no env?e m?s correo a esta direcci?n" >> > absolutely right > > >>> Si tiene preguntas acerca de esto o si cree qeu ha recibido este mensaje >>> >>> >> "que", not "qeu" >> > my fat fingers > > >>> por error, por favor contactese con los administradores de este sitio. >>> >>> >>> >> "contacte a los administradores de este sitio" instead of "cont?ctese >> con", which would be a redundant third-person-reflexive-tense word >> common in some South American countries. The analogy in English would be >> to say "please contact the admins" instead of "you go ahead and make >> contact with the admins yourself, on your own" :-) >> > I'm from argentina, so either way is ok with me > > > >> Even though I've set up several MS installations in Spansh, I never >> actually looked in the "es" folder. Guess I'll look now and start >> contributing ;-) >> > We have some customized messages, but I was wondering if spanish is > in the top ten spoken language, maybe top five, or less if you > belive everything the newspapers are writing. If I was the only > one using it whith the "es" selection. I should have remembered that you Spanish-speaking folks can never agree on anything related to language and wording, and just ignored you for a few weeks for a vague concensus to appear on how you want it worded. :-)) Get back to me when you have a translation that you all agree on (or as close to agreeing as you are likely to get). :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From alex at nkpanama.com Thu May 18 23:56:32 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu May 18 23:56:47 2006 Subject: Best Way to Control Relaying? In-Reply-To: <446CCE58.1070507@ecs.soton.ac.uk> References: <00f001c674d3$12142770$3004010a@martinhlaptop> <014f01c674d7$d0d97260$23c051cb@noc> <44634ED6.1040600@nkpanama.com> <004801c6757b$bebf67c0$23c051cb@noc> <4464D1B5.8090509@nkpanama.com> <44695777.7080907@nkpanama.com><3b85c513756f3cbe5162f8b4599c5e84@ucsc.edu> <446A55D1.9040901@nkpanama.com> <003e01c6797c$4659e580$23c051cb@noc> <446BE5CC.3070600@nkpanama.com> <446CCE58.1070507@ecs.soton.ac.uk> Message-ID: <446CFBA0.6090601@nkpanama.com> Julian Field wrote: > Alex Neuman van der Hans wrote: >> >> 3. Make sure saslauthd is running (and set to run on startup) with: >> chkconfig saslauthd on >> service saslauthd start > One thing worth mentioning. There's a mistake (in my view) in RedHat's > supplied configuration of saslauthd. > > In /etc/sysconfig/saslauthd, they have set > MECH=shadow > with the result that only /etc/passwd and /etc/shadow will be used to > search for usernames and passwords. > > If you use any other mechanism, you will probably want to change this to > MECH=pam > I'll look into it right away! Thanks... Question... would this enable people to use methods other than PLAIN and LOGIN (like MD5, etc.) to authenticate using supported clients? From alex at nkpanama.com Thu May 18 23:58:43 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu May 18 23:58:51 2006 Subject: rejection.report.txt Translation In-Reply-To: <20060518204528.GF13272@pert.com.ar> References: <20060517182058.GD13493@pert.com.ar> <446C7D8E.8080809@nkpanama.com> <20060518204528.GF13272@pert.com.ar> Message-ID: <446CFC23.1040903@nkpanama.com> Leonardo Helman wrote: > > We have some customized messages, but I was wondering if spanish is > in the top ten spoken language, maybe top five, or less if you > belive everything the newspapers are writing. If I was the only > one using it whith the "es" selection. > > You have to remember spanish speakers are probably one third of the US population as well... > Saludos > > -- > Leonardo Helman > Pert Consultores > Argentina > From alex at nkpanama.com Fri May 19 00:00:22 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri May 19 00:00:53 2006 Subject: rejection.report.txt Translation In-Reply-To: <446CE024.7060505@ecs.soton.ac.uk> References: <20060517182058.GD13493@pert.com.ar> <446C7D8E.8080809@nkpanama.com> <20060518204528.GF13272@pert.com.ar> <446CE024.7060505@ecs.soton.ac.uk> Message-ID: <446CFC86.304@nkpanama.com> Julian Field wrote: > Leonardo Helman wrote: >> >>> >> I'm from argentina, so either way is ok with me >> > > Get back to me when you have a translation that you all agree on (or > as close to agreeing as you are likely to get). > :-) > This from a culture (English speakers) who spell knife with a "k" and can't agree on spelling things like aluminium, realise, centre, and so on... ;-) From nauman at worldcall.net.pk Fri May 19 06:50:26 2006 From: nauman at worldcall.net.pk (Muhammad Nauman) Date: Fri May 19 07:03:32 2006 Subject: Best Way to Control Relaying? References: <00f001c674d3$12142770$3004010a@martinhlaptop> <014f01c674d7$d0d97260$23c051cb@noc> <44634ED6.1040600@nkpanama.com> <004801c6757b$bebf67c0$23c051cb@noc> <4464D1B5.8090509@nkpanama.com> <44695777.7080907@nkpanama.com><3b85c513756f3cbe5162f8b4599c5e84@ucsc.edu> <446A55D1.9040901@nkpanama.com> <003e01c6797c$4659e580$23c051cb@noc> <446BE5CC.3070600@nkpanama.com><446CCE58.1070507@ecs.soton.ac.uk> <446CFBA0.6090601@nkpanama.com> Message-ID: <000801c67b08$25fa8e10$23c051cb@noc> > Julian Field wrote: >> Alex Neuman van der Hans wrote: >>> >>> 3. Make sure saslauthd is running (and set to run on startup) with: >>> chkconfig saslauthd on >>> service saslauthd start >> One thing worth mentioning. There's a mistake (in my view) in RedHat's >> supplied configuration of saslauthd. >> >> In /etc/sysconfig/saslauthd, they have set >> MECH=shadow >> with the result that only /etc/passwd and /etc/shadow will be used to >> search for usernames and passwords. >> >> If you use any other mechanism, you will probably want to change this to >> MECH=pam After A long Reading and Work i did managed to Make the SMTP AUTH Work as i can see it in my maillog: May 18 13:08:55 mailserver [4145]: AUTH=server, relay=abc.xyz.com[192.168.1.25], authid=nauman, mech=LOGIN, bits =0 But then again - i was having problem that - it was not asking for authentation from all the users , just those who have ticked the option in outlook. so i started playing around to stop anoymous logins - which were still relaying without authentication define(`confAUTH_OPTIONS', `A p y')dnl and in this process i even re-compiled sendmail - with Sh Build -c I Have my devtools/Site/site.config.m4 as : dnl Milter APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER') APPENDDEF(`conf_libmilter_ENVDEF', `-D_FFR_MILTER_ROOT_UNSAFE') APPENDDEF(`conf_sendmail_ENVDEF', `-DSASL=2') APPENDDEF(`conf_sendmail_LIBS', `-lsasl2') and i rebuit my sendmail and verified it as : [root@root]# sendmail -d0.1 -bv Version 8.13.5 Compiled with: DNSMAP LOG MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETUNIX NEWDB PIPELINING SASLv2 SCANF USERDB XDEBUG [root@root]# /etc/init.d/saslauthd status saslauthd (pid 3235 3234 3233 3232 3228) is running... and then coming to the Sendmail.mc define(`confAUTH_OPTIONS', `A p y')dnl TRUST_AUTH_MECH(`LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl and now when i telnet localhost 25 : it do'nt ask any AUTH LOGIN : 220 ESMTP EHLO mailserver 250-localhost.localdomain Hello abc.xyz.com [192.168.1.3], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DELIVERBY 250 HELP I NEED TO DO it - and i want it working Fully fine - i cant find - where i m going Wrong - IF any one can HELP it would be great . So far as AUTH MECH - i will stick to the shadow methord ! Thanks and regards, M.Nauman Habib Network Engineer ICT Department WorldCALL Multimedia Pvt Ltd 16-S Gulberg II Lahore, Pakistan Off: 92 (42) 5877051-55 Cell : 0321-4311830 -- This message has been scanned for viruses and dangerous content by WorldCall Scanner, and is believed to be clean. From maillists at conactive.com Fri May 19 13:31:17 2006 From: maillists at conactive.com (maillists@conactive.com) Date: Fri May 19 13:29:22 2006 Subject: Best Way to Control Relaying? In-Reply-To: <000801c67b08$25fa8e10$23c051cb@noc> References: <00f001c674d3$12142770$3004010a@martinhlaptop> <014f01c674d7$d0d97260$23c051cb@noc> <44634ED6.1040600@nkpanama.com> <004801c6757b$bebf67c0$23c051cb@noc> <4464D1B5.8090509@nkpanama.com> <44695777.7080907@nkpanama.com> <3b85c513756f3cbe5162f8b4599c5e84@ucsc.edu> <446A55D1.9040901@nkpanama.com> <003e01c6797c$4659e580$23c051cb@noc> <446BE5CC.3070600@nkpanama.com> <446CCE58.1070507@ecs.soton.ac.uk> <000801c67b08$25fa Message-ID: 8e10$23c051cb@noc> From: "Kai Schaetzl" Reply-To: mailscanner@lists.mailscanner.info X-Rcpt-To: Muhammad Nauman wrote on Fri, 19 May 2006 10:50:26 +0500: > it do'nt ask any AUTH LOGIN : Your sendmail.mc options look fine. You have to use feature check_delay or nobody will have the chance to authenticate. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From glenn.steen at gmail.com Fri May 19 15:01:26 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri May 19 15:01:29 2006 Subject: Best Way to Control Relaying? In-Reply-To: References: <00f001c674d3$12142770$3004010a@martinhlaptop> <44695777.7080907@nkpanama.com> <3b85c513756f3cbe5162f8b4599c5e84@ucsc.edu> <446A55D1.9040901@nkpanama.com> <003e01c6797c$4659e580$23c051cb@noc> <446BE5CC.3070600@nkpanama.com> <446CCE58.1070507@ecs.soton.ac.uk> <000801c67b08$25fa8e10$23c051cb@noc> Message-ID: <223f97700605190701i2d5ffd73yc29d921a456138de@mail.gmail.com> On 19/05/06, maillists@conactive.com wrote: > 8e10$23c051cb@noc> > From: "Kai Schaetzl" > Reply-To: mailscanner@lists.mailscanner.info > X-Rcpt-To: > Kai (& whomever might be concerned ... Perhaps Jules, perhaps someone at blicknight), In case you haven't noticed, some of your replies are slightly mangled... Something is inserting a spurious newline in the header section... Or rather, looking at the headers, somewhat more....: ------------------------------ (snip'd a bunch of OK looking headers) References: <00f001c674d3$12142770$3004010a@martinhlaptop> <014f01c674d7$d0d97260$23c051cb@noc> <44634ED6.1040600@nkpanama.com> <004801c6757b$bebf67c0$23c051cb@noc> <4464D1B5.8090509@nkpanama.com> <44695777.7080907@nkpanama.com> <3b85c513756f3cbe5162f8b4599c5e84@ucsc.edu> <446A55D1.9040901@nkpanama.com> <003e01c6797c$4659e580$23c051cb@noc> <446BE5CC.3070600@nkpanama.com> <446CCE58.1070507@ecs.soton.ac.uk> <000801c67b08$25fa Subject: Re: Best Way to Control Relaying? X-BeenThere: mailscanner@lists.mailscanner.info X-Mailman-Version: 2.1.5 Precedence: list Reply-To: MailScanner discussion List-Id: MailScanner discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: mailscanner-bounces@lists.mailscanner.info Errors-To: mailscanner-bounces@lists.mailscanner.info 8e10$23c051cb@noc> From: "Kai Schaetzl" Reply-To: mailscanner@lists.mailscanner.info X-Rcpt-To: (snip'd actual message body) ---------------------------------------- Note that the "8e10$23c051cb@noc>" seems to be the tail part of "<446CCE58.1070507@ecs.soton.ac.uk> <000801c67b08$25fa", with that hefty chuck of inserted headers in between. Now, just who/what should one assign blame to....:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mikea at mikea.ath.cx Fri May 19 15:38:48 2006 From: mikea at mikea.ath.cx (mikea) Date: Fri May 19 15:38:54 2006 Subject: rejection.report.txt Translation In-Reply-To: <446CFC86.304@nkpanama.com>; from alex@nkpanama.com on Thu, May 18, 2006 at 06:00:22PM -0500 References: <20060517182058.GD13493@pert.com.ar> <446C7D8E.8080809@nkpanama.com> <20060518204528.GF13272@pert.com.ar> <446CE024.7060505@ecs.soton.ac.uk> <446CFC86.304@nkpanama.com> Message-ID: <20060519093848.F55131@mikea.ath.cx> On Thu, May 18, 2006 at 06:00:22PM -0500, Alex Neuman van der Hans wrote: > Julian Field wrote: > > Leonardo Helman wrote: > >> > >>> > >> I'm from argentina, so either way is ok with me > >> > > > > Get back to me when you have a translation that you all agree on (or > > as close to agreeing as you are likely to get). > > :-) > > > > This from a culture (English speakers) who spell knife with a "k" and > can't agree on spelling things like aluminium, realise, centre, and so > on... ;-) "The problem with defending the purity of the English language is that English is about as pure as a cribhouse whore. We don't just borrow words; on occasion, English has pursued other languages down alleyways to beat them unconscious and rifle their pockets for new vocabulary." -- James D. Nicoll But I still like MailScanner, and my bosses and users like what I can do with it. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From glenn.steen at gmail.com Fri May 19 16:12:02 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri May 19 16:12:08 2006 Subject: rejection.report.txt Translation In-Reply-To: <20060519093848.F55131@mikea.ath.cx> References: <20060517182058.GD13493@pert.com.ar> <446C7D8E.8080809@nkpanama.com> <20060518204528.GF13272@pert.com.ar> <446CE024.7060505@ecs.soton.ac.uk> <446CFC86.304@nkpanama.com> <20060519093848.F55131@mikea.ath.cx> Message-ID: <223f97700605190812k65b264afr9ea6b9c2fd3b4f6e@mail.gmail.com> On 19/05/06, mikea wrote: > On Thu, May 18, 2006 at 06:00:22PM -0500, Alex Neuman van der Hans wrote: > > Julian Field wrote: > > > Leonardo Helman wrote: > > >> > > >>> > > >> I'm from argentina, so either way is ok with me > > >> > > > > > > Get back to me when you have a translation that you all agree on (or > > > as close to agreeing as you are likely to get). > > > :-) > > > > > > > This from a culture (English speakers) who spell knife with a "k" and > > can't agree on spelling things like aluminium, realise, centre, and so > > on... ;-) > > "The problem with defending the purity of the English language is that > English is about as pure as a cribhouse whore. We don't just borrow words; on > occasion, English has pursued other languages down alleyways to beat them > unconscious and rifle their pockets for new vocabulary." -- James D. Nicoll s/English/\$LANG/g; I think this is actually built into the very concept of language as such. Or perhaps one should say into humanity... Well, perhaps not the beating-crap-out-of part, just the excessive "borrowing":-). > But I still like MailScanner, and my bosses and users like what I can > do with it. CC. > > -- > Mike Andrews, W5EGO > mikea@mikea.ath.cx > Tired old sysadmin Hm, CC to that too... I think:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at nkpanama.com Fri May 19 18:19:38 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri May 19 18:19:51 2006 Subject: Best Way to Control Relaying? In-Reply-To: <000801c67b08$25fa8e10$23c051cb@noc> References: <00f001c674d3$12142770$3004010a@martinhlaptop> <014f01c674d7$d0d97260$23c051cb@noc> <44634ED6.1040600@nkpanama.com> <004801c6757b$bebf67c0$23c051cb@noc> <4464D1B5.8090509@nkpanama.com> <44695777.7080907@nkpanama.com><3b85c513756f3cbe5162f8b4599c5e84@ucsc.edu> <446A55D1.9040901@nkpanama.com> <003e01c6797c$4659e580$23c051cb@noc> <446BE5CC.3070600@nkpanama.com><446CCE58.1070507@ecs.soton.ac.uk> <446CFBA0.6090601@nkpanama.com> <000801c67b08$25fa8e10$23c051cb@noc> Message-ID: <446DFE2A.8010407@nkpanama.com> Muhammad Nauman wrote: > > and in this process i even re-compiled sendmail - with Sh Build -c > So far as AUTH MECH - i will stick to the shadow methord ! If you're using an old version of RH you can look for a newer RPM so you don't have to recompile. You can look for it at http://www.city-fan.org/ftp/contrib/mail/ - along with a bunch of other things like SPF. From Kevin_Miller at ci.juneau.ak.us Fri May 19 18:47:02 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri May 19 18:47:15 2006 Subject: Microsoft .doc exploit Message-ID: May be premature to block .doc files, but SANS reports on a zero day rootkit carried in a word doc. http://www.incidents.org/diary.php?storyid=1345 It's in the wild but was a targeted attack. Apparently no AV signatures yet. One to watch. Boy it's good to have a system that can block such things with a couple lines and 30 seconds of time! In the past couple of weeks I've had two different venders try to sell me their proprietary systems. They're wasting their time. MailScanner rocks! ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From steve.swaney at fsl.com Fri May 19 19:03:03 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Fri May 19 19:03:08 2006 Subject: Microsoft .doc exploit In-Reply-To: Message-ID: <1da701c67b6e$79746cd0$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Kevin Miller > Sent: Friday, May 19, 2006 1:47 PM > To: MailScanner discussion > Subject: Microsoft .doc exploit > > May be premature to block .doc files, but SANS reports on a zero day > rootkit carried in a word doc. > http://www.incidents.org/diary.php?storyid=1345 It's in the wild but > was a targeted attack. > > Apparently no AV signatures yet. One to watch. > > Boy it's good to have a system that can block such things with a couple > lines and 30 seconds of time! In the past couple of weeks I've had two > different venders try to sell me their proprietary systems. They're > wasting their time. MailScanner rocks! > > > ...Kevin Here's the InfoWorld article: http://www.infoworld.com/article/06/05/19/78499_HNword0day_1.html?source=NLC -TB2006-05-19 Looks like some of the anti-virus engines are starting to get caught up. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From maillists at conactive.com Fri May 19 19:31:18 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Fri May 19 19:29:22 2006 Subject: Best Way to Control Relaying? In-Reply-To: <223f97700605190701i2d5ffd73yc29d921a456138de@mail.gmail.com> References: <00f001c674d3$12142770$3004010a@martinhlaptop> <44695777.7080907@nkpanama.com> <3b85c513756f3cbe5162f8b4599c5e84@ucsc.edu> <446A55D1.9040901@nkpanama.com> <003e01c6797c$4659e580$23c051cb@noc> <446BE5CC.3070600@nkpanama.com> <446CCE58.1070507@ecs.soton.ac.uk> <000801c67b08$25fa8e10$23c051cb@noc> <223f97700605190701i2d5ffd73yc29d921a456138de@mail.gmail.com> Message-ID: Glenn Steen wrote on Fri, 19 May 2006 16:01:26 +0200: > In case you haven't noticed, some of your replies are slightly > mangled Hi Glenn, thanks for the reminder. I had noticed this already some weeks ago, but didn't find a cause and forgot about it. It must be some bug in my program triggered by the way that the quoted references line in the replied message was constructed by that email program. (The programm used, Outlook Express, adds the last message-id not to the folded line but inserts a new line *and* removes the white space before the last message-id in the folded line. The first thing seems to be ok, the second thing could be a bug, since the client is supposed to take the message-id line and add to it, not alter it. Anyway, my client shouldn't break the last message-id like it does.) The broken-up message-id then confuses mailman and it inserts its own headers at the wrong position. I hope we can get this fixed soon, now that I at least know the circumstances when it happens. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From matt at coders.co.uk Fri May 19 20:01:44 2006 From: matt at coders.co.uk (Matt Hampton) Date: Fri May 19 20:01:46 2006 Subject: OT: Ebay spam got me thinking Message-ID: <446E1618.6080907@coders.co.uk> Evening I was thinking last night about some recent Ebay spam that I got and the thread started by Alex Laslavic ("Rules, and Envelope header forging"). SPF (and domain keys) work well to protect the recipient from forged envelope. I was thinking about an extension to this - a policy of whether a domain emails are ever sent with a different domain in the envelope. This couldn't be just a simple extension of SPF as this would break the workarounds for the "send this link to a friend" so it needs to be possible to implement to a least on a per email basis - I was thinking that you could put something like this joe.bloggs@bank.com ALLOW jane.smith@bank.com ALLOW support@bank.com RESTRICT support*@bank.com RESTRICT In to some form of DNS based lookup. Any comments (or is there something like this already)? matt From alex at nkpanama.com Fri May 19 20:03:56 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri May 19 20:04:04 2006 Subject: Best Way to Control Relaying? In-Reply-To: References: <00f001c674d3$12142770$3004010a@martinhlaptop> <44695777.7080907@nkpanama.com> <3b85c513756f3cbe5162f8b4599c5e84@ucsc.edu> <446A55D1.9040901@nkpanama.com> <003e01c6797c$4659e580$23c051cb@noc> <446BE5CC.3070600@nkpanama.com> <446CCE58.1070507@ecs.soton.ac.uk> <000801c67b08$25fa8e10$23c051cb@noc> <223f97700605190701i2d5ffd73yc29d921a456138de@mail.gmail.com> Message-ID: <446E169C.6010907@nkpanama.com> Kai Schaetzl wrote: > Glenn Steen wrote on Fri, 19 May 2006 16:01:26 +0200: > > >> In case you haven't noticed, some of your replies are slightly >> mangled >> > I hope we can get this fixed soon, now that I at least know the > circumstances when it happens. > > Kai > > The fix for this particular problem with Outlook Express - and a large number of other problems - can be found at the following address: *http://tinyurl.com/k2ch7 *Let me know if it works for you :-) From matt at coders.co.uk Fri May 19 20:07:01 2006 From: matt at coders.co.uk (Matt Hampton) Date: Fri May 19 20:07:01 2006 Subject: OT: Ebay spam got me thinking In-Reply-To: <446E1618.6080907@coders.co.uk> References: <446E1618.6080907@coders.co.uk> Message-ID: <446E1755.2090601@coders.co.uk> Replying to self! > joe.bloggs@bank.com ALLOW > jane.smith@bank.com ALLOW > support@bank.com RESTRICT > support*@bank.com RESTRICT The last one wouldn't work as the number of DNS lookups could be the maximum of the number of the number of characters in the email address. I think it should be @bank.com ALLOW support@bank.com RESTRICT The use of subdomains could be used to make this more scalable e.g. @support.bank.com RESTRICT matt From glenn.steen at gmail.com Fri May 19 21:19:53 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri May 19 21:19:57 2006 Subject: Best Way to Control Relaying? In-Reply-To: References: <00f001c674d3$12142770$3004010a@martinhlaptop> <3b85c513756f3cbe5162f8b4599c5e84@ucsc.edu> <446A55D1.9040901@nkpanama.com> <003e01c6797c$4659e580$23c051cb@noc> <446BE5CC.3070600@nkpanama.com> <446CCE58.1070507@ecs.soton.ac.uk> <000801c67b08$25fa8e10$23c051cb@noc> <223f97700605190701i2d5ffd73yc29d921a456138de@mail.gmail.com> Message-ID: <223f97700605191319l91f1792r164e56953b4c33b5@mail.gmail.com> On 19/05/06, Kai Schaetzl wrote: > Glenn Steen wrote on Fri, 19 May 2006 16:01:26 +0200: > > > In case you haven't noticed, some of your replies are slightly > > mangled > > Hi Glenn, thanks for the reminder. I had noticed this already some weeks > ago, but didn't find a cause and forgot about it. It must be some bug in > my program triggered by the way that the quoted references line in the > replied message was constructed by that email program. > (The programm used, Outlook Express, adds the last message-id not to the > folded line but inserts a new line *and* removes the white space before > the last message-id in the folded line. The first thing seems to be ok, > the second thing could be a bug, since the client is supposed to take the > message-id line and add to it, not alter it. Anyway, my client shouldn't > break the last message-id like it does.) > The broken-up message-id then confuses mailman and it inserts its own > headers at the wrong position. > I hope we can get this fixed soon, now that I at least know the > circumstances when it happens. > > Kai > Ah, thought it might be something like that. I suppose you could take Alex advice.... i really like TB myself... Now, how to convince the PHB to drop LookOut entirely...:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From maillists at conactive.com Fri May 19 23:31:16 2006 From: maillists at conactive.com (maillists@conactive.com) Date: Fri May 19 23:29:20 2006 Subject: Best Way to Control Relaying? In-Reply-To: <446E169C.6010907@nkpanama.com> References: <00f001c674d3$12142770$3004010a@martinhlaptop> <44695777.7080907@nkpanama.com> <3b85c513756f3cbe5162f8b4599c5e84@ucsc.edu> <446A55D1.9040901@nkpanama.com> <003e01c6797c$4659e580$23c051cb@noc> <446BE5CC.3070600@nkpanama.com> <446CCE58.1070507@ecs.soton.ac.uk> <000801c67b08$25fa8e10$23c051cb@noc> <223f97700605190701i2d5ffd73yc29d921a456138de@mail.gmail.com> <446E169C.60109 Message-ID: 07@nkpanama.com> From: "Kai Schaetzl" Reply-To: mailscanner@lists.mailscanner.info X-Rcpt-To: Alex Neuman van der Hans wrote on Fri, 19 May 2006 14:03:56 -0500: > The fix for this particular problem with Outlook Express You did not understand my explanation ;-) I don't use Outlook Express. I use a program which has a bug in this area which may get triggered by the way that Outlook Express handled the references header. That's all. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From nick.smith67 at googlemail.com Fri May 19 23:55:02 2006 From: nick.smith67 at googlemail.com (Nick Smith) Date: Fri May 19 23:55:05 2006 Subject: More encoded subject woes Message-ID: Hi, MS 4.54-2 / Postfix 2.10 I've got more trouble with encoded subject headers being "mishandled" from a recipient's point of view. The issue occurs when, for whatever reason, MIME-Tools is unable to decode an encoded subject properly - this example is UTF-8, but I don't know if it may affect other encoding types too =?UTF-8?B?5oOF5aCx6YCj57Wh56WoIC0gVVNHcumVt+WQiOitsOW+heOBoSA=?==? UTF-8?B?LSDnrKzvvJTvvJjlm57lhajml6XmnKwgLSDlsZXnpLrkvJrjga7lh7rlsZU=?= If you feed that string to MIME::WordDecoder::unmime it returns: ????? - USGr????? - ??????? - ?????? I have absolutely no idea why this happens - whether it's a bug or expected behaviour on the part of MIME-Tools, but I assume that each question mark represents a multi-byte (Japanese in this case) character that it was not possible to decode Drop the same string into an Outlook message and send it via SMTP (making sure that it bypasses MailScanner), and when it arrives it should show a bunch of Japanese characters. The recipients are understandably not happy that the subject of their email when it shows up has been replaced by a bunch of question marks I've worked around this problem with a patch against Postfix.pm (attached), but I'm less than comfortable with it. Basically what it does is to unmime into a temporary holding string instead of the $message structure and then take a look at the results of its handiwork. If it sees more than an arbitrary number of consecutive ?'s (I picked more than 3 as a reasonable number), it assumes that the unmime was unsuccessful and allows the original encoded subject to pass. Otherwise it assumes decode success and fills the message->{subject} structure with the unmime result The first problem is that the ???? test is far from foolproof - there's loads of scope for false +ves and false -ves. The second problem is I'm not sure what issues this might cause if MS has to alter the subject later. I'm not altering any subjects at all so it wouldn't be a worry on my system but... Clearly I'm working with Postfix here, but this affects other MTA's too. Equally clearly the proper answer is to figure out what's up with MIME-Tools, but I'm afraid that's way beyond my capabilities :( Thoughts appreciated Thanks Nick -------------- next part -------------- A non-text attachment was scrubbed... Name: ms-4.54-2-skiputf8.patch Type: application/octet-stream Size: 1403 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060519/4bef7f90/ms-4.54-2-skiputf8.obj From rich at mail.wvnet.edu Sat May 20 03:32:11 2006 From: rich at mail.wvnet.edu (Richard Lynch) Date: Sat May 20 03:32:52 2006 Subject: Custom function white/black list bug? Message-ID: <446E7FAB.5010609@mail.wvnet.edu> Hello Julian, I'm afraid you're the only one who can answer this since it's your code. Thanks for any insight you can give. I'm using the by domain whitelist/blacklist custom functions. I'm trying to whitelist a particular "To:" address (abuse@our_domain). I've put that entry into the /etc/MailScanner/spam.bydomain/whitelist/default file. However, when someone sends a spam report to our abuse address it gets flagged as spam and gets deleted. I'm not sure if this is a bug or not. Perhaps this facility was designed only for the "From:" address and not the "To:" address. Looking at the code there are the following lines.... return 1 if $BlackWhite->{'default'}{$from}; return 1 if $BlackWhite->{'default'}{$fromdomain}; return 1 if $BlackWhite->{'default'}{$ip}; There is not a lookup for the "To:" address ($to). So, I added the following line after the above lines. return 1 if $BlackWhite->{'default'}{$to}; This appears to have corrected the problem. Are there unexpected consequences to doing this ??? Is this something that should be done? If it's OK would you consider adding it to the distribution? Note: I may be completely off base in my understanding of the code! Thanks. -- Rich -- -------------- next part -------------- A non-text attachment was scrubbed... Name: rich.vcf Type: text/x-vcard Size: 299 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060519/0e6937a3/rich.vcf From padma at eis.iisc.ernet.in Sat May 20 09:55:32 2006 From: padma at eis.iisc.ernet.in (padma@eis.iisc.ernet.in) Date: Sat May 20 04:25:24 2006 Subject: problem with phishing fraud Message-ID: I have installed MailScanner-4.52 on a FC2 with f-prot. Mailscanner seems to detect a genuine URL as phishing Fraud. In this case though both scitation.aip.org and ecsdl.org resolve to the same IP address but donot have a CNAME to each other. Any way to prevent this happen again ? The following is the mail: ------------------------------------------------------------------------------- For more information about any of the following items, click on the highlighted text. Journal of The Electrochemical Society MailScanner has detected a possible fraud attempt from "scitation.aip.org" claiming to be http://ecsdl.org/JES/ - The latest issue (Volume 153, Number 6, 2006) is now complete. Electrochemical and Solid-State Letters MailScanner has detected a possible fraud attempt from "scitation.aip.org" claiming to be http://ecsdl.org/ESL/ - The latest issue (Volume 9, Number 6, 2006) is now complete. For an index of the Journal page numbers by section, go to http://www.electrochem.org/dl/jes/jes_sec_ind.htm For an index of Letters page numbers by section, go to http://www.electrochem.org/dl/esl/esl_sec_ind.htm For information about accessing the online editions, go to http://www.electrochem.org/dl/order/member_online_access.htm For information about submitting a manuscript to one of the ECS journals, go to http://www.electrochem.org/dl/support/jrnls_auth_info.htm ECS home page: http://www.electrochem.org/ If you do not wish to receive any further e-mail notifications, please send an e-mail to membership@electrochem.org. Your e-mail address will be removed from the ECS database. ----------------------------------------------------------------------------------- Regards Ms.Padma From nauman at worldcall.net.pk Sat May 20 08:37:24 2006 From: nauman at worldcall.net.pk (Muhammad Nauman) Date: Sat May 20 08:37:40 2006 Subject: Best Way to Control Relaying? References: <00f001c674d3$12142770$3004010a@martinhlaptop> <014f01c674d7$d0d97260$23c051cb@noc> <44634ED6.1040600@nkpanama.com> <004801c6757b$bebf67c0$23c051cb@noc> <4464D1B5.8090509@nkpanama.com> <44695777.7080907@nkpanama.com><3b85c513756f3cbe5162f8b4599c5e84@ucsc.edu> <446A55D1.9040901@nkpanama.com> <003e01c6797c$4659e580$23c051cb@noc> <446BE5CC.3070600@nkpanama.com><446CCE58.1070507@ecs.soton.ac.uk> <446CFBA0.6090601@nkpanama.com><000801c67b08$25fa8e10$23c051cb@noc> <446DFE2A.8010407@nkpanama.com> Message-ID: <00ea01c67be0$3e8e6d10$23c051cb@noc> From: "Alex Neuman van der Hans" >> and in this process i even re-compiled sendmail - with Sh Build -c >> So far as AUTH MECH - i will stick to the shadow methord ! > If you're using an old version of RH you can look for a newer RPM so you > don't have to recompile. You can look for it at > http://www.city-fan.org/ftp/contrib/mail/ - along with a bunch of other > things like SPF. Well i m again Back - Fixed the AUTH to work ( Only who ticks the option in Outlook) - but i think i have screwed up my MAIL SCANNER - its not working fine . All the Mails which were marked as Spam 1 day earlier - are all Passing by clearly - i think SPAM ASSASSIN is not working fine i had some error previously as : May 20 12:16:41 MYServer spamd[3107]: configuration file "/usr/share/spamassassin/20_advance_fee.cf" requires version 3.001001 of SpamAssassin, but this is code version 3.000004. Maybe you need to use the -C switch, or remove the old config files? Skippin g this file at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 332. May 20 12:16:41 MYServer spamd[3107]: configuration file "/usr/share/spamassassin/20_net_tests.cf" requires version 3.001001 of S pamAssassin, but this is code version 3.000004. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 332. May 20 12:16:41 MYServer spamd[3107]: Failed to run __ENV_AND_HDR_FROM_MATCH SpamAssassin test, skipping:__(Can't locate object m ethod "check_for_matching_env_and_hdr_from" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/vendor_perl/5.8.5 /Mail/SpamAssassin/PerMsgStatus.pm line 2341._) May 20 12:16:41 MYServer spamd[3107]: Failed to run USER_IN_DEF_SPF_WL SpamAssassin test, skipping:__(Can't locate object method "check_for_def_spf_whitelist_from" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/vendor_perl/5.8.5/Mail/Spa mAssassin/PerMsgStatus.pm line 2341._) May 20 12:16:41 MYServer spamd[3107]: Failed to run USER_IN_SPF_WHITELIST SpamAssassin test, skipping:__(Can't locate object meth od "check_for_spf_whitelist_from" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/vendor_perl/5.8.5/Mail/Spam Assassin/PerMsgStatus.pm line 2341._) BUT IN NEW LOG its ALL FINE : May 20 12:27:02 MYServer MailScanner[3095]: New Batch: Scanning 1 messages, 1629 bytes May 20 12:27:02 MYServer MailScanner[3095]: MCP Checks completed at 10389 bytes per second May 20 12:27:02 MYServer MailScanner[3095]: Spam Checks: Starting May 20 12:27:03 MYServer MailScanner[3095]: Spam Checks completed at 3342 bytes per second May 20 12:27:03 MYServer MailScanner[3095]: Virus and Content Scanning: Starting May 20 12:27:03 MYServer MailScanner[3095]: Virus Scanning completed at 12667 bytes per second May 20 12:27:03 MYServer MailScanner[3095]: Uninfected: Delivered 1 messages May 20 12:27:03 MYServer MailScanner[3095]: Virus Processing completed at 104698 bytes per second May 20 12:27:03 MYServer MailScanner[3095]: Disinfection completed at 18719236 bytes per second May 20 12:27:03 MYServer MailScanner[3095]: Batch completed at 2048 bytes per second (1629 / 0) May 20 12:27:03 MYServer MailScanner[3095]: Batch processed in 0.80 seconds ############################################################################# And About the AUTH - i m been ask for authentation Only if I m checking the option in OUTLOOK - If my users do'nt Enable that Option - they can still send mail - HOW CAN I STOP this ?? and i do see the AUTH PLAIN when i telnet localhost 25 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 15000000 250-AUTH LOGIN PLAIN 250-DELIVERBY 250 HELP ############################################################################## Thanks and regards, M.Nauman Habib Network Engineer ICT Department WorldCALL Multimedia Pvt Ltd 16-S Gulberg II Lahore, Pakistan Off: 92 (42) 5877051-55 Cell : 0321-4311830 -- This message has been scanned for viruses and dangerous content by WorldCall Scanner, and is believed to be clean. From nick.smith67 at googlemail.com Sat May 20 09:54:20 2006 From: nick.smith67 at googlemail.com (Nick Smith) Date: Sat May 20 09:54:23 2006 Subject: More encoded subject woes In-Reply-To: References: Message-ID: On 5/19/06, Nick Smith wrote: > Hi, > > MS 4.54-2 / Postfix 2.10 > > I've got more trouble with encoded subject headers being "mishandled" > from a recipient's point of view. The issue occurs when, for whatever > reason, MIME-Tools is unable to decode an encoded subject properly - > this example is UTF-8, but I don't know if it may affect other > encoding types too > > =?UTF-8?B?5oOF5aCx6YCj57Wh56WoIC0gVVNHcumVt+WQiOitsOW+heOBoSA=?==? > UTF-8?B?LSDnrKzvvJTvvJjlm57lhajml6XmnKwgLSDlsZXnpLrkvJrjga7lh7rlsZU=?= > > If you feed that string to MIME::WordDecoder::unmime it returns: > > ????? - USGr????? - ??????? - ?????? > > I have absolutely no idea why this happens - whether it's a bug or > expected behaviour on the part of MIME-Tools, but I assume that each > question mark represents a multi-byte (Japanese in this case) > character that it was not possible to decode > > Drop the same string into an Outlook message and send it via SMTP > (making sure that it bypasses MailScanner), and when it arrives it > should show a bunch of Japanese characters. The recipients are > understandably not happy that the subject of their email when it shows > up has been replaced by a bunch of question marks > > I've worked around this problem with a patch against Postfix.pm > (attached), but I'm less than comfortable with it. Basically what it > does is to unmime into a temporary holding string instead of the > $message structure and then take a look at the results of its > handiwork. If it sees more than an arbitrary number of consecutive ?'s > (I picked more than 3 as a reasonable number), it assumes that the > unmime was unsuccessful and allows the original encoded subject to > pass. Otherwise it assumes decode success and fills the > message->{subject} structure with the unmime result > > The first problem is that the ???? test is far from foolproof - > there's loads of scope for false +ves and false -ves. The second > problem is I'm not sure what issues this might cause if MS has to > alter the subject later. I'm not altering any subjects at all so it > wouldn't be a worry on my system but... > > Clearly I'm working with Postfix here, but this affects other MTA's > too. Equally clearly the proper answer is to figure out what's up with > MIME-Tools, but I'm afraid that's way beyond my capabilities :( > > Thoughts appreciated > > Thanks > > Nick > > > Please ignore all of this - I think I've been fed old news by the group that reported this to me as an issue I'm pretty certain that their problem was actually the "Postfix truncates multi-line subject" thing that Julian already fixed for me, and that when they said they were still having the issue after re-testing they were mistaken I am working on the assumption that the ???? output from the unmime function is just an ASCII representation but it was plenty enough to confuse me :( Sorry for the false alarm Thanks Nick From maillists at conactive.com Sat May 20 11:31:15 2006 From: maillists at conactive.com (maillists@conactive.com) Date: Sat May 20 11:29:21 2006 Subject: Best Way to Control Relaying? In-Reply-To: <00ea01c67be0$3e8e6d10$23c051cb@noc> References: <00f001c674d3$12142770$3004010a@martinhlaptop> <014f01c674d7$d0d97260$23c051cb@noc> <44634ED6.1040600@nkpanama.com> <004801c6757b$bebf67c0$23c051cb@noc> <4464D1B5.8090509@nkpanama.com> <44695777.7080907@nkpanama.com> <3b85c513756f3cbe5162f8b4599c5e84@ucsc.edu> <446A55D1.9040901@nkpanama.com> <003e01c6797c$4659e580$23c051cb@noc> <446BE5CC.3070600@nkpanama.com> <446CCE58.1070507@ecs.soton.ac.uk> <00ea01c67be0$3e8e Message-ID: 6d10$23c051cb@noc> From: "Kai Schaetzl" Reply-To: mailscanner@lists.mailscanner.info X-Rcpt-To: Muhammad Nauman wrote on Sat, 20 May 2006 12:37:24 +0500: > : configuration file > "/usr/share/spamassassin/20_advance_fee.cf" requires version 3.001001 of > SpamAssassin, but this is code version 3.000004. Maybe you need to use > the -C switch, or remove the old config files? This is pretty obvious, isn't it? Upgrade to latest SA. It's also possible that you install SA to different locations and now have a partly working old and a working new install (or vice versa). > If my users do'nt Enable that Option - they can still send mail - HOW CAN I > STOP this ?? Of course, you have to remove their IPs from access.db. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mailscanner at mango.zw Sat May 20 13:08:10 2006 From: mailscanner at mango.zw (Jim Holland) Date: Sat May 20 13:13:04 2006 Subject: Problem with blocked jpg file Message-ID: Hi Julian I think this is in your department. I was puzzled by a message whose jpg attachment was blocked with error: MailScanner: No scripts (Group_05221.jpg) The file is just a jpg, and clamscan can't see anything wrong with it. It doesn't seem to contain any script, although it has the following header: .....JFIF...HH...ZImageDescription : Make : SONY Model : CYBERSHOT ExposureTime : 0.025000 FNumber : 2.800000 ExposureProgram : 2 ISOSpeedRatings : 160 CompressedBitsPerPixel : 2.000000 ExposureBiasValue : 0.000000 MaxApertureValue : 3.000000 MeteringMode : 2 LightSource : 0 Flash : 1 FocalLength : 8.000000 MakerNote : 83 79 78 89 32 68 83 67 32 0 0 0 1 0 I don't see why it should be blocked, but came up with the following possible explanation of what is happening: The "No scripts" error report seems to come from filetype.rules.conf: deny script No scripts No scripts So I ran "file Group_05221.jpg" and got: Group_05221.jpg: JPEG image data, JFIF standard 1.01, resolution (DPI), "ImageDescription : ", 72 x 72 Is it possible that MailScanner is picking up "script" in the word "ImageDescription" - ie like matching a plain grep pattern instead of a grep -w? If so, can this be fixed? Thanks for your feedback. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From mailscanner at mango.zw Sat May 20 13:20:59 2006 From: mailscanner at mango.zw (Jim Holland) Date: Sat May 20 13:25:59 2006 Subject: Microsoft .doc exploit In-Reply-To: Message-ID: On Fri, 19 May 2006, Kevin Miller wrote: > May be premature to block .doc files, but SANS reports on a zero day > rootkit carried in a word doc. > http://www.incidents.org/diary.php?storyid=1345 It's in the wild but > was a targeted attack. > > Apparently no AV signatures yet. One to watch. > > Boy it's good to have a system that can block such things with a couple > lines and 30 seconds of time! In the past couple of weeks I've had two > different venders try to sell me their proprietary systems. They're > wasting their time. MailScanner rocks! Note that you would need to block this by file type (eg Microsoft Office Document) not extension: In most cases, Windows will call Word to open a document even if the document has an unknown file extension. For example, if document.d0c (note the digit "0") contains the correct file header information, Windows will open document.d0c with Word. Source: US-CERT Technical Cyber Security Alert TA06-139A Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From maillists at conactive.com Sat May 20 13:31:17 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sat May 20 13:29:22 2006 Subject: Custom function white/black list bug? In-Reply-To: <446E7FAB.5010609@mail.wvnet.edu> References: <446E7FAB.5010609@mail.wvnet.edu> Message-ID: Richard Lynch wrote on Fri, 19 May 2006 22:32:11 -0400: > I'm using the by domain whitelist/blacklist custom functions. I'm > trying to whitelist a particular "To:" address (abuse@our_domain). I've > put that entry into the /etc/MailScanner/spam.bydomain/whitelist/default > file. I'm not aware of this functionality besides the SQL custom functions (see below), but it very much looks like "spam.bydomain" will be getting used for the To domain. So, it's intended not to be used for single to addresses. However, when someone sends a spam report to our abuse address it > gets flagged as spam and gets deleted. I'm not sure if this is a bug or > not. Perhaps this facility was designed only for the "From:" address > and not the "To:" address. It was designed for the To *and* the From address. At least that is how the SQLBlackWhitelist.pm works. I'm not sure what the "domain whitelist/blacklist custom functions" is, I wasn't aware of such a thing. You might try: $to $from yes > return 1 if $BlackWhite->{'default'}{$from}; > return 1 if $BlackWhite->{'default'}{$fromdomain}; > return 1 if $BlackWhite->{'default'}{$ip}; "default" is actually the wildcard for "To: *" The whole stuff in SQLBlackWhitelist.pm looks a bit different and seems to have been stripped down for those "by domain" functions. return 1 if $BlackWhite->{$to}{$from}; return 1 if $BlackWhite->{$to}{$fromdomain}; return 1 if $BlackWhite->{$to}{$ip}; return 1 if $BlackWhite->{$to}{'default'}; return 1 if $BlackWhite->{$todomain}{$from}; return 1 if $BlackWhite->{$todomain}{$fromdomain}; return 1 if $BlackWhite->{$todomain}{$ip}; return 1 if $BlackWhite->{$todomain}{'default'}; return 1 if $BlackWhite->{'default'}{$from}; return 1 if $BlackWhite->{'default'}{$fromdomain}; return 1 if $BlackWhite->{'default'}{$ip}; (the box is an LF, the file I've got has Unix linebreaks, sorry). Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conac From MailScanner at ecs.soton.ac.uk Sat May 20 17:40:07 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 20 17:40:15 2006 Subject: Custom function white/black list bug? In-Reply-To: References: <446E7FAB.5010609@mail.wvnet.edu> Message-ID: <446F4667.6070507@ecs.soton.ac.uk> Richard, Kai Schaetzl wrote: > Richard Lynch wrote on Fri, 19 May 2006 22:32:11 -0400: > > >> I'm using the by domain whitelist/blacklist custom functions. I'm >> trying to whitelist a particular "To:" address (abuse@our_domain). I've >> put that entry into the /etc/MailScanner/spam.bydomain/whitelist/default >> file. >> Why not in the spam.bydomain/whitelist/our_domain file? Wouldn't that make more sense? > > I'm not aware of this functionality besides the SQL custom functions (see > below), but it very much looks like "spam.bydomain" will be getting used > for the To domain. So, it's intended not to be used for single to > addresses. > It is in CustomConfig.pm and has been for a very long time. I should move it out into a separate file in the CustomFunctions directory some time, but I'm not sure what might break on current installations if I do that... > However, when someone sends a spam report to our abuse address it > >> gets flagged as spam and gets deleted. I'm not sure if this is a bug or >> not. Perhaps this facility was designed only for the "From:" address >> and not the "To:" address. >> > > It was designed for the To *and* the From address. It works for the envelope sender (From) and the first envelope recipient (To). >> return 1 if $BlackWhite->{'default'}{$from}; >> return 1 if $BlackWhite->{'default'}{$fromdomain}; >> return 1 if $BlackWhite->{'default'}{$ip}; >> > > "default" is actually the wildcard for "To: *" > The Black and White list stuff can't handle wildcards in addresses or domains. That's what makes it so fast on large installations. It doesn't have to evaluate any regular expressions as it traverses a large set of rules. It just has to do a few hash table lookups which work like lightning in Perl. The speed of this code basically doesn't change whether you have 5 entries or 500,000 entries. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sat May 20 17:47:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 20 17:47:42 2006 Subject: problem with phishing fraud In-Reply-To: References: Message-ID: <446F4827.20009@ecs.soton.ac.uk> padma@eis.iisc.ernet.in wrote: > > > I have installed MailScanner-4.52 on a FC2 with f-prot. Mailscanner > seems to detect a genuine URL as phishing Fraud. In this case though > both scitation.aip.org and ecsdl.org resolve to the same IP address > but donot have a CNAME to each other. Any way to prevent this happen > again ? Yes, very easily. You need 4.54. You can then put in the numerical IP address of their outgoing mail server into phishing.safe.sites.conf and it will whitelist all domains coming from that IP address. I added this in to 4.53 at the request of a commercial email marketing company (but not a true "spammer"). But 4.53 has other issues so I recommend you use the latest 4.54 release which works rather better. And don't worry about the nightly update to your phishing.safe.sites.conf file. All local changes and additions to it will be kept through the update. If you want to know how, it does this: cat phishing.safe.sites.conf.master phishing.safe.sites.conf | \ sort | uniq > phishing.safe.sites.conf.new which will safely keep all new extra lines added into the file. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sat May 20 17:56:30 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 20 17:57:03 2006 Subject: Problem with blocked jpg file In-Reply-To: References: Message-ID: <446F4A3E.7040405@ecs.soton.ac.uk> Jim Holland wrote: > Hi Julian > > I think this is in your department. > > I was puzzled by a message whose jpg attachment was blocked with error: > > MailScanner: No scripts (Group_05221.jpg) > > The file is just a jpg, and clamscan can't see anything wrong with it. It > doesn't seem to contain any script, although it has the following header: > > .....JFIF...HH...ZImageDescription : > Make : SONY > Model : CYBERSHOT > ExposureTime : 0.025000 > FNumber : 2.800000 > ExposureProgram : 2 > ISOSpeedRatings : 160 > CompressedBitsPerPixel : 2.000000 > ExposureBiasValue : 0.000000 > MaxApertureValue : 3.000000 > MeteringMode : 2 > LightSource : 0 > Flash : 1 > FocalLength : 8.000000 > MakerNote : 83 79 78 89 32 68 83 67 32 0 0 0 1 0 > > I don't see why it should be blocked, but came up with the following > possible explanation of what is happening: > > The "No scripts" error report seems to come from filetype.rules.conf: > > deny script No scripts No scripts > > So I ran "file Group_05221.jpg" and got: > > Group_05221.jpg: JPEG image data, JFIF standard 1.01, resolution > (DPI), "ImageDescription : ", 72 x 72 > > Is it possible that MailScanner is picking up "script" in the word > "ImageDescription" - ie like matching a plain grep pattern instead of a > grep -w? If so, can this be fixed? Good catch. Easy to fix. Just change script to \sscript I have put this change into the next release. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sat May 20 18:01:42 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 20 18:02:35 2006 Subject: Microsoft .doc exploit In-Reply-To: References: Message-ID: <446F4B76.2040601@ecs.soton.ac.uk> Jim Holland wrote: > On Fri, 19 May 2006, Kevin Miller wrote: > > >> May be premature to block .doc files, but SANS reports on a zero day >> rootkit carried in a word doc. >> http://www.incidents.org/diary.php?storyid=1345 It's in the wild but >> was a targeted attack. >> >> Apparently no AV signatures yet. One to watch. >> >> Boy it's good to have a system that can block such things with a couple >> lines and 30 seconds of time! In the past couple of weeks I've had two >> different venders try to sell me their proprietary systems. They're >> wasting their time. MailScanner rocks! >> > > Note that you would need to block this by file type (eg Microsoft Office > Document) not extension: > > In most cases, Windows will call Word to open a document even if > the document has an unknown file extension. For example, if > document.d0c (note the digit "0") contains the correct file header > information, Windows will open document.d0c with Word. > Yes, this is a real pain. Everyone thinks that Windows works on filename extenstions to determine filetypes. This is *mostly* true, but not *totally* true. In a few cases, it uses the file contents as well. So for a random filename and file content, you actually cannot say for definite what will happen when a user tries to "run" a file. As far as I am aware, Microsoft do not document the circumstances in which they use the file's content and not its name. Unix is easy, it uses the file contents apart from a few braindead apps that aren't part of the operating system or major applications. Windows unfortunately is totally unclear on this issue. Everyone thinks it works one way, and they're wrong :-( -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From rich at mail.wvnet.edu Sat May 20 18:56:39 2006 From: rich at mail.wvnet.edu (Richard Lynch) Date: Sat May 20 18:57:56 2006 Subject: Custom function white/black list bug? In-Reply-To: <446F4667.6070507@ecs.soton.ac.uk> References: <446E7FAB.5010609@mail.wvnet.edu> <446F4667.6070507@ecs.soton.ac.uk> Message-ID: <446F5857.5070207@mail.wvnet.edu> Julian Field wrote: > Richard, > > Kai Schaetzl wrote: >> Richard Lynch wrote on Fri, 19 May 2006 22:32:11 -0400: >> >> >>> I'm using the by domain whitelist/blacklist custom functions. I'm >>> trying to whitelist a particular "To:" address (abuse@our_domain). >>> I've put that entry into the >>> /etc/MailScanner/spam.bydomain/whitelist/default file. >>> > Why not in the spam.bydomain/whitelist/our_domain file? Wouldn't that > make more sense? I guess. I've been using "default" for our_domain. That way it applies to our_domain and some of the other domains we handle. I did try putting abuse@our_domain in the spam.bydomain/whitelist/our_domain file and it still didn't get white listed. It only started working when I added the... return 1 if $BlackWhite->{'default'}{$to}; ...line of code to the function. >> >> I'm not aware of this functionality besides the SQL custom functions >> (see below), but it very much looks like "spam.bydomain" will be >> getting used for the To domain. So, it's intended not to be used for >> single to addresses. >> > It is in CustomConfig.pm and has been for a very long time. I should > move it out into a separate file in the CustomFunctions directory some > time, but I'm not sure what might break on current installations if I > do that... I understand.... don't do that. :) >> However, when someone sends a spam report to our abuse address it >>> gets flagged as spam and gets deleted. I'm not sure if this is a >>> bug or not. Perhaps this facility was designed only for the "From:" >>> address and not the "To:" address. >>> >> >> It was designed for the To *and* the From address. > It works for the envelope sender (From) and the first envelope > recipient (To). Well it doesn't work for me unless I modify the code as indicated in my original post. In my case abuse@our_domain is the only recipient. Looking at the code I don't see a check for the "To:" address in the default file. I see a test for $from, $fromdomain, and $ip. I don't see a check for $to. That's why I added the line of code. >>> return 1 if $BlackWhite->{'default'}{$from}; return 1 if >>> $BlackWhite->{'default'}{$fromdomain}; return 1 if >>> $BlackWhite->{'default'}{$ip}; >>> >> >> "default" is actually the wildcard for "To: *" >> > The Black and White list stuff can't handle wildcards in addresses or > domains. That's what makes it so fast on large installations. It > doesn't have to evaluate any regular expressions as it traverses a > large set of rules. It just has to do a few hash table lookups which > work like lightning in Perl. The speed of this code basically doesn't > change whether you have 5 entries or 500,000 entries. > I'm the one who originally asked for you to add the default check. That file is used when there is no match for the 'domain' file. That is, either the 'domain' file doesn't exist (as in this case) or the address didn't match an entry in the 'domain' file. I don't really understand the $BlackWhite data structure. It doesn't look like it checks the $to address and it doesn't work for me unless I add the line of code... return 1 if $BlackWhite->{'default'}{$to}; So, either it's broken or it wasn't supposed to handle the $to address. Thanks, Riichard -- -------------- next part -------------- A non-text attachment was scrubbed... Name: rich.vcf Type: text/x-vcard Size: 299 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060520/42ecb9fa/rich.vcf From MailScanner at ecs.soton.ac.uk Sat May 20 19:24:04 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 20 19:24:23 2006 Subject: Custom function white/black list bug? In-Reply-To: <446F5857.5070207@mail.wvnet.edu> References: <446E7FAB.5010609@mail.wvnet.edu> <446F4667.6070507@ecs.soton.ac.uk> <446F5857.5070207@mail.wvnet.edu> Message-ID: <446F5EC4.2070308@ecs.soton.ac.uk> Richard Lynch wrote: > Julian Field wrote: >> Richard, >> >> Kai Schaetzl wrote: >>> Richard Lynch wrote on Fri, 19 May 2006 22:32:11 -0400: >>> >>> >>>> I'm using the by domain whitelist/blacklist custom functions. I'm >>>> trying to whitelist a particular "To:" address (abuse@our_domain). >>>> I've put that entry into the >>>> /etc/MailScanner/spam.bydomain/whitelist/default file. >>>> >> Why not in the spam.bydomain/whitelist/our_domain file? Wouldn't that >> make more sense? > I guess. I've been using "default" for our_domain. That way it > applies to our_domain and some of the other domains we handle. I did > try putting abuse@our_domain in the spam.bydomain/whitelist/our_domain > file and it still didn't get white listed. It only started working > when I added the... > > return 1 if $BlackWhite->{'default'}{$to}; > > ...line of code to the function. But the files are all users/domains/default recipients. Each line in a file gives an entry for the sender going to the user/domain/default specified by the filename. > > >>> >>> I'm not aware of this functionality besides the SQL custom functions >>> (see below), but it very much looks like "spam.bydomain" will be >>> getting used for the To domain. So, it's intended not to be used for >>> single to addresses. >>> >> It is in CustomConfig.pm and has been for a very long time. I should >> move it out into a separate file in the CustomFunctions directory >> some time, but I'm not sure what might break on current installations >> if I do that... > I understand.... don't do that. :) > >>> However, when someone sends a spam report to our abuse address it >>>> gets flagged as spam and gets deleted. I'm not sure if this is a >>>> bug or not. Perhaps this facility was designed only for the >>>> "From:" address and not the "To:" address. >>>> >>> >>> It was designed for the To *and* the From address. >> It works for the envelope sender (From) and the first envelope >> recipient (To). > > Well it doesn't work for me unless I modify the code as indicated in > my original post. In my case abuse@our_domain is the only recipient. > Looking at the code I don't see a check for the "To:" address in the > default file. I see a test for $from, $fromdomain, and $ip. I don't > see a check for $to. That's why I added the line of code. There isn't the $to check as the filenames are named after the recipient users/domains/default. The contents of each file lists the senders that are black/whitelisted for the addresses described by the filename. > > >>>> return 1 if $BlackWhite->{'default'}{$from}; return 1 if >>>> $BlackWhite->{'default'}{$fromdomain}; return 1 if >>>> $BlackWhite->{'default'}{$ip}; >>>> >>> >>> "default" is actually the wildcard for "To: *" >>> >> The Black and White list stuff can't handle wildcards in addresses or >> domains. That's what makes it so fast on large installations. It >> doesn't have to evaluate any regular expressions as it traverses a >> large set of rules. It just has to do a few hash table lookups which >> work like lightning in Perl. The speed of this code basically doesn't >> change whether you have 5 entries or 500,000 entries. >> > I'm the one who originally asked for you to add the default check. > That file is used when there is no match for the 'domain' file. That > is, either the 'domain' file doesn't exist (as in this case) or the > address didn't match an entry in the 'domain' file. > > I don't really understand the $BlackWhite data structure. It doesn't > look like it checks the $to address and it doesn't work for me unless > I add the line of code... > > return 1 if $BlackWhite->{'default'}{$to}; > > So, either it's broken or it wasn't supposed to handle the $to address. See my comments above. > > Thanks, > Riichard > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From rich at mail.wvnet.edu Sat May 20 22:06:46 2006 From: rich at mail.wvnet.edu (Richard Lynch) Date: Sat May 20 22:07:33 2006 Subject: Custom function white/black list bug? In-Reply-To: <446F5EC4.2070308@ecs.soton.ac.uk> References: <446E7FAB.5010609@mail.wvnet.edu> <446F4667.6070507@ecs.soton.ac.uk> <446F5857.5070207@mail.wvnet.edu> <446F5EC4.2070308@ecs.soton.ac.uk> Message-ID: <446F84E6.1080904@mail.wvnet.edu> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060520/e2ac1ecd/smime.bin From MailScanner at ecs.soton.ac.uk Sat May 20 22:46:59 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 20 22:47:14 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! Message-ID: <446F8E53.5080407@ecs.soton.ac.uk> Your Software Needs You! I really need some people who are prepared to help with the beta testing of new MailScanner releases. MailScanner is now a complex mature application and the testing I can do on particular features is not enough to prove the co-operation between different settings. This has been highlighted in 4.53. So if you are prepared to partake in beta testing for me then please contact me directly at mailscanner@ecs.soton.ac.uk. You will need to be prepared to either 1) run beta versions on your live MailScanner systems if you are brave, or 2) run beta versions on a copy of your mail feed on a test server. This can be done (with sendmail) using the "roundhouse" milter available from SnertSoft. I'm sure the same can be achieved with Postfix, Exim and ZMailer. It does not matter how much mail you process each day at all. A home user prepared to tweak new settings on a system processing 30 messages per day is just as useful as an ISP processing 100,000 messages per day. Unknowingly, you will each be testing different aspects of MailScanner, so all help is useful regardless of size. I am not insisting that you test every single beta test version I publish, just that you help where and when you can, particularly in the run-up to a stable release. More about that in a minute. Unfortunately I can only offer you payment for this in the form of the odd T-shirt and the satisfaction that you are making an essential contribution to the best email filtering system on the planet. The more of you who are prepared to help, the better. Let us all work together to maintain MailScanner's high standards in quality and performance! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sat May 20 22:49:53 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 20 22:50:04 2006 Subject: MailScanner ANNOUNCEMENT: Release schedule change Message-ID: <446F8F01.9030600@ecs.soton.ac.uk> MailScanner is now a pretty mature application. It has undergone continuous development for about 6 years and has come a long way in that time. Version 1 was 1,200 lines of Perl and shell, and had about 15 configuration options. Version 4.54 is over 44,000 lines of Perl and shell, and has 343 configuration options. These days, virtually all of the new features are written specifically for a few people, and are not desperately needed by most users. As a result of this, and to allow more time for testing, I am going to change the normal release schedule to a new stable release every 2 months instead of every month. Due to the nature of the world, I reserve the right to release every month or two months as I choose. The latest stable version number is always posted at the top of the home page of the www.MailScanner.info website. This will be good for MailScanner as it will be tested better before release, and it will be good for me by reducing the time I have to spend in the run-up to the start of every month. Note: This will not affect important bug-fix releases at all. Serious problems in the latest stable release will still be fixed as soon as possible, and published as soon as they have been fixed. These may be released either as later stable releases or early betas of the next release, as I do not want to have to fork the source code database at the start of every month and maintain two copies of the source code. Due to the extra time available for testing, this problem will be drastically reduced anyway. I hope you all understand my reasons for making this change, and that it will also reduce the time some of you spend maintaining your MailScanner systems at the very latest version. Maybe you would like to be in the "inner circle" of official beta-testers. I might even print a special T-shirt for you with your company logo on it advertising that you are a member of the inner circle. Please read my other posting re beta testers. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From jayesha_shinde at yahoo.com Tue May 2 06:11:27 2006 From: jayesha_shinde at yahoo.com (jayesha_shinde) Date: Sat May 20 22:52:09 2006 Subject: Message-ID: <200605020511.k425BL5J016013@bkserver.blacknight.ie> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060502/798caffa/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Attachments00.HQX Type: application/x-msdownload Size: 134046 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060502/798caffa/Attachments00-0001.bin From jayesha_shinde at yahoo.com Tue May 2 10:34:52 2006 From: jayesha_shinde at yahoo.com (jayesha_shinde) Date: Sat May 20 22:52:17 2006 Subject: MailScanner Digest, Vol 4, Issue 48 Message-ID: <200605020934.k429YlhN019530@bkserver.blacknight.ie> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060502/9f9e260a/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Video_part.mim Type: application/x-msdownload Size: 134053 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060502/9f9e260a/Video_part-0001.bin From jayesha_shinde at yahoo.com Tue May 2 17:48:44 2006 From: jayesha_shinde at yahoo.com (jayesha_shinde) Date: Sat May 20 22:52:26 2006 Subject: MailScanner Digest, Vol 4, Issue 42 Message-ID: <200605021648.k42GmeYp002058@bkserver.blacknight.ie> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060502/c55ed0b2/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Attachments001.BHX Type: application/x-msdownload Size: 134042 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060502/c55ed0b2/Attachments001-0001.bin From jayesha_shinde at yahoo.com Tue May 2 21:25:45 2006 From: jayesha_shinde at yahoo.com (jayesha_shinde) Date: Sat May 20 22:52:34 2006 Subject: Message-ID: <200605022025.k42KPecJ007489@bkserver.blacknight.ie> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060502/7595388e/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Video_part.mim Type: application/x-msdownload Size: 134053 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060502/7595388e/Video_part-0001.bin From jayesha_shinde at yahoo.com Wed May 3 00:46:40 2006 From: jayesha_shinde at yahoo.com (jayesha_shinde) Date: Sat May 20 22:52:42 2006 Subject: Message-ID: <200605022346.k42NkYgd011027@bkserver.blacknight.ie> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060502/c636d7e3/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Video_part.mim Type: application/x-msdownload Size: 134053 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060502/c636d7e3/Video_part.bin From MailScanner at ecs.soton.ac.uk Sat May 20 23:00:51 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 20 23:01:06 2006 Subject: Custom function white/black list bug? In-Reply-To: <446F84E6.1080904@mail.wvnet.edu> References: <446E7FAB.5010609@mail.wvnet.edu> <446F4667.6070507@ecs.soton.ac.uk> <446F5857.5070207@mail.wvnet.edu> <446F5EC4.2070308@ecs.soton.ac.uk> <446F84E6.1080904@mail.wvnet.edu> Message-ID: <446F9193.5030904@ecs.soton.ac.uk> Richard Lynch wrote: > Julian Field wrote: > > {...snip...} > >>> I guess. I've been using "default" for our_domain. That way it >>> applies to our_domain and some of the other domains we handle. I >>> did try putting abuse@our_domain in the >>> spam.bydomain/whitelist/our_domain file and it still didn't get >>> white listed. It only started working when I added the... >>> >>> return 1 if $BlackWhite->{'default'}{$to}; >>> >>> ...line of code to the function. >> But the files are all users/domains/default recipients. Each line in >> a file gives an entry for the sender going to the user/domain/default >> specified by the filename. > Yes, I understand. That's why I modified the code with the line above > so that it would also check the recipient. > > {...snip...} >>> Well it doesn't work for me unless I modify the code as indicated in >>> my original post. In my case abuse@our_domain is the only >>> recipient. Looking at the code I don't see a check for the "To:" >>> address in the default file. I see a test for $from, $fromdomain, >>> and $ip. I don't see a check for $to. That's why I added the line >>> of code. >> There isn't the $to check as the filenames are named after the >> recipient users/domains/default. The contents of each file lists the >> senders that are black/whitelisted for the addresses described by the >> filename. >> > So you're saying that the bydomain white list (and blacklist for that > matter) entries are all aimed at allowing/disallowing senders to > particular users/domains. It has nothing to do with the recipient. Yes. You are aiming to achieve something I didn't design the original to do, it was all intended for incoming mail to your customers. That's why you need to change it, you are trying to do something different. > (That's what I was attempting to achieve with my modification -- > which worked by the way.) > > This means there is no way for me to have a mailbox (abuse@wvnet.edu) > setup such that mail from anyone@anywhere to that address gets > delivered and not flagged as spam. Correct. > > > The problem is that I have people on the internet reporting spam > coming from our network by sending it to abuse@wvnet.edu. However, > our helpdesk people never see it because it gets detected as spam and > deleted. I tried putting abuse in the wvnet.edu file but it doesn't > work since this facility is looking for the sender (who could be > anyone) rather than the recipient (abuse@wvnet.edu). Correct. > > I suppose I can get around this by coding a spamassassin rule that > gives a large positive value for mail going to abuse@wvnet.edu. I > think I'll just handle it that way since I don't know the > ramifications of the mod to the code. That sounds like an alternative way of doing it. The other possibility, which is considerably faster, is to put a simple ruleset on "Spam Checks =" which says To: abuse@wvnet.edu no FromOrTo: default yes As you see there is more than 1 way of achieving this aim. Hopefully this helps sort you out without having to change any of my code at all, which is always better. I hate having to change people's code to achieve something, when there is another way of doing it. Code changes tend to make maintenance a nightmare in future years. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From alex at nkpanama.com Sat May 20 23:20:14 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sat May 20 23:20:21 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <446F8E53.5080407@ecs.soton.ac.uk> References: <446F8E53.5080407@ecs.soton.ac.uk> Message-ID: <446F961E.8080202@nkpanama.com> Count me in! Julian Field wrote: > Your Software Needs You! > > I really need some people who are prepared to help with the beta > testing of new MailScanner releases. MailScanner is now a complex > mature application and the testing I can do on particular features is > not enough to prove the co-operation between different settings. This > has been highlighted in 4.53. > > So if you are prepared to partake in beta testing for me then please > contact me directly at mailscanner@ecs.soton.ac.uk. > > You will need to be prepared to either > 1) run beta versions on your live MailScanner systems if you are brave, > or > 2) run beta versions on a copy of your mail feed on a test server. > This can be done (with sendmail) using the "roundhouse" milter > available from SnertSoft. I'm sure the same can be achieved with > Postfix, Exim and ZMailer. > > It does not matter how much mail you process each day at all. A home > user prepared to tweak new settings on a system processing 30 messages > per day is just as useful as an ISP processing 100,000 messages per > day. Unknowingly, you will each be testing different aspects of > MailScanner, so all help is useful regardless of size. > > I am not insisting that you test every single beta test version I > publish, just that you help where and when you can, particularly in > the run-up to a stable release. More about that in a minute. > > Unfortunately I can only offer you payment for this in the form of the > odd T-shirt and the satisfaction that you are making an essential > contribution to the best email filtering system on the planet. > > The more of you who are prepared to help, the better. > Let us all work together to maintain MailScanner's high standards in > quality and performance! > From rich at mail.wvnet.edu Sun May 21 01:09:40 2006 From: rich at mail.wvnet.edu (Richard Lynch) Date: Sun May 21 01:10:25 2006 Subject: Custom function white/black list bug? In-Reply-To: <446F9193.5030904@ecs.soton.ac.uk> References: <446E7FAB.5010609@mail.wvnet.edu> <446F4667.6070507@ecs.soton.ac.uk> <446F5857.5070207@mail.wvnet.edu> <446F5EC4.2070308@ecs.soton.ac.uk> <446F84E6.1080904@mail.wvnet.edu> <446F9193.5030904@ecs.soton.ac.uk> Message-ID: <446FAFC4.5020708@mail.wvnet.edu> Julian Field wrote: > > > Richard Lynch wrote: >> Julian Field wrote: >> >> {...snip...} >> >>>> I guess. I've been using "default" for our_domain. That way it >>>> applies to our_domain and some of the other domains we handle. I >>>> did try putting abuse@our_domain in the >>>> spam.bydomain/whitelist/our_domain file and it still didn't get >>>> white listed. It only started working when I added the... >>>> >>>> return 1 if $BlackWhite->{'default'}{$to}; >>>> >>>> ...line of code to the function. >>> But the files are all users/domains/default recipients. Each line in >>> a file gives an entry for the sender going to the >>> user/domain/default specified by the filename. >> Yes, I understand. That's why I modified the code with the line >> above so that it would also check the recipient. >> >> {...snip...} >>>> Well it doesn't work for me unless I modify the code as indicated >>>> in my original post. In my case abuse@our_domain is the only >>>> recipient. Looking at the code I don't see a check for the "To:" >>>> address in the default file. I see a test for $from, $fromdomain, >>>> and $ip. I don't see a check for $to. That's why I added the line >>>> of code. >>> There isn't the $to check as the filenames are named after the >>> recipient users/domains/default. The contents of each file lists the >>> senders that are black/whitelisted for the addresses described by >>> the filename. >>> >> So you're saying that the bydomain white list (and blacklist for that >> matter) entries are all aimed at allowing/disallowing senders to >> particular users/domains. It has nothing to do with the recipient. > Yes. You are aiming to achieve something I didn't design the original > to do, it was all intended for incoming mail to your customers. That's > why you need to change it, you are trying to do something different. That's what I thought. Thanks for the clarification. >> (That's what I was attempting to achieve with my modification -- >> which worked by the way.) >> >> This means there is no way for me to have a mailbox (abuse@wvnet.edu) >> setup such that mail from anyone@anywhere to that address gets >> delivered and not flagged as spam. > Correct. >> >> >> The problem is that I have people on the internet reporting spam >> coming from our network by sending it to abuse@wvnet.edu. However, >> our helpdesk people never see it because it gets detected as spam and >> deleted. I tried putting abuse in the wvnet.edu file but it doesn't >> work since this facility is looking for the sender (who could be >> anyone) rather than the recipient (abuse@wvnet.edu). > Correct. >> >> I suppose I can get around this by coding a spamassassin rule that >> gives a large positive value for mail going to abuse@wvnet.edu. I >> think I'll just handle it that way since I don't know the >> ramifications of the mod to the code. > That sounds like an alternative way of doing it. > > The other possibility, which is considerably faster, is to put a > simple ruleset on "Spam Checks =" which says > To: abuse@wvnet.edu no > FromOrTo: default yes > As you see there is more than 1 way of achieving this aim. Yes, that occurred to me after my last post. Duh! I was caught up in the whitelist mindset. And when I saw an indication that the first "To:" was checked I thought I'd found a bug. Sorry. The above solution is perfectly adequate and is what I've done. > > Hopefully this helps sort you out without having to change any of my > code at all, which is always better. I hate having to change people's > code to achieve something, when there is another way of doing it. Code > changes tend to make maintenance a nightmare in future years. > I agree. I fully understand the consequences of modifying a distribution. I would have to maintain the mod every time there was a new release. Back in the bad ol' days of the 1980s we used to run an IBM mainframe OS with lots of mods (ours and other peoples). Going from release to release was a major undertaking. I vowed then to try and stamp out all modifications. Thanks for all of you efforts. I appreciate all that you do for all of us. MailScanner has made our lives the better. Richard -- -------------- next part -------------- A non-text attachment was scrubbed... Name: rich.vcf Type: text/x-vcard Size: 299 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060520/17980867/rich.vcf From Sylvain.Phaneuf at imsu.ox.ac.uk Sun May 21 10:03:34 2006 From: Sylvain.Phaneuf at imsu.ox.ac.uk (Sylvain Phaneuf) Date: Sun May 21 10:04:01 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <44703AF6020000EB00007B6D@gwmail.jr2.ox.ac.uk> References: <44703AF5020000EB00007B6A@gwmail.jr2.ox.ac.uk> <44703AF6020000EB00007B6D@gwmail.jr2.ox.ac.uk> Message-ID: <44703AF6020000EB00007B6D@gwmail.jr2.ox.ac.uk> Dear Julian, Please count me in. I cannot promise I will be able to test every new release but with a frequency of one every two months I should be able to test most of them. However the timing of your invitation is not great. I am on my way to the airport flying to Canada and will be back in the office at the end of June. As for payment, being able to use MailScanner for free is already a superb deal imho. Thanks for all you have already done for us. I am looking forward to do my little bit to help you and the MailScanner community. Regards, Sylvain ============== Sylvain Phaneuf --- Systems Manager | phone : +44 (0)1865 221323 Information Management Services Unit - Medical Sciences Division Oxford University | email : sylvain.phaneuf@imsu.ox.ac.uk Room 3A25B John Radcliffe Hospital | fax : +44 (0) 1865 221322 Oxford, OX3 9DU, UK ============== --------------------------- Sent using BlackBerry mobile & IMSU GroupWise email system. For more information, go to: http://www.imsu.ox.ac.uk/bb --------------------------- >>> MailScanner@ecs.soton.ac.uk 5/20 22:46 >>> Your Software Needs You! I really need some people who are prepared to help with the beta testing of new MailScanner releases. MailScanner is now a complex mature application and the testing I can do on particular features is not enough to prove the co-operation between different settings. This has been highlighted in 4.53. So if you are prepared to partake in beta testing for me then please contact me directly at mailscanner@ecs.soton.ac.uk. You will need to be prepared to either 1) run beta versions on your live MailScanner systems if you are brave, or 2) run beta versions on a copy of your mail feed on a test server. This can be done (with sendmail) using the "roundhouse" milter available from SnertSoft. I'm sure the same can be achieved with Postfix, Exim and ZMailer. It does not matter how much mail you process each day at all. A home user prepared to tweak new settings on a system processing 30 messages per day is just as useful as an ISP processing 100,000 messages per day. Unknowingly, you will each be testing different aspects of MailScanner, so all help is useful regardless of size. I am not insisting that you test every single beta test version I publish, just that you help where and when you can, particularly in the run-up to a stable release. More about that in a minute. Unfortunately I can only offer you payment for this in the form of the odd T-shirt and the satisfaction that you are making an essential contribution to the best email filtering system on the planet. The more of you who are prepared to help, the better. Let us all work together to maintain MailScanner's high standards in quality and performance! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner-announce mailing list mailscanner-announce@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner-announce Before posting, read the Wiki (http://wiki.mailscanner.info/). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun May 21 12:52:25 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun May 21 12:52:39 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <446F961E.8080202@nkpanama.com> References: <446F8E53.5080407@ecs.soton.ac.uk> <446F961E.8080202@nkpanama.com> Message-ID: <44705479.9020301@ecs.soton.ac.uk> Many thanks! Jules. Alex Neuman van der Hans wrote: > Count me in! > > Julian Field wrote: >> Your Software Needs You! >> >> I really need some people who are prepared to help with the beta >> testing of new MailScanner releases. MailScanner is now a complex >> mature application and the testing I can do on particular features is >> not enough to prove the co-operation between different settings. This >> has been highlighted in 4.53. >> >> So if you are prepared to partake in beta testing for me then please >> contact me directly at mailscanner@ecs.soton.ac.uk. >> >> You will need to be prepared to either >> 1) run beta versions on your live MailScanner systems if you are brave, >> or >> 2) run beta versions on a copy of your mail feed on a test server. >> This can be done (with sendmail) using the "roundhouse" milter >> available from SnertSoft. I'm sure the same can be achieved with >> Postfix, Exim and ZMailer. >> >> It does not matter how much mail you process each day at all. A home >> user prepared to tweak new settings on a system processing 30 >> messages per day is just as useful as an ISP processing 100,000 >> messages per day. Unknowingly, you will each be testing different >> aspects of MailScanner, so all help is useful regardless of size. >> >> I am not insisting that you test every single beta test version I >> publish, just that you help where and when you can, particularly in >> the run-up to a stable release. More about that in a minute. >> >> Unfortunately I can only offer you payment for this in the form of >> the odd T-shirt and the satisfaction that you are making an essential >> contribution to the best email filtering system on the planet. >> >> The more of you who are prepared to help, the better. >> Let us all work together to maintain MailScanner's high standards in >> quality and performance! >> > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sun May 21 12:53:09 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun May 21 12:53:22 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <44703AF6020000EB00007B6D@gwmail.jr2.ox.ac.uk> References: <44703AF5020000EB00007B6A@gwmail.jr2.ox.ac.uk> <44703AF6020000EB00007B6D@gwmail.jr2.ox.ac.uk> <44703AF6020000EB00007B6D@gwmail.jr2.ox.ac.uk> Message-ID: <447054A5.6000105@ecs.soton.ac.uk> Many thanks! Jules. Sylvain Phaneuf wrote: > Dear Julian, > > Please count me in. > > I cannot promise I will be able to test every new release but with a > frequency of one every two months I should be able to test most of them. > > > However the timing of your invitation is not great. I am on my way to > the airport flying to Canada and will be back in the office at the end > of June. > > As for payment, being able to use MailScanner for free is already a > superb deal imho. > > Thanks for all you have already done for us. I am looking forward to do > my little bit to help you and the MailScanner community. > > Regards, > > Sylvain > ============== > Sylvain Phaneuf --- Systems Manager | phone : +44 (0)1865 221323 > Information Management Services Unit - Medical Sciences Division > Oxford University | email : sylvain.phaneuf@imsu.ox.ac.uk > Room 3A25B John Radcliffe Hospital | fax : +44 (0) 1865 221322 > Oxford, OX3 9DU, UK > ============== > > > --------------------------- > Sent using BlackBerry mobile & > IMSU GroupWise email system. > For more information, go to: > http://www.imsu.ox.ac.uk/bb > --------------------------- > > >>>> MailScanner@ecs.soton.ac.uk 5/20 22:46 >>> >>>> > Your Software Needs You! > > I really need some people who are prepared to help with the beta testing > > of new MailScanner releases. MailScanner is now a complex mature > application and the testing I can do on particular features is not > enough to prove the co-operation between different settings. This has > been highlighted in 4.53. > > So if you are prepared to partake in beta testing for me then please > contact me directly at mailscanner@ecs.soton.ac.uk. > > You will need to be prepared to either > 1) run beta versions on your live MailScanner systems if you are brave, > or > 2) run beta versions on a copy of your mail feed on a test server. This > > can be done (with sendmail) using the "roundhouse" milter available from > > SnertSoft. I'm sure the same can be achieved with Postfix, Exim and > ZMailer. > > It does not matter how much mail you process each day at all. A home > user prepared to tweak new settings on a system processing 30 messages > per day is just as useful as an ISP processing 100,000 messages per day. > > Unknowingly, you will each be testing different aspects of MailScanner, > > so all help is useful regardless of size. > > I am not insisting that you test every single beta test version I > publish, just that you help where and when you can, particularly in the > > run-up to a stable release. More about that in a minute. > > Unfortunately I can only offer you payment for this in the form of the > odd T-shirt and the satisfaction that you are making an essential > contribution to the best email filtering system on the planet. > > The more of you who are prepared to help, the better. > Let us all work together to maintain MailScanner's high standards in > quality and performance! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner-announce mailing list > mailscanner-announce@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner-announce > > Before posting, read the Wiki (http://wiki.mailscanner.info/). > > Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From uxbod at splatnix.net Sun May 21 14:05:25 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Sun May 21 13:06:33 2006 Subject: Offtopic: Postfix Question Message-ID: <20060521130525.126ab322@cyborg> Hi All, i have found that when I receive emails to my server I get the "to" element including both my actual email address, and my address of the mail server ie. From:mailscanner-bounces@lists.mailscanner.info To:uxbod@splatnix.net,uxbod@mailhub.splatnix.net My domain is setup as a virtual so anything@domain.com will drop into a single mailbox. This causes havoc with white/black lists. Anybody know how to stop this ? Thanks, -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rob at robhq.com Sun May 21 13:14:29 2006 From: rob at robhq.com (rob freeman) Date: Sun May 21 13:09:13 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <446F8E53.5080407@ecs.soton.ac.uk> Message-ID: Sign me up. I use my home install as a test bed for work as it is, so would be very willing to test out beta releases here at the house. Rob -----Original Message----- From: Julian Field [mailto:MailScanner@ecs.soton.ac.uk] Sent: Saturday, May 20, 2006 4:47 PM To: MailScanner discussion; MailScanner Announcements List Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! Your Software Needs You! I really need some people who are prepared to help with the beta testing of new MailScanner releases. MailScanner is now a complex mature application and the testing I can do on particular features is not enough to prove the co-operation between different settings. This has been highlighted in 4.53. So if you are prepared to partake in beta testing for me then please contact me directly at mailscanner@ecs.soton.ac.uk. You will need to be prepared to either 1) run beta versions on your live MailScanner systems if you are brave, or 2) run beta versions on a copy of your mail feed on a test server. This can be done (with sendmail) using the "roundhouse" milter available from SnertSoft. I'm sure the same can be achieved with Postfix, Exim and ZMailer. It does not matter how much mail you process each day at all. A home user prepared to tweak new settings on a system processing 30 messages per day is just as useful as an ISP processing 100,000 messages per day. Unknowingly, you will each be testing different aspects of MailScanner, so all help is useful regardless of size. I am not insisting that you test every single beta test version I publish, just that you help where and when you can, particularly in the run-up to a stable release. More about that in a minute. Unfortunately I can only offer you payment for this in the form of the odd T-shirt and the satisfaction that you are making an essential contribution to the best email filtering system on the planet. The more of you who are prepared to help, the better. Let us all work together to maintain MailScanner's high standards in quality and performance! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From drew at themarshalls.co.uk Sun May 21 13:49:46 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Sun May 21 13:50:33 2006 Subject: Offtopic: Postfix Question In-Reply-To: <20060521130525.126ab322@cyborg> References: <20060521130525.126ab322@cyborg> Message-ID: <82E89EDB-D842-4048-AC1D-1F1FC47F0E51@themarshalls.co.uk> On 21 May 2006, at 14:05, --[UxBoD]-- wrote: > Hi All, > > i have found that when I receive emails to my server I get the "to" > element including both my actual email address, and my address of > the mail server > ie. > > From:mailscanner-bounces@lists.mailscanner.info > To:uxbod@splatnix.net,uxbod@mailhub.splatnix.net > > My domain is setup as a virtual so anything@domain.com will drop > into a single mailbox. This causes havoc with white/black lists. > Anybody know how > to stop this ? Don't use virtual addresses like this I am afraid. This is caused by the virtual aliasing in Postfix being done by the cleanup agent just after the message is accepted by smtpd, both of which happen before MailScanner sees the message hence causing the double address list. The only other thing I would add is you would be better blacklisting at Postfix level, which would also get round this problem. Just put the blacklisted recipient address address in transport.cf with the right handside of the table with error: and postmap transport.cf. You can also blacklist incoming addresses using client access with addresses/ domains/ ip addresses. Just put an entry in main.cf under smtpd_client_restrictions = check_client_access hash:/ etc/postfix/client_access http://www.postfix.org/access.5.html gives more details. If this is a problem, I suggest using the local aliases (Which get aliased by trivial-rewrite post MailScanner) which would get round this problem. Just depends on how many domains you are hosting and the practicalities in your system. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From uxbod at splatnix.net Sun May 21 14:58:31 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Sun May 21 14:09:59 2006 Subject: Offtopic: Postfix Question In-Reply-To: <82E89EDB-D842-4048-AC1D-1F1FC47F0E51@themarshalls.co.uk> References: <20060521130525.126ab322@cyborg> <82E89EDB-D842-4048-AC1D-1F1FC47F0E51@themarshalls.co.uk> Message-ID: <20060521135831.4426728f@cyborg> Cheers Drew. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Mailscanner at mailing.kaufland-informationssysteme.com Sun May 21 14:14:05 2006 From: Mailscanner at mailing.kaufland-informationssysteme.com (Matthias Sutter) Date: Sun May 21 14:14:10 2006 Subject: MailScanner and OpenSuse10.1 Message-ID: <4470679D.3000607@mailing.kaufland-informationssysteme.com> Hi, is it possible to run Mailscanner on OpenSuse 10.1. Have somebody some experience? Matthias From root at doctor.nl2k.ab.ca Sun May 21 14:25:44 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Sun May 21 14:25:59 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: References: <446F8E53.5080407@ecs.soton.ac.uk> Message-ID: <20060521132544.GA14697@doctor.nl2k.ab.ca> Add this Londoner in exile to your list. On Sun, May 21, 2006 at 07:14:29AM -0500, rob freeman wrote: > Sign me up. I use my home install as a test bed for work as it is, so would be very willing to test out beta releases here at the house. > > Rob > > -----Original Message----- > From: Julian Field [mailto:MailScanner@ecs.soton.ac.uk] > Sent: Saturday, May 20, 2006 4:47 PM > To: MailScanner discussion; MailScanner Announcements List > Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! > > Your Software Needs You! > > I really need some people who are prepared to help with the beta testing > of new MailScanner releases. MailScanner is now a complex mature > application and the testing I can do on particular features is not > enough to prove the co-operation between different settings. This has > been highlighted in 4.53. > > So if you are prepared to partake in beta testing for me then please > contact me directly at mailscanner@ecs.soton.ac.uk. > > You will need to be prepared to either > 1) run beta versions on your live MailScanner systems if you are brave, > or > 2) run beta versions on a copy of your mail feed on a test server. This > can be done (with sendmail) using the "roundhouse" milter available from > SnertSoft. I'm sure the same can be achieved with Postfix, Exim and ZMailer. > > It does not matter how much mail you process each day at all. A home > user prepared to tweak new settings on a system processing 30 messages > per day is just as useful as an ISP processing 100,000 messages per day. > Unknowingly, you will each be testing different aspects of MailScanner, > so all help is useful regardless of size. > > I am not insisting that you test every single beta test version I > publish, just that you help where and when you can, particularly in the > run-up to a stable release. More about that in a minute. > > Unfortunately I can only offer you payment for this in the form of the > odd T-shirt and the satisfaction that you are making an essential > contribution to the best email filtering system on the planet. > > The more of you who are prepared to help, the better. > Let us all work together to maintain MailScanner's high standards in > quality and performance! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun May 21 16:04:56 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun May 21 16:06:04 2006 Subject: MailScanner and OpenSuse10.1 In-Reply-To: <4470679D.3000607@mailing.kaufland-informationssysteme.com> References: <4470679D.3000607@mailing.kaufland-informationssysteme.com> Message-ID: <44708198.8050407@ecs.soton.ac.uk> Have you tried downloading the SuSE distribution version of MailScanner and running the ./install.sh script? You should have no problems. Matthias Sutter wrote: > Hi, > > is it possible to run Mailscanner on OpenSuse 10.1. > Have somebody some experience? > > Matthias -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From lhaig at haigmail.com Sun May 21 18:07:11 2006 From: lhaig at haigmail.com (Lance Haig) Date: Sun May 21 18:07:09 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <446F8E53.5080407@ecs.soton.ac.uk> References: <446F8E53.5080407@ecs.soton.ac.uk> Message-ID: <44709E3F.4090501@haigmail.com> Just sent you an e-mail Count me in Lance Julian Field wrote: > Your Software Needs You! > > I really need some people who are prepared to help with the beta > testing of new MailScanner releases. MailScanner is now a complex > mature application and the testing I can do on particular features is > not enough to prove the co-operation between different settings. This > has been highlighted in 4.53. > > So if you are prepared to partake in beta testing for me then please > contact me directly at mailscanner@ecs.soton.ac.uk. > > You will need to be prepared to either > 1) run beta versions on your live MailScanner systems if you are brave, > or > 2) run beta versions on a copy of your mail feed on a test server. > This can be done (with sendmail) using the "roundhouse" milter > available from SnertSoft. I'm sure the same can be achieved with > Postfix, Exim and ZMailer. > > It does not matter how much mail you process each day at all. A home > user prepared to tweak new settings on a system processing 30 messages > per day is just as useful as an ISP processing 100,000 messages per > day. Unknowingly, you will each be testing different aspects of > MailScanner, so all help is useful regardless of size. > > I am not insisting that you test every single beta test version I > publish, just that you help where and when you can, particularly in > the run-up to a stable release. More about that in a minute. > > Unfortunately I can only offer you payment for this in the form of the > odd T-shirt and the satisfaction that you are making an essential > contribution to the best email filtering system on the planet. > > The more of you who are prepared to help, the better. > Let us all work together to maintain MailScanner's high standards in > quality and performance! > From lhaig at haigmail.com Sun May 21 18:09:06 2006 From: lhaig at haigmail.com (Lance Haig) Date: Sun May 21 18:09:03 2006 Subject: MailScanner and OpenSuse10.1 In-Reply-To: <4470679D.3000607@mailing.kaufland-informationssysteme.com> References: <4470679D.3000607@mailing.kaufland-informationssysteme.com> Message-ID: <44709EB2.8070306@haigmail.com> Matthias, I have and do run it. I will be upgrading my last box asap. Lance Matthias Sutter wrote: > Hi, > > is it possible to run Mailscanner on OpenSuse 10.1. > Have somebody some experience? > > Matthias From admin at thenamegame.com Sun May 21 18:52:59 2006 From: admin at thenamegame.com (Michael S.) Date: Sun May 21 18:51:36 2006 Subject: MailScanner is responsible for SWAP usage! Message-ID: <200605211751.k4LHpXWq010358@bkserver.blacknight.ie> We are running a bunch of new Dual Opterton w/L2 cache servers running dual SCSI drives and 4GB of ram. With 200 websites on one server we have never seen a load above .50 even at 4am when the box is running daily crons. Without MailScanner installed our SWAP usage is ZERO. After we placed these servers into production 3 weeks ago we let the server run without MS to make sure they were stable. Swap space prior to installing MS was still zero. Last week we install MS with only 3 child processes selected in MailScanner.conf. Now our swap space has started to increase on a daily basis. One one box for example swap space is already at 650K and rising. So that would mean that MS is responsible as we have Zero swapping without MS installed. :-( -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060521/66927fa9/attachment.html From raymond at prolocation.net Sun May 21 19:01:42 2006 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Sun May 21 19:01:39 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <200605211751.k4LHpXWq010358@bkserver.blacknight.ie> References: <200605211751.k4LHpXWq010358@bkserver.blacknight.ie> Message-ID: Hi! > With 200 websites on one server we have never seen a load above .50 even at > 4am when the box is running daily crons. > > Without MailScanner installed our SWAP usage is ZERO. After we placed these > servers into production 3 weeks ago we let the server run without MS to make > sure they were stable. Swap space prior to installing MS was still zero. > > Last week we install MS with only 3 child processes selected in > MailScanner.conf. Now our swap space has started to increase on a daily > basis. One one box for example swap space is already at 650K and rising. So > that would mean that MS is responsible as we have Zero swapping without MS > installed. Whats your point? So it uses RAM? Feel free to switch it off. We have a couple of dual opterons running, processing a couple of hundred thousand mails a day, also 4 GIG RAM inside, no swapping at all there. So it must be a combination of what you are doing on the box. [root@vmx100 ~]# free total used free shared buffers cached Mem: 4046976 3771184 275792 0 288720 251280 -/+ buffers/cache: 3231184 815792 Swap: 4192956 0 4192956 [root@vmx100 ~]# w 19:56:56 up 11 days, 4:35, 1 user, load average: 1.11, 1.21, 1.25 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 ns2.prolocation. 19:56 0.00s 0.01s 0.00s w Knowing this box is processing 2-5 mbit/s mailflow continuesly i can really say, please provide more info, and also, what you wanna know. Your posting is somehow open and only telling it used ram. Yes, MS uses ram, read the FAQ thats pretty normal. We have the mailscanner boxes running dedicated, might be wise to try something alike. Bye, Raymond. From Mailscanner at mailing.kaufland-informationssysteme.com Sun May 21 19:24:44 2006 From: Mailscanner at mailing.kaufland-informationssysteme.com (Matthias Sutter) Date: Sun May 21 19:24:48 2006 Subject: Split the mails In-Reply-To: <037401c662ff$9e01f9f0$3004010a@martinhlaptop> References: <037401c662ff$9e01f9f0$3004010a@martinhlaptop> Message-ID: <4470B06C.2060706@mailing.kaufland-informationssysteme.com> I read the exim.txt ;) - but there are some ambiguities. I installed an incomming exim with the split options. Bit now I get this message: [ip] F= rejected RCPT : Unrouteable address need I an other dummy mailroute ? Martin Hepworth wrote: >Have a look in the tar.gz file - there's an exim.txt... > >-- >Martin Hepworth >Snr Systems Administrator >Solid State Logic >Tel: +44 (0)1865 842300 > > > >>-----Original Message----- >>From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>bounces@lists.mailscanner.info] On Behalf Of Matthias Sutter >>Sent: 18 April 2006 16:46 >>To: pete@enitech.com.au >>Cc: MailScanner discussion >>Subject: Re: Split the mails >> >>Hello Peter, >> >>I will try now exim ;) >>can you send me or explain me the exim config section for the mail Mail >>splitting. >> >>Matthias >> >>Peter Russell wrote: >> >> >> >>>It isnt possible on Posthfix unless some one write a script to do it >>>as a filter in Postfix...but i am sure that as soon as it is written >>>the functionality of postfix will change and break it. >>> >>>If i hadnt already begun with postfix i would ahve learnt Exim - one >>> >>> >>day! >> >> >>>Martin Hepworth wrote: >>> >>> >>> >>>>Matthias >>>> >>>>Only possible if you're running sendmail or exim. >>>>Basically you have to get the MTa to split the 1 email with many >>>>recipients >>>>into many emails with 1 recipient. >>>> >>>>There's instructions on how to do this for sendmail and exim in this >>>>file... >>>> >>>>http://www.fsl.com/support/QuarantineReport.tar.gz >>>> >>>> >>>> >>>>-- >>>>Martin Hepworth Snr Systems Administrator >>>>Solid State Logic >>>>Tel: +44 (0)1865 842300 >>>> >>>> >>>> >>>> >>>>>-----Original Message----- >>>>>From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>>>>bounces@lists.mailscanner.info] On Behalf Of Matthias Sutter >>>>>Sent: 17 March 2006 15:30 >>>>>To: MailScanner discussion >>>>>Subject: Split the mails >>>>> >>>>>I make several Spam actions for different users. >>>>>But if a mail contains several receiver only the first rule work. >>>>> >>>>>Now is it possible to split into several mails for each receiver? >>>>> >>>>>Or is there an other - may cooler way? >>>>> >>>>>Matthias >>>>>-- >>>>>MailScanner mailing list >>>>>mailscanner@lists.mailscanner.info >>>>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>>Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>>Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>> >>>> >>>>********************************************************************** >>>> >>>>This email and any files transmitted with it are confidential and >>>>intended solely for the use of the individual or entity to whom they >>>>are addressed. If you have received this email in error please notify >>>>the system manager. >>>> >>>>This footnote confirms that this email message has been swept >>>>for the presence of computer viruses and is believed to be clean. >>>> >>>>********************************************************************** >>>> >>>> >>>> >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! >> >> > > >********************************************************************** > >This email and any files transmitted with it are confidential and >intended solely for the use of the individual or entity to whom they >are addressed. If you have received this email in error please notify >the system manager. > >This footnote confirms that this email message has been swept >for the presence of computer viruses and is believed to be clean. > >********************************************************************** > > > From admin at thenamegame.com Sun May 21 19:32:28 2006 From: admin at thenamegame.com (Michael S.) Date: Sun May 21 19:30:58 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: Message-ID: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> What's the point? If you can't see my point then I can't help you with that. Here is the point for clarification. 3 x 20MB = 60MB of ram that is supposedly used by MS. We process less than 1,200 messages a day on this server in total. So the question is, why does the box swap when MS is installed on a box with 4GB of memory? One the boxes that do not have MS installed we are running the identical setup and there is ZERO SWAPPING. If I remove MS and reboot the server there is no swapping. Hope this clarifies the point I was trying to make which obviously you didn't get from the original message. Thanks -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Raymond Dijkxhoorn Sent: Sunday, May 21, 2006 2:02 PM To: MailScanner discussion Subject: Re: MailScanner is responsible for SWAP usage! Hi! > With 200 websites on one server we have never seen a load above .50 even at > 4am when the box is running daily crons. > > Without MailScanner installed our SWAP usage is ZERO. After we placed these > servers into production 3 weeks ago we let the server run without MS to make > sure they were stable. Swap space prior to installing MS was still zero. > > Last week we install MS with only 3 child processes selected in > MailScanner.conf. Now our swap space has started to increase on a daily > basis. One one box for example swap space is already at 650K and rising. So > that would mean that MS is responsible as we have Zero swapping without MS > installed. Whats your point? So it uses RAM? Feel free to switch it off. We have a couple of dual opterons running, processing a couple of hundred thousand mails a day, also 4 GIG RAM inside, no swapping at all there. So it must be a combination of what you are doing on the box. [root@vmx100 ~]# free total used free shared buffers cached Mem: 4046976 3771184 275792 0 288720 251280 -/+ buffers/cache: 3231184 815792 Swap: 4192956 0 4192956 [root@vmx100 ~]# w 19:56:56 up 11 days, 4:35, 1 user, load average: 1.11, 1.21, 1.25 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 ns2.prolocation. 19:56 0.00s 0.01s 0.00s w Knowing this box is processing 2-5 mbit/s mailflow continuesly i can really say, please provide more info, and also, what you wanna know. Your posting is somehow open and only telling it used ram. Yes, MS uses ram, read the FAQ thats pretty normal. We have the mailscanner boxes running dedicated, might be wise to try something alike. Bye, Raymond. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From raymond at prolocation.net Sun May 21 20:15:39 2006 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Sun May 21 20:15:37 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> References: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> Message-ID: Hi! > Here is the point for clarification. 3 x 20MB = 60MB of ram that is > supposedly used by MS. We process less than 1,200 messages a day on this > server in total. So the question is, why does the box swap when MS is > installed on a box with 4GB of memory? One the boxes that do not have MS > installed we are running the identical setup and there is ZERO SWAPPING. If > I remove MS and reboot the server there is no swapping. > > Hope this clarifies the point I was trying to make which obviously you > didn't get from the original message. So provide stats. What other things are running , abviously your box is loaded with other things that consume ram also. You should be able to get some more details i think when you provide more info. Like i asked in my previous posting also. So, why does it swap? you tell us! Show whats on the box, show whats using memmory and so on, use tools like vmstat and so on, top, atop, ect ect. Bye, Raymond. From jon at radel.com Sun May 21 21:57:04 2006 From: jon at radel.com (Jon Radel) Date: Sun May 21 21:56:39 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> References: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> Message-ID: <4470D420.9050406@radel.com> Michael S. wrote: > What's the point? If you can't see my point then I can't help you with that. > > Here is the point for clarification. 3 x 20MB = 60MB of ram that is > supposedly used by MS. We process less than 1,200 messages a day on this > server in total. So the question is, why does the box swap when MS is > installed on a box with 4GB of memory? One the boxes that do not have MS > installed we are running the identical setup and there is ZERO SWAPPING. If > I remove MS and reboot the server there is no swapping. > > Hope this clarifies the point I was trying to make which obviously you > didn't get from the original message. > > Thanks Oh, you're so asking for people to gang up on you. Why? Not a troll are you? Some other random points: 1) Sweeping many details under the proverbial carpet, operating systems tend to swap when the total memory requirements of ALL PROCESSES exceed the physical RAM available. Blaming the swapping on MS simply because it was the last major install on what you effectively called a busy web server seems a touch silly. I suspect that if you shut down the web server, memory utilization would also drop. 2) You're now batting 0% on people taking the time to respond to you not getting your point, so your statement: " If you can't see my point then I can't help you with that," is probably false. I suspect that if you actually wrote an articulate statement of what your point was, it would go a long way towards comprehension on the part of your readers. Do you want us to make recommendations on how to avoid ever swapping? It would help if you explained why you desire this so strongly. (Hint, you might wish to care about the rate of swapping much more than you care about the overall amount of swap space used, especially when it's a mere 650K. Also, without knowing even which OS you're using, never mind little details about how much RAM is being used for, oh, useful things like file caching, it's hard to have a conversation that rises above: "The sky is falling, the sky is falling!") Do you wish to provide humor on a slow Sunday with dire statements about how adding a large suite of software to a busy server caused swap utilization to creep up to, OMG, 650K? (I'll admit that I got good chuckle out of your original mail.) Do you want advice on how to actually analyze the problem in a useful fashion with real numbers? Start by giving us real details, not "the last program installed is obviously the one which causes swapping." --Jon Radel Troll bait on a slow Sunday From rich at mail.wvnet.edu Sun May 21 21:58:06 2006 From: rich at mail.wvnet.edu (Richard Lynch) Date: Sun May 21 21:58:27 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> References: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> Message-ID: <4470D45E.1080507@mail.wvnet.edu> Michael S. wrote: > What's the point? If you can't see my point then I can't help you with that. > > Here is the point for clarification. 3 x 20MB = 60MB of ram that is > supposedly used by MS. We process less than 1,200 messages a day on this > server in total. So the question is, why does the box swap when MS is > installed on a box with 4GB of memory? One the boxes that do not have MS > installed we are running the identical setup and there is ZERO SWAPPING. If > I remove MS and reboot the server there is no swapping. > > Hope this clarifies the point I was trying to make which obviously you > didn't get from the original message. > > Thanks > All processes use real memory and MS uses it's share. If real memory is over committed then the system will swap. Swapping isn't in and of itself necessarily a bad thing. If it's not impacting system performance then there's no need to be concerned. You've given no indication of the impact swapping is having to the applications running on your system. So, it's difficult for anyone to comment on your post. A 650KB swap file is nothing. Nearly all of my systems have over 50MB of swap space in use. All of my systems swap some. When system performance suffers to unreasonable levels then it's time to buy more RAM. Actually, with proper monitoring, I should buy more before it reaches that level. It's all about acceptable system performance levels. You need to use other mechanisms to determine that. System load (uptime and others), vmstat, iostat, sar, top, etc are the tools you use to determine what's going on with your system. Again, swapping isn't evil unless it's excessive and impacted the system workload adversely. If it doesn't swap at all then I've wasted my money on too much RAM! :). Regards, Richard -- -------------- next part -------------- A non-text attachment was scrubbed... Name: rich.vcf Type: text/x-vcard Size: 299 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060521/ee38515b/rich.vcf From maillists at conactive.com Sun May 21 22:31:23 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun May 21 22:29:31 2006 Subject: MailScanner and OpenSuse10.1 In-Reply-To: <4470679D.3000607@mailing.kaufland-informationssysteme.com> References: <4470679D.3000607@mailing.kaufland-informationssysteme.com> Message-ID: Matthias Sutter wrote on Sun, 21 May 2006 15:14:05 +0200: > is it possible to run Mailscanner on OpenSuse 10.1. Why not? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Sun May 21 22:31:23 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun May 21 22:29:34 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> References: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> Message-ID: Michael S. wrote on Sun, 21 May 2006 14:32:28 -0400: > What's the point? What is *your* point? Get some decent diagnostics together and stop crying wolf. Yes, it's quite possible that if you stop running MailScanner your swapping will stop. Analyze how you use it and what you use and you will find the cause for the problem and *can change the way you use it*. And please understand that MailScanner ist not "MailScanner", it's MailScanner plus SA plus ClamAV and maybe other software you added to that mix. > > Here is the point for clarification. 3 x 20MB = 60MB of ram that is > supposedly used by MS. No. That's not even the absolute *minimum*. (the minimum would be that + 15 MB or so for the main MS process). I know people who upped this to 500 MB per process or so We process less than 1,200 messages a day on this > server in total. So the question is, why does the box swap when MS is > installed on a box with 4GB of memory? I suggest you start using ps, free and other administrator's tools. Yes, my answer may sound unfriendly. That's exactly what I feel your posting and some others from you I saw earlier this week were. Community is a give and take. And before you cry for the community get your act together. As I understand you are a *system administrator*, are you? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Sun May 21 23:31:22 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun May 21 23:29:30 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <4470D45E.1080507@mail.wvnet.edu> References: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> <4470D45E.1080507@mail.wvnet.edu> Message-ID: Richard Lynch wrote on Sun, 21 May 2006 16:58:06 -0400: > A 650KB swap file is nothing. I'm sure he means 650 MB. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From rich at mail.wvnet.edu Sun May 21 23:47:17 2006 From: rich at mail.wvnet.edu (Richard Lynch) Date: Sun May 21 23:47:47 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: References: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> <4470D45E.1080507@mail.wvnet.edu> Message-ID: <4470EDF5.6030900@mail.wvnet.edu> Kai Schaetzl wrote: > Richard Lynch wrote on Sun, 21 May 2006 16:58:06 -0400: > > >> A 650KB swap file is nothing. >> > > I'm sure he means 650 MB. > > Kai > > I'm not so sure and it's not what he said. When comparing to "ZERO" I suppose that 650KB can seem large. In the context of the discussion (if you can call it that) I'm assuming he meant used storage and not the total allocated for the swap file. What a minute... maybe that's it. If I only had a 650KB swap file then I would be concerned about it being non zero! *Just kidding*. The bottom line is... Don't use the swap file usage as the sole indicator that something is wrong! Given the description and the mail load he indicated (a mere 1200 messages/day), I don't believe anything is wrong. Richard -- -------------- next part -------------- A non-text attachment was scrubbed... Name: rich.vcf Type: text/x-vcard Size: 299 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060521/b2f27fb0/rich.vcf From admin at thenamegame.com Mon May 22 00:44:18 2006 From: admin at thenamegame.com (Michael S.) Date: Mon May 22 00:43:02 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: Message-ID: <200605212343.k4LNh005018043@bkserver.blacknight.ie> >> Are all the people from Germany assholes or is that only a select few? >> Go flame somebody else Kai, or whatever you call yourself. Yes, my answer may sound unfriendly. That's exactly what I feel your posting and some others from you I saw earlier this week were. Community is a give and take. And before you cry for the community get your act together. As I understand you are a *system administrator*, are you? Kai >> Get over yourself. Since nobody was talking to you personally in any previous post you should lean to mind your own. If you don?t have anything constructive to say why even bother? Or didn?t they teach you that as a kid? Obviously they didn?t! >> Absolute Moron! -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From maillists at conactive.com Mon May 22 01:19:44 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon May 22 01:19:41 2006 Subject: Microsoft .doc exploit In-Reply-To: <446F4B76.2040601@ecs.soton.ac.uk> References: <446F4B76.2040601@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Sat, 20 May 2006 18:01:42 +0100: > So > for a random filename and file content, you actually cannot say for > definite what will happen when a user tries to "run" a file. As far as I > am aware, Microsoft do not document the circumstances in which they use > the file's content and not its name. What happens is the following: - if the file suffix is known to the system (a suffix registered in HKR) it will open with the program associated with it - if the file suffix is not known Windows will launch a dialog depending on the Windows version what to do with it - if the file suffix is not known, but is a Microsoft Office file Windows is able to detect that and will not offer that dialog but open it in the associated program (that means changing a .doc file to .txt will *not* launch Word because that is a known file type associated to a text editor) So, blocking .doc etc. files by suffix seems to be a failed effort since it doesn't seem to matter which (or if) extension they have. :-( Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From jon at radel.com Mon May 22 01:36:44 2006 From: jon at radel.com (Jon Radel) Date: Mon May 22 01:36:18 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: References: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> <4470D45E.1080507@mail.wvnet.edu> Message-ID: <4471079C.20705@radel.com> Kai Schaetzl wrote: > Richard Lynch wrote on Sun, 21 May 2006 16:58:06 -0400: > >> A 650KB swap file is nothing. > > I'm sure he means 650 MB. > > Kai > Why? Linux boxes are perfectly capable of gathering little bits of cruft in swap. I've got a [much wimpier than those under discussion] Linux box here that in the last 203 days has somehow gathered 163KB in swap that just sits there despite there being 5MB physical RAM free (and considerably more physical RAM free if you subtract the buffers and cache). --Jon Radel From jrudd at ucsc.edu Mon May 22 01:39:33 2006 From: jrudd at ucsc.edu (John Rudd) Date: Mon May 22 01:39:59 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <200605212343.k4LNh005018043@bkserver.blacknight.ie> References: <200605212343.k4LNh005018043@bkserver.blacknight.ie> Message-ID: <34ea99e6d52c4a76b13454b9a95550f8@ucsc.edu> On May 21, 2006, at 4:44 PM, Michael S. wrote: > >>> Absolute Moron! Wow. "Winning friends and influencing people" is clearly not your strong suit. Which is a shame, because unless you go out and buy support for mailscanner from someone, I bet the community isn't going to be embracing you at all, at this point. From alex at nkpanama.com Mon May 22 01:42:00 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon May 22 01:42:06 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <200605212343.k4LNh005018043@bkserver.blacknight.ie> References: <200605212343.k4LNh005018043@bkserver.blacknight.ie> Message-ID: <447108D8.3090409@nkpanama.com> I believe we should add ESR's "how to ask questions the smart way" at: http://www.catb.org/~esr/faqs/smart-questions.html to the list footer. It could point people in the right direction. One thing I've noticed is that the best way to get help when you can't properly diagnose the situation is to ask help on how to diagnose it (perhaps with an OT: prefix). If you *do* know how to diagnose it properly, then posting a complete detail of what you diagnosed, steps taken, results expected, etc. will give you a much higher probability of getting help than if you don't. For example, I see a lot of "use vmstat and iogleekzorp, then get the output of the tornpee command and pipe it through blekzap so you can tell how many hyperspanning buffers are stuck in a temporal loop because of the tachyon-chroniton exposure due to triolic radiation in the dylithium chamber". Or something like that. I have absolutely *no* idea how to go *that* deep into the system in order to diagnose. I just use a bit of logic and some poking around, in a completely unscientific (for example, "the red hard disk light seems to blink a lot less now") way, and it usually works. I *do* know better than to act outright hostile (or to even give the opportunity for my message to be interpreted as hostile) if I don't like an answer. See: http://www.csmonitor.com/2006/0515/p13s01-stct.html http://www.webfoot.com/advice/email.intonation.html In any case, *THE FOLLOWING IS A JOKE*: :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) Suggested procmail recipe to deal with this particular problem: :0: * ^From: .*thenamegame.com /dev/null :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) From alex at nkpanama.com Mon May 22 01:44:18 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon May 22 01:44:20 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <4471079C.20705@radel.com> References: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> <4470D45E.1080507@mail.wvnet.edu> <4471079C.20705@radel.com> Message-ID: <44710962.5020701@nkpanama.com> Jon Radel wrote: > Why? Linux boxes are perfectly capable of gathering little bits of > cruft in swap. I've got a [much wimpier than those under discussion] > Linux box here that in the last 203 days has somehow gathered 163KB in > swap that just sits there despite there being 5MB physical RAM free (and > considerably more physical RAM free if you subtract the buffers and cache). > > --Jon Radel > I'm sure (IANAKP, I Am Not A Kernel Programmer) that it's something that follows the simple philosophy of "I *know* I'm not gonna need it so I'll just drop it here in swap where I know I can get to it if I the situation changes". Still, makes me wonder... What if I set up the swapfile to reside in a ramdisk? ;-) From jon at radel.com Mon May 22 01:45:47 2006 From: jon at radel.com (Jon Radel) Date: Mon May 22 01:45:18 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <200605212343.k4LNh005018043@bkserver.blacknight.ie> References: <200605212343.k4LNh005018043@bkserver.blacknight.ie> Message-ID: <447109BB.90003@radel.com> Michael S. wrote: >>> Are all the people from Germany assholes or is that only a select few? > >>> Go flame somebody else Kai, or whatever you call yourself. > > > Yes, my answer may sound unfriendly. That's exactly what I feel your posting > > and some others from you I saw earlier this week were. Community is a give > and > take. And before you cry for the community get your act together. As I > understand you are a *system administrator*, are you? > > Kai > >>> Get over yourself. Since nobody was talking to you personally in any > previous post you should lean to mind your own. If you don?t have anything > constructive to say why even bother? Or didn?t they teach you that as a kid? > Obviously they didn?t! > >>> Absolute Moron! > Ahhhh, you know, when we suggested you make your point coherently we didn't really mean that you should start making fun of people's names. You grow unamusing, so I'm out of here. [My apologies to the rest of you for any role I had in encouraging him.] --Jon Radel From alex at nkpanama.com Mon May 22 01:52:38 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon May 22 01:52:37 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <34ea99e6d52c4a76b13454b9a95550f8@ucsc.edu> References: <200605212343.k4LNh005018043@bkserver.blacknight.ie> <34ea99e6d52c4a76b13454b9a95550f8@ucsc.edu> Message-ID: <44710B56.8040404@nkpanama.com> John Rudd wrote > Wow. "Winning friends and influencing people" is clearly not your > strong suit. Which is a shame, because unless you go out and buy > support for mailscanner from someone, I bet the community isn't going > to be embracing you at all, at this point. Not to mention his/her users. Eventually they will come with pitchforks and torches. This kind of attitude is only funny on "The IT Crowd", not in real life - although most of us probably would love to go BOFH on our users from time to time. Caffeine overdoses might push some people over the edge, but you never know... In any case, this type of attitude can be quite useful if channeled properly (i.e., working in fields where a quick, violent reaction can be useful, like the armed forces, personal security, high school principal, soccer hooligan, etc.) :-) From admin at thenamegame.com Mon May 22 02:12:20 2006 From: admin at thenamegame.com (Michael S.) Date: Mon May 22 02:11:01 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <34ea99e6d52c4a76b13454b9a95550f8@ucsc.edu> Message-ID: <200605220111.k4M1B0nT021647@bkserver.blacknight.ie> I don't need support for MailScanner. I am quite capable of handling all MS issue myself and need no MS help. My only question in the past was regarding the failed installation on MS on FREEBSD or at least its lack of proper installation via the ports system. I did not ask for any kind of HELP. And my second message that received flames was based on MS swapping on a box that handles little mail and has far more memory than most systems do and a query as to why its swapping. That's it! So before you go throwing yourself around in the forums as an expert on anything try to remind yourself the reasons why I posted in the first place. I'm not here to make friends or to listen to your baloney. Good day! -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of John Rudd Sent: Sunday, May 21, 2006 8:40 PM To: MailScanner discussion Subject: Re: MailScanner is responsible for SWAP usage! On May 21, 2006, at 4:44 PM, Michael S. wrote: > >>> Absolute Moron! Wow. "Winning friends and influencing people" is clearly not your strong suit. Which is a shame, because unless you go out and buy support for mailscanner from someone, I bet the community isn't going to be embracing you at all, at this point. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mike at vesol.com Mon May 22 02:19:18 2006 From: mike at vesol.com (Mike Kercher) Date: Mon May 22 02:19:39 2006 Subject: MailScanner is responsible for SWAP usage! Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Michael S. > Sent: Sunday, May 21, 2006 8:12 PM > To: 'MailScanner discussion' > Subject: RE: MailScanner is responsible for SWAP usage! > > I don't need support for MailScanner. I am quite capable of > handling all MS issue myself and need no MS help. My only > question in the past was regarding the failed installation on > MS on FREEBSD or at least its lack of proper installation via > the ports system. I did not ask for any kind of HELP. And my > second message that received flames was based on MS swapping > on a box that handles little mail and has far more memory > than most systems do and a query as to why its swapping. That's it! > > So before you go throwing yourself around in the forums as an > expert on anything try to remind yourself the reasons why I > posted in the first place. > > I'm not here to make friends or to listen to your baloney. > > Good day! > You're a dick. Good luck getting any help. From admin at thenamegame.com Mon May 22 02:35:29 2006 From: admin at thenamegame.com (Michael S.) Date: Mon May 22 02:34:01 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: Message-ID: <200605220133.k4M1XxLL022458@bkserver.blacknight.ie> Same to fella! -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mike Kercher Sent: Sunday, May 21, 2006 9:19 PM To: MailScanner discussion Subject: RE: MailScanner is responsible for SWAP usage! > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Michael S. > Sent: Sunday, May 21, 2006 8:12 PM > To: 'MailScanner discussion' > Subject: RE: MailScanner is responsible for SWAP usage! > > I don't need support for MailScanner. I am quite capable of > handling all MS issue myself and need no MS help. My only > question in the past was regarding the failed installation on > MS on FREEBSD or at least its lack of proper installation via > the ports system. I did not ask for any kind of HELP. And my > second message that received flames was based on MS swapping > on a box that handles little mail and has far more memory > than most systems do and a query as to why its swapping. That's it! > > So before you go throwing yourself around in the forums as an > expert on anything try to remind yourself the reasons why I > posted in the first place. > > I'm not here to make friends or to listen to your baloney. > > Good day! > You're a dick. Good luck getting any help. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From admin at thenamegame.com Mon May 22 02:40:51 2006 From: admin at thenamegame.com (Michael S.) Date: Mon May 22 02:39:21 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <200605220133.k4M1XxLL022458@bkserver.blacknight.ie> Message-ID: <200605220139.k4M1dImU022641@bkserver.blacknight.ie> Oops, a typo, I meant to say SAME TO YOU FELLA! Hmm maybe ill be flamed for a type too! -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Michael S. Sent: Sunday, May 21, 2006 9:35 PM To: 'MailScanner discussion' Subject: RE: MailScanner is responsible for SWAP usage! Same to fella! -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mike Kercher Sent: Sunday, May 21, 2006 9:19 PM To: MailScanner discussion Subject: RE: MailScanner is responsible for SWAP usage! > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Michael S. > Sent: Sunday, May 21, 2006 8:12 PM > To: 'MailScanner discussion' > Subject: RE: MailScanner is responsible for SWAP usage! > > I don't need support for MailScanner. I am quite capable of > handling all MS issue myself and need no MS help. My only > question in the past was regarding the failed installation on > MS on FREEBSD or at least its lack of proper installation via > the ports system. I did not ask for any kind of HELP. And my > second message that received flames was based on MS swapping > on a box that handles little mail and has far more memory > than most systems do and a query as to why its swapping. That's it! > > So before you go throwing yourself around in the forums as an > expert on anything try to remind yourself the reasons why I > posted in the first place. > > I'm not here to make friends or to listen to your baloney. > > Good day! > You're a dick. Good luck getting any help. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From alex at nkpanama.com Mon May 22 03:13:19 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon May 22 03:13:42 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <200605220139.k4M1dImU022641@bkserver.blacknight.ie> References: <200605220139.k4M1dImU022641@bkserver.blacknight.ie> Message-ID: <44711E3F.8070107@nkpanama.com> Michael S. wrote: > Oops, a typo, I meant to say SAME TO YOU FELLA! Hmm maybe ill be flamed for > a type too! > It looks more like one guy flaming the list... From james at grayonline.id.au Mon May 22 05:44:17 2006 From: james at grayonline.id.au (James Gray) Date: Mon May 22 05:44:46 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <200605220111.k4M1B0nT021647@bkserver.blacknight.ie> References: <200605220111.k4M1B0nT021647@bkserver.blacknight.ie> Message-ID: <200605221444.22517.james@grayonline.id.au> On Mon, 22 May 2006 11:12, Michael S. wrote: >And my second message that received flames was based on MS > swapping on a box that handles little mail and has far more memory than > most systems do and a query as to why its swapping. That's it! Simple - because the RAM requirement exceeds the available RAM *OR* the kernel is optimising for SPACE and swapping out rarely accessed libraries and/or applications. This is basic system admin knowledge. Now sit down and shut up - school is in. The bigger questions are: 1. What is running on your system and how is it configured? 2. How is the kernel/memory optimisation configured? Simply throwing the blame on MailScanner is like saying that because the last thing you did to your house was paint it, it's the painter's fault you've got termites! There could be underlying configurations/applications that need further tweaking, and installing MailScanner simply pushed these over some "high water" mark. Thus resulting in swap being used (PANIC! PANIC!) Depending on how your web server processes are set up, the mix of mail and web server may not play nice together. MailScanner spawns a FIXED number of children thus has a predictable memory footprint. Web servers OTOH (especially Apache 1.3x) can spawn and kill off dozens, even hundreds, of children commensurate with HTTP requests. Obviously the kernel will swap out rarely (or less frequently) used processes and libraries to make space for the webserver children. Once again, this is all basic system administration stuff and has VERY little to do with MailScanner per se. So far you haven't provided any information that would help any of us assist you further. FWIW the 20MB per MailScanner process/child is merely a rough guide; to quote the MAQ: "A process usually uses between 20 and 60 MB of RAM." On my systems, that is closer to 32Mb/child + 250kB Parent process (between the pair there is about 140MB non-resident). Here's the raw "ps -auxmM -u postfix" (with a few columns stripped) on my Mac OSX server (2GB RAM, one MS child): %MEM VSZ RSS STAT TIME COMMAND 1.5 99032 32172 S 0:08.50 MailScanner: waiting for messages 0.0 41188 248 S 0:00.03 MailScanner: starting child ^^^^^^^^^^^^ 1024 byte blocks If you are running any custom rule sets (Sare, Rules du jour, etc) these will add significantly to the memory footprint. Tools like "ps", "top", "atop", "vmstat" and their ilk will reveal volumes about what is going on. Oh, and 1200 messages per day - I've got a Celeron 333MHz with 256MB RAM handling about 3 times that mail volume with zero swap in use and about 1400 custom spamassassin rules (only a single MailScanner child)....of course, I KNOW how to configure my systems correctly. Here's some light reading seeing as you seem insistent on rejecting any outside assistance (watch the wrap): http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:performance&s=memory+footprint YMMV (and obviously does). James -- There are few people more often in the wrong than those who cannot endure to be thought so. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060522/019f4770/attachment.bin From alex at nkpanama.com Mon May 22 07:00:08 2006 From: alex at nkpanama.com (Alex Neuman) Date: Mon May 22 07:00:36 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <200605221444.22517.james@grayonline.id.au> References: <200605220111.k4M1B0nT021647@bkserver.blacknight.ie> <200605221444.22517.james@grayonline.id.au> Message-ID: <44715368.80102@nkpanama.com> Our MailScanner believes that the attachment to this message sent to you From: alex@nkpanama.com Subject: Re: MailScanner is responsible for SWAP usage! is Unsolicited Commercial Email (spam). Unless you are sure that this message is incorrectly thought to be spam, please delete this message without opening it. Opening spam messages might allow the spammer to verify your email address. If you believe that this message has been incorrectly marked as spam, please forward this email to postmaster. pts rule name description ---- ---------------------- -------------------------------------------------- 0.8 INFO_TLD URI: Contains an URL in the INFO top-level domain 3.2 URI_NO_WWW_INFO_CGI URI: CGI in .info TLD other than third-level "www" -------------- next part -------------- An embedded message was scrubbed... From: Alex Neuman Subject: Re: MailScanner is responsible for SWAP usage! Date: Mon, 22 May 2006 01:00:08 -0500 Size: 2823 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060522/b091fc28/attachment.mht From Jan-Peter.Koopmann at seceidos.de Mon May 22 07:48:08 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Mon May 22 07:48:18 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <200605212343.k4LNh005018043@bkserver.blacknight.ie> Message-ID: On Monday, May 22, 2006 1:44 AM Michael S. wrote: >>> Are all the people from Germany assholes or is that only a select >>> few? Quite a way to make friends. What nationality are you again? I have an educated guess but would love to hear it from you. Somehow your name sounded familiar and yes, there it was! The FreeBSD guy not able to communicate in a friendly way. If anyone is still trying to help you this again is proof for the fact that this mailing list is very forgiving and friendly in nature. :-) Why are you so unfriendly in the first place? People here _are_ trying to help you or at least were. No one was offensive to you (until a few hours ago). I am interested: Is this your normal way of communication in day to day life? >>> Go flame somebody else Kai, or whatever you call yourself. Well at least he is providing his real and full name. Not everybody is doing this. I wounder why... :-) From admin at thenamegame.com Mon May 22 08:27:06 2006 From: admin at thenamegame.com (Michael S.) Date: Mon May 22 08:25:59 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: Message-ID: <200605220725.k4M7PubR030213@bkserver.blacknight.ie> Koopman, why don't you follow the thread and note my original message was quite cordial. It's the snotty remarks from Kai that started it. Notice how he has shut up since? I merely suggested that MS was swapping on my box. Then I got a bunch of nasty, snotty replies. Defend MS all the way, but there is no need to be rude about it. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Koopmann, Jan-Peter Sent: Monday, May 22, 2006 2:48 AM To: MailScanner discussion Subject: RE: MailScanner is responsible for SWAP usage! On Monday, May 22, 2006 1:44 AM Michael S. wrote: >>> Are all the people from Germany assholes or is that only a select >>> few? Quite a way to make friends. What nationality are you again? I have an educated guess but would love to hear it from you. Somehow your name sounded familiar and yes, there it was! The FreeBSD guy not able to communicate in a friendly way. If anyone is still trying to help you this again is proof for the fact that this mailing list is very forgiving and friendly in nature. :-) Why are you so unfriendly in the first place? People here _are_ trying to help you or at least were. No one was offensive to you (until a few hours ago). I am interested: Is this your normal way of communication in day to day life? >>> Go flame somebody else Kai, or whatever you call yourself. Well at least he is providing his real and full name. Not everybody is doing this. I wounder why... :-) -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From raymond at prolocation.net Mon May 22 08:46:50 2006 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Mon May 22 08:46:51 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <200605220725.k4M7PubR030213@bkserver.blacknight.ie> References: <200605220725.k4M7PubR030213@bkserver.blacknight.ie> Message-ID: Hi! > Koopman, why don't you follow the thread and note my original message was > quite cordial. It's the snotty remarks from Kai that started it. Notice how > he has shut up since? I merely suggested that MS was swapping on my box. > Then I got a bunch of nasty, snotty replies. Defend MS all the way, but > there is no need to be rude about it. Would it be too much asked to just be polite on this list? Can i kindly suggest that you otherwise just unsubscribe. I think with this you can do yourself and many other subsribers a big favour. This is not the first thread thats going like this. I have asked you to provide some details, nothing back, i only see offending messages to other posters. I wonder why i even write this mail to you, knowing it will not make sense to you anyway. Take care, Raymond. From matt at coders.co.uk Mon May 22 08:57:37 2006 From: matt at coders.co.uk (Matt Hampton) Date: Mon May 22 08:57:39 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <200605220725.k4M7PubR030213@bkserver.blacknight.ie> References: <200605220725.k4M7PubR030213@bkserver.blacknight.ie> Message-ID: <44716EF1.6050101@coders.co.uk> Michael S. wrote: > Koopman, why don't you follow the thread and note my original message was > quite cordial. It's the snotty remarks from Kai that started it. Notice how > he has shut up since? I merely suggested that MS was swapping on my box. > Then I got a bunch of nasty, snotty replies. Defend MS all the way, but > there is no need to be rude about it. Guys Please take this in good nature this is intended. It's Monday - start of the week. Same Sh*t different week. This is friendly and well supported board and the degree to which this thread has flared up is normally restricted to the Postfix/MailScanner "debates"! ;-) Micheal: The Thread title was a poor choice without some evidence to back it up. As stated all processes could cause swapping to occur so you need to examine whether this is actually causing a performance issue. Everyone else: You know where the delete button is. It's not worth the raised eyebrows/blood pressure to get this worked up. Let's all go and get our choice of "get me through the day" beverage and carry on using (and abusing) MailScanner and trying to support our wonderful users. matt From technician at cenpac.net.nr Mon May 22 09:01:46 2006 From: technician at cenpac.net.nr (Jon Leeman) Date: Mon May 22 09:01:55 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <200605220725.k4M7PubR030213@bkserver.blacknight.ie> References: <200605220725.k4M7PubR030213@bkserver.blacknight.ie> Message-ID: <44716FEA.4060802@cenpac.net.nr> Michael S. wrote: > ............It's the snotty remarks from Kai that started it. Notice how > he has shut up since? Perhaps he's invoked a filter and is not *hearing* now..........I have done this as of now. Jon Leeman (Nauru, Central Pacific.) From craig at csfs.co.za Mon May 22 09:06:09 2006 From: craig at csfs.co.za (Craig Retief (CSFS)) Date: Mon May 22 09:06:43 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: Message-ID: Hi All, Understanding the concept that all the parties are bringing to the table... Please stop with this stone throwing as this is considered unsolicited email the way this message has escalated to the list with no productive advance in the resolution to the problem. Many Thanks!!! Hope you all find a peacefull resolution with regards to this matter. Best regards, Craig -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Raymond Dijkxhoorn Sent: 22 May 2006 09:47 AM To: MailScanner discussion Subject: RE: MailScanner is responsible for SWAP usage! Hi! > Koopman, why don't you follow the thread and note my original message was > quite cordial. It's the snotty remarks from Kai that started it. Notice how > he has shut up since? I merely suggested that MS was swapping on my box. > Then I got a bunch of nasty, snotty replies. Defend MS all the way, but > there is no need to be rude about it. Would it be too much asked to just be polite on this list? Can i kindly suggest that you otherwise just unsubscribe. I think with this you can do yourself and many other subsribers a big favour. This is not the first thread thats going like this. I have asked you to provide some details, nothing back, i only see offending messages to other posters. I wonder why i even write this mail to you, knowing it will not make sense to you anyway. Take care, Raymond. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From strydom.dave at gmail.com Mon May 22 09:16:32 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Mon May 22 09:16:35 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <44709E3F.4090501@haigmail.com> References: <446F8E53.5080407@ecs.soton.ac.uk> <44709E3F.4090501@haigmail.com> Message-ID: Yeah why not, count me in as well Dave On 5/21/06, Lance Haig wrote: > Just sent you an e-mail > > Count me in > > Lance > > Julian Field wrote: > > Your Software Needs You! > > > > I really need some people who are prepared to help with the beta > > testing of new MailScanner releases. MailScanner is now a complex > > mature application and the testing I can do on particular features is > > not enough to prove the co-operation between different settings. This > > has been highlighted in 4.53. > > > > So if you are prepared to partake in beta testing for me then please > > contact me directly at mailscanner@ecs.soton.ac.uk. > > > > You will need to be prepared to either > > 1) run beta versions on your live MailScanner systems if you are brave, > > or > > 2) run beta versions on a copy of your mail feed on a test server. > > This can be done (with sendmail) using the "roundhouse" milter > > available from SnertSoft. I'm sure the same can be achieved with > > Postfix, Exim and ZMailer. > > > > It does not matter how much mail you process each day at all. A home > > user prepared to tweak new settings on a system processing 30 messages > > per day is just as useful as an ISP processing 100,000 messages per > > day. Unknowingly, you will each be testing different aspects of > > MailScanner, so all help is useful regardless of size. > > > > I am not insisting that you test every single beta test version I > > publish, just that you help where and when you can, particularly in > > the run-up to a stable release. More about that in a minute. > > > > Unfortunately I can only offer you payment for this in the form of the > > odd T-shirt and the satisfaction that you are making an essential > > contribution to the best email filtering system on the planet. > > > > The more of you who are prepared to help, the better. > > Let us all work together to maintain MailScanner's high standards in > > quality and performance! > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From jrudd at ucsc.edu Mon May 22 09:17:56 2006 From: jrudd at ucsc.edu (John Rudd) Date: Mon May 22 09:18:45 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <44716FEA.4060802@cenpac.net.nr> References: <200605220725.k4M7PubR030213@bkserver.blacknight.ie> <44716FEA.4060802@cenpac.net.nr> Message-ID: <0ede0a234be83f297af62d96403393b2@ucsc.edu> On May 22, 2006, at 1:01 AM, Jon Leeman wrote: > Michael S. wrote: >> ............It's the snotty remarks from Kai that started it. Notice >> how >> he has shut up since? > > Perhaps he's invoked a filter and is not *hearing* now..........I have > done this as of now. > Or, even just showing the maturity to not allow himself (Kai) to continue to be baited. Filters don't have to be technical in nature :-) (which isn't disagreeing with you, Jon, just sort of continuing the thought) From yadu at netmagicsolutions.com Mon May 22 09:33:09 2006 From: yadu at netmagicsolutions.com (Yadavenedra Awasthi) Date: Mon May 22 09:34:30 2006 Subject: Spamprob Training Message-ID: <44717745.6000309@netmagicsolutions.com> Any one has idea what are the different methods of traning Spamprobe for user specific spam database. - yadavendra -- **************** CAUTION - Disclaimer ***************** This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail requesting deletion of the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. NetMagic Solutions Pvt. Ltd. has taken every reasonable precaution to minimize the risk of virus infection & spam, but is not liable for any damage, you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. NetMagic Solutions Pvt. Ltd. reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the NetMagic Solutions Pvt. Ltd.'s e-mail system. ***************** End of Disclaimer ******************* From admin at thenamegame.com Mon May 22 09:38:29 2006 From: admin at thenamegame.com (Michael S.) Date: Mon May 22 09:37:02 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <44716EF1.6050101@coders.co.uk> Message-ID: <200605220836.k4M8axII000519@bkserver.blacknight.ie> I agree Matt, it's the best post I'v seen all day. I will not be replying to any further flames on the subject. Thank you. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Hampton Sent: Monday, May 22, 2006 3:58 AM To: MailScanner discussion Subject: Re: MailScanner is responsible for SWAP usage! Michael S. wrote: > Koopman, why don't you follow the thread and note my original message was > quite cordial. It's the snotty remarks from Kai that started it. Notice how > he has shut up since? I merely suggested that MS was swapping on my box. > Then I got a bunch of nasty, snotty replies. Defend MS all the way, but > there is no need to be rude about it. Guys Please take this in good nature this is intended. It's Monday - start of the week. Same Sh*t different week. This is friendly and well supported board and the degree to which this thread has flared up is normally restricted to the Postfix/MailScanner "debates"! ;-) Micheal: The Thread title was a poor choice without some evidence to back it up. As stated all processes could cause swapping to occur so you need to examine whether this is actually causing a performance issue. Everyone else: You know where the delete button is. It's not worth the raised eyebrows/blood pressure to get this worked up. Let's all go and get our choice of "get me through the day" beverage and carry on using (and abusing) MailScanner and trying to support our wonderful users. matt -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 22 09:48:54 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 22 09:49:09 2006 Subject: SWAP off-topic comment In-Reply-To: References: Message-ID: <108DCD17-EA94-4DDD-81F9-A73D84C05899@ecs.soton.ac.uk> > Well at least he is providing his real and full name. Not everybody is > doing this. I wounder why... :-) Just a little point on this one. There are more people here than you think, that are not using their real names. Haven't you wondered about the arbitrary hotmail accounts with what looks like a made-up name? There's a reason for that... MailScanner is widely used, just a bit more widely than you think :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Mon May 22 09:55:05 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 22 09:56:01 2006 Subject: Enough - MailScanner is responsible for SWAP usage! In-Reply-To: <200605220836.k4M8axII000519@bkserver.blacknight.ie> References: <200605220836.k4M8axII000519@bkserver.blacknight.ie> Message-ID: <606DE5F1-DD8F-4C67-80B8-C9450AA91710@ecs.soton.ac.uk> Matt, and Michael, thankyou for your most recent posts. As root, I hereby declare this thread dead. All further postings on this subject will be ignored by everyone. Reply and you might consider yourself to have committed suicide as to your membership here. I don't want to see anything like this happening here. Now let us all go back to being the nice, friendly, helpful people that we are. Let us try to help out not only with direct MailScanner questions, but with the *occasional* off-topic request about the analysis of system performance and other such topics which are beyond the skills of the many hobbyist sysadmins that we have here. Though I hate to say it, Have A *Nice* Day!! Thankyou for listening. On 22 May 2006, at 09:38, Michael S. wrote: > I agree Matt, it's the best post I'v seen all day. > > I will not be replying to any further flames on the subject. > > Thank you. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt > Hampton > Sent: Monday, May 22, 2006 3:58 AM > To: MailScanner discussion > Subject: Re: MailScanner is responsible for SWAP usage! > > Michael S. wrote: >> Koopman, why don't you follow the thread and note my original >> message was >> quite cordial. It's the snotty remarks from Kai that started it. >> Notice > how >> he has shut up since? I merely suggested that MS was swapping on >> my box. >> Then I got a bunch of nasty, snotty replies. Defend MS all the >> way, but >> there is no need to be rude about it. > > Guys > > Please take this in good nature this is intended. > > It's Monday - start of the week. Same Sh*t different week. > > This is friendly and well supported board and the degree to which this > thread has flared up is normally restricted to the Postfix/MailScanner > "debates"! ;-) > > Micheal: The Thread title was a poor choice without some evidence to > back it up. As stated all processes could cause swapping to occur > so you > need to examine whether this is actually causing a performance issue. > > Everyone else: You know where the delete button is. It's not > worth the > raised eyebrows/blood pressure to get this worked up. > > Let's all go and get our choice of "get me through the day" > beverage and > carry on using (and abusing) MailScanner and trying to support our > wonderful users. > > matt > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Mon May 22 09:55:48 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 22 09:56:08 2006 Subject: Spamprob Training In-Reply-To: <44717745.6000309@netmagicsolutions.com> References: <44717745.6000309@netmagicsolutions.com> Message-ID: <8D150F47-1A5A-4FF8-AC3D-47DF653D0E09@ecs.soton.ac.uk> There is an "sa-learn" command which will do what you want. Take a look at the docs and it should be able to help you ("man sa-learn"). On 22 May 2006, at 09:33, Yadavenedra Awasthi wrote: > Any one has idea what are the different methods of traning > Spamprobe for user specific spam database. > > - yadavendra > > > > -- > **************** CAUTION - Disclaimer ***************** > This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION > intended solely > for the use of the addressee(s). If you are not the intended > recipient, please > notify the sender by e-mail requesting deletion of the original > message. > Further, you are not to copy, disclose, or distribute this e-mail > or its > contents to any other person and any such actions are unlawful. > NetMagic > Solutions Pvt. Ltd. has taken every reasonable precaution to > minimize the risk > of virus infection & spam, but is not liable for any damage, you > may sustain > as a result of any virus in this e-mail. You should carry out your > own virus > checks before opening the e-mail or attachment. NetMagic Solutions > Pvt. Ltd. > reserves the right to monitor and review the content of all > messages sent to > or from this e-mail address. > > Messages sent to or from this e-mail address may be stored on the > NetMagic > Solutions Pvt. Ltd.'s e-mail system. > ***************** End of Disclaimer ******************* > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From martinh at solid-state-logic.com Mon May 22 10:12:05 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon May 22 10:12:21 2006 Subject: Split the mails In-Reply-To: <4470B06C.2060706@mailing.kaufland-informationssysteme.com> Message-ID: <022901c67d7f$cb4b5bf0$3004010a@martinhlaptop> Matthias First things first - does the exim setup work without the splitting? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Matthias Sutter > Sent: 21 May 2006 19:25 > To: MailScanner discussion > Subject: Re: Split the mails > > I read the exim.txt ;) - but there are some ambiguities. > > I installed an incomming exim with the split options. > > Bit now I get this message: > > [ip] F= rejected RCPT : Unrouteable > address > > need I an other dummy mailroute ? > > > > Martin Hepworth wrote: > > >Have a look in the tar.gz file - there's an exim.txt... > > > >-- > >Martin Hepworth > >Snr Systems Administrator > >Solid State Logic > >Tel: +44 (0)1865 842300 > > > > > > > >>-----Original Message----- > >>From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >>bounces@lists.mailscanner.info] On Behalf Of Matthias Sutter > >>Sent: 18 April 2006 16:46 > >>To: pete@enitech.com.au > >>Cc: MailScanner discussion > >>Subject: Re: Split the mails > >> > >>Hello Peter, > >> > >>I will try now exim ;) > >>can you send me or explain me the exim config section for the mail Mail > >>splitting. > >> > >>Matthias > >> > >>Peter Russell wrote: > >> > >> > >> > >>>It isnt possible on Posthfix unless some one write a script to do it > >>>as a filter in Postfix...but i am sure that as soon as it is written > >>>the functionality of postfix will change and break it. > >>> > >>>If i hadnt already begun with postfix i would ahve learnt Exim - one > >>> > >>> > >>day! > >> > >> > >>>Martin Hepworth wrote: > >>> > >>> > >>> > >>>>Matthias > >>>> > >>>>Only possible if you're running sendmail or exim. > >>>>Basically you have to get the MTa to split the 1 email with many > >>>>recipients > >>>>into many emails with 1 recipient. > >>>> > >>>>There's instructions on how to do this for sendmail and exim in this > >>>>file... > >>>> > >>>>http://www.fsl.com/support/QuarantineReport.tar.gz > >>>> > >>>> > >>>> > >>>>-- > >>>>Martin Hepworth Snr Systems Administrator > >>>>Solid State Logic > >>>>Tel: +44 (0)1865 842300 > >>>> > >>>> > >>>> > >>>> > >>>>>-----Original Message----- > >>>>>From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >>>>>bounces@lists.mailscanner.info] On Behalf Of Matthias Sutter > >>>>>Sent: 17 March 2006 15:30 > >>>>>To: MailScanner discussion > >>>>>Subject: Split the mails > >>>>> > >>>>>I make several Spam actions for different users. > >>>>>But if a mail contains several receiver only the first rule work. > >>>>> > >>>>>Now is it possible to split into several mails for each receiver? > >>>>> > >>>>>Or is there an other - may cooler way? > >>>>> > >>>>>Matthias > >>>>>-- > >>>>>MailScanner mailing list > >>>>>mailscanner@lists.mailscanner.info > >>>>>http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>>> > >>>>>Before posting, read http://wiki.mailscanner.info/posting > >>>>> > >>>>>Support MailScanner development - buy the book off the website! > >>>>> > >>>>> > >>>> > >>>> > >>>>********************************************************************** > >>>> > >>>>This email and any files transmitted with it are confidential and > >>>>intended solely for the use of the individual or entity to whom they > >>>>are addressed. If you have received this email in error please notify > >>>>the system manager. > >>>> > >>>>This footnote confirms that this email message has been swept > >>>>for the presence of computer viruses and is believed to be clean. > >>>> > >>>>********************************************************************** > >>>> > >>>> > >>>> > >>-- > >>MailScanner mailing list > >>mailscanner@lists.mailscanner.info > >>http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >>Before posting, read http://wiki.mailscanner.info/posting > >> > >>Support MailScanner development - buy the book off the website! > >> > >> > > > > > >********************************************************************** > > > >This email and any files transmitted with it are confidential and > >intended solely for the use of the individual or entity to whom they > >are addressed. If you have received this email in error please notify > >the system manager. > > > >This footnote confirms that this email message has been swept > >for the presence of computer viruses and is believed to be clean. > > > >********************************************************************** > > > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Mon May 22 10:16:37 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon May 22 10:16:51 2006 Subject: Split the mails In-Reply-To: <4470B06C.2060706@mailing.kaufland-informationssysteme.com> Message-ID: <022a01c67d80$6db40cc0$3004010a@martinhlaptop> Matthias Looking at the exim.txt I don't see any ambiguities...make the router definition first (ie just put the router section below the "begin routers" line and the same for the transport section below the "begin transports" line). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Matthias Sutter > Sent: 21 May 2006 19:25 > To: MailScanner discussion > Subject: Re: Split the mails > > I read the exim.txt ;) - but there are some ambiguities. > > I installed an incomming exim with the split options. > > Bit now I get this message: > > [ip] F= rejected RCPT : Unrouteable > address > > need I an other dummy mailroute ? > > > > Martin Hepworth wrote: > > >Have a look in the tar.gz file - there's an exim.txt... > > > >-- > >Martin Hepworth > >Snr Systems Administrator > >Solid State Logic > >Tel: +44 (0)1865 842300 > > > > > > > >>-----Original Message----- > >>From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >>bounces@lists.mailscanner.info] On Behalf Of Matthias Sutter > >>Sent: 18 April 2006 16:46 > >>To: pete@enitech.com.au > >>Cc: MailScanner discussion > >>Subject: Re: Split the mails > >> > >>Hello Peter, > >> > >>I will try now exim ;) > >>can you send me or explain me the exim config section for the mail Mail > >>splitting. > >> > >>Matthias > >> > >>Peter Russell wrote: > >> > >> > >> > >>>It isnt possible on Posthfix unless some one write a script to do it > >>>as a filter in Postfix...but i am sure that as soon as it is written > >>>the functionality of postfix will change and break it. > >>> > >>>If i hadnt already begun with postfix i would ahve learnt Exim - one > >>> > >>> > >>day! > >> > >> > >>>Martin Hepworth wrote: > >>> > >>> > >>> > >>>>Matthias > >>>> > >>>>Only possible if you're running sendmail or exim. > >>>>Basically you have to get the MTa to split the 1 email with many > >>>>recipients > >>>>into many emails with 1 recipient. > >>>> > >>>>There's instructions on how to do this for sendmail and exim in this > >>>>file... > >>>> > >>>>http://www.fsl.com/support/QuarantineReport.tar.gz > >>>> > >>>> > >>>> > >>>>-- > >>>>Martin Hepworth Snr Systems Administrator > >>>>Solid State Logic > >>>>Tel: +44 (0)1865 842300 > >>>> > >>>> > >>>> > >>>> > >>>>>-----Original Message----- > >>>>>From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >>>>>bounces@lists.mailscanner.info] On Behalf Of Matthias Sutter > >>>>>Sent: 17 March 2006 15:30 > >>>>>To: MailScanner discussion > >>>>>Subject: Split the mails > >>>>> > >>>>>I make several Spam actions for different users. > >>>>>But if a mail contains several receiver only the first rule work. > >>>>> > >>>>>Now is it possible to split into several mails for each receiver? > >>>>> > >>>>>Or is there an other - may cooler way? > >>>>> > >>>>>Matthias > >>>>>-- > >>>>>MailScanner mailing list ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From yadu at netmagicsolutions.com Mon May 22 10:16:06 2006 From: yadu at netmagicsolutions.com (Yadavenedra Awasthi) Date: Mon May 22 10:17:12 2006 Subject: Spamprob Training In-Reply-To: <8D150F47-1A5A-4FF8-AC3D-47DF653D0E09@ecs.soton.ac.uk> References: <44717745.6000309@netmagicsolutions.com> <8D150F47-1A5A-4FF8-AC3D-47DF653D0E09@ecs.soton.ac.uk> Message-ID: <44718156.4070907@netmagicsolutions.com> Thanks Julian for the prompt reply. I got the sa-learn thing but my question require some more info like... What are different training methods for spamprobe . e.g Global, user specific , any other if exists. Which is the most preferable method and why... there advantages and disadvantages. There are ways that it can be achieved by procmail, automatic script or asking users to manually mark mails as spam but this is possible if IMAP is used if users use POP without leave a copy and then what is the way out. Request you to brief me in this or if there are any docs available for all these information. -yadavendra Julian Field wrote: > There is an "sa-learn" command which will do what you want. Take a look > at the docs and it should be able to help you ("man sa-learn"). > > On 22 May 2006, at 09:33, Yadavenedra Awasthi wrote: > >> Any one has idea what are the different methods of traning Spamprobe >> for user specific spam database. >> >> - yadavendra >> >> >> >> -- >> **************** CAUTION - Disclaimer ***************** >> This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended >> solely >> for the use of the addressee(s). If you are not the intended >> recipient, please >> notify the sender by e-mail requesting deletion of the original message. >> Further, you are not to copy, disclose, or distribute this e-mail or its >> contents to any other person and any such actions are unlawful. NetMagic >> Solutions Pvt. Ltd. has taken every reasonable precaution to minimize >> the risk >> of virus infection & spam, but is not liable for any damage, you may >> sustain >> as a result of any virus in this e-mail. You should carry out your >> own virus >> checks before opening the e-mail or attachment. NetMagic Solutions >> Pvt. Ltd. >> reserves the right to monitor and review the content of all messages >> sent to >> or from this e-mail address. >> >> Messages sent to or from this e-mail address may be stored on the >> NetMagic >> Solutions Pvt. Ltd.'s e-mail system. >> ***************** End of Disclaimer ******************* >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- **************** CAUTION - Disclaimer ***************** This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail requesting deletion of the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. NetMagic Solutions Pvt. Ltd. has taken every reasonable precaution to minimize the risk of virus infection & spam, but is not liable for any damage, you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. NetMagic Solutions Pvt. Ltd. reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the NetMagic Solutions Pvt. Ltd.'s e-mail system. ***************** End of Disclaimer ******************* From strydom.dave at gmail.com Mon May 22 10:27:25 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Mon May 22 10:27:29 2006 Subject: SWAP off-topic comment In-Reply-To: <108DCD17-EA94-4DDD-81F9-A73D84C05899@ecs.soton.ac.uk> References: <108DCD17-EA94-4DDD-81F9-A73D84C05899@ecs.soton.ac.uk> Message-ID: I use my real name, i dont see an issue with it, it has it's advantages, like this one dude got in contact with me about something i had posted on a security mailing list, and he wanted to discuss my ideas and that at some varsity in Canada. I dont really care if a person knows my real name, in South Africa there is enough Dave Strydom's to populate an island. and besides, it's nice to search on google and see your name come up at the first result. Regards Dave Strydom On 5/22/06, Julian Field wrote: > > Well at least he is providing his real and full name. Not everybody is > > doing this. I wounder why... :-) > > Just a little point on this one. There are more people here than you > think, that are not using their real names. Haven't you wondered > about the arbitrary hotmail accounts with what looks like a made-up > name? There's a reason for that... > > MailScanner is widely used, just a bit more widely than you think :-) > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From prandal at herefordshire.gov.uk Mon May 22 10:25:10 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon May 22 10:27:40 2006 Subject: MailScanner ANNOUNCEMENT: Release schedule change Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580D2108A7@isabella.herefordshire.gov.uk> Julian, Because of the various problems with 4.53, do you have any plans to release 4.54 as a stable release soon to ensure that people aren't still running 4.53? If I recall correctly, 4.53.8 still had a bug in the phishing code which was stripping out stuff it shouldn't have. We've been running 4.54.2 here without problems since its release. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: 20 May 2006 22:50 > To: MailScanner discussion; MailScanner Announcements List > Subject: MailScanner ANNOUNCEMENT: Release schedule change > > MailScanner is now a pretty mature application. It has undergone > continuous development for about 6 years and has come a long > way in that > time. > > Version 1 was 1,200 lines of Perl and shell, and had about 15 > configuration options. > Version 4.54 is over 44,000 lines of Perl and shell, and has 343 > configuration options. > > These days, virtually all of the new features are written > specifically > for a few people, and are not desperately needed by most users. > > As a result of this, and to allow more time for testing, I am > going to > change the normal release schedule to a new stable release every 2 > months instead of every month. Due to the nature of the > world, I reserve > the right to release every month or two months as I choose. > The latest > stable version number is always posted at the top of the home page of > the www.MailScanner.info website. > > This will be good for MailScanner as it will be tested better before > release, and it will be good for me by reducing the time I > have to spend > in the run-up to the start of every month. > > Note: This will not affect important bug-fix releases at all. > > Serious problems in the latest stable release will still be fixed as > soon as possible, and published as soon as they have been > fixed. These > may be released either as later stable releases or early betas of the > next release, as I do not want to have to fork the source > code database > at the start of every month and maintain two copies of the > source code. > Due to the extra time available for testing, this problem will be > drastically reduced anyway. > > I hope you all understand my reasons for making this change, > and that it > will also reduce the time some of you spend maintaining your > MailScanner > systems at the very latest version. > > Maybe you would like to be in the "inner circle" of official > beta-testers. I might even print a special T-shirt for you with your > company logo on it advertising that you are a member of the > inner circle. > > Please read my other posting re beta testers. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From Jan-Peter.Koopmann at seceidos.de Mon May 22 10:42:35 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Mon May 22 10:42:45 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <200605220725.k4M7PubR030213@bkserver.blacknight.ie> Message-ID: Dear Michael, how would you like to be adressed? Michael? Mr. S? S? Being well educated I would prefer either Jan, Jan-Peter or Mr. Koopmann whatever pleases you. Just Koopmann sounds offending. Did you mean it that way or is my understanding of politeness just different than yours? > Koopman, why don't you follow the thread and note my original message > was quite cordial. I did. What makes you think otherwise? > It's the snotty remarks from Kai that started it. To many of us your choice of subject as well as your second posting was considered snotty. Not the remarks of Kai. And even if you considered them snotty (which is you right of course) then why reply with calling all Germans assholes? > I merely suggested that MS was > swapping on my box. No problem with that. Then you started to get questions back which have yet to be answered. Those people wanted to help you. You on the other hand refer to them as "assholes", "aboslute morons" etc. Notice how I am not doing the same? Neither did I do this on our first encounter. > Then I got a bunch of nasty, snotty replies. The only real nasty things I have read today came from you. If in your choice of words "asshole" is not nasty/snotty then please apologize my ignorance. > Defend MS all the way, > but there is no need to be rude about it. Noone here is defending MS the way you think. Still people are trying to help and calling them names does not improve your chances of being helped. Just a tiny hint: It _might_ be a good idea to at least apologize for some of your comments. I happen to be German and therefore am offended by your statement. I do not think I have earned it. You said earlier you are not here to make friends or to listen to "our" baloney. What are you here for? To ask for help? Then by all means ask and do so kindly! However, you act as if you _demand_ help and if that is your way of doing things then please, do unsubscribe! Noone here is earing money if he/she helps you. We are a bunch of people doing this as a curtosy to the community. Please act the same way to or be kind enough to leave. Matt: I see your point but there are boundarys that should not be crossed. I wounder if people would act as relaxed if he started to call all Americans or British assholes. Think about it. And my blood pressure is quite ok. It takes a lot more than those people to raise it considerably. :-) Raymond: Full ACK. :-) Kind regards, JP From drew at themarshalls.co.uk Mon May 22 11:03:32 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Mon May 22 11:03:46 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <446F8E53.5080407@ecs.soton.ac.uk> References: <446F8E53.5080407@ecs.soton.ac.uk> Message-ID: <65466.194.70.180.170.1148292212.squirrel@webmail.r-bit.net> On Sat, May 20, 2006 22:46, Julian Field wrote: > Your Software Needs You! > > I really need some people who are prepared to help with the beta testing > of new MailScanner releases. MailScanner is now a complex mature > application and the testing I can do on particular features is not > enough to prove the co-operation between different settings. This has > been highlighted in 4.53. > > So if you are prepared to partake in beta testing for me then please > contact me directly at mailscanner@ecs.soton.ac.uk. > > You will need to be prepared to either > 1) run beta versions on your live MailScanner systems if you are brave, > or > 2) run beta versions on a copy of your mail feed on a test server. This > can be done (with sendmail) using the "roundhouse" milter available from > SnertSoft. I'm sure the same can be achieved with Postfix, Exim and > ZMailer. > > It does not matter how much mail you process each day at all. A home > user prepared to tweak new settings on a system processing 30 messages > per day is just as useful as an ISP processing 100,000 messages per day. > Unknowingly, you will each be testing different aspects of MailScanner, > so all help is useful regardless of size. > > I am not insisting that you test every single beta test version I > publish, just that you help where and when you can, particularly in the > run-up to a stable release. More about that in a minute. > > Unfortunately I can only offer you payment for this in the form of the > odd T-shirt and the satisfaction that you are making an essential > contribution to the best email filtering system on the planet. > > The more of you who are prepared to help, the better. > Let us all work together to maintain MailScanner's high standards in > quality and performance! Put me in too but to make my life easier, as I run FreeBSD, I would like to do this from the ports tree. I know JP does submit the betas to the mailscanner-devl port but at the moment the ports tree is at 4.45.1, which is not quite beta :-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From carinus.carelse at mrc.ac.za Mon May 22 11:12:48 2006 From: carinus.carelse at mrc.ac.za (carinus.carelse@mrc.ac.za) Date: Mon May 22 11:12:19 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <65466.194.70.180.170.1148292212.squirrel@webmail.r-bit.net> Message-ID: I can test the beta's on Soalris 9 sparc . Carinus -- This e-mail and its contents are subject to the South African Medical Research Council e-mail legal notice available at http://www.mrc.ac.za/about/EmailLegalNotice.htm -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060522/86bae064/attachment.html From strydom.dave at gmail.com Mon May 22 11:18:49 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Mon May 22 11:18:52 2006 Subject: an RBL idea Message-ID: I would like your thoughts on an idea I had. Since Spamassassin has a Spamcop plugin, could we not build something in MailScanner which uses this feature. Lets say we give a SA Score of say 25 Any message which has a spam score over 25, is automatically reported to Spamcop using the spamcop spamassassin plugin. This would be awesome, since I use RBL's with my mailserver setup, if I could catch the ones which aren't on rbl's yet, and have mailscanner automatically report them, this would be a massive bonus. I would say that there should be an option to either turn this on or off, and where you can specify the threshold score you would like to report. regards Dave Strydom From maillists at conactive.com Mon May 22 11:31:18 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon May 22 11:29:27 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <4471079C.20705@radel.com> References: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> <4470D45E.1080507@mail.wvnet.edu> <4471079C.20705@radel.com> Message-ID: Jon Radel wrote on Sun, 21 May 2006 20:36:44 -0400: > Why? Linux boxes are perfectly capable of gathering little bits of > cruft in swap. Why? 650 KB is nothing to talk about, so he *must* mean 650 MB. Despite of all that what he "said" before and after I gave/give him the doubt of a typo here. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From drew at themarshalls.co.uk Mon May 22 11:53:10 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Mon May 22 11:53:25 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: References: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> <4470D45E.1080507@mail.wvnet.edu> <4471079C.20705@radel.com> Message-ID: <33192.194.70.180.170.1148295190.squirrel@webmail.r-bit.net> On Mon, May 22, 2006 11:31, Kai Schaetzl wrote: Kai, JP and anyone else for whom temptation is too much or have missed it :-) Please may I respectfully remind you root hath spoken. Please let this thread RIP. This will not mend any hurts nor fix any perceived wrongs but time is a good healer :-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From MailScanner at ecs.soton.ac.uk Mon May 22 11:54:09 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 22 11:54:44 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: References: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> <4470D45E.1080507@mail.wvnet.edu> <4471079C.20705@radel.com> Message-ID: <3670CA40-4C95-4F09-A670-87C00A0C7D24@ecs.soton.ac.uk> Oy! You lot gone deaf as well! I said this thread was dead, and I meant it! On 22 May 2006, at 11:31, Kai Schaetzl wrote: > Jon Radel wrote on Sun, 21 May 2006 20:36:44 -0400: > >> Why? Linux boxes are perfectly capable of gathering little bits of >> cruft in swap. > > Why? 650 KB is nothing to talk about, so he *must* mean 650 MB. > Despite of > all that what he "said" before and after I gave/give him the doubt > of a > typo here. > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From Jan-Peter.Koopmann at seceidos.de Mon May 22 12:07:14 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Mon May 22 12:08:01 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <33192.194.70.180.170.1148295190.squirrel@webmail.r-bit.net> Message-ID: On Monday, May 22, 2006 12:53 PM Drew Marshall wrote: > Please may I respectfully remind you root hath spoken. He/She/It has? Out of curiosity (not feeding the troll this time): Who is root (besides allmighty Julian of course)? :-) > this thread RIP. This will not mend any hurts nor fix any perceived > wrongs but time is a good healer :-) :-) From maillists at conactive.com Mon May 22 12:31:16 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon May 22 12:29:25 2006 Subject: Spamprob Training In-Reply-To: <44718156.4070907@netmagicsolutions.com> References: <44717745.6000309@netmagicsolutions.com> <8D150F47-1A5A-4FF8-AC3D-47DF653D0E09@ecs.soton.ac.uk> <44718156.4070907@netmagicsolutions.com> Message-ID: Yadavenedra Awasthi wrote on Mon, 22 May 2006 14:46:06 +0530: > What are different training methods for spamprobe . e.g Global, user > specific , any other if exists. Which is the most preferable method and > why... there advantages and disadvantages. There are ways that it can be > achieved by procmail, automatic script or asking users to manually mark > mails as spam but this is possible if IMAP is used if users use POP > without leave a copy and then what is the way out. You could have them mail the offending spam to a certain alias that sucks these messages in and applies some additional steps to make sure that the format of the mail os ok for sa-learn. I suggest you read the docs and the wiki for spamassassin since this is all SA territory and this kind of question has been answered and discussed there (on the sa-talk list) umpteen times. It really depends on your needs. There are organizations where using the IMAP junk folder learning method works very well. And there are quite a few solutions to do this which have all been explained on the sa-talk list. There are others were it can't because most people retrieve the mail locally. Same goes for global vs. user-specific Bayes. It depends on how much space you want to spend for this and how diverse the spam is you are getting (and probably other things ;-). From my experience a global Bayes database works just fine and is a better choice. The reasoning behind this is that unless you (as a single person) get a *lot* of mail you won't get enough mail to really train your Bayes in a way that it is helpful in spam detection. And user-specific Bayes can take up quite a bit of space. But that's just a theoretical baseline, it doesn't mean it's always the better solution. As for training, you can also let SA just auto-learn. This has been quite successful in the past, but nowadays where 90% of our spam is already rejected before SA sees it many messages don't get enough partial hits for auto-learning. Therefore I will start feeding high-scoring spam from the quarantine to sa-learn really soon (as soon as I've found time to put a script together). Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon May 22 12:52:50 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon May 22 12:52:45 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <3670CA40-4C95-4F09-A670-87C00A0C7D24@ecs.soton.ac.uk> References: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> <4470D45E.1080507@mail.wvnet.edu> <4471079C.20705@radel.com> <3670CA40-4C95-4F09-A670-87C00A0C7D24@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Mon, 22 May 2006 11:54:09 +0100: > Oy! Julian, I'm sorry, but this subthread started by Richard and continued by Jon, Alex, me and Richard again was a genuine and fair discussion. I felt that I should answer it, anything else would have been unpolite. You may have noticed that I didn't post *anything* in this thread once a certain person started handing out insults like candy. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From jaearick at colby.edu Mon May 22 14:10:42 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon May 22 14:15:52 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <446F8E53.5080407@ecs.soton.ac.uk> References: <446F8E53.5080407@ecs.soton.ac.uk> Message-ID: Julian, Count me in, with the proviso that I only have one MailScanner box -- my production system. There will be times that I won't be able to roll out a beta: right before I go on vacation (!), and critical times during the school year. The critical times are generally a couple of days, max. I'm going on vacation for three weeks starting early June, so I'll have to skip any June release. Will release dates be the beginning of the month? Beta on June 1, stable on July 1, and so on? I think that I'm one of the few sites running Solaris 10 with MailScanner... PS: Don't beat yourself up about last month's release. Your track record on solid releases has been outstanding over the 3+ years that we have been using MailScanner. As for the T-shirt, you can bring it when you come to Maine to collect your free Lobster dinner (offer good anytime). Jeff Earickson Colby College From root at doctor.nl2k.ab.ca Mon May 22 14:30:43 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Mon May 22 14:30:56 2006 Subject: MailScanner ANNOUNCEMENT: Release schedule change In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580D2108A7@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580D2108A7@isabella.herefordshire.gov.uk> Message-ID: <20060522133043.GB4990@doctor.nl2k.ab.ca> On Mon, May 22, 2006 at 10:25:10AM +0100, Randal, Phil wrote: > Julian, > > Because of the various problems with 4.53, do you have any plans to > release 4.54 as a stable release soon to ensure that people aren't still > running 4.53? If I recall correctly, 4.53.8 still had a bug in the > phishing code which was stripping out stuff it shouldn't have. > > We've been running 4.54.2 here without problems since its release. > > Cheers, > > Phil > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Julian Field > > Sent: 20 May 2006 22:50 > > To: MailScanner discussion; MailScanner Announcements List > > Subject: MailScanner ANNOUNCEMENT: Release schedule change > > > > MailScanner is now a pretty mature application. It has undergone > > continuous development for about 6 years and has come a long > > way in that > > time. > > > > Version 1 was 1,200 lines of Perl and shell, and had about 15 > > configuration options. > > Version 4.54 is over 44,000 lines of Perl and shell, and has 343 > > configuration options. > > > > These days, virtually all of the new features are written > > specifically > > for a few people, and are not desperately needed by most users. > > > > As a result of this, and to allow more time for testing, I am > > going to > > change the normal release schedule to a new stable release every 2 > > months instead of every month. Due to the nature of the > > world, I reserve > > the right to release every month or two months as I choose. > > The latest > > stable version number is always posted at the top of the home page of > > the www.MailScanner.info website. > > > > This will be good for MailScanner as it will be tested better before > > release, and it will be good for me by reducing the time I > > have to spend > > in the run-up to the start of every month. > > > > Note: This will not affect important bug-fix releases at all. > > > > Serious problems in the latest stable release will still be fixed as > > soon as possible, and published as soon as they have been > > fixed. These > > may be released either as later stable releases or early betas of the > > next release, as I do not want to have to fork the source > > code database > > at the start of every month and maintain two copies of the > > source code. > > Due to the extra time available for testing, this problem will be > > drastically reduced anyway. > > > > I hope you all understand my reasons for making this change, > > and that it > > will also reduce the time some of you spend maintaining your > > MailScanner > > systems at the very latest version. > > > > Maybe you would like to be in the "inner circle" of official > > beta-testers. I might even print a special T-shirt for you with your > > company logo on it advertising that you are a member of the > > inner circle. > > > > Please read my other posting re beta testers. > > While we are at it, where is the latest beta? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From drew at themarshalls.co.uk Mon May 22 14:36:51 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Mon May 22 14:37:03 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: References: <33192.194.70.180.170.1148295190.squirrel@webmail.r-bit.net> Message-ID: <34376.194.70.180.170.1148305011.squirrel@webmail.r-bit.net> On Mon, May 22, 2006 12:07, Koopmann, Jan-Peter wrote: > >> Please may I respectfully remind you root hath spoken. > > He/She/It has? Out of curiosity (not feeding the troll this time): Who is > root (besides allmighty Julian of course)? :-) It was the 'Jules Almighty' himself I referred to :-) -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From lhaig at haigmail.com Mon May 22 14:44:34 2006 From: lhaig at haigmail.com (Lance Haig) Date: Mon May 22 14:44:41 2006 Subject: Error in my cron report. Message-ID: <4471C042.1090800@haigmail.com> Hi I have started getting this error since I updated my version to 4.54.2 Does it just mean I should CPAN Net::DNS? Thanks Lance Can't locate Net/IP.pm in @INC (@INC contains: /usr/lib/perl5/site_perl/5.8.6/i586-linux-thread-multi /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/5.8.6/i586-linux-thread-multi /usr/lib/perl5/5.8.6 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.6/i586-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl) at /usr/lib/perl5/site_perl/5.8.6/i586-linux-thread-multi/Net/DNS/Resolver/Base.pm line 24. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.6/i586-linux-thread-multi/Net/DNS/Resolver/Base.pm line 24. Compilation failed in require at /usr/lib/perl5/site_perl/5.8.6/i586-linux-thread-multi/Net/DNS/Resolver/UNIX.pm line 9. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.6/i586-linux-thread-multi/Net/DNS/Resolver/UNIX.pm line 9. Compilation failed in require at /usr/lib/perl5/site_perl/5.8.6/i586-linux-thread-multi/Net/DNS/Resolver.pm line 19. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.6/i586-linux-thread-multi/Net/DNS/Resolver.pm line 22. Compilation failed in require at /usr/lib/perl5/site_perl/5.8.6/i586-linux-thread-multi/Net/DNS.pm line 66. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.6/i586-linux-thread-multi/Net/DNS.pm line 66. Compilation failed in require at /usr/bin/sa-update line 78. BEGIN failed--compilation aborted at /usr/bin/sa-update line 78. SCRIPT: sa-update ------- END OF OUTPUT From strydom.dave at gmail.com Mon May 22 14:49:33 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Mon May 22 14:50:15 2006 Subject: Error in my cron report. In-Reply-To: <4471C042.1090800@haigmail.com> References: <4471C042.1090800@haigmail.com> Message-ID: Try CPAN NET::IP Dave On 5/22/06, Lance Haig wrote: > Hi > I have started getting this error since I updated my version to 4.54.2 > > Does it just mean I should CPAN Net::DNS? > > Thanks > > Lance > > Can't locate Net/IP.pm in @INC (@INC contains: /usr/lib/perl5/site_perl/5.8.6/i586-linux-thread-multi /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/5.8.6/i586-linux-thread-multi /usr/lib/perl5/5.8.6 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.6/i586-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl) at /usr/lib/perl5/site_perl/5.8.6/i586-linux-thread-multi/Net/DNS/Resolver/Base.pm line 24. > BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.6/i586-linux-thread-multi/Net/DNS/Resolver/Base.pm line 24. > Compilation failed in require at /usr/lib/perl5/site_perl/5.8.6/i586-linux-thread-multi/Net/DNS/Resolver/UNIX.pm line 9. > BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.6/i586-linux-thread-multi/Net/DNS/Resolver/UNIX.pm line 9. > Compilation failed in require at /usr/lib/perl5/site_perl/5.8.6/i586-linux-thread-multi/Net/DNS/Resolver.pm line 19. > BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.6/i586-linux-thread-multi/Net/DNS/Resolver.pm line 22. > Compilation failed in require at /usr/lib/perl5/site_perl/5.8.6/i586-linux-thread-multi/Net/DNS.pm line 66. > BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.6/i586-linux-thread-multi/Net/DNS.pm line 66. > Compilation failed in require at /usr/bin/sa-update line 78. > BEGIN failed--compilation aborted at /usr/bin/sa-update line 78. > SCRIPT: sa-update > ------- END OF OUTPUT > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From alex at nkpanama.com Mon May 22 16:19:54 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon May 22 16:20:12 2006 Subject: an RBL idea In-Reply-To: References: Message-ID: <4471D69A.3030500@nkpanama.com> Dave Strydom wrote: > I would like your thoughts on an idea I had. > Sure... I'll bite :-) > > Lets say we give a SA Score of say 25 > Any message which has a spam score over 25, is automatically reported > to Spamcop using the spamcop spamassassin plugin. > I like the idea so far... > This would be awesome, since I use RBL's with my mailserver setup, if Me too! ... but not everybody uses (or even likes, for that matter) RBL's. > I could catch the ones which aren't on rbl's yet, and have mailscanner > automatically report them, this would be a massive bonus. > In this case SA would be reporting, not MS, right? > I would say that there should be an option to either turn this on or > off, and where you can specify the threshold score you would like to > report. > I'd use it, but I don't know if it's something a lot of people would use... > regards > Dave Strydom From ewallig at aerocontractors.com Mon May 22 17:05:36 2006 From: ewallig at aerocontractors.com (Ed Wallig) Date: Mon May 22 17:01:21 2006 Subject: Reports question Message-ID: <004e01c67db9$902910f0$320217ac@ACL.int> Hi all, Recently upgraded to 4.53.8-1 and I have a question on report formatting - when a user receives an email message that triggers a MailScanner rule (filetypes, for example), they get a replacement message in the form of an attachment with information on why they didn't get their whole message. In looking at these messages, they are showing up (in Outlook) as txt files that put all of the message text on a single line - is there any way to format this into something a little more readable (returns, etc)? Thanks again, great product!! Ed Wallig -------------- next part -------------- A non-text attachment was scrubbed... Name: Ed Wallig (ewallig@aerocontractors.com).vcf Type: text/x-vcard Size: 611 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060522/a8e9f973/EdWalligewalligaerocontractors.com.vcf From MailScanner at ecs.soton.ac.uk Mon May 22 17:11:08 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 22 17:11:19 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: References: <446F8E53.5080407@ecs.soton.ac.uk> Message-ID: <4246CA63-E1E6-45B5-BD9C-435ECF5F99AA@ecs.soton.ac.uk> On 22 May 2006, at 14:10, Jeff A. Earickson wrote: > Count me in, with the proviso that I only have one MailScanner box -- > my production system. There will be times that I won't be able to > roll out a beta: right before I go on vacation (!), and critical > times during the school year. The critical times are generally a > couple of days, max. I'm going on vacation for three weeks > starting early June, so I'll have to skip any June release. That's fine. I was intending to skip the June release, do July and then September. I have sometimes skipped August in the past anyway, as there were no changes. > Will release dates be the beginning of the month? Beta on June 1, > stable on July 1, and so on? Betas will appear as and when I release them, no strict schedule for that. But probably a beta a week before each stable release as final testing confirmation. Plus others as and when they are needed. > I think that I'm one of the few sites running Solaris 10 with > MailScanner... Some docs on that would be great, as the installation procedure is somewhat different from other OS's, particularly in the "init.d" script areas. These could usefully go into the wiki. They don't have to be too formal or wordy, most Solaris admins can suss it out given a list of commands to type, on which they base what they actually do. > PS: Don't beat yourself up about last month's release. I try no to, it's just annoying. I try to do my best at everything I do (and often get criticised for working too hard!) and screw-ups annoy me. > Your track > record on solid releases has been outstanding over the 3+ years that > we have been using MailScanner. Thanks, that's much appreciated. A good note on which to pack it in for the day. Or at least to go home and carry on from there :-) > As for the T-shirt, you can bring > it when you come to Maine to collect your free Lobster dinner (offer > good anytime). I should put together a tour of the USA and stay with each person ("user") for a couple of days and then head on to the next one. That would be cool, what do you think? Cheers, Jules. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Mon May 22 17:14:24 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 22 17:14:39 2006 Subject: Reports question In-Reply-To: <004e01c67db9$902910f0$320217ac@ACL.int> References: <004e01c67db9$902910f0$320217ac@ACL.int> Message-ID: <00DFA033-93D2-474D-BC78-42F4A63EDDE9@ecs.soton.ac.uk> On 22 May 2006, at 17:05, Ed Wallig wrote: > Hi all, > > Recently upgraded to 4.53.8-1 I would advise spending 10 minutes (and it doesn't need to take any longer than that) doing a quick upgrade to 4.54. The 4.53 releases weren't my best work ever :-) > and I have a question on report formatting - > when a user receives an email message that triggers a MailScanner rule > (filetypes, for example), they get a replacement message in the > form of an > attachment with information on why they didn't get their whole > message. In > looking at these messages, they are showing up (in Outlook) as txt > files > that put all of the message text on a single line - is there any > way to > format this into something a little more readable (returns, etc)? ? Something strange is going on with your installation, I have never heard reports of this from anyone else. Can you confirm it's not an Outlook problem by trying a different email app? > Thanks again, great product!! Thanks! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From rpoe at plattesheriff.org Mon May 22 17:23:14 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Mon May 22 17:23:51 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: à References: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> à Message-ID: <44719F26.65ED.00A2.0@plattesheriff.org> Box 1: Rebooted Sunday at 3:00am Mem: 2074872k total, 1337748k used, 737124k free, 54744k buffers Swap: 2031608k total, 144k used, 2031464k free, 276756k cached Box 2: 57 days uptime Mem: 5974104k total, 5510124k used, 463980k free, 165700k buffers Swap: 2031608k total, 144k used, 2031464k free, 842580k cached Box 3: 67 days uptime Mem: 1541512k av, 1518028k used, 23484k free, 0k shrd, 251628k buff Swap: 2558152k av, 93004k used, 2465148k free 686804k cached Box 4: 16 days uptime Mem: 479644k av, 409920k used, 69724k free, 0k shrd, 34880k buff Swap: 2112440k av, 8156k used, 2104284k free 159268k cached Box 5: 31 days uptime Mem: 254212k av, 232344k used, 21868k free, 0k shrd, 56916k buff Swap: 666616k av, 28k used, 666588k free 61704k cached Box 3 is a squid / httpd / does 15 minute big cron jobs / mailscanner with clam and spamassassin and antivir / ldap / general lots of other stuff box. Not lagging, even though it's 93mb into swap. Box 4 lags pretty hard .. but it's a 800mhz 512mb ram IDE box. That has some to do with it.. Box 5 is also IDE, it's a 350mhz box, but no spamassassin. Just clam / Mailscanner.. purrs fine Different configs use different amounts of ram. >>> jon@radel.com 5/21/2006 7:36:44 PM >>> Kai Schaetzl wrote: > Richard Lynch wrote on Sun, 21 May 2006 16:58:06 -0400: > >> A 650KB swap file is nothing. > > I'm sure he means 650 MB. > > Kai > Why? Linux boxes are perfectly capable of gathering little bits of cruft in swap. I've got a [much wimpier than those under discussion] Linux box here that in the last 203 days has somehow gathered 163KB in swap that just sits there despite there being 5MB physical RAM free (and considerably more physical RAM free if you subtract the buffers and cache). --Jon Radel -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From sandrews at andrewscompanies.com Mon May 22 17:23:58 2006 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Mon May 22 17:24:03 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! Message-ID: <1964AAFBC212F742958F9275BF63DBB039A5CD@winchester.andrewscompanies.com> I've got a couple mailscanners running in an underground NOC. It's about 50 degrees and noisy; you're welcome to stay there. ;) You're welcome to stay with any of my users as well; but I think you'd prefer the NOC. ;) Steve -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Monday, May 22, 2006 12:11 PM To: MailScanner discussion Subject: Re: MailScanner ANNOUNCEMENT: Your Software Needs You! I should put together a tour of the USA and stay with each person ("user") for a couple of days and then head on to the next one. That would be cool, what do you think? Cheers, Jules. -- From alex at nkpanama.com Mon May 22 17:27:18 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon May 22 17:27:39 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <4246CA63-E1E6-45B5-BD9C-435ECF5F99AA@ecs.soton.ac.uk> References: <446F8E53.5080407@ecs.soton.ac.uk> <4246CA63-E1E6-45B5-BD9C-435ECF5F99AA@ecs.soton.ac.uk> Message-ID: <4471E666.8040408@nkpanama.com> Julian Field wrote: > I should put together a tour of the USA and stay with each person > ("user") for a couple of days and then head on to the next one. That > would be cool, what do you think? > Or a tour of the entire American continent. I could recommend a whole bunch of places to stay/visit here in Panama. Who knows, you might consider early retirement down here like most people from the UK who come to visit and wind up staying here. From Kevin_Miller at ci.juneau.ak.us Mon May 22 17:39:04 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon May 22 17:39:08 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! Message-ID: Julian Field wrote: > I try no to, it's just annoying. I try to do my best at everything I > do (and often get criticised for working too hard!) and screw-ups > annoy me. And we appreciate the work ethic! Just keep in mind, it's all just zeros and ones. >> As for the T-shirt, you can bring >> it when you come to Maine to collect your free Lobster dinner (offer >> good anytime). > > I should put together a tour of the USA and stay with each person > ("user") for a couple of days and then head on to the next one. That > would be cool, what do you think? When you get to the left coast, turn right and head north. We'll have some salmon and halibut on the grill and some king crab in the cooker w/your name one it. If you like, we'll even take you out on the water and you can catch your own! S'later... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From chris at tac.esi.net Mon May 22 17:43:45 2006 From: chris at tac.esi.net (Chris Hammond) Date: Mon May 22 17:44:01 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <4246CA63-E1E6-45B5-BD9C-435ECF5F99AA@ecs.soton.ac.uk> References: <446F8E53.5080407@ecs.soton.ac.uk> <4246CA63-E1E6-45B5-BD9C-435ECF5F99AA@ecs.soton.ac.uk> Message-ID: <4471B209.B662.0038.0@tac.esi.net> I run the NOC for the company I work for and have 8 MailScanner boxes running including the one for the NOC, one for our parent company and 6 customers. I have put together a very large bash script that does a full setup and install from a bare bones CentOS 4 install. They range from a couple hundred messages a day to ~65K a day. I would be more than happy to use the NOC server as a beta test bed. I use it already as the test setup for adding of new things or changes before pushing out to the other servers. And if you did decide to come to the US I could put you up if you wanted to see Virginia Beach, VA. Though coming to the US with as screwed up as it has become has got to make you nervous. :) Thanks for a wonderful "free" product. Chris >>> MailScanner@ecs.soton.ac.uk 05/22/06 12:11 pm >>> On 22 May 2006, at 14:10, Jeff A. Earickson wrote: > Count me in, with the proviso that I only have one MailScanner box -- > my production system. There will be times that I won't be able to > roll out a beta: right before I go on vacation (!), and critical > times during the school year. The critical times are generally a > couple of days, max. I'm going on vacation for three weeks > starting early June, so I'll have to skip any June release. That's fine. I was intending to skip the June release, do July and then September. I have sometimes skipped August in the past anyway, as there were no changes. > Will release dates be the beginning of the month? Beta on June 1, > stable on July 1, and so on? Betas will appear as and when I release them, no strict schedule for that. But probably a beta a week before each stable release as final testing confirmation. Plus others as and when they are needed. > I think that I'm one of the few sites running Solaris 10 with > MailScanner... Some docs on that would be great, as the installation procedure is somewhat different from other OS's, particularly in the "init.d" script areas. These could usefully go into the wiki. They don't have to be too formal or wordy, most Solaris admins can suss it out given a list of commands to type, on which they base what they actually do. > PS: Don't beat yourself up about last month's release. I try no to, it's just annoying. I try to do my best at everything I do (and often get criticised for working too hard!) and screw- ups annoy me. > Your track > record on solid releases has been outstanding over the 3+ years that > we have been using MailScanner. Thanks, that's much appreciated. A good note on which to pack it in for the day. Or at least to go home and carry on from there :- ) > As for the T- shirt, you can bring > it when you come to Maine to collect your free Lobster dinner (offer > good anytime). I should put together a tour of the USA and stay with each person ("user") for a couple of days and then head on to the next one. That would be cool, what do you think? Cheers, Jules. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From sandrews at andrewscompanies.com Mon May 22 17:49:32 2006 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Mon May 22 17:49:37 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! Message-ID: <1964AAFBC212F742958F9275BF63DBB038E235@winchester.andrewscompanies.com> Any chance you want to share you magic bash script? Steve -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Chris Hammond Sent: Monday, May 22, 2006 12:44 PM To: MailScanner@ecs.soton.ac.uk; MailScanner discussion Subject: Re: MailScanner ANNOUNCEMENT: Your Software Needs You! I run the NOC for the company I work for and have 8 MailScanner boxes running including the one for the NOC, one for our parent company and 6 customers. I have put together a very large bash script that does a full setup and install from a bare bones CentOS 4 install. They range from a couple hundred messages a day to ~65K a day. I would be more than happy to use the NOC server as a beta test bed. I use it already as the test setup for adding of new things or changes before pushing out to the other servers. And if you did decide to come to the US I could put you up if you wanted to see Virginia Beach, VA. Though coming to the US with as screwed up as it has become has got to make you nervous. :) Thanks for a wonderful "free" product. Chris >>> MailScanner@ecs.soton.ac.uk 05/22/06 12:11 pm >>> On 22 May 2006, at 14:10, Jeff A. Earickson wrote: > Count me in, with the proviso that I only have one MailScanner box -- > my production system. There will be times that I won't be able to > roll out a beta: right before I go on vacation (!), and critical times > during the school year. The critical times are generally a > couple of days, max. I'm going on vacation for three weeks > starting early June, so I'll have to skip any June release. That's fine. I was intending to skip the June release, do July and then September. I have sometimes skipped August in the past anyway, as there were no changes. > Will release dates be the beginning of the month? Beta on June 1, > stable on July 1, and so on? Betas will appear as and when I release them, no strict schedule for that. But probably a beta a week before each stable release as final testing confirmation. Plus others as and when they are needed. > I think that I'm one of the few sites running Solaris 10 with > MailScanner... Some docs on that would be great, as the installation procedure is somewhat different from other OS's, particularly in the "init.d" script areas. These could usefully go into the wiki. They don't have to be too formal or wordy, most Solaris admins can suss it out given a list of commands to type, on which they base what they actually do. > PS: Don't beat yourself up about last month's release. I try no to, it's just annoying. I try to do my best at everything I do (and often get criticised for working too hard!) and screw- ups annoy me. > Your track > record on solid releases has been outstanding over the 3+ years that > we have been using MailScanner. Thanks, that's much appreciated. A good note on which to pack it in for the day. Or at least to go home and carry on from there :- ) > As for the T- shirt, you can bring > it when you come to Maine to collect your free Lobster dinner (offer > good anytime). I should put together a tour of the USA and stay with each person ("user") for a couple of days and then head on to the next one. That would be cool, what do you think? Cheers, Jules. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From strydom.dave at gmail.com Mon May 22 17:50:29 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Mon May 22 17:50:32 2006 Subject: an RBL idea In-Reply-To: <4471D69A.3030500@nkpanama.com> References: <4471D69A.3030500@nkpanama.com> Message-ID: Well hence why there can be an "on" and "off" switch for it, for those who don't want to use it. Yes SA would be reporting it, but MailScanner would be making SA report the spam via the spamcop plugin. (ie: MS would be calling the spamcop plugin, since MS is already working with the message and the headers and such, it should be easy to code in a check for it). Dave On 5/22/06, Alex Neuman van der Hans wrote: > Dave Strydom wrote: > > I would like your thoughts on an idea I had. > > > Sure... I'll bite :-) > > > > Lets say we give a SA Score of say 25 > > Any message which has a spam score over 25, is automatically reported > > to Spamcop using the spamcop spamassassin plugin. > > > I like the idea so far... > > This would be awesome, since I use RBL's with my mailserver setup, if > Me too! ... but not everybody uses (or even likes, for that matter) RBL's. > > I could catch the ones which aren't on rbl's yet, and have mailscanner > > automatically report them, this would be a massive bonus. > > > In this case SA would be reporting, not MS, right? > > I would say that there should be an option to either turn this on or > > off, and where you can specify the threshold score you would like to > > report. > > > I'd use it, but I don't know if it's something a lot of people would use... > > regards > > Dave Strydom > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From strydom.dave at gmail.com Mon May 22 17:55:55 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Mon May 22 17:56:04 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <44719F26.65ED.00A2.0@plattesheriff.org> References: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> <44719F26.65ED.00A2.0@plattesheriff.org> Message-ID: Athena ~ # uptime 18:53:24 up 217 days, 22:21, 2 users, load average: 0.20, 0.24, 0.26 Athena ~ # free -m total used free shared buffers cached Mem: 2009 1820 189 0 222 960 -/+ buffers/cache: 636 1372 Swap: 972 0 972 Athena ~ # Calypso ~ # uptime 18:54:41 up 194 days, 3:15, 2 users, load average: 0.76, 0.48, 0.40 Calypso ~ # free -m total used free shared buffers cached Mem: 2009 1884 125 0 178 1110 -/+ buffers/cache: 595 1413 Swap: 972 0 972 Calypso ~ # *flexes the memory and uptime muscles* Regards Dave On 5/22/06, Rob Poe wrote: > Box 1: Rebooted Sunday at 3:00am > Mem: 2074872k total, 1337748k used, 737124k free, 54744k > buffers > Swap: 2031608k total, 144k used, 2031464k free, 276756k > cached > > Box 2: 57 days uptime > Mem: 5974104k total, 5510124k used, 463980k free, 165700k > buffers > Swap: 2031608k total, 144k used, 2031464k free, 842580k > cached > > Box 3: 67 days uptime > Mem: 1541512k av, 1518028k used, 23484k free, 0k shrd, > 251628k buff > Swap: 2558152k av, 93004k used, 2465148k free > 686804k cached > > Box 4: 16 days uptime > Mem: 479644k av, 409920k used, 69724k free, 0k shrd, > 34880k buff > Swap: 2112440k av, 8156k used, 2104284k free > 159268k cached > > Box 5: 31 days uptime > Mem: 254212k av, 232344k used, 21868k free, 0k shrd, > 56916k buff > Swap: 666616k av, 28k used, 666588k free > 61704k cached > > Box 3 is a squid / httpd / does 15 minute big cron jobs / mailscanner > with clam and spamassassin and antivir / ldap / general lots of other > stuff box. Not lagging, even though it's 93mb into swap. > > Box 4 lags pretty hard .. but it's a 800mhz 512mb ram IDE box. That > has some to do with it.. > > Box 5 is also IDE, it's a 350mhz box, but no spamassassin. Just clam / > Mailscanner.. purrs fine > > Different configs use different amounts of ram. > From rpoe at plattesheriff.org Mon May 22 17:56:55 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Mon May 22 17:57:25 2006 Subject: Getting pounded .. sigh Message-ID: <4471A70B.65ED.00A2.0@plattesheriff.org> My mail server is getting POUNDED from 193.252.22.157 193.252.22.158 Which is smtp1.wanadoo.co.uk and smtp2.wanadoo.co.uk I blacklisted the whole 193.252.22.x They're targeting my list server, and SpamAssassin is grabbing them (along with the fact that the list server is membership only!!) but I'm getting one every 5-10 seconds!! grep 193.252.22 /var/log/maillog | wc 1863 62955 710320 May 22 11:49:02 mail sendmail[30768]: ruleset=check_relay, arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk [193.252.22.157], reject=583 5.0.0 Get lost.. May 22 11:49:07 mail sendmail[30769]: ruleset=check_relay, arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk [193.252.22.157], reject=583 5.0.0 Get lost.. May 22 11:49:13 mail sendmail[30770]: ruleset=check_relay, arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk [193.252.22.157], reject=583 5.0.0 Get lost.. May 22 11:49:27 mail sendmail[30774]: ruleset=check_relay, arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk [193.252.22.157], reject=583 5.0.0 Get lost.. May 22 11:49:29 mail sendmail[30775]: ruleset=check_relay, arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk [193.252.22.157], reject=583 5.0.0 Get lost.. May 22 11:49:41 mail sendmail[30777]: ruleset=check_relay, arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk [193.252.22.157], reject=583 5.0.0 Get lost.. From rpoe at plattesheriff.org Mon May 22 18:00:13 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Mon May 22 18:00:32 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: References: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> <44719F26.65ED.00A2.0@plattesheriff.org> Message-ID: <4471A7D2.65ED.00A2.0@plattesheriff.org> 217 days? Dont ya gotta reboot for updated kernels? >>> strydom.dave@gmail.com 5/22/2006 11:55:55 AM >>> Athena ~ # uptime 18:53:24 up 217 days, 22:21, 2 users, load average: 0.20, 0.24, 0.26 Athena ~ # free -m total used free shared buffers cached Mem: 2009 1820 189 0 222 960 -/+ buffers/cache: 636 1372 Swap: 972 0 972 Athena ~ # Calypso ~ # uptime 18:54:41 up 194 days, 3:15, 2 users, load average: 0.76, 0.48, 0.40 Calypso ~ # free -m total used free shared buffers cached Mem: 2009 1884 125 0 178 1110 -/+ buffers/cache: 595 1413 Swap: 972 0 972 Calypso ~ # *flexes the memory and uptime muscles* Regards Dave On 5/22/06, Rob Poe wrote: > Box 1: Rebooted Sunday at 3:00am > Mem: 2074872k total, 1337748k used, 737124k free, 54744k > buffers > Swap: 2031608k total, 144k used, 2031464k free, 276756k > cached > > Box 2: 57 days uptime > Mem: 5974104k total, 5510124k used, 463980k free, 165700k > buffers > Swap: 2031608k total, 144k used, 2031464k free, 842580k > cached > > Box 3: 67 days uptime > Mem: 1541512k av, 1518028k used, 23484k free, 0k shrd, > 251628k buff > Swap: 2558152k av, 93004k used, 2465148k free > 686804k cached > > Box 4: 16 days uptime > Mem: 479644k av, 409920k used, 69724k free, 0k shrd, > 34880k buff > Swap: 2112440k av, 8156k used, 2104284k free > 159268k cached > > Box 5: 31 days uptime > Mem: 254212k av, 232344k used, 21868k free, 0k shrd, > 56916k buff > Swap: 666616k av, 28k used, 666588k free > 61704k cached > > Box 3 is a squid / httpd / does 15 minute big cron jobs / mailscanner > with clam and spamassassin and antivir / ldap / general lots of other > stuff box. Not lagging, even though it's 93mb into swap. > > Box 4 lags pretty hard .. but it's a 800mhz 512mb ram IDE box. That > has some to do with it.. > > Box 5 is also IDE, it's a 350mhz box, but no spamassassin. Just clam / > Mailscanner.. purrs fine > > Different configs use different amounts of ram. > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From strydom.dave at gmail.com Mon May 22 18:01:34 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Mon May 22 18:01:36 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <1964AAFBC212F742958F9275BF63DBB038E235@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB038E235@winchester.andrewscompanies.com> Message-ID: > I should put together a tour of the USA and stay with each person > ("user") for a couple of days and then head on to the next one. That > would be cool, what do you think? Sure... then you going to make a detour to South Africa? Dave From doc at maddoc.net Mon May 22 18:09:14 2006 From: doc at maddoc.net (Doc Schneider) Date: Mon May 22 18:09:24 2006 Subject: Getting pounded .. sigh In-Reply-To: <4471A70B.65ED.00A2.0@plattesheriff.org> References: <4471A70B.65ED.00A2.0@plattesheriff.org> Message-ID: <4471F03A.9060702@maddoc.net> Rob Poe wrote: > My mail server is getting POUNDED from > 193.252.22.157 > 193.252.22.158 > > Which is smtp1.wanadoo.co.uk and smtp2.wanadoo.co.uk > > I blacklisted the whole 193.252.22.x > > They're targeting my list server, and SpamAssassin is grabbing them > (along with the fact that the list server is membership only!!) > > but I'm getting one every 5-10 seconds!! > > grep 193.252.22 /var/log/maillog | wc > 1863 62955 710320 > > May 22 11:49:02 mail sendmail[30768]: ruleset=check_relay, > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > [193.252.22.157], reject=583 5.0.0 Get lost.. > May 22 11:49:07 mail sendmail[30769]: ruleset=check_relay, > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > [193.252.22.157], reject=583 5.0.0 Get lost.. > May 22 11:49:13 mail sendmail[30770]: ruleset=check_relay, > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > [193.252.22.157], reject=583 5.0.0 Get lost.. > May 22 11:49:27 mail sendmail[30774]: ruleset=check_relay, > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > [193.252.22.157], reject=583 5.0.0 Get lost.. > May 22 11:49:29 mail sendmail[30775]: ruleset=check_relay, > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > [193.252.22.157], reject=583 5.0.0 Get lost.. > May 22 11:49:41 mail sendmail[30777]: ruleset=check_relay, > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > [193.252.22.157], reject=583 5.0.0 Get lost.. > I use this little script I wrote for these unruly pecker attacks. Use it like this ./banit.sh 193.252.22.157 cat banit.sh #!/bin/sh route add $1 gw 127.0.0.1 HTH -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From strydom.dave at gmail.com Mon May 22 18:11:11 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Mon May 22 18:11:14 2006 Subject: Getting pounded .. sigh In-Reply-To: <4471A70B.65ED.00A2.0@plattesheriff.org> References: <4471A70B.65ED.00A2.0@plattesheriff.org> Message-ID: iptables -A INPUT -s 193.252.22.157 -j DROP iptables -A INPUT -s 193.252.22.158 -j DROP problem solved. Regards Dave On 5/22/06, Rob Poe wrote: > My mail server is getting POUNDED from > 193.252.22.157 > 193.252.22.158 > > Which is smtp1.wanadoo.co.uk and smtp2.wanadoo.co.uk > > I blacklisted the whole 193.252.22.x > > They're targeting my list server, and SpamAssassin is grabbing them > (along with the fact that the list server is membership only!!) > > but I'm getting one every 5-10 seconds!! > > grep 193.252.22 /var/log/maillog | wc > 1863 62955 710320 > > May 22 11:49:02 mail sendmail[30768]: ruleset=check_relay, > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > [193.252.22.157], reject=583 5.0.0 Get lost.. > May 22 11:49:07 mail sendmail[30769]: ruleset=check_relay, > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > [193.252.22.157], reject=583 5.0.0 Get lost.. > May 22 11:49:13 mail sendmail[30770]: ruleset=check_relay, > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > [193.252.22.157], reject=583 5.0.0 Get lost.. > May 22 11:49:27 mail sendmail[30774]: ruleset=check_relay, > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > [193.252.22.157], reject=583 5.0.0 Get lost.. > May 22 11:49:29 mail sendmail[30775]: ruleset=check_relay, > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > [193.252.22.157], reject=583 5.0.0 Get lost.. > May 22 11:49:41 mail sendmail[30777]: ruleset=check_relay, > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > [193.252.22.157], reject=583 5.0.0 Get lost.. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From strydom.dave at gmail.com Mon May 22 18:13:05 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Mon May 22 18:13:26 2006 Subject: MailScanner on a cluster Message-ID: Please excuse my ignorance, but can anyone point me in the right direction of: a) is it possible to run MailScanner on a cluster b) If so, can you please point me to some documentation so i can read up on it please. regards Dave Strydom From strydom.dave at gmail.com Mon May 22 18:15:29 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Mon May 22 18:15:33 2006 Subject: Getting pounded .. sigh In-Reply-To: <4471F03A.9060702@maddoc.net> References: <4471A70B.65ED.00A2.0@plattesheriff.org> <4471F03A.9060702@maddoc.net> Message-ID: Hi Doc, Doesn't that just create more load/traffic since your machine still has to accept the tcp connection, take in the data, and then route it to 127.0.0.1, where as an iptables DROP just igore the packets completely? Dave On 5/22/06, Doc Schneider wrote: > Rob Poe wrote: > > My mail server is getting POUNDED from > > 193.252.22.157 > > 193.252.22.158 > > > > Which is smtp1.wanadoo.co.uk and smtp2.wanadoo.co.uk > > > > I blacklisted the whole 193.252.22.x > > > > They're targeting my list server, and SpamAssassin is grabbing them > > (along with the fact that the list server is membership only!!) > > > > but I'm getting one every 5-10 seconds!! > > > > grep 193.252.22 /var/log/maillog | wc > > 1863 62955 710320 > > > > May 22 11:49:02 mail sendmail[30768]: ruleset=check_relay, > > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > > [193.252.22.157], reject=583 5.0.0 Get lost.. > > May 22 11:49:07 mail sendmail[30769]: ruleset=check_relay, > > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > > [193.252.22.157], reject=583 5.0.0 Get lost.. > > May 22 11:49:13 mail sendmail[30770]: ruleset=check_relay, > > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > > [193.252.22.157], reject=583 5.0.0 Get lost.. > > May 22 11:49:27 mail sendmail[30774]: ruleset=check_relay, > > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > > [193.252.22.157], reject=583 5.0.0 Get lost.. > > May 22 11:49:29 mail sendmail[30775]: ruleset=check_relay, > > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > > [193.252.22.157], reject=583 5.0.0 Get lost.. > > May 22 11:49:41 mail sendmail[30777]: ruleset=check_relay, > > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > > [193.252.22.157], reject=583 5.0.0 Get lost.. > > > > I use this little script I wrote for these unruly pecker attacks. > > Use it like this > > ./banit.sh 193.252.22.157 > > cat banit.sh > #!/bin/sh > route add $1 gw 127.0.0.1 > > HTH > -- > -Doc > Lincoln, NE. > http://www.genealogyforyou.com/ > http://www.cairnproductions.com/ > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From jaearick at colby.edu Mon May 22 18:11:24 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon May 22 18:16:24 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <4246CA63-E1E6-45B5-BD9C-435ECF5F99AA@ecs.soton.ac.uk> References: <446F8E53.5080407@ecs.soton.ac.uk> <4246CA63-E1E6-45B5-BD9C-435ECF5F99AA@ecs.soton.ac.uk> Message-ID: > > I should put together a tour of the USA and stay with each person ("user") > for a couple of days and then head on to the next one. That would be cool, > what do you think? Got a green card? It sounds like you would be staying several years. Sounds good to us. From ssilva at sgvwater.com Mon May 22 18:19:46 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon May 22 18:20:31 2006 Subject: Custom function white/black list bug? In-Reply-To: <446F84E6.1080904@mail.wvnet.edu> References: <446E7FAB.5010609@mail.wvnet.edu> <446F4667.6070507@ecs.soton.ac.uk> <446F5857.5070207@mail.wvnet.edu> <446F5EC4.2070308@ecs.soton.ac.uk> <446F84E6.1080904@mail.wvnet.edu> Message-ID: Richard Lynch spake the following on 5/20/2006 2:06 PM: > Julian Field wrote: > > {...snip...} > >>> I guess. I've been using "default" for our_domain. That way it >>> applies to our_domain and some of the other domains we handle. I did >>> try putting abuse@our_domain in the >>> spam.bydomain/whitelist/our_domain file and it still didn't get white >>> listed. It only started working when I added the... >>> >>> return 1 if $BlackWhite->{'default'}{$to}; >>> >>> ...line of code to the function. >> But the files are all users/domains/default recipients. Each line in a >> file gives an entry for the sender going to the user/domain/default >> specified by the filename. > Yes, I understand. That's why I modified the code with the line above > so that it would also check the recipient. > > {...snip...} >>> Well it doesn't work for me unless I modify the code as indicated in >>> my original post. In my case abuse@our_domain is the only >>> recipient. Looking at the code I don't see a check for the "To:" >>> address in the default file. I see a test for $from, $fromdomain, >>> and $ip. I don't see a check for $to. That's why I added the line >>> of code. >> There isn't the $to check as the filenames are named after the >> recipient users/domains/default. The contents of each file lists the >> senders that are black/whitelisted for the addresses described by the >> filename. >> > So you're saying that the bydomain white list (and blacklist for that > matter) entries are all aimed at allowing/disallowing senders to > particular users/domains. It has nothing to do with the recipient. > (That's what I was attempting to achieve with my modification -- which > worked by the way.) > > This means there is no way for me to have a mailbox (abuse@wvnet.edu) > setup such that mail from anyone@anywhere to that address gets delivered > and not flagged as spam. > > The problem is that I have people on the internet reporting spam coming > from our network by sending it to abuse@wvnet.edu. However, our > helpdesk people never see it because it gets detected as spam and > deleted. I tried putting abuse in the wvnet.edu file but it doesn't > work since this facility is looking for the sender (who could be anyone) > rather than the recipient (abuse@wvnet.edu). > > I suppose I can get around this by coding a spamassassin rule that gives > a large positive value for mail going to abuse@wvnet.edu. I think I'll > just handle it that way since I don't know the ramifications of the mod > to the code. Thanks for the clarification. > > Richard > I hope you meant a large NEGATIVE value. A large positive value will really make it disappear. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From jaearick at colby.edu Mon May 22 18:22:53 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon May 22 18:27:02 2006 Subject: Getting pounded .. sigh In-Reply-To: References: <4471A70B.65ED.00A2.0@plattesheriff.org> Message-ID: Or if you are a Solaris user with ipfilter installed, try: block in quick on ce0 proto tcp from 193.252.22.0/24 to any port = 25 in your ipf.conf file. Substitute your appropriate network interface for "ce0". Jeff Earickson Colby College On Mon, 22 May 2006, Dave Strydom wrote: > Date: Mon, 22 May 2006 19:11:11 +0200 > From: Dave Strydom > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: Getting pounded .. sigh > > iptables -A INPUT -s 193.252.22.157 -j DROP > iptables -A INPUT -s 193.252.22.158 -j DROP > > problem solved. > > Regards > Dave > > On 5/22/06, Rob Poe wrote: >> My mail server is getting POUNDED from >> 193.252.22.157 >> 193.252.22.158 >> >> Which is smtp1.wanadoo.co.uk and smtp2.wanadoo.co.uk >> >> I blacklisted the whole 193.252.22.x >> >> They're targeting my list server, and SpamAssassin is grabbing them >> (along with the fact that the list server is membership only!!) >> >> but I'm getting one every 5-10 seconds!! >> >> grep 193.252.22 /var/log/maillog | wc >> 1863 62955 710320 >> >> May 22 11:49:02 mail sendmail[30768]: ruleset=check_relay, >> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk >> [193.252.22.157], reject=583 5.0.0 Get lost.. >> May 22 11:49:07 mail sendmail[30769]: ruleset=check_relay, >> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk >> [193.252.22.157], reject=583 5.0.0 Get lost.. >> May 22 11:49:13 mail sendmail[30770]: ruleset=check_relay, >> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk >> [193.252.22.157], reject=583 5.0.0 Get lost.. >> May 22 11:49:27 mail sendmail[30774]: ruleset=check_relay, >> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk >> [193.252.22.157], reject=583 5.0.0 Get lost.. >> May 22 11:49:29 mail sendmail[30775]: ruleset=check_relay, >> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk >> [193.252.22.157], reject=583 5.0.0 Get lost.. >> May 22 11:49:41 mail sendmail[30777]: ruleset=check_relay, >> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk >> [193.252.22.157], reject=583 5.0.0 Get lost.. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From doc at maddoc.net Mon May 22 18:29:01 2006 From: doc at maddoc.net (Doc Schneider) Date: Mon May 22 18:29:03 2006 Subject: Getting pounded .. sigh In-Reply-To: References: <4471A70B.65ED.00A2.0@plattesheriff.org> <4471F03A.9060702@maddoc.net> Message-ID: <4471F4DD.90405@maddoc.net> Dave Strydom wrote: > Hi Doc, > > Doesn't that just create more load/traffic since your machine still > has to accept the tcp connection, take in the data, and then route it > to 127.0.0.1, where as an iptables DROP just igore the packets > completely? > > Dave True, but I'm very old school. 8*)) Though, they still are going to generate unwanted traffic/bandwidth even to an iptables DROP. Either method works guess pick your poison! -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From joost at waversveld.nl Mon May 22 18:37:04 2006 From: joost at waversveld.nl (Joost Waversveld) Date: Mon May 22 18:37:13 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <1964AAFBC212F742958F9275BF63DBB038E235@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB038E235@winchester.andrewscompanies.com> Message-ID: <4471F6C0.9080408@waversveld.nl> I hope he does... I've got some interest also :) sandrews@andrewscompanies.com wrote: > Any chance you want to share you magic bash script? > > Steve > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Chris > Hammond > Sent: Monday, May 22, 2006 12:44 PM > To: MailScanner@ecs.soton.ac.uk; MailScanner discussion > Subject: Re: MailScanner ANNOUNCEMENT: Your Software Needs You! > > I run the NOC for the company I work for and have 8 MailScanner boxes > running including the one for the NOC, one for our parent company and 6 > customers. I have put together a very large bash script that does a > full setup and install from a bare bones CentOS 4 install. They range > from a couple hundred messages a day to ~65K a day. I would be more > than happy to use the NOC server as a beta test bed. I use it already > as the test setup for adding of new things or changes before pushing out > to the other servers. > > And if you did decide to come to the US I could put you up if you wanted > to see Virginia Beach, VA. > Though coming to the US with as screwed up as it has become has got to > make you nervous. :) > > Thanks for a wonderful "free" product. > Chris > >>>> MailScanner@ecs.soton.ac.uk 05/22/06 12:11 pm >>> > On 22 May 2006, at 14:10, Jeff A. Earickson wrote: >> Count me in, with the proviso that I only have one MailScanner box -- >> my production system. There will be times that I won't be able to >> roll out a beta: right before I go on vacation (!), and critical times > >> during the school year. The critical times are generally a >> couple of days, max. I'm going on vacation for three weeks >> starting early June, so I'll have to skip any June release. > > That's fine. I was intending to skip the June release, do July and then > September. I have sometimes skipped August in the past anyway, as there > were no changes. > >> Will release dates be the beginning of the month? Beta on June 1, >> stable on July 1, and so on? > > Betas will appear as and when I release them, no strict schedule for > that. But probably a beta a week before each stable release as final > testing confirmation. Plus others as and when they are needed. > >> I think that I'm one of the few sites running Solaris 10 with >> MailScanner... > > Some docs on that would be great, as the installation procedure is > somewhat different from other OS's, particularly in the "init.d" > script areas. These could usefully go into the wiki. They don't have to > be too formal or wordy, most Solaris admins can suss it out given a list > of commands to type, on which they base what they actually do. > >> PS: Don't beat yourself up about last month's release. > > I try no to, it's just annoying. I try to do my best at everything I do > (and often get criticised for working too hard!) and screw- ups annoy > me. > >> Your track >> record on solid releases has been outstanding over the 3+ years that >> we have been using MailScanner. > > Thanks, that's much appreciated. A good note on which to pack it in for > the day. Or at least to go home and carry on from there :- ) > >> As for the T- shirt, you can bring >> it when you come to Maine to collect your free Lobster dinner (offer >> good anytime). > > I should put together a tour of the USA and stay with each person > ("user") for a couple of days and then head on to the next one. That > would be cool, what do you think? > > Cheers, > Jules. > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store PGP footprint: > EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From alex at nkpanama.com Mon May 22 18:48:41 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon May 22 18:49:20 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <4471A7D2.65ED.00A2.0@plattesheriff.org> References: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> <44719F26.65ED.00A2.0@plattesheriff.org> <4471A7D2.65ED.00A2.0@plattesheriff.org> Message-ID: <4471F979.4010206@nkpanama.com> Rob Poe wrote: > 217 days? Dont ya gotta reboot for updated kernels? > My last uptime was 340 days or so... :-( Had to move the server someplace else and the UPS didn't last enough for me to disconnect the server at location #1 and move it all the way to location #2, but I *did* try. My longest uptime was a server I had once back a couple of years ago - almost 4 years. The power supply burst in flames though. Had to rebuild from scratch (and backups). From dave.list at pixelhammer.com Mon May 22 18:51:29 2006 From: dave.list at pixelhammer.com (DAve) Date: Mon May 22 18:51:53 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <4246CA63-E1E6-45B5-BD9C-435ECF5F99AA@ecs.soton.ac.uk> References: <446F8E53.5080407@ecs.soton.ac.uk> <4246CA63-E1E6-45B5-BD9C-435ECF5F99AA@ecs.soton.ac.uk> Message-ID: <4471FA21.4010307@pixelhammer.com> Julian Field wrote: > > I should put together a tour of the USA and stay with each person > ("user") for a couple of days and then head on to the next one. That > would be cool, what do you think? > > Cheers, > Jules. I'm looking to grab a server for that purpose, I have to convert our system from home brew to MailWatch first and finish a Bacula install as well. You would be welcome in Indiana, I can set you up with a tent, a sleeping bag, a firepit, and a bottle of Scotch. You would have most of 40 acres to yourself. You and the deer, racoons, foxes, coytes, possums, horned owls, and the odd skunk or two ;^) Oh and you would of course get a wireless connection as well, if you so choose. DAve -- This message was checked by forty monkeys and found to not contain any SPAM whatsoever. Your monkeys may vary From chris at tac.esi.net Mon May 22 18:57:57 2006 From: chris at tac.esi.net (Chris Hammond) Date: Mon May 22 18:58:15 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: à References: <446F8E53.5080407@ecs.soton.ac.uk> à Message-ID: <4471C36D.B662.0038.0@tac.esi.net> Only a slow wireless connection? :) Chris >>> dave.list@pixelhammer.com 05/22/06 1:51 pm >>> Julian Field wrote: > > I should put together a tour of the USA and stay with each person > ("user") for a couple of days and then head on to the next one. That > would be cool, what do you think? > > Cheers, > Jules. I'm looking to grab a server for that purpose, I have to convert our system from home brew to MailWatch first and finish a Bacula install as well. You would be welcome in Indiana, I can set you up with a tent, a sleeping bag, a firepit, and a bottle of Scotch. You would have most of 40 acres to yourself. You and the deer, racoons, foxes, coytes, possums, horned owls, and the odd skunk or two ;^) Oh and you would of course get a wireless connection as well, if you so choose. DAve -- This message was checked by forty monkeys and found to not contain any SPAM whatsoever. Your monkeys may vary -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Mon May 22 18:58:53 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon May 22 18:59:20 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <4471FA21.4010307@pixelhammer.com> References: <446F8E53.5080407@ecs.soton.ac.uk> <4246CA63-E1E6-45B5-BD9C-435ECF5F99AA@ecs.soton.ac.uk> <4471FA21.4010307@pixelhammer.com> Message-ID: <4471FBDD.5000908@nkpanama.com> DAve wrote: > You and the deer, racoons, foxes, coytes, possums, horned owls, and > the odd skunk or two ;^) > > Oh and you would of course get a wireless connection as well, if you > so choose. > > DAve > Does it cover the 40 acres? ;-) From jrudd at ucsc.edu Mon May 22 18:59:46 2006 From: jrudd at ucsc.edu (John Rudd) Date: Mon May 22 19:00:30 2006 Subject: WAY OT OS _humor_ (was: Re: MailScanner is responsible for SWAP usage!) In-Reply-To: <4471A7D2.65ED.00A2.0@plattesheriff.org> References: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> <44719F26.65ED.00A2.0@plattesheriff.org> <4471A7D2.65ED.00A2.0@plattesheriff.org> Message-ID: If you need to do kernel updates more often than every 365 days, you need a more stable unix variant :-) On May 22, 2006, at 10:00 AM, Rob Poe wrote: > 217 days? Dont ya gotta reboot for updated kernels? > > >>>> strydom.dave@gmail.com 5/22/2006 11:55:55 AM >>> > Athena ~ # uptime > 18:53:24 up 217 days, 22:21, 2 users, load average: 0.20, 0.24, > 0.26 > Athena ~ # free -m > total used free shared buffers > cached > Mem: 2009 1820 189 0 222 > 960 > -/+ buffers/cache: 636 1372 > Swap: 972 0 972 > Athena ~ # > > > Calypso ~ # uptime > 18:54:41 up 194 days, 3:15, 2 users, load average: 0.76, 0.48, > 0.40 > Calypso ~ # free -m > total used free shared buffers > cached > Mem: 2009 1884 125 0 178 > 1110 > -/+ buffers/cache: 595 1413 > Swap: 972 0 972 > Calypso ~ # > > > *flexes the memory and uptime muscles* > > Regards > Dave > > > On 5/22/06, Rob Poe wrote: >> Box 1: Rebooted Sunday at 3:00am >> Mem: 2074872k total, 1337748k used, 737124k free, 54744k >> buffers >> Swap: 2031608k total, 144k used, 2031464k free, 276756k >> cached >> >> Box 2: 57 days uptime >> Mem: 5974104k total, 5510124k used, 463980k free, 165700k >> buffers >> Swap: 2031608k total, 144k used, 2031464k free, 842580k >> cached >> >> Box 3: 67 days uptime >> Mem: 1541512k av, 1518028k used, 23484k free, 0k shrd, >> 251628k buff >> Swap: 2558152k av, 93004k used, 2465148k free >> 686804k cached >> >> Box 4: 16 days uptime >> Mem: 479644k av, 409920k used, 69724k free, 0k shrd, >> 34880k buff >> Swap: 2112440k av, 8156k used, 2104284k free >> 159268k cached >> >> Box 5: 31 days uptime >> Mem: 254212k av, 232344k used, 21868k free, 0k shrd, >> 56916k buff >> Swap: 666616k av, 28k used, 666588k free >> 61704k cached >> >> Box 3 is a squid / httpd / does 15 minute big cron jobs / > mailscanner >> with clam and spamassassin and antivir / ldap / general lots of > other >> stuff box. Not lagging, even though it's 93mb into swap. >> >> Box 4 lags pretty hard .. but it's a 800mhz 512mb ram IDE box. That >> has some to do with it.. >> >> Box 5 is also IDE, it's a 350mhz box, but no spamassassin. Just clam > / >> Mailscanner.. purrs fine >> >> Different configs use different amounts of ram. >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From sandrews at andrewscompanies.com Mon May 22 19:00:50 2006 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Mon May 22 19:00:53 2006 Subject: Getting pounded .. sigh Message-ID: <1964AAFBC212F742958F9275BF63DBB038E23E@winchester.andrewscompanies.com> I remember talk some time ago, not here, of a way to slow down the sender by doing something with an ACK (really out of my pond here). Anyone know what I might be thinking of? If there's some way to hold the connection to sender open, that would slow them down sending out crap. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc Schneider Sent: Monday, May 22, 2006 1:29 PM To: MailScanner discussion Subject: Re: Getting pounded .. sigh Dave Strydom wrote: > Hi Doc, > > Doesn't that just create more load/traffic since your machine still > has to accept the tcp connection, take in the data, and then route it > to 127.0.0.1, where as an iptables DROP just igore the packets > completely? > > Dave True, but I'm very old school. 8*)) Though, they still are going to generate unwanted traffic/bandwidth even to an iptables DROP. Either method works guess pick your poison! -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 22 19:14:15 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 22 19:14:28 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: References: Message-ID: <4471FF77.7040107@ecs.soton.ac.uk> Kevin Miller wrote: > Julian Field wrote: > > >> I try no to, it's just annoying. I try to do my best at everything I >> do (and often get criticised for working too hard!) and screw-ups >> annoy me. >> > > And we appreciate the work ethic! Just keep in mind, it's all just > zeros and ones. > Thanks! > > >>> As for the T-shirt, you can bring >>> it when you come to Maine to collect your free Lobster dinner (offer >>> good anytime). >>> >> I should put together a tour of the USA and stay with each person >> ("user") for a couple of days and then head on to the next one. That >> would be cool, what do you think? >> > > When you get to the left coast, turn right and head north. We'll have > some salmon and halibut on the grill and some king crab in the cooker > w/your name one it. > > If you like, we'll even take you out on the water and you can catch your > own! > Ooh that sounds good. Alaska is another of those places I want to go and visit some time. I've done quite a bit of Canada, but Alaska would be great too! If you folks aren't careful, I might start taking you up on some of these offers. Maybe not this summer, maybe next Spring? Will need plenty of time to plan it as I would be dealing with about 10 different people all with their own timetables and diaries. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From chris at tac.esi.net Mon May 22 19:14:49 2006 From: chris at tac.esi.net (Chris Hammond) Date: Mon May 22 19:15:04 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <1964AAFBC212F742958F9275BF63DBB038E235@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB038E235@winchester.andrewscompanies.com> Message-ID: <4471C761.B662.0038.0@tac.esi.net> Yes, I could but it is quite ugly. I am by no means fluent in bash but learned enough to make it work. I have tossed around the idea of making a project out of it itself. I brought it up to Julian once but since he works with Defender MX, it was decided that could be a conflict of interest so I never went any further with it from there. What I really invisioned it becoming was a simple custom CentOS 4 install CD but I fall way short on the knowledge to do this. It currently weighs in at 757 lines but I am sure there are more efficient ways of doing things. Is there a desire out there from people that can program to start a project of this nature? Here is a quick description of what I have the script doing. Script is run after a bare install of CentOS4 Turns off un-needed services and runs a yum update. Sets up hosts file Installs all needed RPMS; Postfix, spamassassin, clamav, caching nameserver, mysql, apache, php, webmin, ntp, snmp, mailscanner, mailwatch, logwatch and bitdefender are the major apps. Configures all apps based on variables set in the beginning of the script. Sets up iptables and allows only required ports. Sets up rules_du_jour Sets up Razor2 If all goes well, it will reboot with a fully functional Anti-Spam server. The only things that need to be done is login to Mailwatch and run spam rule updates and geoip download. I have not automated that. I have used the script to build my last 3 spam servers in less than 20 minutes to a fully functional install and that includes the CentOS 4 install. I will clean the script of an hard coded info and post it later today or tomorrow. Thanks Chris >>> sandrews@andrewscompanies.com 05/22/06 12:49 pm >>> Any chance you want to share you magic bash script? Steve ----- Original Message----- From: mailscanner- bounces@lists.mailscanner.info [mailto:mailscanner- bounces@lists.mailscanner.info] On Behalf Of Chris Hammond Sent: Monday, May 22, 2006 12:44 PM To: MailScanner@ecs.soton.ac.uk; MailScanner discussion Subject: Re: MailScanner ANNOUNCEMENT: Your Software Needs You! I run the NOC for the company I work for and have 8 MailScanner boxes running including the one for the NOC, one for our parent company and 6 customers. I have put together a very large bash script that does a full setup and install from a bare bones CentOS 4 install. They range from a couple hundred messages a day to ~65K a day. I would be more than happy to use the NOC server as a beta test bed. I use it already as the test setup for adding of new things or changes before pushing out to the other servers. And if you did decide to come to the US I could put you up if you wanted to see Virginia Beach, VA. Though coming to the US with as screwed up as it has become has got to make you nervous. :) Thanks for a wonderful "free" product. Chris >>> MailScanner@ecs.soton.ac.uk 05/22/06 12:11 pm >>> On 22 May 2006, at 14:10, Jeff A. Earickson wrote: > Count me in, with the proviso that I only have one MailScanner box -- > my production system. There will be times that I won't be able to > roll out a beta: right before I go on vacation (!), and critical times > during the school year. The critical times are generally a > couple of days, max. I'm going on vacation for three weeks > starting early June, so I'll have to skip any June release. That's fine. I was intending to skip the June release, do July and then September. I have sometimes skipped August in the past anyway, as there were no changes. > Will release dates be the beginning of the month? Beta on June 1, > stable on July 1, and so on? Betas will appear as and when I release them, no strict schedule for that. But probably a beta a week before each stable release as final testing confirmation. Plus others as and when they are needed. > I think that I'm one of the few sites running Solaris 10 with > MailScanner... Some docs on that would be great, as the installation procedure is somewhat different from other OS's, particularly in the "init.d" script areas. These could usefully go into the wiki. They don't have to be too formal or wordy, most Solaris admins can suss it out given a list of commands to type, on which they base what they actually do. > PS: Don't beat yourself up about last month's release. I try no to, it's just annoying. I try to do my best at everything I do (and often get criticised for working too hard!) and screw- ups annoy me. > Your track > record on solid releases has been outstanding over the 3+ years that > we have been using MailScanner. Thanks, that's much appreciated. A good note on which to pack it in for the day. Or at least to go home and carry on from there :- ) > As for the T- shirt, you can bring > it when you come to Maine to collect your free Lobster dinner (offer > good anytime). I should put together a tour of the USA and stay with each person ("user") for a couple of days and then head on to the next one. That would be cool, what do you think? Cheers, Jules. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From spamtrap71892316634 at anime.net Mon May 22 19:15:20 2006 From: spamtrap71892316634 at anime.net (Dan Hollis) Date: Mon May 22 19:15:24 2006 Subject: Getting pounded .. sigh In-Reply-To: <4471F4DD.90405@maddoc.net> References: <4471A70B.65ED.00A2.0@plattesheriff.org> <4471F03A.9060702@maddoc.net> <4471F4DD.90405@maddoc.net> Message-ID: On Mon, 22 May 2006, Doc Schneider wrote: > Though, they still are going to generate unwanted traffic/bandwidth even to > an iptables DROP. Either method works guess pick your poison! The nice thing is that an iptables DROP wastes more of their resources than it does yours. Gives that nice warm fuzzy feeling. -Dan From Kevin_Miller at ci.juneau.ak.us Mon May 22 19:15:53 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon May 22 19:15:57 2006 Subject: Getting pounded .. sigh Message-ID: sandrews@andrewscompanies.com wrote: > I remember talk some time ago, not here, of a way to slow down the > sender by doing something with an ACK (really out of my pond here). > Anyone know what I might be thinking of? If there's some way to hold > the connection to sender open, that would slow them down sending out > crap. I thnk you're thinking of sendmail's greet pause feature. Works great for "botted" home machines, but real MX hosts aren't tripped up by it. Another feature that may be of some help is the recipient throttle (assuming he's using sendmail - Postfix, etc. probably have something similar) but I'm not using it myself so don't know for sure... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From MailScanner at ecs.soton.ac.uk Mon May 22 19:22:08 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 22 19:22:19 2006 Subject: Getting pounded .. sigh In-Reply-To: References: <4471A70B.65ED.00A2.0@plattesheriff.org> Message-ID: <44720150.2060709@ecs.soton.ac.uk> Two things: In the UK wanadoo is a big ISP. They are actually French, but have a very big UK presence. I would expect quite a lot of traffic from them, they have a lot of customers, but I also wouldn't be too surprised if one of their main SMTP servers got compromised :-( As there are various magic commands to do this stuff in different operating systems, could someone (Jeff?) please add an article to the Wiki on how to block mail traffic from a particular host or site, not only at the OS level with firewalling but also at the MTA level for those who prefer to work at that level. Not everyone has Linux with iptables switched on and completely configured. For those people (including me) knowing how to do it at the MTA level is more useful than pretty iptables or ipfilter commands. Could someone do that for me please? Thanks! Jeff A. Earickson wrote: > Or if you are a Solaris user with ipfilter installed, try: > > block in quick on ce0 proto tcp from 193.252.22.0/24 to any port = 25 > > in your ipf.conf file. Substitute your appropriate network interface > for "ce0". > > Jeff Earickson > Colby College > > On Mon, 22 May 2006, Dave Strydom wrote: > >> Date: Mon, 22 May 2006 19:11:11 +0200 >> From: Dave Strydom >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Re: Getting pounded .. sigh >> >> iptables -A INPUT -s 193.252.22.157 -j DROP >> iptables -A INPUT -s 193.252.22.158 -j DROP >> >> problem solved. >> >> Regards >> Dave >> >> On 5/22/06, Rob Poe wrote: >>> My mail server is getting POUNDED from >>> 193.252.22.157 >>> 193.252.22.158 >>> >>> Which is smtp1.wanadoo.co.uk and smtp2.wanadoo.co.uk >>> >>> I blacklisted the whole 193.252.22.x >>> >>> They're targeting my list server, and SpamAssassin is grabbing them >>> (along with the fact that the list server is membership only!!) >>> >>> but I'm getting one every 5-10 seconds!! >>> >>> grep 193.252.22 /var/log/maillog | wc >>> 1863 62955 710320 >>> >>> May 22 11:49:02 mail sendmail[30768]: ruleset=check_relay, >>> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, >>> relay=smtp2.wanadoo.co.uk >>> [193.252.22.157], reject=583 5.0.0 Get lost.. >>> May 22 11:49:07 mail sendmail[30769]: ruleset=check_relay, >>> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, >>> relay=smtp2.wanadoo.co.uk >>> [193.252.22.157], reject=583 5.0.0 Get lost.. >>> May 22 11:49:13 mail sendmail[30770]: ruleset=check_relay, >>> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, >>> relay=smtp2.wanadoo.co.uk >>> [193.252.22.157], reject=583 5.0.0 Get lost.. >>> May 22 11:49:27 mail sendmail[30774]: ruleset=check_relay, >>> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, >>> relay=smtp2.wanadoo.co.uk >>> [193.252.22.157], reject=583 5.0.0 Get lost.. >>> May 22 11:49:29 mail sendmail[30775]: ruleset=check_relay, >>> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, >>> relay=smtp2.wanadoo.co.uk >>> [193.252.22.157], reject=583 5.0.0 Get lost.. >>> May 22 11:49:41 mail sendmail[30777]: ruleset=check_relay, >>> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, >>> relay=smtp2.wanadoo.co.uk >>> [193.252.22.157], reject=583 5.0.0 Get lost.. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From alex at nkpanama.com Mon May 22 19:22:34 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon May 22 19:23:06 2006 Subject: Getting pounded .. sigh In-Reply-To: <1964AAFBC212F742958F9275BF63DBB038E23E@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB038E23E@winchester.andrewscompanies.com> Message-ID: <4472016A.8080805@nkpanama.com> I think it's called tarpitting. Basically it slows down communications, but at the attacker's tcp/ip stack. Google around for smtp tarpitting or something. If you can't find anything I'll look around myself... sandrews@andrewscompanies.com wrote: > I remember talk some time ago, not here, of a way to slow down the > sender by doing something with an ACK (really out of my pond here). > Anyone know what I might be thinking of? If there's some way to hold > the connection to sender open, that would slow them down sending out > crap. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc > Schneider > Sent: Monday, May 22, 2006 1:29 PM > To: MailScanner discussion > Subject: Re: Getting pounded .. sigh > > Dave Strydom wrote: > >> Hi Doc, >> >> Doesn't that just create more load/traffic since your machine still >> has to accept the tcp connection, take in the data, and then route it >> to 127.0.0.1, where as an iptables DROP just igore the packets >> completely? >> >> Dave >> > > > True, but I'm very old school. 8*)) > > Though, they still are going to generate unwanted traffic/bandwidth even > to an iptables DROP. Either method works guess pick your poison! > > -- > -Doc > Lincoln, NE. > http://www.genealogyforyou.com/ > http://www.cairnproductions.com/ > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From dave.list at pixelhammer.com Mon May 22 19:23:00 2006 From: dave.list at pixelhammer.com (DAve) Date: Mon May 22 19:23:29 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <4471FBDD.5000908@nkpanama.com> References: <446F8E53.5080407@ecs.soton.ac.uk> <4246CA63-E1E6-45B5-BD9C-435ECF5F99AA@ecs.soton.ac.uk> <4471FA21.4010307@pixelhammer.com> <4471FBDD.5000908@nkpanama.com> Message-ID: <44720184.3050201@pixelhammer.com> Alex Neuman van der Hans wrote: > DAve wrote: >> You and the deer, racoons, foxes, coytes, possums, horned owls, and >> the odd skunk or two ;^) >> >> Oh and you would of course get a wireless connection as well, if you >> so choose. >> >> DAve >> > > Does it cover the 40 acres? ;-) Hold on (sound of shifting trash) nope, Jules will need to bring his own Pringles can ;^) Chris Hammond wrote: > Only a slow wireless connection? :) > We take things a bit easier here in the Midwest, it's plenty fast enough for a ssh session ;^) DAve -- This message was checked by forty monkeys and found to not contain any SPAM whatsoever. Your monkeys may vary From MailScanner at ecs.soton.ac.uk Mon May 22 19:24:37 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 22 19:24:53 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: References: <1964AAFBC212F742958F9275BF63DBB038E235@winchester.andrewscompanies.com> Message-ID: <447201E5.2070603@ecs.soton.ac.uk> Dave Strydom wrote: >> I should put together a tour of the USA and stay with each person >> ("user") for a couple of days and then head on to the next one. That >> would be cool, what do you think? > > > Sure... then you going to make a detour to South Africa? SA is yet another country I want to visit, so why not? This trip is going to cost me a fortune in flights! You folks need to buy some more copies of the book. I'll be updating it this summer (in July or August probably). Then you can all go out and buy the new version and earn me enough money to buy half of British Airways :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From alex at nkpanama.com Mon May 22 19:24:50 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon May 22 19:25:15 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <4471C761.B662.0038.0@tac.esi.net> References: <1964AAFBC212F742958F9275BF63DBB038E235@winchester.andrewscompanies.com> <4471C761.B662.0038.0@tac.esi.net> Message-ID: <447201F2.3090602@nkpanama.com> I could help with: Chris Hammond wrote: > Script is run after a bare install of CentOS4 > Turns off un-needed services and runs a yum update. > Sets up hosts file > Installs all needed RPMS; > Postfix, spamassassin, clamav, caching nameserver, mysql, apache, php, webmin, ntp, snmp, mailscanner, mailwatch, logwatch I'd install sendmail, sendmail-devel, spf-milter, milter-greylist, and perhaps another thing or two. > and bitdefender are the major apps. > Configures all apps based on variables set in the beginning of the script. > Sets up iptables and allows only required ports. > Sets up rules_du_jour > Sets up Razor2 > I'd also set up pyzor and dcc if possible. Perhaps I could contribute to this effort... From rpoe at plattesheriff.org Mon May 22 19:25:07 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Mon May 22 19:25:47 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <4471C761.B662.0038.0@tac.esi.net> References: <1964AAFBC212F742958F9275BF63DBB038E235@winchester.andrewscompanies.com> <4471C761.B662.0038.0@tac.esi.net> Message-ID: <4471BBB7.65ED.00A2.0@plattesheriff.org> I'd be interested in helping out where I can. I'm not a bash guru, but I'm pretty good at scripting.. comes from the old DOS days.. ------------------------------- Is there a desire out there from people that can program to start a project of this nature? Here is a quick description of what I have the script doing. Script is run after a bare install of CentOS4 Turns off un-needed services and runs a yum update. Sets up hosts file Installs all needed RPMS; Postfix, spamassassin, clamav, caching nameserver, mysql, apache, php, webmin, ntp, snmp, mailscanner, mailwatch, logwatch and bitdefender are the major apps. Configures all apps based on variables set in the beginning of the script. Sets up iptables and allows only required ports. Sets up rules_du_jour Sets up Razor2 From rpoe at plattesheriff.org Mon May 22 19:25:58 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Mon May 22 19:26:25 2006 Subject: Getting pounded .. sigh In-Reply-To: References: <4471A70B.65ED.00A2.0@plattesheriff.org> <4471F03A.9060702@maddoc.net> <4471F4DD.90405@maddoc.net> Message-ID: <4471BBEB.65ED.00A2.0@plattesheriff.org> For some reason, the traffic just .. dropped off right at 1300 CDT. Haven't seen one since. Wonder why ;) >>> spamtrap71892316634@anime.net 5/22/2006 1:15:20 PM >>> On Mon, 22 May 2006, Doc Schneider wrote: > Though, they still are going to generate unwanted traffic/bandwidth even to > an iptables DROP. Either method works guess pick your poison! The nice thing is that an iptables DROP wastes more of their resources than it does yours. Gives that nice warm fuzzy feeling. -Dan -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From uxbod at splatnix.net Mon May 22 00:01:29 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Mon May 22 19:26:45 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: References: <200605211751.k4LHpXWq010358@bkserver.blacknight.ie> Message-ID: <20060521230129.30f7979d@cyborg> Agreed Raymond, right machine for right job. Why run a mail service on a webserver ? Split your services roles out, also reduces single point of failure. Phil -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From chris at tac.esi.net Mon May 22 19:27:45 2006 From: chris at tac.esi.net (Chris Hammond) Date: Mon May 22 19:27:59 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <4471FF77.7040107@ecs.soton.ac.uk> References: <4471FF77.7040107@ecs.soton.ac.uk> Message-ID: <4471CA69.B662.0038.0@tac.esi.net> >> I try no to, it's just annoying. I try to do my best at everything I >> do (and often get criticized for working too hard!) and screw- ups >> annoy me. > > And we appreciate the work ethic! Just keep in mind, it's all just > zeros and ones. > >Thanks! We are all human, we are allow to make mistakes. What sets us apart is whether or not we learn from those mistakes. You obviously have as you are working to prevent the issue from happening again. This is a very respectable trait which is becoming less and less obvious in people this day and age. Also, the next time you are criticized for working to hard, just ask the person what they have accomplished and if they have people all over the world willing to put them up if the came for a visit when they only know them via email. Respect is something that is earned and your hard work and dedication have done just that from many people. Just don't over do it to the point that it effects your mental or physical health, it is just not worth that. >Ooh that sounds good. Alaska is another of those places I want to go and >visit some time. I've done quite a bit of Canada, but Alaska would be >great too! > >If you folks aren't careful, I might start taking you up on some of >these offers. Maybe not this summer, maybe next Spring? Will need plenty >of time to plan it as I would be dealing with about 10 different people >all with their own timetables and diaries. I can't speak for anyone else, but I was serious. Come on over. I am sure you will be treated quite well. Chris From jaearick at colby.edu Mon May 22 19:24:17 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon May 22 19:30:21 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <4471FF77.7040107@ecs.soton.ac.uk> References: <4471FF77.7040107@ecs.soton.ac.uk> Message-ID: > If you folks aren't careful, I might start taking you up on some of these > offers. Maybe not this summer, maybe next Spring? Will need plenty of time to > plan it as I would be dealing with about 10 different people all with their > own timetables and diaries. Julian, The best time to visit Maine (unless you ski) is August. Winter lasts from November-March (at least), April and May are mud season, June and July are nice but come with a few blood-sucking bugs inland. September and October are very nice too. Summer on the coast is the best. Jeff Earickson Colby College From rpoe at plattesheriff.org Mon May 22 19:36:04 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Mon May 22 19:36:43 2006 Subject: Getting pounded .. sigh In-Reply-To: à References: <4471A70B.65ED.00A2.0@plattesheriff.org> à Message-ID: <4471BE48.65ED.00A2.0@plattesheriff.org> I blocked them at the MTA level in the very most very basic way .. rejecting their email through the /etc/mail/access I just peeked at the logs again, and it's started back up again... >>> MailScanner@ecs.soton.ac.uk 5/22/2006 1:22:08 PM >>> Two things: In the UK wanadoo is a big ISP. They are actually French, but have a very big UK presence. I would expect quite a lot of traffic from them, they have a lot of customers, but I also wouldn't be too surprised if one of their main SMTP servers got compromised :-( As there are various magic commands to do this stuff in different operating systems, could someone (Jeff?) please add an article to the Wiki on how to block mail traffic from a particular host or site, not only at the OS level with firewalling but also at the MTA level for those who prefer to work at that level. Not everyone has Linux with iptables switched on and completely configured. For those people (including me) knowing how to do it at the MTA level is more useful than pretty iptables or ipfilter commands. Could someone do that for me please? Thanks! Jeff A. Earickson wrote: > Or if you are a Solaris user with ipfilter installed, try: > > block in quick on ce0 proto tcp from 193.252.22.0/24 to any port = 25 > > in your ipf.conf file. Substitute your appropriate network interface > for "ce0". > > Jeff Earickson > Colby College > > On Mon, 22 May 2006, Dave Strydom wrote: > >> Date: Mon, 22 May 2006 19:11:11 +0200 >> From: Dave Strydom >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Re: Getting pounded .. sigh >> >> iptables -A INPUT -s 193.252.22.157 -j DROP >> iptables -A INPUT -s 193.252.22.158 -j DROP >> >> problem solved. >> >> Regards >> Dave >> >> On 5/22/06, Rob Poe wrote: >>> My mail server is getting POUNDED from >>> 193.252.22.157 >>> 193.252.22.158 >>> >>> Which is smtp1.wanadoo.co.uk and smtp2.wanadoo.co.uk >>> >>> I blacklisted the whole 193.252.22.x >>> >>> They're targeting my list server, and SpamAssassin is grabbing them >>> (along with the fact that the list server is membership only!!) >>> >>> but I'm getting one every 5-10 seconds!! >>> >>> grep 193.252.22 /var/log/maillog | wc >>> 1863 62955 710320 >>> >>> May 22 11:49:02 mail sendmail[30768]: ruleset=check_relay, >>> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, >>> relay=smtp2.wanadoo.co.uk >>> [193.252.22.157], reject=583 5.0.0 Get lost.. >>> May 22 11:49:07 mail sendmail[30769]: ruleset=check_relay, >>> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, >>> relay=smtp2.wanadoo.co.uk >>> [193.252.22.157], reject=583 5.0.0 Get lost.. >>> May 22 11:49:13 mail sendmail[30770]: ruleset=check_relay, >>> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, >>> relay=smtp2.wanadoo.co.uk >>> [193.252.22.157], reject=583 5.0.0 Get lost.. >>> May 22 11:49:27 mail sendmail[30774]: ruleset=check_relay, >>> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, >>> relay=smtp2.wanadoo.co.uk >>> [193.252.22.157], reject=583 5.0.0 Get lost.. >>> May 22 11:49:29 mail sendmail[30775]: ruleset=check_relay, >>> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, >>> relay=smtp2.wanadoo.co.uk >>> [193.252.22.157], reject=583 5.0.0 Get lost.. >>> May 22 11:49:41 mail sendmail[30777]: ruleset=check_relay, >>> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, >>> relay=smtp2.wanadoo.co.uk >>> [193.252.22.157], reject=583 5.0.0 Get lost.. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 22 19:36:33 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 22 19:36:49 2006 Subject: MailScanner on a cluster In-Reply-To: References: Message-ID: <447204B1.4070400@ecs.soton.ac.uk> Dave Strydom wrote: > Please excuse my ignorance, but can anyone point me in the right > direction of: > > a) is it possible to run MailScanner on a cluster Yes. > b) If so, can you please point me to some documentation so i can read > up on it please. It's very easy. At the simplest level, which actually works remarkably well considering how cheap the solution is, is this: Solution 1 =========== Create a new DNS record called mx.yourdomain.com and assign multiple 'A'records to it, one for each of the IP addresses used by your cluster of servers. Put a single 'MX' record in your domain's DNS records, pointing to "mx.yourdomain.com." (Don't forget the "." on the end). @ 10 IN MX mx.mydomain.com. mx IN A 192.168.99.101 IN A 192.168.99.102 IN A 192.168.99.103 IN A 192.168.99.104 IN A 192.168.99.105 It's as simple as that. The DNS lookups will rotate through the members of your cluster, spreading the messages (by quantity, not by size) across your cluster. Solution 2 =========== You can also do this by having multiple MX records all with the same priority number, each pointing to mx1, mx2, mx3, mx4 etc. @ 10 IN MX mx1.mydomain.com. 10 IN MX mx2.mydomain.com. 10 IN MX mx3.mydomain.com. 10 IN MX mx4.mydomain.com. 10 IN MX mx5.mydomain.com. mx1 IN A 192.168.99.101 mx2 IN A 192.168.99.102 mx3 IN A 192.168.99.103 mx4 IN A 192.168.99.104 mx5 IN A 192.168.99.105 Some people argue that this is better as it is more likely to deliver mail quicker when you take some of your servers out of action. They are possibly right. Solution 3 =========== You can also do this by spending a fortune on Cisco load balancers and have heartbeat monitoring systems, etc. But it won't make any big difference, but you will have a very expensive Cisco box to look after and a big hole in your bank balance. Again, can someone please put this in the Wiki for me? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Mon May 22 19:39:18 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 22 19:39:28 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <4471FA21.4010307@pixelhammer.com> References: <446F8E53.5080407@ecs.soton.ac.uk> <4246CA63-E1E6-45B5-BD9C-435ECF5F99AA@ecs.soton.ac.uk> <4471FA21.4010307@pixelhammer.com> Message-ID: <44720556.3060307@ecs.soton.ac.uk> DAve wrote: > Julian Field wrote: >> >> I should put together a tour of the USA and stay with each person >> ("user") for a couple of days and then head on to the next one. That >> would be cool, what do you think? >> >> Cheers, >> Jules. > > I'm looking to grab a server for that purpose, I have to convert our > system from home brew to MailWatch first and finish a Bacula install > as well. > > You would be welcome in Indiana, I can set you up with a tent, a > sleeping bag, a firepit, and a bottle of Scotch. You would have most > of 40 acres to yourself. You and the deer, racoons, foxes, coytes, > possums, horned owls, and the odd skunk or two ;^) > > Oh and you would of course get a wireless connection as well, if you > so choose. I was kinda hoping to be able to sleep somewhere with a roof :-) P.S. Like your sig. As you say, monkeys do vary. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From sandrews at andrewscompanies.com Mon May 22 19:45:35 2006 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Mon May 22 19:45:38 2006 Subject: Getting pounded .. sigh Message-ID: <1964AAFBC212F742958F9275BF63DBB038E240@winchester.andrewscompanies.com> That was it! -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans Sent: Monday, May 22, 2006 2:23 PM To: MailScanner discussion Subject: Re: Getting pounded .. sigh I think it's called tarpitting. Basically it slows down communications, but at the attacker's tcp/ip stack. Google around for smtp tarpitting or something. If you can't find anything I'll look around myself... sandrews@andrewscompanies.com wrote: > I remember talk some time ago, not here, of a way to slow down the > sender by doing something with an ACK (really out of my pond here). > Anyone know what I might be thinking of? If there's some way to hold > the connection to sender open, that would slow them down sending out > crap. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc > Schneider > Sent: Monday, May 22, 2006 1:29 PM > To: MailScanner discussion > Subject: Re: Getting pounded .. sigh > > Dave Strydom wrote: > >> Hi Doc, >> >> Doesn't that just create more load/traffic since your machine still >> has to accept the tcp connection, take in the data, and then route it >> to 127.0.0.1, where as an iptables DROP just igore the packets >> completely? >> >> Dave >> > > > True, but I'm very old school. 8*)) > > Though, they still are going to generate unwanted traffic/bandwidth > even to an iptables DROP. Either method works guess pick your poison! > > -- > -Doc > Lincoln, NE. > http://www.genealogyforyou.com/ > http://www.cairnproductions.com/ > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From chris at tac.esi.net Mon May 22 19:46:37 2006 From: chris at tac.esi.net (Chris Hammond) Date: Mon May 22 19:46:45 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: à References: <446F8E53.5080407@ecs.soton.ac.uk> à Message-ID: <4471CED5.B662.0038.0@tac.esi.net> >>> dave.list@pixelhammer.com 05/22/06 2:23 pm >>> Alex Neuman van der Hans wrote: Chris Hammond wrote: > Only a slow wireless connection? :) > We take things a bit easier here in the Midwest, it's plenty fast enough for a ssh session ;^) :) Chris From steve.swaney at fsl.com Mon May 22 19:47:44 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Mon May 22 19:47:50 2006 Subject: Getting pounded .. sigh In-Reply-To: Message-ID: <079c01c67dd0$36f6eea0$2901010a@office.fsl> Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Kevin Miller > Sent: Monday, May 22, 2006 2:16 PM > To: MailScanner discussion > Subject: RE: Getting pounded .. sigh > > sandrews@andrewscompanies.com wrote: > > I remember talk some time ago, not here, of a way to slow down the > > sender by doing something with an ACK (really out of my pond here). > > Anyone know what I might be thinking of? If there's some way to hold > > the connection to sender open, that would slow them down sending out > > crap. > > I thnk you're thinking of sendmail's greet pause feature. Works great > for "botted" home machines, but real MX hosts aren't tripped up by it. > Another feature that may be of some help is the recipient throttle > (assuming he's using sendmail - Postfix, etc. probably have something > similar) but I'm not using it myself so don't know for sure... > > > > ...Kevin > -- If you're using sendmail 8.13 look at: http://www.technoids.org/dossed.html It's Contents * 1. Limiting the Rate of Incoming Connections o 1.1. The ratecontrol Feature o 1.2. The Connection Rate Throttle * 2. Limiting Simultaneous Connections with the conncontrol Feature * 3. Thwarting Dictionary Attacks o 3.1. Limiting the Number of Recipients per Message o 3.2. Reacting to "Bad" Recipients * 4. Blocking Slammers with the greet_pause Feature * 5. Other Ways to Protect Your sendmail Server * 6. Afterword Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From chris at tac.esi.net Mon May 22 19:47:45 2006 From: chris at tac.esi.net (Chris Hammond) Date: Mon May 22 19:47:57 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <447201E5.2070603@ecs.soton.ac.uk> References: <1964AAFBC212F742958F9275BF63DBB038E235@winchester.andrewscompanies.com> <447201E5.2070603@ecs.soton.ac.uk> Message-ID: <4471CF19.B662.0038.0@tac.esi.net> >SA is yet another country I want to visit, so why not? >This trip is going to cost me a fortune in flights! You folks need to >buy some more copies of the book. I'll be updating it this summer (in >July or August probably). Then you can all go out and buy the new >version and earn me enough money to buy half of British Airways :- ) Will do. Chris From chris at tac.esi.net Mon May 22 19:50:44 2006 From: chris at tac.esi.net (Chris Hammond) Date: Mon May 22 19:50:52 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <447201F2.3090602@nkpanama.com> References: <1964AAFBC212F742958F9275BF63DBB038E235@winchester.andrewscompanies.com> <4471C761.B662.0038.0@tac.esi.net> <447201F2.3090602@nkpanama.com> Message-ID: <4471CFCC.B662.0038.0@tac.esi.net> If it were made into a project, I agree there should be the choice of MTA's. How serious should we get on this? Since there's more than one person that may be working on this, would it justify cvs or is it too small for that? Chris >>> alex@nkpanama.com 05/22/06 2:24 pm >>> I could help with: Chris Hammond wrote: > Script is run after a bare install of CentOS4 > Turns off un- needed services and runs a yum update. > Sets up hosts file > Installs all needed RPMS; > Postfix, spamassassin, clamav, caching nameserver, mysql, apache, php, webmin, ntp, snmp, mailscanner, mailwatch, logwatch I'd install sendmail, sendmail- devel, spf- milter, milter- greylist, and perhaps another thing or two. > and bitdefender are the major apps. > Configures all apps based on variables set in the beginning of the script. > Sets up iptables and allows only required ports. > Sets up rules_du_jour > Sets up Razor2 > I'd also set up pyzor and dcc if possible. Perhaps I could contribute to this effort... -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Mon May 22 20:05:25 2006 From: alex at nkpanama.com (Alex Neuman) Date: Mon May 22 20:05:49 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <20060521230129.30f7979d@cyborg> References: <200605211751.k4LHpXWq010358@bkserver.blacknight.ie> <20060521230129.30f7979d@cyborg> Message-ID: <44720B75.8010202@nkpanama.com> --[UxBoD]-- wrote: > Agreed Raymond, > > right machine for right job. Why run a mail service on a webserver ? Split your services roles out, also reduces single point of failure. > > Phil > > In fact, when there's enough of a budget for a dedicated web server, a dedicated database server, and so on, I usually wind up keeping the installation files ready (or sometimes, already installed but disabled by default) for the other services in case of a failure. From jon at radel.com Mon May 22 20:06:46 2006 From: jon at radel.com (Jon Radel) Date: Mon May 22 20:06:21 2006 Subject: Getting pounded .. sigh In-Reply-To: <4472016A.8080805@nkpanama.com> References: <1964AAFBC212F742958F9275BF63DBB038E23E@winchester.andrewscompanies.com> <4472016A.8080805@nkpanama.com> Message-ID: <44720BC6.7090001@radel.com> Alex Neuman van der Hans wrote: > > I think it's called tarpitting. Basically it slows down communications, > but at the attacker's tcp/ip stack. > > Google around for smtp tarpitting or something. If you can't find > anything I'll look around myself... > Yup. http://www.benzedrine.cx/relaydb.html is an interesting starting point on the topic. I have an OpenBSD firewall making use of some of these techniques sitting in front of my mail servers. (And, no, I've never had time for a rigorous analysis as to how much good it does--for a while the greylisting part was very helpful, but spammers are such adaptable little critters....) --Jon Radel From drew at themarshalls.co.uk Mon May 22 20:06:28 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Mon May 22 20:06:39 2006 Subject: Getting pounded .. sigh In-Reply-To: References: Message-ID: <25BA6310-AB2F-427F-AFC2-EBBA7B951273@themarshalls.co.uk> On 22 May 2006, at 19:15, Kevin Miller wrote: > sandrews@andrewscompanies.com wrote: >> I remember talk some time ago, not here, of a way to slow down the >> sender by doing something with an ACK (really out of my pond here). >> Anyone know what I might be thinking of? If there's some way to hold >> the connection to sender open, that would slow them down sending out >> crap. > > I thnk you're thinking of sendmail's greet pause feature. Works great > for "botted" home machines, but real MX hosts aren't tripped up by it. > Another feature that may be of some help is the recipient throttle > (assuming he's using sendmail - Postfix, etc. probably have something > similar) but I'm not using it myself so don't know for sure... Postfix should be set by default under the in_flow_delay feature but this will only slow 'thundering heard' servers who are trying to make many connections per time period. From memory Wanadoo are using Postfix servers as their main mail core so they will 'behave properly' so greet pause etc just won't work. This sort of attack is usually caused by compromised machine on the end of a DSL circuit which is configured to relay through the ISP's MTA. It shouldn't matter soon though as the servers in question will end up on a few RBLs. Sadly, knowing the ISP in question, their sys admins won't care and will ignore the problem. I know several UK ISPs end up having to whitelist Wanadoo servers as they often end up on blacklists and with the size of the Wanadoo user base, too many people notice if Wanadoo mail goes 'missing'. You could make yourself feel better and mail abuse@wanadoo.com but I wouldn't hold your breath :-( Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From Kevin_Miller at ci.juneau.ak.us Mon May 22 20:08:40 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon May 22 20:08:42 2006 Subject: Getting pounded .. sigh Message-ID: Rob Poe wrote: > I blocked them at the MTA level in the very most very basic way .. > rejecting their email through the /etc/mail/access > > I just peeked at the logs again, and it's started back up again... Have you tried contacting the abuse@ address for wannadoo? Probably one of their customer's infected machine. I'm sure they can cut them off right quick if they're notified... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From strydom.dave at gmail.com Mon May 22 20:10:01 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Mon May 22 20:10:04 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: References: <4471FF77.7040107@ecs.soton.ac.uk> Message-ID: South Africa from November until February, and ask any person who has come to South Africa, we have the nicest woman in the world :) Dave On 5/22/06, Jeff A. Earickson wrote: > > If you folks aren't careful, I might start taking you up on some of these > > offers. Maybe not this summer, maybe next Spring? Will need plenty of time to > > plan it as I would be dealing with about 10 different people all with their > > own timetables and diaries. > > Julian, > > The best time to visit Maine (unless you ski) is August. Winter lasts > from November-March (at least), April and May are mud season, June and > July are nice but come with a few blood-sucking bugs inland. September and > October are very nice too. Summer on the coast is the best. > > Jeff Earickson > Colby College > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From strydom.dave at gmail.com Mon May 22 20:15:07 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Mon May 22 20:15:10 2006 Subject: MailScanner on a cluster In-Reply-To: <447204B1.4070400@ecs.soton.ac.uk> References: <447204B1.4070400@ecs.soton.ac.uk> Message-ID: Julian, I'm already using the DNS round-robin system of both solution 1 and solution 2, there is just one problem... These mailscanners are part of a webhosting setup and handle mail for about 2500+ different domains, I don't want to have to go update all MX records everytime i want to add an additional server. Also some people handle their own DNS records, so then it's a mission to send out notifications and asking people to sort out their MX records. What I am looking at doing is keeping my current "external ip's" and then having them nat into a cluster, but i want to know if I can run mailscanner on something like an openmosix cluster, this way I can just add servers to the cluster and not have to worry about additional ip's and the updates that go with it. Dave On 5/22/06, Julian Field wrote: > Dave Strydom wrote: > > Please excuse my ignorance, but can anyone point me in the right > > direction of: > > > > a) is it possible to run MailScanner on a cluster > Yes. > > b) If so, can you please point me to some documentation so i can read > > up on it please. > It's very easy. > At the simplest level, which actually works remarkably well considering > how cheap the solution is, is this: > > Solution 1 > =========== > Create a new DNS record called mx.yourdomain.com and assign multiple > 'A'records to it, one for each of the IP addresses used by your cluster > of servers. > Put a single 'MX' record in your domain's DNS records, pointing to > "mx.yourdomain.com." (Don't forget the "." on the end). > > @ 10 IN MX mx.mydomain.com. > mx IN A 192.168.99.101 > IN A 192.168.99.102 > IN A 192.168.99.103 > IN A 192.168.99.104 > IN A 192.168.99.105 > > It's as simple as that. The DNS lookups will rotate through the members > of your cluster, spreading the messages (by quantity, not by size) > across your cluster. > > Solution 2 > =========== > You can also do this by having multiple MX records all with the same > priority number, each pointing to mx1, mx2, mx3, mx4 etc. > > @ 10 IN MX mx1.mydomain.com. > 10 IN MX mx2.mydomain.com. > 10 IN MX mx3.mydomain.com. > 10 IN MX mx4.mydomain.com. > 10 IN MX mx5.mydomain.com. > mx1 IN A 192.168.99.101 > mx2 IN A 192.168.99.102 > mx3 IN A 192.168.99.103 > mx4 IN A 192.168.99.104 > mx5 IN A 192.168.99.105 > > Some people argue that this is better as it is more likely to deliver > mail quicker when you take some of your servers out of action. They are > possibly right. > > Solution 3 > =========== > You can also do this by spending a fortune on Cisco load balancers and > have heartbeat monitoring systems, etc. But it won't make any big > difference, but you will have a very expensive Cisco box to look after > and a big hole in your bank balance. > > Again, can someone please put this in the Wiki for me? > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From drew at themarshalls.co.uk Mon May 22 20:20:20 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Mon May 22 20:20:27 2006 Subject: MailScanner on a cluster In-Reply-To: References: Message-ID: <5FABAD17-A1C3-43AE-9D00-160BC16EBFD7@themarshalls.co.uk> On 22 May 2006, at 18:13, Dave Strydom wrote: > Please excuse my ignorance, but can anyone point me in the right > direction of: > > a) is it possible to run MailScanner on a cluster Yes > b) If so, can you please point me to some documentation so i can read > up on it please. Have a look in the wiki address in the footer of this message. The basics are set up one box, rsync the configs, run bayes in MySQL (In the wiki) do as Julian suggests in load balancing the cluster (There are also Open Source options for this too. Have a look at Pen http:// siag.nu/pen/ for example) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From alex at nkpanama.com Mon May 22 20:21:37 2006 From: alex at nkpanama.com (Alex Neuman) Date: Mon May 22 20:21:54 2006 Subject: Getting pounded .. sigh In-Reply-To: <1964AAFBC212F742958F9275BF63DBB038E240@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB038E240@winchester.andrewscompanies.com> Message-ID: <44720F41.1080804@nkpanama.com> sandrews@andrewscompanies.com wrote: > That was it! > > Then be nice and report on your findings, experiences, pitfalls, etc... Or go all the way and post it in the wiki! :-) > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex > Neuman van der Hans > Sent: Monday, May 22, 2006 2:23 PM > To: MailScanner discussion > Subject: Re: Getting pounded .. sigh > > I think it's called tarpitting. Basically it slows down communications, > but at the attacker's tcp/ip stack. > > Google around for smtp tarpitting or something. If you can't find > anything I'll look around myself... > > sandrews@andrewscompanies.com wrote: > >> I remember talk some time ago, not here, of a way to slow down the >> sender by doing something with an ACK (really out of my pond here). >> Anyone know what I might be thinking of? If there's some way to hold >> the connection to sender open, that would slow them down sending out >> crap. >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc >> Schneider >> Sent: Monday, May 22, 2006 1:29 PM >> To: MailScanner discussion >> Subject: Re: Getting pounded .. sigh >> >> Dave Strydom wrote: >> >> >>> Hi Doc, >>> >>> Doesn't that just create more load/traffic since your machine still >>> has to accept the tcp connection, take in the data, and then route it >>> > > >>> to 127.0.0.1, where as an iptables DROP just igore the packets >>> completely? >>> >>> Dave >>> >>> >> True, but I'm very old school. 8*)) >> >> Though, they still are going to generate unwanted traffic/bandwidth >> even to an iptables DROP. Either method works guess pick your poison! >> >> -- >> -Doc >> Lincoln, NE. >> http://www.genealogyforyou.com/ >> http://www.cairnproductions.com/ >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From drew at themarshalls.co.uk Mon May 22 20:24:56 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Mon May 22 20:25:02 2006 Subject: Laggy List Server?? Message-ID: Is it me or is the list server some what laggy at the moment? Looks, on first inspection, to be 20 - 30 minutes from receipt of original to explosion of the list and then delivery. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From maillists at conactive.com Mon May 22 20:31:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon May 22 20:29:28 2006 Subject: Getting pounded .. sigh In-Reply-To: <4471A70B.65ED.00A2.0@plattesheriff.org> References: <4471A70B.65ED.00A2.0@plattesheriff.org> Message-ID: Rob Poe wrote on Mon, 22 May 2006 11:56:55 -0500: > 193.252.22.157 > 193.252.22.158 > > Which is smtp1.wanadoo.co.uk and smtp2.wanadoo.co.uk It's an Internet access provider/Freemail provider of French origin who's obviously spanned to the UK (and some other countries). I don't see nothing "bad" in your logs other than you seem to get a lot of mail from them. Of course, it's possible that it's only spam coming from there, but "wanadoo" per se is not a spammer and these are genuine SMTP servers for their customers. AFAIK, their track record concerning abuse reaction is not good to say the least Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From dave.list at pixelhammer.com Mon May 22 20:32:47 2006 From: dave.list at pixelhammer.com (DAve) Date: Mon May 22 20:33:11 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <44720556.3060307@ecs.soton.ac.uk> References: <446F8E53.5080407@ecs.soton.ac.uk> <4246CA63-E1E6-45B5-BD9C-435ECF5F99AA@ecs.soton.ac.uk> <4471FA21.4010307@pixelhammer.com> <44720556.3060307@ecs.soton.ac.uk> Message-ID: <447211DF.6010801@pixelhammer.com> Julian Field wrote: > DAve wrote: >> You would be welcome in Indiana, I can set you up with a tent, a >> sleeping bag, a firepit, and a bottle of Scotch. You would have most >> of 40 acres to yourself. You and the deer, racoons, foxes, coytes, >> possums, horned owls, and the odd skunk or two ;^) >> >> Oh and you would of course get a wireless connection as well, if you >> so choose. > I was kinda hoping to be able to sleep somewhere with a roof :-) > I was trying to offer the full experience! You are of course welcome to an inside bed rather than fresh air and stars, but you can get that anywhere ;^) DAve -- This message was checked by forty monkeys and found to not contain any SPAM whatsoever. Your monkeys may vary From MailScanner at ecs.soton.ac.uk Mon May 22 20:41:32 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 22 20:41:44 2006 Subject: Getting pounded .. sigh In-Reply-To: <079c01c67dd0$36f6eea0$2901010a@office.fsl> References: <079c01c67dd0$36f6eea0$2901010a@office.fsl> Message-ID: <447213EC.30008@ecs.soton.ac.uk> Steve, Please can you add this to the Wiki? It's a very useful little mine of information. Just the link and your contents list of it will do, with some links to the original. Thanks! Jules. Stephen Swaney wrote: > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Kevin Miller >> Sent: Monday, May 22, 2006 2:16 PM >> To: MailScanner discussion >> Subject: RE: Getting pounded .. sigh >> >> sandrews@andrewscompanies.com wrote: >> >>> I remember talk some time ago, not here, of a way to slow down the >>> sender by doing something with an ACK (really out of my pond here). >>> Anyone know what I might be thinking of? If there's some way to hold >>> the connection to sender open, that would slow them down sending out >>> crap. >>> >> I thnk you're thinking of sendmail's greet pause feature. Works great >> for "botted" home machines, but real MX hosts aren't tripped up by it. >> Another feature that may be of some help is the recipient throttle >> (assuming he's using sendmail - Postfix, etc. probably have something >> similar) but I'm not using it myself so don't know for sure... >> >> >> >> ...Kevin >> -- >> > If you're using sendmail 8.13 look at: > > http://www.technoids.org/dossed.html > > It's Contents > > * 1. Limiting the Rate of Incoming Connections > o 1.1. The ratecontrol Feature > o 1.2. The Connection Rate Throttle > * 2. Limiting Simultaneous Connections with the conncontrol Feature > * 3. Thwarting Dictionary Attacks > o 3.1. Limiting the Number of Recipients per Message > o 3.2. Reacting to "Bad" Recipients > * 4. Blocking Slammers with the greet_pause Feature > * 5. Other Ways to Protect Your sendmail Server > * 6. Afterword > > > Steve > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From jethro.binks at strath.ac.uk Mon May 22 20:57:19 2006 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Mon May 22 20:57:24 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: References: <4471FF77.7040107@ecs.soton.ac.uk> Message-ID: <20060522205628.O67627@defjam.cc.strath.ac.uk> On Mon, 22 May 2006, Dave Strydom wrote: > South Africa from November until February, and ask any person who has > come to South Africa, we have the nicest woman in the world :) Hmm. She must be very tired. You're welcome to visit us in Glasgow, Julian, but I suspect that's not the best offer you'll get. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From Richard.Frovarp at sendit.nodak.edu Mon May 22 21:00:18 2006 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Mon May 22 21:00:22 2006 Subject: MailScanner on a cluster In-Reply-To: References: <447204B1.4070400@ecs.soton.ac.uk> Message-ID: <44721852.4070305@sendit.nodak.edu> Dave, You could use something like IPVS if you run Linux. Have the machine listen to an IP and port and have it do RR or some other method for distributing the load. It does support persistent connections, which is probably of no use in this case. http://www.linuxvirtualserver.org/software/ipvs.html It does require some work to setup, but is a lot cheaper than a fancy Cisco system. We use it to balance LDAP, outgoing SMTP, and webmail. Richard Dave Strydom wrote: > Julian, > > I'm already using the DNS round-robin system of both solution 1 and > solution 2, there is just one problem... > > These mailscanners are part of a webhosting setup and handle mail for > about 2500+ different domains, I don't want to have to go update all > MX records everytime i want to add an additional server. Also some > people handle their own DNS records, so then it's a mission to send > out notifications and asking people to sort out their MX records. > > What I am looking at doing is keeping my current "external ip's" and > then having them nat into a cluster, but i want to know if I can run > mailscanner on something like an openmosix cluster, this way I can > just add servers to the cluster and not have to worry about additional > ip's and the updates that go with it. > > Dave > On 5/22/06, Julian Field wrote: > >> Dave Strydom wrote: >> > Please excuse my ignorance, but can anyone point me in the right >> > direction of: >> > >> > a) is it possible to run MailScanner on a cluster >> Yes. >> > b) If so, can you please point me to some documentation so i can read >> > up on it please. >> It's very easy. >> At the simplest level, which actually works remarkably well considering >> how cheap the solution is, is this: >> >> Solution 1 >> =========== >> Create a new DNS record called mx.yourdomain.com and assign multiple >> 'A'records to it, one for each of the IP addresses used by your cluster >> of servers. >> Put a single 'MX' record in your domain's DNS records, pointing to >> "mx.yourdomain.com." (Don't forget the "." on the end). >> >> @ 10 IN MX mx.mydomain.com. >> mx IN A 192.168.99.101 >> IN A 192.168.99.102 >> IN A 192.168.99.103 >> IN A 192.168.99.104 >> IN A 192.168.99.105 >> >> It's as simple as that. The DNS lookups will rotate through the members >> of your cluster, spreading the messages (by quantity, not by size) >> across your cluster. >> >> Solution 2 >> =========== >> You can also do this by having multiple MX records all with the same >> priority number, each pointing to mx1, mx2, mx3, mx4 etc. >> >> @ 10 IN MX mx1.mydomain.com. >> 10 IN MX mx2.mydomain.com. >> 10 IN MX mx3.mydomain.com. >> 10 IN MX mx4.mydomain.com. >> 10 IN MX mx5.mydomain.com. >> mx1 IN A 192.168.99.101 >> mx2 IN A 192.168.99.102 >> mx3 IN A 192.168.99.103 >> mx4 IN A 192.168.99.104 >> mx5 IN A 192.168.99.105 >> >> Some people argue that this is better as it is more likely to deliver >> mail quicker when you take some of your servers out of action. They are >> possibly right. >> >> Solution 3 >> =========== >> You can also do this by spending a fortune on Cisco load balancers and >> have heartbeat monitoring systems, etc. But it won't make any big >> difference, but you will have a very expensive Cisco box to look after >> and a big hole in your bank balance. >> >> Again, can someone please put this in the Wiki for me? >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Richard Frovarp EduTech System Administrator 1-701-231-5127 or 1-800-774-1091 From chris at tac.esi.net Mon May 22 21:08:09 2006 From: chris at tac.esi.net (Chris Hammond) Date: Mon May 22 21:08:22 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: à References: <446F8E53.5080407@ecs.soton.ac.uk> à Message-ID: <4471E1F1.B662.0038.0@tac.esi.net> You do have a valid point there. Chris >>> dave.list@pixelhammer.com 05/22/06 3:32 pm >>> Julian Field wrote: > DAve wrote: >> You would be welcome in Indiana, I can set you up with a tent, a >> sleeping bag, a firepit, and a bottle of Scotch. You would have most >> of 40 acres to yourself. You and the deer, racoons, foxes, coytes, >> possums, horned owls, and the odd skunk or two ;^) >> >> Oh and you would of course get a wireless connection as well, if you >> so choose. > I was kinda hoping to be able to sleep somewhere with a roof :- ) > I was trying to offer the full experience! You are of course welcome to an inside bed rather than fresh air and stars, but you can get that anywhere ;^) DAve -- This message was checked by forty monkeys and found to not contain any SPAM whatsoever. Your monkeys may vary -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Mon May 22 21:06:09 2006 From: alex at nkpanama.com (Alex Neuman) Date: Mon May 22 21:09:14 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: References: <4471FF77.7040107@ecs.soton.ac.uk> Message-ID: <447219B1.2070101@nkpanama.com> Dave Strydom wrote: > South Africa from November until February, and ask any person who has > come to South Africa, we have the nicest woman in the world :) > You mean Charlize? > Dave > > On 5/22/06, Jeff A. Earickson wrote: >> > If you folks aren't careful, I might start taking you up on some of >> these >> > offers. Maybe not this summer, maybe next Spring? Will need plenty >> of time to >> > plan it as I would be dealing with about 10 different people all >> with their >> > own timetables and diaries. >> >> Julian, >> >> The best time to visit Maine (unless you ski) is August. Winter >> lasts >> from November-March (at least), April and May are mud season, June and >> July are nice but come with a few blood-sucking bugs inland. >> September and >> October are very nice too. Summer on the coast is the best. >> >> Jeff Earickson >> Colby College >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> From MailScanner at ecs.soton.ac.uk Mon May 22 21:10:17 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 22 21:10:35 2006 Subject: MailScanner on a cluster In-Reply-To: References: <447204B1.4070400@ecs.soton.ac.uk> Message-ID: <44721AA9.6050702@ecs.soton.ac.uk> Dave Strydom wrote: > Julian, > > I'm already using the DNS round-robin system of both solution 1 and > solution 2, there is just one problem... > > These mailscanners are part of a webhosting setup and handle mail for > about 2500+ different domains, I don't want to have to go update all > MX records everytime i want to add an additional server. Also some > people handle their own DNS records, so then it's a mission to send > out notifications and asking people to sort out their MX records. If you use solution 1, then everyone just has 1 MX record in their DNS records. And for any of your customers that have anything else, expand out their MX records into an equivalent set of A records for your cluster. You don't need them to change anything, do you? You might just have to make them all list an MX server in a DNS domain under your direct control. > > What I am looking at doing is keeping my current "external ip's" and > then having them nat into a cluster, but i want to know if I can run > mailscanner on something like an openmosix cluster, this way I can > just add servers to the cluster and not have to worry about additional > ip's and the updates that go with it. > > Dave > On 5/22/06, Julian Field wrote: >> Dave Strydom wrote: >> > Please excuse my ignorance, but can anyone point me in the right >> > direction of: >> > >> > a) is it possible to run MailScanner on a cluster >> Yes. >> > b) If so, can you please point me to some documentation so i can read >> > up on it please. >> It's very easy. >> At the simplest level, which actually works remarkably well considering >> how cheap the solution is, is this: >> >> Solution 1 >> =========== >> Create a new DNS record called mx.yourdomain.com and assign multiple >> 'A'records to it, one for each of the IP addresses used by your cluster >> of servers. >> Put a single 'MX' record in your domain's DNS records, pointing to >> "mx.yourdomain.com." (Don't forget the "." on the end). >> >> @ 10 IN MX mx.mydomain.com. >> mx IN A 192.168.99.101 >> IN A 192.168.99.102 >> IN A 192.168.99.103 >> IN A 192.168.99.104 >> IN A 192.168.99.105 >> >> It's as simple as that. The DNS lookups will rotate through the members >> of your cluster, spreading the messages (by quantity, not by size) >> across your cluster. >> >> Solution 2 >> =========== >> You can also do this by having multiple MX records all with the same >> priority number, each pointing to mx1, mx2, mx3, mx4 etc. >> >> @ 10 IN MX mx1.mydomain.com. >> 10 IN MX mx2.mydomain.com. >> 10 IN MX mx3.mydomain.com. >> 10 IN MX mx4.mydomain.com. >> 10 IN MX mx5.mydomain.com. >> mx1 IN A 192.168.99.101 >> mx2 IN A 192.168.99.102 >> mx3 IN A 192.168.99.103 >> mx4 IN A 192.168.99.104 >> mx5 IN A 192.168.99.105 >> >> Some people argue that this is better as it is more likely to deliver >> mail quicker when you take some of your servers out of action. They are >> possibly right. >> >> Solution 3 >> =========== >> You can also do this by spending a fortune on Cisco load balancers and >> have heartbeat monitoring systems, etc. But it won't make any big >> difference, but you will have a very expensive Cisco box to look after >> and a big hole in your bank balance. >> >> Again, can someone please put this in the Wiki for me? >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From res at ausics.net Mon May 22 21:13:15 2006 From: res at ausics.net (Res) Date: Mon May 22 21:13:24 2006 Subject: Laggy List Server?? In-Reply-To: References: Message-ID: On Mon, 22 May 2006, Drew Marshall wrote: > Is it me or is the list server some what laggy at the moment? > > Looks, on first inspection, to be 20 - 30 minutes from receipt of original to > explosion of the list and then delivery. Yep. Received: from bkserver.blacknight.ie (bkserver.blacknight.ie [127.0.0.1]) by bkserver.blacknight.ie (8.13.1/8.13.1) with ESMTP id k4MJwi3g031844; Mon, 22 May 2006 20:59:36 +0100 X-Mailman-Handler: $Id: mm-handler,v 1.2 2002/04/05 19:41:09 bwarsaw Exp $ Received: from cro-mx1.r-bit.net (cro-mx1.r-bit.net [84.92.197.220]) by bkserver.blacknight.ie (8.13.1/8.13.1) with ESMTP id k4MJP0U9028943 for ; Mon, 22 May 2006 20:25:00 +0100 And it's common amongst a few post headers I looked at... I wonder if list daddy has in his sendmail.mc define(`confSEPARATE_PROC',`True')dnl -- Cheers Res From MailScanner at ecs.soton.ac.uk Mon May 22 21:14:02 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 22 21:14:15 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <447211DF.6010801@pixelhammer.com> References: <446F8E53.5080407@ecs.soton.ac.uk> <4246CA63-E1E6-45B5-BD9C-435ECF5F99AA@ecs.soton.ac.uk> <4471FA21.4010307@pixelhammer.com> <44720556.3060307@ecs.soton.ac.uk> <447211DF.6010801@pixelhammer.com> Message-ID: <44721B8A.1080404@ecs.soton.ac.uk> DAve wrote: > Julian Field wrote: >> DAve wrote: >>> You would be welcome in Indiana, I can set you up with a tent, a >>> sleeping bag, a firepit, and a bottle of Scotch. You would have most >>> of 40 acres to yourself. You and the deer, racoons, foxes, coytes, >>> possums, horned owls, and the odd skunk or two ;^) >>> >>> Oh and you would of course get a wireless connection as well, if you >>> so choose. >> I was kinda hoping to be able to sleep somewhere with a roof :-) >> > > I was trying to offer the full experience! You are of course welcome > to an inside bed rather than fresh air and stars, but you can get that > anywhere ;^) You have a point. If it isn't too cold and it doesn't rain too much, then actually sleeping outside sounds good. Haven't slept under the stars in more years than I can remember. When I was little, I could never sleep when the house got hot in the summer (the UK doesn't have air con). So I spent every summer living in a tent in the middle of the back garden. Just me and a sleeping bag. It was great. It would be good to do it again, it's been too long :-) I could even bring my own sleeping bag these days. So the next step is to get together the best times of year to visit everyone and put a timetable together. So, what are your best, prettiest, loveliest times of year where each of you happen to live? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From res at ausics.net Mon May 22 21:17:12 2006 From: res at ausics.net (Res) Date: Mon May 22 21:17:19 2006 Subject: Getting pounded .. sigh In-Reply-To: References: <4471A70B.65ED.00A2.0@plattesheriff.org> Message-ID: On Mon, 22 May 2006, Kai Schaetzl wrote: >> Which is smtp1.wanadoo.co.uk and smtp2.wanadoo.co.uk > > It's an Internet access provider/Freemail provider of French origin who's wanadoo.co.uk|fr have been banned here for nearly 2 years because of their "we dont care if our users spam you" policy > them. Of course, it's possible that it's only spam coming from there, but > "wanadoo" per se is not a spammer and these are genuine SMTP servers for If they ignore/fail to act they are as good as a spammer themselves > their customers. AFAIK, their track record concerning abuse reaction is > not good to say the least hehehe like non existant :) -- Cheers Res From alex at nkpanama.com Mon May 22 21:24:22 2006 From: alex at nkpanama.com (Alex Neuman) Date: Mon May 22 21:24:44 2006 Subject: Getting pounded .. sigh In-Reply-To: References: <4471A70B.65ED.00A2.0@plattesheriff.org> Message-ID: <44721DF6.6040700@nkpanama.com> Kai Schaetzl wrote: > Rob Poe wrote on Mon, 22 May 2006 11:56:55 -0500: > > >> 193.252.22.157 >> 193.252.22.158 >> >> Which is smtp1.wanadoo.co.uk and smtp2.wanadoo.co.uk >> > > It's an Internet access provider/Freemail provider of French origin who's > obviously spanned to the UK (and some other countries). I don't see > nothing "bad" in your logs other than you seem to get a lot of mail from > them. Of course, it's possible that it's only spam coming from there, but > "wanadoo" per se is not a spammer and these are genuine SMTP servers for > their customers. AFAIK, their track record concerning abuse reaction is > not good to say the least > > Kai > > Since *most* of my clients have no problem in blocking wanadoo.*, I've resorted to whitelisting specific addresses and adding a URL to the rejection message sent my MTA specifying why we don't take e-mail from wanadoo networks. From MailScanner at ecs.soton.ac.uk Mon May 22 21:28:22 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 22 21:28:35 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <20060522205628.O67627@defjam.cc.strath.ac.uk> References: <4471FF77.7040107@ecs.soton.ac.uk> <20060522205628.O67627@defjam.cc.strath.ac.uk> Message-ID: <44721EE6.5090506@ecs.soton.ac.uk> Jethro R Binks wrote: > On Mon, 22 May 2006, Dave Strydom wrote: > > >> South Africa from November until February, and ask any person who has >> come to South Africa, we have the nicest woman in the world :) >> > > Hmm. She must be very tired. > > You're welcome to visit us in Glasgow, Julian, but I suspect that's not > the best offer you'll get. > I've sprinted between the 2 mainline stations once, carrying a 42-pound pack and wearing walking boots, to catch a train. But haven't seen much of it otherwise. But as I remember it was raining at the time. Is that common? :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From alex at nkpanama.com Mon May 22 21:35:42 2006 From: alex at nkpanama.com (Alex Neuman) Date: Mon May 22 21:35:58 2006 Subject: Laggy List Server?? In-Reply-To: References: Message-ID: <4472209E.6090307@nkpanama.com> Res wrote: > > And it's common amongst a few post headers I looked at... > I wonder if list daddy has in his sendmail.mc > define(`confSEPARATE_PROC',`True')dnl > > Just for curiosity's sake, what does that do, exactly? From alex at nkpanama.com Mon May 22 21:42:32 2006 From: alex at nkpanama.com (Alex Neuman) Date: Mon May 22 21:42:52 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <44721B8A.1080404@ecs.soton.ac.uk> References: <446F8E53.5080407@ecs.soton.ac.uk> <4246CA63-E1E6-45B5-BD9C-435ECF5F99AA@ecs.soton.ac.uk> <4471FA21.4010307@pixelhammer.com> <44720556.3060307@ecs.soton.ac.uk> <447211DF.6010801@pixelhammer.com> <44721B8A.1080404@ecs.soton.ac.uk> Message-ID: <44722238.7060408@nkpanama.com> Julian Field wrote: > So the next step is to get together the best times of year to visit > everyone and put a timetable together. > > So, what are your best, prettiest, loveliest times of year where each > of you happen to live? > Panama's lovely in the dry season. It happens to coincide with what you blokes call "Winter and the first half of spring", so it works out rather nicely. For more info http://www.visitpanama.com/ - or call +507 214-9002 (my office) if you find yourself mysteriously teleported here after being abducted by aliens. :-) From jd at bentecmed.com Mon May 22 21:46:16 2006 From: jd at bentecmed.com (JD Doelitzsch) Date: Mon May 22 21:51:59 2006 Subject: DNS slowing down 220? In-Reply-To: <446A56B9.4040102@nkpanama.com> Message-ID: -----Original Message----- Is there a way to stop DNS lookups to test this? everything in the resolv.conf is a valid dns server... -JD From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Alex Neuman Sent: Tuesday, May 16, 2006 2:48 PM To: MailScanner discussion Subject: Re: (no subject) JD Doelitzsch escribi?: > Just a General question here. If im not using the delay feature on MS and > its still taking about 15-20 secs to get the 220 which is causing a timeout > in some instances, and im using a P3 box. That means get a new box right? > > > > Could be that you haven't implemented a caching DNS server and whoever you have in /etc/resolv.conf is not answering right away. When someone connects to your MTA it's probably going to try and resolve the name of the IP address connecting to it, hence the delay. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Mon May 22 22:03:56 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon May 22 22:04:34 2006 Subject: Laggy List Server?? In-Reply-To: <4472209E.6090307@nkpanama.com> References: <4472209E.6090307@nkpanama.com> Message-ID: Alex Neuman spake the following on 5/22/2006 1:35 PM: > Res wrote: >> >> And it's common amongst a few post headers I looked at... >> I wonder if list daddy has in his sendmail.mc >> define(`confSEPARATE_PROC',`True')dnl >> >> > > Just for curiosity's sake, what does that do, exactly? http://www.faqs.org/docs/linux_network/x15220.html "A link is worth a thousand words" -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From gborders at jlewiscooper.com Mon May 22 22:16:48 2006 From: gborders at jlewiscooper.com (Greg Borders) Date: Mon May 22 22:17:34 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <44722238.7060408@nkpanama.com> References: <446F8E53.5080407@ecs.soton.ac.uk> <4246CA63-E1E6-45B5-BD9C-435ECF5F99AA@ecs.soton.ac.uk> <4471FA21.4010307@pixelhammer.com> <44720556.3060307@ecs.soton.ac.uk> <447211DF.6010801@pixelhammer.com> <44721B8A.1080404@ecs.soton.ac.uk> <44722238.7060408@nkpanama.com> Message-ID: <44722A40.8070304@jlewiscooper.com> Alex Neuman wrote: > Julian Field wrote: >> So the next step is to get together the best times of year to visit >> everyone and put a timetable together. >> >> So, what are your best, prettiest, loveliest times of year where each >> of you happen to live? >> > Panama's lovely in the dry season. It happens to coincide with what > you blokes call "Winter and the first half of spring", so it works out > rather nicely. > > > For more info http://www.visitpanama.com/ - or call +507 214-9002 (my > office) if you find yourself mysteriously teleported here after being > abducted by aliens. :-) In that case, Julian it's better to be insured against such risks. You never know what kind of probing will take place... http://www.ufo2001.com/ And weather here in S.E. Michigan is lovely June-Oct. ^_^ -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Mon May 22 22:34:19 2006 From: alex at nkpanama.com (Alex Neuman) Date: Mon May 22 22:36:19 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <44722A40.8070304@jlewiscooper.com> References: <446F8E53.5080407@ecs.soton.ac.uk> <4246CA63-E1E6-45B5-BD9C-435ECF5F99AA@ecs.soton.ac.uk> <4471FA21.4010307@pixelhammer.com> <44720556.3060307@ecs.soton.ac.uk> <447211DF.6010801@pixelhammer.com> <44721B8A.1080404@ecs.soton.ac.uk> <44722238.7060408@nkpanama.com> <44722A40.8070304@jlewiscooper.com> Message-ID: <44722E5B.5000107@nkpanama.com> Greg Borders wrote: > > > Alex Neuman wrote: >> >> For more info http://www.visitpanama.com/ - or call +507 214-9002 (my >> office) if you find yourself mysteriously teleported here after being >> abducted by aliens. :-) > In that case, Julian it's better to be insured against such risks. > You never know what kind of probing will take place... > http://www.ufo2001.com/ In any case, you can talk to Panama's own Kevin Bradley at http://www.panamakevin.com/ - he'll get you covered for *anything*. From jethro.binks at strath.ac.uk Mon May 22 22:57:38 2006 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Mon May 22 22:57:41 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <44721EE6.5090506@ecs.soton.ac.uk> References: <4471FF77.7040107@ecs.soton.ac.uk> <20060522205628.O67627@defjam.cc.strath.ac.uk> <44721EE6.5090506@ecs.soton.ac.uk> Message-ID: <20060522225510.N67627@defjam.cc.strath.ac.uk> On Mon, 22 May 2006, Julian Field wrote: > > You're welcome to visit us in Glasgow, Julian, but I suspect that's > > not the best offer you'll get. > > > I've sprinted between the 2 mainline stations once, carrying a 42-pound > pack and wearing walking boots, to catch a train. But haven't seen much > of it otherwise. > > But as I remember it was raining at the time. Is that common? :-) It's about par for the course. Which is just as well, because you probably don't want to see most people from these parts in skimpy clothing basking in the sun. One needs a strong constitution for that, and it takes a few years to build it up. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From ssilva at sgvwater.com Mon May 22 23:46:22 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon May 22 23:46:29 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <44722A40.8070304@jlewiscooper.com> References: <446F8E53.5080407@ecs.soton.ac.uk> <4246CA63-E1E6-45B5-BD9C-435ECF5F99AA@ecs.soton.ac.uk> <4471FA21.4010307@pixelhammer.com> <44720556.3060307@ecs.soton.ac.uk> <447211DF.6010801@pixelhammer.com> <44721B8A.1080404@ecs.soton.ac.uk> <44722238.7060408@nkpanama.com> <44722A40.8070304@jlewiscooper.com> Message-ID: Greg Borders spake the following on 5/22/2006 2:16 PM: > > > Alex Neuman wrote: >> Julian Field wrote: >>> So the next step is to get together the best times of year to visit >>> everyone and put a timetable together. >>> >>> So, what are your best, prettiest, loveliest times of year where each >>> of you happen to live? >>> >> Panama's lovely in the dry season. It happens to coincide with what >> you blokes call "Winter and the first half of spring", so it works out >> rather nicely. >> >> >> For more info http://www.visitpanama.com/ - or call +507 214-9002 (my >> office) if you find yourself mysteriously teleported here after being >> abducted by aliens. :-) > In that case, Julian it's better to be insured against such risks. You > never know what kind of probing will take place... http://www.ufo2001.com/ And the aliens probably aren't the cute ones that Captain Kirk was always sleeping with! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From matt at coders.co.uk Mon May 22 23:59:07 2006 From: matt at coders.co.uk (Matt Hampton) Date: Mon May 22 23:59:11 2006 Subject: Getting pounded .. sigh In-Reply-To: References: <4471A70B.65ED.00A2.0@plattesheriff.org> Message-ID: <4472423B.6010801@coders.co.uk> Res wrote: > wanadoo.co.uk|fr have been banned here for nearly 2 years because of their > "we dont care if our users spam you" policy This is one of the reasons why I have patched my M4 code for the dnsbl. It now returns a temp_fail error rather than a reject. A good system that has been temporarily listed - e.g. bounces going in to spamcop - will be removed from from the black list and will then get delivered (obviously this relies on a good sysadmin removing the crud from their spools). Bad sysadmins pay for trying spam me by keeping their crud on disk for 5 days. Down side is that I get more connection attempts but I prefer this to a straight forward reject. matt From Kevin_Miller at ci.juneau.ak.us Tue May 23 00:02:18 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue May 23 00:02:22 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! Message-ID: Julian Field wrote: > So, what are your best, prettiest, loveliest times of year where each > of you happen to live? All relative of course. Nicest months tend to be May - mid July, but the best fishing is August-Sept. Just have to endure a little liquid sunshine. We can have some really nice days though - it got up into the high 80s low 90s last August. What's that, 20 to 25 Cel? Set some records I think. If you like skiing, March is probably the best bet. It can be beautiful up on the slopes, or it can be suck big time, it's kind of hit and miss. S'later... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From michele at blacknight.ie Tue May 23 00:23:34 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Tue May 23 00:23:39 2006 Subject: Laggy List Server?? In-Reply-To: References: Message-ID: <447247F6.3000107@blacknight.ie> We'll look into it Was it behaving properly up until today? -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From alex at nkpanama.com Tue May 23 00:29:41 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue May 23 00:29:58 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: References: <446F8E53.5080407@ecs.soton.ac.uk> <4246CA63-E1E6-45B5-BD9C-435ECF5F99AA@ecs.soton.ac.uk> <4471FA21.4010307@pixelhammer.com> <44720556.3060307@ecs.soton.ac.uk> <447211DF.6010801@pixelhammer.com> <44721B8A.1080404@ecs.soton.ac.uk> <44722238.7060408@nkpanama.com> <44722A40.8070304@jlewiscooper.com> Message-ID: <44724965.3050202@nkpanama.com> Scott Silva wrote: > >> know what kind of probing will take place... http://www.ufo2001.com/ >> > And the aliens probably aren't the cute ones that Captain Kirk was always > sleeping with! Or Riker, for that matter... :-) From michele at blacknight.ie Tue May 23 00:34:27 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Tue May 23 00:34:32 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: References: Message-ID: <44724A83.8090108@blacknight.ie> Kevin Miller wrote: > Julian Field wrote: > >> So, what are your best, prettiest, loveliest times of year where each >> of you happen to live? Those brief moments between rain showers ..... -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From alex at nkpanama.com Tue May 23 02:08:11 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue May 23 02:09:09 2006 Subject: Getting pounded .. sigh In-Reply-To: <4472423B.6010801@coders.co.uk> References: <4471A70B.65ED.00A2.0@plattesheriff.org> <4472423B.6010801@coders.co.uk> Message-ID: <4472607B.1020406@nkpanama.com> Matt Hampton wrote: > Res wrote: > >> wanadoo.co.uk|fr have been banned here for nearly 2 years because of their >> "we dont care if our users spam you" policy >> > > This is one of the reasons why I have patched my M4 code for the dnsbl. > It now returns a temp_fail error rather than a reject. > > Can you list the modifications you did? From matt at coders.co.uk Tue May 23 07:15:30 2006 From: matt at coders.co.uk (Matt Hampton) Date: Tue May 23 07:15:28 2006 Subject: Getting pounded .. sigh In-Reply-To: <4472607B.1020406@nkpanama.com> References: <4471A70B.65ED.00A2.0@plattesheriff.org> <4472423B.6010801@coders.co.uk> <4472607B.1020406@nkpanama.com> Message-ID: <4472A882.1050108@coders.co.uk> Alex Neuman van der Hans wrote: > Matt Hampton wrote: >> Res wrote: >> >>> wanadoo.co.uk|fr have been banned here for nearly 2 years because of >>> their >>> "we dont care if our users spam you" policy >>> >> >> This is one of the reasons why I have patched my M4 code for the dnsbl. >> It now returns a temp_fail error rather than a reject. >> >> > Can you list the modifications you did? 23c22 < define(`_DNSBL_MSG_', `ifelse(len(X`'_ARG2_),`1',`"550 Rejected: " $`'&{client_addr} " listed at '_DNSBL_SRV_`"',`_ARG2_')')dnl --- > define(`_DNSBL_MSG_', `ifelse(len(X`'_ARG2_),`1',`"451 Rejected: " $`'&{client_addr} " listed at '_DNSBL_SRV_` come back when you have your server sorted"',`_ARG2_')')dnl 32,33c31,32 < `R$+ $#error $@ 4.4.3 $: _DNSBL_MSG_TMP_') < R$+ $#error $@ 5.7.1 $: _DNSBL_MSG_ --- > `R$+ $#error $@ 4.7.1 $: _DNSBL_MSG_TMP_') > R$+ $#error $@ 4.7.1 $: _DNSBL_MSG_ There is probably a neater way of doing it but I ending up editing my dnsbl.m4 file in /usr/share/sendmail-cf/feature matt From strydom.dave at gmail.com Tue May 23 08:14:32 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Tue May 23 08:14:35 2006 Subject: MailScanner on a cluster In-Reply-To: <44721AA9.6050702@ecs.soton.ac.uk> References: <447204B1.4070400@ecs.soton.ac.uk> <44721AA9.6050702@ecs.soton.ac.uk> Message-ID: At the moment i have something like this: @ On 5/22/06, Julian Field wrote: > > > Dave Strydom wrote: > > Julian, > > > > I'm already using the DNS round-robin system of both solution 1 and > > solution 2, there is just one problem... > > > > These mailscanners are part of a webhosting setup and handle mail for > > about 2500+ different domains, I don't want to have to go update all > > MX records everytime i want to add an additional server. Also some > > people handle their own DNS records, so then it's a mission to send > > out notifications and asking people to sort out their MX records. > If you use solution 1, then everyone just has 1 MX record in their DNS > records. > > And for any of your customers that have anything else, expand out their > MX records into an equivalent set of A records for your cluster. You > don't need them to change anything, do you? You might just have to make > them all list an MX server in a DNS domain under your direct control. > > > > What I am looking at doing is keeping my current "external ip's" and > > then having them nat into a cluster, but i want to know if I can run > > mailscanner on something like an openmosix cluster, this way I can > > just add servers to the cluster and not have to worry about additional > > ip's and the updates that go with it. > > > > Dave > > On 5/22/06, Julian Field wrote: > >> Dave Strydom wrote: > >> > Please excuse my ignorance, but can anyone point me in the right > >> > direction of: > >> > > >> > a) is it possible to run MailScanner on a cluster > >> Yes. > >> > b) If so, can you please point me to some documentation so i can read > >> > up on it please. > >> It's very easy. > >> At the simplest level, which actually works remarkably well considering > >> how cheap the solution is, is this: > >> > >> Solution 1 > >> =========== > >> Create a new DNS record called mx.yourdomain.com and assign multiple > >> 'A'records to it, one for each of the IP addresses used by your cluster > >> of servers. > >> Put a single 'MX' record in your domain's DNS records, pointing to > >> "mx.yourdomain.com." (Don't forget the "." on the end). > >> > >> @ 10 IN MX mx.mydomain.com. > >> mx IN A 192.168.99.101 > >> IN A 192.168.99.102 > >> IN A 192.168.99.103 > >> IN A 192.168.99.104 > >> IN A 192.168.99.105 > >> > >> It's as simple as that. The DNS lookups will rotate through the members > >> of your cluster, spreading the messages (by quantity, not by size) > >> across your cluster. > >> > >> Solution 2 > >> =========== > >> You can also do this by having multiple MX records all with the same > >> priority number, each pointing to mx1, mx2, mx3, mx4 etc. > >> > >> @ 10 IN MX mx1.mydomain.com. > >> 10 IN MX mx2.mydomain.com. > >> 10 IN MX mx3.mydomain.com. > >> 10 IN MX mx4.mydomain.com. > >> 10 IN MX mx5.mydomain.com. > >> mx1 IN A 192.168.99.101 > >> mx2 IN A 192.168.99.102 > >> mx3 IN A 192.168.99.103 > >> mx4 IN A 192.168.99.104 > >> mx5 IN A 192.168.99.105 > >> > >> Some people argue that this is better as it is more likely to deliver > >> mail quicker when you take some of your servers out of action. They are > >> possibly right. > >> > >> Solution 3 > >> =========== > >> You can also do this by spending a fortune on Cisco load balancers and > >> have heartbeat monitoring systems, etc. But it won't make any big > >> difference, but you will have a very expensive Cisco box to look after > >> and a big hole in your bank balance. > >> > >> Again, can someone please put this in the Wiki for me? > >> > >> -- > >> Julian Field > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> Professional Support Services at www.MailScanner.biz > >> MailScanner thanks transtec Computers for their support > >> > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> MailScanner thanks transtec Computers for their support. > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From strydom.dave at gmail.com Tue May 23 08:22:36 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Tue May 23 08:22:40 2006 Subject: MailScanner on a cluster In-Reply-To: References: <447204B1.4070400@ecs.soton.ac.uk> <44721AA9.6050702@ecs.soton.ac.uk> Message-ID: DAMNIT, gmail doesnt like the tab key... anyways, i have for example this: @ IN MX 10 smtp.mailserver.com. IN MX 20 smtp2.mailserver.com. then in the mailserver.com zone file i have: smtp IN A 192.168.0.146 IN A 192.168.0.162 smtp2 IN A 172.172.0.251 IN A 172.172.0.251 The smtp2 record isn't what i am concerned about, what I want to do is find a way to keep the MX and A records exactly the way they are. You see, the two mailservers for smtp.mailserver.com sit inside a DMZ, now I want to add more servers to process the mail, but i dont want to increase the amount of IP's or DNS records. I think the only way i am going to get this right is to put them behind a cisco and get the cisco to do the load balancing, but what I am trying to establish is if its possible to setup MailScanner in Mosix type setup, where the load is distributed amount the servers. I fully understand the way of doing it via DNS, but i want to try avoid that way. Dave On 5/23/06, Dave Strydom wrote: > At the moment i have something like this: > > > @ > > On 5/22/06, Julian Field wrote: > > > > > > Dave Strydom wrote: > > > Julian, > > > > > > I'm already using the DNS round-robin system of both solution 1 and > > > solution 2, there is just one problem... > > > > > > These mailscanners are part of a webhosting setup and handle mail for > > > about 2500+ different domains, I don't want to have to go update all > > > MX records everytime i want to add an additional server. Also some > > > people handle their own DNS records, so then it's a mission to send > > > out notifications and asking people to sort out their MX records. > > If you use solution 1, then everyone just has 1 MX record in their DNS > > records. > > > > And for any of your customers that have anything else, expand out their > > MX records into an equivalent set of A records for your cluster. You > > don't need them to change anything, do you? You might just have to make > > them all list an MX server in a DNS domain under your direct control. > > > > > > What I am looking at doing is keeping my current "external ip's" and > > > then having them nat into a cluster, but i want to know if I can run > > > mailscanner on something like an openmosix cluster, this way I can > > > just add servers to the cluster and not have to worry about additional > > > ip's and the updates that go with it. > > > > > > Dave > > > On 5/22/06, Julian Field wrote: > > >> Dave Strydom wrote: > > >> > Please excuse my ignorance, but can anyone point me in the right > > >> > direction of: > > >> > > > >> > a) is it possible to run MailScanner on a cluster > > >> Yes. > > >> > b) If so, can you please point me to some documentation so i can read > > >> > up on it please. > > >> It's very easy. > > >> At the simplest level, which actually works remarkably well considering > > >> how cheap the solution is, is this: > > >> > > >> Solution 1 > > >> =========== > > >> Create a new DNS record called mx.yourdomain.com and assign multiple > > >> 'A'records to it, one for each of the IP addresses used by your cluster > > >> of servers. > > >> Put a single 'MX' record in your domain's DNS records, pointing to > > >> "mx.yourdomain.com." (Don't forget the "." on the end). > > >> > > >> @ 10 IN MX mx.mydomain.com. > > >> mx IN A 192.168.99.101 > > >> IN A 192.168.99.102 > > >> IN A 192.168.99.103 > > >> IN A 192.168.99.104 > > >> IN A 192.168.99.105 > > >> > > >> It's as simple as that. The DNS lookups will rotate through the members > > >> of your cluster, spreading the messages (by quantity, not by size) > > >> across your cluster. > > >> > > >> Solution 2 > > >> =========== > > >> You can also do this by having multiple MX records all with the same > > >> priority number, each pointing to mx1, mx2, mx3, mx4 etc. > > >> > > >> @ 10 IN MX mx1.mydomain.com. > > >> 10 IN MX mx2.mydomain.com. > > >> 10 IN MX mx3.mydomain.com. > > >> 10 IN MX mx4.mydomain.com. > > >> 10 IN MX mx5.mydomain.com. > > >> mx1 IN A 192.168.99.101 > > >> mx2 IN A 192.168.99.102 > > >> mx3 IN A 192.168.99.103 > > >> mx4 IN A 192.168.99.104 > > >> mx5 IN A 192.168.99.105 > > >> > > >> Some people argue that this is better as it is more likely to deliver > > >> mail quicker when you take some of your servers out of action. They are > > >> possibly right. > > >> > > >> Solution 3 > > >> =========== > > >> You can also do this by spending a fortune on Cisco load balancers and > > >> have heartbeat monitoring systems, etc. But it won't make any big > > >> difference, but you will have a very expensive Cisco box to look after > > >> and a big hole in your bank balance. > > >> > > >> Again, can someone please put this in the Wiki for me? > > >> > > >> -- > > >> Julian Field > > >> www.MailScanner.info > > >> Buy the MailScanner book at www.MailScanner.info/store > > >> Professional Support Services at www.MailScanner.biz > > >> MailScanner thanks transtec Computers for their support > > >> > > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >> > > >> > > >> -- > > >> This message has been scanned for viruses and > > >> dangerous content by MailScanner, and is > > >> believed to be clean. > > >> MailScanner thanks transtec Computers for their support. > > >> > > >> -- > > >> MailScanner mailing list > > >> mailscanner@lists.mailscanner.info > > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > > >> > > >> Before posting, read http://wiki.mailscanner.info/posting > > >> > > >> Support MailScanner development - buy the book off the website! > > >> > > > > -- > > Julian Field > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > MailScanner thanks transtec Computers for their support. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > From strydom.dave at gmail.com Tue May 23 08:29:57 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Tue May 23 08:30:00 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <447219B1.2070101@nkpanama.com> References: <4471FF77.7040107@ecs.soton.ac.uk> <447219B1.2070101@nkpanama.com> Message-ID: Charlize - hahahaha, she is one of the ugly ones :( and besides she comes from "Benoni (as she mentioned in her oscar speech)" Benoni is like the hill billy central of south africa... its the arkansas of south africa :( Dave On 5/22/06, Alex Neuman wrote: > Dave Strydom wrote: > > South Africa from November until February, and ask any person who has > > come to South Africa, we have the nicest woman in the world :) > > > You mean Charlize? > > Dave From strydom.dave at gmail.com Tue May 23 08:31:04 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Tue May 23 08:31:08 2006 Subject: MailScanner on a cluster In-Reply-To: References: <447204B1.4070400@ecs.soton.ac.uk> <44721AA9.6050702@ecs.soton.ac.uk> Message-ID: my last reply to this got picked up as same :( Dave On 5/23/06, Dave Strydom wrote: > DAMNIT, gmail doesnt like the tab key... > > anyways, i have for example this: > > @ IN MX 10 smtp.mailserver.com. > IN MX 20 smtp2.mailserver.com. > > > then in the mailserver.com zone file i have: > > smtp IN A 192.168.0.146 > IN A 192.168.0.162 > > smtp2 IN A 172.172.0.251 > IN A 172.172.0.251 > > > > The smtp2 record isn't what i am concerned about, what I want to do is > find a way to keep the MX and A records exactly the way they are. > > > You see, the two mailservers for smtp.mailserver.com sit inside a DMZ, > now I want to add more servers to process the mail, but i dont want to > increase the amount of IP's or DNS records. > > I think the only way i am going to get this right is to put them > behind a cisco and get the cisco to do the load balancing, but what I > am trying to establish is if its possible to setup MailScanner in > Mosix type setup, where the load is distributed amount the servers. > > I fully understand the way of doing it via DNS, but i want to try > avoid that way. > > > Dave > > On 5/23/06, Dave Strydom wrote: > > At the moment i have something like this: > > > > > > @ > > > > On 5/22/06, Julian Field wrote: > > > > > > > > > Dave Strydom wrote: > > > > Julian, > > > > > > > > I'm already using the DNS round-robin system of both solution 1 and > > > > solution 2, there is just one problem... > > > > > > > > These mailscanners are part of a webhosting setup and handle mail for > > > > about 2500+ different domains, I don't want to have to go update all > > > > MX records everytime i want to add an additional server. Also some > > > > people handle their own DNS records, so then it's a mission to send > > > > out notifications and asking people to sort out their MX records. > > > If you use solution 1, then everyone just has 1 MX record in their DNS > > > records. > > > > > > And for any of your customers that have anything else, expand out their > > > MX records into an equivalent set of A records for your cluster. You > > > don't need them to change anything, do you? You might just have to make > > > them all list an MX server in a DNS domain under your direct control. > > > > > > > > What I am looking at doing is keeping my current "external ip's" and > > > > then having them nat into a cluster, but i want to know if I can run > > > > mailscanner on something like an openmosix cluster, this way I can > > > > just add servers to the cluster and not have to worry about additional > > > > ip's and the updates that go with it. > > > > > > > > Dave > > > > On 5/22/06, Julian Field wrote: > > > >> Dave Strydom wrote: > > > >> > Please excuse my ignorance, but can anyone point me in the right > > > >> > direction of: > > > >> > > > > >> > a) is it possible to run MailScanner on a cluster > > > >> Yes. > > > >> > b) If so, can you please point me to some documentation so i can read > > > >> > up on it please. > > > >> It's very easy. > > > >> At the simplest level, which actually works remarkably well considering > > > >> how cheap the solution is, is this: > > > >> > > > >> Solution 1 > > > >> =========== > > > >> Create a new DNS record called mx.yourdomain.com and assign multiple > > > >> 'A'records to it, one for each of the IP addresses used by your cluster > > > >> of servers. > > > >> Put a single 'MX' record in your domain's DNS records, pointing to > > > >> "mx.yourdomain.com." (Don't forget the "." on the end). > > > >> > > > >> @ 10 IN MX mx.mydomain.com. > > > >> mx IN A 192.168.99.101 > > > >> IN A 192.168.99.102 > > > >> IN A 192.168.99.103 > > > >> IN A 192.168.99.104 > > > >> IN A 192.168.99.105 > > > >> > > > >> It's as simple as that. The DNS lookups will rotate through the members > > > >> of your cluster, spreading the messages (by quantity, not by size) > > > >> across your cluster. > > > >> > > > >> Solution 2 > > > >> =========== > > > >> You can also do this by having multiple MX records all with the same > > > >> priority number, each pointing to mx1, mx2, mx3, mx4 etc. > > > >> > > > >> @ 10 IN MX mx1.mydomain.com. > > > >> 10 IN MX mx2.mydomain.com. > > > >> 10 IN MX mx3.mydomain.com. > > > >> 10 IN MX mx4.mydomain.com. > > > >> 10 IN MX mx5.mydomain.com. > > > >> mx1 IN A 192.168.99.101 > > > >> mx2 IN A 192.168.99.102 > > > >> mx3 IN A 192.168.99.103 > > > >> mx4 IN A 192.168.99.104 > > > >> mx5 IN A 192.168.99.105 > > > >> > > > >> Some people argue that this is better as it is more likely to deliver > > > >> mail quicker when you take some of your servers out of action. They are > > > >> possibly right. > > > >> > > > >> Solution 3 > > > >> =========== > > > >> You can also do this by spending a fortune on Cisco load balancers and > > > >> have heartbeat monitoring systems, etc. But it won't make any big > > > >> difference, but you will have a very expensive Cisco box to look after > > > >> and a big hole in your bank balance. > > > >> > > > >> Again, can someone please put this in the Wiki for me? > > > >> > > > >> -- > > > >> Julian Field > > > >> www.MailScanner.info > > > >> Buy the MailScanner book at www.MailScanner.info/store > > > >> Professional Support Services at www.MailScanner.biz > > > >> MailScanner thanks transtec Computers for their support > > > >> > > > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > >> > > > >> > > > >> -- > > > >> This message has been scanned for viruses and > > > >> dangerous content by MailScanner, and is > > > >> believed to be clean. > > > >> MailScanner thanks transtec Computers for their support. > > > >> > > > >> -- > > > >> MailScanner mailing list > > > >> mailscanner@lists.mailscanner.info > > > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > >> > > > >> Before posting, read http://wiki.mailscanner.info/posting > > > >> > > > >> Support MailScanner development - buy the book off the website! > > > >> > > > > > > -- > > > Julian Field > > > www.MailScanner.info > > > Buy the MailScanner book at www.MailScanner.info/store > > > Professional Support Services at www.MailScanner.biz > > > MailScanner thanks transtec Computers for their support > > > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > > believed to be clean. > > > MailScanner thanks transtec Computers for their support. > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > From MailScanner at ecs.soton.ac.uk Tue May 23 08:34:17 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 23 08:34:37 2006 Subject: MailScanner on a cluster In-Reply-To: References: <447204B1.4070400@ecs.soton.ac.uk> <44721AA9.6050702@ecs.soton.ac.uk> Message-ID: <09A4E2E4-90DA-45DE-857E-60AFC6D3FD54@ecs.soton.ac.uk> I have never tried building it into a true compute cluster, but I do know people who have used Cisco load balancers with considerable success. Sorry, never played with Mosix (not in the last 10 years, at least, I did some compute cluster work before that). On 23 May 2006, at 08:22, Dave Strydom wrote: > DAMNIT, gmail doesnt like the tab key... > > anyways, i have for example this: > > @ IN MX 10 smtp.mailserver.com. > IN MX 20 smtp2.mailserver.com. > > > then in the mailserver.com zone file i have: > > smtp IN A 192.168.0.146 > IN A 192.168.0.162 > > smtp2 IN A 172.172.0.251 > IN A 172.172.0.251 > > > > The smtp2 record isn't what i am concerned about, what I want to do is > find a way to keep the MX and A records exactly the way they are. > > > You see, the two mailservers for smtp.mailserver.com sit inside a DMZ, > now I want to add more servers to process the mail, but i dont want to > increase the amount of IP's or DNS records. > > I think the only way i am going to get this right is to put them > behind a cisco and get the cisco to do the load balancing, but what I > am trying to establish is if its possible to setup MailScanner in > Mosix type setup, where the load is distributed amount the servers. > > I fully understand the way of doing it via DNS, but i want to try > avoid that way. > > > Dave > > On 5/23/06, Dave Strydom wrote: >> At the moment i have something like this: >> >> >> @ >> >> On 5/22/06, Julian Field wrote: >> > >> > >> > Dave Strydom wrote: >> > > Julian, >> > > >> > > I'm already using the DNS round-robin system of both solution >> 1 and >> > > solution 2, there is just one problem... >> > > >> > > These mailscanners are part of a webhosting setup and handle >> mail for >> > > about 2500+ different domains, I don't want to have to go >> update all >> > > MX records everytime i want to add an additional server. Also >> some >> > > people handle their own DNS records, so then it's a mission to >> send >> > > out notifications and asking people to sort out their MX records. >> > If you use solution 1, then everyone just has 1 MX record in >> their DNS >> > records. >> > >> > And for any of your customers that have anything else, expand >> out their >> > MX records into an equivalent set of A records for your cluster. >> You >> > don't need them to change anything, do you? You might just have >> to make >> > them all list an MX server in a DNS domain under your direct >> control. >> > > >> > > What I am looking at doing is keeping my current "external >> ip's" and >> > > then having them nat into a cluster, but i want to know if I >> can run >> > > mailscanner on something like an openmosix cluster, this way I >> can >> > > just add servers to the cluster and not have to worry about >> additional >> > > ip's and the updates that go with it. >> > > >> > > Dave >> > > On 5/22/06, Julian Field wrote: >> > >> Dave Strydom wrote: >> > >> > Please excuse my ignorance, but can anyone point me in the >> right >> > >> > direction of: >> > >> > >> > >> > a) is it possible to run MailScanner on a cluster >> > >> Yes. >> > >> > b) If so, can you please point me to some documentation so >> i can read >> > >> > up on it please. >> > >> It's very easy. >> > >> At the simplest level, which actually works remarkably well >> considering >> > >> how cheap the solution is, is this: >> > >> >> > >> Solution 1 >> > >> =========== >> > >> Create a new DNS record called mx.yourdomain.com and assign >> multiple >> > >> 'A'records to it, one for each of the IP addresses used by >> your cluster >> > >> of servers. >> > >> Put a single 'MX' record in your domain's DNS records, >> pointing to >> > >> "mx.yourdomain.com." (Don't forget the "." on the end). >> > >> >> > >> @ 10 IN MX mx.mydomain.com. >> > >> mx IN A 192.168.99.101 >> > >> IN A 192.168.99.102 >> > >> IN A 192.168.99.103 >> > >> IN A 192.168.99.104 >> > >> IN A 192.168.99.105 >> > >> >> > >> It's as simple as that. The DNS lookups will rotate through >> the members >> > >> of your cluster, spreading the messages (by quantity, not by >> size) >> > >> across your cluster. >> > >> >> > >> Solution 2 >> > >> =========== >> > >> You can also do this by having multiple MX records all with >> the same >> > >> priority number, each pointing to mx1, mx2, mx3, mx4 etc. >> > >> >> > >> @ 10 IN MX mx1.mydomain.com. >> > >> 10 IN MX mx2.mydomain.com. >> > >> 10 IN MX mx3.mydomain.com. >> > >> 10 IN MX mx4.mydomain.com. >> > >> 10 IN MX mx5.mydomain.com. >> > >> mx1 IN A 192.168.99.101 >> > >> mx2 IN A 192.168.99.102 >> > >> mx3 IN A 192.168.99.103 >> > >> mx4 IN A 192.168.99.104 >> > >> mx5 IN A 192.168.99.105 >> > >> >> > >> Some people argue that this is better as it is more likely to >> deliver >> > >> mail quicker when you take some of your servers out of >> action. They are >> > >> possibly right. >> > >> >> > >> Solution 3 >> > >> =========== >> > >> You can also do this by spending a fortune on Cisco load >> balancers and >> > >> have heartbeat monitoring systems, etc. But it won't make any >> big >> > >> difference, but you will have a very expensive Cisco box to >> look after >> > >> and a big hole in your bank balance. >> > >> >> > >> Again, can someone please put this in the Wiki for me? >> > >> >> > >> -- >> > >> Julian Field >> > >> www.MailScanner.info >> > >> Buy the MailScanner book at www.MailScanner.info/store >> > >> Professional Support Services at www.MailScanner.biz >> > >> MailScanner thanks transtec Computers for their support >> > >> >> > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> > >> >> > >> >> > >> -- >> > >> This message has been scanned for viruses and >> > >> dangerous content by MailScanner, and is >> > >> believed to be clean. >> > >> MailScanner thanks transtec Computers for their support. >> > >> >> > >> -- >> > >> MailScanner mailing list >> > >> mailscanner@lists.mailscanner.info >> > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> >> > >> Before posting, read http://wiki.mailscanner.info/posting >> > >> >> > >> Support MailScanner development - buy the book off the website! >> > >> >> > >> > -- >> > Julian Field >> > www.MailScanner.info >> > Buy the MailScanner book at www.MailScanner.info/store >> > Professional Support Services at www.MailScanner.biz >> > MailScanner thanks transtec Computers for their support >> > >> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> > >> > >> > -- >> > This message has been scanned for viruses and >> > dangerous content by MailScanner, and is >> > believed to be clean. >> > MailScanner thanks transtec Computers for their support. >> > >> > -- >> > MailScanner mailing list >> > mailscanner@lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> > >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From strydom.dave at gmail.com Tue May 23 08:38:54 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Tue May 23 08:38:57 2006 Subject: MailScanner on a cluster In-Reply-To: References: <447204B1.4070400@ecs.soton.ac.uk> <44721AA9.6050702@ecs.soton.ac.uk> Message-ID: my last reply got picked up as spam and was legit :( it even got a score of 9/7 Dave From dhawal at netmagicsolutions.com Tue May 23 08:50:08 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue May 23 08:50:16 2006 Subject: MailScanner on a cluster In-Reply-To: References: <447204B1.4070400@ecs.soton.ac.uk> <44721AA9.6050702@ecs.soton.ac.uk> Message-ID: <4472BEB0.5030405@netmagicsolutions.com> Dave Strydom wrote: > my last reply got picked up as spam and was legit :( > > it even got a score of 9/7 > > Dave maybe because 'mailserver dot com' is listed in uribl black - dhawal From strydom.dave at gmail.com Tue May 23 08:52:20 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Tue May 23 08:52:23 2006 Subject: MailScanner on a cluster In-Reply-To: <4472BEB0.5030405@netmagicsolutions.com> References: <447204B1.4070400@ecs.soton.ac.uk> <44721AA9.6050702@ecs.soton.ac.uk> <4472BEB0.5030405@netmagicsolutions.com> Message-ID: yeah I think so... Dave On 5/23/06, Dhawal Doshy wrote: > Dave Strydom wrote: > > my last reply got picked up as spam and was legit :( > > > > it even got a score of 9/7 > > > > Dave > > maybe because 'mailserver dot com' is listed in uribl black > > - dhawal > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From martinh at solid-state-logic.com Tue May 23 09:09:36 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue May 23 09:09:55 2006 Subject: Getting pounded .. sigh In-Reply-To: <4471A70B.65ED.00A2.0@plattesheriff.org> Message-ID: <00dd01c67e40$3d56e730$3004010a@martinhlaptop> Rob I trick I use is to drop all email to non-valid emails addresses on the incoming MTA. I drop well over 66% of my email traffic that way and reduces the chances of having to add another ISP into ip-tables (or whatever). Of course some people don't do this as they thing the spammers will be able to find valid addresses as a result. Of course my MS/SA setup is pretty tight and I don't have to worry about that ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rob Poe > Sent: 22 May 2006 17:57 > To: MailScanner discussion > Subject: Getting pounded .. sigh > > My mail server is getting POUNDED from > 193.252.22.157 > 193.252.22.158 > > Which is smtp1.wanadoo.co.uk and smtp2.wanadoo.co.uk > > I blacklisted the whole 193.252.22.x > > They're targeting my list server, and SpamAssassin is grabbing them > (along with the fact that the list server is membership only!!) > > but I'm getting one every 5-10 seconds!! > > grep 193.252.22 /var/log/maillog | wc > 1863 62955 710320 > > May 22 11:49:02 mail sendmail[30768]: ruleset=check_relay, > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > [193.252.22.157], reject=583 5.0.0 Get lost.. > May 22 11:49:07 mail sendmail[30769]: ruleset=check_relay, > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > [193.252.22.157], reject=583 5.0.0 Get lost.. > May 22 11:49:13 mail sendmail[30770]: ruleset=check_relay, > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > [193.252.22.157], reject=583 5.0.0 Get lost.. > May 22 11:49:27 mail sendmail[30774]: ruleset=check_relay, > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > [193.252.22.157], reject=583 5.0.0 Get lost.. > May 22 11:49:29 mail sendmail[30775]: ruleset=check_relay, > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > [193.252.22.157], reject=583 5.0.0 Get lost.. > May 22 11:49:41 mail sendmail[30777]: ruleset=check_relay, > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > [193.252.22.157], reject=583 5.0.0 Get lost.. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From nick.smith67 at googlemail.com Tue May 23 09:31:47 2006 From: nick.smith67 at googlemail.com (Nick Smith) Date: Tue May 23 09:31:50 2006 Subject: More encoded subject woes In-Reply-To: References: Message-ID: On 5/20/06, Nick Smith wrote: > On 5/19/06, Nick Smith wrote: > > Hi, > > > > MS 4.54-2 / Postfix 2.10 > > > > I've got more trouble with encoded subject headers being "mishandled" > > from a recipient's point of view. The issue occurs when, for whatever > > reason, MIME-Tools is unable to decode an encoded subject properly - > > this example is UTF-8, but I don't know if it may affect other > > encoding types too > > > > =?UTF-8?B?5oOF5aCx6YCj57Wh56WoIC0gVVNHcumVt+WQiOitsOW+heOBoSA=?==? > > UTF-8?B?LSDnrKzvvJTvvJjlm57lhajml6XmnKwgLSDlsZXnpLrkvJrjga7lh7rlsZU=?= > > > > If you feed that string to MIME::WordDecoder::unmime it returns: > > > > ????? - USGr????? - ??????? - ?????? > > > > I have absolutely no idea why this happens - whether it's a bug or > > expected behaviour on the part of MIME-Tools, but I assume that each > > question mark represents a multi-byte (Japanese in this case) > > character that it was not possible to decode > > > > Drop the same string into an Outlook message and send it via SMTP > > (making sure that it bypasses MailScanner), and when it arrives it > > should show a bunch of Japanese characters. The recipients are > > understandably not happy that the subject of their email when it shows > > up has been replaced by a bunch of question marks > > > > I've worked around this problem with a patch against Postfix.pm > > (attached), but I'm less than comfortable with it. Basically what it > > does is to unmime into a temporary holding string instead of the > > $message structure and then take a look at the results of its > > handiwork. If it sees more than an arbitrary number of consecutive ?'s > > (I picked more than 3 as a reasonable number), it assumes that the > > unmime was unsuccessful and allows the original encoded subject to > > pass. Otherwise it assumes decode success and fills the > > message->{subject} structure with the unmime result > > > > The first problem is that the ???? test is far from foolproof - > > there's loads of scope for false +ves and false -ves. The second > > problem is I'm not sure what issues this might cause if MS has to > > alter the subject later. I'm not altering any subjects at all so it > > wouldn't be a worry on my system but... > > > > Clearly I'm working with Postfix here, but this affects other MTA's > > too. Equally clearly the proper answer is to figure out what's up with > > MIME-Tools, but I'm afraid that's way beyond my capabilities :( > > > > Thoughts appreciated > > > > Thanks > > > > Nick > > > > > > > > Please ignore all of this - I think I've been fed old news by the > group that reported this to me as an issue > > I'm pretty certain that their problem was actually the "Postfix > truncates multi-line subject" thing that Julian already fixed for me, > and that when they said they were still having the issue after > re-testing they were mistaken > > I am working on the assumption that the ???? output from the unmime > function is just an ASCII representation but it was plenty enough to > confuse me :( > > Sorry for the false alarm > > Thanks > > Nick > Oh dear - it seems that maybe there is something in what I first suggested. Please take a look at this UTF-8 encoded string from a mail subject: Subject: =?UTF-8?B?NDXmmYLplpPmrovmpa3otoXpgY7nlLPoq4sg5om/6KqN5L6d6aC8IFtJ?= =?UTF-8?B?S0VEQSBZT0hFSSDmsaDnlLAg5rSL5bmzXSAg?= MIME-Tools doesn't seem able to decode this, and the original encoded subject does get replaced by a bunch of ?'s (a single ? in place of where each double byte Japanese character should be). Microsoft seems to have no problem decoding this The thing I still don't get at all with MailScanner is under what circumstances the original encoded format subject header gets replaced by the unmimed version as part of onward delivery What I mean by this is that if a subject gets successfully unmimed then it gets sent onwards in its original MIME form - if the unmime is not successful however (as in this case) then the subject header in the message itself gets physically replaced with the "broken" ASCII representation where ?'s substitute for double byte characters I'd very much appreciate any insight into this problem - does the unmime function have a return code that could be tested for success before using its output for example? Unfortunately my previous strategy of testing for n successive ?'s isn't going to work because I think all db characters will appear as a ? in the perl string test whether the decode was successful or not. I also have not managed to figure out what dependencies there are here that affect MailScanner's ability to do a subject rewrite if it needs to insert a string of its own Thanks Nick From drew at themarshalls.co.uk Tue May 23 09:48:34 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Tue May 23 09:48:59 2006 Subject: Laggy List Server?? In-Reply-To: <447247F6.3000107@blacknight.ie> References: <447247F6.3000107@blacknight.ie> Message-ID: <35356.194.70.180.170.1148374114.squirrel@webmail.r-bit.net> On Tue, May 23, 2006 00:23, Michele Neylon :: Blacknight.ie wrote: > We'll look into it > > Was it behaving properly up until today? Fairly much, although, of late it was becoming progressively slower. Started at a couple of minutes, then 5 -6, then 10 or so etc but this is over a few of weeks. Nothing obviously broken, you know one minute fine the next slower than a tortoise on sleeping pills. Just a gradual slowing. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From drew at themarshalls.co.uk Tue May 23 09:56:51 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Tue May 23 09:57:03 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <44724A83.8090108@blacknight.ie> References: <44724A83.8090108@blacknight.ie> Message-ID: <35385.194.70.180.170.1148374611.squirrel@webmail.r-bit.net> On Tue, May 23, 2006 00:34, Michele Neylon :: Blacknight.ie wrote: > Kevin Miller wrote: >> Julian Field wrote: >> >>> So, what are your best, prettiest, loveliest times of year where each >>> of you happen to live? > > Those brief moments between rain showers ..... The Ashdown Forest is lovely in autumn and spring (If a bit damp on occasions) but it's not really a holiday from Southampton, more a day trip! -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From res at ausics.net Tue May 23 10:19:56 2006 From: res at ausics.net (Res) Date: Tue May 23 10:20:05 2006 Subject: Laggy List Server?? In-Reply-To: <4472209E.6090307@nkpanama.com> References: <4472209E.6090307@nkpanama.com> Message-ID: On Mon, 22 May 2006, Alex Neuman wrote: > Res wrote: >> >> And it's common amongst a few post headers I looked at... >> I wonder if list daddy has in his sendmail.mc >> define(`confSEPARATE_PROC',`True')dnl >> >> > > Just for curiosity's sake, what does that do, exactly? > typically if you have 200 msgs to send sendmail by default sends 1 by 1 with this its sends 200 at once (hence the sep process), the same as qmail does, you can limit this if it becomes an issue with queue size features, but we've never found it to be any problem. -- Cheers Res From res at ausics.net Tue May 23 10:25:41 2006 From: res at ausics.net (Res) Date: Tue May 23 10:25:51 2006 Subject: Getting pounded .. sigh In-Reply-To: <4472423B.6010801@coders.co.uk> References: <4471A70B.65ED.00A2.0@plattesheriff.org> <4472423B.6010801@coders.co.uk> Message-ID: On Mon, 22 May 2006, Matt Hampton wrote: > Res wrote: >> wanadoo.co.uk|fr have been banned here for nearly 2 years because of their >> "we dont care if our users spam you" policy > > Bad sysadmins pay for trying spam me by keeping their crud on disk for 5 > days. hehehe, yeah but do you really want them filling up your log files every 10 -60 mins for a week ? some of us run longer, one of our secondary MX's we allow our corporate DSL users to use (those that insist on running their own local mail servers, mostly exchange Lusers) has a retry for 10 days. -- Cheers Res From matt at coders.co.uk Tue May 23 10:53:18 2006 From: matt at coders.co.uk (Matt Hampton) Date: Tue May 23 10:53:19 2006 Subject: Getting pounded .. sigh In-Reply-To: References: <4471A70B.65ED.00A2.0@plattesheriff.org> <4472423B.6010801@coders.co.uk> Message-ID: <4472DB8E.9000505@coders.co.uk> >> Bad sysadmins pay for trying spam me by keeping their crud on disk for 5 >> days. > > hehehe, yeah but do you really want them filling up your log files every > 10 -60 mins for a week ? some of us run longer, one of our secondary > MX's we allow our corporate DSL users to use (those that insist on > running their own local mail servers, mostly exchange Lusers) has a > retry for 10 days. I'm not too worried about the 2-300 bytes a log entry it generates. Disk space is cheap. However the overhead on queue runners for the sending server is much more significant. I did say "bad" sysadmins - they probably won't have changed the defaults ;-) matt From paul at blacknight.ie Tue May 23 11:49:49 2006 From: paul at blacknight.ie (Paul Kelly :: Blacknight) Date: Tue May 23 11:49:24 2006 Subject: Laggy List Server?? In-Reply-To: References: <4472209E.6090307@nkpanama.com> Message-ID: <1148381389.26589.0.camel@localhost.localdomain> testing ... 1 . 2 . 3 . On Tue, 2006-05-23 at 19:19 +1000, Res wrote: > On Mon, 22 May 2006, Alex Neuman wrote: > > > Res wrote: > >> > >> And it's common amongst a few post headers I looked at... > >> I wonder if list daddy has in his sendmail.mc > >> define(`confSEPARATE_PROC',`True')dnl > >> > >> > > > > Just for curiosity's sake, what does that do, exactly? > > > > typically if you have 200 msgs to send sendmail by default sends 1 by 1 > with this its sends 200 at once (hence the sep process), the same as qmail > does, you can limit this if it becomes an issue with queue size features, > but we've never found it to be any problem. > > > -- > Cheers > Res -- Paul Kelly Technical Director Blacknight Internet Solutions ltd Hosting, Colocation, Dedicated servers Lo-call: 1850 927 280 DDI: 059 9183091 e-mail: paul@blacknight.ie From glenn.steen at gmail.com Tue May 23 12:00:55 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 23 12:00:58 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <35385.194.70.180.170.1148374611.squirrel@webmail.r-bit.net> References: <44724A83.8090108@blacknight.ie> <35385.194.70.180.170.1148374611.squirrel@webmail.r-bit.net> Message-ID: <223f97700605230400t58b4c638lf3a5a10e17717540@mail.gmail.com> On 23/05/06, Drew Marshall wrote: > On Tue, May 23, 2006 00:34, Michele Neylon :: Blacknight.ie wrote: > > Kevin Miller wrote: > >> Julian Field wrote: > >> > >>> So, what are your best, prettiest, loveliest times of year where each > >>> of you happen to live? > > > > Those brief moments between rain showers ..... > > The Ashdown Forest is lovely in autumn and spring (If a bit damp on > occasions) but it's not really a holiday from Southampton, more a day > trip! > > On the subject of "not that long trips Jules can make", why not extend that to the "Venice of the north":-). Summer is generally an unreliable affair here in Sweden, but ... mid-July to mid-August is usually pretty OK. At least when the mainland weather ("the Russian heat", as we say here) dominates, rather than the usual showers off of the British isles (That answers the question: Where does the rain go when Michele sees some sun";-). Personally, I prefer the winter... When it "rains" in the winter, it snows... Which means one gets some nice off-pist skiing the next day:-):-). Depressingly enough, I live in the relatively flat countryside outside of Stockholm, far away from the mountains of my youth... Sigh. Anyway, despite that... You're welcome anytime you please Jules. If you can stomach the rather non-existant service of Ryan Air, it wouldn't be particularly expensive either:). PS. Jethro, I thought the bad weather were why you Scotsmen invented "liquid sunshine" in the first place... Enough whiskey, and who cares if it rains:-). DS -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From paul at blacknight.ie Tue May 23 12:04:17 2006 From: paul at blacknight.ie (Paul Kelly :: Blacknight) Date: Tue May 23 12:03:51 2006 Subject: Laggy List Server?? In-Reply-To: <1148381389.26589.0.camel@localhost.localdomain> References: <4472209E.6090307@nkpanama.com> <1148381389.26589.0.camel@localhost.localdomain> Message-ID: <1148382257.26589.2.camel@localhost.localdomain> hmmm 6 minutes /me beats sendmail with a stick On Tue, 2006-05-23 at 11:49 +0100, Paul Kelly :: Blacknight wrote: > testing ... 1 . 2 . 3 . > > On Tue, 2006-05-23 at 19:19 +1000, Res wrote: > > On Mon, 22 May 2006, Alex Neuman wrote: > > > > > Res wrote: > > >> > > >> And it's common amongst a few post headers I looked at... > > >> I wonder if list daddy has in his sendmail.mc > > >> define(`confSEPARATE_PROC',`True')dnl > > >> > > >> > > > > > > Just for curiosity's sake, what does that do, exactly? > > > > > > > typically if you have 200 msgs to send sendmail by default sends 1 by 1 > > with this its sends 200 at once (hence the sep process), the same as qmail > > does, you can limit this if it becomes an issue with queue size features, > > but we've never found it to be any problem. > > > > > > -- > > Cheers > > Res > -- > Paul Kelly > Technical Director > Blacknight Internet Solutions ltd > Hosting, Colocation, Dedicated servers > Lo-call: 1850 927 280 > DDI: 059 9183091 > e-mail: paul@blacknight.ie > -- Paul Kelly Technical Director Blacknight Internet Solutions ltd Hosting, Colocation, Dedicated servers Lo-call: 1850 927 280 DDI: 059 9183091 e-mail: paul@blacknight.ie From glenn.steen at gmail.com Tue May 23 12:22:58 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 23 12:23:04 2006 Subject: Laggy List Server?? In-Reply-To: <1148382257.26589.2.camel@localhost.localdomain> References: <4472209E.6090307@nkpanama.com> <1148381389.26589.0.camel@localhost.localdomain> <1148382257.26589.2.camel@localhost.localdomain> Message-ID: <223f97700605230422u7575c911r412342500a60f2c2@mail.gmail.com> On 23/05/06, Paul Kelly :: Blacknight wrote: > hmmm 6 minutes > > /me beats sendmail with a stick > > On a tangent matter, was I the only one to receive some Nyxem virus mails through the list recently (on Sunday... Can provide more info on request)? Doesn't the list get "MailScannered"...? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From paul at blacknight.ie Tue May 23 12:23:29 2006 From: paul at blacknight.ie (Paul Kelly :: Blacknight) Date: Tue May 23 12:23:08 2006 Subject: Laggy List Server?? In-Reply-To: References: Message-ID: <1148383409.26589.6.camel@localhost.localdomain> On Tue, 2006-05-23 at 06:13 +1000, Res wrote: > And it's common amongst a few post headers I looked at... > I wonder if list daddy has in his sendmail.mc > define(`confSEPARATE_PROC',`True')dnl > Not a hope in hell. :) - the server always has around 1800 messages in the out going queue as various mail servers for the list members appear to be either down or there are random dns issues etc. The server would fall over and die. Paul -- Paul Kelly Technical Director Blacknight Internet Solutions ltd Hosting, Colocation, Dedicated servers Lo-call: 1850 927 280 DDI: 059 9183091 e-mail: paul@blacknight.ie From jethro.binks at strath.ac.uk Tue May 23 12:27:14 2006 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Tue May 23 12:27:17 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <223f97700605230400t58b4c638lf3a5a10e17717540@mail.gmail.com> References: <44724A83.8090108@blacknight.ie> <35385.194.70.180.170.1148374611.squirrel@webmail.r-bit.net> <223f97700605230400t58b4c638lf3a5a10e17717540@mail.gmail.com> Message-ID: <20060523122351.C67627@defjam.cc.strath.ac.uk> On Tue, 23 May 2006, Glenn Steen wrote: > PS. Jethro, I thought the bad weather were why you Scotsmen invented > "liquid sunshine" in the first place... Enough whiskey, and who cares if > it rains:-). DS I'm not Scottish, so I wouldn't know about that :). I'm also teetotal, however I do know that "whiskey" is Irish, and "whisky" is Scottish. And that's about it. Does anyone still use this MailScanner thing around here, anyway? Seems to be more of a social club, heh. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From prandal at herefordshire.gov.uk Tue May 23 12:54:37 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue May 23 12:54:54 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580D210A30@isabella.herefordshire.gov.uk> Jethro R Binks did say: > Does anyone still use this MailScanner thing around here, > anyway? Seems to be more of a social club, heh. It works so well fighting the war against viruses and spam that we have the time to stop for a cuppa and check our email :-) Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK From res at ausics.net Tue May 23 13:00:29 2006 From: res at ausics.net (Res) Date: Tue May 23 13:00:38 2006 Subject: Laggy List Server?? In-Reply-To: <1148383409.26589.6.camel@localhost.localdomain> References: <1148383409.26589.6.camel@localhost.localdomain> Message-ID: On Tue, 23 May 2006, Paul Kelly :: Blacknight wrote: > On Tue, 2006-05-23 at 06:13 +1000, Res wrote: > >> And it's common amongst a few post headers I looked at... >> I wonder if list daddy has in his sendmail.mc >> define(`confSEPARATE_PROC',`True')dnl >> > > Not a hope in hell. :) - the server always has around 1800 messages in > the out going queue as various mail servers for the list members appear > to be either down or there are random dns issues etc. LOL... yeah it can have its setbacks, our sendmail sec MX box kills one of the qmail boxes if its down for more than 30 mins:) an easy way for reduce that is set X number of bounces = fatal your auto on vacation or unsubed :) I am more familiar with ecartis, which does these things I wonder if mailman has that option even, as I always see msgs going to an X employee (like from 18 months ago) from redhat list servers. But since your explanation probably explains why it takes a few mins extra :) -- Cheers Res From drew at themarshalls.co.uk Tue May 23 13:03:32 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Tue May 23 13:03:46 2006 Subject: Laggy List Server?? In-Reply-To: <223f97700605230422u7575c911r412342500a60f2c2@mail.gmail.com> References: <4472209E.6090307@nkpanama.com> <1148381389.26589.0.camel@localhost.localdomain> <1148382257.26589.2.camel@localhost.localdomain> <223f97700605230422u7575c911r412342500a60f2c2@mail.gmail.com> Message-ID: <36111.194.70.180.170.1148385812.squirrel@webmail.r-bit.net> On Tue, May 23, 2006 12:22, Glenn Steen wrote: > On 23/05/06, Paul Kelly :: Blacknight wrote: >> hmmm 6 minutes >> >> /me beats sendmail with a stick >> >> > On a tangent matter, was I the only one to receive some Nyxem virus > mails through the list recently (on Sunday... Can provide more info on > request)? > Doesn't the list get "MailScannered"...? No, you weren't alone. I got them too. I don't think the list gets scanned, I seem to remember it was on a to-do list. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From res at ausics.net Tue May 23 13:07:57 2006 From: res at ausics.net (Res) Date: Tue May 23 13:08:28 2006 Subject: Laggy List Server?? In-Reply-To: References: <1148383409.26589.6.camel@localhost.localdomain> Message-ID: Well done Paul :) under 30 seconds turnaround Received: from valhalla.ausics.net (valhalla.ausics.net [202.52.37.248]) by roswell.ausics.net (8.13.6/8.13.6) with ESMTP id k4NC0rt9002298 for ; Tue, 23 May 2006 22:00:53 +1000 Received: from bkserver.blacknight.ie (bkserver.blacknight.ie [83.98.166.45]) by valhalla.ausics.net (8.13.6/8.13.6) with ESMTP id k4NC0m5Y022861 for ; Tue, 23 May 2006 22:00:52 +1000 Received: from bkserver.blacknight.ie (bkserver.blacknight.ie [127.0.0.1]) by bkserver.blacknight.ie (8.13.1/8.13.1) with ESMTP id k4NC0c7q032045; Tue, 23 May 2006 13:00:43 +0100 X-Mailman-Handler: $Id: mm-handler,v 1.2 2002/04/05 19:41:09 bwarsaw Exp $ Received: from valhalla.ausics.net (valhalla.ausics.net [202.52.37.248]) by bkserver.blacknight.ie (8.13.1/8.13.1) with ESMTP id k4NC0Z8i032038 for ; Tue, 23 May 2006 13:00:36 +0100 Received: from roswell.ausics.net (roswell.ausics.net [210.211.124.224]) by valhalla.ausics.net (8.13.6/8.13.6) with ESMTP id k4NC0Vwa022838 for ; Tue, 23 May 2006 22:00:31 +1000 > But since your explanation probably explains why it takes a few mins extra :) -- Cheers Res From drew at themarshalls.co.uk Tue May 23 13:24:10 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Tue May 23 13:24:26 2006 Subject: Laggy List Server?? In-Reply-To: References: <1148383409.26589.6.camel@localhost.localdomain> Message-ID: <36456.194.70.180.170.1148387050.squirrel@webmail.r-bit.net> On Tue, May 23, 2006 13:07, Res wrote: > Well done Paul :) under 30 seconds turnaround As the bloke that started the thread I had better check... -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From paul at blacknight.ie Tue May 23 13:40:53 2006 From: paul at blacknight.ie (Paul Kelly :: Blacknight) Date: Tue May 23 13:40:55 2006 Subject: Laggy List Server?? In-Reply-To: References: <1148383409.26589.6.camel@localhost.localdomain> Message-ID: <1148388054.26589.10.camel@localhost.localdomain> It's going to be a couple of minutes. Some people might get it in seconds, others will take a bit of time. but it seems a lot better than it was. We will continue to monitor it and see if we can tweak it some more. I might nuke mails older than 8 hours in the outbound queue, of course if Jules approves. Paul On Tue, 2006-05-23 at 22:07 +1000, Res wrote: > Well done Paul :) under 30 seconds turnaround > > Received: from valhalla.ausics.net (valhalla.ausics.net [202.52.37.248]) > by roswell.ausics.net (8.13.6/8.13.6) with ESMTP id k4NC0rt9002298 > for ; Tue, 23 May 2006 22:00:53 +1000 > Received: from bkserver.blacknight.ie (bkserver.blacknight.ie > [83.98.166.45]) > by valhalla.ausics.net (8.13.6/8.13.6) with ESMTP id k4NC0m5Y022861 > for ; Tue, 23 May 2006 22:00:52 +1000 > Received: from bkserver.blacknight.ie (bkserver.blacknight.ie [127.0.0.1]) > by bkserver.blacknight.ie (8.13.1/8.13.1) with ESMTP id > k4NC0c7q032045; > Tue, 23 May 2006 13:00:43 +0100 > X-Mailman-Handler: $Id: mm-handler,v 1.2 2002/04/05 19:41:09 bwarsaw Exp $ > Received: from valhalla.ausics.net (valhalla.ausics.net [202.52.37.248]) > by bkserver.blacknight.ie (8.13.1/8.13.1) with ESMTP id k4NC0Z8i032038 > for ; > Tue, 23 May 2006 13:00:36 +0100 > Received: from roswell.ausics.net (roswell.ausics.net [210.211.124.224]) > by valhalla.ausics.net (8.13.6/8.13.6) with ESMTP id k4NC0Vwa022838 > for ; > Tue, 23 May 2006 22:00:31 +1000 > > > > > But since your explanation probably explains why it takes a few mins extra :) > > -- > Cheers > Res -- Paul Kelly Technical Director Blacknight Internet Solutions ltd Hosting, Colocation, Dedicated servers Lo-call: 1850 927 280 DDI: 059 9183091 e-mail: paul@blacknight.ie From drew at themarshalls.co.uk Tue May 23 13:42:02 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Tue May 23 13:42:25 2006 Subject: Laggy List Server?? In-Reply-To: <36456.194.70.180.170.1148387050.squirrel@webmail.r-bit.net> References: <1148383409.26589.6.camel@localhost.localdomain> <36456.194.70.180.170.1148387050.squirrel@webmail.r-bit.net> Message-ID: <36762.194.70.180.170.1148388122.squirrel@webmail.r-bit.net> On Tue, May 23, 2006 13:24, Drew Marshall wrote: > On Tue, May 23, 2006 13:07, Res wrote: >> Well done Paul :) under 30 seconds turnaround > > As the bloke that started the thread I had better check... And in true Postfix user tradition, replying to myself: Received: from bkserver.blacknight.ie (bkserver.blacknight.ie [83.98.166.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by cro-mx1.r-bit.net (Postfix) with ESMTP id BCEE133C21 for ; Tue, 23 May 2006 13:35:14 +0100 (BST) Received: from bkserver.blacknight.ie (bkserver.blacknight.ie [127.0.0.1]) by bkserver.blacknight.ie (8.13.1/8.13.1) with ESMTP id k4NCUdBM000593; Tue, 23 May 2006 13:31:04 +0100 X-Mailman-Handler: $Id: mm-handler,v 1.2 2002/04/05 19:41:09 bwarsaw Exp $ Received: from cro-mx1.r-bit.net (cro-mx1.r-bit.net [84.92.197.220]) by bkserver.blacknight.ie (8.13.1/8.13.1) with ESMTP id k4NCONpD000366 for ; Tue, 23 May 2006 13:24:24 +0100 Better, only 7 minutes for list exploding and 4 minutes for delivery :-/ Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From glenn.steen at gmail.com Tue May 23 13:48:42 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 23 13:48:45 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <20060523122351.C67627@defjam.cc.strath.ac.uk> References: <44724A83.8090108@blacknight.ie> <35385.194.70.180.170.1148374611.squirrel@webmail.r-bit.net> <223f97700605230400t58b4c638lf3a5a10e17717540@mail.gmail.com> <20060523122351.C67627@defjam.cc.strath.ac.uk> Message-ID: <223f97700605230548w55b56b57nf99a8e54a0fb4854@mail.gmail.com> On 23/05/06, Jethro R Binks wrote: > On Tue, 23 May 2006, Glenn Steen wrote: > > > PS. Jethro, I thought the bad weather were why you Scotsmen invented > > "liquid sunshine" in the first place... Enough whiskey, and who cares if > > it rains:-). DS > > I'm not Scottish, so I wouldn't know about that :). I'm also teetotal, > however I do know that "whiskey" is Irish, and "whisky" is Scottish. And > that's about it. :-) Yeah well, spank me... The spell-checker ate it, so....:-) Remind me this weekend (when I've downed a sample or two ... of either) and I can probably provide some fairly interesting variations on the spelling:-D > Does anyone still use this MailScanner thing around here, anyway? Seems > to be more of a social club, heh. > Well, of course we use it. Makes for a lot of time for idle chatter...:-). Anyway, since Root was fishing for a) invitations and b) help with the itinerary... what could one expect other than his loyal subjects leaping at the chance to make his day a brighter one?-):-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From campbell at cnpapers.com Tue May 23 14:10:55 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Tue May 23 14:11:16 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! References: <44724A83.8090108@blacknight.ie><35385.194.70.180.170.1148374611.squirrel@webmail.r-bit.net><223f97700605230400t58b4c638lf3a5a10e17717540@mail.gmail.com> <20060523122351.C67627@defjam.cc.strath.ac.uk> Message-ID: <00d701c67e6a$534769a0$0705000a@DDF5DW71> ----- Original Message ----- From: "Jethro R Binks" To: "MailScanner discussion" Sent: Tuesday, May 23, 2006 7:27 AM Subject: Re: MailScanner ANNOUNCEMENT: Your Software Needs You! > On Tue, 23 May 2006, Glenn Steen wrote: > >> PS. Jethro, I thought the bad weather were why you Scotsmen invented >> "liquid sunshine" in the first place... Enough whiskey, and who cares if >> it rains:-). DS > > I'm not Scottish, so I wouldn't know about that :). I'm also teetotal, > however I do know that "whiskey" is Irish, and "whisky" is Scottish. And > that's about it. > > Does anyone still use this MailScanner thing around here, anyway? Seems > to be more of a social club, heh. > No, because it causes swapping. Steve Campbell campbell@cnpapers.com Charleston Newspapers > > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > . > Jethro R Binks > Computing Officer, IT Services > University Of Strathclyde, Glasgow, UK > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From prandal at herefordshire.gov.uk Tue May 23 14:27:15 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue May 23 14:27:30 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580D210A4F@isabella.herefordshire.gov.uk> Steve Campbell said: > > Does anyone still use this MailScanner thing around here, > > anyway? Seems to be more of a social club, heh. > > No, because it causes swapping. Social clubs are infamous for that too ;-) Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK From dave.list at pixelhammer.com Tue May 23 14:34:33 2006 From: dave.list at pixelhammer.com (DAve) Date: Tue May 23 14:35:09 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <44721B8A.1080404@ecs.soton.ac.uk> References: <446F8E53.5080407@ecs.soton.ac.uk> <4246CA63-E1E6-45B5-BD9C-435ECF5F99AA@ecs.soton.ac.uk> <4471FA21.4010307@pixelhammer.com> <44720556.3060307@ecs.soton.ac.uk> <447211DF.6010801@pixelhammer.com> <44721B8A.1080404@ecs.soton.ac.uk> Message-ID: <44730F69.1070500@pixelhammer.com> Julian Field wrote: > > > DAve wrote: >> Julian Field wrote: >>> DAve wrote: >>>> You would be welcome in Indiana, I can set you up with a tent, a >>>> sleeping bag, a firepit, and a bottle of Scotch. You would have most >>>> of 40 acres to yourself. You and the deer, racoons, foxes, coytes, >>>> possums, horned owls, and the odd skunk or two ;^) >>>> >>>> Oh and you would of course get a wireless connection as well, if you >>>> so choose. >>> I was kinda hoping to be able to sleep somewhere with a roof :-) >>> >> >> I was trying to offer the full experience! You are of course welcome >> to an inside bed rather than fresh air and stars, but you can get that >> anywhere ;^) > You have a point. If it isn't too cold and it doesn't rain too much, > then actually sleeping outside sounds good. Haven't slept under the > stars in more years than I can remember. When I was little, I could > never sleep when the house got hot in the summer (the UK doesn't have > air con). So I spent every summer living in a tent in the middle of the > back garden. Just me and a sleeping bag. It was great. It would be good > to do it again, it's been too long :-) > I could even bring my own sleeping bag these days. If the deer get into my wife's garden again, you may be enjoying them with potatoes and onions rather than a camera ;^) We seem to have a doe this year with a particular love of rose buds. > > So the next step is to get together the best times of year to visit > everyone and put a timetable together. > > So, what are your best, prettiest, loveliest times of year where each of > you happen to live? > Indiana would be May if you don't mind the tornadoes. All summer will be beautiful but could turn humid at the drop of a hat, or the turn of a jet stream as it were. If you enjoy cider and turning leaves then October is nice, but cool. DAve -- This message was checked by forty monkeys and found to not contain any SPAM whatsoever. Your monkeys may vary From drew at themarshalls.co.uk Tue May 23 14:49:48 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Tue May 23 14:50:25 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <00d701c67e6a$534769a0$0705000a@DDF5DW71> References: <44724A83.8090108@blacknight.ie><35385.194.70.180.170.1148374611.squirrel@webmail.r-bit.net><223f97700605230400t58b4c638lf3a5a10e17717540@mail.gmail.com> <20060523122351.C67627@defjam.cc.strath.ac.uk> <00d701c67e6a$534769a0$0705000a@DDF5DW71> Message-ID: <37078.194.70.180.170.1148392188.squirrel@webmail.r-bit.net> On Tue, May 23, 2006 14:10, Steve Campbell wrote: > No, because it causes swapping. Don't you start!! :-D -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From MailScanner at ecs.soton.ac.uk Tue May 23 15:01:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 23 15:02:08 2006 Subject: Laggy List Server?? In-Reply-To: <1148388054.26589.10.camel@localhost.localdomain> References: <1148383409.26589.6.camel@localhost.localdomain> <1148388054.26589.10.camel@localhost.localdomain> Message-ID: <3EE61075-1D2F-4B3C-AAF4-4A1C16C52881@ecs.soton.ac.uk> I have no problem with that. On 23 May 2006, at 13:40, Paul Kelly :: Blacknight wrote: > It's going to be a couple of minutes. Some people might get it in > seconds, others will take a bit of time. > > but it seems a lot better than it was. We will continue to monitor it > and see if we can tweak it some more. I might nuke mails older than 8 > hours in the outbound queue, of course if Jules approves. > > Paul > > On Tue, 2006-05-23 at 22:07 +1000, Res wrote: >> Well done Paul :) under 30 seconds turnaround >> >> Received: from valhalla.ausics.net (valhalla.ausics.net >> [202.52.37.248]) >> by roswell.ausics.net (8.13.6/8.13.6) with ESMTP id >> k4NC0rt9002298 >> for ; Tue, 23 May 2006 22:00:53 +1000 >> Received: from bkserver.blacknight.ie (bkserver.blacknight.ie >> [83.98.166.45]) >> by valhalla.ausics.net (8.13.6/8.13.6) with ESMTP id >> k4NC0m5Y022861 >> for ; Tue, 23 May 2006 22:00:52 +1000 >> Received: from bkserver.blacknight.ie (bkserver.blacknight.ie >> [127.0.0.1]) >> by bkserver.blacknight.ie (8.13.1/8.13.1) with ESMTP id >> k4NC0c7q032045; >> Tue, 23 May 2006 13:00:43 +0100 >> X-Mailman-Handler: $Id: mm-handler,v 1.2 2002/04/05 19:41:09 >> bwarsaw Exp $ >> Received: from valhalla.ausics.net (valhalla.ausics.net >> [202.52.37.248]) >> by bkserver.blacknight.ie (8.13.1/8.13.1) with ESMTP id >> k4NC0Z8i032038 >> for ; >> Tue, 23 May 2006 13:00:36 +0100 >> Received: from roswell.ausics.net (roswell.ausics.net >> [210.211.124.224]) >> by valhalla.ausics.net (8.13.6/8.13.6) with ESMTP id >> k4NC0Vwa022838 >> for ; >> Tue, 23 May 2006 22:00:31 +1000 >> >> >> >>> But since your explanation probably explains why it takes a few >>> mins extra :) >> >> -- >> Cheers >> Res > -- > Paul Kelly > Technical Director > Blacknight Internet Solutions ltd > Hosting, Colocation, Dedicated servers > Lo-call: 1850 927 280 > DDI: 059 9183091 > e-mail: paul@blacknight.ie > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From dwinkler at algorithmics.com Tue May 23 15:40:46 2006 From: dwinkler at algorithmics.com (Derek Winkler) Date: Tue May 23 15:38:48 2006 Subject: Ignore Whitelist If Score Over ## Message-ID: <570A16F7DB56C242B26876067D682FD003470802@TORMAIL.algorithmics.com> Is it possible to have MailScanner ignore the whitelist if the score is over a certain amount? If not, would it be possible to have a Custom Function for "Is Definitely Not Spam" return blank for emails over a certain score or a filename for a ruleset otherwise? About to experiment with a Custom Function just thought I'd see if someone has done this already. Thanks, Derek Winkler Security Analyst Algorithmics 185 Spadina Ave Toronto, Ontario Canada M5T 2C6 Phone: 416-217-4107 Fax: 416-971-6100 This email and any files transmitted with it are confidential and proprietary to Algorithmics Incorporated and its affiliates ("Algorithmics"). If received in error, use is prohibited. Please destroy, and notify sender. Sender does not waive confidentiality or privilege. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. Algorithmics does not accept liability for any errors or omissions. Any commitment intended to bind Algorithmics must be reduced to writing and signed by an authorized signatory. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060523/53a488f4/attachment.html From dyioulos at firstbhph.com Tue May 23 15:52:06 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Tue May 23 15:52:12 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <20060523122351.C67627@defjam.cc.strath.ac.uk> References: <223f97700605230400t58b4c638lf3a5a10e17717540@mail.gmail.com> <20060523122351.C67627@defjam.cc.strath.ac.uk> Message-ID: <200605231052.06669.dyioulos@firstbhph.com> On Tuesday May 23 2006 7:27 am, Jethro R Binks wrote: > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > Jethro R Binks > Computing Officer, IT Services > University Of Strathclyde, Glasgow, UK > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. We all work hard, so a little bit of blowin' off is ok. :-) Back to Jules' "Rolling Thunder Tour" - it's a good bet he'd enter the US via New York. He'd be met, I'm sure, by local listy's (whom I'd love to join, as I lived in that great city for a few years). Do New York, then up the coast to Boston, where I currently live. It's a wonderful place with lots of history. Also fun, as there are many universities and colleges in and around (Harvard, MIT, Boston College, Boston University, Northeastern University, to name a few) - keeps the place very jumpin'. We'll take in a Red Sox (baseball) game, too. Then, continue on to Maine (see previous posts). From there, would suggest crossing into Canada - Halifax, then Montreal, then Toronto. Cross back into the US at Niagara Falls. Go to Washington, DC after that. Then do the South. Hey, wait a minute, I just planned the rest of the year for the poor guy! Ayway, Julian, the point is, you're well-liked and highly respected, and welcomed in lots of places. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solid-state-logic.com Tue May 23 16:05:47 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue May 23 16:05:57 2006 Subject: Ignore Whitelist If Score Over ## In-Reply-To: <570A16F7DB56C242B26876067D682FD003470802@TORMAIL.algorithmics.com> Message-ID: <01d101c67e7a$5f1c2df0$3004010a@martinhlaptop> Derek Depends which whitelist you've configured. If you're using SA's whitelist you can reduce the whitelist score down from -100 to (say) -10...that way even if the user is on the whitelist, if they get a big score it'll still block them. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Derek Winkler > Sent: 23 May 2006 15:41 > To: mailscanner@lists.mailscanner.info > Subject: Ignore Whitelist If Score Over ## > > > Is it possible to have MailScanner ignore the whitelist if the score is > over a certain amount? > > If not, would it be possible to have a Custom Function for "Is Definitely > Not Spam" return blank for emails over a certain score or a filename for a > ruleset otherwise? > > About to experiment with a Custom Function just thought I'd see if someone > has done this already. > > Thanks, > > Derek Winkler > Security Analyst > > Algorithmics > 185 Spadina Ave > Toronto, Ontario > Canada > M5T 2C6 > > Phone: 416-217-4107 > Fax: 416-971-6100 > > > > This email and any files transmitted with it are confidential and > proprietary to Algorithmics Incorporated and its affiliates > ("Algorithmics"). If received in error, use is prohibited. Please > destroy, and notify sender. Sender does not waive confidentiality or > privilege. Internet communications cannot be guaranteed to be timely, > secure, error or virus-free. Algorithmics does not accept liability for > any errors or omissions. Any commitment intended to bind Algorithmics > must be reduced to writing and signed by an authorized signatory. ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From ssilva at sgvwater.com Tue May 23 16:11:42 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 23 16:11:19 2006 Subject: Laggy List Server?? In-Reply-To: <36111.194.70.180.170.1148385812.squirrel@webmail.r-bit.net> References: <4472209E.6090307@nkpanama.com> <1148381389.26589.0.camel@localhost.localdomain> <1148382257.26589.2.camel@localhost.localdomain> <223f97700605230422u7575c911r412342500a60f2c2@mail.gmail.com> <36111.194.70.180.170.1148385812.squirrel@webmail.r-bit.net> Message-ID: Drew Marshall spake the following on 5/23/2006 5:03 AM: > On Tue, May 23, 2006 12:22, Glenn Steen wrote: >> On 23/05/06, Paul Kelly :: Blacknight wrote: >>> hmmm 6 minutes >>> >>> /me beats sendmail with a stick >>> >>> >> On a tangent matter, was I the only one to receive some Nyxem virus >> mails through the list recently (on Sunday... Can provide more info on >> request)? >> Doesn't the list get "MailScannered"...? > > No, you weren't alone. I got them too. > > I don't think the list gets scanned, I seem to remember it was on a to-do > list. > > Drew > > You would think the MailScanner list would use MailScanner! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From Kevin_Miller at ci.juneau.ak.us Tue May 23 16:19:24 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue May 23 16:19:27 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! Message-ID: Dimitri Yioulos wrote: > I'd love to join, as I lived in that great city for a few years). Do > New York, then up the coast to Boston, where I currently live. It's > a wonderful place with lots of history. Also fun, as there are many Just a warning Jules - don't let the Bostonians invite you out for tea! ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From prandal at herefordshire.gov.uk Tue May 23 16:48:36 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue May 23 16:48:58 2006 Subject: Laggy List Server?? Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580D210A8A@isabella.herefordshire.gov.uk> Scott Silva opined: > You would think the MailScanner list would use MailScanner! It's a cunning ploy to keep us on our toes, or a free MailScanner testing service... Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK From drew at themarshalls.co.uk Tue May 23 17:18:38 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Tue May 23 17:18:59 2006 Subject: Laggy List Server?? In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580D210A8A@isabella.herefordshire.gov.u k> References: <86144ED6CE5B004DA23E1EAC0B569B580D210A8A@isabella.herefordshire.gov.uk> Message-ID: <37484.194.70.180.170.1148401118.squirrel@webmail.r-bit.net> On Tue, May 23, 2006 16:48, Randal, Phil wrote: > Scott Silva opined: > >> You would think the MailScanner list would use MailScanner! > > It's a cunning ploy to keep us on our toes, or a free MailScanner > testing service... It does, well sort of. It's just a well distributed set of MailScanner servers scanning on individual list receipt, by user :-) -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From KGoods at AIAInsurance.com Tue May 23 17:25:09 2006 From: KGoods at AIAInsurance.com (Ken Goods) Date: Tue May 23 17:30:18 2006 Subject: OT - Viruses from mailing list. Message-ID: <13C0059880FDD3118DC600508B6D4A6D013D899D@aiainsurance.com> Just wondering if anyone else saw this. I received 5 of these on 5/20/06 starting at ~3:10 PST, not all the same file but the sender was the same. No problem since MailScanner, ClamAV, and Bitdefender caught them but isn't the list running some kind of AV? The following e-mails were found to have: Virus Detected Sender: mailscanner-bounces@lists.mailscanner.info IP Address: 83.98.166.45 Recipient: kgoods@aiainsurance.com Subject: Re: MessageID: k4KMTb5H031184 Quarantine: /var/spool/MailScanner/quarantine/20060520/k4KMTb5H031184 Report: ClamAV: Video_part.mim contains Worm.VB-9 Bitdefender: Found virus Win32.Nyxem.E@mm in file Video_part.mim Full headers are: Return-Path: Received: from bkserver.blacknight.ie (bkserver.blacknight.ie [83.98.166.45]) by gw-mail.aiainsurance.com (8.13.1/8.13.1) with ESMTP id k4KMTb5H031184 for ; Sat, 20 May 2006 15:29:37 -0700 Received: from bkserver.blacknight.ie (bkserver.blacknight.ie [127.0.0.1]) by bkserver.blacknight.ie (8.13.1/8.13.1) with ESMTP id k4KMRib7030833; Sat, 20 May 2006 23:27:58 +0100 X-Mailman-Handler: $Id: mm-handler,v 1.2 2002/04/05 19:41:09 bwarsaw Exp $ Received: from prime2 ([203.115.112.150]) by bkserver.blacknight.ie (8.13.1/8.13.1) with SMTP id k42NkYgd011027 for ; Wed, 3 May 2006 00:46:35 +0100 Date: Wed, 3 May 2006 00:46:34 +0100 Message-Id: <200605022346.k42NkYgd011027@bkserver.blacknight.ie> From: "jayesha_shinde" To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_3.07431757450104E-02" X-Mailman-Approved-At: Sat, 20 May 2006 22:52:05 +0100 Subject: Re: X-BeenThere: mailscanner@lists.mailscanner.info X-Mailman-Version: 2.1.5 Precedence: list Reply-To: MailScanner discussion List-Id: MailScanner discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: mailscanner-bounces@lists.mailscanner.info Errors-To: mailscanner-bounces@lists.mailscanner.info Cheers, Ken Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. From ewallig at aerocontractors.com Tue May 23 17:38:57 2006 From: ewallig at aerocontractors.com (Ed Wallig) Date: Tue May 23 17:34:42 2006 Subject: OT - Viruses from mailing list. In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D013D899D@aiainsurance.com> Message-ID: <00e201c67e87$6309f700$320217ac@ACL.int> Yeah, got something similar at about the same time - firewall caught them before they even got to MailScanner but a bit unnerving. Haven't seen anything since though. - Ed -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken Goods Sent: Tuesday, May 23, 2006 12:25 PM To: MailScanner Mailing List (E-mail) Subject: OT - Viruses from mailing list. Just wondering if anyone else saw this. I received 5 of these on 5/20/06 starting at ~3:10 PST, not all the same file but the sender was the same. No problem since MailScanner, ClamAV, and Bitdefender caught them but isn't the list running some kind of AV? The following e-mails were found to have: Virus Detected Sender: mailscanner-bounces@lists.mailscanner.info IP Address: 83.98.166.45 Recipient: kgoods@aiainsurance.com Subject: Re: MessageID: k4KMTb5H031184 Quarantine: /var/spool/MailScanner/quarantine/20060520/k4KMTb5H031184 Report: ClamAV: Video_part.mim contains Worm.VB-9 Bitdefender: Found virus Win32.Nyxem.E@mm in file Video_part.mim Full headers are: Return-Path: Received: from bkserver.blacknight.ie (bkserver.blacknight.ie [83.98.166.45]) by gw-mail.aiainsurance.com (8.13.1/8.13.1) with ESMTP id k4KMTb5H031184 for ; Sat, 20 May 2006 15:29:37 -0700 Received: from bkserver.blacknight.ie (bkserver.blacknight.ie [127.0.0.1]) by bkserver.blacknight.ie (8.13.1/8.13.1) with ESMTP id k4KMRib7030833; Sat, 20 May 2006 23:27:58 +0100 X-Mailman-Handler: $Id: mm-handler,v 1.2 2002/04/05 19:41:09 bwarsaw Exp $ Received: from prime2 ([203.115.112.150]) by bkserver.blacknight.ie (8.13.1/8.13.1) with SMTP id k42NkYgd011027 for ; Wed, 3 May 2006 00:46:35 +0100 Date: Wed, 3 May 2006 00:46:34 +0100 Message-Id: <200605022346.k42NkYgd011027@bkserver.blacknight.ie> From: "jayesha_shinde" To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_3.07431757450104E-02" X-Mailman-Approved-At: Sat, 20 May 2006 22:52:05 +0100 Subject: Re: X-BeenThere: mailscanner@lists.mailscanner.info X-Mailman-Version: 2.1.5 Precedence: list Reply-To: MailScanner discussion List-Id: MailScanner discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: mailscanner-bounces@lists.mailscanner.info Errors-To: mailscanner-bounces@lists.mailscanner.info Cheers, Ken Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4493 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060523/1211fde6/smime.bin From rpoe at plattesheriff.org Tue May 23 17:44:00 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Tue May 23 17:44:26 2006 Subject: Getting pounded .. sigh In-Reply-To: References: <4471A70B.65ED.00A2.0@plattesheriff.org> Message-ID: <4472F585.65ED.00A2.0@plattesheriff.org> They were sending repeated messages to an email list that I run .. Same message over and over, they got around a 29.34 on the spamassassin score .. It was some fat burning something .. They sent to the mailing list and the -owner address 2600 times yesterday. >>> maillists@conactive.com 5/22/2006 2:31:19 PM >>> Rob Poe wrote on Mon, 22 May 2006 11:56:55 -0500: > 193.252.22.157 > 193.252.22.158 > > Which is smtp1.wanadoo.co.uk and smtp2.wanadoo.co.uk It's an Internet access provider/Freemail provider of French origin who's obviously spanned to the UK (and some other countries). I don't see nothing "bad" in your logs other than you seem to get a lot of mail from them. Of course, it's possible that it's only spam coming from there, but "wanadoo" per se is not a spammer and these are genuine SMTP servers for their customers. AFAIK, their track record concerning abuse reaction is not good to say the least Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From rpoe at plattesheriff.org Tue May 23 17:46:53 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Tue May 23 17:47:12 2006 Subject: Getting pounded .. sigh In-Reply-To: <00dd01c67e40$3d56e730$3004010a@martinhlaptop> References: <4471A70B.65ED.00A2.0@plattesheriff.org> <00dd01c67e40$3d56e730$3004010a@martinhlaptop> Message-ID: <4472F633.65ED.00A2.0@plattesheriff.org> I run a secondary MX for one customer, which gets the poo hit out of it (only 1 or so make it through, though) but the more important thing I do is spam/virus check mail that gets forwarded to customer email systems (i.e. Groupwise). If they change / add / delete a user, I have to find some way to forward check (yes, I know about milter-ahead, and I still have not decided to use or not use it yet, and I'm not switching to postfix) to see if it's valid. I do reject non-valid addresses to local domains. >>> martinh@solid-state-logic.com 5/23/2006 3:09:36 AM >>> Rob I trick I use is to drop all email to non-valid emails addresses on the incoming MTA. I drop well over 66% of my email traffic that way and reduces the chances of having to add another ISP into ip-tables (or whatever). Of course some people don't do this as they thing the spammers will be able to find valid addresses as a result. Of course my MS/SA setup is pretty tight and I don't have to worry about that ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rob Poe > Sent: 22 May 2006 17:57 > To: MailScanner discussion > Subject: Getting pounded .. sigh > > My mail server is getting POUNDED from > 193.252.22.157 > 193.252.22.158 > > Which is smtp1.wanadoo.co.uk and smtp2.wanadoo.co.uk > > I blacklisted the whole 193.252.22.x > > They're targeting my list server, and SpamAssassin is grabbing them > (along with the fact that the list server is membership only!!) > > but I'm getting one every 5-10 seconds!! > > grep 193.252.22 /var/log/maillog | wc > 1863 62955 710320 > > May 22 11:49:02 mail sendmail[30768]: ruleset=check_relay, > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > [193.252.22.157], reject=583 5.0.0 Get lost.. > May 22 11:49:07 mail sendmail[30769]: ruleset=check_relay, > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > [193.252.22.157], reject=583 5.0.0 Get lost.. > May 22 11:49:13 mail sendmail[30770]: ruleset=check_relay, > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > [193.252.22.157], reject=583 5.0.0 Get lost.. > May 22 11:49:27 mail sendmail[30774]: ruleset=check_relay, > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > [193.252.22.157], reject=583 5.0.0 Get lost.. > May 22 11:49:29 mail sendmail[30775]: ruleset=check_relay, > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > [193.252.22.157], reject=583 5.0.0 Get lost.. > May 22 11:49:41 mail sendmail[30777]: ruleset=check_relay, > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk > [193.252.22.157], reject=583 5.0.0 Get lost.. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From rpoe at plattesheriff.org Tue May 23 17:52:51 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Tue May 23 17:53:09 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: à References: <446F8E53.5080407@ecs.soton.ac.uk> à Message-ID: <4472F799.65ED.00A2.0@plattesheriff.org> >So the next step is to get together the best times of year to visit >everyone and put a timetable together. >So, what are your best, prettiest, loveliest times of year where each of >you happen to live? You definately do NOT want to be in Kansas City in the hot part .. May-Sept. It can get to +100 with +97% humidity.. It's enough to bake your legs to the leather seat of your car.. Fall is nice, as is spring. Winter can be a mix. Anywhere from -10 to +65 From MailScanner at ecs.soton.ac.uk Tue May 23 18:04:37 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 23 18:04:47 2006 Subject: Getting pounded .. sigh In-Reply-To: <4472F633.65ED.00A2.0@plattesheriff.org> References: <4471A70B.65ED.00A2.0@plattesheriff.org> <00dd01c67e40$3d56e730$3004010a@martinhlaptop> <4472F633.65ED.00A2.0@plattesheriff.org> Message-ID: <447340A5.8030406@ecs.soton.ac.uk> I thoroughly recommend milter-ahead, it is very useful indeed, and remarkably efficient and well thought out. Rob Poe wrote: > I run a secondary MX for one customer, which gets the poo hit out of it > (only 1 or so make it through, though) but the more important thing I do > is spam/virus check mail that gets forwarded to customer email systems > (i.e. Groupwise). If they change / add / delete a user, I have to find > some way to forward check (yes, I know about milter-ahead, and I still > have not decided to use or not use it yet, and I'm not switching to > postfix) to see if it's valid. I do reject non-valid addresses to local > domains. > > > > >>>> martinh@solid-state-logic.com 5/23/2006 3:09:36 AM >>> >>>> > Rob > > I trick I use is to drop all email to non-valid emails addresses on > the > incoming MTA. I drop well over 66% of my email traffic that way and > reduces > the chances of having to add another ISP into ip-tables (or whatever). > > Of course some people don't do this as they thing the spammers will be > able > to find valid addresses as a result. Of course my MS/SA setup is > pretty > tight and I don't have to worry about that ;-) > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> > [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Rob Poe >> Sent: 22 May 2006 17:57 >> To: MailScanner discussion >> Subject: Getting pounded .. sigh >> >> My mail server is getting POUNDED from >> 193.252.22.157 >> 193.252.22.158 >> >> Which is smtp1.wanadoo.co.uk and smtp2.wanadoo.co.uk >> >> I blacklisted the whole 193.252.22.x >> >> They're targeting my list server, and SpamAssassin is grabbing them >> (along with the fact that the list server is membership only!!) >> >> but I'm getting one every 5-10 seconds!! >> >> grep 193.252.22 /var/log/maillog | wc >> 1863 62955 710320 >> >> May 22 11:49:02 mail sendmail[30768]: ruleset=check_relay, >> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, >> > relay=smtp2.wanadoo.co.uk > >> [193.252.22.157], reject=583 5.0.0 Get lost.. >> May 22 11:49:07 mail sendmail[30769]: ruleset=check_relay, >> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, >> > relay=smtp2.wanadoo.co.uk > >> [193.252.22.157], reject=583 5.0.0 Get lost.. >> May 22 11:49:13 mail sendmail[30770]: ruleset=check_relay, >> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, >> > relay=smtp2.wanadoo.co.uk > >> [193.252.22.157], reject=583 5.0.0 Get lost.. >> May 22 11:49:27 mail sendmail[30774]: ruleset=check_relay, >> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, >> > relay=smtp2.wanadoo.co.uk > >> [193.252.22.157], reject=583 5.0.0 Get lost.. >> May 22 11:49:29 mail sendmail[30775]: ruleset=check_relay, >> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, >> > relay=smtp2.wanadoo.co.uk > >> [193.252.22.157], reject=583 5.0.0 Get lost.. >> May 22 11:49:41 mail sendmail[30777]: ruleset=check_relay, >> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, >> > relay=smtp2.wanadoo.co.uk > >> [193.252.22.157], reject=583 5.0.0 Get lost.. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be > clean. > > ********************************************************************** > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue May 23 18:10:18 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 23 18:10:50 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: References: Message-ID: <447341FA.5040205@ecs.soton.ac.uk> Best time so far looks to be about Easter next year. I would spend about 3 weeks doing it, so I can get to visit lots of you around the world. It should be fun. I will have a new annual-leave year then, with enough time to do it. It's a bit late to organise for this summer, and the plane fares will cost me a lot more. So we are looking at Easter '07. How does that fit with people? Is it very much the wrong time of year for anyone? I would probably plan on spending 3 nights in each place so I get a good couple of days there, with travelling on the day in between. I would like to include South Africa and New Zealand too, but I could well do those separately. Maybe them this summer, plus any others in Europe or non-USA/Canada locations? This should be fun! Kevin Miller wrote: > Dimitri Yioulos wrote: > > >> I'd love to join, as I lived in that great city for a few years). Do >> New York, then up the coast to Boston, where I currently live. It's >> a wonderful place with lots of history. Also fun, as there are many >> > > Just a warning Jules - don't let the Bostonians invite you out for tea! > > > > ...Kevin > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From Kevin_Miller at ci.juneau.ak.us Tue May 23 18:17:12 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue May 23 18:17:20 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! Message-ID: Julian Field wrote: > Best time so far looks to be about Easter next year. I would spend > about 3 weeks doing it, so I can get to visit lots of you around the > world. It should be fun. I will have a new annual-leave year then, > with enough time to do it. It's a bit late to organise for this > summer, and the plane fares will cost me a lot more. > > So we are looking at Easter '07. How does that fit with people? Is it > very much the wrong time of year for anyone? I would probably plan on > spending 3 nights in each place so I get a good couple of days there, > with travelling on the day in between. > > I would like to include South Africa and New Zealand too, but I could > well do those separately. Maybe them this summer, plus any others in > Europe or non-USA/Canada locations? > > This should be fun! That sounds like a good plan. Not sure when Easter is, but if you're into folk music the Alaska Folk Fest. (http://akfolkfest.org/) will be going on around that time: The 33rd Alaska Folk Festival is scheduled for April 9-15, 2007. A week of free music, dancing and revelry. Being free, with some acts you get exactly your money's worth, others are quite good. ;-) Perhaps we'll see you then... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From chris at tac.esi.net Tue May 23 18:21:09 2006 From: chris at tac.esi.net (Chris Hammond) Date: Tue May 23 18:21:21 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <447341FA.5040205@ecs.soton.ac.uk> References: <447341FA.5040205@ecs.soton.ac.uk> Message-ID: <44730C4E.B662.0038.0@tac.esi.net> Fits fine. From Virginia Beach, you would be within 5 hours of DC and some other nice areas in the Mid East. Chris >>> MailScanner@ecs.soton.ac.uk 05/23/06 1:10 pm >>> Best time so far looks to be about Easter next year. I would spend about 3 weeks doing it, so I can get to visit lots of you around the world. It should be fun. I will have a new annual- leave year then, with enough time to do it. It's a bit late to organise for this summer, and the plane fares will cost me a lot more. So we are looking at Easter '07. How does that fit with people? Is it very much the wrong time of year for anyone? I would probably plan on spending 3 nights in each place so I get a good couple of days there, with travelling on the day in between. I would like to include South Africa and New Zealand too, but I could well do those separately. Maybe them this summer, plus any others in Europe or non- USA/Canada locations? This should be fun! Kevin Miller wrote: > Dimitri Yioulos wrote: > > >> I'd love to join, as I lived in that great city for a few years). Do >> New York, then up the coast to Boston, where I currently live. It's >> a wonderful place with lots of history. Also fun, as there are many >> > > Just a warning Jules - don't let the Bostonians invite you out for tea! > > > > ...Kevin > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jaearick at colby.edu Tue May 23 18:32:56 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Tue May 23 18:37:00 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <447341FA.5040205@ecs.soton.ac.uk> References: <447341FA.5040205@ecs.soton.ac.uk> Message-ID: Julian, Easter 2007 is April 8. Maine is still a bit raw at that time of year. Start in the southern US and go north during your three weeks, it will (hopefully) be nicer here in late April. Don't miss the cherry blossoms in Washington DC if you are going there. Jeff Earickson On Tue, 23 May 2006, Julian Field wrote: > Date: Tue, 23 May 2006 18:10:18 +0100 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: MailScanner ANNOUNCEMENT: Your Software Needs You! > > Best time so far looks to be about Easter next year. I would spend about 3 > weeks doing it, so I can get to visit lots of you around the world. It should > be fun. I will have a new annual-leave year then, with enough time to do it. > It's a bit late to organise for this summer, and the plane fares will cost me > a lot more. > > So we are looking at Easter '07. How does that fit with people? Is it very > much the wrong time of year for anyone? I would probably plan on spending 3 > nights in each place so I get a good couple of days there, with travelling on > the day in between. > > I would like to include South Africa and New Zealand too, but I could well do > those separately. Maybe them this summer, plus any others in Europe or > non-USA/Canada locations? > > This should be fun! > > > Kevin Miller wrote: >> Dimitri Yioulos wrote: >> >> >>> I'd love to join, as I lived in that great city for a few years). Do >>> New York, then up the coast to Boston, where I currently live. It's >>> a wonderful place with lots of history. Also fun, as there are many >>> >> >> Just a warning Jules - don't let the Bostonians invite you out for tea! >> >> >> >> ...Kevin >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From dnsadmin at 1bigthink.com Tue May 23 18:41:10 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Tue May 23 18:41:23 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <44730C4E.B662.0038.0@tac.esi.net> References: <447341FA.5040205@ecs.soton.ac.uk> <44730C4E.B662.0038.0@tac.esi.net> Message-ID: <7.0.1.0.0.20060523133631.08ac03c8@1bigthink.com> Hello Julian, Sorry to top-post, it seems to fit the flow, here. The National Cherry blossom festival in Washington D.C. occurs March 31-April 15. http://www.nationalcherryblossomfestival.org/cms/index.php?id=390 More museums and monuments than you could see in three days, but you could definitely see your interests in that amount of time. At 01:21 PM 5/23/2006, you wrote: >Fits fine. From Virginia Beach, you would be within 5 hours of DC >and some other nice areas >in the Mid East. > >Chris > > >>> MailScanner@ecs.soton.ac.uk 05/23/06 1:10 pm >>> >Best time so far looks to be about Easter next year. I would spend about >3 weeks doing it, so I can get to visit lots of you around the world. It >should be fun. I will have a new annual- leave year then, with enough >time to do it. It's a bit late to organise for this summer, and the >plane fares will cost me a lot more. > >So we are looking at Easter '07. How does that fit with people? Is it >very much the wrong time of year for anyone? I would probably plan on >spending 3 nights in each place so I get a good couple of days there, >with travelling on the day in between. > >I would like to include South Africa and New Zealand too, but I could >well do those separately. Maybe them this summer, plus any others in >Europe or non- USA/Canada locations? > >This should be fun! > > >Kevin Miller wrote: > > Dimitri Yioulos wrote: > > > > > >> I'd love to join, as I lived in that great city for a few years). Do > >> New York, then up the coast to Boston, where I currently live. It's > >> a wonderful place with lots of history. Also fun, as there are many > >> > > > > Just a warning Jules - don't let the Bostonians invite you out for tea! > > > > > > > > ...Kevin > > > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. >MailScanner thanks transtec Computers for their support. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From uxbod at splatnix.net Tue May 23 19:48:51 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Tue May 23 18:49:42 2006 Subject: Error Message Message-ID: <20060523184851.3cbc026b@cyborg> Hi, just noticed this error :- "You need to set the SpamAssassin User State Dir to a directory that Run As User can write to" what have I missed from the install ? Thanks, -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dyioulos at firstbhph.com Tue May 23 19:10:03 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Tue May 23 19:10:09 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: References: <447341FA.5040205@ecs.soton.ac.uk> Message-ID: <200605231410.03602.dyioulos@firstbhph.com> On Tuesday May 23 2006 1:32 pm, Jeff A. Earickson wrote: > Julian, > > Easter 2007 is April 8. Maine is still a bit raw at that time of > year. Start in the southern US and go north during your three weeks, > it will (hopefully) be nicer here in late April. Don't miss the > cherry blossoms in Washington DC if you are going there. > > Jeff Earickson > I second that. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Tue May 23 19:14:05 2006 From: alex at nkpanama.com (Alex Neuman) Date: Tue May 23 19:14:13 2006 Subject: Laggy List Server?? In-Reply-To: References: <4472209E.6090307@nkpanama.com> Message-ID: <447350ED.3070707@nkpanama.com> Res wrote: > On Mon, 22 May 2006, Alex Neuman wrote: > >> Res wrote: >>> >>> And it's common amongst a few post headers I looked at... >>> I wonder if list daddy has in his sendmail.mc >>> define(`confSEPARATE_PROC',`True')dnl >>> >>> >> >> Just for curiosity's sake, what does that do, exactly? >> > > typically if you have 200 msgs to send sendmail by default sends 1 by > 1 with this its sends 200 at once (hence the sep process), the same as > qmail does, you can limit this if it becomes an issue with queue size > features, but we've never found it to be any problem. > > I'm going to look into it. Is there a way to set a maximum number of processes (or children)? From alex at nkpanama.com Tue May 23 19:17:14 2006 From: alex at nkpanama.com (Alex Neuman) Date: Tue May 23 19:17:05 2006 Subject: Laggy List Server?? In-Reply-To: <36111.194.70.180.170.1148385812.squirrel@webmail.r-bit.net> References: <4472209E.6090307@nkpanama.com> <1148381389.26589.0.camel@localhost.localdomain> <1148382257.26589.2.camel@localhost.localdomain> <223f97700605230422u7575c911r412342500a60f2c2@mail.gmail.com> <36111.194.70.180.170.1148385812.squirrel@webmail.r-bit.net> Message-ID: <447351AA.20806@nkpanama.com> Drew Marshall wrote: > On Tue, May 23, 2006 12:22, Glenn Steen wrote: > >> On 23/05/06, Paul Kelly :: Blacknight wrote: >> >>> hmmm 6 minutes >>> >>> /me beats sendmail with a stick >>> >>> >>> >> On a tangent matter, was I the only one to receive some Nyxem virus >> mails through the list recently (on Sunday... Can provide more info on >> request)? >> Doesn't the list get "MailScannered"...? >> > > No, you weren't alone. I got them too. > > I don't think the list gets scanned, I seem to remember it was on a to-do > list. > > Drew > > > I never get to see any viruses because I'm using clamav-milter. It's worked wonders for low-volume servers every time I've installed it; and with it I've been able to get around the "scan for spam before scanning for viruses" limitat^H^H^H^H^H^H^H^H^H feature of MailScanner. :-) The funny thing is when other admins look at my mailwatch stats and see "0" viruses... they think I must be doing something wrong, or that I'm impossibly lucky! From lshaw at emitinc.com Tue May 23 19:24:01 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Tue May 23 19:24:14 2006 Subject: user override of scanning? Message-ID: Hi everyone, I'm having a bit of a problem with figuring out the best way to deal with quarantined messages. I run a mail server for a company that, it just so happens, really does need to send and receive executables in the mail pretty regularly. We are often sending Windows-based software back and forth with customers. This means many of the file types that MailScanner looks for are things that we sometimes need to send or receive. For example, .exe files, VB scripts, and .cab files. Presently, the way I've been dealing with this is to comment out the rule that catches a particular file type in filename.rules.conf whenever a user tells me it blocked a legitimate attachment of theirs, then have them re-send it. This works OK, but (a) it means they can't send until they can contact me (what if I'm on vacation?), and (b) I feel like eventually I'm going to converge on having commented out virtually every "deny" rule in filename.rules.conf. Some possible solutions that I've thought of: (1) Set up a rule not to scan any message that originates locally. I've already done this, and it works, but it eliminates the protection we'd have if a PC here did get a virus. With this exception in place, an infected PC here has nothing blocking it from propagate through our server. And I think that means it can spread from one PC to another within our organization. Plus this doesn't address the problem of allowing outsiders to send legitimate attachments in. (2) Create some kind of user override for scanning so that if a user gets a failure message back, they can use a secret handshake when they send it again which will tell MailScanner to let it through. Maybe a magic word in the body or subject of the mail, or a special header. (3) Set up MailScanner so that password-protected zip files are left alone. Then the users can override filtering by putting things in a password-protected zip file. This is a bit tedious for the users, though maybe not too bad. Plus IIRC some viruses spread data around by using just such a loophole. (4) A web interface to allow users to pull things out of quarantine. This requires an HTTP server on the mail server, which is a negative. Plus, unless I allow HTTP traffic from the outside world, it doesn't solve the end of the problem where a customer wants to send something TO us. So, are there any bright ideas I'm missing? Or maybe standard practices in this area? - Logan From MailScanner at ecs.soton.ac.uk Tue May 23 19:33:06 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 23 19:33:14 2006 Subject: user override of scanning? In-Reply-To: References: Message-ID: <44735562.8080102@ecs.soton.ac.uk> If you always have some sort of admin person in place, then we have an admin-authorised quarantine release system. This is mostly intended for in-bound mail though might work for outbound mail as well. Contact apl@ecs.soton.ac.uk for more information on that, he's developing it, not me. Other than that a Custom Function that checked the Subject: line and used it to control the Virus Checks = configuration option would be very easy to write. Send me your spec for a price quote. Logan Shaw wrote: > Hi everyone, > > I'm having a bit of a problem with figuring out the best > way to deal with quarantined messages. > > I run a mail server for a company that, it just so happens, > really does need to send and receive executables in the mail > pretty regularly. We are often sending Windows-based software > back and forth with customers. This means many of the file > types that MailScanner looks for are things that we sometimes > need to send or receive. For example, .exe files, VB scripts, > and .cab files. > > Presently, the way I've been dealing with this is to > comment out the rule that catches a particular file type in > filename.rules.conf whenever a user tells me it blocked a > legitimate attachment of theirs, then have them re-send it. > This works OK, but (a) it means they can't send until they > can contact me (what if I'm on vacation?), and (b) I feel > like eventually I'm going to converge on having commented out > virtually every "deny" rule in filename.rules.conf. > > Some possible solutions that I've thought of: > > (1) Set up a rule not to scan any message that originates > locally. I've already done this, and it works, but it > eliminates the protection we'd have if a PC here did > get a virus. With this exception in place, an infected > PC here has nothing blocking it from propagate through > our server. And I think that means it can spread from > one PC to another within our organization. Plus this > doesn't address the problem of allowing outsiders to > send legitimate attachments in. > > (2) Create some kind of user override for scanning so that > if a user gets a failure message back, they can use a > secret handshake when they send it again which will tell > MailScanner to let it through. Maybe a magic word in > the body or subject of the mail, or a special header. > > (3) Set up MailScanner so that password-protected zip files > are left alone. Then the users can override filtering > by putting things in a password-protected zip file. > This is a bit tedious for the users, though maybe not > too bad. Plus IIRC some viruses spread data around > by using just such a loophole. > > (4) A web interface to allow users to pull things out of > quarantine. This requires an HTTP server on the mail > server, which is a negative. Plus, unless I allow HTTP > traffic from the outside world, it doesn't solve the end of > the problem where a customer wants to send something TO us. > > So, are there any bright ideas I'm missing? Or maybe standard > practices in this area? > > - Logan -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From jasons at wcoil.com Tue May 23 19:41:44 2006 From: jasons at wcoil.com (Jason Stechschulte) Date: Tue May 23 19:41:47 2006 Subject: Required SpamAssassin Score Message-ID: <20060523184144.GP22983@tank.wcoil.com> I am trying to allow my users to set their own Required SpamAssassin Score via a mysql database, but I am having some issues. I have the following in MailScanner.conf: Required SpamAssassin Score = &SQLReqSpamScore In SQLReqSpamScore.pm, it seems I am passed the $message variable only. If there is only one recipient in $message->{to} this works fine. However when there are multiple recipients in $message->{to} I don't seem to always get the setting for the correct user. Is there a way to know inside of SQLReqSpamScore.pm which user we are currently delivering the message for? I have looked over the variables that are set within $message and can't seem to find what I am looking for. If this isn't possible, is there another way to accomplish this that might work better? -- Jason Stechschulte Network Administrator West Central Ohio Internet Link Lima, OH USA -- Though I'll admit readability suffers slightly... -- Larry Wall in <2969@jato.Jpl.Nasa.Gov> -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dave.list at pixelhammer.com Tue May 23 19:41:53 2006 From: dave.list at pixelhammer.com (DAve) Date: Tue May 23 19:42:25 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <447341FA.5040205@ecs.soton.ac.uk> References: <447341FA.5040205@ecs.soton.ac.uk> Message-ID: <44735771.1010709@pixelhammer.com> Julian Field wrote: > Best time so far looks to be about Easter next year. I would spend about > 3 weeks doing it, so I can get to visit lots of you around the world. It > should be fun. I will have a new annual-leave year then, with enough > time to do it. It's a bit late to organise for this summer, and the > plane fares will cost me a lot more. > > So we are looking at Easter '07. How does that fit with people? Is it > very much the wrong time of year for anyone? I would probably plan on > spending 3 nights in each place so I get a good couple of days there, > with travelling on the day in between. > > I would like to include South Africa and New Zealand too, but I could > well do those separately. Maybe them this summer, plus any others in > Europe or non-USA/Canada locations? Well as much as I am proud to be a Hoosier, (I actually consider myself a Texan, spent 16 years there in the USAF, married, both sons born there) you only have three weeks! You should see DC, New York, and the Pacific Northwest (Seattle/Alaska). A whirlwind "MailScanner World Tour" should see the sights first. Indiana can only offer home town hospitality, good cookin', and friendly people. If you come, we would love to have you. If you had more time, I would suggest crossing the USA coast to coast. Stay off the interstates, hit the small towns, Maine to western New York, down the Appalachians, up through Tennessee to Indiana and Wisconsin, across the Great Plains to Texas and Oklahoma, over the Rockies to Seattle and down Highway 101 to San Diego. Do it on a motorcycle, you would never be the same ;^) DAve > > This should be fun! > > > Kevin Miller wrote: >> Dimitri Yioulos wrote: >> >> >>> I'd love to join, as I lived in that great city for a few years). Do >>> New York, then up the coast to Boston, where I currently live. It's >>> a wonderful place with lots of history. Also fun, as there are many >>> >> >> Just a warning Jules - don't let the Bostonians invite you out for tea! >> >> >> >> ...Kevin >> > -- This message was checked by forty monkeys and found to not contain any SPAM whatsoever. Your monkeys may vary From MailScanner at ecs.soton.ac.uk Tue May 23 19:51:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 23 19:51:54 2006 Subject: Required SpamAssassin Score In-Reply-To: <20060523184144.GP22983@tank.wcoil.com> References: <20060523184144.GP22983@tank.wcoil.com> Message-ID: <447359B3.8070300@ecs.soton.ac.uk> Jason Stechschulte wrote: > I am trying to allow my users to set their own Required SpamAssassin > Score via a mysql database, but I am having some issues. > > I have the following in MailScanner.conf: > Required SpamAssassin Score = &SQLReqSpamScore > > > In SQLReqSpamScore.pm, it seems I am passed the $message variable only. > If there is only one recipient in $message->{to} this works fine. > However when there are multiple recipients in $message->{to} I don't > seem to always get the setting for the correct user. > > Is there a way to know inside of SQLReqSpamScore.pm which user we are > currently delivering the message for? I have looked over the variables > that are set within $message and can't seem to find what I am looking > for. > > If this isn't possible, is there another way to accomplish this that > might work better? > If you can possibly pay me for it, I have some code which will solve this problem for you. It copes with different spam thresholds for each user, and removes individual recipients from messages so it is only sent to those recipients whose spam thresholds allow it. We use it internally on our campus with great success. It did take many hours to write, so I would really like some money for it. You are looking at about 20 hours work, so please work out what 20 hours of development time would cost you, if you had developers who already knew MailScanner inside and out. I really don't want to give it away for free, if at all possible. I put a lot of work into it, my own time, and it's not core functionality. But you feed it a DB file mapping email addresses onto spam thresholds, and it will deliver each message only to those people whose spam thresholds are greater than the score assigned to the message, which is pretty much exactly what you need. I look forward to hearing from you. Regards, Jules. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From chris at tac.esi.net Tue May 23 19:53:38 2006 From: chris at tac.esi.net (Chris Hammond) Date: Tue May 23 19:53:44 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <44735771.1010709@pixelhammer.com> References: <447341FA.5040205@ecs.soton.ac.uk> <44735771.1010709@pixelhammer.com> Message-ID: <447321FB.B662.0038.0@tac.esi.net> That would be an awesome trip. Sounds like we need to get a bunch of people together and create A whirlwind "MailScanner World Tour" convoy and take over where ever we go! I'm game, anyone else? Chris >>> dave.list@pixelhammer.com 05/23/06 2:41 pm >>> Julian Field wrote: > Best time so far looks to be about Easter next year. I would spend about > 3 weeks doing it, so I can get to visit lots of you around the world. It > should be fun. I will have a new annual- leave year then, with enough > time to do it. It's a bit late to organise for this summer, and the > plane fares will cost me a lot more. > > So we are looking at Easter '07. How does that fit with people? Is it > very much the wrong time of year for anyone? I would probably plan on > spending 3 nights in each place so I get a good couple of days there, > with travelling on the day in between. > > I would like to include South Africa and New Zealand too, but I could > well do those separately. Maybe them this summer, plus any others in > Europe or non- USA/Canada locations? Well as much as I am proud to be a Hoosier, (I actually consider myself a Texan, spent 16 years there in the USAF, married, both sons born there) you only have three weeks! You should see DC, New York, and the Pacific Northwest (Seattle/Alaska). A whirlwind "MailScanner World Tour" should see the sights first. Indiana can only offer home town hospitality, good cookin', and friendly people. If you come, we would love to have you. If you had more time, I would suggest crossing the USA coast to coast. Stay off the interstates, hit the small towns, Maine to western New York, down the Appalachians, up through Tennessee to Indiana and Wisconsin, across the Great Plains to Texas and Oklahoma, over the Rockies to Seattle and down Highway 101 to San Diego. Do it on a motorcycle, you would never be the same ;^) DAve > > This should be fun! > > > Kevin Miller wrote: >> Dimitri Yioulos wrote: >> >> >>> I'd love to join, as I lived in that great city for a few years). Do >>> New York, then up the coast to Boston, where I currently live. It's >>> a wonderful place with lots of history. Also fun, as there are many >>> >> >> Just a warning Jules - don't let the Bostonians invite you out for tea! >> >> >> >> ...Kevin >> > -- This message was checked by forty monkeys and found to not contain any SPAM whatsoever. Your monkeys may vary -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue May 23 19:55:14 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 23 19:55:24 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <44735771.1010709@pixelhammer.com> References: <447341FA.5040205@ecs.soton.ac.uk> <44735771.1010709@pixelhammer.com> Message-ID: <44735A92.8070300@ecs.soton.ac.uk> DAve wrote: > Julian Field wrote: >> Best time so far looks to be about Easter next year. I would spend >> about 3 weeks doing it, so I can get to visit lots of you around the >> world. It should be fun. I will have a new annual-leave year then, >> with enough time to do it. It's a bit late to organise for this >> summer, and the plane fares will cost me a lot more. >> >> So we are looking at Easter '07. How does that fit with people? Is it >> very much the wrong time of year for anyone? I would probably plan on >> spending 3 nights in each place so I get a good couple of days there, >> with travelling on the day in between. >> >> I would like to include South Africa and New Zealand too, but I could >> well do those separately. Maybe them this summer, plus any others in >> Europe or non-USA/Canada locations? > > Well as much as I am proud to be a Hoosier, (I actually consider > myself a Texan, spent 16 years there in the USAF, married, both sons > born there) you only have three weeks! I have been to DC and NY before, so don't need to stop there for long, if at all, just to say hello. I might go to DC this summer for a few days anyway (Steve ---- you up for that?) > You should see DC, New York, and the Pacific Northwest > (Seattle/Alaska). A whirlwind "MailScanner World Tour" should see the > sights first. Indiana can only offer home town hospitality, good > cookin', and friendly people. If you come, we would love to have you. That's great, thanks! I might be able to stretch it a bit, or else I will have to splite it into 2 trips (or is that 3 now, including S.A. and New Zealand?) > If you had more time, I would suggest crossing the USA coast to coast. > Stay off the interstates, hit the small towns, Maine to western New > York, down the Appalachians, up through Tennessee to Indiana and > Wisconsin, across the Great Plains to Texas and Oklahoma, over the > Rockies to Seattle and down Highway 101 to San Diego. A U.S. only tour sounds increasingly likely here. I could do Alaska and Canada in a separate trip. (My G*d, this is turning into a set of trips, we're up to 3 now!) > > Do it on a motorcycle, you would never be the same ;^) Probably spread all over the road like tomato paste :-) > > DAve > >> >> This should be fun! >> >> >> Kevin Miller wrote: >>> Dimitri Yioulos wrote: >>> >>> >>>> I'd love to join, as I lived in that great city for a few years). Do >>>> New York, then up the coast to Boston, where I currently live. It's >>>> a wonderful place with lots of history. Also fun, as there are many >>>> >>> >>> Just a warning Jules - don't let the Bostonians invite you out for tea! >>> >>> >>> >>> ...Kevin >>> >> > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue May 23 19:57:39 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 23 19:57:54 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <44735771.1010709@pixelhammer.com> References: <447341FA.5040205@ecs.soton.ac.uk> <44735771.1010709@pixelhammer.com> Message-ID: <44735B23.1070203@ecs.soton.ac.uk> How about I move the trip-planning to the Wiki? Then you could start filling in bits yourselves, such as suggested routes? I will create a "World Tour" section containing "Trips" containing suggested stops and then dates and finally places etc.) ? Sound good to you guys? We have gone slightly O.T. I notice :-) DAve wrote: > Julian Field wrote: >> Best time so far looks to be about Easter next year. I would spend >> about 3 weeks doing it, so I can get to visit lots of you around the >> world. It should be fun. I will have a new annual-leave year then, >> with enough time to do it. It's a bit late to organise for this >> summer, and the plane fares will cost me a lot more. >> >> So we are looking at Easter '07. How does that fit with people? Is it >> very much the wrong time of year for anyone? I would probably plan on >> spending 3 nights in each place so I get a good couple of days there, >> with travelling on the day in between. >> >> I would like to include South Africa and New Zealand too, but I could >> well do those separately. Maybe them this summer, plus any others in >> Europe or non-USA/Canada locations? > > Well as much as I am proud to be a Hoosier, (I actually consider > myself a Texan, spent 16 years there in the USAF, married, both sons > born there) you only have three weeks! > > You should see DC, New York, and the Pacific Northwest > (Seattle/Alaska). A whirlwind "MailScanner World Tour" should see the > sights first. Indiana can only offer home town hospitality, good > cookin', and friendly people. If you come, we would love to have you. > > If you had more time, I would suggest crossing the USA coast to coast. > Stay off the interstates, hit the small towns, Maine to western New > York, down the Appalachians, up through Tennessee to Indiana and > Wisconsin, across the Great Plains to Texas and Oklahoma, over the > Rockies to Seattle and down Highway 101 to San Diego. > > Do it on a motorcycle, you would never be the same ;^) > > DAve > >> >> This should be fun! >> >> >> Kevin Miller wrote: >>> Dimitri Yioulos wrote: >>> >>> >>>> I'd love to join, as I lived in that great city for a few years). Do >>>> New York, then up the coast to Boston, where I currently live. It's >>>> a wonderful place with lots of history. Also fun, as there are many >>>> >>> >>> Just a warning Jules - don't let the Bostonians invite you out for tea! >>> >>> >>> >>> ...Kevin >>> >> > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From Denis.Beauchemin at USherbrooke.ca Tue May 23 20:09:15 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue May 23 20:09:42 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <44735771.1010709@pixelhammer.com> References: <447341FA.5040205@ecs.soton.ac.uk> <44735771.1010709@pixelhammer.com> Message-ID: <44735DDB.9020708@USherbrooke.ca> DAve a ?crit : > Julian Field wrote: >> Best time so far looks to be about Easter next year. I would spend >> about 3 weeks doing it, so I can get to visit lots of you around the >> world. It should be fun. I will have a new annual-leave year then, >> with enough time to do it. It's a bit late to organise for this >> summer, and the plane fares will cost me a lot more. >> > You should see DC, New York, and the Pacific Northwest > (Seattle/Alaska). A whirlwind "MailScanner World Tour" should see the > sights first. Indiana can only offer home town hospitality, good > cookin', and friendly people. If you come, we would love to have you. > > If you had more time, I would suggest crossing the USA coast to coast. > Stay off the interstates, hit the small towns, Maine to western New > York, down the Appalachians, up through Tennessee to Indiana and > Wisconsin, across the Great Plains to Texas and Oklahoma, over the > Rockies to Seattle and down Highway 101 to San Diego. > > Do it on a motorcycle, you would never be the same ;^) Last June I went to Ogunquit (a really nice place on the Atlantic, just north of Boston) on my motorcycle. I was surprised to see so many Harleys on the roads. Looks like you Americans only drive Harleys... I felt somewhat out of place on my Honda ST (Pan European on the other side of the Atlantic)... but was glad to be riding a really comfortable bike. As for food in the USA... well... we're more accustomed to refined French cuisine than to fried everything that is all over the place on your side of the border... I don't know about England, but I warn Julian nonetheless to be prepared to eat *differently*. That said, I only know about dishes served in restaurants, not homemade food. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060523/0be0f3b4/smime.bin From dyioulos at firstbhph.com Tue May 23 20:10:19 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Tue May 23 20:10:25 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <44735771.1010709@pixelhammer.com> References: <447341FA.5040205@ecs.soton.ac.uk> <44735771.1010709@pixelhammer.com> Message-ID: <200605231510.19751.dyioulos@firstbhph.com> > Well as much as I am proud to be a Hoosier, (I actually consider myself > a Texan, spent 16 years there in the USAF, married, both sons born > there) you only have three weeks! > > You should see DC, New York, and the Pacific Northwest (Seattle/Alaska). > A whirlwind "MailScanner World Tour" should see the sights first. > Indiana can only offer home town hospitality, good cookin', and friendly > people. If you come, we would love to have you. > > If you had more time, I would suggest crossing the USA coast to coast. > Stay off the interstates, hit the small towns, Maine to western New > York, down the Appalachians, up through Tennessee to Indiana and > Wisconsin, across the Great Plains to Texas and Oklahoma, over the > Rockies to Seattle and down Highway 101 to San Diego. > > Do it on a motorcycle, you would never be the same ;^) > > DAve > Gee, DAve, never mind Julian (with all due respect) - you talked ME into it. :-) Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue May 23 20:10:27 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 23 20:10:48 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <447321FB.B662.0038.0@tac.esi.net> References: <447341FA.5040205@ecs.soton.ac.uk> <44735771.1010709@pixelhammer.com> <447321FB.B662.0038.0@tac.esi.net> Message-ID: <44735E23.2070100@ecs.soton.ac.uk> I have created an area on the wiki. Go to wiki.mailscanner.info and it's at the bottom of the page. Currently designed as 3 trips, but it may be merged into 2. Please add sections for yourself, including all the information you can give! Thanks guys, this is great! Cheers Jules. Chris Hammond wrote: > That would be an awesome trip. Sounds like we need to get a bunch of people together > and create A whirlwind "MailScanner World Tour" convoy and take over where ever we go! > I'm game, anyone else? > > Chris > > >>>> dave.list@pixelhammer.com 05/23/06 2:41 pm >>> >>>> > Julian Field wrote: > >> Best time so far looks to be about Easter next year. I would spend about >> 3 weeks doing it, so I can get to visit lots of you around the world. It >> should be fun. I will have a new annual- leave year then, with enough >> time to do it. It's a bit late to organise for this summer, and the >> plane fares will cost me a lot more. >> >> So we are looking at Easter '07. How does that fit with people? Is it >> very much the wrong time of year for anyone? I would probably plan on >> spending 3 nights in each place so I get a good couple of days there, >> with travelling on the day in between. >> >> I would like to include South Africa and New Zealand too, but I could >> well do those separately. Maybe them this summer, plus any others in >> Europe or non- USA/Canada locations? >> > > Well as much as I am proud to be a Hoosier, (I actually consider myself > a Texan, spent 16 years there in the USAF, married, both sons born > there) you only have three weeks! > > You should see DC, New York, and the Pacific Northwest (Seattle/Alaska). > A whirlwind "MailScanner World Tour" should see the sights first. > Indiana can only offer home town hospitality, good cookin', and friendly > people. If you come, we would love to have you. > > If you had more time, I would suggest crossing the USA coast to coast. > Stay off the interstates, hit the small towns, Maine to western New > York, down the Appalachians, up through Tennessee to Indiana and > Wisconsin, across the Great Plains to Texas and Oklahoma, over the > Rockies to Seattle and down Highway 101 to San Diego. > > Do it on a motorcycle, you would never be the same ;^) > > DAve > > >> This should be fun! >> >> >> Kevin Miller wrote: >> >>> Dimitri Yioulos wrote: >>> >>> >>> >>>> I'd love to join, as I lived in that great city for a few years). Do >>>> New York, then up the coast to Boston, where I currently live. It's >>>> a wonderful place with lots of history. Also fun, as there are many >>>> >>>> >>> Just a warning Jules - don't let the Bostonians invite you out for tea! >>> >>> >>> >>> ...Kevin >>> >>> > > > -- > This message was checked by forty monkeys and > found to not contain any SPAM whatsoever. > > Your monkeys may vary > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From chris at tac.esi.net Tue May 23 20:13:09 2006 From: chris at tac.esi.net (Chris Hammond) Date: Tue May 23 20:13:21 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: à References: à Message-ID: <4473268E.B662.0038.0@tac.esi.net> >>> MailScanner@ecs.soton.ac.uk 05/23/06 2:55 pm >>> >> Well as much as I am proud to be a Hoosier, (I actually consider >> myself a Texan, spent 16 years there in the USAF, married, both sons >> born there) you only have three weeks! >I have been to DC and NY before, so don't need to stop there for long, >if at all, just to say hello. I might go to DC this summer for a few >days anyway (Steve ---- you up for that?) If you do, come south a little and we can feed you plenty of seafood and beer. :) >> You should see DC, New York, and the Pacific Northwest >> (Seattle/Alaska). A whirlwind "MailScanner World Tour" should see the >> sights first. Indiana can only offer home town hospitality, good >> cookin', and friendly people. If you come, we would love to have you. >That's great, thanks! I might be able to stretch it a bit, or else I >will have to splite it into 2 trips (or is that 3 now, including S.A. >and New Zealand?) Get that donation site setup. I'm sure you could get enough to offset the cost of the trip and maybe pay and extra couple of week of salary to give you more time to take things in. >A U.S. only tour sounds increasingly likely here. I could do Alaska and >Canada in a separate trip. (My G*d, this is turning into a set of trips, >we're up to 3 now!) If it keeps going like this, you may just want to move to the US for 6 months, then Canada for a few, then....... >> Do it on a motorcycle, you would never be the same ;^) >Probably spread all over the road like tomato paste :- ) Naa, stay away from the motorcycles. We would all go insane and kill ourselves if we didn't have you around to help us keep our spam under control. :) Chris From ssilva at sgvwater.com Tue May 23 20:15:43 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 23 20:14:21 2006 Subject: Error Message In-Reply-To: <20060523184851.3cbc026b@cyborg> References: <20060523184851.3cbc026b@cyborg> Message-ID: --[UxBoD]-- spake the following on 5/23/2006 11:48 AM: > Hi, > > just noticed this error :- > > "You need to set the SpamAssassin User State Dir to a directory that Run As User can write to" > > what have I missed from the install ? > > Thanks, > In the MailScanner.conf file, in the advanced spamassassin section is a place to set a spamassassin user state directory, and if you don't set one it defaults to a one; # The per-user files (bayes, auto-whitelist, user_prefs) are looked # for here and in ~/.spamassassin/. Note the files are mutable. # If this is unset then no extra places are searched for. # If using Postfix, you probably want to set this as shown in the example # line at the end of this comment, and do # mkdir /var/spool/MailScanner/spamassassin # chown postfix.postfix /var/spool/MailScanner/spamassassin # NOTE: SpamAssassin is always called from MailScanner as the same user, # and that is the "Run As" user specified above. So you can only # have 1 set of "per-user" files, it's just that you might possibly # need to modify this location. # You should not normally need to set this at all. #SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From chris at tac.esi.net Tue May 23 20:14:54 2006 From: chris at tac.esi.net (Chris Hammond) Date: Tue May 23 20:15:06 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: à References: à Message-ID: <447326F7.B662.0038.0@tac.esi.net> >>> MailScanner@ecs.soton.ac.uk 05/23/06 2:57 pm >>> >How about I move the trip- planning to the Wiki? >Then you could start filling in bits yourselves, such as suggested routes? >I will create a "World Tour" section containing "Trips" containing >suggested stops and then dates and finally places etc.)? >Sound good to you guys? We have gone slightly O.T. I notice :- ) You think? :) I think we have tripled the normal message flow of the forum. :) Chris From mike at vesol.com Tue May 23 20:18:46 2006 From: mike at vesol.com (Mike Kercher) Date: Tue May 23 20:19:03 2006 Subject: Getting pounded .. sigh Message-ID: I absolutely LOVE milter-sender! Mike > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Rob Poe > Sent: Tuesday, May 23, 2006 11:47 AM > To: 'MailScanner discussion'; martinh@solid-state-logic.com > Subject: RE: Getting pounded .. sigh > > I run a secondary MX for one customer, which gets the poo hit > out of it (only 1 or so make it through, though) but the more > important thing I do is spam/virus check mail that gets > forwarded to customer email systems (i.e. Groupwise). If > they change / add / delete a user, I have to find some way to > forward check (yes, I know about milter-ahead, and I still > have not decided to use or not use it yet, and I'm not switching to > postfix) to see if it's valid. I do reject non-valid > addresses to local domains. > > From dave.list at pixelhammer.com Tue May 23 20:27:39 2006 From: dave.list at pixelhammer.com (DAve) Date: Tue May 23 20:28:07 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <200605231510.19751.dyioulos@firstbhph.com> References: <447341FA.5040205@ecs.soton.ac.uk> <44735771.1010709@pixelhammer.com> <200605231510.19751.dyioulos@firstbhph.com> Message-ID: <4473622B.8030807@pixelhammer.com> Dimitri Yioulos wrote: > >> Well as much as I am proud to be a Hoosier, (I actually consider myself >> a Texan, spent 16 years there in the USAF, married, both sons born >> there) you only have three weeks! >> >> You should see DC, New York, and the Pacific Northwest (Seattle/Alaska). >> A whirlwind "MailScanner World Tour" should see the sights first. >> Indiana can only offer home town hospitality, good cookin', and friendly >> people. If you come, we would love to have you. >> >> If you had more time, I would suggest crossing the USA coast to coast. >> Stay off the interstates, hit the small towns, Maine to western New >> York, down the Appalachians, up through Tennessee to Indiana and >> Wisconsin, across the Great Plains to Texas and Oklahoma, over the >> Rockies to Seattle and down Highway 101 to San Diego. >> >> Do it on a motorcycle, you would never be the same ;^) >> >> DAve >> > > Gee, DAve, never mind Julian (with all due respect) - you talked ME into > it. :-) > > Dimitri > It's warm and sunny. I'm wondering why I am sitting here inside, not getting any work done 8^( I talked myself into it. -- This message was checked by forty monkeys and found to not contain any SPAM whatsoever. Your monkeys may vary From dave.list at pixelhammer.com Tue May 23 20:29:07 2006 From: dave.list at pixelhammer.com (DAve) Date: Tue May 23 20:29:35 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <44735B23.1070203@ecs.soton.ac.uk> References: <447341FA.5040205@ecs.soton.ac.uk> <44735771.1010709@pixelhammer.com> <44735B23.1070203@ecs.soton.ac.uk> Message-ID: <44736283.1080903@pixelhammer.com> Julian Field wrote: > How about I move the trip-planning to the Wiki? > Then you could start filling in bits yourselves, such as suggested routes? > I will create a "World Tour" section containing "Trips" containing > suggested stops and then dates and finally places etc.) > ? > Sound good to you guys? We have gone slightly O.T. I notice :-) My work load would appreciate it ;^) DAve > > DAve wrote: >> Julian Field wrote: >>> Best time so far looks to be about Easter next year. I would spend >>> about 3 weeks doing it, so I can get to visit lots of you around the >>> world. It should be fun. I will have a new annual-leave year then, >>> with enough time to do it. It's a bit late to organise for this >>> summer, and the plane fares will cost me a lot more. >>> >>> So we are looking at Easter '07. How does that fit with people? Is it >>> very much the wrong time of year for anyone? I would probably plan on >>> spending 3 nights in each place so I get a good couple of days there, >>> with travelling on the day in between. >>> >>> I would like to include South Africa and New Zealand too, but I could >>> well do those separately. Maybe them this summer, plus any others in >>> Europe or non-USA/Canada locations? >> >> Well as much as I am proud to be a Hoosier, (I actually consider >> myself a Texan, spent 16 years there in the USAF, married, both sons >> born there) you only have three weeks! >> >> You should see DC, New York, and the Pacific Northwest >> (Seattle/Alaska). A whirlwind "MailScanner World Tour" should see the >> sights first. Indiana can only offer home town hospitality, good >> cookin', and friendly people. If you come, we would love to have you. >> >> If you had more time, I would suggest crossing the USA coast to coast. >> Stay off the interstates, hit the small towns, Maine to western New >> York, down the Appalachians, up through Tennessee to Indiana and >> Wisconsin, across the Great Plains to Texas and Oklahoma, over the >> Rockies to Seattle and down Highway 101 to San Diego. >> >> Do it on a motorcycle, you would never be the same ;^) >> >> DAve >> >>> >>> This should be fun! >>> >>> >>> Kevin Miller wrote: >>>> Dimitri Yioulos wrote: >>>> >>>> >>>>> I'd love to join, as I lived in that great city for a few years). Do >>>>> New York, then up the coast to Boston, where I currently live. It's >>>>> a wonderful place with lots of history. Also fun, as there are many >>>>> >>>> >>>> Just a warning Jules - don't let the Bostonians invite you out for tea! >>>> >>>> >>>> >>>> ...Kevin >>>> >>> >> >> > -- This message was checked by forty monkeys and found to not contain any SPAM whatsoever. Your monkeys may vary From jasons at wcoil.com Tue May 23 21:42:17 2006 From: jasons at wcoil.com (Jason Stechschulte) Date: Tue May 23 21:42:20 2006 Subject: Required SpamAssassin Score In-Reply-To: <447359B3.8070300@ecs.soton.ac.uk> References: <20060523184144.GP22983@tank.wcoil.com> <447359B3.8070300@ecs.soton.ac.uk> Message-ID: <20060523204216.GK23313@tank.wcoil.com> On Tue, May 23, 2006 at 07:51:31PM +0100, Julian Field wrote: > If you can possibly pay me for it, I have some code which will solve > this problem for you. It copes with different spam thresholds for each > user, and removes individual recipients from messages so it is only sent > to those recipients whose spam thresholds allow it. We use it internally > on our campus with great success. This sounds interesting, but it doesn't sound like something that will work in our situation. We want the ability to deliver spam for everyone, and it sounds like your solution tosses the spam. I think my main problem is that I'm using Postfix, which from what I have read doesn't split the message before handing it to mailscanner. We may just have to not have mailscanner do spam scanning, and set it up so maildrop calls spamassassin directly. Unless I'm overlooking something simpler that is. -- Jason Stechschulte Network Administrator West Central Ohio Internet Link Lima, OH USA -- And don't tell me there isn't one bit of difference between null and space, because that's exactly how much difference there is. :-) -- Larry Wall in <10209@jpl-devvax.JPL.NASA.GOV> -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue May 23 22:43:56 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 23 22:44:09 2006 Subject: Required SpamAssassin Score In-Reply-To: <20060523204216.GK23313@tank.wcoil.com> References: <20060523184144.GP22983@tank.wcoil.com> <447359B3.8070300@ecs.soton.ac.uk> <20060523204216.GK23313@tank.wcoil.com> Message-ID: <4473821C.80209@ecs.soton.ac.uk> Jason Stechschulte wrote: > We may just have to not have mailscanner do spam scanning, and set it up > so maildrop calls spamassassin directly. Unless I'm overlooking > something simpler that is. > Your obvious alternative is, with spam scanning, to just tag and deliver, and leave it up to recipients to filter it. By default your users, if they use Thunderbird, can just trust the SpamAssassin spam headers, and MailScanner will generate the appropriate spam headers for them. But I thought you were looking for virus checking avoidance, not spam checking. Unless I read the wrong message of course :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From alex at nkpanama.com Wed May 24 00:16:30 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed May 24 00:16:53 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <00d701c67e6a$534769a0$0705000a@DDF5DW71> References: <44724A83.8090108@blacknight.ie><35385.194.70.180.170.1148374611.squirrel@webmail.r-bit.net><223f97700605230400t58b4c638lf3a5a10e17717540@mail.gmail.com> <20060523122351.C67627@defjam.cc.strath.ac.uk> <00d701c67e6a$534769a0$0705000a@DDF5DW71> Message-ID: <447397CE.60502@nkpanama.com> Steve Campbell wrote: >> Does anyone still use this MailScanner thing around here, anyway? Seems >> to be more of a social club, heh. >> > > No, because it causes swapping. BEST. LAUGH. ALL WEEK. :-) From alex at nkpanama.com Wed May 24 00:19:25 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed May 24 00:19:38 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <447341FA.5040205@ecs.soton.ac.uk> References: <447341FA.5040205@ecs.soton.ac.uk> Message-ID: <4473987D.1050000@nkpanama.com> Julian Field wrote: > So we are looking at Easter '07. How does that fit with people? Is it > very much the wrong time of year for anyone? I would probably plan on > spending 3 nights in each place so I get a good couple of days there, > with travelling on the day in between. Easter's great here in Panama... If you're up to it... From richard at helpinternet.co.uk Wed May 24 07:24:11 2006 From: richard at helpinternet.co.uk (Richard Sidlin) Date: Wed May 24 07:24:20 2006 Subject: [SAV-LINUX] On-demand scan report on [hostname] Message-ID: <000e01c67efa$ad59b8e0$7c00a8c0@b9l8xejd9bi5e7y> New installation and being bombarded with the above scan reports. How do I stop these please? Richard -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060524/6c87de1b/attachment.html From res at ausics.net Wed May 24 08:59:59 2006 From: res at ausics.net (Res) Date: Wed May 24 09:00:10 2006 Subject: Laggy List Server?? In-Reply-To: <447350ED.3070707@nkpanama.com> References: <4472209E.6090307@nkpanama.com> <447350ED.3070707@nkpanama.com> Message-ID: Hi Alex, On Tue, 23 May 2006, Alex Neuman wrote: > I'm going to look into it. Is there a way to set a maximum number of > processes (or children)? Sure is... I dont suggest you use my values unless you have gutsy hardware. define(`confMAX_DAEMON_CHILDREN',`1000')dnl define(`confMAX_QUEUE_CHILDREN',`600')dnl and if you really want, you can also play around with: define(`confMAX_QUEUE_RUN_SIZE',`VALUE')dnl -- Cheers Res From MailScanner at ecs.soton.ac.uk Wed May 24 09:23:47 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 24 09:24:02 2006 Subject: Sophos Version 5 Message-ID: I have added a new page to the wiki at http://wiki.mailscanner.info/doku.php? id=documentation:anti_virus:sophos:install:version5 with some guidance on how to stop the wretched think spewing out mail every time it finds something. Can other users of Sophos 5 check it out for me please? What else needs adding to it? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060524/f5fbc92b/attachment.html From MailScanner at ecs.soton.ac.uk Wed May 24 09:24:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 24 09:24:32 2006 Subject: [SAV-LINUX] On-demand scan report on [hostname] In-Reply-To: <000e01c67efa$ad59b8e0$7c00a8c0@b9l8xejd9bi5e7y> References: <000e01c67efa$ad59b8e0$7c00a8c0@b9l8xejd9bi5e7y> Message-ID: See http://wiki.mailscanner.info/doku.php? id=documentation:anti_virus:sophos:install:version5 On 24 May 2006, at 07:24, Richard Sidlin wrote: > New installation and being bombarded with the above scan reports. > How do I stop these please? > > > Richard > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060524/7485f576/attachment.html From shrek-m at gmx.de Wed May 24 10:40:46 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Wed May 24 10:40:50 2006 Subject: Sophos Version 5 In-Reply-To: References: Message-ID: <44742A1E.3080603@gmx.de> On 24.05.2006 10:23, Julian Field wrote: > I have added a new page to the wiki at > > http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:sophos:install:version5 > > with some guidance on how to stop the wretched think spewing out mail > every time it finds something. > > Can other users of Sophos 5 check it out for me please? What else > needs adding to it? what luck that i had disabled sav-protect :-) you have to stop "sav-protect" and you get no "Subject: [SAV-LINUX] On-demand scan report on " even with EmailNotifier enabled, see below. ------- redhat/fedora # chkconfig sav-protect off # service sav-protect stop -------- # service sav-protect status Sophos Anti-Virus daemon is inactive # chkconfig sav-protect --list sav-protect 0:off 1:off 2:off 3:off 4:off 5:off 6:off # ./savconfig -v | grep -i email EmailNotifier: enabled SendThreatEmail: enabled SendErrorEmail: enabled EmailDemandSummaryAlways Not configured EmailDemandSummaryIfThreat Not configured Email: Recipient=en: root@localhost SendEmailLogLevel: FATAL EmailServer: localhost:25 -- shrek-m From MailScanner at ecs.soton.ac.uk Wed May 24 10:57:18 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 24 10:57:33 2006 Subject: Sophos Version 5 In-Reply-To: <44742A1E.3080603@gmx.de> References: <44742A1E.3080603@gmx.de> Message-ID: On 24 May 2006, at 10:40, shrek-m@gmx.de wrote: > On 24.05.2006 10:23, Julian Field wrote: > >> I have added a new page to the wiki at >> >> http://wiki.mailscanner.info/doku.php? >> id=documentation:anti_virus:sophos:install:version5 >> >> with some guidance on how to stop the wretched think spewing out >> mail every time it finds something. >> >> Can other users of Sophos 5 check it out for me please? What else >> needs adding to it? > > > what luck that i had disabled sav-protect :-) > > > you have to stop "sav-protect" and you get no > > "Subject: [SAV-LINUX] On-demand scan report on " > > even with EmailNotifier enabled, see below. > I did that too, but I thought I should do a thorough job of it :-) Much better to stop it in 50 ways than 1, so long as you never plan on reversing the process! > ------- > redhat/fedora > # chkconfig sav-protect off > # service sav-protect stop > -------- > > > # service sav-protect status > Sophos Anti-Virus daemon is inactive > > # chkconfig sav-protect --list > sav-protect 0:off 1:off 2:off 3:off 4:off 5:off 6:off > > # ./savconfig -v | grep -i email > EmailNotifier: enabled > SendThreatEmail: enabled > SendErrorEmail: enabled > EmailDemandSummaryAlways Not configured > EmailDemandSummaryIfThreat Not configured > Email: Recipient=en: root@localhost > SendEmailLogLevel: FATAL > EmailServer: localhost:25 > > > -- > shrek-m > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From G.Pentland at soton.ac.uk Wed May 24 11:09:17 2006 From: G.Pentland at soton.ac.uk (Pentland G.) Date: Wed May 24 11:09:24 2006 Subject: FW: [SAV-LINUX] Notice from Sophos Anti-Virus ondev-155-27.sucs.soton.ac.uk Message-ID: <71437982F5B13A4D9A5B2669BDB89EE403A84F19@ISS-CL-EX-V1.soton.ac.uk> On the subject of Sophos v5, has anyone had the following? It seems to work but not sure whether I should be concerned or not. Cheers, Gary root@dev-155-27.sucs.soton.ac.uk wrote: > An event happened on the computer dev-155-27.sucs.soton.ac.uk. > > NOTE: You are running Sophos Anti-Virus on a kernel for which Sophos > does not provide binary kernel modules. Therefore the kernel modules > have been locally compiled. In most cases these modules will work. > However, Sophos reserves the right not to provide support where any > such recompilation has taken place. Sophos will use reasonable > endeavours to provide first line support. Should issues arise that > require second line support, or any other escalation process, Sophos > cannot guarantee that such issues will be resolved. > > Please contact your IT department. From mailscanner at lists.com.ar Wed May 24 12:49:42 2006 From: mailscanner at lists.com.ar (Leonardo Helman) Date: Wed May 24 12:50:00 2006 Subject: {Posible spam (5)} Re: MailScanner on a cluster In-Reply-To: <09A4E2E4-90DA-45DE-857E-60AFC6D3FD54@ecs.soton.ac.uk> References: <447204B1.4070400@ecs.soton.ac.uk> <44721AA9.6050702@ecs.soton.ac.uk> <09A4E2E4-90DA-45DE-857E-60AFC6D3FD54@ecs.soton.ac.uk> Message-ID: <20060524114941.GA8541@pert.com.ar> We have used cisco load balancers ahead of n mailscanner machines mostly harmless On Tue, May 23, 2006 at 08:33:55AM +0100, Julian Field wrote: > I have never tried building it into a true compute cluster, but I do > know people who have used Cisco load balancers with considerable > success. > > Sorry, never played with Mosix (not in the last 10 years, at least, I > did some compute cluster work before that). > > On 23 May 2006, at 08:22, Dave Strydom wrote: > > >DAMNIT, gmail doesnt like the tab key... > > > >anyways, i have for example this: > > > >@ IN MX 10 smtp.mailserver.com. > > IN MX 20 smtp2.mailserver.com. > > > > > >then in the mailserver.com zone file i have: > > > >smtp IN A 192.168.0.146 > > IN A 192.168.0.162 > > > >smtp2 IN A 172.172.0.251 > > IN A 172.172.0.251 > > > > > > > >The smtp2 record isn't what i am concerned about, what I want to do is > >find a way to keep the MX and A records exactly the way they are. > > > > > >You see, the two mailservers for smtp.mailserver.com sit inside a DMZ, > >now I want to add more servers to process the mail, but i dont want to > >increase the amount of IP's or DNS records. > > > >I think the only way i am going to get this right is to put them > >behind a cisco and get the cisco to do the load balancing, but what I > >am trying to establish is if its possible to setup MailScanner in > >Mosix type setup, where the load is distributed amount the servers. > > > >I fully understand the way of doing it via DNS, but i want to try > >avoid that way. > > > > > >Dave > > > >On 5/23/06, Dave Strydom wrote: > >>At the moment i have something like this: > >> > >> > >>@ > >> > >>On 5/22/06, Julian Field wrote: > >>> > >>> > >>> Dave Strydom wrote: > >>> > Julian, > >>> > > >>> > I'm already using the DNS round-robin system of both solution > >>1 and > >>> > solution 2, there is just one problem... > >>> > > >>> > These mailscanners are part of a webhosting setup and handle > >>mail for > >>> > about 2500+ different domains, I don't want to have to go > >>update all > >>> > MX records everytime i want to add an additional server. Also > >>some > >>> > people handle their own DNS records, so then it's a mission to > >>send > >>> > out notifications and asking people to sort out their MX records. > >>> If you use solution 1, then everyone just has 1 MX record in > >>their DNS > >>> records. > >>> > >>> And for any of your customers that have anything else, expand > >>out their > >>> MX records into an equivalent set of A records for your cluster. > >>You > >>> don't need them to change anything, do you? You might just have > >>to make > >>> them all list an MX server in a DNS domain under your direct > >>control. > >>> > > >>> > What I am looking at doing is keeping my current "external > >>ip's" and > >>> > then having them nat into a cluster, but i want to know if I > >>can run > >>> > mailscanner on something like an openmosix cluster, this way I > >>can > >>> > just add servers to the cluster and not have to worry about > >>additional > >>> > ip's and the updates that go with it. > >>> > > >>> > Dave > >>> > On 5/22/06, Julian Field wrote: > >>> >> Dave Strydom wrote: > >>> >> > Please excuse my ignorance, but can anyone point me in the > >>right > >>> >> > direction of: > >>> >> > > >>> >> > a) is it possible to run MailScanner on a cluster > >>> >> Yes. > >>> >> > b) If so, can you please point me to some documentation so > >>i can read > >>> >> > up on it please. > >>> >> It's very easy. > >>> >> At the simplest level, which actually works remarkably well > >>considering > >>> >> how cheap the solution is, is this: > >>> >> > >>> >> Solution 1 > >>> >> =========== > >>> >> Create a new DNS record called mx.yourdomain.com and assign > >>multiple > >>> >> 'A'records to it, one for each of the IP addresses used by > >>your cluster > >>> >> of servers. > >>> >> Put a single 'MX' record in your domain's DNS records, > >>pointing to > >>> >> "mx.yourdomain.com." (Don't forget the "." on the end). > >>> >> > >>> >> @ 10 IN MX mx.mydomain.com. > >>> >> mx IN A 192.168.99.101 > >>> >> IN A 192.168.99.102 > >>> >> IN A 192.168.99.103 > >>> >> IN A 192.168.99.104 > >>> >> IN A 192.168.99.105 > >>> >> > >>> >> It's as simple as that. The DNS lookups will rotate through > >>the members > >>> >> of your cluster, spreading the messages (by quantity, not by > >>size) > >>> >> across your cluster. > >>> >> > >>> >> Solution 2 > >>> >> =========== > >>> >> You can also do this by having multiple MX records all with > >>the same > >>> >> priority number, each pointing to mx1, mx2, mx3, mx4 etc. > >>> >> > >>> >> @ 10 IN MX mx1.mydomain.com. > >>> >> 10 IN MX mx2.mydomain.com. > >>> >> 10 IN MX mx3.mydomain.com. > >>> >> 10 IN MX mx4.mydomain.com. > >>> >> 10 IN MX mx5.mydomain.com. > >>> >> mx1 IN A 192.168.99.101 > >>> >> mx2 IN A 192.168.99.102 > >>> >> mx3 IN A 192.168.99.103 > >>> >> mx4 IN A 192.168.99.104 > >>> >> mx5 IN A 192.168.99.105 > >>> >> > >>> >> Some people argue that this is better as it is more likely to > >>deliver > >>> >> mail quicker when you take some of your servers out of > >>action. They are > >>> >> possibly right. > >>> >> > >>> >> Solution 3 > >>> >> =========== > >>> >> You can also do this by spending a fortune on Cisco load > >>balancers and > >>> >> have heartbeat monitoring systems, etc. But it won't make any > >>big > >>> >> difference, but you will have a very expensive Cisco box to > >>look after > >>> >> and a big hole in your bank balance. > >>> >> > >>> >> Again, can someone please put this in the Wiki for me? > >>> >> > >>> >> -- > >>> >> Julian Field > >>> >> www.MailScanner.info > >>> >> Buy the MailScanner book at www.MailScanner.info/store > >>> >> Professional Support Services at www.MailScanner.biz > >>> >> MailScanner thanks transtec Computers for their support > >>> >> > >>> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>> >> > >>> >> > >>> >> -- > >>> >> This message has been scanned for viruses and > >>> >> dangerous content by MailScanner, and is > >>> >> believed to be clean. > >>> >> MailScanner thanks transtec Computers for their support. > >>> >> > >>> >> -- > >>> >> MailScanner mailing list > >>> >> mailscanner@lists.mailscanner.info > >>> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>> >> > >>> >> Before posting, read http://wiki.mailscanner.info/posting > >>> >> > >>> >> Support MailScanner development - buy the book off the website! > >>> >> > >>> > >>> -- > >>> Julian Field > >>> www.MailScanner.info > >>> Buy the MailScanner book at www.MailScanner.info/store > >>> Professional Support Services at www.MailScanner.biz > >>> MailScanner thanks transtec Computers for their support > >>> > >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>> > >>> > >>> -- > >>> This message has been scanned for viruses and > >>> dangerous content by MailScanner, and is > >>> believed to be clean. > >>> MailScanner thanks transtec Computers for their support. > >>> > >>> -- > >>> MailScanner mailing list > >>> mailscanner@lists.mailscanner.info > >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>> > >>> Before posting, read http://wiki.mailscanner.info/posting > >>> > >>> Support MailScanner development - buy the book off the website! > >>> > >> > >-- > >MailScanner mailing list > >mailscanner@lists.mailscanner.info > >http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > >Before posting, read http://wiki.mailscanner.info/posting > > > >Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From nick.smith67 at googlemail.com Wed May 24 13:39:29 2006 From: nick.smith67 at googlemail.com (Nick Smith) Date: Wed May 24 13:39:32 2006 Subject: More encoded subject woes In-Reply-To: References: Message-ID: On 5/23/06, Nick Smith wrote: > On 5/20/06, Nick Smith wrote: > > On 5/19/06, Nick Smith wrote: > > > Hi, > > > > > > MS 4.54-2 / Postfix 2.10 > > > > > > I've got more trouble with encoded subject headers being "mishandled" > > > from a recipient's point of view. The issue occurs when, for whatever > > > reason, MIME-Tools is unable to decode an encoded subject properly - > > > this example is UTF-8, but I don't know if it may affect other > > > encoding types too > > > > > > =?UTF-8?B?5oOF5aCx6YCj57Wh56WoIC0gVVNHcumVt+WQiOitsOW+heOBoSA=?==? > > > UTF-8?B?LSDnrKzvvJTvvJjlm57lhajml6XmnKwgLSDlsZXnpLrkvJrjga7lh7rlsZU=?= > > > > > > If you feed that string to MIME::WordDecoder::unmime it returns: > > > > > > ????? - USGr????? - ??????? - ?????? > > > > > > I have absolutely no idea why this happens - whether it's a bug or > > > expected behaviour on the part of MIME-Tools, but I assume that each > > > question mark represents a multi-byte (Japanese in this case) > > > character that it was not possible to decode > > > > > > Drop the same string into an Outlook message and send it via SMTP > > > (making sure that it bypasses MailScanner), and when it arrives it > > > should show a bunch of Japanese characters. The recipients are > > > understandably not happy that the subject of their email when it shows > > > up has been replaced by a bunch of question marks > > > > > > I've worked around this problem with a patch against Postfix.pm > > > (attached), but I'm less than comfortable with it. Basically what it > > > does is to unmime into a temporary holding string instead of the > > > $message structure and then take a look at the results of its > > > handiwork. If it sees more than an arbitrary number of consecutive ?'s > > > (I picked more than 3 as a reasonable number), it assumes that the > > > unmime was unsuccessful and allows the original encoded subject to > > > pass. Otherwise it assumes decode success and fills the > > > message->{subject} structure with the unmime result > > > > > > The first problem is that the ???? test is far from foolproof - > > > there's loads of scope for false +ves and false -ves. The second > > > problem is I'm not sure what issues this might cause if MS has to > > > alter the subject later. I'm not altering any subjects at all so it > > > wouldn't be a worry on my system but... > > > > > > Clearly I'm working with Postfix here, but this affects other MTA's > > > too. Equally clearly the proper answer is to figure out what's up with > > > MIME-Tools, but I'm afraid that's way beyond my capabilities :( > > > > > > Thoughts appreciated > > > > > > Thanks > > > > > > Nick > > > > > > > > > > > > > Please ignore all of this - I think I've been fed old news by the > > group that reported this to me as an issue > > > > I'm pretty certain that their problem was actually the "Postfix > > truncates multi-line subject" thing that Julian already fixed for me, > > and that when they said they were still having the issue after > > re-testing they were mistaken > > > > I am working on the assumption that the ???? output from the unmime > > function is just an ASCII representation but it was plenty enough to > > confuse me :( > > > > Sorry for the false alarm > > > > Thanks > > > > Nick > > > Oh dear - it seems that maybe there is something in what I first > suggested. Please take a look at this UTF-8 encoded string from a mail > subject: > > Subject: =?UTF-8?B?NDXmmYLplpPmrovmpa3otoXpgY7nlLPoq4sg5om/6KqN5L6d6aC8IFtJ?= > =?UTF-8?B?S0VEQSBZT0hFSSDmsaDnlLAg5rSL5bmzXSAg?= > > MIME-Tools doesn't seem able to decode this, and the original encoded > subject does get replaced by a bunch of ?'s (a single ? in place of > where each double byte Japanese character should be). Microsoft seems > to have no problem decoding this > > The thing I still don't get at all with MailScanner is under what > circumstances the original encoded format subject header gets replaced > by the unmimed version as part of onward delivery > > What I mean by this is that if a subject gets successfully unmimed > then it gets sent onwards in its original MIME form - if the unmime is > not successful however (as in this case) then the subject header in > the message itself gets physically replaced with the "broken" ASCII > representation where ?'s substitute for double byte characters > > I'd very much appreciate any insight into this problem - does the > unmime function have a return code that could be tested for success > before using its output for example? > > Unfortunately my previous strategy of testing for n successive ?'s > isn't going to work because I think all db characters will appear as a > ? in the perl string test whether the decode was successful or not. I > also have not managed to figure out what dependencies there are here > that affect MailScanner's ability to do a subject rewrite if it needs > to insert a string of its own > > Thanks > > Nick > OK - I wonder what the record is for replying to your own posts on this list :) ...anyway, I have finally figured out the exact cause of this so no more aimless rambling or speculation When decoded, the string "=?UTF-8?B?NDXmmYLplpPmrovmpa3otoXpgY7nlLPoq4sg5om/6KqN5L6d6aC8IFtJ?==?UTF-8?B?S0VEQSBZT0hFSSDmsaDnlLAg5rSL5bmzXSAg?=" contains 2 trailing spaces. Not immediately obvious, but the SweepContent module does a bit of checking for evidence of malicious subjects, and attempts to clean up. This isn't configurable or optional in any way, it is just what MS does One of the things it does is to remove trailing whitespace. However, if the subject is MIME encoded, it can't act on the subject itself directly, and instead does its work on the decoded version as returned by the unmime function This is fine until the encoded string contains multibyte unicode type data which of course cannot be represented in an ascii string (which is why it was encoded to begin with). The unmime function uses a ? as a placeholder when it finds a multibyte character Provided that SweepContent doesn't find any "badness" in the decoded representation of the subject that it's looking at, MS will allow the *original* encoded subject to pass unmolested. However, if it decides any changes need to be made it completely replaces the original encoded subject header with the ("cleaned") decoded representation It may well be that this is considered unfortunate but unavoidable collatoral damage by the MS team and that the fix is "don't do that" when it comes to putting spaces at the end of subjects that have to be encoded. However, I'm sure everybody would agree that it isn't easy sometimes to convince developers of applications that their code is "wrong", particularly when it involves a practice which is not actually forbidden as such and even more so when "it works fine with every other mail gateway" Anyway, for he meantime, I am doing this with Postfix.pm - which will allow MS to tolerate up to 2 trailing spaces (not tabs) if the subject has been encoded: - $message->{subject} = MIME::WordDecoder::unmime($message->{subject}); + my $TmpSubject = ""; # Temp storage + $TmpSubject = MIME::WordDecoder::unmime($message->{subject}); + if ($TmpSubject != $message->{subject}) { + # The unmime function did something - we must be dealing with + # an encoded subject. Remove up to 2 trailing spaces if present + # so that SweepContent cuts us a little slack. Total replacement + # and hence probable destruction of unicode subjects for the sake of + # one or two probably harmless trailing spaces is a little harsh + $TmpSubject =~ s/ {1,2}$//; + $message->{subject} = $TmpSubject; + } I'd be grateful if consideration could be given to this problem - my "fix" probably isn't the most elegant, but perhaps there's a smarter way round the issue Thanks Nick From edwardbruce at sbcglobal.net Wed May 24 13:52:44 2006 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Wed May 24 13:52:50 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <44721B8A.1080404@ecs.soton.ac.uk> References: <446F8E53.5080407@ecs.soton.ac.uk> <4246CA63-E1E6-45B5-BD9C-435ECF5F99AA@ecs.soton.ac.uk> <4471FA21.4010307@pixelhammer.com> <44720556.3060307@ecs.soton.ac.uk> <447211DF.6010801@pixelhammer.com> <44721B8A.1080404@ecs.soton.ac.uk> Message-ID: <4474571C.4030500@sbcglobal.net> Julian Field wrote: > You have a point. If it isn't too cold and it doesn't rain too much, > then actually sleeping outside sounds good. Haven't slept under the > stars in more years than I can remember. When I was little, I could > never sleep when the house got hot in the summer (the UK doesn't have > air con). So I spent every summer living in a tent in the middle of > the back garden. Just me and a sleeping bag. It was great. It would be > good to do it again, it's been too long :-) > I could even bring my own sleeping bag these days. > Well I'm on the Eastside of Detroit and the best time is now. And a me too. I went tent camping last year and I'm getting to old to sleep on the ground. I'm looking to get one of these: http://www.hennessyhammock.com/sp-ultralight.htm All you need is two good trees. From drew at themarshalls.co.uk Wed May 24 13:53:55 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Wed May 24 13:54:09 2006 Subject: More encoded subject woes In-Reply-To: References: Message-ID: <39338.194.70.180.170.1148475235.squirrel@webmail.r-bit.net> On Wed, May 24, 2006 13:39, Nick Smith wrote: > On 5/23/06, Nick Smith wrote: >> On 5/20/06, Nick Smith wrote: >> > On 5/19/06, Nick Smith wrote: > OK - I wonder what the record is for replying to your own posts on this > list :) Postfix user, enough said :-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From MailScanner at ecs.soton.ac.uk Wed May 24 14:01:01 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 24 14:01:17 2006 Subject: More encoded subject woes In-Reply-To: References: Message-ID: <6F82DD08-E340-4D5A-B197-70217EAC7EFA@ecs.soton.ac.uk> On 24 May 2006, at 13:39, Nick Smith wrote: > On 5/23/06, Nick Smith wrote: >> On 5/20/06, Nick Smith wrote: >> > On 5/19/06, Nick Smith wrote: >> > > Hi, >> > > >> > > MS 4.54-2 / Postfix 2.10 >> > > >> > > I've got more trouble with encoded subject headers being >> "mishandled" >> > > from a recipient's point of view. The issue occurs when, for >> whatever >> > > reason, MIME-Tools is unable to decode an encoded subject >> properly - >> > > this example is UTF-8, but I don't know if it may affect other >> > > encoding types too >> > > >> > > =?UTF-8?B?5oOF5aCx6YCj57Wh56WoIC0gVVNHcumVt+WQiOitsOW+heOBoSA=? >> ==? >> > > UTF-8?B? >> LSDnrKzvvJTvvJjlm57lhajml6XmnKwgLSDlsZXnpLrkvJrjga7lh7rlsZU=?= >> > > >> > > If you feed that string to MIME::WordDecoder::unmime it returns: >> > > >> > > ????? - USGr????? - ??????? - ?????? >> > > >> > > I have absolutely no idea why this happens - whether it's a >> bug or >> > > expected behaviour on the part of MIME-Tools, but I assume >> that each >> > > question mark represents a multi-byte (Japanese in this case) >> > > character that it was not possible to decode >> > > >> > > Drop the same string into an Outlook message and send it via SMTP >> > > (making sure that it bypasses MailScanner), and when it >> arrives it >> > > should show a bunch of Japanese characters. The recipients are >> > > understandably not happy that the subject of their email when >> it shows >> > > up has been replaced by a bunch of question marks >> > > >> > > I've worked around this problem with a patch against Postfix.pm >> > > (attached), but I'm less than comfortable with it. Basically >> what it >> > > does is to unmime into a temporary holding string instead of the >> > > $message structure and then take a look at the results of its >> > > handiwork. If it sees more than an arbitrary number of >> consecutive ?'s >> > > (I picked more than 3 as a reasonable number), it assumes that >> the >> > > unmime was unsuccessful and allows the original encoded >> subject to >> > > pass. Otherwise it assumes decode success and fills the >> > > message->{subject} structure with the unmime result >> > > >> > > The first problem is that the ???? test is far from foolproof - >> > > there's loads of scope for false +ves and false -ves. The second >> > > problem is I'm not sure what issues this might cause if MS has to >> > > alter the subject later. I'm not altering any subjects at all >> so it >> > > wouldn't be a worry on my system but... >> > > >> > > Clearly I'm working with Postfix here, but this affects other >> MTA's >> > > too. Equally clearly the proper answer is to figure out what's >> up with >> > > MIME-Tools, but I'm afraid that's way beyond my capabilities :( >> > > >> > > Thoughts appreciated >> > > >> > > Thanks >> > > >> > > Nick >> > > >> > > >> > > >> > >> > Please ignore all of this - I think I've been fed old news by the >> > group that reported this to me as an issue >> > >> > I'm pretty certain that their problem was actually the "Postfix >> > truncates multi-line subject" thing that Julian already fixed >> for me, >> > and that when they said they were still having the issue after >> > re-testing they were mistaken >> > >> > I am working on the assumption that the ???? output from the unmime >> > function is just an ASCII representation but it was plenty >> enough to >> > confuse me :( >> > >> > Sorry for the false alarm >> > >> > Thanks >> > >> > Nick >> > >> Oh dear - it seems that maybe there is something in what I first >> suggested. Please take a look at this UTF-8 encoded string from a >> mail >> subject: >> >> Subject: =?UTF-8?B?NDXmmYLplpPmrovmpa3otoXpgY7nlLPoq4sg5om/ >> 6KqN5L6d6aC8IFtJ?= >> =?UTF-8?B?S0VEQSBZT0hFSSDmsaDnlLAg5rSL5bmzXSAg?= >> >> MIME-Tools doesn't seem able to decode this, and the original encoded >> subject does get replaced by a bunch of ?'s (a single ? in place of >> where each double byte Japanese character should be). Microsoft seems >> to have no problem decoding this >> >> The thing I still don't get at all with MailScanner is under what >> circumstances the original encoded format subject header gets >> replaced >> by the unmimed version as part of onward delivery >> >> What I mean by this is that if a subject gets successfully unmimed >> then it gets sent onwards in its original MIME form - if the >> unmime is >> not successful however (as in this case) then the subject header in >> the message itself gets physically replaced with the "broken" ASCII >> representation where ?'s substitute for double byte characters >> >> I'd very much appreciate any insight into this problem - does the >> unmime function have a return code that could be tested for success >> before using its output for example? >> >> Unfortunately my previous strategy of testing for n successive ?'s >> isn't going to work because I think all db characters will appear >> as a >> ? in the perl string test whether the decode was successful or not. I >> also have not managed to figure out what dependencies there are here >> that affect MailScanner's ability to do a subject rewrite if it needs >> to insert a string of its own >> >> Thanks >> >> Nick >> > OK - I wonder what the record is for replying to your own posts on > this list :) > > ...anyway, I have finally figured out the exact cause of this so no > more aimless rambling or speculation > > When decoded, the string > "=?UTF-8?B?NDXmmYLplpPmrovmpa3otoXpgY7nlLPoq4sg5om/6KqN5L6d6aC8IFtJ? > ==?UTF-8?B?S0VEQSBZT0hFSSDmsaDnlLAg5rSL5bmzXSAg?=" > contains 2 trailing spaces. Not immediately obvious, but the > SweepContent module does a bit of checking for evidence of malicious > subjects, and attempts to clean up. This isn't configurable or > optional in any way, it is just what MS does > > One of the things it does is to remove trailing whitespace. However, > if the subject is MIME encoded, it can't act on the subject itself > directly, and instead does its work on the decoded version as returned > by the unmime function > > This is fine until the encoded string contains multibyte unicode type > data which of course cannot be represented in an ascii string (which > is why it was encoded to begin with). The unmime function uses a ? as > a placeholder when it finds a multibyte character > > Provided that SweepContent doesn't find any "badness" in the decoded > representation of the subject that it's looking at, MS will allow the > *original* encoded subject to pass unmolested. However, if it decides > any changes need to be made it completely replaces the original > encoded subject header with the ("cleaned") decoded representation > > It may well be that this is considered unfortunate but unavoidable > collatoral damage by the MS team and that the fix is "don't do that" > when it comes to putting spaces at the end of subjects that have to be > encoded. However, I'm sure everybody would agree that it isn't easy > sometimes to convince developers of applications that their code is > "wrong", particularly when it involves a practice which is not > actually forbidden as such and even more so when "it works fine with > every other mail gateway" > > Anyway, for he meantime, I am doing this with Postfix.pm - which will > allow MS to tolerate up to 2 trailing spaces (not tabs) if the subject > has been encoded: > > - $message->{subject} = MIME::WordDecoder::unmime($message-> > {subject}); > + my $TmpSubject = ""; # Temp storage > + $TmpSubject = MIME::WordDecoder::unmime($message->{subject}); > + if ($TmpSubject != $message->{subject}) { > + # The unmime function did something - we must be dealing with > + # an encoded subject. Remove up to 2 trailing spaces if present > + # so that SweepContent cuts us a little slack. Total > replacement > + # and hence probable destruction of unicode subjects for the > sake of > + # one or two probably harmless trailing spaces is a little > harsh > + $TmpSubject =~ s/ {1,2}$//; > + $message->{subject} = $TmpSubject; > + } > > I'd be grateful if consideration could be given to this problem - my > "fix" probably isn't the most elegant, but perhaps there's a smarter > way round the issue Before I read your solution I was already thinking that if I allow 20 spaces on the end it would provide reasonable security against malicious subjects but still allow trailing spaces on possibly- malicious mime-encoded Subject: lines. So I would go for your suggestion, but how about we compromise on 10 spaces instead of 2 or 20? There are many things like this where I have to apply as strict security as I can get while not breaking reasonable use of things like Subject: lines. It's a judgement call as to where to draw the line. I always err on the cautious side, as it is much better to slacken it off a little bit for some specific problem later, than it is to get a security vulnerability into the code that can actually be exploited. I believe firmly in "defence in depth" and so every bit of MailScanner is written looking from a hacker's point of view, so that you never actually create an exploitable vulnerability as there are so many layers the hacker would have to get through. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From nick.smith67 at googlemail.com Wed May 24 14:50:13 2006 From: nick.smith67 at googlemail.com (Nick Smith) Date: Wed May 24 14:50:16 2006 Subject: More encoded subject woes In-Reply-To: <6F82DD08-E340-4D5A-B197-70217EAC7EFA@ecs.soton.ac.uk> References: <6F82DD08-E340-4D5A-B197-70217EAC7EFA@ecs.soton.ac.uk> Message-ID: On 5/24/06, Julian Field wrote: > > > Before I read your solution I was already thinking that if I allow 20 > spaces on the end it would provide reasonable security against > malicious subjects but still allow trailing spaces on possibly- > malicious mime-encoded Subject: lines. > > So I would go for your suggestion, but how about we compromise on 10 > spaces instead of 2 or 20? > > There are many things like this where I have to apply as strict > security as I can get while not breaking reasonable use of things > like Subject: lines. It's a judgement call as to where to draw the line. > > I always err on the cautious side, as it is much better to slacken it > off a little bit for some specific problem later, than it is to get a > security vulnerability into the code that can actually be exploited. > I believe firmly in "defence in depth" and so every bit of > MailScanner is written looking from a hacker's point of view, so that > you never actually create an exploitable vulnerability as there are > so many layers the hacker would have to get through. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Thanks Julian - I'd be entirely happy with any reasonable number >= 2. Like you I was just trying to take the safe way by opening a crack in the door just large enough to accommodate the real-life sample that was hurting, but if you think it wouldn't hurt too much to open it a little wider then that's fine with me Picking up your comment about many other things like this - I did also get bitten by an app that generated a MIME boundary with a leading space. It's using a padded timestamp with the day of the month first to create the boundary string, so on days 1-9 of every month the boundary has a leading space. This leads to a "Could not analyze message" report Would you consider relaxing Message.pm's efforts ~line 1625 to look for null boundaries so that it doesn't also consider leading whitespace to be fatal? Drew - next time I get an issue I'll pretend I'm using sendmail :) Thanks Nick From anders.andersson at ltkalmar.se Wed May 24 15:18:59 2006 From: anders.andersson at ltkalmar.se (Anders Andersson, IT) Date: Wed May 24 15:19:48 2006 Subject: Getting pounded .. sigh Message-ID: <5EBABD62DC5AC048AD8AEC3312E02D4CCD314A@exchange03.lkl.ltkalmar.se> > Of Mike Kercher > Sent: Tuesday, May 23, 2006 9:19 PM > > I absolutely LOVE milter-sender! > > Mike > I second that, simple and easy solution :) From drew at themarshalls.co.uk Wed May 24 16:44:24 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Wed May 24 16:44:46 2006 Subject: More encoded subject woes In-Reply-To: References: <6F82DD08-E340-4D5A-B197-70217EAC7EFA@ecs.soton.ac.uk> Message-ID: <40389.194.70.180.170.1148485464.squirrel@webmail.r-bit.net> On Wed, May 24, 2006 14:50, Nick Smith wrote: > Drew - next time I get an issue I'll pretend I'm using sendmail :) No, no some would suggest you shouldn't lower yourself but wars have been started for less :-D ;-) It's a condition (Affliction?) that most of us Postfix users suffer from. Believe me you are far from alone :-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From nick.smith67 at googlemail.com Wed May 24 20:00:42 2006 From: nick.smith67 at googlemail.com (Nick Smith) Date: Wed May 24 20:00:44 2006 Subject: More encoded subject woes In-Reply-To: <40389.194.70.180.170.1148485464.squirrel@webmail.r-bit.net> References: <6F82DD08-E340-4D5A-B197-70217EAC7EFA@ecs.soton.ac.uk> <40389.194.70.180.170.1148485464.squirrel@webmail.r-bit.net> Message-ID: On 5/24/06, Drew Marshall wrote: > On Wed, May 24, 2006 14:50, Nick Smith wrote: > > Drew - next time I get an issue I'll pretend I'm using sendmail :) > > No, no some would suggest you shouldn't lower yourself but wars have been > started for less :-D ;-) > > It's a condition (Affliction?) that most of us Postfix users suffer from. > Believe me you are far from alone :-) > > Drew > > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Hey - I'm not proud, I'll admit to most things up to and including sendmail-o-phile thoughts (but not anything to do with Exchange) When it comes to wars, I tend to wait and see who's winning before deciding which side to join :) ...and if I never again see an email with a bunch of ??? where there should be Japanese characters it will be too soon Nick From naolson at gmail.com Wed May 24 20:15:28 2006 From: naolson at gmail.com (Nathan Olson) Date: Wed May 24 20:15:31 2006 Subject: OT: milter-sender Message-ID: <8f54b4330605241215n35c6452mbd22f249cb37a1c5@mail.gmail.com> Is there anyone on this list who works for a university that uses milter-sender? What are your thoughts regarding milter-sender in general? Thanks, Nate From steve.swaney at fsl.com Wed May 24 20:31:51 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed May 24 20:31:56 2006 Subject: milter-sender In-Reply-To: <8f54b4330605241215n35c6452mbd22f249cb37a1c5@mail.gmail.com> Message-ID: <130b01c67f68$b5038170$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Nathan Olson > Sent: Wednesday, May 24, 2006 3:15 PM > To: MailScanner discussion > Subject: OT: milter-sender > > Is there anyone on this list who works for a university that uses milter- > sender? > What are your thoughts regarding milter-sender in general? > > Thanks, > Nate > -- We have a few University clients who are using Milter-ahead, a subset of Milter-sender, with no problems. We are planning to incorporate Milter-sender and several of Anthony Howe's other milters in the next major release of DefenderMX. All of his milters are very solid software. The best part of using Snertsoft software is Anthony's support :) Hope this helps, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From mrm at medicine.wisc.edu Wed May 24 20:55:18 2006 From: mrm at medicine.wisc.edu (Michael Masse) Date: Wed May 24 20:55:59 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! Message-ID: >>> MailScanner@ecs.soton.ac.uk 5/20/2006 4:46 PM >>> Your Software Needs You! Add me to the list.... From dahlgc at gmail.com Wed May 24 22:18:01 2006 From: dahlgc at gmail.com (Gustave Dahl) Date: Wed May 24 22:18:05 2006 Subject: Could not analyze message Message-ID: I am having a problem with the email below going through mailscanner. It is generated from a script on the server and is getting stopped by mailscanner outbound. MailWatch tells me this: ------------------------------------------------------------------------ Other Infection: Y Report: MailScanner: Could not analyze message ------------------------------------------------------------------------ Any help would be appreciated. The message that is not going through (minus most of the encoded wmv is below). ----------------------------------------------------------------------- 1Fj0Lr-0006Nm-DN-H username 32380 32381 1148503987 0 -ident username -received_protocol local -body_linecount 12705 -auth_id username -auth_sender username@server.name -allow_unqualified_recipient -allow_unqualified_sender -deliver_firsttime -local XX 1 toemail@email.com 141P Received: from username by server.name with local (Exim 4.52) id 1Fj0Lr-0006Nm-DN for toemail@email.com; Wed, 24 May 2006 15:53:07 -0500 021T To: toemail@email.com 057 Subject: You have been sent an email from username.net 042F From: System Mailer < no-reply@username.net> 046R Reply-To: System Mailer 049* Return-Path: System Mailer 050I Message-ID: <1148503987 TheSystem@www.username.net> 021 X-Mailer: PHP v4.4.2 018 MIME-Version: 1.0 080 Content-Type: multipart/related boundary="c68603a55e196c1d30f3ab02d793f6c7" 038 Date: Wed, 24 May 2006 15:53:07 -0500 1Fj0Lr-0006Nm-DN-D --c68603a55e196c1d30f3ab02d793f6c7 Content-Type: video/x-ms-wmv; name="golub.wmv" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="golub.wmv" MCaydY5mzxGm2QCqAGLObNAUAAAAAAAACAAAAAECQKTQ0gfj0hGX8ACgyV6oUAwBAAAAAAAABAAY......... .................................BQAmAQAABQAmAQAABQAmAQAABQAmAQAABQAmAQAABQAmAQAABQA= Content-Type: multipart/alternative --c68603a55e196c1d30f3ab02d793f6c7 Return-Path: System Mailer Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit This is a multi-part message in MIME format. If you are reading this, please update your email-reading-software. --c68603a55e196c1d30f3ab02d793f6c7 Return-Path: System Mailer Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Email

Greetings

You have been sent an email from EmailMedia.com. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.



The file sent to you is a video entitled 'New Beat', andhas been sent as an attachment. To view the video, please open the attachment --c68603a55e196c1d30f3ab02d793f6c7-- ------------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060524/e3e6b9b3/attachment.html From nick.smith67 at googlemail.com Wed May 24 23:01:22 2006 From: nick.smith67 at googlemail.com (Nick Smith) Date: Wed May 24 23:01:24 2006 Subject: Could not analyze message In-Reply-To: References: Message-ID: On 5/24/06, Gustave Dahl wrote: > > I am having a problem with the email below going through mailscanner. It is > generated from a script on the server and is getting stopped by mailscanner > outbound. > > MailWatch tells me this: > > ------------------------------------------------------------------------ > Other Infection: Y > Report: MailScanner: Could not analyze message > ------------------------------------------------------------------------ > > Any help would be appreciated. > > The message that is not going through (minus most of the encoded wmv is > below). > > ----------------------------------------------------------------------- > 1Fj0Lr-0006Nm-DN-H > username 32380 32381 > > 1148503987 0 > -ident username > -received_protocol local > -body_linecount 12705 > -auth_id username > -auth_sender username@server.name > -allow_unqualified_recipient > -allow_unqualified_sender > -deliver_firsttime > -local > XX > 1 > toemail@email.com > > > 141P Received: from username by server.name with local (Exim 4.52) > id 1Fj0Lr-0006Nm-DN > for toemail@email.com; Wed, 24 May 2006 15:53:07 -0500 > 021T To: toemail@email.com > 057 Subject: You have been sent an email from username.net > 042F From: System Mailer < no-reply@username.net> > 046R Reply-To: System Mailer > 049* Return-Path: System Mailer < no-reply@username.net > > 050I Message-ID: <1148503987 TheSystem@www.username.net> > 021 X-Mailer: PHP v4.4.2 > 018 MIME-Version: 1.0 > 080 Content-Type: multipart/related > boundary="c68603a55e196c1d30f3ab02d793f6c7" > 038 Date: Wed, 24 May 2006 15:53:07 -0500 > > > 1Fj0Lr-0006Nm-DN-D > > --c68603a55e196c1d30f3ab02d793f6c7 > Content-Type: video/x-ms-wmv; name="golub.wmv" > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; filename="golub.wmv" > > MCaydY5mzxGm2QCqAGLObNAUAAAAAAAACAAAAAECQKTQ0gfj0hGX8ACgyV6oUAwBAAAAAAAABAAY......... > > .................................BQAmAQAABQAmAQAABQAmAQAABQAmAQAABQAmAQAABQAmAQAABQA= > > > Content-Type: multipart/alternative > --c68603a55e196c1d30f3ab02d793f6c7 > Return-Path: System Mailer < no-reply@username.net> > Content-Type: text/plain; charset=us-ascii > Content-Transfer-Encoding: 7bit > > This is a multi-part message in MIME format. > If you are reading this, please update your email-reading-software. > > --c68603a55e196c1d30f3ab02d793f6c7 > Return-Path: System Mailer > Content-Type: text/html; charset=us-ascii > Content-Transfer-Encoding: 7bit > > Email > >

Greetings

> > You have been sent an email from EmailMedia.com. > Lorem ipsum dolor sit amet, consetetur sadipscing elitr, > sed diam nonumy eirmod tempor invidunt ut labore et dolore > magna aliquyam erat, sed diam voluptua. At vero eos et accusam > et justo duo dolores et ea rebum. Stet clita kasd gubergren, > no sea takimata sanctus est Lorem ipsum dolor sit amet. > >



> > The file sent to you is a video entitled 'New Beat', andhas been sent as an > attachment. To view the video, please open the attachment > > > > --c68603a55e196c1d30f3ab02d793f6c7-- > > ------------------------------------------------------------------------------------- > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > I may be wrong but I believe this is the problem: 080 Content-Type: multipart/related boundary="c68603a55e196c1d30f3ab02d793f6c7" I think there a missing mandatory ";" after "multipart/related" Nick From james at grayonline.id.au Wed May 24 23:01:22 2006 From: james at grayonline.id.au (James Gray) Date: Thu May 25 00:39:29 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <4471A7D2.65ED.00A2.0@plattesheriff.org> References: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> <4471A7D2.65ED.00A2.0@plattesheriff.org> Message-ID: <200605250801.34159.james@grayonline.id.au> On Tue, 23 May 2006 03:00 am, Rob Poe wrote: > On 5/22/06, Rob Poe wrote: > > Box 1: Rebooted Sunday at 3:00am > > Box 2: 57 days uptime > > Box 3: 67 days uptime > > Box 4: 16 days uptime > > Box 5: 31 days uptime > 217 days? Dont ya gotta reboot for updated kernels? > Athena ~ # uptime > 18:53:24 up 217 days, 22:21, 2 users, load average: 0.20, 0.24, > 0.26 > > Calypso ~ # uptime > 18:54:41 up 194 days, 3:15, 2 users, load average: 0.76, 0.48, > 0.40 > > *flexes the memory and uptime muscles* mailgate ~ # uptime 12:15AM up 562 days, 1:19, 3 users, load averages: 0.12, 0.12, 0.08 Do I win?? ;) My record is a tad over 700 days on a Solaris 7 box, then one of the CPU's in the E450 fried and the whole thing died. Didn't boot anymore after that and Sun EOL'ed the E450, so we gutted it and grafted a bar fridge into it. It now spends it's days serving cold beverages to the IT staff :P Cheers, James -- What good is it if you talk in flowers, and they think in pastry? -- Ashleigh Brilliant -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060525/c6591099/attachment.bin From alex at nkpanama.com Thu May 25 00:49:59 2006 From: alex at nkpanama.com (Alex Neuman) Date: Thu May 25 00:50:17 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <200605250801.34159.james@grayonline.id.au> References: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> <4471A7D2.65ED.00A2.0@plattesheriff.org> <200605250801.34159.james@grayonline.id.au> Message-ID: <4474F127.8070001@nkpanama.com> James Gray wrote: > mailgate ~ # uptime > 12:15AM up 562 days, 1:19, 3 users, load averages: 0.12, 0.12, 0.08 > > Do I win?? ;) > hats off to you, lad... From res at ausics.net Thu May 25 06:03:34 2006 From: res at ausics.net (Res) Date: Thu May 25 06:03:45 2006 Subject: Qmail users only :) Same filesystem partition error Message-ID: I have Qmail instaled on a few of our mail servers, however on one of them this is different partition, Any suggestions as to why it cares about this? /var/qmail/queue.in/mess & /var/qmail/queue/mess must be on the same filesystem/partition! -- Cheers Res From ferradeira at netcabo.pt Thu May 25 06:21:02 2006 From: ferradeira at netcabo.pt (=?ISO-8859-1?Q?Jos=E9_Ferradeira?=) Date: Thu May 25 06:21:06 2006 Subject: Max Attach Size rule Message-ID: <44753EBE.9030409@netcabo.pt> Hi, I'm trying to implement this rule set in rules/MaxAttachSize.rules: To: user1@ourdomain.com 614400 To: user2@ourdomain.com -1 Limiting the size of the attach file to 600MB to user 1 and free user2. Everything is working, except when I send a 800MB attach file this way: To: user1@ourdomain.com Cc: user2@ourdomain.com Both of users are not able to receive the email, but user2 should recive the email and the attach file, right? MailScanner version 4.47.4 Best regards Jose From MailScanner at ecs.soton.ac.uk Thu May 25 09:06:47 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 25 09:07:04 2006 Subject: Qmail users only :) Same filesystem partition error In-Reply-To: References: Message-ID: <876D3383-3256-4DAE-AD10-6204A404DFC7@ecs.soton.ac.uk> It cares due to the way it moves messages between queues, which is done without actually reading or writing the contents of the message at all, for extra speed. They *must* be on the same partition. On 25 May 2006, at 06:03, Res wrote: > > I have Qmail instaled on a few of our mail servers, however on one > of them this is different partition, Any suggestions as to why it > cares about this? > > > /var/qmail/queue.in/mess & /var/qmail/queue/mess must be on the > same filesystem/partition! > > > -- > Cheers > Res > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From res at ausics.net Thu May 25 09:26:13 2006 From: res at ausics.net (Res) Date: Thu May 25 09:26:20 2006 Subject: Qmail users only :) Same filesystem partition error In-Reply-To: <876D3383-3256-4DAE-AD10-6204A404DFC7@ecs.soton.ac.uk> References: <876D3383-3256-4DAE-AD10-6204A404DFC7@ecs.soton.ac.uk> Message-ID: On Thu, 25 May 2006, Julian Field wrote: > It cares due to the way it moves messages between queues, which is done > without actually reading or writing the contents of the message at all, for > extra speed. bugger, ok it'll be easy fix to move the dir, we only split it to gain speed because of how pathetic qmailscanner is, but thats about to be moot point hehe Cheers > > They *must* be on the same partition. > > On 25 May 2006, at 06:03, Res wrote: > >> >> I have Qmail instaled on a few of our mail servers, however on one of them >> this is different partition, Any suggestions as to why it cares about this? >> >> >> /var/qmail/queue.in/mess & /var/qmail/queue/mess must be on the same >> filesystem/partition! >> >> >> -- >> Cheers >> Res >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- Cheers Res From simon at ateb.co.uk Thu May 25 10:35:58 2006 From: simon at ateb.co.uk (Simon Annetts) Date: Thu May 25 10:34:36 2006 Subject: Problems with MCP (can't find EOCD signature) Message-ID: <029c01c67fde$b255ea00$1404040a@purple> Hi I've just got mailscanner 4.54.4 working and I am trying to get mcp to work. I'm using it with exim with two queues and two configs. All works fine for virus and spam scanning. However now mcp is enabled if a profane email arrives and is caught by mcp it never reaches the exim out queue it just disappears into a black hole. spamassassin -C ./mcp.spam.assassin.prefs.conf --lint shows no errors maillog shows the message being correctly detected: May 24 19:30:11 mailhub1 MailScanner[30746]: New Batch: Scanning 1 messages, 1054 bytesMay 24 19:30:11 mailhub1 MailScanner[30746]: MCP Checks: StartingMay 24 19:30:12 mailhub1 MailScanner[30746]: Message 1Fiy7X-00082t-0U from 10.4.4.20 (simon@ateb.co.uk) to marteg.com is MCP,ecker (score=10, required 1, PROFANITY2 10.00)May 24 19:30:12 mailhub1 MailScanner[30746]: MCP Checks: Found 1 MCP messagesMay 24 19:30:12 mailhub1 MailScanner[30746]: MCP Actions: message 1Fiy7X-00082t-0U actions are deliverMay 24 19:30:12 mailhub1 MailScanner[30746]: Spam Checks: StartingMay 24 19:30:19 mailhub1 MailScanner[30746]: Virus and Content Scanning: StartingMay 24 19:30:21 mailhub1 MailScanner[30746]: Uninfected: Delivered 1 messagesMay 24 19:30:21 mailhub1 MailScanner[30746]: Batch (1 message) processed in 9.55 secondsbut exim main.log just shows: 2006-05-24 19:30:11 1Fiy7X-00082t-0U <= simon@ateb.co.uk H=purple.marteg.com (purple) [10.4.4.20] P=smtp S=718 id=025101c67f4a70$1404040a@purple2006-05-24 19:30:21 1Fiy7X-00082t-0U Completedinstead of the usual in <= and out => parts of the message delivery. There is nothing in quarantine. I've done a find / -name "1Fiy7X-00082t-0U*" and the message is nowhere on the disk! If I run mailscanner in debug mode I get the following excerpt which seems to indicate the mcp check died with the error 'format error: can't find EOCD signature' What does this mean and how do I fix it?? [23556] dbg: message: decoding other encoding type (7bit), ignoring[23556] dbg: check: running tests for priority: 0[23556] dbg: rules: running header regexp tests; score so far=0[23556] dbg: rules: running body-text per-line regexp tests; score so far=0[23556] dbg: rules: ran body rule PROFANITY2 ======> got hit: "w*nk"[23556] dbg: uri: running uri tests; score so far=10[23556] dbg: rules: running raw-body-text per-line regexp tests; score so far=10[23556] dbg: rules: running full-text regexp tests; score so far=10[23556] dbg: check: is spam? score=10 required=5[23556] dbg: check: tests=PROFANITY2[23556] dbg: check: subtests=Ignore errors about failing to find EOCD signatureformat error: can't find EOCD signature at /usr/sbin/MailScanner line 781Stopping now as you are debugging me. [ OK ] Thanks in advance Simon -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060525/807f0a9c/attachment-0001.html From dhawal at netmagicsolutions.com Thu May 25 10:43:43 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu May 25 10:43:58 2006 Subject: Problems with MCP (can't find EOCD signature) In-Reply-To: <029c01c67fde$b255ea00$1404040a@purple> References: <029c01c67fde$b255ea00$1404040a@purple> Message-ID: <44757C4F.5020200@netmagicsolutions.com> Simon Annetts wrote: > Hi > I've just got mailscanner 4.54.4 working and I am trying to get mcp to work. > > I'm using it with exim with two queues and two configs. > All works fine for virus and spam scanning. > However now mcp is enabled if a profane email arrives and is caught by > mcp it never reaches the exim out queue it just disappears into a black > hole. The EOCD error is a harmless one and can be safely ignored.. as for the MCP thing a few days back it was suggested to use this: First Check = spam HTH, - dhawal > spamassassin -C ./mcp.spam.assassin.prefs.conf --lint > shows no errors > > maillog shows the message being correctly detected: > > May 24 19:30:11 mailhub1 MailScanner[30746]: New Batch: Scanning 1 messages, 1054 bytes > May 24 19:30:11 mailhub1 MailScanner[30746]: MCP Checks: Starting > May 24 19:30:12 mailhub1 MailScanner[30746]: Message 1Fiy7X-00082t-0U from 10.4.4.20 (simon@ateb.co.uk) to marteg.com is MCP, > ecker (score=10, required 1, PROFANITY2 10.00) > May 24 19:30:12 mailhub1 MailScanner[30746]: MCP Checks: Found 1 MCP messages > May 24 19:30:12 mailhub1 MailScanner[30746]: MCP Actions: message 1Fiy7X-00082t-0U actions are deliver > May 24 19:30:12 mailhub1 MailScanner[30746]: Spam Checks: Starting > May 24 19:30:19 mailhub1 MailScanner[30746]: Virus and Content Scanning: Starting > May 24 19:30:21 mailhub1 MailScanner[30746]: Uninfected: Delivered 1 messages > May 24 19:30:21 mailhub1 MailScanner[30746]: Batch (1 message) processed in 9.55 seconds > > but exim main.log just shows: > > 2006-05-24 19:30:11 1Fiy7X-00082t-0U <= simon@ateb.co.uk H=purple.marteg.com (purple) [10.4.4.20] P=smtp S=718 id=025101c67f4 > a70$1404040a@purple > 2006-05-24 19:30:21 1Fiy7X-00082t-0U Completed > > instead of the usual in <= and out => parts of the message delivery. > > There is nothing in quarantine. > > I've done a find / -name "1Fiy7X-00082t-0U*" and the message is nowhere > on the disk! > If I run mailscanner in debug mode I get the following excerpt which > seems to indicate the mcp check died with the error 'format error: can't > find EOCD signature' > > What does this mean and how do I fix it?? > > [23556] dbg: message: decoding other encoding type (7bit), ignoring > [23556] dbg: check: running tests for priority: 0 > [23556] dbg: rules: running header regexp tests; score so far=0 > [23556] dbg: rules: running body-text per-line regexp tests; score so far=0 > [23556] dbg: rules: ran body rule PROFANITY2 ======> got hit: "w*nk" > [23556] dbg: uri: running uri tests; score so far=10 > [23556] dbg: rules: running raw-body-text per-line regexp tests; score so far=10 > [23556] dbg: rules: running full-text regexp tests; score so far=10 > [23556] dbg: check: is spam? score=10 required=5 > [23556] dbg: check: tests=PROFANITY2 > [23556] dbg: check: subtests= > Ignore errors about failing to find EOCD signature > format error: can't find EOCD signature > at /usr/sbin/MailScanner line 781 > Stopping now as you are debugging me. > [ OK ] > > > Thanks in advance > Simon > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > From mailscanner at mango.zw Thu May 25 10:42:52 2006 From: mailscanner at mango.zw (Jim Holland) Date: Thu May 25 10:49:20 2006 Subject: Feature request: allow null address in rulesets Message-ID: Hi Julian Rules such as the following do not work: From: <> and To: user@domain yes as I presume that the brackets are stripped off any addresses when evaluating the rules. Having the ability to set up rules such as the above in spam.blacklist.rules would be useful when a particular individual was being bombarded by bounces due to a Joe Job, for example. Would you be prepared to provide for the use of the <> address in rulesets? Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From simon at ateb.co.uk Thu May 25 11:04:38 2006 From: simon at ateb.co.uk (Simon Annetts) Date: Thu May 25 11:03:13 2006 Subject: Problems with MCP (can't find EOCD signature) References: <029c01c67fde$b255ea00$1404040a@purple> <44757C4F.5020200@netmagicsolutions.com> Message-ID: <02ad01c67fe2$b1a058d0$1404040a@purple> Thanks! That fixes it, but it is a work around. It would of course be better to reject profane mail before virus and spam checking to reduce overheads, but I can live with this for now. If I get time I'll dig into to the code to see why the mcp part fails to deliver or pass on the message to the next check. Thanks again for your prompt reply, I've only just joined the list so missed the previous post. Kind regards Simon ----- Original Message ----- From: "Dhawal Doshy" To: "MailScanner discussion" Sent: Thursday, May 25, 2006 10:43 AM Subject: Re: Problems with MCP (can't find EOCD signature) Simon Annetts wrote: > Hi > I've just got mailscanner 4.54.4 working and I am trying to get mcp to work. > > I'm using it with exim with two queues and two configs. > All works fine for virus and spam scanning. > However now mcp is enabled if a profane email arrives and is caught by > mcp it never reaches the exim out queue it just disappears into a black > hole. The EOCD error is a harmless one and can be safely ignored.. as for the MCP thing a few days back it was suggested to use this: First Check = spam HTH, - dhawal > spamassassin -C ./mcp.spam.assassin.prefs.conf --lint > shows no errors > > maillog shows the message being correctly detected: > > May 24 19:30:11 mailhub1 MailScanner[30746]: New Batch: Scanning 1 messages, 1054 bytes > May 24 19:30:11 mailhub1 MailScanner[30746]: MCP Checks: Starting > May 24 19:30:12 mailhub1 MailScanner[30746]: Message 1Fiy7X-00082t-0U from 10.4.4.20 (simon@ateb.co.uk) to marteg.com is MCP, > ecker (score=10, required 1, PROFANITY2 10.00) > May 24 19:30:12 mailhub1 MailScanner[30746]: MCP Checks: Found 1 MCP messages > May 24 19:30:12 mailhub1 MailScanner[30746]: MCP Actions: message 1Fiy7X-00082t-0U actions are deliver > May 24 19:30:12 mailhub1 MailScanner[30746]: Spam Checks: Starting > May 24 19:30:19 mailhub1 MailScanner[30746]: Virus and Content Scanning: Starting > May 24 19:30:21 mailhub1 MailScanner[30746]: Uninfected: Delivered 1 messages > May 24 19:30:21 mailhub1 MailScanner[30746]: Batch (1 message) processed in 9.55 seconds > > but exim main.log just shows: > > 2006-05-24 19:30:11 1Fiy7X-00082t-0U <= simon@ateb.co.uk H=purple.marteg.com (purple) [10.4.4.20] P=smtp S=718 id=025101c67f4 > a70$1404040a@purple > 2006-05-24 19:30:21 1Fiy7X-00082t-0U Completed > > instead of the usual in <= and out => parts of the message delivery. > > There is nothing in quarantine. > > I've done a find / -name "1Fiy7X-00082t-0U*" and the message is nowhere > on the disk! > If I run mailscanner in debug mode I get the following excerpt which > seems to indicate the mcp check died with the error 'format error: can't > find EOCD signature' > > What does this mean and how do I fix it?? > > [23556] dbg: message: decoding other encoding type (7bit), ignoring > [23556] dbg: check: running tests for priority: 0 > [23556] dbg: rules: running header regexp tests; score so far=0 > [23556] dbg: rules: running body-text per-line regexp tests; score so far=0 > [23556] dbg: rules: ran body rule PROFANITY2 ======> got hit: "w*nk" > [23556] dbg: uri: running uri tests; score so far=10 > [23556] dbg: rules: running raw-body-text per-line regexp tests; score so far=10 > [23556] dbg: rules: running full-text regexp tests; score so far=10 > [23556] dbg: check: is spam? score=10 required=5 > [23556] dbg: check: tests=PROFANITY2 > [23556] dbg: check: subtests= > Ignore errors about failing to find EOCD signature > format error: can't find EOCD signature > at /usr/sbin/MailScanner line 781 > Stopping now as you are debugging me. > [ OK ] > > > Thanks in advance > Simon > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at mango.zw Thu May 25 11:04:40 2006 From: mailscanner at mango.zw (Jim Holland) Date: Thu May 25 11:10:59 2006 Subject: Query about missing envelope sender in quarantined mail Message-ID: Hi all I am using: MailScanner-4.52.2-1 sendmail-8.13.6 Red Hat Linux release 7.1 (Seawolf) Kernel 2.4.20-28.7 on an i586 I have configured the following lines in MailScanner.conf to ensure that envelope From headers are recorded: Add Envelope From Header = yes Envelope From Header = X-%org-name%-MailScanner-From: Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = no and this works fine for mail that has been accepted for delivery. However such mail in fact retains the envelope sender in any case so the above is rather redundant. My query is how to do the same for quarantined mail, which always has a header like this: Return-Path: <.g> Received: from . . . From: . . . Subject: . . . instead of the usual: From user@domain Thu May 25 11:49:49 2006 Received: from . . . From: . . . Subject: . . . There is no "From " line at the start of the header in quarantined mail, and there is no MailScanner-From line to indicate the envelope sender either. The only way to find out who sent the message is to look up the message in the maillog file, which is rather tedious. Why does the first line of the header have the "From " line replaced by Return-Path with nothing useful in it? Can that behaviour be changed? Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From simon at ateb.co.uk Thu May 25 11:18:20 2006 From: simon at ateb.co.uk (Simon Annetts) Date: Thu May 25 11:16:59 2006 Subject: Problems with MCP (can't find EOCD signature) References: <029c01c67fde$b255ea00$1404040a@purple><44757C4F.5020200@netmagicsolutions.com> <02ad01c67fe2$b1a058d0$1404040a@purple> Message-ID: <02cc01c67fe4$9c6c92b0$1404040a@purple> Ok, I spoke too soon. It fixes the problem with MCP checks but now breaks the virus checking. If I send a message containing the eicar excerpt on its own it is detected as a virus and blocked. If I send a message containing profanity, then the message is marked as profane and delivered. If I send a message containing profanity and the eicar excerpt then the profanity is detected but the virus is ignored and the message is sent containing the virus. Here's the log extract: May 25 12:37:25 mailhub1 MailScanner[24739]: New Batch: Scanning 1 messages, 1127 bytes May 25 12:37:25 mailhub1 MailScanner[24739]: Spam Checks: Starting May 25 12:37:28 mailhub1 MailScanner[24739]: MCP Checks: Starting May 25 12:37:29 mailhub1 MailScanner[24739]: Message 1FjE9d-0006WH-3y from 10.4.4.20 (simon@ateb.co.uk) to marteg.com is MCP, MCP-Checker (score=10, required 1, PROFANITY2 10.00) May 25 12:37:29 mailhub1 MailScanner[24739]: MCP Checks: Found 1 MCP messages May 25 12:37:29 mailhub1 MailScanner[24739]: MCP Actions: message 1FjE9d-0006WH-3y actions are deliver May 25 12:37:29 mailhub1 MailScanner[24739]: Virus and Content Scanning: Starting May 25 12:37:30 mailhub1 MailScanner[24739]: Uninfected: Delivered 1 messages May 25 12:37:30 mailhub1 MailScanner[24739]: Batch (1 message) processed in 5.51 seconds It seems to me that once mcp has had the message it passes it on to the next stage blank, so breaking any further analysis? Regards Simon ----- Original Message ----- From: "Simon Annetts" To: "MailScanner discussion" Sent: Thursday, May 25, 2006 11:04 AM Subject: Re: Problems with MCP (can't find EOCD signature) Thanks! That fixes it, but it is a work around. It would of course be better to reject profane mail before virus and spam checking to reduce overheads, but I can live with this for now. If I get time I'll dig into to the code to see why the mcp part fails to deliver or pass on the message to the next check. Thanks again for your prompt reply, I've only just joined the list so missed the previous post. Kind regards Simon ----- Original Message ----- From: "Dhawal Doshy" To: "MailScanner discussion" Sent: Thursday, May 25, 2006 10:43 AM Subject: Re: Problems with MCP (can't find EOCD signature) Simon Annetts wrote: > Hi > I've just got mailscanner 4.54.4 working and I am trying to get mcp to work. > > I'm using it with exim with two queues and two configs. > All works fine for virus and spam scanning. > However now mcp is enabled if a profane email arrives and is caught by > mcp it never reaches the exim out queue it just disappears into a black > hole. The EOCD error is a harmless one and can be safely ignored.. as for the MCP thing a few days back it was suggested to use this: First Check = spam HTH, - dhawal > spamassassin -C ./mcp.spam.assassin.prefs.conf --lint > shows no errors > > maillog shows the message being correctly detected: > > May 24 19:30:11 mailhub1 MailScanner[30746]: New Batch: Scanning 1 messages, 1054 bytes > May 24 19:30:11 mailhub1 MailScanner[30746]: MCP Checks: Starting > May 24 19:30:12 mailhub1 MailScanner[30746]: Message 1Fiy7X-00082t-0U from 10.4.4.20 (simon@ateb.co.uk) to marteg.com is MCP, > ecker (score=10, required 1, PROFANITY2 10.00) > May 24 19:30:12 mailhub1 MailScanner[30746]: MCP Checks: Found 1 MCP messages > May 24 19:30:12 mailhub1 MailScanner[30746]: MCP Actions: message 1Fiy7X-00082t-0U actions are deliver > May 24 19:30:12 mailhub1 MailScanner[30746]: Spam Checks: Starting > May 24 19:30:19 mailhub1 MailScanner[30746]: Virus and Content Scanning: Starting > May 24 19:30:21 mailhub1 MailScanner[30746]: Uninfected: Delivered 1 messages > May 24 19:30:21 mailhub1 MailScanner[30746]: Batch (1 message) processed in 9.55 seconds > > but exim main.log just shows: > > 2006-05-24 19:30:11 1Fiy7X-00082t-0U <= simon@ateb.co.uk H=purple.marteg.com (purple) [10.4.4.20] P=smtp S=718 id=025101c67f4 > a70$1404040a@purple > 2006-05-24 19:30:21 1Fiy7X-00082t-0U Completed > > instead of the usual in <= and out => parts of the message delivery. > > There is nothing in quarantine. > > I've done a find / -name "1Fiy7X-00082t-0U*" and the message is nowhere > on the disk! > If I run mailscanner in debug mode I get the following excerpt which > seems to indicate the mcp check died with the error 'format error: can't > find EOCD signature' > > What does this mean and how do I fix it?? > > [23556] dbg: message: decoding other encoding type (7bit), ignoring > [23556] dbg: check: running tests for priority: 0 > [23556] dbg: rules: running header regexp tests; score so far=0 > [23556] dbg: rules: running body-text per-line regexp tests; score so far=0 > [23556] dbg: rules: ran body rule PROFANITY2 ======> got hit: "w*nk" > [23556] dbg: uri: running uri tests; score so far=10 > [23556] dbg: rules: running raw-body-text per-line regexp tests; score so far=10 > [23556] dbg: rules: running full-text regexp tests; score so far=10 > [23556] dbg: check: is spam? score=10 required=5 > [23556] dbg: check: tests=PROFANITY2 > [23556] dbg: check: subtests= > Ignore errors about failing to find EOCD signature > format error: can't find EOCD signature > at /usr/sbin/MailScanner line 781 > Stopping now as you are debugging me. > [ OK ] > > > Thanks in advance > Simon > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu May 25 11:57:05 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 25 11:57:25 2006 Subject: Problems with MCP (can't find EOCD signature) In-Reply-To: <02cc01c67fe4$9c6c92b0$1404040a@purple> References: <029c01c67fde$b255ea00$1404040a@purple><44757C4F.5020200@netmagicsolutions.com> <02ad01c67fe2$b1a058d0$1404040a@purple> <02cc01c67fe4$9c6c92b0$1404040a@purple> Message-ID: <3343D1EA-8662-4F5F-B67F-060609EDEC55@ecs.soton.ac.uk> What are your MCP settings in your MailScanner.conf? On 25 May 2006, at 11:18, Simon Annetts wrote: > Ok, I spoke too soon. > It fixes the problem with MCP checks but now breaks the virus > checking. > > If I send a message containing the eicar excerpt on its own it is > detected as a virus and blocked. > > If I send a message containing profanity, then the message is > marked as profane and delivered. > > If I send a message containing profanity and the eicar excerpt then > the profanity is detected but the virus is ignored and the > message is sent containing the virus. Here's the log extract: > > > May 25 12:37:25 mailhub1 MailScanner[24739]: New Batch: Scanning 1 > messages, 1127 bytes > May 25 12:37:25 mailhub1 MailScanner[24739]: Spam Checks: Starting > May 25 12:37:28 mailhub1 MailScanner[24739]: MCP Checks: Starting > May 25 12:37:29 mailhub1 MailScanner[24739]: Message > 1FjE9d-0006WH-3y from 10.4.4.20 (simon@ateb.co.uk) to marteg.com is > MCP, > MCP-Checker (score=10, required 1, PROFANITY2 10.00) > May 25 12:37:29 mailhub1 MailScanner[24739]: MCP Checks: Found 1 > MCP messages > May 25 12:37:29 mailhub1 MailScanner[24739]: MCP Actions: message > 1FjE9d-0006WH-3y actions are deliver > May 25 12:37:29 mailhub1 MailScanner[24739]: Virus and Content > Scanning: Starting > May 25 12:37:30 mailhub1 MailScanner[24739]: Uninfected: Delivered > 1 messages > May 25 12:37:30 mailhub1 MailScanner[24739]: Batch (1 message) > processed in 5.51 seconds > > > It seems to me that once mcp has had the message it passes it on to > the next stage blank, so breaking any further analysis? > > Regards > Simon > > > > ----- Original Message ----- > From: "Simon Annetts" > To: "MailScanner discussion" > Sent: Thursday, May 25, 2006 11:04 AM > Subject: Re: Problems with MCP (can't find EOCD signature) > > > Thanks! > That fixes it, but it is a work around. It would of course be > better to reject profane mail before virus and spam checking to reduce > overheads, but I can live with this for now. If I get time I'll dig > into to the code to see why the mcp part fails to deliver or > pass on the message to the next check. > Thanks again for your prompt reply, I've only just joined the list > so missed the previous post. > > Kind regards > Simon > > > ----- Original Message ----- > From: "Dhawal Doshy" > To: "MailScanner discussion" > Sent: Thursday, May 25, 2006 10:43 AM > Subject: Re: Problems with MCP (can't find EOCD signature) > > > Simon Annetts wrote: >> Hi >> I've just got mailscanner 4.54.4 working and I am trying to get >> mcp to work. >> >> I'm using it with exim with two queues and two configs. >> All works fine for virus and spam scanning. >> However now mcp is enabled if a profane email arrives and is >> caught by >> mcp it never reaches the exim out queue it just disappears into a >> black >> hole. > > The EOCD error is a harmless one and can be safely ignored.. as for > the > MCP thing a few days back it was suggested to use this: > > First Check = spam > > HTH, > - dhawal > >> spamassassin -C ./mcp.spam.assassin.prefs.conf --lint >> shows no errors >> >> maillog shows the message being correctly detected: >> >> May 24 19:30:11 mailhub1 MailScanner[30746]: New Batch: Scanning 1 >> messages, 1054 bytes >> May 24 19:30:11 mailhub1 MailScanner[30746]: MCP Checks: Starting >> May 24 19:30:12 mailhub1 MailScanner[30746]: Message >> 1Fiy7X-00082t-0U from 10.4.4.20 (simon@ateb.co.uk) to marteg.com >> is MCP, >> ecker (score=10, required 1, PROFANITY2 10.00) >> May 24 19:30:12 mailhub1 MailScanner[30746]: MCP Checks: Found 1 >> MCP messages >> May 24 19:30:12 mailhub1 MailScanner[30746]: MCP Actions: message >> 1Fiy7X-00082t-0U actions are deliver >> May 24 19:30:12 mailhub1 MailScanner[30746]: Spam Checks: Starting >> May 24 19:30:19 mailhub1 MailScanner[30746]: Virus and Content >> Scanning: Starting >> May 24 19:30:21 mailhub1 MailScanner[30746]: Uninfected: Delivered >> 1 messages >> May 24 19:30:21 mailhub1 MailScanner[30746]: Batch (1 message) >> processed in 9.55 seconds >> >> but exim main.log just shows: >> >> 2006-05-24 19:30:11 1Fiy7X-00082t-0U <= simon@ateb.co.uk >> H=purple.marteg.com (purple) [10.4.4.20] P=smtp S=718 id=025101c67f4 >> a70$1404040a@purple >> 2006-05-24 19:30:21 1Fiy7X-00082t-0U Completed >> >> instead of the usual in <= and out => parts of the message delivery. >> >> There is nothing in quarantine. >> >> I've done a find / -name "1Fiy7X-00082t-0U*" and the message is >> nowhere >> on the disk! >> If I run mailscanner in debug mode I get the following excerpt which >> seems to indicate the mcp check died with the error 'format error: >> can't >> find EOCD signature' >> >> What does this mean and how do I fix it?? >> >> [23556] dbg: message: decoding other encoding type (7bit), ignoring >> [23556] dbg: check: running tests for priority: 0 >> [23556] dbg: rules: running header regexp tests; score so far=0 >> [23556] dbg: rules: running body-text per-line regexp tests; score >> so far=0 >> [23556] dbg: rules: ran body rule PROFANITY2 ======> got hit: "w*nk" >> [23556] dbg: uri: running uri tests; score so far=10 >> [23556] dbg: rules: running raw-body-text per-line regexp tests; >> score so far=10 >> [23556] dbg: rules: running full-text regexp tests; score so far=10 >> [23556] dbg: check: is spam? score=10 required=5 >> [23556] dbg: check: tests=PROFANITY2 >> [23556] dbg: check: subtests= >> Ignore errors about failing to find EOCD signature >> format error: can't find EOCD signature >> at /usr/sbin/MailScanner line 781 >> Stopping now as you are debugging me. >> [ OK ] >> >> >> Thanks in advance >> Simon >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by *MailScanner* , >> and is >> believed to be clean. >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu May 25 12:10:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 25 12:10:23 2006 Subject: Feature request: allow null address in rulesets In-Reply-To: References: Message-ID: <7C8E97C2-07D5-4F55-94E5-920BE68A4FA7@ecs.soton.ac.uk> Can you try 2 options please? 1. From: /^$/ and To: user@domain yes 2. From: /\^\$/ and To: user@domain yes And please let me know if either of these options work. On 25 May 2006, at 10:42, Jim Holland wrote: > Hi Julian > > Rules such as the following do not work: > > From: <> and To: user@domain yes > > as I presume that the brackets are stripped off any addresses when > evaluating the rules. Having the ability to set up rules such as the > above in spam.blacklist.rules would be useful when a particular > individual > was being bombarded by bounces due to a Joe Job, for example. > > Would you be prepared to provide for the use of the <> address in > rulesets? > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu May 25 12:13:32 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 25 12:13:49 2006 Subject: Query about missing envelope sender in quarantined mail In-Reply-To: References: Message-ID: <1F039B6E-D0BF-46ED-94C6-94DDBD8F4691@ecs.soton.ac.uk> On 25 May 2006, at 11:04, Jim Holland wrote: > Hi all > > I am using: > > MailScanner-4.52.2-1 > sendmail-8.13.6 > Red Hat Linux release 7.1 (Seawolf) > Kernel 2.4.20-28.7 on an i586 > > I have configured the following lines in MailScanner.conf to ensure > that > envelope From headers are recorded: > > Add Envelope From Header = yes > Envelope From Header = X-%org-name%-MailScanner-From: > Quarantine Whole Message = yes > Quarantine Whole Messages As Queue Files = no > > and this works fine for mail that has been accepted for delivery. > However such mail in fact retains the envelope sender in any case > so the > above is rather redundant. My query is how to do the same for > quarantined > mail, which always has a header like this: > > Return-Path: <.g> > Received: from . . . > From: . . . > Subject: . . . > > instead of the usual: > > From user@domain Thu May 25 11:49:49 2006 This line is part of mbox format, it is not part of the message. The separator between messages is defined as 1 blank line followed by "From " at the start of the next line. MailScanner is generating its quarantine files in RFC822 format which does not have this line at the top. > Received: from . . . > From: . . . > Subject: . . . > > There is no "From " line at the start of the header in quarantined > mail, > and there is no MailScanner-From line to indicate the envelope sender > either. That is because the quarantined mail is stored in the exact original form in which it was received. Having an archive of munged mail rather defeats the point. > The only way to find out who sent the message is to look up the > message in the maillog file, which is rather tedious. Why does the > first > line of the header have the "From " line replaced by Return-Path with > nothing useful in it? Because that is what the spec says. > Can that behaviour be changed? No, sorry. > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From simon at ateb.co.uk Thu May 25 12:21:06 2006 From: simon at ateb.co.uk (Simon Annetts) Date: Thu May 25 12:20:34 2006 Subject: Problems with MCP (can't find EOCD signature) References: <029c01c67fde$b255ea00$1404040a@purple><44757C4F.5020200@netmagicsolutions.com><02ad01c67fe2$b1a058d0$1404040a@purple><02cc01c67fe4$9c6c92b0$1404040a@purple> <3343D1EA-8662-4F5F-B67F-060609EDEC55@ecs.soton.ac.uk> Message-ID: <02e401c67fed$75fcb430$1404040a@purple> Here is the section of the config file. I hope its not me setting something wrongly :-) MCP Checks = yes # Do the spam checks first, or the MCP checks first? # This cannot be the filename of a ruleset, only a fixed value. #First Check = mcp First Check = spam # The rest of these options are clones of the equivalent spam options MCP Required SpamAssassin Score = 1 MCP High SpamAssassin Score = 10 MCP Error Score = 1 MCP Header = X-Marteg-MailScanner-MCPCheck: Non MCP Actions = deliver MCP Actions = deliver High Scoring MCP Actions = deliver Bounce MCP As Attachment = no MCP Modify Subject = yes MCP Subject Text = {Profanity?} High Scoring MCP Modify Subject = yes High Scoring MCP Subject Text = {Profanity?} Is Definitely MCP = no Is Definitely Not MCP = no Definite MCP Is High Scoring = no Always Include MCP Report = yes Detailed MCP Report = yes Include Scores In MCP Report = yes Log MCP = yes MCP Max SpamAssassin Timeouts = 20 MCP Max SpamAssassin Size = 100k MCP SpamAssassin Timeout = 10 MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf MCP SpamAssassin User State Dir = MCP SpamAssassin Local Rules Dir = %mcp-dir% MCP SpamAssassin Default Rules Dir = %mcp-dir% MCP SpamAssassin Install Prefix = %mcp-dir% Recipient MCP Report = %report-dir%/recipient.mcp.report.txt Sender MCP Report = %report-dir%/sender.mcp.report.txt Regards Simon ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Thursday, May 25, 2006 11:57 AM Subject: Re: Problems with MCP (can't find EOCD signature) What are your MCP settings in your MailScanner.conf? On 25 May 2006, at 11:18, Simon Annetts wrote: > Ok, I spoke too soon. > It fixes the problem with MCP checks but now breaks the virus > checking. > > If I send a message containing the eicar excerpt on its own it is > detected as a virus and blocked. > > If I send a message containing profanity, then the message is > marked as profane and delivered. > > If I send a message containing profanity and the eicar excerpt then > the profanity is detected but the virus is ignored and the > message is sent containing the virus. Here's the log extract: > > > May 25 12:37:25 mailhub1 MailScanner[24739]: New Batch: Scanning 1 > messages, 1127 bytes > May 25 12:37:25 mailhub1 MailScanner[24739]: Spam Checks: Starting > May 25 12:37:28 mailhub1 MailScanner[24739]: MCP Checks: Starting > May 25 12:37:29 mailhub1 MailScanner[24739]: Message > 1FjE9d-0006WH-3y from 10.4.4.20 (simon@ateb.co.uk) to marteg.com is > MCP, > MCP-Checker (score=10, required 1, PROFANITY2 10.00) > May 25 12:37:29 mailhub1 MailScanner[24739]: MCP Checks: Found 1 > MCP messages > May 25 12:37:29 mailhub1 MailScanner[24739]: MCP Actions: message > 1FjE9d-0006WH-3y actions are deliver > May 25 12:37:29 mailhub1 MailScanner[24739]: Virus and Content > Scanning: Starting > May 25 12:37:30 mailhub1 MailScanner[24739]: Uninfected: Delivered > 1 messages > May 25 12:37:30 mailhub1 MailScanner[24739]: Batch (1 message) > processed in 5.51 seconds > > > It seems to me that once mcp has had the message it passes it on to > the next stage blank, so breaking any further analysis? > > Regards > Simon > > > > ----- Original Message ----- > From: "Simon Annetts" > To: "MailScanner discussion" > Sent: Thursday, May 25, 2006 11:04 AM > Subject: Re: Problems with MCP (can't find EOCD signature) > > > Thanks! > That fixes it, but it is a work around. It would of course be > better to reject profane mail before virus and spam checking to reduce > overheads, but I can live with this for now. If I get time I'll dig > into to the code to see why the mcp part fails to deliver or > pass on the message to the next check. > Thanks again for your prompt reply, I've only just joined the list > so missed the previous post. > > Kind regards > Simon > > > ----- Original Message ----- > From: "Dhawal Doshy" > To: "MailScanner discussion" > Sent: Thursday, May 25, 2006 10:43 AM > Subject: Re: Problems with MCP (can't find EOCD signature) > > > Simon Annetts wrote: >> Hi >> I've just got mailscanner 4.54.4 working and I am trying to get >> mcp to work. >> >> I'm using it with exim with two queues and two configs. >> All works fine for virus and spam scanning. >> However now mcp is enabled if a profane email arrives and is >> caught by >> mcp it never reaches the exim out queue it just disappears into a >> black >> hole. > > The EOCD error is a harmless one and can be safely ignored.. as for > the > MCP thing a few days back it was suggested to use this: > > First Check = spam > > HTH, > - dhawal > >> spamassassin -C ./mcp.spam.assassin.prefs.conf --lint >> shows no errors >> >> maillog shows the message being correctly detected: >> >> May 24 19:30:11 mailhub1 MailScanner[30746]: New Batch: Scanning 1 >> messages, 1054 bytes >> May 24 19:30:11 mailhub1 MailScanner[30746]: MCP Checks: Starting >> May 24 19:30:12 mailhub1 MailScanner[30746]: Message >> 1Fiy7X-00082t-0U from 10.4.4.20 (simon@ateb.co.uk) to marteg.com >> is MCP, >> ecker (score=10, required 1, PROFANITY2 10.00) >> May 24 19:30:12 mailhub1 MailScanner[30746]: MCP Checks: Found 1 >> MCP messages >> May 24 19:30:12 mailhub1 MailScanner[30746]: MCP Actions: message >> 1Fiy7X-00082t-0U actions are deliver >> May 24 19:30:12 mailhub1 MailScanner[30746]: Spam Checks: Starting >> May 24 19:30:19 mailhub1 MailScanner[30746]: Virus and Content >> Scanning: Starting >> May 24 19:30:21 mailhub1 MailScanner[30746]: Uninfected: Delivered >> 1 messages >> May 24 19:30:21 mailhub1 MailScanner[30746]: Batch (1 message) >> processed in 9.55 seconds >> >> but exim main.log just shows: >> >> 2006-05-24 19:30:11 1Fiy7X-00082t-0U <= simon@ateb.co.uk >> H=purple.marteg.com (purple) [10.4.4.20] P=smtp S=718 id=025101c67f4 >> a70$1404040a@purple >> 2006-05-24 19:30:21 1Fiy7X-00082t-0U Completed >> >> instead of the usual in <= and out => parts of the message delivery. >> >> There is nothing in quarantine. >> >> I've done a find / -name "1Fiy7X-00082t-0U*" and the message is >> nowhere >> on the disk! >> If I run mailscanner in debug mode I get the following excerpt which >> seems to indicate the mcp check died with the error 'format error: >> can't >> find EOCD signature' >> >> What does this mean and how do I fix it?? >> >> [23556] dbg: message: decoding other encoding type (7bit), ignoring >> [23556] dbg: check: running tests for priority: 0 >> [23556] dbg: rules: running header regexp tests; score so far=0 >> [23556] dbg: rules: running body-text per-line regexp tests; score >> so far=0 >> [23556] dbg: rules: ran body rule PROFANITY2 ======> got hit: "w*nk" >> [23556] dbg: uri: running uri tests; score so far=10 >> [23556] dbg: rules: running raw-body-text per-line regexp tests; >> score so far=10 >> [23556] dbg: rules: running full-text regexp tests; score so far=10 >> [23556] dbg: check: is spam? score=10 required=5 >> [23556] dbg: check: tests=PROFANITY2 >> [23556] dbg: check: subtests= >> Ignore errors about failing to find EOCD signature >> format error: can't find EOCD signature >> at /usr/sbin/MailScanner line 781 >> Stopping now as you are debugging me. >> [ OK ] >> >> >> Thanks in advance >> Simon >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by *MailScanner* , >> and is >> believed to be clean. >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at mango.zw Thu May 25 14:26:11 2006 From: mailscanner at mango.zw (Jim Holland) Date: Thu May 25 14:38:39 2006 Subject: Query about missing envelope sender in quarantined mail In-Reply-To: <1F039B6E-D0BF-46ED-94C6-94DDBD8F4691@ecs.soton.ac.uk> Message-ID: Hi Julian On Thu, 25 May 2006, Julian Field wrote: > > I have configured the following lines in MailScanner.conf to ensure > > that > > envelope From headers are recorded: > > > > Add Envelope From Header = yes > > Envelope From Header = X-%org-name%-MailScanner-From: > > Quarantine Whole Message = yes > > Quarantine Whole Messages As Queue Files = no > > > > and this works fine for mail that has been accepted for delivery. > > However such mail in fact retains the envelope sender in any case > > so the above is rather redundant. My query is how to do the same for > > quarantined mail, which always has a header like this: > > > > Return-Path: <.g> > > Received: from . . . > > From: . . . > > Subject: . . . > > > > instead of the usual: > > > > From user@domain Thu May 25 11:49:49 2006 > > This line is part of mbox format, it is not part of the message. The > separator between messages is defined as 1 blank line followed by "From > " at the start of the next line. MailScanner is generating its > quarantine files in RFC822 format which does not have this line at the > top. Thank you for the clarification. I see now that this is the UnixFromLine that sendmail adds when sending to files or programmes. > > Received: from . . . > > From: . . . > > Subject: . . . > > > > There is no "From " line at the start of the header in quarantined > > mail, and there is no MailScanner-From line to indicate the envelope > > sender either. > > That is because the quarantined mail is stored in the exact original > form in which it was received. Having an archive of munged mail > rather defeats the point. Agreed. > > The only way to find out who sent the message is to look up the > > message in the maillog file, which is rather tedious. Why does the > > first line of the header have the "From " line replaced by > > Return-Path with nothing useful in it? > > Because that is what the spec says. > > > Can that behaviour be changed? > > No, sorry. Can we then look at the raw message format used for storing the quarantined mail? It is stored with a header such as: Return-Path: <.g> Received: from . . . From: . . . Subject: . . . In the first line, the .g is presumably the sendmail $g macro which represents the envelope sender. If it were to be expanded before being stored in quarantine it would become the much more useful: Return-Path: Received: from . . . From: . . . Subject: . . . which does not involve any munging of the raw message. The $g macro is not part of the RFC822 specification (it is just a sendmail concept), whereas the Return-Path header line is part of the RFC822 specification and is required to be added at final delivery - which presumably includes delivery to the quarantine folder. "Return-Path: <.g>" is not an RFC822 compliant header as it does not "contain definitive information about the address and route back to the message's originator". Please look at the possibility of expanding the macro to provide a more informative Return-Path header line. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From campbell at cnpapers.com Thu May 25 14:40:08 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Thu May 25 14:40:28 2006 Subject: Explain filename/filetype please Message-ID: <000b01c68000$bd437d70$0705000a@DDF5DW71> I had always figured I had a handle on the two filename/filetype rules conf files, but apparently, I don't. I need to block movie files, but they aren't being done as I thought they would. I see in 4.50, these were defaulted to 'allow' in the filetype rule, but I have modified that conf file back to before 4.50 (actually never implemented the rpmnew file). I need an explaination of the following please from the Changelog for 4.50: Disabled movie format "deny" rules in filetype.rules.conf and have enabled filetype checking by default. What does the 'checking by default' mean? I wasn't aware I could turn it off other than maybe a blank Conf option. Am I correct in my way of thinking that "filename" uses a RegExp type match and that "filetype" uses the result from the 'file' command? Should I add extensions in the filename file for these as they are not, by default, there, just to cover all bases? Recommendations of filetype extensions would be appreciated here! Thanks for any help in making the clouds disappear over my brain. Steve Campbell campbell@cnpapers.com Charleston Newspapers From glenn.steen at gmail.com Thu May 25 14:46:21 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu May 25 14:46:24 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <200605250801.34159.james@grayonline.id.au> References: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> <4471A7D2.65ED.00A2.0@plattesheriff.org> <200605250801.34159.james@grayonline.id.au> Message-ID: <223f97700605250646k31d5c4b4sd1a3fc9d08fbc5bd@mail.gmail.com> On 25/05/06, James Gray wrote: (snip) > My record is a tad over 700 days on a Solaris 7 box, then one of the CPU's in > the E450 fried and the whole thing died. Didn't boot anymore after that and > Sun EOL'ed the E450, so we gutted it and grafted a bar fridge into it. It > now spends it's days serving cold beverages to the IT staff :P Had a DG/UX machine run for over 1000 days, doing Oracle and very little else. It actually didn't die, ust was decomissioned due to ... old age and weakness:-). "Current" record at the plant was a "forgotten" linux box that mostly did arpwatch stuff. Ran for 2.5 c:a 900 days, then ... we had an outage for approximately 1.5 hours... The UPS died after 1 hour 15 minutes, grrr... The AIX boxes I run now, for Oracle, are really prone to reboots... Never survives more than a year between reboots, tops:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Thu May 25 15:19:10 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 25 15:19:27 2006 Subject: Feature request: allow null address in rulesets In-Reply-To: <7C8E97C2-07D5-4F55-94E5-920BE68A4FA7@ecs.soton.ac.uk> References: <7C8E97C2-07D5-4F55-94E5-920BE68A4FA7@ecs.soton.ac.uk> Message-ID: Okay, I found a minor bug stopping this working. Please apply the attached 1 line patch to Config.pm (in /usr/lib/ MailScanner/MailScanner on Linux systems) and then use From: /^$/ and To: user@domain yes and you will find it does what you want. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- A non-text attachment was scrubbed... Name: Config.pm.patch.gz Type: application/x-gzip Size: 296 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060525/4230b00a/Config.pm.patch.gz -------------- next part -------------- On 25 May 2006, at 12:10, Julian Field wrote: > Can you try 2 options please? > > 1. > From: /^$/ and To: user@domain yes > 2. > From: /\^\$/ and To: user@domain yes > > And please let me know if either of these options work. > > On 25 May 2006, at 10:42, Jim Holland wrote: > >> Hi Julian >> >> Rules such as the following do not work: >> >> From: <> and To: user@domain yes >> >> as I presume that the brackets are stripped off any addresses when >> evaluating the rules. Having the ability to set up rules such as the >> above in spam.blacklist.rules would be useful when a particular >> individual >> was being bombarded by bounces due to a Joe Job, for example. >> >> Would you be prepared to provide for the use of the <> address in >> rulesets? >> >> Regards >> >> Jim Holland >> System Administrator >> MANGO - Zimbabwe's non-profit e-mail service >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From MailScanner at ecs.soton.ac.uk Thu May 25 15:34:12 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 25 15:34:33 2006 Subject: Explain filename/filetype please In-Reply-To: <000b01c68000$bd437d70$0705000a@DDF5DW71> References: <000b01c68000$bd437d70$0705000a@DDF5DW71> Message-ID: On 25 May 2006, at 14:40, Steve Campbell wrote: > I had always figured I had a handle on the two filename/filetype > rules conf files, but apparently, I don't. And I have further muddied the waters by adding an alternative much simpler system you can use as well or instead. See the comments in MailScanner.conf just above the "Allow Filenames" setting. Just to keep you on your toes of course :-) You can do most things with the new settings and they are a hell of a lot easier to understand for most people. > I need to block movie files, but they aren't being done as I > thought they would. I see in 4.50, these were defaulted to 'allow' > in the filetype rule, but I have modified that conf file back to > before 4.50 (actually never implemented the rpmnew file). > > I need an explaination of the following please from the Changelog > for 4.50: > > Disabled movie format "deny" rules in filetype.rules.conf I commented out the movie format rules I supply in my filetype.rules.conf file. > and have enabled > filetype checking by default. You can enable and disable the whole filetype checking system by not telling it where to find the "file" command. I used to supply the MailScanner.conf file with the location of the "file" command commented out, so that the whole system was switched off. I have now removed the comment character # from the line, so that the whole system is switched on in the MailScanner.conf file I supply. > Am I correct in my way of thinking that "filename" uses a RegExp > type match Correct. > and that "filetype" uses the result from the 'file' command? Correct. > Should I add extensions in the filename file for these as they are > not, by default, there, just to cover all bases? Recommendations of > filetype extensions would be appreciated here! You can disable them by filename as well as by filetype to be doubly sure you get them. For the "filetype" rule text to put in, use the "file" command on a few of the files and put in filetype.rules.conf the important bits of the text you get back from the "file" command. You probably don't want to put all of it in, as they often contain information on the block encoding, data rate, etc of the movie file, and you just want to block these movie files in general. Then just make sure your MailScanner.conf file has the setting telling it where to find the "file" command and away you go. > Thanks for any help in making the clouds disappear over my brain. I hope stuff above helps! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From campbell at cnpapers.com Thu May 25 15:54:28 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Thu May 25 15:54:40 2006 Subject: Explain filename/filetype please References: <000b01c68000$bd437d70$0705000a@DDF5DW71> Message-ID: <002801c6800b$1f553030$0705000a@DDF5DW71> Julian, Thanks so much, see below please. ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Thursday, May 25, 2006 10:34 AM Subject: Re: Explain filename/filetype please > On 25 May 2006, at 14:40, Steve Campbell wrote: > >> I had always figured I had a handle on the two filename/filetype rules >> conf files, but apparently, I don't. > > And I have further muddied the waters by adding an alternative much > simpler system you can use as well or instead. See the comments in > MailScanner.conf just above the "Allow Filenames" setting. Yes, I have added the most popular extensions to the Deny option, and am testing now. (Did a reload instead of stop/start) > > Just to keep you on your toes of course :-) > > You can do most things with the new settings and they are a hell of a lot > easier to understand for most people. > >> I need to block movie files, but they aren't being done as I thought >> they would. I see in 4.50, these were defaulted to 'allow' in the >> filetype rule, but I have modified that conf file back to before 4.50 >> (actually never implemented the rpmnew file). >> >> I need an explaination of the following please from the Changelog for >> 4.50: >> >> Disabled movie format "deny" rules in filetype.rules.conf > > I commented out the movie format rules I supply in my filetype.rules.conf > file. > >> and have enabled >> filetype checking by default. > > You can enable and disable the whole filetype checking system by not > telling it where to find the "file" command. I used to supply the > MailScanner.conf file with the location of the "file" command commented > out, so that the whole system was switched off. I have now removed the > comment character # from the line, so that the whole system is switched > on in the MailScanner.conf file I supply. > >> Am I correct in my way of thinking that "filename" uses a RegExp type >> match > > Correct. > >> and that "filetype" uses the result from the 'file' command? > > Correct. > >> Should I add extensions in the filename file for these as they are not, >> by default, there, just to cover all bases? Recommendations of filetype >> extensions would be appreciated here! > > You can disable them by filename as well as by filetype to be doubly sure > you get them. For the "filetype" rule text to put in, use the "file" > command on a few of the files and put in filetype.rules.conf the > important bits of the text you get back from the "file" command. You > probably don't want to put all of it in, as they often contain > information on the block encoding, data rate, etc of the movie file, and > you just want to block these movie files in general. > > Then just make sure your MailScanner.conf file has the setting telling it > where to find the "file" command and away you go. > >> Thanks for any help in making the clouds disappear over my brain. > > I hope stuff above helps! It has helped, and I thank you very much for everything. BTW, does using the two new options cause swapping? Hope you have a great trip, also. I don't live in New Orleans, but when you get my age, you think a lot about food alot, and that place is a real experience. Steve > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From kevinp at webpipe.net Thu May 25 18:08:59 2006 From: kevinp at webpipe.net (Kevin Pendleton) Date: Thu May 25 18:09:09 2006 Subject: 4.53.8? Message-ID: <4475E4AB.3040100@webpipe.net> So is 4.53.8 considered a good stable? I'm building a new box and was a little confused on all the 4.53 releases. So is there still another pending bug fix stable release for 4.53 or are we good to use it? Thanks, Kevin From MailScanner at ecs.soton.ac.uk Thu May 25 18:18:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 25 18:18:23 2006 Subject: Explain filename/filetype please In-Reply-To: <002801c6800b$1f553030$0705000a@DDF5DW71> References: <000b01c68000$bd437d70$0705000a@DDF5DW71> <002801c6800b$1f553030$0705000a@DDF5DW71> Message-ID: <4475E6D3.6000809@ecs.soton.ac.uk> Steve Campbell wrote: > It has helped, and I thank you very much for everything. > BTW, does using the two new options cause swapping? Er, no. > > Hope you have a great trip, also. I don't live in New Orleans, but > when you get my age, you think a lot about food alot, and that place > is a real experience. Yes, I've been there. Great city, I'm sure it will come back better than ever. From what I hear, bits are back up and running already. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu May 25 18:18:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 25 18:19:03 2006 Subject: 4.53.8? In-Reply-To: <4475E4AB.3040100@webpipe.net> References: <4475E4AB.3040100@webpipe.net> Message-ID: <4475E6FF.2090900@ecs.soton.ac.uk> No, I would go for the latest 4.54 definitely. No problems reported with them. There won't be any more 4.53 releases. Kevin Pendleton wrote: > So is 4.53.8 considered a good stable? I'm building a new box and was a > little confused on all the 4.53 releases. So is there still another > pending bug fix stable release for 4.53 or are we good to use it? > > Thanks, > > Kevin > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From sandrews at andrewscompanies.com Thu May 25 18:23:23 2006 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Thu May 25 18:23:26 2006 Subject: Dump and load bayes db Message-ID: <1964AAFBC212F742958F9275BF63DBB03B1476@winchester.andrewscompanies.com> Somewhere I had a way to dump the contents of the bayes db and load a fresh one, dcdump I think it was; but I can't find that info anymore. Anyone have any pointers? Thanks, Steve From mailscanner at mango.zw Thu May 25 18:34:35 2006 From: mailscanner at mango.zw (Jim Holland) Date: Thu May 25 18:41:07 2006 Subject: Feature request: allow null address in rulesets In-Reply-To: Message-ID: On Thu, 25 May 2006, Julian Field wrote: > Okay, I found a minor bug stopping this working. > Please apply the attached 1 line patch to Config.pm (in /usr/lib/ > MailScanner/MailScanner on Linux systems) and then use > > From: /^$/ and To: user@domain yes > > and you will find it does what you want. Thanks very much indeed - that does exactly what I want! Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From campbell at cnpapers.com Thu May 25 18:43:01 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Thu May 25 18:43:17 2006 Subject: Explain filename/filetype please References: <000b01c68000$bd437d70$0705000a@DDF5DW71> <002801c6800b$1f553030$0705000a@DDF5DW71> <4475E6D3.6000809@ecs.soton.ac.uk> Message-ID: <001e01c68022$ab3e5470$0705000a@DDF5DW71> ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Thursday, May 25, 2006 1:18 PM Subject: Re: Explain filename/filetype please > Steve Campbell wrote: >> It has helped, and I thank you very much for everything. >> BTW, does using the two new options cause swapping? > Er, no. Guess I should have put those smiley things at the end of the above sentence? >> >> Hope you have a great trip, also. I don't live in New Orleans, but when >> you get my age, you think a lot about food alot, and that place is a real >> experience. > Yes, I've been there. Great city, I'm sure it will come back better than > ever. From what I hear, bits are back up and running already. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 25 18:47:16 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 25 18:48:27 2006 Subject: Thoughts please: 4.54.4 as a stable? Message-ID: <4475EDA4.2000505@ecs.soton.ac.uk> Given the problems with 4.53.8, should I change the latest stable release to 4.54.4? I am not intending to do a June release, unless people think that is a better solution to the 4.53 problem. A new stable or the current beta-->stable? Your thoughts please! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu May 25 18:50:48 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 25 18:50:56 2006 Subject: Feature request: allow null address in rulesets In-Reply-To: References: Message-ID: <4475EE78.1090403@ecs.soton.ac.uk> Jim Holland wrote: > On Thu, 25 May 2006, Julian Field wrote: > >> Okay, I found a minor bug stopping this working. >> Please apply the attached 1 line patch to Config.pm (in /usr/lib/ >> MailScanner/MailScanner on Linux systems) and then use >> >> From: /^$/ and To: user@domain yes >> >> and you will find it does what you want. >> > > Thanks very much indeed - that does exactly what I want! > In return, please could you write some docs in the wiki about this? You can base it on one of my (or anyone else's) explanations of rulesets, but make sure you include this point as it is very useful for catching bounce messages. Thanks! A bit of give and take isn't too bad an idea :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From daniel.maher at ubisoft.com Thu May 25 19:05:07 2006 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Thu May 25 19:05:13 2006 Subject: Thoughts please: 4.54.4 as a stable? Message-ID: <1E293D3FF63A3740B10AD5AAD88535D20226CE64@UBIMAIL1.ubisoft.org> I recently inherited a set of incoming mail servers running Postfix 2.0 and MailScanner 4.51. They handle around 400,000 pieces of mail per day. I am considering upgrading both Postfix and MailScanner for efficiency purposes (the newer versions of both are purported to be faster), but I am wary about fixing something that isn't broken (so to speak). I would very much appreciate any and all commentary as to whether 4.54.x is stable, and whether it can be relied on for a reasonably large-scale mail operations in the global enterprise. Thank you. :) -- Daniel Maher Administrateur Syst?me Unix Unix System Administrator Sentio aliquos togatos contra me conspirare. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: May 25, 2006 1:47 PM To: MailScanner discussion; MailScanner Beta-testers Subject: Thoughts please: 4.54.4 as a stable? Given the problems with 4.53.8, should I change the latest stable release to 4.54.4? I am not intending to do a June release, unless people think that is a better solution to the 4.53 problem. A new stable or the current beta-->stable? Your thoughts please! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 25 19:15:06 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 25 19:15:21 2006 Subject: Thoughts please: 4.54.4 as a stable? In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D20226CE64@UBIMAIL1.ubisoft.org> References: <1E293D3FF63A3740B10AD5AAD88535D20226CE64@UBIMAIL1.ubisoft.org> Message-ID: <4475F42A.9010604@ecs.soton.ac.uk> Daniel Maher wrote: > I recently inherited a set of incoming mail servers running Postfix 2.0 and MailScanner 4.51. They handle around 400,000 pieces of mail per day. I am considering upgrading both Postfix and MailScanner for efficiency purposes (the newer versions of both are purported to be faster), but I am wary about fixing something that isn't broken (so to speak). > The major speed increases were up to 4.50. Is 4.54 much faster than 4.51? > I would very much appreciate any and all commentary as to whether 4.54.x is stable, and whether it can be relied on for a reasonably large-scale mail operations in the global enterprise. > The current differences between 4.54.4 and the proposed 4.54.5 are (These give you a good idea of the stability as I have addressed every known problem with 4.54.4 in 4.54.5) 5 Added Net::IP Perl module as it is needed for SpamAssassin and Net::DNS. 5 Improved handling of Unicode encoded subject lines with a few trailing spaces. 5 Fresh translation of German languges.conf file. 5 Fixed bug in sophos-wrapper caused by confusion between Sophos V4 and V5. 5 Fixed bug stopping regexp rule /^$/ from working properly in rulesets. That is the total list of all known problems in 4.54 and improvements made to 4.54.5. I will release 4.54.5 as another beta (with no known problems at all) if you want me to. I suspect the only thing you actually might want is the new sophos-wrapper which I have posted to the list already, a couple of days ago. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mikej at rogers.com Thu May 25 19:16:03 2006 From: mikej at rogers.com (Mike Jakubik) Date: Thu May 25 19:15:39 2006 Subject: Thoughts please: 4.54.4 as a stable? In-Reply-To: <4475EDA4.2000505@ecs.soton.ac.uk> References: <4475EDA4.2000505@ecs.soton.ac.uk> Message-ID: <4475F463.6020807@rogers.com> Julian Field wrote: > Given the problems with 4.53.8, should I change the latest stable > release to 4.54.4? > I am not intending to do a June release, unless people think that is a > better solution to the 4.53 problem. Julian, Having looked at the changelog, i think it would be beneficial to release a new stable version if you plan on a less frequent release cycle. The fixes look important, and the changes don't seem like they would cause any problems. Thanks. From rob at robhq.com Thu May 25 19:23:00 2006 From: rob at robhq.com (rob freeman) Date: Thu May 25 19:17:09 2006 Subject: Thoughts please: 4.54.4 as a stable? In-Reply-To: <4475EDA4.2000505@ecs.soton.ac.uk> Message-ID: <24453082.1148581380568.JavaMail.root@gollum.robhq.com> Seems rock solid to me. Have not had a single issue since installing it a few days ago. Rob ----- Original Message ----- From: mailscanner-bounces@lists.mailscanner.info on behalf of Julian Field Sent: Thu, 5/25/2006 12:56pm To: MailScanner discussion ; MailScanner Beta-testers Subject: Thoughts please: 4.54.4 as a stable? Given the problems with 4.53.8, should I change the latest stable release to 4.54.4? I am not intending to do a June release, unless people think that is a better solution to the 4.53 problem. A new stable or the current beta-->stable? Your thoughts please! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From sandrews at andrewscompanies.com Thu May 25 19:21:24 2006 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Thu May 25 19:21:27 2006 Subject: Thoughts please: 4.54.4 as a stable? Message-ID: <1964AAFBC212F742958F9275BF63DBB03B147A@winchester.andrewscompanies.com> Aw crap. I just got done upgrading everything to 4.54.4. ;) I'd say release. It'll save me the time of doing NetIP and NetDNS manually. Everything else looks stable as a rock to me. Steve -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, May 25, 2006 2:15 PM To: MailScanner discussion Subject: Re: Thoughts please: 4.54.4 as a stable? Daniel Maher wrote: > I recently inherited a set of incoming mail servers running Postfix 2.0 and MailScanner 4.51. They handle around 400,000 pieces of mail per day. I am considering upgrading both Postfix and MailScanner for efficiency purposes (the newer versions of both are purported to be faster), but I am wary about fixing something that isn't broken (so to speak). > The major speed increases were up to 4.50. Is 4.54 much faster than 4.51? > I would very much appreciate any and all commentary as to whether 4.54.x is stable, and whether it can be relied on for a reasonably large-scale mail operations in the global enterprise. > The current differences between 4.54.4 and the proposed 4.54.5 are (These give you a good idea of the stability as I have addressed every known problem with 4.54.4 in 4.54.5) 5 Added Net::IP Perl module as it is needed for SpamAssassin and Net::DNS. 5 Improved handling of Unicode encoded subject lines with a few trailing spaces. 5 Fresh translation of German languges.conf file. 5 Fixed bug in sophos-wrapper caused by confusion between Sophos V4 and V5. 5 Fixed bug stopping regexp rule /^$/ from working properly in rulesets. That is the total list of all known problems in 4.54 and improvements made to 4.54.5. I will release 4.54.5 as another beta (with no known problems at all) if you want me to. I suspect the only thing you actually might want is the new sophos-wrapper which I have posted to the list already, a couple of days ago. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From maillists at conactive.com Thu May 25 19:31:29 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu May 25 19:29:43 2006 Subject: Dump and load bayes db In-Reply-To: <1964AAFBC212F742958F9275BF63DBB03B1476@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB03B1476@winchester.andrewscompanies.com> Message-ID: wrote on Thu, 25 May 2006 13:23:23 -0400: > Somewhere I had a way to dump the contents of the bayes db and load a > fresh one, dcdump I think it was; but I can't find that info anymore. sa-learn has several options for this. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From sandrews at andrewscompanies.com Thu May 25 19:33:14 2006 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Thu May 25 19:33:17 2006 Subject: Who has the slowest mailscanner? Message-ID: <1964AAFBC212F742958F9275BF63DBB039A5D2@winchester.andrewscompanies.com> I've got a couple old Pentium-II/300 machines chugging away for a couple small clients. Both handle about 1000 messages/day. One of them is getting hammered right now and is running about 7000 messages/day....poor thing. Steve From jaearick at colby.edu Thu May 25 19:28:28 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu May 25 19:35:49 2006 Subject: Thoughts please: 4.54.4 as a stable? In-Reply-To: <4475EDA4.2000505@ecs.soton.ac.uk> References: <4475EDA4.2000505@ecs.soton.ac.uk> Message-ID: I give it a thumbs up. Didn't try the issue this morning of m for megabyte not working. I'm a power-of-two guy... Jeff Earickson Colby College On Thu, 25 May 2006, Julian Field wrote: > Date: Thu, 25 May 2006 18:47:16 +0100 > From: Julian Field > Reply-To: MailScanner Beta-testers > To: MailScanner discussion , > MailScanner Beta-testers > Subject: Thoughts please: 4.54.4 as a stable? > > Given the problems with 4.53.8, should I change the latest stable release to > 4.54.4? > I am not intending to do a June release, unless people think that is a better > solution to the 4.53 problem. > > A new stable or the current beta-->stable? > > Your thoughts please! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner-Beta mailing list > mailscanner-beta@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner-beta > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From sandrews at andrewscompanies.com Thu May 25 19:36:47 2006 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Thu May 25 19:36:50 2006 Subject: Dump and load bayes db Message-ID: <1964AAFBC212F742958F9275BF63DBB03B147D@winchester.andrewscompanies.com> I think that's what I was looking for. Thanks Kai! -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kai Schaetzl Sent: Thursday, May 25, 2006 2:31 PM To: mailscanner@lists.mailscanner.info Subject: Re: Dump and load bayes db wrote on Thu, 25 May 2006 13:23:23 -0400: > Somewhere I had a way to dump the contents of the bayes db and load a > fresh one, dcdump I think it was; but I can't find that info anymore. sa-learn has several options for this. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 25 20:05:14 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 25 20:05:25 2006 Subject: 4.54.5 beta pending new stable release Message-ID: <4475FFEA.2030306@ecs.soton.ac.uk> I have just released 4.54.5, which will become a new stable release in a few days if there are no major problems with it. There have been a few problems with 4.53 and this is to remedy the problem. I will move it to stable in a few days. Compared to 4.54.4 the only important change is the auto-update of Sophos. The only new things over the previous beta 4.54.4 are these: 5 Added Net::IP Perl module as it is needed for SpamAssassin and Net::DNS. 5 Improved handling of Unicode encoded subject lines with a few trailing spaces. 5 Fresh translation of German languges.conf file. 5 Fixed bug in sophos-wrapper caused by confusion between Sophos V4 and V5. 5 Fixed bug stopping regexp rule /^$/ from working properly in rulesets. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Thu May 25 20:11:59 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu May 25 20:12:02 2006 Subject: Explain filename/filetype please In-Reply-To: <001e01c68022$ab3e5470$0705000a@DDF5DW71> References: <000b01c68000$bd437d70$0705000a@DDF5DW71> <002801c6800b$1f553030$0705000a@DDF5DW71> <4475E6D3.6000809@ecs.soton.ac.uk> <001e01c68022$ab3e5470$0705000a@DDF5DW71> Message-ID: <223f97700605251211h10478349u102c61141ddd7a2e@mail.gmail.com> On 25/05/06, Steve Campbell wrote: > > ----- Original Message ----- > From: "Julian Field" > To: "MailScanner discussion" > Sent: Thursday, May 25, 2006 1:18 PM > Subject: Re: Explain filename/filetype please > > > > Steve Campbell wrote: > >> It has helped, and I thank you very much for everything. > >> BTW, does using the two new options cause swapping? > > Er, no. > > Guess I should have put those smiley things at the end of the above > sentence? > I think the ironic humour of it was pretty obvious.... BTW, don't trust Jules on this, according to certain sources (hint, initials: M S) He and JP Koopmann is actually trying to dominate the world by their efforts.... Any FreeBSD system installed with JPs port of MailScanner will SWAP uncontrollably. So don't put any other equipment near it, or the toaster will suddenly sport a gfx adapter etc etc. Rumor has it that Jules is busily incorporating the same feature into all his future releases. Exactly how the world domination is to come about is still shrouded in secrecy.....:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at nkpanama.com Thu May 25 20:12:10 2006 From: alex at nkpanama.com (Alex Neuman) Date: Thu May 25 20:12:33 2006 Subject: Feature request: allow null address in rulesets In-Reply-To: <4475EE78.1090403@ecs.soton.ac.uk> References: <4475EE78.1090403@ecs.soton.ac.uk> Message-ID: <4476018A.4020005@nkpanama.com> This should also probably go in the # comments at the beginning of the spam.blacklist.rules file. New users might appreciate knowing they can block <> from specific domains/ips or to specific users/domains. Julian Field escribi?: > Jim Holland wrote: >> On Thu, 25 May 2006, Julian Field wrote: >> >>> Okay, I found a minor bug stopping this working. >>> Please apply the attached 1 line patch to Config.pm (in /usr/lib/ >>> MailScanner/MailScanner on Linux systems) and then use >>> >>> From: /^$/ and To: user@domain yes >>> >>> and you will find it does what you want. >>> >> >> Thanks very much indeed - that does exactly what I want! >> > In return, please could you write some docs in the wiki about this? > You can base it on one of my (or anyone else's) explanations of > rulesets, but make sure you include this point as it is very useful > for catching bounce messages. > > Thanks! > > A bit of give and take isn't too bad an idea :-) > From glenn.steen at gmail.com Thu May 25 20:21:53 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu May 25 20:21:56 2006 Subject: Thoughts please: 4.54.4 as a stable? In-Reply-To: <4475EDA4.2000505@ecs.soton.ac.uk> References: <4475EDA4.2000505@ecs.soton.ac.uk> Message-ID: <223f97700605251221g6e29b670n7c0b255c9a49c1e8@mail.gmail.com> On 25/05/06, Julian Field wrote: > Given the problems with 4.53.8, should I change the latest stable > release to 4.54.4? > I am not intending to do a June release, unless people think that is a > better solution to the 4.53 problem. > > A new stable or the current beta-->stable? > > Your thoughts please! > You'd be saving yourself a lot of trouble doing either:-). If you hold of until monday, I think I'll have a summary of the panda fixes that are needed for 9.0 ... but then again, I don't think that many actually use it, so perhaps not:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From campbell at cnpapers.com Thu May 25 20:35:50 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Thu May 25 20:36:10 2006 Subject: Explain filename/filetype please References: <000b01c68000$bd437d70$0705000a@DDF5DW71><002801c6800b$1f553030$0705000a@DDF5DW71><4475E6D3.6000809@ecs.soton.ac.uk><001e01c68022$ab3e5470$0705000a@DDF5DW71> <223f97700605251211h10478349u102c61141ddd7a2e@mail.gmail.com> Message-ID: <001001c68032$6e0ca380$0705000a@DDF5DW71> ----- Original Message ----- From: "Glenn Steen" To: "MailScanner discussion" Sent: Thursday, May 25, 2006 3:11 PM Subject: Re: Explain filename/filetype please > On 25/05/06, Steve Campbell wrote: >> >> ----- Original Message ----- >> From: "Julian Field" >> To: "MailScanner discussion" >> Sent: Thursday, May 25, 2006 1:18 PM >> Subject: Re: Explain filename/filetype please >> >> >> > Steve Campbell wrote: >> >> It has helped, and I thank you very much for everything. >> >> BTW, does using the two new options cause swapping? >> > Er, no. >> >> Guess I should have put those smiley things at the end of the above >> sentence? >> > I think the ironic humour of it was pretty obvious.... > BTW, don't trust Jules on this, according to certain sources > (hint, initials: M S) He and JP Koopmann is actually trying to > dominate the world by their efforts.... Any FreeBSD system installed > with JPs port of MailScanner will SWAP uncontrollably. So don't put > any other equipment near it, or the toaster will suddenly sport a gfx > adapter etc etc. Rumor has it that Jules is busily incorporating the > same feature into all his future releases. Exactly how the world > domination is to come about is still shrouded in > secrecy.....:-) The swap thing was such a bothersome thread, that I wasn't sure Julian took it the right way. I didn't see him smile when he answered. He would make a great poker player. Anyway, it's wore out completely, so I'll stay off of that one forever more. Steve > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From t.d.lee at durham.ac.uk Thu May 25 20:36:19 2006 From: t.d.lee at durham.ac.uk (David Lee) Date: Thu May 25 20:36:30 2006 Subject: Thoughts please: 4.54.4 as a stable? In-Reply-To: <4475EDA4.2000505@ecs.soton.ac.uk> References: <4475EDA4.2000505@ecs.soton.ac.uk> Message-ID: On Thu, 25 May 2006, Julian Field wrote: > Given the problems with 4.53.8, should I change the latest stable > release to 4.54.4? > I am not intending to do a June release, unless people think that is a > better solution to the 4.53 problem. > > A new stable or the current beta-->stable? > > Your thoughts please! >From the user perspective the label "stable" signals reliability, and freedom from bugs (so far as is reasonably practicable). Likewise the label "beta" signals caution, 'own risk', and possible known-and-unfixed problems. We, the users, need to be able to trust those labels ("stable", "beta") and, crucially, their implied signals about production-quality reliability. (What follows is intended as constructive!) My understanding is that 4.53.y, which bears the label "stable", in fact has some serious problems and so is actually unstable in use. Whereas 4.54.x, which bears the cautionary label "beta" is, in practice, more reliable (production quality). (Is that understanding correct?) If so, then the labelling ("stable", "beta") becomes open to question (untrustworthy, even?) and casts a shadow of doubt over the trust we can place in the MS product that we download. Knowing that the label "stable" means reliable is, to my mind, much more important than release schedules. Aiming at a regular schedule is nice. But having the label "stable" mean reliable is absolutely essential. So... 4.53.x or 4.54.x ? My vote is that the "stable" link should point to the most reliable. And I understand that to be 4.54.x . Hope that helps. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : Durham University : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From glenn.steen at gmail.com Thu May 25 20:46:13 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu May 25 20:46:17 2006 Subject: Explain filename/filetype please In-Reply-To: <001001c68032$6e0ca380$0705000a@DDF5DW71> References: <000b01c68000$bd437d70$0705000a@DDF5DW71> <002801c6800b$1f553030$0705000a@DDF5DW71> <4475E6D3.6000809@ecs.soton.ac.uk> <001e01c68022$ab3e5470$0705000a@DDF5DW71> <223f97700605251211h10478349u102c61141ddd7a2e@mail.gmail.com> <001001c68032$6e0ca380$0705000a@DDF5DW71> Message-ID: <223f97700605251246p54de8009s864224e60e22b954@mail.gmail.com> On 25/05/06, Steve Campbell wrote: > > ----- Original Message ----- > From: "Glenn Steen" > To: "MailScanner discussion" > Sent: Thursday, May 25, 2006 3:11 PM > Subject: Re: Explain filename/filetype please > > > > On 25/05/06, Steve Campbell wrote: > >> > >> ----- Original Message ----- > >> From: "Julian Field" > >> To: "MailScanner discussion" > >> Sent: Thursday, May 25, 2006 1:18 PM > >> Subject: Re: Explain filename/filetype please > >> > >> > >> > Steve Campbell wrote: > >> >> It has helped, and I thank you very much for everything. > >> >> BTW, does using the two new options cause swapping? > >> > Er, no. > >> > >> Guess I should have put those smiley things at the end of the above > >> sentence? > >> > > I think the ironic humour of it was pretty obvious.... > > BTW, don't trust Jules on this, according to certain sources > > (hint, initials: M S) He and JP Koopmann is actually trying to > > dominate the world by their efforts.... Any FreeBSD system installed > > with JPs port of MailScanner will SWAP uncontrollably. So don't put > > any other equipment near it, or the toaster will suddenly sport a gfx > > adapter etc etc. Rumor has it that Jules is busily incorporating the > > same feature into all his future releases. Exactly how the world > > domination is to come about is still shrouded in > > secrecy.....:-) > > The swap thing was such a bothersome thread, that I wasn't sure Julian took > it the right way. I didn't see him smile when he answered. He would make a > great poker player. Anyway, it's wore out completely, so I'll stay off of > that one forever more. > I've cowardly/sensibly stayed clear of both the threads alluded to in my Joke. just couldn't help myself, this time:-) but you are right, that horse is truly dead.... (Although I'm amazed noone drew the parallell to a certain J A Tailor. Especially JPs first thread with him... Perhaps he (M S) was a bit short on threatening with the Feds, to make that connection though:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ka at pacific.net Thu May 25 20:49:28 2006 From: ka at pacific.net (Ken A) Date: Thu May 25 20:49:36 2006 Subject: Thoughts please: 4.54.4 as a stable? In-Reply-To: References: <4475EDA4.2000505@ecs.soton.ac.uk> Message-ID: <44760A48.3040109@pacific.net> David Lee wrote: > On Thu, 25 May 2006, Julian Field wrote: > >> Given the problems with 4.53.8, should I change the latest stable >> release to 4.54.4? >> I am not intending to do a June release, unless people think that is a >> better solution to the 4.53 problem. >> >> A new stable or the current beta-->stable? >> >> Your thoughts please! > >>From the user perspective the label "stable" signals reliability, and > freedom from bugs (so far as is reasonably practicable). Likewise the > label "beta" signals caution, 'own risk', and possible known-and-unfixed > problems. We, the users, need to be able to trust those labels ("stable", > "beta") and, crucially, their implied signals about production-quality > reliability. > > (What follows is intended as constructive!) My understanding is that > 4.53.y, which bears the label "stable", in fact has some serious problems > and so is actually unstable in use. Whereas 4.54.x, which bears the > cautionary label "beta" is, in practice, more reliable (production > quality). (Is that understanding correct?) If so, then the labelling > ("stable", "beta") becomes open to question (untrustworthy, even?) and > casts a shadow of doubt over the trust we can place in the MS product > that we download. Yep, well that was sorta the whole point in starting the beta list, wasn't it? The idea that this sort of upside-down-ness of beta vs. stable shouldn't be repeated if possible, but with frequent releases, it's likely to happen occationally. The increase of beta testing and reporting should help. It does happen sometimes though, despite our best efforts.. as I (version 1) came before my son (version 2); but at 2 yrs old, he's still very much a beta human. ;-) That said, I think 4.54.5 is out of diapers. Ken A Pacific.Net > Knowing that the label "stable" means reliable is, to my mind, much more > important than release schedules. Aiming at a regular schedule is nice. > But having the label "stable" mean reliable is absolutely essential. > > So... 4.53.x or 4.54.x ? My vote is that the "stable" link should point > to the most reliable. And I understand that to be 4.54.x . > > Hope that helps. > > From lshaw at emitinc.com Thu May 25 20:54:58 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Thu May 25 20:55:12 2006 Subject: Explain filename/filetype please In-Reply-To: <223f97700605251211h10478349u102c61141ddd7a2e@mail.gmail.com> References: <000b01c68000$bd437d70$0705000a@DDF5DW71> <002801c6800b$1f553030$0705000a@DDF5DW71> <4475E6D3.6000809@ecs.soton.ac.uk> <001e01c68022$ab3e5470$0705000a@DDF5DW71> <223f97700605251211h10478349u102c61141ddd7a2e@mail.gmail.com> Message-ID: On Thu, 25 May 2006, Glenn Steen wrote: > I think the ironic humour of it was pretty obvious.... > BTW, don't trust Jules on this, according to certain sources > (hint, initials: M S) He and JP Koopmann is actually trying to > dominate the world by their efforts.... Any FreeBSD system installed > with JPs port of MailScanner will SWAP uncontrollably. So don't put > any other equipment near it, or the toaster will suddenly sport a gfx > adapter etc etc. So we are talking about a video toaster then? Are you saying that Julian should visit Topeka (yes, Topeka) on his world tour[1]? - Logan [1] Now if that isn't a sufficiently obscure reference, I don't know what is... From mailscanner at mango.zw Thu May 25 21:32:23 2006 From: mailscanner at mango.zw (Jim Holland) Date: Thu May 25 21:33:38 2006 Subject: Feature request: allow null address in rulesets In-Reply-To: <4475EE78.1090403@ecs.soton.ac.uk> Message-ID: On Thu, 25 May 2006, Julian Field wrote: > >> Okay, I found a minor bug stopping this working. > >> Please apply the attached 1 line patch to Config.pm (in /usr/lib/ > >> MailScanner/MailScanner on Linux systems) and then use > >> > >> From: /^$/ and To: user@domain yes > >> > >> and you will find it does what you want. > >> > > > > Thanks very much indeed - that does exactly what I want! > > > In return, please could you write some docs in the wiki about this? You > can base it on one of my (or anyone else's) explanations of rulesets, > but make sure you include this point as it is very useful for catching > bounce messages. OK - I am happy to do this, but as I am going to be out of town and off line for a few days I will probably not have a chance to get this done before next Wednesday. > A bit of give and take isn't too bad an idea :-) Definitely. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From ssilva at sgvwater.com Thu May 25 22:01:17 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu May 25 22:02:18 2006 Subject: Thoughts please: 4.54.4 as a stable? In-Reply-To: <4475F42A.9010604@ecs.soton.ac.uk> References: <1E293D3FF63A3740B10AD5AAD88535D20226CE64@UBIMAIL1.ubisoft.org> <4475F42A.9010604@ecs.soton.ac.uk> Message-ID: Julian Field spake the following on 5/25/2006 11:15 AM: > Daniel Maher wrote: >> I recently inherited a set of incoming mail servers running Postfix >> 2.0 and MailScanner 4.51. They handle around 400,000 pieces of mail >> per day. I am considering upgrading both Postfix and MailScanner for >> efficiency purposes (the newer versions of both are purported to be >> faster), but I am wary about fixing something that isn't broken (so to >> speak). >> > The major speed increases were up to 4.50. Is 4.54 much faster than 4.51? >> I would very much appreciate any and all commentary as to whether >> 4.54.x is stable, and whether it can be relied on for a reasonably >> large-scale mail operations in the global enterprise. >> > The current differences between 4.54.4 and the proposed 4.54.5 are > (These give you a good idea of the stability as I have addressed every > known problem with 4.54.4 in 4.54.5) > > 5 Added Net::IP Perl module as it is needed for SpamAssassin and Net::DNS. > 5 Improved handling of Unicode encoded subject lines with a few trailing > spaces. > 5 Fresh translation of German languges.conf file. > 5 Fixed bug in sophos-wrapper caused by confusion between Sophos V4 and V5. > 5 Fixed bug stopping regexp rule /^$/ from working properly in rulesets. > > That is the total list of all known problems in 4.54 and improvements > made to 4.54.5. I will release 4.54.5 as another beta (with no known > problems at all) if you want me to. > > I suspect the only thing you actually might want is the new > sophos-wrapper which I have posted to the list already, a couple of days > ago. > If you are releasing another beta, and nothing jumps up by the end of the month, I woild say to just call it stable and leave it at that. Ur just rebuild it as 4.54.6 for any body that just looks at the download area. Julian, have you ever considered making a symlink to the latest stable release, and pointing it to the current stable? Something like MailScanner.stable.rpm.tar.gz (or ???). Then maybe a build script could be created for any one who would like it. Something akin to the DCC build cron job. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From matt at coders.co.uk Thu May 25 22:46:12 2006 From: matt at coders.co.uk (Matt Hampton) Date: Thu May 25 22:46:14 2006 Subject: Thoughts please: 4.54.4 as a stable? In-Reply-To: References: <4475EDA4.2000505@ecs.soton.ac.uk> Message-ID: <447625A4.303@coders.co.uk> David Lee wrote: > Knowing that the label "stable" means reliable is, to my mind, much more > important than release schedules. Aiming at a regular schedule is nice. > But having the label "stable" mean reliable is absolutely essential. Agreed. > So... 4.53.x or 4.54.x ? My vote is that the "stable" link should point > to the most reliable. And I understand that to be 4.54.x . This may require more effort but how about the old "even are stable" thing. 4.54.x becomes the stable release. New features are add to 4.55.x. Bug fixes are backwards ported to 4.54.x matt From MailScanner at ecs.soton.ac.uk Thu May 25 23:04:30 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 25 23:04:43 2006 Subject: Thoughts please: 4.54.4 as a stable? In-Reply-To: <447625A4.303@coders.co.uk> References: <4475EDA4.2000505@ecs.soton.ac.uk> <447625A4.303@coders.co.uk> Message-ID: <447629EE.3090109@ecs.soton.ac.uk> Matt Hampton wrote: > David Lee wrote: > >> Knowing that the label "stable" means reliable is, to my mind, much more >> important than release schedules. Aiming at a regular schedule is nice. >> But having the label "stable" mean reliable is absolutely essential. >> > > Agreed. > > > >> So... 4.53.x or 4.54.x ? My vote is that the "stable" link should point >> to the most reliable. And I understand that to be 4.54.x . >> > > This may require more effort but how about the old "even are stable" thing. > > 4.54.x becomes the stable release. New features are add to 4.55.x. > > Bug fixes are backwards ported to 4.54.x That requires me to maintain 2 versions of MailScanner at any one time. Extra work :-( ==> not likely to happen :( -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From micoots at yahoo.com Fri May 26 01:11:27 2006 From: micoots at yahoo.com (Michael Mansour) Date: Fri May 26 01:11:31 2006 Subject: Who has the slowest mailscanner? In-Reply-To: <1964AAFBC212F742958F9275BF63DBB039A5D2@winchester.andrewscompanies.com> Message-ID: <20060526001127.49454.qmail@web33308.mail.mud.yahoo.com> Hi, > I've got a couple old Pentium-II/300 machines > chugging away for a couple > small clients. Both handle about 1000 messages/day. > One of them is > getting hammered right now and is running about 7000 > messages/day....poor thing. I have one PII 266 Dual CPU with 512mb of RAM and 2x 9Gb drives. It doesn't handle the bulk of email fortunately but acts as the backup mail server in case the primary is down. It's running FC2 and has been on-line for more than 10 years (Acer Altos 930). During that time it has warped from a dialup server, to firewall and now for the past few years a MailScanner server. It's the oldest box I have, it's had it's day and it's up for decommissioning (I'm just trying to find the time to do it). It's Acer Altos 1100 cousin (beefier PII 450 dual) which used to sit next to it blew it's power supply a couple of months back after a similar trail of un-affected service. Of course, the proprietry nature of servers back in the early nineties means it's cheaper to bin the server (which I did do) and get a new one than to get a $400 power supply from Acer (if you can still get them). This server is a little workhorse, they certainly don't build servers like they use to, but when I finally decommission it, I will tip my hat to it for the years of continuous service it's provided me. I can count the number of times I've rebooted it with my fingers and toes. Michael. ____________________________________________________ On Yahoo!7 Dating: It's free to join and check out our great singles! http://www.yahoo7.com.au/personals From MailScanner at ecs.soton.ac.uk Sat May 20 22:46:59 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 26 03:06:54 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! Message-ID: <446F8E53.5080407@ecs.soton.ac.uk> Your Software Needs You! I really need some people who are prepared to help with the beta testing of new MailScanner releases. MailScanner is now a complex mature application and the testing I can do on particular features is not enough to prove the co-operation between different settings. This has been highlighted in 4.53. So if you are prepared to partake in beta testing for me then please contact me directly at mailscanner@ecs.soton.ac.uk. You will need to be prepared to either 1) run beta versions on your live MailScanner systems if you are brave, or 2) run beta versions on a copy of your mail feed on a test server. This can be done (with sendmail) using the "roundhouse" milter available from SnertSoft. I'm sure the same can be achieved with Postfix, Exim and ZMailer. It does not matter how much mail you process each day at all. A home user prepared to tweak new settings on a system processing 30 messages per day is just as useful as an ISP processing 100,000 messages per day. Unknowingly, you will each be testing different aspects of MailScanner, so all help is useful regardless of size. I am not insisting that you test every single beta test version I publish, just that you help where and when you can, particularly in the run-up to a stable release. More about that in a minute. Unfortunately I can only offer you payment for this in the form of the odd T-shirt and the satisfaction that you are making an essential contribution to the best email filtering system on the planet. The more of you who are prepared to help, the better. Let us all work together to maintain MailScanner's high standards in quality and performance! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner-announce mailing list mailscanner-announce@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner-announce Before posting, read the Wiki (http://wiki.mailscanner.info/). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat May 20 22:49:53 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 26 03:07:01 2006 Subject: MailScanner ANNOUNCEMENT: Release schedule change Message-ID: <446F8F01.9030600@ecs.soton.ac.uk> MailScanner is now a pretty mature application. It has undergone continuous development for about 6 years and has come a long way in that time. Version 1 was 1,200 lines of Perl and shell, and had about 15 configuration options. Version 4.54 is over 44,000 lines of Perl and shell, and has 343 configuration options. These days, virtually all of the new features are written specifically for a few people, and are not desperately needed by most users. As a result of this, and to allow more time for testing, I am going to change the normal release schedule to a new stable release every 2 months instead of every month. Due to the nature of the world, I reserve the right to release every month or two months as I choose. The latest stable version number is always posted at the top of the home page of the www.MailScanner.info website. This will be good for MailScanner as it will be tested better before release, and it will be good for me by reducing the time I have to spend in the run-up to the start of every month. Note: This will not affect important bug-fix releases at all. Serious problems in the latest stable release will still be fixed as soon as possible, and published as soon as they have been fixed. These may be released either as later stable releases or early betas of the next release, as I do not want to have to fork the source code database at the start of every month and maintain two copies of the source code. Due to the extra time available for testing, this problem will be drastically reduced anyway. I hope you all understand my reasons for making this change, and that it will also reduce the time some of you spend maintaining your MailScanner systems at the very latest version. Maybe you would like to be in the "inner circle" of official beta-testers. I might even print a special T-shirt for you with your company logo on it advertising that you are a member of the inner circle. Please read my other posting re beta testers. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner-announce mailing list mailscanner-announce@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner-announce Before posting, read the Wiki (http://wiki.mailscanner.info/). Support MailScanner development - buy the book off the website! From martinh at solid-state-logic.com Fri May 26 07:41:46 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri May 26 07:42:11 2006 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.1.2 available! Message-ID: <005401c6808f$77736e10$3004010a@martinhlaptop> FYI Looks like a bug fix release... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: Theo Van Dinter [mailto:felicity@apache.org] > Sent: 26 May 2006 01:43 > To: Spamassassin Users List; Spamassassin Devel List; Spamassassin > Announcements List > Subject: ANNOUNCE: Apache SpamAssassin 3.1.2 available! > > Apache SpamAssassin 3.1.2 is now available! This is a maintainance > release of the 3.1.x branch. > > Downloads are available from: > http://spamassassin.apache.org/downloads.cgi?update=200605251700 > > The release file will also be available via CPAN in the near future. > > md5sum of archive files: > e1fb14def1265d6d7351ba27b5940da2 Mail-SpamAssassin-3.1.2.tar.bz2 > f255d8e887ea7961939d40b184e82054 Mail-SpamAssassin-3.1.2.tar.gz > 9af9f2db1526baaa01b6b14a9b0e057a Mail-SpamAssassin-3.1.2.zip > > sha1sum of archive files: > aad32b73f2870182fe8f2dd5277e94d0da91b196 Mail-SpamAssassin- > 3.1.2.tar.bz2 > ea5e1e9755e294ee9edb238144ac831602d10027 Mail-SpamAssassin-3.1.2.tar.gz > c00da67f7dd9d9df7f9e148c7530586711991f46 Mail-SpamAssassin-3.1.2.zip > > > The release files also have a .asc accompanying them. The file serves > as an external GPG signature for the given release file. The signing > key is available via the wwwkeys.pgp.net key server, as well as > http://spamassassin.apache.org/released/GPG-SIGNING-KEY > > The key information is: > > pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key > > Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B > > 3.1.2 includes a large number of bug fixes and documentation updates. > Here is an abbreviated changelog (since 3.1.1) for major updates (see > the Changes file for a complete list): > > - bug 4802: implement DKIM plugin, including whitelist_from_dkim support > - bug 3838: work around Perl bug causing captured RE variables to become > tainted -- thanks to Mark Martinec for pointing out the bug with > Perl itself > - bug 4850: re-enable the Razor2 plugin by default due to a service > policy change > - bug 4826: Razor2 plugin needs to load Mail::SpamAssassin::Timeout module > - bug 4827: M::SA::first_existing_path() would return the last array > entry passed in if none of the paths were found. Now return undef > instead and handle the error when it happens. > - bug 4813: generally open RE causes sendmail received header get read > in as qmail in error > - bug 4839: Logger.pm converts control chars including tab into > underscores which confuses a bunch of users when checking debug output. > Convert tab into space instead, etc. > - bug 4884: if a null message is passed in, there are several variables > which end up undefined causing warnings. fake an empty message if no > input is given. > - bug 4793: when replacing tags in a message (_TAG_), leave the tags > that don't exist alone instead of just removing them > - bug 4861, 4760: handle dccifd and dccproc failover properly, backport > relays_internal and relays_external code, backport bug 4760 fix so > that it's not possible to be in internal_networks without being in > trusted_networks as well > - bug 4901: deal more properly with failures in bgsend(). also, use > the proper variable to show when errors occur. > - bug 4867: fetchmail changed header formats at some point making Received > parsing fail in certain conditions > - bug 4699: use M::SA::Timeout for spamd copy_config call and allow for > empty $@ values > - bug 3754: if there's a problem opening a file via sa-learn or > spamassassin, return an error exit value. ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------- next part -------------- A non-text attachment was scrubbed... Name: ATT00082.dat Type: application/pgp-signature Size: 191 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060526/abb59540/ATT00082.bin From admin at thenamegame.com Fri May 26 08:13:01 2006 From: admin at thenamegame.com (Michael S.) Date: Fri May 26 08:12:19 2006 Subject: Who has the slowest mailscanner? In-Reply-To: <20060526001127.49454.qmail@web33308.mail.mud.yahoo.com> Message-ID: <200605260712.k4Q7CGYP005997@bkserver.blacknight.ie> You think that's old? In 1993 I purchased my first SCSI drive. It was purchased to add more disk space to a BBS we were running, long before anyone ever heard of the Internet. The drive is only 20gig and was so large and thick we had to mount it outside of the computer case with a special SCSI connector we had made for the system so we could connect it. At the time they wanted 2,000 for it but I talked the guy down to 1,200.00. I thought I was on top of the world being one of a select few who ran a SCSI system on a BBS that could host up to 256 users on a single PII. Sold the company back in 95 but the present owner is still running that same drive, outside of the computer case. 13yrs later that drive is still chugging along. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Michael Mansour Sent: Thursday, May 25, 2006 8:11 PM To: MailScanner discussion Subject: Re: Who has the slowest mailscanner? Hi, > I've got a couple old Pentium-II/300 machines > chugging away for a couple > small clients. Both handle about 1000 messages/day. > One of them is > getting hammered right now and is running about 7000 > messages/day....poor thing. I have one PII 266 Dual CPU with 512mb of RAM and 2x 9Gb drives. It doesn't handle the bulk of email fortunately but acts as the backup mail server in case the primary is down. It's running FC2 and has been on-line for more than 10 years (Acer Altos 930). During that time it has warped from a dialup server, to firewall and now for the past few years a MailScanner server. It's the oldest box I have, it's had it's day and it's up for decommissioning (I'm just trying to find the time to do it). It's Acer Altos 1100 cousin (beefier PII 450 dual) which used to sit next to it blew it's power supply a couple of months back after a similar trail of un-affected service. Of course, the proprietry nature of servers back in the early nineties means it's cheaper to bin the server (which I did do) and get a new one than to get a $400 power supply from Acer (if you can still get them). This server is a little workhorse, they certainly don't build servers like they use to, but when I finally decommission it, I will tip my hat to it for the years of continuous service it's provided me. I can count the number of times I've rebooted it with my fingers and toes. Michael. ____________________________________________________ On Yahoo!7 Dating: It's free to join and check out our great singles! http://www.yahoo7.com.au/personals -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mailscanner at barendse.to Fri May 26 08:40:06 2006 From: mailscanner at barendse.to (Remco Barendse) Date: Fri May 26 08:40:18 2006 Subject: Cannot open config file restart Message-ID: Hi list! I have a strange problem, after installation of MailScanner (bare metal recovery) I get an error when I try to re-load from the command line but calling the init script directly seemes to work? Nothing serious just wondering if it's a bug or feature. [root@smtp mail]# /etc/init.d/MailScanner restart Shutting down MailScanner daemons: MailScanner: [ OK ] incoming sendmail: [ OK ] outgoing sendmail: [ OK ] Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: [ OK ] MailScanner: [ OK ] [root@smtp mail]# cd /tmp [root@smtp tmp]# MailScanner restart Cannot open config file restart, No such file or directory at /usr/lib/MailScanner/MailScanner/Config.pm line 597. Cheers! Remco From martinh at solid-state-logic.com Fri May 26 08:51:02 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri May 26 08:51:13 2006 Subject: Cannot open config file restart In-Reply-To: Message-ID: <007101c68099$22aa1000$3004010a@martinhlaptop> Remco What does which MailScanner give you? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Remco Barendse > Sent: 26 May 2006 08:40 > To: MailScanner mailing list > Subject: Cannot open config file restart > > Hi list! > > I have a strange problem, after installation of MailScanner (bare metal > recovery) I get an error when I try to re-load from the command line but > calling the init script directly seemes to work? Nothing serious just > wondering if it's a bug or feature. > > [root@smtp mail]# /etc/init.d/MailScanner restart > Shutting down MailScanner daemons: > MailScanner: [ OK ] > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > Starting MailScanner daemons: > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > MailScanner: [ OK ] > [root@smtp mail]# cd /tmp > > [root@smtp tmp]# MailScanner restart > Cannot open config file restart, No such file or directory at > /usr/lib/MailScanner/MailScanner/Config.pm line 597. > > Cheers! > Remco > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From craig at csfs.co.za Fri May 26 08:52:34 2006 From: craig at csfs.co.za (Craig Retief (CSFS)) Date: Fri May 26 08:52:44 2006 Subject: Cannot open config file restart In-Reply-To: Message-ID: >Hi list! Hi ;) >I have a strange problem, after installation of MailScanner (bare metal >recovery) I get an error when I try to re-load from the command line but >calling the init script directly seemes to work? Nothing serious just >wondering if it's a bug or feature. >[root@smtp mail]# /etc/init.d/MailScanner restart >Shutting down MailScanner daemons: > MailScanner: [ OK ] > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] >Starting MailScanner daemons: > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > MailScanner: [ OK ] >[root@smtp mail]# cd /tmp >[root@smtp tmp]# MailScanner restart >Cannot open config file restart, No such file or directory at >/usr/lib/MailScanner/MailScanner/Config.pm line 597. ln -s /opt/MailScanner/lib/ /usr/lib/MailScanner should do the trick. Cya Craig >Cheers! >Remco -- From mailscanner at barendse.to Fri May 26 09:18:53 2006 From: mailscanner at barendse.to (Remco Barendse) Date: Fri May 26 09:19:10 2006 Subject: Cannot open config file restart In-Reply-To: <007101c68099$22aa1000$3004010a@martinhlaptop> References: <007101c68099$22aa1000$3004010a@martinhlaptop> Message-ID: /usr/sbin/MailScanner which seems to be the only copy around : locate -i mailscanner | grep -i bin /usr/sbin/MailScanner /usr/sbin/check_MailScanner /usr/sbin/check_mailscanner /usr/sbin/upgrade_MailScanner_conf /usr/lib/MailScanner/utils/bin /usr/lib/MailScanner/utils/bin/decode-qp /usr/lib/MailScanner/utils/bin/decode-base64 /usr/lib/MailScanner/utils/bin/encode-qp /usr/lib/MailScanner/utils/bin/encode-base64 Thanks! On Fri, 26 May 2006, Martin Hepworth wrote: > Remco > > What does > > which MailScanner > > give you? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Remco Barendse >> Sent: 26 May 2006 08:40 >> To: MailScanner mailing list >> Subject: Cannot open config file restart >> >> Hi list! >> >> I have a strange problem, after installation of MailScanner (bare metal >> recovery) I get an error when I try to re-load from the command line but >> calling the init script directly seemes to work? Nothing serious just >> wondering if it's a bug or feature. >> >> [root@smtp mail]# /etc/init.d/MailScanner restart >> Shutting down MailScanner daemons: >> MailScanner: [ OK ] >> incoming sendmail: [ OK ] >> outgoing sendmail: [ OK ] >> Starting MailScanner daemons: >> incoming sendmail: [ OK ] >> outgoing sendmail: [ OK ] >> MailScanner: [ OK ] >> [root@smtp mail]# cd /tmp >> >> [root@smtp tmp]# MailScanner restart >> Cannot open config file restart, No such file or directory at >> /usr/lib/MailScanner/MailScanner/Config.pm line 597. >> >> Cheers! >> Remco >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > From jrudd at ucsc.edu Fri May 26 10:30:46 2006 From: jrudd at ucsc.edu (John Rudd) Date: Fri May 26 10:31:19 2006 Subject: Who has the slowest mailscanner? In-Reply-To: <200605260712.k4Q7CGYP005997@bkserver.blacknight.ie> References: <200605260712.k4Q7CGYP005997@bkserver.blacknight.ie> Message-ID: On May 26, 2006, at 12:13 AM, Michael S. wrote: > In 1993 I purchased my first SCSI drive. It was purchased to add more > disk > space to a BBS we were running, long before anyone ever heard of the > Internet. *cough* I've been on the net since '86. Was part of an internet bbs/forum and chat community that still has active life to this day. And, actually, the internet started to become a mainstream topic in the US in 1992 (when Al Gore started talking about the Information Superhighway, it wasn't long after that that people started to associate that term with the internet). So, I think people hard heard of it by 1993, no matter whether you're talking about the mainstream or enthusiasts. From MailScanner at ecs.soton.ac.uk Fri May 26 10:54:40 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 26 10:54:52 2006 Subject: Cannot open config file restart In-Reply-To: References: Message-ID: On 26 May 2006, at 08:40, Remco Barendse wrote: > Hi list! > > I have a strange problem, after installation of MailScanner (bare > metal recovery) I get an error when I try to re-load from the > command line but calling the init script directly seemes to work? > Nothing serious just wondering if it's a bug or feature. > > [root@smtp mail]# /etc/init.d/MailScanner restart > Shutting down MailScanner daemons: > MailScanner: [ OK ] > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > Starting MailScanner daemons: > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > MailScanner: [ OK ] > [root@smtp mail]# cd /tmp > > [root@smtp tmp]# MailScanner restart You meant to type service MailScanner restart > Cannot open config file restart, No such file or directory at /usr/ > lib/MailScanner/MailScanner/Config.pm line 597. > > Cheers! > Remco > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mailscanner at mango.zw Fri May 26 11:19:15 2006 From: mailscanner at mango.zw (Jim Holland) Date: Fri May 26 11:33:53 2006 Subject: Cannot open config file restart In-Reply-To: Message-ID: On Fri, 26 May 2006, Remco Barendse wrote: > I have a strange problem, after installation of MailScanner (bare metal > recovery) I get an error when I try to re-load from the command line but > calling the init script directly seemes to work? Nothing serious just > wondering if it's a bug or feature. > > [root@smtp mail]# /etc/init.d/MailScanner restart > Shutting down MailScanner daemons: > MailScanner: [ OK ] > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > Starting MailScanner daemons: > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > MailScanner: [ OK ] > [root@smtp mail]# cd /tmp > > [root@smtp tmp]# MailScanner restart > Cannot open config file restart, No such file or directory at > /usr/lib/MailScanner/MailScanner/Config.pm line 597. You are running two totally different commands. The first is the bash initialisation script in /etc/init.d that deals with the actual service itself, and it has the following options: Usage: service MailScanner {start|stop|status|restart|reload|startin|startout} If you are running Red Hat as you seem to be then the command is normally run as "service MailScanner {option}", eg "service MailScanner restart". In the second case you are running the bare "MailScanner" command, which (providing the file is in your default path) would normally be the MailScanner Perl script, which is a different animal altogether - it is normally located in /usr/sbin if you are using Red Hat. It does not have any restart option for use on the command line and is not normally run interactively except in debug mode or to check the version etc. Its usage is: MailScanner [ -h|-v|--debug|--debug-sa|--lint ] | [--value= --from= --to=, --to=, ...] --ip=, --virus= ] Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From mailscanner at barendse.to Fri May 26 12:13:57 2006 From: mailscanner at barendse.to (Remco Barendse) Date: Fri May 26 12:14:10 2006 Subject: Cannot open config file restart In-Reply-To: References: Message-ID: >> [root@smtp tmp]# MailScanner restart > > You meant to type service MailScanner restart Damn.... I really need some coffee :( Sorry guys!! From prandal at herefordshire.gov.uk Fri May 26 12:28:54 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri May 26 12:29:10 2006 Subject: 4.54.5 beta pending new stable release Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580D210E01@isabella.herefordshire.gov.uk> 4.54.5 has been running fine in production here for the last couple of hours, happily processing over 2400 emails without any issues. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: 25 May 2006 20:05 > To: MailScanner discussion; MailScanner Beta-testers > Subject: 4.54.5 beta pending new stable release > > I have just released 4.54.5, which will become a new stable > release in a > few days if there are no major problems with it. > > There have been a few problems with 4.53 and this is to remedy the > problem. I will move it to stable in a few days. > > Compared to 4.54.4 the only important change is the > auto-update of Sophos. > > The only new things over the previous beta 4.54.4 are these: > > 5 Added Net::IP Perl module as it is needed for SpamAssassin > and Net::DNS. > 5 Improved handling of Unicode encoded subject lines with a > few trailing > spaces. > 5 Fresh translation of German languges.conf file. > > 5 Fixed bug in sophos-wrapper caused by confusion between > Sophos V4 and V5. > 5 Fixed bug stopping regexp rule /^$/ from working properly > in rulesets. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ferradeira at netcabo.pt Fri May 26 12:30:19 2006 From: ferradeira at netcabo.pt (=?ISO-8859-1?Q?Jos=E9_Ferradeira?=) Date: Fri May 26 12:30:24 2006 Subject: Maximum Attachment Size Message-ID: <4476E6CB.20406@netcabo.pt> Hi, I'm trying to implement this rule set in rules/MaxAttachSize.rules: To: user1@ourdomain.com 614400 To: user2@ourdomain.com -1 Limiting the size of the attach file to 600MB to user 1 and free user2. Everything is working, except when I send a 800MB attach file this way: To: user1@ourdomain.com Cc: user2@ourdomain.com Both of users are not able to receive the email, but user2 should recive the email and the attach file, right? MailScanner version 4.47.4 Best regards Jose From nick.smith67 at googlemail.com Fri May 26 14:00:50 2006 From: nick.smith67 at googlemail.com (Nick Smith) Date: Fri May 26 14:01:27 2006 Subject: Thoughts please: 4.54.4 as a stable? In-Reply-To: <447629EE.3090109@ecs.soton.ac.uk> References: <4475EDA4.2000505@ecs.soton.ac.uk> <447625A4.303@coders.co.uk> <447629EE.3090109@ecs.soton.ac.uk> Message-ID: On 5/25/06, Julian Field wrote: > > > Matt Hampton wrote: > > David Lee wrote: > > > >> Knowing that the label "stable" means reliable is, to my mind, much more > >> important than release schedules. Aiming at a regular schedule is nice. > >> But having the label "stable" mean reliable is absolutely essential. > >> > > > > Agreed. > > > > > > > >> So... 4.53.x or 4.54.x ? My vote is that the "stable" link should point > >> to the most reliable. And I understand that to be 4.54.x . > >> > > > > This may require more effort but how about the old "even are stable" thing. > > > > 4.54.x becomes the stable release. New features are add to 4.55.x. > > > > Bug fixes are backwards ported to 4.54.x > That requires me to maintain 2 versions of MailScanner at any one time. > Extra work :-( ==> not likely to happen :( > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Just wondering - was this deliberate (4.54.5 vs 4.54.2)? bash-3.00# diff -ur /opt/MailScanner/etc/filetype.rules.conf.orig filetype.rules.conf --- /opt/MailScanner/etc/filetype.rules.conf.orig Wed Apr 12 09:45:43 2006 +++ filetype.rules.conf.orig Tue May 23 07:52:42 2006 @@ -7,7 +7,7 @@ # If none of the rules match, then the filetype is allowed. allow text - - -allow script - - +allow \sscript - - allow archive - - allow postscript - - deny self-extract No self-extracting archives No self-extracting archives allowed Thanks Nick From chris at tac.esi.net Fri May 26 14:16:39 2006 From: chris at tac.esi.net (Chris Hammond) Date: Fri May 26 14:16:49 2006 Subject: Trying to install 4.4.5-1 Message-ID: <4476C783.B662.0038.0@tac.esi.net> I get this when doing an rpmbuild --rebuild of perl-Filesys-Df-0.90-1.src.rpm Question is, how do I fix this? I seem to remember this problem with a previous RPM from MailScanner but I can't find the email that stated how to work around it. Thanks Chris Checking for unpackaged file(s): /usr/lib/rpm/check-files /var/tmp/perl-Filesys-Df-0.90-1-root error: Installed (but unpackaged) file(s) found: /usr/lib/perl5/5.8.5/i386-linux-thread-multi/perllocal.pod /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Filesys/Df/.packlist RPM build errors: Installed (but unpackaged) file(s) found: /usr/lib/perl5/5.8.5/i386-linux-thread-multi/perllocal.pod /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Filesys/Df/.packlist From chris at tac.esi.net Fri May 26 16:06:38 2006 From: chris at tac.esi.net (Chris Hammond) Date: Fri May 26 16:06:54 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <447201F2.3090602@nkpanama.com> References: <1964AAFBC212F742958F9275BF63DBB038E235@winchester.andrewscompanies.com> <4471C761.B662.0038.0@tac.esi.net> <447201F2.3090602@nkpanama.com> Message-ID: <4476E14A.B662.0038.0@tac.esi.net> Here is the script that I promised. I have removed some hard coded stuff and replaced with variables. I have not tested it since making the changes so I do not know if I broke anything. I appreciate the desire to make the script better but I would like to ask that we try as much as possible to work together for everyones benefit. Thanks Chris Here is a tree view of the directory for the files it needs. mailscanner/ |-- BitDefender-Console-Antivirus-7.1-3.linux-gcc3x.i386.rpm |-- MailScanner-perl-MIME-Base64-3.05-5.i386.rpm |-- etc | `-- cron.daily | |-- bayes_cleanup | `-- db_cleanup |-- http | |-- favicon.ico | `-- mailscanner | |-- do_message_ops.php | `-- geoip_update.php |-- logwatch-7.3-1.noarch.rpm |-- mailscanner-4.52.2-1.noarch.rpm |-- mailwatch-1.0.3.tar.gz |-- asinst_script.sh |-- perl-Razor-Agent-2.81-2.i386.rpm |-- perl-Storable-2.15-1.rf.i386.rpm |-- rules_du_jour `-- usr `-- local `-- bin `-- db_clean.php >>> alex@nkpanama.com 05/22/06 2:24 pm >>> I could help with: Chris Hammond wrote: > Script is run after a bare install of CentOS4 > Turns off un- needed services and runs a yum update. > Sets up hosts file > Installs all needed RPMS; > Postfix, spamassassin, clamav, caching nameserver, mysql, apache, php, webmin, ntp, snmp, mailscanner, mailwatch, logwatch I'd install sendmail, sendmail- devel, spf- milter, milter- greylist, and perhaps another thing or two. > and bitdefender are the major apps. > Configures all apps based on variables set in the beginning of the script. > Sets up iptables and allows only required ports. > Sets up rules_du_jour > Sets up Razor2 > I'd also set up pyzor and dcc if possible. Perhaps I could contribute to this effort... -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: asinst_script.sh Type: application/x-sh Size: 37254 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060526/7886871e/asinst_script.sh From maillists at conactive.com Fri May 26 16:32:31 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Fri May 26 16:32:17 2006 Subject: Trying to install 4.4.5-1 In-Reply-To: <4476C783.B662.0038.0@tac.esi.net> References: <4476C783.B662.0038.0@tac.esi.net> Message-ID: Chris Hammond wrote on Fri, 26 May 2006 09:16:39 -0400: > Question is, how do I fix this? I seem to remember this problem with a previous > RPM from MailScanner but I can't find the email that stated how to work around it. You don't fix it. I think this happens when a package is already part of the pre-installed Perl. I think the .rpmmacro that Julian puts in your homedir is supposed to fix that (= skip the warning), I may be wrong, though. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From dhawal at netmagicsolutions.com Fri May 26 16:37:17 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri May 26 16:37:28 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <4476E14A.B662.0038.0@tac.esi.net> References: <1964AAFBC212F742958F9275BF63DBB038E235@winchester.andrewscompanies.com> <4471C761.B662.0038.0@tac.esi.net> <447201F2.3090602@nkpanama.com> <4476E14A.B662.0038.0@tac.esi.net> Message-ID: <447720AD.6040208@netmagicsolutions.com> Woooooooo!!! rocking stuff.. Though i don't agree with some of your choices in the script (let me not mention them now), the rest is seriously awesome. This can make a great mini-project (called mail-toasters in the qmail world). I have internally documented something quite similar (you'll be surprised at the similarity), and will add it to this as soon as i get the time. - dhawal Chris Hammond wrote: > Here is the script that I promised. I have removed some hard coded stuff and replaced with variables. > I have not tested it since making the changes so I do not know if I broke anything. > > I appreciate the desire to make the script better but I would like to ask that we try as much as possible > to work together for everyones benefit. > > Thanks > Chris > > Here is a tree view of the directory for the files it needs. > > mailscanner/ > |-- BitDefender-Console-Antivirus-7.1-3.linux-gcc3x.i386.rpm > |-- MailScanner-perl-MIME-Base64-3.05-5.i386.rpm > |-- etc > | `-- cron.daily > | |-- bayes_cleanup > | `-- db_cleanup > |-- http > | |-- favicon.ico > | `-- mailscanner > | |-- do_message_ops.php > | `-- geoip_update.php > |-- logwatch-7.3-1.noarch.rpm > |-- mailscanner-4.52.2-1.noarch.rpm > |-- mailwatch-1.0.3.tar.gz > |-- asinst_script.sh > |-- perl-Razor-Agent-2.81-2.i386.rpm > |-- perl-Storable-2.15-1.rf.i386.rpm > |-- rules_du_jour > `-- usr > `-- local > `-- bin > `-- db_clean.php > > >>>> alex@nkpanama.com 05/22/06 2:24 pm >>> > I could help with: > > Chris Hammond wrote: >> Script is run after a bare install of CentOS4 >> Turns off un- needed services and runs a yum update. >> Sets up hosts file >> Installs all needed RPMS; >> Postfix, spamassassin, clamav, caching nameserver, mysql, apache, php, webmin, ntp, snmp, mailscanner, mailwatch, logwatch > I'd install sendmail, sendmail- devel, spf- milter, milter- greylist, and > perhaps another thing or two. >> and bitdefender are the major apps. >> Configures all apps based on variables set in the beginning of the script. >> Sets up iptables and allows only required ports. >> Sets up rules_du_jour >> Sets up Razor2 >> > I'd also set up pyzor and dcc if possible. > > Perhaps I could contribute to this effort... From chris at tac.esi.net Fri May 26 16:47:16 2006 From: chris at tac.esi.net (Chris Hammond) Date: Fri May 26 16:47:43 2006 Subject: Trying to install 4.4.5-1 In-Reply-To: References: <4476C783.B662.0038.0@tac.esi.net> Message-ID: <4476EAD0.B662.0038.0@tac.esi.net> That's it. .rpmmacro. That is what I couldn't remember. Now to find the reference to that and what needed to be in it. Thanks Chris >>> maillists@conactive.com 05/26/06 11:32 am >>> Chris Hammond wrote on Fri, 26 May 2006 09:16:39 - 0400: > Question is, how do I fix this? I seem to remember this problem with a previous > RPM from MailScanner but I can't find the email that stated how to work around it. You don't fix it. I think this happens when a package is already part of the pre- installed Perl. I think the .rpmmacro that Julian puts in your homedir is supposed to fix that (= skip the warning), I may be wrong, though. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From chris at tac.esi.net Fri May 26 16:58:16 2006 From: chris at tac.esi.net (Chris Hammond) Date: Fri May 26 16:58:31 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: à References: <1964AAFBC212F742958F9275BF63DBB038E235@winchester.andrewscompanies.com> à Message-ID: <4476ED64.B662.0038.0@tac.esi.net> Well, it you don't agree with me you can't use it. :) Seriously though, I look for ward to making it better. As I said before, with this script and a base CentOS 4 install, I can build a ready to go box is less than 20 minutes and that beats the hell out of a couple of hours installing everything individually. The initial script started was done in about 3 days and weighed in at about 500 lines and I have been adding to it since. I know there are better ways of doing most everything I did in the script but I had to do alot of figuring of things out just to build the initial script. I would like to make the script give users the choice of what they want to install. We should not dictate mta, db and anything else for that matter. Plus the addition of error checking and other things that I just do not know how to do. If this is useful to people at least I have given something back to the community as so far it has been all take. I really want to learn to be a decent programmer so I can give back but haven't really succeeded yet. Hopefully working with you guys on this will rub off on me and make me a better bash scripter. As for the choices, what are you talking about? Settings or things I have installed or ways that I am doing things in the script? Thanks Chris >>> dhawal@netmagicsolutions.com 05/26/06 11:37 am >>> Woooooooo!!! rocking stuff.. Though i don't agree with some of your choices in the script (let me not mention them now), the rest is seriously awesome. This can make a great mini- project (called mail- toasters in the qmail world). I have internally documented something quite similar (you'll be surprised at the similarity), and will add it to this as soon as i get the time. - dhawal Chris Hammond wrote: > Here is the script that I promised. I have removed some hard coded stuff and replaced with variables. > I have not tested it since making the changes so I do not know if I broke anything. > > I appreciate the desire to make the script better but I would like to ask that we try as much as possible > to work together for everyones benefit. > > Thanks > Chris > > Here is a tree view of the directory for the files it needs. > > mailscanner/ > |-- BitDefender- Console- Antivirus- 7.1- 3.linux- gcc3x.i386.rpm > |-- MailScanner- perl- MIME- Base64- 3.05- 5.i386.rpm > |-- etc > | `-- cron.daily > | |-- bayes_cleanup > | `-- db_cleanup > |-- http > | |-- favicon.ico > | `-- mailscanner > | |-- do_message_ops.php > | `-- geoip_update.php > |-- logwatch- 7.3- 1.noarch.rpm > |-- mailscanner- 4.52.2- 1.noarch.rpm > |-- mailwatch- 1.0.3.tar.gz > |-- asinst_script.sh > |-- perl- Razor- Agent- 2.81- 2.i386.rpm > |-- perl- Storable- 2.15- 1.rf.i386.rpm > |-- rules_du_jour > `-- usr > `-- local > `-- bin > `-- db_clean.php > > >>>> alex@nkpanama.com 05/22/06 2:24 pm >>> > I could help with: > > Chris Hammond wrote: >> Script is run after a bare install of CentOS4 >> Turns off un- needed services and runs a yum update. >> Sets up hosts file >> Installs all needed RPMS; >> Postfix, spamassassin, clamav, caching nameserver, mysql, apache, php, webmin, ntp, snmp, mailscanner, mailwatch, logwatch > I'd install sendmail, sendmail- devel, spf- milter, milter- greylist, and > perhaps another thing or two. >> and bitdefender are the major apps. >> Configures all apps based on variables set in the beginning of the script. >> Sets up iptables and allows only required ports. >> Sets up rules_du_jour >> Sets up Razor2 >> > I'd also set up pyzor and dcc if possible. > > Perhaps I could contribute to this effort... -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From chris at tac.esi.net Fri May 26 17:16:50 2006 From: chris at tac.esi.net (Chris Hammond) Date: Fri May 26 17:17:01 2006 Subject: Trying to install 4.4.5-1 In-Reply-To: <4476EAD0.B662.0038.0@tac.esi.net> References: <4476C783.B662.0038.0@tac.esi.net> <4476EAD0.B662.0038.0@tac.esi.net> Message-ID: <4476F1BE.B662.0038.0@tac.esi.net> That did it. For the other person, I put a file (.rpmmacro) in my home directory with "%_unpackaged_files_terminate_build 0" (without the quotes) in it and re-ran rpmbuild --rebuild on the perl-Df src rpm and it worked like a champ. Installed the resulting rpm and installed 4.54.5-1 and it is working like a champ. Thanks Chris >>> chris@tac.esi.net 05/26/06 11:47 am >>> That's it. .rpmmacro. That is what I couldn't remember. Now to find the reference to that and what needed to be in it. Thanks Chris >>> maillists@conactive.com 05/26/06 11:32 am >>> Chris Hammond wrote on Fri, 26 May 2006 09:16:39 - 0400: > Question is, how do I fix this? I seem to remember this problem with a previous > RPM from MailScanner but I can't find the email that stated how to work around it. You don't fix it. I think this happens when a package is already part of the pre- installed Perl. I think the .rpmmacro that Julian puts in your homedir is supposed to fix that (= skip the warning), I may be wrong, though. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dhawal at netmagicsolutions.com Fri May 26 17:28:59 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri May 26 17:29:08 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <4476ED64.B662.0038.0@tac.esi.net> References: <1964AAFBC212F742958F9275BF63DBB038E235@winchester.andrewscompanies.com> à <4476ED64.B662.0038.0@tac.esi.net> Message-ID: <44772CCB.2000809@netmagicsolutions.com> Chris Hammond wrote: > Well, it you don't agree with me you can't use it. :) Umm.. what's the license btw? there is gpl, freeware, shareware, commercial and finally there is beerware.. there also curryware for curry addicts.. > Seriously though, I look for ward to making it better. As I said before, > with this script and a base CentOS 4 install, I can build a ready to go > box is less than 20 minutes and that beats the hell out of a couple of > hours installing everything individually. > > The initial script started was done in about 3 days and weighed in at > about 500 lines and I have been adding to it since. I know there are > better ways of doing most everything I did in the script but I had to > do alot of figuring of things out just to build the initial script. I would > like to make the script give users the choice of what they want to install. > We should not dictate mta, db and anything else for that matter. Plus > the addition of error checking and other things that I just do not know > how to do. If this is useful to people at least I have given something > back to the community as so far it has been all take. I really want > to learn to be a decent programmer so I can give back but haven't > really succeeded yet. Hopefully working with you guys on this will > rub off on me and make me a better bash scripter. > > As for the choices, what are you talking about? Settings or things I have > installed or ways that I am doing things in the script? Here is some feedback. 1. Settings for the virus scanning.. i *wouldn't* allow viruses from 127.0.0.1. 2. clamd is not required for mailscanner, so why the extra overhead. 3. While you are changing the protocol for ssh to 2, you also ought to 'PermitRootlogin no' 4. Allow SSH access in iptables only to your trusted IP/Segemnt, same for webmin 5. Have hosts.allow/deny configured for further tightening 6. Have some error logging in place and let the script die gracefully.. and also have a rollback option (some thing i need to learn as well) rpm -ivh example.rpm >> /var/log/example.log 2>&1 if [ $? -ne 0 ] ; then echo -e "Error(s) Installing Example RPMs.\n Check /var/log/example.log\n Halting..." ; exit Error-Code ; fi 7. logwatch requires user\@domain (the extra \).. something that i recently learned. 8. Why configure an ntp daemon, simple set 'ntpdate -s clock.redhat.com' in your cron. 9. Install djbdns ;-) 10. Dag's clamav will require a small change to virus.scanners.conf, i.e. change the /usr/local to /usr 11. Mount a 100MB TMPFS partition for mailscanner 12. Install mailscanner-mrtg, rkhunter, 13. Setup nrpe/nagios-plugins for nagios users. phew.. thats it for now :) - dhawal > Thanks > Chris > >>>> dhawal@netmagicsolutions.com 05/26/06 11:37 am >>> > Woooooooo!!! rocking stuff.. > > Though i don't agree with some of your choices in the script (let me not > mention them now), the rest is seriously awesome. > > This can make a great mini- project (called mail- toasters in the qmail > world). > > I have internally documented something quite similar (you'll be > surprised at the similarity), and will add it to this as soon as i get > the time. > > - dhawal > > Chris Hammond wrote: >> Here is the script that I promised. I have removed some hard coded stuff and replaced with variables. >> I have not tested it since making the changes so I do not know if I broke anything. >> >> I appreciate the desire to make the script better but I would like to ask that we try as much as possible >> to work together for everyones benefit. >> >> Thanks >> Chris >> >> Here is a tree view of the directory for the files it needs. >> >> mailscanner/ >> |-- BitDefender- Console- Antivirus- 7.1- 3.linux- gcc3x.i386.rpm >> |-- MailScanner- perl- MIME- Base64- 3.05- 5.i386.rpm >> |-- etc >> | `-- cron.daily >> | |-- bayes_cleanup >> | `-- db_cleanup >> |-- http >> | |-- favicon.ico >> | `-- mailscanner >> | |-- do_message_ops.php >> | `-- geoip_update.php >> |-- logwatch- 7.3- 1.noarch.rpm >> |-- mailscanner- 4.52.2- 1.noarch.rpm >> |-- mailwatch- 1.0.3.tar.gz >> |-- asinst_script.sh >> |-- perl- Razor- Agent- 2.81- 2.i386.rpm >> |-- perl- Storable- 2.15- 1.rf.i386.rpm >> |-- rules_du_jour >> `-- usr >> `-- local >> `-- bin >> `-- db_clean.php >> >> >>>>> alex@nkpanama.com 05/22/06 2:24 pm >>> >> I could help with: >> >> Chris Hammond wrote: >>> Script is run after a bare install of CentOS4 >>> Turns off un- needed services and runs a yum update. >>> Sets up hosts file >>> Installs all needed RPMS; >>> Postfix, spamassassin, clamav, caching nameserver, mysql, apache, php, webmin, ntp, snmp, mailscanner, mailwatch, logwatch >> I'd install sendmail, sendmail- devel, spf- milter, milter- greylist, and >> perhaps another thing or two. >>> and bitdefender are the major apps. >>> Configures all apps based on variables set in the beginning of the script. >>> Sets up iptables and allows only required ports. >>> Sets up rules_du_jour >>> Sets up Razor2 >>> >> I'd also set up pyzor and dcc if possible. >> >> Perhaps I could contribute to this effort... From lshaw at emitinc.com Fri May 26 17:50:52 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Fri May 26 17:51:00 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <44772CCB.2000809@netmagicsolutions.com> References: =?X-UNKNOWN?Q?=3C1964AAFBC212F742958F9275BF63DBB038E235=40winchester=2Ean?= =?X-UNKNOWN?Q?drewscompanies=2Ecom=3E_=E0=11=0C_=3C4476ED64=2EB662=2E?= =?X-UNKNOWN?Q?0038=2E0=40tac=2Eesi=2Enet=3E_=3C44772CCB=2E2000809=40net?= =?X-UNKNOWN?Q?magicsolutions=2Ecom=3E?= Message-ID: On Fri, 26 May 2006, Dhawal Doshy wrote: > 8. Why configure an ntp daemon, simple set 'ntpdate -s clock.redhat.com' in > your cron. Because: (1) ntpd doesn't require much overhead to run, and (2) it's very simple to configure these days with the ntp servers pool, and (3) your example hard codes clock.redhat.com, which is bad, and (4) when you run ntpd, you're less likely to have to step the time on your server (which can cause problems). At least, that's my opinion. - Logan From martinh at solid-state-logic.com Fri May 26 17:58:05 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri May 26 17:58:18 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: Message-ID: <003c01c680e5$8e7b7700$3004010a@martinhlaptop> Don't forget the drift file...the the ntp server(s) go away your ntpd will still keep reasonably accurate time by itself for a while. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Logan Shaw > Sent: 26 May 2006 17:51 > To: MailScanner discussion > Subject: Re: MailScanner ANNOUNCEMENT: Your Software Needs You! > > On Fri, 26 May 2006, Dhawal Doshy wrote: > > 8. Why configure an ntp daemon, simple set 'ntpdate -s clock.redhat.com' > in > > your cron. > > Because: > (1) ntpd doesn't require much overhead to run, and > (2) it's very simple to configure these days with the ntp > servers pool, and > (3) your example hard codes clock.redhat.com, which is bad, and > (4) when you run ntpd, you're less likely to have to step the > time on your server (which can cause problems). > > At least, that's my opinion. > > - Logan > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Fri May 26 20:45:58 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 26 20:46:15 2006 Subject: Thoughts please: 4.54.4 as a stable? In-Reply-To: References: <4475EDA4.2000505@ecs.soton.ac.uk> <447625A4.303@coders.co.uk> <447629EE.3090109@ecs.soton.ac.uk> Message-ID: <44775AF6.3090701@ecs.soton.ac.uk> Nick Smith wrote: > Just wondering - was this deliberate (4.54.5 vs 4.54.2)? > > bash-3.00# diff -ur /opt/MailScanner/etc/filetype.rules.conf.orig > filetype.rules.conf > --- /opt/MailScanner/etc/filetype.rules.conf.orig Wed Apr 12 > 09:45:43 2006 > +++ filetype.rules.conf.orig Tue May 23 07:52:42 2006 > @@ -7,7 +7,7 @@ > # If none of the rules match, then the filetype is allowed. > > allow text - - > -allow script - - > +allow \sscript - - > allow archive - - > allow postscript - - > deny self-extract No self-extracting archives No > self-extracting archives allowed Entirely intentional. Matching on "script" matches "postscript" as well, which isn't what I wanted. Matching "\sscript" will match a space followed by the word "script". -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From Denis.Beauchemin at USherbrooke.ca Fri May 26 20:53:18 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri May 26 20:53:47 2006 Subject: Thoughts please: 4.54.4 as a stable? In-Reply-To: <44775AF6.3090701@ecs.soton.ac.uk> References: <4475EDA4.2000505@ecs.soton.ac.uk> <447625A4.303@coders.co.uk> <447629EE.3090109@ecs.soton.ac.uk> <44775AF6.3090701@ecs.soton.ac.uk> Message-ID: <44775CAE.2040608@USherbrooke.ca> Julian Field a ?crit : > > > Nick Smith wrote: >> Just wondering - was this deliberate (4.54.5 vs 4.54.2)? >> >> bash-3.00# diff -ur /opt/MailScanner/etc/filetype.rules.conf.orig >> filetype.rules.conf >> --- /opt/MailScanner/etc/filetype.rules.conf.orig Wed Apr 12 >> 09:45:43 2006 >> +++ filetype.rules.conf.orig Tue May 23 07:52:42 2006 >> @@ -7,7 +7,7 @@ >> # If none of the rules match, then the filetype is allowed. >> >> allow text - - >> -allow script - - >> +allow \sscript - - >> allow archive - - >> allow postscript - - >> deny self-extract No self-extracting archives No >> self-extracting archives allowed > Entirely intentional. Matching on "script" matches "postscript" as > well, which isn't what I wanted. Matching "\sscript" will match a > space followed by the word "script". > Julian, Wouldn't it be safer to use \bscript instead? It would also match at the beginning of the line or after some special character. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060526/030a3978/smime.bin From matt at coders.co.uk Fri May 26 20:55:49 2006 From: matt at coders.co.uk (Matt Hampton) Date: Fri May 26 20:55:54 2006 Subject: 4.54.5 beta pending new stable release In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580D210E01@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580D210E01@isabella.herefordshire.gov.uk> Message-ID: <44775D45.7040509@coders.co.uk> Randal, Phil wrote: > 4.54.5 has been running fine in production here for the last couple of > hours, happily processing over 2400 emails without any issues. > All mine have been upgraded to 4.54.5 and I have also just re-install Clam and SpamAssassin using Jules bundle. From kevinp at webpipe.net Fri May 26 22:24:36 2006 From: kevinp at webpipe.net (Kevin Pendleton) Date: Fri May 26 22:26:12 2006 Subject: required_hits Message-ID: <44777214.1060705@webpipe.net> Is there a reason that the default value for Required SpamAssassin Score = 6 when the default required_hits from SpamAssassin is 5? Thanks, Kevin From maillists at conactive.com Fri May 26 22:31:24 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Fri May 26 22:29:40 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <44772CCB.2000809@netmagicsolutions.com> References: <1964AAFBC212F742958F9275BF63DBB038E235@winchester.andrewscompanies.com> à <4476ED64.B662.0038.0@tac.esi.net> <44772CCB.2000809@netmagicsolutions.com> Message-ID: Dhawal Doshy wrote on Fri, 26 May 2006 21:58:59 +0530: > 2. clamd is not required for mailscanner, so why the extra overhead. Since he uses dag's rpm maybe because the freshclam coming with it wants to access clamd.conf. Installing would avoid the warnings. Doesn't happen with the rpm from kbs-centos-extras. > 10. Dag's clamav will require a small change to virus.scanners.conf, > i.e. change the /usr/local to /usr I solve this with "ln -s /usr/bin/freshclam /usr/local/bin/freshclam" Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From ferradeira at netcabo.pt Sat May 27 00:24:27 2006 From: ferradeira at netcabo.pt (=?ISO-8859-1?Q?Jos=E9_Ferradeira?=) Date: Sat May 27 00:24:36 2006 Subject: Attachment Size rule Message-ID: <44778E2B.7060000@netcabo.pt> Hi, I'm trying to implement this rule set in rules/MaxAttachSize.rules: To: user1@ourdomain.com 614400 To: user2@ourdomain.com -1 Limiting the size of the attach file to 600MB to user 1 and free user2. Everything is working, except when I send a 800MB attach file this way: To: user1@ourdomain.com Cc: user2@ourdomain.com Both of users are not able to receive the email, but user2 should receive the email and the attach file, right? Is it possible to implement this rule? MailScanner version 4.47.4 Best regards Jose From axisml at gmail.com Sat May 27 00:32:02 2006 From: axisml at gmail.com (Chris Stone) Date: Sat May 27 00:33:42 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <4474F127.8070001@nkpanama.com> References: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> <200605250801.34159.james@grayonline.id.au> <4474F127.8070001@nkpanama.com> Message-ID: <200605261732.02750@cs.axint.net> On Wednesday 24 May 2006 05:49 pm, Alex Neuman wrote: > James Gray wrote: > > mailgate ~ # uptime > > 12:15AM up 562 days, 1:19, 3 users, load averages: 0.12, 0.12, 0.08 > > > > Do I win?? ;) No, sorry: [root@mail mail]# uptime 17:32:28 up 865 days, 15:36, 2 users, load average: 0.18, 0.09, 0.04 :-D From ssilva at sgvwater.com Sat May 27 00:39:34 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Sat May 27 00:39:49 2006 Subject: Maximum Attachment Size In-Reply-To: <4476E6CB.20406@netcabo.pt> References: <4476E6CB.20406@netcabo.pt> Message-ID: Jos? Ferradeira spake the following on 5/26/2006 4:30 AM: > Hi, > > I'm trying to implement this rule set in rules/MaxAttachSize.rules: > > To: user1@ourdomain.com 614400 > To: user2@ourdomain.com -1 > > Limiting the size of the attach file to 600MB to user 1 and free user2. > Everything is working, except when I send a 800MB attach file this way: > To: user1@ourdomain.com > Cc: user2@ourdomain.com > > Both of users are not able to receive the email, but user2 should recive > the email and the attach file, right? > > MailScanner version 4.47.4 > > Best regards > > Jose AFAIR only if your MTA splits the messages. Otherwise, it doesn't seem to work -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ferradeira at netcabo.pt Sat May 27 11:25:41 2006 From: ferradeira at netcabo.pt (=?ISO-8859-1?Q?Jos=E9_Ferradeira?=) Date: Sat May 27 11:25:48 2006 Subject: Maximum Attachment Size In-Reply-To: References: <4476E6CB.20406@netcabo.pt> Message-ID: <44782925.1030005@netcabo.pt> Scott Silva wrote: >Jos? Ferradeira spake the following on 5/26/2006 4:30 AM: > > >>Hi, >> >>I'm trying to implement this rule set in rules/MaxAttachSize.rules: >> >>To: user1@ourdomain.com 614400 >>To: user2@ourdomain.com -1 >> >>Limiting the size of the attach file to 600MB to user 1 and free user2. >>Everything is working, except when I send a 800MB attach file this way: >>To: user1@ourdomain.com >>Cc: user2@ourdomain.com >> >>Both of users are not able to receive the email, but user2 should recive >>the email and the attach file, right? >> >>MailScanner version 4.47.4 >> >>Best regards >> >>Jose >> >> >AFAIR only if your MTA splits the messages. Otherwise, it doesn't seem to work > > > Hi, Thanks. I'm using MailScanner with sendmail (fedora core 4). Can I do it with sendmail? Jose From MailScanner at ecs.soton.ac.uk Sat May 27 13:55:28 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 27 13:55:39 2006 Subject: Thoughts please: 4.54.4 as a stable? In-Reply-To: <44775CAE.2040608@USherbrooke.ca> References: <4475EDA4.2000505@ecs.soton.ac.uk> <447625A4.303@coders.co.uk> <447629EE.3090109@ecs.soton.ac.uk> <44775AF6.3090701@ecs.soton.ac.uk> <44775CAE.2040608@USherbrooke.ca> Message-ID: <44784C40.4000203@ecs.soton.ac.uk> Denis Beauchemin wrote: > Julian Field a ?crit : >> >> >> Nick Smith wrote: >>> Just wondering - was this deliberate (4.54.5 vs 4.54.2)? >>> >>> bash-3.00# diff -ur /opt/MailScanner/etc/filetype.rules.conf.orig >>> filetype.rules.conf >>> --- /opt/MailScanner/etc/filetype.rules.conf.orig Wed Apr 12 >>> 09:45:43 2006 >>> +++ filetype.rules.conf.orig Tue May 23 07:52:42 2006 >>> @@ -7,7 +7,7 @@ >>> # If none of the rules match, then the filetype is allowed. >>> >>> allow text - - >>> -allow script - - >>> +allow \sscript - - >>> allow archive - - >>> allow postscript - - >>> deny self-extract No self-extracting archives No >>> self-extracting archives allowed >> Entirely intentional. Matching on "script" matches "postscript" as >> well, which isn't what I wanted. Matching "\sscript" will match a >> space followed by the word "script". >> > Julian, > > Wouldn't it be safer to use \bscript instead? It would also match at > the beginning of the line or after some special character. But that would catch '-script' which I don't want to. I really do want just "foobar script". -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sat May 27 14:01:26 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 27 14:01:36 2006 Subject: Maximum Attachment Size In-Reply-To: <44782925.1030005@netcabo.pt> References: <4476E6CB.20406@netcabo.pt> <44782925.1030005@netcabo.pt> Message-ID: <44784DA6.7010407@ecs.soton.ac.uk> Jos? Ferradeira wrote: > Scott Silva wrote: > >> Jos? Ferradeira spake the following on 5/26/2006 4:30 AM: >> >>> Hi, >>> >>> I'm trying to implement this rule set in rules/MaxAttachSize.rules: >>> >>> To: user1@ourdomain.com 614400 >>> To: user2@ourdomain.com -1 >>> >>> Limiting the size of the attach file to 600MB to user 1 and free user2. >>> Everything is working, except when I send a 800MB attach file this way: >>> To: user1@ourdomain.com >>> Cc: user2@ourdomain.com >>> >>> Both of users are not able to receive the email, but user2 should >>> recive >>> the email and the attach file, right? >>> >>> MailScanner version 4.47.4 >>> >>> Best regards >>> >>> Jose >>> >> AFAIR only if your MTA splits the messages. Otherwise, it doesn't >> seem to work >> >> >> > Hi, > Thanks. > I'm using MailScanner with sendmail (fedora core 4). > Can I do it with sendmail? Yes, I believe it is described in the Wiki. If not, please can someone (Steve S perhaps?) add it as quite a few of you know the answer to this. It happens as MailScanner does not split up messages so one recipient gets one response and a different recipient gets another. This restriction rarely causes a problem and enables MailScanner to go a lot faster. It's a design decision I made a long time ago, and it rarely cause a problem that cannot be easily worked around, such as your case (look up "queue groups" in sendmail). -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sat May 27 14:14:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 27 14:14:34 2006 Subject: 4.54.5 beta pending new stable release In-Reply-To: <44775D45.7040509@coders.co.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580D210E01@isabella.herefordshire.gov.uk> <44775D45.7040509@coders.co.uk> Message-ID: <447850AD.2010808@ecs.soton.ac.uk> Matt Hampton wrote: > Randal, Phil wrote: > >> 4.54.5 has been running fine in production here for the last couple of >> hours, happily processing over 2400 emails without any issues. >> >> > > All mine have been upgraded to 4.54.5 and I have also just re-install > Clam and SpamAssassin using Jules bundle. > I have just upgraded the Clam+SA bundle to SpamAssassin 3.1.2. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From Marc.Dufresne at parks.on.ca Sat May 27 14:15:52 2006 From: Marc.Dufresne at parks.on.ca (Marc Dufresne) Date: Sat May 27 14:16:51 2006 Subject: Mailscanner -4.52.2-1 not loading on boot - FreeBSD 5.4 Message-ID: I have recently upgraded MailScanner to version 4.52.2-1 running on FreeBSD 5.4. After upgrading, I noticed that MailScanner will not load when I reboot my server or from a COLD boot. On boot it indcates that its "Starting MailScanner", then I get an error MailScanner not found. I will then login as root, and run MailScanner manually /usr/local/etc/rc.d/mailscanner.sh It loads perfectly when executed from the command line. For some reason after upgrading, it refuses to load on boot. Here is the file permissions under /usr/local/etc/rc.d -r-xr-xr-x 1 root wheel 829 Oct 19 2005 mailscanner.sh What's causing this not to load on boot? Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca -------------- next part -------------- BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marc Dufresne TEL;WORK:613-543-3704 ORG:;Information Technology TEL;PREF;FAX:613-543-2847 EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca N:Dufresne;Marc TITLE:Corporate IT Officer END:VCARD From steve.swaney at fsl.com Sat May 27 16:40:09 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Sat May 27 16:40:18 2006 Subject: Getting pounded .. sigh In-Reply-To: <447213EC.30008@ecs.soton.ac.uk> Message-ID: <07f101c681a3$d5e75dc0$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Monday, May 22, 2006 3:42 PM > To: MailScanner discussion > Subject: Re: Getting pounded .. sigh > > Steve, > > Please can you add this to the Wiki? It's a very useful little mine of > information. Just the link and your contents list of it will do, with > some links to the original. > > Thanks! > Jules. > > Stephen Swaney wrote: > > Stephen Swaney > > Fort Systems Ltd. > > stephen.swaney@fsl.com > > www.fsl.com > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Kevin Miller > >> Sent: Monday, May 22, 2006 2:16 PM > >> To: MailScanner discussion > >> Subject: RE: Getting pounded .. sigh > >> > >> sandrews@andrewscompanies.com wrote: > >> > >>> I remember talk some time ago, not here, of a way to slow down the > >>> sender by doing something with an ACK (really out of my pond here). > >>> Anyone know what I might be thinking of? If there's some way to hold > >>> the connection to sender open, that would slow them down sending out > >>> crap. > >>> > >> I thnk you're thinking of sendmail's greet pause feature. Works great > >> for "botted" home machines, but real MX hosts aren't tripped up by it. > >> Another feature that may be of some help is the recipient throttle > >> (assuming he's using sendmail - Postfix, etc. probably have something > >> similar) but I'm not using it myself so don't know for sure... > >> > >> > >> > >> ...Kevin > >> -- > >> > > If you're using sendmail 8.13 look at: > > > > http://www.technoids.org/dossed.html > > > > It's Contents > > > > * 1. Limiting the Rate of Incoming Connections > > o 1.1. The ratecontrol Feature > > o 1.2. The Connection Rate Throttle > > * 2. Limiting Simultaneous Connections with the conncontrol Feature > > * 3. Thwarting Dictionary Attacks > > o 3.1. Limiting the Number of Recipients per Message > > o 3.2. Reacting to "Bad" Recipients > > * 4. Blocking Slammers with the greet_pause Feature > > * 5. Other Ways to Protect Your sendmail Server > > * 6. Afterword > > > > I finally found a few minutes so this has been added to the Wiki: http://wiki.mailscanner.info/doku.php?id=maq:index#sendmail_8.13_anti-spam_/ _denial_of_service_protection_features I've also added: "How Split a Multiple Recipient Message in Single Messages" under: http://wiki.mailscanner.info/doku.php?id=maq:index#misc._questions I've added the sendmail instructions. If anyone wants to add the Exim method to split messages to multiple recipients into individual messages please feel free :) I don't believe there is yet a Postfix method that can do this efficiently but please correct me if I am mistaken (and please add to the wiki :). Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From jason at thepowells.ca Sat May 27 17:05:18 2006 From: jason at thepowells.ca (Jason Powell) Date: Sat May 27 17:05:32 2006 Subject: Mailscanner -4.52.2-1 not loading on boot - FreeBSD 5.4 In-Reply-To: References: Message-ID: <447878BE.6040501@thepowells.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Have you tried giving the complete path to the MailScanner executable? (ie. /usr/sbin/MailScanner) Marc Dufresne wrote: > I have recently upgraded MailScanner to version 4.52.2-1 running on > FreeBSD 5.4. After upgrading, I noticed that MailScanner will not > load when I reboot my server or from a COLD boot. > > On boot it indcates that its "Starting MailScanner", then I get an > error MailScanner not found. I will then login as root, and run > MailScanner manually /usr/local/etc/rc.d/mailscanner.sh > > It loads perfectly when executed from the command line. For some > reason after upgrading, it refuses to load on boot. Here is the > file permissions under /usr/local/etc/rc.d > > -r-xr-xr-x 1 root wheel 829 Oct 19 2005 mailscanner.sh > > What's causing this not to load on boot? > > > Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission > 13740 County Road 2 Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 Corporate website: www.parks.on.ca > > ---------------------------------------------------------------------- > > > BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marc Dufresne > TEL;WORK:613-543-3704 ORG:;Information Technology > TEL;PREF;FAX:613-543-2847 > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca N:Dufresne;Marc > TITLE:Corporate IT Officer END:VCARD > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEeHi9zjQ2/tE0SiARAhTbAJwKejT45NYvULG2qtSYDx6qu+gnoQCgvJqH QCq0Jiez1RXZh+N6kwdwpAk= =yDiK -----END PGP SIGNATURE----- From gdoris at rogers.com Sat May 27 17:14:16 2006 From: gdoris at rogers.com (Gerry Doris) Date: Sat May 27 17:15:06 2006 Subject: 4.54.5 beta pending new stable release References: <86144ED6CE5B004DA23E1EAC0B569B580D210E01@isabella.herefordshire.gov.uk> Message-ID: <007201c681a8$9a895c60$670a000a@dorfam.ca> I just got around to installing the 4.54.5 beta this morning. All went well except that the Net::IP rpm wasn't built for some reason. This hasn't happened to me before. It was present before the upgrade and I just added it back using CPAN. There is also a problem that's started with the last beta that involves MailWatch. I reported it then and it's still present. Under MailWatch's Spam Report there is a parsing error. It looks like this... Score Matching Rules cached not score=-1.776 5 required Hopefully this doesn't wrap. Just in case above text shows up in the two columns entitled Score and Matching Rules. Under Score is "cached" and "5" and under Match Rules is "not", "score=the_spam_score_number" and "required". It appears to be only cosmetic. I really would like the option to turn off loggin of the time it takes each message to process. I find this far too much info for day to day reporting. Perhaps I missed this switch in MailScanner.conf??? From uxbod at splatnix.net Sat May 27 18:36:03 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Sat May 27 18:05:12 2006 Subject: sa-learn Message-ID: <20060527173603.3af39ba3@cyborg> Hi, i use MailScanner with Postfix and was wondering how I get newly spam entered to the bayes database. I have created a little script that polls our accounts :- ---------------------------------------------------------------------------------------------------------------------------------------------------------- #!/bin/bash LOCK_FILE=/var/lock/subsys/spam_check.lock if [ -f ${LOCK_FILE} ]; then logger -p local0.info -t learn-spam "Still running !" exit fi touch ${LOCK_FILE} for user in spam xyz abc do typeset -i count=0 for file in /home/${user}/.maildir/.LEARN-SPAM/cur/* do if [ -f ${file} ]; then sa-learn --spam ${file} && rm ${file} let count=${count}+1 fi done for file in /home/${user}/.maildir/.LEARN-HAM/cur/* do if [ -f ${file} ]; then sa-learn --ham ${file} && cat ${file} | \ spamassassin -d > ${file} && mv ${file} /home/${user}/.maildir/cur fi done done if [ ${count} -gt 0 ]; then logger -p local0.info -t learn-spam "${count} email(s) processed" fi trap "rm -f ${LOCK_FILE}" exit exit 0 ---------------------------------------------------------------------------------------------------------------------------------------------------------- but for this to work I presume that it will need to be run as the effective user ie. Postfix ? Thanks all. And for UK people have a lovely Bank Holiday. Phil -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mikej at rogers.com Sat May 27 18:42:08 2006 From: mikej at rogers.com (Mike Jakubik) Date: Sat May 27 18:41:54 2006 Subject: Mailscanner -4.52.2-1 not loading on boot - FreeBSD 5.4 In-Reply-To: References: Message-ID: <44788F70.5000302@rogers.com> Marc Dufresne wrote: > I have recently upgraded MailScanner to version 4.52.2-1 running on > FreeBSD 5.4. After upgrading, I noticed that MailScanner will not load > when I reboot my server or from a COLD boot. > How did you upgrade to 4.52, when the current version in ports is 4.53.8? Please update your ports tree and try again. Also, you may want to update to FreeBSD 5.5, or better yet 6.1, there may be some RCng incompatibilities preventing the script from running. From matt at coders.co.uk Sat May 27 18:58:15 2006 From: matt at coders.co.uk (Matt Hampton) Date: Sat May 27 18:58:26 2006 Subject: Getting pounded .. sigh In-Reply-To: <07f101c681a3$d5e75dc0$2901010a@office.fsl> References: <07f101c681a3$d5e75dc0$2901010a@office.fsl> Message-ID: <44789337.2030805@coders.co.uk> Stephen Swaney wrote: > "How Split a Multiple Recipient Message in Single Messages" under: > > http://wiki.mailscanner.info/doku.php?id=maq:index#misc._questions > > I've added the sendmail instructions. When I added these bits to my config I get these errors in my maillog NOQUEUE: Authentication-Warning: d2210.servadmin.com: Processed from queue /var/spool/mqueue.in And no mail delivered - any ideas? I have always used this: define(`confMAX_RCPTS_PER_MESSAGE',`1') to get the same result but I hadn't thought of doing it with queue groups. The down side to max_recpts_per_message is that depending on the remote server they might not send for 20 minutes (or try the secondary). matt From matt at coders.co.uk Sat May 27 19:11:13 2006 From: matt at coders.co.uk (Matt Hampton) Date: Sat May 27 19:11:23 2006 Subject: 4.54.5 beta pending new stable release In-Reply-To: <007201c681a8$9a895c60$670a000a@dorfam.ca> References: <86144ED6CE5B004DA23E1EAC0B569B580D210E01@isabella.herefordshire.gov.uk> <007201c681a8$9a895c60$670a000a@dorfam.ca> Message-ID: <44789641.7070906@coders.co.uk> Gerry Doris wrote: > I just got around to installing the 4.54.5 beta this morning. All went > well except that the Net::IP rpm wasn't built for some reason. This > hasn't happened to me before. It was present before the upgrade and I > just added it back using CPAN. > > There is also a problem that's started with the last beta that involves > MailWatch. I reported it then and it's still present. Under > MailWatch's Spam Report there is a parsing error. It looks like this... > > Score Matching Rules > cached not > score=-1.776 > 5 required > > Gerry - I have just posted a fix to the MailWatch list matt From mailscanner at berger.nl Sat May 27 20:09:20 2006 From: mailscanner at berger.nl (mailscanner@berger.nl) Date: Sat May 27 20:09:27 2006 Subject: which hardware Message-ID: <1148756960.57001@bsd4.nedport.net> Hi there, I am using Sendmail / mailscanner / spamassassin on several systems now and have to buy a new one. I have about $2200 to spend on a mailgateway. I bought a system 2 months ago containing 4 sata disks in raid5, 2Gb ram and Pentium D830 (dualcore). This runs fine with FreeBSD6.1 for about a month now but it's not heavily loaded yet. I need to setup a similar system (sendmail / mailscanner / spamassassin / clamAV and a second avirus)now. I wonder if my hardware choice is OK. I've read several hardware articles on the mailscannersite but it's mainly about older hardware. Someone any idea about what's best? Thanks, Roger From MailScanner at ecs.soton.ac.uk Sat May 27 20:09:37 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 27 20:09:54 2006 Subject: required_hits In-Reply-To: <44777214.1060705@webpipe.net> References: <44777214.1060705@webpipe.net> Message-ID: <4478A3F1.5080108@ecs.soton.ac.uk> Because I use 6 and think 5 is too low. Kevin Pendleton wrote: > Is there a reason that the default value for Required SpamAssassin > Score = 6 when the default required_hits from SpamAssassin is 5? > > Thanks, > > Kevin -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sat May 27 20:33:56 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 27 20:34:06 2006 Subject: MailScanner ANNOUNCE: 4.54.6 released Message-ID: <4478A9A4.9020009@ecs.soton.ac.uk> I have just released version 4.54.6. The main aim of this release is to remove the (minor) problems there were with 4.53.8. The main improvements are support for Sophos 5, and a fix to the phishing net output formatting which could leave some links open. I have also upgraded the easy-to-install ClamAV+SpamAssassin to the very latest versions. There have also been various other changes, improvements and other fixes since 4.53. The full Change Log is: * New Features and Improvements * - sa-update cron job disabled by default - Support for Sophos version 5. This just requires new sophos-autoupdate and sophos-wrapper. There are no changes to the core MailScanner code. - The Sophos.install script is not needed for version 5 of Sophos. But it won't do any harm and will print some useful information on how you should configure it, and it will make its best attempts to update the virus.scanners.conf file to point to your new version 5 installation. So I would still strongly advise that you run Sophos.install to install Sophos, even with version 5. - When the SpamAssassin cache is being used, the phrase "cached" or "not cached" is added to the start of the SpamAssassin detailed report in the headers. These words are defined in the languages.conf file so you can change them to anything you like, and translate them into your local languages. Please post all translations back to me for inclusion in the standard distribution. - Added a reference to the message batch in the call to look up "lastafterbatch" so that MailWatch can get the batch statistics. - Updated loads of Perl modules to more modern versions where there have been any significant updates to them. Minor doc and test tweaks have been ignored. - Updated many Perl modules in ClamAV+SA easy-to-install package. - ClamAV+SA package does not add extra loadplugin lines if they are already present in the init.pre and v310.pre files. - Added more examples to /etc/MailScanner/rules/README to show all of the allowed formats of a numerical IP address range. - Upgraded to Filesys::Df 0.90. - Added Spanish translation of rejection.report.txt. Thanks to Leonardo Helman. - Improved filetype rule for scripts so it doesn't accidentally trigger on JPEG images with full metadata tags. 5 Added Net::IP Perl module as it is needed for SpamAssassin and Net::DNS. 5 Improved handling of Unicode encoded subject lines with a few trailing spaces. 5 Fresh translation of German languges.conf file. * Fixes * - Fixed bug in output formatting of phishing net. This could leave HTML links open. - Fixed major problem with Web Bug processor. - Fixed bug in handling of multi-line Subject: lines in Postfix. Thanks to James for this fix and his patch. 5 Fixed bug in sophos-wrapper caused by confusion between Sophos V4 and V5. 5 Fixed bug stopping regexp rule /^$/ from working properly in rulesets. 6 Fixed packaging error with perl-Net-IP. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From root at doctor.nl2k.ab.ca Sat May 27 22:36:46 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Sat May 27 22:36:55 2006 Subject: MailScanner ANNOUNCE: 4.54.6 released In-Reply-To: <4478A9A4.9020009@ecs.soton.ac.uk> References: <4478A9A4.9020009@ecs.soton.ac.uk> Message-ID: <20060527213646.GA5551@doctor.nl2k.ab.ca> On Sat, May 27, 2006 at 08:33:56PM +0100, Julian Field wrote: > I have just released version 4.54.6. The main aim of this release is to > remove the (minor) problems there were with 4.53.8. > > The main improvements are support for Sophos 5, and a fix to the > phishing net output formatting which could leave some links open. > > I have also upgraded the easy-to-install ClamAV+SpamAssassin to the very > latest versions. > > There have also been various other changes, improvements and other fixes > since 4.53. > > The full Change Log is: > > * New Features and Improvements * > - sa-update cron job disabled by default > - Support for Sophos version 5. This just requires new sophos-autoupdate > and > sophos-wrapper. There are no changes to the core MailScanner code. > - The Sophos.install script is not needed for version 5 of Sophos. But it > won't do any harm and will print some useful information on how you > should configure it, and it will make its best attempts to update the > virus.scanners.conf file to point to your new version 5 installation. > So I would still strongly advise that you run Sophos.install to install > Sophos, even with version 5. > - When the SpamAssassin cache is being used, the phrase "cached" or "not > cached" > is added to the start of the SpamAssassin detailed report in the headers. > These words are defined in the languages.conf file so you can change > them to > anything you like, and translate them into your local languages. Please > post > all translations back to me for inclusion in the standard distribution. > - Added a reference to the message batch in the call to look up > "lastafterbatch" > so that MailWatch can get the batch statistics. > - Updated loads of Perl modules to more modern versions where there have > been > any significant updates to them. Minor doc and test tweaks have been > ignored. > - Updated many Perl modules in ClamAV+SA easy-to-install package. > - ClamAV+SA package does not add extra loadplugin lines if they are already > present in the init.pre and v310.pre files. > - Added more examples to /etc/MailScanner/rules/README to show all of the > allowed formats of a numerical IP address range. > - Upgraded to Filesys::Df 0.90. > - Added Spanish translation of rejection.report.txt. Thanks to Leonardo > Helman. > - Improved filetype rule for scripts so it doesn't accidentally trigger on > JPEG images with full metadata tags. > 5 Added Net::IP Perl module as it is needed for SpamAssassin and Net::DNS. > 5 Improved handling of Unicode encoded subject lines with a few trailing > spaces. > 5 Fresh translation of German languges.conf file. > > * Fixes * > - Fixed bug in output formatting of phishing net. This could leave HTML > links > open. > - Fixed major problem with Web Bug processor. > - Fixed bug in handling of multi-line Subject: lines in Postfix. Thanks to > James for this fix and his patch. > 5 Fixed bug in sophos-wrapper caused by confusion between Sophos V4 and V5. > 5 Fixed bug stopping regexp rule /^$/ from working properly in rulesets. > 6 Fixed packaging error with perl-Net-IP. > > -- What about Spam Assassin 3.1.2 ? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gdoris at rogers.com Sun May 28 01:33:39 2006 From: gdoris at rogers.com (Gerry Doris) Date: Sun May 28 01:33:57 2006 Subject: 4.54.5 beta pending new stable release References: <86144ED6CE5B004DA23E1EAC0B569B580D210E01@isabella.herefordshire.gov.uk><007201c681a8$9a895c60$670a000a@dorfam.ca> <44789641.7070906@coders.co.uk> Message-ID: <003b01c681ee$5dd1d4f0$670a000a@dorfam.ca> ----- Original Message ----- From: "Matt Hampton" To: "MailScanner discussion" Sent: Saturday, May 27, 2006 2:11 PM Subject: Re: 4.54.5 beta pending new stable release > Gerry Doris wrote: >> I just got around to installing the 4.54.5 beta this morning. All went >> well except that the Net::IP rpm wasn't built for some reason. This >> hasn't happened to me before. It was present before the upgrade and I >> just added it back using CPAN. >> >> There is also a problem that's started with the last beta that involves >> MailWatch. I reported it then and it's still present. Under >> MailWatch's Spam Report there is a parsing error. It looks like this... >> >> Score Matching Rules >> cached not >> score=-1.776 >> 5 required >> >> > > Gerry - I have just posted a fix to the MailWatch list > > matt > -- Great! I made the change and it fixed the problem. From mikea at mikea.ath.cx Sun May 28 06:48:46 2006 From: mikea at mikea.ath.cx (mikea) Date: Sun May 28 06:48:58 2006 Subject: Attachment Size rule In-Reply-To: <44778E2B.7060000@netcabo.pt>; from ferradeira@netcabo.pt on Sat, May 27, 2006 at 12:24:27AM +0100 References: <44778E2B.7060000@netcabo.pt> Message-ID: <20060528004846.C3490@mikea.ath.cx> On Sat, May 27, 2006 at 12:24:27AM +0100, Jos? Ferradeira wrote: > Hi, > > I'm trying to implement this rule set in rules/MaxAttachSize.rules: > > To: user1@ourdomain.com 614400 > To: user2@ourdomain.com -1 > > Limiting the size of the attach file to 600MB to user 1 and free user2. > Everything is working, except when I send a 800MB attach file this way: > To: user1@ourdomain.com > Cc: user2@ourdomain.com > > Both of users are not able to receive the email, but user2 should > receive the email and the attach file, right? > Is it possible to implement this rule? > > MailScanner version 4.47.4 > > Best regards Is this one of those cases where you have to tell sendmail to queue one copy of the mail per recipient, so that MailScanner can handle it properly? I suspect so, but one of the experts will _know_. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From sandrews at andrewscompanies.com Sun May 28 12:50:42 2006 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Sun May 28 12:50:46 2006 Subject: which hardware Message-ID: <1964AAFBC212F742958F9275BF63DBB039A5D3@winchester.andrewscompanies.com> Best? Plenty of RAM, plenty of processor and fast disk. But what you don't specify is what your mail volume is so it's unanswerable. Me, I've got the thing running equally as well on slow, old hardware as on fast, new hardware; really depends on the volume. For the money you're wanting to spend, you've got the opportunity to do two machines with lesser configurations, say d830s with 1gig of ram (or 2, its cheap now), and raid 1 and do them in a dns round robin to spread the load and increase redundancy should one barf. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of mailscanner@berger.nl Sent: Saturday, May 27, 2006 3:09 PM To: mailscanner@lists.mailscanner.info Subject: which hardware Hi there, I am using Sendmail / mailscanner / spamassassin on several systems now and have to buy a new one. I have about $2200 to spend on a mailgateway. I bought a system 2 months ago containing 4 sata disks in raid5, 2Gb ram and Pentium D830 (dualcore). This runs fine with FreeBSD6.1 for about a month now but it's not heavily loaded yet. I need to setup a similar system (sendmail / mailscanner / spamassassin / clamAV and a second avirus)now. I wonder if my hardware choice is OK. I've read several hardware articles on the mailscannersite but it's mainly about older hardware. Someone any idea about what's best? Thanks, Roger From ferradeira at netcabo.pt Sun May 28 13:33:11 2006 From: ferradeira at netcabo.pt (=?ISO-8859-1?Q?Jos=E9_Ferradeira?=) Date: Sun May 28 13:33:17 2006 Subject: Maximum Attachment Size In-Reply-To: <44784DA6.7010407@ecs.soton.ac.uk> References: <4476E6CB.20406@netcabo.pt> <44782925.1030005@netcabo.pt> <44784DA6.7010407@ecs.soton.ac.uk> Message-ID: <44799887.7030100@netcabo.pt> Julian Field wrote: > Jos? Ferradeira wrote: > >> Scott Silva wrote: >> >>> Jos? Ferradeira spake the following on 5/26/2006 4:30 AM: >>> >>>> Hi, >>>> >>>> I'm trying to implement this rule set in rules/MaxAttachSize.rules: >>>> >>>> To: user1@ourdomain.com 614400 >>>> To: user2@ourdomain.com -1 >>>> >>>> Limiting the size of the attach file to 600MB to user 1 and free >>>> user2. >>>> Everything is working, except when I send a 800MB attach file this >>>> way: >>>> To: user1@ourdomain.com >>>> Cc: user2@ourdomain.com >>>> >>>> Both of users are not able to receive the email, but user2 should >>>> recive >>>> the email and the attach file, right? >>>> >>>> MailScanner version 4.47.4 >>>> >>>> Best regards >>>> >>>> Jose >>>> >>> >>> AFAIR only if your MTA splits the messages. Otherwise, it doesn't >>> seem to work >>> >>> >>> >> Hi, >> Thanks. >> I'm using MailScanner with sendmail (fedora core 4). >> Can I do it with sendmail? > > Yes, I believe it is described in the Wiki. If not, please can someone > (Steve S perhaps?) add it as quite a few of you know the answer to this. > > It happens as MailScanner does not split up messages so one recipient > gets one response and a different recipient gets another. This > restriction rarely causes a problem and enables MailScanner to go a > lot faster. It's a design decision I made a long time ago, and it > rarely cause a problem that cannot be easily worked around, such as > your case (look up "queue groups" in sendmail). > with the configuration from wiki (QUEUE_GROUP), when I restart MailScanner I got this message : / outgoing sendmail: QueuePath // /var/spool/mqueue.in not subpath of QueueDirectory /var/spool/mqueue/ / and I can no longer receive e-mails. The solution I found to work is: define(`confMAX_RCPTS_PER_MESSAGE',`1') Now I can create rules individually for each mail box. Another question: is it possible to implement a personal content filter? i.e. Can I scan email for a specific word? The idea is to scan email for adult content without coming from spam. Many thanks Jose / / From maillists at conactive.com Sun May 28 13:35:22 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun May 28 13:35:24 2006 Subject: MailScanner ANNOUNCE: 4.54.6 released In-Reply-To: <4478A9A4.9020009@ecs.soton.ac.uk> References: <4478A9A4.9020009@ecs.soton.ac.uk> Message-ID: Jules, I'm somewhat unhappy about the "uncoordinated" use of perl packages and names. I think the use of widely available rpm distributions is preferrable to installing three packages with the same functionality but different names that in the end seem to be the same perl module name and overwrite the exact same files in the perl tree. I don't think this does any good to the Perl installation. If MailScanner uses packages of its own that are bundled only with MailScanner I think they should be named in a way that makes that clear (f.i. perl-MailScanner-packagename) and get their own *module name* so that they don't overwrite each other with the same module but different rpm name. I'm not a Perl guru, though, and my gut feeling may be wrong. f.i. module Filesys::Df this got introduced as: perl-Filesys-Statvfs_Statfs_Df-0.78-1.src.rpm now you changed it to: perl-Filesys-Df-0.90-1.src.rpm (where I can't find any other source for than your tar.gz) when searching yum repositories I find: perl-Filesys-DiskFree.noarch perl-Filesys-DiskSpace.noarch which may or may not carry the same functionality. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Sun May 28 13:42:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun May 28 13:42:54 2006 Subject: MailScanner ANNOUNCE: 4.54.6 released In-Reply-To: <20060527213646.GA5551@doctor.nl2k.ab.ca> References: <4478A9A4.9020009@ecs.soton.ac.uk> <20060527213646.GA5551@doctor.nl2k.ab.ca> Message-ID: <44799ABB.20909@ecs.soton.ac.uk> Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > On Sat, May 27, 2006 at 08:33:56PM +0100, Julian Field wrote: > >> I have just released version 4.54.6. The main aim of this release is to >> remove the (minor) problems there were with 4.53.8. >> >> The main improvements are support for Sophos 5, and a fix to the >> phishing net output formatting which could leave some links open. >> >> I have also upgraded the easy-to-install ClamAV+SpamAssassin to the very >> latest versions. >> >> > > What about Spam Assassin 3.1.2 ? > As it says... -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sun May 28 13:44:37 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun May 28 13:44:48 2006 Subject: Maximum Attachment Size In-Reply-To: <44799887.7030100@netcabo.pt> References: <4476E6CB.20406@netcabo.pt> <44782925.1030005@netcabo.pt> <44784DA6.7010407@ecs.soton.ac.uk> <44799887.7030100@netcabo.pt> Message-ID: <44799B35.7020902@ecs.soton.ac.uk> Jos? Ferradeira wrote: > Another question: is it possible to implement a personal content > filter? i.e. Can I scan email for a specific word? > The idea is to scan email for adult content without coming from spam. Look up"MCP" in the docs. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From alex at nkpanama.com Sun May 28 13:55:47 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun May 28 13:56:12 2006 Subject: Maximum Attachment Size In-Reply-To: <44799887.7030100@netcabo.pt> References: <4476E6CB.20406@netcabo.pt> <44782925.1030005@netcabo.pt> <44784DA6.7010407@ecs.soton.ac.uk> <44799887.7030100@netcabo.pt> Message-ID: <44799DD3.6020203@nkpanama.com> Jos? Ferradeira wrote: > > Another question: is it possible to implement a personal content > filter? i.e. Can I scan email for a specific word? > The idea is to scan email for adult content without coming from spam. > It's called MCP. Look into it. From maillists at conactive.com Sun May 28 14:26:09 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun May 28 14:26:10 2006 Subject: Maximum Attachment Size In-Reply-To: <44799887.7030100@netcabo.pt> References: <4476E6CB.20406@netcabo.pt> <44782925.1030005@netcabo.pt> <44784DA6.7010407@ecs.soton.ac.uk> <44799887.7030100@netcabo.pt> Message-ID: Jos? Ferradeira wrote on Sun, 28 May 2006 13:33:11 +0100: > define(`confMAX_RCPTS_PER_MESSAGE',`1') There is a problem with this setting you may not be yet aware of. It applies for relaying SMTP AUTHed clients as well. And if your users use a broken client like Microsoft Outlook you run into trouble. Microsoft Outlook cannot correctly recover from the tempfail and tries resending the whole bunch of addresses again and again. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From ferradeira at netcabo.pt Sun May 28 14:53:02 2006 From: ferradeira at netcabo.pt (=?ISO-8859-1?Q?Jos=E9_Ferradeira?=) Date: Sun May 28 14:53:11 2006 Subject: Maximum Attachment Size In-Reply-To: References: <4476E6CB.20406@netcabo.pt> <44782925.1030005@netcabo.pt> <44784DA6.7010407@ecs.soton.ac.uk> <44799887.7030100@netcabo.pt> Message-ID: <4479AB3E.7030207@netcabo.pt> Kai Schaetzl wrote: >Jos? Ferradeira wrote on Sun, 28 May 2006 13:33:11 +0100: > > > >>define(`confMAX_RCPTS_PER_MESSAGE',`1') >> >> > >There is a problem with this setting you may not be yet aware of. It >applies for relaying SMTP AUTHed clients as well. And if your users use a >broken client like Microsoft Outlook you run into trouble. Microsoft >Outlook cannot correctly recover from the tempfail and tries resending the >whole bunch of addresses again and again. > >Kai > > > Ok, I didn't test it with MS Outlook yet. I tried to find a resolution to this problem: outgoing sendmail: QueuePath // /var/spool/mqueue.in not subpath of QueueDirectory /var/spool/mqueue/ but didn?t find anything. Can anyone help me with this error message? Jose From maillists at conactive.com Sun May 28 15:02:16 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun May 28 15:02:16 2006 Subject: "X-Spam-Status:, Yes" in Mailwatch Message-ID: I noticed I'm getting this displayed in the spam actions in Mailwatch as of today: "X-Spam-Status:, Yes" (note the comma! same for no) MailScanner.conf has: Spam Actions = store striphtml deliver header "X-Spam-Status: Yes" Don't know if this started to happen today or earlier. I upgraded to latest MailScanner today and latest SA two days ago. This is the only machine set to add this header, so I can't compare directly with other upgraded machines. Anyone else? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From root at doctor.nl2k.ab.ca Sun May 28 15:15:28 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Sun May 28 15:16:13 2006 Subject: MailScanner ANNOUNCE: 4.54.6 released In-Reply-To: References: <4478A9A4.9020009@ecs.soton.ac.uk> Message-ID: <20060528141528.GA19363@doctor.nl2k.ab.ca> On Sun, May 28, 2006 at 02:35:22PM +0200, Kai Schaetzl wrote: > Jules, I'm somewhat unhappy about the "uncoordinated" use of perl packages > and names. I think the use of widely available rpm distributions is > preferrable to installing three packages with the same functionality but > different names that in the end seem to be the same perl module name and > overwrite the exact same files in the perl tree. I don't think this does > any good to the Perl installation. > If MailScanner uses packages of its own that are bundled only with > MailScanner I think they should be named in a way that makes that clear > (f.i. perl-MailScanner-packagename) and get their own *module name* so > that they don't overwrite each other with the same module but different > rpm name. > I'm not a Perl guru, though, and my gut feeling may be wrong. > > f.i. module Filesys::Df > this got introduced as: > perl-Filesys-Statvfs_Statfs_Df-0.78-1.src.rpm > now you changed it to: > perl-Filesys-Df-0.90-1.src.rpm > (where I can't find any other source for than your tar.gz) > > when searching yum repositories I find: > perl-Filesys-DiskFree.noarch > perl-Filesys-DiskSpace.noarch > which may or may not carry the same functionality. > Check with the modules Author. He later compensated for BSD/OS 4.X and FreeBSD 4.X > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From root at doctor.nl2k.ab.ca Sun May 28 15:16:29 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Sun May 28 15:17:11 2006 Subject: MailScanner ANNOUNCE: 4.54.6 released In-Reply-To: <44799ABB.20909@ecs.soton.ac.uk> References: <4478A9A4.9020009@ecs.soton.ac.uk> <20060527213646.GA5551@doctor.nl2k.ab.ca> <44799ABB.20909@ecs.soton.ac.uk> Message-ID: <20060528141629.GB19363@doctor.nl2k.ab.ca> So when does 4.55 testing get under way? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Sun May 28 16:13:26 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun May 28 16:13:28 2006 Subject: MailScanner ANNOUNCE: 4.54.6 released In-Reply-To: <20060528141528.GA19363@doctor.nl2k.ab.ca> References: <4478A9A4.9020009@ecs.soton.ac.uk> <20060528141528.GA19363@doctor.nl2k.ab.ca> Message-ID: wrote on Sun, 28 May 2006 08:15:28 -0600: > Check with the modules Author. Thanks for the hint. I didn't check with him but I checked on CPAN. If I understand correctly Filesys-Df includes Filesys-statsomething-whatever ... So I removed that and installed Filesys-Df. I also noticed that I don't have any MailScanner problems on systems where I didn't install any of the two. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Sun May 28 16:13:27 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun May 28 16:13:33 2006 Subject: MailScanner ANNOUNCE: 4.54.6 released In-Reply-To: <20060528141629.GB19363@doctor.nl2k.ab.ca> References: <4478A9A4.9020009@ecs.soton.ac.uk> <20060527213646.GA5551@doctor.nl2k.ab.ca> <44799ABB.20909@ecs.soton.ac.uk> <20060528141629.GB19363@doctor.nl2k.ab.ca> Message-ID: wrote on Sun, 28 May 2006 08:16:29 -0600: > So when does 4.55 testing get under way? I suppose, Jules will put all the folks that responded on a separate mailing list and contact them. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Sun May 28 17:00:06 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun May 28 17:00:29 2006 Subject: MailScanner ANNOUNCE: 4.54.6 released In-Reply-To: References: <4478A9A4.9020009@ecs.soton.ac.uk> Message-ID: <4479C906.2050506@ecs.soton.ac.uk> Kai Schaetzl wrote: > Jules, I'm somewhat unhappy about the "uncoordinated" use of perl packages > and names. I think the use of widely available rpm distributions is > preferrable to installing three packages with the same functionality but > different names that in the end seem to be the same perl module name and > overwrite the exact same files in the perl tree. I don't think this does > any good to the Perl installation. > If MailScanner uses packages of its own that are bundled only with > MailScanner I think they should be named in a way that makes that clear > (f.i. perl-MailScanner-packagename) and get their own *module name* so > that they don't overwrite each other with the same module but different > rpm name. > I'm not a Perl guru, though, and my gut feeling may be wrong. > > f.i. module Filesys::Df > this got introduced as: > perl-Filesys-Statvfs_Statfs_Df-0.78-1.src.rpm > now you changed it to: > perl-Filesys-Df-0.90-1.src.rpm > (where I can't find any other source for than your tar.gz) > See below: it's right there on CPAN. > when searching yum repositories I find: > perl-Filesys-DiskFree.noarch > perl-Filesys-DiskSpace.noarch > which may or may not carry the same functionality. > The yum repositories are using the wrong names in my opinion. My RPM names are all "perl-" followed by the CPAN name of the module. The author of Filesys::Df split 2 modules into 1 at some point and so changed the name. I merely caught up with the current name of the module. If you look on CPAN you should find all my modules with their original distributed filenames. As for having trouble finding Filesys::Df, just look on CPAN for Filesys::Df, it's right there, latest version is dated 14 May 2006, version 0.90. > > Kai > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sun May 28 17:03:23 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun May 28 17:03:44 2006 Subject: MailScanner ANNOUNCE: 4.54.6 released In-Reply-To: References: <4478A9A4.9020009@ecs.soton.ac.uk> Message-ID: <4479C9CB.4030507@ecs.soton.ac.uk> Kai Schaetzl wrote: > Jules, I'm somewhat unhappy about the "uncoordinated" use of perl packages > and names. I think the use of widely available rpm distributions is > preferrable to installing three packages with the same functionality but > different names that in the end seem to be the same perl module name and > overwrite the exact same files in the perl tree. I don't think this does > any good to the Perl installation. > If MailScanner uses packages of its own that are bundled only with > MailScanner I think they should be named in a way that makes that clear > (f.i. perl-MailScanner-packagename) and get their own *module name* so > that they don't overwrite each other with the same module but different > rpm name. > I'm not a Perl guru, though, and my gut feeling may be wrong. > > f.i. module Filesys::Df > this got introduced as: > perl-Filesys-Statvfs_Statfs_Df-0.78-1.src.rpm > now you changed it to: > perl-Filesys-Df-0.90-1.src.rpm > (where I can't find any other source for than your tar.gz) > Here is the original posting I had from the author of Statfs and Filesys::Df telling me exactly what I should use. So sorry Kai, but... ----------QUOTE----------- Hey guys, I got an email from someone yesterday because they were using MailScanner and apparently it requires Filesys::Df? Anyway he was using the dist Filesys-Statvfs_Statfs_Df 0.75 which is somewhat old. There was a known bug with that version that kept it from installing on a few versions of BSD. I recently revamped the entire module, fixed a few bugs, added some features, and tried to make the way it detects system calls more robust. It should be totally backwards compatible with what you are using now. You can download it here: http://www.cpan.org/authors/id/I/IG/IGUTHRIE/Filesys-Df-0.90.tar.gz I also recently wrote another module that works on Windows as well as Unix if you guys have a Windows version. It is called Filesys::DfPortable. The only difference is that by default it returns bytes instead of blocks. So if you use it in place of Filesys::Df you need to make sure you take that into account or just specify a block size as a second argument. Have a good one. Cheers, Ian ----------QUOTE----------- -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From steve.swaney at fsl.com Sun May 28 19:25:37 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Sun May 28 19:25:46 2006 Subject: Getting pounded .. sigh In-Reply-To: <44789337.2030805@coders.co.uk> Message-ID: <0dce01c68284$1e764840$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Matt Hampton > Sent: Saturday, May 27, 2006 1:58 PM > To: MailScanner discussion > Subject: Re: Getting pounded .. sigh > > Stephen Swaney wrote: > > "How Split a Multiple Recipient Message in Single Messages" under: > > > > http://wiki.mailscanner.info/doku.php?id=maq:index#misc._questions > > > > I've added the sendmail instructions. > > When I added these bits to my config I get these errors in my maillog > > NOQUEUE: Authentication-Warning: d2210.servadmin.com: Processed from > queue /var/spool/mqueue.in > > And no mail delivered - any ideas? > > I have always used this: > > define(`confMAX_RCPTS_PER_MESSAGE',`1') > > to get the same result but I hadn't thought of doing it with queue > groups. The down side to max_recpts_per_message is that depending on the > remote server they might not send for 20 minutes (or try the secondary). > > matt The method described in the wiki should work with any client software since the MTA (sendmail) accepts the entire message and then splits it into individual messages, one for each recipient. define(`confMAX_RCPTS_PER_MESSAGE',`1') will reject any email addressed to more than one recipient. If this feature is defined it's typically set to a much higher threshold; something like: define(`confMAX_RCPTS_PER_MESSAGE',`20') In fact you can use both together. With the setting just above and with mqueue defined and r=1, messages to more than 20 recipients will be rejected and messages to 20 or less will be split into individual messages. I hope this helps to explain the issue. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From matt at coders.co.uk Sun May 28 19:36:54 2006 From: matt at coders.co.uk (Matt Hampton) Date: Sun May 28 19:36:56 2006 Subject: Getting pounded .. sigh In-Reply-To: <0dce01c68284$1e764840$2901010a@office.fsl> References: <0dce01c68284$1e764840$2901010a@office.fsl> Message-ID: <4479EDC6.4040909@coders.co.uk> Stephen Swaney wrote: > The method described in the wiki should work with any client software since > the MTA (sendmail) accepts the entire message and then splits it into > individual messages, one for each recipient. Yes but there must be something else that needs doing or myself or the other person would have the same error. > > define(`confMAX_RCPTS_PER_MESSAGE',`1') will reject any email addressed to > more than one recipient. If this feature is defined it's typically set to a > much higher threshold; something like: My servers are not user facing. I use this to get the functionality you achieve using the queue groups. > I hope this helps to explain the issue. Thanks ;-) - now any ideas why my Queue groups don't work??? :-) matt From maillists at conactive.com Sun May 28 20:31:14 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun May 28 20:31:20 2006 Subject: MailScanner ANNOUNCE: 4.54.6 released In-Reply-To: <4479C906.2050506@ecs.soton.ac.uk> References: <4478A9A4.9020009@ecs.soton.ac.uk> <4479C906.2050506@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Sun, 28 May 2006 17:00:06 +0100: > The yum repositories are using the wrong names in my opinion. You are right, I, too, prefer to go after the module names. I was just looking around for any rpms and didn't find one. As it seems Filesys-Df simply didn't exist before 0.90. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Sun May 28 20:31:14 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun May 28 20:31:24 2006 Subject: MailScanner ANNOUNCE: 4.54.6 released In-Reply-To: <4479C9CB.4030507@ecs.soton.ac.uk> References: <4478A9A4.9020009@ecs.soton.ac.uk> <4479C9CB.4030507@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Sun, 28 May 2006 17:03:23 +0100: > Here is the original posting I had from the author of Statfs and > Filesys::Df telling me exactly what I should use. So sorry Kai, but... No problem, I just hate confusion and rpms in the database that are dead but not uninstalled. (or did you add an obsoletes flag to the new rpm? I didn't know how to query it for that, so I don't know.) I deinstalled the stats-something rpm, rebuilt your new Df package and installed. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From james at grayonline.id.au Mon May 29 02:48:29 2006 From: james at grayonline.id.au (James Gray) Date: Mon May 29 02:48:48 2006 Subject: MailScanner ANNOUNCE: 4.54.6 released In-Reply-To: <4478A9A4.9020009@ecs.soton.ac.uk> References: <4478A9A4.9020009@ecs.soton.ac.uk> Message-ID: <200605291148.32918.james@grayonline.id.au> On Sun, 28 May 2006 05:33 am, Julian Field wrote: > I have just released version 4.54.6. The main aim of this release is to > remove the (minor) problems there were with 4.53.8. Just installed it (and the latest Clam+SA) on my Mac OSX server. Everything compiled correctly except the tnef decoder - but that happened on the previous version too. So the tnef decoder is set to "internal" still, which doesn't bother me. Other than that, it's now handling all my mail for my test sites. Thanks Julian :) Cheers, James -- BOFH excuse #439: Hot Java has gone cold -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060529/c326e79c/attachment.bin From jeremypennington at yahoo.com Mon May 29 03:24:30 2006 From: jeremypennington at yahoo.com (Mr jeremy pennington) Date: Mon May 29 03:24:33 2006 Subject: 4.45.6-Process did not exit cleanly, returned 255 with signal 0 Message-ID: <20060529022430.93873.qmail@web50109.mail.yahoo.com> I tried upgrading from 4.45.4 to 4.54.6 today and had problems so I had to revert back to 4.45.4 which is working correctly and has been ever since I updated to it. I can start 4.54.6 ok but as soon as a message arrives I get the below message in the log file: May 28 20:58:47 mail.server.com <22>MailScanner[4822]: Using locktype = flock May 28 20:58:47 mail.server.com <22>MailScanner[4822]: New Batch: Scanning 1 messages, 1546 bytes May 28 20:58:50 mail.server.com <22>MailScanner[4822]: Archived message k4T0w20J004820 to mbox file /var/mail/archive/archive.mbx May 28 20:58:50 mail.server.com <22>MailScanner[4822]: Saved archive copies of k4T0w20J004820 May 28 20:58:50 mail.server.com <22>MailScanner[4822]: MCP Checks completed at 938678 bytes per second May 28 20:58:50 mail.server.com <22>MailScanner[4822]: Spam Checks: Starting May 28 20:58:52 mail.server.com <12>root: Process did not exit cleanly, returned 255 with signal 0 Therefore, the messages never gets scanned and the process restarts and repeats and each time the same message gets logged to the archive file. System Info: Solaris 9 MailWatch 1.0.3 Clam AV 0.88.2 Spam Assassin: 3.1.2 Again 4.45.4 works great, this problem just appears when I which to 4.54.6. Let me know if you have any trys, suggestions, or need more info. Thanks for the help __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From danielk at avalonpub.com Mon May 29 05:10:08 2006 From: danielk at avalonpub.com (Daniel Kleinsinger) Date: Mon May 29 05:10:20 2006 Subject: 4.45.6-Process did not exit cleanly, returned 255 with signal 0 In-Reply-To: <20060529022430.93873.qmail@web50109.mail.yahoo.com> References: <20060529022430.93873.qmail@web50109.mail.yahoo.com> Message-ID: <447A7420.9010705@avalonpub.com> Try running in debug mode, it should give a better error message. From the wiki (http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mailscanner): How to use MailScanner?s debug mode effectively: * Shutdown MailScanner and your MTA * Start only your incoming MTA. This is usually done by the command |service MailScanner startin| on Redhat. Other distros/OS may vary * Set ?Debug = yes? and ?Debug SpamAssassin = yes? in MailScanner.conf, then run ?check_MailScanner?. * Watch carefully the output for error messages and fix what you can fix. * Restore the debug options back to no * Restart MailScanner Mr jeremy pennington wrote: > I tried upgrading from 4.45.4 to 4.54.6 today and had > problems so I had to revert back to 4.45.4 which is > working correctly and has been ever since I updated to > it. > > I can start 4.54.6 ok but as soon as a message arrives > I get the below message in the log file: > > May 28 20:58:47 mail.server.com <22>MailScanner[4822]: > Using locktype = flock > May 28 20:58:47 mail.server.com <22>MailScanner[4822]: > New Batch: Scanning 1 messages, 1546 bytes > May 28 20:58:50 mail.server.com <22>MailScanner[4822]: > Archived message k4T0w20J004820 to mbox file > /var/mail/archive/archive.mbx > May 28 20:58:50 mail.server.com <22>MailScanner[4822]: > Saved archive copies of k4T0w20J004820 > May 28 20:58:50 mail.server.com <22>MailScanner[4822]: > MCP Checks completed at 938678 bytes per second > May 28 20:58:50 mail.server.com <22>MailScanner[4822]: > Spam Checks: Starting > May 28 20:58:52 mail.server.com <12>root: Process did > not exit cleanly, returned 255 with signal 0 > > Therefore, the messages never gets scanned and the > process restarts and repeats and each time the same > message gets logged to the archive file. > > System Info: > Solaris 9 > MailWatch 1.0.3 > Clam AV 0.88.2 > Spam Assassin: 3.1.2 > > Again 4.45.4 works great, this problem just appears > when I which to 4.54.6. Let me know if you have any > trys, suggestions, or need more info. > > Thanks for the help > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > From assooy at yahoo.com Mon May 29 07:27:41 2006 From: assooy at yahoo.com (ius) Date: Mon May 29 07:20:08 2006 Subject: quick rules question Message-ID: <447A945D.8040405@yahoo.com> Dear experts, Quick question. I like to block a miling list from yahoo, for example : davincicrap@yahoogroups.com. How can i do that in MailScanner rules? Thanks a lot ius -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon May 29 10:34:58 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 29 10:35:09 2006 Subject: quick rules question In-Reply-To: <447A945D.8040405@yahoo.com> References: <447A945D.8040405@yahoo.com> Message-ID: <447AC042.3010408@ecs.soton.ac.uk> You should do that in your MTA. In sendmail it's the "access" database. ius wrote: > Dear experts, > > Quick question. I like to block a miling list from yahoo, for example > : davincicrap@yahoogroups.com. How can i do that in MailScanner rules? > > > Thanks a lot > ius > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Mon May 29 14:31:44 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon May 29 14:31:47 2006 Subject: sa-learn In-Reply-To: <20060527173603.3af39ba3@cyborg> References: <20060527173603.3af39ba3@cyborg> Message-ID: <223f97700605290631h312a7191ic666be53f21cfec@mail.gmail.com> Hi Phil, On 27/05/06, --[UxBoD]-- wrote: > Hi, > > i use MailScanner with Postfix and was wondering how I get newly spam entered to the bayes database. I have created a little script > that polls our accounts :- > > ---------------------------------------------------------------------------------------------------------------------------------------------------------- > #!/bin/bash > > LOCK_FILE=/var/lock/subsys/spam_check.lock > > if [ -f ${LOCK_FILE} ]; then > logger -p local0.info -t learn-spam "Still running !" > exit > fi > > touch ${LOCK_FILE} > > for user in spam xyz abc > do > typeset -i count=0 > > for file in /home/${user}/.maildir/.LEARN-SPAM/cur/* > do > if [ -f ${file} ]; then > sa-learn --spam ${file} && rm ${file} > let count=${count}+1 > fi > done > > for file in /home/${user}/.maildir/.LEARN-HAM/cur/* > do > if [ -f ${file} ]; then > sa-learn --ham ${file} && cat ${file} | \ > spamassassin -d > ${file} && mv ${file} /home/${user}/.maildir/cur You have a potential "read and write the same file, at the same time" situation there, with the second command sequence (cat reads, and the redirect writes). Normally, you might not get any problem from this, but it is potentially unsafe. Best is to change that to somethhing like sa-learn --ham ${file} && cat ${file} | \ spamassassin -d > ${file}.tmp && mv ${file}.tmp /home/${user}/.maildir/cur/$file (watch out for wrapping:-). > fi > done > done > > if [ ${count} -gt 0 ]; then > logger -p local0.info -t learn-spam "${count} email(s) processed" > fi > > trap "rm -f ${LOCK_FILE}" exit > > exit 0 > ---------------------------------------------------------------------------------------------------------------------------------------------------------- > > but for this to work I presume that it will need to be run as the effective user ie. Postfix ? > Depending on a few things.... Then yes. "su postfix -s /bin/sh -c " is your friend:-)... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Denis.Beauchemin at USherbrooke.ca Mon May 29 15:53:14 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon May 29 15:53:45 2006 Subject: Thoughts please: 4.54.4 as a stable? In-Reply-To: <44784C40.4000203@ecs.soton.ac.uk> References: <4475EDA4.2000505@ecs.soton.ac.uk> <447625A4.303@coders.co.uk> <447629EE.3090109@ecs.soton.ac.uk> <44775AF6.3090701@ecs.soton.ac.uk> <44775CAE.2040608@USherbrooke.ca> <44784C40.4000203@ecs.soton.ac.uk> Message-ID: <447B0ADA.9000405@USherbrooke.ca> Julian Field a ?crit : > Denis Beauchemin wrote: >> Julian Field a ?crit : >>> >>> >>> Nick Smith wrote: >>>> Just wondering - was this deliberate (4.54.5 vs 4.54.2)? >>>> >>>> bash-3.00# diff -ur /opt/MailScanner/etc/filetype.rules.conf.orig >>>> filetype.rules.conf >>>> --- /opt/MailScanner/etc/filetype.rules.conf.orig Wed Apr 12 >>>> 09:45:43 2006 >>>> +++ filetype.rules.conf.orig Tue May 23 07:52:42 2006 >>>> @@ -7,7 +7,7 @@ >>>> # If none of the rules match, then the filetype is allowed. >>>> >>>> allow text - - >>>> -allow script - - >>>> +allow \sscript - - >>>> allow archive - - >>>> allow postscript - - >>>> deny self-extract No self-extracting archives No >>>> self-extracting archives allowed >>> Entirely intentional. Matching on "script" matches "postscript" as >>> well, which isn't what I wanted. Matching "\sscript" will match a >>> space followed by the word "script". >>> >> Julian, >> >> Wouldn't it be safer to use \bscript instead? It would also match at >> the beginning of the line or after some special character. > But that would catch '-script' which I don't want to. I really do want > just "foobar script". > Who am I to even think THE GREAT ONE could make such a small mistake! ;-) Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060529/dbc8dba5/smime.bin From daniel.maher at ubisoft.com Mon May 29 16:24:04 2006 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Mon May 29 16:24:08 2006 Subject: MailScanner is responsible for SWAP usage! Message-ID: <1E293D3FF63A3740B10AD5AAD88535D20226CE74@UBIMAIL1.ubisoft.org> Bah, with a load that low, I'd never reboot either. 11:22:24 up 496 days, 23:58, 2 users, load average: 22.56, 22.12, 21.84 Nearly 500 days with a load over 20.. that's where it's at. :P -- Daniel Maher Administrateur Syst?me Unix Unix System Administrator Sentio aliquos togatos contra me conspirare. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Chris Stone Sent: May 26, 2006 7:32 PM To: MailScanner discussion Subject: Re: MailScanner is responsible for SWAP usage! On Wednesday 24 May 2006 05:49 pm, Alex Neuman wrote: > James Gray wrote: > > mailgate ~ # uptime > > 12:15AM up 562 days, 1:19, 3 users, load averages: 0.12, 0.12, 0.08 > > > > Do I win?? ;) No, sorry: [root@mail mail]# uptime 17:32:28 up 865 days, 15:36, 2 users, load average: 0.18, 0.09, 0.04 :-D -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ferradeira at netcabo.pt Mon May 29 17:03:16 2006 From: ferradeira at netcabo.pt (=?ISO-8859-1?Q?Jos=E9_Ferradeira?=) Date: Mon May 29 17:03:22 2006 Subject: Getting pounded .. sigh In-Reply-To: <0dce01c68284$1e764840$2901010a@office.fsl> References: <0dce01c68284$1e764840$2901010a@office.fsl> Message-ID: <447B1B44.6050508@netcabo.pt> Stephen Swaney wrote: >>-----Original Message----- >>From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>bounces@lists.mailscanner.info] On Behalf Of Matt Hampton >>Sent: Saturday, May 27, 2006 1:58 PM >>To: MailScanner discussion >>Subject: Re: Getting pounded .. sigh >> >>Stephen Swaney wrote: >> >> >>>"How Split a Multiple Recipient Message in Single Messages" under: >>> >>>http://wiki.mailscanner.info/doku.php?id=maq:index#misc._questions >>> >>>I've added the sendmail instructions. >>> >>> >>When I added these bits to my config I get these errors in my maillog >> >>NOQUEUE: Authentication-Warning: d2210.servadmin.com: Processed from >>queue /var/spool/mqueue.in >> >>And no mail delivered - any ideas? >> >>I have always used this: >> >>define(`confMAX_RCPTS_PER_MESSAGE',`1') >> >>to get the same result but I hadn't thought of doing it with queue >>groups. The down side to max_recpts_per_message is that depending on the >>remote server they might not send for 20 minutes (or try the secondary). >> >>matt >> >> > >The method described in the wiki should work with any client software since >the MTA (sendmail) accepts the entire message and then splits it into >individual messages, one for each recipient. > >define(`confMAX_RCPTS_PER_MESSAGE',`1') will reject any email addressed to >more than one recipient. If this feature is defined it's typically set to a >much higher threshold; something like: > >define(`confMAX_RCPTS_PER_MESSAGE',`20') > >In fact you can use both together. With the setting just above and with >mqueue defined and r=1, messages to more than 20 recipients will be rejected >and messages to 20 or less will be split into individual messages. > >I hope this helps to explain the issue. > >Steve > >Stephen Swaney >Fort Systems Ltd. >stephen.swaney@fsl.com >www.fsl.com > > > I have tried to configure the QUEUE_GROUP as described in the wiki: QUEUE_GROUP(`mqueue', `P=/var/spool/mqueue.in, F=f, r=1, R=8, I=2m') LOCAL_RULESETS Squeuegroup R$* @ $* $# mqueue R$* $# mqueue When I restart MailScanner I got this message : / outgoing sendmail: QueuePath /var/spool/mqueue.in not subpath of QueueDirectory /var/spool/mqueue/ / And no mail is delivered Does anyone know what is wrong? Regards Jose From maillists at conactive.com Mon May 29 17:31:16 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon May 29 17:31:22 2006 Subject: 4.45.6-Process did not exit cleanly, returned 255 with signal 0 In-Reply-To: <20060529022430.93873.qmail@web50109.mail.yahoo.com> References: <20060529022430.93873.qmail@web50109.mail.yahoo.com> Message-ID: Mr jeremy pennington wrote on Sun, 28 May 2006 19:24:30 -0700 (PDT): > System Info: what's missing is the MTA, might be useful. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From sandrews at andrewscompanies.com Mon May 29 18:00:51 2006 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Mon May 29 18:00:55 2006 Subject: quick rules question Message-ID: <1964AAFBC212F742958F9275BF63DBB03B14A2@winchester.andrewscompanies.com> Why not mailscanner's blacklist? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Monday, May 29, 2006 5:35 AM To: MailScanner discussion Subject: Re: quick rules question You should do that in your MTA. In sendmail it's the "access" database. ius wrote: > Dear experts, > > Quick question. I like to block a miling list from yahoo, for example > : davincicrap@yahoogroups.com. How can i do that in MailScanner rules? > > > Thanks a lot > ius > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat May 27 20:33:56 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 29 18:06:51 2006 Subject: {Spam?} MailScanner ANNOUNCE: 4.54.6 released Message-ID: <4478A9A4.9020009@ecs.soton.ac.uk> I have just released version 4.54.6. The main aim of this release is to remove the (minor) problems there were with 4.53.8. The main improvements are support for Sophos 5, and a fix to the phishing net output formatting which could leave some links open. I have also upgraded the easy-to-install ClamAV+SpamAssassin to the very latest versions. There have also been various other changes, improvements and other fixes since 4.53. The full Change Log is: * New Features and Improvements * - sa-update cron job disabled by default - Support for Sophos version 5. This just requires new sophos-autoupdate and sophos-wrapper. There are no changes to the core MailScanner code. - The Sophos.install script is not needed for version 5 of Sophos. But it won't do any harm and will print some useful information on how you should configure it, and it will make its best attempts to update the virus.scanners.conf file to point to your new version 5 installation. So I would still strongly advise that you run Sophos.install to install Sophos, even with version 5. - When the SpamAssassin cache is being used, the phrase "cached" or "not cached" is added to the start of the SpamAssassin detailed report in the headers. These words are defined in the languages.conf file so you can change them to anything you like, and translate them into your local languages. Please post all translations back to me for inclusion in the standard distribution. - Added a reference to the message batch in the call to look up "lastafterbatch" so that MailWatch can get the batch statistics. - Updated loads of Perl modules to more modern versions where there have been any significant updates to them. Minor doc and test tweaks have been ignored. - Updated many Perl modules in ClamAV+SA easy-to-install package. - ClamAV+SA package does not add extra loadplugin lines if they are already present in the init.pre and v310.pre files. - Added more examples to /etc/MailScanner/rules/README to show all of the allowed formats of a numerical IP address range. - Upgraded to Filesys::Df 0.90. - Added Spanish translation of rejection.report.txt. Thanks to Leonardo Helman. - Improved filetype rule for scripts so it doesn't accidentally trigger on JPEG images with full metadata tags. 5 Added Net::IP Perl module as it is needed for SpamAssassin and Net::DNS. 5 Improved handling of Unicode encoded subject lines with a few trailing spaces. 5 Fresh translation of German languges.conf file. * Fixes * - Fixed bug in output formatting of phishing net. This could leave HTML links open. - Fixed major problem with Web Bug processor. - Fixed bug in handling of multi-line Subject: lines in Postfix. Thanks to James for this fix and his patch. 5 Fixed bug in sophos-wrapper caused by confusion between Sophos V4 and V5. 5 Fixed bug stopping regexp rule /^$/ from working properly in rulesets. 6 Fixed packaging error with perl-Net-IP. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner-announce mailing list mailscanner-announce@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner-announce Before posting, read the Wiki (http://wiki.mailscanner.info/). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat May 27 20:33:56 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 29 18:19:08 2006 Subject: {Spam?} MailScanner ANNOUNCE: 4.54.6 released Message-ID: <4478A9A4.9020009@ecs.soton.ac.uk> I have just released version 4.54.6. The main aim of this release is to remove the (minor) problems there were with 4.53.8. The main improvements are support for Sophos 5, and a fix to the phishing net output formatting which could leave some links open. I have also upgraded the easy-to-install ClamAV+SpamAssassin to the very latest versions. There have also been various other changes, improvements and other fixes since 4.53. The full Change Log is: * New Features and Improvements * - sa-update cron job disabled by default - Support for Sophos version 5. This just requires new sophos-autoupdate and sophos-wrapper. There are no changes to the core MailScanner code. - The Sophos.install script is not needed for version 5 of Sophos. But it won't do any harm and will print some useful information on how you should configure it, and it will make its best attempts to update the virus.scanners.conf file to point to your new version 5 installation. So I would still strongly advise that you run Sophos.install to install Sophos, even with version 5. - When the SpamAssassin cache is being used, the phrase "cached" or "not cached" is added to the start of the SpamAssassin detailed report in the headers. These words are defined in the languages.conf file so you can change them to anything you like, and translate them into your local languages. Please post all translations back to me for inclusion in the standard distribution. - Added a reference to the message batch in the call to look up "lastafterbatch" so that MailWatch can get the batch statistics. - Updated loads of Perl modules to more modern versions where there have been any significant updates to them. Minor doc and test tweaks have been ignored. - Updated many Perl modules in ClamAV+SA easy-to-install package. - ClamAV+SA package does not add extra loadplugin lines if they are already present in the init.pre and v310.pre files. - Added more examples to /etc/MailScanner/rules/README to show all of the allowed formats of a numerical IP address range. - Upgraded to Filesys::Df 0.90. - Added Spanish translation of rejection.report.txt. Thanks to Leonardo Helman. - Improved filetype rule for scripts so it doesn't accidentally trigger on JPEG images with full metadata tags. 5 Added Net::IP Perl module as it is needed for SpamAssassin and Net::DNS. 5 Improved handling of Unicode encoded subject lines with a few trailing spaces. 5 Fresh translation of German languges.conf file. * Fixes * - Fixed bug in output formatting of phishing net. This could leave HTML links open. - Fixed major problem with Web Bug processor. - Fixed bug in handling of multi-line Subject: lines in Postfix. Thanks to James for this fix and his patch. 5 Fixed bug in sophos-wrapper caused by confusion between Sophos V4 and V5. 5 Fixed bug stopping regexp rule /^$/ from working properly in rulesets. 6 Fixed packaging error with perl-Net-IP. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner-announce mailing list mailscanner-announce@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner-announce Before posting, read the Wiki (http://wiki.mailscanner.info/). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat May 27 20:33:56 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 29 18:19:13 2006 Subject: {Spam?} MailScanner ANNOUNCE: 4.54.6 released Message-ID: <4478A9A4.9020009@ecs.soton.ac.uk> I have just released version 4.54.6. The main aim of this release is to remove the (minor) problems there were with 4.53.8. The main improvements are support for Sophos 5, and a fix to the phishing net output formatting which could leave some links open. I have also upgraded the easy-to-install ClamAV+SpamAssassin to the very latest versions. There have also been various other changes, improvements and other fixes since 4.53. The full Change Log is: * New Features and Improvements * - sa-update cron job disabled by default - Support for Sophos version 5. This just requires new sophos-autoupdate and sophos-wrapper. There are no changes to the core MailScanner code. - The Sophos.install script is not needed for version 5 of Sophos. But it won't do any harm and will print some useful information on how you should configure it, and it will make its best attempts to update the virus.scanners.conf file to point to your new version 5 installation. So I would still strongly advise that you run Sophos.install to install Sophos, even with version 5. - When the SpamAssassin cache is being used, the phrase "cached" or "not cached" is added to the start of the SpamAssassin detailed report in the headers. These words are defined in the languages.conf file so you can change them to anything you like, and translate them into your local languages. Please post all translations back to me for inclusion in the standard distribution. - Added a reference to the message batch in the call to look up "lastafterbatch" so that MailWatch can get the batch statistics. - Updated loads of Perl modules to more modern versions where there have been any significant updates to them. Minor doc and test tweaks have been ignored. - Updated many Perl modules in ClamAV+SA easy-to-install package. - ClamAV+SA package does not add extra loadplugin lines if they are already present in the init.pre and v310.pre files. - Added more examples to /etc/MailScanner/rules/README to show all of the allowed formats of a numerical IP address range. - Upgraded to Filesys::Df 0.90. - Added Spanish translation of rejection.report.txt. Thanks to Leonardo Helman. - Improved filetype rule for scripts so it doesn't accidentally trigger on JPEG images with full metadata tags. 5 Added Net::IP Perl module as it is needed for SpamAssassin and Net::DNS. 5 Improved handling of Unicode encoded subject lines with a few trailing spaces. 5 Fresh translation of German languges.conf file. * Fixes * - Fixed bug in output formatting of phishing net. This could leave HTML links open. - Fixed major problem with Web Bug processor. - Fixed bug in handling of multi-line Subject: lines in Postfix. Thanks to James for this fix and his patch. 5 Fixed bug in sophos-wrapper caused by confusion between Sophos V4 and V5. 5 Fixed bug stopping regexp rule /^$/ from working properly in rulesets. 6 Fixed packaging error with perl-Net-IP. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner-announce mailing list mailscanner-announce@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner-announce Before posting, read the Wiki (http://wiki.mailscanner.info/). Support MailScanner development - buy the book off the website! From alden at engineno9inc.com Mon May 29 19:59:17 2006 From: alden at engineno9inc.com (alden@engineno9inc.com) Date: Mon May 29 19:59:23 2006 Subject: Run Error after Installation Message-ID: <000d01c68351$fcaf14c0$6c00a8c0@AldenLap> After upgrading the latest version (4.54.6-1) on FC2 using the Redhat RPM, I get the following error while trying to restart MailScanner: Compress::Zlib object version 1.41 does not match bootstrap parameter 1.33 at /usr/lib/perl5/5.8.1/i386-linux-thread-multi/DynaLoader.pm line 249. Compilation failed in require at /usr/lib/perl5/site_perl/5.8.1/Archive/Zip.pm line 24. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.1/Archive/Zip.pm line 24. Compilation failed in require at /usr/lib/MailScanner/MailScanner/Message.pm line 48. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Message.pm line 48. Compilation failed in require at /usr/sbin/MailScanner line 78. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 78. I seem to remember bumping into this one before, but I can't seem to find the answer. Can anyone help me, please? Alden Levy Engine No. 9, Inc. 130 W. 57th Street, Suite 2F New York, NY 10019 (212) 981-1122 (212) 504-9598 fax From alden at engineno9inc.com Mon May 29 21:00:10 2006 From: alden at engineno9inc.com (Alden Levy) Date: Mon May 29 21:00:14 2006 Subject: Rollback to previous version Message-ID: <000f01c6835a$7dd16cd0$6c00a8c0@AldenLap> I haven't been able to find this in the wiki, so can someone please let me know how to roll back to a previous version of MailScanner (see "Run Error after Installation" thread)? I will happily put the info up on the wiki after I get my mail server running again! Thanks, Alden Alden Levy Engine No. 9, Inc. 130 W. 57th Street, Suite 2F New York, NY 10019 (212) 981-1122 (212) 504-9598 fax From Marc.Dufresne at parks.on.ca Mon May 29 21:36:05 2006 From: Marc.Dufresne at parks.on.ca (Marc Dufresne) Date: Mon May 29 21:37:05 2006 Subject: Mailscanner -4.52.2-1 not loading on boot - FreeBSD 5.4 Message-ID: Updated the ports tree, thn ran make make install. At that time 4.52.2-1 was the latest. Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> mikej@rogers.com 5/27/2006 1:42 PM >>> Marc Dufresne wrote: > I have recently upgraded MailScanner to version 4.52.2-1 running on > FreeBSD 5.4. After upgrading, I noticed that MailScanner will not load > when I reboot my server or from a COLD boot. > How did you upgrade to 4.52, when the current version in ports is 4.53.8? Please update your ports tree and try again. Also, you may want to update to FreeBSD 5.5, or better yet 6.1, there may be some RCng incompatibilities preventing the script from running. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marc Dufresne TEL;WORK:613-543-3704 ORG:;Information Technology TEL;PREF;FAX:613-543-2847 EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca N:Dufresne;Marc TITLE:Corporate IT Officer END:VCARD From matt at coders.co.uk Mon May 29 21:47:37 2006 From: matt at coders.co.uk (Matt Hampton) Date: Mon May 29 21:47:34 2006 Subject: Rollback to previous version In-Reply-To: <000f01c6835a$7dd16cd0$6c00a8c0@AldenLap> References: <000f01c6835a$7dd16cd0$6c00a8c0@AldenLap> Message-ID: <447B5DE9.4010405@coders.co.uk> Alden Levy wrote: > I haven't been able to find this in the wiki, so can someone please let me > know how to roll back to a previous version of MailScanner (see "Run Error > after Installation" thread)? I will happily put the info up on the wiki > after I get my mail server running again! Copy your /etc/MailScanner/MailScanner.conf (and any other customised files) to somewhere safe. rpm -e mailscanner Download and install previous version. Copy the customised files back and then start MailScanner in Debug mode to check for any unrecognised options. matt From alden at engineno9inc.com Mon May 29 19:32:31 2006 From: alden at engineno9inc.com (Alden Levy) Date: Mon May 29 23:17:35 2006 Subject: Run Error after Installation In-Reply-To: <200605291100.k4TB0JIC027042@bkserver.blacknight.ie> Message-ID: <000b01c6834e$3f51a1c0$6c00a8c0@AldenLap> After upgrading the latest version (4.54.6-1) on FC2 using the Redhat RPM, I get the following error while trying to restart MailScanner: Compress::Zlib object version 1.41 does not match bootstrap parameter 1.33 at /usr/lib/perl5/5.8.1/i386-linux-thread-multi/DynaLoader.pm line 249. Compilation failed in require at /usr/lib/perl5/site_perl/5.8.1/Archive/Zip.pm line 24. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.1/Archive/Zip.pm line 24. Compilation failed in require at /usr/lib/MailScanner/MailScanner/Message.pm line 48. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Message.pm line 48. Compilation failed in require at /usr/sbin/MailScanner line 78. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 78. I seem to remember bumping into this one before, but I can't seem to find the answer. Alden Levy Engine No. 9, Inc. 130 W. 57th Street, Suite 2F New York, NY 10019 (212) 981-1122 (212) 504-9598 fax From alden at engineno9inc.com Mon May 29 23:27:25 2006 From: alden at engineno9inc.com (Alden Levy) Date: Mon May 29 23:27:30 2006 Subject: Run Error after Installation Message-ID: <006601c6836f$0fabbe80$6c00a8c0@AldenLap> I figured out that I had 2 versions of Compress::Zlib on my system. Of course, I didn't realize that until much later... I first backed up my MailScanner.conf, then I removed MailScanner using rpm -e mailscanner (per Matt Hampton's suggestion under "Rollback to previous version"--Thanks, Matt!) I then removed /usr/bin/MailScanner (rm -rf), then installed Compress::Zlib 1.41, again, I then installed the latest rpm of MailScanner. I STILL had one error, regarding a missing Convert/BinHex.pm in /usr/lib/MailScanner, so I copied it in from where I found it (locate Convert\/BinHex). I then updated my MailScanner.conf, and voila! Only took me 4 hours to upgrade. Regards, Alden Alden Levy Engine No. 9, Inc. 130 W. 57th Street, Suite 2F New York, NY 10019 (212) 981-1122 (212) 504-9598 fax -----Original Message----- From: Alden Levy [mailto:alden@engineno9inc.com] Sent: Monday, May 29, 2006 2:33 PM To: 'mailscanner@lists.mailscanner.info' Subject: Run Error after Installation After upgrading the latest version (4.54.6-1) on FC2 using the Redhat RPM, I get the following error while trying to restart MailScanner: Compress::Zlib object version 1.41 does not match bootstrap parameter 1.33 at /usr/lib/perl5/5.8.1/i386-linux-thread-multi/DynaLoader.pm line 249. Compilation failed in require at /usr/lib/perl5/site_perl/5.8.1/Archive/Zip.pm line 24. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.1/Archive/Zip.pm line 24. Compilation failed in require at /usr/lib/MailScanner/MailScanner/Message.pm line 48. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Message.pm line 48. Compilation failed in require at /usr/sbin/MailScanner line 78. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 78. I seem to remember bumping into this one before, but I can't seem to find the answer. Alden Levy Engine No. 9, Inc. 130 W. 57th Street, Suite 2F New York, NY 10019 (212) 981-1122 (212) 504-9598 fax From maillists at conactive.com Mon May 29 23:31:21 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon May 29 23:31:28 2006 Subject: Run Error after Installation In-Reply-To: <000d01c68351$fcaf14c0$6c00a8c0@AldenLap> References: <000d01c68351$fcaf14c0$6c00a8c0@AldenLap> Message-ID: wrote on Mon, 29 May 2006 14:59:17 -0400: > I seem to remember bumping into this one before, but I can't seem to find > the answer. > > Can anyone help me, please? Not sure if I can. I have seen this happen after last year's Perl security patches. I had been installing modules from CPAN, mostly, but the Perl was, of course, the vendor provided rpm and security update as well, of course. After installing the Perl update I got this error and could get rid only by uninstalling that update. It seems that there are some mismatched functions or paths which then produce this problem when you are not using the vendor rpms. I think in your case it's one or two of the Perl packages that came with the MS (Archive-Zip and Compress-Zlib) and, although rebuilt, don't seem to fit. Or did you install any other Perl stuff since your last MS upgrade, that could have also caused this? I'd remove these (rpm -e packagename) and then reinstall the packages that FC provides. If you didn't have the problem with the last MailScanner package you could also just rebuild the two perl src.rpms from it and install these. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From assooy at yahoo.com Tue May 30 02:05:23 2006 From: assooy at yahoo.com (ius) Date: Tue May 30 01:57:18 2006 Subject: quick rules question In-Reply-To: <1964AAFBC212F742958F9275BF63DBB03B14A2@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB03B14A2@winchester.andrewscompanies.com> Message-ID: <447B9A53.5050701@yahoo.com> sandrews@andrewscompanies.com wrote: > Why not mailscanner's blacklist? > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Monday, May 29, 2006 5:35 AM > To: MailScanner discussion > Subject: Re: quick rules question > > You should do that in your MTA. In sendmail it's the "access" database. > > ius wrote: > >> Dear experts, >> >> Quick question. I like to block a miling list from yahoo, for example >> : davincicrap@yahoogroups.com. How can i do that in MailScanner rules? >> >> >> Thanks a lot >> ius >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store Professional > Support Services at www.MailScanner.biz MailScanner thanks transtec > Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > yes .. I already do that. But i like to block the spesific yahoogroups name, not the user names. This is my rules : FromOrTo: *plucky=anything.com@returns.groups.yahoo.com yes FromOrTo: *bugsbunny=anything.com@returns.groups.yahoo.com yes FromOrTo: default no It blocks only users that joined any miling list in yahoogroups. Any other suggestions ? Thanks ius -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From christo at it4africa.co.za Tue May 30 08:28:26 2006 From: christo at it4africa.co.za (Christo Bezuidenhout) Date: Tue May 30 08:31:15 2006 Subject: quick rules question {Virus Scanned} In-Reply-To: <447B9A53.5050701@yahoo.com> Message-ID: <200605300728.k4U7SRVD011679@mail.it4africa.co.za> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of ius > Sent: 30 May 2006 03:05 AM > To: MailScanner discussion > Subject: Re: quick rules question {Virus Scanned} > > sandrews@andrewscompanies.com wrote: > > Why not mailscanner's blacklist? > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > Julian Field > > Sent: Monday, May 29, 2006 5:35 AM > > To: MailScanner discussion > > Subject: Re: quick rules question > > > > You should do that in your MTA. In sendmail it's the > "access" database. > > > > ius wrote: > > > >> Dear experts, > >> > >> Quick question. I like to block a miling list from yahoo, > for example > >> : davincicrap@yahoogroups.com. How can i do that in > MailScanner rules? > >> > >> > >> Thanks a lot > >> ius > >> > >> > > > > -- > > Julian Field > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store Professional > > Support Services at www.MailScanner.biz MailScanner thanks transtec > > Computers for their support > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > -- > > This message has been scanned for viruses and dangerous content by > > MailScanner, and is believed to be clean. > > MailScanner thanks transtec Computers for their support. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > yes .. I already do that. But i like to block the spesific > yahoogroups name, not the user names. > This is my rules : > > FromOrTo: > *plucky=anything.com@returns.groups.yahoo.com yes > FromOrTo: > *bugsbunny=anything.com@returns.groups.yahoo.com yes > FromOrTo: default no > > It blocks only users that joined any miling list in > yahoogroups. Any other suggestions ? > > > Thanks > ius > > I have done the following. I have setup a Spamassasin rule for this. I see all the messages I want to block, the subject start with A1fun, As soon as SA get a message with this in the subject it scores a 10 and is then classified as spam. This is my rule in mailscanner.cf #yahoo groups #### describe UDES_SUBA1Fun A1Fun Yahoo Groups header UDES_SUBA1Fun Subject =~ /A1fun/i score UDES_SUBA1Fun 10.0 Hope this helps. Christo From shuttlebox at gmail.com Tue May 30 09:26:52 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Tue May 30 09:26:55 2006 Subject: MailScanner is responsible for SWAP usage! In-Reply-To: <200605250801.34159.james@grayonline.id.au> References: <200605211830.k4LIUuVP011482@bkserver.blacknight.ie> <4471A7D2.65ED.00A2.0@plattesheriff.org> <200605250801.34159.james@grayonline.id.au> Message-ID: <625385e30605300126u51c87c9eue10cb862f69a5b0a@mail.gmail.com> On 5/25/06, James Gray wrote: > mailgate ~ # uptime > 12:15AM up 562 days, 1:19, 3 users, load averages: 0.12, 0.12, 0.08 > > Do I win?? ;) This is from an internal mail server getting close to four digits. Even though this one is not utilized much I don't see much difference in uptimes due to load on Solaris boxes. 10:21am up 957 day(s), 15:19, 2 users, load average: 0.00, 0.01, 0.01 > My record is a tad over 700 days on a Solaris 7 box, then one of the CPU's in > the E450 fried and the whole thing died. Didn't boot anymore after that and > Sun EOL'ed the E450, so we gutted it and grafted a bar fridge into it. It > now spends it's days serving cold beverages to the IT staff :P Cool! -- /peter From michele at blacknight.ie Tue May 30 10:26:28 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight Solutions) Date: Tue May 30 10:26:38 2006 Subject: Blocking Bebo junk? Message-ID: <014d01c683cb$21c5aac0$88c5c657@arthur> Anyone got a spam assassin rule to kill this crud in the face? If I get sent another random email from someone I barely know asking me how well I know them I think I will scream ! Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.ie/ http://blog.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From steve.swaney at fsl.com Tue May 30 13:00:30 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Tue May 30 13:00:41 2006 Subject: Getting pounded .. sigh In-Reply-To: <447B1B44.6050508@netcabo.pt> Message-ID: <047501c683e0$a6d30cc0$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jos? Ferradeira > Sent: Monday, May 29, 2006 12:03 PM > To: MailScanner discussion > Subject: Re: Getting pounded .. sigh > > Stephen Swaney wrote: > > >>-----Original Message----- > >>From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >>bounces@lists.mailscanner.info] On Behalf Of Matt Hampton > >>Sent: Saturday, May 27, 2006 1:58 PM > >>To: MailScanner discussion > >>Subject: Re: Getting pounded .. sigh > >> > >>Stephen Swaney wrote: > >> > >> > >>>"How Split a Multiple Recipient Message in Single Messages" under: > >>> > >>>http://wiki.mailscanner.info/doku.php?id=maq:index#misc._questions > >>> > >>>I've added the sendmail instructions. > >>> > >>> > >>When I added these bits to my config I get these errors in my maillog > >> > >>NOQUEUE: Authentication-Warning: d2210.servadmin.com: Processed from > >>queue /var/spool/mqueue.in > >> > >>And no mail delivered - any ideas? > >> > >>I have always used this: > >> > >>define(`confMAX_RCPTS_PER_MESSAGE',`1') > >> > >>to get the same result but I hadn't thought of doing it with queue > >>groups. The down side to max_recpts_per_message is that depending on the > >>remote server they might not send for 20 minutes (or try the secondary). > >> > >>matt > >> > >> > > > >The method described in the wiki should work with any client software > since > >the MTA (sendmail) accepts the entire message and then splits it into > >individual messages, one for each recipient. > > > >define(`confMAX_RCPTS_PER_MESSAGE',`1') will reject any email addressed > to > >more than one recipient. If this feature is defined it's typically set to > a > >much higher threshold; something like: > > > >define(`confMAX_RCPTS_PER_MESSAGE',`20') > > > >In fact you can use both together. With the setting just above and with > >mqueue defined and r=1, messages to more than 20 recipients will be > rejected > >and messages to 20 or less will be split into individual messages. > > > >I hope this helps to explain the issue. > > > >Steve > > Did you add the following three lines to the very end of your sendmail.mc file? LOCAL_RULESETS # LOCAL_RULESETS Squeuegroup R$* @ $* $# mqueue R$* $# mqueue Then regenerate a new sendmail.cf file Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From matt at coders.co.uk Tue May 30 14:11:52 2006 From: matt at coders.co.uk (Matt Hampton) Date: Tue May 30 14:11:52 2006 Subject: Getting pounded .. sigh In-Reply-To: <047501c683e0$a6d30cc0$2901010a@office.fsl> References: <047501c683e0$a6d30cc0$2901010a@office.fsl> Message-ID: <447C4498.7060801@coders.co.uk> Stephen Swaney wrote: > Did you add the following three lines to the very end of your sendmail.mc > file? > > LOCAL_RULESETS > # LOCAL_RULESETS > Squeuegroup R$* @ $* $# mqueue R$* $# mqueue > > Then regenerate a new sendmail.cf file > Yep. However I do have mailer definitions (mailman) - at the end of the file. I have tried putting it before and after the definition and before but can't seem to make a difference. To clarify (last X lines): QUEUE_GROUP(`mqueue', `P=/var/spool/mqueue.in, F=f, r=1, R=8, I=2m') MAILER(smtp)dnl MAILER(procmail)dnlLOCAL_RULESETS MAILER_DEFINITIONS #################################### ### New Mailer specifications ### #################################### Mmailman, P=/etc/mail/mm-handler, F=rDFMhlqSu, U=mailman:mailman, S=EnvFromL, R=EnvToL/HdrToL, A=mm-handler $h $u # LOCAL_RULESETS Squeuegroup R$* @ $* $# mqueue R$* $# mqueue Cheers Matt From steve.swaney at fsl.com Tue May 30 14:22:32 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Tue May 30 14:22:41 2006 Subject: Getting pounded .. sigh In-Reply-To: <447C4498.7060801@coders.co.uk> Message-ID: <04d501c683ec$1babc400$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Matt Hampton > Sent: Tuesday, May 30, 2006 9:12 AM > To: MailScanner discussion > Subject: Re: Getting pounded .. sigh > > Stephen Swaney wrote: > > > Did you add the following three lines to the very end of your > sendmail.mc > > file? > > > > LOCAL_RULESETS > > # LOCAL_RULESETS > > Squeuegroup R$* @ $* $# mqueue R$* $# mqueue > > > > Then regenerate a new sendmail.cf file > > > > > Yep. However I do have mailer definitions (mailman) - at the end of the > file. I have tried putting it before and after the definition and > before but can't seem to make a difference. > > To clarify (last X lines): > > > QUEUE_GROUP(`mqueue', `P=/var/spool/mqueue.in, F=f, r=1, R=8, I=2m') > MAILER(smtp)dnl > MAILER(procmail)dnlLOCAL_RULESETS > MAILER_DEFINITIONS > #################################### > ### New Mailer specifications ### > #################################### > > > Mmailman, P=/etc/mail/mm-handler, F=rDFMhlqSu, U=mailman:mailman, > S=EnvFromL, R=EnvToL/HdrToL, > A=mm-handler $h $u > # LOCAL_RULESETS > Squeuegroup R$* @ $* $# mqueue R$* $# mqueue > > Cheers > Matt, I believe the instructions say to put the line: QUEUE_GROUP(`mqueue', `P=/var/spool/mqueue.in, F=f, r=1, R=8, I=2m') After the last "FEATURE" definition. The lines: # LOCAL_RULESETS Squeuegroup R$* @ $* $# mqueue R$* $# mqueue Should be the last lines in the file and should be: LOCAL_RULESETS # LOCAL_RULESETS Squeuegroup R$* @ $* $# mqueue R$* $# mqueue Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From rcooper at dwford.com Tue May 30 15:05:15 2006 From: rcooper at dwford.com (Rick Cooper) Date: Tue May 30 15:05:28 2006 Subject: Panda Antivirus (pavcl v 9.00.00) Message-ID: I noted last week Glenn mentioned something about a new panda pavcl (version 9). It would appear they have made good their promise to make it more "parse friendly". They have included the following two switches: -noscr -rpt:filename with these switches there is no terminal output during the scan and the report file can be named, and then of course parsed after the scan. This means an entire batch can be scanned at once and the report file parsed to accurately determine which message and file(s) contain the viruse(s). The down side is I have *no* time right now to rewrite the wrapper to handle the new version. If someone wants to either write a separate version 9.xx wrapper, great... or you could fork the current wrapper to handle both by doing something like pavcl -info|grep -i version |sed "s/Product version: //" and check for =~ /9\.\d{2}\.\d{2}/ recommended command line options for version 9.xx: -nor -noscr -nob -eng -auto -cmp -heu -aex -rpt:./pavcl.out and look at the file it appears pretty easy to parse: File checked : full_path/archive_name[archive_name]..[infected_file] Found virus :Virus_Name so if an archive contained test1.zip-> test2.zip-> eicar.com you would see File checked :/path/test1.zip Found virus:EICAR-AV-TEST-FILE File checked :/path/test1.zip[test2.zip][eicar.com] Found virus:EICAR-AV-TEST-FILE So you would have to track your infections from the base archive through nested archives and report only the base archive and infected file name as one infection. If no one does a version 9 wrapper by this weekend I *might* have the time to do something Sunday. Once the wrapper is done I think anyone using pavcl should update to the version 9 right away, as it seems to me this new functionality would be faster and more stable than the old method, although I *think* the current wrapper will work with the new version, although you will notice it's slower because they now scan boot sectors by default so the -nob option added to the current wrapper would remove that extra processing. Rick Cooper -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From richard.siddall at elirion.net Tue May 30 15:27:17 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Tue May 30 15:29:09 2006 Subject: AV scanner auto-adapt, was: Panda Antivirus (pavcl v 9.00.00) In-Reply-To: References: Message-ID: <447C5645.7030907@elirion.net> Rick Cooper wrote: > I noted last week Glenn mentioned something about a new panda pavcl (version > 9). It would appear they have made good their promise to make it more "parse > friendly". They have included the following two switches: > [snip] > > pavcl -info|grep -i version |sed "s/Product version: //" > > and check for =~ /9\.\d{2}\.\d{2}/ > [snip] This raises some interesting ideas about making the AV scanner wrapper automatically adapt for different versions of the scanner, or even making MailScanner automatically detect AV scanners. This would complicate MS, but make it slightly more idiot-proof. One approach might be to put the auto-detection into an AV scanner wrapper, so people can select that wrapper if they want auto-detection. I'm not sure whether you'd want to do auto-detection one time immediately after a MailScanner reload, or have the wrapper look for alternate scanners if it ever tried to run a scanner and got a "file not found" or unparsable output. Regards, Richard Siddall From glenn.steen at gmail.com Tue May 30 15:44:15 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 30 15:44:19 2006 Subject: Panda Antivirus (pavcl v 9.00.00) In-Reply-To: References: Message-ID: <223f97700605300744p678cafc1kf60883df27ee0ae0@mail.gmail.com> On 30/05/06, Rick Cooper wrote: > I noted last week Glenn mentioned something about a new panda pavcl (version > 9). It would appear they have made good their promise to make it more "parse > friendly". They have included the following two switches: > > -noscr > -rpt:filename > with these switches there is no terminal output during the scan and the > report file can be named, and then of course parsed after the scan. This > means an entire batch can be scanned at once and the report file parsed to > accurately determine which message and file(s) contain the viruse(s). Splendid. I only have had time to install the rpm, noted the changed install would mean some small changes to the autoupdate script, and that they've renamed some options, and the need to use the -nob, which would mean some further small changes to MailScanner. Did some initial testing with your current wrapper, and it seems to be working OK (with the obvious amandments to the options, of course). ...... Then went off on the choir trip... I'm still trying to recover from that... (Sometime, soon, I'll have to learn that singing and booze don't mix to well, at least not if one is to perform a somewhat demanding program... Some Bach, Sch?tz, Walton, Mozart etc etc. Bad enough sober, terribly demanding slightly hungover). And have next to no time at all. Sigh. ATM, I *should* be at at least two different places, at once. Guess that is why one needs to master the art of "prioritising":-) Hadn't looked too close on those two options. As you say, this could be a great leap forward for pavcl. > The down side is I have *no* time right now to rewrite the wrapper to handle > the new version. If someone wants to either write a separate version 9.xx > wrapper, great... or you could fork the current wrapper to handle both by > doing something like > > pavcl -info|grep -i version |sed "s/Product version: //" > > and check for =~ /9\.\d{2}\.\d{2}/ > > recommended command line options for version > 9.xx: -nor -noscr -nob -eng -auto -cmp -heu -aex -rpt:./pavcl.out > > and look at the file it appears pretty easy to parse: > > File checked : full_path/archive_name[archive_name]..[infected_file] > Found virus :Virus_Name > > so if an archive contained > test1.zip-> > test2.zip-> > eicar.com > > you would see > File checked :/path/test1.zip > Found virus:EICAR-AV-TEST-FILE > > File checked :/path/test1.zip[test2.zip][eicar.com] > Found virus:EICAR-AV-TEST-FILE > > So you would have to track your infections from the base archive through > nested archives and report only the base archive and infected file name as > one infection. > > If no one does a version 9 wrapper by this weekend I *might* have the time > to do something Sunday. Once the wrapper is done I think anyone using pavcl > should update to the version 9 right away, as it seems to me this new > functionality would be faster and more stable than the old method, although > I *think* the current wrapper will work with the new version, although you > will notice it's slower because they now scan boot sectors by default so > the -nob option added to the current wrapper would remove that extra > processing. > Unless something extraordinary happens, I'll not be able to do more than assist with testing. Any weekend you feel up to it will be fine by me:-). Cheers -- -- Glenn (who will exercise a bit of creative "prioritising".... Drop work, and go to the office party just getting into swing:-) email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From edwardbruce at sbcglobal.net Tue May 30 16:58:26 2006 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Tue May 30 16:58:28 2006 Subject: Upgraded to 4.54.6 and getting new message??? Message-ID: <447C6BA2.6030007@sbcglobal.net> In the maillog I'm starting to see this message: Looked up unknown string notcached in language translation file /etc/MailScanner/reports/en/languages.conf Everything seems to be running ok. I checked in the /etc/MailScanner/reports/en and in the languages.old there is a definition for notcached but no in the new conf file. From maillists at conactive.com Tue May 30 18:31:16 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue May 30 18:31:29 2006 Subject: Upgraded to 4.54.6 and getting new message??? In-Reply-To: <447C6BA2.6030007@sbcglobal.net> References: <447C6BA2.6030007@sbcglobal.net> Message-ID: Ed Bruce wrote on Tue, 30 May 2006 11:58:26 -0400: > Everything seems to be running ok. I checked in the > /etc/MailScanner/reports/en and in the languages.old there is a > definition for notcached but no in the new conf file. Is there a chance you confused them when doing upgrade_languages_conf? I surely have it in my generated conf, as the last line in the file. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From alden at engineno9inc.com Tue May 30 20:14:34 2006 From: alden at engineno9inc.com (Alden Levy) Date: Tue May 30 20:15:45 2006 Subject: Use TNEF Contents problem In-Reply-To: <200605281100.k4SB0T9H006446@bkserver.blacknight.ie> Message-ID: <002d01c6841d$565aff40$7501a8c0@AldenLap> MS version 4.54.6, FC2 I just found out that if you set Use TNEF Contents = replace, instead of = no, vCards will not be properly rendered by Outlook. This may be known by many of you, but I just wanted to highlight it for those of us who didn't. Regards, Alden Alden Levy Engine No. 9, Inc. 130 W. 57th Street, Suite 2F New York, NY 10019 (212) 981-1122 (212) 504-9598 fax From matt at coders.co.uk Tue May 30 20:41:21 2006 From: matt at coders.co.uk (Matt Hampton) Date: Tue May 30 20:41:17 2006 Subject: Getting pounded .. sigh In-Reply-To: <04d501c683ec$1babc400$2901010a@office.fsl> References: <04d501c683ec$1babc400$2901010a@office.fsl> Message-ID: <447C9FE1.70501@coders.co.uk> > LOCAL_RULESETS > # LOCAL_RULESETS > Squeuegroup R$* @ $* $# mqueue R$* $# mqueue > Steve, My previous was a typo - this is what I had. I didn't have the after the first R$* (which obviously doesn't help!) but it still doesn't resolve the issue. Do you run split configurations for the in and outbound Sendmail processes? I run the standard Jules startup script which passes the Inbound sendmail process with the Queue Directory overridden as an argument. I think this is the issue and I am doing more to test this theory matt From MailScanner at ecs.soton.ac.uk Tue May 30 21:36:19 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 30 21:36:32 2006 Subject: Use TNEF Contents problem In-Reply-To: <002d01c6841d$565aff40$7501a8c0@AldenLap> References: <002d01c6841d$565aff40$7501a8c0@AldenLap> Message-ID: <447CACC3.2000804@ecs.soton.ac.uk> Have you tried TNEF Contents = add ? It's quite possible that Outlook-only features may be mis-rendered by Outlook when the Outlook features are replaced. This may be a good reason to change the default to TNEF Contents = add What does anyone else think of this setting? Alden Levy wrote: > MS version 4.54.6, FC2 > > I just found out that if you set Use TNEF Contents = replace, instead of = > no, vCards will not be properly rendered by Outlook. > > This may be known by many of you, but I just wanted to highlight it for > those of us who didn't. > > Regards, > Alden > > Alden Levy > Engine No. 9, Inc. > 130 W. 57th Street, Suite 2F > New York, NY 10019 > (212) 981-1122 > (212) 504-9598 fax > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue May 30 21:37:39 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 30 21:37:51 2006 Subject: Getting pounded .. sigh In-Reply-To: <447C9FE1.70501@coders.co.uk> References: <04d501c683ec$1babc400$2901010a@office.fsl> <447C9FE1.70501@coders.co.uk> Message-ID: <447CAD13.5080804@ecs.soton.ac.uk> Please let me know the outcome of this, particularly if it needs a change to my MailScanner startup script to do this. Matt Hampton wrote: >> LOCAL_RULESETS >> # LOCAL_RULESETS >> Squeuegroup R$* @ $* $# mqueue R$* $# mqueue >> >> > > Steve, > > My previous was a typo - this is what I had. I didn't have the > after the first R$* (which obviously doesn't help!) but it still doesn't > resolve the issue. > > Do you run split configurations for the in and outbound Sendmail > processes? I run the standard Jules startup script which passes the > Inbound sendmail process with the Queue Directory overridden as an argument. > > I think this is the issue and I am doing more to test this theory > > matt > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue May 30 21:54:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 30 21:54:29 2006 Subject: Another call for improvements Message-ID: <447CB0F3.5070401@ecs.soton.ac.uk> Any of you got any features which you really need? I don't guarantee to implement them, or even consider them :-) Anything you don't like, anything you particularly like (gratitude is always welcome :-) I'm a right sucker for it :-) At the moment there aren't any features people want, other than a 200% speed improvement which I've done my best for in the past. Don't ignore anything you have asked for in the past, consider them forgotten :-( Regards, Jules. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From james at grayonline.id.au Tue May 30 22:06:47 2006 From: james at grayonline.id.au (James Gray) Date: Tue May 30 22:07:12 2006 Subject: WARNING to Mac OSX Users Message-ID: <200605310706.52440.james@grayonline.id.au> The bin/check_mailscanner script needs to modified BEFORE you activate (cron etc) it. Add the following to the check_mailscanner script as the last "elseif" before the final "else" at the top of the file: elif $UNAME | $FGREP "Darwin" >/dev/null ; then # ie Mac OSX pid=`$PS -axww | $EGREP '[ ]('$msbindir/$process')|'$process'[:]' | $AWK '{print $1}'` Otherwise, the check_mailscanner script will start a new MailScanner process (parent+children) every time it is run from cron. Case study: on my OSX server (10.4.6) with 2GB of RAM, running the unpatched check_mailscanner script every 15 minutes rendered it useless in 2 hours. RAM was 100% used, all swap consumed and the system practically froze. Nasty. All is good now that the code above was added to detect the Darwin kernel (Mac OSX) :) Cheers, James -- Horse sense is the thing a horse has which keeps it from betting on people. -- W. C. Fields -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060531/cd5c16b1/attachment.bin From MailScanner at ecs.soton.ac.uk Tue May 30 22:22:22 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 30 22:22:35 2006 Subject: WARNING to Mac OSX Users In-Reply-To: <200605310706.52440.james@grayonline.id.au> References: <200605310706.52440.james@grayonline.id.au> Message-ID: <447CB78E.5080900@ecs.soton.ac.uk> Fixed. Will be in the next release. James Gray wrote: > The bin/check_mailscanner script needs to modified BEFORE you activate (cron > etc) it. > > Add the following to the check_mailscanner script as the last "elseif" > before the final "else" at the top of the file: > > elif $UNAME | $FGREP "Darwin" >/dev/null ; then # ie Mac OSX > pid=`$PS -axww | > $EGREP '[ ]('$msbindir/$process')|'$process'[:]' | > $AWK '{print $1}'` > > Otherwise, the check_mailscanner script will start a new MailScanner process > (parent+children) every time it is run from cron. > > Case study: on my OSX server (10.4.6) with 2GB of RAM, running the unpatched > check_mailscanner script every 15 minutes rendered it useless in 2 hours. > RAM was 100% used, all swap consumed and the system practically froze. > > Nasty. All is good now that the code above was added to detect the Darwin > kernel (Mac OSX) :) > > Cheers, > > James > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From sandrews at andrewscompanies.com Tue May 30 22:56:58 2006 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Tue May 30 22:57:02 2006 Subject: Another call for improvements Message-ID: <1964AAFBC212F742958F9275BF63DBB03B14BE@winchester.andrewscompanies.com> Build into the installer (aka the spamassassin/clam installer) a fullblown bare box to running config installer...selectable during install.sh Maybe included mailwatch? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Tuesday, May 30, 2006 4:54 PM To: MailScanner discussion Subject: Another call for improvements Any of you got any features which you really need? I don't guarantee to implement them, or even consider them :-) Anything you don't like, anything you particularly like (gratitude is always welcome :-) I'm a right sucker for it :-) At the moment there aren't any features people want, other than a 200% speed improvement which I've done my best for in the past. Don't ignore anything you have asked for in the past, consider them forgotten :-( Regards, Jules. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Tue May 30 23:06:09 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Tue May 30 23:06:13 2006 Subject: Getting pounded .. sigh In-Reply-To: <447CAD13.5080804@ecs.soton.ac.uk> Message-ID: <000001c68435$4232dac0$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Tuesday, May 30, 2006 4:38 PM > To: MailScanner discussion > Subject: Re: Getting pounded .. sigh > > Please let me know the outcome of this, particularly if it needs a > change to my MailScanner startup script to do this. > > Matt Hampton wrote: > >> LOCAL_RULESETS > >> # LOCAL_RULESETS > >> Squeuegroup R$* @ $* $# mqueue R$* $# mqueue > >> > >> > > > > Steve, > > > > My previous was a typo - this is what I had. I didn't have the > > after the first R$* (which obviously doesn't help!) but it still doesn't > > resolve the issue. > > > > Do you run split configurations for the in and outbound Sendmail > > processes? I run the standard Jules startup script which passes the > > Inbound sendmail process with the Queue Directory overridden as an > argument. > > > > I think this is the issue and I am doing more to test this theory > > > > matt > > Matt, I think the will solve part of the problem. I totally missed the fact that I run different sendmail.cf files for the incoming and outbound mailscanner processes. I had to modify the Mailscanner init script addding line no 129: $SENDMAIL -bd -OPrivacyOptions=noetrn \ -ODeliveryMode=queueonly \ -OQueueDirectory=$INQDIR \ -OPidFile=$INPID \ -C/etc/mail/sendmail_in.cf The last line above: -C/etc/mail/sendmail_in.cf and the "\" at the end of line 128 was added. Obviously you need to create sendmail_in.mc with the modification for the split queue and then generate sendmail_in.cf before modifying the init script. There are some other things you might want to change on the outbound sendmail.cf file such as not running RBL or other unnecessary checks that have already been run by the incoming instance of sendmail. Sorry for the errors but I was trying to get away for the long Memorial Day weekend here as I was writing up the Wiki entry. Haste makes stupidity. Let me know if this cleans up the issue and I'll modify the wiki. Thanks for catching this. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From MailScanner at ecs.soton.ac.uk Tue May 30 23:12:37 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 30 23:12:50 2006 Subject: Another call for improvements In-Reply-To: <1964AAFBC212F742958F9275BF63DBB03B14BE@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB03B14BE@winchester.andrewscompanies.com> Message-ID: <447CC355.9000004@ecs.soton.ac.uk> So to install 1) MailScanner 2) Spam Assassin 3) ClamAV 4) DCC 5) Razor 6) Rules_du_Jour ? all from 1 place? This currently involves 4 separate installs, and numerous install scripts. I think it's 6 install procedures at the moment. sandrews@andrewscompanies.com wrote: > Build into the installer (aka the spamassassin/clam installer) a > fullblown bare box to running config installer...selectable during > install.sh > > Maybe included mailwatch? > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Tuesday, May 30, 2006 4:54 PM > To: MailScanner discussion > Subject: Another call for improvements > > Any of you got any features which you really need? > I don't guarantee to implement them, or even consider them :-) > > Anything you don't like, anything you particularly like (gratitude is > always welcome :-) I'm a right sucker for it :-) > > At the moment there aren't any features people want, other than a 200% > speed improvement which I've done my best for in the past. > > Don't ignore anything you have asked for in the past, consider them > forgotten :-( > > Regards, > Jules. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store Professional > Support Services at www.MailScanner.biz MailScanner thanks transtec > Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From gdoris at rogers.com Tue May 30 23:19:41 2006 From: gdoris at rogers.com (Gerry Doris) Date: Tue May 30 23:20:07 2006 Subject: Another call for improvements References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: <004201c68437$261f6fe0$010a000a@dorfam.ca> Perhaps I'm missing something but I really want an easy way to turn off the message logging. I get a line for every email telling me how long it took to process. This is just too much of a good thing! ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Tuesday, May 30, 2006 4:54 PM Subject: Another call for improvements > Any of you got any features which you really need? > I don't guarantee to implement them, or even consider them :-) > > Anything you don't like, anything you particularly like (gratitude is > always welcome :-) I'm a right sucker for it :-) > > At the moment there aren't any features people want, other than a 200% > speed improvement which I've done my best for in the past. > > Don't ignore anything you have asked for in the past, consider them > forgotten :-( > > Regards, > Jules. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From richard.siddall at elirion.net Tue May 30 23:21:38 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Tue May 30 23:22:35 2006 Subject: Another call for improvements In-Reply-To: <447CB0F3.5070401@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: <447CC572.3040508@elirion.net> Julian Field wrote: > Any of you got any features which you really need? > I don't guarantee to implement them, or even consider them :-) > Nothing I really need. However, there are a few ideas: 1/ A version of Phil Randal's script to download the supplemental ClamAV phishing signatures from Steve Basford's SaneSecurity.com which uses MailScanner's locking to ensure that the database isn't updated during a scan, and doesn't hit Steve's site more than 4 times a day. 2/ Maybe add an AV scanner auto-detect feature to the installer or the MailScanner main Perl process? In most cases it's just looking for the presence of the AV scanner binary (possibly in one of several places). In a few cases you need to run the binary and ask it for its version to figure out which of several wrappers to use. 3/ There's always qpsmtpd/qmail support, but you've indicated in the past that you want someone else to take that on. > Anything you don't like, anything you particularly like (gratitude is > always welcome :-) I'm a right sucker for it :-) > Words cannot express our gratitude. ;> > At the moment there aren't any features people want, other than a 200% > speed improvement which I've done my best for in the past. > > Don't ignore anything you have asked for in the past, consider them > forgotten :-( > > Regards, > Jules. > Regards, Richard Siddall From sandrews at andrewscompanies.com Tue May 30 23:55:08 2006 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Tue May 30 23:55:11 2006 Subject: Another call for improvements Message-ID: <1964AAFBC212F742958F9275BF63DBB03B14BF@winchester.andrewscompanies.com> Yeah, add mailwatch to the mix too. I'm spoiled from playing with asterisk@home. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Tuesday, May 30, 2006 6:13 PM To: MailScanner discussion Subject: Re: Another call for improvements So to install 1) MailScanner 2) Spam Assassin 3) ClamAV 4) DCC 5) Razor 6) Rules_du_Jour ? all from 1 place? This currently involves 4 separate installs, and numerous install scripts. I think it's 6 install procedures at the moment. sandrews@andrewscompanies.com wrote: > Build into the installer (aka the spamassassin/clam installer) a > fullblown bare box to running config installer...selectable during > install.sh > > Maybe included mailwatch? > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Julian Field > Sent: Tuesday, May 30, 2006 4:54 PM > To: MailScanner discussion > Subject: Another call for improvements > > Any of you got any features which you really need? > I don't guarantee to implement them, or even consider them :-) > > Anything you don't like, anything you particularly like (gratitude is > always welcome :-) I'm a right sucker for it :-) > > At the moment there aren't any features people want, other than a 200% > speed improvement which I've done my best for in the past. > > Don't ignore anything you have asked for in the past, consider them > forgotten :-( > > Regards, > Jules. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store Professional > Support Services at www.MailScanner.biz MailScanner thanks transtec > Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From chris at scorpion.nl Wed May 31 01:11:59 2006 From: chris at scorpion.nl (Christiaan den Besten) Date: Wed May 31 01:12:16 2006 Subject: Another call for improvements References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: <015d01c68446$d57f1350$3d64880a@speedy> Hi ! How about a 'high priority' recipient/domain list ... recipient adresses on this list would get priority on other messages in the queue. Example: abuse@ourdomain.tld is on the high-priority list 1. MailScanner child searches the current queue for new messages to be processed. 2. Finds msg 1, randoma@domain.tld, msg 2, randomb@domain.tld, msg 3, abuse@ourdomain.tld, msg4, abuse@ourdomain.tld 3. Instead of scanner all 4 messages the child unlocks msg 1 and 2, and continues with a batch of 2 messages containing the high-priority e-mails. We would love such a feature! bye, Chris ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Tuesday, May 30, 2006 10:54 PM Subject: Another call for improvements > Any of you got any features which you really need? > I don't guarantee to implement them, or even consider them :-) > > Anything you don't like, anything you particularly like (gratitude is always welcome :-) I'm a right sucker for it :-) > > At the moment there aren't any features people want, other than a 200% speed improvement which I've done my best for in the past. > > Don't ignore anything you have asked for in the past, consider them forgotten :-( > > Regards, > Jules. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From james at grayonline.id.au Wed May 31 01:05:42 2006 From: james at grayonline.id.au (James Gray) Date: Wed May 31 01:33:32 2006 Subject: WARNING to Mac OSX Users In-Reply-To: <447CB78E.5080900@ecs.soton.ac.uk> References: <200605310706.52440.james@grayonline.id.au> <447CB78E.5080900@ecs.soton.ac.uk> Message-ID: <200605311005.44204.james@grayonline.id.au> On Wed, 31 May 2006 07:22 am, Julian Field wrote: > Fixed. Will be in the next release. LOL - so my "not too subtle" hint worked :P Thanks Julian! Cheers, James -- Perl 5 introduced everything else, including the ability to introduce everything else. -- Larry Wall in <199702252152.NAA28845@wall.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060531/3374cf1b/attachment.bin From jeremypennington at yahoo.com Wed May 31 02:23:22 2006 From: jeremypennington at yahoo.com (Mr jeremy pennington) Date: Wed May 31 02:23:25 2006 Subject: 4.45.6-Process did not exit cleanly, returned 255 with signal 0 In-Reply-To: <447A7420.9010705@avalonpub.com> Message-ID: <20060531012322.26190.qmail@web50113.mail.yahoo.com> Thanks for the info! It turns out I forgot to move all of MailWatch's custom functions over to the new version. --- Daniel Kleinsinger wrote: > Try running in debug mode, it should give a better > error message. > From the wiki > (http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mailscanner): > > How to use MailScanner?s debug mode effectively: > > * Shutdown MailScanner and your MTA > * Start only your incoming MTA. This is usually > done by the command > |service MailScanner startin| on Redhat. Other > distros/OS may vary > * Set ?Debug = yes? and ?Debug SpamAssassin = > yes? in > MailScanner.conf, then run > ?check_MailScanner?. > * Watch carefully the output for error messages > and fix what you can > fix. > * Restore the debug options back to no > * Restart MailScanner > > > > > Mr jeremy pennington wrote: > > I tried upgrading from 4.45.4 to 4.54.6 today and > had > > problems so I had to revert back to 4.45.4 which > is > > working correctly and has been ever since I > updated to > > it. > > > > I can start 4.54.6 ok but as soon as a message > arrives > > I get the below message in the log file: > > > > May 28 20:58:47 mail.server.com > <22>MailScanner[4822]: > > Using locktype = flock > > May 28 20:58:47 mail.server.com > <22>MailScanner[4822]: > > New Batch: Scanning 1 messages, 1546 bytes > > May 28 20:58:50 mail.server.com > <22>MailScanner[4822]: > > Archived message k4T0w20J004820 to mbox file > > /var/mail/archive/archive.mbx > > May 28 20:58:50 mail.server.com > <22>MailScanner[4822]: > > Saved archive copies of k4T0w20J004820 > > May 28 20:58:50 mail.server.com > <22>MailScanner[4822]: > > MCP Checks completed at 938678 bytes per second > > May 28 20:58:50 mail.server.com > <22>MailScanner[4822]: > > Spam Checks: Starting > > May 28 20:58:52 mail.server.com <12>root: Process > did > > not exit cleanly, returned 255 with signal 0 > > > > Therefore, the messages never gets scanned and the > > process restarts and repeats and each time the > same > > message gets logged to the archive file. > > > > System Info: > > Solaris 9 > > MailWatch 1.0.3 > > Clam AV 0.88.2 > > Spam Assassin: 3.1.2 > > > > Again 4.45.4 works great, this problem just > appears > > when I which to 4.54.6. Let me know if you have > any > > trys, suggestions, or need more info. > > > > Thanks for the help > > > > > > __________________________________________________ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam > protection around > > http://mail.yahoo.com > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read > http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off > the website! > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From bgmahesh at gmail.com Wed May 31 03:19:23 2006 From: bgmahesh at gmail.com (BG Mahesh) Date: Wed May 31 03:19:25 2006 Subject: Am I supposed to have /etc/Mail/languages.conf? Message-ID: <5227ac5c0605301919p3b99fe02r96f3e525808663ea@mail.gmail.com> hi I don't see a /etc/Mail/languages.conf on my system. So not sure how to use it. % find . -name languages.conf -print ./reports/ca/languages.conf ./reports/cy+en/languages.conf ./reports/cz/languages.conf ./reports/de/languages.conf ./reports/dk/languages.conf ./reports/en/languages.conf ./reports/es/languages.conf ./reports/fr/languages.conf ./reports/hu/languages.conf ./reports/it/languages.conf ./reports/nl/languages.conf ./reports/pt_br/languages.conf ./reports/ro/languages.conf ./reports/se/languages.conf ./reports/sk/languages.conf Should I upgrade only in the "en" directory? -- -- B.G. Mahesh http://www.greynium.com/ http://www.oneindia.in/ http://www.click.in/ - Free Indian Classifieds -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060531/3d7f3553/attachment.html From bahadir.kiziltan at gmail.com Wed May 31 07:15:15 2006 From: bahadir.kiziltan at gmail.com (Bahadir Kiziltan) Date: Wed May 31 07:15:19 2006 Subject: quick rules question In-Reply-To: <447B9A53.5050701@yahoo.com> References: <1964AAFBC212F742958F9275BF63DBB03B14A2@winchester.andrewscompanies.com> <447B9A53.5050701@yahoo.com> Message-ID: What MTA do you use? In Postfix, I've managed to reject all mails from a list by using "List-id" pattern shown in mail header. For Postfix, just add the following line to "header_checks" file and restart the postfix... /^List-Id: $/ REJECT On 5/30/06, ius wrote: > sandrews@andrewscompanies.com wrote: > > Why not mailscanner's blacklist? > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > > Field > > Sent: Monday, May 29, 2006 5:35 AM > > To: MailScanner discussion > > Subject: Re: quick rules question > > > > You should do that in your MTA. In sendmail it's the "access" database. > > > > ius wrote: > > > >> Dear experts, > >> > >> Quick question. I like to block a miling list from yahoo, for example > >> : davincicrap@yahoogroups.com. How can i do that in MailScanner rules? > >> > >> > >> Thanks a lot > >> ius > >> > >> > > > > -- > > Julian Field > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store Professional > > Support Services at www.MailScanner.biz MailScanner thanks transtec > > Computers for their support > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > -- > > This message has been scanned for viruses and dangerous content by > > MailScanner, and is believed to be clean. > > MailScanner thanks transtec Computers for their support. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > yes .. I already do that. But i like to block the spesific yahoogroups > name, not the user names. > This is my rules : > > FromOrTo: > *plucky=anything.com@returns.groups.yahoo.com yes > FromOrTo: > *bugsbunny=anything.com@returns.groups.yahoo.com yes > FromOrTo: default no > > It blocks only users that joined any miling list in yahoogroups. Any > other suggestions ? > > > Thanks > ius > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From res at ausics.net Wed May 31 08:28:20 2006 From: res at ausics.net (Res) Date: Wed May 31 08:28:32 2006 Subject: Another call for improvements In-Reply-To: <447CB0F3.5070401@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: On Tue, 30 May 2006, Julian Field wrote: > Any of you got any features which you really need? > I don't guarantee to implement them, or even consider them :-) > > Anything you don't like, anything you particularly like (gratitude is always > welcome :-) I'm a right sucker for it :-) hehe in MailScanner.conf file can we plz have added: # Added for Qmail Qmail Hash Directory Number = 23 Qmail Intd Hash Number = 1 so those upgrading dont have to re add it all the time :) And the only speed improvements I see needed are with spamassasin which is out of your hands... i know why they call it "assassin", it assinates your system resource availability on heavily used servers :) that was the fastest I've even made a config change, with it on even at scan only first 10k, queue to be processed went from typically 5 to 1900 in about 3 minutes :D and thats after some fine tunning of SA lol -- Cheers Res From res at ausics.net Wed May 31 08:33:06 2006 From: res at ausics.net (Res) Date: Wed May 31 08:33:17 2006 Subject: Another call for improvements In-Reply-To: <004201c68437$261f6fe0$010a000a@dorfam.ca> References: <447CB0F3.5070401@ecs.soton.ac.uk> <004201c68437$261f6fe0$010a000a@dorfam.ca> Message-ID: On Tue, 30 May 2006, Gerry Doris wrote: > Perhaps I'm missing something but I really want an easy way to turn off the > message logging. I get a line for every email telling me how long it took > to process. This is just too much of a good thing! > I admit I agree with this request, Doing it the way it does now defeats the purpose of "Log Speed = no" which essentially has nill affect now. > > ----- Original Message ----- > From: "Julian Field" > To: "MailScanner discussion" > Sent: Tuesday, May 30, 2006 4:54 PM > Subject: Another call for improvements > > >> Any of you got any features which you really need? >> I don't guarantee to implement them, or even consider them :-) >> >> Anything you don't like, anything you particularly like (gratitude is >> always welcome :-) I'm a right sucker for it :-) >> >> At the moment there aren't any features people want, other than a 200% >> speed improvement which I've done my best for in the past. >> >> Don't ignore anything you have asked for in the past, consider them >> forgotten :-( >> >> Regards, >> Jules. >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > -- Cheers Res From MailScanner at ecs.soton.ac.uk Wed May 31 08:39:36 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 31 08:40:03 2006 Subject: Another call for improvements In-Reply-To: <447CC572.3040508@elirion.net> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447CC572.3040508@elirion.net> Message-ID: On 30 May 2006, at 23:21, Richard Siddall wrote: > Julian Field wrote: > >> Any of you got any features which you really need? >> I don't guarantee to implement them, or even consider them :-) >> > > Nothing I really need. However, there are a few ideas: > > 1/ A version of Phil Randal's script to download the supplemental > ClamAV > phishing signatures from Steve Basford's SaneSecurity.com which uses > MailScanner's locking to ensure that the database isn't updated > during a > scan, and doesn't hit Steve's site more than 4 times a day. Where do I get his script? And does it change much? We will end up maintaining 2 versions of his script. I would much prefer that he maintains it and just checks when he needs to do the locking. It's a harmless addition to his code. > > 2/ Maybe add an AV scanner auto-detect feature to the installer or the > MailScanner main Perl process? In most cases it's just looking for > the > presence of the AV scanner binary (possibly in one of several places). > In a few cases you need to run the binary and ask it for its > version to > figure out which of several wrappers to use. Already done, this is now the default setup I ship. Virus Scanners = auto > > 3/ There's always qpsmtpd/qmail support, but you've indicated in the > past that you want someone else to take that on. I'm not touching qmail, there are other people doing that. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed May 31 08:40:29 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 31 08:40:40 2006 Subject: Another call for improvements In-Reply-To: <015d01c68446$d57f1350$3d64880a@speedy> References: <447CB0F3.5070401@ecs.soton.ac.uk> <015d01c68446$d57f1350$3d64880a@speedy> Message-ID: <679D7E74-BDB8-4525-96E5-F9D561394E1A@ecs.soton.ac.uk> This breaks the batch integrity and will cause a sprawling mess in the code, sorry. On 31 May 2006, at 01:11, Christiaan den Besten wrote: > Hi ! > > How about a 'high priority' recipient/domain list ... recipient > adresses on this list would get priority on other messages in the > queue. > > Example: abuse@ourdomain.tld is on the high-priority list > > 1. MailScanner child searches the current queue for new messages to > be processed. > 2. Finds msg 1, randoma@domain.tld, msg 2, randomb@domain.tld, msg > 3, abuse@ourdomain.tld, msg4, abuse@ourdomain.tld > 3. Instead of scanner all 4 messages the child unlocks msg 1 and 2, > and continues with a batch of 2 messages containing the high- > priority e-mails. > > We would love such a feature! > > bye, > Chris > > ----- Original Message ----- From: "Julian Field" > > To: "MailScanner discussion" > Sent: Tuesday, May 30, 2006 10:54 PM > Subject: Another call for improvements > > >> Any of you got any features which you really need? >> I don't guarantee to implement them, or even consider them :-) >> >> Anything you don't like, anything you particularly like (gratitude >> is always welcome :-) I'm a right sucker for it :-) >> >> At the moment there aren't any features people want, other than a >> 200% speed improvement which I've done my best for in the past. >> >> Don't ignore anything you have asked for in the past, consider >> them forgotten :-( >> >> Regards, >> Jules. >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed May 31 08:41:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 31 08:41:49 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: On 31 May 2006, at 08:28, Res wrote: > On Tue, 30 May 2006, Julian Field wrote: > >> Any of you got any features which you really need? >> I don't guarantee to implement them, or even consider them :-) >> >> Anything you don't like, anything you particularly like (gratitude >> is always welcome :-) I'm a right sucker for it :-) > > hehe > in MailScanner.conf file can we plz have added: > > # Added for Qmail > Qmail Hash Directory Number = 23 > Qmail Intd Hash Number = 1 Already added I believe. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed May 31 08:53:28 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 31 08:53:43 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> <004201c68437$261f6fe0$010a000a@dorfam.ca> Message-ID: Please try the attached patch to MessageBatch.pm. Sorry to the people who wanted this feature, there is a significant vote (both on the list and to me) for not doing it. You will have to switch on "Log Speed" to get it now. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- A non-text attachment was scrubbed... Name: MessageBatch.pm.patch.gz Type: application/x-gzip Size: 661 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060531/42682b98/MessageBatch.pm.patch.gz -------------- next part -------------- On 31 May 2006, at 08:33, Res wrote: > On Tue, 30 May 2006, Gerry Doris wrote: > >> Perhaps I'm missing something but I really want an easy way to >> turn off the >> message logging. I get a line for every email telling me how long >> it took >> to process. This is just too much of a good thing! >> > > I admit I agree with this request, > > Doing it the way it does now defeats the purpose of "Log Speed = no" > which essentially has nill affect now. > > >> >> ----- Original Message ----- >> From: "Julian Field" >> To: "MailScanner discussion" >> Sent: Tuesday, May 30, 2006 4:54 PM >> Subject: Another call for improvements >> >> >>> Any of you got any features which you really need? >>> I don't guarantee to implement them, or even consider them :-) >>> >>> Anything you don't like, anything you particularly like >>> (gratitude is >>> always welcome :-) I'm a right sucker for it :-) >>> >>> At the moment there aren't any features people want, other than a >>> 200% >>> speed improvement which I've done my best for in the past. >>> >>> Don't ignore anything you have asked for in the past, consider them >>> forgotten :-( >>> >>> Regards, >>> Jules. >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> MailScanner thanks transtec Computers for their support. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> > > -- > Cheers > Res > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From res at ausics.net Wed May 31 08:57:15 2006 From: res at ausics.net (Res) Date: Wed May 31 08:57:22 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: On Wed, 31 May 2006, Julian Field wrote: > > On 31 May 2006, at 08:28, Res wrote: > >> On Tue, 30 May 2006, Julian Field wrote: >> >>> Any of you got any features which you really need? >>> I don't guarantee to implement them, or even consider them :-) >>> >>> Anything you don't like, anything you particularly like (gratitude is >>> always welcome :-) I'm a right sucker for it :-) >> >> hehe >> in MailScanner.conf file can we plz have added: >> >> # Added for Qmail >> Qmail Hash Directory Number = 23 >> Qmail Intd Hash Number = 1 > > Already added I believe. > Ah this was the ConfigDefs bit yes my bad :) > -- Cheers Res From holger at gebhardweb.de Wed May 31 09:01:04 2006 From: holger at gebhardweb.de (Holger Gebhard) Date: Wed May 31 09:01:12 2006 Subject: Another call for improvements References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: <00b401c68488$5e23c8e0$0164320a@conware.int> Is it possible to modify the spamassassincache feature a little bit? Most incoming mails are spam so the caching is very useful and speeds up MailScanner a lot. But when a spam message is detected as nonspam the cache result always returns due to cache timeout. Any customrules to detect the message are "ingored" except a cache timeout or complete database deletion. I think it occurs very rarely that a "real" nonspam message are send twice to get a great speedup by nonspam caching. A useful feature would be to add some config options like: Cache NonSpam = yes/no Cache LowSpam = yes/no Cache HighSpam = yes/no Cache Virus = yes/no or simply when a cachetiming set to "0" no caching is done for the category. Regards, Holger ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Tuesday, May 30, 2006 10:54 PM Subject: Another call for improvements > Any of you got any features which you really need? > I don't guarantee to implement them, or even consider them :-) > > Anything you don't like, anything you particularly like (gratitude is > always welcome :-) I'm a right sucker for it :-) > > At the moment there aren't any features people want, other than a 200% > speed improvement which I've done my best for in the past. > > Don't ignore anything you have asked for in the past, consider them > forgotten :-( > > Regards, > Jules. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From res at ausics.net Wed May 31 09:04:05 2006 From: res at ausics.net (Res) Date: Wed May 31 09:04:14 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> <004201c68437$261f6fe0$010a000a@dorfam.ca> Message-ID: Whilst we are in the mood and before I duck off for food, how easy would it be to impliment a rule function, for scanning ruleset in adding EG: ConnectFrom name/ip_of_machine no so we could, say a secondary MX server which does thousands of domains put here so those messages do not get scanned as they already would be elsewhere. From res at ausics.net Wed May 31 09:14:39 2006 From: res at ausics.net (Res) Date: Wed May 31 09:14:45 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> <004201c68437$261f6fe0$010a000a@dorfam.ca> Message-ID: On Wed, 31 May 2006, Julian Field wrote: > Please try the attached patch to MessageBatch.pm. > > Sorry to the people who wanted this feature, there is a significant vote > (both on the list and to me) for not doing it. You will have to switch on > "Log Speed" to get it now. With it switched off, looks good > > -- Cheers Res From matt at coders.co.uk Wed May 31 09:28:40 2006 From: matt at coders.co.uk (Matt Hampton) Date: Wed May 31 09:28:37 2006 Subject: Another call for improvements In-Reply-To: <679D7E74-BDB8-4525-96E5-F9D561394E1A@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> <015d01c68446$d57f1350$3d64880a@speedy> <679D7E74-BDB8-4525-96E5-F9D561394E1A@ecs.soton.ac.uk> Message-ID: <447D53B8.6040204@coders.co.uk> Julian Field wrote: > This breaks the batch integrity and will cause a sprawling mess in the > code, sorry. > How about..... (avoiding top posting...... ;-) ) >> How about a 'high priority' recipient/domain list ... recipient >> adresses on this list would get priority on other messages in the queue. >> Use the MTA to dump these in a different queue..... Have MailScanner monitor a number of queues and always process those in queue A before those in queue B. matt From maillists at conactive.com Wed May 31 09:31:17 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed May 31 09:31:26 2006 Subject: Am I supposed to have /etc/Mail/languages.conf? In-Reply-To: <5227ac5c0605301919p3b99fe02r96f3e525808663ea@mail.gmail.com> References: <5227ac5c0605301919p3b99fe02r96f3e525808663ea@mail.gmail.com> Message-ID: BG Mahesh wrote on Wed, 31 May 2006 07:49:23 +0530: > Should I upgrade only in the "en" directory? You want to upgrade only in those directories where you changed the languages.conf. Other rpmnew files won't be available, anyway. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mailscanner at berger.nl Wed May 31 10:07:15 2006 From: mailscanner at berger.nl (Roger Berger) Date: Wed May 31 10:07:06 2006 Subject: Another call for improvements In-Reply-To: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: <009601c68491$9c6755a0$2201a8c0@WERKSTATION1> Julian, I've been using Mailscanner for a year now and I am able to tag/delete about 95% of all spam now. Thanks for that. What I am looking for and following the mailinglist, I think more people, is a small standalone proggie which will make and implement a rule from a few questions (what text? in what part of mail? and how much points?). You can then react fast on certain spam"attacks" without knowing much about writing rules. And maybe put a timespan to a certain rule, this can be usefull if you have temporalily spam"attacks" but the rule is hitting a lot off ham. If you can put the rule to disable after a week the spam will probably be gone. These are probably more spamassassin changes, but maybe someone allready made such tools. Roger -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: dinsdag 30 mei 2006 22:54 To: MailScanner discussion Subject: Another call for improvements Any of you got any features which you really need? I don't guarantee to implement them, or even consider them :-) Anything you don't like, anything you particularly like (gratitude is always welcome :-) I'm a right sucker for it :-) At the moment there aren't any features people want, other than a 200% speed improvement which I've done my best for in the past. Don't ignore anything you have asked for in the past, consider them forgotten :-( Regards, Jules. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From smf at f2s.com Wed May 31 10:01:31 2006 From: smf at f2s.com (Steve Freegard) Date: Wed May 31 10:27:55 2006 Subject: Another call for improvements In-Reply-To: <00b401c68488$5e23c8e0$0164320a@conware.int> References: <447CB0F3.5070401@ecs.soton.ac.uk> <00b401c68488$5e23c8e0$0164320a@conware.int> Message-ID: <1149066092.14510.30.camel@localhost.localdomain> On Wed, 2006-05-31 at 10:01 +0200, Holger Gebhard wrote: > Is it possible to modify the spamassassincache feature a little bit? > > Most incoming mails are spam so the caching is very useful and speeds up > MailScanner a lot. > But when a spam message is detected as nonspam the cache result always > returns due to cache timeout. > Any customrules to detect the message are "ingored" except a cache timeout > or complete database deletion. > > I think it occurs very rarely that a "real" nonspam message are send twice > to get a great speedup by nonspam caching. Actually -- the non-spam caching gives a big performance boost if you do recipient splitting in your MTA. Imagine a non-spam e-mail with 10 recipients - this gets split into 10 separate e-mails at the MTA level prior to MailScanner. Without non-spam caching, you have to SpamAssassinate the same message 10 times without the cache compared to once with. > A useful feature would be to add some config options like: > > Cache NonSpam = yes/no > Cache LowSpam = yes/no > Cache HighSpam = yes/no > Cache Virus = yes/no > > or simply when a cachetiming set to "0" no caching is done for the category. With settable options such as these -- this would get my vote. Non-spam caching is best when used with recipient splitting and probably gives little benefit otherwise and increases cache contention. Thinking about this further -- it should be possible to increase performance and reduce cache contention on a busy system with recipient splitting by *not* caching non-spam results if the message is only to a single recipient. The config options would then be something like: Cache Non-Spam = yes/no/multi-recipient Cache Low-Spam = yes/no/multi-recipient Cache High-Spam = yes/no Cache Viruses = yes/no Cheers, Steve. From matt at coders.co.uk Wed May 31 11:26:03 2006 From: matt at coders.co.uk (Matt Hampton) Date: Wed May 31 11:25:59 2006 Subject: Getting pounded .. sigh In-Reply-To: <447CAD13.5080804@ecs.soton.ac.uk> References: <04d501c683ec$1babc400$2901010a@office.fsl> <447C9FE1.70501@coders.co.uk> <447CAD13.5080804@ecs.soton.ac.uk> Message-ID: <447D6F3B.3000500@coders.co.uk> Julian Field wrote: > Please let me know the outcome of this, particularly if it needs a > change to my MailScanner startup script to do this. > Early tests show that this will only work if you have split configurations for the in and outbound processes. Jules: Don't know how to approach this as far as you are concerned - leave it as an "advanced feature" and we make sure that the Wiki is updated or make the installation process generate a copy (or symlinked) of the sendmail configuration and use this for the inbound. This would also allow Milters to be disabled on the outbound sendmail and other sending tweaks. matt From matt at coders.co.uk Wed May 31 11:38:11 2006 From: matt at coders.co.uk (Matt Hampton) Date: Wed May 31 11:38:07 2006 Subject: Another call for improvements In-Reply-To: <447CB0F3.5070401@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: <447D7213.8090905@coders.co.uk> Julian Field wrote: > Any of you got any features which you really need? > I don't guarantee to implement them, or even consider them :-) > A minor tweak to the init script - please can we have the ability to stop the sendmail process without stopping MailScanner - i.e. the equivalent to startin/startout This would be especially usefull in the "getting pounded" situation as the inbound process and allow MailScanner to clear the decks and then restart. matt From john at tradoc.fr Wed May 31 12:11:28 2006 From: john at tradoc.fr (John Wilcock) Date: Wed May 31 12:11:45 2006 Subject: Another call for improvements In-Reply-To: <447D7213.8090905@coders.co.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D7213.8090905@coders.co.uk> Message-ID: <447D79E0.8040803@tradoc.fr> Matt Hampton wrote: > A minor tweak to the init script - please can we have the ability to > stop the sendmail process without stopping MailScanner - i.e. the > equivalent to startin/startout And while you're at it, how about the ability to stop MailScanner without stopping the MTA - which can be useful during a MS upgrade. The options would then be: - start / stop / restart / reload - startms / stopms - startmta / stopmta [i.e. start/stop both in and out, or for single-MTA configs] - startin / startout / stopin / stopout Conceivably someone might want to restart or reload just MailScanner or just the MTA, but adding options for those is probably overkill! It would also be nice to further sanitise the output so that it no longer issues messages about incoming and outgoing at all for single-postfix configs. Which reminds me - the MailScanner rpm also assumes sendmail as a default, and spits out spurious warnings when using postfix (and presumably also when using exim or qmail). Hardly a problem, but it might be nice to sanitise that too. John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From rgreen at trayerproducts.com Wed May 31 12:59:44 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Wed May 31 13:00:01 2006 Subject: Another call for improvements In-Reply-To: <447CB0F3.5070401@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: <447D8530.8040105@trayerproducts.com> Julian Field wrote: > Any of you got any features which you really need? > I don't guarantee to implement them, or even consider them :-) I would really like the ability to archive filtered mail. Currently spam is archived right along with the good mail. The only reason we archive is to have the ability to retrieve e-mail messages that a user deleted. I don't need spam to be part of that archive. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Mailscanner at mailing.kaufland-informationssysteme.com Wed May 31 13:17:31 2006 From: Mailscanner at mailing.kaufland-informationssysteme.com (Matthias Sutter) Date: Wed May 31 13:17:36 2006 Subject: Sophos version 4 vs 5 ? Message-ID: <447D895B.40807@mailing.kaufland-informationssysteme.com> Hi all, we still using the sophos 4 Version. Should I upgrade to version 5. Can somebody expain me the benefit? Matthias From maillists at conactive.com Wed May 31 13:26:07 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed May 31 13:26:00 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> <004201c68437$261f6fe0$010a000a@dorfam.ca> Message-ID: Julian Field wrote on Wed, 31 May 2006 08:53:28 +0100: > Please try the attached patch to MessageBatch.pm. > > Sorry to the people who wanted this feature, there is a significant > vote (both on the list and to me) for not doing it. You will have to > switch on "Log Speed" to get it now. Hm, would it be possible to do something like sendmail has with "log level" or other packages with "log verbosity"? Have something like a log level of none - don't log anything medium - log only that messages get processed or something like that, but no details full - log like it is now I really don't need all this detailed logging unless I'm debugging. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed May 31 13:26:07 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed May 31 13:26:04 2006 Subject: Another call for improvements In-Reply-To: <447CB0F3.5070401@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Tue, 30 May 2006 21:54:11 +0100: > Any of you got any features which you really need? Provide a single MailScanner rpm without all the additional Perl packages for upgrading. Provide a list of changed Perl module versions in the tar.gz containing the rpm and the Perl src.rpms so one can easily find out which modules have been updated. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed May 31 13:26:07 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed May 31 13:26:08 2006 Subject: Another call for improvements In-Reply-To: <009601c68491$9c6755a0$2201a8c0@WERKSTATION1> References: <009601c68491$9c6755a0$2201a8c0@WERKSTATION1> Message-ID: Roger Berger wrote on Wed, 31 May 2006 11:07:15 +0200: > What I am looking for and following the mailinglist, I think more people, is > a small standalone proggie which will make and implement a rule from a few > questions (what text? in what part of mail? and how much points?). You can > then react fast on certain spam"attacks" without knowing much about writing > rules. You are talking of SA rules, right? There is at least one such tool, I don't have a URL. I'm sure you can find it via www.rulesemporuim.com or www.exit0.us Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From richard.siddall at elirion.net Wed May 31 13:44:51 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Wed May 31 13:45:46 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: <447D8FC3.5040005@elirion.net> Kai Schaetzl wrote: > Provide a single MailScanner rpm without all the additional Perl packages > for upgrading. Whenever I've had to use an enormous RPM like that in the past, it has proved to be a nightmare. You wind up wanting to update parts of it, and get clashes between RPMs responsible for the same files. Regards, Richard Siddall From richard.siddall at elirion.net Wed May 31 13:45:46 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Wed May 31 13:46:18 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: <447D8FFA.9060507@elirion.net> Res wrote: > Qmail Hash Directory Number = 23 I still haven't figured out why the Qmail code can't automatically determine the number of hash directories. Regards, Richard Siddall From chris at tac.esi.net Wed May 31 13:53:40 2006 From: chris at tac.esi.net (Chris Hammond) Date: Wed May 31 13:53:50 2006 Subject: Another call for improvements In-Reply-To: <447D8FC3.5040005@elirion.net> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D8FC3.5040005@elirion.net> Message-ID: <447D59A5.B662.0038.0@tac.esi.net> Whenever I do an update, I download the tar.gz and pull out just the mailscanner rpm and install that. I do not install everything. Most of the perl modules are either from the base os or Dag. I think two of them I rebuild from src.rpm that Julian provides and install them. I do not install the whole kit and kaboodle. Chris >>> Richard Siddall 05/31/06 8:44 AM >>> Kai Schaetzl wrote: > Provide a single MailScanner rpm without all the additional Perl packages > for upgrading. Whenever I've had to use an enormous RPM like that in the past, it has proved to be a nightmare. You wind up wanting to update parts of it, and get clashes between RPMs responsible for the same files. Regards, Richard Siddall -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From pete at enitech.com.au Wed May 31 14:10:02 2006 From: pete at enitech.com.au (Pete Russell) Date: Wed May 31 14:10:18 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: <447D95AA.2020705@enitech.com.au> 1. I would REALLY love to see a solution to postfix limitation/inability to split inbound messages into individual queues files. This is REALLY starting to drive us nuts. 2. I cant do regexp - i want to try and learn but my brain cant do it :( I would love to see an easy way to block an email by subject or sender, or body or URI content - i guess his isnt really a MailScanner task, an MailWatch one? From pete at enitech.com.au Wed May 31 14:19:03 2006 From: pete at enitech.com.au (Pete Russell) Date: Wed May 31 14:19:12 2006 Subject: Another call for improvements In-Reply-To: <447D59A5.B662.0038.0@tac.esi.net> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D8FC3.5040005@elirion.net> <447D59A5.B662.0038.0@tac.esi.net> Message-ID: <447D97C7.2080805@enitech.com.au> Love to see a tool that really easily allows us exchange/outlook users to provide a service to end users to be able to forward spam that does get through to a SPAM or NOT SPAM mailbox that is auto sa-learned From edwardbruce at sbcglobal.net Wed May 31 14:22:29 2006 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Wed May 31 14:22:36 2006 Subject: Upgraded to 4.54.6 and getting new message??? In-Reply-To: References: <447C6BA2.6030007@sbcglobal.net> Message-ID: <447D9895.3030805@sbcglobal.net> Kai Schaetzl wrote: > Ed Bruce wrote on Tue, 30 May 2006 11:58:26 -0400: > > >> Everything seems to be running ok. I checked in the >> /etc/MailScanner/reports/en and in the languages.old there is a >> definition for notcached but no in the new conf file. >> > > Is there a chance you confused them when doing upgrade_languages_conf? I > surely have it in my generated conf, as the last line in the file. > > Kai > > Very easy for me to do, but not this time. I did a ls -ltr after the upgrade and the conf file had the upgrade date. Possible I reversed a cp or mv command. Anyway I just copied the nocached and cached from the old into the new. Seems to be running fine. I'm guessing it must have just been me and some fat finger typing somewhere. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060531/7c6db46b/attachment.html From hmkash at arl.army.mil Wed May 31 14:25:38 2006 From: hmkash at arl.army.mil (Kash, Howard (Civ, ARL/CISD)) Date: Wed May 31 14:25:41 2006 Subject: Another call for improvements Message-ID: <229A346E44379140A59A48951B56E0C00260C99F@ARLABML01.DS.ARL.ARMY.MIL> I always patch Message.pm to quarantine high scoring spam to a different directory than lower scoring spam. Having a optional directory argument to the "store" Spam Actions would be nice, for example: Spam Actions = store High Scoring Spam Actions = store $quarantine-dir/JUNK With no argument, store will place the spam in the directory specified by "Quarantine Dir". The directory argument could also be assumed to be relative to "Quarantine Dir", for example: Spam Actions = store LOW High Scoring Spam Actions = store HIGH Howard From prandal at herefordshire.gov.uk Wed May 31 14:28:41 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed May 31 14:28:58 2006 Subject: Another call for improvements Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580D211102@isabella.herefordshire.gov.uk> My very basic script to get the sanesecurity phishing sigs for clamAV is attached. I've no idea what locking should be done. One thing I'd like MailScanner to do is to keep feeding sa-learn when the cached spamassassin response says autolearn=true. That would help push bayes scores up to bayes_99 as fast as possible. Or am I missing something? Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: 31 May 2006 08:40 > To: MailScanner discussion > Subject: Re: Another call for improvements > > > On 30 May 2006, at 23:21, Richard Siddall wrote: > > > Julian Field wrote: > > > >> Any of you got any features which you really need? > >> I don't guarantee to implement them, or even consider them :-) > >> > > > > Nothing I really need. However, there are a few ideas: > > > > 1/ A version of Phil Randal's script to download the supplemental > > ClamAV > > phishing signatures from Steve Basford's SaneSecurity.com which uses > > MailScanner's locking to ensure that the database isn't updated > > during a > > scan, and doesn't hit Steve's site more than 4 times a day. > > Where do I get his script? And does it change much? We will end up > maintaining 2 versions of his script. I would much prefer that he > maintains it and just checks when he needs to do the locking. It's a > harmless addition to his code. > > > > > 2/ Maybe add an AV scanner auto-detect feature to the > installer or the > > MailScanner main Perl process? In most cases it's just > looking for > > the > > presence of the AV scanner binary (possibly in one of > several places). > > In a few cases you need to run the binary and ask it for its > > version to > > figure out which of several wrappers to use. > > Already done, this is now the default setup I ship. > > Virus Scanners = auto > > > > > 3/ There's always qpsmtpd/qmail support, but you've indicated in the > > past that you want someone else to take that on. > > I'm not touching qmail, there are other people doing that. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- A non-text attachment was scrubbed... Name: get_phish_sigs Type: application/octet-stream Size: 1174 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060531/bec0a00e/get_phish_sigs.obj From prandal at herefordshire.gov.uk Wed May 31 14:30:04 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed May 31 14:31:10 2006 Subject: Another call for improvements Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580D211103@isabella.herefordshire.gov.uk> Not really possible, as Exchange mangles headers too much, IIRC, so you're not learning the orginal email as received. Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Pete Russell > Sent: 31 May 2006 14:19 > To: MailScanner discussion > Subject: Re: Another call for improvements > > > Love to see a tool that really easily allows us > exchange/outlook users > to provide a service to end users to be able to forward spam > that does > get through to a SPAM or NOT SPAM mailbox that is auto sa-learned > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From richard.siddall at elirion.net Wed May 31 14:33:30 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Wed May 31 14:34:07 2006 Subject: Installing from RPM, was: Another call for improvements In-Reply-To: <447D59A5.B662.0038.0@tac.esi.net> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D8FC3.5040005@elirion.net> <447D59A5.B662.0038.0@tac.esi.net> Message-ID: <447D9B2A.6090206@elirion.net> Chris Hammond wrote: > Whenever I do an update, I download the tar.gz and pull out just the > mailscanner > rpm and install that. I do not install everything. Most of the perl > modules are either > from the base os or Dag. I think two of them I rebuild from src.rpm > that Julian provides > and install them. I do not install the whole kit and kaboodle. > > Chris > Whenever I do an update, I run Julian's RPM installer on a lab machine, do a few cursory tests, then copy all the RPMs generated by the installer across to the live machine and do an "rpm -Uvh *.rpm". If we had yum or apt on the live machine, I'd just set up a repository and update from that. I update the configuration files by hand. We haven't automated that yet. Regards, Richard Siddall From richard.siddall at elirion.net Wed May 31 14:41:05 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Wed May 31 14:41:45 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> <447CC572.3040508@elirion.net> Message-ID: <447D9CF1.7030706@elirion.net> Julian Field wrote: >> 2/ Maybe add an AV scanner auto-detect feature to the installer or the >> MailScanner main Perl process? In most cases it's just looking for the >> presence of the AV scanner binary (possibly in one of several places). >> In a few cases you need to run the binary and ask it for its version to >> figure out which of several wrappers to use. > > > Already done, this is now the default setup I ship. > > Virus Scanners = auto > Oops. Sorry. I keep assuming I can't run the current version of MailScanner, so I'm not that familiar with current features. Regards, Richard Siddall From iarteaga at cwpanama.net Wed May 31 15:18:14 2006 From: iarteaga at cwpanama.net (Ivan Arteaga) Date: Wed May 31 15:18:36 2006 Subject: Full header report Message-ID: Good Morning All, First time writing here, I would like to know if somebody knows if I can see a MS report in the mail header. I.e. the mail score and why tagged as spam? Any feedback will be appreciated. Rgds, --Ivan. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060531/4f023492/attachment.html From pete at enitech.com.au Wed May 31 15:26:36 2006 From: pete at enitech.com.au (Pete Russell) Date: Wed May 31 15:27:31 2006 Subject: Another call for improvements In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580D211103@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580D211103@isabella.herefordshire.gov.uk> Message-ID: <447DA79C.9090403@enitech.com.au> But its bayes - we can ignore the headers and learn the bodies? OR use a copy type features instead of forward? Randal, Phil wrote: > Not really possible, as Exchange mangles headers too much, IIRC, so > you're not learning the orginal email as received. > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Pete Russell >> Sent: 31 May 2006 14:19 >> To: MailScanner discussion >> Subject: Re: Another call for improvements >> >> >> Love to see a tool that really easily allows us >> exchange/outlook users >> to provide a service to end users to be able to forward spam >> that does >> get through to a SPAM or NOT SPAM mailbox that is auto sa-learned >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> From mailscanner at berger.nl Wed May 31 15:36:09 2006 From: mailscanner at berger.nl (Roger Berger) Date: Wed May 31 15:35:59 2006 Subject: Another call for improvements In-Reply-To: Message-ID: <010101c684bf$8efad120$2201a8c0@WERKSTATION1> >Whilst we are in the mood and before I duck off for food, how easy would >it be to impliment a rule function, for scanning ruleset in adding >EG: ConnectFrom name/ip_of_machine no >so we could, say a secondary MX server which does thousands of >domains put here so those messages do not get scanned as they already >would be elsewhere. I had the same problem as I was using a gateway with mailscanner to forward the scanned messages to a second mailserver with mailscanner also. I simply whitelisted the gateway on the second mailserver. Roger From roger at berger.nl Wed May 31 15:36:22 2006 From: roger at berger.nl (Roger Berger) Date: Wed May 31 15:36:11 2006 Subject: Full header report In-Reply-To: Message-ID: <010201c684bf$968ab310$2201a8c0@WERKSTATION1> Where do you want to read it? In Outlook itself you can rightclick the message and choose Options. Roger -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ivan Arteaga Sent: woensdag 31 mei 2006 16:18 To: MailScanner discussion Subject: Full header report Good Morning All, First time writing here, I would like to know if somebody knows if I can see a MS report in the mail header. I.e. the mail score and why tagged as spam? Any feedback will be appreciated. Rgds, --Ivan. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060531/7012ef5f/attachment.html From roger at berger.nl Wed May 31 15:36:34 2006 From: roger at berger.nl (Roger Berger) Date: Wed May 31 15:36:24 2006 Subject: Another call for improvements In-Reply-To: Message-ID: <010701c684bf$9da39040$2201a8c0@WERKSTATION1> >> What I am looking for and following the mailinglist, I think more people, is >> a small standalone proggie which will make and implement a rule from a few >> questions (what text? in what part of mail? and how much points?). You can >> then react fast on certain spam"attacks" without knowing much about writing >> rules. >You are talking of SA rules, right? >There is at least one such tool, I don't have a URL. I'm sure you can find it >via www.rulesemporuim.com or www.exit0.us > >Kai Yes, it's indeed about SA rules so offtopic. Sorry about that...... Anyway, somebody got such a script? Can't find anything on the net (including www.rulesemporium.com and www.exit0.us). Roger From ugob at camo-route.com Wed May 31 15:38:59 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Wed May 31 15:39:16 2006 Subject: Full header report In-Reply-To: References: Message-ID: Ivan Arteaga wrote: > Good Morning All, > > > > First time writing here, I would like to know if somebody knows if I can > see a MS report in the mail header. I.e. the mail score and why tagged > as spam? > Yes, X-LastSpam-MailScanner-SpamCheck: not spam, SpamAssassin (score=-0.742, required 6, BAYES_00 -2.60, HTML_50_60 0.13, HTML_MESSAGE 0.00, INFO_GREYLIST_NOTDELAYED -0.00, SUBJECT_ENCODED_TWICE 1.72) It may now be the default setting though. Have a look in MailScanner.conf and post again if you can't find it. > Any feedback will be appreciated. > > > > Rgds, > > > > --Ivan. > From ugob at camo-route.com Wed May 31 15:40:15 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Wed May 31 15:45:08 2006 Subject: Another call for improvements In-Reply-To: <010101c684bf$8efad120$2201a8c0@WERKSTATION1> References: <010101c684bf$8efad120$2201a8c0@WERKSTATION1> Message-ID: Roger Berger wrote: >> Whilst we are in the mood and before I duck off for food, how easy would >> it be to impliment a rule function, for scanning ruleset in adding >> EG: ConnectFrom name/ip_of_machine no >> so we could, say a secondary MX server which does thousands of >> domains put here so those messages do not get scanned as they already >> would be elsewhere. > > I had the same problem as I was using a gateway with mailscanner to forward > the scanned messages to a second mailserver with mailscanner also. I simply > whitelisted the gateway on the second mailserver. Better than that you can have a ruleset for the "Scan Messages = yes" setting. > > Roger > From ugob at camo-route.com Wed May 31 15:43:18 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Wed May 31 15:50:09 2006 Subject: Another call for improvements In-Reply-To: <447D95AA.2020705@enitech.com.au> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D95AA.2020705@enitech.com.au> Message-ID: Pete Russell wrote: > > 2. I cant do regexp - i want to try and learn but my brain cant do it :( > I would love to see an easy way to block an email by subject or sender, > or body or URI content - i guess his isnt really a MailScanner task, an > MailWatch one? More of a SpamAssassin one... From iarteaga at cwpanama.net Wed May 31 15:51:57 2006 From: iarteaga at cwpanama.net (Ivan Arteaga) Date: Wed May 31 15:52:18 2006 Subject: Full header report In-Reply-To: <010201c684bf$968ab310$2201a8c0@WERKSTATION1> Message-ID: Thank you for writing back, I am looking for maybe see more detailed info in the mail header ( I don't know if MS can put it into ) -Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcaD5ME3n2IELWoVSrK1JYUZtyDQOw== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 X-yoursite-MailScanner-Information: Please contact the ISP for more information X-yoursite-MailScanner: Found to be clean X-yoursite-MailScanner-SpamCheck: spam (blacklisted) X-yoursite-MailScanner-From: user@domain.com X-IMAPbase: 1111440350 986 Status: O X-UID: 986 Content-Length: 5037 X-Keywords: In order to see the mail score or why the SpamCheck option tagged it as spam despite it is an internal mail. --Ivan. _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Roger Berger Sent: Wednesday, May 31, 2006 9:36 AM To: 'MailScanner discussion' Subject: RE: Full header report Where do you want to read it? In Outlook itself you can rightclick the message and choose Options. Roger -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ivan Arteaga Sent: woensdag 31 mei 2006 16:18 To: MailScanner discussion Subject: Full header report Good Morning All, First time writing here, I would like to know if somebody knows if I can see a MS report in the mail header. I.e. the mail score and why tagged as spam? Any feedback will be appreciated. Rgds, --Ivan. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060531/4731f834/attachment.html From mkettler at evi-inc.com Wed May 31 16:16:52 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed May 31 16:17:10 2006 Subject: Full header report In-Reply-To: References: Message-ID: <447DB364.7040500@evi-inc.com> Ivan Arteaga wrote: > Thank you for writing back, > > I am looking for maybe see more detailed info in the mail header ( I > don?t know if MS can put it into ) > > > > *X-yoursite-MailScanner-SpamCheck: spam (blacklisted)* > > In order to see the mail score or why the SpamCheck option tagged it as > spam despite it is an internal mail. It was tagged as spam because it matched your MailScanner blacklists. The spamassassin report and corresponding score won't help you, because SpamAssassin did not declare this message to be spam. Mailscanner declared it spam based on its blacklist rules, despite SA declaring the message non-spam. Check your "Is Definitely Spam" setting in MailScanner.conf, does the message match one of the rules in the file pointed to by this option? Also, If you want to see the SpamAssassin report even when SA says non-spam, you can turn this option on: Always Include SpamAssassin Report = yes (IMHO, everyone should do this. I cannot see why anyone would ever want this set to the default of "no".) From lshaw at emitinc.com Wed May 31 17:00:13 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Wed May 31 17:00:20 2006 Subject: Another call for improvements In-Reply-To: <447CB0F3.5070401@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: On Tue, 30 May 2006, Julian Field wrote: > Any of you got any features which you really need? > I don't guarantee to implement them, or even consider them :-) I think it would be neat to be able to configure some kind of notification when something gets quarantined, like an e-mail to a particular system administrator address. I don't need to know about every quarantined message, but it would be nice to be able to create a ruleset so that, say, messages coming from internal users do trigger notifications when they're quarantined. The reason for this is that whether the quarantine was a false positive (harmless message and MailScanner config is too strict) or a true positive (harmful message), I as the administrator still want to know about it. In the former case (false positive), I may need to help a user transfer some files by some other means. In the latter case (true positive), I want to know about it because it may indicate a machine on the internal network has a virus or some other security problem. In either case, it's some sort of issue, and I think it would help user acceptance of MailScanner at my site if I could be quickly notified and be proactive about things. Next idea is a bit more "out there". In MailScanner.conf, there is the "Queue Scan Interval" setting. Looking at the source (specifically Sendmail.pm), it seems that if I have that set to 6 seconds (the default IIRC), it will be doing a readdir() (via the DirHandle class) of every entry in that directory every 6 seconds. In other words, it's polling. On a dedicated MailScanner-only server, that doesn't matter at all, but on a mixed-use server (MailScanner, pop/imap server, file server, internal web server, and whatever else), that's a little wasteful of resources. So... is there anything smarter that can be done? One idea is to, on Linux, use the INotify Perl module to take advantage of the inotify kernel facility; you could then block and be woken up only when the dir has changed (or when any file in the dir has changed, if you register to be informed about all that, I think). That would provide a faster reaction time to new message delivery as well as lowering overhead in many cases. Another idea is to have an adaptive poll interval that varies within some set range based on recent activity. So, for example, if the mail server is pretty close to idle, the poll interval is maybe 30 seconds, but if it's busier, the interval could shrink down to 5 seconds or something. Like I said, that idea is a bit out there, and it probably doesn't have much practical benefit. I think I just hate to see polling because it's bad style. (Though I do realize that if there is no other alternative, then it's not bad programming style to chose the possible over the impossible...) - Logan From PHachey at city.cornwall.on.ca Wed May 31 17:10:57 2006 From: PHachey at city.cornwall.on.ca (Philip Hachey) Date: Wed May 31 17:11:01 2006 Subject: [Clamav-users] Problem with internal logger Message-ID: > Author: Peter Luttrell > Date: > To: clamav-users > Subject: [Clamav-users] Problem with internal logger > I recently upgraded clamav to version 0.88.2 in order to support > amavisd-new, which I'm using with postfix. > > Since then, many times the day my root account receives this message: > > > From: root@[mydomain] (Cron Daemon) > > Date: May 29, 2006 6:24:01 PM CDT > > To: root@[mydomain] > > Subject: Cron /usr/share/clamav/freshclam-sleep > > > > ERROR: Problem with internal logger. > > After googling a bit, I wasn't able to find any info...or any place > to start looking for a problem. Can anyone point me in the right > direction? > > thanks in advance. > -peter A similar problem is happening on my MailScanner server. I've been using ClamAV combined with MailScanner since before ClamAV version 0.80 and this is a first. On May 1st, I upgraded to ClamAV 0.88.2 (local build from source) from 0.88.1. On the same day, I also upgraded MailScanner to version 4.53.6-1. On a regular interval, MailScanner calls freshclam as it always has by using "/usr/local/bin/freshclam --quiet -l /var/log/freshclam.log"[1]. Twice now since May 1st, ClamAV has stopped updating because MailScanner's invocation of freshclam hangs ('ps -ef' shows '/usr/local/bin/freshclam...'). Calling 'freshclam -v' returns the "Problem with internal logger" error -- I assume because the log file has been locked by the hung process. Killing the freshclam process allows 'freshclam -v' to run successfully. MailScanner's use of freshclam then functions fine for a few days until it happens again. It's inconsistent and I'm not sure what to do about it. Have there been changes in the 0.88.2 code to freshclam? I'm considering rebuilding ClamAV to see if that increases stability. Philip Hachey [1] Yes, I know MailScanner normally has freshclam write to '/tmp/ClamAV.update.log', but I changed that in the clamav-autoupdate script ages ago. From maillists at conactive.com Wed May 31 17:31:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed May 31 17:31:32 2006 Subject: Another call for improvements In-Reply-To: <447D8FC3.5040005@elirion.net> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D8FC3.5040005@elirion.net> Message-ID: Richard Siddall wrote on Wed, 31 May 2006 08:44:51 -0400: > Whenever I've had to use an enormous RPM like that in the past, it has > proved to be a nightmare. You wind up wanting to update parts of it, > and get clashes between RPMs responsible for the same files. Not sure if we talk about the same thing. I don't want to have everything in one rpm, no! Like Chris, I most often just pick the MailScanner rpm from the tar.gz and then I compare what's there in Perl packages and decide if I install any. Having a list of updated packages and a "mailscanner-only" download would ease that quite a bit (and reduce download traffic off the MailScanner site!). Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed May 31 17:31:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed May 31 17:31:36 2006 Subject: Another call for improvements In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580D211102@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580D211102@isabella.herefordshire.gov.uk> Message-ID: Phil Randal wrote on Wed, 31 May 2006 14:28:41 +0100: > One thing I'd like MailScanner to do is to keep feeding sa-learn when > the cached spamassassin response says autolearn=true. That would help > push bayes scores up to bayes_99 as fast as possible. Or am I missing > something? Well, it would somehow "destroy" the caching effect. I mean, you make it faster with the cache and then you make it slower with learning again. So, this needs to be optional. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed May 31 17:31:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed May 31 17:31:40 2006 Subject: Another call for improvements In-Reply-To: <229A346E44379140A59A48951B56E0C00260C99F@ARLABML01.DS.ARL.ARMY.MIL> References: <229A346E44379140A59A48951B56E0C00260C99F@ARLABML01.DS.ARL.ARMY.MIL> Message-ID: Howard (Civ, ARL/CISD) Kash wrote on Wed, 31 May 2006 09:25:38 -0400: > I always patch Message.pm to quarantine high scoring spam to a different > directory than lower scoring spam. I think this could be a good option. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed May 31 17:31:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed May 31 17:31:44 2006 Subject: Another call for improvements In-Reply-To: <010701c684bf$9da39040$2201a8c0@WERKSTATION1> References: <010701c684bf$9da39040$2201a8c0@WERKSTATION1> Message-ID: Roger Berger wrote on Wed, 31 May 2006 16:36:34 +0200: > Can't find anything on the net (including > www.rulesemporium.com and www.exit0.us). I'm sure there is, look around. It's not a script, but a webpage where you can do that online. I just don't have a URL of it. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From iarteaga at cwpanama.net Wed May 31 17:39:28 2006 From: iarteaga at cwpanama.net (Ivan Arteaga) Date: Wed May 31 17:39:50 2006 Subject: Full header report In-Reply-To: <447DB364.7040500@evi-inc.com> Message-ID: Thank you all for your valuable feedback, I tried with the is_definitely_spam option and it's working fine (stop tagging my internal mail). Just one add question, how exactly do you know MS is detecting the mail as spam instead SA? Rgds, --Ivan. PS. BTW.. I'm already getting the full header info, thank you guys about this too :-) -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Kettler Sent: Wednesday, May 31, 2006 10:17 AM To: MailScanner discussion Subject: Re: Full header report Ivan Arteaga wrote: > Thank you for writing back, > > I am looking for maybe see more detailed info in the mail header ( I > don't know if MS can put it into ) > > > > *X-yoursite-MailScanner-SpamCheck: spam (blacklisted)* > > In order to see the mail score or why the SpamCheck option tagged it as > spam despite it is an internal mail. It was tagged as spam because it matched your MailScanner blacklists. The spamassassin report and corresponding score won't help you, because SpamAssassin did not declare this message to be spam. Mailscanner declared it spam based on its blacklist rules, despite SA declaring the message non-spam. Check your "Is Definitely Spam" setting in MailScanner.conf, does the message match one of the rules in the file pointed to by this option? Also, If you want to see the SpamAssassin report even when SA says non-spam, you can turn this option on: Always Include SpamAssassin Report = yes (IMHO, everyone should do this. I cannot see why anyone would ever want this set to the default of "no".) -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mkettler at evi-inc.com Wed May 31 18:05:09 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed May 31 18:05:24 2006 Subject: Full header report In-Reply-To: References: Message-ID: <447DCCC5.5090702@evi-inc.com> Ivan Arteaga wrote: > Thank you all for your valuable feedback, I tried with the > is_definitely_spam option and it's working fine (stop tagging my internal > mail). Just one add question, how exactly do you know MS is detecting the > mail as spam instead SA? The fact that (blacklisted) appears in the SpamCheck header indicates that the message matched a MS blacklist and will be tagged as spam no matter what SA says. >> *X-yoursite-MailScanner-SpamCheck: spam (blacklisted)* (whitelisted) works the same way. If the message matches a MS whitelist, it will not be tagged as spam, no matter what SA says about it. From MailScanner at ecs.soton.ac.uk Wed May 31 18:09:34 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 31 18:09:47 2006 Subject: Another call for improvements In-Reply-To: <00b401c68488$5e23c8e0$0164320a@conware.int> References: <447CB0F3.5070401@ecs.soton.ac.uk> <00b401c68488$5e23c8e0$0164320a@conware.int> Message-ID: <447DCDCE.9030308@ecs.soton.ac.uk> You can implement this by setting the relevant cache lifetime to 1 second. Holger Gebhard wrote: > Is it possible to modify the spamassassincache feature a little bit? > > Most incoming mails are spam so the caching is very useful and speeds > up MailScanner a lot. > But when a spam message is detected as nonspam the cache result always > returns due to cache timeout. > Any customrules to detect the message are "ingored" except a cache > timeout or complete database deletion. > > I think it occurs very rarely that a "real" nonspam message are send > twice to get a great speedup by nonspam caching. > > A useful feature would be to add some config options like: > > Cache NonSpam = yes/no > Cache LowSpam = yes/no > Cache HighSpam = yes/no > Cache Virus = yes/no > > or simply when a cachetiming set to "0" no caching is done for the > category. > > > Regards, > > Holger > > ----- Original Message ----- From: "Julian Field" > > To: "MailScanner discussion" > Sent: Tuesday, May 30, 2006 10:54 PM > Subject: Another call for improvements > > >> Any of you got any features which you really need? >> I don't guarantee to implement them, or even consider them :-) >> >> Anything you don't like, anything you particularly like (gratitude is >> always welcome :-) I'm a right sucker for it :-) >> >> At the moment there aren't any features people want, other than a >> 200% speed improvement which I've done my best for in the past. >> >> Don't ignore anything you have asked for in the past, consider them >> forgotten :-( >> >> Regards, >> Jules. >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed May 31 18:10:33 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 31 18:10:44 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> <004201c68437$261f6fe0$010a000a@dorfam.ca> Message-ID: <447DCE09.3080501@ecs.soton.ac.uk> Already there. Just put the IP address of network-block definition in place of an email address pattern. Res wrote: > Whilst we are in the mood and before I duck off for food, how easy > would it be to impliment a rule function, for scanning ruleset in > adding EG: ConnectFrom name/ip_of_machine no > so we could, say a secondary MX server which does thousands of domains > put here so those messages do not get scanned as they already would be > elsewhere. > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed May 31 18:13:20 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 31 18:13:31 2006 Subject: Another call for improvements In-Reply-To: <009601c68491$9c6755a0$2201a8c0@WERKSTATION1> References: <009601c68491$9c6755a0$2201a8c0@WERKSTATION1> Message-ID: <447DCEB0.4030000@ecs.soton.ac.uk> This is an administrator front-end package, which I don't get involved in. Over to you folks... Roger Berger wrote: > Julian, > > I've been using Mailscanner for a year now and I am able to tag/delete about > 95% of all spam now. Thanks for that. > What I am looking for and following the mailinglist, I think more people, is > a small standalone proggie which will make and implement a rule from a few > questions (what text? in what part of mail? and how much points?). You can > then react fast on certain spam"attacks" without knowing much about writing > rules. > > And maybe put a timespan to a certain rule, this can be usefull if you have > temporalily spam"attacks" but the rule is hitting a lot off ham. If you can > put the rule to disable after a week the spam will probably be gone. > > These are probably more spamassassin changes, but maybe someone allready > made such tools. > > Roger > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: dinsdag 30 mei 2006 22:54 > To: MailScanner discussion > Subject: Another call for improvements > > > Any of you got any features which you really need? > I don't guarantee to implement them, or even consider them :-) > > Anything you don't like, anything you particularly like (gratitude is > always welcome :-) I'm a right sucker for it :-) > > At the moment there aren't any features people want, other than a 200% > speed improvement which I've done my best for in the past. > > Don't ignore anything you have asked for in the past, consider them > forgotten :-( > > Regards, > Jules. > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed May 31 18:17:58 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 31 18:18:10 2006 Subject: Another call for improvements In-Reply-To: <447D7213.8090905@coders.co.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D7213.8090905@coders.co.uk> Message-ID: <447DCFC6.5050504@ecs.soton.ac.uk> Matt Hampton wrote: > Julian Field wrote: > >> Any of you got any features which you really need? >> I don't guarantee to implement them, or even consider them :-) >> >> > > A minor tweak to the init script - please can we have the ability to > stop the sendmail process without stopping MailScanner - i.e. the > equivalent to startin/startout > > This would be especially usefull in the "getting pounded" situation as > the inbound process and allow MailScanner to clear the decks and then > restart. > What's wrong with just stopping all of it then check_MailScanner service MailScanner startout ? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From richard.siddall at elirion.net Wed May 31 18:18:59 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Wed May 31 18:19:36 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D8FC3.5040005@elirion.net> Message-ID: <447DD003.9070202@elirion.net> Kai Schaetzl wrote: > Not sure if we talk about the same thing. I don't want to have everything > in one rpm, no! Like Chris, I most often just pick the MailScanner rpm > from the tar.gz and then I compare what's there in Perl packages and > decide if I install any. Having a list of updated packages and a > "mailscanner-only" download would ease that quite a bit (and reduce > download traffic off the MailScanner site!). > > Kai > Kai, Sorry, I misread your message. (This is what happens when you start e-mailing while drinking the first cup of coffee of the morning.) It would be nice if Julian extracted the list of dependencies out of install.sh into a file and provided scripts to create a Bundle::MailScanner file for the CPAN users (and for ovid) and a meta-RPM from it. (The meta-RPM would just be a list of Requires, and would let you upgrade MailScanner from a yum/apt repository using something like "yum upgrade mailscanner-meta".) Regards, Richard Siddall From MailScanner at ecs.soton.ac.uk Wed May 31 18:33:40 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 31 18:33:55 2006 Subject: Another call for improvements In-Reply-To: <447D79E0.8040803@tradoc.fr> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D7213.8090905@coders.co.uk> <447D79E0.8040803@tradoc.fr> Message-ID: <447DD374.8020304@ecs.soton.ac.uk> John Wilcock wrote: > Matt Hampton wrote: >> A minor tweak to the init script - please can we have the ability to >> stop the sendmail process without stopping MailScanner - i.e. the >> equivalent to startin/startout > > And while you're at it, how about the ability to stop MailScanner > without stopping the MTA - which can be useful during a MS upgrade. That would be useful, yes. The attached tar.gz file contains both the RedHat (rh) version and the SuSE version. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- A non-text attachment was scrubbed... Name: init.scripts.tar.gz Type: application/x-gzip Size: 4191 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060531/a716fad2/init.scripts.tar.gz From MailScanner at ecs.soton.ac.uk Wed May 31 18:35:15 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 31 18:35:24 2006 Subject: Another call for improvements In-Reply-To: <447D8530.8040105@trayerproducts.com> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D8530.8040105@trayerproducts.com> Message-ID: <447DD3D3.90002@ecs.soton.ac.uk> Rodney Green wrote: > Julian Field wrote: >> Any of you got any features which you really need? >> I don't guarantee to implement them, or even consider them :-) > > I would really like the ability to archive filtered mail. Currently > spam is archived right along with the good mail. The only reason we > archive is to have the ability to retrieve e-mail > messages that a user deleted. I don't need spam to be part of that > archive. Spam is archived into the "spam" subdirectory of the day's quarantine. Just delete that directory hierarchy at the end of the day. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed May 31 18:36:41 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 31 18:36:49 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> <004201c68437$261f6fe0$010a000a@dorfam.ca> Message-ID: <447DD429.2070906@ecs.soton.ac.uk> Kai Schaetzl wrote: > Julian Field wrote on Wed, 31 May 2006 08:53:28 +0100: > > >> Please try the attached patch to MessageBatch.pm. >> >> Sorry to the people who wanted this feature, there is a significant >> vote (both on the list and to me) for not doing it. You will have to >> switch on "Log Speed" to get it now. >> > > Hm, would it be possible to do something like sendmail has with "log > level" or other packages with "log verbosity"? Have something like a log > level of > none - don't log anything > medium - log only that messages get processed or something like that, but > no details > full - log like it is now > This is why I use syslog. You can configure different log levels with /etc/syslog.conf. If you just log warn and above, you will only get error messages and other warnings. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed May 31 18:44:46 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 31 18:44:56 2006 Subject: Full header report In-Reply-To: <447DB364.7040500@evi-inc.com> References: <447DB364.7040500@evi-inc.com> Message-ID: <447DD60E.4060009@ecs.soton.ac.uk> Matt Kettler wrote: > Ivan Arteaga wrote: > >> Thank you for writing back, >> >> I am looking for maybe see more detailed info in the mail header ( I >> don?t know if MS can put it into ) >> >> >> > > >> *X-yoursite-MailScanner-SpamCheck: spam (blacklisted)* >> > > > > >> In order to see the mail score or why the SpamCheck option tagged it as >> spam despite it is an internal mail. >> > > It was tagged as spam because it matched your MailScanner blacklists. The > spamassassin report and corresponding score won't help you, because SpamAssassin > did not declare this message to be spam. Mailscanner declared it spam based on > its blacklist rules, despite SA declaring the message non-spam. > > Check your "Is Definitely Spam" setting in MailScanner.conf, does the message > match one of the rules in the file pointed to by this option? > > > Also, If you want to see the SpamAssassin report even when SA says non-spam, you > can turn this option on: > Always Include SpamAssassin Report = yes > > (IMHO, everyone should do this. I cannot see why anyone would ever want this set > to the default of "no".) > If the message is blacklisted or whitelisted by "Is Definitely [Not] Spam" then use of this option will force SpamAssassin to be run when it doesn't need to be. If the message is blacklisted or whitelisted and this option is set to "no" then SpamAssassin won't be called, which is a lot faster. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed May 31 18:48:24 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 31 18:48:42 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: <447DD6E8.60904@ecs.soton.ac.uk> Logan Shaw wrote: > On Tue, 30 May 2006, Julian Field wrote: >> Any of you got any features which you really need? >> I don't guarantee to implement them, or even consider them :-) > > I think it would be neat to be able to configure some kind of > notification when something gets quarantined, like an e-mail to > a particular system administrator address. I don't need to know > about every quarantined message, but it would be nice to be able > to create a ruleset so that, say, messages coming from internal > users do trigger notifications when they're quarantined. Send Notices = yes Notices To = postmaster > > The reason for this is that whether the quarantine was a false > positive (harmless message and MailScanner config is too strict) > or a true positive (harmful message), I as the administrator still > want to know about it. In the former case (false positive), I > may need to help a user transfer some files by some other means. > In the latter case (true positive), I want to know about it > because it may indicate a machine on the internal network has > a virus or some other security problem. In either case, it's > some sort of issue, and I think it would help user acceptance > of MailScanner at my site if I could be quickly notified and be > proactive about things. > > Next idea is a bit more "out there". In MailScanner.conf, there > is the "Queue Scan Interval" setting. Looking at the source > (specifically Sendmail.pm), it seems that if I have that set to 6 > seconds (the default IIRC), it will be doing a readdir() (via the > DirHandle class) of every entry in that directory every 6 seconds. > In other words, it's polling. On a dedicated MailScanner-only > server, that doesn't matter at all, but on a mixed-use server > (MailScanner, pop/imap server, file server, internal web server, > and whatever else), that's a little wasteful of resources. So... > is there anything smarter that can be done? > > One idea is to, on Linux, use the INotify Perl module to take > advantage of the inotify kernel facility; you could then block > and be woken up only when the dir has changed (or when any file > in the dir has changed, if you register to be informed about all > that, I think). That would provide a faster reaction time to > new message delivery as well as lowering overhead in many cases. > > Another idea is to have an adaptive poll interval that varies > within some set range based on recent activity. So, for example, > if the mail server is pretty close to idle, the poll interval is > maybe 30 seconds, but if it's busier, the interval could shrink > down to 5 seconds or something. > > Like I said, that idea is a bit out there, and it probably doesn't > have much practical benefit. I think I just hate to see polling > because it's bad style. (Though I do realize that if there is no > other alternative, then it's not bad programming style to chose > the possible over the impossible...) > > - Logan -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From Denis.Beauchemin at USherbrooke.ca Wed May 31 18:58:57 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed May 31 19:11:46 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> <004201c68437$261f6fe0$010a000a@dorfam.ca> Message-ID: <447DD961.9090806@USherbrooke.ca> Julian, How about making your install-Clam-SA install.sh script cleverer by not recompiling Clam if we're already running the current release? Or accepting command-line options to restrict installation of: 1. ClamAV 2. SpamAssassin 3. other Perl modules Thanks! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060531/1edf52a9/smime.bin From mkettler at evi-inc.com Wed May 31 19:20:29 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed May 31 19:20:38 2006 Subject: Full header report In-Reply-To: <447DD60E.4060009@ecs.soton.ac.uk> References: <447DB364.7040500@evi-inc.com> <447DD60E.4060009@ecs.soton.ac.uk> Message-ID: <447DDE6D.9060101@evi-inc.com> Julian Field wrote: >> Also, If you want to see the SpamAssassin report even when SA says >> non-spam, you >> can turn this option on: >> Always Include SpamAssassin Report = yes >> >> (IMHO, everyone should do this. I cannot see why anyone would ever >> want this set >> to the default of "no".) >> > If the message is blacklisted or whitelisted by "Is Definitely [Not] > Spam" then use of this option will force SpamAssassin to be run when it > doesn't need to be. If the message is blacklisted or whitelisted and > this option is set to "no" then SpamAssassin won't be called, which is a > lot faster. True, but I like to be able to cross-check my whitelisting: grep "is not spam (whitelisted)" maillog |grep -P "score=([1-9][0-9]|[5-9])\." Lets me pick out any messages with scores from 5.0 through 99.999 that were whitelisted by MS. Good for cross-checking my spam rules, and checking to ensure no clients are sending spam through the server... I find that very useful and powerful, without the risk of user complaints that I tagged their outbound mail. However, I do see your point that some want the speed boost, particularly for sites where all internal-to-internal mail gets MailScanner'ed.. (for me only external to internal and internal to external gets scanned) From strydom.dave at gmail.com Wed May 31 19:27:17 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Wed May 31 19:27:20 2006 Subject: Another call for improvements In-Reply-To: <447CB0F3.5070401@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: On 5/30/06, Julian Field wrote: > Any of you got any features which you really need? > I don't guarantee to implement them, or even consider them :-) MailScanner to have the ability to take advantage of the Spamassassin Spamcop Plugin. Details: ===== What I am looking for is a feature inside MailScanner where you can specify a threshold figure (like 25 for example). Then any messages which has a score higher than this threshold, is automatically reported to spamcop using the spamassassin spamcop plugin. This would be very useful for those of us who use RBL's or use greylisting with RBL's. Have something in the MailScanner.conf like: SpamcopReport = yes SpamcopScore = 25 Personally I think this would be an awesome feature, since it would help list exploited servers a hell of a lot quicker than if we do it manually the whole time. Just a thought, Dave Strydom From dwinkler at algorithmics.com Wed May 31 19:33:19 2006 From: dwinkler at algorithmics.com (Derek Winkler) Date: Wed May 31 19:31:29 2006 Subject: Another call for improvements Message-ID: <23675CFC52BBC44EB355406A3A8A049102F484@TORMAIL.algorithmics.com> > Any of you got any features which you really need? > I don't guarantee to implement them, or even consider them :-) The ability to ignore the whitelist if the message scores over a certain amount with support for rulesets. Much like Ignore Spam Whitelist If Recipients Exceed but score based. Ignore Spam Whitelist If Score Exceeds = This email and any files transmitted with it are confidential and proprietary to Algorithmics Incorporated and its affiliates ("Algorithmics"). If received in error, use is prohibited. Please destroy, and notify sender. Sender does not waive confidentiality or privilege. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. Algorithmics does not accept liability for any errors or omissions. Any commitment intended to bind Algorithmics must be reduced to writing and signed by an authorized signatory. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060531/f543da35/attachment.html From matt at coders.co.uk Wed May 31 19:45:14 2006 From: matt at coders.co.uk (Matt Hampton) Date: Wed May 31 19:45:09 2006 Subject: Another call for improvements In-Reply-To: <447DD374.8020304@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D7213.8090905@coders.co.uk> <447D79E0.8040803@tradoc.fr> <447DD374.8020304@ecs.soton.ac.uk> Message-ID: <447DE43A.4050405@coders.co.uk> Julian Field wrote: (merging two responses) > John Wilcock wrote: >> Matt Hampton wrote: >>> A minor tweak to the init script - please can we have the ability to >>> stop the sendmail process without stopping MailScanner - i.e. the >>> equivalent to startin/startout >> >> And while you're at it, how about the ability to stop MailScanner >> without stopping the MTA - which can be useful during a MS upgrade. > > > That would be useful, yes. > > > What's wrong with just stopping all of it then > check_MailScanner > service MailScanner startout >? So the same logic doesn't apply then? ;-) I was thinking about making changes to my MTA config requires me to stop mail being processed (and in a split config situation delivered). matt From cpedaschus at gmx.de Wed May 31 19:45:18 2006 From: cpedaschus at gmx.de (Christian Pedaschus) Date: Wed May 31 19:45:59 2006 Subject: Another call for improvements In-Reply-To: <447DD429.2070906@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> <004201c68437$261f6fe0$010a000a@dorfam.ca> <447DD429.2070906@ecs.soton.ac.uk> Message-ID: <447DE43E.7000309@gmx.de> Julian Field wrote: > Kai Schaetzl wrote: > >> Julian Field wrote on Wed, 31 May 2006 08:53:28 +0100: >> >>> Please try the attached patch to MessageBatch.pm. >>> Sorry to the people who wanted this feature, there is a >>> significant vote (both on the list and to me) for not doing it. >>> You will have to switch on "Log Speed" to get it now. >>> >> >> >> Hm, would it be possible to do something like sendmail has with "log >> level" or other packages with "log verbosity"? Have something like a >> log level of none - don't log anything >> medium - log only that messages get processed or something like that, >> but no details >> full - log like it is now >> > > This is why I use syslog. You can configure different log levels with > /etc/syslog.conf. If you just log warn and above, you will only get > error messages and other warnings. > As this is my first mail to the list, first some gratitude: "3 server and 50 workstations start singing a chorus using their busy drives, praising the master of mailscanner for his great gift (in binary morse-code) ;) " Back to topic: Isn't a call to syslog more cpu expensive than a 'if then' inside mailscanner? I mean, it's surely not a big hit, but every cycle counts, as the quantity matters. Greets, Chris From alex at nkpanama.com Wed May 31 20:02:28 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed May 31 20:03:03 2006 Subject: Another call for improvements In-Reply-To: <447DD3D3.90002@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D8530.8040105@trayerproducts.com> <447DD3D3.90002@ecs.soton.ac.uk> Message-ID: <447DE844.2000803@nkpanama.com> Julian Field wrote: > > > Rodney Green wrote: >> Julian Field wrote: >>> Any of you got any features which you really need? >>> I don't guarantee to implement them, or even consider them :-) >> >> I would really like the ability to archive filtered mail. Currently >> spam is archived right along with the good mail. The only reason we >> archive is to have the ability to retrieve e-mail >> messages that a user deleted. I don't need spam to be part of that >> archive. > Spam is archived into the "spam" subdirectory of the day's quarantine. > Just delete that directory hierarchy at the end of the day. > Hold on... so spam isn't archived by the "archive mail" function? I thought it was by design that "archive mail" went before everything else, and so spam gets archived with it. Is it different now? From MailScanner at ecs.soton.ac.uk Wed May 31 20:48:14 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 31 20:48:30 2006 Subject: Another call for improvements In-Reply-To: <447DE43E.7000309@gmx.de> References: <447CB0F3.5070401@ecs.soton.ac.uk> <004201c68437$261f6fe0$010a000a@dorfam.ca> <447DD429.2070906@ecs.soton.ac.uk> <447DE43E.7000309@gmx.de> Message-ID: <447DF2FE.2060406@ecs.soton.ac.uk> Christian Pedaschus wrote: > Julian Field wrote: > > >> Kai Schaetzl wrote: >> >> >>> Julian Field wrote on Wed, 31 May 2006 08:53:28 +0100: >>> >>> >>>> Please try the attached patch to MessageBatch.pm. >>>> Sorry to the people who wanted this feature, there is a >>>> significant vote (both on the list and to me) for not doing it. >>>> You will have to switch on "Log Speed" to get it now. >>>> >>>> >>> Hm, would it be possible to do something like sendmail has with "log >>> level" or other packages with "log verbosity"? Have something like a >>> log level of none - don't log anything >>> medium - log only that messages get processed or something like that, >>> but no details >>> full - log like it is now >>> >>> >> This is why I use syslog. You can configure different log levels with >> /etc/syslog.conf. If you just log warn and above, you will only get >> error messages and other warnings. >> >> > As this is my first mail to the list, first some gratitude: "3 server > and 50 workstations start singing a chorus using their busy drives, > praising the master of mailscanner for his great gift (in binary > morse-code) ;) " > > Back to topic: > Isn't a call to syslog more cpu expensive than a 'if then' inside > mailscanner? I mean, it's surely not a big hit, but every cycle counts, > as the quantity matters. > But you are already doing the call to syslog, so it doesn't cost any extra cycles at all. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mailscanner at lists.com.ar Wed May 31 20:48:22 2006 From: mailscanner at lists.com.ar (Leonardo Helman) Date: Wed May 31 20:48:42 2006 Subject: ZMailer default MIME::WordDecoder Message-ID: <20060531194822.GB1917@pert.com.ar> Hi, I have this little patch to ZMailer.pm (only), it was added to every other mta code before (I'm trying to catch up) I've added the MIME::WordDecoder->default->handler('*' => \&MailScanner::Message::WordDecoderKeep7Bit); Question: This code is also in Messages.pm (3 or 4 times) and in the MTA's Is there a reason for that code to be executed several times each mail instead of being (for instance) in WorkForHours or MailScanner::Sendmail::initialise or *::initialise? It's not a heavy call or something, but it looks like setting a default handler for all the program would be all right, just a little more efficient. That if SA or someone don't change it. ============================================================================== --- MailScanner.ORIG/lib/MailScanner/ZMailer.pm 2006-05-30 09:22:08.000000000 -0300 +++ MailScanner/lib/MailScanner/ZMailer.pm 2006-05-30 09:22:47.000000000 -0300 @@ -69,6 +69,8 @@ MailScanner::Config::Default('sendmail2', MailScanner::Config::Value('sendmail')); $UnsortedBatchesLeft = 0; # Disable queue-clearing mode + # The default action is to WARN, and return 1 + MIME::WordDecoder->default->handler('*' => \&MailScanner::Message::WordDecoderKeep7Bit); } # Constructor. ============================================================================== I didn't have the time to try our latest additions to ZMailer code. Saludos -- Leonardo Helman Pert Consultores Argentina From MailScanner at ecs.soton.ac.uk Wed May 31 20:49:10 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 31 20:49:22 2006 Subject: Another call for improvements In-Reply-To: <447DE844.2000803@nkpanama.com> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D8530.8040105@trayerproducts.com> <447DD3D3.90002@ecs.soton.ac.uk> <447DE844.2000803@nkpanama.com> Message-ID: <447DF336.2030106@ecs.soton.ac.uk> Alex Neuman van der Hans wrote: > Julian Field wrote: >> >> >> Rodney Green wrote: >>> Julian Field wrote: >>>> Any of you got any features which you really need? >>>> I don't guarantee to implement them, or even consider them :-) >>> >>> I would really like the ability to archive filtered mail. Currently >>> spam is archived right along with the good mail. The only reason we >>> archive is to have the ability to retrieve e-mail >>> messages that a user deleted. I don't need spam to be part of that >>> archive. >> Spam is archived into the "spam" subdirectory of the day's >> quarantine. Just delete that directory hierarchy at the end of the day. >> > Hold on... so spam isn't archived by the "archive mail" function? I > thought it was by design that "archive mail" went before everything > else, and so spam gets archived with it. Is it different now? It gets archived into a "spam" subdirectory. Look. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From alex at nkpanama.com Wed May 31 21:08:24 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed May 31 21:10:46 2006 Subject: Another call for improvements In-Reply-To: <447DF336.2030106@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D8530.8040105@trayerproducts.com> <447DD3D3.90002@ecs.soton.ac.uk> <447DE844.2000803@nkpanama.com> <447DF336.2030106@ecs.soton.ac.uk> Message-ID: <447DF7B8.6040500@nkpanama.com> Julian Field wrote: >>> >> Hold on... so spam isn't archived by the "archive mail" function? I >> thought it was by design that "archive mail" went before everything >> else, and so spam gets archived with it. Is it different now? > It gets archived into a "spam" subdirectory. Look. > Ok, so to recap, if I have, for example: Archive Mail = %rules-dir%/archive.rules archive.rules: FromOrTo: default no From: alex@nkpanama.com /home/backup/mail/outgoing/alex To: alex@nkpanama.com /home/backup/mail/incoming/alex Spam Actions = attachment deliver header "X-Spam-Status: yes" High Scoring Spam Actions = delete # no need to set header "X-Spam-Status: yes" Non Spam Actions = deliver header "X-Spam-Status: no" Where would the spam go? To the quarantine in a spam folder? From brett at wrl.org Wed May 31 21:15:53 2006 From: brett at wrl.org (Brett Charbeneau) Date: Wed May 31 21:16:43 2006 Subject: Listserv whitelisting: Reply-to header field? Message-ID: Can anyone please offer me some tips on this? I've scoured the list archives and docs and have come up empty-handed. SPECIFICS: Debian 3.1, kernel 2.6.8, Sendmail 8.13.4, MailScanner 4.41.3-2, SpamAssassin 3.0.3-2 (deb packages) Several of my users subscribe to a listserv that consistently gets marked as SPAM and I'm having a hard time figuring out how to whitelist these messages. The listserv creates headers that shows posts as coming from the poster, not the listserv server. This makes filtering on the "From:" field ineffective. I tried to enter a rule in my /etc/MailScanner/rules/spam.whitelist.rules file to filter on the "Reply-To:" field like this: Reply-To: OCLC-Cataloging yes but this isn't working either. I supply a sample of the header from this list below. Date: Tue, 16 May 2006 16:20:36 -0500 Reply-To: OCLC-Cataloging Sender: OCLC-Cataloging From: "Library Cataloger" Subject: {Spam?} Re: [OCLC-CAT] simplify MARC records? To: OCLC-CAT@OCLC.ORG Precedence: list -- ******************************************************************** Brett Charbeneau Network Administrator Williamsburg Regional Library 7770 Croaker Road Williamsburg, VA 23188-7064 (757)259-4044 www.wrl.org (757)259-4079 (fax) brett@wrl.org ******************************************************************** From MailScanner at ecs.soton.ac.uk Wed May 31 21:21:07 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 31 21:21:23 2006 Subject: Another call for improvements In-Reply-To: <447DF7B8.6040500@nkpanama.com> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D8530.8040105@trayerproducts.com> <447DD3D3.90002@ecs.soton.ac.uk> <447DE844.2000803@nkpanama.com> <447DF336.2030106@ecs.soton.ac.uk> <447DF7B8.6040500@nkpanama.com> Message-ID: <447DFAB3.8060306@ecs.soton.ac.uk> Alex Neuman van der Hans wrote: > Julian Field wrote: >>>> >>> Hold on... so spam isn't archived by the "archive mail" function? I >>> thought it was by design that "archive mail" went before everything >>> else, and so spam gets archived with it. Is it different now? >> It gets archived into a "spam" subdirectory. Look. >> > > Ok, so to recap, if I have, for example: > > Archive Mail = %rules-dir%/archive.rules > > archive.rules: > > FromOrTo: default no > From: alex@nkpanama.com /home/backup/mail/outgoing/alex > To: alex@nkpanama.com /home/backup/mail/incoming/alex > > Spam Actions = attachment deliver header "X-Spam-Status: yes" > High Scoring Spam Actions = delete # no need to set header > "X-Spam-Status: yes" > Non Spam Actions = deliver header "X-Spam-Status: no" > > Where would the spam go? To the quarantine in a spam folder? Should do, yes. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From michele at blacknight.ie Wed May 31 21:23:25 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Wed May 31 21:23:28 2006 Subject: Listserv whitelisting: Reply-to header field? In-Reply-To: References: Message-ID: <447DFB3D.8080902@blacknight.ie> Brett Charbeneau wrote: > > Can anyone please offer me some tips on this? I've scoured the list > archives and docs and have come up empty-handed. What about the listserv IP? -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From alex at nkpanama.com Wed May 31 21:33:51 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed May 31 21:34:26 2006 Subject: Another call for improvements In-Reply-To: <447DFAB3.8060306@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D8530.8040105@trayerproducts.com> <447DD3D3.90002@ecs.soton.ac.uk> <447DE844.2000803@nkpanama.com> <447DF336.2030106@ecs.soton.ac.uk> <447DF7B8.6040500@nkpanama.com> <447DFAB3.8060306@ecs.soton.ac.uk> Message-ID: <447DFDAF.5020405@nkpanama.com> Julian Field wrote: > > > Alex Neuman van der Hans wrote: >> Julian Field wrote: >>>>> >>>> Hold on... so spam isn't archived by the "archive mail" function? I >>>> thought it was by design that "archive mail" went before everything >>>> else, and so spam gets archived with it. Is it different now? >>> It gets archived into a "spam" subdirectory. Look. >>> >> >> Ok, so to recap, if I have, for example: >> >> Archive Mail = %rules-dir%/archive.rules >> >> archive.rules: >> >> FromOrTo: default no >> From: alex@nkpanama.com /home/backup/mail/outgoing/alex >> To: alex@nkpanama.com /home/backup/mail/incoming/alex >> >> Spam Actions = attachment deliver header "X-Spam-Status: yes" >> High Scoring Spam Actions = delete # no need to set header >> "X-Spam-Status: yes" >> Non Spam Actions = deliver header "X-Spam-Status: no" >> >> Where would the spam go? To the quarantine in a spam folder? > Should do, yes. > What if I *don't* want to archive spam? Would I have to set up a cron job to delete it? From r.westlake at mail.cryst.bbk.ac.uk Wed May 31 21:34:19 2006 From: r.westlake at mail.cryst.bbk.ac.uk (Richard Westlake) Date: Wed May 31 21:35:01 2006 Subject: Another call for improvements In-Reply-To: <200605312002.k4VK2mFc014583@bkserver.blacknight.ie> References: <200605312002.k4VK2mFc014583@bkserver.blacknight.ie> Message-ID: Julian Many thank for all the work you put into an excellent product. You asked for suggestions so here is mine. It would be useful if the init script you distribute could look in a standard place for local customisations. This would save me merging my changes with your script when I upgrade. I customised the scripts to start and stop extra services, add additional command line arguments, change the behaviour of existing command line arguments and perform some other site specific actions. The local customisation are in an extra file MailScanner.local which the main script sources, however I still need to add the hooks into your script when I upgrade. If you want I could send you my scripts, which show the hooks in the main file and how the local customisations work. All the best, and thanks again for all your work Richard Westlake School of Crystallography, Birkbeck College, Malet Street, London WC1E 7HX Tel: 020-7631-6859 ---------------------------------------------------------------------- Truth endures but spelling changes -- Anon. ---------------------------------------------------------------------- From matt at coders.co.uk Wed May 31 22:48:39 2006 From: matt at coders.co.uk (Matt Hampton) Date: Wed May 31 22:48:37 2006 Subject: Getting pounded .. sigh In-Reply-To: <447D6F3B.3000500@coders.co.uk> References: <04d501c683ec$1babc400$2901010a@office.fsl> <447C9FE1.70501@coders.co.uk> <447CAD13.5080804@ecs.soton.ac.uk> <447D6F3B.3000500@coders.co.uk> Message-ID: <447E0F37.5000602@coders.co.uk> Matt Hampton wrote: > Julian Field wrote: >> Please let me know the outcome of this, particularly if it needs a >> change to my MailScanner startup script to do this. >> > Early tests show that this will only work if you have split > configurations for the in and outbound processes. Confirmed on more than one platform. This only works with split configuration. I have updated the wiki to reflect this matt From jchezny at northcarolina.edu Wed May 31 23:36:56 2006 From: jchezny at northcarolina.edu (jchezny@northcarolina.edu) Date: Wed May 31 23:37:00 2006 Subject: Question about whitelisting a domain Message-ID: <1149115016.447e1a88c7c0d@webmail.northcarolina.edu> Can any one help me determine why one domain out of twelve is not whitelisted; even though this domain is listed in the 'Whitelist for Mailwatch'? System particulars: OS: RHEL 4 MS: 4.51.6 MailWatch 1.0.3 MTA: postfix-2.1.5-4.2.RHEL4 CPU: 2.8 GHz, Intel(R) Xeon(TM) Kind regards, -jc P.S. Thanks Julian for a great product. I bought the book! ---------------------------------------------------------------- This message was sent with UNC-GA Webmail http://webmail.northcarolina.edu From mikej at rogers.com Wed May 31 23:40:20 2006 From: mikej at rogers.com (Mike Jakubik) Date: Wed May 31 23:40:16 2006 Subject: Deleting blacklisted items (instead of storing) Message-ID: <447E1B54.3090600@rogers.com> I have my lows scoring spam set to store, and high to delete. Whenever a message is received that is blacklisted it is stored. Is there any way to setup MS to delete blacklisted items? From gdoris at rogers.com Wed May 31 23:47:45 2006 From: gdoris at rogers.com (Gerry Doris) Date: Wed May 31 23:48:09 2006 Subject: Another call for improvements In-Reply-To: References: <447CB0F3.5070401@ecs.soton.ac.uk> <004201c68437$261f6fe0$010a000a@dorfam.ca> Message-ID: On Wed, 31 May 2006, Julian Field wrote: > Please try the attached patch to MessageBatch.pm. > > Sorry to the people who wanted this feature, there is a significant vote > (both on the list and to me) for not doing it. You will have to switch on > "Log Speed" to get it now. I tried both the Log Speed settings of yes and no. The patch worked correctly for both. Thanks! -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From michele at blacknight.ie Wed May 31 23:50:58 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Wed May 31 23:51:01 2006 Subject: Deleting blacklisted items (instead of storing) In-Reply-To: <447E1B54.3090600@rogers.com> References: <447E1B54.3090600@rogers.com> Message-ID: <447E1DD2.7070703@blacknight.ie> Mike Jakubik wrote: > I have my lows scoring spam set to store, and high to delete. Whenever a > message is received that is blacklisted it is stored. Is there any way > to setup MS to delete blacklisted items? > What do you mean by blacklisted? Your personal blacklist or listed in a DNSBL? -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239