From jrudd at ucsc.edu Mon May 1 02:11:33 2006 From: jrudd at ucsc.edu (John Rudd) Date: Mon May 1 02:11:57 2006 Subject: Rejecting Unknown Non-Local Users with MailScanner (4.47.4-2) In-Reply-To: <44552E1F.2090502@pronet.co.nz> References: <445491CA.4070805@blacknight.ie> <44552E1F.2090502@pronet.co.nz> Message-ID: <1676ef6d85877f9363bd69c27ed47fcb@ucsc.edu> On Apr 30, 2006, at 2:37 PM, Brent Addis wrote: > Michele Neylon :: Blacknight.ie wrote: >> Bernard.Lheureux@ibsbe.be wrote: >> >>> I'm looking for a solution that could allow me to reject unknown >>> non-local users mails that come through a MailRelay (MailScanner >>> 4.47.4-2) but not with posfix, I use Sendmail to relay to an Exchange >>> 2003 server. >>> All the soluces that I found are made for Postfix... >>> I suppose it should also exist for sendmail, do you have an idea >>> where I >>> could find infos about it ? >>> >>> >> >> Milter ahead >> >> >> > Does sendmail not do some sort of callout verification? Most other > MTA's I have used since dropping Sendmail have supported it for a long > time. > > Why run Milter if your MTA has most everything milter does built in? > > http://grep.be/blog/en/retorts/milter-ahead.php?show_comments=yes > Why include in core functionality something which can be modular, site specific behavior, and optional? Why not leave it to "plug-ins" (which is what milters are)? Another answer to the original question: mimedefang (another sendmail milter, and VERY flexible) From jrudd at ucsc.edu Mon May 1 02:22:13 2006 From: jrudd at ucsc.edu (John Rudd) Date: Mon May 1 02:22:36 2006 Subject: how to bock mailservers that have only an ip address In-Reply-To: References: Message-ID: <174f1c3328958f4d88dfbec3b0aceab8@ucsc.edu> On Apr 30, 2006, at 6:45 AM, kte@nexis.be wrote: > I ?there a way to block server who don't have an DNS name but only > resolve to an ip address in sendmail? As you can see, other people like the require_rdns.m4 sendmail hack. I prefer using filter_sender in mimedefang: 1) require_rdns has different return codes than I want for different cases (yes, I could modify require_rdns, but then that gets into hacking a hack which gets bad for long term maintainability) 2) I'm not sure if require_rdns can be made to exempt those in certain IP blocks, those who have done SMTP-AUTH, etc ... but mimedefang can (that's why I do the check in filter_sender instead of filter_relay). 3) mimedefang lets you do LOTS of other checks, is incredibly flexible, and you modify behaviors in perl instead of sendmail cf expressions ... I much prefer perl to sendmail cf files. It can check for recipients on remote relays (similar to milter-ahead), HELO/EHLO verification, and even attachment filename/filetype checks, anti-virus checks, and SpamAssassin. Last week I posted a URL to my mimedefang-filter (which is where all of your site-specific perl code goes). I'm about to re-do it, though (clean up the code some, move some code around to sub-routines so it's easier to customize certain details, have different versions for people who may want to skip virus/attachment/anti-spam checks if they're doing that somewhere else, etc.). I'll post about the update in a couple days. From pete at enitech.com.au Mon May 1 03:42:19 2006 From: pete at enitech.com.au (Peter Russell) Date: Mon May 1 03:42:33 2006 Subject: Recommended SpamAssassin Rules (for RDJ) In-Reply-To: <012d01c66909$3e733e80$3004010a@martinhlaptop> References: <012d01c66909$3e733e80$3004010a@martinhlaptop> Message-ID: <4455758B.8090500@enitech.com.au> Just a note on James rules, they are very aggressive. They created a LOT of FPs for us. I suggest you watch your log carefully for a few days after you deploy them. Martin Hepworth wrote: > Jason > > There's a thing in the wiki about this.....nut basically I run all the ones > listed in rulesemporium.com and a few others from James Grey... > > http://files.grayonline.id.au/ > > If you need the rulesdujour config for James's rules let me know off list.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Jason Williams >> Sent: 25 April 2006 16:39 >> To: MailScanner discussion >> Subject: Recommended SpamAssassin Rules (for RDJ) >> >> Just curious here, what rules people liked to use with SpamAssassin. I >> also use RDJ for SA. >> >> Right now, im using: >> >> 70_sare_evilnum0 >> 70_sare_random >> 70_sare_stocks >> 70_sare_unsub >> >> I know there are a lot more, but thought I'd ask here for a list of >> recommendations, before I start downloading a bunch of rules. >> >> Just trying to make my Spam detection that much better. >> >> Thanks, >> >> Jason >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner , and is >> believed to be clean. > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > From james at grayonline.id.au Mon May 1 05:28:02 2006 From: james at grayonline.id.au (James Gray) Date: Mon May 1 05:28:40 2006 Subject: Recommended SpamAssassin Rules (for RDJ) In-Reply-To: <4455758B.8090500@enitech.com.au> References: <012d01c66909$3e733e80$3004010a@martinhlaptop> <4455758B.8090500@enitech.com.au> Message-ID: <200605011428.10703.james@grayonline.id.au> On Mon, 1 May 2006 12:42 pm, Peter Russell wrote: > Just a note on James rules, they are very aggressive. They created a LOT > of FPs for us. I suggest you watch your log carefully for a few days > after you deploy them. Indeed they are. That's why my site adds the following disclaimer: The usual "no warranty given or implied" applies to all my rules. If they work for you, then that's just super :) If they jump up and eat your dog, cause your girlfriend to leave you, make you car explode or e-mail to disappear then don't blame me - it's up to you to test these rules for suitability to your own mail setup. Specifically my rules really punish anything that looks vaguely medical in content. Administrators working for medical institutions should audit these rules VERY carefully! So yah - be careful. Cheers, James -- "My life is a soap opera, but who has the rights?" -- MadameX -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060501/158110a0/attachment.bin From alex at nkpanama.com Mon May 1 05:46:39 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon May 1 05:47:01 2006 Subject: OT: Just testing Message-ID: <445592AF.1010507@nkpanama.com> Just testing a new set of procmail recipes... Pay no attention to the man behind the curtain... :) From mailscanner at mango.zw Mon May 1 09:30:35 2006 From: mailscanner at mango.zw (Jim Holland) Date: Mon May 1 09:33:07 2006 Subject: how to bock mailservers that have only an ip address In-Reply-To: <174f1c3328958f4d88dfbec3b0aceab8@ucsc.edu> Message-ID: On Sun, 30 Apr 2006, John Rudd wrote: > As you can see, other people like the require_rdns.m4 sendmail hack. I > prefer using filter_sender in mimedefang: > > 1) require_rdns has different return codes than I want for different > cases (yes, I could modify require_rdns, but then that gets into > hacking a hack which gets bad for long term maintainability) I am already in that situation with require_rdns, but agree it isn't very desirable. > 2) I'm not sure if require_rdns can be made to exempt those in certain > IP blocks, those who have done SMTP-AUTH, etc ... but mimedefang can > (that's why I do the check in filter_sender instead of filter_relay). You can control whitelisting in your access file. > 3) mimedefang lets you do LOTS of other checks, is incredibly flexible, > and you modify behaviors in perl instead of sendmail cf expressions ... > I much prefer perl to sendmail cf files. It can check for recipients on > remote relays (similar to milter-ahead), HELO/EHLO verification, and > even attachment filename/filetype checks, anti-virus checks, and > SpamAssassin. Having had a look at mimedefang it looks as if it is an alternative package to MailScanner, rather than complementary, and hence not at all compatible with it. All incoming mail would get parsed by mimedefang, with all attachments being extracted etc, only to have the same mail then being reprocessed and split again by MailScanner. This looks like an incredible waste of resources, especially if it is just to make use of a couple of mimedefang features such as milter-ahead, HELO/EHLO verification or blocking of servers with no PTR records. Carrying out filename/ filetype checks, anti-virus checks, and running SpamAssassin through mimedefang while also using MailScanner is clearly pointless as MailScanner does it all so much better. I see the benefits of plugins that work directly with sendmail for additional MTA-related functionality, but using mimedefang filters for that purpose together with MailScanner seems incredible overkill. > Last week I posted a URL to my mimedefang-filter (which is where all of > your site-specific perl code goes). I'm about to re-do it, though > (clean up the code some, move some code around to sub-routines so it's > easier to customize certain details, have different versions for people > who may want to skip virus/attachment/anti-spam checks if they're doing > that somewhere else, etc.). I'll post about the update in a couple > days. Do you have an integrated solution that ensures that MailScanner continues to do what it does best while disabling all the MailScanner-type features in mimedefang so as to avoid the enormous performance hit that will happen if all messages are MIME-decoded twice? Surely the logical approach is to write milters that work directly with sendmail (as with milter-ahead) instead of filters that work with mimedefang which then hooks into sendmail? Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From MailScanner at ecs.soton.ac.uk Mon May 1 10:24:57 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 1 10:25:17 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released Message-ID: <4455D3E9.8010405@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just released the May release of MailScanner, version 4.53.6. The main new improvements this month are: - - Support for sa-update as provided with recent versions of SpamAssassin. - - Support for the new format of headers files produced by Exim 4.61. - - Many improvements to the handling of, and response to, Web Bugs. - - Support for the "gunzip" command so that filetype and filename checks can be done on compressed files created with either the "gzip" or "compress" commands. - - Support for numerical IP addresses in phishing.safe.sites.conf. Using this, entire servers can be whitelisted with one entry, removing the need to add every domain provided by that server. - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that entries can be written as "Max SpamAssassin Size = 30k" instead of "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. You can download it as usual from www.mailscanner.info The full Change Log is * New Features and Improvements * - - Attachment extraction now checks for available disk space and a DoS attack using messages with high expansion ratios will fail even quicker than it did before. - - Added new setting "SpamAssassin Local State Dir" to support the sa-update tool provided with MailScanner these days, to provide a way of auto- updating the core SpamAssassin rulesets. The default value is set to what you need for Linux (/var/lib). - - Added new cron job to run sa-update every night. The location of the sa-update program is read from /etc/sysconfig/MailScanner. - - Added support for new header -H file format in Exim 4.61. - - Added 2 new configuration options "Gunzip Command" and "Gunzip Timeout" to enable unpacking of gzip-ed files for filename and filetype checking. Even if this is disabled, gzip-ed files will still be virus scanned. - - Added support for numerical entries in phishing.safe.sites.conf file. - - Added support for optional multipliers in numbers in MailScanner.conf. So you can now write "50M" instead of "50000000". The multipliers supported are "k", "m" and "g" to denote 1 thousand, 1 million and 1 billion (10^9) in upper or lower case. You must *not* put any spaces between the number and the multiplier character. - - Added a new configuration option "Ignored Web Bug Filenames". This allows you to whitelist a bunch of filenames that can appear in the URLs of potential web bugs. So if you decide that all potential web bugs with "spacer" or "pixel.gif" in the filename are just padding for page layout, then you can make it ignore them by adding them to this list. A sample list is provided in MailScanner.conf. This is disabled by default, as spammers may start to use this as a means of circumventing the Web Bug trap. - - When Web Bugs are disarmed, the URL used to replace the original web bug can now be set using the new configuration option "Web Bug Replacement". If this is not specified, then the old value of "MailScannerWebBug" is used. The default value supplied in the MailScanner.conf file is the address of an untracked 1x1 pixel transparent gif (51 bytes) hosted on the MailScanner web site. This will not be tracked other than to supply an overall count of the number of hits this image gets, for overall statistical purposes. - - Added Razor2 to the list of plugins automatically enabled by the ClamAV+SA easy-to-install package, due to the recent change in licence. Now if DCC could go the same way... * Fixes * - - Fixed bug in DoS attack handler. Thanks for Jorge for this. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFXT6hH2WUcUFbZUEQJqkwCgnB2LzUyvYkHin3/aLN6I7WHsomMAn3au BZyQSK0p+xYHKI8JQJk383/l =qePP -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From jrudd at ucsc.edu Mon May 1 11:18:31 2006 From: jrudd at ucsc.edu (John Rudd) Date: Mon May 1 11:19:17 2006 Subject: how to bock mailservers that have only an ip address In-Reply-To: References: Message-ID: <2343d306f6cd0d1e03d50b748a433ef1@ucsc.edu> On May 1, 2006, at 1:30 AM, Jim Holland wrote: > On Sun, 30 Apr 2006, John Rudd wrote: > > >> 2) I'm not sure if require_rdns can be made to exempt those in certain >> IP blocks, those who have done SMTP-AUTH, etc ... but mimedefang can >> (that's why I do the check in filter_sender instead of filter_relay). > > You can control whitelisting in your access file. Which doesn't answer the part about SMTP-AUTH. Which was the important part, really. >> 3) mimedefang lets you do LOTS of other checks, is incredibly >> flexible, >> and you modify behaviors in perl instead of sendmail cf expressions >> ... >> I much prefer perl to sendmail cf files. It can check for recipients >> on >> remote relays (similar to milter-ahead), HELO/EHLO verification, and >> even attachment filename/filetype checks, anti-virus checks, and >> SpamAssassin. > > Having had a look at mimedefang it looks as if it is an alternative > package to MailScanner, rather than complementary, and hence not at all > compatible with it. It is both alternative and complementary. Depending on how you use it. Yes, you can do virus, filename, filetype, and spam checks in mimedefang. Or not. You can vary your actions for each check, too. Just like in mailscanner. You can also do checks during SMTP time, unlike mailscanner. And you can do checks during the connection based upon the relay, the helo/ehlo string, the sender, sender-options, and recipients. For example, I can reject all connections from hosts whose IP address appears in their hostname. Or reject all connections from hosts whose forward and reverse DNS don't match. I can't _easily_ do those with mailscanner. And I definitely can't do them during the SMTP session. Last, I can do my virus scanning in mimedefang, and thus reduce the amount of anti-spam work that mailscanner does by eliminating the viruses first. Something several people have wanted to do in mailscanner, but that Julian has said would require too much of a re-write to accomplish any time soon. > All incoming mail would get parsed by mimedefang, > with all attachments being extracted etc, only to have the same mail > then > being reprocessed and split again by MailScanner. This looks like an > incredible waste of resources, AFAIK, it's a small drop in the bucket compared to running SpamAssassin. Though, mimedefang does have an option for turning off various checks.. so I've asked for a way to turn off MIME decoding (and thus turning off "filter" and "filter_multipart", but leaving "filter_begin" and "filter_end" on, as I don't think those need MIME decoding in order to run). > especially if it is just to make use of a > couple of mimedefang features such as milter-ahead, HELO/EHLO > verification > or blocking of servers with no PTR records. Carrying out filename/ > filetype checks, anti-virus checks, and running SpamAssassin through > mimedefang while also using MailScanner is clearly pointless as > MailScanner does it all so much better. Who said anything about doing filename/filetype checks, anti-virus checks, and running spam assassin in _both_? IMO, if I was going to do, or recommend, a hybrid approach, I'd do: 0) greet_pause and spamhaus sbl & xbl in sendmail 1) relay, helo, sender, recipient checks, and clamd anti-virus in mimedefang 2) spam assassin, filename, filetype, phishing, and sophos anti-virus in mailscanner (or some other scanner besides clamav, to have a safe 2nd layer of anti-virus scanning) 0 & 1 reduce the number of messages you're feeding through Spam Assassin, which is probably going to be your single biggest resource hog (even if you are MIME decoding every message in both places). I slightly like the filename and filetype checks in mailscanner better than in mimedefang, and if you did find a way to turn off mime decoding in mimedefang, you'd have to do it in mailscanner instead anyway. Though, honestly, I prefer to do it all in mimedefang these days. I have grown to be annoyed by the dual queue approach, and I like to reject as many messages as possible during the SMTP transaction. > I see the benefits of plugins that work directly with sendmail for > additional MTA-related functionality, but using mimedefang filters for > that purpose together with MailScanner seems incredible overkill. > >> Last week I posted a URL to my mimedefang-filter (which is where all >> of >> your site-specific perl code goes). I'm about to re-do it, though >> (clean up the code some, move some code around to sub-routines so it's >> easier to customize certain details, have different versions for >> people >> who may want to skip virus/attachment/anti-spam checks if they're >> doing >> that somewhere else, etc.). I'll post about the update in a couple >> days. > > Do you have an integrated solution that ensures that MailScanner > continues > to do what it does best while disabling all the MailScanner-type > features > in mimedefang so as to avoid the enormous performance hit that will > happen > if all messages are MIME-decoded twice? With the exception of actually turning off the mimedecoding? yes. Just have filter, filter_multipart, and filter_end automatically accept all messages without even looking at them (ie. immediately do: return action_accept(); in filter and filter_multipart, and just immediately return in filter_end). If you're not going to do the virus checking or any header manipulation in filter_begin, you can do the same thing there too. Then just do the things you want in filter_relay, filter_helo, filter_sender, and filter_recipient. Though, I do all of the filter_relay and filter_helo stuff in filter_sender, so that I can exempt based on SMTP-AUTH. > Surely the logical approach is to > write milters that work directly with sendmail (as with milter-ahead) > instead of filters that work with mimedefang which then hooks into > sendmail? uh... what do you think mimedefang is? it's a milter. It is exactly a "milter that works directly with sendmail". It's just more flexible than milter-ahead, that's all. From evanderleun at hal9000.nl Mon May 1 11:18:16 2006 From: evanderleun at hal9000.nl (Erik van der Leun) Date: Mon May 1 12:18:19 2006 Subject: New MS on Gentoo Linux Message-ID: Hi hi, On gentoo linux, I choose to use the perl thingies from portage, instead of the perl modules delivered with MailScanner... This ends up with the wrong name for the module needed when starting MailScanner, namelijk DiskSpace.pm in stead of Df.pm. I fixed it quickly by creating a simple symlink. hal9000 Filesys # pwd /usr/lib/perl5/vendor_perl/5.8.7/Filesys hal9000 Filesys # ls -l total 8 lrwxrwxrwx 1 root root 12 May 1 12:14 Df.pm -> DiskSpace.pm -r-xr-xr-x 1 root root 7923 May 1 12:08 DiskSpace.pm hal9000 Filesys # Just a warning for people on the same platform :) Kind regards, Erik van der Leun From evanderleun at hal9000.nl Mon May 1 12:22:55 2006 From: evanderleun at hal9000.nl (Erik van der Leun) Date: Mon May 1 12:23:02 2006 Subject: mail loops Message-ID: Hi, I've already sent a (mild) warming for gentoo users on the latest stable release of MailScanner (the filename of Df.pm will be different if you use portage to install this perl module), but I didn't even get my MailScanner to work properly after the upgrade. Mail was checked for spam, I got a message the Virusscanning got started, but the first message after that, was the number of messages found in the queue and it kept on looping like this. Mail was accepted, but not delivered... I didn't take a lot time to investigate as I simply don't have it available at the moment. I downgraded and the problem was solved. Did anybody have similar experiences? Kind regards, Erik van der Leun From jaearick at colby.edu Mon May 1 12:36:14 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon May 1 12:39:26 2006 Subject: metric version of 1000? Message-ID: Julian, > - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that > entries can be written as "Max SpamAssassin Size = 30k" instead of > "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. I see you use the metric version of k, m, g. In America we tend to use the old style version of 1024 (2^10), 1048576 (2^20), and 1073741824 (2^30) since we only have two fingers to count with. :) Jeff Earickson Colby College From mailscanner at mango.zw Mon May 1 12:45:08 2006 From: mailscanner at mango.zw (Jim Holland) Date: Mon May 1 12:48:02 2006 Subject: how to bock mailservers that have only an ip address In-Reply-To: <2343d306f6cd0d1e03d50b748a433ef1@ucsc.edu> Message-ID: On Mon, 1 May 2006, John Rudd wrote: > >> 2) I'm not sure if require_rdns can be made to exempt those in certain > >> IP blocks, those who have done SMTP-AUTH, etc ... but mimedefang can > >> (that's why I do the check in filter_sender instead of filter_relay). > > > > You can control whitelisting in your access file. > > Which doesn't answer the part about SMTP-AUTH. Which was the important > part, really. > > >> 3) mimedefang lets you do LOTS of other checks, is incredibly > >> flexible, > >> and you modify behaviors in perl instead of sendmail cf expressions > >> ... > >> I much prefer perl to sendmail cf files. It can check for recipients > >> on > >> remote relays (similar to milter-ahead), HELO/EHLO verification, and > >> even attachment filename/filetype checks, anti-virus checks, and > >> SpamAssassin. > > > > Having had a look at mimedefang it looks as if it is an alternative > > package to MailScanner, rather than complementary, and hence not at all > > compatible with it. > > It is both alternative and complementary. Depending on how you use it. > > Yes, you can do virus, filename, filetype, and spam checks in > mimedefang. Or not. You can vary your actions for each check, too. > Just like in mailscanner. > > You can also do checks during SMTP time, unlike mailscanner. And you > can do checks during the connection based upon the relay, the helo/ehlo > string, the sender, sender-options, and recipients. For example, I can > reject all connections from hosts whose IP address appears in their > hostname. Or reject all connections from hosts whose forward and > reverse DNS don't match. I can't _easily_ do those with mailscanner. > And I definitely can't do them during the SMTP session. Sadly, since starting to use require_rdns I have found that there are so many systems whose PTR records point to invalid hostnames that I am seriously thinking of just limiting its use to blocking those systems with no PTR records at all. The manual workload in whitelisting all the genuine systems with apparently forged addresses is very discouraging. > Last, I can do my virus scanning in mimedefang, and thus reduce the > amount of anti-spam work that mailscanner does by eliminating the > viruses first. Something several people have wanted to do in > mailscanner, but that Julian has said would require too much of a > re-write to accomplish any time soon. Point taken. However I do appreciate the much more satisfactory highly configurable silent virus approach taken by MailScanner than the recommended mimedefang approach: "we believe that on balance, it's better to bounce a virus than to silently discard it. It's almost never a good idea to hide a problem". > > All incoming mail would get parsed by mimedefang, > > with all attachments being extracted etc, only to have the same mail > > then > > being reprocessed and split again by MailScanner. This looks like an > > incredible waste of resources, > > AFAIK, it's a small drop in the bucket compared to running SpamAssassin. > > Though, mimedefang does have an option for turning off various checks.. > so I've asked for a way to turn off MIME decoding (and thus turning off > "filter" and "filter_multipart", but leaving "filter_begin" and > "filter_end" on, as I don't think those need MIME decoding in order to > run). > > > especially if it is just to make use of a > > couple of mimedefang features such as milter-ahead, HELO/EHLO > > verification > > or blocking of servers with no PTR records. Carrying out filename/ > > filetype checks, anti-virus checks, and running SpamAssassin through > > mimedefang while also using MailScanner is clearly pointless as > > MailScanner does it all so much better. > > Who said anything about doing filename/filetype checks, anti-virus > checks, and running spam assassin in _both_? > > IMO, if I was going to do, or recommend, a hybrid approach, I'd do: > > 0) greet_pause and spamhaus sbl & xbl in sendmail > > 1) relay, helo, sender, recipient checks, and clamd anti-virus in > mimedefang > > 2) spam assassin, filename, filetype, phishing, and sophos anti-virus > in mailscanner (or some other scanner besides clamav, to have a safe > 2nd layer of anti-virus scanning) > > 0 & 1 reduce the number of messages you're feeding through Spam > Assassin, which is probably going to be your single biggest resource > hog (even if you are MIME decoding every message in both places). I > slightly like the filename and filetype checks in mailscanner better > than in mimedefang, and if you did find a way to turn off mime decoding > in mimedefang, you'd have to do it in mailscanner instead anyway. Thanks for this very interesting set of suggestions. > Though, honestly, I prefer to do it all in mimedefang these days. I > have grown to be annoyed by the dual queue approach, and I like to > reject as many messages as possible during the SMTP transaction. I agree with this in principle and do adopt this approach. I wonder however if anyone has done any research into one aspect of the behaviour of some spammers: I suspect that when a spam message is rejected directly, they then pass the message off to a different server, using a round-robin approach and making multiple delivery attempts from different locations in the hope that eventually one of them will get through. If this is indeed a significant element in spamming behaviour then the overall traffic load might be less by simply accepting spam and then quarantining it than by trying to reject it at MTA level. > > I see the benefits of plugins that work directly with sendmail for > > additional MTA-related functionality, but using mimedefang filters for > > that purpose together with MailScanner seems incredible overkill. > > > >> Last week I posted a URL to my mimedefang-filter (which is where all > >> of > >> your site-specific perl code goes). I'm about to re-do it, though > >> (clean up the code some, move some code around to sub-routines so it's > >> easier to customize certain details, have different versions for > >> people > >> who may want to skip virus/attachment/anti-spam checks if they're > >> doing > >> that somewhere else, etc.). I'll post about the update in a couple > >> days. > > > > Do you have an integrated solution that ensures that MailScanner > > continues > > to do what it does best while disabling all the MailScanner-type > > features > > in mimedefang so as to avoid the enormous performance hit that will > > happen > > if all messages are MIME-decoded twice? > > With the exception of actually turning off the mimedecoding? yes. > > Just have filter, filter_multipart, and filter_end automatically accept > all messages without even looking at them (ie. immediately do: > > return action_accept(); > > in filter and filter_multipart, and just immediately return in > filter_end). > If you're not going to do the virus checking or any header manipulation > in filter_begin, you can do the same thing there too. Then just do the > things you want in filter_relay, filter_helo, filter_sender, and > filter_recipient. Though, I do all of the filter_relay and filter_helo > stuff in filter_sender, so that I can exempt based on SMTP-AUTH. > > > Surely the logical approach is to > > write milters that work directly with sendmail (as with milter-ahead) > > instead of filters that work with mimedefang which then hooks into > > sendmail? > > uh... what do you think mimedefang is? it's a milter. It is exactly a > "milter that works directly with sendmail". It's just more flexible > than milter-ahead, that's all. Thanks for all your explanations. I will give it a go, but foresee much work in getting to terms with all the options involved, how to manage the additional blacklisting/whitelisting etc, fine tuning of parameters . . . Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From MailScanner at ecs.soton.ac.uk Mon May 1 13:55:14 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 1 13:55:31 2006 Subject: metric version of 1000? In-Reply-To: References: Message-ID: <44560532.3050901@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeff A. Earickson wrote: > Julian, > >> - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that >> entries can be written as "Max SpamAssassin Size = 30k" instead of >> "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. > > I see you use the metric version of k, m, g Correction. I use the version of 1 thousand that I was taught at primary school. > In America we tend to use > the old style version of 1024 (2^10), 1048576 (2^20), and 1073741824 > (2^30) > since we only have two fingers to count with. :) And I thought it was only Apple users whose fingers had all webbed over :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFYFNBH2WUcUFbZUEQIvKgCZAdudW2MhABSlwJk4JO8MzBLDE24Ani13 TCngxsNRcRw4V6vH2dcw70Th =SkYA -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Mon May 1 13:56:53 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 1 13:57:06 2006 Subject: mail loops In-Reply-To: References: Message-ID: <44560595.80704@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In which case stop MailScanner, do "MailScanner --debug" and send us the output. Erik van der Leun wrote: > Hi, > > I've already sent a (mild) warming for gentoo users on the latest stable > release of MailScanner (the filename of Df.pm will be different if you > use portage to install this perl module), but I didn't even get my > MailScanner > to work properly after the upgrade. > > Mail was checked for spam, I got a message the Virusscanning got > started, but > the first message after that, was the number of messages found in the > queue > and it kept on looping like this. > > Mail was accepted, but not delivered... > I didn't take a lot time to investigate as I simply don't have it > available > at the moment. I downgraded and the problem was solved. > > Did anybody have similar experiences? > > Kind regards, > Erik van der Leun - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFYFlRH2WUcUFbZUEQLFLACfQD3n1IAc8Ef33of1eUdn/cwDuAoAoJ8n caAovvutPmulPsve+6s3l1S6 =QJQZ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From evanderleun at hal9000.nl Mon May 1 15:13:13 2006 From: evanderleun at hal9000.nl (Erik van der Leun) Date: Mon May 1 15:25:53 2006 Subject: mail loops In-Reply-To: <44560595.80704@ecs.soton.ac.uk> References: <44560595.80704@ecs.soton.ac.uk> Message-ID: Outgoing mail does not appear to have a problem, logically... I restarted MailScanner to be able to send the mail, and retried debugging mode while MailScanner was still on Air: In Debugging mode, not forking... Ignore errors about failing to find EOCD signature Undefined subroutine &MailScanner::Message::df called at /usr/lib/MailScanner/MailScanner/Message.pm line 1663. This was the only output I got... Might be it though... I'm downgrading again for now, as I do need mailflow :) On Mon, 1 May 2006, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > In which case stop MailScanner, do "MailScanner --debug" and send us the > output. > > Erik van der Leun wrote: >> Hi, >> >> I've already sent a (mild) warming for gentoo users on the latest stable >> release of MailScanner (the filename of Df.pm will be different if you >> use portage to install this perl module), but I didn't even get my >> MailScanner >> to work properly after the upgrade. >> >> Mail was checked for spam, I got a message the Virusscanning got >> started, but >> the first message after that, was the number of messages found in the >> queue >> and it kept on looping like this. >> >> Mail was accepted, but not delivered... >> I didn't take a lot time to investigate as I simply don't have it >> available >> at the moment. I downgraded and the problem was solved. >> >> Did anybody have similar experiences? >> >> Kind regards, >> Erik van der Leun > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRFYFlRH2WUcUFbZUEQLFLACfQD3n1IAc8Ef33of1eUdn/cwDuAoAoJ8n > caAovvutPmulPsve+6s3l1S6 > =QJQZ > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From maillists at conactive.com Mon May 1 15:31:21 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon May 1 15:29:35 2006 Subject: how to bock mailservers that have only an ip address In-Reply-To: References: Message-ID: Jim Holland wrote on Mon, 1 May 2006 13:45:08 +0200 (CAT): > I wonder > however if anyone has done any research into one aspect of the behaviour > of some spammers: I suspect that when a spam message is rejected directly, > they then pass the message off to a different server, using a round-robin > approach and making multiple delivery attempts from different locations in > the hope that eventually one of them will get through. If this is indeed > a significant element in spamming behaviour then the overall traffic load > might be less by simply accepting spam and then quarantining it than by > trying to reject it at MTA level. My personal experience is that domains which accept everything (which includes having a catch-all email alias) "attract" more spam than others. This "experience" is not from a scientific study but just a gut feeling from what I see with our customers from time to time, though. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon May 1 15:31:21 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon May 1 15:29:35 2006 Subject: metric version of 1000? In-Reply-To: References: Message-ID: Jeff A. Earickson wrote on Mon, 1 May 2006 07:36:14 -0400 (EDT): > In America we tend to use > the old style version of 1024 So, disk space of new hard disks is announced "correctly" in the US? I don't believe marketing would allow this ;-) Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon May 1 15:31:21 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon May 1 15:29:37 2006 Subject: how to bock mailservers that have only an ip address In-Reply-To: <2343d306f6cd0d1e03d50b748a433ef1@ucsc.edu> References: <2343d306f6cd0d1e03d50b748a433ef1@ucsc.edu> Message-ID: John Rudd wrote on Mon, 1 May 2006 03:18:31 -0700: > Which doesn't answer the part about SMTP-AUTH. Which was the important > part, really. I suppose you have to use delay_checks to make smtp-auth succeed as it is with other sendmail recipes. I've never used that specific hack since I felt there might be too many false positives and greylisting throws these out, anyway, it seems. > It is both alternative and complementary. Depending on how you use it. I agree with Jim. I think that both packages are really alternatives, not complimentary. If you use both that means you double the memory usage and since both are Perl based that means you need a *lot* of memory. Both packages are similar in many aspects. I doesn't make too much sense for me to run them both just to get that tiny fraction that is missing from one of them. Other aspects which might make up your decision about using the one or the other are ease of configuration (which I cannot assess, I decided years ago to go with MailScanner and never had MimeDefang running, but it were MailScanner and MimeDefang which were my competing alternatives when I decided to drop MailCorral), update cycles/policy (as above, again) and performance (and I think here's a clear advantage for MailScanner: the more mail you get the better should MailScanner perform in contrast to MimeDefang because it runs in queue mode and you can accept mail all the time with the MTA whereas with a milter you have to spawn another instance of it for every open connection). And, of course, there's that basic decision: do you want to reject virus mail at MTA level or quarantine it, just in case it got assessed wrong. Same thing with spam. If one is so confident that the scoring/decision always is right then go with rejecting at MTA level (=MimeDefang or amavisd), if one is not so confident about it then quarantine it (=MailScanner). I for one do it the following way: reject mainly because of "technical" reasons at MTA level (which rejects around 70/80% of all mail, only around 3% of the remaining mail is spam or bad content) and quarantine because of content. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon May 1 16:07:57 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon May 1 16:07:48 2006 Subject: MailScanner ANNOUNCE: Stable 4.53.6 released In-Reply-To: <4455D428.6020502@ecs.soton.ac.uk> References: <4455D428.6020502@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Mon, 01 May 2006 10:26:00 +0100: > I have just released the May release of MailScanner, version 4.53.6. Ok so far. Haven't tested the Webbug functionality yet. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From dml at unb.ca Mon May 1 16:07:37 2006 From: dml at unb.ca (David Lancaster) Date: Mon May 1 16:07:51 2006 Subject: metric version of 1000? In-Reply-To: References: Message-ID: <771E18E9-FE56-4428-BC35-D7D748449FB8@unb.ca> On May 1, 2006, at 11:31 AM, Kai Schaetzl wrote: > Jeff A. Earickson wrote on Mon, 1 May 2006 07:36:14 -0400 (EDT): > >> In America we tend to use >> the old style version of 1024 > > So, disk space of new hard disks is announced "correctly" in the US? I > don't believe marketing would allow this ;-) > Heck no. Can't exaggerate that way... Binary vs SI prefixes: http://physics.nist.gov/cuu/Units/binary.html David -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060501/61d478b5/attachment.html From mailscanner at mango.zw Mon May 1 17:18:11 2006 From: mailscanner at mango.zw (Jim Holland) Date: Mon May 1 17:19:54 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: <4455D3E9.8010405@ecs.soton.ac.uk> Message-ID: Hi Julian Thanks for the new version, however the links to the PGP signatures on your site give a 404 Not found error. Please check. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service On Mon, 1 May 2006, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have just released the May release of MailScanner, version 4.53.6. > > The main new improvements this month are: > > - - Support for sa-update as provided with recent versions of SpamAssassin. > - - Support for the new format of headers files produced by Exim 4.61. > - - Many improvements to the handling of, and response to, Web Bugs. > - - Support for the "gunzip" command so that filetype and filename checks > can be done on compressed files created with either the "gzip" or > "compress" commands. > - - Support for numerical IP addresses in phishing.safe.sites.conf. Using > this, entire servers can be whitelisted with one entry, removing the > need to add every domain provided by that server. > - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that > entries can be written as "Max SpamAssassin Size = 30k" instead of > "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. > > You can download it as usual from > www.mailscanner.info > > The full Change Log is > > * New Features and Improvements * > - - Attachment extraction now checks for available disk space and a DoS attack > using messages with high expansion ratios will fail even quicker than it > did before. > - - Added new setting "SpamAssassin Local State Dir" to support the sa-update > tool provided with MailScanner these days, to provide a way of auto- > updating the core SpamAssassin rulesets. The default value is set to what > you need for Linux (/var/lib). > - - Added new cron job to run sa-update every night. The location of the > sa-update program is read from /etc/sysconfig/MailScanner. > - - Added support for new header -H file format in Exim 4.61. > - - Added 2 new configuration options "Gunzip Command" and "Gunzip Timeout" to > enable unpacking of gzip-ed files for filename and filetype checking. > Even if this is disabled, gzip-ed files will still be virus scanned. > - - Added support for numerical entries in phishing.safe.sites.conf file. > - - Added support for optional multipliers in numbers in MailScanner.conf. > So you can now write "50M" instead of "50000000". The multipliers > supported > are "k", "m" and "g" to denote 1 thousand, 1 million and 1 billion (10^9) > in upper or lower case. > You must *not* put any spaces between the number and the multiplier > character. > - - Added a new configuration option "Ignored Web Bug Filenames". This allows > you to whitelist a bunch of filenames that can appear in the URLs of > potential web bugs. So if you decide that all potential web bugs with > "spacer" or "pixel.gif" in the filename are just padding for page layout, > then you can make it ignore them by adding them to this list. A sample > list is provided in MailScanner.conf. > This is disabled by default, as spammers may start to use this as a means > of circumventing the Web Bug trap. > - - When Web Bugs are disarmed, the URL used to replace the original web bug > can now be set using the new configuration option "Web Bug Replacement". > If this is not specified, then the old value of "MailScannerWebBug" is > used. > The default value supplied in the MailScanner.conf file is the address of > an untracked 1x1 pixel transparent gif (51 bytes) hosted on the > MailScanner > web site. This will not be tracked other than to supply an overall > count of > the number of hits this image gets, for overall statistical purposes. > - - Added Razor2 to the list of plugins automatically enabled by the ClamAV+SA > easy-to-install package, due to the recent change in licence. Now if DCC > could go the same way... > * Fixes * > - - Fixed bug in DoS attack handler. Thanks for Jorge for this. > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRFXT6hH2WUcUFbZUEQJqkwCgnB2LzUyvYkHin3/aLN6I7WHsomMAn3au > BZyQSK0p+xYHKI8JQJk383/l > =qePP > -----END PGP SIGNATURE----- > > From root at doctor.nl2k.ab.ca Mon May 1 17:48:54 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Mon May 1 17:50:15 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: References: <4455D3E9.8010405@ecs.soton.ac.uk> Message-ID: <20060501164854.GA17627@doctor.nl2k.ab.ca> On Mon, May 01, 2006 at 06:18:11PM +0200, Jim Holland wrote: > Hi Julian > > Thanks for the new version, however the links to the PGP signatures on > your site give a 404 Not found error. Please check. > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > > On Mon, 1 May 2006, Julian Field wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > I have just released the May release of MailScanner, version 4.53.6. > > > > The main new improvements this month are: > > > > - - Support for sa-update as provided with recent versions of SpamAssassin. > > - - Support for the new format of headers files produced by Exim 4.61. > > - - Many improvements to the handling of, and response to, Web Bugs. > > - - Support for the "gunzip" command so that filetype and filename checks > > can be done on compressed files created with either the "gzip" or > > "compress" commands. > > - - Support for numerical IP addresses in phishing.safe.sites.conf. Using > > this, entire servers can be whitelisted with one entry, removing the > > need to add every domain provided by that server. > > - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that > > entries can be written as "Max SpamAssassin Size = 30k" instead of > > "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. > > > > You can download it as usual from > > www.mailscanner.info > > > > The full Change Log is > > > > * New Features and Improvements * > > - - Attachment extraction now checks for available disk space and a DoS attack > > using messages with high expansion ratios will fail even quicker than it > > did before. > > - - Added new setting "SpamAssassin Local State Dir" to support the sa-update > > tool provided with MailScanner these days, to provide a way of auto- > > updating the core SpamAssassin rulesets. The default value is set to what > > you need for Linux (/var/lib). > > - - Added new cron job to run sa-update every night. The location of the > > sa-update program is read from /etc/sysconfig/MailScanner. > > - - Added support for new header -H file format in Exim 4.61. > > - - Added 2 new configuration options "Gunzip Command" and "Gunzip Timeout" to > > enable unpacking of gzip-ed files for filename and filetype checking. > > Even if this is disabled, gzip-ed files will still be virus scanned. > > - - Added support for numerical entries in phishing.safe.sites.conf file. > > - - Added support for optional multipliers in numbers in MailScanner.conf. > > So you can now write "50M" instead of "50000000". The multipliers > > supported > > are "k", "m" and "g" to denote 1 thousand, 1 million and 1 billion (10^9) > > in upper or lower case. > > You must *not* put any spaces between the number and the multiplier > > character. > > - - Added a new configuration option "Ignored Web Bug Filenames". This allows > > you to whitelist a bunch of filenames that can appear in the URLs of > > potential web bugs. So if you decide that all potential web bugs with > > "spacer" or "pixel.gif" in the filename are just padding for page layout, > > then you can make it ignore them by adding them to this list. A sample > > list is provided in MailScanner.conf. > > This is disabled by default, as spammers may start to use this as a means > > of circumventing the Web Bug trap. > > - - When Web Bugs are disarmed, the URL used to replace the original web bug > > can now be set using the new configuration option "Web Bug Replacement". > > If this is not specified, then the old value of "MailScannerWebBug" is > > used. > > The default value supplied in the MailScanner.conf file is the address of > > an untracked 1x1 pixel transparent gif (51 bytes) hosted on the > > MailScanner > > web site. This will not be tracked other than to supply an overall > > count of > > the number of hits this image gets, for overall statistical purposes. > > - - Added Razor2 to the list of plugins automatically enabled by the ClamAV+SA > > easy-to-install package, due to the recent change in licence. Now if DCC > > could go the same way... > > * Fixes * > > - - Fixed bug in DoS attack handler. Thanks for Jorge for this. > > > > - -- > > Julian Field > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP Desktop 9.0.6 (Build 6060) > > > > iQA/AwUBRFXT6hH2WUcUFbZUEQJqkwCgnB2LzUyvYkHin3/aLN6I7WHsomMAn3au > > BZyQSK0p+xYHKI8JQJk383/l > > =qePP > > -----END PGP SIGNATURE----- > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. Julian is Filesys-Statvfs_Statfs_Df GOingto be intrical to MailScanner? If so, someone please tell me how I can correct: make test PERL_DL_NONLAZY=1 /usr/bin/perl "-Iblib/lib" "-Iblib/arch" test.pl 1..3 /usr/bin/perl: can't resolve symbol 'statvfs' Can't load 'blib/arch/auto/Filesys/Statvfs/Statvfs.so' for module Filesys::Statvfs: Unable to resolve symbol at /usr/libdata/perl5/5.8.8/i386-bsdos/DynaLoader.pm line 230. at test.pl line 12 Compilation failed in require at test.pl line 12. BEGIN failed--compilation aborted at test.pl line 12. not ok 1 *** Error code 2 Stop. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon May 1 18:33:32 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 1 18:33:50 2006 Subject: mail loops In-Reply-To: References: <44560595.80704@ecs.soton.ac.uk> Message-ID: <4456466C.1080308@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Please can you try changing line 1663 of /usr/lib/MailScanner/MailScanner/Message.pm. Change it to say my $df = Filesys::DF::df($dir, 1024); and let me know if this fixes it. If it does I'll put out another release before tomorrow morning. Erik van der Leun wrote: > > > Outgoing mail does not appear to have a problem, logically... > > I restarted MailScanner to be able to send the mail, and retried > debugging > mode while MailScanner was still on Air: > > In Debugging mode, not forking... > Ignore errors about failing to find EOCD signature > Undefined subroutine &MailScanner::Message::df called at > /usr/lib/MailScanner/MailScanner/Message.pm line 1663. > > This was the only output I got... Might be it though... > > I'm downgrading again for now, as I do need mailflow :) > > On Mon, 1 May 2006, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> In which case stop MailScanner, do "MailScanner --debug" and send us the >> output. >> >> Erik van der Leun wrote: >>> Hi, >>> >>> I've already sent a (mild) warming for gentoo users on the latest >>> stable >>> release of MailScanner (the filename of Df.pm will be different if you >>> use portage to install this perl module), but I didn't even get my >>> MailScanner >>> to work properly after the upgrade. >>> >>> Mail was checked for spam, I got a message the Virusscanning got >>> started, but >>> the first message after that, was the number of messages found in the >>> queue >>> and it kept on looping like this. >>> >>> Mail was accepted, but not delivered... >>> I didn't take a lot time to investigate as I simply don't have it >>> available >>> at the moment. I downgraded and the problem was solved. >>> >>> Did anybody have similar experiences? >>> >>> Kind regards, >>> Erik van der Leun >> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.6 (Build 6060) >> >> iQA/AwUBRFYFlRH2WUcUFbZUEQLFLACfQD3n1IAc8Ef33of1eUdn/cwDuAoAoJ8n >> caAovvutPmulPsve+6s3l1S6 >> =QJQZ >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFZGbRH2WUcUFbZUEQKhLgCcD1Wr/dcWVRvvA+8aIDngBJ1M+EkAnj4E bVt4nI/GlG7cuPvnOF4OnmZx =J2yj -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Mon May 1 18:41:10 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 1 18:41:28 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: References: Message-ID: <44564836.6010306@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fixed. Sorry. Jim Holland wrote: > Hi Julian > > Thanks for the new version, however the links to the PGP signatures on > your site give a 404 Not found error. Please check. > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > > On Mon, 1 May 2006, Julian Field wrote: > > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I have just released the May release of MailScanner, version 4.53.6. >> >> The main new improvements this month are: >> >> - - Support for sa-update as provided with recent versions of SpamAssassin. >> - - Support for the new format of headers files produced by Exim 4.61. >> - - Many improvements to the handling of, and response to, Web Bugs. >> - - Support for the "gunzip" command so that filetype and filename checks >> can be done on compressed files created with either the "gzip" or >> "compress" commands. >> - - Support for numerical IP addresses in phishing.safe.sites.conf. Using >> this, entire servers can be whitelisted with one entry, removing the >> need to add every domain provided by that server. >> - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that >> entries can be written as "Max SpamAssassin Size = 30k" instead of >> "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. >> >> You can download it as usual from >> www.mailscanner.info >> >> The full Change Log is >> >> * New Features and Improvements * >> - - Attachment extraction now checks for available disk space and a DoS attack >> using messages with high expansion ratios will fail even quicker than it >> did before. >> - - Added new setting "SpamAssassin Local State Dir" to support the sa-update >> tool provided with MailScanner these days, to provide a way of auto- >> updating the core SpamAssassin rulesets. The default value is set to what >> you need for Linux (/var/lib). >> - - Added new cron job to run sa-update every night. The location of the >> sa-update program is read from /etc/sysconfig/MailScanner. >> - - Added support for new header -H file format in Exim 4.61. >> - - Added 2 new configuration options "Gunzip Command" and "Gunzip Timeout" to >> enable unpacking of gzip-ed files for filename and filetype checking. >> Even if this is disabled, gzip-ed files will still be virus scanned. >> - - Added support for numerical entries in phishing.safe.sites.conf file. >> - - Added support for optional multipliers in numbers in MailScanner.conf. >> So you can now write "50M" instead of "50000000". The multipliers >> supported >> are "k", "m" and "g" to denote 1 thousand, 1 million and 1 billion (10^9) >> in upper or lower case. >> You must *not* put any spaces between the number and the multiplier >> character. >> - - Added a new configuration option "Ignored Web Bug Filenames". This allows >> you to whitelist a bunch of filenames that can appear in the URLs of >> potential web bugs. So if you decide that all potential web bugs with >> "spacer" or "pixel.gif" in the filename are just padding for page layout, >> then you can make it ignore them by adding them to this list. A sample >> list is provided in MailScanner.conf. >> This is disabled by default, as spammers may start to use this as a means >> of circumventing the Web Bug trap. >> - - When Web Bugs are disarmed, the URL used to replace the original web bug >> can now be set using the new configuration option "Web Bug Replacement". >> If this is not specified, then the old value of "MailScannerWebBug" is >> used. >> The default value supplied in the MailScanner.conf file is the address of >> an untracked 1x1 pixel transparent gif (51 bytes) hosted on the >> MailScanner >> web site. This will not be tracked other than to supply an overall >> count of >> the number of hits this image gets, for overall statistical purposes. >> - - Added Razor2 to the list of plugins automatically enabled by the ClamAV+SA >> easy-to-install package, due to the recent change in licence. Now if DCC >> could go the same way... >> * Fixes * >> - - Fixed bug in DoS attack handler. Thanks for Jorge for this. >> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.6 (Build 6060) >> >> iQA/AwUBRFXT6hH2WUcUFbZUEQJqkwCgnB2LzUyvYkHin3/aLN6I7WHsomMAn3au >> BZyQSK0p+xYHKI8JQJk383/l >> =qePP >> -----END PGP SIGNATURE----- >> >> >> > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFZIOBH2WUcUFbZUEQJNfQCcCu/0xT6xzr3eNqXmExHdok8uLhsAniyr LqYZCLlX0BSptazkZWJnMHar =xBnw -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Mon May 1 18:47:04 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 1 18:47:15 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: <20060501164854.GA17627@doctor.nl2k.ab.ca> References: <4455D3E9.8010405@ecs.soton.ac.uk> <20060501164854.GA17627@doctor.nl2k.ab.ca> Message-ID: <44564998.70902@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > On Mon, May 01, 2006 at 06:18:11PM +0200, Jim Holland wrote: > >> Hi Julian >> >> Thanks for the new version, however the links to the PGP signatures on >> your site give a 404 Not found error. Please check. >> >> Regards >> >> Jim Holland >> System Administrator >> MANGO - Zimbabwe's non-profit e-mail service >> >> On Mon, 1 May 2006, Julian Field wrote: >> >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> I have just released the May release of MailScanner, version 4.53.6. >>> >>> The main new improvements this month are: >>> >>> - - Support for sa-update as provided with recent versions of SpamAssassin. >>> - - Support for the new format of headers files produced by Exim 4.61. >>> - - Many improvements to the handling of, and response to, Web Bugs. >>> - - Support for the "gunzip" command so that filetype and filename checks >>> can be done on compressed files created with either the "gzip" or >>> "compress" commands. >>> - - Support for numerical IP addresses in phishing.safe.sites.conf. Using >>> this, entire servers can be whitelisted with one entry, removing the >>> need to add every domain provided by that server. >>> - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that >>> entries can be written as "Max SpamAssassin Size = 30k" instead of >>> "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. >>> >>> You can download it as usual from >>> www.mailscanner.info >>> >>> The full Change Log is >>> >>> * New Features and Improvements * >>> - - Attachment extraction now checks for available disk space and a DoS attack >>> using messages with high expansion ratios will fail even quicker than it >>> did before. >>> - - Added new setting "SpamAssassin Local State Dir" to support the sa-update >>> tool provided with MailScanner these days, to provide a way of auto- >>> updating the core SpamAssassin rulesets. The default value is set to what >>> you need for Linux (/var/lib). >>> - - Added new cron job to run sa-update every night. The location of the >>> sa-update program is read from /etc/sysconfig/MailScanner. >>> - - Added support for new header -H file format in Exim 4.61. >>> - - Added 2 new configuration options "Gunzip Command" and "Gunzip Timeout" to >>> enable unpacking of gzip-ed files for filename and filetype checking. >>> Even if this is disabled, gzip-ed files will still be virus scanned. >>> - - Added support for numerical entries in phishing.safe.sites.conf file. >>> - - Added support for optional multipliers in numbers in MailScanner.conf. >>> So you can now write "50M" instead of "50000000". The multipliers >>> supported >>> are "k", "m" and "g" to denote 1 thousand, 1 million and 1 billion (10^9) >>> in upper or lower case. >>> You must *not* put any spaces between the number and the multiplier >>> character. >>> - - Added a new configuration option "Ignored Web Bug Filenames". This allows >>> you to whitelist a bunch of filenames that can appear in the URLs of >>> potential web bugs. So if you decide that all potential web bugs with >>> "spacer" or "pixel.gif" in the filename are just padding for page layout, >>> then you can make it ignore them by adding them to this list. A sample >>> list is provided in MailScanner.conf. >>> This is disabled by default, as spammers may start to use this as a means >>> of circumventing the Web Bug trap. >>> - - When Web Bugs are disarmed, the URL used to replace the original web bug >>> can now be set using the new configuration option "Web Bug Replacement". >>> If this is not specified, then the old value of "MailScannerWebBug" is >>> used. >>> The default value supplied in the MailScanner.conf file is the address of >>> an untracked 1x1 pixel transparent gif (51 bytes) hosted on the >>> MailScanner >>> web site. This will not be tracked other than to supply an overall >>> count of >>> the number of hits this image gets, for overall statistical purposes. >>> - - Added Razor2 to the list of plugins automatically enabled by the ClamAV+SA >>> easy-to-install package, due to the recent change in licence. Now if DCC >>> could go the same way... >>> * Fixes * >>> - - Fixed bug in DoS attack handler. Thanks for Jorge for this. >>> >>> - -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.0.6 (Build 6060) >>> >>> iQA/AwUBRFXT6hH2WUcUFbZUEQJqkwCgnB2LzUyvYkHin3/aLN6I7WHsomMAn3au >>> BZyQSK0p+xYHKI8JQJk383/l >>> =qePP >>> -----END PGP SIGNATURE----- >>> >>> >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> > > > Julian is Filesys-Statvfs_Statfs_Df > > GOingto be intrical to MailScanner? > intrical? intrinsically critical? > > If so, someone please tell me how I can correct: > > make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-Iblib/lib" "-Iblib/arch" test.pl > 1..3 > /usr/bin/perl: can't resolve symbol 'statvfs' > Can't load 'blib/arch/auto/Filesys/Statvfs/Statvfs.so' for module Filesys::Statvfs: Unable to resolve symbol at /usr/libdata/perl5/5.8.8/i386-bsdos/DynaLoader.pm line 230. > at test.pl line 12 > Compilation failed in require at test.pl line 12. > BEGIN failed--compilation aborted at test.pl line 12. > not ok 1 > *** Error code 2 > > Stop. That's not good. Please file a bug with the author of Filesys::Df. It appears it fails under BSD :-( To work around it for now, find where Message.pm has been put on your BSD system (possibly /opt/MailScanner/lib/MailScanner/Message.pm or /usr/lib/MailScanner/MailScanner/Message.pm?) and edit it. Change line 1663 from my $df = df($dir, 1024); to my $df = undef; and then restart MailScanner. This will just eliminate the check. Make sure you don't run out of disk space :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFZJmRH2WUcUFbZUEQKdDQCgsZhPcrJoF32oC9kUHvL3w9UqE7AAnA03 ZZe+sL/7Vfx0WjC4ys2/7DQC =QRta -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From root at doctor.nl2k.ab.ca Mon May 1 19:13:20 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Mon May 1 19:13:36 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: <44564998.70902@ecs.soton.ac.uk> References: <4455D3E9.8010405@ecs.soton.ac.uk> <20060501164854.GA17627@doctor.nl2k.ab.ca> <44564998.70902@ecs.soton.ac.uk> Message-ID: <20060501181320.GB28918@doctor.nl2k.ab.ca> On Mon, May 01, 2006 at 06:47:04PM +0100, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Dave Shariff Yadallee - System Administrator a.k.a. The Root of the > Problem wrote: > > On Mon, May 01, 2006 at 06:18:11PM +0200, Jim Holland wrote: > > > >> Hi Julian > >> > >> Thanks for the new version, however the links to the PGP signatures on > >> your site give a 404 Not found error. Please check. > >> > >> Regards > >> > >> Jim Holland > >> System Administrator > >> MANGO - Zimbabwe's non-profit e-mail service > >> > >> On Mon, 1 May 2006, Julian Field wrote: > >> > >> > >>> -----BEGIN PGP SIGNED MESSAGE----- > >>> Hash: SHA1 > >>> > >>> I have just released the May release of MailScanner, version 4.53.6. > >>> > >>> The main new improvements this month are: > >>> > >>> - - Support for sa-update as provided with recent versions of SpamAssassin. > >>> - - Support for the new format of headers files produced by Exim 4.61. > >>> - - Many improvements to the handling of, and response to, Web Bugs. > >>> - - Support for the "gunzip" command so that filetype and filename checks > >>> can be done on compressed files created with either the "gzip" or > >>> "compress" commands. > >>> - - Support for numerical IP addresses in phishing.safe.sites.conf. Using > >>> this, entire servers can be whitelisted with one entry, removing the > >>> need to add every domain provided by that server. > >>> - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that > >>> entries can be written as "Max SpamAssassin Size = 30k" instead of > >>> "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. > >>> > >>> You can download it as usual from > >>> www.mailscanner.info > >>> > >>> The full Change Log is > >>> > >>> * New Features and Improvements * > >>> - - Attachment extraction now checks for available disk space and a DoS attack > >>> using messages with high expansion ratios will fail even quicker than it > >>> did before. > >>> - - Added new setting "SpamAssassin Local State Dir" to support the sa-update > >>> tool provided with MailScanner these days, to provide a way of auto- > >>> updating the core SpamAssassin rulesets. The default value is set to what > >>> you need for Linux (/var/lib). > >>> - - Added new cron job to run sa-update every night. The location of the > >>> sa-update program is read from /etc/sysconfig/MailScanner. > >>> - - Added support for new header -H file format in Exim 4.61. > >>> - - Added 2 new configuration options "Gunzip Command" and "Gunzip Timeout" to > >>> enable unpacking of gzip-ed files for filename and filetype checking. > >>> Even if this is disabled, gzip-ed files will still be virus scanned. > >>> - - Added support for numerical entries in phishing.safe.sites.conf file. > >>> - - Added support for optional multipliers in numbers in MailScanner.conf. > >>> So you can now write "50M" instead of "50000000". The multipliers > >>> supported > >>> are "k", "m" and "g" to denote 1 thousand, 1 million and 1 billion (10^9) > >>> in upper or lower case. > >>> You must *not* put any spaces between the number and the multiplier > >>> character. > >>> - - Added a new configuration option "Ignored Web Bug Filenames". This allows > >>> you to whitelist a bunch of filenames that can appear in the URLs of > >>> potential web bugs. So if you decide that all potential web bugs with > >>> "spacer" or "pixel.gif" in the filename are just padding for page layout, > >>> then you can make it ignore them by adding them to this list. A sample > >>> list is provided in MailScanner.conf. > >>> This is disabled by default, as spammers may start to use this as a means > >>> of circumventing the Web Bug trap. > >>> - - When Web Bugs are disarmed, the URL used to replace the original web bug > >>> can now be set using the new configuration option "Web Bug Replacement". > >>> If this is not specified, then the old value of "MailScannerWebBug" is > >>> used. > >>> The default value supplied in the MailScanner.conf file is the address of > >>> an untracked 1x1 pixel transparent gif (51 bytes) hosted on the > >>> MailScanner > >>> web site. This will not be tracked other than to supply an overall > >>> count of > >>> the number of hits this image gets, for overall statistical purposes. > >>> - - Added Razor2 to the list of plugins automatically enabled by the ClamAV+SA > >>> easy-to-install package, due to the recent change in licence. Now if DCC > >>> could go the same way... > >>> * Fixes * > >>> - - Fixed bug in DoS attack handler. Thanks for Jorge for this. > >>> > >>> - -- > >>> Julian Field > >>> www.MailScanner.info > >>> Buy the MailScanner book at www.MailScanner.info/store > >>> Professional Support Services at www.MailScanner.biz > >>> MailScanner thanks transtec Computers for their support > >>> > >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>> > >>> > >>> -----BEGIN PGP SIGNATURE----- > >>> Version: PGP Desktop 9.0.6 (Build 6060) > >>> > >>> iQA/AwUBRFXT6hH2WUcUFbZUEQJqkwCgnB2LzUyvYkHin3/aLN6I7WHsomMAn3au > >>> BZyQSK0p+xYHKI8JQJk383/l > >>> =qePP > >>> -----END PGP SIGNATURE----- > >>> > >>> > >>> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > > > > > > Julian is Filesys-Statvfs_Statfs_Df > > > > GOingto be intrical to MailScanner? > > > intrical? intrinsically critical? > > > > If so, someone please tell me how I can correct: > > > > make test > > PERL_DL_NONLAZY=1 /usr/bin/perl "-Iblib/lib" "-Iblib/arch" test.pl > > 1..3 > > /usr/bin/perl: can't resolve symbol 'statvfs' > > Can't load 'blib/arch/auto/Filesys/Statvfs/Statvfs.so' for module Filesys::Statvfs: Unable to resolve symbol at /usr/libdata/perl5/5.8.8/i386-bsdos/DynaLoader.pm line 230. > > at test.pl line 12 > > Compilation failed in require at test.pl line 12. > > BEGIN failed--compilation aborted at test.pl line 12. > > not ok 1 > > *** Error code 2 > > > > Stop. > That's not good. Please file a bug with the author of Filesys::Df. It > appears it fails under BSD :-( > > To work around it for now, find where Message.pm has been put on your > BSD system (possibly /opt/MailScanner/lib/MailScanner/Message.pm or > /usr/lib/MailScanner/MailScanner/Message.pm?) and edit it. > > Change line 1663 from > my $df = df($dir, 1024); > to > my $df = undef; > > and then restart MailScanner. This will just eliminate the check. Make > sure you don't run out of disk space :-) > > - -- Don't run out of Disk Space?? Can we have an explanation? > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRFZJmRH2WUcUFbZUEQKdDQCgsZhPcrJoF32oC9kUHvL3w9UqE7AAnA03 > ZZe+sL/7Vfx0WjC4ys2/7DQC > =QRta > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Mon May 1 19:37:09 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon May 1 19:37:27 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: <20060501181320.GB28918@doctor.nl2k.ab.ca> References: <4455D3E9.8010405@ecs.soton.ac.uk> <20060501164854.GA17627@doctor.nl2k.ab.ca> <44564998.70902@ecs.soton.ac.uk> <20060501181320.GB28918@doctor.nl2k.ab.ca> Message-ID: Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem spake the following on 5/1/2006 11:13 AM: > On Mon, May 01, 2006 at 06:47:04PM +0100, Julian Field wrote: Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem spake the following on 5/1/2006 11:13 AM: > On Mon, May 01, 2006 at 06:47:04PM +0100, Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Dave Shariff Yadallee - System Administrator a.k.a. The Root of the >> Problem wrote: >>> On Mon, May 01, 2006 at 06:18:11PM +0200, Jim Holland wrote: >>> >>>> Hi Julian >>>> >>>> Thanks for the new version, however the links to the PGP signatures on >>>> your site give a 404 Not found error. Please check. >>>> >>>> Regards >>>> >>>> Jim Holland >>>> System Administrator >>>> MANGO - Zimbabwe's non-profit e-mail service >>>> >>>> On Mon, 1 May 2006, Julian Field wrote: >>>> >>>> >>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>> Hash: SHA1 >>>>> >>>>> I have just released the May release of MailScanner, version 4.53.6. >>>>> >>>>> The main new improvements this month are: >>>>> >>>>> - - Support for sa-update as provided with recent versions of SpamAssassin. >>>>> - - Support for the new format of headers files produced by Exim 4.61. >>>>> - - Many improvements to the handling of, and response to, Web Bugs. >>>>> - - Support for the "gunzip" command so that filetype and filename checks >>>>> can be done on compressed files created with either the "gzip" or >>>>> "compress" commands. >>>>> - - Support for numerical IP addresses in phishing.safe.sites.conf. Using >>>>> this, entire servers can be whitelisted with one entry, removing the >>>>> need to add every domain provided by that server. >>>>> - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that >>>>> entries can be written as "Max SpamAssassin Size = 30k" instead of >>>>> "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. >>>>> >>>>> You can download it as usual from >>>>> www.mailscanner.info >>>>> >>>>> The full Change Log is >>>>> >>>>> * New Features and Improvements * >>>>> - - Attachment extraction now checks for available disk space and a DoS attack >>>>> using messages with high expansion ratios will fail even quicker than it >>>>> did before. >>>>> - - Added new setting "SpamAssassin Local State Dir" to support the sa-update >>>>> tool provided with MailScanner these days, to provide a way of auto- >>>>> updating the core SpamAssassin rulesets. The default value is set to what >>>>> you need for Linux (/var/lib). >>>>> - - Added new cron job to run sa-update every night. The location of the >>>>> sa-update program is read from /etc/sysconfig/MailScanner. >>>>> - - Added support for new header -H file format in Exim 4.61. >>>>> - - Added 2 new configuration options "Gunzip Command" and "Gunzip Timeout" to >>>>> enable unpacking of gzip-ed files for filename and filetype checking. >>>>> Even if this is disabled, gzip-ed files will still be virus scanned. >>>>> - - Added support for numerical entries in phishing.safe.sites.conf file. >>>>> - - Added support for optional multipliers in numbers in MailScanner.conf. >>>>> So you can now write "50M" instead of "50000000". The multipliers >>>>> supported >>>>> are "k", "m" and "g" to denote 1 thousand, 1 million and 1 billion (10^9) >>>>> in upper or lower case. >>>>> You must *not* put any spaces between the number and the multiplier >>>>> character. >>>>> - - Added a new configuration option "Ignored Web Bug Filenames". This allows >>>>> you to whitelist a bunch of filenames that can appear in the URLs of >>>>> potential web bugs. So if you decide that all potential web bugs with >>>>> "spacer" or "pixel.gif" in the filename are just padding for page layout, >>>>> then you can make it ignore them by adding them to this list. A sample >>>>> list is provided in MailScanner.conf. >>>>> This is disabled by default, as spammers may start to use this as a means >>>>> of circumventing the Web Bug trap. >>>>> - - When Web Bugs are disarmed, the URL used to replace the original web bug >>>>> can now be set using the new configuration option "Web Bug Replacement". >>>>> If this is not specified, then the old value of "MailScannerWebBug" is >>>>> used. >>>>> The default value supplied in the MailScanner.conf file is the address of >>>>> an untracked 1x1 pixel transparent gif (51 bytes) hosted on the >>>>> MailScanner >>>>> web site. This will not be tracked other than to supply an overall >>>>> count of >>>>> the number of hits this image gets, for overall statistical purposes. >>>>> - - Added Razor2 to the list of plugins automatically enabled by the ClamAV+SA >>>>> easy-to-install package, due to the recent change in licence. Now if DCC >>>>> could go the same way... >>>>> * Fixes * >>>>> - - Fixed bug in DoS attack handler. Thanks for Jorge for this. >>>>> >>>>> - -- >>>>> Julian Field >>>>> www.MailScanner.info >>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>> Professional Support Services at www.MailScanner.biz >>>>> MailScanner thanks transtec Computers for their support >>>>> >>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>> >>>>> >>>>> -----BEGIN PGP SIGNATURE----- >>>>> Version: PGP Desktop 9.0.6 (Build 6060) >>>>> >>>>> iQA/AwUBRFXT6hH2WUcUFbZUEQJqkwCgnB2LzUyvYkHin3/aLN6I7WHsomMAn3au >>>>> BZyQSK0p+xYHKI8JQJk383/l >>>>> =qePP >>>>> -----END PGP SIGNATURE----- >>>>> >>>>> >>>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>> >>> Julian is Filesys-Statvfs_Statfs_Df >>> >>> GOingto be intrical to MailScanner? >>> >> intrical? intrinsically critical? >>> If so, someone please tell me how I can correct: >>> >>> make test >>> PERL_DL_NONLAZY=1 /usr/bin/perl "-Iblib/lib" "-Iblib/arch" test.pl >>> 1..3 >>> /usr/bin/perl: can't resolve symbol 'statvfs' >>> Can't load 'blib/arch/auto/Filesys/Statvfs/Statvfs.so' for module Filesys::Statvfs: Unable to resolve symbol at /usr/libdata/perl5/5.8.8/i386-bsdos/DynaLoader.pm line 230. >>> at test.pl line 12 >>> Compilation failed in require at test.pl line 12. >>> BEGIN failed--compilation aborted at test.pl line 12. >>> not ok 1 >>> *** Error code 2 >>> >>> Stop. >> That's not good. Please file a bug with the author of Filesys::Df. It >> appears it fails under BSD :-( >> >> To work around it for now, find where Message.pm has been put on your >> BSD system (possibly /opt/MailScanner/lib/MailScanner/Message.pm or >> /usr/lib/MailScanner/MailScanner/Message.pm?) and edit it. >> >> Change line 1663 from >> my $df = df($dir, 1024); >> to >> my $df = undef; >> >> and then restart MailScanner. This will just eliminate the check. Make >> sure you don't run out of disk space :-) >> >> - -- > > Don't run out of Disk Space?? > > Can we have an explanation? That module reports on file system usage. MailScanner must use it to make sure there is adequate space before it does some options. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From jrudd at ucsc.edu Mon May 1 19:37:11 2006 From: jrudd at ucsc.edu (John Rudd) Date: Mon May 1 19:37:38 2006 Subject: how to bock mailservers that have only an ip address In-Reply-To: References: <2343d306f6cd0d1e03d50b748a433ef1@ucsc.edu> Message-ID: <16ea5bbd24250313eddd6783ef78031a@ucsc.edu> On May 1, 2006, at 7:31 AM, Kai Schaetzl wrote: > performance (and I think here's a clear advantage for > MailScanner: the more mail you get the better should MailScanner > perform > in contrast to MimeDefang because it runs in queue mode and you can > accept > mail all the time with the MTA whereas with a milter you have to spawn > another instance of it for every open connection). Actually, like MailScanner, MIMEDefang uses persistent perl processes not per-scan nor per-message perl processes. The difference isn't in spawning processes, the difference is in the bulk nature of the actual processing being done (MailScanner bulk scans messages during virus scanning, and MIMEDefang scans messages one at a time for all aspects of scanning). > And, of course, there's > that basic decision: do you want to reject virus mail at MTA level or > quarantine it, just in case it got assessed wrong. Same thing with > spam. > If one is so confident that the scoring/decision always is right then > go > with rejecting at MTA level (=MimeDefang or amavisd), if one is not so > confident about it then quarantine it (=MailScanner). Again, that's not the actual trade-off. You can do quarantine with MIMEDefang, too. Either directly, or by adding headers to be used later in the delivery process that will trigger something in the delivery agent (such as a procmail recipe, or something). > I for one do it the following way: reject mainly because of "technical" > reasons at MTA level (which rejects around 70/80% of all mail, only > around > 3% of the remaining mail is spam or bad content) and quarantine > because of > content. That's not too different from what I'm doing or proposing. I'm just saying that MIMEDefang lets you add more technical reasons to do the blocking at the MTA level. And, you can then choose to do your quarantining (and/or sanitizing, and/or mark-and-deliver) with MIMEDefang, MailScanner, or something else. Really, the main trades are with timing (what things do you want done during the SMTP transaction? and the difference between bouncing during SMTP or during post-SMTP processing), the bulk speed of MailScanner for virus checks, a few style choices (MD's filename checks vs MS's filename checks), and a few feature differences (MD's ability to do relay, helo, sender, and recipient checking; MS's phishing checks). The rest is pretty much all the same. From root at doctor.nl2k.ab.ca Mon May 1 21:26:59 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Mon May 1 21:27:24 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: References: <4455D3E9.8010405@ecs.soton.ac.uk> <20060501164854.GA17627@doctor.nl2k.ab.ca> <44564998.70902@ecs.soton.ac.uk> <20060501181320.GB28918@doctor.nl2k.ab.ca> Message-ID: <20060501202659.GB29681@doctor.nl2k.ab.ca> On Mon, May 01, 2006 at 11:37:09AM -0700, Scott Silva wrote: > Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem > spake the following on 5/1/2006 11:13 AM: > > On Mon, May 01, 2006 at 06:47:04PM +0100, Julian Field wrote: > Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem > spake the following on 5/1/2006 11:13 AM: > > On Mon, May 01, 2006 at 06:47:04PM +0100, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> > >> > >> Dave Shariff Yadallee - System Administrator a.k.a. The Root of the > >> Problem wrote: > >>> On Mon, May 01, 2006 at 06:18:11PM +0200, Jim Holland wrote: > >>> > >>>> Hi Julian > >>>> > >>>> Thanks for the new version, however the links to the PGP signatures on > >>>> your site give a 404 Not found error. Please check. > >>>> > >>>> Regards > >>>> > >>>> Jim Holland > >>>> System Administrator > >>>> MANGO - Zimbabwe's non-profit e-mail service > >>>> > >>>> On Mon, 1 May 2006, Julian Field wrote: > >>>> > >>>> > >>>>> -----BEGIN PGP SIGNED MESSAGE----- > >>>>> Hash: SHA1 > >>>>> > >>>>> I have just released the May release of MailScanner, version 4.53.6. > >>>>> > >>>>> The main new improvements this month are: > >>>>> > >>>>> - - Support for sa-update as provided with recent versions of SpamAssassin. > >>>>> - - Support for the new format of headers files produced by Exim 4.61. > >>>>> - - Many improvements to the handling of, and response to, Web Bugs. > >>>>> - - Support for the "gunzip" command so that filetype and filename checks > >>>>> can be done on compressed files created with either the "gzip" or > >>>>> "compress" commands. > >>>>> - - Support for numerical IP addresses in phishing.safe.sites.conf. Using > >>>>> this, entire servers can be whitelisted with one entry, removing the > >>>>> need to add every domain provided by that server. > >>>>> - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that > >>>>> entries can be written as "Max SpamAssassin Size = 30k" instead of > >>>>> "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. > >>>>> > >>>>> You can download it as usual from > >>>>> www.mailscanner.info > >>>>> > >>>>> The full Change Log is > >>>>> > >>>>> * New Features and Improvements * > >>>>> - - Attachment extraction now checks for available disk space and a DoS attack > >>>>> using messages with high expansion ratios will fail even quicker than it > >>>>> did before. > >>>>> - - Added new setting "SpamAssassin Local State Dir" to support the sa-update > >>>>> tool provided with MailScanner these days, to provide a way of auto- > >>>>> updating the core SpamAssassin rulesets. The default value is set to what > >>>>> you need for Linux (/var/lib). > >>>>> - - Added new cron job to run sa-update every night. The location of the > >>>>> sa-update program is read from /etc/sysconfig/MailScanner. > >>>>> - - Added support for new header -H file format in Exim 4.61. > >>>>> - - Added 2 new configuration options "Gunzip Command" and "Gunzip Timeout" to > >>>>> enable unpacking of gzip-ed files for filename and filetype checking. > >>>>> Even if this is disabled, gzip-ed files will still be virus scanned. > >>>>> - - Added support for numerical entries in phishing.safe.sites.conf file. > >>>>> - - Added support for optional multipliers in numbers in MailScanner.conf. > >>>>> So you can now write "50M" instead of "50000000". The multipliers > >>>>> supported > >>>>> are "k", "m" and "g" to denote 1 thousand, 1 million and 1 billion (10^9) > >>>>> in upper or lower case. > >>>>> You must *not* put any spaces between the number and the multiplier > >>>>> character. > >>>>> - - Added a new configuration option "Ignored Web Bug Filenames". This allows > >>>>> you to whitelist a bunch of filenames that can appear in the URLs of > >>>>> potential web bugs. So if you decide that all potential web bugs with > >>>>> "spacer" or "pixel.gif" in the filename are just padding for page layout, > >>>>> then you can make it ignore them by adding them to this list. A sample > >>>>> list is provided in MailScanner.conf. > >>>>> This is disabled by default, as spammers may start to use this as a means > >>>>> of circumventing the Web Bug trap. > >>>>> - - When Web Bugs are disarmed, the URL used to replace the original web bug > >>>>> can now be set using the new configuration option "Web Bug Replacement". > >>>>> If this is not specified, then the old value of "MailScannerWebBug" is > >>>>> used. > >>>>> The default value supplied in the MailScanner.conf file is the address of > >>>>> an untracked 1x1 pixel transparent gif (51 bytes) hosted on the > >>>>> MailScanner > >>>>> web site. This will not be tracked other than to supply an overall > >>>>> count of > >>>>> the number of hits this image gets, for overall statistical purposes. > >>>>> - - Added Razor2 to the list of plugins automatically enabled by the ClamAV+SA > >>>>> easy-to-install package, due to the recent change in licence. Now if DCC > >>>>> could go the same way... > >>>>> * Fixes * > >>>>> - - Fixed bug in DoS attack handler. Thanks for Jorge for this. > >>>>> > >>>>> - -- > >>>>> Julian Field > >>>>> www.MailScanner.info > >>>>> Buy the MailScanner book at www.MailScanner.info/store > >>>>> Professional Support Services at www.MailScanner.biz > >>>>> MailScanner thanks transtec Computers for their support > >>>>> > >>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>>>> > >>>>> > >>>>> -----BEGIN PGP SIGNATURE----- > >>>>> Version: PGP Desktop 9.0.6 (Build 6060) > >>>>> > >>>>> iQA/AwUBRFXT6hH2WUcUFbZUEQJqkwCgnB2LzUyvYkHin3/aLN6I7WHsomMAn3au > >>>>> BZyQSK0p+xYHKI8JQJk383/l > >>>>> =qePP > >>>>> -----END PGP SIGNATURE----- > >>>>> > >>>>> > >>>>> > >>>> -- > >>>> MailScanner mailing list > >>>> mailscanner@lists.mailscanner.info > >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>> > >>>> Before posting, read http://wiki.mailscanner.info/posting > >>>> > >>>> Support MailScanner development - buy the book off the website! > >>>> > >>>> -- > >>>> This message has been scanned for viruses and > >>>> dangerous content by MailScanner, and is > >>>> believed to be clean. > >>>> > >>> > >>> Julian is Filesys-Statvfs_Statfs_Df > >>> > >>> GOingto be intrical to MailScanner? > >>> > >> intrical? intrinsically critical? > >>> If so, someone please tell me how I can correct: > >>> > >>> make test > >>> PERL_DL_NONLAZY=1 /usr/bin/perl "-Iblib/lib" "-Iblib/arch" test.pl > >>> 1..3 > >>> /usr/bin/perl: can't resolve symbol 'statvfs' > >>> Can't load 'blib/arch/auto/Filesys/Statvfs/Statvfs.so' for module Filesys::Statvfs: Unable to resolve symbol at /usr/libdata/perl5/5.8.8/i386-bsdos/DynaLoader.pm line 230. > >>> at test.pl line 12 > >>> Compilation failed in require at test.pl line 12. > >>> BEGIN failed--compilation aborted at test.pl line 12. > >>> not ok 1 > >>> *** Error code 2 > >>> > >>> Stop. > >> That's not good. Please file a bug with the author of Filesys::Df. It > >> appears it fails under BSD :-( > >> > >> To work around it for now, find where Message.pm has been put on your > >> BSD system (possibly /opt/MailScanner/lib/MailScanner/Message.pm or > >> /usr/lib/MailScanner/MailScanner/Message.pm?) and edit it. > >> > >> Change line 1663 from > >> my $df = df($dir, 1024); > >> to > >> my $df = undef; > >> > >> and then restart MailScanner. This will just eliminate the check. Make > >> sure you don't run out of disk space :-) > >> > >> - -- > > > > Don't run out of Disk Space?? > > > > Can we have an explanation? > That module reports on file system usage. MailScanner must use it to make sure > there is adequate space before it does some options. > Got you. Why not use /tmp? > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lshaw at emitinc.com Tue May 2 00:20:09 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Tue May 2 00:20:24 2006 Subject: scanning on both primary and second MX servers Message-ID: Hey everyone, I've been working on setting up MailScanner at the site where I admin (previously we had no spam filtering at all), and so far I've got it working pretty well on the main mail server. We have a backup MX server (which we control) as well, but I hadn't set up MailScanner on that machine at all; I made the decision that it wasn't necessary based on the fact that all that mail will eventually go through the MailScanner machine anyway, so it should be able to do all the filtering. Now I've reached the point where I think realtime blacklisting needs to be part of our spam solution. I set it up on our primary mailserver (which receives via SMTP, runs MailScanner, and also is the POP3/IMAP server), and everything seems OK, except for one thing: the realtime blacklisting doesn't do squat to filter out spams that hit our backup MX server first. The reason is fairly obvious: on our MailScanner machine, the mail appears to be coming from a host that's OK, whereas on the backup MX machine, there is no blacklisting. So, I thought I had a solution: install MailScanner on the backup MX as well. Then blacklisting will be in effect over there, and everything's great, theoretically. I installed all that, and just now I realized the flaw in that plan. I now get two sets of headers because the messages are being scanned twice by two different machines. (I get "X-Spam-Status: Yes, Yes" and stuff like that.) Now I'm starting to believe I need to rethink my filtering strategy, but I'm not sure what the best solution is. It seems like I could solve this problem by making all our public MX records (both primary and secondary) MailScanner machines and having them both forward on to a third machine (which would run POP3/IMAP), but this is complicated, and we're a small company that probably can't easily spare another server-grade machine. Is there any other solution? Should I just remove MailScanner from the backup MX and fall back to doing realtime blacklisting through sendmail's DNSBL feature? That could work, but right now the policy is "always tag, never discard" spam, and I would have to delete spam if I had sendmail do that filtering. Thanks for any advice anyone can offer. - Logan From pete at enitech.com.au Tue May 2 01:09:08 2006 From: pete at enitech.com.au (Peter Russell) Date: Tue May 2 01:09:21 2006 Subject: scanning on both primary and second MX servers In-Reply-To: References: Message-ID: <4456A324.2030906@enitech.com.au> It seems > like I could solve this problem by making all our public MX > records (both primary and secondary) MailScanner machines and > having them both forward on to a third machine (which would run > POP3/IMAP), but this is complicated, and we're a small company > that probably can't easily spare another server-grade machine. > Is there any other solution? Should I just remove MailScanner > from the backup MX and fall back to doing realtime blacklisting > through sendmail's DNSBL feature? That could work, but right > now the policy is "always tag, never discard" spam, and I > would have to delete spam if I had sendmail do that filtering. > > Thanks for any advice anyone can offer. > > - Logan We are a medium sized company and we run the 2 MailScanner MX machines that forward mail to exchange (and handle some virtual domains). It works great especially during upgrade times, i can simply shut MS down on either machine with out affecting mail flow. With running 2 MS machines and having 2 sets of headers, you can handle this by changing the way the headers are added/appended in mailscanner.conf. Your lower weight MX will usually get a huge percentage of spam, so why cant all mail from your backup MX be sent to your primary MX for scanning before delivery? You can ignore the headers from that machine, look in spam.assassin.conf From james at grayonline.id.au Tue May 2 00:00:09 2006 From: james at grayonline.id.au (James Gray) Date: Tue May 2 02:09:56 2006 Subject: metric version of 1000? In-Reply-To: References: Message-ID: <200605020900.10678.james@grayonline.id.au> On Mon, 1 May 2006 09:36 pm, Jeff A. Earickson wrote: > Julian, > > > - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that > > entries can be written as "Max SpamAssassin Size = 30k" instead of > > "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. > > I see you use the metric version of k, m, g. In America we tend to use > the old style version of 1024 (2^10), 1048576 (2^20), and 1073741824 (2^30) > since we only have two fingers to count with. :) But look at the difference: 2^10 bytes = 1024, 10^3 bytes = 1000. Difference 2.4% 2^20 bytes = 1048576, 10^6 bytes = 1000000. Difference 4.9% 2^30 bytes = 1073741824, 10^9 bytes = 1000000000. Difference 7.4% Granted the 1G (base 10) and 1G (base 2) difference is starting to diverge reasonably significantly, but once you're at the point of blocking messages around the gigabyte size, is blocking a message 7.4% "early" going to make a significant difference?? I'm with Julian ;) BTW, thanks - this mod makes the config a LOT easier for humans to read and manage. Cheers, James -- "You're a creature of the night, Michael. Wait'll Mom hears about this." -- from the movie "The Lost Boys" -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060502/d37e3c93/attachment.bin From james at grayonline.id.au Tue May 2 04:10:59 2006 From: james at grayonline.id.au (James Gray) Date: Tue May 2 04:11:24 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: <20060501202659.GB29681@doctor.nl2k.ab.ca> References: <4455D3E9.8010405@ecs.soton.ac.uk> <20060501202659.GB29681@doctor.nl2k.ab.ca> Message-ID: <200605021311.03067.james@grayonline.id.au> On Tue, 2 May 2006 06:26 am, Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > Got you. Why not use /tmp? Point of netiquette: Why post 12.4KB of messages to add a single line?! We've all been following the previous messages, no need to post every message for "context"...just the bit you're replying to. C'mon people - we're mail admins, we of all people should know better ;) Thanks, James -- Be a better psychiatrist and the world will beat a psychopath to your door. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060502/f17610e0/attachment.bin From evanderleun at hal9000.nl Tue May 2 07:09:03 2006 From: evanderleun at hal9000.nl (Erik van der Leun) Date: Tue May 2 07:09:07 2006 Subject: mail loops In-Reply-To: <4456466C.1080308@ecs.soton.ac.uk> References: <44560595.80704@ecs.soton.ac.uk> <4456466C.1080308@ecs.soton.ac.uk> Message-ID: <4456F77F.7010703@hal9000.nl> My apologies... I do not have time today... maybe in my evening hours, but not earlier... I'll test it as soon as possible, I'll give you that :) Sorry, Erik Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Please can you try changing line 1663 of >/usr/lib/MailScanner/MailScanner/Message.pm. Change it to say > > my $df = Filesys::DF::df($dir, 1024); > >and let me know if this fixes it. If it does I'll put out another >release before tomorrow morning. > >Erik van der Leun wrote: > > >>Outgoing mail does not appear to have a problem, logically... >> >>I restarted MailScanner to be able to send the mail, and retried >>debugging >>mode while MailScanner was still on Air: >> >>In Debugging mode, not forking... >>Ignore errors about failing to find EOCD signature >>Undefined subroutine &MailScanner::Message::df called at >>/usr/lib/MailScanner/MailScanner/Message.pm line 1663. >> >>This was the only output I got... Might be it though... >> >>I'm downgrading again for now, as I do need mailflow :) >> >>On Mon, 1 May 2006, Julian Field wrote: >> >> >> >>>-----BEGIN PGP SIGNED MESSAGE----- >>>Hash: SHA1 >>> >>>In which case stop MailScanner, do "MailScanner --debug" and send us the >>>output. >>> >>>Erik van der Leun wrote: >>> >>> >>>>Hi, >>>> >>>>I've already sent a (mild) warming for gentoo users on the latest >>>>stable >>>>release of MailScanner (the filename of Df.pm will be different if you >>>>use portage to install this perl module), but I didn't even get my >>>>MailScanner >>>>to work properly after the upgrade. >>>> >>>>Mail was checked for spam, I got a message the Virusscanning got >>>>started, but >>>>the first message after that, was the number of messages found in the >>>>queue >>>>and it kept on looping like this. >>>> >>>>Mail was accepted, but not delivered... >>>>I didn't take a lot time to investigate as I simply don't have it >>>>available >>>>at the moment. I downgraded and the problem was solved. >>>> >>>>Did anybody have similar experiences? >>>> >>>>Kind regards, >>>>Erik van der Leun >>>> >>>> >>>- -- >>>Julian Field >>>www.MailScanner.info >>>Buy the MailScanner book at www.MailScanner.info/store >>>Professional Support Services at www.MailScanner.biz >>>MailScanner thanks transtec Computers for their support >>> >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>>-----BEGIN PGP SIGNATURE----- >>>Version: PGP Desktop 9.0.6 (Build 6060) >>> >>>iQA/AwUBRFYFlRH2WUcUFbZUEQLFLACfQD3n1IAc8Ef33of1eUdn/cwDuAoAoJ8n >>>caAovvutPmulPsve+6s3l1S6 >>>=QJQZ >>>-----END PGP SIGNATURE----- >>> >>>-- >>>This message has been scanned for viruses and >>>dangerous content by MailScanner, and is >>>believed to be clean. >>>MailScanner thanks transtec Computers for their support. >>> >>>-- >>>MailScanner mailing list >>>mailscanner@lists.mailscanner.info >>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>>Before posting, read http://wiki.mailscanner.info/posting >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> > >- -- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.0.6 (Build 6060) > >iQA/AwUBRFZGbRH2WUcUFbZUEQKhLgCcD1Wr/dcWVRvvA+8aIDngBJ1M+EkAnj4E >bVt4nI/GlG7cuPvnOF4OnmZx >=J2yj >-----END PGP SIGNATURE----- > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060502/ba8e4b10/attachment.html From MailScanner at ecs.soton.ac.uk Tue May 2 09:29:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 2 09:29:48 2006 Subject: scanning on both primary and second MX servers In-Reply-To: References: Message-ID: <7B215F5B-2581-4E2C-9A29-A5FE5F0373F7@ecs.soton.ac.uk> On 2 May 2006, at 00:20, Logan Shaw wrote: > Hey everyone, > > I've been working on setting up MailScanner at the site where > I admin (previously we had no spam filtering at all), and so > far I've got it working pretty well on the main mail server. > We have a backup MX server (which we control) as well, but I > hadn't set up MailScanner on that machine at all; I made the > decision that it wasn't necessary based on the fact that all > that mail will eventually go through the MailScanner machine > anyway, so it should be able to do all the filtering. > > Now I've reached the point where I think realtime blacklisting > needs to be part of our spam solution. I set it up on our > primary mailserver (which receives via SMTP, runs MailScanner, > and also is the POP3/IMAP server), and everything seems OK, > except for one thing: the realtime blacklisting doesn't do > squat to filter out spams that hit our backup MX server first. > The reason is fairly obvious: on our MailScanner machine, > the mail appears to be coming from a host that's OK, whereas > on the backup MX machine, there is no blacklisting. > > So, I thought I had a solution: install MailScanner on the > backup MX as well. Then blacklisting will be in effect over > there, and everything's great, theoretically. I installed all > that, and just now I realized the flaw in that plan. I now > get two sets of headers because the messages are being scanned > twice by two different machines. (I get "X-Spam-Status: Yes, > Yes" and stuff like that.) What I would advise is that you install SpamAssassin (used as part of MailScanner, download by "easy-to-install" package of ClamAV+SA from the MailScanner downloads page). You can then not only assign your own scores to different RBLs if you want to, but more importantly SpamAssassin will check all the hosts through which the message passed, not just the last hop (which is all MailScanner can do). SpamAssassin is much better than MailScanner with this feature. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Tue May 2 09:58:08 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 2 09:58:13 2006 Subject: metric version of 1000? In-Reply-To: <200605020900.10678.james@grayonline.id.au> References: <200605020900.10678.james@grayonline.id.au> Message-ID: <223f97700605020158l249dd6e4hd518e2ac7199a02d@mail.gmail.com> On 02/05/06, James Gray wrote: > On Mon, 1 May 2006 09:36 pm, Jeff A. Earickson wrote: > > Julian, > > > > > - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that > > > entries can be written as "Max SpamAssassin Size = 30k" instead of > > > "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. > > > > I see you use the metric version of k, m, g. In America we tend to use > > the old style version of 1024 (2^10), 1048576 (2^20), and 1073741824 (2^30) > > since we only have two fingers to count with. :) > > But look at the difference: > > 2^10 bytes = 1024, 10^3 bytes = 1000. Difference 2.4% > 2^20 bytes = 1048576, 10^6 bytes = 1000000. Difference 4.9% > 2^30 bytes = 1073741824, 10^9 bytes = 1000000000. Difference 7.4% > > Granted the 1G (base 10) and 1G (base 2) difference is starting to diverge > reasonably significantly, but once you're at the point of blocking messages > around the gigabyte size, is blocking a message 7.4% "early" going to make a > significant difference?? > > I'm with Julian ;) BTW, thanks - this mod makes the config a LOT easier for > humans to read and manage. > > Cheers, > > James Why are you all "upset" about this? This is _very_ old news. (The long and short of it is actually that the HDD makers were actually right. That they might have had another motive than promoting a standardsbased view is... beside the point:-). As someone mentions, there are approved ways of stipulating binary multiples now, so... use them if you need to make the distinction clear;-). One might argue that Jules is simply "enforcing" the SI normative in a consistent way... Which is a very good thing. Makes life so much less ambiguos when we don't have to have any more "1.44M" diskettes (that are actually 1440 KiB... Sigh) and suchlike. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From james at grayonline.id.au Tue May 2 10:24:13 2006 From: james at grayonline.id.au (James Gray) Date: Tue May 2 10:24:47 2006 Subject: metric version of 1000? In-Reply-To: <223f97700605020158l249dd6e4hd518e2ac7199a02d@mail.gmail.com> References: <200605020900.10678.james@grayonline.id.au> <223f97700605020158l249dd6e4hd518e2ac7199a02d@mail.gmail.com> Message-ID: <200605021924.23422.james@grayonline.id.au> On Tue, 2 May 2006 06:58 pm, Glenn Steen wrote: > Why are you all "upset" about this? Are you replying to me? Or Jeff Earickson? Three things: 1. I was reinforcing Julian's choice of using base-10 instead of base-2 multipliers. I AGREE WITH JULIAN. 2. I didn't mention anything about hard drive. 3. I'm not bent out of shape about this. Cheers, James -- A penny saved is a penny to squander. -- Ambrose Bierce -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060502/29dd7326/attachment.bin From glenn.steen at gmail.com Tue May 2 10:35:43 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 2 10:35:47 2006 Subject: metric version of 1000? In-Reply-To: <200605021924.23422.james@grayonline.id.au> References: <200605020900.10678.james@grayonline.id.au> <223f97700605020158l249dd6e4hd518e2ac7199a02d@mail.gmail.com> <200605021924.23422.james@grayonline.id.au> Message-ID: <223f97700605020235s6fbc2cb1j14a582276fc736c2@mail.gmail.com> Could On 02/05/06, James Gray wrote: > On Tue, 2 May 2006 06:58 pm, Glenn Steen wrote: > > > Why are you all "upset" about this? > > Are you replying to me? Or Jeff Earickson? Three things: Jeff more probably than not... The citation marks could have been more prominent too:-). > 1. I was reinforcing Julian's choice of using base-10 instead of base-2 > multipliers. I AGREE WITH JULIAN. Yes. No need to shout. > 2. I didn't mention anything about hard drive. No you didn't. It was mentioned earlier, and I was too lazy to rifle through my mails for that particular one. Sorry. > 3. I'm not bent out of shape about this. Rightly so. As said, I could have been clearer on the ... "tone"... of the mail. > > Cheers, > > James -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Tue May 2 10:40:33 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 2 10:40:48 2006 Subject: metric version of 1000? In-Reply-To: <200605021924.23422.james@grayonline.id.au> References: <200605020900.10678.james@grayonline.id.au> <223f97700605020158l249dd6e4hd518e2ac7199a02d@mail.gmail.com> <200605021924.23422.james@grayonline.id.au> Message-ID: You have to laugh about this thread, I knew it would happen. I say something as simple as state that 10x10x10=1000 and people get uppity about it. :-) Enough guys. 1000 = 1E3, not 2E10. Check the arithmetic with your calculator, I think you'll find I'm right :-) And whatever anyone says about the ability of my calculator to do basic arithmetic that any 7-year old child can do, I ain't changin' it... On 2 May 2006, at 10:24, James Gray wrote: > On Tue, 2 May 2006 06:58 pm, Glenn Steen wrote: > >> Why are you all "upset" about this? > > Are you replying to me? Or Jeff Earickson? Three things: > 1. I was reinforcing Julian's choice of using base-10 instead of > base-2 > multipliers. I AGREE WITH JULIAN. > 2. I didn't mention anything about hard drive. > 3. I'm not bent out of shape about this. > > Cheers, > > James > -- > A penny saved is a penny to squander. > -- Ambrose Bierce > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Tue May 2 11:24:15 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 2 11:24:18 2006 Subject: metric version of 1000? In-Reply-To: References: <200605020900.10678.james@grayonline.id.au> <223f97700605020158l249dd6e4hd518e2ac7199a02d@mail.gmail.com> <200605021924.23422.james@grayonline.id.au> Message-ID: <223f97700605020324t5b872e8r695e1fd99d7f94af@mail.gmail.com> On 02/05/06, Julian Field wrote: > You have to laugh about this thread, I knew it would happen. > I say something as simple as state that 10x10x10=1000 and people get > uppity about it. > :-) The really fun thing is that we're all agreeing... violently:-). Oh well. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From maillists at conactive.com Tue May 2 11:31:20 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue May 2 11:31:25 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: <200605021311.03067.james@grayonline.id.au> References: <4455D3E9.8010405@ecs.soton.ac.uk> <20060501202659.GB29681@doctor.nl2k.ab.ca> <200605021311.03067.james@grayonline.id.au> Message-ID: James Gray wrote on Tue, 2 May 2006 13:10:59 +1000: > Point of netiquette: Thanks, James, you expressed my thoughts. And I really don't mind the size of the messages. But I don't like to search for the reply, this is ridiculous. I just skipped his last messages because I was tired of that. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From jaearick at colby.edu Tue May 2 13:33:18 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Tue May 2 13:38:03 2006 Subject: metric version of 1000? In-Reply-To: References: <200605020900.10678.james@grayonline.id.au> <223f97700605020158l249dd6e4hd518e2ac7199a02d@mail.gmail.com> <200605021924.23422.james@grayonline.id.au> Message-ID: Yup, lighten up guys. I did post this as a bit of humor, plus a more general query about 2^x vs 10^x. If I want 2^10, I know what to enter. The real question is "which two fingers do I count with?" Jeff Earickson On Tue, 2 May 2006, Julian Field wrote: > Date: Tue, 2 May 2006 10:40:33 +0100 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: metric version of 1000? > > You have to laugh about this thread, I knew it would happen. > I say something as simple as state that 10x10x10=1000 and people get uppity > about it. > :-) > > Enough guys. 1000 = 1E3, not 2E10. Check the arithmetic with your calculator, > I think you'll find I'm right :-) > > And whatever anyone says about the ability of my calculator to do basic > arithmetic that any 7-year old child can do, I ain't changin' it... > > On 2 May 2006, at 10:24, James Gray wrote: > >> On Tue, 2 May 2006 06:58 pm, Glenn Steen wrote: >> >>> Why are you all "upset" about this? >> >> Are you replying to me? Or Jeff Earickson? Three things: >> 1. I was reinforcing Julian's choice of using base-10 instead of base-2 >> multipliers. I AGREE WITH JULIAN. >> 2. I didn't mention anything about hard drive. >> 3. I'm not bent out of shape about this. >> >> Cheers, >> >> James >> -- >> A penny saved is a penny to squander. >> -- Ambrose Bierce >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From rob at thehostmasters.com Tue May 2 14:21:24 2006 From: rob at thehostmasters.com (Rob Morin) Date: Tue May 2 14:21:30 2006 Subject: {Spam?} Re: Changin MX machine to it's own, recommendations please... In-Reply-To: <444E6B07.8040905@thehostmasters.com> References: <013b01c66870$70632750$3004010a@martinhlaptop> <444E2D43.8020008@thehostmasters.com> <444E60D2.3090107@thehostmasters.com> <444E6B07.8040905@thehostmasters.com> Message-ID: <44575CD4.9010700@thehostmasters.com> Ok so i have the machine up and running with about 120 domains going through it, all seems nice.... Thanks for all your help guys and gals.... I just have one more simple question..... i whitelisted any email coming form this new machine in my current config on the old machine..... now is this enough to tell MS not to scan incoming email from this server or should i do anything else? I mean will it still scan it? and give it a high negative number because its on the white list....? or is ther another way to say , do not scan for spam ro virus for any email coming form this machine IP? as i need the load to go done on the older machine and do not want MS being used for anything other than email going out form web apps on the server.... Thanks! Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Rob Morin wrote: > Actually also one more question.... bayse, should i use it? if so i > know there is some cleaning that has to be done.... any > pointers/suggestions? > > Thanks... > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > > > Rob Morin wrote: >> >> Thanks for clearing that up Julian, i feel more comfortable now.... >> >> And keep up the good work.... once i get all this working, i assure >> you i shall be getting "The BOOK" >> >> Thanks once again... >> >> :) >> >> Rob Morin >> Dido InterNet Inc. >> Montreal, Canada >> Http://www.dido.ca >> 514-990-4444 >> >> >> >> Julian Field wrote: >>> My recommended route that the "other" distribution takes is to >>> install it into /opt/MailScanner-/ >>> So you get the new version set up (there is a >>> "upgrade_MailScanner_conf" and also a "upgrade_languages_conf" tools >>> that do all the hard work for you), you can just switch over by >>> moving a softlink /opt/MailScanner from the old version to the new >>> version. >>> >>> So say you have >>> /opt/MailScanner-4.52.2/ >>> and >>> ln -s MailScanner-4.52.2 /opt/MailScanner >>> >>> then you install the new version into /opt/MailScanner-4.54.1/ >>> and then >>> rm -f /opt/MailScanner >>> ln -s MailScanner-4.54.1 /opt/MailScanner >>> >>> Then just stop and start MailScanner and it will start up the new >>> one. Keep your old ones installed until you decide to do any >>> housekeeping, there's no harm in leaving the old versions installed. >>> >>> To install it, unpack the tar.gz file and cd into it and ./install.sh. >>> >>> On 25 Apr 2006, at 15:08, Rob Morin wrote: >>> >>>> So for updates to this package , i simply re-install over or is >>>> there another way? say the next update/ version comes out of MS >>>> 4.54 say, so i download the same install package? >>>> >>>> Martin Hepworth wrote: >>>>> Rob >>>>> >>>>> Look for the solaris/BSD/other unix one.. >>>>> >>>>> Latest stable is at.. >>>>> >>>>> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/MailScanner-install-4 >>>>> >>>>> .52.2-1.tar.gz >>>>> >>>>> >>>>> >>>>> -- >>>>> Martin Hepworth Snr Systems Administrator >>>>> Solid State Logic >>>>> Tel: +44 (0)1865 842300 >>>>> >>>>> >>>>>> -----Original Message----- >>>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>>> [mailto:mailscanner- >>>>>> bounces@lists.mailscanner.info] On Behalf Of Rob Morin >>>>>> Sent: 25 April 2006 14:55 >>>>>> To: MailScanner discussion >>>>>> Subject: Re: Changin MX machine to it's own, recommendations >>>>>> please... >>>>>> >>>>>> Ok so i have the new virgin machine up and running, now i want to >>>>>> install Mailscanner.... but on the downloads section i only find >>>>>> debian >>>>>> packages and other packages for other OSs, but no tarball or >>>>>> source? Am >>>>>> i missing something??? >>>>>> >>>>>> I see the tarball to install SA & Clam(i figure i would do that by >>>>>> apt-get) but i wanted to make sure i can keep up with changes of MS >>>>>> itself... if i do Debian package, i will have to wait a month or >>>>>> so or >>>>>> longer between updates, right? Not apt-get but downloading the >>>>>> actual >>>>>> package... >>>>>> >>>>>> What happend to the source install? >>>>>> What should i do? >>>>>> >>>>>> Thanks in advance! >>>>>> >>>>>> :) >>>>>> >>>>>> Have a great day! >>>>>> >>>>>> Rob Morin >>>>>> Dido InterNet Inc. >>>>>> Montreal, Canada >>>>>> Http://www.dido.ca >>>>>> 514-990-4444 >>>>>> >>>>>> >>>>>> >>>>>> Martin Hepworth wrote: >>>>>> >>>>>>> Rob >>>>>>> >>>>>>> As for the apt or source - depends on how often you want to >>>>>>> >>>>>> update....the >>>>>> >>>>>>> apt's can be a little behind a the monthly source updates..if >>>>>>> you're >>>>>>> >>>>>> happy >>>>>> >>>>>>> with apt for everything - esp moving to unstable then it's prob >>>>>>> to stick >>>>>>> with that. >>>>>>> >>>>>>> For the machine itself - make sure you've got at least 1GB per >>>>>>> CPU (that >>>>>>> includes HT as two CPUs etc). >>>>>>> >>>>>>> -- >>>>>>> Martin Hepworth >>>>>>> Snr Systems Administrator >>>>>>> Solid State Logic >>>>>>> Tel: +44 (0)1865 842300 >>>>>>> >>>>>>> >>>>>>> >>>>>>>> -----Original Message----- >>>>>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>>>>> [mailto:mailscanner- >>>>>>>> bounces@lists.mailscanner.info] On Behalf Of Rob Morin >>>>>>>> Sent: 18 April 2006 20:51 >>>>>>>> To: MailScanner discussion >>>>>>>> Subject: Changin MX machine to it's own, recommendations please... >>>>>>>> >>>>>>>> Hello.... >>>>>>>> >>>>>>>> I will be creating an MX(mailscanner Machine) all on its own >>>>>>>> to crunch >>>>>>>> away all those bad little emails... as the current MS is taking >>>>>>>> too >>>>>>>> >>>>>> much >>>>>> >>>>>>>> resources on my other machine.... >>>>>>>> >>>>>>>> So the question is, aside form OS which will be Debian and the >>>>>>>> hardware.... >>>>>>>> >>>>>>>> What setup should i do with respect to install MS and associated >>>>>>>> >>>>>> apps... >>>>>> >>>>>>>> Apt-get or source/compile/install... >>>>>>>> >>>>>>>> any other important things is should check out or know? >>>>>>>> >>>>>>>> Thanks too all.. >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> Rob Morin >>>>>>>> Dido InterNet Inc. >>>>>>>> Montreal, Canada >>>>>>>> Http://www.dido.ca >>>>>>>> 514-990-4444 >>>>>>>> >>>>>>>> -- >>>>>>>> MailScanner mailing list >>>>>>>> mailscanner@lists.mailscanner.info >>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>>> >>>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>>> >>>>>>> ********************************************************************** >>>>>>> >>>>>>> >>>>>>> This email and any files transmitted with it are confidential and >>>>>>> intended solely for the use of the individual or entity to whom >>>>>>> they >>>>>>> are addressed. If you have received this email in error please >>>>>>> notify >>>>>>> the system manager. >>>>>>> >>>>>>> This footnote confirms that this email message has been swept >>>>>>> for the presence of computer viruses and is believed to be clean. >>>>>>> >>>>>>> ********************************************************************** >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>> >>>>> >>>>> ********************************************************************** >>>>> >>>>> >>>>> This email and any files transmitted with it are confidential and >>>>> intended solely for the use of the individual or entity to whom they >>>>> are addressed. If you have received this email in error please notify >>>>> the system manager. >>>>> >>>>> This footnote confirms that this email message has been swept >>>>> for the presence of computer viruses and is believed to be clean. >>>>> ********************************************************************** >>>>> >>>>> >>>>> >>>> >>>> --MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> --Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> --This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> MailScanner thanks transtec Computers for their support. >>> >>> --MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> > From lhaig at haigmail.com Tue May 2 14:27:51 2006 From: lhaig at haigmail.com (Lance Haig) Date: Tue May 2 14:27:56 2006 Subject: metric version of 1000? In-Reply-To: References: <200605020900.10678.james@grayonline.id.au> <223f97700605020158l249dd6e4hd518e2ac7199a02d@mail.gmail.com> <200605021924.23422.james@grayonline.id.au> Message-ID: <44575E57.6030106@haigmail.com> everyone just loves a good discussion :-) Lance Jeff A. Earickson wrote: > Yup, lighten up guys. I did post this as a bit of humor, plus a > more general query about 2^x vs 10^x. If I want 2^10, I know what > to enter. The real question is "which two fingers do I count with?" > > Jeff Earickson > > On Tue, 2 May 2006, Julian Field wrote: > >> Date: Tue, 2 May 2006 10:40:33 +0100 >> From: Julian Field >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Re: metric version of 1000? >> >> You have to laugh about this thread, I knew it would happen. >> I say something as simple as state that 10x10x10=1000 and people get >> uppity about it. >> :-) >> >> Enough guys. 1000 = 1E3, not 2E10. Check the arithmetic with your >> calculator, I think you'll find I'm right :-) >> >> And whatever anyone says about the ability of my calculator to do >> basic arithmetic that any 7-year old child can do, I ain't changin' it... >> >> On 2 May 2006, at 10:24, James Gray wrote: >> >>> On Tue, 2 May 2006 06:58 pm, Glenn Steen wrote: >>> >>>> Why are you all "upset" about this? >>> >>> Are you replying to me? Or Jeff Earickson? Three things: >>> 1. I was reinforcing Julian's choice of using base-10 instead of base-2 >>> multipliers. I AGREE WITH JULIAN. >>> 2. I didn't mention anything about hard drive. >>> 3. I'm not bent out of shape about this. >>> >>> Cheers, >>> >>> James >>> -- >>> A penny saved is a penny to squander. >>> -- Ambrose Bierce >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! From martin.lyberg at gmail.com Tue May 2 14:55:23 2006 From: martin.lyberg at gmail.com (Martin) Date: Tue May 2 14:55:58 2006 Subject: TNEF decoder error Message-ID: Hi, I've noticed the following in my maillog today: May 2 15:33:00 mymachine postfix/smtpd[25300]: connect from [xxx.xxx.xxx.xxx] May 2 15:33:00 mymachine postfix/smtpd[25300]: 1B82C43E00: client=[xxx.xxx.xxx.xxx] May 2 15:33:00 mymachine postfix/cleanup[25301]: 1B82C43E00: hold: header Received: from [xxx.xxx.xxx.xxx])??by mymachine.id.local (Postfix) with ESMTP id 1B82C43E00??for ; from [xxx.xxx.xxx.xxx]; from= to= proto=ESMTP helo= May 2 15:33:00 mymachine postfix/cleanup[25301]: 1B82C43E00: hold: header Received: from user (xxx.xxx.xxx.xxx) by blabla (7.2.070)? id 444497C50036BC75 for user@domain.com; Tue, 2 May 2006 15:32:53 +0200 from [xxx.xxx.xxx.xxx]; from= to= proto=ESMTP helo= May 2 15:33:00 mymachine postfix/cleanup[25301]: 1B82C43E00: message-id= May 2 15:33:05 mymachine MailScanner[19118]: New Batch: Scanning 1 messages, 4733 bytes May 2 15:33:07 mymachine MailScanner[19118]: Expanding TNEF archive at /var/spool/MailScanner/incoming/19118/1B82C43E00.9B11B/winmail.dat May 2 15:33:07 mymachine MailScanner[25304]: TNEF decoder failed with real error: Can't run tnef decoder: No such file or directory at /usr/share/MailScanner/MailScanner/TNEF.pm line 237. What is wrong with this file, and how can i prevent this error? I've searched the logs and it seems like it only happens when there's a attcahment named winmail.dat. I'm using MailScanner 4.51.5. Thank you From dhawal at netmagicsolutions.com Tue May 2 15:04:39 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue May 2 15:04:48 2006 Subject: TNEF decoder error In-Reply-To: References: Message-ID: <445766F7.3000109@netmagicsolutions.com> Martin wrote: > Hi, > > I've noticed the following in my maillog today: > > May 2 15:33:07 mymachine MailScanner[19118]: Expanding TNEF archive at > /var/spool/MailScanner/incoming/19118/1B82C43E00.9B11B/winmail.dat > May 2 15:33:07 mymachine MailScanner[25304]: TNEF decoder failed with > real error: Can't run tnef decoder: No such file or directory at > /usr/share/MailScanner/MailScanner/TNEF.pm line 237. > > What is wrong with this file, and how can i prevent this error? I've > searched the logs and it seems like it only happens when there's a > attcahment named winmail.dat. Do you have the tnef utility installed? http://tnef.sf.net - dhawal > I'm using MailScanner 4.51.5. > > Thank you From martin.lyberg at gmail.com Tue May 2 15:11:39 2006 From: martin.lyberg at gmail.com (Martin) Date: Tue May 2 15:12:20 2006 Subject: TNEF decoder error In-Reply-To: <445766F7.3000109@netmagicsolutions.com> References: <445766F7.3000109@netmagicsolutions.com> Message-ID: Dhawal Doshy wrote: > Do you have the tnef utility installed? http://tnef.sf.net I haven't manually installed it, so no. Will install it right away. I'll let you know if it happens again. Thank you From root at doctor.nl2k.ab.ca Tue May 2 15:17:38 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Tue May 2 15:18:06 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: <20060501202659.GB29681@doctor.nl2k.ab.ca> References: <4455D3E9.8010405@ecs.soton.ac.uk> <20060501164854.GA17627@doctor.nl2k.ab.ca> <44564998.70902@ecs.soton.ac.uk> <20060501181320.GB28918@doctor.nl2k.ab.ca> <20060501202659.GB29681@doctor.nl2k.ab.ca> Message-ID: <20060502141738.GC20347@doctor.nl2k.ab.ca> On Mon, May 01, 2006 at 02:26:59PM -0600, Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > On Mon, May 01, 2006 at 11:37:09AM -0700, Scott Silva wrote: > > Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem > > spake the following on 5/1/2006 11:13 AM: > > > On Mon, May 01, 2006 at 06:47:04PM +0100, Julian Field wrote: > > Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem > > spake the following on 5/1/2006 11:13 AM: > > > On Mon, May 01, 2006 at 06:47:04PM +0100, Julian Field wrote: > > >> -----BEGIN PGP SIGNED MESSAGE----- > > >> Hash: SHA1 > > >> > > >> > > >> > > >> Dave Shariff Yadallee - System Administrator a.k.a. The Root of the > > >> Problem wrote: > > >>> On Mon, May 01, 2006 at 06:18:11PM +0200, Jim Holland wrote: > > >>> > > >>>> Hi Julian > > >>>> > > >>>> Thanks for the new version, however the links to the PGP signatures on > > >>>> your site give a 404 Not found error. Please check. > > >>>> > > >>>> Regards > > >>>> > > >>>> Jim Holland > > >>>> System Administrator > > >>>> MANGO - Zimbabwe's non-profit e-mail service > > >>>> > > >>>> On Mon, 1 May 2006, Julian Field wrote: > > >>>> > > >>>> > > >>>>> -----BEGIN PGP SIGNED MESSAGE----- > > >>>>> Hash: SHA1 > > >>>>> > > >>>>> I have just released the May release of MailScanner, version 4.53.6. > > >>>>> > > >>>>> The main new improvements this month are: > > >>>>> > > >>>>> - - Support for sa-update as provided with recent versions of SpamAssassin. > > >>>>> - - Support for the new format of headers files produced by Exim 4.61. > > >>>>> - - Many improvements to the handling of, and response to, Web Bugs. > > >>>>> - - Support for the "gunzip" command so that filetype and filename checks > > >>>>> can be done on compressed files created with either the "gzip" or > > >>>>> "compress" commands. > > >>>>> - - Support for numerical IP addresses in phishing.safe.sites.conf. Using > > >>>>> this, entire servers can be whitelisted with one entry, removing the > > >>>>> need to add every domain provided by that server. > > >>>>> - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that > > >>>>> entries can be written as "Max SpamAssassin Size = 30k" instead of > > >>>>> "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. > > >>>>> > > >>>>> You can download it as usual from > > >>>>> www.mailscanner.info > > >>>>> > > >>>>> The full Change Log is > > >>>>> > > >>>>> * New Features and Improvements * > > >>>>> - - Attachment extraction now checks for available disk space and a DoS attack > > >>>>> using messages with high expansion ratios will fail even quicker than it > > >>>>> did before. > > >>>>> - - Added new setting "SpamAssassin Local State Dir" to support the sa-update > > >>>>> tool provided with MailScanner these days, to provide a way of auto- > > >>>>> updating the core SpamAssassin rulesets. The default value is set to what > > >>>>> you need for Linux (/var/lib). > > >>>>> - - Added new cron job to run sa-update every night. The location of the > > >>>>> sa-update program is read from /etc/sysconfig/MailScanner. > > >>>>> - - Added support for new header -H file format in Exim 4.61. > > >>>>> - - Added 2 new configuration options "Gunzip Command" and "Gunzip Timeout" to > > >>>>> enable unpacking of gzip-ed files for filename and filetype checking. > > >>>>> Even if this is disabled, gzip-ed files will still be virus scanned. > > >>>>> - - Added support for numerical entries in phishing.safe.sites.conf file. > > >>>>> - - Added support for optional multipliers in numbers in MailScanner.conf. > > >>>>> So you can now write "50M" instead of "50000000". The multipliers > > >>>>> supported > > >>>>> are "k", "m" and "g" to denote 1 thousand, 1 million and 1 billion (10^9) > > >>>>> in upper or lower case. > > >>>>> You must *not* put any spaces between the number and the multiplier > > >>>>> character. > > >>>>> - - Added a new configuration option "Ignored Web Bug Filenames". This allows > > >>>>> you to whitelist a bunch of filenames that can appear in the URLs of > > >>>>> potential web bugs. So if you decide that all potential web bugs with > > >>>>> "spacer" or "pixel.gif" in the filename are just padding for page layout, > > >>>>> then you can make it ignore them by adding them to this list. A sample > > >>>>> list is provided in MailScanner.conf. > > >>>>> This is disabled by default, as spammers may start to use this as a means > > >>>>> of circumventing the Web Bug trap. > > >>>>> - - When Web Bugs are disarmed, the URL used to replace the original web bug > > >>>>> can now be set using the new configuration option "Web Bug Replacement". > > >>>>> If this is not specified, then the old value of "MailScannerWebBug" is > > >>>>> used. > > >>>>> The default value supplied in the MailScanner.conf file is the address of > > >>>>> an untracked 1x1 pixel transparent gif (51 bytes) hosted on the > > >>>>> MailScanner > > >>>>> web site. This will not be tracked other than to supply an overall > > >>>>> count of > > >>>>> the number of hits this image gets, for overall statistical purposes. > > >>>>> - - Added Razor2 to the list of plugins automatically enabled by the ClamAV+SA > > >>>>> easy-to-install package, due to the recent change in licence. Now if DCC > > >>>>> could go the same way... > > >>>>> * Fixes * > > >>>>> - - Fixed bug in DoS attack handler. Thanks for Jorge for this. > > >>>>> > > >>>>> - -- > > >>>>> Julian Field > > >>>>> www.MailScanner.info > > >>>>> Buy the MailScanner book at www.MailScanner.info/store > > >>>>> Professional Support Services at www.MailScanner.biz > > >>>>> MailScanner thanks transtec Computers for their support > > >>>>> > > >>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >>>>> > > >>>>> > > >>>>> -----BEGIN PGP SIGNATURE----- > > >>>>> Version: PGP Desktop 9.0.6 (Build 6060) > > >>>>> > > >>>>> iQA/AwUBRFXT6hH2WUcUFbZUEQJqkwCgnB2LzUyvYkHin3/aLN6I7WHsomMAn3au > > >>>>> BZyQSK0p+xYHKI8JQJk383/l > > >>>>> =qePP > > >>>>> -----END PGP SIGNATURE----- > > >>>>> > > >>>>> > > >>>>> > > >>>> -- > > >>>> MailScanner mailing list > > >>>> mailscanner@lists.mailscanner.info > > >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > > >>>> > > >>>> Before posting, read http://wiki.mailscanner.info/posting > > >>>> > > >>>> Support MailScanner development - buy the book off the website! > > >>>> > > >>>> -- > > >>>> This message has been scanned for viruses and > > >>>> dangerous content by MailScanner, and is > > >>>> believed to be clean. > > >>>> > > >>> > > >>> Julian is Filesys-Statvfs_Statfs_Df > > >>> > > >>> GOingto be intrical to MailScanner? > > >>> > > >> intrical? intrinsically critical? > > >>> If so, someone please tell me how I can correct: > > >>> > > >>> make test > > >>> PERL_DL_NONLAZY=1 /usr/bin/perl "-Iblib/lib" "-Iblib/arch" test.pl > > >>> 1..3 > > >>> /usr/bin/perl: can't resolve symbol 'statvfs' > > >>> Can't load 'blib/arch/auto/Filesys/Statvfs/Statvfs.so' for module Filesys::Statvfs: Unable to resolve symbol at /usr/libdata/perl5/5.8.8/i386-bsdos/DynaLoader.pm line 230. > > >>> at test.pl line 12 > > >>> Compilation failed in require at test.pl line 12. > > >>> BEGIN failed--compilation aborted at test.pl line 12. > > >>> not ok 1 > > >>> *** Error code 2 > > >>> > > >>> Stop. > > >> That's not good. Please file a bug with the author of Filesys::Df. It > > >> appears it fails under BSD :-( > > >> > > >> To work around it for now, find where Message.pm has been put on your > > >> BSD system (possibly /opt/MailScanner/lib/MailScanner/Message.pm or > > >> /usr/lib/MailScanner/MailScanner/Message.pm?) and edit it. > > >> > > >> Change line 1663 from > > >> my $df = df($dir, 1024); > > >> to > > >> my $df = undef; > > >> > > >> and then restart MailScanner. This will just eliminate the check. Make > > >> sure you don't run out of disk space :-) > > >> > > >> - -- > > > > > > Don't run out of Disk Space?? > > > > > > Can we have an explanation? > > That module reports on file system usage. MailScanner must use it to make sure > > there is adequate space before it does some options. > > > > Got you. Why not use /tmp? > Julian, As per your suggestion, I have been in contact with the Filesys-Statvfs_Statfs_Df developers. Just to let you know users of BsdOS 4.3.X and FreeBSD 4.X do not have sys/statvfs.h on their system. I had to nick the necessary files from a FreeBSD 5.X Box. I will let you know of the progress. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue May 2 16:24:20 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 2 16:24:35 2006 Subject: TNEF decoder error In-Reply-To: References: <445766F7.3000109@netmagicsolutions.com> Message-ID: <7C4E1EF8-F80C-4AA0-94B8-CD36F18B96A6@ecs.soton.ac.uk> On 2 May 2006, at 15:11, Martin wrote: > Dhawal Doshy wrote: > >> Do you have the tnef utility installed? http://tnef.sf.net > > I haven't manually installed it, so no. Will install it right away. > I'll let you know if it happens again. From the error message, it is trying to use the internal TNEF decoder. If you install the external one, you will need to edit the location of the TNEF expander in MailScanner.conf. Look for "TNEF" in MailScanner.conf and you will easily find it, together with a commented-out suggestion of what the line should be set to, to use the external decoder. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue May 2 16:25:56 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 2 16:26:17 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: <20060502141738.GC20347@doctor.nl2k.ab.ca> References: <4455D3E9.8010405@ecs.soton.ac.uk> <20060501164854.GA17627@doctor.nl2k.ab.ca> <44564998.70902@ecs.soton.ac.uk> <20060501181320.GB28918@doctor.nl2k.ab.ca> <20060501202659.GB29681@doctor.nl2k.ab.ca> <20060502141738.GC20347@doctor.nl2k.ab.ca> Message-ID: <3D90F0C4-457D-4425-B9FF-9774B9C72A27@ecs.soton.ac.uk> On 2 May 2006, at 15:17, Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > Julian, As per your suggestion, I have been in contact with the > Filesys-Statvfs_Statfs_Df developers. > > Just to let you know users of BsdOS 4.3.X and FreeBSD 4.X > do not have sys/statvfs.h on their system. I had to nick the > necessary files > from a FreeBSD 5.X Box. > > I will let you know of the progress. That's a trick worth knowing. Might be worth someone adding this to a relevant section of the Wiki please? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From martinh at solid-state-logic.com Tue May 2 16:37:37 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue May 2 16:37:45 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: <3D90F0C4-457D-4425-B9FF-9774B9C72A27@ecs.soton.ac.uk> Message-ID: <032401c66dfe$5741ab00$3004010a@martinhlaptop> Assuming you have a 5.x system lying around..... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 02 May 2006 16:26 > To: MailScanner discussion > Subject: Re: MailScanner ANNOUNCE: stable 4.53.6 released > > > On 2 May 2006, at 15:17, Dave Shariff Yadallee - System Administrator > a.k.a. The Root of the Problem wrote: > > > Julian, As per your suggestion, I have been in contact with the > > Filesys-Statvfs_Statfs_Df developers. > > > > Just to let you know users of BsdOS 4.3.X and FreeBSD 4.X > > do not have sys/statvfs.h on their system. I had to nick the > > necessary files > > from a FreeBSD 5.X Box. > > > > I will let you know of the progress. > > That's a trick worth knowing. Might be worth someone adding this to a > relevant section of the Wiki please? > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From root at doctor.nl2k.ab.ca Tue May 2 16:50:46 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Tue May 2 16:51:27 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: <032401c66dfe$5741ab00$3004010a@martinhlaptop> References: <3D90F0C4-457D-4425-B9FF-9774B9C72A27@ecs.soton.ac.uk> <032401c66dfe$5741ab00$3004010a@martinhlaptop> Message-ID: <20060502155046.GB9795@doctor.nl2k.ab.ca> On Tue, May 02, 2006 at 04:37:37PM +0100, Martin Hepworth wrote: > Assuming you have a 5.x system lying around..... > FreeBSD 5.X?? Just get yourself an iso from http://www.freebsd.org . > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Julian Field > > Sent: 02 May 2006 16:26 > > To: MailScanner discussion > > Subject: Re: MailScanner ANNOUNCE: stable 4.53.6 released > > > > > > On 2 May 2006, at 15:17, Dave Shariff Yadallee - System Administrator > > a.k.a. The Root of the Problem wrote: > > > > > Julian, As per your suggestion, I have been in contact with the > > > Filesys-Statvfs_Statfs_Df developers. > > > > > > Just to let you know users of BsdOS 4.3.X and FreeBSD 4.X > > > do not have sys/statvfs.h on their system. I had to nick the > > > necessary files > > > from a FreeBSD 5.X Box. > > > > > > I will let you know of the progress. > > > > That's a trick worth knowing. Might be worth someone adding this to a > > relevant section of the Wiki please? > > > > -- > > Julian Field > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > MailScanner thanks transtec Computers for their support. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Tue May 2 16:51:32 2006 From: alex at nkpanama.com (Alex Neuman) Date: Tue May 2 16:51:51 2006 Subject: {Spam?} Re: Changin MX machine to it's own, recommendations please... In-Reply-To: <44575CD4.9010700@thehostmasters.com> References: <013b01c66870$70632750$3004010a@martinhlaptop> <444E2D43.8020008@thehostmasters.com> <444E60D2.3090107@thehostmasters.com> <444E6B07.8040905@thehostmasters.com> <44575CD4.9010700@thehostmasters.com> Message-ID: <44578004.2020003@nkpanama.com> Rob Morin escribi?: > do not scan for spam ro virus for any email coming form this machine > IP? as i need the load to go done on the older machine and do not want > MS being used for anything other than email going out form web apps on > the server.... The problem is that Web Apps running on the server (like a PHP-based CMS for example) will send mail that appears to come from 127.0.0.1 if the webpage is running on the same server MailScanner is running, so whitelisting that IP will mean that if your server is compromised it will send out bad e-mails without any sort of control. Otherwise you can use "scan messages" along with a ruleset to avoid scanning local messages. From maillists at conactive.com Tue May 2 16:56:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue May 2 16:56:24 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released In-Reply-To: <032401c66dfe$5741ab00$3004010a@martinhlaptop> References: <032401c66dfe$5741ab00$3004010a@martinhlaptop> Message-ID: Martin Hepworth wrote on Tue, 2 May 2006 16:37:37 +0100: > Assuming you have a 5.x system lying around..... So, better provide that header file as well ;-) Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Tue May 2 16:56:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue May 2 16:56:25 2006 Subject: TNEF decoder error In-Reply-To: References: Message-ID: Martin wrote on Tue, 02 May 2006 15:55:23 +0200: > I'm using MailScanner 4.51.5. Latest MailScanner has a newer tnef.rpm (1.4). Might work better or might break your setup. Julian? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Tue May 2 17:10:29 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 2 17:10:49 2006 Subject: TNEF decoder error In-Reply-To: References: Message-ID: On 2 May 2006, at 16:56, Kai Schaetzl wrote: > Martin wrote on Tue, 02 May 2006 15:55:23 +0200: > >> I'm using MailScanner 4.51.5. > > Latest MailScanner has a newer tnef.rpm (1.4). Might work better or > might > break your setup. Julian? It shouldn't break anything. I have yet to see any problems with the tnef utility from SourceForge. More recent versions do a better job and support more variants of TNEF, of which there are many :-( -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From rob at thehostmasters.com Tue May 2 17:20:16 2006 From: rob at thehostmasters.com (Rob Morin) Date: Tue May 2 17:20:22 2006 Subject: {Spam?} Re: Changin MX machine to it's own, recommendations please... In-Reply-To: <44578004.2020003@nkpanama.com> References: <013b01c66870$70632750$3004010a@martinhlaptop> <444E2D43.8020008@thehostmasters.com> <444E60D2.3090107@thehostmasters.com> <444E6B07.8040905@thehostmasters.com> <44575CD4.9010700@thehostmasters.com> <44578004.2020003@nkpanama.com> Message-ID: <445786C0.9010600@thehostmasters.com> Right thats not the problem... i want to leave it scan locally made messages... but i do not want to scan messages coming in from a certain IP.... i have this in the rules files.... From: 192.186.63.158 yes in both .. spam.whitelist.rules virus.scanning.rules so that no scanning takes place from that IP ONLY all others will get scanned.... but what i do not know is, does it still scan and it adds a negative score to the email or does it simply say, "Oh, its in my whitle list, i won't bother to scan it" as then the actual scan process and SA process will still run , and still take cpu away from the machine.... Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Alex Neuman wrote: > Rob Morin escribi?: >> do not scan for spam ro virus for any email coming form this machine >> IP? as i need the load to go done on the older machine and do not >> want MS being used for anything other than email going out form web >> apps on the server.... > The problem is that Web Apps running on the server (like a PHP-based > CMS for example) will send mail that appears to come from 127.0.0.1 if > the webpage is running on the same server MailScanner is running, so > whitelisting that IP will mean that if your server is compromised it > will send out bad e-mails without any sort of control. > > Otherwise you can use "scan messages" along with a ruleset to avoid > scanning local messages. From dpowell at lssi.net Tue May 2 17:27:05 2006 From: dpowell at lssi.net (Darrin Powell) Date: Tue May 2 17:28:27 2006 Subject: Allow Password-Protected Archives Message-ID: <1146587225.2415.32.camel@powell> Allow Password-Protected Archives = yes however password protected zip archives are still getting blocked. Any help would be greatly appreciated. Thanks -- Darrin Powell, CISSP LSSi Corp. Security Administrator Office (919) 466-6803 From ssilva at sgvwater.com Tue May 2 17:31:15 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 2 17:31:38 2006 Subject: metric version of 1000? In-Reply-To: <44575E57.6030106@haigmail.com> References: <200605020900.10678.james@grayonline.id.au> <223f97700605020158l249dd6e4hd518e2ac7199a02d@mail.gmail.com> <200605021924.23422.james@grayonline.id.au> <44575E57.6030106@haigmail.com> Message-ID: Lance Haig spake the following on 5/2/2006 6:27 AM: > everyone just loves a good discussion :-) > > Lance I'm glad someone didn't start with "boxer's" vs "briefs" ;-) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From martinh at solid-state-logic.com Tue May 2 17:37:26 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue May 2 17:37:33 2006 Subject: Allow Password-Protected Archives In-Reply-To: <1146587225.2415.32.camel@powell> Message-ID: <034d01c66e06$b2242450$3004010a@martinhlaptop> Darrin Whats the message you get for the bounce - it could be the anti-virus program is complaining... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Darrin Powell > Sent: 02 May 2006 17:27 > To: MailScanner discussion > Subject: Allow Password-Protected Archives > > Allow Password-Protected Archives = yes > > however password protected zip archives are still getting blocked. Any > help would be greatly appreciated. > > > > Thanks > -- > Darrin Powell, CISSP > LSSi Corp. > Security Administrator > Office (919) 466-6803 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Tue May 2 17:39:22 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue May 2 17:39:29 2006 Subject: metric version of 1000? In-Reply-To: Message-ID: <034e01c66e06$f7604b20$3004010a@martinhlaptop> Or emacs vs vi ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Scott Silva > Sent: 02 May 2006 17:31 > To: mailscanner@lists.mailscanner.info > Subject: Re: metric version of 1000? > > Lance Haig spake the following on 5/2/2006 6:27 AM: > > everyone just loves a good discussion :-) > > > > Lance > I'm glad someone didn't start with "boxer's" vs "briefs" ;-) > > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From dpowell at lssi.net Tue May 2 17:48:25 2006 From: dpowell at lssi.net (Darrin Powell) Date: Tue May 2 17:49:41 2006 Subject: Allow Password-Protected Archives In-Reply-To: <034d01c66e06$b2242450$3004010a@martinhlaptop> References: <034d01c66e06$b2242450$3004010a@martinhlaptop> Message-ID: <1146588506.2415.42.camel@powell> Below is the message: > At Tue May 2 10:28:52 2006 the virus scanner said: > Password protected file eda10kp.zip/eda10kp.inp Thanks -- Darrin Powell, CISSP LSSi Corp. Security Administrator Office (919) 466-6803 On Tue, 2006-05-02 at 17:37 +0100, Martin Hepworth wrote: > Darrin > > Whats the message you get for the bounce - it could be the anti-virus > program is complaining... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Darrin Powell > > Sent: 02 May 2006 17:27 > > To: MailScanner discussion > > Subject: Allow Password-Protected Archives > > > > Allow Password-Protected Archives = yes > > > > however password protected zip archives are still getting blocked. Any > > help would be greatly appreciated. > > > > > > > > Thanks > > -- > > Darrin Powell, CISSP > > LSSi Corp. > > Security Administrator > > Office (919) 466-6803 > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > -- Darrin Powell, CISSP LSSi Corp. Security Administrator Office (919) 466-6803 From ricardo at memosis.pt Tue May 2 18:07:15 2006 From: ricardo at memosis.pt (Ricardo Aguiar) Date: Tue May 2 18:07:34 2006 Subject: Syntax error in rule file. Message-ID: <33BE89CA8898784C9A2A7287325EE45F0E30FA@RUBY.memosis.pt> Hi, I just upgraded from version '4.51.6' to '4.53.6' and I'm using a rule file to control filenames per domain. After running "MailScanner -lint" with the new version installed I get: Syntax error in line 1 of ruleset file /etc/MailScanner/filename.rules.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2265 Syntax error in line 2 of ruleset file /etc/MailScanner/filename.rules.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2265 Found syntax errors in /etc/MailScanner/filename.rules.rules. at /usr/lib/MailScanner/MailScanner/Config.pm line 2120 Read 717 hostnames from the phishing whitelist Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. ### filename.rules.rules ### FromOrTo: domain.com /etc/MailScanner/filename.no.rules.conf FromOrTo: default /etc/MailScanner/filename.rules.conf This file is unchanged and work perfectly with version '4.51.6'. Thanks in advanced for any help. ______________________________________ | Ricardo d'Aguiar | | |- | EMail .: ricardo@memosis.pt |#| ?????????????????????????????????????? #| |#######################################| ??????????????????????????????????????? From martinh at solid-state-logic.com Tue May 2 18:10:58 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue May 2 18:11:06 2006 Subject: Syntax error in rule file. In-Reply-To: <33BE89CA8898784C9A2A7287325EE45F0E30FA@RUBY.memosis.pt> Message-ID: <035901c66e0b$6199e8d0$3004010a@martinhlaptop> Ricardo And what does /etc/MailScanner/filename.rules.conf contain? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ricardo Aguiar > Sent: 02 May 2006 18:07 > To: mailscanner@lists.mailscanner.info > Subject: Syntax error in rule file. > > Hi, > > I just upgraded from version '4.51.6' to '4.53.6' and I'm using a rule > file to control filenames per domain. > > After running "MailScanner -lint" with the new version installed I get: > > Syntax error in line 1 of ruleset file > /etc/MailScanner/filename.rules.rules at > /usr/lib/MailScanner/MailScanner/Config.pm line 2265 > Syntax error in line 2 of ruleset file > /etc/MailScanner/filename.rules.rules at > /usr/lib/MailScanner/MailScanner/Config.pm line 2265 > Found syntax errors in /etc/MailScanner/filename.rules.rules. at > /usr/lib/MailScanner/MailScanner/Config.pm line 2120 > Read 717 hostnames from the phishing whitelist > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > > > ### filename.rules.rules ### > FromOrTo: domain.com /etc/MailScanner/filename.no.rules.conf > FromOrTo: default /etc/MailScanner/filename.rules.conf > > > This file is unchanged and work perfectly with version '4.51.6'. > > Thanks in advanced for any help. > > ______________________________________ > | Ricardo d'Aguiar | > | |- > | EMail .: ricardo@memosis.pt |#| > ?????????????????????????????????????? #| > |#######################################| > ??????????????????????????????????????? > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From chris at tac.esi.net Tue May 2 18:11:52 2006 From: chris at tac.esi.net (Chris Hammond) Date: Tue May 2 18:12:06 2006 Subject: Syntax error in rule file. In-Reply-To: <33BE89CA8898784C9A2A7287325EE45F0E30FA@RUBY.memosis.pt> References: <33BE89CA8898784C9A2A7287325EE45F0E30FA@RUBY.memosis.pt> Message-ID: <44575A98.B662.0038.0@tac.esi.net> If I remember correctly, tabs need to be used and not spaces. Check that and try it again. Chris >>> ricardo@memosis.pt 05/02/06 1:07 pm >>> Hi, I just upgraded from version '4.51.6' to '4.53.6' and I'm using a rule file to control filenames per domain. After running "MailScanner - lint" with the new version installed I get: Syntax error in line 1 of ruleset file /etc/MailScanner/filename.rules.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2265 Syntax error in line 2 of ruleset file /etc/MailScanner/filename.rules.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2265 Found syntax errors in /etc/MailScanner/filename.rules.rules. at /usr/lib/MailScanner/MailScanner/Config.pm line 2120 Read 717 hostnames from the phishing whitelist Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. ### filename.rules.rules ### FromOrTo: domain.com /etc/MailScanner/filename.no.rules.conf FromOrTo: default /etc/MailScanner/filename.rules.conf This file is unchanged and work perfectly with version '4.51.6'. Thanks in advanced for any help. ______________________________________ | Ricardo d'Aguiar | | |- | EMail .: ricardo@memosis.pt |#| ?????????????????????????????????????? #| |#######################################| ??????????????????????????????????????? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ricardo at memosis.pt Tue May 2 18:16:58 2006 From: ricardo at memosis.pt (Ricardo Aguiar) Date: Tue May 2 18:17:21 2006 Subject: Syntax error in rule file. Message-ID: <33BE89CA8898784C9A2A7287325EE45F0E30FD@RUBY.memosis.pt> I am using tabs. But I already tried both. -----Original Message----- From: Chris Hammond [mailto:chris@tac.esi.net] Sent: ter?a-feira, 2 de Maio de 2006 18:12 To: mailscanner@lists.mailscanner.info; Ricardo Aguiar Subject: Re: Syntax error in rule file. If I remember correctly, tabs need to be used and not spaces. Check that and try it again. Chris >>> ricardo@memosis.pt 05/02/06 1:07 pm >>> Hi, I just upgraded from version '4.51.6' to '4.53.6' and I'm using a rule file to control filenames per domain. After running "MailScanner - lint" with the new version installed I get: Syntax error in line 1 of ruleset file /etc/MailScanner/filename.rules.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2265 Syntax error in line 2 of ruleset file /etc/MailScanner/filename.rules.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2265 Found syntax errors in /etc/MailScanner/filename.rules.rules. at /usr/lib/MailScanner/MailScanner/Config.pm line 2120 Read 717 hostnames from the phishing whitelist Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. ### filename.rules.rules ### FromOrTo: domain.com /etc/MailScanner/filename.no.rules.conf FromOrTo: default /etc/MailScanner/filename.rules.conf This file is unchanged and work perfectly with version '4.51.6'. Thanks in advanced for any help. ______________________________________ | Ricardo d'Aguiar | | |- | EMail .: ricardo@memosis.pt |#| ?????????????????????????????????????? #| |#######################################| ??????????????????????????????????????? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ricardo at memosis.pt Tue May 2 18:18:18 2006 From: ricardo at memosis.pt (Ricardo Aguiar) Date: Tue May 2 18:18:38 2006 Subject: Syntax error in rule file. Message-ID: <33BE89CA8898784C9A2A7287325EE45F0E30FE@RUBY.memosis.pt> The filename.rules.conf is the original that cames with MailScanner 4.53.6-1. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: ter?a-feira, 2 de Maio de 2006 18:11 To: 'MailScanner discussion' Subject: RE: Syntax error in rule file. Ricardo And what does /etc/MailScanner/filename.rules.conf contain? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ricardo Aguiar > Sent: 02 May 2006 18:07 > To: mailscanner@lists.mailscanner.info > Subject: Syntax error in rule file. > > Hi, > > I just upgraded from version '4.51.6' to '4.53.6' and I'm using a rule > file to control filenames per domain. > > After running "MailScanner -lint" with the new version installed I get: > > Syntax error in line 1 of ruleset file > /etc/MailScanner/filename.rules.rules at > /usr/lib/MailScanner/MailScanner/Config.pm line 2265 Syntax error in > line 2 of ruleset file /etc/MailScanner/filename.rules.rules at > /usr/lib/MailScanner/MailScanner/Config.pm line 2265 Found syntax > errors in /etc/MailScanner/filename.rules.rules. at > /usr/lib/MailScanner/MailScanner/Config.pm line 2120 Read 717 > hostnames from the phishing whitelist Checking for SpamAssassin errors > (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database SpamAssassin reported no > errors. > > > ### filename.rules.rules ### > FromOrTo: domain.com /etc/MailScanner/filename.no.rules.conf > FromOrTo: default /etc/MailScanner/filename.rules.conf > > > This file is unchanged and work perfectly with version '4.51.6'. > > Thanks in advanced for any help. > > ______________________________________ > | Ricardo d'Aguiar | > | |- > | EMail .: ricardo@memosis.pt |#| > ?????????????????????????????????????? #| > |#######################################| > ??????????????????????????????????????? > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 2 19:20:53 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 2 19:21:09 2006 Subject: {Spam?} Re: Changin MX machine to it's own, recommendations please... In-Reply-To: <445786C0.9010600@thehostmasters.com> References: <013b01c66870$70632750$3004010a@martinhlaptop> <444E2D43.8020008@thehostmasters.com> <444E60D2.3090107@thehostmasters.com> <444E6B07.8040905@thehostmasters.com> <44575CD4.9010700@thehostmasters.com> <44578004.2020003@nkpanama.com> <445786C0.9010600@thehostmasters.com> Message-ID: <4457A305.3090203@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rob Morin wrote: > Right thats not the problem... i want to leave it scan locally made > messages... but i do not want to scan messages coming in from a > certain IP.... i have this in the rules files.... > From: 192.186.63.158 yes > > in both .. > > spam.whitelist.rules > virus.scanning.rules The spam.whitelist.rules is attached to the "Is Definitely Not Spam" option. So if it says "yes", it means that mail from that IP "is definitely not spam", which is what you want. But if you attach the same line to "Virus Scanning", the "yes" means that the result of this line is for mail from this IP to say "Virus Scanning = yes", which is apparently not what you want. Rulesets are really very simple. They supply a different result value for the configuration setting they are attached to, depending on criteria about where the email message came from or is going to. So if you say From: 1.2.3.4 yes To: mydomain.com no then if you get mail from the IP address 1.2.3.4 then it's equivalent to saying Config Option = yes for whatever option the ruleset is attached to. If the mail you get is addressed to some-user@mydomain.com, then it's equivalent to saying Config Option = no for whatever option the ruleset is attached to. You attach a ruleset to an option by replacing Config Option = yes (for example) with Config Option = /path/to/ruleset/file.rules That's it. That's all there is to it. I have tried to explain it to death and give examples in the distribution, the docs, the wiki and the book. But still people don't get it. Maybe they don't read the docs? At that point, there's not much I can do. > > so that no scanning takes place from that IP ONLY all others will get > scanned.... but what i do not know is, does it still scan and it adds > a negative score to the email or does it simply say, "Oh, its in my > whitle list, i won't bother to scan it" as then the actual scan > process and SA process will still run , and still take cpu away from > the machine.... > > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > > > Alex Neuman wrote: >> Rob Morin escribi?: >>> do not scan for spam ro virus for any email coming form this machine >>> IP? as i need the load to go done on the older machine and do not >>> want MS being used for anything other than email going out form web >>> apps on the server.... >> The problem is that Web Apps running on the server (like a PHP-based >> CMS for example) will send mail that appears to come from 127.0.0.1 >> if the webpage is running on the same server MailScanner is running, >> so whitelisting that IP will mean that if your server is compromised >> it will send out bad e-mails without any sort of control. >> >> Otherwise you can use "scan messages" along with a ruleset to avoid >> scanning local messages. > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFejBhH2WUcUFbZUEQK7MgCeNQ62qvOiEwQrLDzq7eKOfq0qZSAAoPLz Y3l8vRtltcnoAajNCo+JdKBo =3P7C -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue May 2 19:25:45 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 2 19:25:57 2006 Subject: Allow Password-Protected Archives In-Reply-To: <1146588506.2415.42.camel@powell> References: <034d01c66e06$b2242450$3004010a@martinhlaptop> <1146588506.2415.42.camel@powell> Message-ID: <4457A429.8050707@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Darrin Powell wrote: > Below is the message: > > > >> At Tue May 2 10:28:52 2006 the virus scanner said: >> Password protected file eda10kp.zip/eda10kp.inp >> So it's actually saying that the file eda10kp.inp is password-protected, not the zip file at all. If it was a password-protected archive blah.zip, it would have said that :-) If you are using Sophos, then you will find there is a configuration option to set allowed messages from Sophos. What virus scanners are you using? And what type of file is eda10kp.inp? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFekKxH2WUcUFbZUEQKdOACggn3N2pmXxQXLv8dizEhYqJB6s1YAniCS /K41sRknsPmfP3P3dr0h5jD7 =jIud -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue May 2 19:27:25 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 2 19:27:36 2006 Subject: metric version of 1000? In-Reply-To: <034e01c66e06$f7604b20$3004010a@martinhlaptop> References: <034e01c66e06$f7604b20$3004010a@martinhlaptop> Message-ID: <4457A48D.7060604@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Religious discussion detected! Woop! Woop! Woop! Martin Hepworth wrote: > Or emacs vs vi ;-) > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFekjhH2WUcUFbZUEQJjbgCeNSE3+VBq+EvUjzvOz88Z+egRK9EAniZh ExIKHmHc/Kcn7VsDkKKBfF/M =g0aN -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue May 2 19:29:10 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 2 19:29:29 2006 Subject: Syntax error in rule file. In-Reply-To: <44575A98.B662.0038.0@tac.esi.net> References: <33BE89CA8898784C9A2A7287325EE45F0E30FA@RUBY.memosis.pt> <44575A98.B662.0038.0@tac.esi.net> Message-ID: <4457A4F6.1090102@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The only files needing tabs are filename.rules.conf and filetype.rules.conf. That's why I called them *.conf and not *.rules. But I admit it can be a tad confusing, sorry. It's kinda set in stone now :-( Chris Hammond wrote: > If I remember correctly, tabs need to be used and not spaces. Check that and try it again. > > Chris > > >>>> ricardo@memosis.pt 05/02/06 1:07 pm >>> >>>> > Hi, > > I just upgraded from version '4.51.6' to '4.53.6' and I'm using a rule file to control filenames per domain. > > After running "MailScanner - lint" with the new version installed I get: > > Syntax error in line 1 of ruleset file /etc/MailScanner/filename.rules.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2265 > Syntax error in line 2 of ruleset file /etc/MailScanner/filename.rules.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2265 > Found syntax errors in /etc/MailScanner/filename.rules.rules. at /usr/lib/MailScanner/MailScanner/Config.pm line 2120 > Read 717 hostnames from the phishing whitelist > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > > > ### filename.rules.rules ### > FromOrTo: domain.com /etc/MailScanner/filename.no.rules.conf > FromOrTo: default /etc/MailScanner/filename.rules.conf > > > This file is unchanged and work perfectly with version '4.51.6'. > > Thanks in advanced for any help. > > ______________________________________ > | Ricardo d'Aguiar | > | |- > | EMail .: ricardo@memosis.pt |#| > ?????????????????????????????????????? #| > |#######################################| > ??????????????????????????????????????? > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFek9xH2WUcUFbZUEQIoZACgiqhuCqBgwCOXbwh98JTAiAEGCL0An2QK Yexj1/iulCETHEJBPTAEAw9O =/bEY -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From Kevin_Miller at ci.juneau.ak.us Tue May 2 19:38:57 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue May 2 19:39:03 2006 Subject: metric version of 1000? Message-ID: Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Religious discussion detected! > Woop! Woop! Woop! > > Martin Hepworth wrote: >> Or emacs vs vi ;-) >> Yeah. Now about this top-posting thing... ;-) ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From MailScanner at ecs.soton.ac.uk Tue May 2 19:39:39 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 2 19:40:40 2006 Subject: Syntax error in rule file. In-Reply-To: <33BE89CA8898784C9A2A7287325EE45F0E30FA@RUBY.memosis.pt> References: <33BE89CA8898784C9A2A7287325EE45F0E30FA@RUBY.memosis.pt> Message-ID: <4457A76B.4000909@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Very odd. I can't reproduce it. Can you add to Config.pm print STDERR "internalvalue = \"$internalvalue\" and settype = \"$settype\"\n"; just before line 2225. Then do a "MailScanner -debug" and let me know what this line prints. Either that, or mail me off-list with remote login details and root password for your system, and I'll take a look after I've eaten my dinner. Ricardo Aguiar wrote: > Hi, > > I just upgraded from version '4.51.6' to '4.53.6' and I'm using a rule file to control filenames per domain. > > After running "MailScanner -lint" with the new version installed I get: > > Syntax error in line 1 of ruleset file /etc/MailScanner/filename.rules.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2265 > Syntax error in line 2 of ruleset file /etc/MailScanner/filename.rules.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2265 > Found syntax errors in /etc/MailScanner/filename.rules.rules. at /usr/lib/MailScanner/MailScanner/Config.pm line 2120 > Read 717 hostnames from the phishing whitelist > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > > > ### filename.rules.rules ### > FromOrTo: domain.com /etc/MailScanner/filename.no.rules.conf > FromOrTo: default /etc/MailScanner/filename.rules.conf > > > This file is unchanged and work perfectly with version '4.51.6'. > > Thanks in advanced for any help. > > ______________________________________ > | Ricardo d'Aguiar | > | |- > | EMail .: ricardo@memosis.pt |#| > ?????????????????????????????????????? #| > |#######################################| > ??????????????????????????????????????? > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFenbBH2WUcUFbZUEQJ2TgCfa9se7V7yyq77ES2oWC3xfHOOv0IAmQGT ilWwsL3DITfKNDI3Un/ZCWKO =bERL -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mailscanner at mango.zw Tue May 2 19:40:12 2006 From: mailscanner at mango.zw (Jim Holland) Date: Tue May 2 19:43:13 2006 Subject: Syntax error in rule file. In-Reply-To: <33BE89CA8898784C9A2A7287325EE45F0E30FA@RUBY.memosis.pt> Message-ID: On Tue, 2 May 2006, Ricardo Aguiar wrote: > I just upgraded from version '4.51.6' to '4.53.6' and I'm using a rule file to control filenames per domain. > > After running "MailScanner -lint" with the new version installed I get: > > Syntax error in line 1 of ruleset file /etc/MailScanner/filename.rules.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2265 > Syntax error in line 2 of ruleset file /etc/MailScanner/filename.rules.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2265 > Found syntax errors in /etc/MailScanner/filename.rules.rules. at /usr/lib/MailScanner/MailScanner/Config.pm line 2120 > Read 717 hostnames from the phishing whitelist > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > > > ### filename.rules.rules ### > FromOrTo: domain.com /etc/MailScanner/filename.no.rules.conf > FromOrTo: default /etc/MailScanner/filename.rules.conf > > > This file is unchanged and work perfectly with version '4.51.6'. I would start with the MailScanner.conf file: What is the "Filename Rules" line? The default is: Filename Rules = %etc-dir%/filename.rules.conf If you are using a ruleset for this, then the logical entry would be: Filename Rules = %rules-dir%/filename.rules However your ruleset filename is filename.rules.rules, in which case the corresponding line should be: Filename Rules = %rules-dir%/filename.rules.rules and the above file should be located in say /etc/MailScanner/rules. However your error message refers to: syntax errors in /etc/MailScanner/filename.rules.rules which means that you are referring to a ruleset file that is in your configuration directory rather than a separate rules directory. This can lead to confusion - I would recommend putting ruleset files in the default /etc/MailScanner/rules directory. You may find that you have files with the same name in two different locations, so causing more confusion. I would also recommend sticking to using the standard variables: %etc-dir% and %rules-dir% in your config and rules files, instead of listing the full path. That way it should be more obvious when a mistake has been made in putting a ruleset file in the config directory or vice versa. Check that all the above makes sense and that you are referring to the correct files throughout. I suspect that that is where your error lies. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From martinh at solid-state-logic.com Tue May 2 20:46:05 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue May 2 20:46:29 2006 Subject: Syntax error in rule file. In-Reply-To: <33BE89CA8898784C9A2A7287325EE45F0E30FE@RUBY.memosis.pt> Message-ID: <000001c66e21$0f7e0110$4101a8c0@martinhlaptop> Ricardo My 4.53.5 has the following at the start of this file......... > more filename.rules.conf # # NOTE: Fields are separated by TAB characters --- Important! # # Syntax is allow/deny/deny+delete, then regular expression, then log text, # then user report text. # # Due to a bug in Outlook Express, you can make the 2nd from last extension # be what is used to run the file. So very long filenames must be denied, # regardless of the final extension. deny .{150,} Very long filename, possible OE attack Very long filenames are good signs of attacks against Microsoft e-mail packages # JKF 01/01/2006 Another Microsoft security vulnerability deny \.wmf$ Windows Metafile security vulnerability Possible format attack in Windows # JKF 04/01/2005 More Microsoft security vulnerabilities deny \.bmp$ Windows bitmap file security vulnerability Possible buffer overflow in Windows deny \.ico$ Windows icon file security vulnerability Possible buffer overflow in Windows Watch out for line breaks etc in the above though... how does yours compare? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ricardo Aguiar > Sent: 02 May 2006 18:18 > To: MailScanner discussion > Subject: RE: Syntax error in rule file. > > The filename.rules.conf is the original that cames with MailScanner > 4.53.6-1. > > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth > Sent: ter?a-feira, 2 de Maio de 2006 18:11 > To: 'MailScanner discussion' > Subject: RE: Syntax error in rule file. > > Ricardo > > And what does /etc/MailScanner/filename.rules.conf contain? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Ricardo Aguiar > > Sent: 02 May 2006 18:07 > > To: mailscanner@lists.mailscanner.info > > Subject: Syntax error in rule file. > > > > Hi, > > > > I just upgraded from version '4.51.6' to '4.53.6' and I'm using a rule > > file to control filenames per domain. > > > > After running "MailScanner -lint" with the new version installed I get: > > > > Syntax error in line 1 of ruleset file > > /etc/MailScanner/filename.rules.rules at > > /usr/lib/MailScanner/MailScanner/Config.pm line 2265 Syntax error in > > line 2 of ruleset file /etc/MailScanner/filename.rules.rules at > > /usr/lib/MailScanner/MailScanner/Config.pm line 2265 Found syntax > > errors in /etc/MailScanner/filename.rules.rules. at > > /usr/lib/MailScanner/MailScanner/Config.pm line 2120 Read 717 > > hostnames from the phishing whitelist Checking for SpamAssassin errors > > (if you use it)... > > Using SpamAssassin results cache > > Connected to SpamAssassin cache database SpamAssassin reported no > > errors. > > > > > > ### filename.rules.rules ### > > FromOrTo: domain.com /etc/MailScanner/filename.no.rules.conf > > FromOrTo: default /etc/MailScanner/filename.rules.conf > > > > > > This file is unchanged and work perfectly with version '4.51.6'. > > > > Thanks in advanced for any help. > > > > ______________________________________ > > | Ricardo d'Aguiar | > > | |- > > | EMail .: ricardo@memosis.pt |#| > > ?????????????????????????????????????? #| > > |#######################################| > > ??????????????????????????????????????? > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From mailscanner at lists.com.ar Tue May 2 22:09:39 2006 From: mailscanner at lists.com.ar (Leonardo Helman) Date: Tue May 2 22:09:29 2006 Subject: ReadMessageHandle question Message-ID: Hi I've been away from the list for a while. For all the people out there using zmailer+mailscanner (me) I'm porting now some of the last enhacenmnets. I'm very interested in ReadMessageHandle modif But I saw two things I don't understand very well Julian, inside that function, when you wrote this code: my $dhandle = $this->{dpath}; .. sysseek($dhandle, 0, 0); # Rewind the file .. copy($dhandle , $handle); .. sysseek($dhandle, 0, 0); # Rewind the file but in the "constructor", it is written like: $this->{dpath} = $dir . '/' . $this->{dname}; So, this is a file, not really a handle, right? so the sysseek are pointless. Or am I forgetting something? Other thing: In Message.pm, when you wrote: if (!$entity && !MIME::Entity::MailScannerCounter()>=$maxparts) { unless ($this->{dpath}) { Isn't $this->{dpath} always the name of the datafile (at least for sendmail, I really didn't look much of the code for the others), so this "unless" is always false (so it could be eliminated)? Last but not least, I think, we have to change Messages.pm a little and move to the DiskStores the references to $this->{dpath}, like we have done when I sent to you the zmailer parts. For those changes for example look, in SMDiskStore.pm, look for: "# LEOH 26/03/2003 We do not have dpath in other mailers" (more than 3 years wow!) I'm thinking something in the line of getFileNameToLog or something, I don't remember, but I think, we have done something like that. I'm sorry that I couldn't do this port when you change that code for the others, but tomorrow (I hope) I'll finish, test and send to you this patch Saludos -- Leonardo Helman Pert Consultores Argentina From combs at magnet.fsu.edu Tue May 2 22:30:42 2006 From: combs at magnet.fsu.edu (Tom Combs) Date: Tue May 2 22:30:49 2006 Subject: Rules and Mailing lists Message-ID: <4457CF82.6030406@magnet.fsu.edu> Hello, It appears that when setting a ruleset involving the From field when sending to a Mailman email list is not as straight forward as one would think. I have a user, joe@magnet.fsu.edu who was sending an email with an html script to the blah@magnet.fsu.edu list. Naturally it was getting blocked for content. So I thought no problem, I'll set up a Scan Messages ruleset that exempts email from joe@magnet from being scanned: From: joe@magnet.fsu.edu no FromOrTo: default yes This works great when sending to individuals but doesn't work when sending to a listserver list. I ended up having to change the From line so it wasn't from the person sending the email but instead from the blah-bounces@magnet.fsu.edu address: From: blah-bounces@magnet.fsu.edu no FromOrTo: default yes This is not a very good solution because now email sent from any eligible poster to the list won't get scanned. Is there a better solution to set up the rule using some other email header that will identify email just from joe@magnet.fsu.edu without opening up the whole list? TIA, Tom Combs From maillists at conactive.com Tue May 2 22:31:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue May 2 22:31:25 2006 Subject: how to bock mailservers that have only an ip address In-Reply-To: <16ea5bbd24250313eddd6783ef78031a@ucsc.edu> References: <2343d306f6cd0d1e03d50b748a433ef1@ucsc.edu> <16ea5bbd24250313eddd6783ef78031a@ucsc.edu> Message-ID: John Rudd wrote on Mon, 1 May 2006 11:37:11 -0700: > Actually, like MailScanner, MIMEDefang uses persistent perl processes > not per-scan nor per-message perl processes. The difference isn't in > spawning processes, the difference is in the bulk nature of the actual > processing being done (MailScanner bulk scans messages during virus > scanning, and MIMEDefang scans messages one at a time for all aspects > of scanning). Ok. But this also means you have to run enough instances to cater for the usual incoming connections and spawn new instances if that count gets higher than what you have in waiting children. > Again, that's not the actual trade-off. You can do quarantine with > MIMEDefang, too. But in that case it seems to me you lose some of the extra functionality of MIMEDefang. If you quarantine anyway, there's no much use in using MimeDefang in addition to MailScanner. > That's not too different from what I'm doing or proposing. I'm just > saying that MIMEDefang lets you add more technical reasons to do the > blocking at the MTA level. I surely believe that, but I think I'd prefer to add one or two specialized C-based milters for that instead of running a "full-blown" MailScanner-like application in addition to MailScanner. > The rest is pretty much all the same. That's what I mean, they are rather alternatives than complimentary. And apart from a very few things the one or the other is missing it's a matter of style and maybe the throughput you need which one you use. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Tue May 2 22:31:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue May 2 22:31:26 2006 Subject: how to bock mailservers that have only an ip address In-Reply-To: <16ea5bbd24250313eddd6783ef78031a@ucsc.edu> References: <2343d306f6cd0d1e03d50b748a433ef1@ucsc.edu> <16ea5bbd24250313eddd6783ef78031a@ucsc.edu> Message-ID: John Rudd wrote on Mon, 1 May 2006 11:37:11 -0700: > Actually, like MailScanner, MIMEDefang uses persistent perl processes > not per-scan nor per-message perl processes. The difference isn't in > spawning processes, the difference is in the bulk nature of the actual > processing being done (MailScanner bulk scans messages during virus > scanning, and MIMEDefang scans messages one at a time for all aspects > of scanning). Ok. But that means you need to have enough children waiting to cater for your connections and to spawn new ones if you get more incoming connections. There's not that strict dependency with MS because of the queueing. > Again, that's not the actual trade-off. You can do quarantine with > MIMEDefang, too. But then you obviously loose some of the extra functionality of MimeDefang, don't you? > That's not too different from what I'm doing or proposing. I'm just > saying that MIMEDefang lets you add more technical reasons to do the > blocking at the MTA level. I surely believe that, but I'd rather prefer using one or two extra C-based milters for that if I wanted to instead of using a second MailScanner-like app. > The rest is pretty much all the same. That's what I mean, the both are pretty much alternatives and not so much complimentary. Sure, you can use both, but I'd rather not do that. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Tue May 2 22:31:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue May 2 22:31:27 2006 Subject: TNEF decoder error In-Reply-To: References: Message-ID: Julian Field wrote on Tue, 2 May 2006 17:10:29 +0100: > It shouldn't break anything. I have yet to see any problems with the > tnef utility from SourceForge. So, you encourage using it instead of internal tnef processing? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From matt at coders.co.uk Tue May 2 22:40:47 2006 From: matt at coders.co.uk (Matt Hampton) Date: Tue May 2 22:40:52 2006 Subject: Rules and Mailing lists In-Reply-To: <4457CF82.6030406@magnet.fsu.edu> References: <4457CF82.6030406@magnet.fsu.edu> Message-ID: <4457D1DF.3000604@coders.co.uk> > Is there a better solution to set up the rule using some other email > header that will identify email just from joe@magnet.fsu.edu without > opening up the whole list? I am assuming that you have MailScanner "in front" of your mailman installation? The way that I have it set is is to have a second sendmail process listening on loopback which only accepts mail from a list address. The incoming message is scanned by MailScanner and passed to mailman. MailMan then forwards the expanded mail to the second sendmail process which attempts delivery and will place any deferred entries in the standard mqueue directory. This means each message is only scanned once and rules can be applied as you expect. matt From ssilva at sgvwater.com Wed May 3 00:03:31 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 3 00:03:45 2006 Subject: metric version of 1000? In-Reply-To: References: Message-ID: Kevin Miller spake the following on 5/2/2006 11:38 AM: > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Religious discussion detected! >> Woop! Woop! Woop! >> >> Martin Hepworth wrote: >>> Or emacs vs vi ;-) >>> > > Yeah. Now about this top-posting thing... > ;-) > > > ...Kevin Julian is root! He can top, middle, bottom, or sideways post as he sees the need! All hail root!!! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed May 3 00:13:55 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 3 00:14:05 2006 Subject: Rules and Mailing lists In-Reply-To: <4457D1DF.3000604@coders.co.uk> References: <4457CF82.6030406@magnet.fsu.edu> <4457D1DF.3000604@coders.co.uk> Message-ID: Matt Hampton spake the following on 5/2/2006 2:40 PM: >> Is there a better solution to set up the rule using some other email >> header that will identify email just from joe@magnet.fsu.edu without >> opening up the whole list? > > I am assuming that you have MailScanner "in front" of your mailman > installation? > > The way that I have it set is is to have a second sendmail process > listening on loopback which only accepts mail from a list address. > > The incoming message is scanned by MailScanner and passed to mailman. > MailMan then forwards the expanded mail to the second sendmail process > which attempts delivery and will place any deferred entries in the > standard mqueue directory. > > This means each message is only scanned once and rules can be applied as > you expect. > > matt > > Sounds like good wiki fodder! Do you have some details of the setup you did? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From doc at maddoc.net Wed May 3 00:24:36 2006 From: doc at maddoc.net (Doc Schneider) Date: Wed May 3 00:24:39 2006 Subject: Domains spoofs Message-ID: <4457EA34.4090202@maddoc.net> Hi gang, Does anyone know of a .mc that I can add to my sendmail to block folks who send--mostly viruses--appearing to come from my maddoc.net domain? I'm getting sick and tired of all these viruses acting like "noreply@" and "postmaster@" seemingly coming from my servers. Thanks! -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From basement_mobile2004 at yahoo.com Wed May 3 01:22:36 2006 From: basement_mobile2004 at yahoo.com (Anakin SkyWalker) Date: Wed May 3 01:22:44 2006 Subject: clamscan or clamdscan? Message-ID: <20060503002236.68741.qmail@web60016.mail.yahoo.com> Hi everyone, Does anyone have any sort of comparison for using clamav directly rather than using daemonized? Thank you. --------------------------------- Blab-away for as little as 1?/min. Make PC-to-Phone Calls using Yahoo! Messenger with Voice. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060502/ac02aef1/attachment.html From alex at nkpanama.com Wed May 3 04:48:29 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed May 3 04:48:56 2006 Subject: metric version of 1000? In-Reply-To: <4457A48D.7060604@ecs.soton.ac.uk> References: <034e01c66e06$f7604b20$3004010a@martinhlaptop> <4457A48D.7060604@ecs.soton.ac.uk> Message-ID: <4458280D.7090803@nkpanama.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Religious discussion detected! > Woop! Woop! Woop! > > Martin Hepworth wrote: > >> Or emacs vs vi ;-) >> or sendmail vs. everything else!! ;) From alex at nkpanama.com Wed May 3 04:50:56 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed May 3 04:51:14 2006 Subject: {Spam?} Re: Changin MX machine to it's own, recommendations please... In-Reply-To: <4457A305.3090203@ecs.soton.ac.uk> References: <013b01c66870$70632750$3004010a@martinhlaptop> <444E2D43.8020008@thehostmasters.com> <444E60D2.3090107@thehostmasters.com> <444E6B07.8040905@thehostmasters.com> <44575CD4.9010700@thehostmasters.com> <44578004.2020003@nkpanama.com> <445786C0.9010600@thehostmasters.com> <4457A305.3090203@ecs.soton.ac.uk> Message-ID: <445828A0.6060200@nkpanama.com> Julian Field wrote: > But still people don't get it. Maybe they don't read the docs? At that > point, there's not much I can do. > And there's always the ever-popular "scan messages" option, which in the form: From: 1.2.3.4 no FromOrTo: default yes would probably get the result he needs, with a little less impact on performance than virus scanning = no and whitelist = yes for that IP... right? From alex at nkpanama.com Wed May 3 04:52:22 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed May 3 04:52:40 2006 Subject: Syntax error in rule file. In-Reply-To: <4457A4F6.1090102@ecs.soton.ac.uk> References: <33BE89CA8898784C9A2A7287325EE45F0E30FA@RUBY.memosis.pt> <44575A98.B662.0038.0@tac.esi.net> <4457A4F6.1090102@ecs.soton.ac.uk> Message-ID: <445828F6.9090702@nkpanama.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > The only files needing tabs are filename.rules.conf and > filetype.rules.conf. That's why I called them *.conf and not *.rules. > But I admit it can be a tad confusing, sorry. It's kinda set in stone > now :-( > But does it *hurt* to *always* use tabs, no matter what? I use them for readability and because I can *never* remember which ones *need* tabs... ;) From alex at nkpanama.com Wed May 3 04:54:15 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed May 3 04:54:38 2006 Subject: Domains spoofs In-Reply-To: <4457EA34.4090202@maddoc.net> References: <4457EA34.4090202@maddoc.net> Message-ID: <44582967.705@nkpanama.com> Doc Schneider wrote: > Hi gang, > > Does anyone know of a .mc that I can add to my sendmail to block folks > who send--mostly viruses--appearing to come from my maddoc.net domain? > > I'm getting sick and tired of all these viruses acting like "noreply@" > and "postmaster@" seemingly coming from my servers. > > Thanks! > Look for "block bad helo hack" for sendmail (if it's what you use). From steve.swaney at fsl.com Wed May 3 05:05:40 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed May 3 05:05:50 2006 Subject: new milter-link from snertsoft Message-ID: <07e301c66e66$d7a7dd60$287ba8c0@office.fsl> FYI There is a new milter available from Anthony Howe, milter-link Version: 0.1.8. This milter extracts URLs from a mail message and checks it against one or more URI blacklists. It can also verify if any link is bad and has other configurable options. This milter has been VERY effective in reducing load during testing on our spam traps. It's available for free download from www.snertsoft.com Description: This Sendmail mail filter extracts URIs, such http: and mailto: links, from within text, HTML, and/or MIME encoded messages, can verify if web page links do not work (-l option), and consult with one or more URI black lists, such as SURBL, SpamHaus, and/or URIBL, as to whether the URI domains have appeared in previous instances of spam (-d option). I can recommend this one for all of the sendmail users. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From alex at nkpanama.com Wed May 3 05:10:41 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed May 3 05:11:07 2006 Subject: Domains spoofs In-Reply-To: <44582967.705@nkpanama.com> References: <4457EA34.4090202@maddoc.net> <44582967.705@nkpanama.com> Message-ID: <44582D41.7030708@nkpanama.com> Alex Neuman van der Hans wrote: > Doc Schneider wrote: >> I'm getting sick and tired of all these viruses acting like >> "noreply@" and "postmaster@" seemingly coming from my servers. >> > And btw... You may want to block "noreply@" since nowadays it's used mostly by spammers. "Real" messages that shouldn't be replied to often state so within the e-mail itself, and instead encourage you to reply somewhere else depending on the nature of your query. From doc at maddoc.net Wed May 3 05:34:16 2006 From: doc at maddoc.net (Doc Schneider) Date: Wed May 3 05:34:26 2006 Subject: Domains spoofs In-Reply-To: <44582D41.7030708@nkpanama.com> References: <4457EA34.4090202@maddoc.net> <44582967.705@nkpanama.com> <44582D41.7030708@nkpanama.com> Message-ID: <445832C8.1070503@maddoc.net> Alex Neuman van der Hans wrote: > Alex Neuman van der Hans wrote: >> Doc Schneider wrote: >>> I'm getting sick and tired of all these viruses acting like >>> "noreply@" and "postmaster@" seemingly coming from my servers. >>> >> > And btw... You may want to block "noreply@" since nowadays it's used > mostly by spammers. "Real" messages that shouldn't be replied to often > state so within the e-mail itself, and instead encourage you to reply > somewhere else depending on the nature of your query. Thanks Alex. I will block those "noreply@" and guess I'll need to make sure to add noreply@freshmeat.net as being OK--since that is how they send out their project updates and whatnot. But I'll also look for that "block bad helo hack" on sendmail.org and see if that is what I need to use. Thanks again! -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From alex at nkpanama.com Wed May 3 05:46:26 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed May 3 05:46:46 2006 Subject: Domains spoofs In-Reply-To: <445832C8.1070503@maddoc.net> References: <4457EA34.4090202@maddoc.net> <44582967.705@nkpanama.com> <44582D41.7030708@nkpanama.com> <445832C8.1070503@maddoc.net> Message-ID: <445835A2.40404@nkpanama.com> Doc Schneider wrote: > Thanks Alex. I will block those "noreply@" and guess I'll need to make > sure to add noreply@freshmeat.net as being OK--since that is how they > send out their project updates and whatnot. But I'll also look for that > "block bad helo hack" on sendmail.org and see if that is what I need > to use. > > Thanks again! > http://www.cs.niu.edu/~rickert/cf/bad-ehlo.html http://www.cs.niu.edu/~rickert/cf/hack/block_bad_helo.m4 The html file explains that AUTH'd clients could be blocked if their "HELO" is malformed (aka some versions of LookOut! and LookOut! Express, and certain Windows configurations). You may want to look into "delay_checks" and other ways to make sure local clients will be able to send out e-mail. From doc at maddoc.net Wed May 3 06:04:34 2006 From: doc at maddoc.net (Doc Schneider) Date: Wed May 3 06:04:39 2006 Subject: Domains spoofs In-Reply-To: <445835A2.40404@nkpanama.com> References: <4457EA34.4090202@maddoc.net> <44582967.705@nkpanama.com> <44582D41.7030708@nkpanama.com> <445832C8.1070503@maddoc.net> <445835A2.40404@nkpanama.com> Message-ID: <445839E2.8050506@maddoc.net> Alex Neuman van der Hans wrote: > Doc Schneider wrote: >> Thanks Alex. I will block those "noreply@" and guess I'll need to make >> sure to add noreply@freshmeat.net as being OK--since that is how they >> send out their project updates and whatnot. But I'll also look for that >> "block bad helo hack" on sendmail.org and see if that is what I need >> to use. >> >> Thanks again! >> > http://www.cs.niu.edu/~rickert/cf/bad-ehlo.html > http://www.cs.niu.edu/~rickert/cf/hack/block_bad_helo.m4 > > The html file explains that AUTH'd clients could be blocked if their > "HELO" is malformed (aka some versions of LookOut! and LookOut! Express, > and certain Windows configurations). You may want to look into > "delay_checks" and other ways to make sure local clients will be able to > send out e-mail. I've been using Delay_checks since it found its way into sendmail. 8*)) Waz ist das Windows? Mostly I run mailing lists and of course some clients who host their domains with us and none of them are using LookOut! Or LO Xpress! I let people know about Thunderbird and everyone who uses my servers uses it. Of course I use mine via KDE on X. Am reading about that hack right now. Thanks again. -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From MailScanner at ecs.soton.ac.uk Wed May 3 09:02:18 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 3 09:02:33 2006 Subject: ReadMessageHandle question In-Reply-To: References: Message-ID: <1A265B28-6E4C-4CC4-9F4A-5DDC05DE2CAB@ecs.soton.ac.uk> On 2 May 2006, at 22:09, Leonardo Helman wrote: > Hi > > I've been away from the list for a while. > > For all the people out there using zmailer+mailscanner (me) > I'm porting now some of the last enhacenmnets. > > I'm very interested in ReadMessageHandle modif > > But I saw two things I don't understand very well > > Julian, inside that function, when you wrote this code: > > > my $dhandle = $this->{dpath}; > .. > sysseek($dhandle, 0, 0); # Rewind the file > .. > copy($dhandle , $handle); > .. > sysseek($dhandle, 0, 0); # Rewind the file > > > but in the "constructor", it is written like: > $this->{dpath} = $dir . '/' . $this->{dname}; > > > So, this is a file, not really a handle, right? > so the sysseek are pointless. > Or am I forgetting something? No, you are absolutely right, it's a bug. Fortunately one that doesn't have any effect. It just renders the sysseeks on $hhandle and $dhandle useless. > > > Other thing: > > In Message.pm, when you wrote: > > if (!$entity && !MIME::Entity::MailScannerCounter()>=$maxparts) { > unless ($this->{dpath}) { > > Isn't $this->{dpath} always the name of the datafile (at least for > sendmail, > I really didn't look much of the code for the others), so this > "unless" > is always false (so it could be eliminated)? Not if it ran out of disk space trying to do it! In that case $this-> {dpath} would be empty (and hence 0). > > > Last but not least, I think, we have to change Messages.pm a little > and > move to the DiskStores the references to $this->{dpath}, like > we have done when I sent to you the zmailer parts. > > For those changes for example look, in SMDiskStore.pm, look for: "# > LEOH 26/03/2003 We do not have dpath in other mailers" (more than 3 > years wow!) > I'm thinking something in the line of getFileNameToLog or > something, I don't > remember, but I think, we have done something like that. I can't remember this one. From what I *can* remember, dpath exists in the Message object for other mailers doesn't it? Does it matter what other mailers do here? > I'm sorry that I couldn't do this port when you change that code > for the > others, but tomorrow (I hope) I'll finish, test and send to you > this patch No problem. Thanks for helping to debug my code :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Wed May 3 09:06:14 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed May 3 09:06:20 2006 Subject: metric version of 1000? In-Reply-To: References: Message-ID: <223f97700605030106s23ca413fjf9f7407c056569d3@mail.gmail.com> On 03/05/06, Scott Silva wrote: > Kevin Miller spake the following on 5/2/2006 11:38 AM: > > Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> Religious discussion detected! > >> Woop! Woop! Woop! > >> > >> Martin Hepworth wrote: > >>> Or emacs vs vi ;-) > >>> > > > > Yeah. Now about this top-posting thing... > > ;-) > > > > > > ...Kevin > Julian is root! He can top, middle, bottom, or sideways post as he sees the need! > > All hail root!!! > > Did this thread just turn from moderately non-interresting to ... ridiculous?:-) .... I'm sorry I ever said anything... Perhaps it'll go away if I do a "public crying session" kind of like japanese corporate execs used to do when the market dipped.... "It's all my fault, bwahhh, I'm sooo baaad, *sniffle*, Ok, next on the agenda...".... Nah, that's silly....:-) Now, if ($root == "king) { $me = "jester, with fools hat and all... or what?"; } else { &gofigure(); } .... or....:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Wed May 3 09:06:51 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 3 09:07:24 2006 Subject: TNEF decoder error In-Reply-To: References: Message-ID: <9B1F85AA-6749-42F9-9120-558A95EBF84F@ecs.soton.ac.uk> On 2 May 2006, at 22:31, Kai Schaetzl wrote: > Julian Field wrote on Tue, 2 May 2006 17:10:29 +0100: >> It shouldn't break anything. I have yet to see any problems with the >> tnef utility from SourceForge. > > So, you encourage using it instead of internal tnef processing? Some people have more luck with the internal, some with the external. I tend to encourage the internal one as the external one used to be pretty poor, but it has improved greatly in recent versions, so I might switch my allegiance some time. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed May 3 09:11:48 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 3 09:12:03 2006 Subject: Syntax error in rule file. In-Reply-To: <445828F6.9090702@nkpanama.com> References: <33BE89CA8898784C9A2A7287325EE45F0E30FA@RUBY.memosis.pt> <44575A98.B662.0038.0@tac.esi.net> <4457A4F6.1090102@ecs.soton.ac.uk> <445828F6.9090702@nkpanama.com> Message-ID: <5256C572-A205-4584-8FB7-E08521BCB75F@ecs.soton.ac.uk> On 3 May 2006, at 04:52, Alex Neuman van der Hans wrote: > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> The only files needing tabs are filename.rules.conf and >> filetype.rules.conf. That's why I called them *.conf and not >> *.rules. But I admit it can be a tad confusing, sorry. It's kinda >> set in stone now :-( >> > But does it *hurt* to *always* use tabs, no matter what? No, you will be fine. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From martin.lyberg at gmail.com Wed May 3 10:02:42 2006 From: martin.lyberg at gmail.com (Martin) Date: Wed May 3 10:03:02 2006 Subject: TNEF decoder error In-Reply-To: <7C4E1EF8-F80C-4AA0-94B8-CD36F18B96A6@ecs.soton.ac.uk> References: <445766F7.3000109@netmagicsolutions.com> <7C4E1EF8-F80C-4AA0-94B8-CD36F18B96A6@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > From the error message, it is trying to use the internal TNEF decoder. > If you install the external one, you will need to edit the location of > the TNEF expander in MailScanner.conf. Look for "TNEF" in > MailScanner.conf and you will easily find it, together with a > commented-out suggestion of what the line should be set to, to use the > external decoder. > --Julian Field I'm using Debian, so i just did an 'apt-get install tnef'. I searched for 'winmail.dat' in my maillogs today, and it seems like the problem is solved, no errors showing anymore. I didn't have to change the default patch either. This is from my conf: TNEF Expander = /usr/bin/tnef --maxsize=100000000 # whereis tnef tnef: /usr/bin/tnef /usr/share/man/man1/tnef.1.gz / Martin From ricardo at memosis.pt Wed May 3 10:14:25 2006 From: ricardo at memosis.pt (Ricardo Aguiar) Date: Wed May 3 10:15:46 2006 Subject: Syntax error in rule file. Message-ID: <33BE89CA8898784C9A2A7287325EE45F0E3104@RUBY.memosis.pt> Ok. After adding the line to Config.pm. This are the line on the console after running the "MailScanner -debug" [root@server MailScanner]# MailScanner -debug In Debugging mode, not forking... internalvalue = "0" and settype = "yesno" internalvalue = "0" and settype = "yesno" internalvalue = "1" and settype = "yesno" internalvalue = "1" and settype = "yesno" internalvalue = "1" and settype = "yesno" internalvalue = "1" and settype = "yesno" internalvalue = "1" and settype = "yesno" internalvalue = "1" and settype = "yesno" internalvalue = "0" and settype = "yesno" internalvalue = "" and settype = "yesno" internalvalue = "" and settype = "yesno" internalvalue = "/etc/MailScanner/filename.no.rules.conf" and settype = "other" internalvalue = "/etc/MailScanner/filename.rules.conf" and settype = "other" internalvalue = "/etc/MailScanner/filetype.no.rules.conf" and settype = "other" internalvalue = "/etc/MailScanner/filetype.rules.conf" and settype = "other" In the log file: May 3 09:57:48 server MailScanner[7608]: MailScanner E-Mail Virus Scanner version 4.53.6 starting... May 3 09:57:49 server MailScanner[7608]: Syntax error in line 1 of ruleset file /etc/MailScanner/filename.rules.rules May 3 09:57:49 server MailScanner[7608]: Syntax error in line 2 of ruleset file /etc/MailScanner/filename.rules.rules May 3 09:57:49 server MailScanner[7608]: Found syntax errors in /etc/MailScanner/filename.rules.rules. May 3 09:57:49 server MailScanner[7608]: Read 717 hostnames from the phishing whitelist May 3 09:57:51 server MailScanner[7608]: Using SpamAssassin results cache May 3 09:57:51 server MailScanner[7608]: Connected to SpamAssassin cache database May 3 09:57:51 server MailScanner[7608]: Expired 5 records from the SpamAssassin cache May 3 09:57:51 server MailScanner[7608]: Enabling SpamAssassin auto-whitelist functionality... May 3 09:58:01 server MailScanner[7608]: ClamAV scanner using unrar command /usr/bin/unrar May 3 09:58:01 server MailScanner[7608]: Using locktype = flock May 3 10:01:04 server update.virus.scanners: Delaying cron job up to 600 seconds This file has tabs, no spaces. [root@server MailScanner]# cat /etc/MailScanner/filename.no.rules.conf allow . - - I could add the /etc/MailScanner/filename.rules.conf" but it is the original. If it helps the md5sum is: [root@server MailScanner]# md5sum /etc/MailScanner/filename.rules.conf 2299715e7f67935f73fe0c457a5cae8e /etc/MailScanner/filename.rules.conf I hope that this helps. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: ter?a-feira, 2 de Maio de 2006 19:40 To: MailScanner discussion Subject: Re: Syntax error in rule file. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Very odd. I can't reproduce it. Can you add to Config.pm print STDERR "internalvalue = \"$internalvalue\" and settype = \"$settype\"\n"; just before line 2225. Then do a "MailScanner -debug" and let me know what this line prints. Either that, or mail me off-list with remote login details and root password for your system, and I'll take a look after I've eaten my dinner. Ricardo Aguiar wrote: > Hi, > > I just upgraded from version '4.51.6' to '4.53.6' and I'm using a rule file to control filenames per domain. > > After running "MailScanner -lint" with the new version installed I get: > > Syntax error in line 1 of ruleset file > /etc/MailScanner/filename.rules.rules at > /usr/lib/MailScanner/MailScanner/Config.pm line 2265 Syntax error in > line 2 of ruleset file /etc/MailScanner/filename.rules.rules at > /usr/lib/MailScanner/MailScanner/Config.pm line 2265 Found syntax errors in /etc/MailScanner/filename.rules.rules. at /usr/lib/MailScanner/MailScanner/Config.pm line 2120 Read 717 hostnames from the phishing whitelist Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database SpamAssassin reported no > errors. > > > ### filename.rules.rules ### > FromOrTo: domain.com /etc/MailScanner/filename.no.rules.conf > FromOrTo: default /etc/MailScanner/filename.rules.conf > > > This file is unchanged and work perfectly with version '4.51.6'. > > Thanks in advanced for any help. > > ______________________________________ > | Ricardo d'Aguiar | > | |- > | EMail .: ricardo@memosis.pt |#| > ?????????????????????????????????????? #| > |#######################################| > ??????????????????????????????????????? > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFenbBH2WUcUFbZUEQJ2TgCfa9se7V7yyq77ES2oWC3xfHOOv0IAmQGT ilWwsL3DITfKNDI3Un/ZCWKO =bERL -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From maillists at conactive.com Wed May 3 10:31:20 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed May 3 10:31:27 2006 Subject: clamscan or clamdscan? In-Reply-To: <20060503002236.68741.qmail@web60016.mail.yahoo.com> References: <20060503002236.68741.qmail@web60016.mail.yahoo.com> Message-ID: Anakin SkyWalker wrote on Tue, 2 May 2006 17:22:36 -0700 (PDT): > Does anyone have any sort of comparison for using clamav directly rather than using daemonized? You cannot use clamd with MS. No matter if you are a Yedi or not. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed May 3 10:31:20 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed May 3 10:31:28 2006 Subject: TNEF decoder error In-Reply-To: <9B1F85AA-6749-42F9-9120-558A95EBF84F@ecs.soton.ac.uk> References: <9B1F85AA-6749-42F9-9120-558A95EBF84F@ecs.soton.ac.uk> Message-ID: Ok, thanks! (Still using the internal.) Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From shuttlebox at gmail.com Wed May 3 10:49:22 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed May 3 10:49:24 2006 Subject: clamscan or clamdscan? In-Reply-To: References: <20060503002236.68741.qmail@web60016.mail.yahoo.com> Message-ID: <625385e30605030249o51d312b1qebee2e8215341d53@mail.gmail.com> On 5/3/06, Kai Schaetzl wrote: > You cannot use clamd with MS. No matter if you are a Yedi or not. It's not that hard to modify the clam wrapper to use clamdscan instead of clamscan. -- /peter From MailScanner at ecs.soton.ac.uk Wed May 3 11:45:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 3 11:45:32 2006 Subject: clamscan or clamdscan? In-Reply-To: <625385e30605030249o51d312b1qebee2e8215341d53@mail.gmail.com> References: <20060503002236.68741.qmail@web60016.mail.yahoo.com> <625385e30605030249o51d312b1qebee2e8215341d53@mail.gmail.com> Message-ID: <38427898-5962-4569-9FD5-0BE9F0A29C5B@ecs.soton.ac.uk> On 3 May 2006, at 10:49, shuttlebox wrote: > On 5/3/06, Kai Schaetzl wrote: >> You cannot use clamd with MS. No matter if you are a Yedi or not. > > It's not that hard to modify the clam wrapper to use clamdscan instead > of clamscan. At which point you might as well use "clamavmodule". What's the point of running the daemon if you don't have to? "clamavmodule" is faster and lighter than clamdscan anyway. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From devonharding at gmail.com Wed May 3 12:17:28 2006 From: devonharding at gmail.com (Devon Harding) Date: Wed May 3 12:17:34 2006 Subject: Spamassassin not working after 4.53 Message-ID: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> After I upgraded to 4.53, I noticed that Mailscanner was letting through ALOT more spam. I also noticed that spamassassin was scoring messages very low. Can anyone tell me whats going on? Here's a copy of my spamassassin --lint: [root@mars MailScanner]# spamassassin -x -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint [11642] dbg: logger: adding facilities: all [11642] dbg: logger: logging level is DBG [11642] dbg: generic: SpamAssassin version 3.1.1 [11642] dbg: config: score set 0 chosen. [11642] dbg: util: running in taint mode? yes [11642] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [11642] dbg: util: PATH included '/usr/kerberos/sbin', keeping [11642] dbg: util: PATH included '/usr/kerberos/bin', keeping [11642] dbg: util: PATH included '/usr/local/sbin', keeping [11642] dbg: util: PATH included '/usr/local/bin', keeping [11642] dbg: util: PATH included '/sbin', keeping [11642] dbg: util: PATH included '/bin', keeping [11642] dbg: util: PATH included '/usr/sbin', keeping [11642] dbg: util: PATH included '/usr/bin', keeping [11642] dbg: util: PATH included '/root/bin', keeping [11642] dbg: util: final PATH set to: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin [11642] dbg: dns: is Net::DNS::Resolver available? yes [11642] dbg: dns: Net::DNS version: 0.57 [11642] dbg: diag: perl platform: 5.008008 linux [11642] dbg: diag: module installed: Digest::SHA1, version 2.11 [11642] dbg: diag: module installed: HTML::Parser, version 3.51 [11642] dbg: diag: module installed: MIME::Base64, version 3.07 [11642] dbg: diag: module installed: DB_File, version 1.814 [11642] dbg: diag: module installed: Net::DNS, version 0.57 [11642] dbg: diag: module installed: Net::SMTP, version 2.29 [11642] dbg: diag: module installed: Mail::SPF::Query, version 1.999001 [11642] dbg: diag: module installed: IP::Country::Fast, version 604.001 [11642] dbg: diag: module installed: Razor2::Client::Agent, version 2.81 [11642] dbg: diag: module installed: Net::Ident, version 1.20 [11642] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed) [11642] dbg: diag: module installed: IO::Socket::SSL, version 0.97 [11642] dbg: diag: module installed: Time::HiRes, version 1.86 [11642] dbg: diag: module installed: DBI, version 1.50 [11642] dbg: diag: module installed: Getopt::Long, version 2.35 [11642] dbg: diag: module installed: LWP::UserAgent, version 2.033 [11642] dbg: diag: module installed: HTTP::Date, version 1.47 [11642] dbg: diag: module installed: Archive::Tar, version 1.29 [11642] dbg: diag: module installed: IO::Zlib, version 1.04 [11642] dbg: ignore: using a test message to lint rules [11642] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [11642] dbg: config: read file /etc/mail/spamassassin/init.pre [11642] dbg: config: read file /etc/mail/spamassassin/v310.pre [11642] dbg: config: using "/var/lib/spamassassin/3.001001" for sys rules pre files [11642] dbg: config: using "/var/lib/spamassassin/3.001001" for default rules dir [11642] dbg: config: using "/etc/mail/spamassassin" for site rules dir [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum1.cf [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum2.cf [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_html.cf [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_html4.cf [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_html_eng.cf [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu.cf [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_random.cf [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_specific.cf [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_uri.cf [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_whitelist.cf [11642] dbg: config: read file /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf [11642] dbg: config: read file /etc/mail/spamassassin/88_FVGT_body.cf [11642] dbg: config: read file /etc/mail/spamassassin/88_FVGT_headers.cf [11642] dbg: config: read file /etc/mail/spamassassin/88_FVGT_rawbody.cf [11642] dbg: config: read file /etc/mail/spamassassin/88_FVGT_subject.cf [11642] dbg: config: read file /etc/mail/spamassassin/88_FVGT_uri.cf [11642] dbg: config: read file /etc/mail/spamassassin/99_FVGT_Tripwire.cf [11642] dbg: config: read file /etc/mail/spamassassin/antidrug.cf [11642] dbg: config: read file /etc/mail/spamassassin/backhair.cf [11642] dbg: config: read file /etc/mail/spamassassin/chickenpox.cf [11642] dbg: config: read file /etc/mail/spamassassin/german.cf [11642] dbg: config: read file /etc/mail/spamassassin/local.cf [11642] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf [11642] dbg: config: read file /etc/mail/spamassassin/mangled.cf [11642] dbg: config: read file /etc/mail/spamassassin/random.current.cf [11642] dbg: config: read file /etc/mail/spamassassin/sa-blacklist.current.uri.cf [11642] dbg: config: read file /etc/mail/spamassassin/tripwire.cf [11642] dbg: config: read file /etc/mail/spamassassin/weeds.cf [11642] dbg: config: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file [11642] dbg: config: read file /etc/MailScanner/spam.assassin.prefs.conf [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC [11642] dbg: dcc: network tests on, registering DCC [11642] dbg: plugin: registered Mail::SpamAssassin::Plugin::DCC=HASH(0x9a6b8e0) [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [11642] dbg: pyzor: network tests on, attempting Pyzor [11642] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a5db2c) [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: razor2 is available, version 2.81 [11642] dbg: plugin: registered Mail::SpamAssassin::Plugin::Razor2=HASH(0x9b24050) [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [11642] dbg: reporter: network tests on, attempting SpamCop [11642] dbg: plugin: registered Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9b5b2a8) [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [11642] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x9ae90d4) [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [11642] dbg: plugin: registered Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9aea07c) [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [11642] dbg: plugin: registered Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9aeaaf0) [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [11642] dbg: plugin: registered Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9aeb7d4) [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [11642] dbg: plugin: registered Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from @INC [11642] dbg: plugin: registered Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [11642] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x9b64784) [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [11642] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: razor2 is available, version 2.81 [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Razor2=HASH(0x9bb3f14), already registered [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC [11642] dbg: dcc: network tests on, registering DCC [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::DCC=HASH(0x9a85404), already registered [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [11642] dbg: pyzor: network tests on, attempting Pyzor [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a85428), already registered [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: razor2 is available, version 2.81 [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a85440), already registered [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [11642] dbg: reporter: network tests on, attempting SpamCop [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9a8550c), already registered [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::AWL=HASH(0x9a854d0), already registered [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9a855a8), already registered [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9a855a8), already registered [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9a8568c), already registered [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9a85704), already registered [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from @INC [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9a8571c), already registered [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::SPF=HASH(0x9a856b0), already registered [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9a85710), already registered [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: razor2 is available, version 2.81 [11642] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a8577c), already registered [11642] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) implements 'finish_parsing_end' [11642] dbg: replacetags: replacing tags [11642] dbg: replacetags: done replacing tags [11642] dbg: bayes: using username: root [11642] dbg: bayes: database connection established [11642] dbg: bayes: found bayes db version 3 [11642] dbg: bayes: Using userid: 1 [11642] dbg: config: score set 3 chosen. [11642] dbg: message: ---- MIME PARSER START ---- [11642] dbg: message: main message type: text/plain [11642] dbg: message: parsing normal part [11642] dbg: message: added part, type: text/plain [11642] dbg: message: ---- MIME PARSER END ---- [11642] dbg: dns: name server: 192.168.0.10, family: 2, ipv6: 0 [11642] dbg: dns: testing resolver nameservers: 192.168.0.10, 192.168.0.12, 192.168.0.2 [11642] dbg: dns: trying (3) linux.org... [11642] dbg: dns: looking up NS for 'linux.org' [11642] dbg: dns: NS lookup of linux.org using 192.168.0.10 failed, no results found [11642] dbg: dns: trying (2) akamai.com... [11642] dbg: dns: looking up NS for 'akamai.com' [11642] dbg: dns: NS lookup of akamai.com using 192.168.0.10 failed, no results found [11642] dbg: dns: trying (1) intel.com... [11642] dbg: dns: looking up NS for 'intel.com' [11642] dbg: dns: NS lookup of intel.com using 192.168.0.10 succeeded => DNS available (set dns_available to override) [11642] dbg: dns: is DNS available? 1 [11642] dbg: metadata: X-Spam-Relays-Trusted: [11642] dbg: metadata: X-Spam-Relays-Untrusted: [11642] dbg: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) implements 'extract_metadata' [11642] dbg: metadata: X-Relay-Countries: [11642] dbg: message: no encoding detected [11642] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements 'parsed_metadata' [11642] dbg: uridnsbl: domains to query: [11642] dbg: check: running tests for priority: 0 [11642] dbg: rules: running header regexp tests; score so far=0 [11642] dbg: rules: running body-text per-line regexp tests; score so far=0 [11642] dbg: rules: ran body rule __SARE_HTML_HAS_MSG ======> got hit: "I" [11642] dbg: uri: running uri tests; score so far=0 [11642] dbg: rules: running raw-body-text per-line regexp tests; score so far=0 [11642] dbg: rules: running full-text regexp tests; score so far=0 [11642] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements 'check_tick' [11642] dbg: check: running tests for priority: 500 [11642] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements 'check_post_dnsbl' [11642] dbg: rules: running meta tests; score so far=0 [11642] dbg: rules: running header regexp tests; score so far=0 [11642] dbg: rules: running body-text per-line regexp tests; score so far=0 [11642] dbg: uri: running uri tests; score so far=0 [11642] dbg: rules: running raw-body-text per-line regexp tests; score so far=0 [11642] dbg: rules: running full-text regexp tests; score so far=0 [11642] dbg: check: is spam? score=0 required=5 [11642] dbg: check: tests= [11642] dbg: check: subtests=__SARE_HTML_HAS_MSG From adrik at salesmanager.nl Wed May 3 12:28:06 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Wed May 3 12:28:08 2006 Subject: Spamassassin not working after 4.53 Message-ID: I see you are using /var/lib/spamassassin/3.001001 as your sys and def rules dir. Probably these where created by running sa-update. Yet, there are NO rules from this location read! So all the default built-in rules don't exist as far as Sa is concerned. Are there any rules in /var/lib/spamassassin/3.001001 or underlying directories? Have you tried running sa-update again? Perhaps it's a failed sa-update, which deleted everything? Adri. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Devon Harding > Sent: woensdag 3 mei 2006 13:17 > To: MailScanner discussion > Subject: Spamassassin not working after 4.53 > > After I upgraded to 4.53, I noticed that Mailscanner was letting > through ALOT more spam. I also noticed that spamassassin was scoring > messages very low. Can anyone tell me whats going on? Here's a copy > of my spamassassin --lint: > > [root@mars MailScanner]# spamassassin -x -D -p > /etc/MailScanner/spam.assassin.prefs.conf --lint > [11642] dbg: logger: adding facilities: all > [11642] dbg: logger: logging level is DBG > [11642] dbg: generic: SpamAssassin version 3.1.1 > [11642] dbg: config: score set 0 chosen. > [11642] dbg: util: running in taint mode? yes > [11642] dbg: util: taint mode: deleting unsafe environment variables, > resetting PATH > [11642] dbg: util: PATH included '/usr/kerberos/sbin', keeping > [11642] dbg: util: PATH included '/usr/kerberos/bin', keeping > [11642] dbg: util: PATH included '/usr/local/sbin', keeping > [11642] dbg: util: PATH included '/usr/local/bin', keeping > [11642] dbg: util: PATH included '/sbin', keeping > [11642] dbg: util: PATH included '/bin', keeping > [11642] dbg: util: PATH included '/usr/sbin', keeping > [11642] dbg: util: PATH included '/usr/bin', keeping > [11642] dbg: util: PATH included '/root/bin', keeping > [11642] dbg: util: final PATH set to: > /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/loca > l/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin > [11642] dbg: dns: is Net::DNS::Resolver available? yes > [11642] dbg: dns: Net::DNS version: 0.57 > [11642] dbg: diag: perl platform: 5.008008 linux > [11642] dbg: diag: module installed: Digest::SHA1, version 2.11 > [11642] dbg: diag: module installed: HTML::Parser, version 3.51 > [11642] dbg: diag: module installed: MIME::Base64, version 3.07 > [11642] dbg: diag: module installed: DB_File, version 1.814 > [11642] dbg: diag: module installed: Net::DNS, version 0.57 > [11642] dbg: diag: module installed: Net::SMTP, version 2.29 > [11642] dbg: diag: module installed: Mail::SPF::Query, > version 1.999001 > [11642] dbg: diag: module installed: IP::Country::Fast, > version 604.001 > [11642] dbg: diag: module installed: Razor2::Client::Agent, > version 2.81 > [11642] dbg: diag: module installed: Net::Ident, version 1.20 > [11642] dbg: diag: module not installed: IO::Socket::INET6 > ('require' failed) > [11642] dbg: diag: module installed: IO::Socket::SSL, version 0.97 > [11642] dbg: diag: module installed: Time::HiRes, version 1.86 > [11642] dbg: diag: module installed: DBI, version 1.50 > [11642] dbg: diag: module installed: Getopt::Long, version 2.35 > [11642] dbg: diag: module installed: LWP::UserAgent, version 2.033 > [11642] dbg: diag: module installed: HTTP::Date, version 1.47 > [11642] dbg: diag: module installed: Archive::Tar, version 1.29 > [11642] dbg: diag: module installed: IO::Zlib, version 1.04 > [11642] dbg: ignore: using a test message to lint rules > [11642] dbg: config: using "/etc/mail/spamassassin" for site > rules pre files > [11642] dbg: config: read file /etc/mail/spamassassin/init.pre > [11642] dbg: config: read file /etc/mail/spamassassin/v310.pre > [11642] dbg: config: using "/var/lib/spamassassin/3.001001" for sys > rules pre files > [11642] dbg: config: using "/var/lib/spamassassin/3.001001" for > default rules dir > [11642] dbg: config: using "/etc/mail/spamassassin" for site rules dir > [11642] dbg: config: read file > /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/70_sare_evilnum0.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/70_sare_evilnum1.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/70_sare_evilnum2.cf > [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_html.cf > [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_html4.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/70_sare_html_eng.cf > [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/70_sare_random.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/70_sare_specific.cf > [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_uri.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/70_sare_whitelist.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf > [11642] dbg: config: read file /etc/mail/spamassassin/88_FVGT_body.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/88_FVGT_headers.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/88_FVGT_rawbody.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/88_FVGT_subject.cf > [11642] dbg: config: read file /etc/mail/spamassassin/88_FVGT_uri.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/99_FVGT_Tripwire.cf > [11642] dbg: config: read file /etc/mail/spamassassin/antidrug.cf > [11642] dbg: config: read file /etc/mail/spamassassin/backhair.cf > [11642] dbg: config: read file /etc/mail/spamassassin/chickenpox.cf > [11642] dbg: config: read file /etc/mail/spamassassin/german.cf > [11642] dbg: config: read file /etc/mail/spamassassin/local.cf > [11642] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf > [11642] dbg: config: read file /etc/mail/spamassassin/mangled.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/random.current.cf > [11642] dbg: config: read file > /etc/mail/spamassassin/sa-blacklist.current.uri.cf > [11642] dbg: config: read file /etc/mail/spamassassin/tripwire.cf > [11642] dbg: config: read file /etc/mail/spamassassin/weeds.cf > [11642] dbg: config: using "/etc/MailScanner/spam.assassin.prefs.conf" > for user prefs file > [11642] dbg: config: read file > /etc/MailScanner/spam.assassin.prefs.conf > [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC > [11642] dbg: dcc: network tests on, registering DCC > [11642] dbg: plugin: registered > Mail::SpamAssassin::Plugin::DCC=HASH(0x9a6b8e0) > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Pyzor from @INC > [11642] dbg: pyzor: network tests on, attempting Pyzor > [11642] dbg: plugin: registered > Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a5db2c) > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Razor2 from @INC > [11642] dbg: razor2: razor2 is available, version 2.81 > [11642] dbg: plugin: registered > Mail::SpamAssassin::Plugin::Razor2=HASH(0x9b24050) > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::SpamCop from @INC > [11642] dbg: reporter: network tests on, attempting SpamCop > [11642] dbg: plugin: registered > Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9b5b2a8) > [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC > [11642] dbg: plugin: registered > Mail::SpamAssassin::Plugin::AWL=HASH(0x9ae90d4) > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC > [11642] dbg: plugin: registered > Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9aea07c) > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::WhiteListSubject from @INC > [11642] dbg: plugin: registered > Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9aeaaf0) > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::MIMEHeader from @INC > [11642] dbg: plugin: registered > Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9aeb7d4) > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::ReplaceTags from @INC > [11642] dbg: plugin: registered > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::RelayCountry from @INC > [11642] dbg: plugin: registered > Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) > [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > [11642] dbg: plugin: registered > Mail::SpamAssassin::Plugin::SPF=HASH(0x9b64784) > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::URIDNSBL from @INC > [11642] dbg: plugin: registered > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Razor2 from @INC > [11642] dbg: razor2: razor2 is available, version 2.81 > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::Razor2=HASH(0x9bb3f14), already registered > [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC > [11642] dbg: dcc: network tests on, registering DCC > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::DCC=HASH(0x9a85404), already registered > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Pyzor from @INC > [11642] dbg: pyzor: network tests on, attempting Pyzor > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a85428), already registered > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Razor2 from @INC > [11642] dbg: razor2: razor2 is available, version 2.81 > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a85440), already registered > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::SpamCop from @INC > [11642] dbg: reporter: network tests on, attempting SpamCop > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9a8550c), already > registered > [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::AWL=HASH(0x9a854d0), already registered > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9a855a8), > already registered > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::WhiteListSubject from @INC > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9a855a8), already > registered > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::MIMEHeader from @INC > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9a8568c), already > registered > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::ReplaceTags from @INC > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9a85704), already > registered > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::RelayCountry from @INC > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9a8571c), already > registered > [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::SPF=HASH(0x9a856b0), already registered > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::URIDNSBL from @INC > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9a85710), already > registered > [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Razor2 from @INC > [11642] dbg: razor2: razor2 is available, version 2.81 > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a8577c), already registered > [11642] dbg: plugin: > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) implements > 'finish_parsing_end' > [11642] dbg: replacetags: replacing tags > [11642] dbg: replacetags: done replacing tags > [11642] dbg: bayes: using username: root > [11642] dbg: bayes: database connection established > [11642] dbg: bayes: found bayes db version 3 > [11642] dbg: bayes: Using userid: 1 > [11642] dbg: config: score set 3 chosen. > [11642] dbg: message: ---- MIME PARSER START ---- > [11642] dbg: message: main message type: text/plain > [11642] dbg: message: parsing normal part > [11642] dbg: message: added part, type: text/plain > [11642] dbg: message: ---- MIME PARSER END ---- > [11642] dbg: dns: name server: 192.168.0.10, family: 2, ipv6: 0 > [11642] dbg: dns: testing resolver nameservers: 192.168.0.10, > 192.168.0.12, 192.168.0.2 > [11642] dbg: dns: trying (3) linux.org... > [11642] dbg: dns: looking up NS for 'linux.org' > [11642] dbg: dns: NS lookup of linux.org using 192.168.0.10 failed, no > results found > [11642] dbg: dns: trying (2) akamai.com... > [11642] dbg: dns: looking up NS for 'akamai.com' > [11642] dbg: dns: NS lookup of akamai.com using 192.168.0.10 failed, > no results found > [11642] dbg: dns: trying (1) intel.com... > [11642] dbg: dns: looking up NS for 'intel.com' > [11642] dbg: dns: NS lookup of intel.com using 192.168.0.10 succeeded > => DNS available (set dns_available to override) > [11642] dbg: dns: is DNS available? 1 > [11642] dbg: metadata: X-Spam-Relays-Trusted: > [11642] dbg: metadata: X-Spam-Relays-Untrusted: > [11642] dbg: plugin: > Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) implements > 'extract_metadata' > [11642] dbg: metadata: X-Relay-Countries: > [11642] dbg: message: no encoding detected > [11642] dbg: plugin: > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements > 'parsed_metadata' > [11642] dbg: uridnsbl: domains to query: > [11642] dbg: check: running tests for priority: 0 > [11642] dbg: rules: running header regexp tests; score so far=0 > [11642] dbg: rules: running body-text per-line regexp tests; > score so far=0 > [11642] dbg: rules: ran body rule __SARE_HTML_HAS_MSG ======> > got hit: "I" > [11642] dbg: uri: running uri tests; score so far=0 > [11642] dbg: rules: running raw-body-text per-line regexp > tests; score so far=0 > [11642] dbg: rules: running full-text regexp tests; score so far=0 > [11642] dbg: plugin: > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements > 'check_tick' > [11642] dbg: check: running tests for priority: 500 > [11642] dbg: plugin: > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements > 'check_post_dnsbl' > [11642] dbg: rules: running meta tests; score so far=0 > [11642] dbg: rules: running header regexp tests; score so far=0 > [11642] dbg: rules: running body-text per-line regexp tests; > score so far=0 > [11642] dbg: uri: running uri tests; score so far=0 > [11642] dbg: rules: running raw-body-text per-line regexp > tests; score so far=0 > [11642] dbg: rules: running full-text regexp tests; score so far=0 > [11642] dbg: check: is spam? score=0 required=5 > [11642] dbg: check: tests= > [11642] dbg: check: subtests=__SARE_HTML_HAS_MSG > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From csweeney at osubucks.org Wed May 3 12:30:38 2006 From: csweeney at osubucks.org (Chris Sweeney) Date: Wed May 3 12:29:02 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> Message-ID: <4458945E.1000709@osubucks.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Did you notice this part: kinda looks like you might be have a DNS issue..... 11642] dbg: dns: name server: 192.168.0.10, family: 2, ipv6: 0 [11642] dbg: dns: testing resolver nameservers: 192.168.0.10, 192.168.0.12, 192.168.0.2 [11642] dbg: dns: trying (3) linux.org... [11642] dbg: dns: looking up NS for 'linux.org' [11642] dbg: dns: NS lookup of linux.org using 192.168.0.10 failed, no results found [11642] dbg: dns: trying (2) akamai.com... [11642] dbg: dns: looking up NS for 'akamai.com' [11642] dbg: dns: NS lookup of akamai.com using 192.168.0.10 failed, no results found Devon Harding wrote: > After I upgraded to 4.53, I noticed that Mailscanner was letting > through ALOT more spam. I also noticed that spamassassin was scoring > messages very low. Can anyone tell me whats going on? Here's a copy > of my spamassassin --lint: > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEWJReS9AMNDUYgIcRAhoFAKDkJ8YJNgMMpoq0QgBUW/Xp8Ps7qwCgijF5 wttgiixx5P7HYIIoC/xUtzE= =lQRj -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From kte at nexis.be Wed May 3 12:45:07 2006 From: kte at nexis.be (kte@nexis.be) Date: Wed May 3 12:45:33 2006 Subject: Open source mailserver Message-ID: I want to install an opensource mailserver on linux wit about 1600 users who send or receive about 10 messages a day for each user. He must have a web based admin + quota management + webclient + connecting from an outlook client (imap, pop3). I there an easy install/stable/configure open source mailserver that has these functions? I' looking at openexchange, zimbra, more.groupware? But I don't have experience + they have more the just a mailserver + webclient Thanks Koen -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060503/6ff8c590/attachment.html From roger at rudnick.com.br Wed May 3 12:45:20 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Wed May 3 12:45:39 2006 Subject: Spamassassin not working after 4.53 References: Message-ID: <018c01c66ea7$0eff6450$0600a8c0@roger> I'm with the same problem here... What's the problem with sa-update? I normally used my rules in /etc/mail/spamassassin, and since this version 4.53.6-1, with this new setting "SpamAssassin Local State Dir" I'm having problems... My sa-update command runned with debug didn't found any working mirror... Any help? Regards Roger Jochem ----- Original Message ----- From: "Adri Koppes" To: "MailScanner discussion" Sent: Wednesday, May 03, 2006 8:28 AM Subject: RE: Spamassassin not working after 4.53 >I see you are using /var/lib/spamassassin/3.001001 as your sys and def > rules dir. > Probably these where created by running sa-update. > Yet, there are NO rules from this location read! > So all the default built-in rules don't exist as far as Sa is concerned. > Are there any rules in /var/lib/spamassassin/3.001001 or underlying > directories? > Have you tried running sa-update again? Perhaps it's a failed sa-update, > which deleted everything? > > Adri. > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Devon Harding >> Sent: woensdag 3 mei 2006 13:17 >> To: MailScanner discussion >> Subject: Spamassassin not working after 4.53 >> >> After I upgraded to 4.53, I noticed that Mailscanner was letting >> through ALOT more spam. I also noticed that spamassassin was scoring >> messages very low. Can anyone tell me whats going on? Here's a copy >> of my spamassassin --lint: >> >> [root@mars MailScanner]# spamassassin -x -D -p >> /etc/MailScanner/spam.assassin.prefs.conf --lint >> [11642] dbg: logger: adding facilities: all >> [11642] dbg: logger: logging level is DBG >> [11642] dbg: generic: SpamAssassin version 3.1.1 >> [11642] dbg: config: score set 0 chosen. >> [11642] dbg: util: running in taint mode? yes >> [11642] dbg: util: taint mode: deleting unsafe environment variables, >> resetting PATH >> [11642] dbg: util: PATH included '/usr/kerberos/sbin', keeping >> [11642] dbg: util: PATH included '/usr/kerberos/bin', keeping >> [11642] dbg: util: PATH included '/usr/local/sbin', keeping >> [11642] dbg: util: PATH included '/usr/local/bin', keeping >> [11642] dbg: util: PATH included '/sbin', keeping >> [11642] dbg: util: PATH included '/bin', keeping >> [11642] dbg: util: PATH included '/usr/sbin', keeping >> [11642] dbg: util: PATH included '/usr/bin', keeping >> [11642] dbg: util: PATH included '/root/bin', keeping >> [11642] dbg: util: final PATH set to: >> /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/loca >> l/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin >> [11642] dbg: dns: is Net::DNS::Resolver available? yes >> [11642] dbg: dns: Net::DNS version: 0.57 >> [11642] dbg: diag: perl platform: 5.008008 linux >> [11642] dbg: diag: module installed: Digest::SHA1, version 2.11 >> [11642] dbg: diag: module installed: HTML::Parser, version 3.51 >> [11642] dbg: diag: module installed: MIME::Base64, version 3.07 >> [11642] dbg: diag: module installed: DB_File, version 1.814 >> [11642] dbg: diag: module installed: Net::DNS, version 0.57 >> [11642] dbg: diag: module installed: Net::SMTP, version 2.29 >> [11642] dbg: diag: module installed: Mail::SPF::Query, >> version 1.999001 >> [11642] dbg: diag: module installed: IP::Country::Fast, >> version 604.001 >> [11642] dbg: diag: module installed: Razor2::Client::Agent, >> version 2.81 >> [11642] dbg: diag: module installed: Net::Ident, version 1.20 >> [11642] dbg: diag: module not installed: IO::Socket::INET6 >> ('require' failed) >> [11642] dbg: diag: module installed: IO::Socket::SSL, version 0.97 >> [11642] dbg: diag: module installed: Time::HiRes, version 1.86 >> [11642] dbg: diag: module installed: DBI, version 1.50 >> [11642] dbg: diag: module installed: Getopt::Long, version 2.35 >> [11642] dbg: diag: module installed: LWP::UserAgent, version 2.033 >> [11642] dbg: diag: module installed: HTTP::Date, version 1.47 >> [11642] dbg: diag: module installed: Archive::Tar, version 1.29 >> [11642] dbg: diag: module installed: IO::Zlib, version 1.04 >> [11642] dbg: ignore: using a test message to lint rules >> [11642] dbg: config: using "/etc/mail/spamassassin" for site >> rules pre files >> [11642] dbg: config: read file /etc/mail/spamassassin/init.pre >> [11642] dbg: config: read file /etc/mail/spamassassin/v310.pre >> [11642] dbg: config: using "/var/lib/spamassassin/3.001001" for sys >> rules pre files >> [11642] dbg: config: using "/var/lib/spamassassin/3.001001" for >> default rules dir >> [11642] dbg: config: using "/etc/mail/spamassassin" for site rules dir >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_evilnum0.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_evilnum1.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_evilnum2.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_html.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_html4.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_html_eng.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_random.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_specific.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_uri.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_whitelist.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/88_FVGT_body.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/88_FVGT_headers.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/88_FVGT_rawbody.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/88_FVGT_subject.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/88_FVGT_uri.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/99_FVGT_Tripwire.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/antidrug.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/backhair.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/chickenpox.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/german.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/local.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/mangled.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/random.current.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/sa-blacklist.current.uri.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/tripwire.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/weeds.cf >> [11642] dbg: config: using "/etc/MailScanner/spam.assassin.prefs.conf" >> for user prefs file >> [11642] dbg: config: read file >> /etc/MailScanner/spam.assassin.prefs.conf >> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC >> [11642] dbg: dcc: network tests on, registering DCC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a6b8e0) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Pyzor from @INC >> [11642] dbg: pyzor: network tests on, attempting Pyzor >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a5db2c) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Razor2 from @INC >> [11642] dbg: razor2: razor2 is available, version 2.81 >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9b24050) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::SpamCop from @INC >> [11642] dbg: reporter: network tests on, attempting SpamCop >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9b5b2a8) >> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::AWL=HASH(0x9ae90d4) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9aea07c) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9aeaaf0) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::MIMEHeader from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9aeb7d4) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::ReplaceTags from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::RelayCountry from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) >> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::SPF=HASH(0x9b64784) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::URIDNSBL from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Razor2 from @INC >> [11642] dbg: razor2: razor2 is available, version 2.81 >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9bb3f14), already registered >> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC >> [11642] dbg: dcc: network tests on, registering DCC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a85404), already registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Pyzor from @INC >> [11642] dbg: pyzor: network tests on, attempting Pyzor >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a85428), already registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Razor2 from @INC >> [11642] dbg: razor2: razor2 is available, version 2.81 >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a85440), already registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::SpamCop from @INC >> [11642] dbg: reporter: network tests on, attempting SpamCop >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9a8550c), already >> registered >> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::AWL=HASH(0x9a854d0), already registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9a855a8), >> already registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9a855a8), already >> registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::MIMEHeader from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9a8568c), already >> registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::ReplaceTags from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9a85704), already >> registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::RelayCountry from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9a8571c), already >> registered >> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::SPF=HASH(0x9a856b0), already registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::URIDNSBL from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9a85710), already >> registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Razor2 from @INC >> [11642] dbg: razor2: razor2 is available, version 2.81 >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a8577c), already registered >> [11642] dbg: plugin: >> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) implements >> 'finish_parsing_end' >> [11642] dbg: replacetags: replacing tags >> [11642] dbg: replacetags: done replacing tags >> [11642] dbg: bayes: using username: root >> [11642] dbg: bayes: database connection established >> [11642] dbg: bayes: found bayes db version 3 >> [11642] dbg: bayes: Using userid: 1 >> [11642] dbg: config: score set 3 chosen. >> [11642] dbg: message: ---- MIME PARSER START ---- >> [11642] dbg: message: main message type: text/plain >> [11642] dbg: message: parsing normal part >> [11642] dbg: message: added part, type: text/plain >> [11642] dbg: message: ---- MIME PARSER END ---- >> [11642] dbg: dns: name server: 192.168.0.10, family: 2, ipv6: 0 >> [11642] dbg: dns: testing resolver nameservers: 192.168.0.10, >> 192.168.0.12, 192.168.0.2 >> [11642] dbg: dns: trying (3) linux.org... >> [11642] dbg: dns: looking up NS for 'linux.org' >> [11642] dbg: dns: NS lookup of linux.org using 192.168.0.10 failed, no >> results found >> [11642] dbg: dns: trying (2) akamai.com... >> [11642] dbg: dns: looking up NS for 'akamai.com' >> [11642] dbg: dns: NS lookup of akamai.com using 192.168.0.10 failed, >> no results found >> [11642] dbg: dns: trying (1) intel.com... >> [11642] dbg: dns: looking up NS for 'intel.com' >> [11642] dbg: dns: NS lookup of intel.com using 192.168.0.10 succeeded >> => DNS available (set dns_available to override) >> [11642] dbg: dns: is DNS available? 1 >> [11642] dbg: metadata: X-Spam-Relays-Trusted: >> [11642] dbg: metadata: X-Spam-Relays-Untrusted: >> [11642] dbg: plugin: >> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) implements >> 'extract_metadata' >> [11642] dbg: metadata: X-Relay-Countries: >> [11642] dbg: message: no encoding detected >> [11642] dbg: plugin: >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >> 'parsed_metadata' >> [11642] dbg: uridnsbl: domains to query: >> [11642] dbg: check: running tests for priority: 0 >> [11642] dbg: rules: running header regexp tests; score so far=0 >> [11642] dbg: rules: running body-text per-line regexp tests; >> score so far=0 >> [11642] dbg: rules: ran body rule __SARE_HTML_HAS_MSG ======> >> got hit: "I" >> [11642] dbg: uri: running uri tests; score so far=0 >> [11642] dbg: rules: running raw-body-text per-line regexp >> tests; score so far=0 >> [11642] dbg: rules: running full-text regexp tests; score so far=0 >> [11642] dbg: plugin: >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >> 'check_tick' >> [11642] dbg: check: running tests for priority: 500 >> [11642] dbg: plugin: >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >> 'check_post_dnsbl' >> [11642] dbg: rules: running meta tests; score so far=0 >> [11642] dbg: rules: running header regexp tests; score so far=0 >> [11642] dbg: rules: running body-text per-line regexp tests; >> score so far=0 >> [11642] dbg: uri: running uri tests; score so far=0 >> [11642] dbg: rules: running raw-body-text per-line regexp >> tests; score so far=0 >> [11642] dbg: rules: running full-text regexp tests; score so far=0 >> [11642] dbg: check: is spam? score=0 required=5 >> [11642] dbg: check: tests= >> [11642] dbg: check: subtests=__SARE_HTML_HAS_MSG >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Wed May 3 12:49:44 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed May 3 12:49:47 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> Message-ID: <223f97700605030449w3cdf63bdo5dbe92fe623428a9@mail.gmail.com> On 03/05/06, Devon Harding wrote: > After I upgraded to 4.53, I noticed that Mailscanner was letting > through ALOT more spam. I also noticed that spamassassin was scoring > messages very low. Can anyone tell me whats going on? Here's a copy > of my spamassassin --lint: > > [root@mars MailScanner]# spamassassin -x -D -p (snip) Is this really the complete debug run? It looks a bit .... cut of in the middle, to me at least. Do you employ the digest checks...? There's no mention of those, nor of actually using bayes... Just that a version 3 db is found... Also, you seem to have multiple LoadPlugin lines for the same plugin(s). That doesn't matter for the scoring (AFAICS), but isn't really necessary... > [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC > [11642] dbg: razor2: razor2 is available, version 2.81 > [11642] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a8577c), already registered -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From roger at rudnick.com.br Wed May 3 12:51:19 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Wed May 3 12:51:14 2006 Subject: Spamassassin not working after 4.53 References: Message-ID: <01c001c66ea7$e44ec880$0600a8c0@roger> I solved my problem. Port 8090 whas blocked at my firewall... I never used sa-update before. Really a greate feature I didn't know that existed... This maintans my spamassassin rules updated, right? Regards Roger Jochem ----- Original Message ----- From: "Adri Koppes" To: "MailScanner discussion" Sent: Wednesday, May 03, 2006 8:28 AM Subject: RE: Spamassassin not working after 4.53 >I see you are using /var/lib/spamassassin/3.001001 as your sys and def > rules dir. > Probably these where created by running sa-update. > Yet, there are NO rules from this location read! > So all the default built-in rules don't exist as far as Sa is concerned. > Are there any rules in /var/lib/spamassassin/3.001001 or underlying > directories? > Have you tried running sa-update again? Perhaps it's a failed sa-update, > which deleted everything? > > Adri. > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Devon Harding >> Sent: woensdag 3 mei 2006 13:17 >> To: MailScanner discussion >> Subject: Spamassassin not working after 4.53 >> >> After I upgraded to 4.53, I noticed that Mailscanner was letting >> through ALOT more spam. I also noticed that spamassassin was scoring >> messages very low. Can anyone tell me whats going on? Here's a copy >> of my spamassassin --lint: >> >> [root@mars MailScanner]# spamassassin -x -D -p >> /etc/MailScanner/spam.assassin.prefs.conf --lint >> [11642] dbg: logger: adding facilities: all >> [11642] dbg: logger: logging level is DBG >> [11642] dbg: generic: SpamAssassin version 3.1.1 >> [11642] dbg: config: score set 0 chosen. >> [11642] dbg: util: running in taint mode? yes >> [11642] dbg: util: taint mode: deleting unsafe environment variables, >> resetting PATH >> [11642] dbg: util: PATH included '/usr/kerberos/sbin', keeping >> [11642] dbg: util: PATH included '/usr/kerberos/bin', keeping >> [11642] dbg: util: PATH included '/usr/local/sbin', keeping >> [11642] dbg: util: PATH included '/usr/local/bin', keeping >> [11642] dbg: util: PATH included '/sbin', keeping >> [11642] dbg: util: PATH included '/bin', keeping >> [11642] dbg: util: PATH included '/usr/sbin', keeping >> [11642] dbg: util: PATH included '/usr/bin', keeping >> [11642] dbg: util: PATH included '/root/bin', keeping >> [11642] dbg: util: final PATH set to: >> /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/loca >> l/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin >> [11642] dbg: dns: is Net::DNS::Resolver available? yes >> [11642] dbg: dns: Net::DNS version: 0.57 >> [11642] dbg: diag: perl platform: 5.008008 linux >> [11642] dbg: diag: module installed: Digest::SHA1, version 2.11 >> [11642] dbg: diag: module installed: HTML::Parser, version 3.51 >> [11642] dbg: diag: module installed: MIME::Base64, version 3.07 >> [11642] dbg: diag: module installed: DB_File, version 1.814 >> [11642] dbg: diag: module installed: Net::DNS, version 0.57 >> [11642] dbg: diag: module installed: Net::SMTP, version 2.29 >> [11642] dbg: diag: module installed: Mail::SPF::Query, >> version 1.999001 >> [11642] dbg: diag: module installed: IP::Country::Fast, >> version 604.001 >> [11642] dbg: diag: module installed: Razor2::Client::Agent, >> version 2.81 >> [11642] dbg: diag: module installed: Net::Ident, version 1.20 >> [11642] dbg: diag: module not installed: IO::Socket::INET6 >> ('require' failed) >> [11642] dbg: diag: module installed: IO::Socket::SSL, version 0.97 >> [11642] dbg: diag: module installed: Time::HiRes, version 1.86 >> [11642] dbg: diag: module installed: DBI, version 1.50 >> [11642] dbg: diag: module installed: Getopt::Long, version 2.35 >> [11642] dbg: diag: module installed: LWP::UserAgent, version 2.033 >> [11642] dbg: diag: module installed: HTTP::Date, version 1.47 >> [11642] dbg: diag: module installed: Archive::Tar, version 1.29 >> [11642] dbg: diag: module installed: IO::Zlib, version 1.04 >> [11642] dbg: ignore: using a test message to lint rules >> [11642] dbg: config: using "/etc/mail/spamassassin" for site >> rules pre files >> [11642] dbg: config: read file /etc/mail/spamassassin/init.pre >> [11642] dbg: config: read file /etc/mail/spamassassin/v310.pre >> [11642] dbg: config: using "/var/lib/spamassassin/3.001001" for sys >> rules pre files >> [11642] dbg: config: using "/var/lib/spamassassin/3.001001" for >> default rules dir >> [11642] dbg: config: using "/etc/mail/spamassassin" for site rules dir >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_evilnum0.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_evilnum1.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_evilnum2.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_html.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_html4.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_html_eng.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_random.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_specific.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_uri.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_whitelist.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/88_FVGT_body.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/88_FVGT_headers.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/88_FVGT_rawbody.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/88_FVGT_subject.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/88_FVGT_uri.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/99_FVGT_Tripwire.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/antidrug.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/backhair.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/chickenpox.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/german.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/local.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/mangled.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/random.current.cf >> [11642] dbg: config: read file >> /etc/mail/spamassassin/sa-blacklist.current.uri.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/tripwire.cf >> [11642] dbg: config: read file /etc/mail/spamassassin/weeds.cf >> [11642] dbg: config: using "/etc/MailScanner/spam.assassin.prefs.conf" >> for user prefs file >> [11642] dbg: config: read file >> /etc/MailScanner/spam.assassin.prefs.conf >> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC >> [11642] dbg: dcc: network tests on, registering DCC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a6b8e0) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Pyzor from @INC >> [11642] dbg: pyzor: network tests on, attempting Pyzor >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a5db2c) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Razor2 from @INC >> [11642] dbg: razor2: razor2 is available, version 2.81 >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9b24050) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::SpamCop from @INC >> [11642] dbg: reporter: network tests on, attempting SpamCop >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9b5b2a8) >> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::AWL=HASH(0x9ae90d4) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9aea07c) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9aeaaf0) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::MIMEHeader from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9aeb7d4) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::ReplaceTags from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::RelayCountry from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) >> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::SPF=HASH(0x9b64784) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::URIDNSBL from @INC >> [11642] dbg: plugin: registered >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Razor2 from @INC >> [11642] dbg: razor2: razor2 is available, version 2.81 >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9bb3f14), already registered >> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC >> [11642] dbg: dcc: network tests on, registering DCC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a85404), already registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Pyzor from @INC >> [11642] dbg: pyzor: network tests on, attempting Pyzor >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a85428), already registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Razor2 from @INC >> [11642] dbg: razor2: razor2 is available, version 2.81 >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a85440), already registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::SpamCop from @INC >> [11642] dbg: reporter: network tests on, attempting SpamCop >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9a8550c), already >> registered >> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::AWL=HASH(0x9a854d0), already registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9a855a8), >> already registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9a855a8), already >> registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::MIMEHeader from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9a8568c), already >> registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::ReplaceTags from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9a85704), already >> registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::RelayCountry from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9a8571c), already >> registered >> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::SPF=HASH(0x9a856b0), already registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::URIDNSBL from @INC >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9a85710), already >> registered >> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Razor2 from @INC >> [11642] dbg: razor2: razor2 is available, version 2.81 >> [11642] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a8577c), already registered >> [11642] dbg: plugin: >> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) implements >> 'finish_parsing_end' >> [11642] dbg: replacetags: replacing tags >> [11642] dbg: replacetags: done replacing tags >> [11642] dbg: bayes: using username: root >> [11642] dbg: bayes: database connection established >> [11642] dbg: bayes: found bayes db version 3 >> [11642] dbg: bayes: Using userid: 1 >> [11642] dbg: config: score set 3 chosen. >> [11642] dbg: message: ---- MIME PARSER START ---- >> [11642] dbg: message: main message type: text/plain >> [11642] dbg: message: parsing normal part >> [11642] dbg: message: added part, type: text/plain >> [11642] dbg: message: ---- MIME PARSER END ---- >> [11642] dbg: dns: name server: 192.168.0.10, family: 2, ipv6: 0 >> [11642] dbg: dns: testing resolver nameservers: 192.168.0.10, >> 192.168.0.12, 192.168.0.2 >> [11642] dbg: dns: trying (3) linux.org... >> [11642] dbg: dns: looking up NS for 'linux.org' >> [11642] dbg: dns: NS lookup of linux.org using 192.168.0.10 failed, no >> results found >> [11642] dbg: dns: trying (2) akamai.com... >> [11642] dbg: dns: looking up NS for 'akamai.com' >> [11642] dbg: dns: NS lookup of akamai.com using 192.168.0.10 failed, >> no results found >> [11642] dbg: dns: trying (1) intel.com... >> [11642] dbg: dns: looking up NS for 'intel.com' >> [11642] dbg: dns: NS lookup of intel.com using 192.168.0.10 succeeded >> => DNS available (set dns_available to override) >> [11642] dbg: dns: is DNS available? 1 >> [11642] dbg: metadata: X-Spam-Relays-Trusted: >> [11642] dbg: metadata: X-Spam-Relays-Untrusted: >> [11642] dbg: plugin: >> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) implements >> 'extract_metadata' >> [11642] dbg: metadata: X-Relay-Countries: >> [11642] dbg: message: no encoding detected >> [11642] dbg: plugin: >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >> 'parsed_metadata' >> [11642] dbg: uridnsbl: domains to query: >> [11642] dbg: check: running tests for priority: 0 >> [11642] dbg: rules: running header regexp tests; score so far=0 >> [11642] dbg: rules: running body-text per-line regexp tests; >> score so far=0 >> [11642] dbg: rules: ran body rule __SARE_HTML_HAS_MSG ======> >> got hit: "I" >> [11642] dbg: uri: running uri tests; score so far=0 >> [11642] dbg: rules: running raw-body-text per-line regexp >> tests; score so far=0 >> [11642] dbg: rules: running full-text regexp tests; score so far=0 >> [11642] dbg: plugin: >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >> 'check_tick' >> [11642] dbg: check: running tests for priority: 500 >> [11642] dbg: plugin: >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >> 'check_post_dnsbl' >> [11642] dbg: rules: running meta tests; score so far=0 >> [11642] dbg: rules: running header regexp tests; score so far=0 >> [11642] dbg: rules: running body-text per-line regexp tests; >> score so far=0 >> [11642] dbg: uri: running uri tests; score so far=0 >> [11642] dbg: rules: running raw-body-text per-line regexp >> tests; score so far=0 >> [11642] dbg: rules: running full-text regexp tests; score so far=0 >> [11642] dbg: check: is spam? score=0 required=5 >> [11642] dbg: check: tests= >> [11642] dbg: check: subtests=__SARE_HTML_HAS_MSG >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From devonharding at gmail.com Wed May 3 12:58:17 2006 From: devonharding at gmail.com (Devon Harding) Date: Wed May 3 12:58:21 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <4458945E.1000709@osubucks.org> References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> <4458945E.1000709@osubucks.org> Message-ID: <2baac6140605030458j79427c97r1efa71400bbabe10@mail.gmail.com> > > Did you notice this part: kinda looks like you might be have a DNS > issue..... DNS is ok, I re-ran lint and the names were resolved... [11996] dbg: dns: name server: 192.168.0.10, family: 2, ipv6: 0 [11996] dbg: dns: testing resolver nameservers: 192.168.0.10, 192.168.0.12, 192.168.0.2 [11996] dbg: dns: trying (3) sourceforge.net... [11996] dbg: dns: looking up NS for 'sourceforge.net' [11996] dbg: dns: NS lookup of sourceforge.net using 192.168.0.10 succeeded => DNS available (set dns_available to override) [11996] dbg: dns: is DNS available? 1 >Have you tried running sa-update again? Perhaps it's a failed sa-update, >which deleted everything? Here is sa-learn's output, btw, got the same -lint results [root@mars MailScanner]# /usr/bin/sa-learn --force-expire --sync -p /etc/MailScanner/spam.assassin.perf.conf expired old bayes database entries in 24 seconds 124411 entries kept, 2400 deleted token frequency: 1-occurrence tokens: 64.69% token frequency: less than 8 occurrences: 21.09% From devonharding at gmail.com Wed May 3 13:03:02 2006 From: devonharding at gmail.com (Devon Harding) Date: Wed May 3 13:03:04 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <223f97700605030449w3cdf63bdo5dbe92fe623428a9@mail.gmail.com> References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> <223f97700605030449w3cdf63bdo5dbe92fe623428a9@mail.gmail.com> Message-ID: <2baac6140605030503n174e69aag931ff7f6e91f3a00@mail.gmail.com> > Is this really the complete debug run? It looks a bit .... cut of in > the middle, to me at least. Here is the command I use: spamassassin -x -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint > Do you employ the digest checks...? There's no mention of those, nor > of actually using bayes... Just that a version 3 db is found... Also using MySQL for bayes storage. From pete at enitech.com.au Wed May 3 13:12:38 2006 From: pete at enitech.com.au (Pete Russell) Date: Wed May 3 13:12:51 2006 Subject: Open source mailserver In-Reply-To: References: Message-ID: <44589E36.6060908@enitech.com.au> Does it need to be open source, or simply nix based? Because outlook/evolution connectors all cost money when you have that many users. Eval www.scalix.com its very polished compared to zimbra and open exchange. But then my eval of it was for 4 users :) kte@nexis.be wrote: > > I want to install an opensource mailserver on linux wit about 1600 users > who send or receive about 10 messages a day for each user. He must have > a web based admin + quota management + webclient + connecting from an > outlook client (imap, pop3). I there an easy install/stable/configure > open source mailserver that has these functions? > I' looking at openexchange, zimbra, more.groupware? But I don't have > experience + they have more the just a mailserver + webclient > > Thanks Koen > From mailscanner at lists.com.ar Wed May 3 13:24:33 2006 From: mailscanner at lists.com.ar (Leonardo Helman) Date: Wed May 3 13:24:16 2006 Subject: ReadMessageHandle question In-Reply-To: <1A265B28-6E4C-4CC4-9F4A-5DDC05DE2CAB@ecs.soton.ac.uk> Message-ID: On Wed, May 03, 2006 at 09:01:56AM +0100, Julian Field wrote: > > On 2 May 2006, at 22:09, Leonardo Helman wrote: > > >Hi > > > >sendmail, > >I really didn't look much of the code for the others), so this > >"unless" > >is always false (so it could be eliminated)? > > Not if it ran out of disk space trying to do it! In that case $this-> > {dpath} would be empty (and hence 0). I'm modifying MailScanner-4.53.6, are you working with something very different. greped (-w) for dpath, and found only: /lib/MailScanner/EximDiskStore.pm: $this->{dpath} = $dir . '/' . $this->{dname}; /lib/MailScanner/SMDiskStore.pm: $this->{dpath} = $dir . '/' . $this->{dname}; > > > > > >Last but not least, I think, we have to change Messages.pm a little > >and > >move to the DiskStores the references to $this->{dpath}, like > >we have done when I sent to you the zmailer parts. > > > >For those changes for example look, in SMDiskStore.pm, look for: "# > >LEOH 26/03/2003 We do not have dpath in other mailers" (more than 3 > >years wow!) > >I'm thinking something in the line of getFileNameToLog or > >something, I don't > >remember, but I think, we have done something like that. > > I can't remember this one. From what I *can* remember, dpath exists > in the Message object for other mailers doesn't it? Does it matter > what other mailers do here? no, it doesn't, I think we deleted all the dpath's from Messages.pm sometime near 2003 Only ./lib/MailScanner/SMDiskStore.pm and ./lib/MailScanner/EximDiskStore.pm should have dpath's Other mailers could have any internal structure for working with the file/s, and Message.pm, should not know any of them What I saw now, is, that dpath returned to Messages.pm I never saw that mention before (and it seems like most of the time $entity is true, so didn't saw it in the logs) Saludos LeoH -- Leonardo Helman Pert Consultores Argentina From glenn.steen at gmail.com Wed May 3 13:39:22 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed May 3 13:39:24 2006 Subject: Open source mailserver In-Reply-To: References: Message-ID: <223f97700605030539nf19fa06hd22488748fea20fb@mail.gmail.com> On 03/05/06, kte@nexis.be wrote: > > I want to install an opensource mailserver on linux wit about 1600 users who > send or receive about 10 messages a day for each user. He must have a web > based admin + quota management + webclient + connecting from an outlook > client (imap, pop3). I there an easy install/stable/configure open source > mailserver that has these functions? > I' looking at openexchange, zimbra, more.groupware? But I don't have > experience + they have more the just a mailserver + webclient > > Thanks Koen > Prossibly a tad less polished than Petes suggestion, but do have a look at courier (http://www.courier-mta.org/)... As they say themselves, you don't need to use their MTA, but can instead use for example Postfix, together with their IMAP and webmail package. I'm not sure that Dovecot has "enough" quota support yet, so ... perhaps not fitting your bill... Not to mention that you'd need complement it with some webmail (squirrel perhaps). Judge for yourself at http://www.dovecot.org/. Some will swear by Cyrus, others at it... Again, judge for yourself at http://asg.web.cmu.edu/cyrus/imapd/ As Pete mentions, most/all "groupware suites" that have an OutLook connector will charge you for it (open-ex etc).... And as you say, they do a bit more than you really want them to, so why use them? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed May 3 13:59:07 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed May 3 13:59:10 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <2baac6140605030458j79427c97r1efa71400bbabe10@mail.gmail.com> References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> <4458945E.1000709@osubucks.org> <2baac6140605030458j79427c97r1efa71400bbabe10@mail.gmail.com> Message-ID: <223f97700605030559t5666b27do76eb176f8381bef9@mail.gmail.com> On 03/05/06, Devon Harding wrote: (snip) > >Have you tried running sa-update again? Perhaps it's a failed sa-update, > >which deleted everything? > > Here is sa-learn's output, btw, got the same -lint results > (snip) update != learn... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed May 3 14:06:08 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed May 3 14:06:10 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <2baac6140605030503n174e69aag931ff7f6e91f3a00@mail.gmail.com> References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> <223f97700605030449w3cdf63bdo5dbe92fe623428a9@mail.gmail.com> <2baac6140605030503n174e69aag931ff7f6e91f3a00@mail.gmail.com> Message-ID: <223f97700605030606u4542799fq92ac4c7c6bc4f802@mail.gmail.com> On 03/05/06, Devon Harding wrote: > > Is this really the complete debug run? It looks a bit .... cut of in > > the middle, to me at least. > > Here is the command I use: > spamassassin -x -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint > > > Do you employ the digest checks...? There's no mention of those, nor > > of actually using bayes... Just that a version 3 db is found... > > Also using MySQL for bayes storage. i think Adri is right... Seems like many of the default rules simply aren't there. Does /var/lib/spamassassin/3.001001 contain any rule files? Or are they in /usr/share/spamassassin? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From adrik at salesmanager.nl Wed May 3 14:13:58 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Wed May 3 14:14:00 2006 Subject: Spamassassin not working after 4.53 Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Glenn Steen > Sent: woensdag 3 mei 2006 15:06 > To: MailScanner discussion > Subject: Re: Spamassassin not working after 4.53 > > On 03/05/06, Devon Harding wrote: > > > Is this really the complete debug run? It looks a bit > .... cut of in > > > the middle, to me at least. > > > > Here is the command I use: > > spamassassin -x -D -p > /etc/MailScanner/spam.assassin.prefs.conf --lint > > > > > Do you employ the digest checks...? There's no mention of > those, nor > > > of actually using bayes... Just that a version 3 db is found... > > > > Also using MySQL for bayes storage. > > i think Adri is right... Seems like many of the default rules > simply aren't there. Does /var/lib/spamassassin/3.001001 > contain any rule files? Or are they in /usr/share/spamassassin? On a normal installation of SA, the default rules will reside in /usr/share/spamassassin. After running sa-update, the default rules will wtill stay in /usr/share/spamassassin, but a new directory with the all old and updated default rules will be created under /var/lib/spamassassin/3.001001. When running SA and the local_state_dir variable is set, it SA will NOT look in /usr/share/spamassassin anymore for default rules. Adri. From devonharding at gmail.com Wed May 3 14:46:10 2006 From: devonharding at gmail.com (Devon Harding) Date: Wed May 3 14:46:12 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <223f97700605030559t5666b27do76eb176f8381bef9@mail.gmail.com> References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> <4458945E.1000709@osubucks.org> <2baac6140605030458j79427c97r1efa71400bbabe10@mail.gmail.com> <223f97700605030559t5666b27do76eb176f8381bef9@mail.gmail.com> Message-ID: <2baac6140605030646n644b6fc3m217e2f0810b6de99@mail.gmail.com> Here are my sa-update results: [root@mars dcc-1.3.31]# sa-update error: can't verify SHA1 signature channel: SHA1 verification failed, channel failed hmm..There are rules in /usr/share/spamassassin, but nothing in /var/lib/spamassassin/3.001001 [root@mars dcc-1.3.31]# l /var/lib/spamassassin/3.001001/ total 8.0K drwxr-xr-x 2 root root 4.0K May 2 04:14 updates_spamassassin_org drwxr-xr-x 2 root root 4.0K May 2 04:14 updates_spamassassin_org.tmp [root@mars dcc-1.3.31]# l /var/lib/spamassassin/3.001001/updates_spamassassin_org total 0 [root@mars dcc-1.3.31]# l /var/lib/spamassassin/3.001001/updates_spamassassin_org.tmp/ total 4.0K -rw-r--r-- 1 root root 98 May 3 09:11 MIRRORED.BY How do I correct this? From glenn.steen at gmail.com Wed May 3 15:16:06 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed May 3 15:16:09 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <2baac6140605030646n644b6fc3m217e2f0810b6de99@mail.gmail.com> References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> <4458945E.1000709@osubucks.org> <2baac6140605030458j79427c97r1efa71400bbabe10@mail.gmail.com> <223f97700605030559t5666b27do76eb176f8381bef9@mail.gmail.com> <2baac6140605030646n644b6fc3m217e2f0810b6de99@mail.gmail.com> Message-ID: <223f97700605030716u217c0b2fu268ee5eadc5ab787@mail.gmail.com> On 03/05/06, Devon Harding wrote: > Here are my sa-update results: > > [root@mars dcc-1.3.31]# sa-update > error: can't verify SHA1 signature > channel: SHA1 verification failed, channel failed > > hmm..There are rules in /usr/share/spamassassin, but nothing in > /var/lib/spamassassin/3.001001 > > [root@mars dcc-1.3.31]# l /var/lib/spamassassin/3.001001/ > total 8.0K > drwxr-xr-x 2 root root 4.0K May 2 04:14 updates_spamassassin_org > drwxr-xr-x 2 root root 4.0K May 2 04:14 updates_spamassassin_org.tmp > [root@mars dcc-1.3.31]# l > /var/lib/spamassassin/3.001001/updates_spamassassin_org > total 0 > [root@mars dcc-1.3.31]# l > /var/lib/spamassassin/3.001001/updates_spamassassin_org.tmp/ > total 4.0K > -rw-r--r-- 1 root root 98 May 3 09:11 MIRRORED.BY > > How do I correct this? Someone will definitely correct me if I'm wrong, but (re-)moving the directory somewhere else (that SA will not try to find it) would probably make it fall abck to /usr/share/spamassassin. I'm sure Adri (or someone else) will have a handle on your SHA1 error there... You saw Rogers resolution to his problem (FW of port 8090 preventing it from retreiving anything)? I just tested running sa-update on a machine with port 8090 blocked, and this is exactly the error that you get... after a longish time you get: ----- [root@apmx05 ~]# sa-update sa-update: importing default keyring to '/etc/mail/spamassassin//sa-update-keys'... http: request failed: 500 Can't connect to buildbot.spamassassin.org.nyud.net:8090 (connect: timeout): 500 Can't connect to buildbot.spamassassin.org.nyud.net:8090 (connect: timeout) error: channel updates.spamassassin.org has no working mirrors channel: could not find working mirror, channel failed ----- and then the /var/lib/spamassassin/ directory is created _without the "old" rules! This is bad only if you have never successfully run sa-update, since otherwise you'll have your "old rules" in place, but when it happens the first time, you neither get the encryption keys (it seems to me), nor any working rules.... Bah. Either fall back to the "default" rules by deleting the dir, or make darned sure the first run succeeds. You might need delete the /etc/mail/spamassassin/sa-update-keys directory and the /var/lib/spamassassin/3.001001 for that to actually work (after opening port 8090). HtH -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dpowell at lssi.net Wed May 3 15:32:35 2006 From: dpowell at lssi.net (Darrin Powell) Date: Wed May 3 15:33:56 2006 Subject: Allow Password-Protected Archives In-Reply-To: <4457A429.8050707@ecs.soton.ac.uk> References: <034d01c66e06$b2242450$3004010a@martinhlaptop> <1146588506.2415.42.camel@powell> <4457A429.8050707@ecs.soton.ac.uk> Message-ID: <1146666756.2775.58.camel@powell> Ahh should have read the message closer :). I am using Sophos AV only. I am not sure what type of file eda10kp.inp is. I received another one today for an .xls file At Tue May 2 15:44:32 2006 the virus scanner said: Password protected file rand.zip/rand.xls Not sure I have seen this in the past. What file would I need to change with Sophos. Thanks -- Darrin Powell, CISSP LSSi Corp. Security Administrator Office (919) 466-6803 On Tue, 2006-05-02 at 19:25 +0100, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Darrin Powell wrote: > > Below is the message: > > > > > > > >> At Tue May 2 10:28:52 2006 the virus scanner said: > >> Password protected file eda10kp.zip/eda10kp.inp > >> > So it's actually saying that the file eda10kp.inp is password-protected, > not the zip file at all. If it was a password-protected archive > blah.zip, it would have said that :-) > > If you are using Sophos, then you will find there is a configuration > option to set allowed messages from Sophos. > > What virus scanners are you using? And what type of file is eda10kp.inp? > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRFekKxH2WUcUFbZUEQKdOACggn3N2pmXxQXLv8dizEhYqJB6s1YAniCS > /K41sRknsPmfP3P3dr0h5jD7 > =jIud > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > -- Darrin Powell, CISSP LSSi Corp. Security Administrator Office (919) 466-6803 From martinh at solid-state-logic.com Wed May 3 15:39:41 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed May 3 15:39:48 2006 Subject: Allow Password-Protected Archives In-Reply-To: <1146666756.2775.58.camel@powell> Message-ID: <00f401c66ebf$69708af0$3004010a@martinhlaptop> Darrin In MailScanner.conf look for the line Allowed Sophos Error Messages I have mine set to the following.. Allowed Sophos Error Messages = "corrupt", "format not supported", "File was encrypted", "The main body of virus data is out of date" (all one line of course - my email client will no doubt split the line ;-( -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Darrin Powell > Sent: 03 May 2006 15:33 > To: MailScanner discussion > Subject: Re: Allow Password-Protected Archives > > Ahh should have read the message closer :). I am using Sophos AV only. I > am not sure what type of file eda10kp.inp is. I received another one > today for an .xls file > > At Tue May 2 15:44:32 2006 the virus scanner said: > Password protected file rand.zip/rand.xls > > Not sure I have seen this in the past. What file would I need to change > with Sophos. > > > Thanks > -- > Darrin Powell, CISSP > LSSi Corp. > Security Administrator > Office (919) 466-6803 > > > On Tue, 2006-05-02 at 19:25 +0100, Julian Field wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > > > > Darrin Powell wrote: > > > Below is the message: > > > > > > > > > > > >> At Tue May 2 10:28:52 2006 the virus scanner said: > > >> Password protected file eda10kp.zip/eda10kp.inp > > >> > > So it's actually saying that the file eda10kp.inp is password-protected, > > not the zip file at all. If it was a password-protected archive > > blah.zip, it would have said that :-) > > > > If you are using Sophos, then you will find there is a configuration > > option to set allowed messages from Sophos. > > > > What virus scanners are you using? And what type of file is eda10kp.inp? > > > > - -- > > Julian Field > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP Desktop 9.0.6 (Build 6060) > > > > iQA/AwUBRFekKxH2WUcUFbZUEQKdOACggn3N2pmXxQXLv8dizEhYqJB6s1YAniCS > > /K41sRknsPmfP3P3dr0h5jD7 > > =jIud > > -----END PGP SIGNATURE----- > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > MailScanner thanks transtec Computers for their support. > > > -- > Darrin Powell, CISSP > LSSi Corp. > Security Administrator > Office (919) 466-6803 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Wed May 3 15:45:51 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 3 15:46:05 2006 Subject: ReadMessageHandle question In-Reply-To: References: Message-ID: <10C8794B-1E89-4601-9B99-091D0590E365@ecs.soton.ac.uk> On 3 May 2006, at 13:24, Leonardo Helman wrote: > On Wed, May 03, 2006 at 09:01:56AM +0100, Julian Field wrote: >> >> On 2 May 2006, at 22:09, Leonardo Helman wrote: >> >>> Hi >>> >>> sendmail, >>> I really didn't look much of the code for the others), so this >>> "unless" >>> is always false (so it could be eliminated)? >> >> Not if it ran out of disk space trying to do it! In that case $this-> >> {dpath} would be empty (and hence 0). > I'm modifying MailScanner-4.53.6, are you working with something > very different. > greped (-w) for dpath, and found only: > > /lib/MailScanner/EximDiskStore.pm: $this->{dpath} = $dir . '/' . > $this->{dname}; > /lib/MailScanner/SMDiskStore.pm: $this->{dpath} = $dir . '/' . > $this->{dname}; > This is from 4.53.6: [root@tinker MailScanner]# pwd /usr/lib/MailScanner/MailScanner [root@tinker MailScanner]# fgrep -l '{dpath}' * EximDiskStore.pm MCP.pm Message.pm SMDiskStore.pm [root@tinker MailScanner]# -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From devonharding at gmail.com Wed May 3 15:47:47 2006 From: devonharding at gmail.com (Devon Harding) Date: Wed May 3 15:47:49 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <223f97700605030716u217c0b2fu268ee5eadc5ab787@mail.gmail.com> References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> <4458945E.1000709@osubucks.org> <2baac6140605030458j79427c97r1efa71400bbabe10@mail.gmail.com> <223f97700605030559t5666b27do76eb176f8381bef9@mail.gmail.com> <2baac6140605030646n644b6fc3m217e2f0810b6de99@mail.gmail.com> <223f97700605030716u217c0b2fu268ee5eadc5ab787@mail.gmail.com> Message-ID: <2baac6140605030747x17ed1a0ew97f7d79901a24987@mail.gmail.com> > Either fall back to the "default" rules by deleting the dir, or make > darned sure the first run succeeds. You might need delete the > /etc/mail/spamassassin/sa-update-keys directory and the > /var/lib/spamassassin/3.001001 for that to actually work (after > opening port 8090). Ok, deleted both folders and re ran sa-update: [root@mars ~]# sa-update sa-update: importing default keyring to '/etc/mail/spamassassin//sa-update-keys'... error: can't verify SHA1 signature channel: SHA1 verification failed, channel failed Checked again, and the folders got recreated. Any other options? From MailScanner at ecs.soton.ac.uk Wed May 3 15:48:10 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 3 15:48:21 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <018c01c66ea7$0eff6450$0600a8c0@roger> References: <018c01c66ea7$0eff6450$0600a8c0@roger> Message-ID: Should I urgently put out a new version with the SpamAssassin Local State Dir setting commented out in MailScanner.conf? On 3 May 2006, at 12:45, Roger Jochem wrote: > I'm with the same problem here... > > What's the problem with sa-update? I normally used my rules in /etc/ > mail/spamassassin, and since this version 4.53.6-1, with this new > setting "SpamAssassin Local State Dir" I'm having problems... > > My sa-update command runned with debug didn't found any working > mirror... Any help? > > Regards > > Roger Jochem > > ----- Original Message ----- From: "Adri Koppes" > > To: "MailScanner discussion" > Sent: Wednesday, May 03, 2006 8:28 AM > Subject: RE: Spamassassin not working after 4.53 > > >> I see you are using /var/lib/spamassassin/3.001001 as your sys and >> def >> rules dir. >> Probably these where created by running sa-update. >> Yet, there are NO rules from this location read! >> So all the default built-in rules don't exist as far as Sa is >> concerned. >> Are there any rules in /var/lib/spamassassin/3.001001 or underlying >> directories? >> Have you tried running sa-update again? Perhaps it's a failed sa- >> update, >> which deleted everything? >> >> Adri. >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>> Of Devon Harding >>> Sent: woensdag 3 mei 2006 13:17 >>> To: MailScanner discussion >>> Subject: Spamassassin not working after 4.53 >>> >>> After I upgraded to 4.53, I noticed that Mailscanner was letting >>> through ALOT more spam. I also noticed that spamassassin was >>> scoring >>> messages very low. Can anyone tell me whats going on? Here's a >>> copy >>> of my spamassassin --lint: >>> >>> [root@mars MailScanner]# spamassassin -x -D -p >>> /etc/MailScanner/spam.assassin.prefs.conf --lint >>> [11642] dbg: logger: adding facilities: all >>> [11642] dbg: logger: logging level is DBG >>> [11642] dbg: generic: SpamAssassin version 3.1.1 >>> [11642] dbg: config: score set 0 chosen. >>> [11642] dbg: util: running in taint mode? yes >>> [11642] dbg: util: taint mode: deleting unsafe environment >>> variables, >>> resetting PATH >>> [11642] dbg: util: PATH included '/usr/kerberos/sbin', keeping >>> [11642] dbg: util: PATH included '/usr/kerberos/bin', keeping >>> [11642] dbg: util: PATH included '/usr/local/sbin', keeping >>> [11642] dbg: util: PATH included '/usr/local/bin', keeping >>> [11642] dbg: util: PATH included '/sbin', keeping >>> [11642] dbg: util: PATH included '/bin', keeping >>> [11642] dbg: util: PATH included '/usr/sbin', keeping >>> [11642] dbg: util: PATH included '/usr/bin', keeping >>> [11642] dbg: util: PATH included '/root/bin', keeping >>> [11642] dbg: util: final PATH set to: >>> /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/loca >>> l/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin >>> [11642] dbg: dns: is Net::DNS::Resolver available? yes >>> [11642] dbg: dns: Net::DNS version: 0.57 >>> [11642] dbg: diag: perl platform: 5.008008 linux >>> [11642] dbg: diag: module installed: Digest::SHA1, version 2.11 >>> [11642] dbg: diag: module installed: HTML::Parser, version 3.51 >>> [11642] dbg: diag: module installed: MIME::Base64, version 3.07 >>> [11642] dbg: diag: module installed: DB_File, version 1.814 >>> [11642] dbg: diag: module installed: Net::DNS, version 0.57 >>> [11642] dbg: diag: module installed: Net::SMTP, version 2.29 >>> [11642] dbg: diag: module installed: Mail::SPF::Query, >>> version 1.999001 >>> [11642] dbg: diag: module installed: IP::Country::Fast, >>> version 604.001 >>> [11642] dbg: diag: module installed: Razor2::Client::Agent, >>> version 2.81 >>> [11642] dbg: diag: module installed: Net::Ident, version 1.20 >>> [11642] dbg: diag: module not installed: IO::Socket::INET6 >>> ('require' failed) >>> [11642] dbg: diag: module installed: IO::Socket::SSL, version 0.97 >>> [11642] dbg: diag: module installed: Time::HiRes, version 1.86 >>> [11642] dbg: diag: module installed: DBI, version 1.50 >>> [11642] dbg: diag: module installed: Getopt::Long, version 2.35 >>> [11642] dbg: diag: module installed: LWP::UserAgent, version 2.033 >>> [11642] dbg: diag: module installed: HTTP::Date, version 1.47 >>> [11642] dbg: diag: module installed: Archive::Tar, version 1.29 >>> [11642] dbg: diag: module installed: IO::Zlib, version 1.04 >>> [11642] dbg: ignore: using a test message to lint rules >>> [11642] dbg: config: using "/etc/mail/spamassassin" for site >>> rules pre files >>> [11642] dbg: config: read file /etc/mail/spamassassin/init.pre >>> [11642] dbg: config: read file /etc/mail/spamassassin/v310.pre >>> [11642] dbg: config: using "/var/lib/spamassassin/3.001001" for sys >>> rules pre files >>> [11642] dbg: config: using "/var/lib/spamassassin/3.001001" for >>> default rules dir >>> [11642] dbg: config: using "/etc/mail/spamassassin" for site >>> rules dir >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/70_sare_evilnum0.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/70_sare_evilnum1.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/70_sare_evilnum2.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>> 70_sare_html.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>> 70_sare_html4.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/70_sare_html_eng.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>> 70_sare_obfu.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/70_sare_random.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/70_sare_specific.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/70_sare_uri.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/70_sare_whitelist.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>> 88_FVGT_body.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/88_FVGT_headers.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/88_FVGT_rawbody.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/88_FVGT_subject.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/88_FVGT_uri.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/99_FVGT_Tripwire.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/antidrug.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/backhair.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/chickenpox.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/german.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/local.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/mangled.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/random.current.cf >>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/sa-blacklist.current.uri.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/tripwire.cf >>> [11642] dbg: config: read file /etc/mail/spamassassin/weeds.cf >>> [11642] dbg: config: using "/etc/MailScanner/ >>> spam.assassin.prefs.conf" >>> for user prefs file >>> [11642] dbg: config: read file >>> /etc/MailScanner/spam.assassin.prefs.conf >>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from >>> @INC >>> [11642] dbg: dcc: network tests on, registering DCC >>> [11642] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a6b8e0) >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::Pyzor from @INC >>> [11642] dbg: pyzor: network tests on, attempting Pyzor >>> [11642] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a5db2c) >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::Razor2 from @INC >>> [11642] dbg: razor2: razor2 is available, version 2.81 >>> [11642] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9b24050) >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::SpamCop from @INC >>> [11642] dbg: reporter: network tests on, attempting SpamCop >>> [11642] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9b5b2a8) >>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from >>> @INC >>> [11642] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::AWL=HASH(0x9ae90d4) >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >>> [11642] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9aea07c) >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>> [11642] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9aeaaf0) >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::MIMEHeader from @INC >>> [11642] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9aeb7d4) >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC >>> [11642] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::RelayCountry from @INC >>> [11642] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) >>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from >>> @INC >>> [11642] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::SPF=HASH(0x9b64784) >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::URIDNSBL from @INC >>> [11642] dbg: plugin: registered >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::Razor2 from @INC >>> [11642] dbg: razor2: razor2 is available, version 2.81 >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9bb3f14), already >>> registered >>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from >>> @INC >>> [11642] dbg: dcc: network tests on, registering DCC >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a85404), already registered >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::Pyzor from @INC >>> [11642] dbg: pyzor: network tests on, attempting Pyzor >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a85428), already >>> registered >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::Razor2 from @INC >>> [11642] dbg: razor2: razor2 is available, version 2.81 >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a85440), already >>> registered >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::SpamCop from @INC >>> [11642] dbg: reporter: network tests on, attempting SpamCop >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9a8550c), already >>> registered >>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from >>> @INC >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::AWL=HASH(0x9a854d0), already registered >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9a855a8), >>> already registered >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9a855a8), >>> already >>> registered >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::MIMEHeader from @INC >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9a8568c), already >>> registered >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9a85704), already >>> registered >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::RelayCountry from @INC >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9a8571c), already >>> registered >>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from >>> @INC >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::SPF=HASH(0x9a856b0), already registered >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::URIDNSBL from @INC >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9a85710), already >>> registered >>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::Razor2 from @INC >>> [11642] dbg: razor2: razor2 is available, version 2.81 >>> [11642] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a8577c), already >>> registered >>> [11642] dbg: plugin: >>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) implements >>> 'finish_parsing_end' >>> [11642] dbg: replacetags: replacing tags >>> [11642] dbg: replacetags: done replacing tags >>> [11642] dbg: bayes: using username: root >>> [11642] dbg: bayes: database connection established >>> [11642] dbg: bayes: found bayes db version 3 >>> [11642] dbg: bayes: Using userid: 1 >>> [11642] dbg: config: score set 3 chosen. >>> [11642] dbg: message: ---- MIME PARSER START ---- >>> [11642] dbg: message: main message type: text/plain >>> [11642] dbg: message: parsing normal part >>> [11642] dbg: message: added part, type: text/plain >>> [11642] dbg: message: ---- MIME PARSER END ---- >>> [11642] dbg: dns: name server: 192.168.0.10, family: 2, ipv6: 0 >>> [11642] dbg: dns: testing resolver nameservers: 192.168.0.10, >>> 192.168.0.12, 192.168.0.2 >>> [11642] dbg: dns: trying (3) linux.org... >>> [11642] dbg: dns: looking up NS for 'linux.org' >>> [11642] dbg: dns: NS lookup of linux.org using 192.168.0.10 >>> failed, no >>> results found >>> [11642] dbg: dns: trying (2) akamai.com... >>> [11642] dbg: dns: looking up NS for 'akamai.com' >>> [11642] dbg: dns: NS lookup of akamai.com using 192.168.0.10 failed, >>> no results found >>> [11642] dbg: dns: trying (1) intel.com... >>> [11642] dbg: dns: looking up NS for 'intel.com' >>> [11642] dbg: dns: NS lookup of intel.com using 192.168.0.10 >>> succeeded >>> => DNS available (set dns_available to override) >>> [11642] dbg: dns: is DNS available? 1 >>> [11642] dbg: metadata: X-Spam-Relays-Trusted: >>> [11642] dbg: metadata: X-Spam-Relays-Untrusted: >>> [11642] dbg: plugin: >>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) implements >>> 'extract_metadata' >>> [11642] dbg: metadata: X-Relay-Countries: >>> [11642] dbg: message: no encoding detected >>> [11642] dbg: plugin: >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>> 'parsed_metadata' >>> [11642] dbg: uridnsbl: domains to query: >>> [11642] dbg: check: running tests for priority: 0 >>> [11642] dbg: rules: running header regexp tests; score so far=0 >>> [11642] dbg: rules: running body-text per-line regexp tests; >>> score so far=0 >>> [11642] dbg: rules: ran body rule __SARE_HTML_HAS_MSG ======> >>> got hit: "I" >>> [11642] dbg: uri: running uri tests; score so far=0 >>> [11642] dbg: rules: running raw-body-text per-line regexp >>> tests; score so far=0 >>> [11642] dbg: rules: running full-text regexp tests; score so far=0 >>> [11642] dbg: plugin: >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>> 'check_tick' >>> [11642] dbg: check: running tests for priority: 500 >>> [11642] dbg: plugin: >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>> 'check_post_dnsbl' >>> [11642] dbg: rules: running meta tests; score so far=0 >>> [11642] dbg: rules: running header regexp tests; score so far=0 >>> [11642] dbg: rules: running body-text per-line regexp tests; >>> score so far=0 >>> [11642] dbg: uri: running uri tests; score so far=0 >>> [11642] dbg: rules: running raw-body-text per-line regexp >>> tests; score so far=0 >>> [11642] dbg: rules: running full-text regexp tests; score so far=0 >>> [11642] dbg: check: is spam? score=0 required=5 >>> [11642] dbg: check: tests= >>> [11642] dbg: check: subtests=__SARE_HTML_HAS_MSG >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed May 3 15:49:24 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 3 15:49:37 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <223f97700605030449w3cdf63bdo5dbe92fe623428a9@mail.gmail.com> References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> <223f97700605030449w3cdf63bdo5dbe92fe623428a9@mail.gmail.com> Message-ID: <555DC717-E0D0-4F37-90B9-E3D695FFCEB5@ecs.soton.ac.uk> On 3 May 2006, at 12:49, Glenn Steen wrote: > Also, you seem to have multiple LoadPlugin lines for the same > plugin(s). That doesn't matter for the scoring (AFAICS), but isn't > really necessary... That's my fault. My easy-to-install ClamAV+SA package adds these lines even if they were there already. I'll put some checks in a future release to stop this happening. It is totally harmless though. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From dpowell at lssi.net Wed May 3 15:52:34 2006 From: dpowell at lssi.net (Darrin Powell) Date: Wed May 3 15:53:49 2006 Subject: Allow Password-Protected Archives In-Reply-To: <00f401c66ebf$69708af0$3004010a@martinhlaptop> References: <00f401c66ebf$69708af0$3004010a@martinhlaptop> Message-ID: <1146667954.2775.61.camel@powell> That worked, Thanks ! On Wed, 2006-05-03 at 15:39 +0100, Martin Hepworth wrote: > encrypted", "The main body of virus data is out of date" -- Darrin Powell, CISSP LSSi Corp. Security Administrator Office (919) 466-6803 From MailScanner at ecs.soton.ac.uk Wed May 3 15:55:02 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 3 15:55:23 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <2baac6140605030747x17ed1a0ew97f7d79901a24987@mail.gmail.com> References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> <4458945E.1000709@osubucks.org> <2baac6140605030458j79427c97r1efa71400bbabe10@mail.gmail.com> <223f97700605030559t5666b27do76eb176f8381bef9@mail.gmail.com> <2baac6140605030646n644b6fc3m217e2f0810b6de99@mail.gmail.com> <223f97700605030716u217c0b2fu268ee5eadc5ab787@mail.gmail.com> <2baac6140605030747x17ed1a0ew97f7d79901a24987@mail.gmail.com> Message-ID: <33AD789C-F118-4406-8036-2D9178B4C161@ecs.soton.ac.uk> On 3 May 2006, at 15:47, Devon Harding wrote: >> Either fall back to the "default" rules by deleting the dir, or make >> darned sure the first run succeeds. You might need delete the >> /etc/mail/spamassassin/sa-update-keys directory and the >> /var/lib/spamassassin/3.001001 for that to actually work (after >> opening port 8090). > > Ok, deleted both folders and re ran sa-update: > > [root@mars ~]# sa-update > sa-update: importing default keyring to > '/etc/mail/spamassassin//sa-update-keys'... > error: can't verify SHA1 signature > channel: SHA1 verification failed, channel failed > > Checked again, and the folders got recreated. Any other options? Start by doing sa-update --debug and telling us the output of that. And do perl -MDigest::SHA1 -e 'print $Digest::SHA1::VERSION' and tell us the output of that too. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From devonharding at gmail.com Wed May 3 16:02:10 2006 From: devonharding at gmail.com (Devon Harding) Date: Wed May 3 16:02:24 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: References: <018c01c66ea7$0eff6450$0600a8c0@roger> Message-ID: <2baac6140605030802s3ef05abbg9eb396f5c8dbb71b@mail.gmail.com> Re-ran sa-update a second time and didn't get the SH1 error. And now it actually copied the rules to the /var/lib/spamassassin/3.001001/updates_spamassassin_org directory. So it looks as if it may be working. Lets wait for incoming spam to be sure. From devonharding at gmail.com Wed May 3 16:04:37 2006 From: devonharding at gmail.com (Devon Harding) Date: Wed May 3 16:04:41 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <33AD789C-F118-4406-8036-2D9178B4C161@ecs.soton.ac.uk> References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> <4458945E.1000709@osubucks.org> <2baac6140605030458j79427c97r1efa71400bbabe10@mail.gmail.com> <223f97700605030559t5666b27do76eb176f8381bef9@mail.gmail.com> <2baac6140605030646n644b6fc3m217e2f0810b6de99@mail.gmail.com> <223f97700605030716u217c0b2fu268ee5eadc5ab787@mail.gmail.com> <2baac6140605030747x17ed1a0ew97f7d79901a24987@mail.gmail.com> <33AD789C-F118-4406-8036-2D9178B4C161@ecs.soton.ac.uk> Message-ID: <2baac6140605030804w26444b7ax2f6c725e1a15d4d7@mail.gmail.com> > Start by doing > sa-update --debug > and telling us the output of that. > And do > perl -MDigest::SHA1 -e 'print $Digest::SHA1::VERSION' > and tell us the output of that too. Here is the debug output: [root@mars ~]# sa-update --debug [16800] dbg: logger: adding facilities: all [16800] dbg: logger: logging level is DBG [16800] dbg: generic: SpamAssassin version 3.1.1 [16800] dbg: config: score set 0 chosen. [16800] dbg: dns: is Net::DNS::Resolver available? yes [16800] dbg: dns: Net::DNS version: 0.57 [16800] dbg: generic: sa-update version svn384884 [16800] dbg: generic: using update directory: /var/lib/spamassassin/3.001001 [16800] dbg: diag: perl platform: 5.008008 linux [16800] dbg: diag: module installed: Digest::SHA1, version 2.11 [16800] dbg: diag: module installed: IO::Socket::SSL, version 0.97 [16800] dbg: diag: module installed: Time::HiRes, version 1.86 [16800] dbg: diag: module installed: DBI, version 1.50 [16800] dbg: diag: module installed: Getopt::Long, version 2.35 [16800] dbg: diag: module installed: LWP::UserAgent, version 2.033 [16800] dbg: diag: module installed: HTTP::Date, version 1.47 [16800] dbg: diag: module installed: Archive::Tar, version 1.29 [16800] dbg: diag: module installed: IO::Zlib, version 1.04 [16800] dbg: diag: module installed: HTML::Parser, version 3.51 [16800] dbg: diag: module installed: MIME::Base64, version 3.07 [16800] dbg: diag: module installed: DB_File, version 1.814 [16800] dbg: diag: module installed: Net::DNS, version 0.57 [16800] dbg: diag: module installed: Net::SMTP, version 2.29 [16800] dbg: diag: module installed: Mail::SPF::Query, version 1.999001 [16800] dbg: diag: module installed: IP::Country::Fast, version 604.001 [16800] dbg: diag: module installed: Razor2::Client::Agent, version 2.81 [16800] dbg: diag: module installed: Net::Ident, version 1.20 [16800] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed) [16800] dbg: gpg: Searching for 'gpg' in /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin [16800] dbg: gpg: found /usr/bin/gpg [16800] dbg: gpg: release trusted key id list: 5E541DC959CB8BAC7C78DFDC4056A61A5244EC45 26C900A46DD40CD5AD24F6D7DEE01987265FA05B 0C2B1D7175B852C64B3CDC716C55397824F434CE 24F434CE 265FA05B 5244EC45 [16800] dbg: channel: attempting channel updates.spamassassin.org [16800] dbg: channel: update directory /var/lib/spamassassin/3.001001/updates_spamassassin_org [16800] dbg: channel: update tmp directory /var/lib/spamassassin/3.001001/updates_spamassassin_org.tmp [16800] dbg: channel: channel cf file /var/lib/spamassassin/3.001001/updates_spamassassin_org.cf [16800] dbg: channel: channel tmp cf file /tmp/.spamassassin16800Ng0jGbtmp [16800] dbg: channel: metadata version = 398009 [16800] dbg: dns: 1.1.3.updates.spamassassin.org => 398009, parsed as 398009 [16800] dbg: channel: current version is 398009, new version is 398009, skipping channel [16800] dbg: diag: updates complete, exiting with code 1 And [root@mars ~]# perl -MDigest::SHA1 -e 'print $Digest::SHA1::VERSION' 2.10 [root@mars ~]# From adrik at salesmanager.nl Wed May 3 16:04:54 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Wed May 3 16:04:57 2006 Subject: Spamassassin not working after 4.53 Message-ID: Julian, One option might be to either have it commented out or leave the option blank, so that it doesn't get used and people have to enable it themselves when they start using sa-update and have verified they have received the first update ok. Another option could be to have MailScanner check on startup, if the directory exists, is readable and actually contains some rules before enabling the option. Normal behaviour of sa-update is to download the new rules, run an internal spamassassin --lint on them and if they pass, copy them to the local_state_dir. It looks like there is a small bug in SA, where it used the local_state_dir, even when it is empty. This would normally only happen, if there never was a successful sa-update. As soon as sa-update has run successfully, it will never delete the contents of the directory on a next unsuccessfull update. Adri. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: woensdag 3 mei 2006 16:48 > To: MailScanner discussion > Subject: Re: Spamassassin not working after 4.53 > > Should I urgently put out a new version with the SpamAssassin > Local State Dir setting commented out in MailScanner.conf? > > > On 3 May 2006, at 12:45, Roger Jochem wrote: > > > I'm with the same problem here... > > > > What's the problem with sa-update? I normally used my rules > in /etc/ > > mail/spamassassin, and since this version 4.53.6-1, with this new > > setting "SpamAssassin Local State Dir" I'm having problems... > > > > My sa-update command runned with debug didn't found any working > > mirror... Any help? > > > > Regards > > > > Roger Jochem > > > > ----- Original Message ----- From: "Adri Koppes" > > > > To: "MailScanner discussion" > > Sent: Wednesday, May 03, 2006 8:28 AM > > Subject: RE: Spamassassin not working after 4.53 > > > > > >> I see you are using /var/lib/spamassassin/3.001001 as your sys and > >> def rules dir. > >> Probably these where created by running sa-update. > >> Yet, there are NO rules from this location read! > >> So all the default built-in rules don't exist as far as Sa is > >> concerned. > >> Are there any rules in /var/lib/spamassassin/3.001001 or > underlying > >> directories? > >> Have you tried running sa-update again? Perhaps it's a failed sa- > >> update, which deleted everything? > >> > >> Adri. > >> > >> > >>> -----Original Message----- > >>> From: mailscanner-bounces@lists.mailscanner.info > >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > >>> Devon Harding > >>> Sent: woensdag 3 mei 2006 13:17 > >>> To: MailScanner discussion > >>> Subject: Spamassassin not working after 4.53 > >>> > >>> After I upgraded to 4.53, I noticed that Mailscanner was letting > >>> through ALOT more spam. I also noticed that spamassassin was > >>> scoring messages very low. Can anyone tell me whats going on? > >>> Here's a copy of my spamassassin --lint: > >>> > >>> [root@mars MailScanner]# spamassassin -x -D -p > >>> /etc/MailScanner/spam.assassin.prefs.conf --lint [11642] dbg: > >>> logger: adding facilities: all [11642] dbg: logger: > logging level is > >>> DBG [11642] dbg: generic: SpamAssassin version 3.1.1 [11642] dbg: > >>> config: score set 0 chosen. > >>> [11642] dbg: util: running in taint mode? yes [11642] dbg: util: > >>> taint mode: deleting unsafe environment variables, resetting PATH > >>> [11642] dbg: util: PATH included '/usr/kerberos/sbin', keeping > >>> [11642] dbg: util: PATH included '/usr/kerberos/bin', keeping > >>> [11642] dbg: util: PATH included '/usr/local/sbin', > keeping [11642] > >>> dbg: util: PATH included '/usr/local/bin', keeping [11642] dbg: > >>> util: PATH included '/sbin', keeping [11642] dbg: util: PATH > >>> included '/bin', keeping [11642] dbg: util: PATH included > >>> '/usr/sbin', keeping [11642] dbg: util: PATH included '/usr/bin', > >>> keeping [11642] dbg: util: PATH included '/root/bin', keeping > >>> [11642] dbg: util: final PATH set to: > >>> /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/loca > >>> l/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin > >>> [11642] dbg: dns: is Net::DNS::Resolver available? yes > [11642] dbg: > >>> dns: Net::DNS version: 0.57 [11642] dbg: diag: perl platform: > >>> 5.008008 linux [11642] dbg: diag: module installed: Digest::SHA1, > >>> version 2.11 [11642] dbg: diag: module installed: HTML::Parser, > >>> version 3.51 [11642] dbg: diag: module installed: MIME::Base64, > >>> version 3.07 [11642] dbg: diag: module installed: > DB_File, version > >>> 1.814 [11642] dbg: diag: module installed: Net::DNS, version 0.57 > >>> [11642] dbg: diag: module installed: Net::SMTP, version > 2.29 [11642] > >>> dbg: diag: module installed: Mail::SPF::Query, version 1.999001 > >>> [11642] dbg: diag: module installed: IP::Country::Fast, version > >>> 604.001 [11642] dbg: diag: module installed: > Razor2::Client::Agent, > >>> version 2.81 [11642] dbg: diag: module installed: Net::Ident, > >>> version 1.20 [11642] dbg: diag: module not installed: > >>> IO::Socket::INET6 ('require' failed) [11642] dbg: diag: module > >>> installed: IO::Socket::SSL, version 0.97 [11642] dbg: > diag: module > >>> installed: Time::HiRes, version 1.86 [11642] dbg: diag: module > >>> installed: DBI, version 1.50 [11642] dbg: diag: module installed: > >>> Getopt::Long, version 2.35 [11642] dbg: diag: module installed: > >>> LWP::UserAgent, version 2.033 [11642] dbg: diag: module > installed: > >>> HTTP::Date, version 1.47 [11642] dbg: diag: module installed: > >>> Archive::Tar, version 1.29 [11642] dbg: diag: module installed: > >>> IO::Zlib, version 1.04 [11642] dbg: ignore: using a test > message to > >>> lint rules [11642] dbg: config: using > "/etc/mail/spamassassin" for > >>> site rules pre files [11642] dbg: config: read file > >>> /etc/mail/spamassassin/init.pre [11642] dbg: config: read file > >>> /etc/mail/spamassassin/v310.pre [11642] dbg: config: using > >>> "/var/lib/spamassassin/3.001001" for sys rules pre files [11642] > >>> dbg: config: using "/var/lib/spamassassin/3.001001" for default > >>> rules dir [11642] dbg: config: using "/etc/mail/spamassassin" for > >>> site rules dir [11642] dbg: config: read file > >>> /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf > >>> [11642] dbg: config: read file > >>> /etc/mail/spamassassin/70_sare_evilnum0.cf > >>> [11642] dbg: config: read file > >>> /etc/mail/spamassassin/70_sare_evilnum1.cf > >>> [11642] dbg: config: read file > >>> /etc/mail/spamassassin/70_sare_evilnum2.cf > >>> [11642] dbg: config: read file /etc/mail/spamassassin/ > >>> 70_sare_html.cf [11642] dbg: config: read file > >>> /etc/mail/spamassassin/ 70_sare_html4.cf [11642] dbg: > config: read > >>> file /etc/mail/spamassassin/70_sare_html_eng.cf > >>> [11642] dbg: config: read file /etc/mail/spamassassin/ > >>> 70_sare_obfu.cf [11642] dbg: config: read file > >>> /etc/mail/spamassassin/70_sare_random.cf > >>> [11642] dbg: config: read file > >>> /etc/mail/spamassassin/70_sare_specific.cf > >>> [11642] dbg: config: read file > /etc/mail/spamassassin/70_sare_uri.cf > >>> [11642] dbg: config: read file > >>> /etc/mail/spamassassin/70_sare_whitelist.cf > >>> [11642] dbg: config: read file > >>> /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf > >>> [11642] dbg: config: read file /etc/mail/spamassassin/ > >>> 88_FVGT_body.cf [11642] dbg: config: read file > >>> /etc/mail/spamassassin/88_FVGT_headers.cf > >>> [11642] dbg: config: read file > >>> /etc/mail/spamassassin/88_FVGT_rawbody.cf > >>> [11642] dbg: config: read file > >>> /etc/mail/spamassassin/88_FVGT_subject.cf > >>> [11642] dbg: config: read file > /etc/mail/spamassassin/88_FVGT_uri.cf > >>> [11642] dbg: config: read file > >>> /etc/mail/spamassassin/99_FVGT_Tripwire.cf > >>> [11642] dbg: config: read file /etc/mail/spamassassin/antidrug.cf > >>> [11642] dbg: config: read file /etc/mail/spamassassin/backhair.cf > >>> [11642] dbg: config: read file > /etc/mail/spamassassin/chickenpox.cf > >>> [11642] dbg: config: read file /etc/mail/spamassassin/german.cf > >>> [11642] dbg: config: read file /etc/mail/spamassassin/local.cf > >>> [11642] dbg: config: read file > /etc/mail/spamassassin/mailscanner.cf > >>> [11642] dbg: config: read file /etc/mail/spamassassin/mangled.cf > >>> [11642] dbg: config: read file > >>> /etc/mail/spamassassin/random.current.cf > >>> [11642] dbg: config: read file > >>> /etc/mail/spamassassin/sa-blacklist.current.uri.cf > >>> [11642] dbg: config: read file /etc/mail/spamassassin/tripwire.cf > >>> [11642] dbg: config: read file /etc/mail/spamassassin/weeds.cf > >>> [11642] dbg: config: using "/etc/MailScanner/ > >>> spam.assassin.prefs.conf" > >>> for user prefs file > >>> [11642] dbg: config: read file > >>> /etc/MailScanner/spam.assassin.prefs.conf > >>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from > >>> @INC [11642] dbg: dcc: network tests on, registering DCC [11642] > >>> dbg: plugin: registered > >>> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a6b8e0) > >>> [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::Pyzor from @INC [11642] dbg: pyzor: > >>> network tests on, attempting Pyzor [11642] dbg: plugin: registered > >>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a5db2c) > >>> [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: > >>> razor2 is available, version 2.81 [11642] dbg: plugin: registered > >>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9b24050) > >>> [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::SpamCop from @INC [11642] > dbg: reporter: > >>> network tests on, attempting SpamCop [11642] dbg: plugin: > registered > >>> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9b5b2a8) > >>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from > >>> @INC [11642] dbg: plugin: registered > >>> Mail::SpamAssassin::Plugin::AWL=HASH(0x9ae90d4) > >>> [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [11642] > >>> dbg: plugin: registered > >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9aea07c) > >>> [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC > [11642] dbg: > >>> plugin: registered > >>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9aeaaf0) > >>> [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::MIMEHeader from @INC [11642] dbg: > >>> plugin: registered > >>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9aeb7d4) > >>> [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC [11642] dbg: > >>> plugin: registered > >>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) > >>> [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::RelayCountry from @INC [11642] dbg: > >>> plugin: registered > >>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) > >>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from > >>> @INC [11642] dbg: plugin: registered > >>> Mail::SpamAssassin::Plugin::SPF=HASH(0x9b64784) > >>> [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::URIDNSBL from @INC [11642] > dbg: plugin: > >>> registered > >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) > >>> [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: > >>> razor2 is available, version 2.81 [11642] dbg: plugin: did not > >>> register > Mail::SpamAssassin::Plugin::Razor2=HASH(0x9bb3f14), already > >>> registered [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::DCC from @INC [11642] dbg: > dcc: network > >>> tests on, registering DCC [11642] dbg: plugin: did not register > >>> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a85404), already > registered > >>> [11642] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Pyzor from > >>> @INC [11642] dbg: pyzor: network tests on, attempting > Pyzor [11642] > >>> dbg: plugin: did not register > >>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a85428), already > >>> registered [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: > >>> razor2 is available, version 2.81 [11642] dbg: plugin: did not > >>> register > Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a85440), already > >>> registered [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::SpamCop from @INC [11642] > dbg: reporter: > >>> network tests on, attempting SpamCop [11642] dbg: plugin: did not > >>> register Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9a8550c), > >>> already registered [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::AWL from @INC [11642] dbg: > plugin: did > >>> not register Mail::SpamAssassin::Plugin::AWL=HASH(0x9a854d0), > >>> already registered [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [11642] > >>> dbg: plugin: did not register > >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9a855a8), > >>> already registered > >>> [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC > [11642] dbg: > >>> plugin: did not register > >>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9a855a8), > >>> already > >>> registered > >>> [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::MIMEHeader from @INC [11642] dbg: > >>> plugin: did not register > >>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9a8568c), already > >>> registered [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC [11642] dbg: > >>> plugin: did not register > >>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9a85704), already > >>> registered [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::RelayCountry from @INC [11642] dbg: > >>> plugin: did not register > >>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9a8571c), already > >>> registered [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::SPF from @INC [11642] dbg: > plugin: did > >>> not register Mail::SpamAssassin::Plugin::SPF=HASH(0x9a856b0), > >>> already registered [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::URIDNSBL from @INC [11642] > dbg: plugin: > >>> did not register > >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9a85710), already > >>> registered [11642] dbg: plugin: loading > >>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: > >>> razor2 is available, version 2.81 [11642] dbg: plugin: did not > >>> register > Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a8577c), already > >>> registered [11642] dbg: plugin: > >>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) > implements > >>> 'finish_parsing_end' > >>> [11642] dbg: replacetags: replacing tags [11642] dbg: > replacetags: > >>> done replacing tags [11642] dbg: bayes: using username: > root [11642] > >>> dbg: bayes: database connection established [11642] dbg: bayes: > >>> found bayes db version 3 [11642] dbg: bayes: Using > userid: 1 [11642] > >>> dbg: config: score set 3 chosen. > >>> [11642] dbg: message: ---- MIME PARSER START ---- [11642] dbg: > >>> message: main message type: text/plain [11642] dbg: > message: parsing > >>> normal part [11642] dbg: message: added part, type: text/plain > >>> [11642] dbg: message: ---- MIME PARSER END ---- [11642] dbg: dns: > >>> name server: 192.168.0.10, family: 2, ipv6: 0 [11642] dbg: dns: > >>> testing resolver nameservers: 192.168.0.10, 192.168.0.12, > >>> 192.168.0.2 [11642] dbg: dns: trying (3) linux.org... > >>> [11642] dbg: dns: looking up NS for 'linux.org' > >>> [11642] dbg: dns: NS lookup of linux.org using > 192.168.0.10 failed, > >>> no results found [11642] dbg: dns: trying (2) akamai.com... > >>> [11642] dbg: dns: looking up NS for 'akamai.com' > >>> [11642] dbg: dns: NS lookup of akamai.com using > 192.168.0.10 failed, > >>> no results found [11642] dbg: dns: trying (1) intel.com... > >>> [11642] dbg: dns: looking up NS for 'intel.com' > >>> [11642] dbg: dns: NS lookup of intel.com using 192.168.0.10 > >>> succeeded => DNS available (set dns_available to > override) [11642] > >>> dbg: dns: is DNS available? 1 [11642] dbg: metadata: > >>> X-Spam-Relays-Trusted: > >>> [11642] dbg: metadata: X-Spam-Relays-Untrusted: > >>> [11642] dbg: plugin: > >>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) > implements > >>> 'extract_metadata' > >>> [11642] dbg: metadata: X-Relay-Countries: > >>> [11642] dbg: message: no encoding detected [11642] dbg: plugin: > >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements > >>> 'parsed_metadata' > >>> [11642] dbg: uridnsbl: domains to query: > >>> [11642] dbg: check: running tests for priority: 0 [11642] dbg: > >>> rules: running header regexp tests; score so far=0 [11642] dbg: > >>> rules: running body-text per-line regexp tests; score so far=0 > >>> [11642] dbg: rules: ran body rule __SARE_HTML_HAS_MSG ======> got > >>> hit: "I" > >>> [11642] dbg: uri: running uri tests; score so far=0 [11642] dbg: > >>> rules: running raw-body-text per-line regexp tests; score > so far=0 > >>> [11642] dbg: rules: running full-text regexp tests; score > so far=0 > >>> [11642] dbg: plugin: > >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements > >>> 'check_tick' > >>> [11642] dbg: check: running tests for priority: 500 [11642] dbg: > >>> plugin: > >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements > >>> 'check_post_dnsbl' > >>> [11642] dbg: rules: running meta tests; score so far=0 > [11642] dbg: > >>> rules: running header regexp tests; score so far=0 [11642] dbg: > >>> rules: running body-text per-line regexp tests; score so far=0 > >>> [11642] dbg: uri: running uri tests; score so far=0 [11642] dbg: > >>> rules: running raw-body-text per-line regexp tests; score > so far=0 > >>> [11642] dbg: rules: running full-text regexp tests; score > so far=0 > >>> [11642] dbg: check: is spam? score=0 required=5 [11642] > dbg: check: > >>> tests= [11642] dbg: check: subtests=__SARE_HTML_HAS_MSG > >>> -- > >>> MailScanner mailing list > >>> mailscanner@lists.mailscanner.info > >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>> > >>> Before posting, read http://wiki.mailscanner.info/posting > >>> > >>> Support MailScanner development - buy the book off the website! > >>> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store PGP > footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From adrik at salesmanager.nl Wed May 3 16:07:08 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Wed May 3 16:07:12 2006 Subject: Spamassassin not working after 4.53 Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: woensdag 3 mei 2006 16:55 > To: MailScanner discussion > Subject: Re: Spamassassin not working after 4.53 > > > On 3 May 2006, at 15:47, Devon Harding wrote: > > >> Either fall back to the "default" rules by deleting the > dir, or make > >> darned sure the first run succeeds. You might need delete the > >> /etc/mail/spamassassin/sa-update-keys directory and the > >> /var/lib/spamassassin/3.001001 for that to actually work (after > >> opening port 8090). > > > > Ok, deleted both folders and re ran sa-update: > > > > [root@mars ~]# sa-update > > sa-update: importing default keyring to > > '/etc/mail/spamassassin//sa-update-keys'... > > error: can't verify SHA1 signature > > channel: SHA1 verification failed, channel failed > > > > Checked again, and the folders got recreated. Any other options? > > Start by doing > sa-update --debug > and telling us the output of that. > And do > perl -MDigest::SHA1 -e 'print $Digest::SHA1::VERSION' > and tell us the output of that too. Sa-update also produces this error, when it can't contact the server due to firewall problems, connectivity problems or the server being down or overloaded. Sometimes I notice this error and retrying a few minutes afterwards, everything is ok again. Adri. From dpowell at lssi.net Wed May 3 16:06:03 2006 From: dpowell at lssi.net (Darrin Powell) Date: Wed May 3 16:07:16 2006 Subject: SMTP Auth Message-ID: <1146668763.2775.71.camel@powell> I have a remote user using smtp auth to send email remotely. Recently his emails started getting flagged as spam, the IP he was sending from was found an a blacklist. Is there any way to whitelist messages that are sent when using smtp auth? Example: Apr 26 15:31:33 server sendmail[8880]: k3QJVVde008880: from=, size=417, class=0, nrcpts=2, msgid=<444FCA92.8080300@lssi.net>, proto=ESMTP, daemon=TLSMTA, relay=[66.78.236.255] Apr 26 15:31:33 sever sendmail[8880]: k3QJVVde008880: to=, delay=00:00:01, mailer=cyrusv2, pri=60417, stat=queued Apr 26 15:31:33 server sendmail[8880]: k3QJVVde008880: to=, delay=00:00:01, mailer=cyrusv2, pri=60417, stat=queued Apr 26 15:31:33 server MailScanner[31843]: New Batch: Scanning 1 messages, 951 bytes Apr 26 15:31:35 server MailScanner[31843]: Spam Checks: Found 1 spam messages Apr 26 15:31:35 server MailScanner[31843]: Virus and Content Scanning: Starting Apr 26 15:31:35 server sendmail[8876]: STARTTLS=client, relay=cust1683-1.in.mailcontrol.com., version=TLSv1/SSLv3, verify=OK, cipher=DHE-RSA-AES256-SHA, bits=256/256 Apr 26 15:31:36 server MailScanner[31843]: Uninfected: Delivered 1 messages Thanks -- Darrin Powell, CISSP LSSi Corp. Security Administrator Office (919) 466-6803 From jaearick at colby.edu Wed May 3 16:15:36 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed May 3 16:17:22 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <2baac6140605030747x17ed1a0ew97f7d79901a24987@mail.gmail.com> References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> <4458945E.1000709@osubucks.org> <2baac6140605030458j79427c97r1efa71400bbabe10@mail.gmail.com> <223f97700605030559t5666b27do76eb176f8381bef9@mail.gmail.com> <2baac6140605030646n644b6fc3m217e2f0810b6de99@mail.gmail.com> <223f97700605030716u217c0b2fu268ee5eadc5ab787@mail.gmail.com> <2baac6140605030747x17ed1a0ew97f7d79901a24987@mail.gmail.com> Message-ID: On Wed, 3 May 2006, Devon Harding wrote: >> Either fall back to the "default" rules by deleting the dir, or make >> darned sure the first run succeeds. You might need delete the >> /etc/mail/spamassassin/sa-update-keys directory and the >> /var/lib/spamassassin/3.001001 for that to actually work (after >> opening port 8090). Coming into this thread... I also discovered that (a) I'm not running sa-update on a regular basis via cron, (b) I had port 8090 blocked in my firewall (now fixed). Questions here: a) My installed SA cf files are in /opt/perl5/share/spamassassin. So I ran "sa-update -D" and watched what happened. It put new cf files in /var/opt/spamassassin/3.001001/updates_spamassassin_org. Will MailScanner and SA pick up these new cf files, or should I be doing "sa-update --updatedir /opt/perl5/share/spamassassin" instead? b) I did a diff of 10_misc.cf between the directories, and found: 4c4 < # the next update. Use /etc/mail/spamassassin/local.cf instead. --- > # the next update. Use @@LOCAL_RULES_DIR@@/local.cf instead. 45c45 < report_contact postmaster@colby.edu --- > report_contact @@CONTACT_ADDRESS@@ So the updates are mangled. How to fix? c) Once the new cf files are in the right place and unmangled, will SpamAssassin begin using them right away? d) Shouldn't the sa-update action be added to the normal MailScanner cron jobs? Jeff Earickson Colby College From dhawal at netmagicsolutions.com Wed May 3 16:29:13 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed May 3 16:29:22 2006 Subject: razor2 problems.. Message-ID: <4458CC49.80409@netmagicsolutions.com> Hello List, I run this command as a daily cronjob. 01 04 * * * razor-admin -conf=/path/to/razor-agent.conf -discover Since the past few days, i notice that RAZOR stops functioning post the discover command.. is anyone else observing something similar? I simply need to run a 'spamassassin --lint razor2' to get it operational again. MailScanner: v4.50.10 Razor2: v2.81 SA: v3.1.1 Debug mode (both SA and MS) don't report anything wrong specific to razor. Any ideas on how to troubleshoot further? - dhawal From dhawal at netmagicsolutions.com Wed May 3 16:39:40 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed May 3 16:39:49 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: References: <2baac6140605030417j127ad76cgc76f34b90f192d36@mail.gmail.com> <4458945E.1000709@osubucks.org> <2baac6140605030458j79427c97r1efa71400bbabe10@mail.gmail.com> <223f97700605030559t5666b27do76eb176f8381bef9@mail.gmail.com> <2baac6140605030646n644b6fc3m217e2f0810b6de99@mail.gmail.com> <223f97700605030716u217c0b2fu268ee5eadc5ab787@mail.gmail.com> <2baac6140605030747x17ed1a0ew97f7d79901a24987@mail.gmail.com> Message-ID: <4458CEBC.8050208@netmagicsolutions.com> Jeff A. Earickson wrote: > On Wed, 3 May 2006, Devon Harding wrote: > >>> Either fall back to the "default" rules by deleting the dir, or make >>> darned sure the first run succeeds. You might need delete the >>> /etc/mail/spamassassin/sa-update-keys directory and the >>> /var/lib/spamassassin/3.001001 for that to actually work (after >>> opening port 8090). > > Coming into this thread... I also discovered that (a) I'm not running > sa-update on a regular basis via cron, (b) I had port 8090 blocked in my > firewall (now fixed). Questions here: > > a) My installed SA cf files are in /opt/perl5/share/spamassassin. So > I ran "sa-update -D" and watched what happened. It put new cf files in > /var/opt/spamassassin/3.001001/updates_spamassassin_org. Will MailScanner > and SA pick up these new cf files, or should I be doing > "sa-update --updatedir /opt/perl5/share/spamassassin" instead? Nopes, /opt/perl5/share/spamassassin is the default rules dir.. whereas /var/lib/whatever is the local state dir, which will completely override 'default rules dir' > b) I did a diff of 10_misc.cf between the directories, and found: > > 4c4 > < # the next update. Use /etc/mail/spamassassin/local.cf instead. > --- >> # the next update. Use @@LOCAL_RULES_DIR@@/local.cf instead. > 45c45 > < report_contact postmaster@colby.edu > --- >> report_contact @@CONTACT_ADDRESS@@ > > So the updates are mangled. How to fix? Fix this in your /etc/mail/spamassassin/local.cf, in any case 'report_contact' is IMO not used by MailScanner. > c) Once the new cf files are in the right place and unmangled, will > SpamAssassin begin using them right away? No again, a reload/restart to mailscanner will do the trick.. the 4-hour auto-restart will work equally well. > d) Shouldn't the sa-update action be added to the normal MailScanner > cron jobs? It is.. at least in RPM based systems '/etc/cron.daily/sa-update' > Jeff Earickson > Colby College - dhawal From mkettler at evi-inc.com Wed May 3 16:42:42 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed May 3 16:43:07 2006 Subject: razor2 problems.. In-Reply-To: <4458CC49.80409@netmagicsolutions.com> References: <4458CC49.80409@netmagicsolutions.com> Message-ID: <4458CF72.5090906@evi-inc.com> Dhawal Doshy wrote: > Hello List, > > I run this command as a daily cronjob. > 01 04 * * * razor-admin -conf=/path/to/razor-agent.conf -discover Why? Razor should automatically re-discover at regular intervals. From brett at wrl.org Wed May 3 16:52:24 2006 From: brett at wrl.org (Brett Charbeneau) Date: Wed May 3 16:53:13 2006 Subject: Debug for Sendmail with MailScanner - huh? Message-ID: Greetings all, SPECIFICS: Debian Sarge, Sendmail 8.13.4-3, MailScanner 4.51.5-1 with SpamAssassin 3.03. I'm missing something really easy I suspect - I'd be grateful for any pointers or hints! I am trying to configure sendmail to record the more details in the mail log for each message (this is to try and ferret out a spambot I think I have on my network). I've placed this in my /etc/syslog.conf file: *.info;daemon.none;authpriv.none;cron.none /var/log/messages mail.* /var/log/mail.log in an attempt to get ALL mail log into to go into the mail.log file. In Debian, the init script for Sendmail references the /etc/mail/sendmail.conf file so a lot of options go in there. There is a DEBUG=1; line in the init script, but setting it to "1" doesn't change the log output in either messages OR mail.log. In the /etc/mail/sendmail.conf I've tried setting some traditional debug options with this line: MISC_PARMS="-d0-99.127"; but again, no change in the log output. This is in addition to the "DAMON_PARMS" line which I have set like this to utilize MailScanner: DAEMON_PARMS="-bd \ -OPrivacyOptions=noetrn -ODeliveryMode=queueonly \ -OQueueDirectory=/var/spool/mqueue.in"; I've even tried adding the "-d" to the "DAMON_PARMS" statement - again to increase in log output in either messages or mail.log. Anyone have a clue what I'm doing wrong? -- ******************************************************************** Brett Charbeneau Network Administrator Williamsburg Regional Library 7770 Croaker Road Williamsburg, VA 23188-7064 (757)259-4044 www.wrl.org (757)259-4079 (fax) brett@wrl.org ******************************************************************** From dhawal at netmagicsolutions.com Wed May 3 16:53:41 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed May 3 16:53:50 2006 Subject: razor2 problems.. In-Reply-To: <4458CF72.5090906@evi-inc.com> References: <4458CC49.80409@netmagicsolutions.com> <4458CF72.5090906@evi-inc.com> Message-ID: <4458D205.6040205@netmagicsolutions.com> Matt Kettler wrote: > Dhawal Doshy wrote: >> Hello List, >> >> I run this command as a daily cronjob. >> 01 04 * * * razor-admin -conf=/path/to/razor-agent.conf -discover > > Why? Razor should automatically re-discover at regular intervals. > I didn't know that, i will remove the cron entry. But i suspect it'll occur again post razor's auto-discovery. The only way to find out is to let is happen again, this time with close monitoring.. Also, is the auto-discovery also true for pyzor? since i run this as well on a daily basis. /usr/bin/pyzor --homedir /etc/mail/spamassassin/pyzor discover thanks, - dhawal From MailScanner at ecs.soton.ac.uk Wed May 3 16:56:56 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 3 16:57:10 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: References: Message-ID: <972EAD70-2D44-4EB3-B294-5A49052FF46D@ecs.soton.ac.uk> I have just published 4.53.7 which has this option commented out by default. You can uncomment it yourself once you have found out all about sa- update. This way seems a lot safer to me. Shame it never turned up as an issue during beta testing. On 3 May 2006, at 16:04, Adri Koppes wrote: > Julian, > > One option might be to either have it commented out or leave the > option > blank, so that it doesn't get used and people have to enable it > themselves when they start using sa-update and have verified they have > received the first update ok. > Another option could be to have MailScanner check on startup, if the > directory exists, is readable and actually contains some rules before > enabling the option. > > Normal behaviour of sa-update is to download the new rules, run an > internal spamassassin --lint on them and if they pass, copy them to > the > local_state_dir. > It looks like there is a small bug in SA, where it used the > local_state_dir, even when it is empty. > This would normally only happen, if there never was a successful > sa-update. As soon as sa-update has run successfully, it will never > delete the contents of the directory on a next unsuccessfull update. > > Adri. > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Julian Field >> Sent: woensdag 3 mei 2006 16:48 >> To: MailScanner discussion >> Subject: Re: Spamassassin not working after 4.53 >> >> Should I urgently put out a new version with the SpamAssassin >> Local State Dir setting commented out in MailScanner.conf? >> >> >> On 3 May 2006, at 12:45, Roger Jochem wrote: >> >>> I'm with the same problem here... >>> >>> What's the problem with sa-update? I normally used my rules >> in /etc/ >>> mail/spamassassin, and since this version 4.53.6-1, with this new >>> setting "SpamAssassin Local State Dir" I'm having problems... >>> >>> My sa-update command runned with debug didn't found any working >>> mirror... Any help? >>> >>> Regards >>> >>> Roger Jochem >>> >>> ----- Original Message ----- From: "Adri Koppes" >>> >>> To: "MailScanner discussion" >>> Sent: Wednesday, May 03, 2006 8:28 AM >>> Subject: RE: Spamassassin not working after 4.53 >>> >>> >>>> I see you are using /var/lib/spamassassin/3.001001 as your sys and >>>> def rules dir. >>>> Probably these where created by running sa-update. >>>> Yet, there are NO rules from this location read! >>>> So all the default built-in rules don't exist as far as Sa is >>>> concerned. >>>> Are there any rules in /var/lib/spamassassin/3.001001 or >> underlying >>>> directories? >>>> Have you tried running sa-update again? Perhaps it's a failed sa- >>>> update, which deleted everything? >>>> >>>> Adri. >>>> >>>> >>>>> -----Original Message----- >>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>>>> Devon Harding >>>>> Sent: woensdag 3 mei 2006 13:17 >>>>> To: MailScanner discussion >>>>> Subject: Spamassassin not working after 4.53 >>>>> >>>>> After I upgraded to 4.53, I noticed that Mailscanner was letting >>>>> through ALOT more spam. I also noticed that spamassassin was >>>>> scoring messages very low. Can anyone tell me whats going on? >>>>> Here's a copy of my spamassassin --lint: >>>>> >>>>> [root@mars MailScanner]# spamassassin -x -D -p >>>>> /etc/MailScanner/spam.assassin.prefs.conf --lint [11642] dbg: >>>>> logger: adding facilities: all [11642] dbg: logger: >> logging level is >>>>> DBG [11642] dbg: generic: SpamAssassin version 3.1.1 [11642] dbg: >>>>> config: score set 0 chosen. >>>>> [11642] dbg: util: running in taint mode? yes [11642] dbg: util: >>>>> taint mode: deleting unsafe environment variables, resetting PATH >>>>> [11642] dbg: util: PATH included '/usr/kerberos/sbin', keeping >>>>> [11642] dbg: util: PATH included '/usr/kerberos/bin', keeping >>>>> [11642] dbg: util: PATH included '/usr/local/sbin', >> keeping [11642] >>>>> dbg: util: PATH included '/usr/local/bin', keeping [11642] dbg: >>>>> util: PATH included '/sbin', keeping [11642] dbg: util: PATH >>>>> included '/bin', keeping [11642] dbg: util: PATH included >>>>> '/usr/sbin', keeping [11642] dbg: util: PATH included '/usr/bin', >>>>> keeping [11642] dbg: util: PATH included '/root/bin', keeping >>>>> [11642] dbg: util: final PATH set to: >>>>> /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/loca >>>>> l/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin >>>>> [11642] dbg: dns: is Net::DNS::Resolver available? yes >> [11642] dbg: >>>>> dns: Net::DNS version: 0.57 [11642] dbg: diag: perl platform: >>>>> 5.008008 linux [11642] dbg: diag: module installed: Digest::SHA1, >>>>> version 2.11 [11642] dbg: diag: module installed: HTML::Parser, >>>>> version 3.51 [11642] dbg: diag: module installed: MIME::Base64, >>>>> version 3.07 [11642] dbg: diag: module installed: >> DB_File, version >>>>> 1.814 [11642] dbg: diag: module installed: Net::DNS, version 0.57 >>>>> [11642] dbg: diag: module installed: Net::SMTP, version >> 2.29 [11642] >>>>> dbg: diag: module installed: Mail::SPF::Query, version 1.999001 >>>>> [11642] dbg: diag: module installed: IP::Country::Fast, version >>>>> 604.001 [11642] dbg: diag: module installed: >> Razor2::Client::Agent, >>>>> version 2.81 [11642] dbg: diag: module installed: Net::Ident, >>>>> version 1.20 [11642] dbg: diag: module not installed: >>>>> IO::Socket::INET6 ('require' failed) [11642] dbg: diag: module >>>>> installed: IO::Socket::SSL, version 0.97 [11642] dbg: >> diag: module >>>>> installed: Time::HiRes, version 1.86 [11642] dbg: diag: module >>>>> installed: DBI, version 1.50 [11642] dbg: diag: module installed: >>>>> Getopt::Long, version 2.35 [11642] dbg: diag: module installed: >>>>> LWP::UserAgent, version 2.033 [11642] dbg: diag: module >> installed: >>>>> HTTP::Date, version 1.47 [11642] dbg: diag: module installed: >>>>> Archive::Tar, version 1.29 [11642] dbg: diag: module installed: >>>>> IO::Zlib, version 1.04 [11642] dbg: ignore: using a test >> message to >>>>> lint rules [11642] dbg: config: using >> "/etc/mail/spamassassin" for >>>>> site rules pre files [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/init.pre [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/v310.pre [11642] dbg: config: using >>>>> "/var/lib/spamassassin/3.001001" for sys rules pre files [11642] >>>>> dbg: config: using "/var/lib/spamassassin/3.001001" for default >>>>> rules dir [11642] dbg: config: using "/etc/mail/spamassassin" for >>>>> site rules dir [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf >>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/70_sare_evilnum0.cf >>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/70_sare_evilnum1.cf >>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/70_sare_evilnum2.cf >>>>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>>>> 70_sare_html.cf [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/ 70_sare_html4.cf [11642] dbg: >> config: read >>>>> file /etc/mail/spamassassin/70_sare_html_eng.cf >>>>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>>>> 70_sare_obfu.cf [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/70_sare_random.cf >>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/70_sare_specific.cf >>>>> [11642] dbg: config: read file >> /etc/mail/spamassassin/70_sare_uri.cf >>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/70_sare_whitelist.cf >>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf >>>>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>>>> 88_FVGT_body.cf [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/88_FVGT_headers.cf >>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/88_FVGT_rawbody.cf >>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/88_FVGT_subject.cf >>>>> [11642] dbg: config: read file >> /etc/mail/spamassassin/88_FVGT_uri.cf >>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/99_FVGT_Tripwire.cf >>>>> [11642] dbg: config: read file /etc/mail/spamassassin/antidrug.cf >>>>> [11642] dbg: config: read file /etc/mail/spamassassin/backhair.cf >>>>> [11642] dbg: config: read file >> /etc/mail/spamassassin/chickenpox.cf >>>>> [11642] dbg: config: read file /etc/mail/spamassassin/german.cf >>>>> [11642] dbg: config: read file /etc/mail/spamassassin/local.cf >>>>> [11642] dbg: config: read file >> /etc/mail/spamassassin/mailscanner.cf >>>>> [11642] dbg: config: read file /etc/mail/spamassassin/mangled.cf >>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/random.current.cf >>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/sa-blacklist.current.uri.cf >>>>> [11642] dbg: config: read file /etc/mail/spamassassin/tripwire.cf >>>>> [11642] dbg: config: read file /etc/mail/spamassassin/weeds.cf >>>>> [11642] dbg: config: using "/etc/MailScanner/ >>>>> spam.assassin.prefs.conf" >>>>> for user prefs file >>>>> [11642] dbg: config: read file >>>>> /etc/MailScanner/spam.assassin.prefs.conf >>>>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from >>>>> @INC [11642] dbg: dcc: network tests on, registering DCC [11642] >>>>> dbg: plugin: registered >>>>> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a6b8e0) >>>>> [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::Pyzor from @INC [11642] dbg: pyzor: >>>>> network tests on, attempting Pyzor [11642] dbg: plugin: registered >>>>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a5db2c) >>>>> [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>> razor2 is available, version 2.81 [11642] dbg: plugin: registered >>>>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9b24050) >>>>> [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::SpamCop from @INC [11642] >> dbg: reporter: >>>>> network tests on, attempting SpamCop [11642] dbg: plugin: >> registered >>>>> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9b5b2a8) >>>>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from >>>>> @INC [11642] dbg: plugin: registered >>>>> Mail::SpamAssassin::Plugin::AWL=HASH(0x9ae90d4) >>>>> [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [11642] >>>>> dbg: plugin: registered >>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9aea07c) >>>>> [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >> [11642] dbg: >>>>> plugin: registered >>>>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9aeaaf0) >>>>> [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::MIMEHeader from @INC [11642] dbg: >>>>> plugin: registered >>>>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9aeb7d4) >>>>> [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC [11642] dbg: >>>>> plugin: registered >>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) >>>>> [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::RelayCountry from @INC [11642] dbg: >>>>> plugin: registered >>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) >>>>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from >>>>> @INC [11642] dbg: plugin: registered >>>>> Mail::SpamAssassin::Plugin::SPF=HASH(0x9b64784) >>>>> [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::URIDNSBL from @INC [11642] >> dbg: plugin: >>>>> registered >>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) >>>>> [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>> razor2 is available, version 2.81 [11642] dbg: plugin: did not >>>>> register >> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9bb3f14), already >>>>> registered [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::DCC from @INC [11642] dbg: >> dcc: network >>>>> tests on, registering DCC [11642] dbg: plugin: did not register >>>>> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a85404), already >> registered >>>>> [11642] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::Pyzor from >>>>> @INC [11642] dbg: pyzor: network tests on, attempting >> Pyzor [11642] >>>>> dbg: plugin: did not register >>>>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a85428), already >>>>> registered [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>> razor2 is available, version 2.81 [11642] dbg: plugin: did not >>>>> register >> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a85440), already >>>>> registered [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::SpamCop from @INC [11642] >> dbg: reporter: >>>>> network tests on, attempting SpamCop [11642] dbg: plugin: did not >>>>> register Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9a8550c), >>>>> already registered [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::AWL from @INC [11642] dbg: >> plugin: did >>>>> not register Mail::SpamAssassin::Plugin::AWL=HASH(0x9a854d0), >>>>> already registered [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [11642] >>>>> dbg: plugin: did not register >>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9a855a8), >>>>> already registered >>>>> [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >> [11642] dbg: >>>>> plugin: did not register >>>>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9a855a8), >>>>> already >>>>> registered >>>>> [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::MIMEHeader from @INC [11642] dbg: >>>>> plugin: did not register >>>>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9a8568c), already >>>>> registered [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC [11642] dbg: >>>>> plugin: did not register >>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9a85704), already >>>>> registered [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::RelayCountry from @INC [11642] dbg: >>>>> plugin: did not register >>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9a8571c), already >>>>> registered [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::SPF from @INC [11642] dbg: >> plugin: did >>>>> not register Mail::SpamAssassin::Plugin::SPF=HASH(0x9a856b0), >>>>> already registered [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::URIDNSBL from @INC [11642] >> dbg: plugin: >>>>> did not register >>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9a85710), already >>>>> registered [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>> razor2 is available, version 2.81 [11642] dbg: plugin: did not >>>>> register >> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a8577c), already >>>>> registered [11642] dbg: plugin: >>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) >> implements >>>>> 'finish_parsing_end' >>>>> [11642] dbg: replacetags: replacing tags [11642] dbg: >> replacetags: >>>>> done replacing tags [11642] dbg: bayes: using username: >> root [11642] >>>>> dbg: bayes: database connection established [11642] dbg: bayes: >>>>> found bayes db version 3 [11642] dbg: bayes: Using >> userid: 1 [11642] >>>>> dbg: config: score set 3 chosen. >>>>> [11642] dbg: message: ---- MIME PARSER START ---- [11642] dbg: >>>>> message: main message type: text/plain [11642] dbg: >> message: parsing >>>>> normal part [11642] dbg: message: added part, type: text/plain >>>>> [11642] dbg: message: ---- MIME PARSER END ---- [11642] dbg: dns: >>>>> name server: 192.168.0.10, family: 2, ipv6: 0 [11642] dbg: dns: >>>>> testing resolver nameservers: 192.168.0.10, 192.168.0.12, >>>>> 192.168.0.2 [11642] dbg: dns: trying (3) linux.org... >>>>> [11642] dbg: dns: looking up NS for 'linux.org' >>>>> [11642] dbg: dns: NS lookup of linux.org using >> 192.168.0.10 failed, >>>>> no results found [11642] dbg: dns: trying (2) akamai.com... >>>>> [11642] dbg: dns: looking up NS for 'akamai.com' >>>>> [11642] dbg: dns: NS lookup of akamai.com using >> 192.168.0.10 failed, >>>>> no results found [11642] dbg: dns: trying (1) intel.com... >>>>> [11642] dbg: dns: looking up NS for 'intel.com' >>>>> [11642] dbg: dns: NS lookup of intel.com using 192.168.0.10 >>>>> succeeded => DNS available (set dns_available to >> override) [11642] >>>>> dbg: dns: is DNS available? 1 [11642] dbg: metadata: >>>>> X-Spam-Relays-Trusted: >>>>> [11642] dbg: metadata: X-Spam-Relays-Untrusted: >>>>> [11642] dbg: plugin: >>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) >> implements >>>>> 'extract_metadata' >>>>> [11642] dbg: metadata: X-Relay-Countries: >>>>> [11642] dbg: message: no encoding detected [11642] dbg: plugin: >>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>>>> 'parsed_metadata' >>>>> [11642] dbg: uridnsbl: domains to query: >>>>> [11642] dbg: check: running tests for priority: 0 [11642] dbg: >>>>> rules: running header regexp tests; score so far=0 [11642] dbg: >>>>> rules: running body-text per-line regexp tests; score so far=0 >>>>> [11642] dbg: rules: ran body rule __SARE_HTML_HAS_MSG ======> got >>>>> hit: "I" >>>>> [11642] dbg: uri: running uri tests; score so far=0 [11642] dbg: >>>>> rules: running raw-body-text per-line regexp tests; score >> so far=0 >>>>> [11642] dbg: rules: running full-text regexp tests; score >> so far=0 >>>>> [11642] dbg: plugin: >>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>>>> 'check_tick' >>>>> [11642] dbg: check: running tests for priority: 500 [11642] dbg: >>>>> plugin: >>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>>>> 'check_post_dnsbl' >>>>> [11642] dbg: rules: running meta tests; score so far=0 >> [11642] dbg: >>>>> rules: running header regexp tests; score so far=0 [11642] dbg: >>>>> rules: running body-text per-line regexp tests; score so far=0 >>>>> [11642] dbg: uri: running uri tests; score so far=0 [11642] dbg: >>>>> rules: running raw-body-text per-line regexp tests; score >> so far=0 >>>>> [11642] dbg: rules: running full-text regexp tests; score >> so far=0 >>>>> [11642] dbg: check: is spam? score=0 required=5 [11642] >> dbg: check: >>>>> tests= [11642] dbg: check: subtests=__SARE_HTML_HAS_MSG >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store PGP >> footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From dhawal at netmagicsolutions.com Wed May 3 17:08:36 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed May 3 17:08:44 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <972EAD70-2D44-4EB3-B294-5A49052FF46D@ecs.soton.ac.uk> References: <972EAD70-2D44-4EB3-B294-5A49052FF46D@ecs.soton.ac.uk> Message-ID: <4458D584.3050503@netmagicsolutions.com> Julian Field wrote: > I have just published 4.53.7 which has this option commented out by > default. > You can uncomment it yourself once you have found out all about sa-update. > > This way seems a lot safer to me. Shame it never turned up as an issue > during beta testing. Erm.. one more thing. I have some outgoing mail servers running mailscanner without spamassassin (and hence no sa-update). Since /etc/cron.daily/sa-update is created automatically, can you add a '$disabled = 1/0;' option similar to the one in clean.quarantine? - dhawal From shrek-m at gmx.de Wed May 3 17:16:47 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Wed May 3 17:16:50 2006 Subject: Debug for Sendmail with MailScanner - huh? In-Reply-To: References: Message-ID: <4458D76F.6040803@gmx.de> On 03.05.2006 17:52, Brett Charbeneau wrote: > SPECIFICS: Debian Sarge, Sendmail 8.13.4-3, MailScanner 4.51.5-1 with > SpamAssassin 3.03. > > > I'm missing something really easy I suspect - I'd be grateful for > any pointers or hints! > I am trying to configure sendmail to record the more details in > the mail log for each message (this is to try and ferret out a spambot > I think I have on my network). > I've placed this in my /etc/syslog.conf file: > > *.info;daemon.none;authpriv.none;cron.none /var/log/messages > mail.* /var/log/mail.log > > in an attempt to get ALL mail log into to go into the mail.log file. > In Debian, the init script for Sendmail references the > /etc/mail/sendmail.conf file so a lot of options go in there. There is a > > DEBUG=1; > > line in the init script, but setting it to "1" doesn't change the > log output in either messages OR mail.log. i do not know debians sendmail.mc do you mean `confLOG_LEVEL' ? eg. /etc/mail/sendmail.mc -------- dnl # default logging level is 9, you might want to set it higher to dnl # debug the configuration dnl # dnl define(`confLOG_LEVEL', `9')dnl define(`confLOG_LEVEL', `15')dnl -------- -- shrek-m From devonharding at gmail.com Wed May 3 17:17:17 2006 From: devonharding at gmail.com (Devon Harding) Date: Wed May 3 17:17:19 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <972EAD70-2D44-4EB3-B294-5A49052FF46D@ecs.soton.ac.uk> References: <972EAD70-2D44-4EB3-B294-5A49052FF46D@ecs.soton.ac.uk> Message-ID: <2baac6140605030917r6ea3ea26o1f210e5f20deac0d@mail.gmail.com> So, to sum it up. If sa-update has an issue (and creates an empty /var/lib/spamassassin/3.001001/), Mailscanner will look there for SA rules, not find any, and let SPAM through? From maillists at conactive.com Wed May 3 17:31:17 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed May 3 17:31:24 2006 Subject: SMTP Auth In-Reply-To: <1146668763.2775.71.camel@powell> References: <1146668763.2775.71.camel@powell> Message-ID: Darrin Powell wrote on Wed, 03 May 2006 11:06:03 -0400: > Is there any way to whitelist messages that > are sent when using smtp auth? not that I'm aware of. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From dhawal at netmagicsolutions.com Wed May 3 17:38:42 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed May 3 17:38:50 2006 Subject: SMTP Auth In-Reply-To: References: <1146668763.2775.71.camel@powell> Message-ID: <4458DC92.8070306@netmagicsolutions.com> Kai Schaetzl wrote: > Darrin Powell wrote on Wed, 03 May 2006 11:06:03 -0400: > >> Is there any way to whitelist messages that >> are sent when using smtp auth? > > not that I'm aware of. > > Kai > Not whitelist, but a high -ve score. It'll need some work and it won't support postfix < 2.3 http://wiki.apache.org/spamassassin/DynablockIssues - dhawal From alex at nkpanama.com Wed May 3 17:49:42 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed May 3 17:50:15 2006 Subject: SMTP Auth In-Reply-To: References: <1146668763.2775.71.camel@powell> Message-ID: <4458DF26.8040400@nkpanama.com> Kai Schaetzl wrote: > Darrin Powell wrote on Wed, 03 May 2006 11:06:03 -0400: > > >> Is there any way to whitelist messages that >> are sent when using smtp auth? >> > > not that I'm aware of. > > Kai > How about one of the spamassassin gurus here gives us a hand? You *could* set up a spamassassin rule that gives a strong negative value to something in the headers. I can see from a message that just came in that Dhawal is suggesting something similar. My headers look like: Return-Path: Received-SPF: pass (nkserver.nkpanama.com: authenticated connection) receiver=nkserver.nkpanama.com; client-ip=201.226.170.130; helo=[192.168.100.101]; envelope-from=alex@nkpanama.com; x-software=spfmilter 0.97 http://www.acme.com/software/spfmilter/ with libspf2-1.0.0; Received: from [192.168.100.101] (nkcenter [201.226.170.130]) (user=alex mech=PLAIN bits=0) by nkserver.nkpanama.com (8.13.1/8.13.1) with ESMTP id k43GkwD0017301 for ; Wed, 3 May 2006 11:46:59 -0500 So I could set a rule that hits on "authenticated connection", "user=whatever mech=whatever bits=whatever" or something similar. I'm using sendmail, btw. From roger at rudnick.com.br Wed May 3 17:58:32 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Wed May 3 17:59:01 2006 Subject: SMTP Auth References: <1146668763.2775.71.camel@powell> <4458DF26.8040400@nkpanama.com> Message-ID: <01fb01c66ed2$cfa0d790$0600a8c0@roger> I do that in my server... My server is mail.rudnick.com.br and the rulle is the following: header AUTHENTICATED Received =~ /\(authenticated .* by mail.rudnick.com.br/ score AUTHENTICATED -100.0 ----- Original Message ----- From: "Alex Neuman van der Hans" To: "MailScanner discussion" Sent: Wednesday, May 03, 2006 1:49 PM Subject: Re: SMTP Auth > Kai Schaetzl wrote: >> Darrin Powell wrote on Wed, 03 May 2006 11:06:03 -0400: >> >> >>> Is there any way to whitelist messages that are sent when using smtp >>> auth? >>> >> >> not that I'm aware of. >> >> Kai >> > How about one of the spamassassin gurus here gives us a hand? You *could* > set up a spamassassin rule that gives a strong negative value to something > in the headers. I can see from a message that just came in that Dhawal is > suggesting something similar. > > My headers look like: > > Return-Path: > Received-SPF: pass (nkserver.nkpanama.com: authenticated connection) > receiver=nkserver.nkpanama.com; client-ip=201.226.170.130; > helo=[192.168.100.101]; envelope-from=alex@nkpanama.com; > x-software=spfmilter 0.97 http://www.acme.com/software/spfmilter/ with > libspf2-1.0.0; > Received: from [192.168.100.101] (nkcenter [201.226.170.130]) > (user=alex mech=PLAIN bits=0) > by nkserver.nkpanama.com (8.13.1/8.13.1) with ESMTP id k43GkwD0017301 > for ; Wed, 3 May 2006 11:46:59 -0500 > > > So I could set a rule that hits on "authenticated connection", > "user=whatever mech=whatever bits=whatever" or something similar. I'm > using sendmail, btw. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From gmane at tippingmar.com Wed May 3 18:15:05 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Wed May 3 18:15:46 2006 Subject: SMTP Auth In-Reply-To: <4458DF26.8040400@nkpanama.com> References: <1146668763.2775.71.camel@powell> <4458DF26.8040400@nkpanama.com> Message-ID: Alex Neuman van der Hans wrote: > How about one of the spamassassin gurus here gives us a hand? You > *could* set up a spamassassin rule that gives a strong negative value to > something in the headers. I can see from a message that just came in > that Dhawal is suggesting something similar. Here is the spamassassin rule I use for this situation: # Check for authenticated mail sent from outside the office # so we can compensate for rbls, etc. # Note that the Received header has been modified in sendmail.mc so # it says "authenticated SecretPhrase" instead of just "authenticated". # This to make it harder for someone to bypass our filters by sending # us messages with a forged Received header. header TMA_AUTH Received =~ /from .*\(authenticated SecretPhrase bits.* by mail\.tippingmar\.com .* cipher=/i describe TMA_AUTH Sent through our server using authentication tflags TMA_AUTH nice score TMA_AUTH -5.0 That first part should all be on one line, of course. Mark Nienberg (not a spamassassin guru) From jaearick at colby.edu Wed May 3 18:10:40 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed May 3 18:18:49 2006 Subject: updates_spamassassin_org.cf ?? Message-ID: Gang, Branching out from the "Spamassassin not working..." thread regarding sa-update, I have done some experimenting and I'll report what I found with MailScanner. I ran sa-update and got new cf files put into /var/opt/spamassassin/3.001001/updates_spamassassin_org, with a file /var/opt/spamassassin/3.001001/updates_spamassassin_org.cf. Then I ran MS in debug mode and looked for evident that the files in /var/opt where used. Nothing. Then I made a symlink: cd /etc/mail/spamassassin ln -s /var/opt/spamassassin/3.001001/updates_spamassassin_org.cf updates_spamassassin_org.cf and ran MS in debug mode again. Voila! The updates got used, eg: dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/10_misc.cf dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/10_misc.cf" for included file and so on for all of the other cf files in /var/opt. Errr, is this the way that info from sa-update should be used? Jeff Earickson Colby College From ka at pacific.net Wed May 3 18:26:55 2006 From: ka at pacific.net (Ken A) Date: Wed May 3 18:23:20 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <972EAD70-2D44-4EB3-B294-5A49052FF46D@ecs.soton.ac.uk> References: <972EAD70-2D44-4EB3-B294-5A49052FF46D@ecs.soton.ac.uk> Message-ID: <4458E7DF.1010609@pacific.net> This being a new feature of S.A., I did the usual poking around, ran "man sa-update" and then "sa-update -D". It failed on one of 3 SA/MS boxes the first time around with sha key errors, then it ran fine the second try. The other boxes worked on the first shot. It might be a nice thing to have some of the informative output at the end of install.sh say something about the importance of the 'first run' of sa-update. Thanks, Ken Anderson Pacific.Net Julian Field wrote: > I have just published 4.53.7 which has this option commented out by > default. > You can uncomment it yourself once you have found out all about sa-update. > > This way seems a lot safer to me. Shame it never turned up as an issue > during beta testing. > > On 3 May 2006, at 16:04, Adri Koppes wrote: > >> Julian, >> >> One option might be to either have it commented out or leave the option >> blank, so that it doesn't get used and people have to enable it >> themselves when they start using sa-update and have verified they have >> received the first update ok. >> Another option could be to have MailScanner check on startup, if the >> directory exists, is readable and actually contains some rules before >> enabling the option. >> >> Normal behaviour of sa-update is to download the new rules, run an >> internal spamassassin --lint on them and if they pass, copy them to the >> local_state_dir. >> It looks like there is a small bug in SA, where it used the >> local_state_dir, even when it is empty. >> This would normally only happen, if there never was a successful >> sa-update. As soon as sa-update has run successfully, it will never >> delete the contents of the directory on a next unsuccessfull update. >> >> Adri. >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>> Of Julian Field >>> Sent: woensdag 3 mei 2006 16:48 >>> To: MailScanner discussion >>> Subject: Re: Spamassassin not working after 4.53 >>> >>> Should I urgently put out a new version with the SpamAssassin >>> Local State Dir setting commented out in MailScanner.conf? >>> >>> >>> On 3 May 2006, at 12:45, Roger Jochem wrote: >>> >>>> I'm with the same problem here... >>>> >>>> What's the problem with sa-update? I normally used my rules >>> in /etc/ >>>> mail/spamassassin, and since this version 4.53.6-1, with this new >>>> setting "SpamAssassin Local State Dir" I'm having problems... >>>> >>>> My sa-update command runned with debug didn't found any working >>>> mirror... Any help? >>>> >>>> Regards >>>> >>>> Roger Jochem >>>> >>>> ----- Original Message ----- From: "Adri Koppes" >>>> >>>> To: "MailScanner discussion" >>>> Sent: Wednesday, May 03, 2006 8:28 AM >>>> Subject: RE: Spamassassin not working after 4.53 >>>> >>>> >>>>> I see you are using /var/lib/spamassassin/3.001001 as your sys and >>>>> def rules dir. >>>>> Probably these where created by running sa-update. >>>>> Yet, there are NO rules from this location read! >>>>> So all the default built-in rules don't exist as far as Sa is >>>>> concerned. >>>>> Are there any rules in /var/lib/spamassassin/3.001001 or >>> underlying >>>>> directories? >>>>> Have you tried running sa-update again? Perhaps it's a failed sa- >>>>> update, which deleted everything? >>>>> >>>>> Adri. >>>>> >>>>> >>>>>> -----Original Message----- >>>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>>>>> Devon Harding >>>>>> Sent: woensdag 3 mei 2006 13:17 >>>>>> To: MailScanner discussion >>>>>> Subject: Spamassassin not working after 4.53 >>>>>> >>>>>> After I upgraded to 4.53, I noticed that Mailscanner was letting >>>>>> through ALOT more spam. I also noticed that spamassassin was >>>>>> scoring messages very low. Can anyone tell me whats going on? >>>>>> Here's a copy of my spamassassin --lint: >>>>>> >>>>>> [root@mars MailScanner]# spamassassin -x -D -p >>>>>> /etc/MailScanner/spam.assassin.prefs.conf --lint [11642] dbg: >>>>>> logger: adding facilities: all [11642] dbg: logger: >>> logging level is >>>>>> DBG [11642] dbg: generic: SpamAssassin version 3.1.1 [11642] dbg: >>>>>> config: score set 0 chosen. >>>>>> [11642] dbg: util: running in taint mode? yes [11642] dbg: util: >>>>>> taint mode: deleting unsafe environment variables, resetting PATH >>>>>> [11642] dbg: util: PATH included '/usr/kerberos/sbin', keeping >>>>>> [11642] dbg: util: PATH included '/usr/kerberos/bin', keeping >>>>>> [11642] dbg: util: PATH included '/usr/local/sbin', >>> keeping [11642] >>>>>> dbg: util: PATH included '/usr/local/bin', keeping [11642] dbg: >>>>>> util: PATH included '/sbin', keeping [11642] dbg: util: PATH >>>>>> included '/bin', keeping [11642] dbg: util: PATH included >>>>>> '/usr/sbin', keeping [11642] dbg: util: PATH included '/usr/bin', >>>>>> keeping [11642] dbg: util: PATH included '/root/bin', keeping >>>>>> [11642] dbg: util: final PATH set to: >>>>>> /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/loca >>>>>> l/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin >>>>>> [11642] dbg: dns: is Net::DNS::Resolver available? yes >>> [11642] dbg: >>>>>> dns: Net::DNS version: 0.57 [11642] dbg: diag: perl platform: >>>>>> 5.008008 linux [11642] dbg: diag: module installed: Digest::SHA1, >>>>>> version 2.11 [11642] dbg: diag: module installed: HTML::Parser, >>>>>> version 3.51 [11642] dbg: diag: module installed: MIME::Base64, >>>>>> version 3.07 [11642] dbg: diag: module installed: >>> DB_File, version >>>>>> 1.814 [11642] dbg: diag: module installed: Net::DNS, version 0.57 >>>>>> [11642] dbg: diag: module installed: Net::SMTP, version >>> 2.29 [11642] >>>>>> dbg: diag: module installed: Mail::SPF::Query, version 1.999001 >>>>>> [11642] dbg: diag: module installed: IP::Country::Fast, version >>>>>> 604.001 [11642] dbg: diag: module installed: >>> Razor2::Client::Agent, >>>>>> version 2.81 [11642] dbg: diag: module installed: Net::Ident, >>>>>> version 1.20 [11642] dbg: diag: module not installed: >>>>>> IO::Socket::INET6 ('require' failed) [11642] dbg: diag: module >>>>>> installed: IO::Socket::SSL, version 0.97 [11642] dbg: >>> diag: module >>>>>> installed: Time::HiRes, version 1.86 [11642] dbg: diag: module >>>>>> installed: DBI, version 1.50 [11642] dbg: diag: module installed: >>>>>> Getopt::Long, version 2.35 [11642] dbg: diag: module installed: >>>>>> LWP::UserAgent, version 2.033 [11642] dbg: diag: module >>> installed: >>>>>> HTTP::Date, version 1.47 [11642] dbg: diag: module installed: >>>>>> Archive::Tar, version 1.29 [11642] dbg: diag: module installed: >>>>>> IO::Zlib, version 1.04 [11642] dbg: ignore: using a test >>> message to >>>>>> lint rules [11642] dbg: config: using >>> "/etc/mail/spamassassin" for >>>>>> site rules pre files [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/init.pre [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/v310.pre [11642] dbg: config: using >>>>>> "/var/lib/spamassassin/3.001001" for sys rules pre files [11642] >>>>>> dbg: config: using "/var/lib/spamassassin/3.001001" for default >>>>>> rules dir [11642] dbg: config: using "/etc/mail/spamassassin" for >>>>>> site rules dir [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf >>>>>> [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/70_sare_evilnum0.cf >>>>>> [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/70_sare_evilnum1.cf >>>>>> [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/70_sare_evilnum2.cf >>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>>>>> 70_sare_html.cf [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/ 70_sare_html4.cf [11642] dbg: >>> config: read >>>>>> file /etc/mail/spamassassin/70_sare_html_eng.cf >>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>>>>> 70_sare_obfu.cf [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/70_sare_random.cf >>>>>> [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/70_sare_specific.cf >>>>>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/70_sare_uri.cf >>>>>> [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/70_sare_whitelist.cf >>>>>> [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf >>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>>>>> 88_FVGT_body.cf [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/88_FVGT_headers.cf >>>>>> [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/88_FVGT_rawbody.cf >>>>>> [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/88_FVGT_subject.cf >>>>>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/88_FVGT_uri.cf >>>>>> [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/99_FVGT_Tripwire.cf >>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/antidrug.cf >>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/backhair.cf >>>>>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/chickenpox.cf >>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/german.cf >>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/local.cf >>>>>> [11642] dbg: config: read file >>> /etc/mail/spamassassin/mailscanner.cf >>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/mangled.cf >>>>>> [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/random.current.cf >>>>>> [11642] dbg: config: read file >>>>>> /etc/mail/spamassassin/sa-blacklist.current.uri.cf >>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/tripwire.cf >>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/weeds.cf >>>>>> [11642] dbg: config: using "/etc/MailScanner/ >>>>>> spam.assassin.prefs.conf" >>>>>> for user prefs file >>>>>> [11642] dbg: config: read file >>>>>> /etc/MailScanner/spam.assassin.prefs.conf >>>>>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from >>>>>> @INC [11642] dbg: dcc: network tests on, registering DCC [11642] >>>>>> dbg: plugin: registered >>>>>> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a6b8e0) >>>>>> [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::Pyzor from @INC [11642] dbg: pyzor: >>>>>> network tests on, attempting Pyzor [11642] dbg: plugin: registered >>>>>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a5db2c) >>>>>> [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>>> razor2 is available, version 2.81 [11642] dbg: plugin: registered >>>>>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9b24050) >>>>>> [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::SpamCop from @INC [11642] >>> dbg: reporter: >>>>>> network tests on, attempting SpamCop [11642] dbg: plugin: >>> registered >>>>>> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9b5b2a8) >>>>>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from >>>>>> @INC [11642] dbg: plugin: registered >>>>>> Mail::SpamAssassin::Plugin::AWL=HASH(0x9ae90d4) >>>>>> [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [11642] >>>>>> dbg: plugin: registered >>>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9aea07c) >>>>>> [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>> [11642] dbg: >>>>>> plugin: registered >>>>>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9aeaaf0) >>>>>> [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::MIMEHeader from @INC [11642] dbg: >>>>>> plugin: registered >>>>>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9aeb7d4) >>>>>> [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC [11642] dbg: >>>>>> plugin: registered >>>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) >>>>>> [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::RelayCountry from @INC [11642] dbg: >>>>>> plugin: registered >>>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) >>>>>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from >>>>>> @INC [11642] dbg: plugin: registered >>>>>> Mail::SpamAssassin::Plugin::SPF=HASH(0x9b64784) >>>>>> [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::URIDNSBL from @INC [11642] >>> dbg: plugin: >>>>>> registered >>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) >>>>>> [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>>> razor2 is available, version 2.81 [11642] dbg: plugin: did not >>>>>> register >>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9bb3f14), already >>>>>> registered [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::DCC from @INC [11642] dbg: >>> dcc: network >>>>>> tests on, registering DCC [11642] dbg: plugin: did not register >>>>>> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a85404), already >>> registered >>>>>> [11642] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::Pyzor from >>>>>> @INC [11642] dbg: pyzor: network tests on, attempting >>> Pyzor [11642] >>>>>> dbg: plugin: did not register >>>>>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a85428), already >>>>>> registered [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>>> razor2 is available, version 2.81 [11642] dbg: plugin: did not >>>>>> register >>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a85440), already >>>>>> registered [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::SpamCop from @INC [11642] >>> dbg: reporter: >>>>>> network tests on, attempting SpamCop [11642] dbg: plugin: did not >>>>>> register Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9a8550c), >>>>>> already registered [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::AWL from @INC [11642] dbg: >>> plugin: did >>>>>> not register Mail::SpamAssassin::Plugin::AWL=HASH(0x9a854d0), >>>>>> already registered [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [11642] >>>>>> dbg: plugin: did not register >>>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9a855a8), >>>>>> already registered >>>>>> [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>> [11642] dbg: >>>>>> plugin: did not register >>>>>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9a855a8), >>>>>> already >>>>>> registered >>>>>> [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::MIMEHeader from @INC [11642] dbg: >>>>>> plugin: did not register >>>>>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9a8568c), already >>>>>> registered [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC [11642] dbg: >>>>>> plugin: did not register >>>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9a85704), already >>>>>> registered [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::RelayCountry from @INC [11642] dbg: >>>>>> plugin: did not register >>>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9a8571c), already >>>>>> registered [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::SPF from @INC [11642] dbg: >>> plugin: did >>>>>> not register Mail::SpamAssassin::Plugin::SPF=HASH(0x9a856b0), >>>>>> already registered [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::URIDNSBL from @INC [11642] >>> dbg: plugin: >>>>>> did not register >>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9a85710), already >>>>>> registered [11642] dbg: plugin: loading >>>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>>> razor2 is available, version 2.81 [11642] dbg: plugin: did not >>>>>> register >>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a8577c), already >>>>>> registered [11642] dbg: plugin: >>>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) >>> implements >>>>>> 'finish_parsing_end' >>>>>> [11642] dbg: replacetags: replacing tags [11642] dbg: >>> replacetags: >>>>>> done replacing tags [11642] dbg: bayes: using username: >>> root [11642] >>>>>> dbg: bayes: database connection established [11642] dbg: bayes: >>>>>> found bayes db version 3 [11642] dbg: bayes: Using >>> userid: 1 [11642] >>>>>> dbg: config: score set 3 chosen. >>>>>> [11642] dbg: message: ---- MIME PARSER START ---- [11642] dbg: >>>>>> message: main message type: text/plain [11642] dbg: >>> message: parsing >>>>>> normal part [11642] dbg: message: added part, type: text/plain >>>>>> [11642] dbg: message: ---- MIME PARSER END ---- [11642] dbg: dns: >>>>>> name server: 192.168.0.10, family: 2, ipv6: 0 [11642] dbg: dns: >>>>>> testing resolver nameservers: 192.168.0.10, 192.168.0.12, >>>>>> 192.168.0.2 [11642] dbg: dns: trying (3) linux.org... >>>>>> [11642] dbg: dns: looking up NS for 'linux.org' >>>>>> [11642] dbg: dns: NS lookup of linux.org using >>> 192.168.0.10 failed, >>>>>> no results found [11642] dbg: dns: trying (2) akamai.com... >>>>>> [11642] dbg: dns: looking up NS for 'akamai.com' >>>>>> [11642] dbg: dns: NS lookup of akamai.com using >>> 192.168.0.10 failed, >>>>>> no results found [11642] dbg: dns: trying (1) intel.com... >>>>>> [11642] dbg: dns: looking up NS for 'intel.com' >>>>>> [11642] dbg: dns: NS lookup of intel.com using 192.168.0.10 >>>>>> succeeded => DNS available (set dns_available to >>> override) [11642] >>>>>> dbg: dns: is DNS available? 1 [11642] dbg: metadata: >>>>>> X-Spam-Relays-Trusted: >>>>>> [11642] dbg: metadata: X-Spam-Relays-Untrusted: >>>>>> [11642] dbg: plugin: >>>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) >>> implements >>>>>> 'extract_metadata' >>>>>> [11642] dbg: metadata: X-Relay-Countries: >>>>>> [11642] dbg: message: no encoding detected [11642] dbg: plugin: >>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>>>>> 'parsed_metadata' >>>>>> [11642] dbg: uridnsbl: domains to query: >>>>>> [11642] dbg: check: running tests for priority: 0 [11642] dbg: >>>>>> rules: running header regexp tests; score so far=0 [11642] dbg: >>>>>> rules: running body-text per-line regexp tests; score so far=0 >>>>>> [11642] dbg: rules: ran body rule __SARE_HTML_HAS_MSG ======> got >>>>>> hit: "I" >>>>>> [11642] dbg: uri: running uri tests; score so far=0 [11642] dbg: >>>>>> rules: running raw-body-text per-line regexp tests; score >>> so far=0 >>>>>> [11642] dbg: rules: running full-text regexp tests; score >>> so far=0 >>>>>> [11642] dbg: plugin: >>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>>>>> 'check_tick' >>>>>> [11642] dbg: check: running tests for priority: 500 [11642] dbg: >>>>>> plugin: >>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>>>>> 'check_post_dnsbl' >>>>>> [11642] dbg: rules: running meta tests; score so far=0 >>> [11642] dbg: >>>>>> rules: running header regexp tests; score so far=0 [11642] dbg: >>>>>> rules: running body-text per-line regexp tests; score so far=0 >>>>>> [11642] dbg: uri: running uri tests; score so far=0 [11642] dbg: >>>>>> rules: running raw-body-text per-line regexp tests; score >>> so far=0 >>>>>> [11642] dbg: rules: running full-text regexp tests; score >>> so far=0 >>>>>> [11642] dbg: check: is spam? score=0 required=5 [11642] >>> dbg: check: >>>>>> tests= [11642] dbg: check: subtests=__SARE_HTML_HAS_MSG >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store PGP >>> footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> --This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> MailScanner thanks transtec Computers for their support. >>> >>> --MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > --Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From martinh at solid-state-logic.com Wed May 3 18:40:55 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed May 3 18:41:24 2006 Subject: updates_spamassassin_org.cf ?? In-Reply-To: Message-ID: <013f01c66ed8$baf83da0$3004010a@martinhlaptop> Jeff No - the sa-updates creates a new dir with new and existing rules for your version...changing the MailScanner line.. SpamAssassin Local State Dir = /var/lib will make MS see the updated rulesets. HOWEVER it would seem that you have to have run sa-update BEFORE you make this change otherwise MS doesn't see the 'original' rules in /usr/local/share/spamassassin and your spam detection will down the pan. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jeff A. Earickson > Sent: 03 May 2006 18:11 > To: mailscanner mailing list > Subject: updates_spamassassin_org.cf ?? > > Gang, > > Branching out from the "Spamassassin not working..." thread > regarding sa-update, I have done some experimenting and I'll > report what I found with MailScanner. > > I ran sa-update and got new cf files put into > /var/opt/spamassassin/3.001001/updates_spamassassin_org, with > a file /var/opt/spamassassin/3.001001/updates_spamassassin_org.cf. > > Then I ran MS in debug mode and looked for evident that the > files in /var/opt where used. Nothing. Then I made a symlink: > > cd /etc/mail/spamassassin > ln -s /var/opt/spamassassin/3.001001/updates_spamassassin_org.cf > updates_spamassassin_org.cf > > and ran MS in debug mode again. Voila! The updates got used, eg: > > dbg: plugin: fixed relative path: > /etc/mail/spamassassin/updates_spamassassin_org/10_misc.cf > dbg: config: using > "/etc/mail/spamassassin/updates_spamassassin_org/10_misc.cf" for included > file > > and so on for all of the other cf files in /var/opt. > > Errr, is this the way that info from sa-update should be used? > > Jeff Earickson > Colby College > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From alex at nkpanama.com Wed May 3 18:49:31 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed May 3 18:49:53 2006 Subject: SMTP Auth In-Reply-To: References: <1146668763.2775.71.camel@powell> <4458DF26.8040400@nkpanama.com> Message-ID: <4458ED2B.7040306@nkpanama.com> Mark Nienberg wrote: > > # Check for authenticated mail sent from outside the office > # so we can compensate for rbls, etc. > # Note that the Received header has been modified in sendmail.mc so > # it says "authenticated SecretPhrase" instead of just "authenticated". > # This to make it harder for someone to bypass our filters by sending > # us messages with a forged Received header. > > header TMA_AUTH Received =~ /from .*\(authenticated SecretPhrase > bits.* by mail\.tippingmar\.com .* cipher=/i > The place for the "secretphrase" would be where the cfhead.m4 says: _REC_FULL_AUTH_$?{auth_ssf} bits=${auth_ssf}$.) right? BTW, mine says "rec_full_auth" instead of the "rec_auth" that comes with the stock cf file so I can tell *who* authenticated - not just the fact that the message *was* authenticated. From jaearick at colby.edu Wed May 3 18:59:34 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed May 3 19:02:03 2006 Subject: tnef 1.4, Solaris, won't build Message-ID: Anybody else had problems getting tnef 1.4 to build from the tar release? On Solaris 10 with gcc 4.1, I get: if gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -MT xstrdup.o -MD -MP -MF ".deps/xstrdup.Tpo" -c -o xstrdup.o xstrdup.c; \ then mv -f ".deps/xstrdup.Tpo" ".deps/xstrdup.Po"; else rm -f ".deps/xstrdup.Tpo"; exit 1; fi gmake[3]: *** No rule to make target `replace/libreplace.a', needed by `tnef'. Stop. I'm going to use the tnef executable from the previous MS release and move on for the moment. Jeff Earickson Colby College From MailScanner at ecs.soton.ac.uk Wed May 3 19:25:22 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 3 19:26:21 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <2baac6140605030917r6ea3ea26o1f210e5f20deac0d@mail.gmail.com> References: <972EAD70-2D44-4EB3-B294-5A49052FF46D@ecs.soton.ac.uk> <2baac6140605030917r6ea3ea26o1f210e5f20deac0d@mail.gmail.com> Message-ID: <4458F592.1050408@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Not quite. After it has done it the first time, it will have some rules in the /var/lib/... directory. If it fails in future it just won't copy the screwed rules into place. But yes, it has a bad failure mode that if it fails the first time it leaves you with a system that doesn't work properly. Can Matt Kettler forward this to the SpamAssassin guys (e.g. Justin) and file this as a bug please? Devon Harding wrote: > So, to sum it up. If sa-update has an issue (and creates an empty > /var/lib/spamassassin/3.001001/), Mailscanner will look there for SA > rules, not find any, and let SPAM through? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFj1lBH2WUcUFbZUEQJmXwCg45Mhw4DqGXsLA4jb3xBJFFxO5AcAn0WI kSHhFs5iF317OlDP+GyBM/go =JhJh -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From jaearick at colby.edu Wed May 3 19:23:59 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed May 3 19:27:26 2006 Subject: updates_spamassassin_org.cf ?? In-Reply-To: <013f01c66ed8$baf83da0$3004010a@martinhlaptop> References: <013f01c66ed8$baf83da0$3004010a@martinhlaptop> Message-ID: Martin, I was trying to figure out the sa-update thing with MS version 4.52.2. Your note below made no sense to me until I started looking at the MailScanner.conf for 4.53.7. I my case (Solaris 10) the state dir is /var/opt instead of /var/lib. Jeff Earickson Colby College On Wed, 3 May 2006, Martin Hepworth wrote: > Date: Wed, 3 May 2006 18:40:55 +0100 > From: Martin Hepworth > Reply-To: MailScanner discussion > To: 'MailScanner discussion' > Subject: RE: updates_spamassassin_org.cf ?? > > Jeff > > No - the sa-updates creates a new dir with new and existing rules for your > version...changing the MailScanner line.. > > SpamAssassin Local State Dir = /var/lib > > will make MS see the updated rulesets. HOWEVER it would seem that you have > to have run sa-update BEFORE you make this change otherwise MS doesn't see > the 'original' rules in /usr/local/share/spamassassin and your spam > detection will down the pan. > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Jeff A. Earickson >> Sent: 03 May 2006 18:11 >> To: mailscanner mailing list >> Subject: updates_spamassassin_org.cf ?? >> >> Gang, >> >> Branching out from the "Spamassassin not working..." thread >> regarding sa-update, I have done some experimenting and I'll >> report what I found with MailScanner. >> >> I ran sa-update and got new cf files put into >> /var/opt/spamassassin/3.001001/updates_spamassassin_org, with >> a file /var/opt/spamassassin/3.001001/updates_spamassassin_org.cf. >> >> Then I ran MS in debug mode and looked for evident that the >> files in /var/opt where used. Nothing. Then I made a symlink: >> >> cd /etc/mail/spamassassin >> ln -s /var/opt/spamassassin/3.001001/updates_spamassassin_org.cf >> updates_spamassassin_org.cf >> >> and ran MS in debug mode again. Voila! The updates got used, eg: >> >> dbg: plugin: fixed relative path: >> /etc/mail/spamassassin/updates_spamassassin_org/10_misc.cf >> dbg: config: using >> "/etc/mail/spamassassin/updates_spamassassin_org/10_misc.cf" for included >> file >> >> and so on for all of the other cf files in /var/opt. >> >> Errr, is this the way that info from sa-update should be used? >> >> Jeff Earickson >> Colby College >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From chardlist at chard.net Wed May 3 19:41:05 2006 From: chardlist at chard.net (chardlist) Date: Wed May 3 19:41:29 2006 Subject: Bitdefender Wrapper / tmpfs Message-ID: <044201c66ee1$24399bd0$0202fea9@sangria> Is there a way to specify the temporary directory Bitdefender uses when doing it's scanning? I saw in the clam-av wrapper where this could be easily modified. I'm trying to get as many of the mailscanner processes as possible using tmpfs. Elaborating on that... does anyone have recommendations on using tmpfs to improve performance? I've already configured the mailscanner incoming directory and the clamav temporary directory to use tmpfs and the performance boost is outstanding. Thank you, -Brendan From MailScanner at ecs.soton.ac.uk Wed May 3 19:56:33 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 3 19:56:55 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <4458E7DF.1010609@pacific.net> References: <972EAD70-2D44-4EB3-B294-5A49052FF46D@ecs.soton.ac.uk> <4458E7DF.1010609@pacific.net> Message-ID: <4458FCE1.6000204@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have disabled it from having any effect until the user finds it. It's relatively unimportant at the moment anyway. Is it very easy to tell from the end of the output of sa-update that it succeeded or failed? Users can't be expected to read more than the last 5 lines or so of the output of sa-update. Does it produce different exit codes if it fails? Ken A wrote: > > This being a new feature of S.A., I did the usual poking around, ran > "man sa-update" and then "sa-update -D". It failed on one of 3 SA/MS > boxes the first time around with sha key errors, then it ran fine the > second try. The other boxes worked on the first shot. > > It might be a nice thing to have some of the informative output at the > end of install.sh say something about the importance of the 'first > run' of sa-update. > > Thanks, > > Ken Anderson > Pacific.Net > > > Julian Field wrote: >> I have just published 4.53.7 which has this option commented out by >> default. >> You can uncomment it yourself once you have found out all about >> sa-update. >> >> This way seems a lot safer to me. Shame it never turned up as an >> issue during beta testing. >> >> On 3 May 2006, at 16:04, Adri Koppes wrote: >> >>> Julian, >>> >>> One option might be to either have it commented out or leave the option >>> blank, so that it doesn't get used and people have to enable it >>> themselves when they start using sa-update and have verified they have >>> received the first update ok. >>> Another option could be to have MailScanner check on startup, if the >>> directory exists, is readable and actually contains some rules before >>> enabling the option. >>> >>> Normal behaviour of sa-update is to download the new rules, run an >>> internal spamassassin --lint on them and if they pass, copy them to the >>> local_state_dir. >>> It looks like there is a small bug in SA, where it used the >>> local_state_dir, even when it is empty. >>> This would normally only happen, if there never was a successful >>> sa-update. As soon as sa-update has run successfully, it will never >>> delete the contents of the directory on a next unsuccessfull update. >>> >>> Adri. >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>> Of Julian Field >>>> Sent: woensdag 3 mei 2006 16:48 >>>> To: MailScanner discussion >>>> Subject: Re: Spamassassin not working after 4.53 >>>> >>>> Should I urgently put out a new version with the SpamAssassin >>>> Local State Dir setting commented out in MailScanner.conf? >>>> >>>> >>>> On 3 May 2006, at 12:45, Roger Jochem wrote: >>>> >>>>> I'm with the same problem here... >>>>> >>>>> What's the problem with sa-update? I normally used my rules >>>> in /etc/ >>>>> mail/spamassassin, and since this version 4.53.6-1, with this new >>>>> setting "SpamAssassin Local State Dir" I'm having problems... >>>>> >>>>> My sa-update command runned with debug didn't found any working >>>>> mirror... Any help? >>>>> >>>>> Regards >>>>> >>>>> Roger Jochem >>>>> >>>>> ----- Original Message ----- From: "Adri Koppes" >>>>> >>>>> To: "MailScanner discussion" >>>>> Sent: Wednesday, May 03, 2006 8:28 AM >>>>> Subject: RE: Spamassassin not working after 4.53 >>>>> >>>>> >>>>>> I see you are using /var/lib/spamassassin/3.001001 as your sys and >>>>>> def rules dir. >>>>>> Probably these where created by running sa-update. >>>>>> Yet, there are NO rules from this location read! >>>>>> So all the default built-in rules don't exist as far as Sa is >>>>>> concerned. >>>>>> Are there any rules in /var/lib/spamassassin/3.001001 or >>>> underlying >>>>>> directories? >>>>>> Have you tried running sa-update again? Perhaps it's a failed sa- >>>>>> update, which deleted everything? >>>>>> >>>>>> Adri. >>>>>> >>>>>> >>>>>>> -----Original Message----- >>>>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>>>>>> Devon Harding >>>>>>> Sent: woensdag 3 mei 2006 13:17 >>>>>>> To: MailScanner discussion >>>>>>> Subject: Spamassassin not working after 4.53 >>>>>>> >>>>>>> After I upgraded to 4.53, I noticed that Mailscanner was letting >>>>>>> through ALOT more spam. I also noticed that spamassassin was >>>>>>> scoring messages very low. Can anyone tell me whats going on? >>>>>>> Here's a copy of my spamassassin --lint: >>>>>>> >>>>>>> [root@mars MailScanner]# spamassassin -x -D -p >>>>>>> /etc/MailScanner/spam.assassin.prefs.conf --lint [11642] dbg: >>>>>>> logger: adding facilities: all [11642] dbg: logger: >>>> logging level is >>>>>>> DBG [11642] dbg: generic: SpamAssassin version 3.1.1 [11642] dbg: >>>>>>> config: score set 0 chosen. >>>>>>> [11642] dbg: util: running in taint mode? yes [11642] dbg: util: >>>>>>> taint mode: deleting unsafe environment variables, resetting PATH >>>>>>> [11642] dbg: util: PATH included '/usr/kerberos/sbin', keeping >>>>>>> [11642] dbg: util: PATH included '/usr/kerberos/bin', keeping >>>>>>> [11642] dbg: util: PATH included '/usr/local/sbin', >>>> keeping [11642] >>>>>>> dbg: util: PATH included '/usr/local/bin', keeping [11642] dbg: >>>>>>> util: PATH included '/sbin', keeping [11642] dbg: util: PATH >>>>>>> included '/bin', keeping [11642] dbg: util: PATH included >>>>>>> '/usr/sbin', keeping [11642] dbg: util: PATH included '/usr/bin', >>>>>>> keeping [11642] dbg: util: PATH included '/root/bin', keeping >>>>>>> [11642] dbg: util: final PATH set to: >>>>>>> /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/loca >>>>>>> l/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin >>>>>>> [11642] dbg: dns: is Net::DNS::Resolver available? yes >>>> [11642] dbg: >>>>>>> dns: Net::DNS version: 0.57 [11642] dbg: diag: perl platform: >>>>>>> 5.008008 linux [11642] dbg: diag: module installed: Digest::SHA1, >>>>>>> version 2.11 [11642] dbg: diag: module installed: HTML::Parser, >>>>>>> version 3.51 [11642] dbg: diag: module installed: MIME::Base64, >>>>>>> version 3.07 [11642] dbg: diag: module installed: >>>> DB_File, version >>>>>>> 1.814 [11642] dbg: diag: module installed: Net::DNS, version 0.57 >>>>>>> [11642] dbg: diag: module installed: Net::SMTP, version >>>> 2.29 [11642] >>>>>>> dbg: diag: module installed: Mail::SPF::Query, version 1.999001 >>>>>>> [11642] dbg: diag: module installed: IP::Country::Fast, version >>>>>>> 604.001 [11642] dbg: diag: module installed: >>>> Razor2::Client::Agent, >>>>>>> version 2.81 [11642] dbg: diag: module installed: Net::Ident, >>>>>>> version 1.20 [11642] dbg: diag: module not installed: >>>>>>> IO::Socket::INET6 ('require' failed) [11642] dbg: diag: module >>>>>>> installed: IO::Socket::SSL, version 0.97 [11642] dbg: >>>> diag: module >>>>>>> installed: Time::HiRes, version 1.86 [11642] dbg: diag: module >>>>>>> installed: DBI, version 1.50 [11642] dbg: diag: module installed: >>>>>>> Getopt::Long, version 2.35 [11642] dbg: diag: module installed: >>>>>>> LWP::UserAgent, version 2.033 [11642] dbg: diag: module >>>> installed: >>>>>>> HTTP::Date, version 1.47 [11642] dbg: diag: module installed: >>>>>>> Archive::Tar, version 1.29 [11642] dbg: diag: module installed: >>>>>>> IO::Zlib, version 1.04 [11642] dbg: ignore: using a test >>>> message to >>>>>>> lint rules [11642] dbg: config: using >>>> "/etc/mail/spamassassin" for >>>>>>> site rules pre files [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/init.pre [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/v310.pre [11642] dbg: config: using >>>>>>> "/var/lib/spamassassin/3.001001" for sys rules pre files [11642] >>>>>>> dbg: config: using "/var/lib/spamassassin/3.001001" for default >>>>>>> rules dir [11642] dbg: config: using "/etc/mail/spamassassin" for >>>>>>> site rules dir [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf >>>>>>> [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/70_sare_evilnum0.cf >>>>>>> [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/70_sare_evilnum1.cf >>>>>>> [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/70_sare_evilnum2.cf >>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>>>>>> 70_sare_html.cf [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/ 70_sare_html4.cf [11642] dbg: >>>> config: read >>>>>>> file /etc/mail/spamassassin/70_sare_html_eng.cf >>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>>>>>> 70_sare_obfu.cf [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/70_sare_random.cf >>>>>>> [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/70_sare_specific.cf >>>>>>> [11642] dbg: config: read file >>>> /etc/mail/spamassassin/70_sare_uri.cf >>>>>>> [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/70_sare_whitelist.cf >>>>>>> [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf >>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>>>>>> 88_FVGT_body.cf [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/88_FVGT_headers.cf >>>>>>> [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/88_FVGT_rawbody.cf >>>>>>> [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/88_FVGT_subject.cf >>>>>>> [11642] dbg: config: read file >>>> /etc/mail/spamassassin/88_FVGT_uri.cf >>>>>>> [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/99_FVGT_Tripwire.cf >>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/antidrug.cf >>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/backhair.cf >>>>>>> [11642] dbg: config: read file >>>> /etc/mail/spamassassin/chickenpox.cf >>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/german.cf >>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/local.cf >>>>>>> [11642] dbg: config: read file >>>> /etc/mail/spamassassin/mailscanner.cf >>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/mangled.cf >>>>>>> [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/random.current.cf >>>>>>> [11642] dbg: config: read file >>>>>>> /etc/mail/spamassassin/sa-blacklist.current.uri.cf >>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/tripwire.cf >>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/weeds.cf >>>>>>> [11642] dbg: config: using "/etc/MailScanner/ >>>>>>> spam.assassin.prefs.conf" >>>>>>> for user prefs file >>>>>>> [11642] dbg: config: read file >>>>>>> /etc/MailScanner/spam.assassin.prefs.conf >>>>>>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from >>>>>>> @INC [11642] dbg: dcc: network tests on, registering DCC [11642] >>>>>>> dbg: plugin: registered >>>>>>> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a6b8e0) >>>>>>> [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::Pyzor from @INC [11642] dbg: pyzor: >>>>>>> network tests on, attempting Pyzor [11642] dbg: plugin: registered >>>>>>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a5db2c) >>>>>>> [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>>>> razor2 is available, version 2.81 [11642] dbg: plugin: registered >>>>>>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9b24050) >>>>>>> [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::SpamCop from @INC [11642] >>>> dbg: reporter: >>>>>>> network tests on, attempting SpamCop [11642] dbg: plugin: >>>> registered >>>>>>> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9b5b2a8) >>>>>>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from >>>>>>> @INC [11642] dbg: plugin: registered >>>>>>> Mail::SpamAssassin::Plugin::AWL=HASH(0x9ae90d4) >>>>>>> [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [11642] >>>>>>> dbg: plugin: registered >>>>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9aea07c) >>>>>>> [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>>> [11642] dbg: >>>>>>> plugin: registered >>>>>>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9aeaaf0) >>>>>>> [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::MIMEHeader from @INC [11642] dbg: >>>>>>> plugin: registered >>>>>>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9aeb7d4) >>>>>>> [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC [11642] dbg: >>>>>>> plugin: registered >>>>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) >>>>>>> [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::RelayCountry from @INC [11642] dbg: >>>>>>> plugin: registered >>>>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) >>>>>>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from >>>>>>> @INC [11642] dbg: plugin: registered >>>>>>> Mail::SpamAssassin::Plugin::SPF=HASH(0x9b64784) >>>>>>> [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL from @INC [11642] >>>> dbg: plugin: >>>>>>> registered >>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) >>>>>>> [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>>>> razor2 is available, version 2.81 [11642] dbg: plugin: did not >>>>>>> register >>>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9bb3f14), already >>>>>>> registered [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::DCC from @INC [11642] dbg: >>>> dcc: network >>>>>>> tests on, registering DCC [11642] dbg: plugin: did not register >>>>>>> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a85404), already >>>> registered >>>>>>> [11642] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::Pyzor from >>>>>>> @INC [11642] dbg: pyzor: network tests on, attempting >>>> Pyzor [11642] >>>>>>> dbg: plugin: did not register >>>>>>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a85428), already >>>>>>> registered [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>>>> razor2 is available, version 2.81 [11642] dbg: plugin: did not >>>>>>> register >>>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a85440), already >>>>>>> registered [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::SpamCop from @INC [11642] >>>> dbg: reporter: >>>>>>> network tests on, attempting SpamCop [11642] dbg: plugin: did not >>>>>>> register Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9a8550c), >>>>>>> already registered [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::AWL from @INC [11642] dbg: >>>> plugin: did >>>>>>> not register Mail::SpamAssassin::Plugin::AWL=HASH(0x9a854d0), >>>>>>> already registered [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [11642] >>>>>>> dbg: plugin: did not register >>>>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9a855a8), >>>>>>> already registered >>>>>>> [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>>> [11642] dbg: >>>>>>> plugin: did not register >>>>>>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9a855a8), >>>>>>> already >>>>>>> registered >>>>>>> [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::MIMEHeader from @INC [11642] dbg: >>>>>>> plugin: did not register >>>>>>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9a8568c), already >>>>>>> registered [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC [11642] dbg: >>>>>>> plugin: did not register >>>>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9a85704), already >>>>>>> registered [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::RelayCountry from @INC [11642] dbg: >>>>>>> plugin: did not register >>>>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9a8571c), already >>>>>>> registered [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::SPF from @INC [11642] dbg: >>>> plugin: did >>>>>>> not register Mail::SpamAssassin::Plugin::SPF=HASH(0x9a856b0), >>>>>>> already registered [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL from @INC [11642] >>>> dbg: plugin: >>>>>>> did not register >>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9a85710), already >>>>>>> registered [11642] dbg: plugin: loading >>>>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>>>> razor2 is available, version 2.81 [11642] dbg: plugin: did not >>>>>>> register >>>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a8577c), already >>>>>>> registered [11642] dbg: plugin: >>>>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) >>>> implements >>>>>>> 'finish_parsing_end' >>>>>>> [11642] dbg: replacetags: replacing tags [11642] dbg: >>>> replacetags: >>>>>>> done replacing tags [11642] dbg: bayes: using username: >>>> root [11642] >>>>>>> dbg: bayes: database connection established [11642] dbg: bayes: >>>>>>> found bayes db version 3 [11642] dbg: bayes: Using >>>> userid: 1 [11642] >>>>>>> dbg: config: score set 3 chosen. >>>>>>> [11642] dbg: message: ---- MIME PARSER START ---- [11642] dbg: >>>>>>> message: main message type: text/plain [11642] dbg: >>>> message: parsing >>>>>>> normal part [11642] dbg: message: added part, type: text/plain >>>>>>> [11642] dbg: message: ---- MIME PARSER END ---- [11642] dbg: dns: >>>>>>> name server: 192.168.0.10, family: 2, ipv6: 0 [11642] dbg: dns: >>>>>>> testing resolver nameservers: 192.168.0.10, 192.168.0.12, >>>>>>> 192.168.0.2 [11642] dbg: dns: trying (3) linux.org... >>>>>>> [11642] dbg: dns: looking up NS for 'linux.org' >>>>>>> [11642] dbg: dns: NS lookup of linux.org using >>>> 192.168.0.10 failed, >>>>>>> no results found [11642] dbg: dns: trying (2) akamai.com... >>>>>>> [11642] dbg: dns: looking up NS for 'akamai.com' >>>>>>> [11642] dbg: dns: NS lookup of akamai.com using >>>> 192.168.0.10 failed, >>>>>>> no results found [11642] dbg: dns: trying (1) intel.com... >>>>>>> [11642] dbg: dns: looking up NS for 'intel.com' >>>>>>> [11642] dbg: dns: NS lookup of intel.com using 192.168.0.10 >>>>>>> succeeded => DNS available (set dns_available to >>>> override) [11642] >>>>>>> dbg: dns: is DNS available? 1 [11642] dbg: metadata: >>>>>>> X-Spam-Relays-Trusted: >>>>>>> [11642] dbg: metadata: X-Spam-Relays-Untrusted: >>>>>>> [11642] dbg: plugin: >>>>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) >>>> implements >>>>>>> 'extract_metadata' >>>>>>> [11642] dbg: metadata: X-Relay-Countries: >>>>>>> [11642] dbg: message: no encoding detected [11642] dbg: plugin: >>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>>>>>> 'parsed_metadata' >>>>>>> [11642] dbg: uridnsbl: domains to query: >>>>>>> [11642] dbg: check: running tests for priority: 0 [11642] dbg: >>>>>>> rules: running header regexp tests; score so far=0 [11642] dbg: >>>>>>> rules: running body-text per-line regexp tests; score so far=0 >>>>>>> [11642] dbg: rules: ran body rule __SARE_HTML_HAS_MSG ======> got >>>>>>> hit: "I" >>>>>>> [11642] dbg: uri: running uri tests; score so far=0 [11642] dbg: >>>>>>> rules: running raw-body-text per-line regexp tests; score >>>> so far=0 >>>>>>> [11642] dbg: rules: running full-text regexp tests; score >>>> so far=0 >>>>>>> [11642] dbg: plugin: >>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>>>>>> 'check_tick' >>>>>>> [11642] dbg: check: running tests for priority: 500 [11642] dbg: >>>>>>> plugin: >>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>>>>>> 'check_post_dnsbl' >>>>>>> [11642] dbg: rules: running meta tests; score so far=0 >>>> [11642] dbg: >>>>>>> rules: running header regexp tests; score so far=0 [11642] dbg: >>>>>>> rules: running body-text per-line regexp tests; score so far=0 >>>>>>> [11642] dbg: uri: running uri tests; score so far=0 [11642] dbg: >>>>>>> rules: running raw-body-text per-line regexp tests; score >>>> so far=0 >>>>>>> [11642] dbg: rules: running full-text regexp tests; score >>>> so far=0 >>>>>>> [11642] dbg: check: is spam? score=0 required=5 [11642] >>>> dbg: check: >>>>>>> tests= [11642] dbg: check: subtests=__SARE_HTML_HAS_MSG >>>>>>> -- >>>>>>> MailScanner mailing list >>>>>>> mailscanner@lists.mailscanner.info >>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>> >>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store PGP >>>> footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> >>>> --This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> MailScanner thanks transtec Computers for their support. >>>> >>>> --MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> --Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> --This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFj84xH2WUcUFbZUEQLFGACgtmWxoM95k9hgEnVs6CYKnCKvEhAAoMQI iwfbIW4ok5IcSYvz198qVovc =PJbN -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From brett at wrl.org Wed May 3 20:00:47 2006 From: brett at wrl.org (Brett Charbeneau) Date: Wed May 3 20:02:15 2006 Subject: Debug for Sendmail with MailScanner - huh? In-Reply-To: References: Message-ID: Thanks for the response, shrek-m! > i do not know debians sendmail.mc > do you mean `confLOG_LEVEL' ? > > eg. /etc/mail/sendmail.mc > -------- > dnl # default logging level is 9, you might want to set it higher to > dnl # debug the configuration > dnl # > dnl define(`confLOG_LEVEL', `9')dnl > define(`confLOG_LEVEL', `15')dnl Wow - that seems to have done it! There wasn't any "confLOG_LEVEL" mention in the Debian sendmail.mc, but when I stuck your define statement in it really cranked up the detail on the log! Many thanks! -- ******************************************************************** Brett Charbeneau Network Administrator Williamsburg Regional Library 7770 Croaker Road Williamsburg, VA 23188-7064 (757)259-4044 www.wrl.org (757)259-4079 (fax) brett@wrl.org ******************************************************************** From MailScanner at ecs.soton.ac.uk Wed May 3 20:04:36 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 3 20:04:48 2006 Subject: Bitdefender Wrapper / tmpfs In-Reply-To: <044201c66ee1$24399bd0$0202fea9@sangria> References: <044201c66ee1$24399bd0$0202fea9@sangria> Message-ID: <4458FEC4.6080208@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A 'strings - bdc' produces this /tmp/ %s/%s %s%s /proc/%d /proc/self /tmp/ctmpXXXXXX /tmp/tmpXXXXXX so if you mount /tmp with tmpfs you should get it. chardlist wrote: > Is there a way to specify the temporary directory Bitdefender uses when > doing it's scanning? > > I saw in the clam-av wrapper where this could be easily modified. > > I'm trying to get as many of the mailscanner processes as possible using > tmpfs. > > Elaborating on that... does anyone have recommendations on using tmpfs to > improve performance? I've already configured the mailscanner incoming > directory and the clamav temporary directory to use tmpfs and the > performance boost is outstanding. > > Thank you, > -Brendan > > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFj+xhH2WUcUFbZUEQJZjwCfXk8Evf0+O+umn4ZtKl79QdU8HRkAn1Z3 XgMZvBbwTL+pEd779lqSQh9e =5xmo -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mariusz_p at poczta.onet.pl Wed May 3 20:16:03 2006 From: mariusz_p at poczta.onet.pl (Mariusz P.) Date: Wed May 3 20:16:19 2006 Subject: How switch off delete of infected attachment Message-ID: <00c901c66ee6$053b1790$9b2a1453@home> How switch off delete of infected attachment?? From mkettler at evi-inc.com Wed May 3 20:23:28 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed May 3 20:23:43 2006 Subject: How switch off delete of infected attachment In-Reply-To: <00c901c66ee6$053b1790$9b2a1453@home> References: <00c901c66ee6$053b1790$9b2a1453@home> Message-ID: <44590330.8020808@evi-inc.com> Mariusz P. wrote: > How switch off delete of infected attachment?? Quarantine Infections = yes This will cause MS to rip them off and drop them in a quarantine directory on the server instead of deleting them. If even quarantining isn't good enough, your other alternative is to turn off virus scanning. I don't think there's any way to use "deliver" as a virus action in MS. From evanderleun at hal9000.nl Wed May 3 20:30:47 2006 From: evanderleun at hal9000.nl (Erik van der Leun) Date: Wed May 3 20:30:53 2006 Subject: mail loops In-Reply-To: <4456466C.1080308@ecs.soton.ac.uk> References: <44560595.80704@ecs.soton.ac.uk> <4456466C.1080308@ecs.soton.ac.uk> Message-ID: <445904E7.8000309@hal9000.nl> Alas... this change didn't make any difference. hal9000 mqueue # MailScanner --debug In Debugging mode, not forking... Ignore errors about failing to find EOCD signature Undefined subroutine &Filesys::DF::df called at /usr/lib/MailScanner/MailScanner/Message.pm line 1663. hal9000 mqueue # this is copied from the CPAN interface (yet, I did install the perl module using Gentoo's Portage, which I prefer to do) DESCRIPTION Disk free based on Filesys::Statvfs CPAN_USERID IGUTHRIE (Ian Guthrie ) CPAN_VERSION 0.75 CPAN_FILE I/IG/IGUTHRIE/Filesys-Statvfs_Statfs_Df-0.75.tar.gz DSLI_STATUS Rdpr (released,developer,perl,references+ties) MANPAGE Filesys::DiskSpace - Perl df INST_FILE /usr/lib/perl5/vendor_perl/5.8.7/Filesys/Df.pm INST_VERSION 0.05 I'm not overly familiar with perl... could anybody give me tips on how to debug this problem? Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Please can you try changing line 1663 of >/usr/lib/MailScanner/MailScanner/Message.pm. Change it to say > > my $df = Filesys::DF::df($dir, 1024); > >and let me know if this fixes it. If it does I'll put out another >release before tomorrow morning. > >Erik van der Leun wrote: > > >>Outgoing mail does not appear to have a problem, logically... >> >>I restarted MailScanner to be able to send the mail, and retried >>debugging >>mode while MailScanner was still on Air: >> >>In Debugging mode, not forking... >>Ignore errors about failing to find EOCD signature >>Undefined subroutine &MailScanner::Message::df called at >>/usr/lib/MailScanner/MailScanner/Message.pm line 1663. >> >>This was the only output I got... Might be it though... >> >>I'm downgrading again for now, as I do need mailflow :) >> >>On Mon, 1 May 2006, Julian Field wrote: >> >> >> >>>-----BEGIN PGP SIGNED MESSAGE----- >>>Hash: SHA1 >>> >>>In which case stop MailScanner, do "MailScanner --debug" and send us the >>>output. >>> >>>Erik van der Leun wrote: >>> >>> >>>>Hi, >>>> >>>>I've already sent a (mild) warming for gentoo users on the latest >>>>stable >>>>release of MailScanner (the filename of Df.pm will be different if you >>>>use portage to install this perl module), but I didn't even get my >>>>MailScanner >>>>to work properly after the upgrade. >>>> >>>>Mail was checked for spam, I got a message the Virusscanning got >>>>started, but >>>>the first message after that, was the number of messages found in the >>>>queue >>>>and it kept on looping like this. >>>> >>>>Mail was accepted, but not delivered... >>>>I didn't take a lot time to investigate as I simply don't have it >>>>available >>>>at the moment. I downgraded and the problem was solved. >>>> >>>>Did anybody have similar experiences? >>>> >>>>Kind regards, >>>>Erik van der Leun >>>> >>>> >>>- -- >>>Julian Field >>>www.MailScanner.info >>>Buy the MailScanner book at www.MailScanner.info/store >>>Professional Support Services at www.MailScanner.biz >>>MailScanner thanks transtec Computers for their support >>> >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>>-----BEGIN PGP SIGNATURE----- >>>Version: PGP Desktop 9.0.6 (Build 6060) >>> >>>iQA/AwUBRFYFlRH2WUcUFbZUEQLFLACfQD3n1IAc8Ef33of1eUdn/cwDuAoAoJ8n >>>caAovvutPmulPsve+6s3l1S6 >>>=QJQZ >>>-----END PGP SIGNATURE----- >>> >>>-- >>>This message has been scanned for viruses and >>>dangerous content by MailScanner, and is >>>believed to be clean. >>>MailScanner thanks transtec Computers for their support. >>> >>>-- >>>MailScanner mailing list >>>mailscanner@lists.mailscanner.info >>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>>Before posting, read http://wiki.mailscanner.info/posting >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> > >- -- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.0.6 (Build 6060) > >iQA/AwUBRFZGbRH2WUcUFbZUEQKhLgCcD1Wr/dcWVRvvA+8aIDngBJ1M+EkAnj4E >bVt4nI/GlG7cuPvnOF4OnmZx >=J2yj >-----END PGP SIGNATURE----- > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060503/6d69e72a/attachment.html From jrudd at ucsc.edu Wed May 3 20:34:59 2006 From: jrudd at ucsc.edu (John Rudd) Date: Wed May 3 20:33:11 2006 Subject: SMTP Auth In-Reply-To: References: <1146668763.2775.71.camel@powell> <4458DF26.8040400@nkpanama.com> Message-ID: <733a88527ecaae3d9d0f4a1755c6ac69@ucsc.edu> On May 3, 2006, at 10:15, Mark Nienberg wrote: > Alex Neuman van der Hans wrote: > >> How about one of the spamassassin gurus here gives us a hand? You >> *could* set up a spamassassin rule that gives a strong negative value >> to something in the headers. I can see from a message that just came >> in that Dhawal is suggesting something similar. > > > Here is the spamassassin rule I use for this situation: > > # Check for authenticated mail sent from outside the office > # so we can compensate for rbls, etc. > # Note that the Received header has been modified in sendmail.mc so > # it says "authenticated SecretPhrase" instead of just "authenticated". > # This to make it harder for someone to bypass our filters by sending > # us messages with a forged Received header. > My plan around that is: 0) mimedefang removes any existing X-my-header-indicating-authenticated-user 1) mimedefang reads the sendmail macros to see if the sender is authenticated 2) mimedefang adds a X-my-header-indicating-authenticated-user with the header value being the authenticated user 3) if they are authenticated (or from one of my own exempt/local IP addrs), mimedefang doesn't feed the message to spam assassin; if they aren't, it feeds the message to spam assassin. Though, I could also, easily, feed the message to spam assassin in a later process, and give the presence of that header a low score. Since mimedefang removes that header up front, I don't have to worry about it being inserted by someone else (thus no need for a secret phrase). From shuttlebox at gmail.com Wed May 3 20:42:32 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed May 3 20:42:34 2006 Subject: tnef 1.4, Solaris, won't build In-Reply-To: References: Message-ID: <625385e30605031242qb76c8f3jf937d57406cfa1f5@mail.gmail.com> On 5/3/06, Jeff A. Earickson wrote: > Anybody else had problems getting tnef 1.4 to build from the tar > release? On Solaris 10 with gcc 4.1, I get: > > if gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -MT xstrdup.o -MD -MP -MF > ".deps/xstrdup.Tpo" -c -o xstrdup.o xstrdup.c; \ > then mv -f ".deps/xstrdup.Tpo" ".deps/xstrdup.Po"; else rm -f > ".deps/xstrdup.Tpo"; exit 1; fi > gmake[3]: *** No rule to make target `replace/libreplace.a', needed by > `tnef'. Stop. > > I'm going to use the tnef executable from the previous MS > release and move on for the moment. I have built TNEF 1.4 for the Blastwave project as part of my goal to get MailScanner in there. If you're a Blastwave user you can download the package from www.blastwave.org/testing since it's not in the normal repositories yet. -- /peter From alex at nkpanama.com Wed May 3 20:49:08 2006 From: alex at nkpanama.com (Alex Neuman) Date: Wed May 3 20:49:35 2006 Subject: SMTP Auth In-Reply-To: <733a88527ecaae3d9d0f4a1755c6ac69@ucsc.edu> References: <1146668763.2775.71.camel@powell> <4458DF26.8040400@nkpanama.com> <733a88527ecaae3d9d0f4a1755c6ac69@ucsc.edu> Message-ID: <44590934.80301@nkpanama.com> John Rudd escribi?: > > > My plan around that is: > > 0) mimedefang removes any existing > X-my-header-indicating-authenticated-user > 1) mimedefang reads the sendmail macros to see if the sender is > authenticated > 2) mimedefang adds a X-my-header-indicating-authenticated-user with > the header value being the authenticated user > 3) if they are authenticated (or from one of my own exempt/local IP > addrs), mimedefang doesn't feed the message to spam assassin; if they > aren't, it feeds the message to spam assassin. > > Though, I could also, easily, feed the message to spam assassin in a > later process, and give the presence of that header a low score. > Since mimedefang removes that header up front, I don't have to worry > about it being inserted by someone else (thus no need for a secret > phrase). > > Sorry to sound like a clueless noob (or a one-trick-pony, but you have to admit MailScanner is one hell of a trick!), but all I read is: 0) mimedefang blah blah 1) mimedefang yadda yadda 2) mimedefang adds fluffity-fluff bleebloop 3) if they are authenticated, mimedefang bah weep gra-nah weep ninni bong. Perhaps I should look into mimedefang so I can add it to my bag of tricks (or at least, so I can follow a simple thread!) :) From evanderleun at hal9000.nl Wed May 3 20:54:35 2006 From: evanderleun at hal9000.nl (Erik van der Leun) Date: Wed May 3 20:54:38 2006 Subject: mail loops In-Reply-To: <4456466C.1080308@ecs.soton.ac.uk> References: <44560595.80704@ecs.soton.ac.uk> <4456466C.1080308@ecs.soton.ac.uk> Message-ID: <44590A7B.4070304@hal9000.nl> This is from the module I installed from portage This module was formerly called File::Df. It has been renamed into Filesys::DiskSpace. It could have be Filesys::Df but unfortunatly another module created in the meantime uses this name. I installed Filesys-Statvfs_Statfs_Df-0.75.tar.gz using CPAN Conclusion: I was being a noob, installed the wrong module... It was called Filesys::DiskSpace, and I thought it was correct... naive... Sorry for the fuss :) And thanks for your support line 1663 does NOT need to be changed :) Erik van der Leun Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Please can you try changing line 1663 of >/usr/lib/MailScanner/MailScanner/Message.pm. Change it to say > > my $df = Filesys::DF::df($dir, 1024); > >and let me know if this fixes it. If it does I'll put out another >release before tomorrow morning. > >Erik van der Leun wrote: > > >>Outgoing mail does not appear to have a problem, logically... >> >>I restarted MailScanner to be able to send the mail, and retried >>debugging >>mode while MailScanner was still on Air: >> >>In Debugging mode, not forking... >>Ignore errors about failing to find EOCD signature >>Undefined subroutine &MailScanner::Message::df called at >>/usr/lib/MailScanner/MailScanner/Message.pm line 1663. >> >>This was the only output I got... Might be it though... >> >>I'm downgrading again for now, as I do need mailflow :) >> >>On Mon, 1 May 2006, Julian Field wrote: >> >> >> >>>-----BEGIN PGP SIGNED MESSAGE----- >>>Hash: SHA1 >>> >>>In which case stop MailScanner, do "MailScanner --debug" and send us the >>>output. >>> >>>Erik van der Leun wrote: >>> >>> >>>>Hi, >>>> >>>>I've already sent a (mild) warming for gentoo users on the latest >>>>stable >>>>release of MailScanner (the filename of Df.pm will be different if you >>>>use portage to install this perl module), but I didn't even get my >>>>MailScanner >>>>to work properly after the upgrade. >>>> >>>>Mail was checked for spam, I got a message the Virusscanning got >>>>started, but >>>>the first message after that, was the number of messages found in the >>>>queue >>>>and it kept on looping like this. >>>> >>>>Mail was accepted, but not delivered... >>>>I didn't take a lot time to investigate as I simply don't have it >>>>available >>>>at the moment. I downgraded and the problem was solved. >>>> >>>>Did anybody have similar experiences? >>>> >>>>Kind regards, >>>>Erik van der Leun >>>> >>>> >>>- -- >>>Julian Field >>>www.MailScanner.info >>>Buy the MailScanner book at www.MailScanner.info/store >>>Professional Support Services at www.MailScanner.biz >>>MailScanner thanks transtec Computers for their support >>> >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>>-----BEGIN PGP SIGNATURE----- >>>Version: PGP Desktop 9.0.6 (Build 6060) >>> >>>iQA/AwUBRFYFlRH2WUcUFbZUEQLFLACfQD3n1IAc8Ef33of1eUdn/cwDuAoAoJ8n >>>caAovvutPmulPsve+6s3l1S6 >>>=QJQZ >>>-----END PGP SIGNATURE----- >>> >>>-- >>>This message has been scanned for viruses and >>>dangerous content by MailScanner, and is >>>believed to be clean. >>>MailScanner thanks transtec Computers for their support. >>> >>>-- >>>MailScanner mailing list >>>mailscanner@lists.mailscanner.info >>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>>Before posting, read http://wiki.mailscanner.info/posting >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> > >- -- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.0.6 (Build 6060) > >iQA/AwUBRFZGbRH2WUcUFbZUEQKhLgCcD1Wr/dcWVRvvA+8aIDngBJ1M+EkAnj4E >bVt4nI/GlG7cuPvnOF4OnmZx >=J2yj >-----END PGP SIGNATURE----- > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060503/9f1d62c2/attachment.html From ka at pacific.net Wed May 3 20:58:47 2006 From: ka at pacific.net (Ken A) Date: Wed May 3 20:55:27 2006 Subject: Spamassassin not working after 4.53 In-Reply-To: <4458FCE1.6000204@ecs.soton.ac.uk> References: <972EAD70-2D44-4EB3-B294-5A49052FF46D@ecs.soton.ac.uk> <4458E7DF.1010609@pacific.net> <4458FCE1.6000204@ecs.soton.ac.uk> Message-ID: <44590B77.8080102@pacific.net> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have disabled it from having any effect until the user finds it. It's > relatively unimportant at the moment anyway. > Is it very easy to tell from the end of the output of sa-update that it > succeeded or failed? Users can't be expected to read more than the last > 5 lines or so of the output of sa-update. Does it produce different exit > codes if it fails? Yep. Last 2 lines of a successful run: [18514] dbg: channel: current version is 398009, new version is 398009, skipping channel [18514] dbg: diag: updates complete, exiting with code 1 Last 3 of a failed run: [19042] dbg: sha1: verification expected: 15c1ee72b78106cd3d6e32dba7be8619e97e156f [19042] dbg: sha1: verification got : 183e72b6541452a0ec169d109e4bbf39d22ce2b6 error: can't verify SHA1 signature channel: SHA1 verification failed, channel failed [19042] dbg: diag: updates complete, exiting with code 4 Last 3 of a successful run (when an update is needed): [19503] dbg: channel: unlinking 23_bayes.cf [19503] dbg: channel: unlinking 20_anti_ratware.cf [19503] dbg: channel: update complete [19503] dbg: diag: updates complete, exiting with code 0 All exit codes are in man sa-update. > > EXIT CODES > An exit code of 0 means an update was available, and was downloaded and installed successfully. > > An exit code of 1 means no fresh updates were available. > > An exit code of 4 or higher, indicates that errors occurred while attempting to download and extract updates. Thanks, Ken A Pacific.Net > Ken A wrote: >> This being a new feature of S.A., I did the usual poking around, ran >> "man sa-update" and then "sa-update -D". It failed on one of 3 SA/MS >> boxes the first time around with sha key errors, then it ran fine the >> second try. The other boxes worked on the first shot. >> >> It might be a nice thing to have some of the informative output at the >> end of install.sh say something about the importance of the 'first >> run' of sa-update. >> >> Thanks, >> >> Ken Anderson >> Pacific.Net >> >> >> Julian Field wrote: >>> I have just published 4.53.7 which has this option commented out by >>> default. >>> You can uncomment it yourself once you have found out all about >>> sa-update. >>> >>> This way seems a lot safer to me. Shame it never turned up as an >>> issue during beta testing. >>> >>> On 3 May 2006, at 16:04, Adri Koppes wrote: >>> >>>> Julian, >>>> >>>> One option might be to either have it commented out or leave the option >>>> blank, so that it doesn't get used and people have to enable it >>>> themselves when they start using sa-update and have verified they have >>>> received the first update ok. >>>> Another option could be to have MailScanner check on startup, if the >>>> directory exists, is readable and actually contains some rules before >>>> enabling the option. >>>> >>>> Normal behaviour of sa-update is to download the new rules, run an >>>> internal spamassassin --lint on them and if they pass, copy them to the >>>> local_state_dir. >>>> It looks like there is a small bug in SA, where it used the >>>> local_state_dir, even when it is empty. >>>> This would normally only happen, if there never was a successful >>>> sa-update. As soon as sa-update has run successfully, it will never >>>> delete the contents of the directory on a next unsuccessfull update. >>>> >>>> Adri. >>>> >>>>> -----Original Message----- >>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>>> Of Julian Field >>>>> Sent: woensdag 3 mei 2006 16:48 >>>>> To: MailScanner discussion >>>>> Subject: Re: Spamassassin not working after 4.53 >>>>> >>>>> Should I urgently put out a new version with the SpamAssassin >>>>> Local State Dir setting commented out in MailScanner.conf? >>>>> >>>>> >>>>> On 3 May 2006, at 12:45, Roger Jochem wrote: >>>>> >>>>>> I'm with the same problem here... >>>>>> >>>>>> What's the problem with sa-update? I normally used my rules >>>>> in /etc/ >>>>>> mail/spamassassin, and since this version 4.53.6-1, with this new >>>>>> setting "SpamAssassin Local State Dir" I'm having problems... >>>>>> >>>>>> My sa-update command runned with debug didn't found any working >>>>>> mirror... Any help? >>>>>> >>>>>> Regards >>>>>> >>>>>> Roger Jochem >>>>>> >>>>>> ----- Original Message ----- From: "Adri Koppes" >>>>>> >>>>>> To: "MailScanner discussion" >>>>>> Sent: Wednesday, May 03, 2006 8:28 AM >>>>>> Subject: RE: Spamassassin not working after 4.53 >>>>>> >>>>>> >>>>>>> I see you are using /var/lib/spamassassin/3.001001 as your sys and >>>>>>> def rules dir. >>>>>>> Probably these where created by running sa-update. >>>>>>> Yet, there are NO rules from this location read! >>>>>>> So all the default built-in rules don't exist as far as Sa is >>>>>>> concerned. >>>>>>> Are there any rules in /var/lib/spamassassin/3.001001 or >>>>> underlying >>>>>>> directories? >>>>>>> Have you tried running sa-update again? Perhaps it's a failed sa- >>>>>>> update, which deleted everything? >>>>>>> >>>>>>> Adri. >>>>>>> >>>>>>> >>>>>>>> -----Original Message----- >>>>>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>>>>>>> Devon Harding >>>>>>>> Sent: woensdag 3 mei 2006 13:17 >>>>>>>> To: MailScanner discussion >>>>>>>> Subject: Spamassassin not working after 4.53 >>>>>>>> >>>>>>>> After I upgraded to 4.53, I noticed that Mailscanner was letting >>>>>>>> through ALOT more spam. I also noticed that spamassassin was >>>>>>>> scoring messages very low. Can anyone tell me whats going on? >>>>>>>> Here's a copy of my spamassassin --lint: >>>>>>>> >>>>>>>> [root@mars MailScanner]# spamassassin -x -D -p >>>>>>>> /etc/MailScanner/spam.assassin.prefs.conf --lint [11642] dbg: >>>>>>>> logger: adding facilities: all [11642] dbg: logger: >>>>> logging level is >>>>>>>> DBG [11642] dbg: generic: SpamAssassin version 3.1.1 [11642] dbg: >>>>>>>> config: score set 0 chosen. >>>>>>>> [11642] dbg: util: running in taint mode? yes [11642] dbg: util: >>>>>>>> taint mode: deleting unsafe environment variables, resetting PATH >>>>>>>> [11642] dbg: util: PATH included '/usr/kerberos/sbin', keeping >>>>>>>> [11642] dbg: util: PATH included '/usr/kerberos/bin', keeping >>>>>>>> [11642] dbg: util: PATH included '/usr/local/sbin', >>>>> keeping [11642] >>>>>>>> dbg: util: PATH included '/usr/local/bin', keeping [11642] dbg: >>>>>>>> util: PATH included '/sbin', keeping [11642] dbg: util: PATH >>>>>>>> included '/bin', keeping [11642] dbg: util: PATH included >>>>>>>> '/usr/sbin', keeping [11642] dbg: util: PATH included '/usr/bin', >>>>>>>> keeping [11642] dbg: util: PATH included '/root/bin', keeping >>>>>>>> [11642] dbg: util: final PATH set to: >>>>>>>> /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/loca >>>>>>>> l/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin >>>>>>>> [11642] dbg: dns: is Net::DNS::Resolver available? yes >>>>> [11642] dbg: >>>>>>>> dns: Net::DNS version: 0.57 [11642] dbg: diag: perl platform: >>>>>>>> 5.008008 linux [11642] dbg: diag: module installed: Digest::SHA1, >>>>>>>> version 2.11 [11642] dbg: diag: module installed: HTML::Parser, >>>>>>>> version 3.51 [11642] dbg: diag: module installed: MIME::Base64, >>>>>>>> version 3.07 [11642] dbg: diag: module installed: >>>>> DB_File, version >>>>>>>> 1.814 [11642] dbg: diag: module installed: Net::DNS, version 0.57 >>>>>>>> [11642] dbg: diag: module installed: Net::SMTP, version >>>>> 2.29 [11642] >>>>>>>> dbg: diag: module installed: Mail::SPF::Query, version 1.999001 >>>>>>>> [11642] dbg: diag: module installed: IP::Country::Fast, version >>>>>>>> 604.001 [11642] dbg: diag: module installed: >>>>> Razor2::Client::Agent, >>>>>>>> version 2.81 [11642] dbg: diag: module installed: Net::Ident, >>>>>>>> version 1.20 [11642] dbg: diag: module not installed: >>>>>>>> IO::Socket::INET6 ('require' failed) [11642] dbg: diag: module >>>>>>>> installed: IO::Socket::SSL, version 0.97 [11642] dbg: >>>>> diag: module >>>>>>>> installed: Time::HiRes, version 1.86 [11642] dbg: diag: module >>>>>>>> installed: DBI, version 1.50 [11642] dbg: diag: module installed: >>>>>>>> Getopt::Long, version 2.35 [11642] dbg: diag: module installed: >>>>>>>> LWP::UserAgent, version 2.033 [11642] dbg: diag: module >>>>> installed: >>>>>>>> HTTP::Date, version 1.47 [11642] dbg: diag: module installed: >>>>>>>> Archive::Tar, version 1.29 [11642] dbg: diag: module installed: >>>>>>>> IO::Zlib, version 1.04 [11642] dbg: ignore: using a test >>>>> message to >>>>>>>> lint rules [11642] dbg: config: using >>>>> "/etc/mail/spamassassin" for >>>>>>>> site rules pre files [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/init.pre [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/v310.pre [11642] dbg: config: using >>>>>>>> "/var/lib/spamassassin/3.001001" for sys rules pre files [11642] >>>>>>>> dbg: config: using "/var/lib/spamassassin/3.001001" for default >>>>>>>> rules dir [11642] dbg: config: using "/etc/mail/spamassassin" for >>>>>>>> site rules dir [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf >>>>>>>> [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/70_sare_evilnum0.cf >>>>>>>> [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/70_sare_evilnum1.cf >>>>>>>> [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/70_sare_evilnum2.cf >>>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>>>>>>> 70_sare_html.cf [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/ 70_sare_html4.cf [11642] dbg: >>>>> config: read >>>>>>>> file /etc/mail/spamassassin/70_sare_html_eng.cf >>>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>>>>>>> 70_sare_obfu.cf [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/70_sare_random.cf >>>>>>>> [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/70_sare_specific.cf >>>>>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/70_sare_uri.cf >>>>>>>> [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/70_sare_whitelist.cf >>>>>>>> [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf >>>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/ >>>>>>>> 88_FVGT_body.cf [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/88_FVGT_headers.cf >>>>>>>> [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/88_FVGT_rawbody.cf >>>>>>>> [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/88_FVGT_subject.cf >>>>>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/88_FVGT_uri.cf >>>>>>>> [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/99_FVGT_Tripwire.cf >>>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/antidrug.cf >>>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/backhair.cf >>>>>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/chickenpox.cf >>>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/german.cf >>>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/local.cf >>>>>>>> [11642] dbg: config: read file >>>>> /etc/mail/spamassassin/mailscanner.cf >>>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/mangled.cf >>>>>>>> [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/random.current.cf >>>>>>>> [11642] dbg: config: read file >>>>>>>> /etc/mail/spamassassin/sa-blacklist.current.uri.cf >>>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/tripwire.cf >>>>>>>> [11642] dbg: config: read file /etc/mail/spamassassin/weeds.cf >>>>>>>> [11642] dbg: config: using "/etc/MailScanner/ >>>>>>>> spam.assassin.prefs.conf" >>>>>>>> for user prefs file >>>>>>>> [11642] dbg: config: read file >>>>>>>> /etc/MailScanner/spam.assassin.prefs.conf >>>>>>>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from >>>>>>>> @INC [11642] dbg: dcc: network tests on, registering DCC [11642] >>>>>>>> dbg: plugin: registered >>>>>>>> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a6b8e0) >>>>>>>> [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::Pyzor from @INC [11642] dbg: pyzor: >>>>>>>> network tests on, attempting Pyzor [11642] dbg: plugin: registered >>>>>>>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a5db2c) >>>>>>>> [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>>>>> razor2 is available, version 2.81 [11642] dbg: plugin: registered >>>>>>>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9b24050) >>>>>>>> [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::SpamCop from @INC [11642] >>>>> dbg: reporter: >>>>>>>> network tests on, attempting SpamCop [11642] dbg: plugin: >>>>> registered >>>>>>>> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9b5b2a8) >>>>>>>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from >>>>>>>> @INC [11642] dbg: plugin: registered >>>>>>>> Mail::SpamAssassin::Plugin::AWL=HASH(0x9ae90d4) >>>>>>>> [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [11642] >>>>>>>> dbg: plugin: registered >>>>>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9aea07c) >>>>>>>> [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>>>> [11642] dbg: >>>>>>>> plugin: registered >>>>>>>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9aeaaf0) >>>>>>>> [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::MIMEHeader from @INC [11642] dbg: >>>>>>>> plugin: registered >>>>>>>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9aeb7d4) >>>>>>>> [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC [11642] dbg: >>>>>>>> plugin: registered >>>>>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) >>>>>>>> [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::RelayCountry from @INC [11642] dbg: >>>>>>>> plugin: registered >>>>>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) >>>>>>>> [11642] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from >>>>>>>> @INC [11642] dbg: plugin: registered >>>>>>>> Mail::SpamAssassin::Plugin::SPF=HASH(0x9b64784) >>>>>>>> [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL from @INC [11642] >>>>> dbg: plugin: >>>>>>>> registered >>>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) >>>>>>>> [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>>>>> razor2 is available, version 2.81 [11642] dbg: plugin: did not >>>>>>>> register >>>>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9bb3f14), already >>>>>>>> registered [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::DCC from @INC [11642] dbg: >>>>> dcc: network >>>>>>>> tests on, registering DCC [11642] dbg: plugin: did not register >>>>>>>> Mail::SpamAssassin::Plugin::DCC=HASH(0x9a85404), already >>>>> registered >>>>>>>> [11642] dbg: plugin: loading >>>>> Mail::SpamAssassin::Plugin::Pyzor from >>>>>>>> @INC [11642] dbg: pyzor: network tests on, attempting >>>>> Pyzor [11642] >>>>>>>> dbg: plugin: did not register >>>>>>>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9a85428), already >>>>>>>> registered [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>>>>> razor2 is available, version 2.81 [11642] dbg: plugin: did not >>>>>>>> register >>>>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a85440), already >>>>>>>> registered [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::SpamCop from @INC [11642] >>>>> dbg: reporter: >>>>>>>> network tests on, attempting SpamCop [11642] dbg: plugin: did not >>>>>>>> register Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9a8550c), >>>>>>>> already registered [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::AWL from @INC [11642] dbg: >>>>> plugin: did >>>>>>>> not register Mail::SpamAssassin::Plugin::AWL=HASH(0x9a854d0), >>>>>>>> already registered [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [11642] >>>>>>>> dbg: plugin: did not register >>>>>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9a855a8), >>>>>>>> already registered >>>>>>>> [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>>>> [11642] dbg: >>>>>>>> plugin: did not register >>>>>>>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9a855a8), >>>>>>>> already >>>>>>>> registered >>>>>>>> [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::MIMEHeader from @INC [11642] dbg: >>>>>>>> plugin: did not register >>>>>>>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9a8568c), already >>>>>>>> registered [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC [11642] dbg: >>>>>>>> plugin: did not register >>>>>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9a85704), already >>>>>>>> registered [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::RelayCountry from @INC [11642] dbg: >>>>>>>> plugin: did not register >>>>>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9a8571c), already >>>>>>>> registered [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::SPF from @INC [11642] dbg: >>>>> plugin: did >>>>>>>> not register Mail::SpamAssassin::Plugin::SPF=HASH(0x9a856b0), >>>>>>>> already registered [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL from @INC [11642] >>>>> dbg: plugin: >>>>>>>> did not register >>>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9a85710), already >>>>>>>> registered [11642] dbg: plugin: loading >>>>>>>> Mail::SpamAssassin::Plugin::Razor2 from @INC [11642] dbg: razor2: >>>>>>>> razor2 is available, version 2.81 [11642] dbg: plugin: did not >>>>>>>> register >>>>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x9a8577c), already >>>>>>>> registered [11642] dbg: plugin: >>>>>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9ba573c) >>>>> implements >>>>>>>> 'finish_parsing_end' >>>>>>>> [11642] dbg: replacetags: replacing tags [11642] dbg: >>>>> replacetags: >>>>>>>> done replacing tags [11642] dbg: bayes: using username: >>>>> root [11642] >>>>>>>> dbg: bayes: database connection established [11642] dbg: bayes: >>>>>>>> found bayes db version 3 [11642] dbg: bayes: Using >>>>> userid: 1 [11642] >>>>>>>> dbg: config: score set 3 chosen. >>>>>>>> [11642] dbg: message: ---- MIME PARSER START ---- [11642] dbg: >>>>>>>> message: main message type: text/plain [11642] dbg: >>>>> message: parsing >>>>>>>> normal part [11642] dbg: message: added part, type: text/plain >>>>>>>> [11642] dbg: message: ---- MIME PARSER END ---- [11642] dbg: dns: >>>>>>>> name server: 192.168.0.10, family: 2, ipv6: 0 [11642] dbg: dns: >>>>>>>> testing resolver nameservers: 192.168.0.10, 192.168.0.12, >>>>>>>> 192.168.0.2 [11642] dbg: dns: trying (3) linux.org... >>>>>>>> [11642] dbg: dns: looking up NS for 'linux.org' >>>>>>>> [11642] dbg: dns: NS lookup of linux.org using >>>>> 192.168.0.10 failed, >>>>>>>> no results found [11642] dbg: dns: trying (2) akamai.com... >>>>>>>> [11642] dbg: dns: looking up NS for 'akamai.com' >>>>>>>> [11642] dbg: dns: NS lookup of akamai.com using >>>>> 192.168.0.10 failed, >>>>>>>> no results found [11642] dbg: dns: trying (1) intel.com... >>>>>>>> [11642] dbg: dns: looking up NS for 'intel.com' >>>>>>>> [11642] dbg: dns: NS lookup of intel.com using 192.168.0.10 >>>>>>>> succeeded => DNS available (set dns_available to >>>>> override) [11642] >>>>>>>> dbg: dns: is DNS available? 1 [11642] dbg: metadata: >>>>>>>> X-Spam-Relays-Trusted: >>>>>>>> [11642] dbg: metadata: X-Spam-Relays-Untrusted: >>>>>>>> [11642] dbg: plugin: >>>>>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9ba5fdc) >>>>> implements >>>>>>>> 'extract_metadata' >>>>>>>> [11642] dbg: metadata: X-Relay-Countries: >>>>>>>> [11642] dbg: message: no encoding detected [11642] dbg: plugin: >>>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>>>>>>> 'parsed_metadata' >>>>>>>> [11642] dbg: uridnsbl: domains to query: >>>>>>>> [11642] dbg: check: running tests for priority: 0 [11642] dbg: >>>>>>>> rules: running header regexp tests; score so far=0 [11642] dbg: >>>>>>>> rules: running body-text per-line regexp tests; score so far=0 >>>>>>>> [11642] dbg: rules: ran body rule __SARE_HTML_HAS_MSG ======> got >>>>>>>> hit: "I" >>>>>>>> [11642] dbg: uri: running uri tests; score so far=0 [11642] dbg: >>>>>>>> rules: running raw-body-text per-line regexp tests; score >>>>> so far=0 >>>>>>>> [11642] dbg: rules: running full-text regexp tests; score >>>>> so far=0 >>>>>>>> [11642] dbg: plugin: >>>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>>>>>>> 'check_tick' >>>>>>>> [11642] dbg: check: running tests for priority: 500 [11642] dbg: >>>>>>>> plugin: >>>>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9bb3e54) implements >>>>>>>> 'check_post_dnsbl' >>>>>>>> [11642] dbg: rules: running meta tests; score so far=0 >>>>> [11642] dbg: >>>>>>>> rules: running header regexp tests; score so far=0 [11642] dbg: >>>>>>>> rules: running body-text per-line regexp tests; score so far=0 >>>>>>>> [11642] dbg: uri: running uri tests; score so far=0 [11642] dbg: >>>>>>>> rules: running raw-body-text per-line regexp tests; score >>>>> so far=0 >>>>>>>> [11642] dbg: rules: running full-text regexp tests; score >>>>> so far=0 >>>>>>>> [11642] dbg: check: is spam? score=0 required=5 [11642] >>>>> dbg: check: >>>>>>>> tests= [11642] dbg: check: subtests=__SARE_HTML_HAS_MSG >>>>>>>> -- >>>>>>>> MailScanner mailing list >>>>>>>> mailscanner@lists.mailscanner.info >>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>>> >>>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>> -- >>>>>>> MailScanner mailing list >>>>>>> mailscanner@lists.mailscanner.info >>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>> >>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>> -- >>>>> Julian Field >>>>> www.MailScanner.info >>>>> Buy the MailScanner book at www.MailScanner.info/store PGP >>>>> footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>> >>>>> >>>>> --This message has been scanned for viruses and >>>>> dangerous content by MailScanner, and is >>>>> believed to be clean. >>>>> MailScanner thanks transtec Computers for their support. >>>>> >>>>> --MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> --Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> --This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> MailScanner thanks transtec Computers for their support. >>> >>> --MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRFj84xH2WUcUFbZUEQLFGACgtmWxoM95k9hgEnVs6CYKnCKvEhAAoMQI > iwfbIW4ok5IcSYvz198qVovc > =PJbN > -----END PGP SIGNATURE----- > From ryan at marinocrane.com Wed May 3 20:59:08 2006 From: ryan at marinocrane.com (Ryan Pitt) Date: Wed May 3 20:59:20 2006 Subject: SMTP Auth In-Reply-To: <44590934.80301@nkpanama.com> References: <1146668763.2775.71.camel@powell> <4458DF26.8040400@nkpanama.com> <733a88527ecaae3d9d0f4a1755c6ac69@ucsc.edu> <44590934.80301@nkpanama.com> Message-ID: <44590B8C.1030204@marinocrane.com> Alex Neuman wrote: > Sorry to sound like a clueless noob (or a one-trick-pony, but you have > to admit MailScanner is one hell of a trick!), but all I read is: > > 0) mimedefang blah blah > 1) mimedefang yadda yadda > 2) mimedefang adds fluffity-fluff bleebloop > 3) if they are authenticated, mimedefang bah weep gra-nah weep ninni > bong. > > Perhaps I should look into mimedefang so I can add it to my bag of > tricks (or at least, so I can follow a simple thread!) :) Alex, Thanks for the chuckle! I too have no idea what mimedefang is, but, like you, all I know is that MailScanner ROCKS! Ryan From rob at thehostmasters.com Wed May 3 21:18:00 2006 From: rob at thehostmasters.com (Rob Morin) Date: Wed May 3 21:18:05 2006 Subject: {Spam?} Re: Changin MX machine to it's own, recommendations please... In-Reply-To: <445828A0.6060200@nkpanama.com> References: <013b01c66870$70632750$3004010a@martinhlaptop> <444E2D43.8020008@thehostmasters.com> <444E60D2.3090107@thehostmasters.com> <444E6B07.8040905@thehostmasters.com> <44575CD4.9010700@thehostmasters.com> <44578004.2020003@nkpanama.com> <445786C0.9010600@thehostmasters.com> <4457A305.3090203@ecs.soton.ac.uk> <445828A0.6060200@nkpanama.com> Message-ID: <44590FF8.3070602@thehostmasters.com> I understand about what is said here, but i wanted to know if putting that in IP in the list like in the example would just let the email bypass scanning via MS or would it still run clam and SA and then notice its white listed.... Basically only scan email coming from localhost, anything else do not scan for spam or virus at all, as i can tell postfix to accept email only from a specific source and no where else.... so i would accept email only from this 1 IP and reject everything else.... My apologies if i have upset or irritated anyone, or if i have not made myself clear.... Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Alex Neuman van der Hans wrote: > Julian Field wrote: >> But still people don't get it. Maybe they don't read the docs? At >> that point, there's not much I can do. >> > > And there's always the ever-popular "scan messages" option, which in > the form: > > From: 1.2.3.4 no > FromOrTo: default yes > > would probably get the result he needs, with a little less impact on > performance than virus scanning = no and whitelist = yes for that > IP... right? From matt at coders.co.uk Wed May 3 23:14:33 2006 From: matt at coders.co.uk (Matt Hampton) Date: Wed May 3 23:14:43 2006 Subject: Rules and Mailing lists In-Reply-To: References: <4457CF82.6030406@magnet.fsu.edu> <4457D1DF.3000604@coders.co.uk> Message-ID: <44592B49.3020505@coders.co.uk> Scott Silva wrote: > Matt Hampton spake the following on 5/2/2006 2:40 PM: >>> Is there a better solution to set up the rule using some other email >>> header that will identify email just from joe@magnet.fsu.edu without >>> opening up the whole list? >> I am assuming that you have MailScanner "in front" of your mailman >> installation? >> >> The way that I have it set is is to have a second sendmail process >> listening on loopback which only accepts mail from a list address. >> >> The incoming message is scanned by MailScanner and passed to mailman. >> MailMan then forwards the expanded mail to the second sendmail process >> which attempts delivery and will place any deferred entries in the >> standard mqueue directory. >> >> This means each message is only scanned once and rules can be applied as >> you expect. >> >> matt >> >> > Sounds like good wiki fodder! Do you have some details of the setup you did? > > http://wiki.mailscanner.info/doku.php?id=documentation:related_software:mailman Early draft. Comments please! From lshaw at emitinc.com Wed May 3 23:36:42 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Wed May 3 23:36:50 2006 Subject: scanning on both primary and second MX servers In-Reply-To: <7B215F5B-2581-4E2C-9A29-A5FE5F0373F7@ecs.soton.ac.uk> References: <7B215F5B-2581-4E2C-9A29-A5FE5F0373F7@ecs.soton.ac.uk> Message-ID: On Tue, 2 May 2006, Julian Field wrote: > On 2 May 2006, at 00:20, Logan Shaw wrote: >> So, I thought I had a solution: install MailScanner on the >> backup MX as well. Then blacklisting will be in effect over >> there, and everything's great, theoretically. I installed all >> that, and just now I realized the flaw in that plan. I now >> get two sets of headers because the messages are being scanned >> twice by two different machines. (I get "X-Spam-Status: Yes, >> Yes" and stuff like that.) > > What I would advise is that you install SpamAssassin (used as part of > MailScanner, download by "easy-to-install" package of ClamAV+SA from the > MailScanner downloads page). You can then not only assign your own scores to > different RBLs if you want to, but more importantly SpamAssassin will check > all the hosts through which the message passed, not just the last hop (which > is all MailScanner can do). > > SpamAssassin is much better than MailScanner with this feature. Aha, so just to recap now that I've taken a day or whatever to digest that response, I think what you're saying is this: 1. Even though MailScanner uses SpamAssassin, they each have their own independent RBL implementations and MailScanner uses its own and turns off SpamAssassin's. 2. SpamAssassin's RBL support works better in that it scans all the Received: headers, rather than just looking at where the most recent message came from. And also in that it gives me more control over scoring. 3. I can set up MailScanner to use SpamAssassin's implementation instead, so that I can continue to use MailScanner but I can use the superior RBL implementation. And it would appear (please tell me if I'm on the right track!) that the implications of this are: 1. I need to make sure I have properly configured SpamAssassin so that it correctly identifies which hosts are/aren't trusted, and I use the "trusted_networks" setting to do this by putting a list of all my own MX hosts (and those I trust, like maybe my ISP's). 2. If I do this (and if I don't feel the need to delete the spam immediately on the secondary MX), then I don't necessarily have to have MailScanner or SpamAssassin or any other filtering software on the backup MX, because SpamAssassin can catch everything on the main mail server. Do I basically have that correct? If so, that makes my life easier, because it is a bit more of a pain to maintain a second MailScanner setup on the backup MX machine. (Especially considering that its bayes and autowhitelisting will be all screwed up, so those require special attention...) - Logan From jrudd at ucsc.edu Wed May 3 23:48:33 2006 From: jrudd at ucsc.edu (John Rudd) Date: Wed May 3 23:46:21 2006 Subject: SMTP Auth In-Reply-To: <44590B8C.1030204@marinocrane.com> References: <1146668763.2775.71.camel@powell> <4458DF26.8040400@nkpanama.com> <733a88527ecaae3d9d0f4a1755c6ac69@ucsc.edu> <44590934.80301@nkpanama.com> <44590B8C.1030204@marinocrane.com> Message-ID: <5329616e168715e8367185a94a58f66a@ucsc.edu> On May 3, 2006, at 12:59, Ryan Pitt wrote: > > Alex Neuman wrote: >> Sorry to sound like a clueless noob (or a one-trick-pony, but you >> have to admit MailScanner is one hell of a trick!), but all I read >> is: >> >> 0) mimedefang blah blah >> 1) mimedefang yadda yadda >> 2) mimedefang adds fluffity-fluff bleebloop >> 3) if they are authenticated, mimedefang bah weep gra-nah weep ninni >> bong. >> >> Perhaps I should look into mimedefang so I can add it to my bag of >> tricks (or at least, so I can follow a simple thread!) :) > > Alex, > > Thanks for the chuckle! I too have no idea what mimedefang is, but, > like you, all I know is that MailScanner ROCKS! > It's a sendmail milter. Lets you do some good stuff during the SMTP transaction. Can be used along side mailscanner, or even replace some of mailscanner's capabilities (each has its own trade-offs). From jaearick at colby.edu Thu May 4 01:53:08 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu May 4 01:57:27 2006 Subject: 4.53.7: phishing fraud endless loop Message-ID: Gang, I sent Julian an example sendmail message (offlist) that caused 4.53.7 to go into an endless loop when I ran it in debug mode. This was a lucky coincidence; I normally run a new version of MS in debug mode one time before putting it into production, and this message just happened to be there. I got beaucoup syslog messages like: Found phishing fraud from www.evite.com claiming to be www.greetingstoall,afternearly3yearsbackinthestates,i'mheadingbacktolondonforwor in k43IWccm014788 and the debug mode wouldn't end. I tried it both with the default "Web Bug Replacement =" setting and setting this to blank, both looped up. Anybody else seen this behavior? My setup: Solaris 10, sendmail 8.13.6, SA 3.1.1. Julian, what happens if some firewall gets between MailScanner and http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif ? Jeff Earickson Colby College From alex at nkpanama.com Thu May 4 03:14:23 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu May 4 03:15:06 2006 Subject: Bitdefender Wrapper / tmpfs In-Reply-To: <044201c66ee1$24399bd0$0202fea9@sangria> References: <044201c66ee1$24399bd0$0202fea9@sangria> Message-ID: <4459637F.5020107@nkpanama.com> chardlist wrote: > I saw in the clam-av wrapper where this could be easily modified. > > Elaborating on that... does anyone have recommendations on using tmpfs to > improve performance? I've already configured the mailscanner incoming > directory and the clamav temporary directory to use tmpfs and the > performance boost is outstanding. > Can you document how you did this? Perhaps other bits and pieces (like razor-pyzor-dcc-etc.) could be optimized this way. The only problem lies in that a power outage or an unexpected reboot could potentially mean a lot of lost messages. From mikej at rogers.com Thu May 4 05:50:48 2006 From: mikej at rogers.com (Mike Jakubik) Date: Thu May 4 05:51:06 2006 Subject: Will MS work with Postfix 2.3? Message-ID: <44598828.6030008@rogers.com> I hope this gets Julian's attention, but i am curious to know whether MailScanner will continue to function with the new release of Postfix 2.3. From MailScanner at ecs.soton.ac.uk Thu May 4 09:51:03 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 4 09:51:20 2006 Subject: SMTP Auth In-Reply-To: <733a88527ecaae3d9d0f4a1755c6ac69@ucsc.edu> References: <1146668763.2775.71.camel@powell> <4458DF26.8040400@nkpanama.com> <733a88527ecaae3d9d0f4a1755c6ac69@ucsc.edu> Message-ID: <68C296ED-BFAF-42ED-8BDB-55BEBB8E59C1@ecs.soton.ac.uk> On 3 May 2006, at 20:34, John Rudd wrote: > > On May 3, 2006, at 10:15, Mark Nienberg wrote: > >> Alex Neuman van der Hans wrote: >> >>> How about one of the spamassassin gurus here gives us a hand? You >>> *could* set up a spamassassin rule that gives a strong negative >>> value to something in the headers. I can see from a message that >>> just came in that Dhawal is suggesting something similar. >> >> >> Here is the spamassassin rule I use for this situation: >> >> # Check for authenticated mail sent from outside the office >> # so we can compensate for rbls, etc. >> # Note that the Received header has been modified in sendmail.mc so >> # it says "authenticated SecretPhrase" instead of just >> "authenticated". >> # This to make it harder for someone to bypass our filters by sending >> # us messages with a forged Received header. >> > > My plan around that is: > > 0) mimedefang removes any existing X-my-header-indicating- > authenticated-user > 1) mimedefang reads the sendmail macros to see if the sender is > authenticated > 2) mimedefang adds a X-my-header-indicating-authenticated-user with > the header value being the authenticated user > 3) if they are authenticated (or from one of my own exempt/local IP > addrs), mimedefang doesn't feed the message to spam assassin; if > they aren't, it feeds the message to spam assassin. > > Though, I could also, easily, feed the message to spam assassin in > a later process, and give the presence of that header a low score. > Since mimedefang removes that header up front, I don't have to > worry about it being inserted by someone else (thus no need for a > secret phrase). John, If you want to sing the praises of mimedefang, please do it on their list and not mine. This list is for MailScanner discussions, and you are starting to get very off-topic. Regards Jules. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu May 4 09:53:38 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 4 09:53:52 2006 Subject: scanning on both primary and second MX servers In-Reply-To: References: <7B215F5B-2581-4E2C-9A29-A5FE5F0373F7@ecs.soton.ac.uk> Message-ID: On 3 May 2006, at 23:36, Logan Shaw wrote: > On Tue, 2 May 2006, Julian Field wrote: >> On 2 May 2006, at 00:20, Logan Shaw wrote: > >>> So, I thought I had a solution: install MailScanner on the >>> backup MX as well. Then blacklisting will be in effect over >>> there, and everything's great, theoretically. I installed all >>> that, and just now I realized the flaw in that plan. I now >>> get two sets of headers because the messages are being scanned >>> twice by two different machines. (I get "X-Spam-Status: Yes, >>> Yes" and stuff like that.) >> >> What I would advise is that you install SpamAssassin (used as part >> of MailScanner, download by "easy-to-install" package of ClamAV+SA >> from the MailScanner downloads page). You can then not only assign >> your own scores to different RBLs if you want to, but more >> importantly SpamAssassin will check all the hosts through which >> the message passed, not just the last hop (which is all >> MailScanner can do). >> >> SpamAssassin is much better than MailScanner with this feature. > > Aha, so just to recap now that I've taken a day or whatever to > digest that response, I think what you're saying is this: > > 1. Even though MailScanner uses SpamAssassin, they each have > their own independent RBL implementations and MailScanner > uses its own and turns off SpamAssassin's. MailScanner does not turn off SpamAssassin's RBL support. You can (and I do) use both. > > 2. SpamAssassin's RBL support works better in that it scans > all the Received: headers, rather than just looking at > where the most recent message came from. And also in that > it gives me more control over scoring. > > 3. I can set up MailScanner to use SpamAssassin's implementation > instead, so that I can continue to use MailScanner but I can > use the superior RBL implementation. > > And it would appear (please tell me if I'm on the right track!) > that the implications of this are: > > 1. I need to make sure I have properly configured SpamAssassin > so that it correctly identifies which hosts are/aren't > trusted, and I use the "trusted_networks" setting to do > this by putting a list of all my own MX hosts (and those > I trust, like maybe my ISP's). > > 2. If I do this (and if I don't feel the need to delete the > spam immediately on the secondary MX), then I don't > necessarily have to have MailScanner or SpamAssassin or > any other filtering software on the backup MX, because > SpamAssassin can catch everything on the main mail server. > > Do I basically have that correct? If so, that makes my life > easier, because it is a bit more of a pain to maintain a second > MailScanner setup on the backup MX machine. (Especially > considering that its bayes and autowhitelisting will be all > screwed up, so those require special attention...) From what I see, yes. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu May 4 09:54:25 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 4 09:54:40 2006 Subject: 4.53.7: phishing fraud endless loop In-Reply-To: References: Message-ID: On 4 May 2006, at 01:53, Jeff A. Earickson wrote: > Gang, > > I sent Julian an example sendmail message (offlist) that caused > 4.53.7 to > go into an endless loop when I ran it in debug mode. This was > a lucky coincidence; I normally run a new version of MS in debug > mode one time before putting it into production, and this message > just happened to be there. > > I got beaucoup syslog messages like: > > Found phishing fraud from www.evite.com claiming to be > www.greetingstoall,afternearly3yearsbackinthestates,i'mheadingbacktolo > ndonforwor in k43IWccm014788 > > and the debug mode wouldn't end. I tried it both with the > default "Web Bug Replacement =" setting and setting this to > blank, both looped up. Anybody else seen this behavior? > My setup: Solaris 10, sendmail 8.13.6, SA 3.1.1. > > Julian, what happens if some firewall gets between MailScanner > and http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif ? Then the HTML view of the page won't render quite as prettily, that's all. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu May 4 09:55:51 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 4 09:56:12 2006 Subject: Bitdefender Wrapper / tmpfs In-Reply-To: <4459637F.5020107@nkpanama.com> References: <044201c66ee1$24399bd0$0202fea9@sangria> <4459637F.5020107@nkpanama.com> Message-ID: <1879F503-2C76-49E9-98E9-2A060800825A@ecs.soton.ac.uk> On 4 May 2006, at 03:14, Alex Neuman van der Hans wrote: > chardlist wrote: >> I saw in the clam-av wrapper where this could be easily modified. >> >> Elaborating on that... does anyone have recommendations on using >> tmpfs to >> improve performance? I've already configured the mailscanner >> incoming >> directory and the clamav temporary directory to use tmpfs and the >> performance boost is outstanding. >> > Can you document how you did this? Perhaps other bits and pieces > (like razor-pyzor-dcc-etc.) could be optimized this way. The only > problem lies in that a power outage or an unexpected reboot could > potentially mean a lot of lost messages. It will *not* result in any lost messages at all. I ain't that stoopid :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu May 4 09:56:28 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 4 09:56:43 2006 Subject: Will MS work with Postfix 2.3? In-Reply-To: <44598828.6030008@rogers.com> References: <44598828.6030008@rogers.com> Message-ID: <07C0775D-36EE-43D3-88A8-EFF1145B1A44@ecs.soton.ac.uk> Don't know, haven't tried it yet. I'll give it a go and see what he has changed to keep me on my toes! On 4 May 2006, at 05:50, Mike Jakubik wrote: > I hope this gets Julian's attention, but i am curious to know > whether MailScanner will continue to function with the new release > of Postfix 2.3. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From maillists at conactive.com Thu May 4 10:31:17 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu May 4 10:31:25 2006 Subject: 4.53.7: phishing fraud endless loop In-Reply-To: References: Message-ID: Jeff A. Earickson wrote on Wed, 3 May 2006 20:53:08 -0400 (EDT): > Julian, what happens if some firewall gets between MailScanner > and http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif ? Depends on what the firewall does ;-) This should not be any problem during MS/SA detection since I assume MS replaces the URL only after all is done. So, it's got any effect only when the message gets viewed in a mail program that shows HTML and retrieves external images. If port 80 is blocked it won't get retrieved. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From a.peacock at chime.ucl.ac.uk Thu May 4 10:54:51 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu May 4 10:55:06 2006 Subject: MailScanner.conf Message-ID: <4459CF6B.7060809@chime.ucl.ac.uk> Hi, I am just upgrading to the latest stable version 4.53.7. Working my way through the new MailScanner.conf file I noticed the comment at the top about the ability to use scaling suffixes on numbers. This comment says that this feature was added in version 4.54! Should the comment be fixed? -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From Jan-Peter.Koopmann at seceidos.de Thu May 4 11:20:27 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Thu May 4 11:20:44 2006 Subject: Mailscanner does not identify attachment in mail Message-ID: Hi Julian, I just had an enduser complain that certain messages did not reach him. I looked them up and they were all identified as spam. Why? Because the attachment in the message was not identified as such and therefore the uuencoded (or base64?) attachment triggered all sorts of SA rules. The real question now is: Why did Mailscanner not pick up the attachment? The message body looks like this: ------------------- RunJob Report PDCMFREP_B 04-May-2006 17:32:47 WAUST begin 664 PFLIST.pdf M)5!$1BTQ+C$*,2`P(&]B:@H\/`HO0W)E871O2`P-"`P-3HS,SHU.2!032`R,#`V*0HO ` end ------------------- Nothing special in the headers. This looks wrong to me but if this message is delivered to Exchange/Outlook the attachment is decoded correctly. But this now means that these sort of wrongly formatted attachments are not discovered and therefore not scanned by MailScanner??? Please help. I can put the exim spool files to a download location if that helps you. Kind regards Jan-Peter Koopmann Dipl.-Wirtschaftsinformatiker Gesch?ftsf?hrer -- Seceidos GmbH&Co. KG | Tel: +49 6151 66843-43 Robert-Bosch-Str. 7 | Fax: +49 6151 66843-52 64293 Darmstadt / Germany | IAX: guest@voip.seceidos.de/43 http://www.seceidos.de | SIP: 43@voip.seceidos.de -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060504/d2ace6ea/smime.bin From Jan-Peter.Koopmann at seceidos.de Thu May 4 11:29:30 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Thu May 4 11:29:49 2006 Subject: MailScanner ANNOUNCE: stable 4.53.6 released Message-ID: On Tuesday, May 02, 2006 4:18 PM Dave Shariff Yadallee - System Administrator a.k.a. The Root of theProblem wrote: > Just to let you know users of BsdOS 4.3.X and FreeBSD 4.X do not have > sys/statvfs.h on their system. I had to nick the necessary files > from a FreeBSD 5.X Box. Why don't you simply install the p5-Filesys-Statvfs_Df port? That surely did the trick on my FreeBSD boxes (4.X to 6.X) and is the official/supported way of doing this. Or wait till the 4.53.7 port is committed (hopefully today) since it will solve the problem for you. Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060504/7acc6923/smime.bin From martinh at solid-state-logic.com Thu May 4 11:32:34 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu May 4 11:32:42 2006 Subject: Mailscanner does not identify attachment in mail In-Reply-To: Message-ID: <007401c66f66$0eb5ca60$3004010a@martinhlaptop> JP It's a personal certificate file (guess who uses Outleek as their MUA ;-( The 'file-typeing' is usually called out to the unix 'file' command, but I guess you could but in an entry into the file.names.conf for a .p2s file..??? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Koopmann, Jan-Peter > Sent: 04 May 2006 11:20 > To: MailScanner discussion > Subject: Mailscanner does not identify attachment in mail > > Hi Julian, > > I just had an enduser complain that certain messages did not reach him. I > looked them up and they were all identified as spam. Why? Because the > attachment in the message was not identified as such and therefore the > uuencoded (or base64?) attachment triggered all sorts of SA rules. The > real > question now is: Why did Mailscanner not pick up the attachment? > > The message body looks like this: > > ------------------- > > > RunJob Report PDCMFREP_B 04-May-2006 17:32:47 WAUST > begin 664 PFLIST.pdf > M)5!$1BTQ+C$*,2`P(&]B:@H\/`HO0W)E871O M"B]#2`P-"`P-3HS,SHU.2!032`R,#`V*0HO > > ` > end > > ------------------- > > Nothing special in the headers. This looks wrong to me but if this message > is delivered to Exchange/Outlook the attachment is decoded correctly. But > this now means that these sort of wrongly formatted attachments are not > discovered and therefore not scanned by MailScanner??? > > Please help. I can put the exim spool files to a download location if that > helps you. > > > > > Kind regards > > Jan-Peter Koopmann > Dipl.-Wirtschaftsinformatiker > Gesch?ftsf?hrer > > -- > Seceidos GmbH&Co. KG | Tel: +49 6151 66843-43 > Robert-Bosch-Str. 7 | Fax: +49 6151 66843-52 > 64293 Darmstadt / Germany | IAX: guest@voip.seceidos.de/43 > http://www.seceidos.de | SIP: 43@voip.seceidos.de ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Thu May 4 11:33:45 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu May 4 11:33:55 2006 Subject: Mailscanner does not identify attachment in mail In-Reply-To: Message-ID: <007501c66f66$38dc8040$3004010a@martinhlaptop> My Mailwatch identifies this as of.. MIME Type: application/x-pkcs7-signature -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Koopmann, Jan-Peter > Sent: 04 May 2006 11:20 > To: MailScanner discussion > Subject: Mailscanner does not identify attachment in mail > > Hi Julian, > > I just had an enduser complain that certain messages did not reach him. I > looked them up and they were all identified as spam. Why? Because the > attachment in the message was not identified as such and therefore the > uuencoded (or base64?) attachment triggered all sorts of SA rules. The > real > question now is: Why did Mailscanner not pick up the attachment? > > The message body looks like this: > > ------------------- > > > RunJob Report PDCMFREP_B 04-May-2006 17:32:47 WAUST > begin 664 PFLIST.pdf > M)5!$1BTQ+C$*,2`P(&]B:@H\/`HO0W)E871O M"B]#2`P-"`P-3HS,SHU.2!032`R,#`V*0HO > > ` > end > > ------------------- > > Nothing special in the headers. This looks wrong to me but if this message > is delivered to Exchange/Outlook the attachment is decoded correctly. But > this now means that these sort of wrongly formatted attachments are not > discovered and therefore not scanned by MailScanner??? > > Please help. I can put the exim spool files to a download location if that > helps you. > > > > > Kind regards > > Jan-Peter Koopmann > Dipl.-Wirtschaftsinformatiker > Gesch?ftsf?hrer > > -- > Seceidos GmbH&Co. KG | Tel: +49 6151 66843-43 > Robert-Bosch-Str. 7 | Fax: +49 6151 66843-52 > 64293 Darmstadt / Germany | IAX: guest@voip.seceidos.de/43 > http://www.seceidos.de | SIP: 43@voip.seceidos.de ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Thu May 4 11:38:12 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 4 11:38:30 2006 Subject: Mailscanner does not identify attachment in mail In-Reply-To: References: Message-ID: <6FFC146D-542A-4008-8D7F-170618F17E18@ecs.soton.ac.uk> It should have found the uu-encoded file. Have you got that feature switched on? Look for "uu" or "UU" in MailScanner.conf. On 4 May 2006, at 11:20, Koopmann, Jan-Peter wrote: > Hi Julian, > > I just had an enduser complain that certain messages did not reach > him. I > looked them up and they were all identified as spam. Why? Because the > attachment in the message was not identified as such and therefore the > uuencoded (or base64?) attachment triggered all sorts of SA rules. > The real > question now is: Why did Mailscanner not pick up the attachment? > > The message body looks like this: > > ------------------- > > > RunJob Report PDCMFREP_B 04-May-2006 17:32:47 WAUST > begin 664 PFLIST.pdf > M)5!$1BTQ+C$*,2`P(&]B:@H\/`HO0W)E871O M"B]#2`P-"`P-3HS,SHU.2!032`R,#`V*0HO > > ` > end > > ------------------- > > Nothing special in the headers. This looks wrong to me but if this > message > is delivered to Exchange/Outlook the attachment is decoded > correctly. But > this now means that these sort of wrongly formatted attachments are > not > discovered and therefore not scanned by MailScanner??? > > Please help. I can put the exim spool files to a download location > if that > helps you. > > > > > Kind regards > > Jan-Peter Koopmann > Dipl.-Wirtschaftsinformatiker > Gesch?ftsf?hrer > > -- > Seceidos GmbH&Co. KG | Tel: +49 6151 66843-43 > Robert-Bosch-Str. 7 | Fax: +49 6151 66843-52 > 64293 Darmstadt / Germany | IAX: guest@voip.seceidos.de/43 > http://www.seceidos.de | SIP: 43@voip.seceidos.de > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From maillists at conactive.com Thu May 4 12:31:15 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu May 4 12:31:24 2006 Subject: Mailscanner does not identify attachment in mail In-Reply-To: References: Message-ID: Jan-Peter Koopmann wrote on Thu, 4 May 2006 12:20:27 +0200: > Because the > attachment in the message was not identified as such and therefore the > uuencoded (or base64?) attachment triggered all sorts of SA rules. The real > question now is: Why did Mailscanner not pick up the attachment? I don't think this is not a MailScanner thing. uuencoded messages are indeed scanned by SA like a text message and may create weird results. I guess they didn't stop this so spammers can't bypass by a simple begin line. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mailscanner at lists.com.ar Thu May 4 13:15:15 2006 From: mailscanner at lists.com.ar (Leonardo Helman) Date: Thu May 4 13:15:04 2006 Subject: ReadMessageHandle question In-Reply-To: <10C8794B-1E89-4601-9B99-091D0590E365@ecs.soton.ac.uk> Message-ID: > >I'm modifying MailScanner-4.53.6, are you working with something > >very different. > > greped (-w) for dpath, and found only: > > > >/lib/MailScanner/EximDiskStore.pm: $this->{dpath} = $dir . '/' . > >$this->{dname}; > >/lib/MailScanner/SMDiskStore.pm: $this->{dpath} = $dir . '/' . > >$this->{dname}; > > > > This is from 4.53.6: > > > [root@tinker MailScanner]# pwd > /usr/lib/MailScanner/MailScanner > [root@tinker MailScanner]# fgrep -l '{dpath}' * > EximDiskStore.pm > MCP.pm > Message.pm > SMDiskStore.pm Yea, I know, I didn't wrote down all the dpath found, only where you assign dpath (only in sub new). It's only, I couldn't find the place where you are saying dpath goes to false when the disk is full. In MCP.pm, dpath is commented out by LeoH (that's me) in 2003, I sent to you some fixes and the zmailer code (probably Mariano, a coworker sent the mail), and all of them went into the trunk Saludos -- Leonardo Helman Pert Consultores Argentina From dhawal at netmagicsolutions.com Thu May 4 13:44:23 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu May 4 13:44:33 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <80973D29-30E5-4A00-8176-6FE4D48F7E78@ecs.soton.ac.uk> References: <20060412205748.GD14679@luckyduck.tux> <443F9148.7080908@netmagicsolutions.com> <443FDBCF.6040004@rogers.com> <20060414192115.13204.qmail@mymail.netmagicians.com> <44432F03.4090907@netmagicsolutions.com> <223f97700604241045n144a8ae5radb01346cbdb2f1d@mail.gmail.com> <44523AA2.3080008@netmagicsolutions.com> <80973D29-30E5-4A00-8176-6FE4D48F7E78@ecs.soton.ac.uk> Message-ID: <4459F727.3080206@netmagicsolutions.com> Julian Field wrote: > > On 28 Apr 2006, at 16:54, Dhawal Doshy wrote: > >> Glenn Steen wrote: >>> Anyway, looking at the points Wietse stipulates, I think Jules pretty >>> much follow all/most of them already... So for now at least, things a >>> alright:-). >> >> I agree and here is a point by point check.. >> >> 9) When creating a queue file, Mailscanner MUST adhere to the >> convention that the file permissions are set to "executable" only >> after the file contents are safely stored. Otherwise mail will be >> corrupted or lost. >> >> DD> Not sure about this one, maybe Julian can comment on this. > > I adhere to this. Julian, can you elaborate on the specifics for this point.. i need to convey it to Viktor (co-developer for postfix). >> 10) Mailscanner should never touch a queue file that has an advisory >> lock (flock or fcntl lock, depending on the system environment). >> Otherwise mail will be corrupted or lost. >> >> DD> Not sure about this one too, maybe Julian can comment on this as >> well. > > I adhere to this. This point as well.. Also a few things that Viktor pointed out.. can you spare time to read these? http://article.gmane.org/gmane.mail.postfix.user/140871 http://article.gmane.org/gmane.mail.postfix.user/140888 http://article.gmane.org/gmane.mail.postfix.user/140902 thanks, - dhawal From MailScanner at ecs.soton.ac.uk Thu May 4 14:04:56 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 4 14:05:14 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <4459F727.3080206@netmagicsolutions.com> References: <20060412205748.GD14679@luckyduck.tux> <443F9148.7080908@netmagicsolutions.com> <443FDBCF.6040004@rogers.com> <20060414192115.13204.qmail@mymail.netmagicians.com> <44432F03.4090907@netmagicsolutions.com> <223f97700604241045n144a8ae5radb01346cbdb2f1d@mail.gmail.com> <44523AA2.3080008@netmagicsolutions.com> <80973D29-30E5-4A00-8176-6FE4D48F7E78@ecs.soton.ac.uk> <4459F727.3080206@netmagicsolutions.com> Message-ID: <6C27E286-36EE-47B7-92CA-8FC821F38F7B@ecs.soton.ac.uk> On 4 May 2006, at 13:44, Dhawal Doshy wrote: > Julian Field wrote: >> On 28 Apr 2006, at 16:54, Dhawal Doshy wrote: >>> Glenn Steen wrote: >>>> Anyway, looking at the points Wietse stipulates, I think Jules >>>> pretty >>>> much follow all/most of them already... So for now at least, >>>> things a >>>> alright:-). >>> >>> I agree and here is a point by point check.. >>> >>> 9) When creating a queue file, Mailscanner MUST adhere to the >>> convention that the file permissions are set to "executable" only >>> after the file contents are safely stored. Otherwise mail will be >>> corrupted or lost. >>> >>> DD> Not sure about this one, maybe Julian can comment on this. >> I adhere to this. > > Julian, can you elaborate on the specifics for this point.. i need > to convey it to Viktor (co-developer for postfix). Once it has written the file and closed it, and then undef-ed the filehandle to force it to close completely, I only then do the chmod to set the permissions on it. > >>> 10) Mailscanner should never touch a queue file that has an >>> advisory lock (flock or fcntl lock, depending on the system >>> environment). Otherwise mail will be corrupted or lost. >>> >>> DD> Not sure about this one too, maybe Julian can comment on this >>> as well. >> I adhere to this. > > This point as well.. MailScanner not only checks that there are no locks on it (using the same locking system as in the Postfix source code), it also checks for the E (I think) record at the end of the message file indicating the body of the message has been written. I can't remember all the fine details of the Postfix support code, I wrote it and got it all working a very long time ago. I can't remember every detail of how it works :-( > Also a few things that Viktor pointed out.. can you spare time to > read these? > http://article.gmane.org/gmane.mail.postfix.user/140871 > http://article.gmane.org/gmane.mail.postfix.user/140888 > http://article.gmane.org/gmane.mail.postfix.user/140902 > > thanks, > - dhawal > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From a.peacock at chime.ucl.ac.uk Thu May 4 14:53:56 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu May 4 14:54:06 2006 Subject: Phishing emails cause MailScanner to loop infinitely Message-ID: <445A0774.1050700@chime.ucl.ac.uk> Hi, I have just had to back out of MS 4.53.7 to MS 4.52.2, because the MS processes got stuck in a loop when they found a phishing email. I am running on Solaris 8 x86. After the upgrade all worked well for a while, and then I noticed that the incoming queue was getting backed up. When I looked at the logs it appeared that the MS processes were looping around finding a phishing email. I have attached a text file with the relevant log lines for one of the processes. In reality there were many MS processes stuck in these loops for different phishing sites. I have saved some of the queue files that caused this and once things have settled down may be able to test this in DEBUG mode. Backup off to MS 4.52.2 caused all of the queue to be processed successfully. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From Jan-Peter.Koopmann at seceidos.de Thu May 4 15:03:10 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Thu May 4 15:03:22 2006 Subject: Mailscanner does not identify attachment in mail Message-ID: On Thursday, May 04, 2006 12:38 PM Julian Field wrote: > It should have found the uu-encoded file. Have you got that feature > switched on? > Look for "uu" or "UU" in MailScanner.conf. I feel sheepish... :-) Just realized the customer is running 4.43.... *upgrading* Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060504/cb7da887/smime.bin From steve.swaney at fsl.com Thu May 4 15:04:01 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu May 4 15:04:13 2006 Subject: OT - Hiring programmer Message-ID: <134901c66f83$98c516d0$287ba8c0@office.fsl> Fort Systems Ltd. has full time openings for Developers/Support Staff in our offices in New Delhi or Bangalore. The job would be primarily working from home and broadband would be provided. The Job Description: To provide support for MailScanner open-source and FSL's DefenderMX application. To assist with the development and testing of DefenderMX 2.0 and related applications. Skill Sets required: MailScanner SpamAssassin Perl MySQL PHP Other "good to have" Skill Sets: OpenLDAP PostgreSQL Sendmail/Postfix/Exim SOAP API development experience HTML/CSS Please contact me off list at steve@fsl.com if you would like to be considered for these positions. Thanks, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From mailscanner at yeticomputers.com Thu May 4 15:18:43 2006 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Thu May 4 15:18:56 2006 Subject: Will MS work with Postfix 2.3? In-Reply-To: <44598828.6030008@rogers.com> References: <44598828.6030008@rogers.com> Message-ID: <445A0D43.4030306@yeticomputers.com> Mike Jakubik wrote: > I hope this gets Julian's attention, but i am curious to know whether > MailScanner will continue to function with the new release of Postfix > 2.3. > I'm using MailScanner (as of yesterday it was at 4.52.2 in FreeBSD ports) with postfix-2.3.20060405. I stopped updating Postfix when I read the recent discussions on this list about possible future breakage, but the version I have works flawlessly. Rick From jaearick at colby.edu Thu May 4 15:14:19 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu May 4 15:24:47 2006 Subject: Phishing emails cause MailScanner to loop infinitely In-Reply-To: <445A0774.1050700@chime.ucl.ac.uk> References: <445A0774.1050700@chime.ucl.ac.uk> Message-ID: Anthony, Sounds like the same problem I discovered yesterday. Both you and I are running Solaris (10 sparc for me), the Linux/BSD crowd hasn't seen this yet? Jeff Earickson Colby College On Thu, 4 May 2006, Anthony Peacock wrote: > Date: Thu, 04 May 2006 14:53:56 +0100 > From: Anthony Peacock > Reply-To: MailScanner discussion > To: mailscanner@lists.mailscanner.info > Subject: Phishing emails cause MailScanner to loop infinitely > > Hi, > > I have just had to back out of MS 4.53.7 to MS 4.52.2, because the MS > processes got stuck in a loop when they found a phishing email. > > I am running on Solaris 8 x86. > > After the upgrade all worked well for a while, and then I noticed that the > incoming queue was getting backed up. When I looked at the logs it appeared > that the MS processes were looping around finding a phishing email. > > I have attached a text file with the relevant log lines for one of the > processes. In reality there were many MS processes stuck in these loops for > different phishing sites. > > I have saved some of the queue files that caused this and once things have > settled down may be able to test this in DEBUG mode. > > Backup off to MS 4.52.2 caused all of the queue to be processed successfully. > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "The most exciting phrase to hear in science, the one that heralds new > discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From maillists at conactive.com Thu May 4 15:31:22 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu May 4 15:31:30 2006 Subject: Mailscanner does not identify attachment in mail In-Reply-To: References: Message-ID: Kai Schaetzl wrote on Thu, 04 May 2006 13:31:15 +0200: > I don't think this is not a MailScanner thing. Remove one "not" ;-) Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From a.peacock at chime.ucl.ac.uk Thu May 4 15:39:39 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu May 4 15:39:48 2006 Subject: Phishing emails cause MailScanner to loop infinitely In-Reply-To: References: <445A0774.1050700@chime.ucl.ac.uk> Message-ID: <445A122B.2090701@chime.ucl.ac.uk> Hi Jeff, Jeff A. Earickson wrote: > Anthony, > > Sounds like the same problem I discovered yesterday. Both you and > I are running Solaris (10 sparc for me), the Linux/BSD crowd hasn't > seen this yet? It is comforting to know that it isn't only me :-) And I have just realised that I didn't attach the log snippet to my original email. Its there this time... > > Jeff Earickson > Colby College > > On Thu, 4 May 2006, Anthony Peacock wrote: > >> Date: Thu, 04 May 2006 14:53:56 +0100 >> From: Anthony Peacock >> Reply-To: MailScanner discussion >> To: mailscanner@lists.mailscanner.info >> Subject: Phishing emails cause MailScanner to loop infinitely >> >> Hi, >> >> I have just had to back out of MS 4.53.7 to MS 4.52.2, because the MS >> processes got stuck in a loop when they found a phishing email. >> >> I am running on Solaris 8 x86. >> >> After the upgrade all worked well for a while, and then I noticed that >> the incoming queue was getting backed up. When I looked at the logs >> it appeared that the MS processes were looping around finding a >> phishing email. >> >> I have attached a text file with the relevant log lines for one of the >> processes. In reality there were many MS processes stuck in these >> loops for different phishing sites. >> >> I have saved some of the queue files that caused this and once things >> have settled down may be able to test this in DEBUG mode. >> >> Backup off to MS 4.52.2 caused all of the queue to be processed >> successfully. >> >> -- >> Anthony Peacock >> CHIME, Royal Free & University College Medical School >> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ >> "The most exciting phrase to hear in science, the one that heralds new >> discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov -------------- next part -------------- May 4 12:49:11 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: New Batch: Scanning 1 messages, 4115 bytes May 4 12:49:13 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Virus and Content Scanning: Starting May 4 12:49:18 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Uninfected: Delivered 1 messages May 4 12:49:18 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Batch (1 message) processed in 6.61 seconds May 4 12:49:18 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Logging message k44BnAXZ004181 to SQL May 4 12:49:18 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: "Always Looked Up Last" took 0.00 seconds May 4 12:51:06 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: New Batch: Found 5 messages waiting May 4 12:51:06 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: New Batch: Scanning 1 messages, 5433 bytes May 4 12:51:14 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Spam Checks: Found 1 spam messages May 4 12:51:14 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Virus and Content Scanning: Starting May 4 12:51:29 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Found phishing fraud from www.thecruisinglife.com claiming to be www.hsbc.co.uk in k44Bp21P004322 May 4 12:51:29 inetsrv-1.chime.ucl.ac.uk last message repeated 13 times May 4 12:51:35 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Found phishing fraud from www.thecruisinglife.com claiming to be www.hsbc.co.uk in k44Bp21P004322 May 4 12:51:35 inetsrv-1.chime.ucl.ac.uk last message repeated 7 times May 4 12:51:39 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Found phishing fraud from www.thecruisinglife.com claiming to be www.hsbc.co.uk in k44Bp21P004322 May 4 12:51:39 inetsrv-1.chime.ucl.ac.uk last message repeated 33 times May 4 12:51:58 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Found phishing fraud from www.thecruisinglife.com claiming to be www.hsbc.co.uk in k44Bp21P004322 May 4 12:51:58 inetsrv-1.chime.ucl.ac.uk last message repeated 12 times May 4 12:52:05 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Found phishing fraud from www.thecruisinglife.com claiming to be www.hsbc.co.uk in k44Bp21P004322 May 4 12:52:05 inetsrv-1.chime.ucl.ac.uk last message repeated 7 times May 4 12:52:11 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Found phishing fraud from www.thecruisinglife.com claiming to be www.hsbc.co.uk in k44Bp21P004322 May 4 12:52:11 inetsrv-1.chime.ucl.ac.uk last message repeated 8 times May 4 12:52:18 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Found phishing fraud from www.thecruisinglife.com claiming to be www.hsbc.co.uk in k44Bp21P004322 May 4 12:52:18 inetsrv-1.chime.ucl.ac.uk last message repeated 4 times May 4 12:52:21 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Found phishing fraud from www.thecruisinglife.com claiming to be www.hsbc.co.uk in k44Bp21P004322 May 4 12:52:21 inetsrv-1.chime.ucl.ac.uk last message repeated 19 times May 4 12:52:35 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Found phishing fraud from www.thecruisinglife.com claiming to be www.hsbc.co.uk in k44Bp21P004322 May 4 12:52:35 inetsrv-1.chime.ucl.ac.uk last message repeated 12 times May 4 12:52:42 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Found phishing fraud from www.thecruisinglife.com claiming to be www.hsbc.co.uk in k44Bp21P004322 May 4 12:52:42 inetsrv-1.chime.ucl.ac.uk last message repeated 27 times May 4 12:52:53 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Found phishing fraud from www.thecruisinglife.com claiming to be www.hsbc.co.uk in k44Bp21P004322 May 4 12:52:53 inetsrv-1.chime.ucl.ac.uk last message repeated 3 times May 4 12:52:55 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Found phishing fraud from www.thecruisinglife.com claiming to be www.hsbc.co.uk in k44Bp21P004322 May 4 12:52:55 inetsrv-1.chime.ucl.ac.uk last message repeated 33 times May 4 12:53:13 inetsrv-1.chime.ucl.ac.uk MailScanner[679]: Found phishing fraud from www.thecruisinglife.com claiming to be www.hsbc.co.uk in k44Bp21P004322 May 4 12:53:13 inetsrv-1.chime.ucl.ac.uk last message repeated 62 times From glenn.steen at gmail.com Thu May 4 15:53:08 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu May 4 15:53:13 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <4459F727.3080206@netmagicsolutions.com> References: <20060412205748.GD14679@luckyduck.tux> <443FDBCF.6040004@rogers.com> <20060414192115.13204.qmail@mymail.netmagicians.com> <44432F03.4090907@netmagicsolutions.com> <223f97700604241045n144a8ae5radb01346cbdb2f1d@mail.gmail.com> <44523AA2.3080008@netmagicsolutions.com> <80973D29-30E5-4A00-8176-6FE4D48F7E78@ecs.soton.ac.uk> <4459F727.3080206@netmagicsolutions.com> Message-ID: <223f97700605040753n34503771y77717bee07ab4c88@mail.gmail.com> On 04/05/06, Dhawal Doshy wrote: (snip) > http://article.gmane.org/gmane.mail.postfix.user/140871 > http://article.gmane.org/gmane.mail.postfix.user/140888 > http://article.gmane.org/gmane.mail.postfix.user/140902 Hi Dhawal, First up, I admire your tenacity and courage... This is a battle I've thought of fighting, and subsequently shied away from, more than once... In the last link above you say: ------ I do agree that the file isn't renamed as per the new inode and linked / logged.. i will communicate this to the MailScanner developers. ------ I'm not entirely certain you are right in this. Jules will no doubt correct me if I'm wrong, but at the time when the (new) queue file is reintroduced into the postfix incoming queue, it is certainly handled as outlined by Viktor... And prominently logged with both old (postfix_queue_id.random ...) and new queue IDs, where the new queue ID is certainly linked to the current i-node number (as stipulated). So there is no discrepancies here. At least not that I can see. Further down you and Viktor say: ----- >> 5) Mailscanner MUST maintain the relationship between the file name and >> the file inode number. Otherwise mail will be corrupted or lost. >> >> MailScanner: See reply to point 4. original filename is appended with a >> random number. > > This is wrong. The relationship must be maintained *exacty*, not by > appending a suffix. Understood. ----- What is wrong here is not what MailScanner does, but the perspective of the reply (I know you go on to correct this somewhat further down, but bear with me:). As far as it goes, MailScanner maintains this relationship (by not really touching the queue file, other than to make a copy of it) throughout the entire chain. That it is the copy/new queue file that is reintroduced to Postfix doesn't change this in any way (that I can think of:-). From the Postfix perspective, this operation is a "black box", IMHO (Why should they even care what happens to that copy, before it is reintroduced? When they are guaranteed that the "trust chain" cannot be broken by the actions taken in the "black box"...?). Oh well. Further: ----- >> 8) Mailscanner MUST NOT modify queue files. If content needs to be >> updates, Mailscanner MUST create a new queue file and delete the >> original only after the new file has been committed to stable storage. >> Otherwise mail will be corrupted or lost. >> >> MailScanner: See points 4,5,7 > > Exactly, do not reply until understand why this is true. If still disagree > with 8, do not reply. Sorry. Agreed, modifications are made to a copy of the queue-file in mailscanner's incoming directory and post-processing written to the postfix incoming queue directory. I'll anyways get further clarification from the mailscanner developers. ------ More "philosophical hairsplitting"... Again, from the Postfix perspective, the reintroduced queue file should be seen as an entirely new, fully logged, queue file. So this should also be a non-issue. Thing is, the Posfix developers don't really know (nor care, it seems:-) how MailScanner works, and have never looked at Jules code (AFAICS, else they would know at least some of these things already). I can certainly not claim a full understanding of it either, but have at least looked through it a couple of times... Mostly to assure myself of these very things (and to determine why I had so darned many duplicates in MailWatch, back when that was a problem). .... And even a cursory understanding, like mine, seems to be lacking. I'm in no way criticising them for that. They should be, and are, focused on what's important to them (Postfix mainly:-). I'm not sure that they even need to know particularly much about it either, because all they should need know is that the things they stipulate is covered nicely already. I guess what I'm trying to say is that we need to adjust our thinking to the "slightly skewed" Postfix perspective when communicating with them. For one thing, I don't think they've really appreciated the ramifications of the use of the HOLD thing, although it is "their feature" so to speak:-). Oh, and we do need world domination^H^H^H^H^H^H^H^H^H^Hpeace (:-). -- -- Glenn (Who just can't handle another high-volume mailing list more, or otherwise would participate more directly on the postfix-users list) email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From drew at themarshalls.co.uk Thu May 4 16:00:42 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Thu May 4 16:00:57 2006 Subject: Will MS work with Postfix 2.3? In-Reply-To: <445A0D43.4030306@yeticomputers.com> References: <44598828.6030008@rogers.com> <445A0D43.4030306@yeticomputers.com> Message-ID: <40820.194.70.180.170.1146754842.squirrel@webmail.r-bit.net> On Thu, May 4, 2006 15:18, Rick Chadderdon wrote: > Mike Jakubik wrote: > >> I hope this gets Julian's attention, but i am curious to know whether >> MailScanner will continue to function with the new release of Postfix >> 2.3. >> > I'm using MailScanner (as of yesterday it was at 4.52.2 in FreeBSD > ports) with postfix-2.3.20060405. I stopped updating Postfix when I > read the recent discussions on this list about possible future breakage, > but the version I have works flawlessly. Me too, although I am running the latest Postfix port on one of the mx's just to see when/ if it does break. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From ka at pacific.net Thu May 4 16:05:39 2006 From: ka at pacific.net (Ken A) Date: Thu May 4 16:02:01 2006 Subject: 4.53.7: phishing fraud endless loop In-Reply-To: References: Message-ID: <445A1843.4020909@pacific.net> If you have your own webmail software, just replace with the url/uri to a local spacer.gif image. Ken A Kai Schaetzl wrote: > Jeff A. Earickson wrote on Wed, 3 May 2006 20:53:08 -0400 (EDT): > >> Julian, what happens if some firewall gets between MailScanner >> and http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif ? > > Depends on what the firewall does ;-) This should not be any problem > during MS/SA detection since I assume MS replaces the URL only after all > is done. So, it's got any effect only when the message gets viewed in a > mail program that shows HTML and retrieves external images. If port 80 is > blocked it won't get retrieved. > > Kai > From brett at wrl.org Thu May 4 16:30:04 2006 From: brett at wrl.org (Brett Charbeneau) Date: Thu May 4 16:30:57 2006 Subject: Adding HUGE negative score to whitelisted addresses Message-ID: SPECIFICS: Debian Sarge, Sendmail 8.13.4-3, System-wide install of MailScanner 4.51.5-1 with SpamAssassin 3.03. Gentlefolk, I know that the default scoring for a whitelist rule in spam.whitelist.rules is -100. Where would one increase this value? In spam.assassin.prefs.conf? I tried adding score USER_IN_WHITELIST -1000 to spam.assassin.prefs.conf, but "MailScanner --lint" complains that warning: score set for non-existent rule USER_IN_WHITELIST -- ******************************************************************** Brett Charbeneau Network Administrator Williamsburg Regional Library 7770 Croaker Road Williamsburg, VA 23188-7064 (757)259-4044 www.wrl.org (757)259-4079 (fax) brett@wrl.org ******************************************************************** From a.peacock at chime.ucl.ac.uk Thu May 4 16:41:18 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu May 4 16:41:30 2006 Subject: Phishing emails cause MailScanner to loop infinitely In-Reply-To: References: <445A0774.1050700@chime.ucl.ac.uk> Message-ID: <445A209E.40006@chime.ucl.ac.uk> Hi Jeff, I had forgotten about your earlier email, I think I had got sidetracked by the discussion about the Web Bug URL... I have gone back through the archives and re-read your emails, and I agree this sounds like the same issue. I am wondering if it is an issue with the Df routines under Solaris... Jeff A. Earickson wrote: > Anthony, > > Sounds like the same problem I discovered yesterday. Both you and > I are running Solaris (10 sparc for me), the Linux/BSD crowd hasn't > seen this yet? > > Jeff Earickson > Colby College > > On Thu, 4 May 2006, Anthony Peacock wrote: > >> Date: Thu, 04 May 2006 14:53:56 +0100 >> From: Anthony Peacock >> Reply-To: MailScanner discussion >> To: mailscanner@lists.mailscanner.info >> Subject: Phishing emails cause MailScanner to loop infinitely >> >> Hi, >> >> I have just had to back out of MS 4.53.7 to MS 4.52.2, because the MS >> processes got stuck in a loop when they found a phishing email. >> >> I am running on Solaris 8 x86. >> >> After the upgrade all worked well for a while, and then I noticed that >> the incoming queue was getting backed up. When I looked at the logs >> it appeared that the MS processes were looping around finding a >> phishing email. >> >> I have attached a text file with the relevant log lines for one of the >> processes. In reality there were many MS processes stuck in these >> loops for different phishing sites. >> >> I have saved some of the queue files that caused this and once things >> have settled down may be able to test this in DEBUG mode. >> >> Backup off to MS 4.52.2 caused all of the queue to be processed >> successfully. >> >> -- >> Anthony Peacock >> CHIME, Royal Free & University College Medical School >> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ >> "The most exciting phrase to hear in science, the one that heralds new >> discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From prandal at herefordshire.gov.uk Thu May 4 16:39:47 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu May 4 16:55:31 2006 Subject: Phishing emails cause MailScanner to loop infinitely Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580CC0AF02@isabella.herefordshire.gov.uk> I think it affects everybody. I've just backrev'd to 4.52.2 because of an ever increasing incoming mail queue under 4.53.6 on Linux. And the backlog is vanishing fast under 4.52.2. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Jeff A. Earickson > Sent: 04 May 2006 15:14 > To: MailScanner discussion > Subject: Re: Phishing emails cause MailScanner to loop infinitely > > Anthony, > > Sounds like the same problem I discovered yesterday. Both you and > I are running Solaris (10 sparc for me), the Linux/BSD crowd hasn't > seen this yet? > > Jeff Earickson > Colby College > > On Thu, 4 May 2006, Anthony Peacock wrote: > > > Date: Thu, 04 May 2006 14:53:56 +0100 > > From: Anthony Peacock > > Reply-To: MailScanner discussion > > > To: mailscanner@lists.mailscanner.info > > Subject: Phishing emails cause MailScanner to loop infinitely > > > > Hi, > > > > I have just had to back out of MS 4.53.7 to MS 4.52.2, > because the MS > > processes got stuck in a loop when they found a phishing email. > > > > I am running on Solaris 8 x86. > > > > After the upgrade all worked well for a while, and then I > noticed that the > > incoming queue was getting backed up. When I looked at the > logs it appeared > > that the MS processes were looping around finding a phishing email. > > > > I have attached a text file with the relevant log lines for > one of the > > processes. In reality there were many MS processes stuck > in these loops for > > different phishing sites. > > > > I have saved some of the queue files that caused this and > once things have > > settled down may be able to test this in DEBUG mode. > > > > Backup off to MS 4.52.2 caused all of the queue to be > processed successfully. > > > > -- > > Anthony Peacock > > CHIME, Royal Free & University College Medical School > > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > > "The most exciting phrase to hear in science, the one that > heralds new > > discoveries, is not 'Eureka!' but 'That's funny....'" -- > Isaac Asimov > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From jaearick at colby.edu Thu May 4 16:55:17 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu May 4 17:00:05 2006 Subject: Phishing emails cause MailScanner to loop infinitely In-Reply-To: <445A209E.40006@chime.ucl.ac.uk> References: <445A0774.1050700@chime.ucl.ac.uk> <445A209E.40006@chime.ucl.ac.uk> Message-ID: On Thu, 4 May 2006, Anthony Peacock wrote: > Date: Thu, 04 May 2006 16:41:18 +0100 > From: Anthony Peacock > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: Phishing emails cause MailScanner to loop infinitely > > Hi Jeff, > > I had forgotten about your earlier email, I think I had got sidetracked by > the discussion about the Web Bug URL... > > I have gone back through the archives and re-read your emails, and I agree > this sounds like the same issue. > > I am wondering if it is an issue with the Df routines under Solaris... > That's right, Filesys-Statvfs_Statfs_Df-0.78 is the new wrinkle in 4.53.7. I installed this by hand (perl Makefile.PL, make, make test, etc). However it compiled and passed its tests without problems, giving correct block numbers. I do notice that there is a version 0.79, released on April 19. Downloading now, will install and test. Jeff Earickson Colby College From martinh at solid-state-logic.com Thu May 4 17:01:03 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu May 4 17:01:10 2006 Subject: Phishing emails cause MailScanner to loop infinitely In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580CC0AF02@isabella.herefordshire.gov.uk> Message-ID: <012201c66f93$f1d128d0$3004010a@martinhlaptop> Running 4.53.5 here and no problems that I've noticed..but am NOT running the stricter checks... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Randal, Phil > Sent: 04 May 2006 16:40 > To: MailScanner discussion > Subject: RE: Phishing emails cause MailScanner to loop infinitely > > I think it affects everybody. I've just backrev'd to 4.52.2 because of > an ever increasing incoming mail queue under 4.53.6 on Linux. > > And the backlog is vanishing fast under 4.52.2. > > Cheers, > > Phil > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Jeff A. Earickson > > Sent: 04 May 2006 15:14 > > To: MailScanner discussion > > Subject: Re: Phishing emails cause MailScanner to loop infinitely > > > > Anthony, > > > > Sounds like the same problem I discovered yesterday. Both you and > > I are running Solaris (10 sparc for me), the Linux/BSD crowd hasn't > > seen this yet? > > > > Jeff Earickson > > Colby College > > > > On Thu, 4 May 2006, Anthony Peacock wrote: > > > > > Date: Thu, 04 May 2006 14:53:56 +0100 > > > From: Anthony Peacock > > > Reply-To: MailScanner discussion > > > > > To: mailscanner@lists.mailscanner.info > > > Subject: Phishing emails cause MailScanner to loop infinitely > > > > > > Hi, > > > > > > I have just had to back out of MS 4.53.7 to MS 4.52.2, > > because the MS > > > processes got stuck in a loop when they found a phishing email. > > > > > > I am running on Solaris 8 x86. > > > > > > After the upgrade all worked well for a while, and then I > > noticed that the > > > incoming queue was getting backed up. When I looked at the > > logs it appeared > > > that the MS processes were looping around finding a phishing email. > > > > > > I have attached a text file with the relevant log lines for > > one of the > > > processes. In reality there were many MS processes stuck > > in these loops for > > > different phishing sites. > > > > > > I have saved some of the queue files that caused this and > > once things have > > > settled down may be able to test this in DEBUG mode. > > > > > > Backup off to MS 4.52.2 caused all of the queue to be > > processed successfully. > > > > > > -- > > > Anthony Peacock > > > CHIME, Royal Free & University College Medical School > > > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > > > "The most exciting phrase to hear in science, the one that > > heralds new > > > discoveries, is not 'Eureka!' but 'That's funny....'" -- > > Isaac Asimov > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From prandal at herefordshire.gov.uk Thu May 4 16:56:01 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu May 4 17:01:28 2006 Subject: Phishing emails cause MailScanner to loop infinitely Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580CC0AF20@isabella.herefordshire.gov.uk> If you're using mailscanner-mrtg you'll also see impossibly high "spam identified" figures (greater than the total number of messages). Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Jeff A. Earickson > Sent: 04 May 2006 15:14 > To: MailScanner discussion > Subject: Re: Phishing emails cause MailScanner to loop infinitely > > Anthony, > > Sounds like the same problem I discovered yesterday. Both you and > I are running Solaris (10 sparc for me), the Linux/BSD crowd hasn't > seen this yet? > > Jeff Earickson > Colby College > > On Thu, 4 May 2006, Anthony Peacock wrote: > > > Date: Thu, 04 May 2006 14:53:56 +0100 > > From: Anthony Peacock > > Reply-To: MailScanner discussion > > > To: mailscanner@lists.mailscanner.info > > Subject: Phishing emails cause MailScanner to loop infinitely > > > > Hi, > > > > I have just had to back out of MS 4.53.7 to MS 4.52.2, > because the MS > > processes got stuck in a loop when they found a phishing email. > > > > I am running on Solaris 8 x86. > > > > After the upgrade all worked well for a while, and then I > noticed that the > > incoming queue was getting backed up. When I looked at the > logs it appeared > > that the MS processes were looping around finding a phishing email. > > > > I have attached a text file with the relevant log lines for > one of the > > processes. In reality there were many MS processes stuck > in these loops for > > different phishing sites. > > > > I have saved some of the queue files that caused this and > once things have > > settled down may be able to test this in DEBUG mode. > > > > Backup off to MS 4.52.2 caused all of the queue to be > processed successfully. > > > > -- > > Anthony Peacock > > CHIME, Royal Free & University College Medical School > > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > > "The most exciting phrase to hear in science, the one that > heralds new > > discoveries, is not 'Eureka!' but 'That's funny....'" -- > Isaac Asimov > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From jrudd at ucsc.edu Thu May 4 17:03:45 2006 From: jrudd at ucsc.edu (John Rudd) Date: Thu May 4 17:04:12 2006 Subject: SMTP Auth In-Reply-To: <68C296ED-BFAF-42ED-8BDB-55BEBB8E59C1@ecs.soton.ac.uk> References: <1146668763.2775.71.camel@powell> <4458DF26.8040400@nkpanama.com> <733a88527ecaae3d9d0f4a1755c6ac69@ucsc.edu> <68C296ED-BFAF-42ED-8BDB-55BEBB8E59C1@ecs.soton.ac.uk> Message-ID: On May 4, 2006, at 1:51 AM, Julian Field wrote: > On 3 May 2006, at 20:34, John Rudd wrote: > >> My plan around that is: >> >> 0) mimedefang removes any existing >> X-my-header-indicating-authenticated-user >> 1) mimedefang reads the sendmail macros to see if the sender is >> authenticated >> 2) mimedefang adds a X-my-header-indicating-authenticated-user with >> the header value being the authenticated user >> 3) if they are authenticated (or from one of my own exempt/local IP >> addrs), mimedefang doesn't feed the message to spam assassin; if they >> aren't, it feeds the message to spam assassin. >> >> Though, I could also, easily, feed the message to spam assassin in a >> later process, and give the presence of that header a low score. >> Since mimedefang removes that header up front, I don't have to worry >> about it being inserted by someone else (thus no need for a secret >> phrase). > > John, > > If you want to sing the praises of mimedefang, please do it on their > list and not mine. This list is for MailScanner discussions, and you > are starting to get very off-topic. No problem, but in my defense I would like to point out that I have mainly been mentioning it in ways that allow it to act in concert with mailscanner ... and thus don't see it in any different light than the many recommendations about ways to modify sendmail to extra AV/AS functionality (talking about the greet_pause, or the rdns hack, as examples). For example, in the case I gave, steps 0-2 could be done, then the message given to MailScanner. MailScanner's invocation of SpamAssassin could have a rule that looked for the added-header and give the message a lower score. That said, I will honor your request. From dmehler26 at woh.rr.com Thu May 4 17:04:27 2006 From: dmehler26 at woh.rr.com (Dave) Date: Thu May 4 17:15:20 2006 Subject: ot, ms, postfix, freebsd, and chrooted sasl processes References: <44598828.6030008@rogers.com> <445A0D43.4030306@yeticomputers.com> <40820.194.70.180.170.1146754842.squirrel@webmail.r-bit.net> Message-ID: <01a901c66f94$6bd19ca0$0200a8c0@satellite> Hello, Is anyone got the above going? My flaw is with the sasl2 i want to use saslauthd to authenticate users against the system password file, yet whenever i chroot postfix, saslauthd doesn't work properly. Ms doesn't seem to have a problem in a chrooted environment. Please reply privately if you've got this going as this is ot for the list. Thanks. Dave. From maillists at conactive.com Thu May 4 17:31:17 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu May 4 17:31:25 2006 Subject: 4.53.7: phishing fraud endless loop In-Reply-To: <445A1843.4020909@pacific.net> References: <445A1843.4020909@pacific.net> Message-ID: Ken A wrote on Thu, 04 May 2006 08:05:39 -0700: > If you have your own webmail software, just replace with the url/uri to > a local spacer.gif image. You can replace it even if you don't have your own ;-) Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From jaearick at colby.edu Thu May 4 17:41:43 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu May 4 17:44:45 2006 Subject: Phishing emails cause MailScanner to loop infinitely In-Reply-To: References: <445A0774.1050700@chime.ucl.ac.uk> <445A209E.40006@chime.ucl.ac.uk> Message-ID: On Thu, 4 May 2006, Jeff A. Earickson wrote: >> >> I am wondering if it is an issue with the Df routines under Solaris... >> > That's right, Filesys-Statvfs_Statfs_Df-0.78 is the new wrinkle in 4.53.7. I > installed this by hand (perl Makefile.PL, make, make test, etc). > However it compiled and passed its tests without problems, giving > correct block numbers. > > I do notice that there is a version 0.79, released on April 19. > Downloading now, will install and test. Installing Filesys-Statvfs_Statfs_Df-0.79 and retrying my problem email message made no difference. It still looped at the same spot. Jeff Earickson Colby College From alex at nkpanama.com Thu May 4 17:47:47 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu May 4 17:48:12 2006 Subject: Bitdefender Wrapper / tmpfs In-Reply-To: <1879F503-2C76-49E9-98E9-2A060800825A@ecs.soton.ac.uk> References: <044201c66ee1$24399bd0$0202fea9@sangria> <4459637F.5020107@nkpanama.com> <1879F503-2C76-49E9-98E9-2A060800825A@ecs.soton.ac.uk> Message-ID: <445A3033.2040903@nkpanama.com> Julian Field wrote: > > It will *not* result in any lost messages at all. I ain't that stoopid > :-) > > -- Well... I *did* say "potentially"... Specially when only MS was written by you; the rest (the MTA, the AVs, the other bits and pieces) could always go crazy and do something bad, right? :-) From dhawal at netmagicsolutions.com Thu May 4 18:01:14 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu May 4 18:01:24 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <223f97700605040753n34503771y77717bee07ab4c88@mail.gmail.com> References: <20060412205748.GD14679@luckyduck.tux> <443FDBCF.6040004@rogers.com> <20060414192115.13204.qmail@mymail.netmagicians.com> <44432F03.4090907@netmagicsolutions.com> <223f97700604241045n144a8ae5radb01346cbdb2f1d@mail.gmail.com> <44523AA2.3080008@netmagicsolutions.com> <80973D29-30E5-4A00-8176-6FE4D48F7E78@ecs.soton.ac.uk> <4459F727.3080206@netmagicsolutions.com> <223f97700605040753n34503771y77717bee07ab4c88@mail.gmail.com> Message-ID: <445A335A.4020706@netmagicsolutions.com> Glenn Steen wrote: > On 04/05/06, Dhawal Doshy wrote: > (snip) >> http://article.gmane.org/gmane.mail.postfix.user/140871 >> http://article.gmane.org/gmane.mail.postfix.user/140888 >> http://article.gmane.org/gmane.mail.postfix.user/140902 > Hi Dhawal, > > First up, I admire your tenacity and courage... This is a battle I've > thought of fighting, and subsequently shied away from, more than > once... i know what you feel.. i have myself shied away more than once (due to death threats from the postfix underworld) and would have again if Wietse were not so outright in proclaiming that he would break mailscanner compatibility in the next version.. Viktor appears to quite reasonable and open on getting this resolved but requires some smarter inputs. i genuinely think i am not the right person to pursue this any further.. and someone more technically competent with a much better understanding of both postfix and mailscanner ought to do so (if the inclination exists). i have symmetric multiple headaches already and am almost about to give up.. and will mostly opt for the wait till it breaks and watch situation. - dhawal > In the last link above you say: > ------ > I do agree that the file isn't renamed as per the new inode and linked / > logged.. i will communicate this to the MailScanner developers. > ------ > I'm not entirely certain you are right in this. Jules will no doubt > correct me if I'm wrong, but at the time when the (new) queue file is > reintroduced into the postfix incoming queue, it is certainly handled > as outlined by Viktor... And prominently logged with both old > (postfix_queue_id.random ...) and new queue IDs, where the new queue > ID is certainly linked to the current i-node number (as stipulated). > So there is no discrepancies here. At least not that I can see. > > Further down you and Viktor say: > ----- >>> 5) Mailscanner MUST maintain the relationship between the file name and >>> the file inode number. Otherwise mail will be corrupted or lost. >>> >>> MailScanner: See reply to point 4. original filename is appended with a >>> random number. >> >> This is wrong. The relationship must be maintained *exacty*, not by >> appending a suffix. > > Understood. > ----- > What is wrong here is not what MailScanner does, but the perspective > of the reply (I know you go on to correct this somewhat further down, > but bear with me:). > As far as it goes, MailScanner maintains this relationship (by not > really touching the queue file, other than to make a copy of it) > throughout the entire chain. That it is the copy/new queue file that > is reintroduced to Postfix doesn't change this in any way (that I can > think of:-). From the Postfix perspective, this operation is a "black > box", IMHO (Why should they even care what happens to that copy, > before it is reintroduced? When they are guaranteed that the "trust > chain" cannot be broken by the actions taken in the "black box"...?). > Oh well. > > Further: > ----- >>> 8) Mailscanner MUST NOT modify queue files. If content needs to be >>> updates, Mailscanner MUST create a new queue file and delete the >>> original only after the new file has been committed to stable storage. >>> Otherwise mail will be corrupted or lost. >>> >>> MailScanner: See points 4,5,7 >> >> Exactly, do not reply until understand why this is true. If still >> disagree >> with 8, do not reply. Sorry. > > Agreed, modifications are made to a copy of the queue-file in mailscanner's > incoming directory and post-processing written to the postfix incoming > queue > directory. I'll anyways get further clarification from the mailscanner > developers. > ------ > More "philosophical hairsplitting"... Again, from the Postfix > perspective, the reintroduced queue file should be seen as an entirely > new, fully logged, queue file. So this should also be a non-issue. > > Thing is, the Posfix developers don't really know (nor care, it > seems:-) how MailScanner works, and have never looked at Jules code > (AFAICS, else they would know at least some of these things already). > I can certainly not claim a full understanding of it either, but have > at least looked through it a couple of times... Mostly to assure > myself of these very things (and to determine why I had so darned many > duplicates in MailWatch, back when that was a problem). .... And even > a cursory understanding, like mine, seems to be lacking. > I'm in no way criticising them for that. They should be, and are, > focused on what's important to them (Postfix mainly:-). > > I'm not sure that they even need to know particularly much about it > either, because all they should need know is that the things they > stipulate is covered nicely already. > I guess what I'm trying to say is that we need to adjust our thinking > to the "slightly skewed" Postfix perspective when communicating with > them. > For one thing, I don't think they've really appreciated the > ramifications of the use of the HOLD thing, although it is "their > feature" so to speak:-). > > Oh, and we do need world domination^H^H^H^H^H^H^H^H^H^Hpeace (:-). > > -- > -- Glenn (Who just can't handle another high-volume mailing list more, > or otherwise would participate more directly on the postfix-users > list) > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se From maillists at conactive.com Thu May 4 19:31:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu May 4 19:31:28 2006 Subject: Adding HUGE negative score to whitelisted addresses In-Reply-To: References: Message-ID: Brett Charbeneau wrote on Thu, 4 May 2006 11:30:04 -0400 (EDT): > I know that the default scoring for a whitelist rule in > spam.whitelist.rules is -100. > Where would one increase this value? why? > In spam.assassin.prefs.conf? preferrably in a .conf file in /etc/mail/spamassassin I > tried adding > > score USER_IN_WHITELIST -1000 > > to spam.assassin.prefs.conf, but "MailScanner --lint" complains that > > warning: score set for non-existent rule USER_IN_WHITELIST Then you/MailScanner are not using the default /usr/share/spamassassin rule directory when doing that lint. -> /usr/share/spamassassin/ grep USER_IN_WHITELIST * Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From a.peacock at chime.ucl.ac.uk Thu May 4 19:46:58 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu May 4 19:47:04 2006 Subject: Phishing emails cause MailScanner to loop infinitely In-Reply-To: References: <445A0774.1050700@chime.ucl.ac.uk> <445A209E.40006@chime.ucl.ac.uk> Message-ID: <445A4C22.6080105@chime.ucl.ac.uk> Hi Jeff, Jeff A. Earickson wrote: > On Thu, 4 May 2006, Jeff A. Earickson wrote: > >>> >>> I am wondering if it is an issue with the Df routines under Solaris... >>> >> That's right, Filesys-Statvfs_Statfs_Df-0.78 is the new wrinkle in >> 4.53.7. I installed this by hand (perl Makefile.PL, make, make test, >> etc). >> However it compiled and passed its tests without problems, giving >> correct block numbers. >> >> I do notice that there is a version 0.79, released on April 19. >> Downloading now, will install and test. > > > Installing Filesys-Statvfs_Statfs_Df-0.79 and retrying my problem > email message made no difference. It still looped at the same spot. I had a look at the change log for this module and there was only one change for the latest version. Not to mention that the changelog claimed that it had been released in 2060 :-) The other area of MS that has changed in this latest release is the phishing code. I will do some more testing tomorrow when I get back into the office. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "I'm in shape. - ROUND is a shape" From glenn.steen at gmail.com Thu May 4 22:45:19 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu May 4 22:45:23 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <445A335A.4020706@netmagicsolutions.com> References: <20060412205748.GD14679@luckyduck.tux> <20060414192115.13204.qmail@mymail.netmagicians.com> <44432F03.4090907@netmagicsolutions.com> <223f97700604241045n144a8ae5radb01346cbdb2f1d@mail.gmail.com> <44523AA2.3080008@netmagicsolutions.com> <80973D29-30E5-4A00-8176-6FE4D48F7E78@ecs.soton.ac.uk> <4459F727.3080206@netmagicsolutions.com> <223f97700605040753n34503771y77717bee07ab4c88@mail.gmail.com> <445A335A.4020706@netmagicsolutions.com> Message-ID: <223f97700605041445y1fbba49eu85ce3f1c1e4a2882@mail.gmail.com> On 04/05/06, Dhawal Doshy wrote: > Glenn Steen wrote: > > On 04/05/06, Dhawal Doshy wrote: > > (snip) > >> http://article.gmane.org/gmane.mail.postfix.user/140871 > >> http://article.gmane.org/gmane.mail.postfix.user/140888 > >> http://article.gmane.org/gmane.mail.postfix.user/140902 > > Hi Dhawal, > > > > First up, I admire your tenacity and courage... This is a battle I've > > thought of fighting, and subsequently shied away from, more than > > once... > > i know what you feel.. i have myself shied away more than once (due to > death threats from the postfix underworld) and would have again if > Wietse were not so outright in proclaiming that he would break > mailscanner compatibility in the next version.. > > Viktor appears to quite reasonable and open on getting this resolved but > requires some smarter inputs. i genuinely think i am not the right > person to pursue this any further.. and someone more technically > competent with a much better understanding of both postfix and > mailscanner ought to do so (if the inclination exists). > > i have symmetric multiple headaches already and am almost about to give > up.. and will mostly opt for the wait till it breaks and watch situation. > > - dhawal > Oh I it's not easy... At least the postfix crowd tend to have a rather ... rough ... tone:-). If there was more time on every day (say 2-3 hours more), I'd have time for the postfix list on a more regular basis... As it is now I hardly have time for this one (one might argue that that shows in the level of quality my small contributions have had lately:-). If I could do more, I would. That said, I'm not sure I'm the right one for the job either... Drew perhaps, or Joshua, or ... Jules:-). Anyway, my comments were the slight contrib I could do ATM. Sorry it's not more. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Jan-Peter.Koopmann at seceidos.de Fri May 5 09:33:22 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Fri May 5 09:33:35 2006 Subject: Mailscanner does not identify attachment in mail Message-ID: On Thursday, May 04, 2006 12:38 PM Julian Field wrote: > It should have found the uu-encoded file. Have you got that feature > switched on? > Look for "uu" or "UU" in MailScanner.conf. Well I upgraded to 4.53.7 on that box and today the next one came in. It again was identified as spam. May 5 10:00:40 proxy-hb MailScanner[98493]: New Batch: Scanning 1 messages, 35159 bytes May 5 10:00:40 proxy-hb MailScanner[98493]: Saved archive copies of 1FbvEk-0002FH-GK May 5 10:00:40 proxy-hb MailScanner[98493]: MCP Checks: Starting May 5 10:00:40 proxy-hb MailScanner[98493]: Spam Checks: Starting May 5 10:00:52 proxy-hb MailScanner[98493]: Spam Checks: Found 1 spam messages May 5 10:00:52 proxy-hb MailScanner[98493]: Spam Actions: message 1FbvEk-0002FH-GK actions are store May 5 10:00:53 proxy-hb MailScanner[98493]: Virus and Content Scanning: Starting May 5 10:00:53 proxy-hb MailScanner[98493]: Scan started at Fri May 5 10:00:53 2006 May 5 10:00:53 proxy-hb MailScanner[98493]: Database version: 2006-05-05_01 May 5 10:00:53 proxy-hb MailScanner[98493]: Scan ended at Fri May 5 10:00:53 2006 May 5 10:00:53 proxy-hb MailScanner[98493]: 3 files scanned May 5 10:00:55 proxy-hb MailScanner[98493]: Batch (1 message) processed in 15.31 seconds May 5 10:00:55 proxy-hb MailScanner[98493]: "Always Looked Up Last" took 0.02 seconds Two problems/questions: 1. Is the uuencoded file now identified as such by MailScanner? It says 3 files scanned so I would assume so but I am not sure. I have Find UU-Encoded Files = yes in MailScanner.conf. The attachment is a virus free pdf so it is ok that no alarms pop up. 2. Why does Spamassassin identify it as spam? Clearly it does not recognize the uuencoded file as such and therefore hits strange rules (like BAYES_99, SARE_URI_EUQALS etc.) pushing it over the High Scoring Spam limit. Is this a SpamAssassin or a MailScanner problem? In MIME-Mails SA does recognize attachments does it not and exclude it from scanning, does it not= Regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060505/01caa2be/smime.bin From Jan-Peter.Koopmann at seceidos.de Fri May 5 09:39:59 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Fri May 5 09:40:10 2006 Subject: Mailscanner does not identify attachment in mail Message-ID: On Thursday, May 04, 2006 1:31 PM Kai Schaetzl wrote: > I don't think this is not a MailScanner thing. uuencoded messages are > indeed scanned by SA like a text message and may create weird > results. I guess they didn't stop this so spammers can't bypass by a > simple begin line. Ok. This would answer my second question in my earlier post. I also assume it's a SA "problem" not a MailScanner one. But how does one solve this? Sending uuencoded files like this in productive systems seems stupid to me but I stopped trying to change the world. It does happen. Do all of you whitelist such hosts? On the other hand I just found this on the SA list: "Bayes is done after decoding Base64/uuencode/etc, and after stripping all of the HTML." Regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060505/be721728/smime.bin From a.peacock at chime.ucl.ac.uk Fri May 5 09:52:44 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri May 5 09:52:54 2006 Subject: Mailscanner does not identify attachment in mail In-Reply-To: References: Message-ID: <445B125C.9010309@chime.ucl.ac.uk> Hi, Koopmann, Jan-Peter wrote: > On Thursday, May 04, 2006 1:31 PM Kai Schaetzl wrote: > >> I don't think this is not a MailScanner thing. uuencoded messages are >> indeed scanned by SA like a text message and may create weird >> results. I guess they didn't stop this so spammers can't bypass by a >> simple begin line. > > Ok. This would answer my second question in my earlier post. I also assume > it's a SA "problem" not a MailScanner one. But how does one solve this? > Sending uuencoded files like this in productive systems seems stupid to me > but I stopped trying to change the world. It does happen. Do all of you > whitelist such hosts? We would really need to see which SA rules hit. (Sorry if you provided that in an earlier post, I didn't keep a copy). I doubt whether it is the fact that it is a UUencoded post is the only factor. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From mailscanner at ecs.soton.ac.uk Fri May 5 10:52:31 2006 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 5 10:53:56 2006 Subject: 4.53.7, endless loop in debug mode In-Reply-To: References: Message-ID: <03F1D7E0-D8B5-4214-8942-642986CCC342@ecs.soton.ac.uk> Please can you try the attached Message.pm file instead of your previous one. I have rewritten a whole chunk of the phishing net and it should be more reliable now (I hope!). -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- A non-text attachment was scrubbed... Name: Message.pm.gz Type: application/x-gzip Size: 55804 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060505/571091c3/Message.pm-0001.gz -------------- next part -------------- On 3 May 2006, at 19:52, Jeff A. Earickson wrote: > The attached message cause 4.53.7 > to go into some kind of endless loop when I ran it in debug > mode. I didn't try it in normal mode. The debug output is > attached too. > > In debug mode, I got hundreds of syslog msgs like: > > MailScanner[16465]: Found phishing fraud from www.evite.com > claiming to be > www.greetingstoall,afternearly3yearsbackinthestates,i'mheadingbacktolo > ndonforwor in k43IWccm014788 > > I've fallen back to 4.52.2. My setup: Solaris 10, sendmail 8.13.6, > SA 3.1.1. > > Jeff Earickson > Colby College > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From Jan-Peter.Koopmann at seceidos.de Fri May 5 11:05:02 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Fri May 5 11:05:15 2006 Subject: Mailscanner does not identify attachment in mail Message-ID: On Friday, May 05, 2006 10:53 AM Anthony Peacock wrote: > We would really need to see which SA rules hit. (Sorry if you > provided that in an earlier post, I didn't keep a copy). 5.00 BAYES_99 Bayesian spam probability is 99 to 100% 0.34 FB_SINGLE_0WORD 1.01 FB_SINGLE_1WORD 1.39 FB_WORD2_END_DOLLAR 0.59 FB_WORD_01DOLLAR2 1.25 FH_RELAY_NODNS 1.10 FM_MULTI_ODD2 0.70 FM_MULTI_ODD3 0.70 FM_MULTI_ODD4 0.90 FM_MULTI_ODD5 3.20 FM_N0N0_WORDS 0.55 HELO_MISMATCH_COM 0.96 NO_REAL_NAME From: does not include a real name 2.10 OBSCURED_EMAIL Message seems to contain rot13ed address 0.99 RELAY_IS_203 2.00 SARE_RAND_6 0.42 SARE_RMML_Stock9 5.00 SARE_URI_EQUALS 2.00 SPF_FAIL SPF: sender does not match SPF record (fail) 2.80 UNWANTED_LANGUAGE_BODY Message written in an undesired language 0.37 UPPERCASE_50_75 message body is 50-75% uppercase 1.37 USERPASS URL contains username and (optional) password 0.21 X_AUTH_WARN_FAKED X-Authentication-Warning header looks faked > I doubt whether it is the fact that it is a UUencoded post is the > only factor. Not the only factor I agree. But BAYES_99, SARE_*, UNWANTED_LANGUAGE_BODY, UPPERCASE etc. surely are due to uuencoded text since that is the only thing in the body. Regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060505/cf639811/smime.bin From a.peacock at chime.ucl.ac.uk Fri May 5 11:33:52 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri May 5 11:34:07 2006 Subject: 4.53.7, endless loop in debug mode In-Reply-To: <03F1D7E0-D8B5-4214-8942-642986CCC342@ecs.soton.ac.uk> References: <03F1D7E0-D8B5-4214-8942-642986CCC342@ecs.soton.ac.uk> Message-ID: <445B2A10.5070709@chime.ucl.ac.uk> Hi Julian, Thanks for this. Replacing the previous Message.pm with this new one seems to have fixed the problem. I placed the saved queue files that were causing the problem yesterday in the incoming queue, and MS ran without hitch, both in debug mode and in normal operation. I will keep and eye on this and get back if I noticed any further glitches. Julian Field wrote: > Please can you try the attached Message.pm file instead of your previous > one. I have rewritten a whole chunk of the phishing net and it should be > more reliable now (I hope!). > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > > On 3 May 2006, at 19:52, Jeff A. Earickson wrote: > >> The attached message cause 4.53.7 >> to go into some kind of endless loop when I ran it in debug >> mode. I didn't try it in normal mode. The debug output is >> attached too. >> >> In debug mode, I got hundreds of syslog msgs like: >> >> MailScanner[16465]: Found phishing fraud from www.evite.com claiming >> to be >> www.greetingstoall,afternearly3yearsbackinthestates,i'mheadingbacktolondonforwor >> in k43IWccm014788 >> >> I've fallen back to 4.52.2. My setup: Solaris 10, sendmail 8.13.6, >> SA 3.1.1. >> >> Jeff Earickson >> Colby College >> >> >> > > --Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From a.peacock at chime.ucl.ac.uk Fri May 5 11:52:08 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri May 5 11:52:14 2006 Subject: Mailscanner does not identify attachment in mail In-Reply-To: References: Message-ID: <445B2E58.5070408@chime.ucl.ac.uk> Hi, Koopmann, Jan-Peter wrote: > On Friday, May 05, 2006 10:53 AM Anthony Peacock wrote: > >> We would really need to see which SA rules hit. (Sorry if you >> provided that in an earlier post, I didn't keep a copy). > > 5.00 BAYES_99 Bayesian spam probability is 99 to 100% > 0.34 FB_SINGLE_0WORD > 1.01 FB_SINGLE_1WORD > 1.39 FB_WORD2_END_DOLLAR > 0.59 FB_WORD_01DOLLAR2 > 1.25 FH_RELAY_NODNS > 1.10 FM_MULTI_ODD2 > 0.70 FM_MULTI_ODD3 > 0.70 FM_MULTI_ODD4 > 0.90 FM_MULTI_ODD5 > 3.20 FM_N0N0_WORDS > 0.55 HELO_MISMATCH_COM > 0.96 NO_REAL_NAME From: does not include a real name > 2.10 OBSCURED_EMAIL Message seems to contain rot13ed address > 0.99 RELAY_IS_203 > 2.00 SARE_RAND_6 > 0.42 SARE_RMML_Stock9 > 5.00 SARE_URI_EQUALS > 2.00 SPF_FAIL SPF: sender does not match SPF record (fail) > 2.80 UNWANTED_LANGUAGE_BODY Message written in an undesired language > 0.37 UPPERCASE_50_75 message body is 50-75% uppercase > 1.37 USERPASS URL contains username and (optional) password > 0.21 X_AUTH_WARN_FAKED X-Authentication-Warning header looks faked > >> I doubt whether it is the fact that it is a UUencoded post is the >> only factor. > > Not the only factor I agree. But BAYES_99, SARE_*, UNWANTED_LANGUAGE_BODY, > UPPERCASE etc. surely are due to uuencoded text since that is the only thing > in the body. Yup! I agree that SA is scoring the UU code. What version of SA do you have installed. I would suggest that you post this question to the SpamAssassin-users mailing list. If you can place the full (inc headers) email in a downloadable location, it will help people run it against their installs. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From Jan-Peter.Koopmann at seceidos.de Fri May 5 12:02:36 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Fri May 5 12:02:46 2006 Subject: Mailscanner does not identify attachment in mail Message-ID: On Friday, May 05, 2006 12:52 PM Anthony Peacock wrote: > Yup! I agree that SA is scoring the UU code. What version of SA do > you have installed. p5-Mail-SpamAssassin-3.1.1_4 > I would suggest that you post this question to the SpamAssassin-users > mailing list. If you can place the full (inc headers) email in a > downloadable location, it will help people run it against their > installs. I have to check this with the client. I have no clue how confidential that mail is. Frankly I just whitelisted that particular IP so the problem is "gone" (sort of). The bug-reports for SpamAssassin suggest that uudecoded mail bodies are just treated as text and therefore all those rules should apply unfortunatly. Unless I got this the wrong way and it should not be scanned at all there is not much we could do. MailScanner could decide not to send mail-bodies consisting of only uuencoded text to SpamAssassin but I am not sure it is A) feasable B) worth the effort. Opinions? Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060505/ae3374bb/smime.bin From Jan-Peter.Koopmann at seceidos.de Fri May 5 12:06:31 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Fri May 5 12:06:43 2006 Subject: 4.53.7, endless loop in debug mode Message-ID: On Friday, May 05, 2006 11:53 AM Julian Field wrote: > Please can you try the attached Message.pm file instead of your > previous one. I have rewritten a whole chunk of the phishing net and > it should be more reliable now (I hope!). FreeBSD port 4.53.7 has just been committed. Is this a bug worth releasing a new version? Is the new Message.pm stable enough? Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060505/d5945c6c/smime.bin From jaearick at colby.edu Fri May 5 12:28:49 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri May 5 12:33:32 2006 Subject: 4.53.7, endless loop in debug mode In-Reply-To: References: Message-ID: Please let me try and test it this morning. You Europeans had a five hour head start on this. Thanks. Jeff Earickson Colby College On Fri, 5 May 2006, Koopmann, Jan-Peter wrote: > Date: Fri, 5 May 2006 13:06:31 +0200 > From: "Koopmann, Jan-Peter" > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: RE: 4.53.7, endless loop in debug mode > > On Friday, May 05, 2006 11:53 AM Julian Field wrote: > >> Please can you try the attached Message.pm file instead of your >> previous one. I have rewritten a whole chunk of the phishing net and >> it should be more reliable now (I hope!). > > FreeBSD port 4.53.7 has just been committed. Is this a bug worth releasing a > new version? Is the new Message.pm stable enough? > > > Kind regards, > JP > From prandal at herefordshire.gov.uk Fri May 5 12:36:45 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri May 5 12:37:16 2006 Subject: 4.53.7, endless loop in debug mode Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580CC0AFAD@isabella.herefordshire.gov.uk> Julian, This one needs a 4.53.8 release, because it can affect anybody. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Anthony Peacock > Sent: 05 May 2006 11:34 > To: MailScanner discussion > Subject: Re: 4.53.7, endless loop in debug mode > > Hi Julian, > > Thanks for this. > > Replacing the previous Message.pm with this new one seems to > have fixed > the problem. > > I placed the saved queue files that were causing the problem > yesterday > in the incoming queue, and MS ran without hitch, both in > debug mode and > in normal operation. > > I will keep and eye on this and get back if I noticed any > further glitches. > > Julian Field wrote: > > Please can you try the attached Message.pm file instead of > your previous > > one. I have rewritten a whole chunk of the phishing net and > it should be > > more reliable now (I hope!). > > > > > > --This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > MailScanner thanks transtec Computers for their support. > > > > > > On 3 May 2006, at 19:52, Jeff A. Earickson wrote: > > > >> The attached message cause 4.53.7 > >> to go into some kind of endless loop when I ran it in debug > >> mode. I didn't try it in normal mode. The debug output is > >> attached too. > >> > >> In debug mode, I got hundreds of syslog msgs like: > >> > >> MailScanner[16465]: Found phishing fraud from > www.evite.com claiming > >> to be > >> > www.greetingstoall,afternearly3yearsbackinthestates,i'mheading > backtolondonforwor > >> in k43IWccm014788 > >> > >> I've fallen back to 4.52.2. My setup: Solaris 10, sendmail 8.13.6, > >> SA 3.1.1. > >> > >> Jeff Earickson > >> Colby College > >> > >> > >> > > > > --Julian Field > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "The most exciting phrase to hear in science, the one that > heralds new > discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From maillists at conactive.com Fri May 5 13:09:33 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Fri May 5 13:09:34 2006 Subject: Mailscanner does not identify attachment in mail In-Reply-To: References: Message-ID: Jan-Peter Koopmann wrote on Fri, 5 May 2006 13:02:36 +0200: > The bug-reports for SpamAssassin suggest that uudecoded > mail bodies are just treated as text and therefore all those rules should > apply unfortunatly. Unless I got this the wrong way and it should not be > scanned at all there is not much we could do. > > MailScanner could decide not to send mail-bodies consisting of only > uuencoded text to SpamAssassin but I am not sure it is > > A) feasable > B) worth the effort. Since MS unpacks and scans the attachment (I assume), anyway, I agree something could be done at this stage. AFAIK a uuencoded attachment normally doesn't get displayed inline, not even by MS software. So, it won't be displayed even if it is a spam html page or so. What does MS do with attachments in general? I've been assuming that it only gives the first x bytes (there's a setting for that) to SA and no attachments at all. When I encountered the uu problem the first time last year I didn't think about MS in this regard at all I just thought about the fact that SA didn't refuse scanning it and decided against a bug report for SA. (One of the things why SA can't refuse that is that it might not get the end of the attachment, so it cannot guarantee it's really an attachment I guess.) But you are right, something could be done here by MS. Maybe it's that special case here that the body contains only that attachment and nothing else which makes it pipe the body to SA? In general I think it should be safe to exclude uuencoded attachments from spam scanning if the detection of that attachment is reasonably safe. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From jaearick at colby.edu Fri May 5 13:14:28 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri May 5 13:15:48 2006 Subject: 4.53.7, endless loop in debug mode In-Reply-To: <03F1D7E0-D8B5-4214-8942-642986CCC342@ecs.soton.ac.uk> References: <03F1D7E0-D8B5-4214-8942-642986CCC342@ecs.soton.ac.uk> Message-ID: Julian, Yes, the new Message.pm worked with my problem message. Attached is the debug output from my run with the one problem message. I'm now running 4.53.7 with the new Message.pm in production, waiting for the sound of screeching tires and breaking glass. :) If you decide to roll out a new release (I think you should), please add this small change to MailScanner.conf comments: *** MailScanner.conf.orig Wed May 3 14:00:23 2006 --- MailScanner.conf.new Fri May 5 08:10:13 2006 *************** *** 1945,1950 **** --- 1945,1951 ---- # cron job has run successfully and has created a directory structure under # the spamassassin directory within this one and has put some *.cf files in # there. Otherwise it will ignore all your current rules! + # The default location may be /var/opt on Solaris systems. SpamAssassin Local State Dir = # /var/lib # The default rules are searched for here, and in prefix/share/spamassassin, Thanks for the quick work! Jeff Earickson Colby College On Fri, 5 May 2006, Julian Field wrote: > Date: Fri, 5 May 2006 10:52:31 +0100 > From: Julian Field > To: Jeff A. Earickson > Cc: MailScanner mailing list > Subject: Re: 4.53.7, endless loop in debug mode > > Please can you try the attached Message.pm file instead of your previous one. > I have rewritten a whole chunk of the phishing net and it should be more > reliable now (I hope!). > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > -------------- next part -------------- Starting MailScanner... In Debugging mode, not forking... [14612] dbg: logger: adding facilities: all [14612] dbg: logger: logging level is DBG [14612] dbg: generic: SpamAssassin version 3.1.1 [14612] dbg: config: score set 0 chosen. [14612] dbg: util: running in taint mode? no [14612] dbg: dns: is Net::DNS::Resolver available? yes [14612] dbg: dns: Net::DNS version: 0.48 [14612] dbg: ignore: test message to precompile patterns and load modules [14612] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [14612] dbg: config: read file /etc/mail/spamassassin/init.pre [14612] dbg: config: read file /etc/mail/spamassassin/v310.pre [14612] dbg: config: using "/var/opt/spamassassin/3.001001" for sys rules pre files [14612] dbg: config: using "/var/opt/spamassassin/3.001001" for default rules dir [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org.cf [14612] dbg: config: using "/etc/mail/spamassassin" for site rules dir [14612] dbg: config: read file /etc/mail/spamassassin/backhair.cf [14612] dbg: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf [14612] dbg: config: read file /etc/mail/spamassassin/local.cf [14612] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf [14612] dbg: config: read file /etc/mail/spamassassin/updates_spamassassin_org.cf [14612] dbg: config: using "//.spamassassin/user_prefs" for user prefs file [14612] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [14612] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x15ec84c) [14612] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC [14612] dbg: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x15f9484) [14612] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [14612] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0xf8a6d8) [14612] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [14612] dbg: pyzor: network tests on, attempting Pyzor [14612] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x16f752c) [14612] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [14612] dbg: reporter: network tests on, attempting SpamCop [14612] dbg: plugin: registered Mail::SpamAssassin::Plugin::SpamCop=HASH(0x17b0db8) [14612] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [14612] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x17c8944) [14612] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [14612] dbg: plugin: registered Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x17b638c) [14612] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [14612] dbg: plugin: registered Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x17dbf9c) [14612] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [14612] dbg: plugin: registered Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x17e7c00) [14612] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [14612] dbg: plugin: registered Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x17f4640) [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/10_misc.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/10_misc.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/10_misc.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_advance_fee.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_advance_fee.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_advance_fee.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_anti_ratware.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_anti_ratware.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_anti_ratware.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_body_tests.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_body_tests.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_body_tests.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_compensate.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_compensate.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_compensate.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_dnsbl_tests.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_dnsbl_tests.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_dnsbl_tests.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_drugs.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_drugs.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_drugs.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_fake_helo_tests.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_fake_helo_tests.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_fake_helo_tests.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_head_tests.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_head_tests.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_head_tests.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_html_tests.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_html_tests.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_html_tests.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_meta_tests.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_meta_tests.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_meta_tests.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_net_tests.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_net_tests.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_net_tests.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_phrases.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_phrases.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_phrases.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_porn.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_porn.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_porn.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_ratware.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_ratware.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_ratware.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_uri_tests.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/20_uri_tests.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/20_uri_tests.cf [14612] dbg: config: adding redirector regex: /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i [14612] dbg: config: adding redirector regex: /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i [14612] dbg: config: adding redirector regex: /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i [14612] dbg: config: adding redirector regex: /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i [14612] dbg: config: adding redirector regex: /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i [14612] dbg: config: adding redirector regex: m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&\#])'i [14612] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i [14612] dbg: config: adding redirector regex: m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&\#])'i [14612] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&\#])'i [14612] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&\#])'i [14612] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&\#])'i [14612] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&\#])'i [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/23_bayes.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/23_bayes.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/23_bayes.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_accessdb.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_accessdb.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_accessdb.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_antivirus.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_antivirus.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_antivirus.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_body_tests_es.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_body_tests_es.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_body_tests_es.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_body_tests_pl.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_body_tests_pl.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_body_tests_pl.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_dcc.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_dcc.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_dcc.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_dkim.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_dkim.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_dkim.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_domainkeys.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_domainkeys.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_domainkeys.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_hashcash.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_hashcash.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_hashcash.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_pyzor.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_pyzor.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_pyzor.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_razor2.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_razor2.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_razor2.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_replace.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_replace.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_replace.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_spf.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_spf.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_spf.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_textcat.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_textcat.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_textcat.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_uribl.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/25_uribl.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/25_uribl.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_de.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_de.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_de.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_fr.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_fr.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_fr.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_it.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_it.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_it.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_nl.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_nl.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_nl.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_pl.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_pl.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_pl.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_pt_br.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_pt_br.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/30_text_pt_br.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/50_scores.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/50_scores.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/50_scores.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/60_awl.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/60_awl.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/60_awl.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/60_whitelist.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/60_whitelist.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/60_whitelist.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/60_whitelist_dkim.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/60_whitelist_dkim.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/60_whitelist_dkim.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/60_whitelist_spf.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/60_whitelist_spf.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/60_whitelist_spf.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/60_whitelist_subject.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/60_whitelist_subject.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/60_whitelist_subject.cf [14612] dbg: plugin: fixed relative path: /var/opt/spamassassin/3.001001/updates_spamassassin_org/80_additional.cf [14612] dbg: config: using "/var/opt/spamassassin/3.001001/updates_spamassassin_org/80_additional.cf" for included file [14612] dbg: config: read file /var/opt/spamassassin/3.001001/updates_spamassassin_org/80_additional.cf [14612] info: config: pyzor_path "/usr/bin/pyzor" isn't an executable [14612] info: config: SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path /usr/bin/pyzor [14612] info: config: failed to parse line, skipping: dcc_path /opt/dcc/bin/dccproc [14612] info: config: failed to parse line, skipping: dcc_home /opt/dcc [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/10_misc.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/10_misc.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_anti_ratware.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_anti_ratware.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_compensate.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_compensate.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_dnsbl_tests.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_dnsbl_tests.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_drugs.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_drugs.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_fake_helo_tests.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_fake_helo_tests.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_head_tests.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_head_tests.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_html_tests.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_html_tests.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_meta_tests.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_meta_tests.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_net_tests.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_net_tests.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_phrases.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_phrases.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_porn.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_porn.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_ratware.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_ratware.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/20_uri_tests.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/20_uri_tests.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/23_bayes.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/23_bayes.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_accessdb.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_accessdb.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_antivirus.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_antivirus.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_body_tests_es.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_body_tests_es.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_body_tests_pl.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_body_tests_pl.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_dcc.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_dcc.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_dkim.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_dkim.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_domainkeys.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_domainkeys.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_hashcash.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_hashcash.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_pyzor.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_pyzor.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_razor2.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_razor2.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_replace.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_replace.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_spf.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_spf.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_textcat.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_textcat.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/25_uribl.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/25_uribl.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/30_text_de.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/30_text_de.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/30_text_fr.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/30_text_fr.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/30_text_it.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/30_text_it.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/30_text_nl.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/30_text_nl.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/30_text_pl.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/30_text_pl.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/30_text_pt_br.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/30_text_pt_br.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/50_scores.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/50_scores.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/60_awl.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/60_awl.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/60_whitelist.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/60_whitelist.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/60_whitelist_dkim.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/60_whitelist_dkim.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/60_whitelist_spf.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/60_whitelist_spf.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/60_whitelist_subject.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/60_whitelist_subject.cf" for included file [14612] dbg: plugin: fixed relative path: /etc/mail/spamassassin/updates_spamassassin_org/80_additional.cf [14612] dbg: config: using "/etc/mail/spamassassin/updates_spamassassin_org/80_additional.cf" for included file [14612] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x17f4640) implements 'finish_parsing_end' [14612] dbg: replacetags: replacing tags [14612] dbg: replacetags: done replacing tags [14612] dbg: bayes: tie-ing to DB file R/O /var/spool/spamassassin/bayes_toks [14612] dbg: bayes: tie-ing to DB file R/O /var/spool/spamassassin/bayes_seen [14612] dbg: bayes: found bayes db version 3 [14612] dbg: bayes: DB journal sync: last sync: 1126554232 [14612] dbg: config: score set 3 chosen. [14612] dbg: message: ---- MIME PARSER START ---- [14612] dbg: message: main message type: text/plain [14612] dbg: message: parsing normal part [14612] dbg: message: added part, type: text/plain [14612] dbg: message: ---- MIME PARSER END ---- [14612] dbg: dns: dns_available set to yes in config file, skipping test [14612] dbg: metadata: X-Spam-Relays-Trusted: [14612] dbg: metadata: X-Spam-Relays-Untrusted: [14612] dbg: message: no encoding detected [14612] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x15ec84c) implements 'parsed_metadata' [14612] dbg: uridnsbl: domains to query: [14612] dbg: check: running tests for priority: 0 [14612] dbg: rules: running header regexp tests; score so far=0 [14612] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [14612] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1146830616.53826@spamassassin_spamd_init> [14612] dbg: rules: " [14612] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@spamassassin_spamd_init>" [14612] dbg: rules: ran header rule NO_REAL_NAME ======> got hit: "ignore@compiling.spamassassin.taint.org [14612] dbg: rules: " [14612] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1146830616" [14612] dbg: plugin: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x15f9484)) [14612] dbg: plugin: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0xf8a6d8)) [14612] dbg: spf: no trusted relays found, using first (untrusted) relay (if present) for SPF checks [14612] dbg: spf: no suitable relay for spf use found, skipping SPF-helo check [14612] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org [14612] dbg: plugin: registering glue method for check_subject_in_blacklist (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x17dbf9c)) [14612] dbg: plugin: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x15f9484)) [14612] dbg: eval: all '*To' addrs: [14612] dbg: plugin: registering glue method for check_for_spf_neutral (Mail::SpamAssassin::Plugin::SPF=HASH(0xf8a6d8)) [14612] dbg: spf: no suitable relay for spf use found, skipping SPF check [14612] dbg: plugin: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0xf8a6d8)) [14612] dbg: rules: ran eval rule NO_RELAYS ======> got hit [14612] dbg: plugin: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0xf8a6d8)) [14612] dbg: plugin: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0xf8a6d8)) [14612] dbg: plugin: registering glue method for check_for_def_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0xf8a6d8)) [14612] dbg: spf: cannot get Envelope-From, cannot use SPF [14612] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender [14612] dbg: plugin: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0xf8a6d8)) [14612] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit [14612] dbg: plugin: registering glue method for check_subject_in_whitelist (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x17dbf9c)) [14612] dbg: plugin: registering glue method for check_for_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0xf8a6d8)) [14612] dbg: spf: spf_whitelist_from: could not find useable envelope sender [14612] dbg: rules: running body-text per-line regexp tests; score so far=0.96 [14612] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" [14612] dbg: uri: running uri tests; score so far=0.96 [14612] dbg: plugin: registering glue method for _mimeheader_eval_TVD_FW_GRAPHIC_NAME_LONG (Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x17e7c00)) [14612] dbg: plugin: registering glue method for _mimeheader_eval_TVD_FW_GRAPHIC_ID1 (Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x17e7c00)) [14612] dbg: plugin: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x15ec84c)) [14612] dbg: plugin: registering glue method for _mimeheader_eval_TVD_FW_GRAPHIC_NAME_MID (Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x17e7c00)) [14612] dbg: plugin: registering glue method for _mimeheader_eval___GIF_ATTACH (Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x17e7c00)) [14612] dbg: plugin: registering glue method for _mimeheader_eval_TVD_FW_GRAPHIC_ID2 (Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x17e7c00)) [14612] dbg: rules: running raw-body-text per-line regexp tests; score so far=0.96 [14612] dbg: rules: running full-text regexp tests; score so far=0.96 [14612] dbg: plugin: registering glue method for check_pyzor (Mail::SpamAssassin::Plugin::Pyzor=HASH(0x16f752c)) [14612] dbg: pyzor: use_pyzor option not enabled, disabling Pyzor [14612] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x15ec84c) implements 'check_tick' [14612] dbg: check: running tests for priority: 500 [14612] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x15ec84c) implements 'check_post_dnsbl' [14612] dbg: rules: running meta tests; score so far=0.96 [14612] dbg: rules: running header regexp tests; score so far=2.906 [14612] dbg: rules: running body-text per-line regexp tests; score so far=2.906 [14612] dbg: uri: running uri tests; score so far=2.906 [14612] dbg: rules: running raw-body-text per-line regexp tests; score so far=2.906 [14612] dbg: rules: running full-text regexp tests; score so far=2.906 [14612] dbg: check: running tests for priority: 1000 [14612] dbg: rules: running meta tests; score so far=2.906 [14612] dbg: rules: running header regexp tests; score so far=2.906 [14612] dbg: plugin: registering glue method for check_from_in_auto_whitelist (Mail::SpamAssassin::Plugin::AWL=HASH(0x17c8944)) [14612] dbg: rules: running body-text per-line regexp tests; score so far=2.906 [14612] dbg: uri: running uri tests; score so far=2.906 [14612] dbg: rules: running raw-body-text per-line regexp tests; score so far=2.906 [14612] dbg: rules: running full-text regexp tests; score so far=2.906 [14612] dbg: check: is spam? score=2.906 required=5 [14612] dbg: check: tests=MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE [14612] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID [14612] dbg: bayes: untie-ing [14612] dbg: bayes: untie-ing db_toks [14612] dbg: bayes: untie-ing db_seen [14621] dbg: message: ---- MIME PARSER START ---- [14621] dbg: message: main message type: multipart/related [14621] dbg: message: parsing multipart, got boundary: ----=_Part_121008_2180492.1146681134503 [14621] dbg: message: found part of type multipart/alternative, boundary: ----=_Part_121009_6102710.1146681134506 [14621] dbg: message: parsing multipart, got boundary: ----=_Part_121009_6102710.1146681134506 [14621] dbg: message: found part of type text/plain, boundary: ----=_Part_121009_6102710.1146681134506 [14621] dbg: message: parsing normal part [14621] dbg: message: added part, type: text/plain [14621] dbg: message: found part of type text/html, boundary: ----=_Part_121009_6102710.1146681134506 [14621] dbg: message: parsing normal part [14621] dbg: message: added part, type: text/html [14621] dbg: message: added part, type: multipart/alternative [14621] dbg: message: ---- MIME PARSER END ---- [14621] dbg: dns: name server: 137.146.28.68, family: 2, ipv6: 0 [14621] dbg: received-header: parsed as [ ip=209.104.61.24 rdns=mail7.evite.com helo=mail7.evite.com by=coal.colby.edu ident= envfrom= intl=0 id=k43IWccm014788 auth= ] [14621] dbg: dns: looking up A records for 'coal.colby.edu' [14621] dbg: dns: A records for 'coal.colby.edu': 137.146.28.68 [14621] dbg: dns: looking up A records for 'coal.colby.edu' [14621] dbg: dns: A records for 'coal.colby.edu': 137.146.28.68 [14621] dbg: received-header: 'by' coal.colby.edu has public IP 137.146.28.68 [14621] dbg: received-header: relay 209.104.61.24 trusted? no internal? no [14621] dbg: received-header: parsed as [ ip=209.104.61.122 rdns=www22.evite.com helo=www22 by=mail7.evite.com ident= envfrom= intl=0 id=k43IWEfu020541 auth= ] [14621] dbg: received-header: relay 209.104.61.122 trusted? no internal? no [14621] dbg: metadata: X-Spam-Relays-Trusted: [14621] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=209.104.61.24 rdns=mail7.evite.com helo=mail7.evite.com by=coal.colby.edu ident= envfrom= intl=0 id=k43IWccm014788 auth= ] [ ip=209.104.61.122 rdns=www22.evite.com helo=www22 by=mail7.evite.com ident= envfrom= intl=0 id=k43IWEfu020541 auth= ] [14621] dbg: message: decoding other encoding type (7bit), ignoring [14621] dbg: message: decoding other encoding type (7bit), ignoring [14621] dbg: uri: html uri found, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: cleaned html uri, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/images/eric.gif [14621] dbg: uri: cleaned html uri, http://www.evite.com/images/eric.gif [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/inviteMore?eventID=FZKJBFGOZUFDSADKKQDF&iid=ZPKWSNKQKSVXUHFIRYVU [14621] dbg: uri: cleaned html uri, http://www.evite.com/inviteMore?eventID=FZKJBFGOZUFDSADKKQDF&iid=ZPKWSNKQKSVXUHFIRYVU [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/ [14621] dbg: uri: cleaned html uri, http://www.evite.com/ [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/images/v_email/top_trans.png [14621] dbg: uri: cleaned html uri, http://www.evite.com/images/v_email/top_trans.png [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/images/v_email/logo.gif [14621] dbg: uri: cleaned html uri, http://www.evite.com/images/v_email/logo.gif [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/respond/rmcomm?iid=ZPKWSNKQKSVXUHFIRYVU [14621] dbg: uri: cleaned html uri, http://www.evite.com/respond/rmcomm?iid=ZPKWSNKQKSVXUHFIRYVU [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/html/designGallery/designs/Vintage_Travel/vmg_bonvoyage.gif [14621] dbg: uri: cleaned html uri, http://www.evite.com/html/designGallery/designs/Vintage_Travel/vmg_bonvoyage.gif [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: parsed uri found, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&src=email [14621] dbg: uri: cleaned parsed uri, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&src=email [14621] dbg: uri: parsed domain, evite.com [14621] dbg: uri: parsed uri found, http://www.evite.com/privacy [14621] dbg: uri: cleaned parsed uri, http://www.evite.com/privacy [14621] dbg: uri: parsed domain, evite.com [14621] dbg: uri: parsed uri found, mailto:info@evite.com [14621] dbg: uri: cleaned parsed uri, mailto:info@evite.com [14621] dbg: uri: parsed domain, evite.com [14621] dbg: uri: parsed uri found, mailto:info@evite.com [14621] dbg: uri: parsed domain, evite.com [14621] dbg: uri: parsed uri found, http://www.evite.com/r?iid=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: cleaned parsed uri, http://www.evite.com/r?iid=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: parsed domain, evite.com [14621] dbg: uridnsbl: domains to query: evite.com [14621] dbg: check: running tests for priority: 0 [14621] dbg: rules: running header regexp tests; score so far=0 [14621] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [14621] dbg: rules: ran header rule __HAS_RCVD ======> got hit: "f" [14621] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<26346609.1146681157211.JavaMail.evite@www22> [14621] dbg: rules: " [14621] dbg: rules: ran header rule __CTYPE_HAS_BOUNDARY ======> got hit: "boundary" [14621] dbg: rules: ran header rule __CT ======> got hit: "m" [14621] dbg: rules: ran header rule __MIME_VERSION ======> got hit: "1" [14621] dbg: rules: ran header rule __TOCC_EXISTS ======> got hit: """ [14621] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1146681157" [14621] dbg: rules: ran header rule __HAS_SUBJECT ======> got hit: "B" [14621] dbg: rules: ran header rule __MSGID_OK_HEX ======> got hit: "26346609" [14621] dbg: spf: no trusted relays found, using first (untrusted) relay (if present) for SPF checks [14621] dbg: spf: checking HELO (helo=mail7.evite.com, ip=209.104.61.24) [14621] dbg: spf: query for /209.104.61.24/mail7.evite.com: result: none, comment: SPF: domain of sender mail7.evite.com does not designate mailers [14621] dbg: eval: all '*From' addrs: info@evite.com ?g [14621] dbg: eval: forged-HELO: from=evite.com helo=evite.com by=colby.edu [14621] dbg: eval: forged-HELO: from=evite.com helo=www22 by=evite.com [14621] dbg: eval: trying Received header date for real time: 3 May 2006 14:32:46 -0400 [14621] dbg: eval: time_t from date=1146681166, rcvd= 3 May 2006 14:32:46 -0400 [14621] dbg: eval: trying Received header date for real time: 3 May 2006 11:32:37 -0700 [14621] dbg: eval: time_t from date=1146681157, rcvd= 3 May 2006 11:32:37 -0700 [14621] dbg: eval: all '*To' addrs: maduggan@colby.edu [14621] dbg: spf: checking EnvelopeFrom (helo=mail7.evite.com, ip=209.104.61.24, envfrom=?g) [14621] dbg: spf: query for ?g/209.104.61.24/mail7.evite.com: result: unknown, comment: Please see http://www.openspf.org/why.html?sender=%81g&ip=209.104.61.24&receiver=coal: domain of sender ?g does not exist [14621] dbg: spf: def_whitelist_from_spf: ?g is not in DEF_WHITELIST_FROM_SPF [14621] dbg: eval: date chosen from message: Wed May 3 14:32:46 2006 [14621] dbg: spf: whitelist_from_spf: ?g is not in user's WHITELIST_FROM_SPF [14621] dbg: rules: running body-text per-line regexp tests; score so far=0 [14621] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "B" [14621] dbg: uri: running uri tests; score so far=0 [14621] dbg: bayes: tie-ing to DB file R/O /var/spool/spamassassin/bayes_toks [14621] dbg: bayes: tie-ing to DB file R/O /var/spool/spamassassin/bayes_seen [14621] dbg: bayes: found bayes db version 3 [14621] dbg: bayes: DB journal sync: last sync: 1126554232 [14621] dbg: bayes: corpus size: nspam = 165933, nham = 1270606 [14621] dbg: bayes: score = 0 [14621] dbg: bayes: DB expiry: tokens in DB: 328107, Expiry max size: 150000, Oldest atime: 1126411200, Newest atime: 1145900818, Last expire: 1126519525, Current time: 1146830621 [14621] dbg: bayes: opportunistic call found expiry due [14621] dbg: bayes: bayes journal sync starting [14621] dbg: bayes: bayes journal sync completed [14621] dbg: bayes: expiry starting [14621] dbg: locker: safe_lock: created /var/spool/spamassassin/bayes.mutex [14621] dbg: locker: safe_lock: trying to get lock on /var/spool/spamassassin/bayes with 10 timeout [14621] dbg: locker: safe_lock: link to /var/spool/spamassassin/bayes.mutex: link ok [14621] dbg: bayes: tie-ing to DB file R/W /var/spool/spamassassin/bayes_toks [14621] dbg: bayes: tie-ing to DB file R/W /var/spool/spamassassin/bayes_seen [14621] dbg: bayes: found bayes db version 3 [14621] dbg: locker: refresh_lock: refresh /var/spool/spamassassin/bayes.mutex [14621] dbg: bayes: DB expiry: tokens in DB: 0, Expiry max size: 150000, Oldest atime: 0, Newest atime: 0, Last expire: 0, Current time: 1146830621 [14621] dbg: bayes: expiry completed [14621] dbg: bayes: untie-ing [14621] dbg: bayes: untie-ing db_toks [14621] dbg: bayes: untie-ing db_seen [14621] dbg: bayes: files locked, now unlocking lock [14621] dbg: locker: safe_unlock: unlocked /var/spool/spamassassin/bayes.mutex [14621] dbg: rules: ran eval rule __TAG_EXISTS_BODY ======> got hit [14621] dbg: eval: text words: 152, html words: 108 [14621] dbg: eval: madiff: left: 53, orig: 108, max-difference: 49.07% [14621] dbg: rules: ran eval rule __COMMENT_EXISTS ======> got hit [14621] dbg: rules: ran eval rule BAYES_00 ======> got hit [14621] dbg: rules: ran eval rule __MIME_HTML ======> got hit [14621] dbg: rules: ran eval rule HTML_MESSAGE ======> got hit [14621] dbg: rules: ran eval rule __TAG_EXISTS_HTML ======> got hit [14621] dbg: rules: ran eval rule __HTML_LINK_IMAGE ======> got hit [14621] dbg: rules: running raw-body-text per-line regexp tests; score so far=-0.049 [14621] dbg: rules: running full-text regexp tests; score so far=-0.049 [14621] dbg: pyzor: use_pyzor option not enabled, disabling Pyzor [14621] dbg: uridnsbl: select found 1 socks ready [14621] dbg: uridnsbl: queries completed: 1 started: 2 [14621] dbg: uridnsbl: queries active: DNSBL=2 at Fri May 5 08:03:41 2006 [14621] dbg: check: running tests for priority: 500 [14621] dbg: uridnsbl: select found 1 socks ready [14621] dbg: uridnsbl: query for evite.com took 1 seconds to look up (multi.surbl.org.:evite.com) [14621] dbg: uridnsbl: queries completed: 1 started: 0 [14621] dbg: uridnsbl: queries active: A=2 DNSBL=1 at Fri May 5 08:03:41 2006 [14621] dbg: uridnsbl: waiting 2 seconds for URIDNSBL lookups to complete [14621] dbg: uridnsbl: select found 1 socks ready [14621] dbg: uridnsbl: query for evite.com took 1 seconds to look up (multi.uribl.com.:evite.com) [14621] dbg: uridnsbl: queries completed: 1 started: 0 [14621] dbg: uridnsbl: queries active: A=2 at Fri May 5 08:03:41 2006 [14621] dbg: uridnsbl: select found 1 socks ready [14621] dbg: uridnsbl: queries completed: 1 started: 1 [14621] dbg: uridnsbl: queries active: A=1 at Fri May 5 08:03:41 2006 [14621] dbg: uridnsbl: select found 1 socks ready [14621] dbg: uridnsbl: queries completed: 1 started: 1 [14621] dbg: uridnsbl: queries active: DNSBL=1 at Fri May 5 08:03:41 2006 [14621] dbg: uridnsbl: select found 1 socks ready [14621] dbg: uridnsbl: query for evite.com took 1 seconds to look up (sbl.spamhaus.org.:54.61.104.209) [14621] dbg: uridnsbl: queries completed: 1 started: 0 [14621] dbg: uridnsbl: queries active: DNSBL=1 at Fri May 5 08:03:41 2006 [14621] dbg: uridnsbl: select found 1 socks ready [14621] dbg: uridnsbl: query for evite.com took 1 seconds to look up (sbl.spamhaus.org.:52.61.104.209) [14621] dbg: uridnsbl: queries completed: 1 started: 0 [14621] dbg: uridnsbl: queries active: at Fri May 5 08:03:41 2006 [14621] dbg: uridnsbl: done waiting for URIDNSBL lookups to complete [14621] dbg: rules: running meta tests; score so far=-0.049 [14621] dbg: rules: running header regexp tests; score so far=-0.049 [14621] dbg: rules: running body-text per-line regexp tests; score so far=-0.049 [14621] dbg: uri: running uri tests; score so far=-0.049 [14621] dbg: rules: running raw-body-text per-line regexp tests; score so far=-0.049 [14621] dbg: rules: running full-text regexp tests; score so far=-0.049 [14621] dbg: check: running tests for priority: 1000 [14621] dbg: rules: running meta tests; score so far=-0.049 [14621] dbg: rules: running header regexp tests; score so far=-0.049 [14621] dbg: rules: running body-text per-line regexp tests; score so far=-0.049 [14621] dbg: uri: running uri tests; score so far=-0.049 [14621] dbg: rules: running raw-body-text per-line regexp tests; score so far=-0.049 [14621] dbg: rules: running full-text regexp tests; score so far=-0.049 [14621] dbg: plugin: Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x17b638c) implements 'autolearn_discriminator' [14621] dbg: learn: auto-learn: currently using scoreset 3, recomputing score based on scoreset 1 [14621] dbg: learn: auto-learn: message score: -0.049, computed score for autolearn: 0.001 [14621] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=0.001, head-points=0, learned-points=-0.05 [14621] dbg: learn: auto-learn? yes, ham (0.001 < 0.1) [14621] dbg: learn: initializing learner [14621] dbg: learn: learning ham [14621] dbg: eval: all '*From' addrs: info@evite.com ?g [14621] dbg: eval: all '*To' addrs: maduggan@colby.edu [14621] dbg: uri: html uri found, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: cleaned html uri, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/images/eric.gif [14621] dbg: uri: cleaned html uri, http://www.evite.com/images/eric.gif [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/inviteMore?eventID=FZKJBFGOZUFDSADKKQDF&iid=ZPKWSNKQKSVXUHFIRYVU [14621] dbg: uri: cleaned html uri, http://www.evite.com/inviteMore?eventID=FZKJBFGOZUFDSADKKQDF&iid=ZPKWSNKQKSVXUHFIRYVU [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/ [14621] dbg: uri: cleaned html uri, http://www.evite.com/ [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&src=email [14621] dbg: uri: cleaned html uri, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&src=email [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/images/v_email/top_trans.png [14621] dbg: uri: cleaned html uri, http://www.evite.com/images/v_email/top_trans.png [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/privacy [14621] dbg: uri: cleaned html uri, http://www.evite.com/privacy [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, mailto:info@evite.com [14621] dbg: uri: cleaned html uri, mailto:info@evite.com [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/images/v_email/logo.gif [14621] dbg: uri: cleaned html uri, http://www.evite.com/images/v_email/logo.gif [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/respond/rmcomm?iid=ZPKWSNKQKSVXUHFIRYVU [14621] dbg: uri: cleaned html uri, http://www.evite.com/respond/rmcomm?iid=ZPKWSNKQKSVXUHFIRYVU [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/html/designGallery/designs/Vintage_Travel/vmg_bonvoyage.gif [14621] dbg: uri: cleaned html uri, http://www.evite.com/html/designGallery/designs/Vintage_Travel/vmg_bonvoyage.gif [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/r?iid=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: cleaned html uri, http://www.evite.com/r?iid=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: parsed uri found, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&src=email [14621] dbg: uri: parsed domain, evite.com [14621] dbg: uri: parsed uri found, http://www.evite.com/privacy [14621] dbg: uri: parsed domain, evite.com [14621] dbg: uri: parsed uri found, mailto:info@evite.com [14621] dbg: uri: parsed domain, evite.com [14621] dbg: uri: parsed uri found, mailto:info@evite.com [14621] dbg: uri: parsed domain, evite.com [14621] dbg: uri: parsed uri found, http://www.evite.com/r?iid=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: parsed domain, evite.com [14621] dbg: locker: safe_lock: created /var/spool/spamassassin/bayes.mutex [14621] dbg: locker: safe_lock: trying to get lock on /var/spool/spamassassin/bayes with 10 timeout [14621] dbg: locker: safe_lock: link to /var/spool/spamassassin/bayes.mutex: link ok [14621] dbg: bayes: tie-ing to DB file R/W /var/spool/spamassassin/bayes_toks [14621] dbg: bayes: tie-ing to DB file R/W /var/spool/spamassassin/bayes_seen [14621] dbg: bayes: found bayes db version 3 [14621] dbg: bayes: 08dfde562b6bfabf0098ac6a3686413257b86141@sa_generated already learnt correctly, not learning twice [14621] dbg: bayes: untie-ing [14621] dbg: bayes: untie-ing db_toks [14621] dbg: bayes: untie-ing db_seen [14621] dbg: bayes: files locked, now unlocking lock [14621] dbg: locker: safe_unlock: unlocked /var/spool/spamassassin/bayes.mutex [14621] dbg: learn: initializing learner [14621] dbg: check: is spam? score=-0.049 required=5 [14621] dbg: check: tests=BAYES_00,HTML_MESSAGE [14621] dbg: check: subtests=__COMMENT_EXISTS,__CT,__CTYPE_HAS_BOUNDARY,__HAS_MSGID,__HAS_RCVD,__HAS_SUBJECT,__HTML_LINK_IMAGE,__MIME_HTML,__MIME_VERSION,__MSGID_OK_DIGITS,__MSGID_OK_HEX,__NONEMPTY_BODY,__SANE_MSGID,__TAG_EXISTS_BODY,__TAG_EXISTS_HTML,__TOCC_EXISTS [14621] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=0.001, head-points=0, learned-points=-0.05 [14621] dbg: learn: auto-learn? yes, ham (0.001 < 0.1) [14621] dbg: learn: initializing learner [14621] dbg: learn: learning ham [14621] dbg: eval: all '*From' addrs: info@evite.com ?g [14621] dbg: eval: all '*To' addrs: maduggan@colby.edu [14621] dbg: uri: html uri found, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: cleaned html uri, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/images/eric.gif [14621] dbg: uri: cleaned html uri, http://www.evite.com/images/eric.gif [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/inviteMore?eventID=FZKJBFGOZUFDSADKKQDF&iid=ZPKWSNKQKSVXUHFIRYVU [14621] dbg: uri: cleaned html uri, http://www.evite.com/inviteMore?eventID=FZKJBFGOZUFDSADKKQDF&iid=ZPKWSNKQKSVXUHFIRYVU [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/ [14621] dbg: uri: cleaned html uri, http://www.evite.com/ [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&src=email [14621] dbg: uri: cleaned html uri, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&src=email [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/images/v_email/top_trans.png [14621] dbg: uri: cleaned html uri, http://www.evite.com/images/v_email/top_trans.png [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/privacy [14621] dbg: uri: cleaned html uri, http://www.evite.com/privacy [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, mailto:info@evite.com [14621] dbg: uri: cleaned html uri, mailto:info@evite.com [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/images/v_email/logo.gif [14621] dbg: uri: cleaned html uri, http://www.evite.com/images/v_email/logo.gif [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/respond/rmcomm?iid=ZPKWSNKQKSVXUHFIRYVU [14621] dbg: uri: cleaned html uri, http://www.evite.com/respond/rmcomm?iid=ZPKWSNKQKSVXUHFIRYVU [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/html/designGallery/designs/Vintage_Travel/vmg_bonvoyage.gif [14621] dbg: uri: cleaned html uri, http://www.evite.com/html/designGallery/designs/Vintage_Travel/vmg_bonvoyage.gif [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: html uri found, http://www.evite.com/r?iid=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: cleaned html uri, http://www.evite.com/r?iid=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: html domain, evite.com [14621] dbg: uri: parsed uri found, http://www.evite.com/pages/invite/viewInvite.jsp?inviteId=ZPKWSNKQKSVXUHFIRYVU&src=email [14621] dbg: uri: parsed domain, evite.com [14621] dbg: uri: parsed uri found, http://www.evite.com/privacy [14621] dbg: uri: parsed domain, evite.com [14621] dbg: uri: parsed uri found, mailto:info@evite.com [14621] dbg: uri: parsed domain, evite.com [14621] dbg: uri: parsed uri found, mailto:info@evite.com [14621] dbg: uri: parsed domain, evite.com [14621] dbg: uri: parsed uri found, http://www.evite.com/r?iid=ZPKWSNKQKSVXUHFIRYVU&li=iq&src=email [14621] dbg: uri: parsed domain, evite.com [14621] dbg: locker: safe_lock: created /var/spool/spamassassin/bayes.mutex [14621] dbg: locker: safe_lock: trying to get lock on /var/spool/spamassassin/bayes with 10 timeout [14621] dbg: locker: safe_lock: link to /var/spool/spamassassin/bayes.mutex: link ok [14621] dbg: bayes: tie-ing to DB file R/W /var/spool/spamassassin/bayes_toks [14621] dbg: bayes: tie-ing to DB file R/W /var/spool/spamassassin/bayes_seen [14621] dbg: bayes: found bayes db version 3 [14621] dbg: bayes: 08dfde562b6bfabf0098ac6a3686413257b86141@sa_generated already learnt correctly, not learning twice [14621] dbg: bayes: untie-ing [14621] dbg: bayes: untie-ing db_toks [14621] dbg: bayes: untie-ing db_seen [14621] dbg: bayes: files locked, now unlocking lock [14621] dbg: locker: safe_unlock: unlocked /var/spool/spamassassin/bayes.mutex [14621] dbg: learn: initializing learner Ignore errors about failing to find EOCD signature format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 781 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 781 Stopping now as you are debugging me. From AHKAPLAN at PARTNERS.ORG Fri May 5 13:43:25 2006 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Fri May 5 13:43:35 2006 Subject: Quarantine Directory Message-ID: <9C63A4713C4E3342B90428CE44806A73026796BC@PHSXMB5.partners.org> Hi there - I want to investigate the contents of the quarantine directory, and I need to know what is the best way to do so. Any suggestions will be welcome. Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060505/91edc3dc/attachment.html From MailScanner at ecs.soton.ac.uk Fri May 5 13:45:43 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 5 13:46:00 2006 Subject: 4.53.7, endless loop in debug mode In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580CC0AFAD@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580CC0AFAD@isabella.herefordshire.gov.uk> Message-ID: <98FB8BAF-373F-4B92-A749-5D2A7B7B49C6@ecs.soton.ac.uk> Please can a couple more people test it and let me know if it working well. Then I will do a 4.53.8. On 5 May 2006, at 12:36, Randal, Phil wrote: > Julian, > > This one needs a 4.53.8 release, because it can affect anybody. > > Cheers, > > Phil > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Anthony Peacock >> Sent: 05 May 2006 11:34 >> To: MailScanner discussion >> Subject: Re: 4.53.7, endless loop in debug mode >> >> Hi Julian, >> >> Thanks for this. >> >> Replacing the previous Message.pm with this new one seems to >> have fixed >> the problem. >> >> I placed the saved queue files that were causing the problem >> yesterday >> in the incoming queue, and MS ran without hitch, both in >> debug mode and >> in normal operation. >> >> I will keep and eye on this and get back if I noticed any >> further glitches. >> >> Julian Field wrote: >>> Please can you try the attached Message.pm file instead of >> your previous >>> one. I have rewritten a whole chunk of the phishing net and >> it should be >>> more reliable now (I hope!). >>> >>> >>> --This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> MailScanner thanks transtec Computers for their support. >>> >>> >>> On 3 May 2006, at 19:52, Jeff A. Earickson wrote: >>> >>>> The attached message cause 4.53.7 >>>> to go into some kind of endless loop when I ran it in debug >>>> mode. I didn't try it in normal mode. The debug output is >>>> attached too. >>>> >>>> In debug mode, I got hundreds of syslog msgs like: >>>> >>>> MailScanner[16465]: Found phishing fraud from >> www.evite.com claiming >>>> to be >>>> >> www.greetingstoall,afternearly3yearsbackinthestates,i'mheading >> backtolondonforwor >>>> in k43IWccm014788 >>>> >>>> I've fallen back to 4.52.2. My setup: Solaris 10, sendmail 8.13.6, >>>> SA 3.1.1. >>>> >>>> Jeff Earickson >>>> Colby College >>>> >>>> >>>> >>> >>> --Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >> >> >> -- >> Anthony Peacock >> CHIME, Royal Free & University College Medical School >> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ >> "The most exciting phrase to hear in science, the one that >> heralds new >> discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From prandal at herefordshire.gov.uk Fri May 5 13:49:02 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri May 5 13:49:47 2006 Subject: 4.53.7, endless loop in debug mode Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580CC0AFBC@isabella.herefordshire.gov.uk> The new Message.pm has quite happily processed 650-odd messages in the last hour without problems. Thanks for the fix, Julian. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Jeff A. Earickson > Sent: 05 May 2006 13:14 > To: Julian Field > Cc: MailScanner mailing list > Subject: Re: 4.53.7, endless loop in debug mode > > Julian, > > Yes, the new Message.pm worked with my problem message. Attached is > the debug output from my run with the one problem message. > > I'm now running 4.53.7 with the new Message.pm in production, waiting > for the sound of screeching tires and breaking glass. :) > > If you decide to roll out a new release (I think you should), please > add this small change to MailScanner.conf comments: > > *** MailScanner.conf.orig Wed May 3 14:00:23 2006 > --- MailScanner.conf.new Fri May 5 08:10:13 2006 > *************** > *** 1945,1950 **** > --- 1945,1951 ---- > # cron job has run successfully and has created a > directory structure > under > # the spamassassin directory within this one and has put > some *.cf files > in > # there. Otherwise it will ignore all your current rules! > + # The default location may be /var/opt on Solaris systems. > SpamAssassin Local State Dir = # /var/lib > > # The default rules are searched for here, and in > prefix/share/spamassassin, > > Thanks for the quick work! > > Jeff Earickson > Colby College > > On Fri, 5 May 2006, Julian Field wrote: > > > Date: Fri, 5 May 2006 10:52:31 +0100 > > From: Julian Field > > To: Jeff A. Earickson > > Cc: MailScanner mailing list > > Subject: Re: 4.53.7, endless loop in debug mode > > > > Please can you try the attached Message.pm file instead of > your previous one. > > I have rewritten a whole chunk of the phishing net and it > should be more > > reliable now (I hope!). > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > MailScanner thanks transtec Computers for their support. > > > From MailScanner at ecs.soton.ac.uk Fri May 5 14:02:58 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 5 14:03:16 2006 Subject: Mailscanner does not identify attachment in mail In-Reply-To: References: Message-ID: On 5 May 2006, at 09:33, Koopmann, Jan-Peter wrote: > On Thursday, May 04, 2006 12:38 PM Julian Field wrote: > >> It should have found the uu-encoded file. Have you got that feature >> switched on? >> Look for "uu" or "UU" in MailScanner.conf. > > Well I upgraded to 4.53.7 on that box and today the next one came > in. It > again was identified as spam. > > May 5 10:00:40 proxy-hb MailScanner[98493]: New Batch: Scanning 1 > messages, > 35159 bytes > May 5 10:00:40 proxy-hb MailScanner[98493]: Saved archive copies of > 1FbvEk-0002FH-GK > May 5 10:00:40 proxy-hb MailScanner[98493]: MCP Checks: Starting > May 5 10:00:40 proxy-hb MailScanner[98493]: Spam Checks: Starting > May 5 10:00:52 proxy-hb MailScanner[98493]: Spam Checks: Found 1 spam > messages > May 5 10:00:52 proxy-hb MailScanner[98493]: Spam Actions: message > 1FbvEk-0002FH-GK actions are store > May 5 10:00:53 proxy-hb MailScanner[98493]: Virus and Content > Scanning: > Starting > May 5 10:00:53 proxy-hb MailScanner[98493]: Scan started at Fri > May 5 > 10:00:53 2006 > May 5 10:00:53 proxy-hb MailScanner[98493]: Database version: > 2006-05-05_01 > May 5 10:00:53 proxy-hb MailScanner[98493]: Scan ended at Fri May 5 > 10:00:53 2006 > May 5 10:00:53 proxy-hb MailScanner[98493]: 3 files scanned > May 5 10:00:55 proxy-hb MailScanner[98493]: Batch (1 message) > processed in > 15.31 seconds > May 5 10:00:55 proxy-hb MailScanner[98493]: "Always Looked Up > Last" took > 0.02 seconds > > > Two problems/questions: > > 1. Is the uuencoded file now identified as such by MailScanner? It > says 3 > files scanned so I would assume so but I am not sure. I have Find > UU-Encoded > Files = yes in MailScanner.conf. The attachment is a virus free pdf > so it is > ok that no alarms pop up. Yes, it should be identified as a uu-encoded file by MailScanner. > 2. Why does Spamassassin identify it as spam? Clearly it does not > recognize > the uuencoded file as such and therefore hits strange rules (like > BAYES_99, > SARE_URI_EUQALS etc.) pushing it over the High Scoring Spam limit. > Is this a > SpamAssassin or a MailScanner problem? In MIME-Mails SA does recognize > attachments does it not and exclude it from scanning, does it not= The difference is that uu-encoding is usually just done within a text/ plain part of the message, it's not a separate MIME entity like every other attachment. The only way of finding them is to hunt through all the plain text parts of the message, looking for the signature line at the start of a uu-encoded file, and try to process the following text into a file. This is what MailScanner does, and has for a long time. The "MyParty" virus appeared years ago which exploited this loophole in most commercial virus scanners. It's always a good test of a commercial email virus scanner, just uuencode eicar and put it into a plain text (not MIME at all) message and see if it gets caught. It is possible that SpamAssassin does not do these checks, resulting in false positives. I'm sure Matt will correct me if I'm wrong :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From adrik at salesmanager.nl Fri May 5 14:11:21 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Fri May 5 14:11:23 2006 Subject: Mailscanner does not identify attachment in mail Message-ID: Julian, I also spent some time looking in SA bugs list etc. It seems SA doesn't want to alter the plain text of an email message. Therefore it only strips MIME attachments before processing the message body. UUEncoded attachments seems to stay in place and are processed, resulting in undesirable side-effects! This problem has appeared a few times on the SA list and the general consensus of the developers seems to be 'Don't fix', since it appears rarely in normal email and everybody should be MIME compliant. I might not agree with this, but I think there won't be a quick solution from SpamAssassin. Adri. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: vrijdag 5 mei 2006 15:03 > To: MailScanner discussion > Subject: Re: Mailscanner does not identify attachment in mail > > > On 5 May 2006, at 09:33, Koopmann, Jan-Peter wrote: > > > On Thursday, May 04, 2006 12:38 PM Julian Field wrote: > > > >> It should have found the uu-encoded file. Have you got > that feature > >> switched on? > >> Look for "uu" or "UU" in MailScanner.conf. > > > > Well I upgraded to 4.53.7 on that box and today the next > one came in. > > It again was identified as spam. > > > > May 5 10:00:40 proxy-hb MailScanner[98493]: New Batch: Scanning 1 > > messages, > > 35159 bytes > > May 5 10:00:40 proxy-hb MailScanner[98493]: Saved archive > copies of > > 1FbvEk-0002FH-GK May 5 10:00:40 proxy-hb MailScanner[98493]: MCP > > Checks: Starting May 5 10:00:40 proxy-hb MailScanner[98493]: Spam > > Checks: Starting May 5 10:00:52 proxy-hb MailScanner[98493]: Spam > > Checks: Found 1 spam messages May 5 10:00:52 proxy-hb > > MailScanner[98493]: Spam Actions: message 1FbvEk-0002FH-GK > actions are > > store May 5 10:00:53 proxy-hb MailScanner[98493]: Virus and Content > > Scanning: > > Starting > > May 5 10:00:53 proxy-hb MailScanner[98493]: Scan started > at Fri May > > 5 > > 10:00:53 2006 > > May 5 10:00:53 proxy-hb MailScanner[98493]: Database version: > > 2006-05-05_01 > > May 5 10:00:53 proxy-hb MailScanner[98493]: Scan ended at > Fri May 5 > > 10:00:53 2006 > > May 5 10:00:53 proxy-hb MailScanner[98493]: 3 files scanned May 5 > > 10:00:55 proxy-hb MailScanner[98493]: Batch (1 message) processed in > > 15.31 seconds > > May 5 10:00:55 proxy-hb MailScanner[98493]: "Always Looked > Up Last" > > took > > 0.02 seconds > > > > > > Two problems/questions: > > > > 1. Is the uuencoded file now identified as such by MailScanner? It > > says 3 files scanned so I would assume so but I am not sure. I have > > Find UU-Encoded Files = yes in MailScanner.conf. The > attachment is a > > virus free pdf so it is ok that no alarms pop up. > > Yes, it should be identified as a uu-encoded file by MailScanner. > > > 2. Why does Spamassassin identify it as spam? Clearly it does not > > recognize the uuencoded file as such and therefore hits > strange rules > > (like BAYES_99, SARE_URI_EUQALS etc.) pushing it over the > High Scoring > > Spam limit. > > Is this a > > SpamAssassin or a MailScanner problem? In MIME-Mails SA > does recognize > > attachments does it not and exclude it from scanning, does it not= > > The difference is that uu-encoding is usually just done > within a text/ plain part of the message, it's not a separate > MIME entity like every other attachment. The only way of > finding them is to hunt through all the plain text parts of > the message, looking for the signature line at the start of a > uu-encoded file, and try to process the following text into a > file. This is what MailScanner does, and has for a long time. > The "MyParty" virus appeared years ago which exploited this > loophole in most commercial virus scanners. It's always a > good test of a commercial email virus scanner, just uuencode > eicar and put it into a plain text (not MIME at all) message > and see if it gets caught. > > It is possible that SpamAssassin does not do these checks, > resulting in false positives. I'm sure Matt will correct me > if I'm wrong :-) > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store PGP > footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Fri May 5 14:13:15 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 5 14:13:30 2006 Subject: 4.53.8 --- Re: 4.53.7, endless loop in debug mode In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580CC0AFBC@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580CC0AFBC@isabella.herefordshire.gov.uk> Message-ID: <7E2E2D61-D75C-481E-8EBF-7E49A9DB3241@ecs.soton.ac.uk> I have just release 4.53.8. The only change (except for 1 comment) is the phishing net bug fix. I'm very sorry for doing this to you folks. In future, I would really appreciate it if more people would help with the beta testing. This bug really should have shown up in testing and didn't. But I realise that it is my fault for sloppy code in the first place. :-( Jules. On 5 May 2006, at 13:49, Randal, Phil wrote: > The new Message.pm has quite happily processed 650-odd messages in the > last hour without problems. > > Thanks for the fix, Julian. > > Cheers, > > Phil > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Jeff A. Earickson >> Sent: 05 May 2006 13:14 >> To: Julian Field >> Cc: MailScanner mailing list >> Subject: Re: 4.53.7, endless loop in debug mode >> >> Julian, >> >> Yes, the new Message.pm worked with my problem message. Attached is >> the debug output from my run with the one problem message. >> >> I'm now running 4.53.7 with the new Message.pm in production, waiting >> for the sound of screeching tires and breaking glass. :) >> >> If you decide to roll out a new release (I think you should), please >> add this small change to MailScanner.conf comments: >> >> *** MailScanner.conf.orig Wed May 3 14:00:23 2006 >> --- MailScanner.conf.new Fri May 5 08:10:13 2006 >> *************** >> *** 1945,1950 **** >> --- 1945,1951 ---- >> # cron job has run successfully and has created a >> directory structure >> under >> # the spamassassin directory within this one and has put >> some *.cf files >> in >> # there. Otherwise it will ignore all your current rules! >> + # The default location may be /var/opt on Solaris systems. >> SpamAssassin Local State Dir = # /var/lib >> >> # The default rules are searched for here, and in >> prefix/share/spamassassin, >> >> Thanks for the quick work! >> >> Jeff Earickson >> Colby College >> >> On Fri, 5 May 2006, Julian Field wrote: >> >>> Date: Fri, 5 May 2006 10:52:31 +0100 >>> From: Julian Field >>> To: Jeff A. Earickson >>> Cc: MailScanner mailing list >>> Subject: Re: 4.53.7, endless loop in debug mode >>> >>> Please can you try the attached Message.pm file instead of >> your previous one. >>> I have rewritten a whole chunk of the phishing net and it >> should be more >>> reliable now (I hope!). >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> MailScanner thanks transtec Computers for their support. >>> >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From adrik at salesmanager.nl Fri May 5 14:25:17 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Fri May 5 14:25:19 2006 Subject: 4.53.8 --- Re: 4.53.7, endless loop in debug mode Message-ID: Julian, Don't worry to much. :-) It's probably better to have quick bug fixes instead of endless development cycles with no releases. Adri. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: vrijdag 5 mei 2006 15:13 > To: MailScanner discussion > Subject: 4.53.8 --- Re: 4.53.7, endless loop in debug mode > > I have just release 4.53.8. > > The only change (except for 1 comment) is the phishing net bug fix. > > I'm very sorry for doing this to you folks. > In future, I would really appreciate it if more people would > help with the beta testing. This bug really should have shown > up in testing and didn't. But I realise that it is my fault > for sloppy code in the first place. :-( > > Jules. > > On 5 May 2006, at 13:49, Randal, Phil wrote: > > > The new Message.pm has quite happily processed 650-odd > messages in the > > last hour without problems. > > > > Thanks for the fix, Julian. > > > > Cheers, > > > > Phil > > > > ---- > > Phil Randal > > Network Engineer > > Herefordshire Council > > Hereford, UK > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Jeff > >> A. Earickson > >> Sent: 05 May 2006 13:14 > >> To: Julian Field > >> Cc: MailScanner mailing list > >> Subject: Re: 4.53.7, endless loop in debug mode > >> > >> Julian, > >> > >> Yes, the new Message.pm worked with my problem message. > Attached is > >> the debug output from my run with the one problem message. > >> > >> I'm now running 4.53.7 with the new Message.pm in > production, waiting > >> for the sound of screeching tires and breaking glass. :) > >> > >> If you decide to roll out a new release (I think you > should), please > >> add this small change to MailScanner.conf comments: > >> > >> *** MailScanner.conf.orig Wed May 3 14:00:23 2006 > >> --- MailScanner.conf.new Fri May 5 08:10:13 2006 > >> *************** > >> *** 1945,1950 **** > >> --- 1945,1951 ---- > >> # cron job has run successfully and has created a directory > >> structure under > >> # the spamassassin directory within this one and has > put some *.cf > >> files in > >> # there. Otherwise it will ignore all your current rules! > >> + # The default location may be /var/opt on Solaris systems. > >> SpamAssassin Local State Dir = # /var/lib > >> > >> # The default rules are searched for here, and in > >> prefix/share/spamassassin, > >> > >> Thanks for the quick work! > >> > >> Jeff Earickson > >> Colby College > >> > >> On Fri, 5 May 2006, Julian Field wrote: > >> > >>> Date: Fri, 5 May 2006 10:52:31 +0100 > >>> From: Julian Field > >>> To: Jeff A. Earickson > >>> Cc: MailScanner mailing list > >>> Subject: Re: 4.53.7, endless loop in debug mode > >>> > >>> Please can you try the attached Message.pm file instead of > >> your previous one. > >>> I have rewritten a whole chunk of the phishing net and it > >> should be more > >>> reliable now (I hope!). > >>> > >>> > >>> -- > >>> This message has been scanned for viruses and dangerous > content by > >>> MailScanner, and is believed to be clean. > >>> MailScanner thanks transtec Computers for their support. > >>> > >> > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store PGP > footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From campbell at cnpapers.com Fri May 5 14:26:21 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Fri May 5 14:26:43 2006 Subject: Quarantine Directory References: <9C63A4713C4E3342B90428CE44806A73026796BC@PHSXMB5.partners.org> Message-ID: <001e01c67047$801e34d0$0705000a@DDF5DW71> Mailwatch works for me Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: Kaplan, Andrew H. To: mailscanner@lists.mailscanner.info Sent: Friday, May 05, 2006 8:43 AM Subject: Quarantine Directory Hi there - I want to investigate the contents of the quarantine directory, and I need to know what is the best way to do so. Any suggestions will be welcome. Thanks. ------------------------------------------------------------------------------ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060505/18477bd7/attachment.html From amoore at dekalbmemorial.com Fri May 5 14:38:59 2006 From: amoore at dekalbmemorial.com (Aaron K. Moore) Date: Fri May 5 14:38:48 2006 Subject: 4.53.8 --- Re: 4.53.7, endless loop in debug mode Message-ID: <60D398EB2DB948409CA1F50D8AF12257010337AC@exch1.dekalbmemorial.local> Julian, Is Message.pm the only file with changes? I install from source here instead of the rpms (long story) and would rather just drop in the corrected file than go through a whole install from scratch. Thanks Aaron Julian Field wrote: > I have just release 4.53.8. > > The only change (except for 1 comment) is the phishing net bug fix. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com From a.peacock at chime.ucl.ac.uk Fri May 5 14:52:02 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri May 5 14:52:29 2006 Subject: 4.53.8 --- Re: 4.53.7, endless loop in debug mode In-Reply-To: <7E2E2D61-D75C-481E-8EBF-7E49A9DB3241@ecs.soton.ac.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580CC0AFBC@isabella.herefordshire.gov.uk> <7E2E2D61-D75C-481E-8EBF-7E49A9DB3241@ecs.soton.ac.uk> Message-ID: <445B5882.8070104@chime.ucl.ac.uk> Hi Julian, Julian Field wrote: > I have just release 4.53.8. > > The only change (except for 1 comment) is the phishing net bug fix. Many thanks for the quick fix. > I'm very sorry for doing this to you folks. > In future, I would really appreciate it if more people would help with > the beta testing. This bug really should have shown up in testing and > didn't. But I realise that it is my fault for sloppy code in the first > place. :-( It isn't always possible for me to test the beta releases. In fact I don't always install every stable release, it just depends on what else I have going on at work at the time. If I get the chance I do intend on setting up a test server that can run new releases in parallel to the live service. In the meantime I have MailScanner installed so that reverting back to a previous release is a case of stopping MailScanner, changing a soft link and restarting MailScanner. This works really well for quickly changing between versions for testing purposes. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From jaearick at colby.edu Fri May 5 15:52:11 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri May 5 15:56:50 2006 Subject: Quarantine Directory In-Reply-To: <9C63A4713C4E3342B90428CE44806A73026796BC@PHSXMB5.partners.org> References: <9C63A4713C4E3342B90428CE44806A73026796BC@PHSXMB5.partners.org> Message-ID: Andrew, Whatsamatter, vi not good enough for you?? :) If you are using sendmail, you can see what is in a quarantine directory with: usr/lib/sendmail -v -bp -OQueueDirectory=/var/spool/MailScanner/quarantine/whereever, eg /usr/lib/sendmail -v -bp -OQueueDirectory=/var/spool/MailScanner/quarantine/20060505/k45EfZEa020990 Maybe write a shell script to do something like: #/usr/bin/ksh for msgid in `ls -1 /var/spool/MailScanner/quarantine/20060505` do /usr/lib/sendmail -v -bp -OQueueDirectory=/var/spool/MailScanner/quarantine/20060505/$msgid done something like that for various dates and msgids. Or loop thru the directories then grep for the msgids in your syslog. Jeff Earickson Colby College On Fri, 5 May 2006, Kaplan, Andrew H. wrote: > Date: Fri, 5 May 2006 08:43:25 -0400 > From: "Kaplan, Andrew H." > Reply-To: MailScanner discussion > To: mailscanner@lists.mailscanner.info > Subject: Quarantine Directory > > Hi there - > > > > I want to investigate the contents of the quarantine directory, and I need to > know what is the best way to do so. Any suggestions > > will be welcome. Thanks. > > From glenn.steen at gmail.com Fri May 5 16:33:32 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri May 5 16:33:36 2006 Subject: Quarantine Directory In-Reply-To: References: <9C63A4713C4E3342B90428CE44806A73026796BC@PHSXMB5.partners.org> Message-ID: <223f97700605050833y60d43c9v29ffb6b645b3531f@mail.gmail.com> On 05/05/06, Jeff A. Earickson wrote: > Andrew, > > Whatsamatter, vi not good enough for you?? :) If it was, there would be no vim:-):-) > > If you are using sendmail, you can see what is in a quarantine > directory with: > > usr/lib/sendmail -v -bp -OQueueDirectory=/var/spool/MailScanner/quarantine/whereever, eg > > /usr/lib/sendmail -v -bp -OQueueDirectory=/var/spool/MailScanner/quarantine/20060505/k45EfZEa020990 > > Maybe write a shell script to do something like: > > #/usr/bin/ksh > for msgid in `ls -1 /var/spool/MailScanner/quarantine/20060505` > do > /usr/lib/sendmail -v -bp -OQueueDirectory=/var/spool/MailScanner/quarantine/20060505/$msgid > done > > something like that for various dates and msgids. Or loop thru the > directories then grep for the msgids in your syslog. > > Jeff Earickson > Colby College > If it's Postfix and you are storing as queue files, use "postcat /path/to/filename" ... Example: # postcat /var/spool/MailScanner/quarantine/20060505/spam/F3AC284127.5615D | less -e If not storing as queue files, then the message is decoded in the file named message ... and the spam quarantine would contain decoded messages too... Example: # file /var/spool/MailScanner/quarantine/20060505/spam/F3AC284127.5615D /var/spool/MailScanner/quarantine/20060505/spam/F3AC284127.5615D: RFC 822 mail text # less -e /var/spool/MailScanner/quarantine/20060505/spam/F3AC284127.5615D .... The virus/dangerous content quarantine is very similar, but there you have # ls -l /var/spool/MailScanner/quarantine/20060503/475CF840FA.636D0/ totalt 28 -rw-rw---- 1 postfix apache 12364 maj 3 01:55 message -rw-rw---- 1 postfix apache 11102 maj 3 01:55 msg-12029-9.html # less -e /var/spool/MailScanner/quarantine/20060503/475CF840FA.636D0/message .... etc etc But Steve is right, the most convenient way is definitely MailWatch: http://mailwatch.sf.net -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Fri May 5 16:56:12 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 5 16:56:30 2006 Subject: 4.53.8 --- Re: 4.53.7, endless loop in debug mode In-Reply-To: <60D398EB2DB948409CA1F50D8AF12257010337AC@exch1.dekalbmemorial.local> References: <60D398EB2DB948409CA1F50D8AF12257010337AC@exch1.dekalbmemorial.local> Message-ID: Yes. On 5 May 2006, at 14:38, Aaron K. Moore wrote: > Julian, > > Is Message.pm the only file with changes? I install from source here > instead of the rpms (long story) and would rather just drop in the > corrected file than go through a whole install from scratch. > > Thanks > > Aaron > > Julian Field wrote: >> I have just release 4.53.8. >> >> The only change (except for 1 comment) is the phishing net bug fix. > > -- > Aaron Kent Moore > Information Technology Services > DeKalb Memorial Hospital, Inc. > Auburn, IN > Phone: 260.920.2808 > E-mail: amoore@dekalbmemorial.com > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From campbell at cnpapers.com Fri May 5 17:04:32 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Fri May 5 17:04:42 2006 Subject: Quarantine Directory References: <9C63A4713C4E3342B90428CE44806A73026796BC@PHSXMB5.partners.org> <223f97700605050833y60d43c9v29ffb6b645b3531f@mail.gmail.com> Message-ID: <001301c6705d$989e04c0$0705000a@DDF5DW71> ----- Original Message ----- From: "Glenn Steen" To: "MailScanner discussion" Sent: Friday, May 05, 2006 11:33 AM Subject: Re: Quarantine Directory > On 05/05/06, Jeff A. Earickson wrote: >> Andrew, >> >> Whatsamatter, vi not good enough for you?? :) > > If it was, there would be no vim:-):-) > >> >> If you are using sendmail, you can see what is in a quarantine >> directory with: >> >> usr/lib/sendmail -v -bp -OQueueDirectory=/var/spool/MailScanner/quarantine/whereever, >> eg >> >> /usr/lib/sendmail -v -bp -OQueueDirectory=/var/spool/MailScanner/quarantine/20060505/k45EfZEa020990 >> >> Maybe write a shell script to do something like: >> >> #/usr/bin/ksh >> for msgid in `ls -1 /var/spool/MailScanner/quarantine/20060505` >> do >> /usr/lib/sendmail -v -bp -OQueueDirectory=/var/spool/MailScanner/quarantine/20060505/$msgid >> done >> >> something like that for various dates and msgids. Or loop thru the >> directories then grep for the msgids in your syslog. >> >> Jeff Earickson >> Colby College >> > If it's Postfix and you are storing as queue files, use "postcat > /path/to/filename" ... Example: > # postcat /var/spool/MailScanner/quarantine/20060505/spam/F3AC284127.5615D > | less -e > If not storing as queue files, then the message is decoded in the file > named message ... and the spam quarantine would contain decoded > messages too... Example: > # file /var/spool/MailScanner/quarantine/20060505/spam/F3AC284127.5615D > /var/spool/MailScanner/quarantine/20060505/spam/F3AC284127.5615D: RFC > 822 mail text > # less -e /var/spool/MailScanner/quarantine/20060505/spam/F3AC284127.5615D > .... > The virus/dangerous content quarantine is very similar, but there you have > # ls -l /var/spool/MailScanner/quarantine/20060503/475CF840FA.636D0/ > totalt 28 > -rw-rw---- 1 postfix apache 12364 maj 3 01:55 message > -rw-rw---- 1 postfix apache 11102 maj 3 01:55 msg-12029-9.html > # less -e > /var/spool/MailScanner/quarantine/20060503/475CF840FA.636D0/message > .... > etc etc > > But Steve is right, the most convenient way is definitely MailWatch: > http://mailwatch.sf.net Thank goodness for the above paragraph. I thought I was using one of the best tools for email ever all for the wrong reasons there for a minute. Steve > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- From mailscanner at mango.zw Fri May 5 17:40:07 2006 From: mailscanner at mango.zw (Jim Holland) Date: Fri May 5 17:44:40 2006 Subject: Quarantine Directory In-Reply-To: Message-ID: On Fri, 5 May 2006, Kaplan, Andrew H. wrote: > > Date: Fri, 5 May 2006 08:43:25 -0400 > > From: "Kaplan, Andrew H." > > Reply-To: MailScanner discussion > > To: mailscanner@lists.mailscanner.info > > Subject: Quarantine Directory > > > > Hi there - > > > > I want to investigate the contents of the quarantine directory, and I need to > > know what is the best way to do so. Any suggestions > > will be welcome. Thanks. It depends what you are looking for. If you just want to know what messages have been stored there and why, start with the mail log: grep for: "Spam Actions:.*actions are store" extract the msgids, by using awk to extract the relevant field grep for the msgids in the log If you want to examine particular messages, use your favourite viewer - mine is Midnight Commander. If you want to browse the spam messages, then why not convert the mail files into a dummy mailbox and then browse that: cd for file in *; do sed "s/^Return-Path:.*/From junk@junk.com Fri May 5 \ 00:00 2006/" < $file >> mailbox ; echo >> mailbox; done The above assumes that the quarantined messages all start with: Return-Path: <.g> and then you can browse the mailbox with any mail utility you want, eg: mutt -f mailbox Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From KGoods at AIAInsurance.com Fri May 5 18:00:16 2006 From: KGoods at AIAInsurance.com (Ken Goods) Date: Fri May 5 18:05:11 2006 Subject: 4.53.7, endless loop in debug mode Message-ID: <13C0059880FDD3118DC600508B6D4A6D013D890A@aiainsurance.com> Julian Field wrote: > Please can you try the attached Message.pm file instead of your > previous one. I have rewritten a whole chunk of the phishing net and > it should be more reliable now (I hope!). Be gentle... I have never patched before... :) Can I just replace my current Message.pm with this one and then do a 'service MailScanner restart'? Will it break anything during the next upgrade or are there any other gotcha's I should be aware of? I am also experiencing some messages being stuck in the mqueue for hours at a time. Or is this completely un-related to my problem? I'm running the latest stable MS, and the latest SA and ClamAV (from your simple install script Thank YOU for that!) on a Centos 4.3 build. TIA Ken Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. From prandal at herefordshire.gov.uk Fri May 5 18:30:26 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri May 5 18:30:48 2006 Subject: 4.53.7, endless loop in debug mode Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580CC0B003@isabella.herefordshire.gov.uk> Just replace the file and do a service mailscanner restart It won't break future updates. And those stuck messages should clear out of your incoming queue. The updated MailScanner's processed 4465 messages here so far without problems. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Ken Goods > Sent: 05 May 2006 18:00 > To: 'MailScanner discussion' > Subject: RE: 4.53.7, endless loop in debug mode > > Julian Field wrote: > > Please can you try the attached Message.pm file instead of your > > previous one. I have rewritten a whole chunk of the phishing net and > > it should be more reliable now (I hope!). > > Be gentle... I have never patched before... :) > Can I just replace my current Message.pm with this one and then do a > 'service MailScanner restart'? Will it break anything during the next > upgrade or are there any other gotcha's I should be aware of? > > I am also experiencing some messages being stuck in the > mqueue for hours at > a time. Or is this completely un-related to my problem? I'm > running the > latest stable MS, and the latest SA and ClamAV (from your > simple install > script Thank YOU for that!) on a Centos 4.3 build. > > TIA > Ken > > Ken Goods > Network Administrator > AIA/CropUSA Insurance, Inc. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From kwang at ucalgary.ca Fri May 5 18:38:56 2006 From: kwang at ucalgary.ca (Kai Wang) Date: Fri May 5 18:39:06 2006 Subject: Redeliver archived messages Message-ID: <445B8DB0.6010909@ucalgary.ca> Greetings. We are running postfix with MailScanner. We archive the incoming messages. The archived messages are in postfix format. I want to write a script which does the following things: 1. scan virus in an archived message 2. if it is clean, tag '{Redelivered}' in subject line and requeue it to postfix My problem is that the archived message is in postfix format. Should I run postcat to dump it to another file then submit it to virus scanner? Can anybody tell me how to modify the subject? Thanks -- Kai Wang System Services Information Technologies, University of Calgary, 2500 University Drive, N.W., Calgary, Alberta, Canada T2N 1N4 Phone (403) 220-2423, Fax (403) 282-9361 From glenn.steen at gmail.com Fri May 5 22:38:55 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri May 5 22:38:58 2006 Subject: Redeliver archived messages In-Reply-To: <445B8DB0.6010909@ucalgary.ca> References: <445B8DB0.6010909@ucalgary.ca> Message-ID: <223f97700605051438h28a3816en2aec19a50252463@mail.gmail.com> On 05/05/06, Kai Wang wrote: > > Greetings. > > We are running postfix with MailScanner. We archive the incoming > messages. The archived messages are in postfix format. > > I want to write a script which does the following things: > 1. scan virus in an archived message > 2. if it is clean, tag '{Redelivered}' in subject line and requeue it to > postfix > > My problem is that the archived message is in postfix format. Should I > run postcat to dump it to another file then submit it to virus scanner? > Can anybody tell me how to modify the subject? > > Thanks > Are we to assume you/your users have lost some of your mails and want hem back? One can actually use MailScanner to do the job... Just plop the relevant messages back into the hold queue and MS should start working on them. With some special attention, perhaps using the MCP feature with an altered subject (so that it matches what you want), and some temporary MCP rules, one might even get the "entire package", so to speak:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri May 5 22:45:19 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri May 5 22:45:24 2006 Subject: Quarantine Directory In-Reply-To: <001301c6705d$989e04c0$0705000a@DDF5DW71> References: <9C63A4713C4E3342B90428CE44806A73026796BC@PHSXMB5.partners.org> <223f97700605050833y60d43c9v29ffb6b645b3531f@mail.gmail.com> <001301c6705d$989e04c0$0705000a@DDF5DW71> Message-ID: <223f97700605051445h26af2957md72868cb36df0874@mail.gmail.com> On 05/05/06, Steve Campbell wrote: > > ----- Original Message ----- > From: "Glenn Steen" > To: "MailScanner discussion" > Sent: Friday, May 05, 2006 11:33 AM > Subject: Re: Quarantine Directory (snip) > > But Steve is right, the most convenient way is definitely MailWatch: > > http://mailwatch.sf.net > > > Thank goodness for the above paragraph. I thought I was using one of the > best tools for email ever all for the wrong reasons there for a minute. > > Steve Ah yes, but if he hasn't got MailWatch already, chances are that the already existing quarantine is in queue file format, so ... MailWatch wouldn't help with those, since MW only operates on the RFC822 "decoded" message files and attachments... So he'd have MW for "the new stuff", but would need something else for the old things. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From shrek-m at gmx.de Fri May 5 23:11:13 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Fri May 5 23:11:21 2006 Subject: Sophos v5 In-Reply-To: References: Message-ID: <445BCD81.5090900@gmx.de> On 05.05.2006 18:44, Sam Luxford-Watts wrote: >I am trying to upgrade our elderly MailScanner server. I am installing on >CentOs4 and got most of it working except MS->Sophos. > >I have downloaded and installed Sophos 5.0.2. It installs fine using the >sophos install.sh script. The one suggested in the Mailscanner docs is now >outdated it seams. Sophos.install doesn?t work. > > http://lists.mailscanner.info/pipermail/mailscanner/2006-March/059542.html http://lists.mailscanner.info/pipermail/mailscanner/2006-March/059551.html i have no problems with sav5.x except that i do not know how i can tell ms how to use it. >Has anyone got MS working with Sophos v5.0.2? if so - how? > i did not tried, for now i have both installed. - sav4.x for ms (Sophos.install) - sav5.x for other use i do not know, perhaps is "generic" a solution for sav5.x, some help/hints would be great. - /etc/MailScanner/virus.scanners.conf - /usr/lib/MailScanner/generic-wrapper - /usr/lib/MailScanner/generic-autoupdate savscan = sav5.x sweep = sav3.x/4.x savscan.base = sweep (see below) a while ago i got some answers from sophos support: - die Optionen von sweep/savscan/savscan.base sind identisch my translation: "the sweep/savscan/savscan.base options are identical" savscan.base is the 'sweep' binary, which is called by savscan with some arguments (for example the location of the IDE files). I would avoid playing around in the engine directory as it is not something that anyone, especially customers should be playing with. roots crontab after sav5.x installation 47 * * * * /opt/sophos-av/bin/savupdate -- shrek-m From uxbod at splatnix.net Sat May 6 21:01:02 2006 From: uxbod at splatnix.net (uxbod@splatnix.net) Date: Sat May 6 20:06:41 2006 Subject: First time MailScanner Issues Message-ID: <20060506200102.lhtmcx5cudsc4008@10.0.0.10> Hi, this is my first post so please excuse my ignorance. I was using the beta Gentoo ebuild, but I would like to use the latest version of MailScanner due to recent enhancements. The problem is that Postfix is received the messages, putting them into the queue, MailScanner picks them up and passes through SpamAssassin but then does not deliver. Here is the output from the log :- May 6 19:59:33 mailhub MailScanner[14915]: MailScanner E-Mail Virus Scanner version 4.53.8 starting... May 6 19:59:33 mailhub MailScanner[14915]: Read 717 hostnames from the phishing whitelist May 6 19:59:33 mailhub MailScanner[14915]: Using SpamAssassin results cache May 6 19:59:33 mailhub MailScanner[14915]: Connected to SpamAssassin cache database May 6 19:59:33 mailhub MailScanner[14915]: Enabling SpamAssassin auto-whitelist functionality... May 6 19:59:44 mailhub MailScanner[14921]: MailScanner E-Mail Virus Scanner version 4.53.8 starting... May 6 19:59:44 mailhub MailScanner[14921]: Read 717 hostnames from the phishing whitelist May 6 19:59:44 mailhub MailScanner[14921]: Using SpamAssassin results cache May 6 19:59:44 mailhub MailScanner[14921]: Connected to SpamAssassin cache database May 6 19:59:44 mailhub MailScanner[14921]: Enabling SpamAssassin auto-whitelist functionality... May 6 19:59:47 mailhub MailScanner[14915]: Using locktype = flock May 6 19:59:47 mailhub MailScanner[14915]: New Batch: Scanning 10 messages, 13160 bytes May 6 19:59:47 mailhub MailScanner[14915]: SpamAssassin cache hit for message 009873F808E.14150 May 6 19:59:54 mailhub MailScanner[14921]: Using locktype = flock May 6 19:59:55 mailhub MailScanner[14929]: MailScanner E-Mail Virus Scanner version 4.53.8 starting... May 6 19:59:55 mailhub MailScanner[14929]: Read 717 hostnames from the phishing whitelist May 6 19:59:55 mailhub MailScanner[14929]: Using SpamAssassin results cache May 6 19:59:55 mailhub MailScanner[14929]: Connected to SpamAssassin cache database May 6 19:59:55 mailhub MailScanner[14929]: Enabling SpamAssassin auto-whitelist functionality... And this just keeps going on and on and not delivering :( Superb software by the way. I have posted to the Gentoo forums to try and get it included properly in Portage. Thanks, -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From drew at themarshalls.co.uk Sat May 6 20:25:03 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Sat May 6 20:25:09 2006 Subject: First time MailScanner Issues In-Reply-To: <20060506200102.lhtmcx5cudsc4008@10.0.0.10> References: <20060506200102.lhtmcx5cudsc4008@10.0.0.10> Message-ID: <52F8C995-D6C9-4397-86DA-818190B45E3F@themarshalls.co.uk> On 6 May 2006, at 21:01, uxbod@splatnix.net wrote: > Hi, > > this is my first post so please excuse my ignorance. No problem, we all start somewhere ;-) > > > And this just keeps going on and on and not delivering :( Not knowing how the Gentoo port starts it's self you might have o customise this a bit but either find the check_MailScanner script (/ etc/MailScanner?) and run check_MailScanner ---debug or edit /etc/ MailScanner/MailScanner.conf at the end and turn on debugging (You can't miss it) and re-start MailScanner using the Portage start script and check the output. That should tell you some more. Post back the output (Or at least where it stops) if you need more help. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From MailScanner at ecs.soton.ac.uk Sat May 6 20:31:40 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 6 20:32:16 2006 Subject: SPARC Solaris 10? Message-ID: <445CF99C.5080302@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anyone running on SPARC on Solaris 10? I'm having nightmare installation problems with MIME::Base64, HTML::Parser and Filesys::Df, and pretty much any module including C code. Any hints? I have already found the --arch=v8 switch and added it to the installer. This will be in the next release. Getting parse errors in standard header files, using GCC. :-( - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFz5nRH2WUcUFbZUEQK3SACdEv7nxLE3s57Wl3XzLPo6R1EB8GYAn0r1 d+22dAwcluVMDA/F8zz5wCS1 =aNzE -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From drew at themarshalls.co.uk Sat May 6 20:33:23 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Sat May 6 20:33:29 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <223f97700605041445y1fbba49eu85ce3f1c1e4a2882@mail.gmail.com> References: <20060412205748.GD14679@luckyduck.tux> <20060414192115.13204.qmail@mymail.netmagicians.com> <44432F03.4090907@netmagicsolutions.com> <223f97700604241045n144a8ae5radb01346cbdb2f1d@mail.gmail.com> <44523AA2.3080008@netmagicsolutions.com> <80973D29-30E5-4A00-8176-6FE4D48F7E78@ecs.soton.ac.uk> <4459F727.3080206@netmagicsolutions.com> <223f97700605040753n34503771y77717bee07ab4c88@mail.gmail.com> <445A335A.4020706@netmagicsolutions.com> <223f97700605041445y1fbba49eu85ce3f1c1e4a2882@mail.gmail.com> Message-ID: On 4 May 2006, at 22:45, Glenn Steen wrote: > Oh I it's not easy... At least the postfix crowd tend to have a rather > ... rough ... tone:-). To put it mildly :-) > That said, I'm not sure I'm the right one for the job either... Drew > perhaps, or Joshua, or ... Jules:-). Sadly I don't think I am the right guy either. Although I understand what each of the nice bits of software do, how they play and the mechanics, I am not a programmer nor do I understand the code bits of either (Kind of like I can drive, I understand what a misfire is and can even explain why but I'm not a mechanic!). I really think that Jules is the man to explain how it all comes together (And understand the answers better!) but perhaps there might be better results if between us we could mediate between the two parties, if Jules doesn't fancy walking back in to the lion's den and why indeed should he considering the past :-( > > Anyway, my comments were the slight contrib I could do ATM. Sorry > it's not more. Like wise Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From uxbod at splatnix.net Sat May 6 21:52:00 2006 From: uxbod at splatnix.net (uxbod@splatnix.net) Date: Sat May 6 20:55:00 2006 Subject: First time MailScanner Issues Message-ID: <20060506205200.3osihwnuo404wo88@10.0.0.10> Okay, found the problem it was due to NOD32 virus scanner! Hashed that out now and all is working fine. Out of interest what commercial scanner are people using? From the statistics NOD32 seems the best? Thank you all. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rob at robhq.com Sat May 6 20:58:35 2006 From: rob at robhq.com (Rob Freeman) Date: Sat May 6 20:58:41 2006 Subject: First time MailScanner Issues In-Reply-To: <20060506205200.3osihwnuo404wo88@10.0.0.10> References: <20060506205200.3osihwnuo404wo88@10.0.0.10> Message-ID: <445CFFEB.7040008@robhq.com> Using ClamAV, BitDefender, and f-prot here. Have tried Mcafee, but it did not catch as many as the three we currently use. uxbod@splatnix.net wrote: > Okay, found the problem it was due to NOD32 virus scanner! Hashed that > out now and all is working fine. Out of interest what commercial > scanner are people using? From the statistics NOD32 seems the best? > > Thank you all. > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > --No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.392 / Virus Database: 268.5.5/333 - Release Date: 5/5/2006 > > From MailScanner at ecs.soton.ac.uk Sat May 6 21:32:28 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 6 21:32:45 2006 Subject: First time MailScanner Issues In-Reply-To: <445CFFEB.7040008@robhq.com> References: <20060506205200.3osihwnuo404wo88@10.0.0.10> <445CFFEB.7040008@robhq.com> Message-ID: <445D07DC.6060103@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Just thought I would point out that ClamAV and BitDefender are both free when used within MailScanner. So you can get 2 going without spending anything at all. Get them working first, then start with Nod32 as well. Probably a config problem in /etc/MailScanner/virus.scanners.conf or something like that. Rob Freeman wrote: > Using ClamAV, BitDefender, and f-prot here. Have tried Mcafee, but it > did not catch as many as the three we currently use. > uxbod@splatnix.net wrote: >> Okay, found the problem it was due to NOD32 virus scanner! Hashed >> that out now and all is working fine. Out of interest what commercial >> scanner are people using? From the statistics NOD32 seems the best? >> >> Thank you all. >> >> >> --This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> --No virus found in this incoming message. >> Checked by AVG Free Edition. >> Version: 7.1.392 / Virus Database: 268.5.5/333 - Release Date: 5/5/2006 >> >> > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRF0H3RH2WUcUFbZUEQJpcQCgimJcBwaIH6EYXHLdg/zRSnmKf/wAnROB m+ALr9c42EpdSYrB5vnLmzpc =QJ2q -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From uxbod at splatnix.net Sat May 6 22:38:25 2006 From: uxbod at splatnix.net (uxbod@splatnix.net) Date: Sat May 6 21:41:16 2006 Subject: First time MailScanner Issues In-Reply-To: <445D07DC.6060103@ecs.soton.ac.uk> References: <20060506205200.3osihwnuo404wo88@10.0.0.10> <445CFFEB.7040008@robhq.com> <445D07DC.6060103@ecs.soton.ac.uk> Message-ID: <20060506213825.qkobozp6ow00wos0@10.0.0.10> Thanks Julian. Would just like to say thank you aswell for a excellent piece of code. I guess you are sorted if you leave Southampton University ;) Keep up with the execellent work. Best Regards, Phil Quoting Julian Field : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Just thought I would point out that ClamAV and BitDefender are both free > when used within MailScanner. So you can get 2 going without spending > anything at all. Get them working first, then start with Nod32 as well. > Probably a config problem in /etc/MailScanner/virus.scanners.conf or > something like that. > > Rob Freeman wrote: >> Using ClamAV, BitDefender, and f-prot here. Have tried Mcafee, but it >> did not catch as many as the three we currently use. >> uxbod@splatnix.net wrote: >>> Okay, found the problem it was due to NOD32 virus scanner! Hashed >>> that out now and all is working fine. Out of interest what commercial >>> scanner are people using? From the statistics NOD32 seems the best? >>> >>> Thank you all. >>> >>> >>> --This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> --MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> --No virus found in this incoming message. >>> Checked by AVG Free Edition. >>> Version: 7.1.392 / Virus Database: 268.5.5/333 - Release Date: 5/5/2006 >>> >>> >> > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRF0H3RH2WUcUFbZUEQJpcQCgimJcBwaIH6EYXHLdg/zRSnmKf/wAnROB > m+ALr9c42EpdSYrB5vnLmzpc > =QJ2q > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jrudd at ucsc.edu Sun May 7 00:11:36 2006 From: jrudd at ucsc.edu (John Rudd) Date: Sun May 7 00:12:00 2006 Subject: SPARC Solaris 10? In-Reply-To: <445CF99C.5080302@ecs.soton.ac.uk> References: <445CF99C.5080302@ecs.soton.ac.uk> Message-ID: <34aea41fe2225c9ecf008683a39cea43@ucsc.edu> In fall, I was trying to use the new x4100 boxes they have (which is Intel not Sparc, but it was still Solaris 10). I couldn't get ANY perl modules to install via CPAN. I wound up (after running dangerously close to my deliverable date) trading those machines with one of my peers, and took his 410's, and installing Solaris 8 on them instead. Once I get some spare time, I hope to sit down and just beat on Solaris 10 for a while (intel and sparc) ... but if it continues to be that degree of annoyance, I may decide it's more annoying than Linux (a _huge_ statement for me) and abandon Solaris 10 for some Linux distro. On May 6, 2006, at 12:31 PM, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Anyone running on SPARC on Solaris 10? > I'm having nightmare installation problems with MIME::Base64, > HTML::Parser and Filesys::Df, and pretty much any module including C > code. > Any hints? > I have already found the --arch=v8 switch and added it to the > installer. > This will be in the next release. > > Getting parse errors in standard header files, using GCC. > :-( > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRFz5nRH2WUcUFbZUEQK3SACdEv7nxLE3s57Wl3XzLPo6R1EB8GYAn0r1 > d+22dAwcluVMDA/F8zz5wCS1 > =aNzE > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From admin at thenamegame.com Sun May 7 00:18:22 2006 From: admin at thenamegame.com (Michael S.) Date: Sun May 7 00:17:18 2006 Subject: Errors installing Mailscanner on Freebsd from ports Message-ID: <200605062317.k46NHFIo007763@bkserver.blacknight.ie> I can't seem to get a successful install of MailScanner on Freebsd 5.4, At the end of the installation I receive an ERROR CODE 1 I tried to deinstall it but it won't let me. cd /usr/ports/mail/mailscanner make deinstall make deinstall ===> Deinstalling for mail/mailscanner pkg_info: package bsdpan-Class-Std-Utils-v0.0.2 has no origin recorded pkg_info: package bsdpan-Class-Std-v0.0.8 has no origin recorded pkg_info: package bsdpan-Filesys-Statvfs_Statfs_Df-0.79 has no origin recorded pkg_info: package bsdpan-GDGraph-1.4307 has no origin recorded pkg_info: package bsdpan-GDTextUtil-0.86 has no origin recorded pkg_info: package bsdpan-IO-Interactive-v0.0.3 has no origin recorded pkg_info: package bsdpan-Net_SSLeay.pm-1.30 has no origin recorded pkg_info: package bsdpan-ShadowHash-0.07 has no origin recorded pkg_info: package bsdpan-Term-ReadLine-Perl-1.03 has no origin recorded pkg_info: package bsdpan-TermReadKey-2.30 has no origin recorded pkg_info: package bsdpan-Tie-Watch-1.2 has no origin recorded pkg_info: package bsdpan-Tree-MultiNode-1.0.10 has no origin recorded pkg_info: package bsdpan-Unix-PID-v0.0.6 has no origin recorded pkg_info: package bsdpan-libwww-perl-5.805 has no origin recorded ===> MailScanner not installed, skipping Then I try to reinstall it. Make install ===> Warning: your umask is "0077". If this is not desired, set it to an appropriate value and install this port again by ``make reinstall''. # # Step 1: Install bin files # install -o root -g wheel -m 555 /usr/ports/mail/mailscanner/work/MailScanner-install-4.53.8/bin/MailScanner /usr/local/sbin/mailscanner /bin/ln -s /usr/local/sbin/mailscanner /usr/local/sbin/MailScanner ln: /usr/local/sbin/MailScanner: File exists *** Error code 1 Stop in /usr/ports/mail/mailscanner. When I de install it isn't it supposed to remove the entire installation instead of complaining that the file already exists??? Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060506/f02f5737/attachment.html From randyf at sibernet.com Sun May 7 05:57:01 2006 From: randyf at sibernet.com (randyf@sibernet.com) Date: Sun May 7 05:57:22 2006 Subject: SPARC Solaris 10? In-Reply-To: <34aea41fe2225c9ecf008683a39cea43@ucsc.edu> References: <445CF99C.5080302@ecs.soton.ac.uk> <34aea41fe2225c9ecf008683a39cea43@ucsc.edu> Message-ID: On Sat, 6 May 2006, John Rudd wrote: > > In fall, I was trying to use the new x4100 boxes they have (which is Intel > not Sparc, but it was still Solaris 10). I couldn't get ANY perl modules to > install via CPAN. I wound up (after running dangerously close to my > deliverable date) trading those machines with one of my peers, and took his > 410's, and installing Solaris 8 on them instead. I had no problem installing perl modules on S10 on x86 _or_ sparc, once I got around the predominant issue with many perl modules assuming tools and perl are in /usr/local The best way to deal with Perl modules on Solaris is to add 'OPTIMIZE= ' 'CCFLAGS= ' 'CCCDLFLAGS= ' as arguments to Makefile.PL: perl Makefile.PL 'OPTIMIZE= ' 'CCFLAGS= ' 'CCCDLFLAGS= ' And this has worked 99% of the time independent of me using gcc from the Solaris install, or if I have installed it seperately (I have even done this with the Sun compiler with no problems). I have also found that adding Perl modules to Solaris is mostly simple if if Webmin's "Install Perl Module" is used (note, BTW, that I have had better success in adding the MailScanner modules via Webmin than with the Mailscanner installer). > > Once I get some spare time, I hope to sit down and just beat on Solaris 10 > for a while (intel and sparc) ... but if it continues to be that degree of > annoyance, I may decide it's more annoying than Linux (a _huge_ statement for > me) and abandon Solaris 10 for some Linux distro. My biggest annoyance predominantly is when any "open source" tool assumes underlying mechanisms, and the only reason (IMHO) it would be any easier, is that those underlying assumptions are more likely to be Linux swayed, then Solaris swayed (though I am just as annoyed when they are swayed to a particular platform). Sorry for the rant, I hope the previous stuff was of help. However, if you want to beat on it, and would like any of my "expertise" in this subject (I have done a "few" Solaris installs), feel free to contact me separately. rf P.S. I didn't see the following message, are there odd filterings going on? I can't speak for Filesys::Df, but the other two installed for me fine with the the other two using the Makefile.PL options I mentioned above. > > > On May 6, 2006, at 12:31 PM, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Anyone running on SPARC on Solaris 10? >> I'm having nightmare installation problems with MIME::Base64, >> HTML::Parser and Filesys::Df, and pretty much any module including C code. >> Any hints? >> I have already found the --arch=v8 switch and added it to the installer. >> This will be in the next release. >> >> Getting parse errors in standard header files, using GCC. >> :-( >> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.6 (Build 6060) >> >> iQA/AwUBRFz5nRH2WUcUFbZUEQK3SACdEv7nxLE3s57Wl3XzLPo6R1EB8GYAn0r1 >> d+22dAwcluVMDA/F8zz5wCS1 >> =aNzE >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From Mailscanner at mailing.kaufland-informationssysteme.com Sun May 7 06:34:17 2006 From: Mailscanner at mailing.kaufland-informationssysteme.com (Matthias Sutter) Date: Sun May 7 06:34:29 2006 Subject: Sample Exim config file Message-ID: <445D86D9.9010205@mailing.kaufland-informationssysteme.com> Hello, can sombody send me a simple MS ready Exim config file? And know sombody a clear and easy to understand exim documentation? Thanks in advanced Matthias From lhaig at haigmail.com Sun May 7 10:33:00 2006 From: lhaig at haigmail.com (Lance Haig) Date: Sun May 7 10:33:07 2006 Subject: Open source mailserver In-Reply-To: References: Message-ID: <445DBECC.8070107@haigmail.com> Try Hula, www.hula.org. This is the Open source port of Novell's netmail which I use and it runs on almost any OS. some of the features are not available yet but for what you need it seems the perfect fit. Regards Lance kte@nexis.be wrote: > > I want to install an opensource mailserver on linux wit about 1600 > users who send or receive about 10 messages a day for each user. He > must have a web based admin + quota management + webclient + > connecting from an outlook client (imap, pop3). I there an easy > install/stable/configure open source mailserver that has these functions? > I' looking at openexchange, zimbra, more.groupware? But I don't have > experience + they have more the just a mailserver + webclient > > Thanks Koen > > > -- > This message has been scanned for viruses and > dangerous content by *Red Armour MailScanner* > , and is > believed to be clean. > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060507/7be11079/attachment.html From kte at nexis.be Sun May 7 10:59:40 2006 From: kte at nexis.be (kte@nexis.be) Date: Sun May 7 11:00:22 2006 Subject: Open source mailserver In-Reply-To: <445DBECC.8070107@haigmail.com> Message-ID: I also found scalix had a community edition. Anyone any experience with that one? Koen Lance Haig Sent by: mailscanner-bounces@lists.mailscanner.info 07/05/2006 11:33 Please respond to MailScanner discussion To MailScanner discussion cc Subject Re: Open source mailserver Try Hula, www.hula.org. This is the Open source port of Novell's netmail which I use and it runs on almost any OS. some of the features are not available yet but for what you need it seems the perfect fit. Regards Lance kte@nexis.be wrote: I want to install an opensource mailserver on linux wit about 1600 users who send or receive about 10 messages a day for each user. He must have a web based admin + quota management + webclient + connecting from an outlook client (imap, pop3). I there an easy install/stable/configure open source mailserver that has these functions? I' looking at openexchange, zimbra, more.groupware? But I don't have experience + they have more the just a mailserver + webclient Thanks Koen -- This message has been scanned for viruses and dangerous content by Red Armour MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060507/7b65b2f9/attachment.html From jaearick at colby.edu Sun May 7 12:47:24 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Sun May 7 12:48:21 2006 Subject: SPARC Solaris 10? In-Reply-To: <445CF99C.5080302@ecs.soton.ac.uk> References: <445CF99C.5080302@ecs.soton.ac.uk> Message-ID: Julian, Yup, running on sparc S10, in production. Using the latest MS 4.53.8, SA 3.1.1, perl 5.8.8. Perl -V output is attached. Note that perl is built using Sun's studio 10 compiler, on a V490. I don't use gcc to build perl because various gcc libs end up in /usr/local, which is an NFS filesystem on most of my boxes. A long story there. Whenever I install a new version of MS, the first thing I do is look at the perl modules you include, and compare them to what is already installed. If something is new or needs an upgrade then I install the module by hand. I comment out the install-perl-modules section of your install.sh script before running it for a new version. I tend to run newer releases of perl modules then what you ship with MS. I'm picky about making sure the perl modules pass their tests. Gcc 4.x is a lot pickier about include files than 3.x was. If I can be of help, let me know. I have a second S10 box (my V1280) that I was trying to get reconfigured to run MS again. It had hardware problems for a while, now hopefully fixed. Jeff Earickson Colby College On Sat, 6 May 2006, Julian Field wrote: > Date: Sat, 06 May 2006 20:31:40 +0100 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: SPARC Solaris 10? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Anyone running on SPARC on Solaris 10? > I'm having nightmare installation problems with MIME::Base64, > HTML::Parser and Filesys::Df, and pretty much any module including C code. > Any hints? > I have already found the --arch=v8 switch and added it to the installer. > This will be in the next release. > > Getting parse errors in standard header files, using GCC. > :-( > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRFz5nRH2WUcUFbZUEQK3SACdEv7nxLE3s57Wl3XzLPo6R1EB8GYAn0r1 > d+22dAwcluVMDA/F8zz5wCS1 > =aNzE > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- Summary of my perl5 (revision 5 version 8 subversion 8) configuration: Platform: osname=solaris, osvers=2.10, archname=sun4-solaris uname='sunos coal 5.10 generic_118822-27 sun4u sparc sunw,sun-fire-v490 ' config_args='-Ui_gdbm -Dprefix=/opt/perl5 -Dcc=cc -Doptimize=-O -Dlocincpth=/opt/openssl/include /opt/BerkeleyDB/include /usr/local/include -Dloclibpth=/opt/openssl/lib /opt/BerkeleyDB/lib /usr/local/lib -Dcf_email=jaearick@colby.edu -Dperladmin=jaearick@colby.edu -Drunnm=false -Dldlibpthname=none -Duseshrplib=true -Dinstallusrbinperl -ders' hint=recommended, useposix=true, d_sigaction=define usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef useperlio=define d_sfio=undef uselargefiles=define usesocks=undef use64bitint=undef use64bitall=undef uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='cc', ccflags ='-I/opt/openssl/include -I/opt/BerkeleyDB/include -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DPERL_USE_SAFE_PUTENV', optimize='-O', cppflags='-I/opt/openssl/include -I/opt/BerkeleyDB/include -I/usr/local/include' ccversion='Sun C 5.7 Patch 117836-05 2005/10/05', gccversion='', gccosandvers='' intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=4321 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16 ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=8, prototype=define Linker and Libraries: ld='cc', ldflags =' -L/usr/lib -L/usr/ccs/lib -L/opt/SUNWspro/prod/lib/v8plus -L/opt/SUNWspro/prod/lib -L/lib -L/opt/openssl/lib -L/opt/BerkeleyDB/lib -L/usr/local/lib ' libpth=/usr/lib /usr/ccs/lib /opt/SUNWspro/prod/lib/v8plus /opt/SUNWspro/prod/lib /lib /opt/openssl/lib /opt/BerkeleyDB/lib /usr/local/lib libs=-lsocket -lnsl -lgdbm -ldb -ldl -lm -lc perllibs=-lsocket -lnsl -ldl -lm -lc libc=, so=so, useshrplib=true, libperl=libperl.so gnulibc_version='' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags=' -R /opt/perl5/lib/5.8.8/sun4-solaris/CORE' cccdlflags='-KPIC', lddlflags='-G -L/usr/lib -L/usr/ccs/lib -L/opt/SUNWspro/prod/lib/v8plus -L/opt/SUNWspro/prod/lib -L/lib -L/opt/openssl/lib -L/opt/BerkeleyDB/lib -L/usr/local/lib' Characteristics of this binary (from libperl): Compile-time options: PERL_MALLOC_WRAP PERL_USE_SAFE_PUTENV USE_LARGE_FILES USE_PERLIO Built under solaris Compiled at Mar 3 2006 11:48:23 @INC: /opt/perl5/lib/5.8.8/sun4-solaris /opt/perl5/lib/5.8.8 /opt/perl5/lib/site_perl/5.8.8/sun4-solaris /opt/perl5/lib/site_perl/5.8.8 /opt/perl5/lib/site_perl/5.8.7/sun4-solaris /opt/perl5/lib/site_perl/5.8.7 /opt/perl5/lib/site_perl . From MailScanner at ecs.soton.ac.uk Sun May 7 12:52:28 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun May 7 12:52:46 2006 Subject: SPARC Solaris 10? In-Reply-To: References: <445CF99C.5080302@ecs.soton.ac.uk> <34aea41fe2225c9ecf008683a39cea43@ucsc.edu> Message-ID: <445DDF7C.2020105@ecs.soton.ac.uk> I'm still having trouble. I have tried your suggested command and it hasn't helped with the make. This is the start of what I get, using gcc as I haven't got Sun's C compiler. cc -c -DVERSION=\"3.05\" -DXS_VERSION=\"3.05\" "-I/usr/perl5/5.8.4/lib/sun4-solaris-64int/CORE" Base64.c In file included from /usr/include/sys/signal.h:34, from /usr/include/signal.h:26, from /usr/perl5/5.8.4/lib/sun4-solaris-64int/CORE/unixish.h:106, from /usr/perl5/5.8.4/lib/sun4-solaris-64int/CORE/perl.h:1970, from Base64.xs:33: /usr/include/sys/siginfo.h:259: error: parse error before "ctid_t" /usr/include/sys/siginfo.h:292: error: parse error before '}' token /usr/include/sys/siginfo.h:294: error: parse error before '}' token /usr/include/sys/siginfo.h:390: error: parse error before "ctid_t" Any ideas anyone? Please? randyf@sibernet.com wrote: > > On Sat, 6 May 2006, John Rudd wrote: > >> >> In fall, I was trying to use the new x4100 boxes they have (which is >> Intel not Sparc, but it was still Solaris 10). I couldn't get ANY >> perl modules to install via CPAN. I wound up (after running >> dangerously close to my deliverable date) trading those machines with >> one of my peers, and took his 410's, and installing Solaris 8 on them >> instead. > > I had no problem installing perl modules on S10 on x86 _or_ sparc, > once I got around the predominant issue with many perl modules > assuming tools and perl are in /usr/local > > The best way to deal with Perl modules on Solaris is to add > 'OPTIMIZE= ' 'CCFLAGS= ' 'CCCDLFLAGS= ' as arguments to Makefile.PL: > > perl Makefile.PL 'OPTIMIZE= ' 'CCFLAGS= ' 'CCCDLFLAGS= ' > > And this has worked 99% of the time independent of me using gcc from > the Solaris install, or if I have installed it seperately (I have even > done this with the Sun compiler with no problems). > > I have also found that adding Perl modules to Solaris is mostly > simple if if Webmin's "Install Perl Module" is used (note, BTW, that I > have had better success in adding the MailScanner modules via Webmin > than with the Mailscanner installer). > >> >> Once I get some spare time, I hope to sit down and just beat on >> Solaris 10 for a while (intel and sparc) ... but if it continues to >> be that degree of annoyance, I may decide it's more annoying than >> Linux (a _huge_ statement for me) and abandon Solaris 10 for some >> Linux distro. > > My biggest annoyance predominantly is when any "open source" tool > assumes underlying mechanisms, and the only reason (IMHO) it would be > any easier, is that those underlying assumptions are more likely to be > Linux swayed, then Solaris swayed (though I am just as annoyed when > they are swayed to a particular platform). > > Sorry for the rant, I hope the previous stuff was of help. However, > if you want to beat on it, and would like any of my "expertise" in > this subject (I have done a "few" Solaris installs), feel free to > contact me separately. > > rf > > P.S. I didn't see the following message, are there odd filterings > going > on? I can't speak for Filesys::Df, but the other two installed > for me fine with the the other two using the Makefile.PL options > I mentioned above. > >> >> >> On May 6, 2006, at 12:31 PM, Julian Field wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Anyone running on SPARC on Solaris 10? >>> I'm having nightmare installation problems with MIME::Base64, >>> HTML::Parser and Filesys::Df, and pretty much any module including C >>> code. >>> Any hints? >>> I have already found the --arch=v8 switch and added it to the >>> installer. >>> This will be in the next release. >>> >>> Getting parse errors in standard header files, using GCC. >>> :-( >>> >>> - -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.0.6 (Build 6060) >>> >>> iQA/AwUBRFz5nRH2WUcUFbZUEQK3SACdEv7nxLE3s57Wl3XzLPo6R1EB8GYAn0r1 >>> d+22dAwcluVMDA/F8zz5wCS1 >>> =aNzE >>> -----END PGP SIGNATURE----- >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> MailScanner thanks transtec Computers for their support. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From jaearick at colby.edu Sun May 7 13:09:20 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Sun May 7 13:12:53 2006 Subject: SPARC Solaris 10? In-Reply-To: <445DDF7C.2020105@ecs.soton.ac.uk> References: <445CF99C.5080302@ecs.soton.ac.uk> <34aea41fe2225c9ecf008683a39cea43@ucsc.edu> <445DDF7C.2020105@ecs.soton.ac.uk> Message-ID: Julian, You can download Sun's compiler at: http://store.sun.com/CMTemplate/CEServlet?process=SunStore&cmdViewProduct_CP&catid=141526 I'm using Studio 10 (didn't know about 11, I'll download on Monday). The generic cc compiler is useless. If I don't respond for the rest of the day, don't take it personally. I have to take my sister-in-law to the airport, a significant drive. Jeff Earickson Colby College From martelm at quark.vsc.edu Sun May 7 13:43:19 2006 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Sun May 7 13:43:32 2006 Subject: SPARC Solaris 10? In-Reply-To: <445DDF7C.2020105@ecs.soton.ac.uk> References: <445CF99C.5080302@ecs.soton.ac.uk> <34aea41fe2225c9ecf008683a39cea43@ucsc.edu> <445DDF7C.2020105@ecs.soton.ac.uk> Message-ID: --On Sunday, May 07, 2006 12:52 PM +0100 Julian Field wrote: > /usr/include/sys/siginfo.h:259: error: parse error before "ctid_t" > /usr/include/sys/siginfo.h:292: error: parse error before '}' token > /usr/include/sys/siginfo.h:294: error: parse error before '}' token > /usr/include/sys/siginfo.h:390: error: parse error before "ctid_t" > > Any ideas anyone? Julian, I found this on Google. Maybe this applies ? Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 From uxbod at splatnix.net Sun May 7 14:58:59 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Sun May 7 14:00:13 2006 Subject: Spam Testing Message-ID: <20060507135859.237c42e9@cyborg> Hi, okay, my MailScanner installation is up and running and I believe that I have configured SpamAssassin okay. apart from waiting for some spam to come through is their any tests I can perform to ensure that it will actually capture them ? I have setup and Learn-SPAM and Learn-HAM IMAP folders for my users, and have a cron job running to execute a sa-learn against them. I would love to learn and understand from peoples experience on best practice for configuration. Regards, -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun May 7 14:39:49 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun May 7 14:40:05 2006 Subject: SPARC Solaris 10? In-Reply-To: References: <445CF99C.5080302@ecs.soton.ac.uk> <34aea41fe2225c9ecf008683a39cea43@ucsc.edu> <445DDF7C.2020105@ecs.soton.ac.uk> Message-ID: <445DF8A5.80201@ecs.soton.ac.uk> Michael H. Martel wrote: > --On Sunday, May 07, 2006 12:52 PM +0100 Julian Field > wrote: > >> /usr/include/sys/siginfo.h:259: error: parse error before "ctid_t" >> /usr/include/sys/siginfo.h:292: error: parse error before '}' token >> /usr/include/sys/siginfo.h:294: error: parse error before '}' token >> /usr/include/sys/siginfo.h:390: error: parse error before "ctid_t" >> >> Any ideas anyone? > > Julian, I found this on Google. Maybe this applies ? > > Just tried running it with the cc in SUNWspro and it produces the same error :-( I even linked /usr/local/bin/cc to /opt/SUNWspro/bin/cc to be sure it was using the right cc. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Sun May 7 15:00:21 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun May 7 15:00:26 2006 Subject: Spam Testing In-Reply-To: <20060507135859.237c42e9@cyborg> References: <20060507135859.237c42e9@cyborg> Message-ID: <223f97700605070700q4766b934n3e34dc42ff4b473@mail.gmail.com> On 07/05/06, --[UxBoD]-- wrote: > Hi, > > okay, my MailScanner installation is up and running and I believe that I have configured SpamAssassin okay. > > apart from waiting for some spam to come through is their any tests I can perform to ensure that it will actually capture them ? I have setup and > Learn-SPAM and Learn-HAM IMAP folders for my users, and have a cron job running to execute a sa-learn against them. > > I would love to learn and understand from peoples experience on best practice for configuration. > > Regards, > > Testing: http://wiki.mailscanner.info/doku.php?id=&idx=documentation:test_troubleshoot specifically http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:spam and http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:virus ... and perhaps most importantly (since I wrote it:-) http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mta:connexion Loads of good advice: http://wiki.mailscanner.info/doku.php?id=maq:index http://wiki.mailscanner.info/doku.php?id=best_practices Have fun reading:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mgt at stellarcore.net Sun May 7 15:14:17 2006 From: mgt at stellarcore.net (Mike Tremaine) Date: Sun May 7 15:14:32 2006 Subject: SPARC Solaris 10? In-Reply-To: <200605071102.k47B23tE004292@bkserver.blacknight.ie> References: <200605071102.k47B23tE004292@bkserver.blacknight.ie> Message-ID: <1147011257.3212.6.camel@dwarfstar.stellarcore.net> On Sun, 2006-05-07 at 12:02 +0100, mailscanner- request@lists.mailscanner.info wrote: > From: Julian Field > Subject: SPARC Solaris 10? > To: MailScanner discussion > Message-ID: <445CF99C.5080302@ecs.soton.ac.uk> > Content-Type: text/plain; charset="ISO-8859-1" > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Anyone running on SPARC on Solaris 10? > I'm having nightmare installation problems with MIME::Base64, > HTML::Parser and Filesys::Df, and pretty much any module including C > code. > Any hints? > I have already found the --arch=v8 switch and added it to the > installer. > This will be in the next release. > > Getting parse errors in standard header files, using GCC. > :-( Did you remember about perlgcc? [mgt@hypernova ~]$ which perlgcc /usr/perl5/bin/perlgcc [mgt@hypernova ~]$ uname -a SunOS hypernova 5.10 Generic_118833-03 sun4u sparc SUNW,UltraAX-i2 Without it all perl modules will look for the Sun Compiler. -Mike From MailScanner at ecs.soton.ac.uk Sun May 7 15:22:03 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun May 7 15:22:19 2006 Subject: SPARC Solaris 10? In-Reply-To: <1147011257.3212.6.camel@dwarfstar.stellarcore.net> References: <200605071102.k47B23tE004292@bkserver.blacknight.ie> <1147011257.3212.6.camel@dwarfstar.stellarcore.net> Message-ID: <445E028B.4020008@ecs.soton.ac.uk> Mike Tremaine wrote: > On Sun, 2006-05-07 at 12:02 +0100, mailscanner- > request@lists.mailscanner.info wrote: > >> From: Julian Field >> Subject: SPARC Solaris 10? >> To: MailScanner discussion >> Message-ID: <445CF99C.5080302@ecs.soton.ac.uk> >> Content-Type: text/plain; charset="ISO-8859-1" >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Anyone running on SPARC on Solaris 10? >> I'm having nightmare installation problems with MIME::Base64, >> HTML::Parser and Filesys::Df, and pretty much any module including C >> code. >> Any hints? >> I have already found the --arch=v8 switch and added it to the >> installer. >> This will be in the next release. >> >> Getting parse errors in standard header files, using GCC. >> :-( >> > > Did you remember about perlgcc? > > [mgt@hypernova ~]$ which perlgcc > /usr/perl5/bin/perlgcc > [mgt@hypernova ~]$ uname -a > SunOS hypernova 5.10 Generic_118833-03 sun4u sparc SUNW,UltraAX-i2 > > Without it all perl modules will look for the Sun Compiler. > I have just ripped apart my install.tar-fns.sh script and it's started to work! Yay, and thanks to whoever it was who pointed me towards SUNWspro. I didn't realise it was free these days :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mgt at stellarcore.net Sun May 7 15:24:09 2006 From: mgt at stellarcore.net (Mike Tremaine) Date: Sun May 7 15:24:18 2006 Subject: SPARC Solaris 10? In-Reply-To: <200605071102.k47B23tE004292@bkserver.blacknight.ie> References: <200605071102.k47B23tE004292@bkserver.blacknight.ie> Message-ID: <1147011850.3212.14.camel@dwarfstar.stellarcore.net> On Sun, 2006-05-07 at 12:02 +0100, mailscanner- request@lists.mailscanner.info wrote: > From: John Rudd > Subject: Re: SPARC Solaris 10? > To: MailScanner discussion > Message-ID: <34aea41fe2225c9ecf008683a39cea43@ucsc.edu> > Content-Type: text/plain; charset=US-ASCII; format=flowed > > > In fall, I was trying to use the new x4100 boxes they have (which is > Intel not Sparc, but it was still Solaris 10). I couldn't get ANY > perl > modules to install via CPAN. I wound up (after running dangerously > close to my deliverable date) trading those machines with one of my > peers, and took his 410's, and installing Solaris 8 on them instead. > > Once I get some spare time, I hope to sit down and just beat on > Solaris > 10 for a while (intel and sparc) ... but if it continues to be that > degree of annoyance, I may decide it's more annoying than Linux (a > _huge_ statement for me) and abandon Solaris 10 for some Linux distro. Ouch :/... As I mentioned in my other post perlgcc is what you want. To use CPAN you do perlgcc -MCPAN -e shell It's annoying to remember but Sun has it's own compiler that they use to build everything including Perl so without this you will fail on all builds with gcc [related to perl]. Also long as I'm typing I should also say you'll want to edit /var/svc/manifest/network/smtp-sendmail.xml and /lib/svc/method/smtp-sendmail If you want to to get MailScanner running from the sendmail startup scripts. Solaris 10 is nice, there is a learning curve involved in it but over all I recommend using it on SPARC hardware that supports it. [ I'm not Solaris X86 fan, you got X86 use a BSD or Linux ;) ] Good Luck. -Mike From randyf at sibernet.com Sun May 7 17:16:50 2006 From: randyf at sibernet.com (randyf@sibernet.com) Date: Sun May 7 17:17:46 2006 Subject: SPARC Solaris 10? In-Reply-To: <1147011850.3212.14.camel@dwarfstar.stellarcore.net> References: <200605071102.k47B23tE004292@bkserver.blacknight.ie> <1147011850.3212.14.camel@dwarfstar.stellarcore.net> Message-ID: On Sun, 7 May 2006, Mike Tremaine wrote: > > Ouch :/... As I mentioned in my other post perlgcc is what you want. To > use CPAN you do > > perlgcc -MCPAN -e shell > > It's annoying to remember but Sun has it's own compiler that they use to > build everything including Perl so without this you will fail on all > builds with gcc [related to perl]. Perl in S10 is built to allow for modules to be compiled with either the Studio compiler or gcc. It even provides gcc in /usr/sfw. As I mentioned in a previous message, I have successfully installed Perl modules into the Sun Perl distro using the gcc in /usr/sfw, and one that I obtained via blastwave. Making sure that OPTIMIZE, CCFLAGS, and CCCDLFAGS are all cleared as arguments to Makefile.PL solves any compiler incompatibilities. > > Also long as I'm typing I should also say you'll want to edit > > /var/svc/manifest/network/smtp-sendmail.xml > and > /lib/svc/method/smtp-sendmail > > If you want to to get MailScanner running from the sendmail startup > scripts. NO! Dont edit the original Solaris manifest _or_ method! This will cause you great pain should you ever upgrade or patch the system. If you want to change the manifest or method, copy them somewhere (say to /opt/MailScanner, or better yet, create an /etc/MailScanner and put it there), edit these files, and import the the new manifest to use the new methods. rf From randyf at sibernet.com Sun May 7 17:48:47 2006 From: randyf at sibernet.com (randyf@sibernet.com) Date: Sun May 7 17:49:49 2006 Subject: SPARC Solaris 10? In-Reply-To: References: <200605071102.k47B23tE004292@bkserver.blacknight.ie> <1147011850.3212.14.camel@dwarfstar.stellarcore.net> Message-ID: On Sun, 7 May 2006, randyf@sibernet.com wrote: >> Also long as I'm typing I should also say you'll want to edit >> >> /var/svc/manifest/network/smtp-sendmail.xml >> and >> /lib/svc/method/smtp-sendmail >> >> If you want to to get MailScanner running from the sendmail startup >> scripts. > > NO! Dont edit the original Solaris manifest _or_ method! This will cause > you great pain should you ever upgrade or patch the system. > > If you want to change the manifest or method, copy them somewhere (say to > /opt/MailScanner, or better yet, create an /etc/MailScanner and put it > there), edit these files, and import the the new manifest to use the new > methods. > For those that may actually want to try MailScanner on S10 (and use the Sun versions of the tools), I have attached a manifest and method that can be used with MailScanner (maybe Julian will be interested in putting them in the contrib space). The scripts and instructions expect that the manifest and method will reside in the directory /etc/MailScanner/smf. The method assumes MailScanner to reside in /opt/MailScanner. You will need to update the manifest (the .xml file) if you put the method elsewhere, and tne method (the non-.xml file) if MailScanner is elsewhere. Note, that putting all the MailScanner config files in /etc allows for a single install of MailScanner should MailScanner be used in multiple Solaris zones. To change the manifest for Sendmail to the new manifest, simply do: # svcadm disable network/smtp # svccfg -s network/smtp svc:/network/smtp> import /etc/MailScanner/smf/ms-smtp-sendmail.xml svc:/network/smtp> quit # svcadm enable network/smtp To go back to the original Sun manifest, just change the "import" line to: svc:/network/smtp> import /var/svc/manifest/network/smtp-sendmail.xml rf -------------- next part -------------- #!/sbin/sh # # Copyright 2004 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # Modeled from the Sun distributed smtp-sendmail method. # . /lib/svc/share/smf_include.sh ERRMSG1='WARNING: /var/mail is NFS-mounted without setting actimeo=0,' ERRMSG2='this can cause mailbox locking and access problems.' SERVER_PID_FILE="/var/run/sendmail.pid" SERVER_PID_FILE2="/var/run/sendmail2.pid" CLIENT_PID_FILE="/var/spool/clientmqueue/sm-client.pid" DEFAULT_FILE="/etc/default/sendmail" ALIASES_FILE="/etc/mail/aliases" check_queue_interval_syntax() { default="15m" if [ $# -lt 1 ]; then answer=$default return fi if echo $1 | egrep '^([0-9]*[1-9][0-9]*[smhdw])+$' >/dev/null 2>&1; then answer=$1 else answer=$default fi } check_and_kill() { PID=`head -1 $1` kill -0 $PID > /dev/null 2>&1 [ $? -eq 0 ] && kill $PID } case "$1" in 'refresh') [ -f $SERVER_PID_FILE ] && kill -1 `head -1 $SERVER_PID_FILE` [ -f $SERVER_PID_FILE2 ] && kill -1 `head -1 $SERVER_PID_FILE2` [ -f $CLIENT_PID_FILE ] && kill -1 `head -1 $CLIENT_PID_FILE` pkill -HUP MailScanner ;; 'start') if [ -f /usr/lib/sendmail -a -f /etc/mail/sendmail.cf ]; then if [ ! -d /var/spool/mqueue ]; then /usr/bin/mkdir -m 0750 /var/spool/mqueue /usr/bin/chown root:bin /var/spool/mqueue fi if [ ! -d /var/spool/mqueue.in ]; then /usr/bin/mkdir -m 0750 /var/spool/mqueue.in /usr/bin/chown root:bin /var/spool/mqueue.in fi if [ ! -f $ALIASES_FILE.db ] && [ ! -f $ALIASES_FILE.dir ] \ && [ ! -f $ALIASES_FILE.pag ]; then /usr/sbin/newaliases fi MODE="-bd" [ -f $DEFAULT_FILE ] && . $DEFAULT_FILE # # * MODE should be "-bd" or null (MODE= or MODE="") or # left alone. Anything else and you're on your own. # * QUEUEOPTION should be "p" or null (as above). # * [CLIENT]QUEUEINTERVAL should be set to some legal value; # sanity checks are done below. # * [CLIENT]OPTIONS are catch-alls; set with care. # if [ -n "$QUEUEOPTION" -a "$QUEUEOPTION" != "p" ]; then QUEUEOPTION="" fi if [ -z "$QUEUEOPTION" -o -n "$QUEUEINTERVAL" ]; then check_queue_interval_syntax $QUEUEINTERVAL QUEUEINTERVAL=$answer fi check_queue_interval_syntax $CLIENTQUEUEINTERVAL CLIENTQUEUEINTERVAL=$answer /usr/lib/sendmail $MODE -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in -O PidFile=$SERVER_PID_FILE2& /usr/lib/sendmail -q$QUEUEOPTION$QUEUEINTERVAL $OPTIONS & /usr/lib/sendmail -Ac -q$CLIENTQUEUEINTERVAL $CLIENTOPTIONS & # # ETRN_HOSTS should be of the form # "s1:c1.1,c1.2 s2:c2.1 s3:c3.1,c3.2,c3.3" # i.e., white-space separated groups of server:client where # client can be one or more comma-separated names; N.B. that # the :client part is optional; see etrn(1M) for details. # server is the name of the server to prod; a mail queue run # is requested for each client name. This is comparable to # running "/usr/lib/sendmail -qRclient" on the host server. # # See RFC 1985 for more information. # for i in $ETRN_HOSTS; do SERVER=`echo $i | /usr/bin/sed -e 's/:.*$//'` CLIENTS=`echo $i | /usr/bin/sed -n -e 's/,/ /g' \ -e '/:/s/^.*://p'` /usr/sbin/etrn -b $SERVER $CLIENTS >/dev/null 2>&1 & done # # Start MailScanner # /opt/MailScanner/bin/check_mailscanner fi if /usr/bin/nawk 'BEGIN{s = 1} $2 == "/var/mail" && $3 == "nfs" && $4 !~ /actimeo=0/ && $4 !~ /noac/{s = 0} END{exit s}' /etc/mnttab; then /usr/bin/logger -p mail.crit "$ERRMSG1" /usr/bin/logger -p mail.crit "$ERRMSG2" fi ;; 'stop') [ -f $SERVER_PID_FILE ] && check_and_kill $SERVER_PID_FILE [ -f $SERVER_PID_FILE2 ] && check_and_kill $SERVER_PID_FILE2 if [ -f $CLIENT_PID_FILE ]; then check_and_kill $CLIENT_PID_FILE rm -f $CLIENT_PID_FILE fi /usr/bin/pkill -15 -x -u 0 MailScanner # Need to kill the entire service contract to kill all sendmail related # processes smf_kill_contract $2 TERM 1 30 ret=$? [ $ret -eq 1 ] && exit 1 # Since sendmail spawns user processes out of .forward files, it is # possible that some of these are not responding to TERM. If the # contract did not empty after TERM, move on to KILL. if [ $ret -eq 2 ] ; then smf_kill_contract $2 KILL 1 fi ;; *) echo "Usage: $0 { start | stop | refresh }" exit 1 ;; esac exit 0 -------------- next part -------------- From bob.jones at usg.edu Sun May 7 18:53:14 2006 From: bob.jones at usg.edu (Bob Jones) Date: Sun May 7 18:53:21 2006 Subject: SPARC Solaris 10? In-Reply-To: <445E028B.4020008@ecs.soton.ac.uk> References: <200605071102.k47B23tE004292@bkserver.blacknight.ie> <1147011257.3212.6.camel@dwarfstar.stellarcore.net> <445E028B.4020008@ecs.soton.ac.uk> Message-ID: <445E340A.2040906@usg.edu> Thus spake Julian Field, with impeccable timing on 5/7/2006 10:22 AM: > > I have just ripped apart my install.tar-fns.sh script and it's started > to work! > Yay, and thanks to whoever it was who pointed me towards SUNWspro. I > didn't realise it was free these days :-) While you're ripping apart your install script, I'd like to reiterate a suggestion I made while you were gone. With your install script, you have the option of telling it where the perl you want to use lives. However, the actual MailScanner internals all seem to use #!/usr/bin/perl which means if that's not the perl you want to use, you have to have a link from there to the perl you did use. Your install script should change the MailScanner perl scripts to point to the perl you give it during installation time. If it doesn't, there's no point to having an option to specify the perl location at all since you would be forced into using /usr/bin/perl anyway. Thanks, -- Bob Jones bob.jones@usg.edu OIIT, The Board of Regents The University System of Georgia From rob at robhq.com Sun May 7 19:00:36 2006 From: rob at robhq.com (Rob Freeman) Date: Sun May 7 19:00:35 2006 Subject: Open source mailserver In-Reply-To: References: Message-ID: <445E35C4.4080402@robhq.com> I have been running it along with MailScanner on the same server for a few weeks now with good success. The community edition allows for 25 premium users which is fine for me home use of 3 users. Rob kte@nexis.be wrote: > > I also found scalix had a community edition. Anyone any experience > with that one? > > Koen > > > > *Lance Haig * > Sent by: mailscanner-bounces@lists.mailscanner.info > > 07/05/2006 11:33 > Please respond to > MailScanner discussion > > > > To > MailScanner discussion > cc > > Subject > Re: Open source mailserver > > > > > > > > > > Try Hula, > _ > __www.hula.org_ . > This is the Open source port of Novell's netmail which I use and it > runs on almost any OS. > some of the features are not available yet but for what you need it > seems the perfect fit. > > Regards > > Lance > > _ > __kte@nexis.be_ wrote: > > I want to install an opensource mailserver on linux wit about 1600 > users who send or receive about 10 messages a day for each user. He > must have a web based admin + quota management + webclient + > connecting from an outlook client (imap, pop3). I there an easy > install/stable/configure open source mailserver that has these functions? > I' looking at openexchange, zimbra, more.groupware? But I don't have > experience + they have more the just a mailserver + webclient > > Thanks Koen > > > -- > This message has been scanned for viruses and > dangerous content by *_Red Armour MailScanner_* > , and is > believed to be clean. -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > ------------------------------------------------------------------------ > > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.392 / Virus Database: 268.5.5/333 - Release Date: 5/5/2006 > From steve.swaney at fsl.com Sun May 7 19:17:32 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Sun May 7 19:17:44 2006 Subject: opm.blitzed.org shut down Message-ID: <002501c67202$824dddc0$2901010a@office.fsl> I just received notification on another list that opm.blitzed.org has shut down. I can't confirm but I can't reach their web site. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From kte at nexis.be Sun May 7 22:32:26 2006 From: kte at nexis.be (kte@nexis.be) Date: Sun May 7 22:33:10 2006 Subject: Open source mailserver In-Reply-To: <445E35C4.4080402@robhq.com> Message-ID: But I need about 1600 users will my dual core server with 4 GB ram hold it?? Koen Rob Freeman Sent by: mailscanner-bounces@lists.mailscanner.info 07/05/2006 20:00 Please respond to MailScanner discussion To MailScanner discussion cc Subject Re: Open source mailserver I have been running it along with MailScanner on the same server for a few weeks now with good success. The community edition allows for 25 premium users which is fine for me home use of 3 users. Rob kte@nexis.be wrote: > > I also found scalix had a community edition. Anyone any experience > with that one? > > Koen > > > > *Lance Haig * > Sent by: mailscanner-bounces@lists.mailscanner.info > > 07/05/2006 11:33 > Please respond to > MailScanner discussion > > > > To > MailScanner discussion > cc > > Subject > Re: Open source mailserver > > > > > > > > > > Try Hula, > _ > __www.hula.org_ . > This is the Open source port of Novell's netmail which I use and it > runs on almost any OS. > some of the features are not available yet but for what you need it > seems the perfect fit. > > Regards > > Lance > > _ > __kte@nexis.be_ wrote: > > I want to install an opensource mailserver on linux wit about 1600 > users who send or receive about 10 messages a day for each user. He > must have a web based admin + quota management + webclient + > connecting from an outlook client (imap, pop3). I there an easy > install/stable/configure open source mailserver that has these functions? > I' looking at openexchange, zimbra, more.groupware? But I don't have > experience + they have more the just a mailserver + webclient > > Thanks Koen > > > -- > This message has been scanned for viruses and > dangerous content by *_Red Armour MailScanner_* > , and is > believed to be clean. -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > ------------------------------------------------------------------------ > > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.392 / Virus Database: 268.5.5/333 - Release Date: 5/5/2006 > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060507/0274c256/attachment.html From smcguane at mailshield.com.au Mon May 8 02:00:17 2006 From: smcguane at mailshield.com.au (ShaunM [MailShield]) Date: Mon May 8 02:00:29 2006 Subject: Open source mailserver In-Reply-To: Message-ID: <200605080100.k4810Q6L015335@bkserver.blacknight.ie> Hi guys, I recently installed a new centos 4.3 - mailscanner/mailwatch box which im using as a test solution to move away from cpanel. However upon starting this I get 2 errors when I tail the maillog. I know these errors may not be directly related to each product mailscanner or mailwatch but I thought I would ask anyway. Unable to initialise database connection: Access denied for user 'mailwatch'@'localhost' (using password: YES) --> I know what this problem is but unsure of the command on how to setup a user/pass for mailwatch@localhost in the sql database. Anyones help would be appreciated? Could not use Custom Function code MailScanner::CustomConfig::InitMailWatchLogging, it could not be "eval"ed. Make sure the module is correct with perl -wc --> I do not know what this error is about. Anyone? Thanks Guys Shaun --------------------------------------------------------------------------------------------------------- This message has been scanned for viruses and malicious content by MailShield http://www.mailshield.com.au -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060508/56b2c7f7/attachment.html From smcguane at mailshield.com.au Mon May 8 02:15:59 2006 From: smcguane at mailshield.com.au (ShaunM [MailShield]) Date: Mon May 8 02:16:11 2006 Subject: Error In MailScanner - Maillog on Startup In-Reply-To: <200605080100.k4810Q6L015335@bkserver.blacknight.ie> Message-ID: <200605080116.k481G7Jl015655@bkserver.blacknight.ie> Hi guys, I recently installed a new centos 4.3 - mailscanner/mailwatch box which im using as a test solution to move away from cpanel. However upon starting this I get 2 errors when I tail the maillog. I know these errors may not be directly related to each product mailscanner or mailwatch but I thought I would ask anyway. Unable to initialise database connection: Access denied for user 'mailwatch'@'localhost' (using password: YES) --> I know what this problem is but unsure of the command on how to setup a user/pass for mailwatch@localhost in the sql database. Anyones help would be appreciated? Could not use Custom Function code MailScanner::CustomConfig::InitMailWatchLogging, it could not be "eval"ed. Make sure the module is correct with perl -wc --> I do not know what this error is about. Anyone? Thanks Guys Shaun ---------------------------------------------------------------------------- - This message has been scanned for viruses and malicious content by MailShield http://www.mailshield.com.au --------------------------------------------------------------------------------------------------------- This message has been scanned for viruses and malicious content by MailShield http://www.mailshield.com.au -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060508/d4250d65/attachment-0001.html From admin at thenamegame.com Mon May 8 02:20:14 2006 From: admin at thenamegame.com (Michael S.) Date: Mon May 8 02:20:09 2006 Subject: Errors installing Mailscanner on Freebsd from ports In-Reply-To: <200605062317.k46NHFIo007763@bkserver.blacknight.ie> Message-ID: <200605080120.k481K7KF015804@bkserver.blacknight.ie> Can somebody give me some pointers on this please??? _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Michael S. Sent: Saturday, May 06, 2006 7:18 PM To: mailscanner@lists.mailscanner.info Subject: Errors installing Mailscanner on Freebsd from ports I can't seem to get a successful install of MailScanner on Freebsd 5.4, At the end of the installation I receive an ERROR CODE 1 I tried to deinstall it but it won't let me. cd /usr/ports/mail/mailscanner make deinstall make deinstall ===> Deinstalling for mail/mailscanner pkg_info: package bsdpan-Class-Std-Utils-v0.0.2 has no origin recorded pkg_info: package bsdpan-Class-Std-v0.0.8 has no origin recorded pkg_info: package bsdpan-Filesys-Statvfs_Statfs_Df-0.79 has no origin recorded pkg_info: package bsdpan-GDGraph-1.4307 has no origin recorded pkg_info: package bsdpan-GDTextUtil-0.86 has no origin recorded pkg_info: package bsdpan-IO-Interactive-v0.0.3 has no origin recorded pkg_info: package bsdpan-Net_SSLeay.pm-1.30 has no origin recorded pkg_info: package bsdpan-ShadowHash-0.07 has no origin recorded pkg_info: package bsdpan-Term-ReadLine-Perl-1.03 has no origin recorded pkg_info: package bsdpan-TermReadKey-2.30 has no origin recorded pkg_info: package bsdpan-Tie-Watch-1.2 has no origin recorded pkg_info: package bsdpan-Tree-MultiNode-1.0.10 has no origin recorded pkg_info: package bsdpan-Unix-PID-v0.0.6 has no origin recorded pkg_info: package bsdpan-libwww-perl-5.805 has no origin recorded ===> MailScanner not installed, skipping Then I try to reinstall it. Make install ===> Warning: your umask is "0077". If this is not desired, set it to an appropriate value and install this port again by ``make reinstall''. # # Step 1: Install bin files # install -o root -g wheel -m 555 /usr/ports/mail/mailscanner/work/MailScanner-install-4.53.8/bin/MailScanner /usr/local/sbin/mailscanner /bin/ln -s /usr/local/sbin/mailscanner /usr/local/sbin/MailScanner ln: /usr/local/sbin/MailScanner: File exists *** Error code 1 Stop in /usr/ports/mail/mailscanner. When I de install it isn't it supposed to remove the entire installation instead of complaining that the file already exists??? Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060507/44bd8130/attachment.html From jaearick at colby.edu Mon May 8 02:29:47 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon May 8 02:33:18 2006 Subject: SPARC Solaris 10? In-Reply-To: <445E028B.4020008@ecs.soton.ac.uk> References: <200605071102.k47B23tE004292@bkserver.blacknight.ie> <1147011257.3212.6.camel@dwarfstar.stellarcore.net> <445E028B.4020008@ecs.soton.ac.uk> Message-ID: On Sun, 7 May 2006, Julian Field wrote: >> >> Did you remember about perlgcc? >> >> [mgt@hypernova ~]$ which perlgcc >> /usr/perl5/bin/perlgcc >> [mgt@hypernova ~]$ uname -a >> SunOS hypernova 5.10 Generic_118833-03 sun4u sparc SUNW,UltraAX-i2 >> >> Without it all perl modules will look for the Sun Compiler. >> > > I have just ripped apart my install.tar-fns.sh script and it's started to > work! > Yay, and thanks to whoever it was who pointed me towards SUNWspro. I didn't > realise it was free these days :-) No problem. I don't know why they don't just make SUNWspro part of S10 now that its free. FWIW, I don't use Sun's version of perl. I build and install the public-domain version, and make sure that it is /usr/bin/perl. I specifically delete the SUNWCperl cluster in my jumpstart setup for Solaris 10. In fact, I delete a lot of clusters and packages in my default S10 install, such as GNOME, apache, perl, sendmail, mozilla, etc. It makes the install footprint much smaller and still gives me all of the server functionality I want. If I want things like sendmail or perl, I build and install the public-domain versions. Then I *know* what compiler and options got used and how they got there. More work up front but less guessing and hassle later on. I also build nearly all critical software items with SUNWspro. While GCC is a great compiler, I've sometimes had problems with GCC apps and Sun shared libs -- problems I don't have with SUNWspro. But some things won't build cleanly with SUNWspro, so GCC remains available. Jeff Earickson Colby College From raylund.lai at kankanwoo.com Mon May 8 03:06:03 2006 From: raylund.lai at kankanwoo.com (Raylund Lai) Date: Mon May 8 03:07:01 2006 Subject: Errors installing Mailscanner on Freebsd from ports In-Reply-To: <200605080120.k481K7KF015804@bkserver.blacknight.ie> References: <200605080120.k481K7KF015804@bkserver.blacknight.ie> Message-ID: <445EA78B.9090505@kankanwoo.com> Do your perl multi-threaded? -Raylund Michael S. wrote: > > Can somebody give me some pointers on this please??? > > ------------------------------------------------------------------------ > > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Michael S. > *Sent:* Saturday, May 06, 2006 7:18 PM > *To:* mailscanner@lists.mailscanner.info > *Subject:* Errors installing Mailscanner on Freebsd from ports > > I can?t seem to get a successful install of MailScanner on Freebsd 5.4, > > At the end of the installation I receive an > > ERROR CODE 1 > > I tried to deinstall it but it won?t let me. > > cd /usr/ports/mail/mailscanner > > make deinstall > > make deinstall > > ===> Deinstalling for mail/mailscanner > > pkg_info: package bsdpan-Class-Std-Utils-v0.0.2 has no origin recorded > > pkg_info: package bsdpan-Class-Std-v0.0.8 has no origin recorded > > pkg_info: package bsdpan-Filesys-Statvfs_Statfs_Df-0.79 has no origin > recorded > > pkg_info: package bsdpan-GDGraph-1.4307 has no origin recorded > > pkg_info: package bsdpan-GDTextUtil-0.86 has no origin recorded > > pkg_info: package bsdpan-IO-Interactive-v0.0.3 has no origin recorded > > pkg_info: package bsdpan-Net_SSLeay.pm-1.30 has no origin recorded > > pkg_info: package bsdpan-ShadowHash-0.07 has no origin recorded > > pkg_info: package bsdpan-Term-ReadLine-Perl-1.03 has no origin recorded > > pkg_info: package bsdpan-TermReadKey-2.30 has no origin recorded > > pkg_info: package bsdpan-Tie-Watch-1.2 has no origin recorded > > pkg_info: package bsdpan-Tree-MultiNode-1.0.10 has no origin recorded > > pkg_info: package bsdpan-Unix-PID-v0.0.6 has no origin recorded > > pkg_info: package bsdpan-libwww-perl-5.805 has no origin recorded > > ===> MailScanner not installed, skipping > > Then I try to reinstall it. > > Make install > > ===> Warning: your umask is "0077". > > If this is not desired, set it to an appropriate value > > and install this port again by ``make reinstall''. > > # > > # Step 1: Install bin files > > # > > install -o root -g wheel -m 555 > /usr/ports/mail/mailscanner/work/MailScanner-install-4.53.8/bin/MailScanner > /usr/local/sbin/mailscanner > > /bin/ln -s /usr/local/sbin/mailscanner /usr/local/sbin/MailScanner > > ln: /usr/local/sbin/MailScanner: File exists > > *** Error code 1 > > Stop in /usr/ports/mail/mailscanner. > > When I de install it isn?t it supposed to remove the entire > installation instead of complaining that the file already exists??? > > Thank you. > From smcguane at mailshield.com.au Mon May 8 03:23:47 2006 From: smcguane at mailshield.com.au (ShaunM [MailShield]) Date: Mon May 8 03:23:59 2006 Subject: Error In MailScanner - Maillog on Startup In-Reply-To: <200605080116.k481G7Jl015655@bkserver.blacknight.ie> Message-ID: <200605080223.k482NucB016874@bkserver.blacknight.ie> Problem has been solved. Thanks _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of ShaunM [MailShield] Sent: Monday, 8 May 2006 11:16 AM To: 'MailScanner discussion' Subject: RE: Error In MailScanner - Maillog on Startup Hi guys, I recently installed a new centos 4.3 - mailscanner/mailwatch box which im using as a test solution to move away from cpanel. However upon starting this I get 2 errors when I tail the maillog. I know these errors may not be directly related to each product mailscanner or mailwatch but I thought I would ask anyway. Unable to initialise database connection: Access denied for user 'mailwatch'@'localhost' (using password: YES) --> I know what this problem is but unsure of the command on how to setup a user/pass for mailwatch@localhost in the sql database. Anyones help would be appreciated? Could not use Custom Function code MailScanner::CustomConfig::InitMailWatchLogging, it could not be "eval"ed. Make sure the module is correct with perl -wc --> I do not know what this error is about. Anyone? Thanks Guys Shaun ---------------------------------------------------------------------------- - This message has been scanned for viruses and malicious content by MailShield http://www.mailshield.com.au ---------------------------------------------------------------------------- - This message has been scanned for viruses and malicious content by MailShield http://www.mailshield.com.au --------------------------------------------------------------------------------------------------------- This message has been scanned for viruses and malicious content by MailShield http://www.mailshield.com.au -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060508/97672b9c/attachment.html From admin at thenamegame.com Mon May 8 05:00:02 2006 From: admin at thenamegame.com (Michael S.) Date: Mon May 8 04:59:13 2006 Subject: Errors installing Mailscanner on Freebsd from ports In-Reply-To: <445EA78B.9090505@kankanwoo.com> Message-ID: <200605080359.k483xAMv019144@bkserver.blacknight.ie> I'm not sure what you mean. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Raylund Lai Sent: Sunday, May 07, 2006 10:06 PM To: MailScanner discussion Subject: Re: Errors installing Mailscanner on Freebsd from ports Do your perl multi-threaded? -Raylund Michael S. wrote: > > Can somebody give me some pointers on this please??? > > ------------------------------------------------------------------------ > > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Michael S. > *Sent:* Saturday, May 06, 2006 7:18 PM > *To:* mailscanner@lists.mailscanner.info > *Subject:* Errors installing Mailscanner on Freebsd from ports > > I can't seem to get a successful install of MailScanner on Freebsd 5.4, > > At the end of the installation I receive an > > ERROR CODE 1 > > I tried to deinstall it but it won't let me. > > cd /usr/ports/mail/mailscanner > > make deinstall > > make deinstall > > ===> Deinstalling for mail/mailscanner > > pkg_info: package bsdpan-Class-Std-Utils-v0.0.2 has no origin recorded > > pkg_info: package bsdpan-Class-Std-v0.0.8 has no origin recorded > > pkg_info: package bsdpan-Filesys-Statvfs_Statfs_Df-0.79 has no origin > recorded > > pkg_info: package bsdpan-GDGraph-1.4307 has no origin recorded > > pkg_info: package bsdpan-GDTextUtil-0.86 has no origin recorded > > pkg_info: package bsdpan-IO-Interactive-v0.0.3 has no origin recorded > > pkg_info: package bsdpan-Net_SSLeay.pm-1.30 has no origin recorded > > pkg_info: package bsdpan-ShadowHash-0.07 has no origin recorded > > pkg_info: package bsdpan-Term-ReadLine-Perl-1.03 has no origin recorded > > pkg_info: package bsdpan-TermReadKey-2.30 has no origin recorded > > pkg_info: package bsdpan-Tie-Watch-1.2 has no origin recorded > > pkg_info: package bsdpan-Tree-MultiNode-1.0.10 has no origin recorded > > pkg_info: package bsdpan-Unix-PID-v0.0.6 has no origin recorded > > pkg_info: package bsdpan-libwww-perl-5.805 has no origin recorded > > ===> MailScanner not installed, skipping > > Then I try to reinstall it. > > Make install > > ===> Warning: your umask is "0077". > > If this is not desired, set it to an appropriate value > > and install this port again by ``make reinstall''. > > # > > # Step 1: Install bin files > > # > > install -o root -g wheel -m 555 > /usr/ports/mail/mailscanner/work/MailScanner-install-4.53.8/bin/MailScanner > /usr/local/sbin/mailscanner > > /bin/ln -s /usr/local/sbin/mailscanner /usr/local/sbin/MailScanner > > ln: /usr/local/sbin/MailScanner: File exists > > *** Error code 1 > > Stop in /usr/ports/mail/mailscanner. > > When I de install it isn't it supposed to remove the entire > installation instead of complaining that the file already exists??? > > Thank you. > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From slwatts at winckworths.co.uk Mon May 8 08:37:10 2006 From: slwatts at winckworths.co.uk (Sam Luxford-Watts) Date: Mon May 8 08:37:39 2006 Subject: Sophos v5 Message-ID: Julian, I know we can carry on using V4 for now but any update as to when Sophos V5 support will likely to be written into Mailscanner? Thanks, Sam -----Original Message----- From: shrek-m@gmx.de [mailto:shrek-m@gmx.de] Sent: Friday, May 05, 2006 11:11 PM To: mailscanner@lists.mailscanner.info Subject: Re: Sophos v5 On 05.05.2006 18:44, Sam Luxford-Watts wrote: >I am trying to upgrade our elderly MailScanner server. I am installing on >CentOs4 and got most of it working except MS->Sophos. > >I have downloaded and installed Sophos 5.0.2. It installs fine using the >sophos install.sh script. The one suggested in the Mailscanner docs is now >outdated it seams. Sophos.install doesn?t work. > > http://lists.mailscanner.info/pipermail/mailscanner/2006-March/059542.html http://lists.mailscanner.info/pipermail/mailscanner/2006-March/059551.html i have no problems with sav5.x except that i do not know how i can tell ms how to use it. >Has anyone got MS working with Sophos v5.0.2? if so - how? > i did not tried, for now i have both installed. - sav4.x for ms (Sophos.install) - sav5.x for other use i do not know, perhaps is "generic" a solution for sav5.x, some help/hints would be great. - /etc/MailScanner/virus.scanners.conf - /usr/lib/MailScanner/generic-wrapper - /usr/lib/MailScanner/generic-autoupdate savscan = sav5.x sweep = sav3.x/4.x savscan.base = sweep (see below) a while ago i got some answers from sophos support: - die Optionen von sweep/savscan/savscan.base sind identisch my translation: "the sweep/savscan/savscan.base options are identical" savscan.base is the 'sweep' binary, which is called by savscan with some arguments (for example the location of the IDE files). I would avoid playing around in the engine directory as it is not something that anyone, especially customers should be playing with. roots crontab after sav5.x installation 47 * * * * /opt/sophos-av/bin/savupdate -- shrek-m -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- Winckworth Sherwood, ranked first in the Diversity League Table 2006 UK 100 Plus - a survey analysing ethnicity and gender in the legal profession, commissioned by the Black Solicitors Network and the Commission for Racial Equality. -------------- Winckworth Sherwood Solicitors and Parliamentary Agents, DX 148400 WESTMINSTER 5: 35 Great Peter Street, London SW1P 3LR. Telephone +44 (0)20 7593 5000 Fax +44 (0)20 7593 5099. www.winckworths.co.uk This email and any attachments are confidential and may be the subject of legal privilege. Any use, copying or disclosure other than by the intended recipient is unauthorised. If you have received this message in error, please notify the sender immediately via +44 (0)20 7593 5000 and delete this message from your computer and network. Winckworth Sherwood is regulated by the Law Society. A list of partners is available for inspection at the above address. From bsnottum at hkskole.no Mon May 8 08:50:31 2006 From: bsnottum at hkskole.no (bsnottum@hkskole.no) Date: Mon May 8 08:50:38 2006 Subject: Spamassassin exceeded time limit, not stopping spam Message-ID: <8993.62.97.226.98.1147074631.squirrel@hkskole.no> Hallo! I am running mailscanner-4.44.6-2 on fc2 - yes I know it is old and I will set up a new server shortly. Anyway I have a problem with spamassassin that I really need to solve before I build the new server. My problem is that spamassassin does not stop spam! In the mail-header it says: not spam - exceeded time limit. If I restart mailscanner it works for a while - a few minutes, but after this the error starts again. Can anyone tell me what is going wrong here? Regards Bjorn From james at grayonline.id.au Mon May 8 09:07:35 2006 From: james at grayonline.id.au (James Gray) Date: Mon May 8 09:08:10 2006 Subject: Spamassassin exceeded time limit, not stopping spam In-Reply-To: <8993.62.97.226.98.1147074631.squirrel@hkskole.no> References: <8993.62.97.226.98.1147074631.squirrel@hkskole.no> Message-ID: <200605081807.38649.james@grayonline.id.au> On Mon, 8 May 2006 17:50, bsnottum@hkskole.no wrote: > Hallo! > > I am running mailscanner-4.44.6-2 on fc2 - yes I know it is old and I > will set up a new server shortly. Anyway I have a problem with > spamassassin that I really need to solve before I build the new server. > > My problem is that spamassassin does not stop spam! In the mail-header it > says: not spam - exceeded time limit. If I restart mailscanner it works > for a while - a few minutes, but after this the error starts again. > > Can anyone tell me what is going wrong here? These errors are usually due to either an RBL timing out or a spamassassin plugin (helper) not configured correctly, eg, pyzor, razor2, dcc etc. Best plan is to run a lint test with full debug output: spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf --lint -D 2>&1 | less (all on one line). Watch the shell redirection (2>&1) - as written above will probably bork on standard Bourne shells ("sh") but should work fin in bash/zsh. Have a GOOD look at the output, and hunt down anything that refers to time outs, crashes, missing configs, etc. Keep in mind time outs can be due to firewalls blocking traffic to/from the helpers etc. RBL's are generally implemented with DNS (tcp+udp/53). Spamassassin's wiki has some good articles on what ports are required for different helpers (I believe the MailScanner wiki also has a page dedicated to this area too). If in doubt post back the lint results here and/or the spamassassin list. Cheers, James -- I want you to organize my PASTRY trays ... my TEA-TINS are gleaming in formation like a ROW of DRUM MAJORETTES -- please don't be FURIOUS with me -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060508/f4a76819/attachment.bin From glenn.steen at gmail.com Mon May 8 09:17:56 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon May 8 09:17:58 2006 Subject: Open source mailserver In-Reply-To: <200605080100.k4810Q6L015335@bkserver.blacknight.ie> References: <200605080100.k4810Q6L015335@bkserver.blacknight.ie> Message-ID: <223f97700605080117l39c9c7b6oe783ebd0af9db3ac@mail.gmail.com> On 08/05/06, ShaunM [MailShield] wrote: > > Hi guys, > > I recently installed a new centos 4.3 - mailscanner/mailwatch box which im > using as a test solution to move away from cpanel. > > However upon starting this I get 2 errors when I tail the maillog. I know > these errors may not be directly related to each product > mailscanner or mailwatch but I thought I would ask anyway. > > > Unable to initialise database connection: Access denied for user > 'mailwatch'@'localhost' (using password: YES) > > ? I know what this problem is but unsure of the command on how to setup a > user/pass for mailwatch@localhost in the sql database. Anyones help > would be appreciated? > > Could not use Custom Function code > MailScanner::CustomConfig::InitMailWatchLogging, it could > not be "eval"ed. Make sure the module is correct with perl ?wc > > ? I do not know what this error is about. Anyone? > > Thanks Guys > > Shaun > What does this have to do with the subject? Why didn't you start your own thread? And why are you asking about MailWatch in the MailScanner list, when (and I know you know this) MailWatch has its own mailing list? Anyway, the first one is covered in the install instructions for MailWatch. You can't miss it. The second is likely due to MailScanner reading the same MailWatch.pm twice, either because you have it in /usr/lib/MailScanner/MailScanner/CustomFunctions/ and also use the "old-style" require (which you shouldn't), or because you have two copies of MailWatch.pm in /usr/lib/MailScanner/MailScanner/CustomFunctions/ (Some wellknown editors tend to "sh*t where they eat"... creating backup files like MailWatch.pm~) ... which will get you this error. If none of that apply, then do as it says, run perl -wc on it ... and move over to the MailWatch list;-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martinh at solid-state-logic.com Mon May 8 09:37:03 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon May 8 09:37:19 2006 Subject: Sample Exim config file In-Reply-To: <445D86D9.9010205@mailing.kaufland-informationssysteme.com> Message-ID: <013401c6727a$96fb0e50$3004010a@martinhlaptop> Matthias Follow the instructions in the wiki - you'll need two configs as described. If you're still unsure ask here again... As for exim doccy - yes there is lack of examples in the online stuff..the new docs at the top of main web page (exim specification and filter spec are better) and the book is extremely useful. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Matthias Sutter > Sent: 07 May 2006 06:34 > To: MailScanner discussion > Subject: Sample Exim config file > > Hello, > > can sombody send me a simple MS ready Exim config file? > > And know sombody a clear and easy to understand exim documentation? > > Thanks in advanced > > Matthias > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From G.Pentland at soton.ac.uk Mon May 8 10:00:09 2006 From: G.Pentland at soton.ac.uk (Pentland G.) Date: Mon May 8 10:00:17 2006 Subject: SPARC Solaris 10? Message-ID: <71437982F5B13A4D9A5B2669BDB89EE403A84E28@ISS-CL-EX-V1.soton.ac.uk> From an earlier conversation that was off list... If you need a hand with SMF let me know, basics are... 1. Stick a normal init script in /lib/svc/method 2. Copy the xml for telnet or something, from /var/svc/manifest 3. Put that in /var/svc/manifest/site> 4. edit the obvious stuff Then "svccfg import " Should be fine. NEVER change any Sun supplied manifests, as soon as you do that you will be in a world of trouble if you install patches with reading every file in them. The Sun supplied manifests do and will change with patch installs. Also the sendmail.cf has done in the past with Sun patches, so make those backups before you install any patches! When I get can get a wiki login I'll add this in more detail. I hope that will save someone some grief! Gary BTW Recovering SMF from a database corruption is a nightmare! From prandal at herefordshire.gov.uk Mon May 8 10:07:37 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon May 8 10:08:00 2006 Subject: Updates Script to fetch Steve Basford's Phihing Sigs for ClamAV Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580CC0B081@isabella.herefordshire.gov.uk> Folks, Steve Basford has a ClamAV phishing database over at http://www.sanesecurity.com/clamav/ and has recently updated his site to provide a gzipped version of the file. The attached script is a modified version of the one I posted to this list back in March. This version uses curl to fetch newer versions of the gzipped database. It should be run no more than once hourly, and Steve says that 4 times a day is sufficient. Can people using the old script please update to this one to save the load on Steve's server. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK -------------- next part -------------- A non-text attachment was scrubbed... Name: get_phish_sigs Type: application/octet-stream Size: 1099 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060508/9686a5c1/get_phish_sigs.obj From Peter.Bates at lshtm.ac.uk Mon May 8 13:11:21 2006 From: Peter.Bates at lshtm.ac.uk (Peter Bates) Date: Mon May 8 13:12:03 2006 Subject: Submitting phishing reports (with Postfix) Message-ID: <445F43790200007600004CA7@193.63.251.15> Hello all... As with most people, we see a reasonable amount of Phishing scams from one day to the next. ClamAV spots a fair few, which end up quarantined and then (as I'm using Postfix) stored as Postfix queue files. This method is fine for resubmitting to the 'intended' recipient, but I quite fancy occasionally reporting some of the worse offenders. My questions are: - are there any 'central' antiphishing sites I can point any report at (I've seen millersmiles.co.uk, for instance) - how to extract something from the Postfix queue file to send and then fire off from the box itself (thereby avoiding the content filtering). postcat xxxxx > file reallly includes a lot of stuff I shouldn't be sending on to anyone else. Is anyone doing this? ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 From kbjo at interpost.no Mon May 8 13:47:40 2006 From: kbjo at interpost.no (Knut Bjornstad) Date: Mon May 8 13:47:43 2006 Subject: Spamassassin cache loop Message-ID: <20060508144740.A28384@akkar.interpost.no> We have a problem with our MailScanner installations - a small part of the traffic get stuck in the Spamassassin cache and loops back to the hold queue for reprossessing. This happens to ordinary mail, I am not sure if any of them is spam. The loop is not infinite thou, most of the cases escape after a few hundred iterations. But there are som mails that has been stuck for months. We have quite a lot of mail going through our MailScanner filters, so I have not given this attention before the last days. But the load on the boxes (we have several running in parallell), kept increasing very slowly. I was not able to reset the cache in any way. My knowledge of SQLite and sql bases in general are very limited, but at last I managed to reset the base on one of the boxes by overwriting it with an empty base! This had no effect, the looping continued. At last I stopped it by removing the offending mails from the hold queue. Then the load (as reported by uptime) on the boxes fell immediately. Here is some obeservations I have made: The log gets lines like this: "May 8 00:08:04 xxxx MailScanner[882]: SpamAssassin cache hit for message A3C3B310132.D0C33" where the last part of the session-id varies as the mail is put back in the hold queue I have found no particular type of mail that gets caught - but all of them have a few MIME components. When I remove a mail, and then put it back in the hold queue, without any modification, it got sent immidiately! Our installation: postfix postfix-2.2.1 and 2.1.5 on Suse Linux (the behaviour occurs on both versions) MailScanner 4.50.15 spamassassin 3.0.4 ClamAV 0.88.1 I wonder if this problem can be rectified by upgrading MailScanner, or by changing the cache parameters (but the config comment says you shouldn't ordinarily do this) I would appreciate any comment. -- --Knut Bjornstad -- IKTDriftstjenester, ErgoGroup AS ---Oslo, Norway------- --kbjo@interpost.no -- t:47 23 14 53 36 -- mob: 901 15 917 -- From steve.swaney at fsl.com Mon May 8 14:16:23 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Mon May 8 14:16:36 2006 Subject: Spamassassin cache loop In-Reply-To: <20060508144740.A28384@akkar.interpost.no> Message-ID: <051101c672a1$9aebe5d0$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Knut Bjornstad > Sent: Monday, May 08, 2006 8:48 AM > To: mailscanner@lists.mailscanner.info > Subject: Spamassassin cache loop > > We have a problem with our MailScanner installations - a small part of > the traffic get stuck in the Spamassassin cache and loops back to > the hold queue for reprossessing. This happens to ordinary mail, I am > not sure if any of them is spam. The loop is not infinite thou, most of > the cases escape after a few hundred iterations. But there are som mails > that has been stuck for months. > > We have quite a lot of mail going through our MailScanner filters, so I > have not given this attention before the last days. But the load on the > boxes (we have several running in parallell), kept increasing very > slowly. I was not able to reset the cache in any way. My knowledge of > SQLite and sql bases in general are very limited, but at last I managed > to reset the base on one of the boxes by overwriting it with an empty > base! > This had no effect, the looping continued. At last I stopped it by > removing the > offending mails from the hold queue. Then the load (as reported by > uptime) on the boxes fell immediately. > > Here is some obeservations I have made: > The log gets lines like this: > "May 8 00:08:04 xxxx MailScanner[882]: SpamAssassin cache hit for > message A3C3B310132.D0C33" where the last part of the session-id varies > as the mail is put back in the hold queue > > I have found no particular type of mail that gets caught - but all of them > have > a few MIME components. > > When I remove a mail, and then put it back in the hold queue, without > any modification, it got sent immidiately! > > Our installation: > postfix postfix-2.2.1 and 2.1.5 on Suse Linux (the behaviour occurs on > both versions) > MailScanner 4.50.15 > spamassassin 3.0.4 > ClamAV 0.88.1 > > I wonder if this problem can be rectified by upgrading MailScanner, or > by changing the cache parameters (but the config comment says you > shouldn't ordinarily do this) > > I would appreciate any comment. > -- I believe this is a known problem which can be fixed by upgrading. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From P.G.M.Peters at utwente.nl Mon May 8 15:38:33 2006 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Mon May 8 15:38:38 2006 Subject: MailScanner 4.53.6 stops with alarm clock Message-ID: <445F57E9.10600@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Since a couple of days MailScanner seems to get killed. Setting MailScanner to debug gives the following messages They end with: Not forking Ignore errors about failing to find EOCD signature Alarm clock Strace ends in: ioctl(69, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbfffcfb8) = -1 EINVAL (Invalid argument) _llseek(69, 0, 0xbfffcff0, SEEK_CUR) = -1 ESPIPE (Illegal seek) ioctl(70, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbfffcfb8) = -1 EINVAL (Invalid argument) _llseek(70, 0, 0xbfffcff0, SEEK_CUR) = -1 ESPIPE (Illegal seek) fcntl64(69, F_SETFD, FD_CLOEXEC) = 0 fcntl64(70, F_SETFD, FD_CLOEXEC) = 0 write(67, "Hello!
My name is Erectile Dy"..., 357) = 357 _llseek(68, 512, [512], SEEK_SET) = 0 _llseek(68, 0, [512], SEEK_CUR) = 0 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb75e20c8) = 10965 close(70) = 0 alarm(10) = 0 read(69, 0x97b4e58, 4096) = ? ERESTARTSYS (To be restarted) - --- SIGALRM (Alarm clock) @ 0 (0) --- +++ killed by SIGALRM +++ - -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEX1fpelLo80lrIdIRAhRxAJ9qS999j5OvD00d/JAyr4aOoAhFbgCfR5Cy IMsGtvan5pwE/BdBpsDOIoI= =yro4 -----END PGP SIGNATURE----- From nick.smith67 at googlemail.com Mon May 8 15:51:57 2006 From: nick.smith67 at googlemail.com (Nick Smith) Date: Mon May 8 15:52:00 2006 Subject: Could not analyze message Message-ID: Hi, MailScanner 4.53.8 I have an application that generates a MIME header like this: Content-Type: Multipart/Mixed; boundary=" 3:May:06:19:22:23_Boundary_" As you can see, it appears to be generating the boundary value by using a timestamp, and pads a single-digit day number with a leading space Unfortunately, this falls foul of the current test for a null MIME boundary - the definition of which also seems to include leading whitespace (line 1625 of Message.pm): if ($boundary eq "" || $boundary eq "\"\"" || $boundary =~ /^\s/) { I have briefly looked at RFC's 1049/2045/2046 but cannot find any reference to leading whitespace in a quoted boundary field being illegal and am therefore finding it difficult to convince the developer that the app needs to be fixed For the meantime, I have commented the offending test and it does seem to have "fixed" the problem. Any other ideas about ways around this without code hacking? Thanks Nick From P.G.M.Peters at utwente.nl Mon May 8 16:16:08 2006 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Mon May 8 16:16:15 2006 Subject: MailScanner 4.53.6 stops with alarm clock In-Reply-To: <445F57E9.10600@utwente.nl> References: <445F57E9.10600@utwente.nl> Message-ID: <445F60B8.9070405@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Peters wrote on 8-5-2006 16:38: > Since a couple of days MailScanner seems to get killed. Setting > MailScanner to debug gives the following messages They end with: > > Not forking > Ignore errors about failing to find EOCD signature > Alarm clock More testing seems to indicate the phishing tests. Disabling them has processed 3000 messages without problems. I wont have much time to test anything else. I'll be away from the office for the next coupel of days. - -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEX2C4elLo80lrIdIRAjhRAJ9Yt9Oy9BBpgmBI3XtIaeKAHaReUQCeP+w6 gaOehRAa7xJd3RnSyB1C1sw= =Y7aE -----END PGP SIGNATURE----- From ssilva at sgvwater.com Mon May 8 16:17:00 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon May 8 16:17:29 2006 Subject: Error In MailScanner - Maillog on Startup In-Reply-To: <200605080223.k482NucB016874@bkserver.blacknight.ie> References: <200605080116.k481G7Jl015655@bkserver.blacknight.ie> <200605080223.k482NucB016874@bkserver.blacknight.ie> Message-ID: ShaunM [MailShield] spake the following on 5/7/2006 7:23 PM: > Problem has been solved. > > > > Thanks Must have read the install docs! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From martinh at solid-state-logic.com Mon May 8 16:21:56 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon May 8 16:22:06 2006 Subject: MailScanner 4.53.6 stops with alarm clock In-Reply-To: <445F60B8.9070405@utwente.nl> Message-ID: <01d301c672b3$24e6dd60$3004010a@martinhlaptop> Peter You need the 4.53.8 update.... Julian had to do an emergency patch for this very problem.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Peter Peters > Sent: 08 May 2006 16:16 > To: MailScanner discussion > Subject: Re: MailScanner 4.53.6 stops with alarm clock > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Peter Peters wrote on 8-5-2006 16:38: > > Since a couple of days MailScanner seems to get killed. Setting > > MailScanner to debug gives the following messages They end with: > > > > Not forking > > Ignore errors about failing to find EOCD signature > > Alarm clock > > More testing seems to indicate the phishing tests. Disabling them has > processed 3000 messages without problems. > > I wont have much time to test anything else. I'll be away from the > office for the next coupel of days. > > - -- > Peter Peters, senior beheerder (Security) > Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) > Universiteit Twente, Postbus 217, 7500 AE Enschede > telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2.2 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFEX2C4elLo80lrIdIRAjhRAJ9Yt9Oy9BBpgmBI3XtIaeKAHaReUQCeP+w6 > gaOehRAa7xJd3RnSyB1C1sw= > =Y7aE > -----END PGP SIGNATURE----- > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From smcguane at mailshield.com.au Mon May 8 16:31:59 2006 From: smcguane at mailshield.com.au (ShaunM [MailShield]) Date: Mon May 8 16:32:10 2006 Subject: Open source mailserver In-Reply-To: <223f97700605080117l39c9c7b6oe783ebd0af9db3ac@mail.gmail.com> Message-ID: <200605081532.k48FW8qD028769@bkserver.blacknight.ie> Glen, I didn't know you were the sherrif on this list. I did say that -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Monday, 8 May 2006 6:18 PM To: MailScanner discussion Subject: Re: Open source mailserver On 08/05/06, ShaunM [MailShield] wrote: > > Hi guys, > > I recently installed a new centos 4.3 - mailscanner/mailwatch box which im > using as a test solution to move away from cpanel. > > However upon starting this I get 2 errors when I tail the maillog. I know > these errors may not be directly related to each product > mailscanner or mailwatch but I thought I would ask anyway. > > > Unable to initialise database connection: Access denied for user > 'mailwatch'@'localhost' (using password: YES) > > ? I know what this problem is but unsure of the command on how to setup a > user/pass for mailwatch@localhost in the sql database. Anyones help > would be appreciated? > > Could not use Custom Function code > MailScanner::CustomConfig::InitMailWatchLogging, it could > not be "eval"ed. Make sure the module is correct with perl ?wc > > ? I do not know what this error is about. Anyone? > > Thanks Guys > > Shaun > What does this have to do with the subject? Why didn't you start your own thread? And why are you asking about MailWatch in the MailScanner list, when (and I know you know this) MailWatch has its own mailing list? Anyway, the first one is covered in the install instructions for MailWatch. You can't miss it. The second is likely due to MailScanner reading the same MailWatch.pm twice, either because you have it in /usr/lib/MailScanner/MailScanner/CustomFunctions/ and also use the "old-style" require (which you shouldn't), or because you have two copies of MailWatch.pm in /usr/lib/MailScanner/MailScanner/CustomFunctions/ (Some wellknown editors tend to "sh*t where they eat"... creating backup files like MailWatch.pm~) ... which will get you this error. If none of that apply, then do as it says, run perl -wc on it ... and move over to the MailWatch list;-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ---------------------------------------------------------------------------- ----------------------------- This message has been scanned for viruses and malicious content by MailShield http://www.mailshield.com.au --------------------------------------------------------------------------------------------------------- This message has been scanned for viruses and malicious content by MailShield http://www.mailshield.com.au From smcguane at mailshield.com.au Mon May 8 16:35:36 2006 From: smcguane at mailshield.com.au (ShaunM [MailShield]) Date: Mon May 8 16:35:49 2006 Subject: Open source mailserver In-Reply-To: <223f97700605080117l39c9c7b6oe783ebd0af9db3ac@mail.gmail.com> Message-ID: <200605081535.k48FZkDK029007@bkserver.blacknight.ie> Glen, I didn?t know you were the sheriff on this list. I did know that it was a mistake so I sorted it out. Anyway I was not sure what program was to be at fault. I know Steve from fsl has been on this list from time to time so I thought I would take a chance and ask here in case. It was a mistake to hit reply on your thread ... sorry for the hijacking anyway back on topic now. Thanks Shaun -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Monday, 8 May 2006 6:18 PM To: MailScanner discussion Subject: Re: Open source mailserver On 08/05/06, ShaunM [MailShield] wrote: > > Hi guys, > > I recently installed a new centos 4.3 - mailscanner/mailwatch box which im > using as a test solution to move away from cpanel. > > However upon starting this I get 2 errors when I tail the maillog. I know > these errors may not be directly related to each product > mailscanner or mailwatch but I thought I would ask anyway. > > > Unable to initialise database connection: Access denied for user > 'mailwatch'@'localhost' (using password: YES) > > ? I know what this problem is but unsure of the command on how to setup a > user/pass for mailwatch@localhost in the sql database. Anyones help > would be appreciated? > > Could not use Custom Function code > MailScanner::CustomConfig::InitMailWatchLogging, it could > not be "eval"ed. Make sure the module is correct with perl ?wc > > ? I do not know what this error is about. Anyone? > > Thanks Guys > > Shaun > What does this have to do with the subject? Why didn't you start your own thread? And why are you asking about MailWatch in the MailScanner list, when (and I know you know this) MailWatch has its own mailing list? Anyway, the first one is covered in the install instructions for MailWatch. You can't miss it. The second is likely due to MailScanner reading the same MailWatch.pm twice, either because you have it in /usr/lib/MailScanner/MailScanner/CustomFunctions/ and also use the "old-style" require (which you shouldn't), or because you have two copies of MailWatch.pm in /usr/lib/MailScanner/MailScanner/CustomFunctions/ (Some wellknown editors tend to "sh*t where they eat"... creating backup files like MailWatch.pm~) ... which will get you this error. If none of that apply, then do as it says, run perl -wc on it ... and move over to the MailWatch list;-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ---------------------------------------------------------------------------- ----------------------------- This message has been scanned for viruses and malicious content by MailShield http://www.mailshield.com.au --------------------------------------------------------------------------------------------------------- This message has been scanned for viruses and malicious content by MailShield http://www.mailshield.com.au From mkettler at evi-inc.com Mon May 8 16:44:01 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon May 8 16:44:13 2006 Subject: Spamassassin exceeded time limit, not stopping spam In-Reply-To: <200605081807.38649.james@grayonline.id.au> References: <8993.62.97.226.98.1147074631.squirrel@hkskole.no> <200605081807.38649.james@grayonline.id.au> Message-ID: <445F6741.1070004@evi-inc.com> James Gray wrote: > On Mon, 8 May 2006 17:50, bsnottum@hkskole.no wrote: >> Hallo! >> >> I am running mailscanner-4.44.6-2 on fc2 - yes I know it is old and I >> will set up a new server shortly. Anyway I have a problem with >> spamassassin that I really need to solve before I build the new server. >> >> My problem is that spamassassin does not stop spam! In the mail-header it >> says: not spam - exceeded time limit. If I restart mailscanner it works >> for a while - a few minutes, but after this the error starts again. >> >> Can anyone tell me what is going wrong here? > > These errors are usually due to either an RBL timing out or a spamassassin > plugin (helper) not configured correctly, eg, pyzor, razor2, dcc etc. The above should NOT be the problem, unless you have configured MailScanner for an absurdly short timeout. Note that SA 3.x has RBL timeouts, razor timeouts, etc that default in the sub-15 second range. Also note that with 3.x, no matter how many RBLs timeout, you'll never wait more than the total timeout duration. DCC, Razor, and Pyzor all default to 10 seconds. RBL's default to 15. Even if all 4 systems are used and time-out together that's a maximum of 45 seconds. Your SpamAssassin timeout should be MUCH greater than 45 seconds, because there is a normal operation that takes MUCH longer. Nearly every case of "SpamAssassin timed out and was killed" is caused by bayes expiry. This process can reasonably take as much as 5 minutes to complete, depending on your bayes DB and hardware. On really slow hardware with large bayes DBs it can take longer. Look for ".expire" files in your bayes_path. If you see a bunch of them, this means MailScanner is terminating SA instances that are attempting to perform bayes maintenance. I have *NEVER* seen a legitimate incident of MailScanner terminating SA since I started using it when SpamAssassin 2.31 was released. Early on MailScanner had it's timeout set to SA's DNS timeout, ensuring that all DNS timeouts would cause SA to be killed. (oops). Now SA performs bayes maintenance on occasion while scanning messages. Set your SpamAssassin Timeout to 10 minutes, and it should fix itself. SpamAssassin Timeout = 600 From jaearick at colby.edu Mon May 8 16:50:30 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon May 8 16:54:49 2006 Subject: First time MailScanner Issues In-Reply-To: <52F8C995-D6C9-4397-86DA-818190B45E3F@themarshalls.co.uk> References: <20060506200102.lhtmcx5cudsc4008@10.0.0.10> <52F8C995-D6C9-4397-86DA-818190B45E3F@themarshalls.co.uk> Message-ID: Gang, I've seen this same exact behavior with MS 4.53.8 and a couple of previous versions on Solaris 10. I've discovered that the check_mailscanner script will start MailScanner via cron just fine, but that the start script I used in Solaris 9 works sometimes, sometimes does not. This is an annoyance that can be gotten around by just running check_mailscanner often. Jeff Earickson Colby College On Sat, 6 May 2006, Drew Marshall wrote: > Date: Sat, 6 May 2006 20:25:03 +0100 > From: Drew Marshall > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: First time MailScanner Issues > > > On 6 May 2006, at 21:01, uxbod@splatnix.net wrote: > >> Hi, >> >> this is my first post so please excuse my ignorance. > > No problem, we all start somewhere ;-) >> > >> >> And this just keeps going on and on and not delivering :( > > Not knowing how the Gentoo port starts it's self you might have o customise > this a bit but either find the check_MailScanner script (/etc/MailScanner?) > and run check_MailScanner ---debug or edit /etc/MailScanner/MailScanner.conf > at the end and turn on debugging (You can't miss it) and re-start MailScanner > using the Portage start script and check the output. That should tell you > some more. > > Post back the output (Or at least where it stops) if you need more help. > > Drew > > -- > In line with our policy, this message hasbeen scanned for viruses and > dangerouscontent by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From KGoods at AIAInsurance.com Mon May 8 17:15:31 2006 From: KGoods at AIAInsurance.com (Ken Goods) Date: Mon May 8 17:20:29 2006 Subject: 4.53.7, endless loop in debug mode Message-ID: <13C0059880FDD3118DC600508B6D4A6D013D8915@aiainsurance.com> Randal, Phil wrote: > Just replace the file and do a > > service mailscanner restart > > It won't break future updates. > > And those stuck messages should clear out of your incoming queue. > > The updated MailScanner's processed 4465 messages here so far without > problems. > > Cheers, > > Phil > > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK Thanks so much Phil (and Julian for the patch!)... worked like a charm! Kind regards, Ken Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. From marcel-ml at irc-addicts.de Mon May 8 17:23:29 2006 From: marcel-ml at irc-addicts.de (Marcel Blenkers) Date: Mon May 8 17:24:05 2006 Subject: /etc/cron.daily/sa-update failure? Message-ID: Hi there, after upgrade to the lastest MailScanner-Version (V 4.53.7) on a SuSE10, i received an error-mail to root, that the cron.daily failed. After reading the Mail, i saw that sa-update seemed to fail. At least this is what the mail said: SCRIPT: sa-update exited with RETURNCODE = 1. Moving sa-update outside of cron.daily worked. cron.daily worked again.. /usr/bin/sa-update is existing.. is there anything i should set up first?? Any help welcome.. Thanks in advance Marcel From KGoods at AIAInsurance.com Mon May 8 18:13:55 2006 From: KGoods at AIAInsurance.com (Ken Goods) Date: Mon May 8 18:18:53 2006 Subject: Quick question about system email notifications. Message-ID: <13C0059880FDD3118DC600508B6D4A6D013D8919@aiainsurance.com> I get the following (addressed to root) when checking mail on the server. I've always got these and find them useful for a "quick check" of the mail system... if I see something out of the ordinary here I look more closely at the logs. Problem is, after this latest install (migrated from RH 9.0 to Centos 4.3) I'm getting way too much detail in the **Unmatched Entries** section... it runs on and on for pages and pages. Is there a log level setting in MailScanner that I missed or is this something I need to address in Centos (LogWatch) somehow? Not looking for a step by step (never learn anything that way:)) just a direction to start. Thanks for any and all help! Ken >From root@gw-mail.aiainsurance.com Sat May 6 04:03:40 2006 Date: Sat, 6 May 2006 04:03:00 -0700 From: root To: root@gw-mail.aiainsurance.com Subject: LogWatch for gw-mail X-AIAINSURANCE-MailScanner-Information: Please contact MIS for more information X-AIAINSURANCE-MailScanner: Found to be clean X-AIAINSURANCE-MailScanner-SpamCheck: not spam, SpamAssassin (score=-0.002, required 5, autolearn=not spam, SPF_HELO_PASS -0.00, SPF_PASS -0.00) X-AIAINSURANCE-MailScanner-From: root@gw-mail.aiainsurance.com X-AIAINSURANCE-MailScanner-To: root@gw-mail.aiainsurance.com ################### LogWatch 5.2.2 (06/23/04) #################### Processing Initiated: Sat May 6 04:02:36 2006 Date Range Processed: yesterday Detail Level of Output: 0 Logfiles for Host: gw-mail ################################################################ --------------------- MailScanner Begin ------------------------ MailScanner Status: 1533 messages Scanned by MailScanner 16546483 Total Bytes 1189 Spam messages detected by MailScanner 364 Messages delivered by MailScanner Virus Report: (Total Seen = 1) HTML.Phishing.Pay-92: 1 Times(s) Virus Sender Report: (Total Seen = 1) 64.69.88.226 : 1 Times(s) Content Report: (Total Seen = ) and have disarmed form tags in HTML message: 1 Times(s) and have disarmed form, form input tags in HTML message: 5 Times(s) and have disarmed phishing tags in HTML message: 6 Times(s) and have disarmed script tags in HTML message: 2 Times(s) and have disarmed web bug tags in HTML message: 48 Times(s) and have disarmed web bug, form, form input tags in HTML message: 12 Times(s) and have disarmed web bug, script, form, form input tags in HTML message: 2 Times(s) **Unmatched Entries** Expired 1 records from the SpamAssassin cache : 96 Time(s) Expired 2 records from the SpamAssassin cache : 60 Time(s) Expired 3 records from the SpamAssassin cache : 47 Time(s) Connected to SpamAssassin cache database : 31 Time(s) Creating hardcoded struct_flock subroutine for linux (Linux-type) : 31 Time(s) ClamAV scanner using unrar command /usr/bin/unrar : 31 Time(s) Read 717 hostnames from the phishing whitelist : 31 Time(s) Using locktype = posix : 31 Time(s) Using SpamAssassin results cache : 31 Time(s) Batch (1 message) processed in 13.46 seconds : 26 Time(s) Batch (1 message) processed in 13.50 seconds : 23 Time(s) Batch (1 message) processed in 13.47 seconds : 21 Time(s) Batch (1 message) processed in 13.48 seconds : 20 Time(s) Expired 4 records from the SpamAssassin cache : 17 Time(s) Expired 5 records from the SpamAssassin cache : 17 Time(s) Expired 6 records from the SpamAssassin cache : 16 Time(s) Batch (1 message) processed in 13.62 seconds : 16 Time(s) Batch (1 message) processed in 13.49 seconds : 14 Time(s) Batch (1 message) processed in 13.45 seconds : 13 Time(s) Batch (1 message) processed in 13.63 seconds : 11 Time(s) Batch (1 message) processed in 13.64 seconds : 11 Time(s) Batch (1 message) processed in 13.54 seconds : 10 Time(s) Batch (1 message) processed in 13.61 seconds : 10 Time(s) Expired 7 records from the SpamAssassin cache : 10 Time(s) Batch (1 message) processed in 13.55 seconds : 9 Time(s) Batch (1 message) processed in 13.53 seconds : 9 Time(s) Batch (1 message) processed in 13.65 seconds : 9 Time(s) Virus Scanning completed at 132 bytes per second : 9 Time(s) Virus Scanning completed at 138 bytes per second : 9 Time(s) Virus Scanning completed at 147 bytes per second : 8 Tim .... for pages and pages.... Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. From Denis.Beauchemin at USherbrooke.ca Mon May 8 18:26:40 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon May 8 18:26:57 2006 Subject: Updates Script to fetch Steve Basford's Phihing Sigs for ClamAV In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580CC0B081@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580CC0B081@isabella.herefordshire.gov.uk> Message-ID: <445F7F50.4050805@USherbrooke.ca> Randal, Phil a ?crit : > Folks, > > Steve Basford has a ClamAV phishing database over at > > http://www.sanesecurity.com/clamav/ > > and has recently updated his site to provide a gzipped version of the > file. > > The attached script is a modified version of the one I posted to this > list back in March. This version uses curl to fetch newer versions of > the gzipped database. > > It should be run no more than once hourly, and Steve says that 4 times a > day is sufficient. > > Can people using the old script please update to this one to save the > load on Steve's server. > Phil, I had to specify /sbin/service in the script because /sbin was not in root's path under cron. BTW: is it necessary to reload MS? Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060508/ef655ddc/smime.bin From MailScanner at ecs.soton.ac.uk Mon May 8 18:28:41 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 8 18:28:59 2006 Subject: Sophos v5 In-Reply-To: References: Message-ID: <445F7FC9.4050009@ecs.soton.ac.uk> Just as soon as I have time to write it! :-) I am working on it, I hope it won't be anything major. I may scrap Sophos.install at the same time if I can, but no promises. Has anyone tried it with the current MailScanner release? Sam Luxford-Watts wrote: > Julian, > > I know we can carry on using V4 for now but any update as to when Sophos V5 > support will likely to be written into Mailscanner? > > Thanks, > > Sam > > -----Original Message----- > From: shrek-m@gmx.de [mailto:shrek-m@gmx.de] > Sent: Friday, May 05, 2006 11:11 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: Sophos v5 > > On 05.05.2006 18:44, Sam Luxford-Watts wrote: > > >> I am trying to upgrade our elderly MailScanner server. I am installing on >> CentOs4 and got most of it working except MS->Sophos. >> >> I have downloaded and installed Sophos 5.0.2. It installs fine using the >> sophos install.sh script. The one suggested in the Mailscanner docs is now >> outdated it seams. Sophos.install doesn?t work. >> >> >> > > http://lists.mailscanner.info/pipermail/mailscanner/2006-March/059542.html > http://lists.mailscanner.info/pipermail/mailscanner/2006-March/059551.html > > i have no problems with sav5.x except that i do not know how i can tell ms > how to use it. > > > >> Has anyone got MS working with Sophos v5.0.2? if so - how? >> >> > > i did not tried, for now i have both installed. > - sav4.x for ms (Sophos.install) > - sav5.x for other use > > i do not know, perhaps is "generic" a solution for sav5.x, some > help/hints would be great. > - /etc/MailScanner/virus.scanners.conf > - /usr/lib/MailScanner/generic-wrapper > - /usr/lib/MailScanner/generic-autoupdate > > > savscan = sav5.x > sweep = sav3.x/4.x > savscan.base = sweep (see below) > > a while ago i got some answers from sophos support: > > > > - die Optionen von sweep/savscan/savscan.base sind identisch > > > my translation: "the sweep/savscan/savscan.base options are identical" > > > savscan.base is the 'sweep' binary, which is called by savscan with some > arguments (for example the location of the IDE files). > > I would avoid playing around in the engine directory as it is not > something that anyone, especially customers should be playing with. > > > > > roots crontab after sav5.x installation > > 47 * * * * /opt/sophos-av/bin/savupdate > > > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Mon May 8 18:36:12 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon May 8 18:36:14 2006 Subject: Open source mailserver In-Reply-To: <200605081535.k48FZkDK029007@bkserver.blacknight.ie> References: <223f97700605080117l39c9c7b6oe783ebd0af9db3ac@mail.gmail.com> <200605081535.k48FZkDK029007@bkserver.blacknight.ie> Message-ID: <223f97700605081036r46a54660v3581580f35a64c7f@mail.gmail.com> On 08/05/06, ShaunM [MailShield] wrote: > Glen, > > I didn't know you were the sheriff on this list. I did know that it was a > mistake so I sorted it out. Not really... As you can see, I actually go on to try help you ... too:-). > Anyway I was not sure what program was to be at fault. I know Steve from fsl > > has been on this list from time to time so I thought I would take a chance > and ask here in case. > > It was a mistake to hit reply on your thread ... sorry for the hijacking > anyway back on topic now. > > Thanks > Shaun > Well, see it as a friendly nudge... sledgehammer-style:-). Glad to hear your problems are sorted. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon May 8 18:40:17 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon May 8 18:40:20 2006 Subject: /etc/cron.daily/sa-update failure? In-Reply-To: References: Message-ID: <223f97700605081040t6e545cbcif5f60ec39acfab84@mail.gmail.com> On 08/05/06, Marcel Blenkers wrote: > Hi there, > > after upgrade to the lastest MailScanner-Version (V 4.53.7) on a SuSE10, i > received an error-mail to root, that the cron.daily failed. > > After reading the Mail, i saw that sa-update seemed to fail. At least this > is what the mail said: > > SCRIPT: sa-update exited with RETURNCODE = 1. > > Moving sa-update outside of cron.daily worked. > cron.daily worked again.. > > /usr/bin/sa-update > > is existing.. > > is there anything i should set up first?? > > Any help welcome.. > > Thanks in advance > > Marcel man sa-update should contain the details... IIRC returning 1 means there was no update to perform, while 0 means there was one and that it worked OK... 4 is the "bad" one:). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From shrek-m at gmx.de Mon May 8 18:46:22 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Mon May 8 18:46:31 2006 Subject: Sophos v5 In-Reply-To: References: Message-ID: <445F83EE.4060404@gmx.de> On 08.05.2006 09:37, Sam Luxford-Watts wrote: >I know we can carry on using V4 for now but any update as to when Sophos V5 >support will likely to be written into Mailscanner? > >>Has anyone got MS working with Sophos v5.0.2? if so - how? >> i had no luck with generic-wrapper (every *.ide = virus warning and no report) >"the sweep/savscan/savscan.base options are identical" > > a copy of sophos-wrapper as sophos-av-wrapper and "sophos-av" in virus.scanners.conf and MailScanner.conf did not work. sorry, i have no developer skills, i assume that it is no problem for others. ---- /usr/lib/MailScanner/sophos-wrapper ---- ##exec ${PackageDir}/bin/$prog "$@" exec /opt/sophos-av/bin/savscan "$@" ------- sophos virusscanner-autodetection does not work if you have removed/renamed sav4.x /usr/local/Sophos/ /usr/local/sav/ /usr/local/sav-install/ i have now sophos (only sav5.x) and clamav ---- /etc/MailScanner/MailScanner.conf ---- #Virus Scanners = auto Virus Scanners = clamav sophos i tried different virii *.com, *.exe, *.zip, .... ~1 day and sav5.x seems to work without problems. >roots crontab after sav5.x installation > >47 * * * * /opt/sophos-av/bin/savupdate > > once again, i have no developper skills. ---- sophos-autoupdate ---- #!/bin/bash /opt/sophos-av/bin/savupdate >> /var/log/maillog 2>&1 exit 0 --------- ---- /var/log/maillog ---- Downloading http://es-web.sophos.com/update/savlinux/master.upd 268 bytes downloaded in 0,392609 secs (682,612774 B/s) /opt/sophos-av/update/cache/LOCAL/PACKAGE/savi/cidsync.upd is up to date /opt/sophos-av/update/cache/LOCAL/PACKAGE/sav-linux/cidsync.upd is up to date /opt/sophos-av/update/cache/LOCAL/PACKAGE/doc/cidsync.upd is up to date Downloading http://es-web.sophos.com/update/savlinux/root.upd 342 bytes downloaded in 0,171530 secs (1,947090 KiB/s) Downloading http://es-web.sophos.com/update/savlinux/root_manifest.dat 3168 bytes downloaded in 0,288249 secs (10,732907 KiB/s) /opt/sophos-av/update/cache/LOCAL/PACKAGE/talpa/cidsync.upd is up to date Downloading http://es-web.sophos.com/update/savlinux/config/index.spec Failed to download http://es-web.sophos.com/update/savlinux/config/index.spec Downloading http://es-web.sophos.com/update/savlinux/talpa-custom/index.spec Failed to download http://es-web.sophos.com/update/savlinux/talpa-custom/index.spec Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/savi/manifest.dat in 0,222307 seconds Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/sav-linux/manifest.dat in 0,362816 seconds Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/doc/manifest.dat in 0,039915 seconds Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/root_manifest.dat in 0,036539 seconds Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/talpa/manifest.dat in 0,138936 seconds Verify: /opt/sophos-av/update/cache/LOCAL/PACKAGE/root_manifest.dat in 0,038047 seconds Successfully updated Sophos Anti-Virus -------- my understanding, it should be no problem to add real sav5.x support in mailscanner for a developer but not me. -- shrek-m -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060508/cbe6258e/attachment.html From lshaw at emitinc.com Mon May 8 20:05:14 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Mon May 8 20:05:24 2006 Subject: Spamassassin exceeded time limit, not stopping spam In-Reply-To: <200605081807.38649.james@grayonline.id.au> References: <8993.62.97.226.98.1147074631.squirrel@hkskole.no> <200605081807.38649.james@grayonline.id.au> Message-ID: On Mon, 8 May 2006, James Gray wrote: > spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf --lint -D 2>&1 | > less > > (all on one line). Watch the shell redirection (2>&1) - as written above > will probably bork on standard Bourne shells ("sh") but should work fin in > bash/zsh. The "2>&1" syntax is a standard Bourne shell ("sh") thing and has been around since long before bash and zsh existed, and maybe even before ksh existed. - Logan From uxbod at splatnix.net Mon May 8 21:13:43 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Mon May 8 20:14:51 2006 Subject: Spamassassin exceeded time limit, not stopping spam In-Reply-To: References: <8993.62.97.226.98.1147074631.squirrel@hkskole.no> <200605081807.38649.james@grayonline.id.au> Message-ID: <20060508201343.5dd5ae15@cyborg> Agreed. Std Error to Std Output. On Mon, 8 May 2006 14:05:14 -0500 (CDT) Logan Shaw wrote: > On Mon, 8 May 2006, James Gray wrote: > > spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf --lint -D 2>&1 | > > less > > > > (all on one line). Watch the shell redirection (2>&1) - as written above > > will probably bork on standard Bourne shells ("sh") but should work fin in > > bash/zsh. > > The "2>&1" syntax is a standard Bourne shell ("sh") thing > and has been around since long before bash and zsh existed, > and maybe even before ksh existed. > > - Logan -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Mon May 8 20:56:48 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon May 8 20:57:09 2006 Subject: Updates Script to fetch Steve Basford's Phihing Sigs for Clam AV Message-ID: <86144ED6CE5B004DA23E1EAC0B569B58017681C4@isabella.herefordshire.gov.uk> >Randal, Phil a ?crit : >> Folks, >> >> Steve Basford has a ClamAV phishing database over at >> >> http://www.sanesecurity.com/clamav/ >> >> and has recently updated his site to provide a gzipped version of the >> file. >> >> The attached script is a modified version of the one I posted to this >> list back in March. This version uses curl to fetch newer versions of >> the gzipped database. >> >> It should be run no more than once hourly, and Steve says that 4 times a >> day is sufficient. >> >> Can people using the old script please update to this one to save the >> load on Steve's server. >> >Phil, >I had to specify /sbin/service in the script because /sbin was not in >root's path under cron. >BTW: is it necessary to reload MS? >Denis Good catch! I use clamavmodule here and am never sure whether a reload is necessary after a virus pattern update, so erred on the side of caution. Cheers, Phil From ssilva at sgvwater.com Mon May 8 21:18:29 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon May 8 21:18:51 2006 Subject: Quick question about system email notifications. In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D013D8919@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D013D8919@aiainsurance.com> Message-ID: Ken Goods spake the following on 5/8/2006 10:13 AM: > I get the following (addressed to root) when checking mail on the server. > I've always got these and find them useful for a "quick check" of the mail > system... if I see something out of the ordinary here I look more closely at > the logs. > > Problem is, after this latest install (migrated from RH 9.0 to Centos 4.3) > I'm getting way too much detail in the **Unmatched Entries** section... it > runs on and on for pages and pages. Is there a log level setting in > MailScanner that I missed or is this something I need to address in Centos > (LogWatch) somehow? Not looking for a step by step (never learn anything > that way:)) just a direction to start. > > Thanks for any and all help! > Ken The current Logwatch is into the 7. something range. You are running 5.2.2. Just get a newer version, because it won't hurt anything, and will be much quieter. ftp://ftp.kaybee.org/pub/redhat/RPMS/noarch/logwatch-7.3-1.noarch.rpm -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From KGoods at AIAInsurance.com Mon May 8 21:27:43 2006 From: KGoods at AIAInsurance.com (Ken Goods) Date: Mon May 8 21:32:42 2006 Subject: Quick question about system email notifications. Message-ID: <13C0059880FDD3118DC600508B6D4A6D013D8920@aiainsurance.com> Scott Silva wrote: > Ken Goods spake the following on 5/8/2006 10:13 AM: >> I get the following (addressed to root) when checking mail on the >> server. I've always got these and find them useful for a "quick >> check" of the mail system... if I see something out of the ordinary >> here I look more closely at the logs. >> >> Problem is, after this latest install (migrated from RH 9.0 to >> Centos 4.3) I'm getting way too much detail in the **Unmatched >> Entries** section... it runs on and on for pages and pages. Is there >> a log level setting in MailScanner that I missed or is this >> something I need to address in Centos (LogWatch) somehow? Not >> looking for a step by step (never learn anything that way:)) just a >> direction to start. >> >> Thanks for any and all help! >> Ken > The current Logwatch is into the 7. something range. You are running > 5.2.2. Just get a newer version, because it won't hurt anything, and > will be much quieter. > > ftp://ftp.kaybee.org/pub/redhat/RPMS/noarch/logwatch-7.3-1.noarch.rpm > > > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! Thanks so much Scott... just what I was looking for! Kind regards, Ken Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. From MailScanner at ecs.soton.ac.uk Mon May 8 23:03:37 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 8 23:03:48 2006 Subject: 4.54.1 with Sophos V5 support Message-ID: <445FC039.9050805@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just implemented support for Sophos version 5. You can still use Sophos.install to install Sophos version 5, but you don't have to if you don't want to. The advantage of installing using Sophos.install is - More guidance - Automatic editing of virus.scanners.conf to update location If you install it without using Sophos.install, you *must not* enable on-access scanning. Otherwise it sill start inspecting files too early and may well break your system as it deletes or renames files that MailScanner is about to scan. In this position I cannot guarantee what, if anything, MailScanner will do. Please try it out and let me (or the list) know how you get on. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRF/AOhH2WUcUFbZUEQKb7gCgyid6j7kyOjJjQeG+Jt/H+g+Bed4An3uQ OhYwYcTJXTh8/TpKht9gfUVE =nYPj -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Mon May 8 23:18:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 8 23:18:21 2006 Subject: Updates Script to fetch Steve Basford's Phihing Sigs for Clam AV In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B58017681C4@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B58017681C4@isabella.herefordshire.gov.uk> Message-ID: <445FC3A3.7020704@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Randal, Phil wrote: >> Randal, Phil a ?crit : >> >>> Folks, >>> >>> Steve Basford has a ClamAV phishing database over at >>> >>> http://www.sanesecurity.com/clamav/ >>> >>> and has recently updated his site to provide a gzipped version of the >>> file. >>> >>> The attached script is a modified version of the one I posted to this >>> list back in March. This version uses curl to fetch newer versions >>> > of > >>> the gzipped database. >>> >>> It should be run no more than once hourly, and Steve says that 4 >>> > times a > >>> day is sufficient. >>> >>> Can people using the old script please update to this one to save the >>> load on Steve's server. >>> >>> >> Phil, >> > > >> I had to specify /sbin/service in the script because /sbin was not in >> root's path under cron. >> > > >> BTW: is it necessary to reload MS? >> > > >> Denis >> > > Good catch! I use clamavmodule here and am never sure whether a reload > is necessary after a virus pattern update, so erred on the side of > caution. May I point you at this in your MailScanner.conf file? # ClamAVModule only: monitor each of these files for changes in size to # detect when a ClamAV update has happened. # This is only used by the "clamavmodule" virus scanner, not the "clamav" # scanner setting. Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd It automatically detects pattern updates and reloads MailScanner as and when necessary for you. I have already done all the hard work for you :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRF/DpBH2WUcUFbZUEQLOBACglGlPMLJwD2oqE5wNJIvC5N3XewAAn3XD nBAxEPpG9XoijChzjZcCU2Lg =KKnG -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From ka at pacific.net Tue May 9 00:14:01 2006 From: ka at pacific.net (Ken A) Date: Tue May 9 00:10:20 2006 Subject: Updates Script to fetch Steve Basford's Phihing Sigs for Clam AV In-Reply-To: <445FC3A3.7020704@ecs.soton.ac.uk> References: <86144ED6CE5B004DA23E1EAC0B569B58017681C4@isabella.herefordshire.gov.uk> <445FC3A3.7020704@ecs.soton.ac.uk> Message-ID: <445FD0B9.3040505@pacific.net> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Randal, Phil wrote: >>> Randal, Phil a ?crit : >>> >>>> Folks, >>>> >>>> Steve Basford has a ClamAV phishing database over at >>>> >>>> http://www.sanesecurity.com/clamav/ >>>> >>>> and has recently updated his site to provide a gzipped version of the >>>> file. >>>> >>>> The attached script is a modified version of the one I posted to this >>>> list back in March. This version uses curl to fetch newer versions >>>> >> of >> >>>> the gzipped database. >>>> >>>> It should be run no more than once hourly, and Steve says that 4 >>>> >> times a >> >>>> day is sufficient. >>>> >>>> Can people using the old script please update to this one to save the >>>> load on Steve's server. >>>> >>>> >>> Phil, >>> >> >>> I had to specify /sbin/service in the script because /sbin was not in >>> root's path under cron. >>> >> >>> BTW: is it necessary to reload MS? >>> >> >>> Denis >>> >> Good catch! I use clamavmodule here and am never sure whether a reload >> is necessary after a virus pattern update, so erred on the side of >> caution. > May I point you at this in your MailScanner.conf file? > > # ClamAVModule only: monitor each of these files for changes in size to > # detect when a ClamAV update has happened. > # This is only used by the "clamavmodule" virus scanner, not the "clamav" > # scanner setting. > Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd If you are using Steve Basford's Phishing you should probably change the line in MailScanner.conf to /usr/local/share/clamav/*.* or maybe /usr/local/share/clamav/*.[cn]?? because sigs are phish.ndb Thanks, Ken A Pacific.Net > It automatically detects pattern updates and reloads MailScanner as and > when necessary for you. I have already done all the hard work for you :-) > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRF/DpBH2WUcUFbZUEQLOBACglGlPMLJwD2oqE5wNJIvC5N3XewAAn3XD > nBAxEPpG9XoijChzjZcCU2Lg > =KKnG > -----END PGP SIGNATURE----- > From marcel-ml at irc-addicts.de Tue May 9 01:00:36 2006 From: marcel-ml at irc-addicts.de (Marcel Blenkers) Date: Tue May 9 01:00:56 2006 Subject: /etc/cron.daily/sa-update failure? In-Reply-To: <223f97700605081040t6e545cbcif5f60ec39acfab84@mail.gmail.com> References: <223f97700605081040t6e545cbcif5f60ec39acfab84@mail.gmail.com> Message-ID: Hi there, [...] > man sa-update > should contain the details... IIRC returning 1 means there was no > update to perform, while 0 means there was one and that it worked > OK... 4 is the "bad" one:). > thanks.. but isnt it a bit strange, that my system stated that there was an error.. :( this could mean everynight a failure-mail.. :( or should i delete the script, and handle sa-update by hand..or enter an entry in cron by hand? Marcel From smcguane at mailshield.com.au Tue May 9 07:21:53 2006 From: smcguane at mailshield.com.au (ShaunM [MailShield]) Date: Tue May 9 07:22:08 2006 Subject: Problem With Installation Perl Clamav Module In-Reply-To: <223f97700605081036r46a54660v3581580f35a64c7f@mail.gmail.com> Message-ID: <200605090622.k496M4vO008552@bkserver.blacknight.ie> Hey Guys, Following Julians Instructions below I followed through all the steps to install the module and it only failed on the MAIL::CLAMAV installation. The O/S is Centos 4.3 1. Download and install ClamAV from www.clamav.net as usual. 2. The default locations are under /usr/local/{bin,man,share}. 3. Do the following: perl -MCPAN -e shell install Parse::RecDescent install Inline install Mail::ClamAV 4. In MailScanner.conf, set 'Virus Scanners = clamavmodule'. 5. In MailScanner.conf, check the setting of 'Monitors for ClamAV Updates' to ensure it matches the location of your ClamAV virus database files. The output is below, fails on make test anyone can shed some light on this? Thanks Shaun Running make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/Mail-ClamAV....NOK 1# Failed test (t/Mail-ClamAV.t at line 9) # Tried to use 'Mail::ClamAV'. # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' # # Can't load '/root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' for module Mail::ClamAV: libclamav.so.1: cannot open shared object file: No such file or directory at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. # at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 # # # at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 188 # BEGIN failed--compilation aborted at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 532. # Compilation failed in require at (eval 1) line 2. "all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t line 11 Can't continue after import errors at t/Mail-ClamAV.t line 11 # Looks like you planned 10 tests but only ran 1. t/Mail-ClamAV....dubious Test returned status 10 (wstat 2560, 0xa00) DIED. FAILED tests 1-10 Failed 10/10 tests, 0.00% okay Failed Test Stat Wstat Total Fail Failed List of Failed ---------------------------------------------------------------------------- --- t/Mail-ClamAV.t 10 2560 10 19 190.00% 1-10 Failed 1/1 test scripts, 0.00% okay. 10/10 subtests failed, 0.00% okay. make: *** [test_dynamic] Error 2 /usr/bin/make test -- NOT OK Running make install make test had returned bad status, won't install without force --------------------------------------------------------------------------------------------------------- This message has been scanned for viruses and malicious content by MailShield http://www.mailshield.com.au From james at grayonline.id.au Tue May 9 07:40:24 2006 From: james at grayonline.id.au (James Gray) Date: Tue May 9 07:41:16 2006 Subject: Spamassassin exceeded time limit, not stopping spam In-Reply-To: References: <8993.62.97.226.98.1147074631.squirrel@hkskole.no> <200605081807.38649.james@grayonline.id.au> Message-ID: <200605091640.32260.james@grayonline.id.au> On Tue, 9 May 2006 05:05, Logan Shaw wrote: > On Mon, 8 May 2006, James Gray wrote: > > spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf --lint -D > > 2>&1 | less > > > > (all on one line). Watch the shell redirection (2>&1) - as written > > above will probably bork on standard Bourne shells ("sh") but should > > work fin in bash/zsh. > > The "2>&1" syntax is a standard Bourne shell ("sh") thing > and has been around since long before bash and zsh existed, > and maybe even before ksh existed. Right - but for some daft reason, that syntax ALWAYS breaks on my FreeBSD boxes which use /bin/sh for root. Go figure. Cheers, James -- People will buy anything that's one to a customer. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060509/e2501a3d/attachment.bin From james at grayonline.id.au Tue May 9 07:43:50 2006 From: james at grayonline.id.au (James Gray) Date: Tue May 9 07:44:03 2006 Subject: Spamassassin exceeded time limit, not stopping spam In-Reply-To: <445F6741.1070004@evi-inc.com> References: <8993.62.97.226.98.1147074631.squirrel@hkskole.no> <200605081807.38649.james@grayonline.id.au> <445F6741.1070004@evi-inc.com> Message-ID: <200605091643.50735.james@grayonline.id.au> On Tue, 9 May 2006 01:44, Matt Kettler wrote: > James Gray wrote: > > On Mon, 8 May 2006 17:50, bsnottum@hkskole.no wrote: > >> My problem is that spamassassin does not stop spam! In the mail-header > >> it says: not spam - exceeded time limit. If I restart mailscanner it > >> works for a while - a few minutes, but after this the error starts > >> again. > > > > These errors are usually due to either an RBL timing out or a > > spamassassin plugin (helper) not configured correctly, eg, pyzor, > > razor2, dcc etc. > > Nearly every case of "SpamAssassin timed out and was killed" is caused by > bayes expiry. This process can reasonably take as much as 5 minutes to > complete, depending on your bayes DB and hardware. On really slow > hardware with large bayes DBs it can take longer. Thanks for the info about time outs. I've wondered how the various bits add up under mailscanner. However, I doubt Bjorn's problem is bayes related as the problem goes away when he restarts MailScanner then returns after a few minutes. Does MS/SA resume an expire that was interrupted? I didn't think that was the case (happy to be proven wrong too!). Cheers, James -- Nada é tão difícil como não enganar-se. -- Ludwig Wittgenstein -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060509/b6648dda/attachment.bin From james at grayonline.id.au Tue May 9 07:51:28 2006 From: james at grayonline.id.au (James Gray) Date: Tue May 9 07:52:35 2006 Subject: Sample Exim config file In-Reply-To: <445D86D9.9010205@mailing.kaufland-informationssysteme.com> References: <445D86D9.9010205@mailing.kaufland-informationssysteme.com> Message-ID: <200605091651.29013.james@grayonline.id.au> On Sun, 7 May 2006 15:34, Matthias Sutter wrote: > Hello, > > can sombody send me a simple MS ready Exim config file? > > And know sombody a clear and easy to understand exim documentation? > > Thanks in advanced > > Matthias I wrote a wiki page about getting Exim (4.x) and MailScanner humming and clicking on Debian. Not sure if that's your OS, but here's the doc anyway: http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:exim:installation:debian&s=debian+exim (watch the wrap) or: http://tinyurl.com/jrrf2 Cheers, James -- "Never laugh at live dragons, Bilbo you fool!" he said to himself, and it became a favourite saying of his later, and passed into a proverb. "You aren't nearly through this adventure yet," he added, and that was pretty true as well. -- Bilbo Baggins, "The Hobbit" by J.R.R. Tolkien, Chapter XII -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060509/ce490561/attachment.bin From martinh at solid-state-logic.com Tue May 9 09:13:40 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue May 9 09:13:53 2006 Subject: Sophos v5 In-Reply-To: <445F7FC9.4050009@ecs.soton.ac.uk> Message-ID: <00e001c67340$7afadd40$3004010a@martinhlaptop> Julian Please be aware V5 is only available on Windows and Linux. The rest of the O/S's (MacO X, FreeBSD, Solaris etc) are still on V4. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 08 May 2006 18:29 > To: MailScanner discussion > Subject: Re: Sophos v5 > > Just as soon as I have time to write it! :-) > I am working on it, I hope it won't be anything major. I may scrap > Sophos.install at the same time if I can, but no promises. > > Has anyone tried it with the current MailScanner release? > > Sam Luxford-Watts wrote: > > Julian, > > > > I know we can carry on using V4 for now but any update as to when Sophos > V5 > > support will likely to be written into Mailscanner? > > > > Thanks, > > > > Sam > > > > -----Original Message----- > > From: shrek-m@gmx.de [mailto:shrek-m@gmx.de] > > Sent: Friday, May 05, 2006 11:11 PM > > To: mailscanner@lists.mailscanner.info > > Subject: Re: Sophos v5 > > > > On 05.05.2006 18:44, Sam Luxford-Watts wrote: > > > > > >> I am trying to upgrade our elderly MailScanner server. I am installing > on > >> CentOs4 and got most of it working except MS->Sophos. > >> > >> I have downloaded and installed Sophos 5.0.2. It installs fine using > the > >> sophos install.sh script. The one suggested in the Mailscanner docs is > now > >> outdated it seams. Sophos.install doesn't work. > >> > >> > >> > > > > http://lists.mailscanner.info/pipermail/mailscanner/2006- > March/059542.html > > http://lists.mailscanner.info/pipermail/mailscanner/2006- > March/059551.html > > > > i have no problems with sav5.x except that i do not know how i can tell > ms > > how to use it. > > > > > > > >> Has anyone got MS working with Sophos v5.0.2? if so - how? > >> > >> > > > > i did not tried, for now i have both installed. > > - sav4.x for ms (Sophos.install) > > - sav5.x for other use > > > > i do not know, perhaps is "generic" a solution for sav5.x, some > > help/hints would be great. > > - /etc/MailScanner/virus.scanners.conf > > - /usr/lib/MailScanner/generic-wrapper > > - /usr/lib/MailScanner/generic-autoupdate > > > > > > savscan = sav5.x > > sweep = sav3.x/4.x > > savscan.base = sweep (see below) > > > > a while ago i got some answers from sophos support: > > > > > > > > - die Optionen von sweep/savscan/savscan.base sind identisch > > > > > > my translation: "the sweep/savscan/savscan.base options are > identical" > > > > > > savscan.base is the 'sweep' binary, which is called by savscan with some > > arguments (for example the location of the IDE files). > > > > I would avoid playing around in the engine directory as it is not > > something that anyone, especially customers should be playing with. > > > > > > > > > > roots crontab after sav5.x installation > > > > 47 * * * * /opt/sophos-av/bin/savupdate > > > > > > > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From glenn.steen at gmail.com Tue May 9 09:14:56 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 9 09:14:59 2006 Subject: /etc/cron.daily/sa-update failure? In-Reply-To: References: <223f97700605081040t6e545cbcif5f60ec39acfab84@mail.gmail.com> Message-ID: <223f97700605090114j151defbex3b7e98f6a8fcf38c@mail.gmail.com> On 09/05/06, Marcel Blenkers wrote: > Hi there, > > [...] > > > man sa-update > > should contain the details... IIRC returning 1 means there was no > > update to perform, while 0 means there was one and that it worked > > OK... 4 is the "bad" one:). > > > > thanks.. > > but isnt it a bit strange, that my system stated that there was an error.. > :( > > this could mean everynight a failure-mail.. :( > > or should i delete the script, and handle sa-update by hand..or enter an > entry in cron by hand? > > Marcel If the script is run "bare", it'll return a non-zero value.... and that will be reported (every night) by cron, yes. Perhaps not that good:-). Wrap it in a scriptlet and run that instead... Or whatever... Something silly like #!/bin/sh /path/to/script params case $? in 0|1) ;; *) return ;; esac # EoS should do:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue May 9 09:18:06 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 9 09:18:09 2006 Subject: /etc/cron.daily/sa-update failure? In-Reply-To: <223f97700605090114j151defbex3b7e98f6a8fcf38c@mail.gmail.com> References: <223f97700605081040t6e545cbcif5f60ec39acfab84@mail.gmail.com> <223f97700605090114j151defbex3b7e98f6a8fcf38c@mail.gmail.com> Message-ID: <223f97700605090118q41591a85m734384e2b6c053c2@mail.gmail.com> On 09/05/06, Glenn Steen wrote: (itiod me, strikes again....:-) > #!/bin/sh > /path/to/script params > case $? in > 0|1) ;; should be 0|1) exit 0 ;; > *) return ;; should be *) exit 1 ;; or even preserving the actual return value from sa-update...:-) > esac > # EoS > should do:-) > (clearly a case of 1) too little coffee, and 2) brain not communicating with fingers...:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue May 9 09:24:01 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 9 09:24:04 2006 Subject: Problem With Installation Perl Clamav Module In-Reply-To: <200605090622.k496M4vO008552@bkserver.blacknight.ie> References: <223f97700605081036r46a54660v3581580f35a64c7f@mail.gmail.com> <200605090622.k496M4vO008552@bkserver.blacknight.ie> Message-ID: <223f97700605090124v1361402fl953db8622b7e9665@mail.gmail.com> On 09/05/06, ShaunM [MailShield] wrote: > Hey Guys, > > Following Julians Instructions below I followed through all the steps to > install the module and it only failed on the MAIL::CLAMAV installation. > > The O/S is Centos 4.3 > > 1. Download and install ClamAV from www.clamav.net as usual. > 2. The default locations are under /usr/local/{bin,man,share}. > 3. Do the following: > perl -MCPAN -e shell > install Parse::RecDescent > install Inline > install Mail::ClamAV > 4. In MailScanner.conf, set 'Virus Scanners = clamavmodule'. > 5. In MailScanner.conf, check the setting of 'Monitors for ClamAV > Updates' to ensure it matches the location of your ClamAV virus database > files. > > The output is below, fails on make test anyone can shed some light on this? > > Thanks > Shaun > Does the same type of error happen wityh Julians easy-to-install Clam+SA package (which contains the Mail::ClamAV module, and will take care of the build process for you)? I switched to that a while back, and have had no problems... very slick. Only real carp is that the package keeps adding three lines to your SA *.pre files, but, well ... those are pretty easy to remove, and they don't really harm anything:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue May 9 09:30:56 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 9 09:30:59 2006 Subject: Spamassassin exceeded time limit, not stopping spam In-Reply-To: <200605091640.32260.james@grayonline.id.au> References: <8993.62.97.226.98.1147074631.squirrel@hkskole.no> <200605081807.38649.james@grayonline.id.au> <200605091640.32260.james@grayonline.id.au> Message-ID: <223f97700605090130p4c8993c0i9b26c752a3957c5f@mail.gmail.com> On 09/05/06, James Gray wrote: > On Tue, 9 May 2006 05:05, Logan Shaw wrote: > > On Mon, 8 May 2006, James Gray wrote: > > > spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf --lint -D > > > 2>&1 | less > > > > > > (all on one line). Watch the shell redirection (2>&1) - as written > > > above will probably bork on standard Bourne shells ("sh") but should > > > work fin in bash/zsh. > > > > The "2>&1" syntax is a standard Bourne shell ("sh") thing > > and has been around since long before bash and zsh existed, > > and maybe even before ksh existed. > > Right - but for some daft reason, that syntax ALWAYS breaks on my FreeBSD > boxes which use /bin/sh for root. Go figure. > > Cheers, > > James Some implementations of diverse shells (including bourne... well, "reimplementations" perhaps:-) on some platforms have been known to be rather picky about things like whitespace surronding it, and placement(!). DG/UX comes to mind here... differed between ksh/sh. Sigh. Well, it's dead now:-). I have next to no experience of any modern FreeBSD, so can't say how things are there:). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From a.peacock at chime.ucl.ac.uk Tue May 9 09:44:33 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Tue May 9 09:45:36 2006 Subject: MailWatch Stops logging sascore & sareport Message-ID: <44605671.8080708@chime.ucl.ac.uk> Hi, I originally posted this to the MailWatch users list, and although I have had some help I still have the problem. I am posting this here in the hope that someone on this list might have seen this problem before and can give some pointers. I apologise to those people who are on both lists. -------- Original Message -------- Hi All, I though a recent upgrade of MailScanner had cured me of this problem, but 20 minutes ago MailWatch suddenly stopped logging any values of sascore or sareport. It still logged details of emails processed but sascore and sareport are both NULL. MailScanner is correctly marking emails still and they are still filtered properly. It just stops logging these values in MailWatch. It has run for about 5 days now without showing this behaviour. It is very difficult to track down, as if I leave DBItrace running for 5 days the file gets huge. And a restart of MailScanner cures the problem, so switching DBItrace on when I see the problem occur doesn't help. :-( If anybody has seen something similar or can give me some pointers I would be very grateful. I may post this to the MailScanner-users list as well to see if I reach a different audience... Steve Freegard wrote: > Hi Anthony, > > On Fri, 2006-04-28 at 07:40 +0100, Anthony Peacock wrote: >> Every so often, MailWatch stops logging the SpamAssassin score. All >> other details still get logged, except the sascore is always NULL in the >> database. MailScanner and SpamAssassin are correctly scoring, marking >> and filtering the emails so the system is working as expected except >> that when I check the MailWatch web page none of the emails are marked >> as spam. >> >> As stop and start of mailscanner clears this problem up and there does >> not appear to be any residual problems. >> >> As I said I did investigate this earlier this week and couldn't see >> anything obvious in the logs or DBItrace. This appears to be something >> that happens after a period of time. Any ideas would be appreciated. > > Very strange indeed as sascore gets no particular special attention by > MailWatch.pm. > > The only thing that I know causes NULL to be written to the column is > when a message has been whitelisted. > > Only thing you could try is to disable the SpamAssassin cache > temporarily and see if that solves the problem as this is the only thing > I can think of that changes sascore in the recent versions of > MailScanner. > > Kind regards, > Steve. > > > > ------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Mailwatch-users mailing list > Mailwatch-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/mailwatch-users > > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Mailwatch-users mailing list Mailwatch-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mailwatch-users -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From MailScanner at ecs.soton.ac.uk Tue May 9 11:29:06 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 9 11:29:23 2006 Subject: Sophos v5 In-Reply-To: <00e001c67340$7afadd40$3004010a@martinhlaptop> References: <00e001c67340$7afadd40$3004010a@martinhlaptop> Message-ID: <36320480-0DAF-41E4-BAF3-B97D349B5592@ecs.soton.ac.uk> Yes, don't worry. The new scripts auto-detect which version you have installed and just "do the right thing" (TM) On 9 May 2006, at 09:13, Martin Hepworth wrote: > Julian > > Please be aware V5 is only available on Windows and Linux. The rest > of the > O/S's (MacO X, FreeBSD, Solaris etc) are still on V4. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Julian Field >> Sent: 08 May 2006 18:29 >> To: MailScanner discussion >> Subject: Re: Sophos v5 >> >> Just as soon as I have time to write it! :-) >> I am working on it, I hope it won't be anything major. I may scrap >> Sophos.install at the same time if I can, but no promises. >> >> Has anyone tried it with the current MailScanner release? >> >> Sam Luxford-Watts wrote: >>> Julian, >>> >>> I know we can carry on using V4 for now but any update as to when >>> Sophos >> V5 >>> support will likely to be written into Mailscanner? >>> >>> Thanks, >>> >>> Sam >>> >>> -----Original Message----- >>> From: shrek-m@gmx.de [mailto:shrek-m@gmx.de] >>> Sent: Friday, May 05, 2006 11:11 PM >>> To: mailscanner@lists.mailscanner.info >>> Subject: Re: Sophos v5 >>> >>> On 05.05.2006 18:44, Sam Luxford-Watts wrote: >>> >>> >>>> I am trying to upgrade our elderly MailScanner server. I am >>>> installing >> on >>>> CentOs4 and got most of it working except MS->Sophos. >>>> >>>> I have downloaded and installed Sophos 5.0.2. It installs fine >>>> using >> the >>>> sophos install.sh script. The one suggested in the Mailscanner >>>> docs is >> now >>>> outdated it seams. Sophos.install doesn't work. >>>> >>>> >>>> >>> >>> http://lists.mailscanner.info/pipermail/mailscanner/2006- >> March/059542.html >>> http://lists.mailscanner.info/pipermail/mailscanner/2006- >> March/059551.html >>> >>> i have no problems with sav5.x except that i do not know how i >>> can tell >> ms >>> how to use it. >>> >>> >>> >>>> Has anyone got MS working with Sophos v5.0.2? if so - how? >>>> >>>> >>> >>> i did not tried, for now i have both installed. >>> - sav4.x for ms (Sophos.install) >>> - sav5.x for other use >>> >>> i do not know, perhaps is "generic" a solution for sav5.x, some >>> help/hints would be great. >>> - /etc/MailScanner/virus.scanners.conf >>> - /usr/lib/MailScanner/generic-wrapper >>> - /usr/lib/MailScanner/generic-autoupdate >>> >>> >>> savscan = sav5.x >>> sweep = sav3.x/4.x >>> savscan.base = sweep (see below) >>> >>> a while ago i got some answers from sophos support: >>> >>> >>> >>> - die Optionen von sweep/savscan/savscan.base sind identisch >>> >>> >>> my translation: "the sweep/savscan/savscan.base options are >> identical" >>> >>> >>> savscan.base is the 'sweep' binary, which is called by savscan >>> with some >>> arguments (for example the location of the IDE files). >>> >>> I would avoid playing around in the engine directory as it is not >>> something that anyone, especially customers should be playing with. >>> >>> >>> >>> >>> roots crontab after sav5.x installation >>> >>> 47 * * * * /opt/sophos-av/bin/savupdate >>> >>> >>> >>> >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue May 9 11:38:39 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 9 11:38:51 2006 Subject: Problem With Installation Perl Clamav Module In-Reply-To: <200605090622.k496M4vO008552@bkserver.blacknight.ie> References: <200605090622.k496M4vO008552@bkserver.blacknight.ie> Message-ID: <360A643E-396E-49D6-A6A7-8D2DFB968F54@ecs.soton.ac.uk> If you had used my easy-to-install ClamAV and SpamAssassin package, you wouldn't have had this problem :-) You need to add /usr/local/lib to your /etc/ld.so.conf file and then run the ldconfig command. On 9 May 2006, at 07:21, ShaunM [MailShield] wrote: > Hey Guys, > > Following Julians Instructions below I followed through all the > steps to > install the module and it only failed on the MAIL::CLAMAV > installation. > > The O/S is Centos 4.3 > > 1. Download and install ClamAV from www.clamav.net as usual. > 2. The default locations are under /usr/local/{bin,man,share}. > 3. Do the following: > perl -MCPAN -e shell > install Parse::RecDescent > install Inline > install Mail::ClamAV > 4. In MailScanner.conf, set 'Virus Scanners = clamavmodule'. > 5. In MailScanner.conf, check the setting of 'Monitors for ClamAV > Updates' to ensure it matches the location of your ClamAV virus > database > files. > > The output is below, fails on make test anyone can shed some light > on this? > > Thanks > Shaun > > > > Running make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/Mail-ClamAV....NOK 1# Failed test (t/Mail-ClamAV.t at line 9) > > # Tried to use 'Mail::ClamAV'. > # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' > # > # Can't load > '/root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ > ClamAV.so' > for module Mail::ClamAV: libclamav.so.1: cannot open shared object > file: No > such file or directory at > /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. > # at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 > # > # > # at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm > line 188 > # BEGIN failed--compilation aborted at > /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 532. > # Compilation failed in require at (eval 1) line 2. > "all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail- > ClamAV.t line > 11 > Can't continue after import errors at t/Mail-ClamAV.t line 11 > # Looks like you planned 10 tests but only ran 1. > t/Mail-ClamAV....dubious > > Test returned status 10 (wstat 2560, 0xa00) > DIED. FAILED tests 1-10 > Failed 10/10 tests, 0.00% okay > Failed Test Stat Wstat Total Fail Failed List of Failed > ---------------------------------------------------------------------- > ------ > --- > t/Mail-ClamAV.t 10 2560 10 19 190.00% 1-10 > Failed 1/1 test scripts, 0.00% okay. 10/10 subtests failed, 0.00% > okay. > make: *** [test_dynamic] Error 2 > /usr/bin/make test -- NOT OK > Running make install > make test had returned bad status, won't install without force > > > > > ---------------------------------------------------------------------- > ----------------------------------- > This message has been scanned for viruses and malicious content by > MailShield http://www.mailshield.com.au > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From shrek-m at gmx.de Tue May 9 12:12:49 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Tue May 9 12:12:53 2006 Subject: 4.54.1 with Sophos V5 support In-Reply-To: <445FC039.9050805@ecs.soton.ac.uk> References: <445FC039.9050805@ecs.soton.ac.uk> Message-ID: <44607931.2060205@gmx.de> On 09.05.2006 00:03, Julian Field wrote: >I have just implemented support for Sophos version 5. > > ms installation as usual sophos-wrapper.rpmnew --> sophos-wrapper sophos-autoupdate.rmpnew --> sophos-autoupdate >You can still use Sophos.install to install Sophos version 5, but you >don't have to if you don't want to. >The advantage of installing using Sophos.install is > - More guidance > - Automatic editing of virus.scanners.conf to update location > > # cd /usr/local/sophos-av/ ; Sophos.install [... really short because sav5 was installed ...] $ grep sophos /etc/MailScanner/virus.scanners.conf sophos /usr/lib/MailScanner/sophos-wrapper /opt/sophos-av sophossavi /bin/false /opt/sophos-av ---- MailScanner.conf ---- #Virus Scanners = clamav sophos Virus Scanners = auto -------- ---- /var/log/maillog ---- May 9 13:05:12 xp1800 Sophos-autoupdate[10230]: Sophos V5 updated May 9 13:06:30 xp1800 MailScanner[5215]: Virus Scanning: Sophos found 1 infections -------- >If you install it without using Sophos.install, you *must not* enable >on-access scanning. Otherwise it sill start inspecting files too early >and may well break your system as it deletes or renames files that >MailScanner is about to scan. In this position I cannot guarantee what, >if anything, MailScanner will do. > >Please try it out and let me (or the list) know how you get on. > thanks, works great :-) -- shrek-m From lhaig at haigmail.com Tue May 9 13:29:52 2006 From: lhaig at haigmail.com (Lance Haig) Date: Tue May 9 13:30:19 2006 Subject: Might be off topic Message-ID: <44608B40.4060605@haigmail.com> This is purely a hypothetical question and in now way represents any real situation. I was thinking about this the other night and was wondering if any of you had ideas. I know it is sad but I am sometimes sad like that :-) What type of implementation would you use for say a 2 million email account system? I was thinking I would have 4 - 4 processor 64 bit systems with 16Gb of RAM and 1 - 4 processor 64bit system for mailwatch. Do you think this would be able to take the load? If everyone got 10 emails a day that is 20 million emails in one day. Each system would have to handle 5 million emails. which should be ok. I would really like to know your thoughts. Thanks Lance From maillists at conactive.com Tue May 9 13:31:28 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue May 9 13:31:46 2006 Subject: MailWatch Stops logging sascore & sareport In-Reply-To: <44605671.8080708@chime.ucl.ac.uk> References: <44605671.8080708@chime.ucl.ac.uk> Message-ID: Anthony Peacock wrote on Tue, 09 May 2006 09:44:33 +0100: > I originally posted this to the MailWatch users list, and although I > have had some help I still have the problem. I am posting this here in > the hope that someone on this list might have seen this problem before > and can give some pointers. Anthony, I followed that partly on the mailwatch list. Ahm, what I didn't see is any mention of DBI version etc. There is a DBI version that the old mailwatch didn't work with. If you use the new MailWatchLogging it is still possible that there is some DBI problem. Have you tried to setup a similar machine and reproduce the problem? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From a.peacock at chime.ucl.ac.uk Tue May 9 14:14:37 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Tue May 9 14:14:56 2006 Subject: MailWatch Stops logging sascore & sareport In-Reply-To: References: <44605671.8080708@chime.ucl.ac.uk> Message-ID: <446095BD.6060401@chime.ucl.ac.uk> Hi Kai, Kai Schaetzl wrote: > Anthony Peacock wrote on Tue, 09 May 2006 09:44:33 +0100: > >> I originally posted this to the MailWatch users list, and although I >> have had some help I still have the problem. I am posting this here in >> the hope that someone on this list might have seen this problem before >> and can give some pointers. > > Anthony, I followed that partly on the mailwatch list. Ahm, what I didn't > see is any mention of DBI version etc. There is a DBI version that the old > mailwatch didn't work with. If you use the new MailWatchLogging it is > still possible that there is some DBI problem. Have you tried to setup a > similar machine and reproduce the problem? Thanks for your reply. DBI is 1.50 DBD::mysql is 3.0002_3 The interesting thing is that the logging works fine for a number of days then suddenly starts to log sascore and sareport as NULL, everything else carries on working OK. I haven't really been able to work out what the triggering event is or replicate the problem. It is not really possible for me to set up a different machine to debug this at the moment. However, in looking through my config I did notice something that wasn't working quite correctly. Before I go any further... I don't use Julian's install scripts (for various reasons). I have been using /opt/MailScanner/bin/cron/check_MailScanner.cron as cron job every 15 minutes to check that MailScanner is still running. I have been doing this (or calling /opt/MailScanner/bin/check_mailscanner before that) for ages, and had been redirecting the output to /dev/null because of the noise earlier versions used to generate. I hadn't noticed the introduction of the -q quiet mode option, I also hadn't noticed that check_MailScanner.cron does some basic locking in /var/lock. Because I was dumping the output to the bit bucket I hadn't been aware that /var/lock didn't exist on my system. And therefore the basic locking wasn't working as expected. The reason that I think this might be relevant is that I was once able to cause the logging to stop working properly by running a debug attempt at the same time as the check_MailScanner cron job tried to run. This made me wonder if the cron job was tripping over itself or something else. I have now thoroughly checked the system, MailScanner runs without error in debug mode, DBItrace looks fine, SpamAssassin debug looks OK and the cron jobs are OK. I will let this run for a while and see if it fails again. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From kbjo at interpost.no Tue May 9 15:03:53 2006 From: kbjo at interpost.no (Knut Bjornstad) Date: Tue May 9 15:03:56 2006 Subject: Spamassassin cache loop In-Reply-To: <051101c672a1$9aebe5d0$2901010a@office.fsl>; from steve.swaney@fsl.com on Mon, May 08, 2006 at 09:16:23AM -0400 References: <20060508144740.A28384@akkar.interpost.no> <051101c672a1$9aebe5d0$2901010a@office.fsl> Message-ID: <20060509160353.A13265@akkar.interpost.no> On Mon, May 08, 2006 at 09:16:23AM -0400, Stephen Swaney wrote: > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Knut Bjornstad > > Sent: Monday, May 08, 2006 8:48 AM > > To: mailscanner@lists.mailscanner.info > > Subject: Spamassassin cache loop > > > > We have a problem with our MailScanner installations - a small part of > > the traffic get stuck in the Spamassassin cache and loops back to > > the hold queue for reprossessing. This happens to ordinary mail, I am > > not sure if any of them is spam. The loop is not infinite thou, most of > > the cases escape after a few hundred iterations. But there are som mails > > that has been stuck for months. > > > > We have quite a lot of mail going through our MailScanner filters, so I > > have not given this attention before the last days. But the load on the > > boxes (we have several running in parallell), kept increasing very > > slowly. I was not able to reset the cache in any way. My knowledge of > > SQLite and sql bases in general are very limited, but at last I managed > > to reset the base on one of the boxes by overwriting it with an empty > > base! > > This had no effect, the looping continued. At last I stopped it by > > removing the > > offending mails from the hold queue. Then the load (as reported by > > uptime) on the boxes fell immediately. > > > > Here is some obeservations I have made: > > The log gets lines like this: > > "May 8 00:08:04 xxxx MailScanner[882]: SpamAssassin cache hit for > > message A3C3B310132.D0C33" where the last part of the session-id varies > > as the mail is put back in the hold queue > > > > I have found no particular type of mail that gets caught - but all of them > > have > > a few MIME components. > > > > When I remove a mail, and then put it back in the hold queue, without > > any modification, it got sent immidiately! > > > > Our installation: > > postfix postfix-2.2.1 and 2.1.5 on Suse Linux (the behaviour occurs on > > both versions) > > MailScanner 4.50.15 > > spamassassin 3.0.4 > > ClamAV 0.88.1 > > > > I wonder if this problem can be rectified by upgrading MailScanner, or > > by changing the cache parameters (but the config comment says you > > shouldn't ordinarily do this) > > > > I would appreciate any comment. > > -- > > I believe this is a known problem which can be fixed by upgrading. > > Steve Do you know which change fixed this? I found nothing in the changelog since 4.50.15. -- --Knut Bjornstad -- IKTDriftstjenester, ErgoGroup AS ---Oslo, Norway------- --kbjo@interpost.no -- t:47 23 14 53 36 -- mob: 901 15 917 -- From rpoe at plattesheriff.org Tue May 9 15:51:01 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Tue May 9 15:51:35 2006 Subject: Might be off topic In-Reply-To: <44608B40.4060605@haigmail.com> References: <44608B40.4060605@haigmail.com> Message-ID: <44606608.65ED.00A2.0@plattesheriff.org> >What type of implementation would you use for say a 2 million email >account system? Nice. 20,000,000 / 24 = 833333.333... per hour /60 = 13888 per min / 60 = 230 per second... Are you scanning for spam or just viruses? If spam, how restrictive the rulesets. Why do you assume people will only get 10 a day? The unwashed masses (sorry, slashdot reference) sign up for every cotton picken thing in the world that says *FREE!!!!!! Not to mention spam harvest bots, the inability to block other countries (with 2 million people, you can't just make arbitrary decisions about what countries you will and won't allow email from .. for instance, there is no chance I'll ever do business with China. So on my mail server I have them blacklisted. With a 2 million account system .. that's not an option. Your cross section of people will be too great. I was thinking I would have 4 - 4 processor 64 bit systems with 16Gb of RAM and 1 - 4 processor 64bit system for mailwatch. Do you think this would be able to take the load? If everyone got 10 emails a day that is 20 million emails in one day. Each system would have to handle 5 million emails. which should be ok. I would really like to know your thoughts. Thanks Lance -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Tue May 9 15:52:05 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Tue May 9 15:52:20 2006 Subject: Spamassassin cache loop In-Reply-To: <20060509160353.A13265@akkar.interpost.no> Message-ID: <0b7e01c67378$2402a260$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Knut Bjornstad > Sent: Tuesday, May 09, 2006 10:04 AM > To: MailScanner discussion > Subject: Spamassassin cache loop > > On Mon, May 08, 2006 at 09:16:23AM -0400, Stephen Swaney wrote: > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Knut Bjornstad > > > Sent: Monday, May 08, 2006 8:48 AM > > > To: mailscanner@lists.mailscanner.info > > > Subject: Spamassassin cache loop > > > > > > We have a problem with our MailScanner installations - a small part of > > > the traffic get stuck in the Spamassassin cache and loops back to > > > the hold queue for reprossessing. This happens to ordinary mail, I am > > > not sure if any of them is spam. The loop is not infinite thou, most > of > > > the cases escape after a few hundred iterations. But there are som > mails > > > that has been stuck for months. > > > > > > We have quite a lot of mail going through our MailScanner filters, so > I > > > have not given this attention before the last days. But the load on > the > > > boxes (we have several running in parallell), kept increasing very > > > slowly. I was not able to reset the cache in any way. My knowledge of > > > SQLite and sql bases in general are very limited, but at last I > managed > > > to reset the base on one of the boxes by overwriting it with an empty > > > base! > > > This had no effect, the looping continued. At last I stopped it by > > > removing the > > > offending mails from the hold queue. Then the load (as reported by > > > uptime) on the boxes fell immediately. > > > > > > Here is some obeservations I have made: > > > The log gets lines like this: > > > "May 8 00:08:04 xxxx MailScanner[882]: SpamAssassin cache hit for > > > message A3C3B310132.D0C33" where the last part of the session-id > varies > > > as the mail is put back in the hold queue > > > > > > I have found no particular type of mail that gets caught - but all of > them > > > have > > > a few MIME components. > > > > > > When I remove a mail, and then put it back in the hold queue, without > > > any modification, it got sent immidiately! > > > > > > Our installation: > > > postfix postfix-2.2.1 and 2.1.5 on Suse Linux (the behaviour occurs on > > > both versions) > > > MailScanner 4.50.15 > > > spamassassin 3.0.4 > > > ClamAV 0.88.1 > > > > > > I wonder if this problem can be rectified by upgrading MailScanner, or > > > by changing the cache parameters (but the config comment says you > > > shouldn't ordinarily do this) > > > > > > I would appreciate any comment. > > > -- > > > > I believe this is a known problem which can be fixed by upgrading. > > > > Steve > Do you know which change fixed this? I found nothing in the changelog > since 4.50.15. No but if you search the mail list you can probably find the answer. Might have missed the Change Log. I'd just update to the latest version. It's stable. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From jwilliams at courtesymortgage.com Tue May 9 16:44:55 2006 From: jwilliams at courtesymortgage.com (Jason Williams) Date: Tue May 9 16:43:20 2006 Subject: Holding/Redirecting email from a cetain account? Message-ID: <01BCE961CD5E4146B83F920FC6A4F2351F71B8@cmexchange01.CourtesyMortgage.local> Something was asked of me this morning and im not sure how to do it. There is a former employee who is sending some not so nice emails that management would like to take a look at. At first, they wanted me to just "discard" them. Which was a piece of cake with postfix. However, as far as redirecting them to a certain email address, that I am not sure about and was hoping someone might be able to lend some help. Anyone have ideas on how this migh be done? Running MS 4.46.2 with Postfix 2.2.8 Appreciate it. Jason -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060509/1068126a/attachment.html From lhaig at haigmail.com Tue May 9 16:46:48 2006 From: lhaig at haigmail.com (Lance Haig) Date: Tue May 9 16:46:52 2006 Subject: Might be off topic In-Reply-To: <44606608.65ED.00A2.0@plattesheriff.org> References: <44608B40.4060605@haigmail.com> <44606608.65ED.00A2.0@plattesheriff.org> Message-ID: <4460B968.9000304@haigmail.com> Hi Rob, > Nice. 20,000,000 / 24 = 833333.333... per hour /60 = 13888 per min / > 60 = 230 per second... > > I did not work it out in that much detail. :-) > Are you scanning for spam or just viruses? If spam, how restrictive > the rulesets. Why do you assume people will only get 10 a day? The > unwashed masses (sorry, slashdot reference) sign up for every cotton > picken thing in the world that says *FREE!!!!!! > > I suppose if I would do this I probably would want to just tag spam and remove the virus e-mail. I assumed 10 emails just as a starting point as this was a theoretical discussion in my head. at about 3 in the morning. By the sounds of things I would never want to do this anyway as the numbers just scare me. I could not imagine running a system like this although I am sure MS could do this but it would scare me. Thanks for the response though. Lance From rpoe at plattesheriff.org Tue May 9 16:52:14 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Tue May 9 16:52:49 2006 Subject: Might be off topic In-Reply-To: <4460B968.9000304@haigmail.com> References: <44608B40.4060605@haigmail.com> <44606608.65ED.00A2.0@plattesheriff.org> <4460B968.9000304@haigmail.com> Message-ID: <44607461.65ED.00A2.0@plattesheriff.org> Either way it's an interesting discussion. I'd probably do multiple machines running MS / whatever. I'm not sure if I'd spend the money on BIG iron, or go the Google way and do a ton of little inexpensive 1-2u rackmounts and do a round robin or load balanced setup. Have those machines sort of as a perimeter MX, forwarding mail to the internal "core". Hotmail (had) an interesting setup .. where it was a unified LOOKING system but partitioned out into "sections" .. I guess that was more pre-cluster days, because "parts" of the userbase might go down for maintenance. >>> Lance Haig 5/9/2006 10:46:48 AM >>> Hi Rob, > Nice. 20,000,000 / 24 = 833333.333... per hour /60 = 13888 per min / > 60 = 230 per second... > > I did not work it out in that much detail. :-) > Are you scanning for spam or just viruses? If spam, how restrictive > the rulesets. Why do you assume people will only get 10 a day? The > unwashed masses (sorry, slashdot reference) sign up for every cotton > picken thing in the world that says *FREE!!!!!! > > I suppose if I would do this I probably would want to just tag spam and remove the virus e-mail. I assumed 10 emails just as a starting point as this was a theoretical discussion in my head. at about 3 in the morning. By the sounds of things I would never want to do this anyway as the numbers just scare me. I could not imagine running a system like this although I am sure MS could do this but it would scare me. Thanks for the response though. Lance From jaearick at colby.edu Tue May 9 16:49:41 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Tue May 9 16:54:40 2006 Subject: spam score for all emails? Message-ID: Dumb question... I would like the "X-Colby-MailScanner-SpamScore:" mail header line to appear in ALL emails, even ones less than "Required SpamAssassin Score". I thought this was a settable option, but I can't seem to find it. Was I dreaming? Jeff Earickson Colby College From mrm at medicine.wisc.edu Tue May 9 16:54:48 2006 From: mrm at medicine.wisc.edu (Michael Masse) Date: Tue May 9 16:55:26 2006 Subject: 4.54.1 with Sophos V5 support Message-ID: Any word on the new Symantec support? Mike >>> MailScanner@ecs.soton.ac.uk 5/8/2006 5:03 PM >>> I have just implemented support for Sophos version 5. From andoni.auzmendi at robertwalters.com Tue May 9 16:58:21 2006 From: andoni.auzmendi at robertwalters.com (Andoni Auzmendi) Date: Tue May 9 16:59:26 2006 Subject: Holding/Redirecting email from a cetain account? Message-ID: <1A8B0BB098059B42BCFF0EB7E2E62FD065C021@PAT.internal.robertwalters.com> Have you tried setting up an email alias? User: user, bigbro Both user and bigbro would get emails for user. Andoni _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason Williams Sent: 09 May 2006 16:45 To: MailScanner discussion Subject: Holding/Redirecting email from a cetain account? Something was asked of me this morning and im not sure how to do it. There is a former employee who is sending some not so nice emails that management would like to take a look at. At first, they wanted me to just "discard" them. Which was a piece of cake with postfix. However, as far as redirecting them to a certain email address, that I am not sure about and was hoping someone might be able to lend some help. Anyone have ideas on how this migh be done? Running MS 4.46.2 with Postfix 2.2.8 Appreciate it. Jason -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060509/771bde56/attachment.html From alex at nkpanama.com Tue May 9 17:01:22 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue May 9 17:01:42 2006 Subject: Holding/Redirecting email from a cetain account? In-Reply-To: <01BCE961CD5E4146B83F920FC6A4F2351F71B8@cmexchange01.CourtesyMortgage.local> References: <01BCE961CD5E4146B83F920FC6A4F2351F71B8@cmexchange01.CourtesyMortgage.local> Message-ID: <4460BCD2.8020007@nkpanama.com> Jason Williams wrote: > > Something was asked of me this morning and im not sure how to do it. > > There is a former employee who is sending some not so nice emails that > management would like to take a look at. At first, they wanted me to > just "discard" them. Which was a piece of cake with postfix. > > However, as far as redirecting them to a certain email address, that I > am not sure about and was hoping someone might be able to lend some help. > > Anyone have ideas on how this migh be done? > > Running MS 4.46.2 with Postfix 2.2.8 > > Appreciate it. > > Jason > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. You could use the "Archive Mail" option with a ruleset like: Archive Mail = %rules-dir%/archive.rules with the following: FromOrTo: nasty.employee@yourcompany.com /home/jason/mail/nasty FromOrTo: default no That way all mail from or to the guy in question would get sent to a standard mbox file, readable using IMAP or importable into anything else. From a.peacock at chime.ucl.ac.uk Tue May 9 17:03:10 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Tue May 9 17:03:21 2006 Subject: spam score for all emails? In-Reply-To: References: Message-ID: <4460BD3E.8030603@chime.ucl.ac.uk> Hi Jeff, Jeff A. Earickson wrote: > Dumb question... > > I would like the "X-Colby-MailScanner-SpamScore:" mail header > line to appear in ALL emails, even ones less than "Required SpamAssassin > Score". I thought this was a settable option, > but I can't seem to find it. Was I dreaming? > > Jeff Earickson > Colby College Always Include SpamAssassin Report = yes Will always include the X-ORG-MailScanner-SpamCheck header. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From a.peacock at chime.ucl.ac.uk Tue May 9 17:05:43 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Tue May 9 17:05:53 2006 Subject: MailWatch Stops logging sascore & sareport In-Reply-To: <446095BD.6060401@chime.ucl.ac.uk> References: <44605671.8080708@chime.ucl.ac.uk> <446095BD.6060401@chime.ucl.ac.uk> Message-ID: <4460BDD7.8020206@chime.ucl.ac.uk> Hi, So much for that theory! It starting going wrong again this afternoon, so that was just a matter of hours since the last restart. I missed it starting to go wrong so couldn't really catch any idea of what was happening at the time. A stop and restart of MailScanner fixes the problem. I will keep looking into this and will post if I find out anything further. Anthony Peacock wrote: > Hi Kai, > > Kai Schaetzl wrote: >> Anthony Peacock wrote on Tue, 09 May 2006 09:44:33 +0100: >> >>> I originally posted this to the MailWatch users list, and although I >>> have had some help I still have the problem. I am posting this here >>> in the hope that someone on this list might have seen this problem >>> before and can give some pointers. >> >> Anthony, I followed that partly on the mailwatch list. Ahm, what I >> didn't see is any mention of DBI version etc. There is a DBI version >> that the old mailwatch didn't work with. If you use the new >> MailWatchLogging it is still possible that there is some DBI problem. >> Have you tried to setup a similar machine and reproduce the problem? > > Thanks for your reply. > > DBI is 1.50 DBD::mysql is 3.0002_3 > > The interesting thing is that the logging works fine for a number of > days then suddenly starts to log sascore and sareport as NULL, > everything else carries on working OK. I haven't really been able to > work out what the triggering event is or replicate the problem. > > It is not really possible for me to set up a different machine to debug > this at the moment. However, in looking through my config I did notice > something that wasn't working quite correctly. > > Before I go any further... I don't use Julian's install scripts (for > various reasons). > > I have been using /opt/MailScanner/bin/cron/check_MailScanner.cron as > cron job every 15 minutes to check that MailScanner is still running. I > have been doing this (or calling /opt/MailScanner/bin/check_mailscanner > before that) for ages, and had been redirecting the output to /dev/null > because of the noise earlier versions used to generate. I hadn't > noticed the introduction of the -q quiet mode option, I also hadn't > noticed that check_MailScanner.cron does some basic locking in > /var/lock. Because I was dumping the output to the bit bucket I hadn't > been aware that /var/lock didn't exist on my system. And therefore the > basic locking wasn't working as expected. > > The reason that I think this might be relevant is that I was once able > to cause the logging to stop working properly by running a debug attempt > at the same time as the check_MailScanner cron job tried to run. This > made me wonder if the cron job was tripping over itself or something else. > > I have now thoroughly checked the system, MailScanner runs without error > in debug mode, DBItrace looks fine, SpamAssassin debug looks OK and the > cron jobs are OK. I will let this run for a while and see if it fails > again. > > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From alex at nkpanama.com Tue May 9 17:08:36 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue May 9 17:09:59 2006 Subject: spam score for all emails? In-Reply-To: References: Message-ID: <4460BE84.2040503@nkpanama.com> Jeff A. Earickson wrote: > Dumb question... > > I would like the "X-Colby-MailScanner-SpamScore:" mail header > line to appear in ALL emails, even ones less than "Required > SpamAssassin Score". I thought this was a settable option, > but I can't seem to find it. Was I dreaming? > > Jeff Earickson > Colby College Isn't there an "Always Include SpamAssassin Report" option that does something similar? From ssilva at sgvwater.com Tue May 9 17:40:38 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 9 17:41:18 2006 Subject: Holding/Redirecting email from a cetain account? In-Reply-To: <1A8B0BB098059B42BCFF0EB7E2E62FD065C021@PAT.internal.robertwalters.com> References: <1A8B0BB098059B42BCFF0EB7E2E62FD065C021@PAT.internal.robertwalters.com> Message-ID: Andoni Auzmendi spake the following on 5/9/2006 8:58 AM: > Have you tried setting up an email alias? > > > > User: user, bigbro > > > > Both user and bigbro would get emails for user. > > > > Andoni I wouldn't think a "former" employee would still have an account to alias. Especially one who is abusing the e-mail system. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Tue May 9 17:49:29 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 9 17:50:23 2006 Subject: MailWatch Stops logging sascore & sareport In-Reply-To: <4460BDD7.8020206@chime.ucl.ac.uk> References: <44605671.8080708@chime.ucl.ac.uk> <446095BD.6060401@chime.ucl.ac.uk> <4460BDD7.8020206@chime.ucl.ac.uk> Message-ID: Anthony Peacock spake the following on 5/9/2006 9:05 AM: > Hi, > > So much for that theory! It starting going wrong again this afternoon, > so that was just a matter of hours since the last restart. > > I missed it starting to go wrong so couldn't really catch any idea of > what was happening at the time. > > A stop and restart of MailScanner fixes the problem. > > I will keep looking into this and will post if I find out anything further. > You could turn the MailScanner restart time down to a few hours for now, just to keep it functioning until you find the problem. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From uxbod at splatnix.net Tue May 9 20:03:25 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Tue May 9 19:04:40 2006 Subject: Might be off topic In-Reply-To: <44607461.65ED.00A2.0@plattesheriff.org> References: <44608B40.4060605@haigmail.com> <44606608.65ED.00A2.0@plattesheriff.org> <4460B968.9000304@haigmail.com> <44607461.65ED.00A2.0@plattesheriff.org> Message-ID: <20060509190325.7bbc36e0@cyborg> I would certainly look at a blade cluster configuration, with a SAN on the backend, and RedHat GFS as the underlying filesystem. That one if one blade fails it can be swapped out easily. Probably put a pair of Cisco CSS 11503 load balancers in front of it. UxBoD -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Tue May 9 19:43:49 2006 From: alex at nkpanama.com (Alex Neuman) Date: Tue May 9 19:44:08 2006 Subject: Might be off topic In-Reply-To: <20060509190325.7bbc36e0@cyborg> References: <44608B40.4060605@haigmail.com> <44606608.65ED.00A2.0@plattesheriff.org> <4460B968.9000304@haigmail.com> <44607461.65ED.00A2.0@plattesheriff.org> <20060509190325.7bbc36e0@cyborg> Message-ID: <4460E2E5.3080508@nkpanama.com> --[UxBoD]-- escribi?: > I would certainly look at a blade cluster configuration, with a SAN on the backend, and RedHat GFS as the underlying filesystem. That one if one > blade fails it can be swapped out easily. Probably put a pair of Cisco CSS 11503 load balancers in front of it. > > UxBoD > > How about a Microsoft Exchange Server with the minimum configuration requirements? ;-) From ssilva at sgvwater.com Tue May 9 20:04:21 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 9 20:04:36 2006 Subject: Might be off topic In-Reply-To: <4460E2E5.3080508@nkpanama.com> References: <44608B40.4060605@haigmail.com> <44606608.65ED.00A2.0@plattesheriff.org> <4460B968.9000304@haigmail.com> <44607461.65ED.00A2.0@plattesheriff.org> <20060509190325.7bbc36e0@cyborg> <4460E2E5.3080508@nkpanama.com> Message-ID: Alex Neuman spake the following on 5/9/2006 11:43 AM: > --[UxBoD]-- escribi?: >> I would certainly look at a blade cluster configuration, with a SAN on >> the backend, and RedHat GFS as the underlying filesystem. That one if >> one >> blade fails it can be swapped out easily. Probably put a pair of >> Cisco CSS 11503 load balancers in front of it. >> >> UxBoD >> >> > How about a Microsoft Exchange Server with the minimum configuration > requirements? ;-) Not funny! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Tue May 9 20:28:33 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 9 20:28:53 2006 Subject: 4.54.1 with Sophos V5 support In-Reply-To: References: Message-ID: <4460ED61.3070303@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ? Michael Masse wrote: > Any word on the new Symantec support? > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGDtYhH2WUcUFbZUEQK1AgCg9apxDPs9KBOvp6MRr4qVn+zfqiUAn21g 2OBwcvPAJM3McZzjcbI3ZrNx =QARE -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue May 9 20:31:58 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 9 20:32:10 2006 Subject: Holding/Redirecting email from a cetain account? In-Reply-To: <01BCE961CD5E4146B83F920FC6A4F2351F71B8@cmexchange01.CourtesyMortgage.local> References: <01BCE961CD5E4146B83F920FC6A4F2351F71B8@cmexchange01.CourtesyMortgage.local> Message-ID: <4460EE2E.8040208@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A ruleset on "non-spam actions" that triggered the "forward" action on mail from them, and "deliver" for everyone else. Jason Williams wrote: > > Something was asked of me this morning and im not sure how to do it. > > There is a former employee who is sending some not so nice emails that > management would like to take a look at. At first, they wanted me to > just "discard" them. Which was a piece of cake with postfix. > > However, as far as redirecting them to a certain email address, that I > am not sure about and was hoping someone might be able to lend some help. > > Anyone have ideas on how this migh be done? > > Running MS 4.46.2 with Postfix 2.2.8 > > Appreciate it. > > Jason > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGDuLxH2WUcUFbZUEQKiVQCdHRY3hGXr7fQ24iGx4bfs6YJm6VQAoKJh 5ZXGtQI/0T+67/zisaJZA7sB =AC5z -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From jaearick at colby.edu Tue May 9 21:27:49 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Tue May 9 21:29:31 2006 Subject: webbug replacement ruleset? Message-ID: Julian, I got a howl from a user that her mailings from savedsearches@ebay.com now comes sans pictures of the items that she is shopping for. I suspect the new Web Bug Replacement feature. I would like to do a ruleset here. Would this work? #---don't do webbug replacement on selected sites From: savedsearches@ebay.com no # #---do replacement on everything else FromorTo: default http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif Thanks, Jeff Earickson Colby College From ryanw at falsehope.com Tue May 9 22:03:07 2006 From: ryanw at falsehope.com (Ryan Weaver) Date: Tue May 9 22:03:03 2006 Subject: 4.54.1 with Sophos V5 support In-Reply-To: <4460ED61.3070303@ecs.soton.ac.uk> Message-ID: <001001c673ab$fcdb2520$6427a8c0@fryguy> ----Original Message---- From: Julian Field Sent: Tuesday, May 09, 2006 2:29 PM To: MailScanner discussion Subject: Re: 4.54.1 with Sophos V5 support > > ? > > Michael Masse wrote: >> Any word on the new Symantec support? >> Symantec AntiVirus Corporate Edition SAV for Linux. sav-1.0.0-61 Comes bundled with Symantec AntiVirus Corporate Edition 10.1.0.394 From maillists at conactive.com Wed May 10 00:13:04 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed May 10 00:12:55 2006 Subject: webbug replacement ruleset? In-Reply-To: References: Message-ID: Jeff A. Earickson wrote on Tue, 9 May 2006 16:27:49 -0400 (EDT): > Would this work? I don't think so. That rule is not a ruleset, it just contains what should be replaced for the source of the image. Did the problem exist *before* the new Webbug replacement? If not, than it can't be the source of the problem unless Julian changed detection code as well (to include images with no size - that's the only possibility). Before it replaced just with "MailScannerWebBug", now it replaces with a URL. In both cases the original cannot be shown. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From james at grayonline.id.au Wed May 10 01:10:57 2006 From: james at grayonline.id.au (James Gray) Date: Wed May 10 07:13:33 2006 Subject: Might be off topic In-Reply-To: <4460E2E5.3080508@nkpanama.com> References: <44608B40.4060605@haigmail.com> <20060509190325.7bbc36e0@cyborg> <4460E2E5.3080508@nkpanama.com> Message-ID: <200605101011.02020.james@grayonline.id.au> On Wed, 10 May 2006 04:43 am, Alex Neuman wrote: > --[UxBoD]-- escribi?: > > I would certainly look at a blade cluster configuration, with a SAN on > > the backend, and RedHat GFS as the underlying filesystem. That one if > > one blade fails it can be swapped out easily. Probably put a pair of > > Cisco CSS 11503 load balancers in front of it. > > > > UxBoD > > How about a Microsoft Exchange Server with the minimum configuration > requirements? ;-) Save yourself the licensing fees: install any old F/OSS MTA as an open relay and be done with it :P James -- Health nuts are going to feel stupid someday, lying in hospitals dying of nothing. -- Redd Foxx -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060510/444122ef/attachment.bin From MailScanner at ecs.soton.ac.uk Wed May 10 08:37:39 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 10 08:37:58 2006 Subject: webbug replacement ruleset? In-Reply-To: References: Message-ID: On 9 May 2006, at 21:27, Jeff A. Earickson wrote: > Julian, > > I got a howl from a user that her mailings from savedsearches@ebay.com > now comes sans pictures of the items that she is shopping for. I > suspect the new Web Bug Replacement feature. I would like to do a > ruleset here. Would this work? > > #---don't do webbug replacement on selected sites > From: savedsearches@ebay.com no > # > #---do replacement on everything else > FromorTo: default http://www.sng.ecs.soton.ac.uk/mailscanner/ > images/1x1spacer.gif No, you would want FromorTo: Default yes The option takes either yes or no values, so that's what the ruleset must feed it. Unless Ebay have screwed up their image size attributes in the img tag, MailScanner shouldn't be clobbering these images. Is anyone else receiving reports of this problem? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From FStein at thehill.org Wed May 10 11:40:40 2006 From: FStein at thehill.org (Stein, Mr. Fred) Date: Wed May 10 11:41:36 2006 Subject: webbug replacement ruleset? Message-ID: Yes Fred Stein Network Administrator The Hill School 717 E. High Street Pottstown, PA? 19464 fstein@thehill.org www.thehill.org -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Wednesday, May 10, 2006 3:38 AM To: MailScanner discussion Subject: Re: webbug replacement ruleset? On 9 May 2006, at 21:27, Jeff A. Earickson wrote: > Julian, > > I got a howl from a user that her mailings from savedsearches@ebay.com > now comes sans pictures of the items that she is shopping for. I > suspect the new Web Bug Replacement feature. I would like to do a > ruleset here. Would this work? > > #---don't do webbug replacement on selected sites > From: savedsearches@ebay.com no > # > #---do replacement on everything else > FromorTo: default http://www.sng.ecs.soton.ac.uk/mailscanner/ > images/1x1spacer.gif No, you would want FromorTo: Default yes The option takes either yes or no values, so that's what the ruleset must feed it. Unless Ebay have screwed up their image size attributes in the img tag, MailScanner shouldn't be clobbering these images. Is anyone else receiving reports of this problem? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 10 13:56:34 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 10 13:56:51 2006 Subject: webbug replacement ruleset? In-Reply-To: References: Message-ID: Please can someone send me a "unclobbered" and a "clobbered" example message? Preferably raw queue files or RFC822 messages gzipped. Please send them to me, not the list. On 10 May 2006, at 11:40, Stein, Mr. Fred wrote: > Yes > > Fred Stein > Network Administrator > The Hill School > 717 E. High Street > Pottstown, PA 19464 > fstein@thehill.org > www.thehill.org > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Julian Field > Sent: Wednesday, May 10, 2006 3:38 AM > To: MailScanner discussion > Subject: Re: webbug replacement ruleset? > > On 9 May 2006, at 21:27, Jeff A. Earickson wrote: > >> Julian, >> >> I got a howl from a user that her mailings from >> savedsearches@ebay.com >> now comes sans pictures of the items that she is shopping for. I >> suspect the new Web Bug Replacement feature. I would like to do a >> ruleset here. Would this work? >> >> #---don't do webbug replacement on selected sites >> From: savedsearches@ebay.com no >> # >> #---do replacement on everything else >> FromorTo: default http://www.sng.ecs.soton.ac.uk/mailscanner/ >> images/1x1spacer.gif > > No, you would want FromorTo: Default yes > The option takes either yes or no values, so that's what the ruleset > must feed it. > > Unless Ebay have screwed up their image size attributes in the img > tag, MailScanner shouldn't be clobbering these images. > > Is anyone else receiving reports of this problem? > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From gborders at jlewiscooper.com Wed May 10 14:07:38 2006 From: gborders at jlewiscooper.com (Greg Borders) Date: Wed May 10 14:08:18 2006 Subject: webbug replacement ruleset? In-Reply-To: References: Message-ID: <4461E59A.7050001@jlewiscooper.com> Julian Field wrote: > On 9 May 2006, at 21:27, Jeff A. Earickson wrote: > >> Julian, >> >> I got a howl from a user that her mailings from savedsearches@ebay.com >> now comes sans pictures of the items that she is shopping for. I >> suspect the new Web Bug Replacement feature. I would like to do a >> ruleset here. Would this work? >> >> #---don't do webbug replacement on selected sites >> From: savedsearches@ebay.com no >> # >> #---do replacement on everything else >> FromorTo: default >> http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif > > No, you would want FromorTo: Default yes > The option takes either yes or no values, so that's what the ruleset > must feed it. > > Unless Ebay have screwed up their image size attributes in the img > tag, MailScanner shouldn't be clobbering these images. > > Is anyone else receiving reports of this problem? I'm Getting some similar feed back from users as well. Had some messages from for example; Tiger Direct / Global Computers come through without the images that had been rendering just fine before the update. (from 4.52.2-1 to 4.53.8-1 in my case.) I'll just flip off the web bug check temporarily, until we get this resolved. Julian, if you want a copy of one of the messages that was 'altered', I can send you a copy from my quarantine file. Greg. Borders System Administrator JLC Co. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From nick.smith67 at googlemail.com Wed May 10 14:13:30 2006 From: nick.smith67 at googlemail.com (Nick Smith) Date: Wed May 10 14:13:32 2006 Subject: Mishandling multi-line ISO encoded subject headers Message-ID: Hi, MS 4.53.8, Postfix 2.2.10 I have a big problem right now with MailScanner apparently mangling some (but not all) multi-line folded Subject headers - typically those containing ISO encoded subjects for multi-byte character sets. Consider these two examples: Subject: =?iso-2022-jp?B?GyRCJCIkIiQiJCIkIiQiJCIkIiQiJCIkIiQiJCIbKEIgYWFhYWFhYQ==?= =?iso-2022-jp?B?YSAbJEIkIiQiJCIkIiQiJCIkIiQiJCIkIhsoQg==?= Subject: =?iso-2022-jp?B?GyRCJCIkIiQiJCIkIiQiJCIkIiQiJCIkIiQiGyhCIGFhYWFhYWFhIA==?= =?iso-2022-jp?B?GyRCJCIkIiQiJCIkIiQiJCIkIiQiJCIbKEI=?= The first one is an ISO-2022-JP encoded representation of 13 Japanese double-byte "a" followed by a single space, 8 lower case ASCII "a", another single space and finally 10 more Japanese double-byte "a". The second is identical, except one of the 13 double-byte "a" has been removed so there are only 12 Given that the first character of the second line in each example is a space, they ought to be treated as a single header per RFC822's folded header specification The weird part is that the first example works, shows up unchanged in the user's mailbox, and the Subject: header looks exactly as it did when it was sent while the shorter second one gets broken. What shows up in the user's mailbox (and the headers) is a decoded version of just the first line - which looks like this: Subject: ^[$B$"$"$"$"$"$"$"$"$"$"$"$"^[(B aaaaaaaa MailScanner running with Sendmail does not seem to experience this problem, and neither does Postfix running without MailScanner so it looks to be something to do with MailScanner's Postfix-specific code I did notice whilst digging in MailScanner's Postfix.pm that maybe the complete handling of folded Subject: headers is not implemented - for example lines 449-452: if ($recdata =~ /^Subject:\s*(\S.*)?$/i) { $message->{subject} = $1; next; } This doesn't seem to handle the case where Subject: is on more than one line, and will result in $message->{subject} containing only the first line of a folded Subject: Clearly this is not the whole story and an incomplete $message->{subject} is not enough to kill it every time because otherwise it would never work with a folded subject at all - as I said previously, the longer example above does work OK as do many other folded subject headers. Unfortunately, this is causing quite a big problem - it would be great if somebody could suggest a fix. Failing a proper fix, is there any way to modify the existing header_check: /^Received:/ HOLD ...so that it will exclude messages with (for example) /^Subject: =*iso-2022-jp/ - that way I could maybe have these messages bypass MS for the time being Thanks Nick From jaearick at colby.edu Wed May 10 14:24:55 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed May 10 14:28:27 2006 Subject: webbug replacement ruleset? In-Reply-To: References: Message-ID: Julian, I need to turn off this web bug replacement option because the howls are growing louder and more numerous. How to operate like before 4.53.8? Just set Web Bug Replacement = ie, nothing after the equals? Jeff Earickson Colby College On Wed, 10 May 2006, Julian Field wrote: > Date: Wed, 10 May 2006 08:37:39 +0100 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: webbug replacement ruleset? > > On 9 May 2006, at 21:27, Jeff A. Earickson wrote: > >> Julian, >> >> I got a howl from a user that her mailings from savedsearches@ebay.com >> now comes sans pictures of the items that she is shopping for. I >> suspect the new Web Bug Replacement feature. I would like to do a >> ruleset here. Would this work? >> >> #---don't do webbug replacement on selected sites >> From: savedsearches@ebay.com no >> # >> #---do replacement on everything else >> FromorTo: default >> http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif > > No, you would want FromorTo: Default yes > The option takes either yes or no values, so that's what the ruleset must > feed it. > > Unless Ebay have screwed up their image size attributes in the img tag, > MailScanner shouldn't be clobbering these images. > > Is anyone else receiving reports of this problem? > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From amoore at dekalbmemorial.com Wed May 10 15:07:23 2006 From: amoore at dekalbmemorial.com (Aaron K. Moore) Date: Wed May 10 15:07:31 2006 Subject: Spamassassin cache loop Message-ID: <60D398EB2DB948409CA1F50D8AF122570113EBEB@exch1.dekalbmemorial.local> Knut Bjornstad wrote: > Do you know which change fixed this? I found nothing in the changelog > since 4.50.15. I believe it was 4.53.8. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com From tobias.axelsson at vxu.se Wed May 10 15:50:15 2006 From: tobias.axelsson at vxu.se (Tobias Axelsson) Date: Wed May 10 15:50:24 2006 Subject: Spam with the bodytext in a image Message-ID: <0IZ2003B217UGE40@mailinone.vxu.se> Hi We have some problem with spam that sends a mail only containing a gif-image with the text in. Offcourse they change the filename everytime. I'm not sure if it's ok to attach files to this list, so I don't :) One solution could be a md5sum-blacklist on attachment, becourse the md5sum does'nt change if you change the filename... Is there current a function that I can use for this or is this maybe a future reliase feature to add? Thanks for a great bundled software /Tobias Vaxjo university -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060510/04e9a5c8/attachment.html From adrik at salesmanager.nl Wed May 10 15:58:24 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Wed May 10 15:58:27 2006 Subject: Spam with the bodytext in a image Message-ID: Tobias, The Sare stock rules set has some specific rules for detecting inline gif images. See http://www.rulesemporium.com. Also if you use sa-update, it includes some new rules for this in 80_additional.cf. Adri. ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Tobias Axelsson Sent: woensdag 10 mei 2006 16:50 To: MailScanner discussion Subject: Spam with the bodytext in a image Hi We have some problem with spam that sends a mail only containing a gif-image with the text in. Offcourse they change the filename everytime. I'm not sure if it's ok to attach files to this list, so I don't :) One solution could be a md5sum-blacklist on attachment, becourse the md5sum does'nt change if you change the filename... Is there current a function that I can use for this or is this maybe a future reliase feature to add? Thanks for a great bundled software /Tobias Vaxjo university -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060510/8821acc3/attachment.html From lshaw at emitinc.com Wed May 10 16:01:48 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Wed May 10 16:02:03 2006 Subject: Might be off topic In-Reply-To: <44607461.65ED.00A2.0@plattesheriff.org> References: <44608B40.4060605@haigmail.com> <44606608.65ED.00A2.0@plattesheriff.org> <4460B968.9000304@haigmail.com> <44607461.65ED.00A2.0@plattesheriff.org> Message-ID: On Tue, 9 May 2006, Rob Poe wrote: > Either way it's an interesting discussion. I'd probably do multiple > machines running MS / whatever. I'm not sure if I'd spend the money on > BIG iron, or go the Google way and do a ton of little inexpensive 1-2u > rackmounts and do a round robin or load balanced setup. > > Have those machines sort of as a perimeter MX, forwarding mail to the > internal "core". > > Hotmail (had) an interesting setup .. where it was a unified LOOKING > system but partitioned out into "sections" .. I guess that was more > pre-cluster days, because "parts" of the userbase might go down for > maintenance. In my mind, that's the way to do it. Even if you have accounts in only one DNS domain that you wish to serve, e-mail is an example of a task that can be parallelized out the wazoo. Not only can you split up functions on different machines (mailbox storage, incoming delivery, outgoing delivery, filtering, web front end), but you can also split things up based on account name. You could have a separate set of servers for account names beginning with each different letter of the alphabet. Of course, you can go further and do a hash function with 1000 different values and have 1000 different servers, if you want. Or store which-account-is-where information in a distributed database like LDAP. You can even split up the mailbox storage onto separate machines: there is no reason a mailbox needs to be globally accessible as long as the machines that need it know which machine to contact in order to find the mailbox they need. Of course, you'd need a method to move mailboxes/accounts from one machine to another to balance load and to remove/add from the pool. - Logan From naolson at gmail.com Wed May 10 16:18:01 2006 From: naolson at gmail.com (Nathan Olson) Date: Wed May 10 16:18:07 2006 Subject: Spam with the bodytext in a image In-Reply-To: References: Message-ID: <8f54b4330605100818n677ac64hf12d1defcba41e84@mail.gmail.com> Are you using SA 3.1.1? I show no updates for 3.1.0 Nate From MailScanner at ecs.soton.ac.uk Wed May 10 17:07:51 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 10 17:08:09 2006 Subject: webbug replacement ruleset? In-Reply-To: References: Message-ID: Please can you send me a screwed message? The only one I have been sent so far renders just fine in a web browser. On 10 May 2006, at 14:24, Jeff A. Earickson wrote: > Julian, > > I need to turn off this web bug replacement option because the howls > are growing louder and more numerous. How to operate like before > 4.53.8? Just set > > Web Bug Replacement = > > ie, nothing after the equals? > > Jeff Earickson > Colby College > > On Wed, 10 May 2006, Julian Field wrote: > >> Date: Wed, 10 May 2006 08:37:39 +0100 >> From: Julian Field >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Re: webbug replacement ruleset? >> On 9 May 2006, at 21:27, Jeff A. Earickson wrote: >> >>> Julian, >>> I got a howl from a user that her mailings from >>> savedsearches@ebay.com >>> now comes sans pictures of the items that she is shopping for. I >>> suspect the new Web Bug Replacement feature. I would like to do a >>> ruleset here. Would this work? >>> #---don't do webbug replacement on selected sites >>> From: savedsearches@ebay.com no >>> # >>> #---do replacement on everything else >>> FromorTo: default http://www.sng.ecs.soton.ac.uk/mailscanner/ >>> images/1x1spacer.gif >> >> No, you would want FromorTo: Default yes >> The option takes either yes or no values, so that's what the >> ruleset must feed it. >> >> Unless Ebay have screwed up their image size attributes in the img >> tag, MailScanner shouldn't be clobbering these images. >> >> Is anyone else receiving reports of this problem? >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed May 10 17:16:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 10 17:16:31 2006 Subject: webbug replacement ruleset? In-Reply-To: References: Message-ID: Can you please try the attached Message.pm file instead of your current one in 4.53. I fixed another bug in it, and it's possible that bug affected this. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- A non-text attachment was scrubbed... Name: Message.pm.gz Type: application/x-gzip Size: 55817 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060510/4896b7bb/Message.pm-0001.gz -------------- next part -------------- On 10 May 2006, at 14:24, Jeff A. Earickson wrote: > Julian, > > I need to turn off this web bug replacement option because the howls > are growing louder and more numerous. How to operate like before > 4.53.8? Just set > > Web Bug Replacement = > > ie, nothing after the equals? > > Jeff Earickson > Colby College > > On Wed, 10 May 2006, Julian Field wrote: > >> Date: Wed, 10 May 2006 08:37:39 +0100 >> From: Julian Field >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Re: webbug replacement ruleset? >> On 9 May 2006, at 21:27, Jeff A. Earickson wrote: >> >>> Julian, >>> I got a howl from a user that her mailings from >>> savedsearches@ebay.com >>> now comes sans pictures of the items that she is shopping for. I >>> suspect the new Web Bug Replacement feature. I would like to do a >>> ruleset here. Would this work? >>> #---don't do webbug replacement on selected sites >>> From: savedsearches@ebay.com no >>> # >>> #---do replacement on everything else >>> FromorTo: default http://www.sng.ecs.soton.ac.uk/mailscanner/ >>> images/1x1spacer.gif >> >> No, you would want FromorTo: Default yes >> The option takes either yes or no values, so that's what the >> ruleset must feed it. >> >> Unless Ebay have screwed up their image size attributes in the img >> tag, MailScanner shouldn't be clobbering these images. >> >> Is anyone else receiving reports of this problem? >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From jaearick at colby.edu Wed May 10 17:30:24 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed May 10 17:34:16 2006 Subject: webbug replacement ruleset? In-Reply-To: References: Message-ID: Julian, I have dropped the new Message.pm in place and changed Web Bug Replacement back to the default. I don't have an example message to send you, but I'll see if I can scrounge up one. Thanks. Jeff Earickson Colby College On Wed, 10 May 2006, Julian Field wrote: > Date: Wed, 10 May 2006 17:16:11 +0100 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: webbug replacement ruleset? > > Can you please try the attached Message.pm file instead of your current one > in 4.53. > I fixed another bug in it, and it's possible that bug affected this. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > From jaearick at colby.edu Wed May 10 18:29:01 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed May 10 18:34:52 2006 Subject: webbug replacement ruleset? In-Reply-To: References: Message-ID: Julian, One of my howling users has her Wall Street Journal email subscriptions mangled, so (behold) I will use the Power of MailScanner (TM) to snag a message via a ruleset: Non Spam Actions = %localrules-dir%/nonspam.rules where the rules are: From: access@interactive.wsj.com and To: user@colby.edu deliver store forward jaearick@colby.edu FromOrTo: default deliver This should leave me the raw qf/df files in quarantine that I can then send along. This might take a day or so, depending on WSJ mailings and settings that I have to tweak. When I can figure out how to use rulesets, it is the coolest thing about MailScanner. Jeff Earickson Colby College On Wed, 10 May 2006, Julian Field wrote: > Date: Wed, 10 May 2006 17:07:51 +0100 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: webbug replacement ruleset? > > Please can you send me a screwed message? > The only one I have been sent so far renders just fine in a web browser. > > On 10 May 2006, at 14:24, Jeff A. Earickson wrote: > >> Julian, >> >> I need to turn off this web bug replacement option because the howls >> are growing louder and more numerous. How to operate like before >> 4.53.8? Just set >> >> Web Bug Replacement = >> >> ie, nothing after the equals? >> >> Jeff Earickson >> Colby College >> >> On Wed, 10 May 2006, Julian Field wrote: >> >>> Date: Wed, 10 May 2006 08:37:39 +0100 >>> From: Julian Field >>> Reply-To: MailScanner discussion >>> To: MailScanner discussion >>> Subject: Re: webbug replacement ruleset? >>> On 9 May 2006, at 21:27, Jeff A. Earickson wrote: >>> >>>> Julian, >>>> I got a howl from a user that her mailings from savedsearches@ebay.com >>>> now comes sans pictures of the items that she is shopping for. I >>>> suspect the new Web Bug Replacement feature. I would like to do a >>>> ruleset here. Would this work? >>>> #---don't do webbug replacement on selected sites >>>> From: savedsearches@ebay.com no >>>> # >>>> #---do replacement on everything else >>>> FromorTo: default >>>> http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif >>> >>> No, you would want FromorTo: Default yes >>> The option takes either yes or no values, so that's what the ruleset must >>> feed it. >>> >>> Unless Ebay have screwed up their image size attributes in the img tag, >>> MailScanner shouldn't be clobbering these images. >>> >>> Is anyone else receiving reports of this problem? >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> MailScanner thanks transtec Computers for their support. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 10 19:01:13 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 10 19:01:30 2006 Subject: webbug replacement ruleset? In-Reply-To: References: Message-ID: <44622A69.9000003@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Has anyone with this problem had a chance to try this yet? I would really appreciate a fast response. Julian Field wrote: > Can you please try the attached Message.pm file instead of your > current one in 4.53. > I fixed another bug in it, and it's possible that bug affected this. > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > > On 10 May 2006, at 14:24, Jeff A. Earickson wrote: > >> Julian, >> >> I need to turn off this web bug replacement option because the howls >> are growing louder and more numerous. How to operate like before >> 4.53.8? Just set >> >> Web Bug Replacement = >> >> ie, nothing after the equals? >> >> Jeff Earickson >> Colby College >> >> On Wed, 10 May 2006, Julian Field wrote: >> >>> Date: Wed, 10 May 2006 08:37:39 +0100 >>> From: Julian Field >>> Reply-To: MailScanner discussion >>> To: MailScanner discussion >>> Subject: Re: webbug replacement ruleset? >>> On 9 May 2006, at 21:27, Jeff A. Earickson wrote: >>> >>>> Julian, >>>> I got a howl from a user that her mailings from savedsearches@ebay.com >>>> now comes sans pictures of the items that she is shopping for. I >>>> suspect the new Web Bug Replacement feature. I would like to do a >>>> ruleset here. Would this work? >>>> #---don't do webbug replacement on selected sites >>>> From: savedsearches@ebay.com no >>>> # >>>> #---do replacement on everything else >>>> FromorTo: default >>>> http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif >>> >>> No, you would want FromorTo: Default yes >>> The option takes either yes or no values, so that's what the ruleset >>> must feed it. >>> >>> Unless Ebay have screwed up their image size attributes in the img >>> tag, MailScanner shouldn't be clobbering these images. >>> >>> Is anyone else receiving reports of this problem? >>> --Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> --This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> MailScanner thanks transtec Computers for their support. >>> >>> --MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > --Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGIqaxH2WUcUFbZUEQJlhQCgvKbTbvHMqPh5fSxd0BbOLOOrp44AoNGO j94RGDTzMepozlVC2ss2v9T7 =iJwU -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed May 10 19:11:23 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 10 19:11:35 2006 Subject: webbug replacement ruleset? In-Reply-To: References: Message-ID: <44622CCB.1000401@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeff A. Earickson wrote: > Julian, > > One of my howling users has her Wall Street Journal email subscriptions > mangled, so (behold) I will use the Power of MailScanner (TM) to snag > a message via a ruleset: > > This should leave me the raw qf/df files in quarantine that I can then > send along. This might take a day or so, depending on WSJ mailings and > settings that I have to tweak. Thanks. I'll publish a beta as soon as I can. > When I can figure out how to use rulesets, it is the coolest thing > about MailScanner. They are dead simple. Instead of stating a simple value in a MailScanner setting Setting = value they provide a way of changing the "value" depending on the sender and recipient addresses of the mail message. That's all there is to it. So if, for the option "Sign Clean Messages" you want to say "no" to mail going to your own domain "lawyers.com" and you want to say "yes" to all other mail, then you just say To: lawyers.com no FromOrTo: default yes The "FromOrTo: default" line is the one that says "use this for all other mail". If, in "Non-Spam Actions", you want to say "deliver store" for mail from wsj.com and "deliver" for all other mail, then you just say From: wsj.com deliver store FromOrTo: default deliver You can use all sorts of things instead of just "wsj.com". You can specify any user, any group of users, you can use wildcards, you can specify the IP address it came from (very useful for saying "use this value for all messages from my PC's, regardless of the addresses they are using"), or you can even harness the power of full regular expressions which can be used to say just about anything. But the value on the right-hand side of a rule is always just the value you want to use for that configuration setting with that bunch of email addresses. I just don't quite understand why people have trouble understanding this, I think they believe it's all more complicated and clever than it really is. > On Wed, 10 May 2006, Julian Field wrote: > >> Date: Wed, 10 May 2006 17:07:51 +0100 >> From: Julian Field >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Re: webbug replacement ruleset? >> >> Please can you send me a screwed message? >> The only one I have been sent so far renders just fine in a web browser. >> >> On 10 May 2006, at 14:24, Jeff A. Earickson wrote: >> >>> Julian, >>> >>> I need to turn off this web bug replacement option because the howls >>> are growing louder and more numerous. How to operate like before >>> 4.53.8? Just set >>> >>> Web Bug Replacement = >>> >>> ie, nothing after the equals? >>> >>> Jeff Earickson >>> Colby College >>> >>> On Wed, 10 May 2006, Julian Field wrote: >>> >>>> Date: Wed, 10 May 2006 08:37:39 +0100 >>>> From: Julian Field >>>> Reply-To: MailScanner discussion >>>> To: MailScanner discussion >>>> Subject: Re: webbug replacement ruleset? >>>> On 9 May 2006, at 21:27, Jeff A. Earickson wrote: >>>> >>>>> Julian, >>>>> I got a howl from a user that her mailings from >>>>> savedsearches@ebay.com >>>>> now comes sans pictures of the items that she is shopping for. I >>>>> suspect the new Web Bug Replacement feature. I would like to do a >>>>> ruleset here. Would this work? >>>>> #---don't do webbug replacement on selected sites >>>>> From: savedsearches@ebay.com no >>>>> # >>>>> #---do replacement on everything else >>>>> FromorTo: default >>>>> http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif >>>> >>>> No, you would want FromorTo: Default yes >>>> The option takes either yes or no values, so that's what the >>>> ruleset must feed it. >>>> >>>> Unless Ebay have screwed up their image size attributes in the img >>>> tag, MailScanner shouldn't be clobbering these images. >>>> >>>> Is anyone else receiving reports of this problem? >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> MailScanner thanks transtec Computers for their support. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGIszBH2WUcUFbZUEQLilQCgjy9Bl34BttmN8jwuGxjIWmjkpfAAn1de j/ohvSAYUQKfwpWKgkR9r4jt =rW5M -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mauriciopcavalcanti at hotmail.com Wed May 10 19:36:16 2006 From: mauriciopcavalcanti at hotmail.com (Mauricio) Date: Wed May 10 19:36:53 2006 Subject: Disclaimer problem In-Reply-To: <44622A69.9000003@ecs.soton.ac.uk> Message-ID: All, I?m trying to make a rule to insert html or text disclaimer, but it?s not working well. I?m using MS 4.46.2-3 and Debian. Here is my MailScanner.conf: Inline HTML Signature = %rules-dir%/disclaimer.html.rules Inline Text Signature = %rules-dir%/disclaimer.txt.rules Here is my disclaimer.html.rules: From: fulano@domain.com.br /etc/MailScanner/reports/disclaimer.html From: fulano@DOMAIN.COM.BR /etc/MailScanner/reports/disclaimer.html FromOrTo: default /etc/MailScanner/reports/blank.disclaimer And the same for disclaimer.txt.rules... It?s working, but only if Outlook Express is used to generate the e-mail. The problem is when SAP generates the same e-mail... no disclaimer is inserted. Header is OK in both. PS: No problem reported in logs. Thanks in advance, Mauricio From jaearick at colby.edu Wed May 10 20:22:48 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed May 10 20:24:32 2006 Subject: Critical Vulnerability in Sophos Message-ID: Gang, See the following and act accordingly: http://www.incidents.org/diary.php?storyid=1325 Fortunately, CAB files are already in Julian's filenames.rules.conf deny list. Jeff Earickson Colby College From MailScanner at ecs.soton.ac.uk Wed May 10 20:37:04 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 10 20:37:16 2006 Subject: Disclaimer problem In-Reply-To: References: Message-ID: <446240E0.1000905@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mauricio wrote: > All, > I?m trying to make a rule to insert html or text disclaimer, but it?s not > working well. > > I?m using MS 4.46.2-3 and Debian. > > Here is my MailScanner.conf: > > Inline HTML Signature = %rules-dir%/disclaimer.html.rules > Inline Text Signature = %rules-dir%/disclaimer.txt.rules > > Here is my disclaimer.html.rules: > From: fulano@domain.com.br /etc/MailScanner/reports/disclaimer.html > From: fulano@DOMAIN.COM.BR /etc/MailScanner/reports/disclaimer.html > FromOrTo: default /etc/MailScanner/reports/blank.disclaimer > No need to specift the domain.com.br and DOMAIN.COM.BR, the host part of email addresses is case-insensitive. > And the same for disclaimer.txt.rules... > > It?s working, but only if Outlook Express is used to generate the e-mail. > The problem is when SAP generates the same e-mail... no disclaimer is > inserted. Header is OK in both. > I would suspect that SAP is generating the mail with a different sender address, just the same "From:" address in the headers. MailScanner uses the envelope sender and recipient addresses, not the ones that happen to occur in the headers (which are irrelevant for mail delivery). Get MailScanner to add the Envelope From Address and see where they are actually coming from. > PS: No problem reported in logs. > > Thanks in advance, > Mauricio > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRGJA4RH2WUcUFbZUEQJVyQCfcYv7vsdyzM//yKNOWy83XFZGhesAn0HJ iuMP2aAITI9SNuifYBmwuIAI =8ldX -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From alex at nkpanama.com Wed May 10 20:54:38 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed May 10 20:55:17 2006 Subject: Disclaimer problem In-Reply-To: <446240E0.1000905@ecs.soton.ac.uk> References: <446240E0.1000905@ecs.soton.ac.uk> Message-ID: <446244FE.5010001@nkpanama.com> Julian Field wrote: > I would suspect that SAP is generating the mail with a different sender > address, just the same "From:" address in the headers. > MailScanner uses the envelope sender and recipient addresses, not the > ones that happen to occur in the headers (which are irrelevant for mail > delivery). > > Get MailScanner to add the Envelope From Address and see where they are > actually coming from. > You beat me to that one. I hit "send" on my last e-mail and during the "sending" dialog that thought crossed my mind. That's why I usually set up "mailscanner-from" and "mailscanner-to" headers to show up in these situations as a ruleset so I can see in more detail what is going on. From alex at nkpanama.com Wed May 10 20:54:42 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed May 10 20:55:31 2006 Subject: Disclaimer problem In-Reply-To: References: Message-ID: <44624502.8040908@nkpanama.com> Mauricio wrote: > It?s working, but only if Outlook Express is used to generate the e-mail. > The problem is when SAP generates the same e-mail... no disclaimer is > inserted. Header is OK in both. > Some additional details might help. 1. Does it *only* happen when "outlook express" is used? Perhaps you mean "only when clients connect using SMTP in a specific set of circumstances, for example from a certain network segment"... You could only say "if Outlook Express is used" if the problem didn't show up while using Eudora, Netscape, Thunderbird, etc. 2. "When SAP generates the same e-mail" could mean anything. What *exactly* do you mean by "SAP"? Is it a process that runs its own SMTP engine? Is it running on the same server? Is it coming from a segment you've asked the server not to scan? Does it connect to your SMTP server in the same way your outlook express clients do? From FStein at thehill.org Wed May 10 20:59:43 2006 From: FStein at thehill.org (Stein, Mr. Fred) Date: Wed May 10 21:00:43 2006 Subject: webbug replacement ruleset? Message-ID: Julian I have tried the fix and in early testing it appears to fix the problem. Fred Fred Stein Network Administrator The Hill School 717 E. High Street Pottstown, PA? 19464 fstein@thehill.org www.thehill.org -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Wednesday, May 10, 2006 2:01 PM To: MailScanner discussion Subject: Re: webbug replacement ruleset? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Has anyone with this problem had a chance to try this yet? I would really appreciate a fast response. Julian Field wrote: > Can you please try the attached Message.pm file instead of your > current one in 4.53. > I fixed another bug in it, and it's possible that bug affected this. > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > > On 10 May 2006, at 14:24, Jeff A. Earickson wrote: > >> Julian, >> >> I need to turn off this web bug replacement option because the howls >> are growing louder and more numerous. How to operate like before >> 4.53.8? Just set >> >> Web Bug Replacement = >> >> ie, nothing after the equals? >> >> Jeff Earickson >> Colby College >> >> On Wed, 10 May 2006, Julian Field wrote: >> >>> Date: Wed, 10 May 2006 08:37:39 +0100 >>> From: Julian Field >>> Reply-To: MailScanner discussion >>> To: MailScanner discussion >>> Subject: Re: webbug replacement ruleset? >>> On 9 May 2006, at 21:27, Jeff A. Earickson wrote: >>> >>>> Julian, >>>> I got a howl from a user that her mailings from savedsearches@ebay.com >>>> now comes sans pictures of the items that she is shopping for. I >>>> suspect the new Web Bug Replacement feature. I would like to do a >>>> ruleset here. Would this work? >>>> #---don't do webbug replacement on selected sites >>>> From: savedsearches@ebay.com no >>>> # >>>> #---do replacement on everything else >>>> FromorTo: default >>>> http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif >>> >>> No, you would want FromorTo: Default yes >>> The option takes either yes or no values, so that's what the ruleset >>> must feed it. >>> >>> Unless Ebay have screwed up their image size attributes in the img >>> tag, MailScanner shouldn't be clobbering these images. >>> >>> Is anyone else receiving reports of this problem? >>> --Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> --This message has been scanned for viru